As we discussed in the first part of this series (see the article "Building Your Internet Site," MIND, February, 1997), an "Internet Site" can mean many things. Our definition is any site that provides 24-hour, seven-day-a-week dedicated access to the Internet and server software that makes site resources accessible to clients over the Internet. An Internet site can simply provide Web content, or it can offer a wide range of other services including Internet access and business services.
In this second article in the series, we focus on a particular type of Internet Site: an internal or "private" network with dedicated access to the Internet. We'll discuss how to set up a private network, and then describe various options for providing dedicated Internet access for the network.
There are many types of networks, but one of the most familiar is the Local Area Network (LAN). A LAN can be as simple as two computers connected to each other and communicating via a common protocol, or it can involve hundreds of computers connected together in the same physical location, such as an office building. We'll focus on the latter network.
When LANs at two or more sites-such as two offices in the same city-are connected, the resulting network is called a Wide Area Network (WAN). Value Added Network (VAN) describes a network with special services such as Electronic Data Interchange (EDI) or financial services such as credit card authorization or ATM transactions. The LAN, WAN, and VAN architectures are examples of private networks that are closed to the outside world.
Metropolitan Area Network (MAN) usually refers to the Public Switched Telephone Network (PSTN) or telecommunications infrastructure for a metropolitan region. The MAN for Geneva, Switzerland, is an interesting example. You can visit http://www.itu.ch/GVAMAN-OVERVIEW.HTM for an overview of the Geneva MAN project. The term MAN is also sometimes used by corporate network engineers whose companies pour millions of dollars into linking business sites in a metropolitan area through interconnected WANs.
Networking terms such as LAN, WAN, or MAN refer primarily to the physical structure of the network-the type of cabling or telecommunications service involved, and the method used to attach devices to the network. On the other hand, terms like intranet (a private network that uses Internet technology such as HTTP) and extranet (two intranets connected via the Internet or a WAN), refer exclusively to how the network is used.
An internet (lowercase I) is a private network of networks-two or more LANs or WANs that can communicate with each other. The private internet is often confused with the public Internet and, therefore, is fading into obscurity as a term.
Finally, there is the Internet (uppercase I)-a public computer network that serves as the backbone of global electronic commerce and the information superhighway. This worldwide network of networks lets people communicate with anyone, anywhere, anytime, and about anything. The Internet can be considered the widest of Wide Area Networks. What distinguishes the Internet from other types of networks is that it's open to the entire world. Anyone can become part of the Internet.
The Virtual Private Network (VPN), an interesting emerging standard, enables a mobile user to access an intranet through any Internet access provider. Access is controlled, and often encrypted. VPNs with dedicated (versus dial-up) access link a company's sites together in a kind of "virtual WAN." With VPN technology, the global infrastructure of Internet access providers becomes a low-cost yet reliable data link to the office-like a secure, global extension cord.
VPN technology differs from conventional remote access to an intranet through a modem. Instead of placing a long-distance phone call to establish a dial-up network connection with the company intranet, mobile employees place a local call to the Point Of Presence (POP) of an Internet access provider. This can mean significant savings in long distance telephone charges.
As mentioned above, this article will discuss how to set up a LAN with dedicated Internet access. To communicate across the Internet, your LAN must be running the Transmission Control Protocol/Internet Protocol (TCP/IP) network protocol. TCP/IP was devised by the Department of Defense to create the network of networks that now has become the Internet. It was designed to reliably handle huge amounts of traffic. Its packet routing scheme and built-in failure recovery has made TCP/IP an excellent protocol for large-scale public data networks.
You don't need to know much about TCP/IP to use the Internet or to set up an Internet site. But a little knowledge of how it works will help you to diagnose and correct any problems you might encounter along the way.
TCP/IP is made up of two main protocols: IP and TCP. IP defines how packets are delivered on the network, including how to specify the address of the receiving machine. IP addresses are 32-bit numbers expressed in dotted quad notation for readability-for example, 207.92.75.100. The IP portion of TCP/IP gets the information to the right computer; the TCP portion keeps track of what is sent and implements contingencies when there are transmission errors. TCP assigns numbers to the data sequences dropped into an IP packet. The numbers tell the receiving computer the order in which the data should appear. If the numbering sequence is out of order or if segments are missing, TCP recognizes the problem and arranges for the necessary corrections.
