Network Architecture

Windows 2000 network has a layered architecture just as the OSI Model does. Each layer rests upon
another layer and receives information from a layer above or below. The data is utilized if needed and is
passed up towards an application or down to a hardware device. Boundary layers are interfaces between
functional layers in the Windows 2000 network architecture model. Refer to the previous diagram.

Connectionless Architecture
The Windows NT 4.0 network architecture supported traditional connectionless network standards such as
Ethernet, Token Ring, and FDDI. Connectionless networking does not negotiate, manage, and maintain a
connection before transmitting data. Connectionless architecture, sometimes known as a datagram
service is a best efforts delivery service. There is no guarantee that messages won’t be lost, duplicated or
delivered out of order.

Connection-oriented Architecture
Windows 2000 continues to support traditional connectionless networking, but adds advanced connectionoriented services such as ATM. Windows 2000 negotiates connections using a call manager. A call
manager is a portion of software that can initiate and maintain connections, creating virtual circuits
between two network endpoints. Virtual circuits act as conduits for the transmission of data, allowing
greater control of bandwidth, latency, delay variation, and sequencing. These services provide greater
support for distributed voice, data, and video applications. Windows 2000 also adds IP Quality of Service,
bringing many of the attributes of connection-oriented networking to traditional TCP/IP networks.

Network Subsystem Background
The modular networking architecture of Windows 2000 utilizes two industry standard models for a
layered networking architecture. The first is the International Organization for Standardization (ISO)
model for computer networking, called the Open Systems Interconnect (OSI) Reference Model. The
second is the Institute of Electrical and Electronic Engineers (IEEE) 802 model. Windows NT, Windows
98,Windows 95 and Windows for Workgroups also utilize these standard models.
The ISO OSI and IEEE 802 models define a modular approach to networking, with each layer responsible
for some discrete aspect of the networking process. They are only models. Therefore, they do not

First. as the the figure on the left shows. Provides a standard interface between network protocols and network APIs. However.      . Windows 2000 NDIS adds support for connection oriented network media such as ATM and continues to support traditional connectionless network media such as Ethernet. Network Protocols. Basic Network Services. Supports Remote Procedure Calls. In this way. Data going to and from the network moves from layer to layer. ATM. Finally up through the lower layers of the second computer. Acts as a boundary layer between network adapter cards and network protocols and manages the binding process. AppleTalk and DLC. it passes the packet to the next layer. Supports Winsock. Token Ring. Each layer is able to communicate with the layer immediately above it and the layer immediately below it. Provide interfaces between network media and Windows 2000 network software. and FDDI. the software at a layer on one computer assumes it is communicating with the same layer on another computer. The OSI model describes the flow of data in a network.  Network Adapter Card Drivers. NetBIOS. and other mechanisms that support client-server computing and distributed processing. When a layer receives a packet of information. Transport Device Interface (TDI). NWLink IPX/SPX. name services. Common Internet File System. TAPI. Network Components The Network subsystem comprises the following main elements. MAPI. each layer is discrete. it checks the destination address. Network Application Programming Interface (APIs). However. Mailslots. the actual connection occurs only at the physical layer. models assist in understanding how networks function. and if its own address is not there. These include network address management. Distributed Component Object Model. Makes use of the underlying network architecture to support network applications and services. the transport layer of one computer assumes that it is communicating directly with the transport layer on the other computer. and advanced network services such as IP Security and Quality of Service. and other network APIs that provide standard programming interfaces for network applications and services.correspond exactly to any existing network structure. Interprocess Communications. Includes support for TCP/IP.  Network Driver Interface Specification (NDIS). through the lower layers of the first computer then across the physical media. NetBEUI. For example. Named Pipes. When two computers communicate on a network. SNA protocols are available with the addition of Microsoft SNA Server. The transport layer on the first computer has no regard for how the communication actually occurs.

