Beruflich Dokumente
Kultur Dokumente
Introduction
The hardware course of first year took again the office computers, notebook and current material. Even if we speak again about it throughout these 20 hours of course, the matter of second is centered towards the maintenance and the installation of the networks equipments, in short of the data-processing work of technician of company The hardware technician PC/network course takes again the networks (wiring, servers, hub and switch, routers, Ethernet, safety...), various equipments of communication, technologies servers (SCSI, RAID...). In the other Technician PC/network courses, the lan are analyzed at the software level: management, administration, protection... the approach of this networking training is not software, but material: that the network server operating system is Windows, Linux or Novell does not intervene directly in this course. We will analyze here installation and choice of connections equipment. Even if software solutions are approached for comparison, the finality remains the hardware solution. Our work in this course is limited (it is already not so badly) to choice, installation, maintenance, breakdown service and parameter setting of a network installation at the material level. You will require for all the competences acquired in the other data-processing courses for the software parts, even if concepts are provided in this course. The IT network part takes again the network adapter, technologies, hub, switch, routers and wiring Ethernet RJ45 and wireless. The server part takes again all servers specificities: RAID and SCSI hard drives, Safeguard, multi processors MP. It is supplemented by specific storages networks (data storage, NAS and SAN). High speed connections (ADSL, rented lines, ATM...) takes again all technologies of connection Internet. It is supplemented by the possibilities of remote connections (firewall, safety, VPN...). This part will enable you to compare the various solutions (software, Linux and hardware) with their defects and advantages. A solution is never perfect. Electric protections takes again the equipments of protections against all the disturbances of the electrical supply network (UPS). Other chapters treat future or specific technology.
2. Network introduction
2.1. Introduction - 2.2. OSI model network - 2.3. Model TCP/IP - 2.4. Types of connected computers - 2.5. Networks applications - 2.6. Types of servers - 2.7. Characteristic of a network - 2.8. Safety and administration
2.1. Introduction
Before attacking us with the infrastructures networks, in general let us take again some basic concepts on the data-processing network. The networks make it possible to share resources between several computers: data or peripherals (printer, safeguard on tapes, modem, scanner...). The first part of this course takes again all information making it possible to connect these computers between-them. As this processing training is typically hardware, I will be interested mainly only in this aspect. The other aspects of a network are included in the other trainings of technician PC networks, in particular "Base network", "Initiation with systems LINUX & UNIX", "Network software"... The transmission of information between 2 data-processing programs out of 2 different machines passes by two models: the OSI model or model TCP/IP. These two standards make it possible each part of the communication to dialogue. Each model includes several layers. Each layer must send (and receive for the other PC) a comprehensible message by the two parts, compatibility of information. The following chapter (transmission network bases) will treat communication in its details.
Application level Session level level Transport level Network level data link Physical Layer
7 5 4 3 2 1
Application level Session level level Transport level Network level data link Physical Layer
Package Trame
Support of communication Level 7: level application, manages the transfer of information between programs. Level 6: level presentation, occupies itself of the data preparation, possibly of in encoding and the compression of the data, for example formatted of the texts, images and videos. Level 5: the session layer, is occupied of the establishment, the management and coordination of the communications Level 4: the transport layer, manages the correct handing-over of information (management of the errors), uses in particular the UDP and the TCP/IP Level 3: the network layer, determines the roads of transport and is occupied of the treatment and the transfer of messages: manage IP and ICMP Level 2: the data link layer, defines the interface with the board network: hubs, switch... Level 1: the physical layer, manages the material connections, defines the way in which the data are converted into numerical signals With each one of these levels OSI, one encapsulates a heading and an end of message which comprises information necessary while following the rules defined by the protocol used. This protocol is the language of communication for the transfer of the data (TCP/IP, NetBui, IPX are the principal ones). On the diagram below, the part which is added on each level is the part on white zone. The part on grayed bottom is that obtained after encapsulation of the preceding level. The last screen, that which one obtains after having encapsulated the physical layer, which is that will be sent on the network.
OSI model In hardware, we are interested only in the first three levels of OSI model (until the routers and switch the top-of-the-range one), possibly on level 4 for the firewall. The road bases are reserved for the other courses of the technician PC Networks training, in particular bases network and protocol TCP/IP.
On each level, the package of data changes aspect, because one adds a heading to him, thus names change according to the layers:
y y y
The package of data is called message on the level of the application layer The message is then encapsulated in the form of segment in the transport layer. The message is thus cut out of piece before sending. The segment once encapsulated in layer Internet takes the name of datagrams
Lastly, one speaks about screen on the level of the layer access network
Smtp: "Simple Mall protocol Transport", management of the malls Telnet: protocol allowing to connect itself on a distant machine (server) as a user Ftp: "File Protocol Transfer", protocol allowing to exchange files via Internet and others less current.
1. Protocol IP: manage the destinations of the messages, addresses of the recipient 2. Protocol ARP (Address Protocol Resolution): manage the addresses of the network boards. Each board has its own address of identification coded on 48 bits.
3. Protocol ICMP (Internet Control Message Protocol) manages information relating to the errors of transmission. ICMP does not correct the errors, but announces to the other layers that the message contains errors. 4. Reverse Address Resolution Protocol (Reverse Address Resolution Protocol) manages address IP for the equipment which cannot get of them one by reading of information in a file of configuration. Indeed, when a PC starts, the configuration network reads the address IP which it will use. This is not possible in certain equipment which does not have hard disks (final primarily) 5. Protocol IGMP (Internet Group Protocol Management) makes it possible to send the same message to machine forming part of a group. This protocol also makes it possible these machines to subscribe or to be stopped subscribing of a group. This is used for example in the video conference with several machines, sending of vidos... The principal HARDWARE application of the IGMP is found in the SWITCH manageables. This protocol makes it possible to gather stations.
Routing of the data on the connection Coordination of the data transmission (synchronization) Format of the data Conversion of the signals (analogic/numeric) for modems Control errors with the arrival
One distinguishes three types of networks: 1. the networks "Peer to Peer" or points at points. In these small networks, the connected computers are at the same time customers and servers. A network Peer to current Peer consists of PC under Windows 95 /98 put in networks. This term is also used by extension for the division of music and various files between PC connected on Internet, a nightmare for the administrators networks and an excellent fault of safety for the hackers. 2. The networks known as heavy use a host computer (called server) which shares its resources. In this case, the levels of access of the users allow of protected the data. The various peripherals connected on this server increase further this safety (backup, UPS...). Management is made by a specific operating system of type "Server" such as for example Linux, Windows NT server, Windows 2000 server or Netware Novell. 3. The networks Wan (World Area Network) are international networks making it possible to inter-connect networks of the heavy type. Internet is a network of this type. A Wan is not distance related, but well to the type of interconnection between two networks. The applications, the costs and the difficulties of implementation and management are proportional. Safety is inevitably proportional. We will not be interested too much in these concepts. Indeed, with share for connections, the considerations Peer To Peer, servers or Wan are determined by the operating system and the use that by the machines. . Win 95/98/me/ Xp home for Peer To Peer . Win NT, 2000 server, XP pro, Windows 2003 server, Linux or Netware for the heavy networks . Unix system or owners (specific to the manufacturer) for the others, even if Wan is configured more and more using gathering of heavy networks. Internet does not make departures from the rule.
3. Central application. In business applications, one calls upon a program managing one (or several) data bases. These programs generally require a heavy server. This makes it possible several PC to work on the same basis of data at the same time starting from different PC (accountancy, management of manufacture, invoicing and stock management...). Safety is done on two levels: access to the files and limitations of the rights of access in the program itself. Let us take an example, a company uses a commercial management (invoicing, inventory control...). If the secretary should not have access to the data base, its access server will not include the access to the file. In the same way, the person in charge for the purchases will be limited to the level for the program not to have the access to the invoices of exits or only in consultation. This requires particularly muscular servers with generally an operating system dedicated server. 4. Share connection Internet. To connect itself simultaneously on Internet starting from each PC via their own connection costs in the long term very much. The setting in network of the computers makes it possible to share only one connection (modem, ADL or high speed). This possibility passes by a division of connection Internet under Win98 and higher or by the use of a router or an application software for more professional uses. 5. Divide peripherals. To use a printer by PC allows a flexibility in use. Nevertheless, the simultaneous use of only one printer of large capacity can prove to be profitable with the purchase of a faster printer (generally, more the printer is expensive, less expensive is the page price). This list is not exhaustive.
A file-sharing server stores and distributes data shareable by the users of the local area network. It results from a combination of hardware and software which can be specific. They are also used as print servers. An application server makes it possible to exploit an application (a program) on a server starting from all the customers. This is typical with the applications based on data bases (management of manufacture, commercial management, accountancy...). It makes it possible for example to invoice, manage stocks... starting from several PC at the same time in a commercial management. These applications must be dedicated to this mechanism of division. The configuration of these servers are generally definitely more muscular. The server permanently sends the parts of program and data towards each station, which increases the traffic network clearly. The servers of this type are in world PC multiprocessors. The program must be conceived for like application centralized. Indeed, a file (text, table...) can be used only by one program (1 PC customer in our case) at the same time. This poses problems for the safeguards when the server works for example. In the case of the data bases, the dedicated program allows simultaneous work on the same data base. To avoid the risks of errors (modification of the same recording by 2 users at the same time and corruption of the data), the dedicated program will block
each recording used by a station. For recall, in the data bases, the recording of a modification is done with fact, without need to use the order to record small file. On the other hand, if the base of data is used, it is impossible to safeguard the base of data. Safety (access control, safeguards,..) is however facilitated bus centralized. A printer server makes it possible to divide printers connected on only one PC. Certain printers networks can be directly connected on the network without passing by a PC, specific cases can also be used.
In practice, a server often gathers the three applications. The configurations (powers) are different for each application, the servers of applications are most powerful.
The routers can be replaced by the WinGate software or specific applications in Linux on a dedicated PC for example The servers proxy are sometimes integrated in the routers The firewall anti-intrusion are integrated in certain routers but software provides (almost) equivalent functions (e.g..: Symantec, Zonealarm) The integrated private networks (VPN) allowing an access to a heavy network by Internet are included in certain software or operating systems. The antivirus generally software, but are sometimes included in the routers who have their own antivirus software. These equipments directly return all messages containing a virus to its shipper.
According to the application, the originator of the network will use one or the other or a combination of both. The software solutions are reserved for the other courses of the technician PC/networks training. Other control network programs make it possible to manage traffics, users... They are specifically software. The rights of access can be blocked of a station towards a server in its entirety, not on the level of the resources. In light, by hardware, you can block the complete access to a server, by software, to authorize only one part of the resources of a server.
3.1. Introduction
To communicate information between computers and data-processing peripheral, various concepts are necessary. Before tackling the connections networks, let us begin for the pleasure with a current communication between a computer and one... printing. In a parallel connection, each bits constituting a byte (byte) are transferred at the same time. This connection consists of 8 wire of data and various wire of mass, more of the signals of communications (out of paper...). We will be interested only in wire of data. To make pass a byte of the computer towards the printer, we send on these 8 wire a tension or not according to the binary message to send. To know if a message is sent, the printer only makes look on 8 wire of data if a tension is present or not. This does not require in theory of signals of controls. Though interesting, the parallel connections are supplanted by serial connections. This replacement is related on the price of physical connections and the obstruction of wire. If copper is not too expensive, the installation by an electrician is definitely more expensive and the obstruction of wire of the parallel connections would quickly become ingerable. In a connection series, one finds at the beginning only one wire of communication (two for the bi-directional one) and a ground wire. In practice, others wire are used for the control of the communications. The principle is the same one as above, except that the 8 bits of data will pass on only one line in turn. The computer sends on a wire specialized an electric signal (tension) which announces to the receptionnor that one sends of data will occur and this one prepares to look at what occurs on the cable. If a tension is present, the received signal is the 1, if no signal is present, the received signal is 0. The various signals are sent following the other, which explains why the connection series is considered slow. As soon as one sends a signal of a place to another, the data must be controlled. A solution would be to require of the receptionnor to return the data received for checking. The importance the speed of transfer makes this principle null. In practice, one carries out a parity check. To calculate the parity, one hopes the number of 1. If this number is even, the parity is 0, if it is odd, the parity is 1 in the case of an even parity, EVEN (the reverse in a parity ODD, odd).
One sends like ninth bit this equal number. This checking of the data is not completely reliable. If two bits are bad, the parity check is right, whereas the received signal is false. In the space connections at long distances, the number of bits of parities increases. This system of parity is often used in the modems, but more in the systems networks. These concepts were already seen in first years. In our parallel connection or traditional series, only two installations are connected enters. This connection is not very realistic for a network made up of computers. Physical connection (wire) must connect all the computers between-them. Each one must also speak in its turn to prevent that several signals are present at the same time. This east governs by the type of network. How computers of the different types can be included/understood at the time of the data transmission in network? What one sends like continuation of 0 and of 1 component the message is called a screen. It is consisted of the data and the headings and end of messages added by the layers of OSI model or Internet. These trames are organized specific manners according to a protocol. A protocol is the way in which information is sent towards the recipient. As in the human language, the shipper must use the same language (protocol) that the recipient so that the exchange of information is correct. The most current protocols are TCP/IP, IPX, NetBeui... In spite of this short description, the protocols really do not intervene in the hardware part of the networks (with share for the routing). Indeed, in OSI model of chapter 2, we limit ourselves to the first 3 levels, whereas the protocol is related to level 4: transport.
Token Ring and 10 base T 10 Base T 10BaseT and 100 Base TX Giga Ethernet
There are 2 families of cables of twisted pairs. Shielded cables (STP: Shilded Twisted pair) are surrounded of an aluminum foil to make electrostatic screen. Cables UTP (Unshielded twisted pair) do not have any. Most current are the UTP.
The sheath makes it possible to protect the cable from the external environment. It is usually out of rubber (sometimes out of polyvinyl Chloride (PVC), possibly out of Teflon) The shielding (metal envelope) surrounding the cables makes it possible to protect the data transmitted on the support of the parasites (otherwise called noise) which can cause a distortion of the data. The insulator surrounding the central part consists of a dielectric material making it possible to avoid any contact with the shielding, causing electric interactions (short-circuit).
The heart, achieving the task of data transmission, is generally made up of only one bit out of copper or several twisted bits.
Lightness Immunity with the noise Weak attenuation Tolerate flows about 100Mbps Bandwidth of a few tens of megahertz to several gigahertz (monomode fiber)
Optical wiring is particularly adapted to the connection between distributors (central connection between several buildings, called backbone) because it allows connections on long distances (of a few kilometers to 60 km in the case of monomode fibre) without requiring of ground connection. Moreover this type of cable is very sure because it is difficult to put such a cable on listening.
The advantage of the bus is that a broken down station does not disturb the remainder of the network. It is, moreover, very easy to set up. On the other hand, in the event of rupture of the bus, the network becomes unusable. Also let us note that the signal is never regenerated, which limits the length of the cables. This topology is used in the networks Ethernet 10 Base 2 and 10 Base 5.
The two methods are standardized within the framework of American IEEE association (committee 802), standardization included within the framework of the ISO. If one refers to OSI model, which distinguishes the access methods is located of course in layer 1 (Physical layer) of OSI model, since wiring and topologies are different, but especially in a lower underlayer of layer 2 of OSI model (Data link) called Mac (Medium Access Control). The method Ethernet CSMA/CD (Multiple Sense Carrier Access With collision Detection) is standardized under name 802.3 and the token ring under 802.5. In the Ethernet method, using the application, each computer sends its message without occupying itself too much from what occurs on the cable. If a transmitting station while another is emitting, this causes a collision thus. The second transmitting station stops the transmission to start again later. In the case of Giga Ethernet, the stations does not send any more the message, but a starting signal to check if the way is free. The CSMA/CD (Multiple Sense Carrier Access with Collision Detection) takes care of the detection of the collisions. In the token method , each station can communicate in its turn. If 3 computers are connected out of ring, station 1 speaks, then the 2, then the 3. Station 1 can again speak, and so on.
