Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Copyright 1997, The University of New Mexico F-1 Introduction to NetWare Presented By Louella R. Phillips.

Published byLester Gilbert Modified over 8 years ago

Similar presentations

Presentation on theme: "© Copyright 1997, The University of New Mexico F-1 Introduction to NetWare Presented By Louella R. Phillips."— Presentation transcript:

1 © Copyright 1997, The University of New Mexico F-1 Introduction to NetWare Presented By Louella R. Phillips

2 © Copyright 1997, The University of New Mexico F-2 Introduction to NetWare History of NetWare –The first version of NetWare, called ShareNet, was in 1983. –Developed by IBM shortly after the IBM personal computer was introduced. –Developed so that microcomputers could share access to files stored on central file servers. –NetWare is the most widely used network operating system because of its stability and speed. –Novell has continued to improve NetWare by releasing many versions such as 4.11, 3.x and 2.x.

3 © Copyright 1997, The University of New Mexico F-3 How does NetWare Connect your PC to the Network? NetWare uses special software called NetWare requester. NetWare requester resides on the PC rather than on a file server. The connection is established from the PC to the network. This process involves two steps: attaching, and logging in. –Attaching establishes a link between the PC and the file server. –Logging in allows the user to access file servers and other network resources, such as shared printers.

4 © Copyright 1997, The University of New Mexico F-4 How does NetWare Connect your PC to the Network (cont.) ? PC network adapter cards broadcast a request over the network cable system asking a file server to respond. Your PC is linked or attached to the first file server that answers. The NetWare requester stays in the memory of your PC and serves as the software link between the PC’s operating system and NetWare. NetWare requester next provides you with a way to log in to the network.

5 © Copyright 1997, The University of New Mexico F-5 How can NetWare provide you with security ? Controlling Logins and Passwords –The administrator creates a login name for each user which permits them to login to the server. –The user will be required to use a password each time they login. –Login is the first step to use the network resources, without the login name, your access to the network will be denied, second step is your password. Controlling Trustee Security and Rights –NetWare has features called trustee security which grants various levels of control to access a directory. –As trustee, the user can have access to files in a particular directory. –Rights such as read, write, create, erase, etc.

6 © Copyright 1997, The University of New Mexico F-6 NetWare makes the network easy to use –NetWare makes file server disks look like local disks to your PC. –NetWare MAP command lets you assign the drive letter of your choice to any disk, directory, or subdirectory on any file server that you are logged in to. –NetWare allows you to create a login script that automatically sets up your drive. –NetWare allows you to use all standard DOS and OS/2 commands on the file server disks for file manipulation and movement among directories. –NetWare includes a powerful menu-building utility for DOS users, Menus are an excellent way to make programs and printers easy to use. –NetWare uses Requester to play an important role in printing a document on the network by sending the print job to the file server as a print-job file instead of sending it to the workstation’s printer port.

7 © Copyright 1997, The University of New Mexico F-7 Novell’s Windows NT Integration strategy Internetware Client for Windows NT. –Internetware allows the client with Windows NT 4.1, Windows NT workstation 3.51 and 4.0, access to NetWare services such as printing, security, management, and messaging services through Novell’s Directory Service (NDS). Novell Workstation Manager. –Novell workstation manager allows you to manage Windows NT workstation 3.51 and 4.0 user accounts through NDS. You do not have to maintain these user accounts in the Windows NT workstation Security Access Manager (SAM) database or the Windows NT server domain database. You can now create an NT workstation object in NDS and associate User, Group, or Organization objects with that object.

8 © Copyright 1997, The University of New Mexico F-8 Novell’s Windows NT Integration strategy Novell Application Launcher. –Novell Application Launcher(NAL) has been enhanced for use with Windows NT workstation 3.51 and 4.0. Using the NetWare Administrator utility, you can create objects in the NDS tree to represent applications that are located on Internetware, NetWare 4, or Windows NT servers. Managewise Agents for Windows NT. –Managewise agents for Windows NT work with Managewise 2.1 to integrate Windows NT servers and workstations with your overall network management system. These agents can collect real-time and long- term performance and alarm information about your Windows NT servers.

9 © Copyright 1997, The University of New Mexico F-9 Novell’s Windows NT Integration strategy GroupWise 5 for Windows NT. –GroupWise 5 has been enhanced to integrate with Windows NT server 3.51 and 4, including running on IntranetWare and Unix platforms. –GroupWise 5 also provides integration with Microsoft Exchange clients, you can use GroupWise Message Server at the back end. –GroupWise WebAccess allows you to access the GroupWise 5 services from a World-Wide-Web (WWW) browser, as well as allowing you to run IntranetWare WWW server and Windows NT WWW server. NDS for Windows NT. –Novell is implementing NDS natively on Windows NT server and plans to release this product later this year, NDS is also being made available on various UNIX platforms.

10 © Copyright 1997, The University of New Mexico F-10 Novell vs. NT NetWare Pros: –Centralized Management (one single graphical point of administration for the entire network, NDS) –Lower Administration Costs (an IDC study found NetWare 22% less expensive to administer than NT –File and Print Services (PC Week published NetWare outperforms NT by 59% with loads above 30 clients, automatic file-by-file data compression, data migration, disk space, quotas for individual users, block suballocation, and high capacity storage systems support, as well as NDS print services. NT is missing all of these.