.Network Driver Interface Specification (NDIS) NDIS is a specification for a network driver architecture that allows transport protocols to communicate with an underlying network card or other hardware device. As well as moved across the transmission media.sys. and contains supporting routines that make it easier to develop NDIS drivers. The network interface card driver is at the bottom of the network architecture. This allows for the addition of support components like call managers to provide for connection setup and management. The following are the allowed protocols. NDIS has been implemented in a module called Ndis. A protocol is a standardized packet of data that makes it possible for networks to share information. Windows 2000 NDIS (NDIS 5. Token Ring. Code written to match this specification reduces programming required by each software and hardware vendor. The NDIS wrapper is a small piece of code surrounding all of the NDIS device drivers. It also defines a connection-oriented control. NDIS includes improved support for connection-oriented media. NDIS allows an unlimited number of network adapter cards in a computer and an unlimited number of protocols binding to one or more adapter cards. refer to the figure on the left. Additionally LAN emulation components can support legacy LAN-based protocols. Network Protocols Windows 2000 supports many different protocols. NDIS permits the high-level protocol components to be independent of the network interface card by providing a standard interface. NDIS is a boundary layer. The wrapper provides a uniform interface between protocol drivers and NDIS device drivers.0) still exposes the standard connectionless interface. and FDDI. it requires that network adapter card drivers be written to the NDIS specification. data plane and associated API’s. In Windows 2000. Arcnet. Network Device Interface Specification (NDIS) is a standard that allows multiple network adapters and multiple protocols to be bound and to coexist. With Windows 2000. which is referred to as the NDIS wrapper. NDIS offered support for connectionless LANbased media such as Ethernet. Connection-oriented components also map legacy protocol network addresses to native connection-oriented media addresses. Because Windows 2000 network architecture supports NDIS. This is how all data is moved across a network. In Windows NT. The packets of information are moved up and down the protocol stack.

Another factor contributing to the success of TCP/IP is the massive interest in the Internet. Infrared Data Association. ATM takes large chunks of data and creates cells of a large fixed length. it can be used access IBM mainframes. NetWare Internetwork Packet Exchange/Sequenced Packet Exchange. or to act as a file or print server to a NetWare client. Microsoft TCP/IP been updated for Windows 2000 to include several performance improvements for networking within high-bandwidth LAN and WAN environments. AppleTalk is a protocol suite developed by Apple Computer Corporation to communicate between MacIntosh computers. NWLink IPX/SPX NetBIOS Compatible Transport Protocol is a Microsoft IPX/SPX compatible protocol for Windows 2000. DLC needs to be installed only on those network machines that perform these two tasks. Network-attached printers use the DLC protocol because the received frames are easy to disassemble and because DLC functionality can easily be coded into read-only memory (ROM). NWLink is useful if there are NetWare client/server applications running that use Sockets or NetBIOS over the IPX/SPX protocol.Unlike the other protocols. it does not allow a computer running Windows 2000 to access files or printers shared on a NetWare server. First. The NWNBLink component is used to format NetBIOSlevel requests and pass them to the NWLink component for transmission on the network. the Data Link Control (DLC) protocol is not designed to be a primary protocol for network use between personal computers.  Asynchronous Transfer Mode (ATM). DLC provides applications with direct access to the data-link layer. but is not used by the Windows 2000 operating system redirector. The connection-oriented media determines the status of the connection and creates a virtual circuit. AppleTalk relies heavily on broadcast activity to perform station naming. Only the print server communicating directly with the printer needs the DLC protocol installed. Several major factors have lead to the success of TCP/IP. such as a print server sending data to a network HP printer. Windows 2000 Server includes Services for MacIntosh which includes an AppleTalk protocol stack. including the Internet and to provide the ability to operate over those networks in a secure manner. NWNBLink contains Microsoft enhancements to Novell NetBIOS. and other dynamic tasks. which usually run IBM 3270 applications. The Windows 2000 TCP/IP suite is designed to make it easy to integrate Microsoft enterprise networks into large scale corporate. printer sharing. While creating a connection the Quality of Service is determined. AppleTalk Protocol. government. Services for MacIntosh provides file sharing. Microsoft has adopted TCP/IP as the strategic enterprise transport protocol for Windows 2000 network operating system. Client computers sending print jobs to the network printer do not need the DLC protocol. This allows services to remain independent of transports. . packets will be routed by a different route. The client portion can be run on a Windows 2000 Server or Windows 2000 Workstation system to access the server portion on a NetWare server. Since the virtual circuit is connection-oriented the data arrives at the receiving end in proper order. Transmission Control Protocol/Internet Protocol (TCP/IP). The other major use of DLC is to print to Hewlett-Packard printers connected directly to networks. and vice versa. AppleTalk routing and remote access. To access files or printers on a NetWare server. Data Link Control. and public networks. It is now primarily a legacy protocol to support existing workstations that have not been upgraded to Windows 2000. DLC is not used for normal-session communication between computers running Windows 2000. TCP/IP has become the standard for computer interconnectivity. a redirector must be used. video and data communications. This virtual circuit is a direct path from one application to another. route discovery. After the initial connection has been established. NetBEUI is included with Windows 2000 Server and Windows 2000 Workstation. For more information about NetWare IPX/SPX see chapter 12 in the Internetworking Book of the Windows 2000 Resource Kit NetBIOS Extended User Interface. If a network failure occurs. which means that packets can be switched by use of the packets address. re-routing. The protocol is routable.      Network Transport Device Interface TDI is a common interface for drivers (such as the Windows 2000 redirector and server) to communicate with the various network transport protocols. By itself. The DLC protocol is primarily used for two tasks. such as the Client Service for NetWare (CSNW) on Windows 2000 Workstation or the Gateway Service for NetWare (GSNW) on Windows 2000 Server. This ability to be routed confers fault tolerance. However. For a very large network this overhead is difficult to absorb. NetBEUI (NetBios Extended User Interface) was originally developed as a protocol for small departmental LANs of 20 to 200 computers. ATM protocol is a connection-oriented protocol that is ideal for voice.