4. Ethernet networks.
4.1. Introduction - 4.2. Ethernet, IEEE 803.3 10 base 5 - 4.3. Ethernet, IEEE 802.3 10 base 2 - 4.4. Ethernet, IEEE 802.3 10 Base T RJ45 - 4.5. Ethernet 100 bases T RJ45, fast Ethernet - 4.6. Giga Ethernet - 4.7. 10 Gigabit - 4.8. Network card - 4.9.Duplex Half and Duplex Full - 4.10. Connection RJ45 - 4.11. Networks RJ45, problems of connection, tests equipments 4.11. Mac address
4.1. Introduction
Connection between computers requires a network interface card (NIC) established in each PC witch are connected with twisted pair or fiber optic cable. The most current local area networks boards are Ethernet type. This chapter gathers all types of Ethernet connection and wiring (manufacture, precaution...). The Ethernet network appeared at the end of the Seventies in the United States. This network, most widespread from the local area networks, was born from the complementary experiments of DEC, INTEL and Xerox, well before standardization. This implies that the main part of the road bases of OSI model is not specified. All the PC can communicate on the cable network at the same time. It is necessary thus a rule if two stations would start to communicate at the same time. The method used is the contention. The principal method of application in local area networks is the CSMA/CD (Carrier Sense Multiple Access), with collision detection (CD). It is that of the Ethernet networks. It consists for a station, at the moment when it emits, to listen if another station is not also emitting.
If it is the case, the station ceases emitting and re-emits its message at the end of a fixed time. This method is random, in the sense that one cannot envisage time necessary to a message to be emitted, transmitted and received.
Each station is equipped with an network "Ethernet" adapter (NIC, Network Interface Card). This equipment ensures the physical adaptation and manages algorithm CSMA/CD. As in all connections coaxial, the 2 ends of the cable are connected to a stopper (it is also called resistance of termination), a specific resistance which attenuates the reverberation of the signal on the cable. The drop cable consists of twisted pairs and can have a maximum length of 50 meters. The coaxial cable is a thick cable of yellow color an half-inch in diameter of the type BELDEN 9580. The overall length of the network can reach 2,5 kilometers with 100 points of connection. The 10 base 5 is used practically more only in the disturbed environments (electromagnetic radiation) or when one wants to guarantee the confidentiality of the exchanges (non radiation for coaxial cable).
This physical architecture of network is recommended for the realization of small networks 2 or 3 PC. Each network adapter is connected to the cable via a connector in T of the type BNC. The 2 ends of the network are closed by a resistance of termination (stopper) of 50 ohms. This termination is not obligatory, but the speed transmission is definitely reduced since this resistance eliminates the "reverberations on the cable": the transmitted signal returns on the cable and the stations believing in a true signal wait until the line is free. The connection is easy to start, nevertheless, as soon as one installs 3 PC or more, the speed transmission strongly decreases. This solution is thus to used only in specific cases. The maximum length of the network is 185 meters, with a maximum of 30 equipments connected. The minimal distance between 2 connections is 50 centimeters. This wiring is often used to connect "the small station in bottom of factory". This solution does not function badly but it is absolutely necessary to separate this part of the others with for example a HUB. The reason is not data-processing but related to the electromagnetic disturbances, storms... If the cable takes these disturbances, all the network disturbed or is broken down.
Right cable RJ45 of them 10 Base T and 100 base T (not in full duplex)
If one does not use a concentrator (connection of 2 stations) or to connect 2 concentrators between-them, the wire must be of type cables cross like below. You must respect the polarities and the pairs must be paired.
Why respect wiring per pairs. The signal at the beginning of the board network is sent on the T+ form and the form T (reversed signal). Let us suppose a parasite which appears on the cable during the transmission of the signal. It is of the same direction on 2 wire. As a pair is twisted, the electric disturbances related to induced currents will be generally different from one pair to another. For recall, the passage of an electrical current in a son produces fields electromagnetic in its entourage and of this fact a current in close electric wire induces.
Let us reverse T(-). the signal and the parasite are reversed. While adding T(+) and T(-) reversed, the double signal but the parasite is removed. Material necessary for a cable RJ45:
y y y y
Cable 4 twisted pairs category 5 Connectors RJ45 to crimp category 5 Sleeves rubber, to avoid dividing the cable. A grip to be crimped and if the grip does not include it: cutting pliers and a grip to be stripped.
Procedure to be followed:
y y y
To thread the sleeve on the cable. To strip the external sheath on approximately 15 mm. For the cord crossed, Trier wire according to the diagram below.
To maintain wire in place by respecting the pairs and to cut them well on line. There must remain approximately 13mm, the end should not form an arc of circle. To place wire in the connector while supporting on the whole of the wire so that the pairs return until the bottom of the connector. To crimp the connector. To plug in the sleeve.
Check, by transparency, the good state of your assembly, if the wire arrive well in end of connector.
Network adapter INTEL PCI-X 64 bits - 133 MHz 1000 Base SX (1 Gbit/s on multimode optical fibre (MMF): 500 m) 1000 Base LX (1 Gbit/s on monomode optical fibre (SMF): 3000 m) 1000 Base C (1 Gbit/s out of 4 pairs UTP5: 25 m) 1000 Base T - 1000 Base TX IEEE 802.3 ab ratified on June 26, 1999 1 Gbit/s on cable category 5, transmission out of 4 pairs (250 Mbits/paire) over a 100 meters length) Nomenclature
10BaseT 100BASE-TX 100BASE-FX 1000BASE-LX
Speed
10 Mbps 100 Mbps 100 Mbps 1000 Mbps 1000 Mbps 1000 Mbps 1000 Mbps 1000 Mbps
Outdistance
100m 100m Copper Copper
Media
412 m 2 km
5Km 550m 550m 275m 25m
half Duplex Multimode Optical fibre Multimode Full Dumlex Optical fibre
Individual-mode Optical fibre Multimode Optical fibre Multimode Optical fibre (50u) Multimode Optical fibre (62.5 U) Copper
1000BASE-SX
1000BASE-CX (not supported by the industrial applications standards) 1000BASE-T 1000 BASE LH
100m 70 km
Wiring on twisted pairs of 1000 C and 1000 TX is identical to that of the 100 T4 Base, including for the Ethernet cables cross RJ45.
the same time. By counter the boards Full Duplex (and the switch associated) can emit and receive at the same time on channels (cables) different. This solution makes it possible to double the rate of transfer on the Ethernet network. For example, a board 100 bases TX (100 T4 base does not authorize duplex Full) goes authorized a rate of transfer of 200 Mbps for 100 in the duplex case half. It is necessary to slow down the network (to pass into 100 Half mode or even in the event of disturbances network to oblige the board 100 Base TX to work into 10 base T). The parameter setting is done in the parameters networks by using the properties of the network adapter. Here for example the case of a Ethernet adapter at base of the circuit Realtec RTL8139D (10base T and 100 automatic base TX).
4.10. Wiring RJ45 Ethernet, rules, problems of connections and tests equipments
Cables RJ45 can be bought done everything. Nevertheless, in professional wiring, they are integrated in chutes, pass through walls... The solution consists in buying a grip, the connectors (with protections), the cable and to respect strictly the colors of wiring RJ45 above. To connect two structures between them by cables brings always various types of problems. The first remains the maximum conditions of operating. It is trying to put a wire longer than that envisaged by the standard between Hub (or a switch) and computer (100 meters for one T bases 10 or 100). First error. If the cable is bought done everything, connection is generally good. This is valid for the small internal networks but is seldom the case for the industrial networks. As a tester of wiring network is worth easily the price of a small sporting car, better is worth to cable correctly in advance. Each connection is limited by the number of HUBS in cascade. For a connection 10 bases T, the maximum number between 2 stations east of 4. On the other hand, it is 2 into 100 base T In the last, cable RJ45 must be correctly posed. Among the encountered problems, one finds:
y y
cable network cut or scratched or folded. more underhand: the cable passes to with dimensions from electric cables which disturb the signal, beside fluorescent tubes or neon (minimum 50 cm). Proximity of electric motors of strong powers. The table below shows the distances minimum between the cables networks and the electric cables according to the distance.
Spacing enters the cables current strong (electrical supply network, neon) and low current (Ethernet network)
Spacing in cm 30 cm
20 cm
10 cm 5 cm
10 m
20 m
30 m
80 m
Parallel advance in meters For a cable RJ45 low length, one could put the electric cables and networks in the same chutes. This would be to forget the electric safety requirements which prohibit to insert electric cables and telephone (low voltage) in the same chutes, even if it is common in the suspended ceilings in industries. One finds on the market various types of apparatuses of tests of the cables networks. The first network tests equipment type functions like an ohmmeter on 8 lines. It is important that the apparatus can be divided into two part (a part of control and a case of termination) to allow the tests of cables posed. These equipments generally make it possible to detect the right cables and the cross cables as well as other connectors (RJ11, RJ45, USB...). These apparatuses are reliable only up to one certain points. It check only if connection is correct, not if the connection is correct. If the apparatus detects an error of wiring, the son is to be started again. If it does not detect an error, that does not mean inevitably that the cable is good. A bad contact will be often regarded as good by the tester, but not of connection network.
Here, a test of cross cable. The left part takes again the module of order, the right part, the detachable termination. The 8 Led above indicates if the wire individually are correct. In the left part gives indications on connections. Shorts (cable cut or bad connection on at least a son). CONNECTED which the cable is right or cross connection. NO CONNECTION which the cable is not inserted. The price varies from 100 to 150. The second type functions with the manner of a network card. These equipment test the line (and not only the wire the apparatus is connected at the end of a cable and tests the connection on a HUB or a switch. In this direction, they are more effective. They are a little more expensive. The third type of tester network resembles a minicomputer. Does the price return easily to 10.000 and is thus not with the range of everyone. The method of test is identical to that of the first apparatuses. They offer the same possibilities that the apparatuses of the first group but allow moreover:
y y y y
effective tests of the poor contacts or the cuts on each cable. cable length in the event of cut of a son (or of several), the distance to which it is cut. various disturbances which forward on the cable (electric disturbances).
The address Mac FF.FF.FF.FF.FF.FF is particular, the data are sent to the whole of the network. It is the address of Broadcast. The Ethernet protocol uses this MAC address to make communicate equipment between them via network. When a machine wants to speak with another, it sends a package on the network, containing the address MAC destination, the address MAC source, the length of the packet, the data and the CRC (Cyclic Redundancy Checking), an error control, ... The MAC address has priority on address IP. When a communication network was established under Ethernet, order DOS arp - A makes it possible to find the MAC address of the other PC of the network.
2. Hub
Hub are used in Ethernet bases 10 and bases 100. Hub is the simplest concentrator. It is practically only one repeater (it is its French name). It amplifies the signal to be able to transfer it towards all connected PC. All information arriving on the equipment is thus transmited on all the lines. In the case of important networks by the number of connected PC or the importance of the flow of transferred information, one cannot use HUB. Indeed, as soon as a PC says something, everyone hears it and when each one starts to transmit, speeds decrease directly. The HUB are characterized by a number of connection: 4, 5, 8, 10, 16, 24... According to the version and the model, they integrate some characteristics of connection specific to the apparatus. Hubs bases 10: connection numbers according to the model, port reverse (this one makes it possible to connect two Hubs between-them, avoiding the use of a cross cable RJ45), a connection coaxial. By connection, one finds a led announcing connection to a chart and a led of collision per channel or for the unit. The latter announces the state of the whole of connections. Hubs bases 100: connection numbers according to the model, port reverse (this one makes it possible to connect two Hubs between-them), never of connection coaxial. By connection, one finds a LED announcing connection to a chart and a led of collision per channel or for the unit. The latter announces the state of the whole of connections. Moreover, for versions 10/100, one finds two LED for each channel (bases 10 and bases 100) A last remark, according to the standard, the maximum number of HUB in cascade (connected port to port, by stackable types) is limited to 4 between 2 stations for the 10 base T and to 2 for the 100 base T. This is related on the maximum travel time of an ETHERNET signal before its disappearance and to the time of detection of the collisions on the cable. It could be that the collision is not detected in time and that the second transmitting station sends the message by thinking that the way is free. This does not exist for the switch "blind and forward"
which record the screens before sending them and segment the network according to connections, avoiding these collisions.
3. Network switch.
3.1. Introduction
Of appearance, it is equivalent to a HUB. The HUB'S default is that all information forwards towards all the PC. A switch recognizes the various computers, servers, routers, printers and firewall connected on the network. By receiving information, it decodes the heading to know the recipient and sends it only towards this one in the case of a connection PC towards PC. This reduces the traffic on the complete network. With the difference, information all circulates on all wiring with the hub' S and thus towards all the connected stations. They thus work on level 1, 2 and 3 of OSI model, for only layers 1 in the case of the HUBS. Level 3 of OSI model determines the roads of transport. The switch replace the HUBS more and more. The prices become practically equivalent. The majority of the switch can use the duplex Full mode. The communication is then bidirectional, doubling the rate of maximum transfer. This function is never established in the HUB. Switch checks automatically if the connected peripheral is compatible full or half duplex. This function is often taken again under the denomination "Car Negotiation". The current models of switch are often Auto MDI/MDIX. This means that the port will automatically detect the crossing of the cables for connection. In the case of the HUB, a port provided with a pushbutton, includes the function manually. You can nevertheless use cables crossed to connect concentrators between them. The use of the switch makes it possible to reduce the data collisions on wiring network. When a peripheral attempt to transmit data, it sends a message on wiring. If another peripheral communicates already, two messages are found at the same time on the network. The first takes again its message at the beginning and the second awaits for trying again a few milliseconds later. There are (in theory) no limitations of the number of switch in cascade on a network.
Let us see now what occurs when a PC (PC1) communicates towards another PC (PC2) connected on same the switch. The starting message including the TO address, the switch will find directly in its table the address of the PC2 and will redirect the message on the adequate port. Only the wiring of 2 ports (PC1 and PC2) will be to use. Other PC will be able to communicate at the same time on the other ports.
Now let us see the case or the network uses 2 switch. The PC1 sends the message with the TO address on the switch1 on which it is connected. The switch will check in its table if the TO address is physically connected on one of its ports in its table. In our case it is not the case. The switch thus will send a special message (an address MAC FF.FF.FF.FF.FF.FF, called broadcast) on all its ports to determine on which port the peripheral of destination is. This broadcast generally passes on all the network. While receiving the broadcast, the switch 2 will check in its table if the TO address is in its table. In our case, it is present. It thus will return a message to the switch 1 meaning that the message is for him. The switch 1 thus will direct the message towards the port connected to the switch 2. The switch 1 will memorize in its table the address of the PC2 and the associated port (in our case that of the switch 2). This does not pose too many problems as long as the capacity of the table of the switch 1 is sufficient. Let us see some more complex cases now. When a MAC address off-line on line is placed in the table, the switch will keep it during a certain time. If a new request towards this address is received, the wearing of destination is found in the table. On the other hand, if the time between the requests is too long (generally 300 seconds), the entry of the table is erased and the process of broadcast is again activated. Inevitably, if the table is too small (case of Switch with a low number of ports on a very important network), the MAC entry in the perhaps prematurely unobtrusive table. These characteristics of tables reduced in the switch of bottom-of-the-range installation of big problems in the networks. Moreover, less the switch comprises of entry, plus the table is small. This implies that for the use of small switches (4-8 ports), the number of switch connected between-them for a connection between 2 PC is limited. I have already had the problem in a network of 30 PC. As soon as the factory started, the communications networks broke down. The replacement of switch by HUB for the most distant stations solved the problem but one could have used switch of better quality. All the switch are not equivalent. For networks of ten stations, the problem does not arise. On the other hand, for the important networks, the switch of medium and high range correct better the attenuations of the signals received before transmission.
4. Routers.
The hub and switch make it possible to connect equipment forming part of the same class of address in IP or of the same sub-network (other protocols). For recall, an address IP of an apparatus connected to a network is single. It is of type X.X.X.X, for example 212.52.36.98. Values X can vary from 0 to 255. Address IP consists of 32 bits and a mask also coded on 32 bits. One determined hierarchies in the addresses, called classes of address.
Classify A Network Machine Machine Machine
128 fields (network) and 16.777.216 machines of class A by field 1.X.X.X.X, 2.X.X.X.X...
Classify B Network Network Machine Machine
2.000.000 fields and 254 machines of class C by field 192.0.0.X, 192.0.1.X, 192.0.2.X...