11 © Copyright 1997, The University of New Mexico F-11 Novell vs. NT NT Pros: –Cost of OS and Client connections (NT is considerably less expensive not only for the OS but also per user). –Hardware Compatibility (NT has more drivers) –Futuristic Issues (NT has more tools and applications being developed) Issues of stability, installation and upgrades become cloudy and involve many variables such as: –level of hardware –knowledge of Administrators

12 © Copyright 1997, The University of New Mexico F-12 Factors Convincing Customers to buy NetWare. Novell’s Overall performance –Novell’s customers gave high marks for product effectiveness, product price, and ease of doing business. Novell’s Sales and Marketing Strategy. –Novell’s sales and marketing strategy focused on the following: 1Their marketing sales and marketing information available on the Internet, NetWare user groups, and at trade shows. 2Novell provides educational training courses about their product at a low price 3Advertising such as trade publications, web publications, and web advertising

13 © Copyright 1997, The University of New Mexico F-13 Factors Convincing Customers to buy NetWare. Your Product Selection Process. –NetWare performance. –Its Flexibility and Stability. –Novell’s reputation as a market leader, technology innovator, and developer of quality products. – NetWare meets the needs of future computing. Your Purchasing Plans –95% of the customers said they will purchase NetWare because of its reliability, security, and ease of use. –83% of the customers plan to purchase or upgrade to Intranet Ware or another version of NetWare within the next 12 months for the above reasons.

14 © Copyright 1997, The University of New Mexico F-14 What makes Novell an Industry Leader? Novell has $1 billion in cash, $ 1 billion a year in revenue, almost 5,000 employees worldwide, and a very strong brand. NetWare has a user base of 65 million plus. GroupWise has shot up to more than 8 million users. Novell is a viable company and knows networking. Novell’s reputation as a market leader, technology innovator, and developer of quality products.

15 © Copyright 1997, The University of New Mexico F-15 What are Novell’s advertising plans for the next six months Novell is focusing on advertising. The new marketing manager tends to be focused on publications that make a difference to their customers such as trades publications, various web publications, and web advertising. Novell’s new marketing managers are to be more engaged with industry analysts, consultants, and trade press editors to help them make up a lot of the opinion leaders about Novell in general.

16 © Copyright 1997, The University of New Mexico F-16 What are Novell’s advertising plans for the next six months (cont.) New management released that the most important things about advertising, is consistency to target their customer. New management believes that Novell understands networking very well, therefore releasing new products on time, such as Border-Manager and GroupWise(5.2), makes them very competitive in the market. Talking to the developers and customers about their products can develop their marketing plan.

17 © Copyright 1997, The University of New Mexico F-17 Netware uses the IPX protocol to send and receive information on the network. IPX is provided by the IPXODI.COM driver. IPX is a protocol similar to IP from the TCP\IP world. It is a datagram protocol, meaning that it does not provide for much error checking. It sends a packet and assumes that it was received. IPX Protocol

18 © Copyright 1997, The University of New Mexico F-18 IPX Protocol and Routing Network addresses are assigned to a network by a router or similar device. A network address in the IPX world is 8 hexadecimal digits. Hexadecimal is denoted by a leading 0x In a single network with no routers your network address would be 0x00000000 by default.

19 © Copyright 1997, The University of New Mexico F-19 IPX/ODI Stack Older versions of NetWare used the IPX protocol in a single driver which had the network interface card driver linked into it. To provide greater functionality, Novell developed the ODI stack which is divided into layers. The lower layer is the ODI LAN driver, also known as the MLID(eg. NE2000.com).

20 © Copyright 1997, The University of New Mexico F-20 IPX/ODI Stack (cont.) This driver is responsible for providing access to the hardware itself. Depending on your network, you may want to select from four different frame types: –Ethernet_802.3 (old default) –Ethernet_802.2 (new default) –Ethernet_II –Ethernet_SNAP

21 © Copyright 1997, The University of New Mexico F-21 IPX/ODI Stack (cont.) The next layer up is the ODI Link Support Layer (LSL). Though it is the second layer up, it is loaded first in the STARTNET.BAT to give the LAN driver a place to link. The LSL enables the workstation to load several different communication protocols and use them simultaneously.

22 © Copyright 1997, The University of New Mexico F-22 IPX/ODI Stack (cont.) On top of LSL is the protocol stack used by Netware, IPX. It is loaded as part of the IPXODI.COM driver. It provides IPX\SPX services to applications that resides above it and hooks into the LSL to obtain access to the hardware. On top of IPX are the applications that use it. They include SERVER.EXE, CLIENT.EXE, NET.EXE, etc.

