Introduction

More and more homes and small businesses are starting to use broadband Internet. In addition to speed, broadband users also enjoy the ‘always on’ nature of the communications channel. As a result more people have the need to learn about the underlying technology so that they can achieve the results that they desire when using the Internet.

This document contains some intimidating terminology, but the odds are great that you may have encountered some of these terms and wondered what they meant. The goal of this paper is to create a familiarity with the concepts rather than to turn you into a networking engineer.

How do computers communicate on a network?

For computers to communicate, each computer must communicate according to a set of rules, called protocols. The most popular set of protocols is called TCP/IP.1 Even though TCP/IP is the most popular, other networking protocols (such as the Novell IPX/SPX protocol) may also be in use on your company networks. These protocols may co-exist on the same business network, but only TCP/IP is used on the Internet. Because the use of TCP/IP is so widespread, it has become the networking protocol of choice for most company networks.

What is Ethernet?

While often used interchangeably, Ethernet is not the same as TCP/IP. Ethernet is a standard2 that defines how the computers are to be physically wired to the network, the electrical voltages, and signal timing that are required for intercommunication. Older network installations may use a standard called Token Ring rather than Ethernet. Protocols such as TCP/IP and IPX/SPX are used to move data over the physical network, whether the physical network uses Ethernet or Token Ring.

An analogy that can be used to understand the relationship between Ethernet and TCP/IP might be a telephone system. Ethernet is like the phone system itself and the TCP/IP protocol is analogous to the polite conventions that we use while we speak.

What is a LAN?

A local area network (LAN) is one or more network segments in the same facility. Multiple facilities within one organization are connected by what is referred to as a wide area network (WAN). The main difference between a LAN and a WAN is the physical networking technology used. A LAN typically uses Ethernet, Token Ring or wireless technologies (for example WiFi3) while a WAN uses technology4 more appropriate to long distance transmission.

Because the cost of WAN bandwidth5 is much more expensive than LAN bandwidth, a company will typically only buy the amount of bandwidth they need and can afford. As a result, traffic generally moves slower on a WAN.

What is a MAC Address?

Every network interface card has a physical address that is hard-coded into it. To use an analogy:

Network Address	is like your	Telephone Area Code
Host Address	is like your	Local Telephone Number
Physical Address	is like your	Social Security Number

The physical address never changes even though the device can be connected to different network segments. The physical address will look like six pairs of hexadecimal numbers separated with dashes, such as 00-10-A4-86-E9-96. The first three pairs are unique to the device manufacturer, while the last three are unique to the device within the manufacturer.

The physical address is used only for communication within a network segment. Each networked device maintains in memory a mapping of the IP addresses to the physical (Ethernet) addresses. This mapping is called an ARP Cache. Traffic is directed to the appropriate device on the physical network segment based on the data in the ARP Cache.

What is an IP Address?

A host address is much like a telephone number, it is assigned temporarily to a computer to use while the computer is on the network. Every device on a network has an address. The network address and the host address comprise the IP address. If the computer is moved to a different network, a different IP address is required—just as you would need a new telephone number if you moved to a different state.

To many people, IP addressing is confusing. What do all of the numbers mean? IP addresses take the form of four numbers between 0 and 255. The four numbers are called octets. Each octet is separated by a period, such as

192.123.154.22

As you may know, computers process data using logic circuits that manipulate data that is represented in a binary format—as ones and zeros. The number 255 is not arbitrary; it is the decimal equivalent of the binary number 11111111.

If each octet in our example, 192.123.154.22, is converted to binary the address would look like

11000000.01111011.10011010.00010110

The left part of an address is called the network address and the right part is called the host address. To determine which of the leftmost bits of the IP address belong to the network address a netmask is used.

The most commonly used netmask is 255.255.255.0. This converts to a binary representation of

11111111.11111111.11111111.00000000

A binary AND operation is performed on each bit of the IP address and the Netmask to get the network address while a binary OR operation is preformed to get the host address.