Classify D Classify E
Multicast Experimental
The addresses finishing by 0 or 255 are not usable directly. 2 Stations in the same network or even sub-network can communicate directly or with simple equipment of level 2 (hub or switch). 2 stations in 2 pennies different networks must communicate via a router. For example: un equipment with address 12.0.0.0 (class A) can directly communicate with equipment of address TCP/IP 16.23.25.98. . equipment with address 127.55.63.23. (class B) can directly communicate with a network equipment located at address 191.255.255.255 (class B). . a PC in an internal network with address 192.168.1.23 can communicate with address 192.168.1.63 (identical class C). On the other hand, the connection of a PC with address 192.168.1.23 (class C) will have to pass through a router to communicate with an installation located into 15.63.23.96 (class A). This is the case for a PC which is connected to an Internet site (using addresses of classes A or B). In the same way, in an internal network, the connection of two stations in networks of
different classes C (for example 192.168.223 and 192.168.3.32) must pass through a router. A network without router is thus limited to 254 stations (0 and 255 are not used). In the same way; as the addresses of Internet sites can practically be in all the beaches of addresses A and class B, the connection of an internal network with Internet passes obligatorily through a router which serve of gateway Nothing obliges to use the addresses of classes C for an internal network, but it is preferable. Notice, the class of address 169.254.XXX.XXX is not usable in an internal network for a division Internet, this beach of particular address does not accept it even if it is often given by defect by DHCP of Windows. The router is practically a computer with him all alone. This one decodes the screens and recognizes parts information of the headings and can thus transmit information on other routers who renew information towards the recipients. A router joins together networks on the level of the layer network (layer 3), it allows to connect 2 networks with a "barrier" between the two. Indeed, it filters information to send only what is indeed to intend for the following network. The most current use is the connection of multiple stations towards Internet. The data forwarding on the local area network (not intended for Internet) are not transmitted outside. Moreover, the routers partly allow to hide the network. Indeed, in a connection Internet for example, the supplier of access gives an address TCP/IP which is assigned to the router. This one, by the means of a technology NAT / STALEMATE (Network address translation/port address translation) goes redirect the data towards the private address which is assigned to the PC. The routers are skeletal and in particular allow to block certain connections. Nevertheless, it do not ensure of safety the level of ports TCP or UDP. They are used to interface various groups of PC (for example departments) by ensuring a pretence of safety. Some switch of manageable can partly be to use for this function as long as the network remains in the same class of addresses. The principal use in SME is the division of a connection Internet, but of others exist like network under following Win98 and or specific equipment. The routers are not useful that to connect networks to Internet, they also make it possible to be used as bridge (English Bridge) to connect itself to a corporate network. The future connections for this protected kind of application go rather for the VPN via Internet. We will see this in chapter 10: Distant connections It is not possible to connect 2 networks directly by connecting 2 charts networks in a central PC, except by using a software of connection proxy of the Wingate type. A DHCP server (Dynamic Host Protocol Configuration) can be established in manner software (Windows 2000 for example) or in a router. This possibility makes it possible automatically to allot IP addresses to each station in a beach of given address (in the same class of address).
5. Repeaters
The repeater is equipment which makes it possible to exceed the maximum length imposed by the standard of a network. To be done it amplifies and regenerates the electric signal. It is also able to insulate a failing section (open Cable for example) and to adapt two different Ethernet media. (For example 10base2 towards 10BaseT). This last use which is currently the principal one. For the connections monomode 1000Base LX, there is allowing apparatus of the connections of more than 100 kilometers.
The information sent of a PC towards another (or a forwards only towards the recipient. If another printer) is sent to all the PC which decode PC sends information towards the printer, the information to know if they are intended. two communications can thus be done
simultaneously.
The total band-width is limited at the speed of the hub. A hub 100 bases-T 100Mbps offer of bandwidth divided between all the PC, some is the number of ports
The total band-width is determined by the number of ports on Switch. i.e. Switch 100 Mbps 8 ports can manage until 800Mbps of band-width.
Support only the transfers in "half-duplex" what limits the connections has the speed of the port. A port 10Mbps offers a connection has 10Mbps.
Switch which manages the transfers in mode "fullduplex" gives the possibility of doubling the speed of each bond, of 100Mbps with 200Mbps for example. The performances/prix report/ratio increased, is worth the additional charge.
Cheaper by port.
B. The departments between-them can be connected by HUBS or switch, but the preference must go to switch, if possible manageable which make it possible to block certain connections. All external connections (Internet and inter-network connection) requires a router. The case of divisions Internet directly on a PC connected to Internet must be proscribed for the companies (division by Windows), mainly in the event of heavy networks of type Win NT or Netware. Indeed, the routers include the function NAT which makes it possible to mask the various addresses of the network interns and include more and more bases of safety intrusions of the type firewall hardware. When we finish the network part, we will see concrete connection network exercises.
6.1. Introduction
This chapter of the hardware networks and communications course treats connections with high flow for the connection of Internet sites and connection high speed between user and Internet: connection xDSL, ATM, rented lines, cable television, satellite connection... All these solutions require a special subscription in your supplier of access.
HDSL: High bit Rate DSL SDSL (Symmetric Digital Subscriber Line): symmetric DSL but ca be use in asymmetric mode ADSL: Asymmetric DSL RADSL: Adaptive spleen DSL VDSL: Very high DSL
speed transmission maximum distance of transmission variation of flow enters rising flow (user/network) and flow going down (network/user)
Technologies xDSL are divided into two great families, those using a symmetrical transmission and that using an asymmetrical connection.
HDSL :
The first technique resulting from technology DSL was born at the beginning of the years 1990, it is the HDSL. This technique high flow divided the numerical trunk of the network, T1 in the United States, and E1 in Europe, on several pairs of wire (2 instead of 24 for T1 and 3 instead of 32 for E1). This was carried out thanks to the evolution of the theory of the signal making it possible to increase the number of bits per transmitted symbol. With this technique, it is possible to reach a flow of 2Mbps on three twisted pairs and 1,5Mbps on two pairs. This while having a length of local loop of 4,5km and without additional addition of repeaters. HDSL is currently in strong progression. The first networks of access HDSL were deployed by the American local operators. The principal argument of the HDSL is of order economic. The HDSL is particularly well adapted for:
y y y
the replacement of lines T1 and E1 (networks of access of the operators tlcoms) local area networks LAN systems integrating of the PABX (Self-switching of company) and the Voice on IP
to run out the symmetrical traffic of way but requires two or three pairs of copper. It allocates the same bandwidth in the direction going up as in the downward direction. to have a flow of 2Mbps, this last which can fall to 384 kbps according to quality from the line and the distance (limited to 4,5 km).
In Europe, the operators just start to massively deploy these technologies and the prices are long in lowering fault of competition. The great innovation should come from HDSL2. This technology, derived from the HDSL, offers the same performances but on only one twisted pair. It is currently tested in the United States with 1,5Mbps. The current problem of this technology is a still imperfect standardization.
y y y
the transmission is done on a twisted pair the length of the local loop is limited to 3,6km (either 1,8 km of the concentrator) the flow is limited to 2 Mb/s in download and upload.
Just like the HDSL, this symmetrical solution are reserved for the replacement of rented lines T1 and E1. The use of the line with a phone call is impossible. It is possible to couple 2 lines to reach 4 Mb/s. The distance from the distributor is in theory of 1,5 km, but of the tests go up up to 2 km
SHDSL:
Last symmetrical solution SHDSL (Individual-pair High-speed DSL) goes back to it (2002) gathers technologies HDSL and HDSL2 and SDSL. The rates of transfer (in payload) are identical in the two directions and can vary: - 192 Kb/s with 2,3 Mb/s in mode two wire (a pair). - 384 Kb/s to 4.6 Mb/s in mode four wire (two pairs). This solution uses all the band-width of the telephone line. It is not thus possible any more to use the telephone line at the same time. The use of filters is thus not necessary. These lines also allow the passage of "digitized" telephone signals of normal type or ISDN via specific apparatuses (PABX for example). The other specificity of a connection SHDSL comes from the flow. The line is configured for a fixed flow (until 2,3 Mb/s). If the modem cannot reach this speed, there is no connection. This must allow a fixed flow. Nevertheless, some manufacturers authorizes a car detection speed by the modem interior speeds. The maximum distance is of 5 km on a simple pair of copper.
a channel descending high flow a duplex channel average flow a channel of telephony (normal voices)
To create multiple channels, modem ADSL divide the bandwidth available of a telephone line according to one of the two types: multiplexing with division of frequency (FDM) and the cancellation of echo. With one or the other of these techniques, transmissions ADSL leave the free area around the 4kHz in order to let pass the telephone calls (POTS). For that, in more of modem ADSL, it is necessary to install a separator of line (splitter which filters the telephone signals sees - digital signal), as explained in filter adsl installation The ADSL allows, for a length of maximum loop of 5,6km, to provide flows of:
y y
at least of 1,5 with 2Mbps in the direction switch towards user (maximum 8Mbps) at least of 16 kbps in the direction user towards switch (maximum 640kbps)
Speeds ADSL standards in Belgium are 4 Mb/s in download (1 Mb/s if the user is in extreme cases of distances). You can nevertheless increase the flow by changing subscription in your supplier of access (definitely more expensive). On the other hand, the subscriptions in France provide speeds of 256 Kb/s, 512 kb/s... according to the subscription. These flows also depend on a certain number of factors including/understanding, the length of the loop, its section and the interferences. The attenuation of line increases with its length, the frequency of the signal emitted as well as the narrowness of the cable. These speeds of transfer transform the existing telephone public network (limited to the voice, the text and graphics low resolution) into a powerful system able to support the multimedia one, including the video real time. Indeed, new wiring broad band will take decades to reach all the subscribers, without speaking about a hypothetical profitability. While transmitting films, programs of television, data of local area networks, and especially introducing the Internet into the houses, ADSL makes the markets viable and profitable for the companies of telephone and the suppliers of applications. In December 1998, an important stage was reached by the UIT (International Telecommunication Union) with regard to the standardization of systems DSL. The standard more awaited was the ADSL-Lite, which hiding place a version reduced of the ADSL. It is intended for the fast accesses to Internet and functions with flows lower than those of its elder
(which are however largely higher than those of maximum the V.92 modems in 55.600 kb/s). It is less complex to put in?uvre because it does not require a filter (splitter).
RADSL
With RADSL (Spleen Adaptive DSL), the speed transmission is fixed in an automatic and dynamic way, according to the quality of the line of communication. As a long time as it was a question of transfer of video data, he was out of question of varying the flow. In this precise case, it is necessary to make a synchronous treatment. However, since the failure of the VDT (Video Dial Tone), which has undergoes competition of the cabled TV and by satellite, other applications appeared:
y y y
architectures client/server the access to the remote networks the Internet and the multi-media one
These applications have two advantages, synchronization is not obligatory any more, and asymmetrical architecture becomes obvious (in measurement or one transmits more information in the direction serveur/client than in the other). The RADSL thus adapts its speed to the local conditions. RADSL would allow constant flows (ascending of 128kbps with 1Mbps and descendant of 600kbps with 7Mbps), for a maximum length of local loop of 5,4km (like the ADSL). RADSL is in the course of standardization by the ANSI. The organization considers technologies QAM, CAPE and DMT like modulations RADSL.
VDSL
VDSL is fastest of technologies xDSL. It is able to support, on a simple twisted pair, flows:
y y
On the other hand, the maximum length of the loop is only of 1,5km. This distance is very low but it can be increased by using optical fibre, of the supplier to a special optical terminal near to the user. From this terminal this last can be connected in VDSL (see figure below). With regard to the modulation, the two channels of data are separated from the bands used for telephony on the one hand, and from those used for the ISDN on the other hand. This would allow to the suppliers services to superimpose VDSL with the already existing services. For the hour it is considered that the two channels (ascending and descendant) are also separate in frequency.
The downward data could be transmitted to each final equipment (passive termination of network) or to a pivot which distributes the data to the final equipment (active termination of network).
For the ascending data, the multiplexing is more difficult. In a passive configuration, each final equipment must divide a common cable. A system of collision detection could be used, however, two other solutions can be considered. A first solution would consist so that the optical terminal sends screens to all the final equipment. These screens would authorize only one equipment to be communicated and for a certain period (TDMA Time Division Multiplexing Access). This equipment is recognized, thanks to the screen, and would transmit for this period. However, this method is heavy insofar as it implies to insert a certain latency between two authorizations and where it requires many bytes for its only protocol of operation (what reduces the productive flow).
The second method would consist to divide the ascending channel into various frequency bands and to associate each band final equipment (FDMA Frequency Division Multiplexing Access). This method has the advantage of being freed from any protocol of dialogue. However, it would limit to a value fixes the flow available of each final equipment. In conclusion, we saw that the increase in the band-width of the VDSL makes it possible to the supplier of access to offer services of television high definition and numerical video of quality, multi-media Internet and services LAN with the consumers.
HDSL
Symmetrical
3.6 km
HDSL 2
Symmetrical
1.544 Mbps
1.544 Mbps
3.6 km
SDSL
Symmetrical
768 Kbps
768 Kbps
3.6 km
SHDSL
Symmetrical
- 192 Kb/s with - 192 Kb/s with 2,3 Mb/s (a 2,3 Mb/s (a pair), pair), - 384 Kb/s to - 384 Kb/s to 4.6 Mb/s (two 4.6 Mb/s (two pairs) pairs) 128 Kbps With 9 Mbps
5 km
ADSL
Asymmetric DSL
Asymmetrical
16-640 Kbps
5.4 km
RADSL
0.6- 7 Mbps
5.4 km
VDSL
Asymmetrical
15-53 Mbps
1.3 km
subscriptions remain also definitely higher than those of the ADSL. This solution is to be recommended only for the zones not served by technologies DSL.
6.5. TV cable
This solution uses the network of cable television. The frequencies of transfer on these cables are spread out from 10 to 860 MHz but certain zones are blocked not to interfere with radio operator FM, military communications... On this broad spectrum, the tele chains numerical ones are gathered per packages of 8. Each one of these packages occupies a bandwidth of 8 MHz. On the other hand, the analogical chains of television cannot be gathered and also occupy 8 MHz. Two zones of frequencies are reserved for Internet, for the side going up, the other for the downward side. Flow of rising, broad part the 30 MHz, reached 128 kbs/s. In the direction going down, the flow varies according to the commercial offers between 512 and 768 kb/s but can go up to 1,500 Mbps. Contrary to the ADSL, this bandwidth is divided between all the users of the same section, typically several buildings.
network or optical fibre with limitations for high speeds. It is not inevitably independent of technology IP, but complementary. Technology ATM do not have in its structure of the emission and TO addresses. It governs only the low layers of OSI models in charge of transport.
Blocking by keys of the buttons of lighting, reset, access to the disk drive... although this is not most important. Connecting cables, must be fixed on the case or in a cable shelf, to prevent that the cables are not torn off by traction... It must be labeled.
fast disks hard to give information as soon as possible after a request of a connected customer, if possible multi-sessions, which implies connections SCSI. data security in the event of "crash landing disk" (breakdown supplements of a hard disk): unfolding of the discs by systems RAID data security in the event of breakdown of power supply or fall of tension: UPS data security in the event of breakdown supplements of a computer (daily safeguard) installation of discs, electronic board "hot plug". This means that the peripheral can be replaced whereas the server continues to function.
By seeing the list, this does not appear too difficult. Let us avoid the external aspect. This is related to the case on the one hand and... with the technicians, administrators networks for the aspect wiring: no wiring with goes quickly in the passages. Moreover, the computer rooms conceived for the servers networks are generally installed with a false floor, which makes it possible to pass the cables and provided below with a system fire-resistant with gas to freon, an inert gas. At the price of a bottle, avoid lighting your cigarette in these rooms. Temperature is generally under controlled of 18 centigrate. Each server is connected to a UPS, uninterruptible power supply (inverter). The inverter is of able to control the server (to stop it) in the event of or fall current failure of tension via a specialized program. It is also often the case of the HUBS and switch and external peripherals additional. The internal aspect is more complex. The hard disks are generally SCSI. This type of connection is hardly more powerful in station than hard disks E-IDE, except at the access times. On the other hand, connections SCSI are more powerful in multi-read. In the event of crash landing disc, one uses systems redundant of the discs (RAID). One writes the data on each discs (in an equivalent way), but one reads only on one disc. In the event of crash landing, one continues on the second disc. In the event of crash landing complete of a server, one can permanently couple 2 servers in the same way as the discs above. All these systems are known as RAID. For the power supply, one can use 2 coupled power supply (duplicated or redundant). In the event of breakdown of one, The other continues. Each one must thus be does not measure to feed the autonomous whole of manner. For the electronic boards, the PCI 64 makes it possible to remove or insert a board without switching off computer, provided that the server is installed with a compatible operating system (for example Win2000). The unfolding of each part of a
data-processing installation to guarantee that if one break down, the second part takes the place immediately calls the redundancy of the equipment. In short, there is job. On the level of the peripherals, we know of them already some. The backup tapes are practically always used, but not really as small safeguard if with speeds of transfer which have nothing to do with the bands of the types QIC of first year. Moreover, one finds into external cases containing the hard disks for example, always in RAID.