The most common LAN architecture is Ethernet, since it is easy to configure and inexpensive. Ethernet LANs use what's called a "star configuration." Each computer on the network, represented by the points of a star, is connected to a central point.
There are three steps to setting up an Ethernet TCP/IP network: Install an Ethernet adapter in each computer that will be on the network, then configure each computer to use TCP/IP. Finally, use network cable to connect each computer to a network hub.
The Ethernet adapter lets a computer communicate with other computers on the network. Ethernet adapters are available as standard expansion cards or PCMCIA cards. Figure 1 shows how a PCMCIA network card is installed in a notebook computer. Notice the Thuringer Summer Sausage shown for scale next to the adapter. It's important to have a summer sausage handy to prevent hunger while working overtime to fix problems with your network.
Modern network adapters usually support Plug and Play. If your operating system also supports Plug and Play, as do Windows 95 and Windows NT, then after you install the network card and reboot your computer, the operating system will automatically install and configure device drivers for the card. If Plug and Play fails to configure drivers, or if your card does not support Plug and Play, then you will have to do it manually. Use the Network Control Panel applet to add an adapter entry for your network card to the computer's network configuration. Once the adapter and its device drivers are properly configured, proceed to step two.
Step two is to configure the TCP/IP network protocol for use by your computer. This is also done in the Network Control Panel applet. You add a new protocol by clicking on the Add button. Next, select TCP/IP as the protocol to install (see Figure 2). After you've installed TCP/IP, your Network Control Panel applet will look similar to Figure 3 if you're using Windows 95. Windows NT uses a slightly different Control Panel applet with additional tabs and a different layout.
Don't click the OK button just yet; you're not done configuring TCP/IP for use on your network. Click on the Properties button to access the TCP/IP Properties window shown in Figure 4. This is where you enter settings for the protocol, including the IP address of the computer and which Domain Name Service (DNS) servers the computer will use to convert human-readable domain names into
IP addresses.
The IP Address page in the Windows 95 Network Control Panel applet (shown in Figure 4) is important to fill out because every computer on the network must have a unique address. You'll need to enter an IP address manually unless your network contains a server that automatically assigns IP addresses for each computer. Your Internet access provider will normally assign your organization a block of IP addresses for use on your network's machines; each computer uses one of the addresses in your IP address block. Once you've established your dedicated Internet connection, this will enable all the computers on your LAN to communicate simultaneously with the Internet.
The piece of equipment that connects the computers on an Ethernet LAN is the network hub, which sits at the center of the star configuration and acts like a traffic cop for network data. Step three is to connect each of the computers to the hub. Hubs come in many different sizes, including 5, 8, 12, 16, or 24-port models. Some hubs can be linked together to make more ports available, in effect creating one big hub made up of smaller hubs.
Network cabling must connect the network adapter on each computer to the hub. The most common type of cabling used on Ethernet networks is called 10baseT or twisted-pair, which looks like the familiar cable connecting your telephone to the wall. The twisted-pair cable plugs into plastic connectors, called RJ45, at either end. Figure 5 shows a typical small workgroup hub with two of the five ports in use.
A more expensive type of cable, 10base2 or coaxial, is used to build token ring networks where there is no central point. As the name implies, token ring networks use a ring configuration. Other cabling options include fiber optics and wireless communications.
Now that you've established your LAN, the next step is to enable every computer on the LAN to communicate with the Internet simultaneously. For this you need a special type of Internet access provider. Standard dial-up personal Internet access only lets you connect a single computer to the Internet. Not every Internet access provider handles business customers, but one that does is Netcom's business service group (http://www.netcomi.com/ or 1-800-NETCOM1).
Now it is time to focus on the options available for getting your LAN connected to the Internet. The route you choose will affect the number of simultaneous visitors your site can support, and how well it's able to function as a communications backbone for other purposes. We will concentrate on the connection types, their advantages and disadvantages, and what you will need to connect your network to the Internet.
The first issue you must consider is bandwidth: how wide a pipeline do you need between your LAN and the Internet? If you underestimate the size of the connection you need, congestion will slow things down to a snail's pace; but if you overestimate, you can waste a significant amount of money. Don't worry too much; if you make the wrong decision-or if your needs change-you can always change the type of Internet connection that you use.
To determine your optimal bandwidth, think about how your Internet site will be used and how much Internet traffic it might generate. Will a large number of users be doing high- bandwidth tasks such as file transfer and conferencing? Or will users occasionally download average-size files and provide a consistent yet manageable flow of traffic to your Web site? Will your Internet site be a revenue source through online sales, or will it be just a business expense? Keep these considerations in mind as you learn more about the options available for connecting your network to the Internet.