	Network Address (AND)	Host Address (OR)
IP Address	11000000.01111011.10011010.00010110	11000000.01111011.10011010.00010110
Netmask	11111111.11111111.11111111.00000000	11111111.11111111.11111111.00000000
Result	11000000.01111011.10011010.00000000	00000000.00000000.00000000.00010110

For a properly configured address two conditions must be met:

• All devices on the same network segment need to have the same network address.
• No two devices can have the same host address.

If these two requirements are not met, the device will not be able to access the network. Network Interface Cards (NIC) are designed such that if a duplicate IP address is detected, the second NIC will disable its interface. Often the device or PC will need to reboot or have the power cycled after the IP Address and/or netmask has been changed.

Tip:   to see your Physical (MAC) Address, IP Address, and Netmask in Windows 2000 or Windows XP, type ipconfig /all at the Command.

What is a Router?

A router is a device that routes traffic between two or more network segments. It is essentially a specialized computer that has two or more network adapters (and hence a unique MAC addresses and IP address for each adapter). Routers use the network address (as calculated above) to determine to which network segment to route the message.

Each network adapter on the router is configured to have a valid IP address that meets the two IP addressing requirements mentioned above. The network address is set as appropriate for the segment it is connected to. By convention the router’s host address on a local area network segment is typically set as a "1."

A router can contain rules that control how traffic is passed from segment to segment. These rules are called access lists. A specialized router that is optimized for protecting network segments is called a firewall. For example, a firewall is used to separate a company network from the Internet. This allows authorized users to access the Internet from inside the company, but provides protection of vital company information from users on the Internet.

Every computer discovers6 the IP address and MAC address of the computers on the same network segment as it. If the computer that it needs to communicate with is not on the same network, it will send the traffic to the gateway device which will in turn forward it to a network segment closer to the destination IP Address. The process is repeated until the message arrives at the destination.7

What is a Gateway Address?

In order for a computer to communicate with computers on other network segments, it must be configured to know the gateway address. A gateway address is the IP address of the router, on the same network as the computer being configured. All traffic that is not destined for a computer on the local segment is sent to the gateway address to be routed toward the computer with the target IP address.

What is DHCP?

DHCP is the Dynamic Host Configuration Protocol, another member of the TCP/IP Suite. To communicate, computers must be configured with the following:

• IP address
• Netmask
• Gateway Address
• Domain Name Server Addresses

These settings can be set manually or they can be automatically assigned by a DHCP server. Generally the DHCP server is on the same network segment so that it can hear the broadcasted address request and reply with the appropriate configuration data. A manually set IP address is referred to as a static IP address. Static IP addresses are typically used for servers.

What is a Domain Name?

A domain name is a name that is given to a group of computers. If the domain name is to be used on the Internet, it must be unique. A company may apply to a registrar for a unique domain name. For example, ‘cnn.com’ is the domain name that Cable Network News reserved for its group of computers. (By the way, computers in a domain do not have to be on the same network segment.)

The individual computers in the domain may also be assigned a unique name, called a host name. For example, one of the main web servers for CNN is named www1.cnn.com. They have another web server that has financial information named www1.cnnfn.com. There is also a mail server named mail.cnn.com.

The main reason for domain naming is because IP addresses are hard to remember. When ‘www.cnn.com’ is typed in a web browser, the computer will query a Domain Name Server (DNS Server) for the IP Address that corresponds to the fully qualified domain name, (FQDN). A fully qualified domain name is comprised of the hostname (www1), and the domain name (cnn.com). So www1.cnn.com is an example of a fully qualified domain name.

Many organizations have their own DNS Servers to resolve the computer names for the computers on their own networks. If one of the DNS servers on the Internet cannot resolve the IP Address, the DNS server will query a DNS Server that can.

Tip:   Use the nslookup Command to resolve a domain name to an IP address and vice-versa. For example nslookup cnn.com or nslookup 64.236.16.20.

Putting It All Together

The best way to understand the concepts discussed above is to talk through the steps that that occur when a computer connects to a network and retrieves a web page from the Internet. (Refer to Figure 3.) A computer owned by a company called ‘MyBiz Inc.’ has a hostname of system56. The MyBiz company owns the domain name mybiz.com. Therefore the computer’s fully qualified domain name is system56.mybiz.com.

