Networking

This is a guide to basic networking, covering cables, hubs, switches, routers, IP, DNS, netmasks, firewalls and gateways. It is meant as a basic guide and does not cover every aspect in great detail - just enough to get you started when setting up a network for the first time - especially if you have something like an ADSL router.

CablesWires and wires

A network can connect using cables, coax, fibre, or radio, but we will concentrate on cables. Generally, the way a network operates once connected is the same whatever method you use. The speed may change, but it is still effectively an ethernet network we are talking about.

The cables you will have heard of are "cat 5" or "category 5" or "cat 5e". Cat 5 is basically a system of structure cabling, and a cat5 lead or patch lead is just part of that. A patch lead is just a lead with a plug each end that connects things together. Cat5 cabling does not generally have any cables over 100m long, and some types of network need shorter lengths to work at full speed.

The cable itself has 8 wires arranged as 4 pairs. The fact that they are pairs is important to the way the electrical signals are carried. Each pair has a colour: blue, orange, green and brown. Each pair is two wires twisted together (see picture on right). One is coloured (with maybe thin white stripes) and the other is white with thin coloured stripes.

The colours themselves don't matter - the electrical signals don't matter, but there are conventions which you should follow, and it is important that the pairs are not split.

RJ45 plugIf you look at the plugs on the end of the cable they are 8 way square, usually clear plastic and you can see the wires in the plug. The colours normally used, are...
1
White/Orange
2
Orange/White
3
White/Green
4
Blue/White
5
White/Blue
6
Green/White
7
White/Brown
8
Brown/White

Crossover cables

For normal networking only the Orange and Green pairs are used. One pair is transmit and one is receive.  Normally a cable is straight, i.e. the same wiring at each end - pin 1 to pin 1, pin 2 to pin 2, etc. To make this work there are two types of sockets - the ones you find on a computer and the ones you find on a hub. The two types of sockets are wired differently so that a straight cable can be used to connect between them correctly. This means that at one end pins 1 and 2 are transmit and at the other end they are receive, so it works.

In some cases you need to connect a computer port to a computer port or a hub to a hub. Some hubs have an alternative or switched port to allow hub to hub connections with a straight lead, but if this is not the case, or it is in use, you need a crossover lead. A crossover lead has transmit connected to receive. i.e. 1 to 3, 2 to 6, 3 to 1, and 6 to 2. You can tell a crossover lead as the colours of the cables are different at each end, e.g. one end normally starts White then Green rather than White then Orange as normal.


Cables give us a way to connect two devices together.

Hubs and switches

Having a network connection on a PC is all very well, and with a crossover cable you can connect directly to another PC, and they can communicate. However, you normally want to connect several PCs, or other network devices together in to a group (a network). To do this you need hubs and/or switches.

Hubs

I hub is a device that connects several network connections together. Typically available in 4, 5, 8, 16, 24, 32 ports they work by allowing data sent from one connection to go out to all of the others. You can connect hubs together, but as a general rule you should not have more than 4 hubs from any one machine to any other as the accuracy and delay of the signals cannot be guaranteed and the network might not work properly. Hubs are very simple to use as you just plug a patch lead between a port on the hub and the PC.

Uplink

Some hubs have a switch by one of the ports, or an alternative port (e.g. 8X next to 8). This is an uplink port. The X means the wiring is crossed over so that the port works like a PC connection and a straight lead can be used to another hub. It is important that if the port is an alternative rather than having a switch that you use one or the other socket and not both.

If you try and connect two uplink ports together, that would need a crossover lead as both ends are crossed over in that case. You can use a crossover lead to connect two of the normal ports one two hubs together.

Link light

Hubs, and must PCs, have a link light. This helps you make sure you have the cable right. If you do, then both ends with light up the link light. If the cable is faulty it is possible for only one end to light up and it wont work. If you have the wrong sort of cable (crossover / straight) then neither end link light will be lit.

10/100

This sort of networking works at various speeds. The most basic is 10Mb/s (10,000,000 bits per second), and is called 10baseT. Faster networks operate at 100Mb/s, and even 1Gb/s. It is possible to get 100Mb/s only hubs, but normally anything that handles 100Mb/s will also handle 10Mb/s and is also a switch rather than a hub. Usually the switch/hub will automatically work out if the connection is 10Mb/s or 100Mb/s and usually has a light to tell you.