There are three categories of technology when it comes to dedicated Internet connections: analog dial-up via a conventional modem, digital dial-up using an ISDN line, and dedicated circuit connections such as T1 lines.
A dedicated dial-up connection can be the least expensive option or it can cost as much as a T1 line, depending upon a number of factors. First of all, there is nothing except your conscience to keep you from using a residential phone line to maintain a dedicated dial-up connection to your Internet access provider through an analog modem. In many parts of the United States, the cost of a residential phone line is capped, and there are no further charges once you've reached the maximum. The total monthly cost for a dedicated dial-up connection under this circumstance is equal to your monthly charge for a residential phone line (as little as $11.25) plus the fee charged by your Internet access provider (typically $200 to $300 per month). Thus, the very least you can expect to pay for dedicated Internet access for a whole network of computers is around $211.25 per month for a dial-up analog modem connection.
The cost of a dedicated dial-up connection through a modem goes up considerably if you use a business phone line, which is billed at a higher rate and often by the minute for local calls. In addition to the minimum monthly charge for a business line (at least $15), you must pay the standard, per-minute rate for local business calls during the day, evening, and night/weekend rate categories into which the 1,440 minutes in a day are divided. The total cost per month for 1,440 minutes of local business calling per day is around $250. On top of this, you still have to pay the fee charged by your Internet access provider. The total comes to around $465 per month, more than twice the cost of the ethically challenged workaround of a dedicated residential phone line.
If your Internet access provider doesn't have a local POP, then the phone call will cost even more per minute. The cost for 1,440 minutes per day of usage to a city just outside of your local calling area is around $415 per month on a business line, making the total cost in this scenario around $630, three times that of the residential phone line strategy. With the upper limit of modem speed now reaching 56Kbps, even a dedicated connection over a business line is cheaper, however, than a fractional T1 line with one channel, which offers only slightly more speed at 64Kbps.
The monthly fee to your Internet access provider for a dedicated ISDN connection is $250 to $350 for a single B channel (64Kbps) and $350 to $600 for two B channels (128Kbps). The monthly fee charged by the telephone company for an ISDN line is about $25. In addition, standard ISDN includes per-minute telephone company usage fees that are very similar to the fees associated with a normal business telephone line, even if the ISDN service is for a residence. Also, each B channel is considered a separate phone line for billing purposes, so a 128Kbps dual B-channel connection costs twice as much per minute as a single B channel at 64Kbps connection. Therefore, a dedicated ISDN connection will cost from $525 to $625 per month for 64Kbps, and $625 to $775 per month for 128Kbps, assuming that your Internet access provider's POP is a local call.
In many places in the United States, you can buy ISDN service that does not include per-minute usage fees if you limit your calls to a certain area. Internet access providers sometimes bundle this sort of ISDN service into complete Internet solutions and give it their own name, while the phone company calls it something else.
A flat monthly rate of around $30 gives you unlimited calling within your specified region. If you purchase an ISDN service package from an Internet access provider, the phone company charge is included in the access provider's fee.
Otherwise, you will have to pay the telephone company's standard ISDN service charge in addition to your Internet access provider's $30 monthly fee. In summary, the total
cost for an ISDN Internet connection ranges from $300 to $700 per month, depending on whether you use one or
two B channels. This works out to about half a penny per bit-slightly less per bit than a residential line and a 28.8Kbps modem.
The most important factor to consider when choosing dial-up access is per-minute cost for usage. Whether you
use analog or digital dial-up, you must research the per-minute fees and calculate the projected expense in order to have an accurate idea of the true cost. It's easy to do once you locate the per-minute usage fee table for the class of service you're considering. Just remember that there are 1,440
minutes in a 24-hour day. The day is generally divided up into three rate categories: day, evening, and night/weekend.
Calculate the total expense associated with full-time use
during the three rate categories and you'll know the approximate price per day if you maintain a dedicated dial-up
connection. Don't forget to count the two B channels of 128Kbps ISDN as two separate phone calls.
A dedicated 28.8 modem connection can easily support several thousand hits to a Web site per day, and as many as eight simultaneous connections to your Web server. A small workgroup of
three to six people can use the Internet periodically over a dedicated 28.8 Kbps
connection and only occasionally
experience serious delays caused by interference with each other. This is possible thanks to the IP packet routing
scheme.
