Escolar Documentos
Profissional Documentos
Cultura Documentos
2. Exchange server needs internal DNS or AD DNS to locate Global Catalog servers.
3. Active Directory Integrated Zone. If you have more than one domain controller
(recommended) you need not worry about zone replication. Active Directory replication
will take care of DNS zone replication also.
4. If your network use DHCP with Active Directory then no other DHCP will be able to
service client requests coming from different network. It is because DHCP server is
authorized in AD and will be the only server to participate on network to provide IP
Address information to client machines.
5. Moreover, you can use NT4 DNS with Service Pack 4 or later. It supports both SRV
record registration and Dynamic Updates.
Microsoft NLB is designed for a small number (4 - 6) of Windows Servers and a low to
moderate number of new connections per second, to provide distribution of web server
requests to multiple servers in a virtual resource pool. Some would call this a "cluster",
but there are suttle differences between a clustered group of devices and a more loosely
configured virtual pool. From the standpoint of scalability and performance, almost all
hardware load balancing solutions are superior to this and other less known software load
balancing solutions [e.g. Bright Tiger circa 1998].
DNS Round Robin is an inherent load balancing method built into DNS. When you
resolve an IP address that has more than one A record, DNS hands out different
resolutions to different requesting local DNS servers. Although there are several factors
effecting the exact resulting algorithm (e.g. DNS caching, TTL, multiple DNS servers
[authoritative or cached]), I stress the term "roughly" when I say it roughly results in an
even distribution of resolutions to each of the addresses specified for a particular URL. It
does not however, consider availability, performance, or any other metric and is
completely static. The basic RR algorithm is available in many software and hardware
load balancing solutions and simply hands the next request to the next resource and starts
back at the first resource when it hits the last one.
NLB is based on proprietary software, meant for small groups of Windows servers only
on private networks, and is dynamic in nature (takes into account availability of a server,
and in some cases performance). "Round Robin", DNS or otherwise, is more generic,
static in nature (does not take into account anything but the resource is a member of the
resource pool and each member is equal), and ranges from DNS to the default static load
balancing method on every hardware device in the market.
How do you clear DNS cache?
Answer To clear DNS Cache do the following:
1. Start 2. Run
5.a If done correctly it should say "Successfully flushed the DNS Resolver Cache."
5.b If you receive an error "Could not flush the DNS Resolver Cache: Function failed
during execution.", follow the Microsoft KB Article 919746 to enable the cache. The
cache will be empty however this will allow successful cache-flush in future.
WINS server group address. Used to support autodiscovery and dynamic configuration of
replication for WINS servers. For more information, see WINS replication overview
by following the below link
http://technet2.microsoft.com/WindowsServer/en/library/c0addcc8-27ba-4250-8b6b-
7b3465ab29731033.mspx
Re: What is WINS server? where we use WINS server? difference between
DNS and WINS?
Answer WINS is windows internet name service who
# 1 is use for
resolved the NetBIOS(computer name)name to
IP address.This
is proprietary for Windows.You can use in
LAN.
DNS is a Domain Naming System, which
resolves Host names to
IP addresses. It uses fully qualified
domain names. DNS is
an Internet standard used to resolve host
names.
Differences between WINS push and pull
replications?
To replicate database entries between a pair of WINS servers, you must configure each
WINS server as a pull partner, a push partner, or both with the other WINS server.
• A push partner is a WINS server that sends a message to its pull partners,
notifying them that it has new WINS database entries. When a WINS server's pull
partner responds to the message with a replication request, the WINS server sends
(pushes) copies of its new WINS database entries (also known as replicas) to the
requesting pull partner.
• A pull partner is a WINS server that pulls WINS database entries from its push
partners by requesting any new WINS database entries that the push partners
have. The pull partner requests the new WINS database entries that have a higher
version number than the last entry the pull partner received during the most recent
replication
Tombstoning marks the selected records as tombstoned, that is, marked locally as extinct
and immediately released from active use by the local WINS server. This method allows
the tombstoned records to remain present in the server database for purposes of
subsequent replication of these records to other servers. When the tombstoned records are
replicated, the tombstone status is updated and applied by other WINS servers that store
replicated copies of these records. Each replicating WINS server then updates and
tombstones
Name the netbios names you might expect
from a windows 2003 dc that is
registered in wins?
