Seven Days in the Life of Maurice
Maurice never doubted that he would find a job, but he didn't think he would find a job so soon after graduating. It didn't occur to him that he would suddenly be presented with an interview at the random corporate office where he had stopped to use the restroom. He was young enough and brash enough to accept the job of network administrator for Hypothetical, Inc., although in hindsight he should have realized that this was not a job for the upwardly mobile. He told the interviewers that he had no experience at all, but that they didn't have to pay him much either. Instead of showing him the door, they immediately placed a W-4 form in front of him and handed him a pen.
Still, he had his library of fine computer books to guide him, including his copy of Sams Teach Yourself TCP/IP in 24 Hours, Third Edition, which provided him with an accessible and well-rounded introduction to TCP/IP.
Day 1: Getting Started
When Maurice arrived at work the first day, he knew his first goal must be to bring all the computers onto the network. A quick inventory of the computers revealed some DOS and Windows machines, some Linux computers, some Macintoshes, several Unix machines, and some other computers that he didn't even recognize. Because this network was supposed to be on the Internet (several of the committee's morale-enhancing measures required visits to unnamed recreational Web sites), Maurice knew that the network would need to use TCP/IP. He performed a quick check to see whether the computers on the network had TCP/IP running. For example, he used the IPConfig utility to output TCP/IP parameters on the Windows computers. On the Unix machines, he used the ifconfig utility.
In most cases he found that TCP/IP was indeed running, but much to his surprise, he found complete disorganization in assignment of IP addresses. The addresses were seemingly chosen at random. No two addresses had any similar digits that might have served as a network ID. Each computer believed it was on a separate network, and because no default gateway had been assigned to any of the computers, communication within and beyond the network was extremely limited. Maurice asked his supervisor (the nephew who worked in the mailroom) whether an Internet network ID had been assigned to the network. Maurice suspected that the network must have some preassigned network ID, because the company had a permanent connection to the Internet. The nephew said he did not know of any network ID.
Maurice asked the nephew whether the value-added retailers who sold them the 1,000 computers had configured any of the computers. The nephew said that they had configured one computer before abruptly leaving the office in a dispute over the contract. The nephew took Maurice to the computer the value-added retailers had configured. It had two computer cables leading from it: one to the corporate network and one to the Internet.
The nephew tried to look impatient, hoping for a swift shift to a topic in which he and not Maurice held the greater knowledge. The computer appeared to be a Windows NT system. Maurice considered telling the nephew that he'd never heard of anyone using a multihomed Windows NT box as a corporate gateway and that many experts refer to this type of thing as a "really hokey configuration." It would have been better to purchase a gateway router. But it was his first day, so he didn't offer his advice. A computer, after all, is capable of acting as a router, as long as it is configured for IP forwarding. An ethernet cable led from the gateway computer to the rest of the network. Maurice entered a quick IPConfig for the computer and obtained the IP address of the ethernet adapter.
He had a hunch the value-added retailer must have configured the correct network ID into this computer before taking his leave. The IP address was 188.8.131.52.
Maurice could tell from the first number in the dotted-decimal address (198) that this was a Class C network. On a Class C network, the first three bytes make up the network ID. "The network ID is 184.108.40.206," he told the nephew. While he was there, he also checked the TCP/IP configuration to ensure that IP forwarding was enabled.
It occurred to Maurice that the network would be capable of supporting only 254 computers with the available host IDs in the Class C address space. But, he concluded, that probably wouldn't matter, because many users did not want their computers anyway. He configured IP addresses for the members of the morale committee:
and he configured computers for all other possible host IDs. He also entered the address of the gateway computer (220.127.116.11) as the default gateway so that messages and requests could be routed beyond the network. For each IP address, he used the standard network mask for a Class C network: 255.255.255.0.
Maurice used the Ping utility to test the network. For each computer, he typed ping and the address of another computer on the network. For instance, from the computer 18.104.22.168, he entered ping 22.214.171.124 to ensure that the user of the computer would be able to communicate with the nephew. Also, in keeping with good practice, he always pinged the default gateway:
Maurice was thinking that the network had come far for one day, and he was feeling that this would be an easy and rewarding job, but the last computer he configured couldn't ping the other computers on the network. After a careful search, he noticed that the computer appeared to be part of an entirely different type of physical network. Someone had attempted to connect the obscure and obsolete network adapter with the rest of the network by ramming a 10BASE-2 ethernet cable into the ports. When the cable didn't fit, the responsible party had jumped the circuit with a nail and wrapped the whole assembly with so much duct tape that it looked like something they'd used on Apollo 13.