When the user powers up the computer, it broadcasts a DHCP address request across its network segment. The DHCP Server on its network segment (server01) replies to system56 with the information required to participate in the network. The DHCP reply contains the following information:

Set the IP address to 192.168.100.23 and the netmask to 255.255.255.0
Set the gateway address to 192.168.100.1
Set the DNS server to 192.168.50.10

Notice that in this example, the DNS server is on a different network segment so that a DNS query along with other traffic that is not destined for a device on the local network segment is referred to the router at the gateway address.

The user wants to check the latest news so she enters www.cnn.com in her browser. The computer has not queried its DNS server (192.168.50.10) lately for the IP address that corresponds to www.cnn.com—so it does. The DNS Server assigned to system56 does not know the IP address for the requested website so the query is referred to a DNS Server that is authoritative for cnn.com. In this case there are four DNS servers managed by AOL Time Warner. The DNS server named twdns-01.ns.aol.com sends a reply to dns1.mybiz.com. The domain name server dns1.mybiz.com updates its database and forwards on the response back to system56. Because CNN is a large organization that requires a high level of server availability, they use two Web Server Farms, each on its own network segment with four web servers each.8 The eight servers are actually named www1 through www8, but the DNS servers also have records setting the name www to match each of the eight IP addresses. Each time a DNS server is queried for the IP addresses for www.cnn.com, it rotates the order of the IP addresses in the response to help distribute the load across all eight web servers.

To retrieve the www.cnn.com main page, the web browser will send a HTTP9 command to the first IP address in the DNS response. In this case the HTTP command is sent to 64.236.24.12. Because this IP address is not on the same network segment as system56, the message from system56 containing the HTTP command is sent to the default gateway (192.168.100.1), which is on the same network segment. The router will send the message back out one of its other network adapters to whichever network segment is closest to the network segment that contains the host address 64.236.24.12. Every time that a router forwards the message, it is called a ‘router hop.’ It may take 12 or more hops before the message reaches its destination IP Address. The Web Server will respond to the request and send the response back in similar fashion, making the router hops in reverse order.10 Generally, there are several HTTP messages back and forth between the client and the web server to download a typical web page.

Conclusion

This document explains some of the most common networking concepts so that the average person can become acquainted with the technology powering their computer network. For more detailed information about TCP/IP, check out Daryl’s TCP/IP Primer at www.ipprimer.com.

Endnotes

1	TCP/IP stands for Transmission Control Protocol and Internet Protocol. Because TCP and IP are the most popular protocols used, the phrase TCP/IP actually represents a suite of protocols built on top of the IP protocol.
2	Ethernet is defined in the Institute of Electrical and Electronic Engineers (IEEE) standard 802.3.
3	WiFi is the popular name for the IEEE 802.11b Wireless Networking Standard.
4	Such as ATM or Frame-Relay.
5	Bandwidth is a measurement of the data carrying capacity of a communication channel, not unlike the gallons per minute metric for fluids.
6	The discovery is performed automatically by the computer as needed using a TCP/IP protocol called Address Resolution Protocol (ARP).
7	Routing is a complex subject that is beyond the subject of this document.
8	Two separate networks are used to ensure that one segment will always be available to service web page requests. This way, if a router needs to be replaced or repaired, there will not be a lapse of service.
9	HTTP is the HyperText Transfer Protocol, part of the TCP/IP suite of protocols. The 'HTTP://' used in a web site address indicates that the browser is to use this protocol to fetch the page. As this is the default, it is often omitted.
10	The manner in which the routers on the Internet are connected form a giant mesh encompassing the globe. This means that there are multiple possible paths that a message could take from one computer to another. However, the routers constantly exchange information with each other about the best routes, to optimize their performance.

---

Ken Hartman is president of Diadem Systems, Inc., a consulting and computer services firm. Diadem Systems specializes in helping small businesses harness information technology to achieve their mission. Ken is an Electrical Engineer with over 12 years of experience in manufacturing automation systems. Ken is a member of the Institute of Electrical and Electronics Engineers Computer Society. Email Ken at www.diadem-systems.com/email.