Name the NetBIOS names you might expect from a Windows 2003 DC that is registered
in WINS.
Routing protocol
From Wikipedia, the free encyclopedia
Jump to: navigation, search
A routing protocol is a protocol that specifies how routers communicate with each other,
disseminating information that enables them to select routes between any two nodes on a
computer network, the choice of the route being done by routing algorithms. Each router
has a prior knowledge only of networks attached to it directly. A routing protocol shares
this information first among immediate neighbors, and then throughout the network. This
way, routers gain knowledge of the topology of the network. For a discussion of the
concepts behind routing protocols, see: Routing.
The term routing protocol may refer specifically to one operating at layer three of the
OSI model, which similarly disseminates topology information between routers.
Many routing protocols used in the public Internet are defined in documents called RFCs.
[1][2][3][4]
Although there are many types of routing protocols, two major classes are in widespread
use in the Internet: link-state routing protocols, such as OSPF and IS-IS; and path vector
or distance vector protocols, such as BGP, RIP and EIGRP.
• the manner in which they either prevent routing loops from forming or break them
up if they do
• the manner in which they select preferred routes, using information about hop
costs
• the time they take to converge
• how well they scale up
• many other factors
In some cases, routing protocols can themselves run over routed protocols: for example,
BGP runs over TCP which runs over IP; care is taken in the implementation of such
systems not to create a circular dependency between the routing and routed protocols.
That a routing protocol runs over particular transport mechanism does not mean that the
routing protocol is of layer (N+1) if the transport mechanism is of layer (N). Routing
protocols, according to the OSI Routing framework, are layer management protocols for
the network layer, regardless of their transport mechanism:
[edit] Examples
[edit] Interior routing protocols
Interior Gateway Protocols (IGPs) exchange routing information within a single routing
domain. A given autonomous system [5] can contain multiple routing domains, or a set of
routing domains can be coordinated without being an Internet-participating autonomous
system. Common examples include:fh
Note that IGRP, a Cisco proprietary routing protocol, is no longer supported. EIGRP
accepts IGRP configuration commands, but the internals of IGRP and EIGRP are
completely different.
4 comment(s)
• Email
• Share
o Digg
o Yahoo! Buzz
o Twitter
o Facebook
o Google
o del.icio.us
o StumbleUpon
o Reddit
o Newsvine
o Technorati
o LinkedIn
• Save
• Print
• Recommend
• 7
Takeaway: When you connect your network to the Internet, you don't want every
machine to interface directly with it. Instead, you can use RRAS to allow your server to
act as a barrier. Microsoft has updated RRAS in Windows Server 2003. Here's what
you'll face.
Like its predecessors, Windows Server 2003 provides the ability to act as a router on your
network and to provide remote access services to users outside your network. Routing
And Remote Access (RRAS) in Windows Server 2003 provides VPN, routing, NAT,
dialup and basic firewall services. Here's how to use and configure these services.
Getting started
To get started, open up the Routing And Remote Access configuration utility at Start |
Administrative Tools | Routing And Remote Access. Initially, RRAS is not enabled on
the server. To enable it, right-click the server on which you wish to enable the services
and choose Configure And Enable Routing And Remote Access. In Figure A below, you
can see that I am enabling the service on the server named RAS.
Figure A
The initial RRAS configuration starts a wizard that walks you through the steps that need
to be taken to enable the services that you would like to offer. For the first example, I will
enable VPN and NAT services on this server as shown below in Figure B.
Figure B
Choose the services you wish to support.
When configuring VPN services under Windows Server 2003, you generally need to
have two network interfaces if you also want the remote users to be able to use other
services on the network. If you want them to use just the services on the VPN server, a
single interface will do. In either case, you need to select the interface which faces the
Internet. In Figure C, the adapter with address 192.168.229.128 acts in this capacity
while 192.168.1.103 is the LAN side of the server.
