Windows XP Home Networking Dennis Morgan Program Manager Core Networking Microsoft
Agenda Network Architecture Setup and Configuration Internet Connection Sharing Internet Connection Firewall Network Bridge Application Compatibility Network Address Translation Diagnostics
Network Architecture There will be multiple networked PCs and Intelligent Appliances (IA) in the home and small business PCs and devices will be connected over multiple network media that are bridged IP will be the dominant protocol inside the home Configuration and setup will be simple or automatic PCs and devices will securely connect to the Internet via dedicated or PC gateway
Network Architecture Internet Residential gateway (PC or device)
Why not this architecture? Internet Hub Insecure Network architecture is public
Setup and Configuration Out of Box Experience (OOBE) Runs on first-boot Auto Configuration Network Setup Wizard Configuration tool for setting-up a Home or Small Business network Runs on down-level clients New Connection Wizard Dial-up, VPN
Network Setup Wizard Sets-up a machine as an ICS host or a client on the network TCP/IP settings Unifies workgroup IE settings UPnP Configures network shares File and Printer shares XP, Me, 98 SE and 98 Gold
Internet Connection Sharing Provides Network Services NAT – share a single Internet connection DHCP – allocation of private addresses DNS – resolution of home network addresses Simple checkbox UI Discovery and Control via Universal Plug and Play Location aware group policy
ICS Discovery and Control ICS server announces itself on the network UPnP service (UPnP IG compliant) Beacon for auto-discovery ICS clients automatically discover and use the ICS server Allows clients to discover ICS host and its connection state to the ISP Allows clients to control connection state of ICS host Down level client available via NSW
Internet Connection Firewall Uses connection flow information to prevent unsolicited inbound connections Thwarts standard scans Simple checkbox UI Advanced Options Logging ICMP Location aware group policy ICMP options disabled by default: Type 3 -- Allow outgoing destination unreachable Type 4 -- Allow outgoing source quench Type 5 -- Allow redirect Type 8 – Allow incoming echo requests Type 10 – Allow incoming router request Type 11 – Allow outgoing time exceeded Type 12 – Allow outgoing parameter problem Type 13 -- Allow incoming timestamp request Type 17 – Allow incoming mask request
Network Bridge Allows users to deploy multiple media types in the home to create a seamless network Layer 2 media bridge built to IEEE 802.1D-1990 specification Supports Ethernet, HomePNA, IEEE 1394 and wireless network devices Includes Spanning Tree Algorithm (STA) Location aware group policy
Application Compatibility Large test matrix of applications Approx. 100 apps tested in Millennium Approx. 150 apps in XP matrix Application Layer Gateway (ALG) API Extensibility model for 3rd party protocols Provided via the platform SDK
Network Address Translation
What Is NAT? Network Address Translation Multiplexes the address space behind the NAT Edits source address and ports in IP traffic All network traffic leaving the public side of the NAT appears originate from one IP address Internet 192.168.0.2 192.168.0.3 192.168.0.1 157.55.0.1
Deployment Blockers Peer to Peer applications Multi-player games Remote Assistance File Sharing Multi-player games XP and Broadband Enabled Experiences Real Time Communication
What is the solution? Program the NAT with Universal Plug and Play UPnP is an industry initiative Provides method for discovering services Provides methods for interacting with devices and services Internet Gateway Device working group defining schema for gateways Includes method for creating and removing port mappings
Changes for Applications Many applications will just work DirectPlay games Remote Assistance Windows Messenger New applications use UPnP Use UPnP for port reservation Use the public address in exchanges with peers Existing applications Provide script to create a static port mapping
Windows client support Windows XP has native support Windows Me has support requires update to UPnP control point software; available via Windows Update Windows 98SE & 98 Gold control point available as part of XP Home Networking package APIs available in platform SDK
Diagnostics
Repair Features Multiple Entry Points Performs Common Repair Tasks Status Icon Connections Folder PC Health Performs Common Repair Tasks IP Address Renew ARP and DNS Cache Flush WINS Refresh DNS re-register
Network Status Features Network Connection Status Icon Error icon shows broken connection, no connection or signal, or invalid address Normal icon shows auto-config address, and Ad Hoc wireless mode Tool tips describe simple problems Network Monitor tab in Taskman Network information displayed on connection folder page Support Tab Added to Status Dialog of connection Replaces WinIPconfig.
