Chapter 5, Multiprotocol Routing Designs

|1| Chapter 5 Overview

A. Designs That Include Multiprotocol Routers

1. Describe the requirements and constraints to create an IPX or AppleTalk routing design.

2. Explain the role of IPX or AppleTalk in the Windows 2000 architecture.

1. Evaluate scenarios to determine when IPX or AppleTalk is appropriate.

2. Determine the appropriate Windows 2000 IPX or AppleTalk routing capabilities for your design.

B. IPX Routing Design Concepts

1. Determine the correct router placement and use in an IPX routing design.

2. Assign the appropriate internal IPX network number and frame type for each router interface.

1. Identify the correct method for maintaining IPX router information.

2. Select the correct method for protecting IPX traffic.

3. Optimize IPX routing availability and performance.

C. AppleTalk Routing Design Concepts

1. Determine the correct router placement and use in an AppleTalk routing design.

2. Select the correct AppleTalk network number or range for each network segment.

1. Identify the correct AppleTalk seed router for each network segment.

2. Optimize AppleTalk availability and performance.

Chapter 5, Lesson 1

Designs That Include Multiprotocol Routers

|2| 1. IPX and AppleTalk Routing in Windows 2000

A. Microsoft Windows 2000 supports IPX or AppleTalk routing.

B. Each multiprotocol device in your network can participate in IPX or AppleTalk routing.

C. Each device maintains a routing table that specifies how to send IPX or AppleTalk packets from one host to another.

D. Host routing is the routing between the source host and the router to which it sends the IPX or AppleTalk packet.

1. To send IPX or AppleTalk packets in a routed network, each device must support host routing.

2. Most operating systems support host routing.

E. Router routing is the subsequent routing between the first router and other routers and the destination host.

1. Hardware routers, hardware IP switches, and other hardware-based devices support router routing.

2. Windows 2000 provides software-based router routing with the Routing and Remote Access feature.

|3| 2. Multiprotocol Routing Design Requirements and Constraints

A. Collect design requirements and constraints before creating your design.

B. Make design decisions based on

1. Amount and confidentiality of the data transmitted through the router

2. Plans for future growth

3. Characteristics of existing routers

a. Routing protocols used

b. WAN connections used

c. Location of routers

4. Application response times

5. Network availability requirements

|4| 3. Routing Design Decisions

A. Base the routing design on the requirements and constraints.

B. Decide what technologies and protocols each router will support.

1. Types of connections (persistent or non-persistent)

2. Connection methods

a. T1

b. Public Switched Telephone Network (PSTN)

c. Integrated Services Digital Network (ISDN)

d. Digital Subscriber Line (DSL)

e. X.25

3. Dynamic routing protocols or manual routing table entries

4. Determine availability and performance improvement methods.

a. Multiple route paths

b. Multiple routers

5. Determine packet filtering criteria.

6. Determine confidential data protection methods.

a. Authentication methods

b. Encryption algorithms

|5| 4. Edge of Network Scenario

A. An edge-of-network design connects your private network to the Internet, a point-to-point network, or another public network via routers.

B. The edge of network design offers a number of benefits.

1. Protects private network resources

2. Supports the ability to transmit IPX traffic across IP-based networks, such as the Internet

3. Protects confidential data transmitted over public networks

4. Can route data over any network interface that Windows 2000 supports, using the Windows 2000 Routing and Remote Access feature

C. You can include a firewall in your design to increase security.

|6| 5. IPX Tunneling Scenario

A. An IPX tunneling design

1. Connects multiple locations over an IP network

2. Assumes that all locations belong to the same organization or to trusted partner organizations

B. You can connect remote locations in a variety of ways.

1. Point-to-point leased lines

2. Internet

3. Other public networks

C. You must protect confidential data transmitted between locations.

D. You cannot use IPX tunneling to connect your private network’s IPX-based computers to the Internet.

1. IPX tunneling transmits only IPX packets through virtual private network (VPN) tunnels over the Internet.

2. To connect IPX-based computers to the Internet, use an IPX to IP gateway (for example, Microsoft Proxy Server 2.0).

E. You can use several methods to authenticate routers.

1. User account authentication that is managed by the organization

2. The Active Directory directory service, which provides additional security

3. Machine certificates based on Kerberos v5 tickets, X509 certificates, or a preshared key

Chapter 5, Lesson 2

IPX Routing Design Concepts

|7| 1. Placing Routers in the Network Design

A. IPX routing allows routers to transmit and protect IPX packets between different network segments and over public networks.