Figure C
Select the adapter that faces the Internet.
If you do decide to use Windows Server 2003’s VPN services, I still recommend the use
of a hardware firewall between the Internet and your VPN server. Windows has too many
holes to be allowed a direct connection to the Internet.
I prefer to provide RRAS with a range of addresses rather than use DHCP. By providing
a range, I always know exactly which IP addresses are being used by remote users.
If you select the option to provide RRAS with a range of addresses, they are defined on
the next step of the wizard, shown in Figure D. For this example, I have assigned
192.168.1.200 to 192.168.1.224. Remember to assign addresses from the right network.
I’m not using the 192.168.229 network because that one faces the Internet, while
192.168.1 faces my network, which has the resources that remote users need.
Figure D
Provide a range of addresses for remote clients to use.
If you are using RADIUS to authenticate users for other services, you can include RRAS
in the mix if you like. This is especially useful in larger networks as RRAS will simply
forward authentication requests to the RADIUS server. For this example, I will not use
RADIUS, as shown in Figure E.
Figure E
Do you want to use RADIUS for authentication?
That’s all there is initially to configuring VPN and NAT services. While there were no
NAT specific configuration options during the wizard, NAT was enabled and configured
based on responses to other questions. For example, the NAT interface was designated as
network interface facing the Internet and the private interface was designated as the LAN
interface.
NAT
Even though NAT was configured during the wizard, there will come a time when you
want to modify its configuration. To view NAT parameters and statistics, from the RRAS
console, choose Your Server | IP Routing | NAT/Basic Firewall, as shown in Figure F.
Figure F
NAT/Basic firewall parameters
To configure the NAT services, right-click an interface and choose Properties. This will
display the External Network Properties screen shown in Figure G. Since it’s responsible
for the most NAT functions, the external adapter has more options related to the service.
Figure G
NAT properties for the external network interface
The NAT/Basic Firewall tab provides a place for you to configure the details directly
relating to the service. If you don’t want to do NAT, you can uncheck the box marked
Enable NAT on this device and vice versa. You can also choose to enable a basic firewall
on the interface. If your server is directly connected to the Internet, I can’t stress enough
the importance of enabling the firewalling feature as well as defining appropriate inbound
filters.
You can configure both inbound and outbound filters by clicking the associated button at
the bottom of the window. You can define filters based on the traffic destination or
source, by the source or destination ports, or by ICMP type.
The Address Pool tab, shown in Figure H, requires that you enter the ranges of IP
addresses assigned by your ISP and available for use on the external interface for NAT
applications. Once you have this information in place, you can reserve addresses for
specific internal machines by clicking the Reservations button and providing the IP
address of the internal machine and the NAT IP address you would like it to use.
Additionally, you can allow incoming connections to this machine by selecting the Allow
incoming connections to this machine box (not shown).
Figure H
On the Services And Ports tab, seen in Figure I, you can configure the services on your
network to which you would like to provide access. Since I have a VPN server on this
system, some options such as L2TP, PPTP, IKE and IKE NAT Traversal are already
enabled. (IKE NAT Traversal, you say? Yes - under Windows Server 2003 with the
appropriate client on the remote machine, you can use IPSec when using NAT). If you
run other services on your network to which you would like to provide access to Internet
users, select it from the list.
Figure I
The Services And Ports tab
Finally, the ICMP tab, Figure J, provides a place where you can allow specific ICMP
services such as PING to traverse the router. Since ICMP can be used for nefarious
purposes as well as to provide troubleshooting information, be careful what you enable.
Figure J
The ICMP interface
Routing
Routing is a basic component to both providing VPN services and NAT services under
RRAS on Windows Server 2003. These services configure the router in order to best
provide their individual services. However, you can use your server to provide more
granular routing services as well. Specifically, Windows Server 2003 supports the RIP2
(Routing Information Protocol version 2) and OSPF (Open Shortest Path First) routing
protocols. Of course, static routing capability is also provided.