23 © Copyright 1997, The University of New Mexico F-23 IPX: Addresses, data packets RIP, SAP, NLSP NCP, Packet burst TCP over IPX NDS IP/IPX Gateway/Firewall Mobile IPX NetWare Network Security

24 © Copyright 1997, The University of New Mexico F-24 What is IPX? “Internetworking Packet Exchange” Derived from Xerox’s SPX Data packet format and addressing Performs same function as IP (connectionless, best effort, routable protocol

25 © Copyright 1997, The University of New Mexico F-25 The story begins with the Data Link Layer LANS (e.g., Ethernet) are multiaccess link To transmit on a LAN, you need a header which contains a source and destination address A “routable” packet on Ethernet has two headers: Ethernet and IPX (or IP, or Appletalk, or CLNP, etc.) The LAN source and destination are ultimate source and destination

26 © Copyright 1997, The University of New Mexico F-26 802 Addresses Assigned in blocks of 2 Given 23 byte constant (Organizationally Unique Identifier), plus group/individual bit Address all 1’s intended to mean “broadcast”, i.e., “everyone”, which is nonsense. Really each protocol should use its own multicast address to mean all nodes that speak that protocol group/individual globally/locally assigned OUI

27 © Copyright 1997, The University of New Mexico F-27 Multi-Lingual Environments You cans speak lots of things (IP, CLNP, IPX, Appletalk, etc.) Someone hands you a pile of bits. What is it? ­Maybe we were careful -- yeah, right ­Maybe we were lucky -- yeah, right Conclusion: not enough information in the packet header to differentiate -- need an extra field in the data link header to say what it is ­protocol type: well-known (globally administered) values, one field in header ­SAP (service access point) or socket: locally administered, on for dest, on for source ­Don’t confuse “SAP” with IPX’s Service Advertisement Protocol!

28 © Copyright 1997, The University of New Mexico F-28 Packet HDRs on CSMA/CD Ethernet 866246-15004 8 6 6 2111 43-1497 4 802.3 Format of SAP

29 © Copyright 1997, The University of New Mexico F-29 How the SAPs work Notice the “global/local” bit -- those SAPs are globally assigned! If you are a very privileged protocol, and obtain one of these, you’d set DSAP=SSAP= your assigned SAP value How does it work if you’re not a privileged protocol? Uh… World class kludge -- get a SAP value assigned to mean “underprivileged protocol”. Called SNAP SAP (SubNetwork Access Protocol), and it =aa hex. If DSAP=SSAP=aa hex, then after CTL is a protocol type field The protocol types 5 bytes long Convention: 0.0.0protocol type allows 2 octet Ethertypes to fit into 5 octets Confused? You’re in good company

30 © Copyright 1997, The University of New Mexico F-30 IPX Note : checksum isn’t implemented and is set to FFFF hex. Good thing. Why? See next slide. 2 2 1 1 4 6 2 4 6 2

31 © Copyright 1997, The University of New Mexico F-31 IPX on CSMA/CD Ethernet format. Protocol type=8137 hex Raw 802.3 --- leave out all multiplexing! Start IPX packet where DSAP should be, so checksum covers DSAP and SSSAP SNAP ---DSAP=SSAP=SNAP (aa hex), protocol type=0.0.081.37 802.2 --- DSAP=LSAP=E0 hex Cope with multiple formats by treating LAN as multiple logical LANs, and routers translate formats A R bA R b

32 © Copyright 1997, The University of New Mexico F-32 Ethernet “Raw 802.3” 662 66 2 802.2 format SNAP format 66211143-1497 6621115

33 © Copyright 1997, The University of New Mexico F-33 Defined Packet Types 0 -- unknown packet type 1 -- RIP 2 -- reserved (was Echo protocol) 3 -- reserved (was Error handler) 4 -- “packet exchange packet” used by most things (like SAP, TCP over IPX 5 -- SPX 17 -- NCP 20 -- Flooded (used for Netbios)

34 © Copyright 1997, The University of New Mexico F-34 Assigned Sockets 451 (hex) NCP 452 SAP 453 RIP 455 Netbios 456 Diagnostics 4000-7FFF Dynamically assigned 8000-FFFF Novell assigned 9001 NLSP 9004 IPX Wan version 2

35 © Copyright 1997, The University of New Mexico F-35 Addresses 802 addresses have no geographic hints --like routing to social security number -- known as “flat address” Generic hierarchical address: locator.node IP, IPX, Appletalk: locator is specific to a LAN CLNP, DECnet Ph4, (maybe IPv6) locator is entire region called an “area” -- could be single LAN but can be bigger

36 © Copyright 1997, The University of New Mexico F-36 Comparative Addresses Boundary depends on mask IP 2 bytes total 6 bits area 10 bits node IPX DECnet Ph IV Appletalk CLNP IPv6 ?

37 © Copyright 1997, The University of New Mexico F-37 IP Each node configured with (address, mask) Can tell if someone is no same LAN If: (your addr. AND mask) = (dst.addr AND mask) IF on same LAN, still need LAN address Use ARP protocol -- broadcast “who has IP address…”, target replies (everyone else ignores)

38 © Copyright 1997, The University of New Mexico F-38 IPX Endnodes autoconfigure based on IEEE address Ask router for 4 byte network number Fill in IEEE address in bottom 6 bytes Someone is on you LAN if net # matches No ARP! Use bottom 6 bytes as IEEE address Better than IP: ­more net #s ­autoconfigures ­No ARP overhead So why this misconceptions that IPX is “LAN-only”, “doesn’t scale”, etc.?