Let us check for example a network board bases 1000 (Ethernet Gigabits). As the connections network are of series type, one can divide the rate of transfer by 10, which makes us 8 per only one chart network a rate of transfer of 100 MB/s. Perhaps you think that there remains walk, but... hard disks SCSI are also connected via an interface on port PCI. Let us take for example, a connection hard disk Wide Ultra 3 SCSI (Ultra 160/m) which are able to transfer 160 MB/s: 100 MB/s + 160 MB/s = 260 MB/s, largely higher than the 132 MB/s of port PCI 32 bits. All the servers worthy of this name must thus use internal faster bus: the PCI-X. Developed jointly by principal the actor of the data-processing hardware, the servers use connections PCI on 64 bits (the rate of transfer is thus doubled). Moreover, common port PCI uses a speed of 33 MHz. Ports PCI-X go up to 533 MHz. This gives us a rate of transfer of 533 MB/s * 8 (port 64 bits) = 4256 MB/s for the whole of bus PCI-X. Generally, a server also accepts 1 or 2 port PCI 32 bits (chart screen for example or Ethernet 100 of reserve). The ports 64 bits accept generally only the charts 32 bits functioning in 3,3 V to recognize the ports 64 bits which accept charts PC 32 bits, it is enough to check if there are 2 notches (only charts 3,3 V) or 1 notch (accepts charts 3.3 and 5V) in part 32 bit of bus PCI 64 bits. With ports PCI-X, we find the awaited characteristics: speed and Hot plug (if the driver board allows it). A last precision, these boards and the installation of these bus are expensive. Each server does not include an office a PCI-X to 533 MHz. There are charts with 33, 66, 100 and 133 MHz. Moreover, many server do not include one, but 2 or three separate ports PCI-X. This also makes it possible to remove the necks. PCI-X 1.0 left in 1999, with a supply voltage of 3,3 V:
Bus Frequency PCI-X 1.0 Voltage 3,3 V Data Bus with 32 bits 64 bits 32 bits 100 Mhz 3,3 V 64 bits 32 bits 133 Mhz 3,3 V 64 bits 1064 Mb/s 800 MB/s 532 MB/s Band Width 264 MB/s 528 MB/s 400 MB/s
66 Mhz
3,3 V
Version PCX-2.0, left in 2002, is also fed in 1,5 V according to the versions. The boards are hot Plug.
Bus Frequency PCI-X 1.0 Voltage Data Bus with Band Width
66 Mhz
3,3 V
264 MB/s 528 MB/s 400 MB/s 800 MB/s 532 MB/s 1064 MB/s 1064 MB/s 2128 MB/s 2128 MB/s 4256 MB/s
3,3 V
100 Mhz 3,3 V
64 bits 32 bits 133 Mhz 3,3 V 64 bits 32 bits 266 Mhz 3,3 V / 1,5 V 64 bits 32 bits 533 Mhz 3,3 V / 1,5 V 64 bits
7.7.1. Introduction
The processor of a server is not office an animal of competition. A server dos not create multi-media-applications. Except for the servers of programs, the processors are generally "weak". A server of Web can at ease be satisfied with Pentium III, even of a CELERON. On the other hand, in the heavy applications, the manufacturers of processors moved towards two directions: specialized processors and the multiprocessor. Both are partly dependent. The current processors are 32 bits. This means that the instructions out of assembler that they read are coded on 32 bits. With the roadhogs of data processing, to increase the performances of a processor, you can either increase speed, or to double the number of instructions per cycle of clock. This solution already used, but the processors 64 bits use this possibility differently. Indeed, like the current processors, the programs are written in 32 bits. A processor 64 bits cannot thus read instructions 32 bits and screw poured. INTEL with its processor 64 bits ITANIUM left in July 2001 circumvented the problem by not taking the old
instructions 32 bits (that which we know). This required to rewrite the programs and operating systems or rather recompiler, i.e. to reconvert the program assembler 32 bits in 64 bits. Windows 64 bits exists for these processors, but few programs are really on the market. This reduces Intel Itanium to computer servers or very high range stations. AMD chose the opposite way. While creating a processor 64 bits kept compatibilities 32 bits. The AMD 64 bits thus carry out as much the current applications that the applications 64 bits. A last thing, the use out of bi-processor and superior requires an operating system adapted. Windows NT, 2000 and XP Pro are sold in manner specific. Novell obliges an additional option. UNIX - Linux is native multiprocessors, if the function is established according to the mother chart/OS. The versions "home" of the operating systems Microsoft (Win95,98 Me and XP Home) do not manage the multiprocessor.
7.7.2. INTEL
At INTEL, the processors specialized 32 BITS are of type XEON (more old Pentium Pro). Compared to Pentium normal (Pentium III, Pentium IV), INTEL generally inserts masks more important L1 and L2. To perfect work, the socket and the chipsets are different. Nevertheless, Pentium III could be used out of bi-processor. INTEL has to remove this possibility in an internal way, but not in the majority of the CELERON. Itanium and Itanium II are reserved for the demanding networks since they work in 64 bits. Notice, to add a second processor (on a mother chart which accepts it) requires a of the same processor speed and (in practice) of the same series of manufacture. This is not always easy to obtain. A last remark, with Pentium IV to 3.06 Ghz, INTEL includes from now on, L'hypertreading. This technique makes it possible to emulate two software processors in only one Pentium. The advantage would be related to speed but the various tests are mitigated enough, in particular because the application must be dedicated to this process in the case of workstations. On the other hand, this function is largely established in the ITANIUM and XEON. At the beginning of 2004, INTEL announces architecture NOCOMA for the XEON. This modified processor is a processor 32 bits able to carry out certain applications 64 bits. It is thus comparable with Opteron of AMD and positions between the normal XEON and the ITANIUM Full 64 bits.
7.7.3. AMD
AMD produced since September 2001 of the specific Athlon processors able to work out of bi-processors, with such a specific chipset him. They are Athlons of the type MP (multiprocessors). The opteron (version server of Athlon 64 bits) allowing to use to 8 processors simultaneously.
AMD develops 2 versions of its processor 64 bits: Opteron and Athlon 64 bits. Opteron, left in April 2003, is the version server station data-processing of high range, as well as Itanium and its successor Itanium II. Athlon 64 bits for stations left in September 2003. For recall, these processors are also compatible 32 bits and can thus be used with operating systems 32 usual bits. The principal modifications compared to K7 architecture comes from the number and the size of the registers (the working memories intern) which must support at the same time new instructions AMD64 of AMD and SSE of INTEL. Opteron are engraved in 0,13 , just like Athlons current, and use a specific socket of type 940. The L2 cache passes from 512K to 1 MB. Management memory does not deal any more with the chipset, but well directly with the processor which manages 2 benches (32 bits) of DDR333. Opteron uses 3 Hypertransports bus which can be connected directly to another processor (3,2 GB/s into bidirectional) that is to say with a chip managing the PCI-X or AGP. As Opteron is dedicated server, it is declined under 3 versions: 100, 200 and 800 which respectively have 0, 1 and 3 buses processors which can be used for machines using 1,2 and 8 opteron. Each version is declined in various speeds. Version 200 is currently the only available one with speeds of 1,4, 1,6 and 1,8 Ghz.
Structure standard SMP (UMA) The system bus was a long time the weak point of the SMP. Thus, the first multiprocessors made communicate the processors between-them via shared systems buses. Those quickly became saturated beyond some processors. The increase in the memory hiding place and the increase in the work frequency of this bus have made it possible to improve the performances of a server. Nevertheless, the upgrading capabilities of these buses are weak, the band-width remaining in all the cases constant. To work out evolutionary platforms, the manufacturers of processors worked on architectures with commutated buses. This A made it possible to create infrastructures of interconnection whose band-width could be increased by stages, thanks to additional switches. This type of connection is at the base of modular systems. The elementary components are not any more the processors, but boards girls Bi or quadri processors inserted in connectors on a basic central board. It is Sun which used this technique the first with a machine able to exploit until 64 microprocessors simultaneously. The board accommodating the girl board allows a flow of 12,8 GB/s and makes it possible to plug in until 16 boards four-processors. Each addition of boards four-processor sees the opening of channels of additional interconnection and thus an increase in the band-width. In system SUN, the memory is localised on each board girl. She thus seems held by board. In fact, all the accesses report are made by by the central bus, whether the access is on the same board girl or another. By this principle, technique SUN uses a technique SMP. Each manufacturer currently uses a technique if not identical, at least equivalent. Certain firms have nevertheless to insert a local controller on each board girl. In the PC world, it is INTEL (via repurchases) which is leader. INTEL uses a commutation controller of 2 buses of access report, of 2 buses to access to modules fourprocessors (the total is thus limited to two boards, that is to say 8 processors) and 1 bus of inputs/outputs. The whole is supplemented by cache accelerators. Another solution, currently deployed by Unisys consists in using an operating system per processor (architecture NUMA below). This currently makes it possible to use to 32 processors simultaneously, in Windows 2000-NT, Netware or UnixWare.
Structure NUMA Architecture NUMA makes it possible to use more processors. Technology makes it possible to gather groups of processors, using their own local memory, and to connect them between-them by buses able to deliver several giga Octets a second. By no uniform access to the memory, it should be understood here that a processor will not reach within the same times a data in memory if this one formed part of a local or distant memory. This difference in times is reduced nevertheless, thus gathering architectures UMA and NUMA. The memory is by the whole of the processors. This implies that system NUMA exploits a management of coherences of the memory hiding place able to take into account the whole of the processors attached to the platform. Technology multiprocessor is not based nevertheless solely on the bus management of connection. The communications on the buses of interconnection must also allow to maximize the treatment of the tasks between the processors. A last remark, and of size, architecture NUMA obliges that each processor makes turn its own operating system, whereas in case SMP, only one operating system turns for the whole of the processors. This thus dedicates NUMA for systems UNIX multiprocessors or owners and SMP for the world of servers INTEL - Windows, even AMD Opteron uses NUMA (Memory controller is included in processor).
8.1. Introduction.
The data (and its principal support, the hard disk) are of primary importance in all processing applications. In the case of servers computers, two directions are used to increase the speed and to guarantee reliability in the event of breakdown of a hard disk: the use of solutions SCSI for the storage and the establishment of the RAID. Both are generally established at the same time.
All this explains why speeds are higher than in IDE (even to rate of transfer are equivalent), with prices which vary at the same time. Standard SCSI evolved/moved, but one meets still almost all the standards according to apparatuses' to be connected. NARROW refers to a bus 8 bits, WIDE refers to a bus 16 bits.
Standards SCSI
Width drunk
(out of bits)
8
SE
LVD
HVD
Max. Number Numbers connection (not conducting included/understood the board controller)
SCSI (NARROW)
6m
25
SCSI 1
FAST NARROW SCSI Fast Wide SCSI 10 8 3m 50 7
20
16
3m
12 m
25 m
68 or 80
15
SCSI 2
Ultra SCSI Narrow Ultra SCSI Narrow 20 8 3m 50 3
20
1,5 m
50
68 or 80
40
40
16 bits
16 bits
3m
1,50
68 or 80 7
40
16 bits
12 m
25 m
68 or 80
15
40
8 bits
6m
50
80
16 bits
12 m
25 m
68 or 80
15
Ultra Wide 160 Ultra 3 SCSI or SCSI 5 Ultra Wide 320 SCSI 160 16 bits 12 m 68 or 80 15
16 bits
68 or 80
320
12 m
By comparison 80 wire (connector 40)
15
133
16 bits
The rate of transfer, the length of the cords, the number of wire and peripherals differs according to the standard. What it is important to know to order a cord or terminating:
1. The number of wire and the model of the connectors. 2. Standard SE, LVD or HVD.
All the other information is superfluous in the field of the connectors. SCSI 1 (NARROW SCSI): It is coded on 8 bits only SCSI 2 (WIDE SCSI): Coded on 16 bits it authorizes a rate of transfer up to 20 MB/s
Board SCSI 2 Adaptec AH 3940. This board is identical to one 2940 but has 2 distinct internal channels (RAID)
SCSI 3 DIFFERENTIAL: it uses cable of very good quality appair and conveys per pairs two signals, the useful signal being the difference between the two. There are 2 types of differential chains:
the HVD (High Voltage Differential) which works under 5 volts and makes it possible to reach lengths of chain of 25 m whereas UltraWide does not make it possible to exceed 6 Mr. Used especially in professional configurations. the LVD (Low Voltage Differential) which works under 3,3 volts and makes it possible to reach 12 m length of chain. It uses tablecloths internal LVD, cords LVD, terminating external LVD and terminating interns LVD.
The connector industry is specific to each 3 standard: the cords and the tablecloths intern do not have the same impedance in Ultra Wide, HVD or LVD. The terminating ones also are different. One thus should not mix the various types of cords and terminating between them, especially the HVD incompatible with the remainder. However standard LVD makes it possible to connect peripherals not LVD on the board host and contrary connecting components LVD on a board host not LVD. Of course the flows will not be in this case those of the LVD. The standard Ultra 2 SCSI LVD is an extension of the SCSI 3. On the connector industry plan the signals are conveyed in two wire at the same time, the useful signal being the difference between the two. This method is also used in Ethernet connection (amongst other things). Cords LVD must of high quality and with the good impedance. Theoretical maximum speed is 80 MB/s. The Ultra standard 3 SCSI or Ultra 160/m or SCSI 5 (SCSI PARALLEL INTERFACES SPI-3):
The Ultra 160/m is a specific establishment of the Ultra standard 3 SCSI and retains only 3 elements of this standard: 1. Rate of transfer doubled compared to Ultra the 2 SCSI: 160 Mo/s instead of 80 Mo/s. 2. Physical test of bus SCSI by the controller, with starting, allowing to determine the speed of work according to the various elements of chain SCSI. It goes without saying that the quality of the cords and terminating will play a decisive part in the total speed of the chain. 3. Cyclic redundancy check (CRC) which allows the control of errors in the transmission of the data. In fact the essential characteristics characterize the Ultra 160/m, it "/m" means that this standard is manageable (physical test and CRC). The designation used for Ultra the 2 SCSI, LVD, is unsuitable because Ultra the 3 SCSI are him also LVD. It uses the same connectors, therefore cords and terminating are identical, but must be more still here of excellent quality, taking into account the very high flows. One can also use 15 peripherals over an overall length of 12 m. It is manageable because a board Ultra 160/m will be able to manage peripherals connected in the same chain with different speeds, by respecting their respective speeds: 80 Mo/s for Ultra the 2 SCSI AND 160 Mo/s for the 160/m. Ainsi it is the rule of the weakest link which determines the total speed of the chain disappears. Conversely a controller Ultra 2 SCSI will be able to also manage the 2 standards at the same time, but at single 80 Mo/s. Conclusion: total compatibility enters the 2 standards.
The Ultra standard 320 SCSI (SCSI PARALLEL INTERFACES SPI-4) : This new standard enriches while keeping the specifications by the preceding standard Ultra 160/m:
Transfer of units of information (IU transfer or packetization). Information independent of the data flow, for example the orders exchanged between the board host and the hard disk, is transferred at the nominal speed is 320 Mo/s. Multiplexing of inputs/outputs tasks without awaiting the phase of BUS FREE. Continuity of the data flow without phases of inertia and optimized exploitation of the channels available. - the chain of orders for the sending of a package of data is simplified and the various stages are fewer, from where an improvement of the rates of transfers. Correction of the signal of data compared to the clock signal (skew compensation). Skew is the difference in time in the routing of two different signals coming from the same transmitter towards two targets different located in the same bus from treatment. It can be a question of a board host emitting of the different signals towards two hard disks located on same chain SCSI. To maintain the logic of the system, the time between the two signals is arbitrated by a clock signal. The speed of treatment makes that all the peripherals Ultra 320 achieve a compensation in reception mode because a variation of a nanosecond can make the difference between a valid signal and an incorrect transmission.
DB 25
External Centronix 50 male (more pine than the connector centronix printing standard)
SUB 50 male
Connector DB68HD
Hard disk (intern or external) Safeguard on tapes (DAT, DLT...) in-house or external Scanner (external)
The choice of the number of peripheral is done either by bridging, or by a rotary selector. The address must be single on the same cable or rather on the same controller. Indeed, the internal and external peripherals generally divide the same controller. The end of the connection of the external peripherals must end in a resistance of termination specific to the type of connection SCSI. Indeed, for the external peripherals, connection is chained. One begins from the controller towards the peripheral. The following cable passes from the peripheral to the following peripheral. In certain peripherals, the termination is included in the peripherals (bridging to insert to activate it). The standard cables intern take again generally only 3 connectors but models taking again more peripherals are in the trade. Generally, one does not mix peripherals SCSI of various types, nevertheless special terminations make it possible to chain peripherals NARROW (50 pine) with ULTRA WIDE (68 pine), as well in-house as into external.
pass by a combination of both. The solutions suggested can be gathered in six great families, of Raid 0 with RAID 5.
The total capacity is equivalent to the sum of the capacities of each hard disks (of identical capacities).