Switches

A switch looks much like a hub, and may initially seem to do exactly the same job. A switch has a number of sockets to connect network devices such as PCs, and allows the devices to send data to each other. The big difference between a switch and a hub is performance. The way ethernet is designed to work is any packet of information sent on the network is actually seen by all of the other machines. This means they cannot actually all talk at the same time. WIth a hub, this is how it works - if one device is sending data, all of the others are receiving that data (and can't be sending data themselves). This means on a 10Mb/s hub, all of the devices share the network capacity (the 10Mb/s).

A switch on the other hand operates by receiving the message and sending it out on the right ports. This means that if A is sending data to B, then C can be sending data to D at exactly the same time. It means the speed is not shared between all of the devices. The switch uses MAC addresses (see below) to work out which ports to send data to, and keeps track of what machines you have plugged in where.

As a switch can receive and send data independently on each port, it allows 10/100 switching. I.e. a mixture of 10Mb/s and 100Mb/s second devices. It can receive at 10Mb/s on one port, and at the end of the data being received, send it at 100Mb/s on other ports, and the other way around. Obviously a switch has some memory internally to hold these messages.

Full duplex

It is possible on 100Mb/s to operate in full duplex mode. This means you can send and receive data at the same time on a port. This again adds performance, but it only works where the PC can handle full duplex. The switch will normally work this out, and some have a light to say if a port is full duplex or not. If one end is full duplex and the other is not (e.g. the switch or PC got it wrong) then you will lose packets and have an unreliable link.

Managed switches

A managed switch simply means that the ports can be set up manually, and normally that data on the traffic being carried can be viewed (how busy each port is). This means you could fix a port at 100Mb/s or full duplex, or whatever instead of trusting the automatic negotiation (which is not always foolproof).


With hubs and switches, we now have a way of physically connecting several devices, such as a PC, physically together.

LAN/Ethernet

Having covered some of the basics of how computers and network devices physically connect to each other using cabling and hubs/switches, we need to look at what they say to each other and how a network is created. Ethernet has been around a long time, and evolved to allow different types of physical connection. Originally it used thick yellow expensive coax cable, but can now operate over types of radio network as well. The network is called a LAN (Local Area Network) as it is a network that of machines physically close to each other (local area).

Packets

The internet, and ethernet work on packets. These are small chunks of data (up to 1.5K) that contain information about where they are to go, and where they are from, and some data. All communications on a network or the internet is broken down in to small packets like this.

Wrapping

Breaking down information in to small chunks, packets, is only part of the story. These packets are then sent in various ways, and ethernet packets are just a wrapping around another type of packets (normally an IP packet). So the ethernet packet contains information about where the packet is from and to on the LAN, and also some check data to ensure it is not corrupted in any way.

MAC Addressing

As mentioned above, the basic principle of ethernet is a broadcast medium - i.e. when one device sends a packet, all of the rest see it. In practice you are normally sending a packet from A to B, i.e. it is destined for only one other device on the LAN. To achieve this the destination address is included in the start of the packet, and all of the devices seeing the packet look at that address to see if it is for them. If it is not they ignore it, and if it is then they accept it and process it. A switch uses this to work out from the address the port it should send the packet down instead of bothering all of the devices with every packet.

The address is a MAC address (Media Access Control). Every network device as a unique MAC address fixed by the manufacturer of the network card. MAC addresses are only used on the local network (LAN) to allow packets to be sent from one device to another.

A MAC address is actually a 48 bit number, and is usually written using hexadecimal, e.g. 00:03:79:12:33:57. You don't normally have to deal with MAC addresses.


Now we have a way of connecting several devices, such as PC, physically together in a local network and a way that allows them to send specifically addresses packets of data to each other.

IP

IP (Internet Protocol) is the basis of the whole of the internet. It allows packets of information to be sent over a wide area network (WAN), i.e. anywhere in the world.