39 © Copyright 1997, The University of New Mexico F-39 Endnode Operation Ask routers (via broadcast DL address) to get LAN # in the beginning To talk to N.X, if N is your net #, talk directly (using DL address x). To talk to N.x where N is not your net, ask routers “who can get me to net N?” Routers that have a path to N (other than on link from which query arrived) respond Use that router to get to N

40 © Copyright 1997, The University of New Mexico F-40 Internal Network Number S has two possible addresses: 57.x and 29.y If S chooses 57.x C, will ask routers for “57” both R and S respond If C chooses R, packets go extra hop Solution: Internal network number

41 © Copyright 1997, The University of New Mexico F-41 Internal Network Number S chooses address 91.1 S will respond to RIP query R S C x y net #57 net #29 “net” 91

42 © Copyright 1997, The University of New Mexico F-42 New Topic: Routing Algorithms Want to build “forwarding database”: table of (dest, nbr) Two types of routing alg: distance vector (e.g., RIP), link state (e.g., NLSP)

43 © Copyright 1997, The University of New Mexico F-43 Distance Vector Routing You know the following: –your own ID –how many cables hanging off you box –the cost of going through that cable to what ever is at the end Purpose of routing algorithm: come up with forwarding database, telling you which neighbor to send to for each possible destination Do this by exchanging distance vectors, which tells transmitters distance to each destination

44 © Copyright 1997, The University of New Mexico F-44 You are destination #4 dest # 1 2 3 4 5 6 7 8 9 10 11 Distance vector received from cable j Distance vector received from cable k Distance vector received from cable m Distance vector received from cable n 3 2 2 7

45 © Copyright 1997, The University of New Mexico F-45 Looping Problem VXKJSWBZ

46 © Copyright 1997, The University of New Mexico F-46 Split Horizon Alleviates (does not solve!) looping problem Many variants Don’t announce path to D on link L if some other router on L is announcing a better path on L If only keep single “best path”, then the link L on which you forward to D is the only one split horizon applies ABC Split horizon solves AB C D Split horizon does not solve 3-rtr loop

47 © Copyright 1997, The University of New Mexico F-47 IPX-RIP Not the best possible distance vector protocol IPX’s RIP is similar to IP’s RIP Send distance vector periodically (60 sec) Only remember best path. Forget it if not reminded (180 sec) IPX-RIP has two metrics: hops, and ticks (supposedly delay, units of 1/18ths of sec): Best path used ticks. Hops for count-to-infinity (infinity=16) events: time, route reported (> = or <) G A B X 6 5 12 3 7 7 17 3 1 1 2 1 d a c a 1 2 37 15 dest hops(ticks) DL addportage

48 © Copyright 1997, The University of New Mexico F-48 IPX RIP First comes LAN header, (p-type or SAP=IPX) Then IPX hdr, pkt type=1, socket=453 Hex Then RIP info. Up to 50 nets per packet In query: net=FFFFFFFF means “all” 4 2 2 4 2 2 2 bytes

49 © Copyright 1997, The University of New Mexico F-49 “Default Route” Original version of IPX : if path to D not known, drop packet Then “default route” got added Net #-2 (FF FF FF FE) means “default” If don’t have path to D, but have path to -2, then route towards -2 R2 announces to R1 that it can reach “-2” Can configure filtering rules per link, and where to advise -2

50 © Copyright 1997, The University of New Mexico F-50 IPX Packet Type 20 Receive, on LAN 97: packet type 20 with path: 6,71,8,11,97 Forward onto LAN 22:6,71,8,11,97,22 Forward onto LAN 15:6.71.8.11.97.15 Don’t forward onto LAN 8 Exponential # of pkts R 22 8 97 15

51 © Copyright 1997, The University of New Mexico F-51 Compatible Fix Called “reverse path forwarding” Only accept packet type 20 from source S from neighbor N if N is best path towards S Changes exponential into n squared Each router only floods packet once

52 © Copyright 1997, The University of New Mexico F-52 SAP (Service Advertisement Protocol Nothing to do with Data Link SAP for multiplexing!!! Similar to RIP, but advertises service names rather than net #s Up to 7 services per SAP packet operation Service type Service name IPX full address hops Service type Service name IPX full address hops 2 2 2 2 2 48 12 48 12

53 © Copyright 1997, The University of New Mexico F-53 Fascinating SAP Facts Operations: 1= query for all of a certain type (or type FFFF) 2= response to 1 or periodic broadcast 3= get nearest server request 4= get nearest server reply “Nearest server” wasn’t well specified -- now specified that it is based on RIP ticks Split horizon wasn’t well specified -- now based on SAP hops Service types: 3=print queue, 4=file server, 5=job server, 7=print server, 9=archive server,24=remote bridge sever,47=advertising print sever

54 © Copyright 1997, The University of New Mexico F-54 Filtering SAP S1 R1 Suppose you want to filter, but still give authorized users access to everything R1 filters all but S1 X can log into S1 to find other services