B. Position routers at the edge of your private network or within your private network according to your organization’s needs.

C. Consider using lower-cost hardware routers instead of Routing and Remote Access for internal routing.

|8| 2. Integrating Routers into an Existing Network

A. Most routers have at least two network interfaces.

B. Router interfaces connect routers to the network segments.

C. Specify the following for each interface in each router in your design:

1. IPX network number

2. IPX frame type, which must match the IPX frame type of the connected network segment

3. Connection type (persistent or nonpersistent)

4. Authentication, filtering, and encryption methods

a. IPX has no inherent security.

b. You can tunnel IPX traffic through IP-based virtual private network (VPN) tunnels.

A. Specify multiple IPX frame types.

1. You can use multiple frame types, but they must be routed from device to device. To do this

a. Reduce the number of IPX frame types to decrease the amount of traffic that must be routed and to avoid configuration errors

b. Provide routing between different IPX frame types, even if computers are on the same segment

c. Assign an IPX network number to each IPX frame type on each network segment

E. Specify the router interface connection and persistence.

|9| 3. Internal IPX Network Numbers

A. Assign an internal IPX network number to applications or services that support IPX, including

1. NetWare file or print servers

2. Windows 2000 routers

3. Other application servers

B. IPX-based applications and services use internal IPX network numbers to communicate with each other.

C. Create unique internal IPX network numbers, which must not be assigned to any other IPX-based device or network segment.

D. Create meaningful IPX network numbering schemes.

4. IPX Router Information Management

A. Determine how each IPX router manages its IPX routing information by specifying how

1. The router forwards IPX packets between network segments

2. IPX-based computers and routers notify other computers of available applications and services

B. IPX routers use routing tables to determine how to route IPX packets.

|10| C. Manage routing table information in one of three ways:

1. Manually, using static routing entries

a. Advantages

(1) Reduces network traffic because routers do not exchange routing information

(2) Prevents unauthorized users from accessing your private network's IPX network addressing scheme

b. Disadvantages

(1) Requires administrator intervention as network segments are changed

(2) Increases the possibility of invalid routing entries

c. Use static routing entries when Routing Information Protocol for IPX (RIPX) or autostatic RIPX would degrade network performance.

2. Automatically, using RIPX

a. Advantages

(1) Automatically updates routing information whenever network segments are added or removed, and at periodic intervals

(2) Decreases the possibility of invalid routing table entries

b. Disadvantage: increases network traffic

c. Use RIPX when the additional traffic won’t degrade performance.

3. Automatically, using autostatic RIPX routing entries

a. Advantages

(1) Automatically updates routing information whenever network segments are added or removed

(2) Decreases the possibility of invalid routing table entries

b. Disadvantages

(1) Increases network traffic

(2) Updates routing information only at scheduled times

c. Use autostatic RIPX when the additional traffic won’t degrade network performance.

|11| D. IPX-based computers advertise applications and services via Service Advertising Protocol (SAP).

1. SAP-based computers use tables to determine which services are available on which computers.

2. SAP broadcasts information on available services to all local IPX-based network segments.

a. Routers connected to the network segments receive the information and forward it to other network segments and routers.

b. SAP advertisements propagate throughout the network until all SAP-enabled devices receive them.

|12| E. Specify how to manage SAP traffic for each router interface, using one of five options.

1. Using static SAP entries

a. Advantages

(1) Reduces network traffic because SAP advertisements are not propagated

(2) Prevents unauthorized users from accessing information about available applications and services

(3) Restricts access to specific services on specific computers

b. Disadvantage: prevents users from seeing services that have no static SAP entries

2. Disabling SAP forwarding

a. Advantages

(1) Reduces network traffic because SAP advertisements are not propagated

(2) Prevents unauthorized users from accessing information about available applications and services

b. Disadvantage: prevents users from seeing services where the router interface is disabled

3. Filtering SAP forwarding

a. Advantages

(1) Reduces network traffic because not all SAP advertisements are propagated

(2) Prevents unauthorized users from accessing information about available applications and services

(3) Restricts access to specific services on specific computers

b. Disadvantages

(1) Increases network traffic because some SAP advertisements are forwarded

(2) Prevents users from seeing services filtered by the interface

4. Enabling SAP forwarding

a. Advantage: tells users on all network segments which services are available

b. Disadvantage: increases network traffic

5. Using autostatic SAP

a. Advantages

(1) Automatically updates SAP information whenever services are added or removed

(2) Decreases the possibility of invalid static SAP entries

(3) Reduces network traffic by forwarding SAP advertisements at nonpeak times

b. Disadvantage: updates SAP information only at scheduled intervals

|13| F. NetBIOS over IPX allows NetBIOS applications to run on IPX-based networks. Manage NetBIOS over IPX traffic using any combination of the following approaches.