Writing
Reading
8.4.3. RAID 2
RAID 2 rests on a bunch with several discs of parity and a synchronization of the access. This technology is used little from its complexity and the overcost which it involves. It is identical to RAID 0 with an integrated control of the data. One generally uses 3 discs of control for 4 discs of data. The method of correction is the ECC (same that memories). Nevertheless, all hard disks SCSI include this control of error, from where anecdotic character of this mode. This technology were not marketed in an industrial way.
8.4.4. RAID 3
RAID 3 is based on group of hard drives identical with a storage unit reserved to the storage of the bit of parity. If the disc of parity breaks down, one finds oneself in RAID 0. The data security is established little. Attention, the disc of parity is 2 times more used than the other discs.
8.4.5. RAID 4
RAID 4 is different from RAID 3 by an asynchronous management of the units. Even if the accesses function in parallel on the various units, the disc of parity is more often requested. This implies in RAID 3 a bottleneck. The only difference with RAID 3 is the structure of the data established on the discs.
Into writing, the data are broken up into blocks of small size and distributed on the various discs composing RAID 4. At the same time, the parity check is registered on the disc dedicated for this purpose.
Reading:
Advantages:
o
o o o o
Parity: algorithmic process allowing the system to reconstitute a defective or missing data starting from the information of parity memorized during the writing. A subsystem in RAID 4 presents a report/ratio capacity performance interesting investment. The performances in reading of the piles of discs of level RAID 4 are excellent (comparable with those of the level RAID 0). Since there is not duplication of the data, but only recording of the corresponding data of parity, the cost per megabyte of a solution of level RAID mode 4 remains reasonable.
Defaults:
o
The defect major comes from the update of the data of parity which degrades the performances of Raid 4. For this reason, RAID 5 is always preferred with the systems RAID of level 4.
8.4.6. RAID 5
RAID 5 is connected with RAID 4 with a bit of parity distributed on the whole of the units of the bunch, thus removing the famous bottleneck while profiting from the performances of asynchronous management. This mode corresponds to the aggregate by bands with parity under NT4 or 2000 Server. The discs work all as much. At the time of a hot plug of a hard disk, the data are recreated starting from the other hard disks.
Advantages:
o o o o
Disadvantages:
o o
Applications:
o o
The applications which use the random E/S of manner on small volumes Typically servers of data bases
RAID 6 uses a double parity. This system makes it possible to work with 2 defective hard disks, with inevitably a loss of performances. RAID 7 puts in plays several discs of data coupled with 1 or several discs of parity. the control of the data and the memory hiding place and the calculation of the parity is done by a microcontrolor. This gives performances until 50 % faster than in the other RAID modes. This solution is a trade mark of Storage Computer Corporation RAID 10 establishes the striping (RAID 0) coupled with Mirroring (RAID 1). Excellent but expensive solution of fault tolerance. This system is surest and fastest. Nevertheless, its difficulty of implementation and the price return it used little.
This manner of proceeding allows the operating system to use several discs in RAID mode without dedicated hardware. On the other hand, by using a hardware (with the associated driver) adequate, all the operating systems can work in RAID in theory. For recall, the operating systems "personal" of Microsoft do not draw either part of the possibilities of the SCSI, in particular for the transfer by simultaneous DMA of data enter hard drives.
9.1. Introduction.
This chapter treats methods of safeguard of the servers data (back-up). If they are obsolete for the office computer, the tape readers are the essential elements of the storage in network. The technology of these tape readers passes by speed transmissions up to 200 MB/s with capacities active until Tetra (1000 GB). Hard disks servers connection in RAID gets a pretence of safeguard, or rather a false sense of security. In the world networks, if the data of the discs can be recovered under certain conditions (RAID 1, RAID 5), an attack by virus, a malevolent intrusion or the flight of a computer directly involve losses of data and production. In the case of a PC "stand alone" (not connected in network) of professional use, the conservation of the data at all costs had been largely detailed in the course of first. In the case of the discs servers, the problem is equivalent into worse. Firstly, the users make whole confidence with the network (and especially with the network administrator) for the data backups. Indeed, the safeguards are normally daily on the servers. Secondly, the networks applications are often too large to be individuality safeguarded (place, access...) An essential point in the safeguards lies in the use by the users or other programs of the files all confused types. It is of primary importance that users leave the network when they leave work. If a file is used by a station, it will not be safeguarded. With the types RAID 1, we saw that we can cut hard drives of the users. Discs is thus accessible in read/write for the users while second is used only by the system of safeguard. When the backup is finished, the 2 discs are resynchronizes and the system RAID returns in operational mode 2 hard disks.
In these three cases, the discs in RAID are not useful to you with nothing.
YES
NOT
Long
short
long - short
Yes
YES/NOT
NOT YES
Defect
problem on a tape
problem on a tape, Obligatory change of the obligatory change of the bands each time, length bands each time
RESTORATION Each safeguard until the A safeguard until the complete last complete last A safeguard as a whole defective
type of recovery
Very of a blow
Risks
missing file
Let us mix the methods of safeguards with the particular aspect of the use of the data on the server. The strategies below can be complete on the disc or by part (files). Moreover, it can be mixed. A strategy of interesting safeguard of the data remains a followed regular complete safeguard of a safeguard differential day. Unfortunately, this poses two problems. The first is the periodicity of a complete safeguard. The longer it is, the more the differential backup will take time. And the second is precisely the duration of a differential backup. A second consists in making a complete backup per month, follow-up of an incremental backup per week and a differential per week. This strategy is flexible, but requires the use of many sets of different bands. A third consists in making a complete backup system per month, a differential backup on the files important each day and an incremental daily newspaper on the other files (documents users). This strategy seems the best but it obliges each day to start two backup different. Indeed the programs of safeguard are generally not conceived to mix at the same session two types of backup. You can nevertheless write on the same daily tape the differential file and the incremental file. A last thing concerning the use of the bands. Change band every days. The bands must be duplicated. An even series and an odd series. In this manner, if a band of Monday is defective, that of previous Monday will not be it. The plays of safeguard should not be in the same part (and even in the same building) as the server. Think of the flight or fire hazards for example.
Monday Tuesday Wednesday Thursday Friday Saturday dim. Monday Tuesday Wednesday Thursday Frida Type Diff. Diff. 21h Diff. 21h Diff. 21h Diff. 21h Compl. 20h Yes Ma1 Me1 Je1 Ve1 Com1 Lu2 Ma2 Me2 Je2 Ve2 Diff. 21h Diff. 21h Diff. 21h Diff. 21h Diff. 21h
In our case, the backup of Friday is a differential. It can be replaced by that of Saturday if there are no activities saturdays in the company. This avoids a displacement of the personnel for... changing the bands.
bandage Lu1
Ma1
Me1
Je1
Ve1
Sa1
Ma2
Me2
Je2
Type
Diff.
Diff.
Diff.
Diff.
Diff.
Diff.
Diff.
Diff.
Diff.
bandage Lu3
The strategy resembles that office automation. RAID or not in week depends on the incidence of the safeguard on the work of the factory. Sunday takes again either a complete safeguard, or an incremental safeguard. This also depends on the incidence of the backup on the operation of the company. On the other hand, first Sunday of the month is a complete safeguard on 2 sets of bands with share. It is necessary to find balance between safety, the duration of a safeguard and the incidence on the operation of the production equipments. Not question of stopping the factory two hours under pretext of safeguard data.
The writing is done by groups of 128 KB with a correction of error. At the time of the restoration, the band reads the entirety of the group (including the correction) before writing the data on the disc.
DAT data cartridges exist in 2 formats: DDS and Data DAT. System DDS is most current.
Standard DDS DDS-1 DDS-2 DDS-3 DDS-4 DDS-5 Capacity 2 GB 2/4 GB 4/8 GB 12/24 GB 20/40 GB 36/72 GB Rate of transfer max. 55 KB/s 0,55/1,1 MB/s 0,55/1,1 MB/s 1,1/2,2 MB/s 1,1/2,2 MB/s 1,5 / 3 MB/s
Standard
Interface
Rate of transfer max. 32 MB /min. 60 MB /min. 60 MB /min. 120 MB /min. 360 MB /min. 4 MB /s (10 in compressed) 6 MB/S (12 in compressed) 12 MB/S (31 compressed) 30 MB /s (78 in compressed)
Form Factor
Type of Band
MTBF (hours)
3"5
8 mm HEART
300.000
AIT-2
50/130 GB
3"5
8 mm HEART
300.000
AIT-3
100/260 GB
SCSI 160
3"5
8 mm HEART
400.000
KNOWS
500 GB/1,3 TB
SCSI 320
5"25
1/2 HEART
500.000
For recall, the MTBF is Mean Times between Failures, average time between two breakdowns.
Standard
Media
Interface
DLT 2000 DLT 4000 DLT 7000 DLT-4 (VS-80) DLT-4 (VS-160) DLT-V4
SCSI SCSI SCSI DLTtape IV DLTtape VS1 DLTtape VS1 Wide Ultra SCSI-2 SCSI SCSI
DLT-S4
800/1600 GB
DLT-S4
Ultra-SCSI 320
120 MB/s
220 GB
320 GB
600 GB
(2:1 of compression)
Rate of transfer (DTR) Compressed DTR MEDIA 11 MB /s 22 MB /s SDLT I ULTRA2 SCSI LVD 16 MB /s 32 MB /s SDLT I Ultra2 SCSI 32 MB/s 64 MB /s SDLT II Ultra 320 SCSI
INTERFACE
HVD
DATE TR1 2001
Optical fibre
TR3 2003
9.13.6. Libraries
The chapter would not be complete without mentioning the libraries. They are tape readers including several bands established in an external charger (as in the CD chargers) or provided with a drawer by band.
If they can be established as solution standard backup, their principal use consists in filing the data which (or not often) are not employed too much. The data are recognized as forming part of the hard disk but are not physically stored above. When you read such a file, it is taken again starting from the bands to be transferred on the disc. At the end of the day generally, the program takes again all the files not used for a certain time to insert them on the tapes. The bookshop thus makes function of disc at low prices. A similar solution is established under Netware Novell which compresses the files the least most often used on the hard disk, increasing the disk space to decompress them in the event of use.
Like option for these apparatuses, let us quote the discs Hot Plug (extractable hot), systems RAID, discs SCSI, synchronization of the rights of access with the privileges users existing on the server. Like all apparatuses networks, one will find redundant power supply ...
10.1. Introduction
This chapter treats communications and safety measures between computers. More the current relates to connection towards Internet (Firewall, VPN) but also of the remote takeover of computer or network starting from a computer connected to a telephone line or via Internet (division of remote discs for example), remote work... All these connections can be treated in hardware or software, the 2 possibilities exist systematically. We will see in detail the hardware possibilities. This will prepare us following the course: structure of a network.
10.2. Risks
A short recall on the risks of safety (virus, hacking...).
more of the attached files. The only fact of passing on the mall with the mouse is enough to start the virus. 5. Bios virus. Not very many, but the worst for a technician. These viruses attack the BIOS at beginning a flashage from this one. As the flashage is not correct, the mother chart is unusable without changing the flash Rom. All Bios flashables include a function in the SETUP which makes it possible to prevent such a handling. Moreover, of many mother charts include a bridging to prevent in manner hardware this function. Prefer the manner hardware. 6. Hoax. Regularly, I receives alarms for unknown virus which announce an unknown file in Windows, virus not detected by the traditional antivirus. Before erasing the file, you say that a virus not detected by the principal antivirus, it is a little as if Gainsbourg had never been detected by the breathalyser tests and check on the sites of the editors of antivirus.
The first method consists in injecting a program in your computer (via a mail for example). This server process program will react to any request of a customer (the program of that which tests the intrusion) via a port TCP or UDP. The ports are specific to each Trojan (also called backdoor). I leave you with the sites specialized for the list of the worm and their specific ports. This exceeds the framework of this course hardware. As these programs are easily findable on Internet, any kid is able to use them in practice, on the other hand, it requires that a program is established in your computer or a PC of the network. In short, if the customer is not established in the system, not risk. The second method consists in using faults of safety in furbished Microsoft, that it is in the operating system Windows, Internet explorer or Outlook (all versions confused). Definitely more difficult, this solution is reserved to the professionals. This allowed a site tests of firewall to open my remote CDRom reader. With a firewall software on the station and the network protected by a firewall hardware, I however felt safe rather. The solution consists in following SERVICE PACK of safety of Microsoft (when the new versions do not open other faults) Of the third, by far most underhand, the method consists in modifying information in screen TCP/IP of a correct message so that the PC (or the router) attacked believes that information comes indeed from the site required as in the diagrams below. To counter these attacks, it is necessary imperatively that the screens all is analyzed before the reading by the navigator. The goals are multiple: flights of information and in many cases, used this PC like relay for other attacks. The target detects then the attack like coming from the "hacked" PC.
They are both of the programs which use Internet To explore to carry out various commercial tasks with title. These types of programs are not regarded as viruses. They thus neither are detected, nor removed by an antivirus! Free software is downloadable on Internet to remove them.
10.2.5. Microsoft.
One regularly finds problems of safety in the operating systems, the navigators and the programs of Mall of Microsoft. This is used for the intrusions, as for the proliferation of the viruses. The only solution is the update of your program on the site of Microsoft. Probably the worst. Appeared with Windows XP and To explore 6.0, each movement on Internet is analyzed. This is not too spring of a course hardware.
type. This software also ensures the safety of connections. In this last case, the PC ensuring the division receives 2 network cards. A last remark, in the case of a simple division via the operating system Windows, each computer can require connection, but connection can be cut only on the PC connected to Internet. This does not pose problems in ADSL, but attention with the telephone calls in RTC or ISDN. It is nevertheless possible to ask to cut connection Internet after a certain lapse of time. In small Option Internet To explore, choose the order option Internet. Select connection (My connection below) and click on the button parameters. In the following window, select the "advanced" button. Notch the Disconnect box so inactive during and type the number of minutes wished.
Various software or hardware nevertheless will be connected between the network and Internet, either to ensure the safety, or to ensure the speed of connection. These apparatuses (software) provide various functions of connection.
According to diagrams' above, each station has its own address TCP/IP (X.X.X.X.@station1 and X.X.X.X@station2). In the same way, the supplier of access automatically provides an address TCP/IP to connection. At the time of a request for posting of a site, referred by a clean address TCP/IP, for example 238.128.128.128 which we will name by X.X.X.X@site. At the time of the request for posting, station 1 sends to the apparatus of connection its own address (for the answer) and site addresses it which she wants to post (X.X.X.X@site). The supplier of access and all the components of Internet network will manage so that information of the site is returned to address TCP/IP Internet provided by the supplier of access (X.X.X.X.@ISP) which returns them to the apparatus of connection. This one will make the transfer of its own address Internet towards the private address of station 1. Operation, though complex in an internal way, is not too difficult to implement with the current software. This method is used by the division of connection Internet established in Windows 98 SE, Millenium, 2000 or XP. This solution is not very protected. Each address of the connected PC is visible of Internet. This practice is used for small divisions of family connections Internet out of modem STN or ADSL with modem USB.
This solution of division Internet uses a PC relay between the network and Internet. The PC uses 2 networks cart. A NIC is connected towards the internal network, the second network card is connected to a modem Ethernet RJ45. The software can be Wingate, some professional solutions (Symantec for example) or a solution containing Linux. This diagram is used by Windows 2003 and 2008 server. The PC relay must remain connected so that connection Internet functions. The software provides various functions: NAT (Network Address Translation), proxy (mask) and even firewall. The firewall if it is directly established (Linux) is of functionality identical to a firewall hardware. You can also install on this PC relay a firewall software of the type Zonealame Pro (the free version does not function in network).
This software solution of division forms part of the other courses of second year, in particular Linux. I thus do not return in the details.
The use of Internet is completely transparent for the network. The router remains connected permanently. This hides the internal network (addresses PC and peripherals) for outside, but does not prevent the risks of intrusion. Indeed, separately the hidden addresses (NAT), the stations are directly connected on Internet. A Trojan on a station will communicate through the network in a completely transparent way. It is even probable that the hacker will not realize that it is in a network that at the time of the takeover of the PC when it has access to all the divisions of files and peripherals. This gives a pretence of safety, hardly more.
This diagram represents almost the solution of ideal safety (almost worries me). The router and the firewall can be included in the same case. The modem can be integrated in the router or be connected between this one and Internet. This solution will be examined in a exercise of chapter 17. Divide and connection Internet via a router - firewall mode ADSL RJ45 Ethernet. Safety does not rest on the assembly but on the manner of parameterize the firewall. This is valid for all the solutions of safety firewall.