    NetBIOS API.    Remote Procedure Call (RPC). Named Pipes and Mailslots. Network Interprocess Communication The connection between the client and server portions of distributed applications must allow data to flow in both directions. The Windows 2000 redirector and server both use TDI directly. TDI may be the most difficult to use of all Windows 2000 network API’s. there is no driver for TDI. they are not subject to many of the restrictions imposed by NetBIOS. it is simply a specification for passing messages between two layers in the network architecture. Windows 2000 network APIs include:  Winsock API. The Server Service Windows 2000 includes a component. Network API Application Programming Interface’s are sets of routines that an application program uses to request and carry out lower-level services performed by the operating system. This is why TDI acts as a boundary layer. Common Internet File System (CIFS). All Windows 2000 transport providers expose TDI. such as the legacy 254-session limit. It is a simple conduit. and directly . By doing so. The Windows 2000 operating system provides many different Interprocess Communication (IPC) mechanisms. The TDI specification describes the set of functions by which transport drivers and TDI clients communicate. called the Server service. is implemented as a file system driver. There are a number of ways to establish this connection. Telephony API. such as Windows Sockets and NetBIOS. Messaging API.Unlike NDIS. so programmers must determine the format and meaning of messages. Network Services Network Services are located directly under application programs in the network protocol stack and provide the components to access files on networked computers. Other Network API’s. and the call mechanisms used for accessing them.  Distributed Component Object Model (DCOM). Microsoft developed the Transport Driver Interface (TDI) to provide greater flexibility and functionality than is provided by existing interfaces. The Server service sits above TDI. rather than going through the NetBIOS mapping layer.

The Workstation Service All user-mode requests from the MUP and the MPR go through the Workstation service. The Workstation service receives the user request.       The low-level network drivers receive the request and pass it to the server driver (SRV).  Server. When the Server service receives a request from a remote computer asking to read a file that resides on the local hard drive.  Srv.  The MUP driver must be started. Windows for Workgroups. The local file-system driver passes the data back to the Server service.exe. The Windows 2000 operating system redirector allows connection to Windows 98. LAN Server.sys. This service consists of two components.interacts with various other file-system drivers to satisfy I/O requests.exe in Windows 2000 The redirector (Rdr. This provide the following several benefits. which is the Service Control Manager. but other computers connect to it. It does not attempt to connect to other computers. The Server service supplies the connections requested by client-side redirectors and provides them with access to the resources they request. the following steps occur. and other MS-Net-based servers. the Server service is not dependent on the MUP service because the server is not a UNC provider. resides in Services. such as file read and write. From the I/O Manager . a file system driver that handles the interaction with the lower levels and directly interacts with various file system devices to satisfy command requests. The redirector communicates to the protocols by means of the TDI interface. and passes it to the kernel-mode redirector. such as reading or writing to a file. Configuration requirements for loading the Workstation service include:  A protocol that exposes the TDI interface must be started. which is a file-system driver that interacts with the lower-level network drivers by means of the TDI interface. The data is passed back to the local file-system driver. where all services start. The Server service passes a read-file request to the appropriate local file-system driver.  It allows applications to call a single API (the Windows 2000 I/O API) to access files on local and remote computers. disk-device drivers to access the file. The Server service is composed of two parts.sys). Windows 95. Refer to the figure on the left. The redirector is implemented as a Windows 2000 file system driver. Windows 2000 Redirector The redirector (RDR) is a component that resides above TDI and through which one computer gains access to another computer. The Server service passes the data to the lower-level network drivers for transmission back to the client computer. a service that runs in the Services.   The user-mode interface. LAN Manager. Refer to the figure on the left. The local file-system driver calls lower-level. Unlike the Workstation service.