Dedicated circuit network connections offer the lowest cost per bit, but require a more substantial financial investment. A dedicated circuit network connection is easy to establish once you fork over the thousands of dollars required for set up to your local telecommunications provider and your Internet access provider. Even a modest dedicated connection like a full T1 line will bring with it one-time set up fees of several thousand dollars.
Monthly service fees are also amazingly high for fast network connections, but prices vary radically. If your company needs a fast, dedicated Internet connection, you should seriously consider relocating your office to an area where you can choose among Internet access providers and use existing telecommunications equipment.
The technology for the most common dedicated circuit network connection, a T1 (also known as a DS1) is simple. Four conventional copper wires are used for the T1 connection. On either end of the wire are high-capacity data repeaters. Connected to the repeater at your end is a Data Service Unit/Channel Service Unit (DSU/CSU) that is able to relay your network traffic to and from the repeater. Connected to the repeater at the other end (your Internet access
provider's POP) might also be a DSU/CSU. If not, there will be some other data relay hardware that serves the same purpose. Figures 6 and 7 show the basic setup at your end of a T1 line. In Figure 6, the DSU/CSU and the repeater are connected together with the repeater on top.
Figure 7 shows the cable connections between the repeater and the DSU/CSU. In the upper left-hand corner of the photograph you can see the four-wire DS1 line entering the repeater. A flat, 8-wire cable with an RJ45 connector is plugged in to the back of the repeater. From there, the flat cable plugs into a DB15 port on the right-hand side of the DSU/CSU. A 9-pin serial cable occupies the middle position and leads to a VT100-based terminal (not shown). The largest connector, to the left of the serial cable, is connected to a network router (the box right below the DSU/CSU-you can just see its air vents on the right-hand side of the figure).
Any network protocol can be used for communication provided that your equipment is able to route network traffic through the DSU/CSU. There is no inherent requirement for IP, although it is the most popular routable network protocol today. The concepts and techniques of network routing are very important to the construction of a dedicated Internet connection. We'll address these issues later and show how to turn your Windows NT computer into a dedicated dial-up IP router for your network.
In order to connect two TCP/IP networks, you need some sort of IP router. A router is a piece of network equipment that directs packet flow between networks. Adding a router to the TCP/IP LAN that you built is very simple. First, determine what sort of Internet connection you're going to use to link your network to the Internet. Your router needs different capabilities for a dial-up connection than it does for a dedicated circuit. If you connect your network to the Internet through a T1 or other dedicated circuit, then the router fits into the picture as shown in Figure 7.
You can also use a Windows NT computer as an IP
router, rather than buying an additional hardware router. Using Windows NT, or another network-enabled operating system as a packet router is known as "software routing," because the routing is handled by a software process running on the computer rather than by hardware. For slower dial-up connections, software routing with Windows NT is acceptable, but faster dedicated links should use a dedicated hardware router.
Whether hardware or
software, every router has a
set of instructions that it uses to figure out where to route
IP packets. The routing instructions are referred to as
a routing table. A routing table can be configured manually and remain static or it can
be configured dynamically through a special routing
protocol like Routing Information Protocol (RIP) or Open Shortest Path First (OSPF).
When an IP packet arrives at a router, the router compares the destination IP address in the packet to entries in its routing table. Routing table entries contain three key elements: the destination address or network, the subnet mask to use for the comparison, and the communication device to which packets should be sent if they match the routing entry. Figure 8 shows a simplified routing table that might exist in a router acting as an Internet-to-LAN gateway.
The router uses the default route destination for any IP address for which there is no matching entry in the routing table. According to the routing table in Figure 8, if an IP packet's destination address does not begin with 207.92.75, then, by default, the router routes it to device /dev/du0. If the IP address begins with 207.92.75, then the IP packet is routed to device /dev/le0.
The subnet mask tells the router how it should compare the packet's destination IP address with entries in the Destination Network Address column. If it weren't for the subnet mask, every single computer on the network would require an individual entry in the routing table. With a subnet mask of 255.255.255.0 entered for the Destination Network Address 207.92.75.0, the router knows that any computer whose IP address begins with 207.92.75 is part of the same network. The subnet mask allows for wildcard entries in routing tables, among other things.