The firewall in contact with Internet will let pass information on port TCP 80 (possibly 443) coming from the outside of the site, as well as information coming from the internal site towards Internet. In the case of a Web server, the first firewall avoids the attacks outside. Ports 20 and 21 for example could be closed. On the other hand, information coming from outside will pass is by the external firewall, then by server DMZ (case of a PC bastion) then by the second firewall. It is not the maximum level of safety, but the hacker is found with 2 to see 3 barriers to be opened.
10.5. Firewall
10.5.1. Introduction.
The firewall protect the processing installations from hacking. A firewall supervises the communications of computers towards Internet and screw poured. For that, it analyzes, blocks or authorizes the communications via ports UDP and TCP. This is valid for connections Internet, but also between various parts of an internal network. A broad part of the "intrusions" are orchestrated interior of the company. Think for example of the employee who has just received his notice... One finds 2 types of firewall: software firewall and the firewall hardware. The parameter setting of the software firewall does not form part of this course hardware, I will not be delayed there. In applications Internet, to facilitate the communications between identical applications, one uses ports as well in TCP as in UDP. Each port is specific to a type of application. Navigation is done by port 80 and the news by port 119 for example. The parameter setting consists in opening doors (ports) necessary to the normal applications according to the emission or TO addresses IP (at exit) (addresses of the sites). As of this moment, it seems to to me clear that all the others must be closed. By definition, the intrusion is always done by the weakest entry of the protection of the network. This is similar with the safety of a building. That is not used for nothing to put doors armored everywhere, if the window of behind remainder opened permanently.
related to Microsoft, they do not protect either from the faults of safety of the programs and operating system. By analyzing the data trame, they also refused the intrusions by do-it-yourself of the addresses. On the other hand, even if all the ports not used are closed, the programs which use the standard ports can work without problems. Worms (Trojan) which would use port 80 will not be to in no case blocked, it is regarded as a completely standard application. The spyware and adware using port 80 are not thus to in no case taken into account by a firewall hardware. 2 protections below are generally integrated in the firewall material: Statefull Packet Inspection: Allows the firewall to compare a package of data entering with the packages having previously been regarded as "healthy". Content Filtering : In particular allows to control the accesses to the Web by filters (based on lists of Internet addresses, words key or time beaches of connection). An optimal safety would be thus a firewall hardware between the network and Internet and a software firewall on each station. Nevertheless, the firewall intern in the case of heavy networks poses problems on the level user. With the slightest warning (even useless of type DHCP on port UDP 68), the administrator will be called (or not...) by the user. Currently various firms manufacture networks cards which include a firewall hardware.
the reception of the message. For that, the firewall guard in tables of connection active sessions. In the contrary case, the message is purely blocked. The firewall can include also various options such as the proxy. A proxy is a hard disk space on which the usually required pages are stored. Each provider uses a proxy for connections. At the time of a request, the proxy checks if the page is not in memory. In the positive case, the page is returned to the request without remote loading starting from the site. This makes it possible to save time at the time of the remote loadings. This solution is also used in some firewall or router. If the user is not in direct contact with the site, its address IP could not be analyzed. Though certain sites say some, it is not really a safety since the addresses with hacker are often determined by a addresses scanning on Internet. On the other hand, in the case of the firewall which do not return orders PING, this allows the attacker to determine that the address is actually used if the proxy is not in function. Notice that use ICQ or MSN Messenger also makes it possible to determine your address TCP/IP even more easily, the list appears on the site. The filtering of sites is established in the majority of the firewall hardware. This makes it possible to block the outgoing accesses of the addresses of sites or even of the addresses containing a word. You can for example block the sites whose name included sex, meets or KAZAA.
This function requires the installation of an additional component of Windows: server of access remote network and allows the use of files on discs divided via a modem (always RTC or ISDN). Connection to allow the entry is also done via a password and the starting of this server of remote access via the part access remote network. Certain office automation programs (in particular Works of Microsoft) also include transfer transfer functions of files. Windows XP also established a function of remote order taking, by hoping that here also there are no faults of safety.
tunnel made safe on Internet which prevents any form of hacking. This solution is the only usable one for a connection via ADSL connection requires 3 things:
1. A particular software on the customer (virtual private Network installed like component of Windows or specific program) 2. A material hardware of the type VPN connected between Internet and the corporate network (possibly Windows 2000 or XP) 3. An address Internet TCP/IP fixed or at least known at the time of connection.
The first two constraints seem easy. We will speak again of the apparatus. The third requires, that is to say an Internet site and thus a clean server connected on Internet, even if connection must be done on another server or a specific subscription making it possible to have a fixed address Internet TCP/IP. In the case of a normal subscription ADSL, the address changes with each connection and the maximum after a few tens of hours following the provider. The amateurs will be able nevertheless to use some solutions to know address TCP/IP of connection to one moment given on specific sites for example and to communicate it via telephone or mall. This solution is not very possible for a connection 24h/24h. One distinguishes several models from VPN. The majority of the models hardware allow only one tunnel between 2 network installation fixed. They thus do not allow the domestic industry (though publicities imply). The models more expensive also allow remote work. The mode of encoding can be MPLS or IP-Dryness (IP Security). Encoding is done only between the two VPN. Certain methods of tunnel, in particular Over IP (with the difference of tunnel IP) make it possible to make forward other protocols such as IPX in the tunnel. In the case of the use of a VPN, you cannot make safe your network by preventing the division of the resources via TCP/IP. Indeed, for small networks, you can establish in parallel with TCP/IP the protocols IPX or Netbui and configure protocol TCP/IP network on the network card so that it does not allow the division of the resources. The VPN makes it possible to use at distances all the resources of the network (files, applications and peripherals of the printer type) as if you were directly connected on the network. According to the apparatus (of the software solutions exist, in particular in Win2000 server), the VPN will carry out several tasks like below the series of Symantec Gateway security.
A footbridge (gateway) towards Internet (function of router Internet), a function of firewall to block the intrusions, an integrated antivirus and function VPN to create tunnel Internet via, generally operation is in conformity with the specifications of IPsec encoding of the stations customer. The VPN will provide a local address to a PC connected on Internet this one then automatically will be integrated in the network. Attention, the parameter setting of this type of apparatus on level VPN is generally more pointed since it makes it possible for example to accept the data returning on an address but to refuse the outgoing entries.
When all the levels are solved, you can directly connect two internal networks VIA Internet. It is currently the only viable solution (without completely dedicated and rented lines) for this kind of applications. It is also, at least in Belgium in the zones connected to the ADSL, the best solution for the telecommuting (work starting from its residence).
hard disk of 20 GB of data, one thus needs 20.000.000/800 = 25.000 seconds, that is to say nearly 7 hours. The return is done even more slowly, with 512 kb/s maximum for the ADSL, that is to say 16 X slower. Not very effective. The second solution consists in saving on various supports the starting data (CD, DVD, bands) and safeguarding only the important files or that files modified via tunneling Internet. The second method returns to an incremental or differential safeguard with their respective defects. In the event of problem, one repatriates by vehicle the basic safeguard and one recovers the files safeguarded later. These systems can save the data each day in different files or the same file (by crushing the oldest files. The safeguard is compressed and encrypted at least with 128 bits, therefore protected. It is practically impossible to recover the data without the various keys. On the level SAFETY, this solution thus seems good. The defects make nevertheless important. The first comes from the data security (even if they are encrypted) since the data are on a site which does not belong to you. The second problem comes from the flow of transfer of the data in emission (even compressed) and even more in reception. As the tunneling requires a hardware or an application software, check the effective cost of this solution of not very orthodox safeguard. This principle functions only with servers networks working in TCP/IP. In short, not inevitably an intelligent solution for the safeguard of a complete server but a manner of being encumbered task more safeguards for small capacities. This solution could be also installed between two servers networks of the same company but distant by using a connection VPN. This reduces the cost of the person receiving benefits but requests of fixed connections Internet by IP and is thus possible only for the large companies.
11.1.Introduction
This chapter could be included in the Ethernet networks connections. Nevertheless, as wireless connection is rather evolutionary, I chose to make specifics parts. Wireless connections permit to connect various equipments ... without wire. Connection perhaps either of the hertzian type, or by infra-red light. The connections will infra red require that the transmitter and the receiver are on the same line (look at themselves), which is not always hollowing out. These connections were used (without much success) for the keyboards and the mice but are established in certain printers.
The wireless network connections have taken, for a few years, very an other direction, the simultaneous connection of several apparatuses between-them. They can be various printers, scanners and peripherals or even of networks. The difficulty of implementation holds of the zone of reception, related on the power of the transmitter, the detection of the receiver (from where a protocol defining this one clearly) and of the data security transmitted. This safety must hold account of the checking of the transmitted data but also of the encoding of the data. Nothing is used for to make safe a network if a simple hertzian receiver could pump all the data circulating on the network. Currently, several types of networks "without wire" are on the market for current distributions. Connection Internet by satellite are seen in a chapter with share. The solutions hertzian pose problems of environment that few manufacturers announce. There is to only walk in an industrial building (out of sheet) to realize that the environment poses which problems of connections GSM for example. The maximum distances provided by the manufacturers speak about discovered grounds, which is seldom the case in the dwellings or companies, even if it is possible to install external antennas in many cases. The environments disturbed by electromagnetic fields (electric machines of strong powers) pose the same problems as in traditional wiring networks. In many cases, it will be necessary to mix solutions with wiring network and microwave link.
11.2. Bluetooth
This type of wireless connection allows hard cover two apparatuses via a microwave link. These apparatuses can be numerical cameras, PDA, printers,.. Bluetooth exploits the frequency band of the 2,45 Ghz ISM (Industrial, Scientific & Medical) which is normally free of right for the majority of the countries. The number of distinct frequencies used is 79. You could thus use 79 different networks in the same part. The flow of connection is of maximum 1 Mb/s for distant peripherals of maximum 4 meters and 75 kb/s for higher distances. The maximum distance is 10 meters, but can reach in certain cases 100 meters. Indeed, Bluetooth technology defines 2 categories of powers radio frequency for the personal networks, the short beach (0 dBm) which authorizes distances up to 10 meters and the average beach (+ 20 dBm) which carries up to 100 meters. The radio connection supports at the same time the data transmission and vocal with a maximum speed of data of 72 kb/s, which is in practice the maximum rate. Made safe, this connection is transparent only if the two apparatuses know each other. Each peripheral east receives a code with manufacture on six bytes : three first appointing the manufacturer and the three others the machine. Indeed, each apparatus bluetooth can be decontaminated for an automatic connection or be activated for only certain apparatuses. The peripherals thus use protection systems avoiding the transfer of unauthorized data. Nevertheless, safety is often decontaminated by defect and the hacking is thus possible to recover for example the data of the address book of a GSM or a PDA starting from another apparatus or to use the GSM of the neighbor for a connection Internet.
Within a network bluetooth, an apparatus is useful of Master and until 7 peripherals slaves which divide the band-width. It is possible in theory to make communicate until 10 groups of apparatuses, that is to say 80 apparatuses. On the contrary connections IEEE 802.11, this type of connection is not dedicated for the connections networks (even if it is possible). It makes it possible for example to connect a PDA directly to Notebook or a GSM.
The method of catch of line is of type CSMA/CA, identical to the Ethernet networks. A large difference all the same. When a transmitting station on a telegraphic connection Ethernet, it is with the listening of all the stations on the cable, which could not be the case in a microwave link. Indeed, the fact that 2 stations can be connected on the central node does not include that the stations can communicate directly between them if the distance is too important. For that, one uses the mechanism of "Virtual Carrier Sense". A station wanting to emit transmits a small package called RTS (Request To Send), which indicates the source, the destination and the duration of the transmission. The station answers, if it is free, by a package of control called CTS (Clear To Send) which includes same information of duration. All the stations which receive a RTS or a CTS start an indicator of Virtual Carrier Sense (called VOR - Network Allocation Vector) for a certain duration. Practically all the component makers networks include such apparatuses in their catalogue. The maximum distance in outside east of 503 m to 1 Mbps in outside and of 152 m in 1 Mbps in interior. A router WIFI can be used of router or bridge. He generally uses 2 directional antennas. The networks adaptaters are specific, with an external antenna. Below the photograph of a router Wifi de D-Link.
and 802.11 B+ (in the same mark). The central point adapts its speed according to the connected peripheral, allowing to customers 802.11 B to connect itself.
11.9. 802.11N
In development (2006), this normalization must reach 100 - 200 Mb/s.
12.1. Introduction.
The European electrical supply network is fed in 240 V alternate. On the other hand, the equipment (PC and computing peripherals) are supplied with D.C. current according to various values, but of low voltage (generally included/understood between + 12 and -12V). To transform voltage of the electrical supply network into acceptable voltage by the electronic instruments, a power supply is used. In first years, we saw an assembly power supply by rectifying bridge . The efficiency (the relationship
between the consumption and the power returned uninterrupted) of this power supply per rectifying bridge (4 diodes) after passage by a transformer is too weak. The power supply used in data processing is of type "switching" . This principle is not only adapted to the power supply, but also in inverter. The conventional power supply generally has an efficiency close to 50 %, until 80 % for the switching power supply.
We start from an alternative voltage and let us rectify it by a bridge of diodes without intermediate transformer. At exit, the continues voltage is about 230 V (330 V at a peak). The bridge is followed of a condenser to smooth the voltage (230V continuous). The following component is a transformer: a transformer traversed by a D.C. current with the primary education does not produce any signal with the secondary. On the other hand, if you make pass an alternating voltage to the primary education of a transformer, it arises from it with the secondary an of the same voltage forms but different value (a division according to the report/ratio numbers reels inputs/outputs). With what can thus serve this transformer well? Just on the outlet side of the transformer, a transistor is placed. This one will chop the voltage, inducing a discontinuous voltage in the transformer and thus will make pass from the
current. Chopping is controlled by the control circuit which is present at the secondary. Contrary to the circuit above, the base of the transistor is generally connected to the control circuit by a second transformer which completely isolates the exit (connected on the electrical appliance) from the entry (electrical supply network). This avoids problems in the event of overpressures on the electrical supply network. Let us see operation. With the starting of the power supply, an impulse starts a certain discontinuous voltage. This voltage will initially induce to feed the control circuit which will start to make chop the continues voltage at the boundaries of the transformer.
The more the proportion of chopping will be large on the trigger of the transistor (or bases in the case of a bipolar transistor), the more the output voltage will be large. The control circuit will vary this cutting according to the output voltage of the power supply and thus to control this voltage. A small remark before continuing. As the bridge is directly on 230 V alternate, consider that half of the assembly is under 230 V. As the departure of the assembly is a rectified voltage (continues), this assembly also makes it possible to start directly of a continuous voltage (batteries).
3. Under voltage, lower voltage than that for which the power supply is conceived and the power supply cannot provide one sufficient power. In the case of the power supply for PC, it go down at least until 180 V under voltage is generally caused by a sudden increase in electric consumption on the network by the starting of heavy electric devices: engines, compressors, elevators... but also by a too significant distance compared to the high-voltage cabin. 4. Transients . Interfering signals forwarding at the same time as the basic electric signal, these transients can reach until 4000 V but are generally definitely weaker 5. Micro cuts . Weak cuts of the electric signal during a few milliseconds. 6. Peaks: overpressures of very weak duration (less than 1/120 second), but of intensity being able to reach 4000 V and more. They are caused by the stop of various machines of strong powers (air-conditioners, electric household appliances...) which dissipate the surplus voltage on the network. Here also, one attends a wear of the components. 7. The lightning . An abrupt and significant overpressure. The lightning comes from weather phenomena (storms), on the electrical supply network and the telephone network. The third source of the lightning goes up ground and there, you can almost nothing make, no effective protection does not exist really even if that represents less than 1% of the cases. These increase of voltages of the ground are often localized in the same zone (a district for example). How will behave our switching power supply in these cases: In the event of complete voltage cut, the switching power supply cannot supply the PC In overpressure any more, cutting will control the output voltage (with a voltage of entry until 280 V for the PC), as long as that does not last too a long time. In transients, after a first rectification, one can hope that it is reduced. The transformer will completely let it pass and the second condenser (often coupled to a coil of smoothing) should remove it (would have). In practice, part of these transients pass PC power supply ATX. It is the same for the peaks for voltage. In the case of the micro cuts, the condensers act as shield partly. For the lightning, directly think of changing and the following power supply and charts. In short, a part is protected, but not all.
