LAN/WAN Connectivity

 

LAN/WAN Connections.  It is almost no longer sufficient to just have the computers in an office hooked up to a LAN.   It is almost always important to be able to connect to other locations outside the LAN at least for things like e-mail or web use.  This implies connecting the LAN to some wider WAN, possibly provided by the corporation or some ISP - Internet Service Provider.

There are a variety of ways to connect a LAN to a WAN.  Fortunately, these options occur at different price levels.  Some quite inexpensive, others are very expensive.

One of the simplest approaches is to use a modem and a phone line just like most home users.  Unfortunately, as demand grows on the LAN this has greater and greater drawbacks.

  • You must purchase hardware for each user
  • You need a separate phone line for each user
  • You need a separate ISP account for each user
  • Security risks are increased by having users dial out
    • the organization has little impact on where the users connect
  • Requires a pretty high degree of user sophistication to enact the necessary processes

There are definitely better ways, though each have their advantages and disadvantages.  Three major categories of LAN/WAN connections are

  • Translated connections
  • Proxy servers
  • Routed connections

Translated Connections.  The phrase translated connections refers to connecting all devices on a small LAN to the Internet through address translation.  Address translation allows all computers to access a WAN through a single host computer using only one WAN link and one registered IP address.  This WAN link can be a single telephone line to an ISP account or it can be much more sophisticated.

A device that implements address translation is called an NAT Host - Network Address Translation Host and sits between the LAN and WAN.  It has interfaces to both networks.  This device has a private IP address used within the LAN.  The device also has a public IP address.  This public IP address may be assigned by a DHCP - Dynamic Host Configuration Protocol server at an ISP when the connection to the WAN is made.

Address translation works by mapping the private IP address of each computer on the LAN that interacts with the WAN to a port number on the NAT Host.  This information is added to the IP header of any packet that is sent out over the WAN with the IP address of the NAT Host as the source address.

For example, when a computer on the LAN opens something like a web browser and sends a request to view a URL, the NAT Host assigns a port number to the request.  This is used to identify the originating source of the request.  Then the host sends the request out to the ISPs web server which is likely to send it someplace else on the Internet.  When the page from the requested URL is returned to the NAT Host, since the NAT Host's address is listed in the header as the source of the request.  Then the NAT Host consults its address translation table, matches up the packets with the computer that originally sent the request and forwards the web page to that computer.

The following diagram gives a representation.

 

 

For example, in the diagram above,
  • The user of client computer 192.168.1.7 submits a request to view a URL www.nytimes.com
  • The web browser sends this on to the NAT Host using the internal address
  • The NAT Host on the LAN maps the request from 192.168.1.7 for this URL to a port number in the mapping table
    • this table contains both the original source and destination IP addresses and port numbers
  • The NAT Host changes the header so that the outside network operates as if the request was sent from itself 200.14.23.5, the public IP address.  It does this through its external network adapter
  • This request is sent to the ISPs server.
  • At the ISP, the URL is mapped to an IP address by a DNS server.
  • The request is received by www.nytimes.com and it is returned to the public IP address of the NAT Host 200.14.23.5.
  • The NAT Host consults its address translation table and sends it back to the appropriate client 192.168.1.7

The following table gives some terminology and descriptions.

 

Term Description
Inside Local IP Address The IP address assigned to a particular device or host on the inside of the network.  This address is either going to be globally unique but obsolete, allocated by RFC 1918 or randomly picked.
Inside Global IP Address A legitimate IP address, assigned by the NIC or ISP, that represents one or more inside local IP addresses to the outside world.  The address was allocated from globally unique space, typically provided by the ISP.
Outside Global IP Address The IP address that was assigned to a host on the outside network by its owner.  The address was allocated from a globally routable address space
Outside Local IP Address If the outside host is itself on another inside network this is the IP address this outside host (relative to the sender) has on its own inside network.

 

Some operating systems, such as recent versions of Windows and Linux have built in support for address translation.  Sometimes you need to purchase software.

Proxy Servers.  While proxy servers do more than provide a multi-concurrent access connection to the WAN, they can act as intermediaries between the LAN and the outside network.  They can also be used to filter incoming and outgoing packets.  They also make use of an address translation method, but they don't necessarily use NAT specifications.

A proxy server

  • receives requests for Internet resources from proxy clients
  • it checks its filter settings 
  • if the request meets filter requirements
    • if the server finds the page in its cache of stored pages
      • it returns the page to the requesting client
    • if the server finds the page isn't there
      • it sends the request on to the ISP server
      • the ISP server hand the request to the URL web server
      • the URL web server returns the page

As with NAT, individuals who request pages through a proxy server are invisible to the Internet.  All Internet communications are done through the proxy server.

Proxy server software provides more protection and performance enhancement than stand alone NAT software does.  It is also typically more difficult to set up.  Software programs that combine proxy services and NAT translation are sometimes called transparent proxies.

Routed Connections.  A routed connection allows each computer to participate directly on the Internet.  This is unlike proxy and NAT servers where the individual computers must go through intermediary servers.

To make use of routed connections you must rely on a pretty extensive knowledge of TCP/IP addressing and you must own and be able to configure a router or some other sort of routing device.  Also, every computer on the LAN must have a registered IP address.  Well, not really.  There are network address translation approaches that work in this setting also, but the book seems a bit outdated.

A routed connection can developed either through a router or a computer running an operating system that enables IP forwarding.  This gateway to the Internet sort of device must have

  • an IP address that is valid for the network on which it will communicate
  • a subnet mask that designates which part of the IP address identifies a computer and which part identifies the network

Computers running on such a network must also have a default gateway configured which is the address of the routing device.

To set up a routed connection to the Internet, the TCP/IP protocol on the router is configured with

  • an IP address
  • a subnet mask
  • a DNS server address obtained from an ISP
  • static default route is configured to use the Internet interface

The computers on the LAN inside the routing device must be configured with

  • an IP address (likely to be dynamically allocated and private)
  • a subnet mask
  • a DNS server address obtained from the ISP (likely to be based on the address of the routing device)
  • the IP address of the routing device on its LAN interface as their default gateway