55 © Copyright 1997, The University of New Mexico F-55 Bindery Database on Server in NetWare 2 and 3x Contains all services learned from SAP (and aged if not refreshed) Contains configured entries Scanned by client using NCP “scan bindery object” Specify service type (or FFFF) and name (which can contain wildcard * and/or?) Another problem: Not all servers the same. Sometimes “preferred server” not reachable from “nearest”. Also, pretty silly to get “nearest” and then query bindery for preferred. Result: more specific SAP query was added recently

56 © Copyright 1997, The University of New Mexico F-56 More Specific SAP Query Two queries 12(decimal) for “all”, and 14. For “nearest” Response to 12 is 13. Response to 14 is 15 Responses have same format as today’s Requests (12 and 14) have following format: All fields can be specific, partially, or fully wildcarded operation Service type Service name Net # Net mask Service type Service name Net # Net mask 2 2 4 2 4 48 4 4

57 © Copyright 1997, The University of New Mexico F-57 NLSP Link State routing protocol Almost the same as IS-IS. Similar to OSPF. Replaces RIP and SAP, but is compatible with RIP/SAP routers Endnodes can’t tell the difference (NLSP still answers RIP and SAP queries)

58 © Copyright 1997, The University of New Mexico F-58 Link State Routing Meet your neighbors Construct Link State Packet (LSP) –who you are –list of (neighbor, cost) pairs Broadcast the LSP to all routers Store latest LSP from every other node Compute routes –Edsgar Dijkstra’s algorithm 1Put (SELF,0) on tree as Root 2Look at LSP of node just placed on tree. If for any node N the cost is best path of any found so far, add (N,c) to tree under N with dotted line 3Make shortest dotted line solid. Go to 2.

59 © Copyright 1997, The University of New Mexico F-59 Example Dijkstra Calculation ABC DE F G 6 2 2 2 2 1 4 1 5 B(2) C(0) F(2) G(5) B(2) C(0) G(5) F(2) E(4) G(3) B(2) C(0) F(2) G(5)

60 © Copyright 1997, The University of New Mexico F-60 B(2) C(0) E(3) F(2) E(4) G(3)A(8) B(2) C(0) E(4) F(2) G(3) B(2) C(0) E(3) F(2) G(3)A(8) D(5) B(2) C(0) E(3) F(2) G(3)A(8) D(5) B(2) C(0) E(3) F(2) G(3)A(8) D(5) B(2) C(0) E(3) F(2) G(3)A(8) D(5) B(2) C(0) E(3) F(2) G(3)A(8) D(5) A(7)

61 © Copyright 1997, The University of New Mexico F-61 Meeting your Neighbors Pt-pt link: Say who you are. Negotiate protocol (NLSP or RIP), measures delay/throughput and calculate costs, client can be assigned address LAN –multicast Hello –List other routers you’ve heard (check 2-way connectivity) –Elect “Designated Router)

62 © Copyright 1997, The University of New Mexico F-62 Designated Router Wasteful if every router on LAN has big LSP describing LAN (router nbrs, services, etc.) DR names the LAN (its 6 byte ID plus 1 byte), say FOO.25 Routers on LAN simply claim to be connected to FOO.25 DR sends an additional LSP from FOO.25, giving all the info for the LAN

63 © Copyright 1997, The University of New Mexico F-63 LAN LSPs R1.25 R1R5R2R3R4

64 © Copyright 1997, The University of New Mexico F-64 Details of NLSP Three types of packets –LSP –Hello –Sequence Numbers Packet (SNP) LSP lists neighbors. DR generates on behalf of LAN (pseudonode) Hello coordinates with neighbors SNP summarizes LSP database. Partial SNP (PSNP) acks LSP(s). Complete SNP (CSNP) gives all LSPs within a specified range. –PSNP used on pt-pt links as LSP ack –CSNP used on LAN by DR to summarize LSP database. No explicit acks to specific LSPs. If CSNP indicates discrepancy, ask for missinb info, or transmit DR’s missing info

65 © Copyright 1997, The University of New Mexico F-65 Summarizing addresses How can you specify a bunch of network numbers compactly? –“all net numbers with 1st byte=5” –“all net numbers between 31b82cf1 and 378291fc” –“all net numbers that when masked with ff000000=5000000” IP uses (address, mask) pairs I prefer prefixes. More compact, no temptation or opportunity to do noncontiguous masks First version of NLSP didn’t do summarizing, so every net number had to be independently advertised Now NLSP has summarization capability

66 © Copyright 1997, The University of New Mexico F-66 Areas LISPS are only sent within an area An area has a name consisting of up to 3 (net, mask) pairs It is best if all addresses in the area match one of the area addresses, and no addresses outside the area match Purpose of area addresses: To assure neighbors agree on area, so that areas don’t accidentally merge Used as default summary for area Filtering of SAP and routes, and summarization of network numbers, can be done at area boundaries

67 © Copyright 1997, The University of New Mexico F-67 Info Leaking Between Areas Original NLSP document said connect areas via RIP or static configuration! The right way: run multiple instances of NLSP on a router Only boundary routers need to be able to run multiple instances of NLSP R2 R

68 © Copyright 1997, The University of New Mexico F-68 Route Aggregation We’ve added the ability to summarize addresses into NLSP A summary looks like (1 byte length, 4 byte address) Length is number of 1’s that would be in the mask if it were a mask A router on the boundary introduces a summary A summary can be passed from area to area The summary includes an “area-count” to limit how far it spreads Summaries work with filtering: “don’t advertise anything of the form 5.*. Advertise the summary 5.*”