12.5. UPS
A UPS (Uninterruptible Power Supply or Inverter) includes batteries which supply the processing equipments connected at the time of an interruption of current, fact office of circuit breakers and on the whole regularize the network. One distinguishes three types of inverters:
y y y
In the three cases, they can be provided with a connection (series or USB) which, via a software installed on computer PC, the computer at the time of an interruption of current stops properly. An inverter does not have an inexhaustible resource and generally stops after 10 minutes. In the case of a server, connection towards the PC makes it possible to correctly stop the applications before extinguishing the server. The inverter stops the power supply of the server when it is extinct. By an option in certain BIOS, one can ask to start again the PC when the power supply network returns. The duration of the safeguard depends on the power of the UPS, expressed VA from there (and not in Watt). Consider that for a given installation, the power of the UPS for a 10 minutes safeguard must be of P installation (Watt) X 1,6. For an installation of 350 Watt (server + monitor), the UPS must thus make minimum 350 X 1,6 = 560 VA. If the power used by the installation is higher than VA from the UPS, the inverter risk either to be destroyed, or to put itself in safety. In the same way, avoid connecting printers laser, the current consumption all at the beginning of the impression is very significant and is likely to damage the UPS. Remain the batteries. It are generally with lead in 12 V, settings sometimes in series to reach 24V and parallel to allow one duration of longer safeguard. From their design, the batteries must regularly be completely discharged to avoid a ratchet effect which makes them unusable, on average every 6 months.
Some inverter includes protection for the of cables network and of telephones. APC even left the redundantly UPS (duplicated) for the of server, one is never too careful. The OTHER large one of market MGE should emergency long in doing it. You cannot in no case to use an inverter to protect a laser printer. This is related to the excessive consumption of these printers at the time of impression starting.
Voltage regulation In black, evolution of the electrical supply network, in green the output voltage of the inverter
Off-line technology is the least expensive and thus most current. The electric voltage passes by a relay. The output voltage is then filtered to accept certain variations of voltages and to remove a part of the parasites. At the same time, the batteries 12 V are reloaded via the converter. When the voltage on the network disappears (or decreases below 176 V or higher than 280 V), the relay opens and the alternative output voltage 220 V - 240 V east recreate starting from batteries 12 or 24 V. The reaction time is relatively high, considering the time of closing or opening of the relays. These electric apparatuses of regulation do not control the micro cuts of the network.
Voltage regulation
The electrical supply network passes initially by a filtering of the transients. If the network supply is sufficient (above 176 V), the network passes by the booster rocket which does not intervene. When the voltage remains sufficiently a long time in under voltage, the booster rocket will inject a voltage via the continuous/alternate converter for "booster rocket" the network fed for a short period. When the voltage of the electrical supply network passes below 176 V, the inverter starts completely by opening the relay of entry (more power provided towards outside). In the case of the regulation of voltage, in the event of lower then 205 V, the booster rocket sends a voltage on the whole of the assembly for a short period (same if this voltage can be repetitive). In the event of is fall of voltage under 176 V, the voltage supply of the PC done only via the batteries.
The operation of an On-Line UPS is definitely different. The voltage of entry is systematically rectified and permanently supplies the batteries. This voltage recreates then a output voltage 240 V In the event of cut or of fall of voltage, the batteries ensure the power supply of the continuous/alternate converter. In the event of under voltage, the output voltage is at the same time created starting from the batteries and of the network, which is not the case of the UPS Off-line. Unfortunately, the batteries are practically requested all the time. They thus are more often changed. As the batteries are worth easily 2/3 of a price of a new equipment ... These equipments use also 2 circuit of by-pass. The first circuit of bypass makes it possible to pass in addition to inverter. This manual possibility makes it possible to supply the equipments without passing by the UPS (UPS breakdown for example). The second by-pass functions a little like the off-line UPS and makes it possible to save the lifespan of the batteries.
entry
Surge outlets
Off-line UPS
On-line UPS Power Supply by batteries and network Power supply by the network and the batteries so necessary
< 180V
180 - 220 V
Normal operation
According to the model, simple voltage regulation or complete intervention of the batteries the values is decided with the design
220 - 240 V
Normal operation According to the model, simple voltage regulation or complete intervention of the batteries the values is decided with the design Operation by batteries. Operation by batteries Operation by batteries, attention and cut of with the times of opening of the the circuit relay. breaker (Reset obligatory) completely removed completely removed Power Supply by electric network
240 - 280 V
Normal operation
> 280 V
Abrupt cut
Abrupt cut
Partial filtering
Partial filtering
Electric protection remains a compromise between the price of the protection equipment and the importance of the material to be protected. The safety of a processing server of company requires an inverter online at least, whereas a micro-computer is probably satisfied with a circuit breaker. Lost one hour of production costs definitely more than the price of an inverter. In order to to ensure longer batteries protections, you cannot plug laser printers in an inverter. In this case, the only possibility of electric protection is a surge only outlets. UPS protect only computer and its screen.
levels of safety (hardware) so that each PC of a department cannot (except authorization by workstation) be connected on another department. This solution of protection will be coupled in practice with software protections which are included in the other courses "Technician PC/network". The departments are 1. Building 1: 80 PC of manufacture (not of access Internet) and 1 server with a dedicated software. Outdistance maximum with the server 100 meters which we will call Fabrication. This department gathers manufacture, stocks, management of transport... It is the department to be protected. A stop of factory of 1 a.m. costs definitely more expensive the company than a 2 days stop of accountancy. 2. Building 1: 10 commercial computers for orders and 1 dedicated server. Some of them can have access to the service of the server of manufacture on a radius of 30 meters. No access Internet, nor towards building 2. We will call this department orders 3. Building 2: 10 administrative PC: direction, accountancy... on a radius of 30 meters. Valley will call this Administration department 4. Building 2: 10 commercial. and various services on a radius of 30 meters. We will call this commercial department. Building 2 shelters a small file server (documents Word, Excel...) and a server of application (accountancy), called administrative server. Certain PC can have access to the server "management of order". Building 2 (administration and commercial) must have an access made safe on Internet via a line ADSL. It must be possible for the commercial ones to be connected to the server of the remote company via Internet. I do not speak about safety via passwords, but well parameter setting TCP/IP or computer equipment. It is definitely surer, even if the passwords users are far from being optional. Give the diagram of the installation taking again the servers, concentrators used (hub, switch, router, a number of ports), types of connections, cables right or crossed... If you use a HUB or a switch, explain. I explicitly do not ask for the mark and the apparatus of each concentrator. Isn't attention what a switch of 80 ports, it current, manageable? The installation of the network must be complete, think of the safety measures of installing (electric protections, safeguard) and of the types of servers used. As computer equipment network can break down, the material must be standardized (for example switch) so that one can use a minimum of material of reserve: standard maximum of concentrators in the same way and capacity for the whole of the network to use only one apparatus of replacement for all the company. I do not ask for the parameter settings of the apparatuses, just the structure of the Ethernet network.
You do not occupy too much the budget, but choose the characteristics as a responsible data-processing manager (not need to use of Ethernet gigabit on optical fiber to connect the stations).
2. Global architecture.
To facilitate the installation of the architecture of our network, let us examine the apparatuses to be implemented. We will use the following drawings to facilitate the analysis of the total diagram of the network.
Server
Switch manageable: to authorize (or block) certain connection of PC towards PC (or rather of groups of PC), in more of the passwords sessions users managed by the operating system Here a DGS 3224, 20 ports 10/100 and 2 gigabit ports base of them T (copper) of Dlink
Router without Wifi wire, usable like router and bridge. We could use simple a switch without wire in our case.
A Cable RJ 45 Cross
modem router ADSL, here a tornado Copperjet 812. It can be used like simple modem in bridge mode
A firewall - VPN (here a series 100 of Symantec) gives the division of the connection Internet and access of outside to the corporate network
Router firewall integrated allows of protected connections by blocking certain ports and/or certain beaches of addresses.
a simple router
UPS (here APC Safeguard on tape 420W, a little SDLT (here weak for a server): Quantum models) electric protection Let us analyze the problem according to the various parts and authorized directions of communication. This will divide the problem and approximately will plan the apparatuses to be used on the level connection, routing and safety. The departments administration and commercial are not very different. They use both: Internet (it is only), the same servers (a file server and a small server of application). On the other hand, a computer of the administration must be able to be connected on the department orders (but not on the department manufacture), the commercial department cannot in no case to connect itself on the departments orders and manufacture. The access of Internet towards the servers of building 2 (administration and commercial) obliges us to use a firewall VPN for connection Internet (here a series 100 of Symantec) and a modem ADSL (here a tornado 812 used in bridge (see chapter 17). With the 20 computers included in building 2, there does not need a very powerful, but sufficiently protected apparatus. As the access of outside is possible, connection must be of fixed type IP. This gives us a good walk of operation for connections.
In black authorized communications (even with blockings), in red those which should be blocked. Ca gives a good idea of the total structure of the installation. The road between the two buildings will block us with a connection on copper or optical fibre. We will have to already use a connection without wire, of type WIFI 802.11B with 11 Mb/s (possibly 802.11B+ with 22 Mb/.s). As speeds of communications are not too important, the use of 100 base T (possibly 1000 Base T for the servers) is sufficient for the whole of the network.
Another solution to block the access "Manufacture" - "administrative" would be of protected the wireless network according to the Mac addresses of the department administration computers Here our diagrams material network for building 2.
The number of switch 24 ports for the manufacture part was voluntarily reduced for the clearness of the diagram. It would be necessary minimum 4 of them for us, even 5 to have lines of reserves. The use of only one switch of 96 ports could pose problems length of cables and in the event of breakdown of this only apparatus, all manufacture would be blocked. The use of multiples switch 24 ports makes it possible to have of them 1 of concerning the whole of the building. For recall, a number of HUBS (less constraint for the switch) is limited to maximum 2 between 2 PC into 100 base T (even if if more is often used), the server manufacture must be connected on the first switch of manufacture The use of a router firewall between the switch and connection WIFI 802.11B is not necessary if a firewall is installed other side. They would make double employment (what is not too serious) but would oblige a more complex configuration of the infrastructure.
This solution is definitely more expensive (but protected). It makes it possible nevertheless to connect the servers in 1000 bases T on the switch manageable. The distances between each PC, servers and concentrators are respected since that in 100 base T in 1000 bases T, the maximum distance is 100 meters. For recall, the switch manageable generally work with the MAC addresses. In the event of breakdown of a PC with standard exchange (what is made in practice to minimize the stop), one is likely to have to reprogram the switch. It is not inevitably level of all the maintenance men of factory (without counting the passwords administrators to parameterize the switch). On the other hand, certain models accept the regrouping of station according to protocol IGMP.
For the safeguard of the data, we will use tapes of the type DAT or Super DLT for the capacities of these technologies, but also on the level speed of safeguard.
We could still add on the diagrams of the small UPS for certain stations or concentrators, according to desideratas' of the company.
In this case, we replace a switch manageable by simple a switch (with others of the same type used on the whole of the network) and more any firewall as a whole of the network (with share the VPN for Internet). This solution is not to consider for a factory of 500 PC, but well for average structures. The users of networks NOVELL will probably privilege this solution.
14.1. Introduction.
Are gathered here a whole of hardware technologies which are more or less in the course of designs and other not easily classable technologies in the other chapters.
reach the house at side. It is the same problem with the apparatuses to supervise the infants of the type "baby phone". To transport the electrical current on long distance, the electric tension is increased to reduce the losses of energy. It is what is called high voltage the lines which exceed 5000 V to pass from the tension 230 V to the high voltage, and live and poured, one uses a transformer. These transformers reduce (or increase) the interfering signals and the digital signals at the same time as the tension of the network. Moreover, from the effect of coil of a transformer, the shape of the signals is modified. This explains the problems of connections Internet by electrical supply network currently met under development at EDF in France. With the chapter on electrical supply protections networks, we also know that this one is traversed by many parasites. In the mediums "machines", this solution is likely to pose serious problems.
The Ethernet connection through the electrical supply network (Ethernet Over Power Line) uses specific equipments that take care of the transfer of the signals via the power line. Other side, the apparatus is provided with a traditional connection Ethernet 10/100 which is connected on the chart networks of the PC, Hubs, switch... The maximum capacity of this type of installation is of maximum 14 Mbps, that is to say a little more than Wifi 802.11B to 10 Mps. The maximum distance is currently limited to 200 meters. But the characteristics should evolve/move in the next months (semi-2003). The method of communication uses a modulation of the type OFDM (Orthogonal Frequency Division Multiplexing) already used in the standard 802.11a. This technology integrates many functions, like the management of QoS (classes of priority, controls latency, and adaptation of the rates of transmission to the travel time of a package). This solution makes it possible via other equipments to connect directly via port USB of the PC while forwarding by the electrical supply network. The speed is limited here by that of the port USB 1.1 which is 12 Mb/S, a little slower. In this case each PC to be connected receives an interface.
At the beginning of the networks, the connections used telephone wire. Just reward of the things, the connections networks will accept the telephone links and, in general, the way on networks TCP/IP. A distinction before starting. It is imperatively necessary to dissociate VoIP and ToIP. In the first case, the Ethernet network makes it possible to make forward the word. In the second case, software makes it possible "to telephone" via Internet network. ToIP is thus related to the software than with the infrastructure network. The advantage is especially related to the long-range communications (via Internet). Nevertheless, this solution also functions on the internal cable network of the company with a communication towards operators using a particular telephone exchange on the site of the company (allowing to connect telephones within the company), making forward signal TCP/IP voice on Internet network to reinject it on either another connection Voice/Over IP, or like a normal telephone call. VOiP uses telephones (and telephone exchanges) particular. Technology currently evolves/moves with corrections, in particular on the level of the losses of packages, problems of echo, transfer time of the voice or even of the variations of times between the various parts of the aural signal, which made sometimes the message incomprehensible. Several protocols are currently used: . H 323: the standard currently most widespread but guaranteed not a quality of the service. This technology (hardware and software) is in particular used by Net meeting of Microsoft. . SIP (session Protocol Initiation): new standard closer to the data-processing world than of telephony, the messages are of similar format to a text application (like navigation HTTP). This guarantees a better quality of reception of the signal. This protocol also allows a better establishment in the programs. SIP consists of 8 routines: Invite, Register, Bye, ack, chancel, options, subscribe and notify. Coupled to XML, it carries out to under-potocole IPTML (Final IP Markup Language). The whole of the 2 should make it possible to gather texts, sounds, videos in the same transfer of data.
The reader should not thus think too much in term of communication Internet, but well in telephone term of connection forwarding on Internet.
15.1. Introduction.
In first year, we had approached CRT monitors and the flat-faced monitors. These technologies are largely widespread. To perfect our knowledge, let us see the two other types "screening": the touch monitor and the video projector.
y y
a tactile paving stone installed on the internal monitor of manner (in the past, one found panel with fixed on monitor but they disappeared). It provides a power according to a matrix which indicates the place precisely where one supports. a controller who allows to indicate the exact place and sends it as for a click mouse towards the PC via the port series or USB a software which emulates a mouse according to the signals provided by the controller.
The tactile paving stone is cut according to lines and columns. The lines and the columns are separate. When a point is pressed, the line and the column where one supports come into contact making short-circuit. The controller determines the place according to the line and the column.
For example, if we support on the intersection of lines 1 and columns 3, the flow of these 2 only lines is cut. This determines the exact position where the finger is posed. On the first touch monitors, one even directly posed a grid on the front face of the cathode ray tube. Since, several types of touch monitors are developed. Each one has its advantages and its defects.
The touch monitors answer the pressure of a finger or a pen. They generally include/understand a base out of glass or acrylic resin which is traversed by a grid containing of the resistive and conductive layers. The interior layer is separated by invisible points. These monitors are generally the least expensive. Nevertheless, their clearness is less compared to a normal monitor. They are nevertheless very solid, including under chemical conditions or liquids. Application: chemical restaurants, factories, some medical applications.
15.2.4. Capacitive.
The capacitive tactile paving stones consist of a surface out of glass traversed by a grid of capacitive load. With the difference of the resistive monitors, the fingers cannot be used on this type of monitors. You must obligatorily use a conductive special pen. While supporting on a given place, one creates a capacitive connection which modifies the frequency of an oscillating circuit following the place of the impact. This frequency (or rather the difference) is used to determine the place. These monitors are solid with an excellent clearness. They are usable in practically all the environments.
15.2.5. Comparison
Surface Acoustic Wave means good Finger or broad pen do not resist water, likely of moulds
Infra-red
Capacitive
Durability
very high
very high
1024 * 768 1280 * 1024 1920 * 1080 1920 * 1200 2048 * 1536
The videos projectors generally integrate several connectors of entry, as well dataprocessing as video. Certain projectors allow the use of a laser mouse which replace the mouse directly on the projection monitor. High speakers are sometimes added in the case. They are insufficient for normal presentations. Certain projectors make it possible to reverse the image. This makes it possible to hang the projector with the ceiling with back. One finds in the market of the TV-Hifi of monitors LCD (or even monitor plasma) of the same type as the monitors. This technology was already seen in first. One finds three technology: LCD, CRT and DMD.
