Define the features of TCP/IP and their functionality
To design an effective TCP/IP solution, you must understand the features of TCP/IP and how these features solve the connectivity requirements of your organization.
The following MouseOver describes the seven crucial features that you must remember while making design decisions.
Security: TCP/IP allows enhanced data and connection security by supporting a number of IETF-proposed standards for data encryption, authentication, and filtering.
The Windows 2000 implementation of TCP/IP supports Internet Protocol Security (IPSec) and TCP/IP filtering for packet-level authentication and data encryption, as well as for filtering data.
IPSec is new in Windows 2000 and provides end-to-end data authentication and encryption, which has never before been available in Windows network operating systems.
Bandwidth Management: Time-sensitive IP traffic streams such as streaming multimedia require connection protocols that provide bandwidth reservation within a network.
TCP/IP supports bandwidth reservation by using Quality of Service (QoS) mechanisms, which allow IP traffic to be prioritized. QoS is especially important when an organization requires
"real-time" delivery of TCP/IP packets, as would be required with various IP Telephony applications
Automatic Private IP Addressing: Automatic Private IP Addressing (APIPA) automates TCP/IP address configuration for hosts on a single-subnet network that has no DHCP server.
APIPA eliminates IP address configuration for simple networks not connected to the Internet. The IP addresses for APIPA are allocated from 169.254.0.0/16, which is reserved by the Internet Assigned Numbers Authority
(IANA) and represents a private network address class.
ICMP Router Discovery: Windows 2000-based computers running RRAS support Internet Control Message Protocol (ICMP) router discovery (RFC 1256).
This allows a host to discover the router automatically, although a default gateway is not configured for the host. ICMP router discovery is disabled by default on TCP/IP for Windows 2000 hosts, and is managed by using DHCP.
Disabling NetBIOS over TCP/IP: Windows 2000 allows you to disable network basic input/output system (NetBIOS) over TCP/IP (NetBT) for
computers that use only DNS name registration and resolution. These computers can browse resources only on those computers that:
Have NetBT disabled.
Use Client for Microsoft Networks, and File and Print Sharing for Microsoft Networks components.
The ability to disable the NetBIOS interface, which is part of the TCP/IP protocol stack is a new feature available only with Windows 2000.
Large TCP Windows: When there are many active TCP connection endpoints (sockets) on a system, such as a popular Web or file server, then a large TCP window size will lead to high consumption of system (kernel) memory. This can have a number of negative consequences.
The system may run out of buffer space so that no new connections can be opened, or the high occupation of kernel memory (which typically must reside in actual RAM and cannot be "paged out" to disk) can "starve" other processes of access to fast memory (cache and RAM)
TCP Selective Acknowledgement:TCP selective acknowledgment is used only when multiple packets are dropped within one TCP window. There is no performance impact when the feature is enabled but not used. Use the ip tcp selective-ack command in global configuration mode to enable TCP selective acknowledgment.
The Internet Control Message Protocol (ICMP) is one of the main protocols of the internet protocol suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is assigned protocol number 1. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications
(with the exception of some diagnostic tools like ping and traceroute). NetBT is typically disabled only on those computers that you place in specialized roles in your network, such as edge Proxy Servers or bastion hosts
in a firewall environment, where NetBT support is not required or desired.
The next lesson provides an overview of designing a TCP/IP solution.