IP addresses

Unlike MAC addresses which are automatically allocated by the manufacturer of a network card, and which are used for addressing machines on a local network, IP addresses are allocated in a structure which allows packets to them to find their way from the other side of the world if necessary.

An IP address is a 32 bit number, and is normally written as a dotted quad, e.g. 192.168.0.1. This means that the 32 bit number is broken in to 4 parts, each of 8 bits, and each part is written in decimal (a number from 0 to 255) with dots in between. The address 192.168.0.1 is 11000000101010000000000000000001.

IP is a means to send packets to a specific IP address. Again, like ethernet, the IP packet wraps up the data it contains, and adds addressing information and checking information to make an IP packet.

Private / public addresses

You may have seen addresses starting 192.168, or 10, or even 172.16 in many places. This is because they are private addresses. They are just like any other IP addresses, except they will never be allocated to anyone, and so can safely be used in private networks. The actual ranges are 192.168.x.x, 10.x.x.x, and 172.16-31.x.x.

If you are setting up a private network, and need some IP addresses, you should always use these ranges. If you just make up addresses (e.g. 100.100.100.x) then they could be allocated to a real place on the internet - perhaps a customers mail server, or your favourite web site, and that part of the internet would not be accessible to you as you would have hi-jacked their addresses for your private use.

Special addresses

There are special addresses. 255.255.255.255 is a special address used to send packets to every device on a local network (not to the whole internet!). Addresses starting 224-239 are multicast addresses used for some special applications to send data to more than one machine at a time. The address 127.0.0.1 is special in that it is another address for yourself, i.e. on any machine this is a way to talk to itself. Address 0.0.0.0 is not valid, but addresses 1.x.x.x to 223.x.x.x are otherwise public internet addresses.

Where addresses come from

If you need to accept data from the internet (even if it is just the data in a web page you have requested) you need a public internet address. With a modem this is typically allocated on the fly when you connect to the internet from your PC. With a leased line or ADSL connection these may be permanently allocated to you.

The actual addresses are allocated by regional internet registries (RIRs), of which there are only 3 such registries. There is one for the whole of Europe, called RIPE. RIPE allocates large blocks of several thousand addresses at a time to local internet registries (LIRs) which are typically internet providers. The whole world has to know where these addresses are to go to, so allocating large blocks to ISPs allows this to be done without too much difficulty.

The ISP will then assign addresses in small blocks to you. The ISP makes sure that any packets that are sent for your addresses get to you, via your ADSL or leased line, or whatever.

ARP

If you have several PCs on a local network, and they each have their own IP address, then they may want to send messages (IP packets) to each other. They do this by sending a packet to a specific address. E.g. 192.168.1.2 wants to send a packet to 192.168.1.3. The Ip packet is created with these addresses, but to send on the local network this has to be put in to an ethernet packet. The ethernet packet needs to say which MAC address to send the packet to.

In order to find the MAC address for an IP address on the local network, a special packet called an ARP request (Address Resolution Protocol) is sent. This is a broadcast packet to all of the machines on the local network asking, e.g. "where is 192.168.1.3". The machine with that address answers and tells it's MAC address. This is remembered for a while, and any packets for that IP address can now be correctly addressed to the right MAC address.

Creating a subnet, and subnet masks

We have said that IP addresses have a structure. Large blocks allocated to an ISP, and an ISP then routes a smaller block to a customer. But how do you group IP addresses in to a "block"?

The answer is that a sequential set of IP addresses are treated as a block of addresses. However, it is not as simple as saying that a certain customer has 1.2.3.5 to 1.2.3.17 as their addresses (that would be too simple <-:). In practice a subnet is created. A subnet is a group of addresses based on the binary IP address.

What happens is that part of the 32 bit address is assigned to a network. e.g. if we have machines all starting 192.168.5. in a network (that's 192.168.5.0 to 192.168.5.255) then that is a 24 bit subnet. This is because the first 24 bits, the 192.168.5 bit are the same for all machines on that network.

Looking at it in binary that network is 11000000101010000000010100000000 to 11000000101010000000010111111111, i.e. the first 24 bits (110000001010100000000101) are the same, and the last 8 bits changed (from 00000000 to 11111111). To define this a subnet mask is used. This says which bits are the same, e.g. 11111111111111111111111100000000 which is 255.255.255.0.