To add RIP2 or OSPF to your RRAS server, right-click General under Your Server | IP
Routing. From the shortcut menu, choose New Routing Protocol. A list of the currently
unused routing protocols will be presented. Select the one you wish to enable and click
OK. Once enabled, an option for configuring that protocol will appear under the IP
Routing option in the RRAS console.
Figure K
To perform further operations on an adapter, right-click the adapter and choose Properties
from the shortcut menu. As you can see below in Figure L, there are a number of things
that can be configured including filters, whether or not TCP/IP is enabled on this
interface, router discovery advertisements, and more.
Figure L
General interface configuration
RIP2
RIP2 is a distance-vector-based routing protocol which means basically that it directs
traffic based on the number of router hops that have to be taken to reach a destination. It’s
an excellent choice for small- to medium-sized networks where static routes have become
unwieldy. To see which interfaces on which RIP is enabled, select the RIP option under
IP Routing, which will show the screen in Figure M. See above if you have not yet
enabled RIP.
Figure M
RIP-enabled interfaces
To configure RIP parameters, right-click an interface and choose Properties. The first tab
is the General tab, shown in Figure N, which is where you can define general
information about how RIP will operate on your server. On this tab, Operation Mode
refers to how RIP will update its tables. The two choices are Auto-static Mode and
Periodic Update Mode, which is the default. Auto-static Mode means that an update will
be triggered when another router requests an update while Periodic Update Mode means
that the routing table will be updated at a defined interval (defined on the Advanced tab).
Figure N
The RIP General tab
The General tab also provides a place for you to define the incoming and outgoing
protocol. For outgoing packets, you can choose RIP1 broadcast, RIP2 broadcast, RIP2
multicast or silent RIP. In silent mode, the system only listens for new RIP
announcements but does not make any itself. If your network uses consistent network
masks throughout, you can use RIP1, but I don’t recommend it unless you have devices
that can only use RIP1. You can also specify the route cost for this interface as well as a
tag number for the routes on this interface. Finally, a password can be specified to be
used for RIP2 updates as a means of identification.
As with everything, security is a concern with network routing. You don’t want bad
routes propagating across your network and interrupting communications. Fortunately,
the WS2K3 RIP service allows you to provide lists of incoming and/or outgoing route
updates that should be ignored. This is accomplished on the Security tab, shown in
Figure O.
Figure O
The RIP Security tab
The Neighbors tab, Figure P, lets you specify how the RIP service should interact with
its neighbors. On this tab, you can configure RIP to only broadcast its routes, to broadcast
its routes in addition to notifying each neighbor, or to just notify neighbors.
Figure P
The RIP Neighbors tab
Finally, the RIP Advanced tab, Figure Q, provides a place to configure more advanced
parameters such as the update interval, route expiration time, whether split-horizon
and/or poison reverse is enabled and much more. Split horizon and poison reverse are
useful in preventing routing loops.
Figure Q
The RIP Advanced tab
OSPF
Like RIP, OSPF is a routing protocol but that is where the similarities end. While RIP is
distance-vector-based (loosely, “hop count”) protocol, OSPF is a link state protocol
meaning that OSPF routers exchange information about the current state of their network
connections when making routing determinations. While more complex than distance
vector protocols, using link state protocols can result in more efficient network traffic
flow as each router always has a map of the network and its current state.
To enable OSPF, you need to define which interface(s) it will act on. To do this, right-
click OSPF and choose New Interface from the shortcut menu. As an example, I’ll enable
OSPF on my internal network.
The General tab for the OSPF properties for the interface defines whether or not OSPF is
enabled, its Area ID, priority, cost and password as well as the network types. Since I’m
using Ethernet, OSPF assumes a broadcast-based environment, as you can see in Figure
R.
Figure R
OSPF is enabled on the internal interface
The NBMA neighbors tab, Figure S, is only used by X.25, ATM, and Frame Relay
networks. This allows you to manually specify neighbors in these types of networks.
