There is one technology normally associated with IP name resolution and that’s DNS (Domain Name System) or Smart DNS, this is probably because it’s the dominant system on the internet. However in the average corporate network you’ll find all sorts of alternative methods to resolving names and IP addresses which have been around for years. Here’s just a few of the common ones that you might come across:
Broadcasting: The use of mass broadcasts to help resolve names is of course very inefficient, basically a plea to the whole network asking for an answer. You’d think that this method isn’t used any more and it’s true most network administrators have tried to remove it from their networks. However for anyone who’s tried to troubleshoot a network of any size you’ll almost certainly find devices who routinely broadcast looking for name resolution. A couple of reasons it doesn’t work well are it generates lots of unnecessary traffic and most routers won’t transmit the broadcasts anyway so calls are frequently just lost. You can configure routers to pass on these message using the IP address helper function but this is not the way to run a fast efficient network.
Netbios over TCP/IP
Netbios was the primary method used by windows computers to resolve names and IP addresses, although again DNS is likely to have replaced it normally. There are 4 methods to Netbios Name resolution and they are usually operated in a distinct order.
- p-Node – Client contacts a WINS or NBNS server using unicast. This needs to be configured on the client server to work properly but then just requires IP connectivity.
- b-Node – Client attempts to contact a WINS or NBNS server using a broadcast. This will only be successful if there is a server on the same subnet or routers are configured to forward the request.
- m- Node – Client uses b-node first then p-node is there is no reply to the initial broadcast.
- h-Node – Client will first use a p-node unicast if configured and then fall back to a b-Node broadcast afterwards.
Windows Internet Names Service is a Microsoft implementation of the NetBios (NBNS) protocol. It’s a dynamic and distributed method of name resolution used mainly in Windows environments. It has all name resolutions saved on central WINs servers, and indeed in some implementations the WINS service was installed automatically on Microsoft Windows server installations. Again it works best when the WINS server is configured correctly on the client, otherwise it will fall back on broadcasts like NBNS.
This is a simple static file similar to a hosts file which is must be created, distributed and kept updated by the network administrator. If a client is configured in h-node then the LMhosts file will be consulted as a fall back method. It can create a lot of work and potential issues in large dynamic environments although it can be used to distribute names of key servers which are unlikley to be moved or modified.
The network layer of the OS Protocol stack is often simply known as Layer 3. It is important for network troubleshooting as it is where routing takes place one level above the data link layer (Layer 2) which is where switching and bridging happens. A VLAN (virtual LAN) is a subnetwork of an internetwork however it is normally defined using a switched network topology.
So what do we mean by a switched network? Well simply put it is a series of devices such as computers attached directly to some sort of multiport switching device. A network switch acts like a connecting medium between the ports which computers are connected to. In the perfect switching environment each port has only one device connected to it, however in reality it’s likely to be another network device like a bridge or hub which has many more clients indirectly connected to the switch. The perfect scenario has no conflict between different devices trying to use the same network cable, performance is maximized here because there is no waiting or latency while information is transmitted such as you would get on Ethernet. Just like the simple VPNs we use across the internet to watch BBC USA whilst hiding your IP address they VLANs segment and protect traffic.
An important reason for segmenting networks initially then connecting them together again using routers is that it minimizes the size of broadcast domains with fewer devices competing for access. Switched topologies also reduce the level of contention and many networks have to evolve into large flat switched networks. If you remove routers though there is a price to pay both in ease of administration and being able to securely manage specific segments or devices. If you need to retain some sort of topological layout in this scenario, VLANs are probably the only feasible option.
A VLAN restores the advantages of a segmented network to a flat switched network. Network administrators can use VLANs to create pseudo segments in a open network across the switches. This is important for creating security segments and managing large networks as the computers which are joined to the VLAN can exists anywhere on the network. So for example you can create a high security VLAN to connect secured servers together where they can be managed and secured as a group. These servers can exist on different switches, different ports and across buildings and departments.
The next stage is to take these individual VLANs which connect many groups of computers and extend the model. Indeed a device can be a member of multiple VLANs and messages can be broadcast to specific devices by sending them to specific VLANs only. The issue with this setup is that routers still need to transmit packets across these different VLANs, there is still a requirement for data to be transported which can cause contention and performance issues.
Here we see the techniques of Layer 3 switching being useful where a routing algorithm is used to discover the fastest path through the switched network. Once a destination is actually located, a shorter layer 2 switched path can be used. This procedure is possible because the VLANS will actually overlay the physical switching fabric of the network. Obviously there is more to these techniques and indeed the design and construction of efficient switched networks is a large and interesting field.
John Simmons, american version of Netflix? Galsworthy Publications, 2013
The technology sector is at the moment somewhat confused about what a VPN actually is. However the confusion is understandable as the VPN has continually evolved over the last few years into a somewhat different networking technology. In the passed, the VPN could be described as a private network which is able to carry voice and data usually built into existing carrier services.
This is not how a VPN is defined commonly today, it’s probably best to split into the following different definitions.
- Voice VPN – a single carrier which handle all the voice call switching. The ‘virtual’ in VPN here implies that a virtual voice switching network has been created within the switching equipment. This is probably the most dated definition under the concept of traditional carrier based voice vpns.
- Carrier Based Data VPN – Traditional packet, cell switching and frame networks normally carry data in discrete bundles which are then routed through a complex mesh of networks and switches to their destination. These networks would be shared between many owners and users. A VPN would be a web of individual virtual circuits which form a virtual private network over another carriers packet-switched network.
- Internet VPN – this is probably the definition which is most relevant today, similar to the previous carrier based data network. Here an IP network is the underlying transport and the common medium the shared hardware of the internet.
The internet VPN like this is the most common today probably because it is by far the easiest and cheapest one to set up. There might not be the same bandwidth and data quality guarantees than a traditional virtual circuit, however the popularity of simple VPN client and server accessible from anywhere in the world is a powerful tool for many reasons.
What’s more the internet VPN can be created and used by almost anyone without exception. Companies for instance will often install generic VPN client software on their laptops so any employee can dial in to the corporate servers using any internet connection safely and securely. This means that employees can work remotely from almost any location all they need is a simple internet connection and an account on the VPN server.
A decade ago these were used over simple dial up modems but now most countries have a fairly large internet access infrastructure allowing high speed access from most public places and from home internet connection. The other advantage is that an internet VPN requires no real investment in hardware apart from the central server. Users can leverage the internet connection of their ISP or even a hotel wifi access point, a fairly insecure setup but if you connect through a virtual private network then all your data is securely encrypted and protected from prying eyes.