It can easily coexist with other redirectors. MPR is similar to MUP. If MUP has not seen the UNC name during the previous 15 minutes. The DLLs "know" how to take the request from MPR and communicate it to their corresponding redirector. I/O requests from applications that contain UNC names are received by the I/O Manager. This connection remains as long as there is activity. Like all other layers in the Windows 2000 networking architecture. Multi-Provider Router (MPR). there is a unified interface for accessing network resources. which is independent of any redirectors installed on the system. MUP selects the appropriate UNC provider (redirector) to handle the I/O request. like any other file-system driver. Network Resource Access Applications reside above the redirector and server services in user mode. One of the design goals of the Windows 2000 networking environment is to provide a platform upon which others can build. and passes the command to that redirector. such as Cache Manager.perspective. MUP will send the name to each of the UNC providers registered with it. MUP also has defined paths to UNC providers (redirectors). there is a series of provider DLLs between MPR and the redirectors. Access to resources is provided through one of two components. there is no difference between accessing files stored on a remote computer on the network and accessing those stored locally on a hard disk. Not all programs use UNC names in their I/O requests. MUP is a vital part of allowing multiple redirectors to coexist in the computer. determines the appropriate redirector. The provider DLLs expose a standard interface so that MPR can communicate with them. Refer to the figure on the left. MUP is actually a driver. The provider DLLs . This improves the performance of the redirector. Because different network vendors use different interfaces for communicating with their redirector. which merely defines the way a component on one layer communicates with a component on another layer. then MUP once again negotiates to find an appropriate redirector. unlike the TDI interface. it checks with each redirector to find out which one can process the request. Some applications use WNet APIs. Multiple Universal Naming Convention Provider (MUP). Refer to the figure on the left. which are the Win32 network APIs. MPR receives WNet commands. When applications make I/O calls containing Universal Naming Convention (UNC) names. as explained next. MUP looks for the redirector with the highest registered-priority response that claims it can establish a connection to the UNC. MUP frees applications from maintaining their own UNC-provider listings. which in turn passes the requests to MUP. The Multi-Provider Router (MPR) was created to support these applications. MUP is a prerequisite of the Workstation service.    It runs in kernel mode and can directly call other drivers and other kernel-mode components. If there has been no request for 15 minutes on the UNC name. It can be dynamically loaded and unloaded. these requests are passed to the MUP. When a request containing a UNC name is received by MUP.

network load balancing service automatically redistributes the requests to the remaining hosts. Scalability. FTP Servers. Network Load Balancing Service Network Load Balancing Service allows requests for information of an IP address to be handled by a cluster of machines.are supplied by the network-redirector vendor and should automatically be installed when the redirector is installed.0. limited to 32 computers. The machines in this cluster are assigned virtual IP addresses. E-Mail and other mission critical services. many machines can do the work for one IP address yet appear as only one machine. Refer to the figure on the left. If a host computer in a cluster goes offline. A cluster is currently . In Windows 2000. a series of routing components supplied with Windows 4. Network Load Balancing Service also enhances the availability of Windows 2000 server programs such as Web Servers. These are performance. scalability and reliability. This is a useful ability since it provides several benefits. Load balancing is accomplished by filtering incoming packets and distributing them to the host (cluster server) that should handle them. or the ability to increase bandwith easily can be accomplished by adding additional servers to the cluster. Internet Information Services. Multi-Protocol Routing has become the Routing and Remote Access Service. This re-distribution of work allows the overall performance to be increased. Thus. Note The acronym MPR is also used for the Multi-Protocol Routing.