Network Management

Activate your FREE membership today  |  Log-in

  • Visit other TechTarget ANZ sites: 
Home  >  Expert Tips  >  Q&A Special
Posted
Feb 6, 2009
 |  By:  SearchNetworking Writers

Q&A Special

Tools: Print article RSS Feeds
Bookmark and Share

Welcome to this SearchNetworking ANZ Q&A special. In this article you can learn:

Q: What is the difference between circuit switching and packet switching? Could you please give me an example?

A: Consider the two following examples to answer your question:

  • Example of circuit-switching: You pick up your land phone and dial your friend. At that point, the telco provider creates a dedicated circuit for that session and connects you to your friend's telephone. No matter how long you keep the line open with your friend, the circuit will remain, and packets flowing between both telephones will always follow the same path. This is an example of a circuit-switched network.
  • Example of packet-switching: In the second example, you switch on your PC and connect to your favorite site that offers a number of applications you can download from, so you begin downloading one application at a time. Each packet has to find its own route to the destination, i.e., your computer. Each packet finds its way using the information it carries, such as the source and destination IP address. If network congestion occurs, the routers responsible for routing packets between networks will automatically select different paths to ensure data is transferred as required. This is an example of a packet-switched network.

Q: What is the benefit of using a VLAN over IP subnetting?

A: Virtual local area networks (VLANs) allow us to create different logical and physical networks; whereas IP subnetting simply allows us to create logical networks through the same physical network.

You can have one physical network (for example, a simple network switch) and configure two or more logical networks by simply assigning different IP networks, like 192.168.0.0/24, 192.168.1.0/24, etc. The problem here is that even though you've created different networks, they are all using the same backbone: your switch. Traffic going through the switch can be seen by all other hosts, no matter what logical network they are on. The result is that security is negligible; sensitive data can be easily captured; and there would be a decreased bandwidth availability since everyone would be using the same backbone. (Imagine placing trucks, motorcycles and cars on a single-lane highway.)

If, on the other hand, your switch can handle VLANs, you can then create one VLAN for each logical network. This effectively means that trucks are placed on their own highway; the same goes for all cars and motorcycles. The bandwidth availability for each VLAN (or logical network) is now maximized, and we also have a decent level of security since the switch that connects each VLAN network, will not allow traffic to flow between them unless configured to do so.

Q: Why does IPv6 abandon TCP/IP fragmentation?

A: IPv6 does not abandon fragmentation at all. What's new is that IPv6 routers do not fragment anymore. Fragmentation must be done by the source host. It will find the optimal packet size by trying the largest possible first and then reduce the packet size if it gets "packet too big" ICMPv6 messages from routers. These messages include the maximum packet size for the next hop. This was done so that routers are efficient in forwarding packets and don't need to deal with fragmentation jobs.

Q: Why are TCP/IP networks not considered secure?

A: t's not as if designers work to build insecurities into protocols or operating systems. It is really more an issue of priorities. TCP/IP was designed with usability in mind.

In example, consider ARP; it is a two-step process that consists of a request and a response. Little thought was given at the time of the development of ARP that someone may actually send unsolicited ARP responses for the purpose of ARP poisoning. Other protocols and applications of TCP/IP also have security issues, such as ICMP, RIP, FTP, SNMP and Telnet.

Protocols like IPSec were not originally envisioned, and it is actually an add-on to IPv4.

Q: Can Network Address Translation work without static IP addresses?

A:  Depending on your requirements and network configuration, you can have different types of NAT configured. NAT is usually configured on your router or firewall. This allows internal network resources to become available to the public (Internet) and provides Internet access to all of your internal hosts.

The most common type of NAT is NAT Overload (Cisco), also known as NAT with Port Address Translation (PAT). With NAT Overload, all internal IP addresses are masked by your router using your unique public IP address (static or dynamic). This allows hundreds of connections to the Internet by smartly changing the source port of each connection (where required).

Generally NAT is a big topic, and you'll find plenty of information on www.Firewall.cx, including detailed diagrams and examples to help make the concern clear.

Q: Can vendor software self-install firewalls? I installed a wireless modem/router: 2Wire. Everything is fine except my users share folders on Computer A. Computer A can successfully ping Computer B, but when Computer B tries to ping Computer A it is not successful. Computer A has a Windows firewall and B does not. I disabled A's Windows firewall and still B could not ping A. Is it possible that the Norton software (s/w) has installed its own firewall? How do I determine if there's another firewall besides Windows Firewall? Can you think of any other reasons why, suddenly, after I installed a new modem/router, that previously shared document folders on Computer A cannot be accessed by Computer B?

A:  There could be a number of issues going on here. It could be a Windows networking problem, a configuration issue, or a firewall issue. Let's start with Windows issues. One good article that might help is on Microsoft's support page: How to troubleshoot network in Windows XP. You will also want to check your TCP/IP settings to make sure IP, netmask, and default gateways are all correct. If those are correct, check to see if you can you ping by IP and/or computer name. Also, check to see of you can see the other computer in Network Neighborhood. If everything looks right here, check the firewall settings.



© 2010 TechTarget ANZ. All Rights Reserved. Designated trademarks and brands are the property of their respective owners. Use of this website constitutes acceptance of the TechTarget ANZ Terms and Conditions and Privacy Policy.

TechTarget ANZ sites: SearchCIO.com.au | SearchNetworking.com.au | SearchSecurity.com.au | SearchStorage.com.au | SearchVoIP.com.au

WF Online community sites: ElectricalSolutions | ElectronicsOnline | FoodProcessing | InMotionOnline | LabOnline | ProcessOnline | RadioComms | SafetySolutions | SustainabilityMatters | Voice&Data

Copyright © 2010 Westwick-Farrow Pty Ltd. All rights reserved.
About Us | Contact Us | TechTarget