"Tomorrow," Maurice said.
Day 2: Segmenting
When Maurice arrived for work the next day, he brought in something he knew he was going to need: routers. And although he arrived early, many users were already impatient with him. "What's the matter with this network?" they said. "This is really slow!"
Maurice told them that he wasn't finished. The network was working, but the large number of devices competing directly for the transmission medium was slowing things down. Also, some computers that were configured for a different network architecture (such as the computer he'd discovered at the end of the previous day) could not communicate directly with the other computers. Maurice strategically installed some routers so that they would reduce network traffic and integrate the network elements with a differing physical architecture. Of course, he had to find a router that supported the obsolete architecture, but this was not difficult because Maurice had many connections.
Maurice also knew that some subnetting was in order. He decided to divide the final eight bits after the Class C network ID so that he could use three bits for a subnet number and the other five bits for host IDs on the subnetted networks.
The last octet of the subnet mask was therefore 32+64+128 or 224, and the full subnet mask was 255.255.255.224.
Maurice added the new subnet mask for his new subnetted network and assigned IP addresses accordingly. He assigned IP addresses such that the three subnet bits were the same for all computers on a given segment. He also changed default gateway values on many of the computers, because the original gateway was no longer on the subnet. He instead used the IP address of a router port as the default gateway for the computers on the subnet connected to that router port.
Day 3: Dynamic Addresses
The network was now functioning splendidly, and Maurice was gaining a reputation for results. Some even suggested him as a possible candidate for the morale committee. The nephew, however, differed with this view. Maurice was not destined for the morale committee or for any committee, the nephew mentioned, because so far he was not meeting the objective of his employment. The committee clearly stated that the network should have 1,000 computers, and so far Maurice had given them a network of only 254. "How can we expect morale to improve if the directives of the morale committee are ignored?" he added.
By the Way
Actually, the network now had fewer than 254 addresses, because the subnetting implemented in Day 2 left extra unassignable addresses for the all-zeros host ID and the all-ones broadcast address on each subnet. The actual number of available addresses within a subnet is not 2n, but (2n – 2), where n is the number of host ID bits in the address. Maurice did not see a reason for revealing this fact to the nephew.
But how could Maurice bring Internet access to 1,000 computers with fewer than 254 possible host IDs? He knew the answer was that he must configure a DHCP server to lease the IP addresses to users on a temporary basis. "The theory behind DHCP," he explained, "is that all users won't be using their computers all at once." The DHCP server keeps a list of available IP addresses, and when a computer starts and requests an address, the DHCP server issues an address temporarily. As long as users only occasionally access their computers, it is possible to support 1,000 computers with these 254 IP addresses.
By the Way
Another solution to the address shortage problem would have been to use a network address translation (NAT) device for the Internet connection. If he used a NAT device, Maurice could have assigned any addresses he wanted on the network, regardless of whether the addresses were part of the official address range assigned to the company. However, in a company that economized by using homemade plaster in place of white out, he did not guess that his request for a new device would receive attention. Also, the nephew had grown extremely territorial about the inelegant Windows NT gateway computer and seemed to take a personal stake in its success.
Configuring the DHCP server was easy, at least for Maurice, because he read the documentation carefully and wasn't afraid to look for help on the Web. (He did need to make sure the routers were configured to pass on the DHCP information.) The hard part was manually configuring each of the 1,000 computers to access the DHCP server and receive an IP address dynamically. To configure the 1,000 computers in an eight-hour day, he had to configure 125 computers per hour, or a little more than two per minute. This would have been nearly impossible for anyone but Maurice. He knocked several people down, but he finished in time for the 6:00 p.m. bus.
Day 4: Domain Name Resolution
The next day Maurice realized that his hasty reconfiguration of the network for dynamic address assignment had left some unresolved conflicts. These conflicts would not have occurred at any other company, but at Hypothetical, Inc., they were real and acute.