15.3.3. Projectors DMD (DIGITAL Micro mirror Device) or DLP (DIGITAL Processing Light)
Invented by Texas Instrument, technology DLP rests on a matrix of mirrors called DMD. It east is similar with that of the LCD, except that the crystals liquid are replaced by small mirrors controlled by transistors. The mirrors rotate on their axis to determine which light is projected along an axis from + 10 A DMD chip makes approximately 2 cm 2 and contains between 500.000 and 1.300.000 microphone-mirrors. The luminosity is higher than that of the LCD with a rate of excellent contrast (though lower than that of the tri-tube). This technology is integrated so much in home cinema than in data-processing video projection and will replace technology LCD in the long term. Nevertheless, as for projectors LCD, the lifespan of the lamp (and its price) makes it not easily usable for an intensive use.
The light is projected by the lamp on an optics of correction. It crosses then a chromatic wheel (separation of the colors) which is again corrected by an optics of control. System DMD controlled by the chart with processor DLP then will transmit (or not) towards the monitor via a lens of projection. The chromatic wheel with some side effects on the image in particular a small effect of flutter.
17. Exercise: connection router - firewall hardware with an ADSL RJ45 modem.
17.1. Introduction - 17.2. Modem ADSL Tornado Copperjet 812 - 17.3. Router - Firewall Hardware - Switch - 17.4. Parameter setting network and Internet of the connected PC 17.5. Log of a connection Internet.
17.1. Introduction
Without the practice, the theory is not used for large thing. This Internet connection sharing exercise takes again the connection and the parameter setting of a router - firewall material with a modem ADSL RJ45 (a router used like bridge, simple modem ADSL), the whole connected to an Ethernet network. This protected professional installation is reserved for the companies.
If you buy a modem directly with your web access supplier, not of problem, it is configured thanks to a specific file. On the other hand, if you buy an equipment outside, you must practically reinvent the wheel, without technical support. The tricks given here will be used to facilitate the life for other connections ADSL. Parameters Internet given below are specific to the Internet Access supplier SKYNET (Belgium).
Maybe, connection directly on a PC provided with a chart network Ethernet 10 (or 100). In this case, the apparatus is used as modem ADSL.
We will use a similar connection to the second solution. The second apparatus (a firewall - router Hardware) below will be used him as router and the Tornado router will be used in "Pont mode" (finally like simple modem). Notice the difference in connection to the level of cable RJ45. In the case of a PC, one uses a cross cable RJ45. In our case, as it acts of a router and not of a HUB, we will also use a cross cable. Modems TORNADO are solid but have a complex documentation systematically and... a configuration using an application software. This often poses problems with the new operating systems (incompatible programs). Modem ADSL must be directly connected on a chart network to be configured. The installation of the program is with the range of any processing user. After the installation, one finds 2 software: one of configuration and a monitor. You can check by the monitor the version hard firmware. As models itself can be parameterized only of direct connection, let us start with this one.
The use of this modem requires the loading of one profiles (a specific file). Let us click on Edit/new profiles to create such profiles. Once the recorded file, the following window appears. Here all modes of use of this modem. We will see them in turn, with each time the use and the configurations.
1.address IP Lan: defined by the user in class 3 of IP addresses, is 192.168.0.0. to 192.168.255.255. This corresponds to the beach of the internal addresses network. Let us decide for example 192.168.1.2.We will take again this address in all the following cases. 2. Subnet mask: mask sub-network. In the majority of the cases, this mask is 255.255.255.0 3. The address gateway, is the address of the footbridge, typically that of the router: Let us take 192.168.1.1. 4. VPI/VCI. First problem, these data are seldom provided 5. PCR (Peek Cell Misses). This number must lie here between 0 and 500.000. As this represents maximum speed, I type 500000. Notice that in another router, the default value was 864000. 6. Packet Filter: filtering of the data, either no (by defect), or lets pass only packets PPP (Forward), or only IP. Leave by defect in the majority of the cases. Leave the other default settings. 7. DNS relay must be address TCP/IP of the modem in the event of bridged., but it is not necessary in this mode
This mode makes it possible to make a bridge between a local area network and a network WAN at fixed address IP. The parameters are practically identical, except that: You must specify the address Wan (Internet). In the case of a connection ADSL with address TCP/IP fixes, it is the working method. You can also use in this case the modem out of server DHCP (configuration automatic addresses TCP/IP). The data are identical to the bridged mode for the remainder.
This mode PPPoA and the PPPoE following is used for a direct connection Internet (case where the modem is directly connected on a network adapter. In Europe, the PPPoE mode and the PPoA mode can both beings employed. This depends on the modem type and of web provider. In theory, the PPPoE mode is used by modems RJ45, PPPoA for modem USB. By configuring a TORNADO 810 (successor of the 812 introduced here, firewall integrated), the configuration on a subscription tiscali.be functioned only with the PPPoA mode. A large difference compared to the preceding modes, you must type here the login and the password provided by the supplier of access. For recall, the login is a loginfourni@provider In the case of skynet, it will be of the gv52222@SKYNET type. The password is that provided by the supplier of access (provider). Protocol PAP/CHAP is to be tested for each supplier. VPI/VCI is specific to the supplier. NAT (translation of address) must be notched when your address LAN differs from your address WAN, which is in the large majority of the cases the case. The program asks for the type of connection here. In our case, it is Ethernet and us stoppers the address and the usual mask: 198.162.1.2 - 255.255.255.0. This address is necessary for later configuration (case of a direct connection). Type address DNS relay. This one must be the address provided in DNS in the local area network (on each station), but it is not obligatory to type one of them, in particular in the operating systems 2000, XP and superiors
17.2.4. Mode PPPoE (Not To Point Protocol Over Ethernet), mode by defect in Europe for a direct connection.
The configuration is identical to that PPPoA, except the NAT is of notched office and that protocol PAP/CHAP does not exist, which is logical. 1. Username, for example gv52222@SKYNET 2. Password provided by the internet provider or supplier of access 3. VPI/VCI: 8/35, following the supplier of access (more often country). 4. NAT with notching. 5. Ethernet in our case, always address 198.162.1.2.. and under mask 255.255.255.0 6. DNS relay. This one must be the address provided in DNS in the local area network (on each station), but it is not obligatory to type one of them, in particular in the operating systems 2000, XP and superiors who include it automatically.
In the case of a connection per router, the mode used is bridged, in the case of a connection by HUB or on line, the mode of connection is PPPoE. The only difference between a direct connection and a connection HUB is related to the footbridge which can be indicated in the configuration of the PC (it is not always necessary). In parameters, to select TCP/IP on chart network and to type address TCP/IP of the footbridge, in our case 200.1.1.1. (do not forget to click on adding). And here is for the modem. This part will be enough for all connections modems ADSL. For the small modems, retain at least parameters VPI/VCI.
One finds address DHCP server, finishing by 0 with always under mask 255.255.255.0. The Serveur address is thus 198.162.1.0. For recall, the DHCP makes it possible an apparatus to provide to all the apparatuses connected on the network an address IP. Arrange determines the beach of address which will be allotted to the stations. In our case, 198.162.1.10 to 198.162.1.30 The Routers address is obligatorily that given to the modem, that is to say 198.162.1.2
Several apparatuses of this type exist in practically all the marks. Some with integrated modem, others without... the choice is sufficiently broad.
These apparatuses are configured by telnet or an interface Web, directly by typing the address of the apparatus in the bar of address Internet To explore. In the apparatus above, you must configure your connection TCP/IP PC to obtain an automatic at least address TCP/IP or to form part of the same group is 192.168.1.X by knowing that by defect the address of the router is 192.168.1.1. In the parameters of connections Internet To explore, do not use a proxy at this stage, if not, you will not have an access to the router (or if not, use "Not for the local addresses" with the address of the router in option).
After having typed the address of the apparatus in the bar, connection is done, with a login and a password specific to the apparatus.
Use PPPoE Yes (Inevitably). Username and password are provided by the supplier of access. The Name Service is sometimes provided by the supplier of access, if not, do not put anything. "Connect one demand" makes it possible to cut connection (and of reconnected) after 120 minutes, but less is clearly advised. If subscription ADSL envisages a fixed address TCP/IP Internet, it must have returned in "Fixed Address". This second part makes it possible to configure the TCP/IP. Either your address TCP/IP Internet is provided automatically by the supplier of access (Obtain IP address Automatically), or it fixed and is provided by this one. Primary parameters DNS and secondary are provided by your supplier of access. Those above are those of Skynet.
For Planet Internet, the primary education DNS is 194.119.232.3 and 194.119.232.2. For Tiscali (Belgium), the primary DNS is 212.35.2.1, the secondary DNS is 212.35.2.2. All these parameters can change. Parameters DNS sunken here must correspond to those established in the DNS of your network adapter, under penalty of not being able surfer (but other connections function).
Other configuration make it possible to modify the passwords and the internal hour of the router. This last option is used by the function firewall.
Inevitably, you authorize protection firewall. By defect, you leave (forward) connections of the LAN (network interns) to Wan (Internet). In the contrary case, it is difficult in the event of blocking which port is blocked. The following parameter setting makes it possible to block incomplete connections TCP/IP starting from a certain number per minutes (one is never too careful). The attacks DoS (Denied of Service) are massive attacks of incomplete screens on a given address Internet. The target tries to rebuild the messages lower than 64 bits and finally "collapses" under the workload. Port 139 is used in NETBIOS by the division of resources Windows the network (with 137 and 138). To avoid the division of resources (hard disk and repertories via Internet): Not. Enable remote management ... makes it possible to configure the router via Internet, not very advisable, only in limited durations. The last order makes it possible not to answer the orders of the Ping type coming from Internet (addresses IP scanning, orders DOS Ping).
Other orders make it possible to prohibit beaches of addresses or ports of Lan towards Internet and screw poured. The following part makes it possible to send a mall at a given address (here mine) if there is an attack or even in the lower case to send by mall the file LOG.
By posting properties TCP/IP of this chart network, one obtains the following window
The IP Address makes it possible either to leave the automatic address (by DHCP), or to specify it. In the case of an automatic address, the configuration of the stations is automated. There are thus no risks to have conflicts of address. On the other hand, the specification of an address has several advantages. Firstly, this makes it possible to find via its single address which PC tries indelicate connections. Secondly, while playing on the firewall, one can use the TCP/IP and refuse that certain PC (via their address IP) are connected on Internet. For example, one can authorize addresses 192.168.1.1 to 192.168.1.100 to connect oneself, but not addresses 192.168.1.101 to 192.168.1.255. The mask of sub-network must be always to parameterize into 255.255.255.0. In the case of division with a PC under Microsoft Windows XP, it is almost the only method of possible connection. Notice that if you do not wish that a PC can be connected on Internet, it is enough not to use TPC/IP as protocol, for example to use NETBUI or IPX for connections networks. These PC consequently are completely hidden in the event of intrusion on the network (except by takeover of a remote PC). The Configuration Wins parameters is of no importance here. Let us interest in the gateway. It must be indicated like that of the router, that is to say in our case: 192.168.1.1. Connection generally goes without but this facilitates connection. Configuration DNS is not obligatory but of many connections do not function without. By practice, I insert it. It must be identical to that established in the router (if not Internet To explore does not function). The field and host name is of no importance but must be indicated under Windows 98. The parameters below are those of Skynet. Attention, return initially the primary education DNS and then the secondary DNS. Those of Planet Internet are in order 194.119.232.3 and 194.119.232.2.
After having to start again the PC (at least out of Windows 98), it any more but does not remain to parameterize the connection Internet for this division of connection ADSL by router.
Notch the box "I want to manually configure my connection or by using a local area network" LAN ". Then "By using a local area network. Leave at this stage the proxy automatically. If your transport is already configured, you do not need more to configure it. In the same , click on the button "Lan Parameters".
To use the proxy your supplier of access (here Skynet), notch the corresponding box and type the address provided by the FAI. In this case, if you use specific connections (the banking software ISABEL for example) or wish to have access to the configuration of the router starting from this PC, you must notch the box "not to use a server proxy for the local addresses and click on the button" Advanced ".
In the exceptions, type address IP of the router and the various desired exceptions. Once these modifications accepted, your connection functions automatically.
Some precautions nevertheless, strip the box "Check the messages every 30 minutes" in the parameters of your transport. Indeed, as the communication towards Internet is transparent, any program can be connected on Internet when he wants. With this option, connection remains permanently open what can cause risks of safety (even if the firewall protects a broad part of the communications, better is worth to remain careful).
FC-CLI 1371 TCP Fujitsu Config Protocol IANA official port or? Kill May 07 07:58:44 2002 - policy rule - TCP ] - [ discard ] [ wan, 213.36.127.59, 192.168.1.152:1371
A ping, there is which has fun. Kill May 07 10:37:42 2002 - ICMP attack - ICMP ] - [ discard ] Kill May 07 10:37:45 2002 - ICMP attack - ICMP ] - [ discard ] [ wan, 213.36.100.179, 217.136.190.170:0 [ wan, 213.36.100.179, 217.136.190.170:0
From a PC, always the same one. As the attempts at exit occurred more, rather an application which a Trojan (is not necessary to be paranoiac but lucid) 6667 TCP Trinity 6667 TCP 6667 TCP ircd 6667 TCP WinSatan Schedule Agent
Kill DEC 17 18:27:40 2002 - policy rule - TCP discard ] Kill DEC 17 18:27:42 2002 - policy rule - TCP discard ] ...
-[ -[
Plays coming from outside Kill DEC 17 18:08:08 2002 - policy rule - UDP [ wan, 80.200.150.123,217.136.155.190:27015] -[discard ] Why not test with PC anywhere pcanywherestat 5632 TCP pcANYWHEREstat IANA pcanywherestat 5632 UDP pcANYWHEREstat IANA
[wan, 217.136.191.74,
Unknown but precisely, not official. Wed DEC 18 13:44:57 2002 - policy rule - TCP [ wan, 193.201.103.100, 192.168.1.27:2193 ] - [ discard ] Wed DEC 18 20:42:37 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.7:1223] - [ discard ] Wed DEC 18 20:42:37 2002 - policy rule - TCP [ wan, 80.200.248.201, 192.168.1.68:1233] - [ discard ] Fri DEC 20 15:42:00 2002 - policy rule - TCP [ wan, 193.201.103.91, 192.168.1.152:3524 ] - [ discard ] Official IANA Wed DEC 18 14:06:11 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.4:2845] - [ discard ] Wed DEC 18 14:36:18 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.4:2848] - [ discard ]
Official IANA for software of control remote of server http://www.folio.com (not sure that it is logical) and always on the same PC in Win2000 Fri DEC 20 16:13:48 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.27:2242] - [ discard ] Fri DEC 20 16:28:48 2002 - policy rule - TCP [ wan, 80.200.248.200, 192.168.1.27:2242] - [ discard ]
31789 UDP Hack' a' Tack Trojan Wed DEC 18 14:40:20 2002 - policy rule - UDP 217.136.155.190:31789] - [discard ] Thu DEC 19 01:35:59 2002 - policy rule - UDP [discard] Thu DEC 19 17:47:39 2002 - policy rule - TCP [discard] [wan, 217.136.26.127, [wan, 80.247.133.42, 80.200.156.74:31789] [wan, 80.247.133.42, 80.200.156.74:31789] -
http://www.phonefree.com (an employee which has fun?) Fri DEC 20 16:20:53 2002 - policy rule - TCP [wan, 207.46.106.183, 192.168.1.119:1035] - [ discard ] 1812, an official port or CuSeeMe (a video conference software) but which works whereas nobody is in the company and coming from different addresses sources (Wan). Sat DEC 21 01:51:00 2002 - policy rule - UDP 217.136.154.118:1812] - [discard] Sat DEC 21 01:55:26 2002 - policy rule - UDP discard ] Sat DEC 21 01:57:36 2002 - policy rule - UDP discard ] [ wan, 195.250.78.242, [ wan, 218.1.36.50, 217.136.154.118:1812] - [ [ wan, 202.54.74.81, 217.136.154.118:1812] - [
only to start again the computer. The tear drop, the new tear and the boink (of the similar attacks) can also affect the systems Linux (lower than 2.0.32), mac and Unix. For found a pretence of localization of the PC which tries the intrusion: tracert 202.54.74.81 for example if this PC is not him also equipped with a firewall A last remark, the addresses network LINKLOCAL always start with 169.254 and have the following format: 169.254.X.X the addresses network LINKLOCAL are reserved for the private addresses and interns and cannot be used on the computers connected by the Division of connection Internet.