All machines in a network have their own unique IP address with in the same block, and they also know their subnet mask. This is important so that machines know if another address is on the same network. If it is, then packets to another address can be sent directly and ARP used to find the MAC address to send them to. If not on the same network, then the packet will have to be sent elsewhere (see below).

When the address block is 256 addresses, then it easy. e.g. 192.168.5.x. However, you will often have smaller blocks allocated (as IP addresses need to be carefully allocated so they don't run out). This means you could have, say, a 28 bit netmask (which is 255.255.255.240) allowing you only 16 addresses.

Special addresses (again)

In any subnet, the first and last address are special. The first is effectively unused, but the last is a broadcast address which all devices listen for in addition to their own address. Broadcast addresses like this stay on the same local network and are used for machines to tell other machines about them (windows network neighbourhood uses this, for example). This means if you have a block of, say, 16 addresses, you can only use 14 of them anyway.

DHCP

When setting up a network, each machine has to have several parameters set. We know the IP must be set uniquely for each machine, but all in the same group (subnet) of addresses. The subnet mask must also be set on every machine, and we will see below that a gateway and DNS server are normally needed as well.

DHCP (Dynamic Host Configuration Protocol) is a way for one machine on a local network to take on the job of giving out addresses to other machines. If you set up a DHCP server, you tell it a range of addresses to give out, and the details of subnet masks, gateway, DNS, and several other settings. Once a machine is then plugged in to the network, having been set to get details automatically then it will be allocated the necessary details from the DHCP server. This can save a lot of time and effort.

Getting off the network

So far we have seen how we can physically connect machines on a network; how they can send messages to each other by MAC address; how the can have IP addresses from a small group (subnet) and how (using ARP) they can send messages to each other by IP address.

By having a subnet mask, it is possible for a machine to work out that a packet is intended for a machine outside its own network. e.g. if the network is 192.168.5.0-255, a machine sending to 217.169.0.1 knows it is not on the same network - so what does it do.

Considering a PC with only its network connection, it has to send the IP packet in an ethernet packet, and so has to put a MAC address in that packet to say where it is going. It knows the destination is not on the same network, so it knows there is no point sending an ARP to find the MAC address. Instead it sends an ARP to find a gateway machine. That is a machine that knows what to do with this packet. This means that each machine needs a gateway address - the IP address of a machine on the local network which talks to the rest of the world.

Sending the packet to that machine (still addressed at the IP level to the original IP address), means that it can then be sent on its way via modem, ISDN, leased line, ADSL or whatever.,

Routing

There is more to life that just getting the packet off the network. There are sometimes situations where you need to send some packets one way and some another. This is where routing tables come in. A routing table says which blocks of IP addresses go via what gateway. You can set these on windows PCs (from DOS), but usually you will have one machine on your network that is a router, and it will have routing rules to say what goes down (say) the ADSL, what goes via another box (perhaps an ISDN router) and so on. The PCs on the network can then live with just a gateway address and the gateway bounces the traffic to the right place.

In the internet there are lots of routes that say which blocks of IP addresses go where and this is how the IP addresses for you network get to come down the right line to your router.

With IP addresses we have a way to send packets of data to any numbered IP address on the planet.

DNS

So far we have seen how a network of networks (an internet) can be set up. Each local area network has a small group of IP addresses (a subnet) and some gateways or routers carrying traffic off its network to the rest of the work. The Internet is a collection of networks and links owned by ISPs and companies.

This is all very well if I want to send a packet to 217.169.0.1; It will get there. What if I want to go to a web site? That has a name not a number. What if I want to send an email - that uses a name not a number..

To solve this DNS (Domain Name Service) is used. This allows names to be turned in to numbers. Normally every PC will list one or two DNS servers (which have to be listed by IP address and not name or else you get a bit of a chicken and egg problem). The only reason for two is resilience. These are servers, usually provided by your ISP, which will look up names for you and get the addresses.

So, when you put www.me.uk in to a web browser, the browser uses DNS to look up that as 217.169.20.20 and then fetch the page.


With DNS we can call machines by names, and so we can go to web sites, send email, and communicate with the world