69 © Copyright 1997, The University of New Mexico F-69 Default Route Special case summary that matches everything We’ve added default route to RIP –network number -2 –RIP router: if deist not reachable, but -2 is reachable, route towards -2 NLSP has several ways of doing default: –LSP says “I am a level 2 router” –destination -2 –zero length prefix R1 R2 R3 R4 backbone

70 © Copyright 1997, The University of New Mexico F-70 SAP Info LSP contains SAP information Only one router (the one closest to service) puts SAP info into LSP The SAP info does not need to be periodically broadcast, and only one router transmits it, so it saves bandwidth and memory Of course we still support endnodes that do SAP queries, and we generate SAP to RIP router neighbors

71 © Copyright 1997, The University of New Mexico F-71 Coexistence with RIP/SAP R1 takes all dests and services learned through LSPs in NLSP and reports each in a RIP update to R2. R1 takes all RIP/SAP info learned from R2 and reports those as “external destinations” in its LSP within NLSP. R1 can be configured to report default route to RIP, and will be configurable to report ranges instead of individual network numbers, into NLSP (but not into RIP) RIP R2 R1 NLSP

72 © Copyright 1997, The University of New Mexico F-72 Large Nets with NLSP LSP can report “I can reach this range of addresses” Implementation can run two instances of NLSP, so that areas can be linked through NLSP rather than through RIP. R R1 R2

73 © Copyright 1997, The University of New Mexico F-73 Basic topology: R1 tells backbone a range. Backbone just tells * to R1 (when in doubt send to me). R6 reports default route (-2) to RIP. R6 configured with a summary to report from RIP into NLSP cloud. Backbone less info --- range from each cloud R5 R1 R6 R3 R2 R4 backbone RIP

74 © Copyright 1997, The University of New Mexico F-74 When will we have “level 2” NLSP? Never. It’s not needed The ability to do route summarization and leak info between areas gives a very flexible and scalable topology More flexible and scalable than OSPF topology. OSPF limited to areas connected by a single backbone We can connect little circles, have more levels of hierarchy, multiple backbones, etc.

75 © Copyright 1997, The University of New Mexico F-75 Example 72* 6* 52* 617* 527* *

76 © Copyright 1997, The University of New Mexico F-76 Additional Flexibility Range option (length of prefix in bits, 4 byte address) contains field “area- count” Each time a range learned and passed on to another area, area-count is decremented If it reaches 0, it is not passed further This allows connecting areas without using them as through-paths 5* 7* 52* 784* 527* * 51* 72*

77 © Copyright 1997, The University of New Mexico F-77 Summary of NLSP NLSP is more efficient routing protocol than RIP It allows more hops It coexists with RIP/SAP It alleviates SAP overhead The more routers converted to NLSP, the lower the overhead With route aggregation and area info leaking, arbitrary number of levels of hierarchy

78 © Copyright 1997, The University of New Mexico F-78 Address Assignment Global –you get address from one organization and then you “own” it –this way you can hook Intranets together and addresses won’t collide –But addresses should be summarizable (not just unique) –IP now realizes addresses should be “rented”, not “owned” –People HATE renumbering (even thought IPX is a lot easier to renumber than IP) Local –you assign addresses within your own net as you please. Renumbering is necessary whenever merging with another net.

79 © Copyright 1997, The University of New Mexico F-79 IPX Address Registry Only recently has there been a registry of IPX addresses so you can get unique addresses So there’s zillions of little IPX intranets, with overlapping address space Easier to renumber than IP, but people still hate it Mapping from IP to globally unique IPX: IP IPX

80 © Copyright 1997, The University of New Mexico F-80 SPX “Sequenced Packet Exchange”, derived from XNS SPP End-to-end reliable (Transport layer) protocol. Functionally similar to TCP But not as good! Window size of 1, no pkt size negotiation (586 byte packets) SPX-2 an improvement, but not trivial to replace SPX, because API changed APX-2 is compatible on the wire -- two nodes communicate and if they can both speak SPX-2 they speak SPX-2, otherwise SPX SPX header after IPX header Each msg is numbered, and if not ack’d it is retransmitted

81 © Copyright 1997, The University of New Mexico F-81 SPX Packet Format IPX header (pkt type=5) Connection ctl data stream type source conn.ID dest conn.ID sequence # ack # allocation number data 30 1 2 1 2 2 2 2

82 © Copyright 1997, The University of New Mexico F-82 SPX Fields Connection control: flags –bit #0: SPX-2 extended header (ignored by SPX) –1: reserved (Xmit as 0, ignore on receipt) –2: ignored by SPX, means “negotiate size” for SPX-2 –3: ignored by SPX, indicates this is SPX-2 –4: end of msg (user bit) –5: ignored by SPX, “attention” in SPX-2 –6: send ack after this pkt (always 1 for SPX) –7: System packet (does not consume seq #)