1. Forward all NetBIOS over IPX traffic.

a. Allows access to all NetBIOS resources on a network segment

b. Propagates all traffic to other network segments

2. Filter specific NetBIOS over IPX traffic.

a. Allows access to specific NetBIOS resources on a network segment

b. Some traffic is filtered.

3. Create static NetBIOS name entries.

a. Use when network segments contain a small number of fixed NetBIOS resources

b. Reduces network traffic

4. Disable NetBIOS over IPX traffic.

a. Use when a network segment does not contain NetBIOS resources, or when you use static NetBIOS name entries to specify the resources

b. Eliminates all NetBIOS over IPX traffic

|14| 5. Protecting IPX Traffic

A. For IPX over IP tunnels, use any of the IP authentication and encryption methods available to IP to protect the data.

B. Specify that the router interface will advertise only, listen only, or both, for RIPX and SAP traffic.

1. When you set the router to advertise only, other routers cannot modify the routing information.

2. When you set the router to listen only, other routers cannot obtain routing information from that router.

C. Use IPX filters.

1. IPX filters restrict inbound or outbound traffic through the router interface.

2. You can use multiple IPX filters on a router interface to customize security.

3. You can filter IPX traffic for single or multiple network numbers, nodes, socket numbers, and packet type.

D. Use RIPX filters.

1. RIPX filters restrict inbound or outbound RIPX traffic through the router interface.

2. You can use multiple IPX filters on a router interface to customize security.

3. You can filter RIPX traffic for single or multiple IPX network numbers.

E. Use SAP filters.

1. SAP filters restrict inbound or outbound service advertisements through the router interface.

2. You can use multiple SAP filters on a router interface to customize security.

3. You can filter SAP traffic for

a. A single service type or all service types

b. A single service name or all service names

|15| 6. Optimizing IPX Routing

A. Optimize your IPX routing design for increased availability and improved performance.

B. Base your decisions on your organization's requirements.

C. The design decisions for optimizing IPX and IP routers are the same.

D. To optimize IPX routing, you can

1. Deploy redundant routers and connections, and set up load balancing between them

2. Analyze your methods of managing routing tables

Chapter 5, Lesson 3

AppleTalk Routing Design Concepts

|16| 1. Placing Routers in the Network Design

A. AppleTalk routing allows routers to transmit AppleTalk packets between different network segments.

B. You can position routers at the edge of your private network or within your private network.

C. The design decisions for positioning AppleTalk routers and IP routers are the same.

2. Router Interface Specifications

A. Most routers have at least two network interfaces.

B. Router interfaces connect routers to the network segments.

C. You must specify the following for each interface in each router in your design:

1. Connection type (persistent or nonpersistent)

2. AppleTalk configuration information, including an AppleTalk network number or range of numbers

3. Whether the router will act as a seed router for the network segment

|17| 3. Determining AppleTalk Network Numbers

A. Specify an AppleTalk network number from the same network segment to which the router interface is connected.

B. Assign at least one AppleTalk network number to each network segment.

C. Assign additional network numbers for up to 253 devices.

D. On EtherTalk and TokenTalk network segments, assign a unique AppleTalk network number for every 253 computers on the same network segment.

E. Create meaningful network numbering schemes, where specific digits identify the network segment, its type, and its network number range.

|18| 4. Selecting AppleTalk Seed Routers

A. A seed router is the source for network numbers and AppleTalk zones in a network segment.

B. Other routers and devices on the same network segment get network number and zone information from the seed router.

C. You must designate at least one seed router for each network segment.

1. If you designate more than one seed router on a network segment, the first seed router you start is the seed router for that segment.

2. Network segments without designated seed routers cannot communicate with other network segments.

3. Designate additional seed routers in each network segment in case the primary seed router fails.

4. If you specify multiple seed routers for a given network segment, all seed routers should provide the same network number configuration.

|19| 5. Optimizing AppleTalk Routing

A. Optimize your AppleTalk routing design for increased availability and improved performance.

B. Base your decisions on your organization's requirements.

C. The design decisions for optimizing AppleTalk routers and IP routers are the same.