Figure S
OSPF NBMA Neighbors tab
The OSPF Advanced tab, Figure T, allows you to customize OSPF operation to your
network by configuring options such as the MTU, Hello Interval, and Transmit Delay.
Figure T
OSPF Advanced tab
Static Routes
The old standby and most people’s introduction to IP routing, static routes are also
available in RRAS. Static routes allow you to manually define routes for this server
rather than using a routing protocol such as RIP or OSPF. Static routing is generally used
on small, static networks.
To create a new static route, right-click Static Routes under IP Routing and select New
Static Route from the shortcut menu. To define a static route, you need the destination
network’s address (the network address for a network route or the host address for a host
route), the network mask for the destination, and the IP address of the gateway used to
get to this network. Figure U below shows a route from my RAS server to the network
172.16.1.0.
Figure U
A list of the static routes on the server
To see the current routing table, right-click Static Routes and choose Show IP Routing
Table. Figure V shows the routing table from the RAS server I have been using in these
examples.
Figure V
That's it!
Remote VPN access, NAT, and IP routing are all integral parts of RRAS available in
Windows Server 2003. While I don’t recommend a Windows server being directly
exposed to the Internet, these services can still be safely used on the internal network to
provide network connectivity and access to services that your users need.
What is NAT?
Answer
In computer networking, the process of network address translation (NAT, also known as
network masquerading or IP-masquerading) involves re-writing the source and/or
destination addresses of IP packets as they pass through a router or firewall. Most
systems using NAT do so in order to enable multiple hosts on a private network to access
the Internet using a single public IP address. According to specifications, routers should
not act in this way, but many network administrators find NAT a convenient technique
and use it widely. Nonetheless, NAT can introduce complications in communication
between hosts.
Prerequisites
To configure the Routing and Remote Access and the Network Address Translation components,
your computer must have at least two network interfaces: one connected to the Internet and the
other one connected to the internal network. You must also configure the network translation
If you use dial-up devices such as a modem or an Integrated Services Digital Network (ISDN)
adapter to connect to the Internet, install your dial-up device before you configure Routing and
Remote Access.
Use the following data to configure the TCP/IP address of the network adapter that connects to the
internal network:
TCP/IP address: 192.168.0.1
Subnet mask: 255.255.255.0
No default gateway
Domain Name System (DNS) server: provided by your Internet service
provider (ISP)
Windows Internet Name Service (WINS) server: provided by your ISP
Use the following data to configure the TCP/IP address of the network adapter that connects to the
external network:
TCP/IP address: provided by your ISP
subnet mask: provided by your ISP
default gateway: provided by your ISP
DNS server: provided by your ISP
WINS server: provided by your ISP
Before you continue, verify that all your network cards or all your dial-up adapters are functioning
correctly.
1. Click Start, point to All Programs, point to Administrative Tools, and then click
2. Right-click your server, and then click Configure and Enable Routing and Remote
Access.
3. In the Routing and Remote Access Setup Wizard, click Next, click Network address
4. Click Use this public interface to connect to the Internet, and then click the network
adapter that is connected to the Internet. At this stage you have the option to reduce the
risk of unauthorized access to your network. To do so, click to select the Enable security
5. Examine the selected options in the Summary box, and then click Finish.
You can configure your Network Address Translation computer to act as a Dynamic Host
Configuration Protocol (DHCP) server for computers on your internal network. To do so, follow these
steps:
1. Click Start, point to All Programs, point to Administrative Tools, and then click
4. In the NAT/Basic Firewall Properties dialog box, click the Address Assignment tab.
5. Click to select the Automatically assign IP addresses by using the DHCP allocator
check box. Notice that default private network 192.168.0.0 with the subnet mask of
255.255.0.0 is automatically added in the IP address and the Mask boxes. You can keep
the default values, or you can modify these values to suit your network.
6. If your internal network requires static IP assignment for some computers -- such as for
domain controllers or for DNS servers -- exclude those IP addresses from the DHCP pool.
a. Click Exclude.
b. In the Exclude Reserved Addresses dialog box, click Add, type the IP address,
d. Click OK.