Wildcard entries in routing tables are a really bad idea, however, because they waste IP addresses. In order for a subnet mask to work properly, every computer in a particular network must be assigned an IP address within a certain range. A whole range of IP addresses can then be associated with a particular route because they're all grouped together physically and can all be reached via a single communications link. This keeps the central routing tables for the entire Internet small and manageable.
An unused address in the block continues to be unused until a computer is added to the network that is using the address block. By some estimates, as few as 3 percent of all
IP addresses are actually in use by computers somewhere around the world. The rest are reserved and unused due
to wildcard routing table entries and subnet masks. To solve this problem, a new standard called Classless Inter-Domain Routing (CIDR) has been introduced and is beginning to grow in usage.
Only network routers that do not use CIDR need to worry about subnet masks. Hosts on the network usually have a place to enter a subnet mask, but unless the computer is tasked with the job of routing packets, the subnet mask is completely ignored. There is one important routing setting for every host on the network, however, that you must set up properly for each computer on your LAN: the default
gateway. The default gateway tells a host where to send packets destined for remote networks so they can be routed to their destination.
A dedicated dial-up Internet connection can be established for an entire network using only a Windows NT computer acting as software IP router. There are four tricky steps to configuring Windows NT computer to function in this capacity:
1. Enable IP forwarding in the Routing tab of the Microsoft TCP/IP Properties window in the Network Control Panel applet.
2. Clear the Default Gateway field in the IP Address tab of the Microsoft TCP/IP Properties window in the Network Control Panel applet.
3. Update the system Registry, adding the DisableOtherSrcPackets entry with a DWORD value of zero (as shown in Figure 9) to the following registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
RasArp\Parameters
4. Update the system Registry, adding the PriorityBasedOnSubNetwork entry with a DWORD value of one (as shown in Figure 10) to the following location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
RasMan\PPP\IPCP
Now your Windows NT computer is prepared to route IP packets to and from the Internet for other computers on your LAN. All that you need is a dedicated dial-up, PPP-based Internet access service for your network. Standard dial-up networking is all that you need to establish a PPP link with your access provider. Figure 11 shows the Server tab in the Edit Phonebook Entry dialog box for dial-up networking. Select PPP from the Dial-up server type list box and then click on the TCP/IP Settings button.
In the PPP TCP/IP Settings dialog box, shown in Figure 12, check the Use default gateway on remote network check box. After connecting to your Internet access provider, dial-up networking in Windows NT automatically adjusts the software routing table. In order for it to adjust the table with the correct default gateway for sending IP packets to the Internet, this box must be checked.
Remember to leave blank the default gateway field in the TCP/IP configuration for the Windows NT machine itself. If you don't, there will be two default gateway entries in the routing table
after connecting to the Internet, and this can cause problems. Figure 13 shows the routing tables on a Windows NT computer that is configured to function as a software router for
network 207.92.75. You can examine the routing tables of your Windows NT computer with the command NETSTAT -RN.
You can make changes to your Windows NT routing tables with the ROUTE command. Type ROUTE at a command prompt to receive instructions on using the command to add, change, or delete routing table entries. Remember to configure each of the computers on your LAN to use the Windows NT computer as its default gateway.
A dedicated dial-up modem connection is an interesting alternative for the Internet site developer who needs a low-cost platform, but every now and then the connection will be broken for one reason or another. You can configure Windows NT dial-up networking to automatically redial if and when the connection is interrupted.
The myriad of choices facing the Internet site developer can be a real challenge. With protocol issues, hardware requirements, software needs, and communications options changing all the time, today's Internet site developer must have a sprinkling of knowledge in many areas to make informed decisions. Networking terminology has evolved a lot recently, and the flurry of new terms can be
confusing. What with LANs, WANs, VANs, MANs, VPNs,
intra-, extra-, inter- (lowercase I), and Inter- (uppercase I) nets all part of current networking jargon, even vendors can get confused.
In this article, we introduced the topics an Internet site developer must understand to establish a functional and economical connection to the Internet. Beginning with an introduction to TCP/IP and networking, we showed the basics of building an Ethernet TCP/IP network and preparing the network for connection to the Internet. From that point, we discussed the various connection methods available for linking a network to the Internet. We detailed the advantages and disadvantages of dedicated analog dial-up, dedicated digital dial-up, and dedicated circuit connections, and described the required equipment and approximate cost of each option. Finally, we gave instructions on how to set up a dedicated Internet connection for your TCP/IP network, regardless of the connection method. The next article in this series will show you how to provide network and business services through your Internet site.