83 © Copyright 1997, The University of New Mexico F-83 More SPX Fields Data stream type FE: end of connection. For graceful disconnect FF: acks end of connection 00-7F: user-defined values. Can be used internally by the application for submultiplexing, transaction code, etc. Connection Ids: each side assigns its own. Dest conn. ID set to FFFF on conn. Req Sequence number: independently assigned in each direction. Wraps to 0000 after FFFF Ack #: next pkt expected from other side

84 © Copyright 1997, The University of New Mexico F-84 More SPX Fields Allocation #: –highest seq # this side able to accept. –Most implementation announce # of buffers for IPX socket, which is wrong (if multiple SPX connections sharing IPX socket). –That’s why Novell’s SPX transmitter doesn’t take advantage of window size>1 Negotiation Size –Only present in SPX-2 –But even SPX-2 leaves it out of connection request (for SPX compatibility) –After negotiation, still send test pkt –Routers will truncate or drop –Size is min (yours, other side’s, network’s)

85 © Copyright 1997, The University of New Mexico F-85 Window Size In SPX-2 can have window sizes bigger than 1 server starts at 8 client starts at 3 based on internal heuristics, size change

86 © Copyright 1997, The University of New Mexico F-86 NCP Special purpose reliable Transport protocol Client requests. Server responds Originally one pkt requests, one pkt response If response too big for a packet, client had to break it into multiple requests: –req first hunk of data: get back data+pointer –req data starting from pointer: returned more data plus next pointer, etc. Then “packet burst” was added, wherein a long (up to 64K) multip-packet response is sent “all at once” It is rate based, (different from standard window with acks every few packets) Missing fragments are explicitly requested (rather than ack’ing received ones)

87 © Copyright 1997, The University of New Mexico F-87 NCP Packet Format (though it varies for some calls) IPX header (pkt type=17, socket=451) function code sequence # conn # low task # conn # hi completion code status flags 30 1 2 1 1 1 1 1

88 © Copyright 1997, The University of New Mexico F-88 Description of NCP Fields Function code one of: (1111=create service connection), (2222=service request), (3333=service response), (5555=destroy a service connection), (7777=packet burst), (9999=previous request still being processed) connection # should have been 2 bytes. They realized that too late. Set to 0 by client and assigned by server. Task # allows up to 255 tasks to share a single connection completion code nonzero indicates error status flags: (bit 0=bad service), (2=no conn available), (4=server down), (6=server has a broadcast msg pending for the client)

89 © Copyright 1997, The University of New Mexico F-89 NCP with Burst IPX header (pkt type=17, socket=451) function code=7777 flags source conn id dest conn # send delay burst seq # ACK seq # total burst offset into burst of this data packet size # of fragment entries missing fragment list (4 byte file offset, 2 byte length 30 2 2 4 2 6n 4 2 4 4 2 4 2

90 © Copyright 1997, The University of New Mexico F-90 TCP/UDP over IPX Documented in RFC 1791 IPX pkt type 4, socket 9091 =TCP, socket 9092 =UDP An additional header (called IPXF) is added to allow IPX fragmentation. Using IPXF allows packets up to 64K Anything requiring fragmentation can run over IPXF IPXF uses socket 9093. The real socket is contained in the additional header

91 © Copyright 1997, The University of New Mexico F-91 IPXF IPX header (socket-9093) fragment offset packet ID destination socket datagram length (in 8 octet units) 30 2 2 2 4

92 © Copyright 1997, The University of New Mexico F-92 IP/IPX Gateway A talks only IPX. Sees all Internet hosts as appearing on G’s IPX address. A establishes a TCP connection to G. G figures out the actual IP address of the destination, and opens a TCP connection to X. If the TCP port to X is n, G remembers that n goes with its IPX-TCP connection to A. Internet (using IP) X IPX A G

93 © Copyright 1997, The University of New Mexico F-93 Mobile IPX Mobile host: has software in it to make applications think its address is always a constant –finds MR –Asks for address from MR. Keeps MR informed when it moves Mobile router –advertises itself through SAP –assigns MH a permanent address –keeps track of MH’s current physical address –receives packets destined to MH –Redirects them to MH’s current physical address Correspondent Host: unaware that its’ talking to a MH rather than an ordinary IPX node

94 © Copyright 1997, The University of New Mexico F-94 Mobile IPX Let’s say MR’s internal net # is 6 MH has physical address, say, net.ID Will be assigned a permanent address like 6.31 CH receives packets from source address 6.31. CH sends too 6.31. MR receives and forwards to “net.ID” IF MH moves to (net2.ID2), it informs MR Mobility simpler withIPX than IP, since no need for foreign agent (since in IPX MH can always easily get an address) MR MHCH

95 © Copyright 1997, The University of New Mexico F-95 NDS Similar to telephone directory Partitioning (not all numbers in one book) Hierarchical names (like file system) Replication (same directory can be stored in multiple locations) Based on X.500 A partition is a set of directories in a connected portion of the tree which must be replicated as a unit One master replica Multiple writable and read-only replicas Replicas have to periodically synchronize

96 © Copyright 1997, The University of New Mexico F-96 Security Three types of crypto algorithms –secret key (one shared key) –public key (two keys per user, one public, one kept private –message digest (irreversible hash)