1. Click Start, point to All Programs, point to Administrative Tools, and then click
3. In the NAT/Basic Firewall Properties dialog box, click the Name Resolution tab.
4. Click to select the Clients using Domain Name System (DNS) check box. If you use a
demand-dial interface to connect to an external DNS server, click to select the Connect to
the public network when a name needs to be resolved check box, and then click the
Você pode usar o Windows Server 2003 implementação de IPSec para compensar a
limitada proteção fornecida pelas aplicações para o tráfego de rede, ou como uma rede da
camada de fundação de uma defesa em profundidade estratégia. Não utilizar o IPSec
como um substituto para o outro usuário e aplicação controlos de segurança, porque pode
não proteger contra os ataques de dentro da estabilidade e de confiança comunicação
caminhos. Sua estratégia autenticação devem ser bem definidas e implementadas para o
potencial de segurança fornecido pelo IPSec para ser realizado, porque autenticação
verifica a identidade ea confiança do computador na outra extremidade da ligação.
Advantages
• Allows you to be at home and access your company's computers in the same way
as if you were sitting at work.
• Almost impossible for someone to tap or interfer with data in the VPN tunnel.
• If you have VPN client software on a laptop, you can connect to your company
from anywhere in the world.
Disadvantages
• Setup is more complicated than less secure methods. VPN works across different
manufacturers' equipment, but connecting to a non-NETGEAR product will add
to difficulty, since there may not documentation specific to your situation.
• The company whose network you connect to may require you to follow the
company's own policies on your home computers ( ! )
VPN goes between a computer and a network (client-to-server), or a LAN and a network
using two routers (server-to-server). Each end of the connection is an VPN "endpoint",
the connection between them is a "VPN tunnel". When one end is a client, it means that
computer is running VPN client software such as NETGEAR's ProSafe VPN Client. The
two types of VPN:
All NETGEAR routers support "VPN Passthrough", but "passthrough" simply means the
router does not stop VPN traffic — you still need two endpoints.
The whole purpose of VPN is to prevent data being altered, so, for example, a
passthrough router that is also running NAT will break the VPN connection.
NETGEAR Support will configure one VPN tunnel between two pieces of NETGEAR
equipment to demonstrate that the equipment and VPN work. For other information:
Re: What types of VPN does Windows 2000 and beyond work with natively?
Answer L2TP (layer 2 tunneling protocol )
#1
vpn server is also know as L2TP server in native mode &
in
PPTP in mixed mode
WHAT IS IAS
The IAS machine was the first electronic digital computer built by the Institute for
Advanced Study (IAS), Princeton, NJ, USA. The paper describing the design of the IAS
machine was edited by John von Neumann, (see Von Neumann architecture), a
mathematics professor at both Princeton University and the Institute for Advanced Study.
The computer was built from 1942 until 1951 under his direction. The IAS was in limited
operation in the summer of 1951 and fully operational on June 10, 1952.[1]
The machine was a binary computer with a 40 bit word, storing two 20 bit instructions in
each word. The memory was 1024 words (5.1 kilobytes). Negative numbers were
represented in "two's complement" format. It had two registers: the Accumulator (AC)
and Multiplier/Quotient (MQ).
Although some claim the IAS machine was the first design to mix programs and data in a
single memory, that had been implemented four years earlier by the 1948 Manchester
Small Scale Experimental Machine.[2]
Von Neumann showed how the combination of instructions and data in one memory
could be used to implement loops, by modifying branch instructions when a loop was
completed, for example. The resultant demand that instructions and data be placed on the
memory later came to be known as the Von Neumann Bottleneck.
While the original design called for using a type of vacuum tubes called RCA Selectron
tubes for the memory, problems with the development of these complex tubes forced the
switch to Williams tubes. Nevertheless, it used about 2300 tubes in its circuitry. The
addition time was 62 microseconds and the multiplication time was 713 microseconds. It
was an asynchronous machine, meaning that there was no central clock regulating the
timing of the instructions. One instruction started executing when the previous one
finished.