The president spoke to Maurice privately and informed Maurice that he expected that he, the highest ranking official in the company, would have the computer with the numerically lowest IP address. Maurice had never heard of such a request and could not find reference to it in any of his documentation, but he assured the president that this would not be a problem. He would simply configure the president's computer to use the static IP address 126.96.36.199 and would exclude the president's address from the range of addresses assigned by the DHCP server. Maurice added that he hoped the president understood the importance of not tampering with the configuration of the computer that was acting as an Internet gateway. That computer, which was configured by the value-added retailer, was the only one that would have a lower address: 188.8.131.52. (Actually, Maurice could have changed this address to something higher, but he didn't want to.) The president stated that he did not mind if a computer had a lower IP address as long as that computer didn't belong to another employee. He just didn't want any person to have a lower IP address than his address.
The arrangement between Maurice and the president would have posed no impediment to the further development of the network had not other upper-level managers claimed their own places on this sad ladder of vanity. It was easy enough to give the vice-president and the chief of operations low IP addresses, but a bevy of middle managers, none higher or lower than the others, began to bicker about whose computer would be 184.108.40.206 and whose would be 220.127.116.11. At last, the management team was forced to adjourn to a tennis retreat where they sorted out their differences and tried to begin each match with love.
In the meantime, Maurice implemented a solution he knew they would accept. He set up a DNS server so that each computer could be identified with a name instead of an address. Each manager would have a chance to choose the hostname for his or her own computer. The measure of status, then, would not be who had the numerically lowest computer address but who had the wittiest hostname. Some examples of the middle managers' hostnames included:
The presence of a DNS server also brought the company closer to the long-term goal of full Internet access. Recently, the users had been able to connect to Internet sites, but only by IP address. The DNS server, through its connection with other DNS servers, gave the company full access to Internet hostnames, such as those used in Internet URLs.
Day 5: NetBIOS Name Resolution
A group of Windows 2000 users in one of the new subnets told Maurice that some of the other Windows machines they wanted to access were not present in Network Neighborhood. "It all worked fine the first day," they told him. "But on Day 2, the computers in accounting stopped showing up."
Maurice knew that Day 2 was the day he installed the routers and instituted subnetting. He realized suddenly that, after he subdivided the network with routers, NetBIOS names could no longer be resolved through broadcast. Maurice knew he had two choices for implementing network-wide NetBIOS name resolution:
He chose to implement NetBIOS name resolution using a WINS server. Because the computers received their TCP/IP configurations automatically from the DHCP server, he used the DHCP server to configure the client computers to access WINS.
Day 6: Firewalls
Despite all the recent networking successes, the morale of the company was still very low. Employees were rapidly resigning and departing like moviegoers exiting a bad film. Many of these employees had intimate knowledge of the network, and managers worried that the disgruntled ones might resort to cyber-vandalism as a form of retribution. The managers asked Maurice to implement a plan by which network resources would be protected, but network users would have the fullest possible access to the local network and also the Internet. Maurice asked what the budget was, and they told him he could take some change from the jar by the coffee machine.
Maurice sold approximately 50 of the 1,000 computers and used the money to buy a commercial firewall system that would protect the network from outside attack. (The 50 computers were completely unused and were blocking the hallway to the service entrance. Janitorial personnel had tried to throw them away at least six times.) The firewall provided many security features, but one of the most important was that it allowed Maurice to block off TCP and UDP ports to keep outside users from accessing services on the network. Maurice closed off all non-essential ports. He kept TCP port 21 open, which provides access to FTP, because at Hypothetical, Inc., information is often dispensed in large paper documents for which FTP is an ideal form of delivery. Maurice carefully configured the firewall so that the port 21 FTP access was authorized only for purposes of connecting to a well-protected FTP server computer.
Day 7: Virtual Private Networking
The chief of operations called Maurice into his office to ask whether federal law prohibited the wagering of large sums of money on sporting events over the Internet. Maurice told the chief that he wasn't a lawyer and didn't know the specifics of gambling law.
The chief asked whether, on an unrelated note, Maurice knew of a way by which all correspondence over the Internet would be strictly private so that no one could find out what he was saying or with whom he was communicating. Maurice told him the best technique he knew about was virtual private networking. A virtual private network (VPN) is a private, encrypted connection over a public line. A VPN provides a connection that is nearly as private as a point-to-point connection.
"I need one of those right away," the chief said, retiring thoughtfully to his inner office.