97 © Copyright 1997, The University of New Mexico F-97 NetWare 3X Authentication A secret key scheme It’s slightly more complicated than that since “x” is really h(pwd, userID), and server needs to first tell client machine userID so that client machine can calculate x) Have to configure user and “x” at every server the user has rights to log into “Alice” Random #R h(R,x Alice) client User1 h(pwd1)=x1 User2 h(pwd2)=x2

98 © Copyright 1997, The University of New Mexico F-98 Packet Signatures Someone demo’d “session hijacking” Somewhat unfairly, Netware got lots of bad press for that Solution was “packet signature” Client and sever compute h(R, x, constant), and use that as a “session key” The “signature” is like a checksum, but it depends on the beginning of the packet and the session key, so without knowing the session key you can’t hijack the session

99 © Copyright 1997, The University of New Mexico F-99 Public Key Authentication How does Alice know her private key? How does Bob know Alice’s public key? Alice Bob Alice R R “signed” with Alice’s private key Verify using Alice’s public key

100 © Copyright 1997, The University of New Mexico F-100 Getting Alice’s Private Key Alice can’t simply remember a 500 bit number A secret key can be directly derived from the password, but a private key had to be a very special number Could carry it around on a floppy or smart card (encrypted with password) Could store it (encrypted) on a file on Alice’s workstation Could store it in a convenient place on the network (like NDS) encrypted with Alice’s password NetWare v4 stores it encrypted in NDS To prevent off-line password guessing, WS has to prove to NDS that the WS knows the user’s password before NDS will send the encrypted private key

101 © Copyright 1997, The University of New Mexico F-101 (somewhat simplified) Initial Login to NDS AliceWSNDS Name, pwd Calculates S Alice R MD(S, R) Encrypted private key User public key {prv key{ pwd MD (pwd)=S

102 © Copyright 1997, The University of New Mexico F-102 Less Simplified WS NDS Alice R, salt Computes X=MD (pwd, salt) Y=MD (X,R) {Y, R2}NDS’s pub key Verifies Y {encrypted priv key XOR R2} Y

103 © Copyright 1997, The University of New Mexico F-103 Login Steps Alice types her name and password to WS WS proves to NDS that it knows Alice’s password NDS give WS Alice’s encrypted private key WS decrypts private key with Alice’s password WS turns Alice’s private RSA key into a signature-only key K WS forgets Alice’s password and RSA key To log into server Bob, WS users K, Bob verifies using Alice’s public key

Download ppt "© Copyright 1997, The University of New Mexico F-1 Introduction to NetWare Presented By Louella R. Phillips."

Similar presentations

CPSC 441 - Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
Routing Protocol.

Routing Protocol.
1 CCNA 3 v3.1 Module 1. 2 CCNA 3 Module 1 Introduction to Classless Routing.

1 CCNA 3 v3.1 Module 1. 2 CCNA 3 Module 1 Introduction to Classless Routing.
IP Address 1. 2 Network layer r Network layer protocols in every host, router r Router examines IP address field in all IP datagrams passing through it.

IP Address 1. 2 Network layer r Network layer protocols in every host, router r Router examines IP address field in all IP datagrams passing through it.
Novell IPX Semester 3, Chapter 7 Allan Johnson. Novell IPX Overview Novell IPX is a proprietary suite of protocols that includes the following: A connectionless.

Novell IPX Semester 3, Chapter 7 Allan Johnson. Novell IPX Overview Novell IPX is a proprietary suite of protocols that includes the following: A connectionless.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
1 LAN switching and Bridges Relates to Lab 6. Covers interconnection devices (at different layers) and the difference between LAN switching (bridging)

1 LAN switching and Bridges Relates to Lab 6. Covers interconnection devices (at different layers) and the difference between LAN switching (bridging)
Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS

Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS
1 26-Aug-15 Addressing the network using IPv4 Lecture # 2 Engr. Orland G. Basas Prepared by: Engr. Orland G. Basas IT Lecturer.

1 26-Aug-15 Addressing the network using IPv4 Lecture # 2 Engr. Orland G. Basas Prepared by: Engr. Orland G. Basas IT Lecturer.
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
1 Internet Addresses (You should read Chapter 4 in Forouzan) IP Address is 32 Bits Long Conceptually the address is the pair ( NETID, HOSTID ) Addresses.

1 Internet Addresses (You should read Chapter 4 in Forouzan) IP Address is 32 Bits Long Conceptually the address is the pair ( NETID, HOSTID ) Addresses.
IP Addressing and Network Software. IP Addressing  A computer somewhere in the world needs to communicate with another computer somewhere else in the.

IP Addressing and Network Software. IP Addressing  A computer somewhere in the world needs to communicate with another computer somewhere else in the.
Network Layer4-1 NAT: Network Address Translation 10.0.0.1 10.0.0.2 10.0.0.3 10.0.0.4 138.76.29.7 local network (e.g., home network) 10.0.0/24 rest of.

Network Layer4-1 NAT: Network Address Translation local network (e.g., home network) /24 rest of.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.
IP Addressing Introductory material. An entire module devoted to IP addresses.

IP Addressing Introductory material. An entire module devoted to IP addresses.
Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.

Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.

Similar presentations

Ads by Google