DGNet Features Works with PC Health to gather system information Three Levels of Display Results User Selectable Test System Properties Network Adapter, modem and VPN information Application Test IE Proxy, News Server, Mail Server
Wireless
Wireless LAN Trends Increased WLAN bandwidth Reduced cost of equipment 11Mbps for Wi-Fi 22Mbps and 54Mbps coming Reduced cost of equipment $95 per Wi-Fi card, $200 per Access Point Increased use of laptops and PDAs Mobile users Growth of Wi-Fi embedded in laptops Wi-Fi is growing rapidly
Wireless LAN Scenarios Enterprise Want secure user authentication and key distribution Want to support guest access to the Internet Public places (Airports, Malls, etc) Want user authentication for billing Home Want simple, no new wires network Roaming Want transparent roaming Current Situation Enterprise No user authentication No encryption key management protocol, either unencrypted or encrypted using a single encryption key. Keys are distributed manually, e.g. visit each machine to change the keys. Public places No user authentication, done by forcing web to their web page. Assumes web is the first thing a user does. Not transparent to the user. Roaming Re configure at each location. Need to know configuration at each location.
Windows XP Simplifies Wireless Zero configuration Automatically scans for network Automatically configures Wi-Fi NIC Secure LAN access IEEE 802.1X Supports different credentials, limited access & guest accounts Roaming Alternative IP configuration Network location awareness
Summary Windows XP brings Millennium parity to the 2000 code base Windows XP makes networking accessible to consumers Simplified set-up and diagnostics Focus on key scenarios Windows XP is the best platform ever for always connected and broadband connectivity ICS, Bridge, Firewall Roaming, wireless support
Backup slides
Call to Action IHVs/ISVs Use UPnP to detect and configure Internet gateway take NAT into consideration when writing protocols Compatibility: test early, test often Plan now for IPv6 IHVs: ensure network cards report promiscuous mode properly
Resources Home Networking feedback – hnetfb@microsoft.com Writing NAT friendly apps – http://www.microsoft.com/Windows2000/library/howitworks/communications/networkbasics/natdoc1.asp Universal Plug and Play website – http://www.upnp.org
Network Address Translation
What is Network Address Translation (NAT)? Multiplexes the address space behind the NAT Edits source address and ports in IP traffic All network traffic leaving the public side of the NAT appears originate from one IP address
How NAT works Client NAT Server Default gateway is the NAT 192.168.1.5 NAT 192.168.1.1 Server 212.3.2.4 212.3.2.10 Src: 212.3.2.10:5205 Dest: 212.3.2.4:80 Src: 192.168.1.5:3123 Dest: 212.3.2.4:80 Gateway: 192.168.1.1 Default gateway is the NAT NAT maps internal source address and port with specific external source address Modifies packet with NAT’s external address and new source port Forwards packet to server Response packet internal destination is resolved by NAT based on port state table
Working with NAT is critical Many firewalls are based on NAT With 24 x 7 connectivity, the # of personal firewalls deployed will increase. Windows® ICS is widely deployed There are lots of other NATs from lots of vendors Cable modems DSL modems ISDN routers Other combo router/gateway/edge devices Forcing NAT to edit protocols does not scale with either the # of protocols or the # of NAT solutions
Things that break with NAT Using IP addresses in data payloads Using port numbers in payloads Assuming that you can always send or receive on a specific port, range of ports, or sequence of ports Assuming hosts will keep the same IP address throughout a conversation Assuming that your application can receive unsolicited inbound connections Assuming that all application clients have the same view of the network that you have
Building NAT friendly protocols Don’t rely on embedded address and port information Use fully qualified domain names and/or user names where possible Let DNS do the work Don’t make assumptions about addresses and ports staying the same Avoid having unsolicited inbound connections in your protocol Encrypted protocols should avoid having the checksum cover the IP header Test your protocol with ICS and other NATs Remember IPv6
Wireless Zero Configuration Automatically scans for wireless LANs nearby Configure 802.11 NIC to match available network User can setup one or more preferred networks Possible to disable non-preferred networks If no 802.11 networks nearby configure 802.11 NIC to peer-to-peer mode Possible to disable peer-to-peer mode or force it Integrated with security If security fails find another network to use
LAN Access Security IEEE 802.1X Supported on Ethernet and 802.11 Standard protocol for authenticated network access Supported on Ethernet and 802.11 User and machine authentication using Radius Same as used for dial-up and VPN authentication Windows 2000 Internet Authentication Server can be integrated with Active Directory user database Level of network access is under admin control No access (don’t even get an IP address) Complete access Guest access Supports distribution of encryption keys to clients
Roaming Alternative IP configuration DHCP + static IP configuration Automatic switch between configurations Extended Windows 2000 auto DHCP renew Check IP address on roaming Extended Windows 2000 reconfiguration support on IP address change QoS reservations updated IE proxy settings re-detected IP prefers fastest network interface E.g. 11Mbps wireless and 100Mbps Ethernet
Roaming Network location extensions to Winsock Applications that want to be network aware E.g. Firewall, IE Information about the network connectivity the machine has Speed, interface type, network type (e.g. connected to the Interface), ICS information, 802.1X information Connectivity change notification