Professional Documents
Culture Documents
1710_reading.doc 1
© State of New South Wales, Department of Education and Training 2006
Reading: Ensure basic Internet connectivity
So what are the issues that should be considered in the design, installation
and management of an Internet connection?
There are a range of Internet connection types available, each with their own
costs and benefits. Every type of Internet connection will require an Internet
Service Provider (ISP). An ISP is a network that you connect to, which
inturn has another connection to other parts of the Internet. This is why the
Internet is often referred to as ‘The Web’, a maze of interconnecting
networks, each network paying for access to the other networks.
1710_reading.doc 2
© State of New South Wales, Department of Education and Training 2006
Reading: Ensure basic Internet connectivity
IP LAN Segment.
For Internet connectivity, the local LAN segment must run as an IP network
segment. Each machine must have an IP address. DHCP may be
implemented to assist in the management of IP address allocation to
computer hosts. DNS would also be present to allow client computers to use
domain names to access resources instead of the numerical IP address.
The valid IP address would then be given to the router gateway that
connects the LAN to the Internet. It is this device that provides the Network
Address Translation (NAT) service to computers on the LAN. NAT allows
the local network segment to use private IP addresses, which are hidden
from the internet. The local network’s IP addresses are then replaced by the
one valid IP address (public) when the network traffic goes through the
gateway to the Internet.
Gateway
A gateway is simply a device that links two different networks together. In
the context of the IP network behaviour, the gateway has a special role. It is
the device where any network traffic is sent that is addressed to a non-local
host (one that is on a different IP network). The gateway device provides a
link between the local LAN segment and the ISP’s network. Gateways,
often implemented as routers, come in many forms. Common types of
gateways are ADSL routers, Ethernet routers, Dialup routers and PC-based
routers just to name a few.
The gateway must have network interfaces that match the WAN connection
media to the ISP as well as the LAN connection media to the local network.
So the purchase of an appropriate gateway is specific to the inter-network
situation.
1710_reading.doc 3
© State of New South Wales, Department of Education and Training 2006
Reading: Ensure basic Internet connectivity
WAN Link
Normally the ISP that the local LAN connects to is physically remote from
it. As a result, a Wide Area Network (WAN) link is required to join the
networks. While standard dialup telephone lines provide this link for many
home computers, higher speed ISDN and ADSL broadband connections are
popular where available. While ADSL is quite common in metropolitan
areas, ISDN still has a role for small businesses in many areas of NSW
where ADSL is not available. Large businesses will use even higher speed
links often implemented as a T1 connection. As with most capacity related
services, it all comes down to cost.
The most common types of Internet connection topologies are listed below.
1710_reading.doc 4
© State of New South Wales, Department of Education and Training 2006
Reading: Ensure basic Internet connectivity
In this example the local LAN administrator has arranged for both an ISP
connection as well as a leased IP address range. Normally this will take the
form of a subnet of an existing network range managed by the ISP. The
domain of the local network would normally be registered and the DNS
server linked to the parent DNS. The HTTP Servers on the client network
could host a public company web site and a public email service. Because
the client network is fully integrated in the Internet, they could use video
streaming, voice over IP and all other Internet available facilities. The
public IP addresses of the client network’s Gateway Router, DNS and Web-
related servers would be static (fixed).
All of the client computers linked to the gateway router running NAT will
have a private, non-routable IP address. The NAT router substitutes its own
public IP address in place of the private IP address of the internal network,
every time a packet goes out from the client’s network to the Internet.
This will make these machines invisible to the Internet. As a result Internet
based services such as Email and the client’s HTTP site must be hosted on
the ISP’s servers, instead of being located within the client network. The
client network will not normally have a domain name for their network as it
only consists of one public IP address – that held by the ADSL interface of
the gateway router.
1710_reading.doc 5
© State of New South Wales, Department of Education and Training 2006
Reading: Ensure basic Internet connectivity
This type of network minimises exposure to hacking attempts, as the client’s
internal network is invisible to the Internet. However, it still allows for
viruses to enter via email messages and downloaded files. The public IP
addresses of the client network’s Gateway Router may be allocated as either
dynamic or static.
The De-Militarized Zone (DMZ) refers to a section of the network that has
full Internet access but is partially protected by a firewall. Firewalls are
discussed in the next section.
It is also possible to link other networks to any existing router in the client
network. This would be achieved by providing the existing routers with an
additional WAN interface leading to the other network. The public IP
addresses of the client network DMZ’s Gateway Router, DNS and Web-
related servers would be static (fixed).
1710_reading.doc 6
© State of New South Wales, Department of Education and Training 2006
Reading: Ensure basic Internet connectivity
Firewalls
A firewall refers to a type of service that may be hosted on a variety of
devices. Gateway routers can have firewalls, computers can have firewalls
and dedicated firewall devices are also available. Importantly, a firewall
protecting a network segment has two network interfaces. One network
interface is connected to the unrestricted Internet and the other provides
filtered network traffic for the internal client network.
A firewall examines all traffic wanting to enter the internal network. The
network traffic is compared to a set of selection rules and if the traffic does
not meet the requirements, is discarded. For example, a client Internet site
may only want to allow incoming packets addressed to the HTTP server
203.34.200.150 using port 80. If that rule is set up in the firewall, all packets
trying to pass the firewall that do not match that rule are discarded.
1710_reading.doc 7
© State of New South Wales, Department of Education and Training 2006
Reading: Ensure basic Internet connectivity
If you are trying to protect the network from denial of service (DOS)
attacks, then the firewall must be as close to the Internet source as possible.
Some ISP’s can provide (at a cost) basic firewall filtering of traffic before it
enters your network. If incoming traffic has to ‘bounce’ around the client
network before being filtered at the destination computer (as many personal
firewall products do), then it has already degraded your network service.
This type of DOS attack is most effective against slow devices, such as
routers and their WAN links.
Proxy Servers
Proxy servers are used as a traffic minimisation device. A proxy server is
used as an intermediary. It takes requests for Internet data from a client
computer, gets the data from the Internet site and keeps a local copy of that
data for itself. The next time that data is requested, it will provide its local
copy of the data instead of accessing the data from the original Internet site.
This reduces Internet traffic in an environment where many users require
access to the same data. By themselves, they do not provide any security,
but can save large amounts of network traffic. Remember most ISP
connections (especially ADSL and other broadband options) are charged by
traffic volume.
1710_reading.doc 8
© State of New South Wales, Department of Education and Training 2006
Reading: Ensure basic Internet connectivity
There are a number of features that need to be considered when selecting the
best type of account for a client. Most ISP plans are based on a recurring
monthly fee. The amount charged will be depend upon the:
connection type and speed,
traffic and time allowances,
number of IP addresses,
value added services such as Email hosting or Web hosting.
Traffic/Time allowances
The other main determining factor is the ISP’s allowance of network traffic
or network time for your monthly fee. Many ISPs will differ in the amount
of traffic or time the connection is allowed to use each month. Some ISP
connections, such as ADSL are only interested in traffic volume, as ADSL
is a permanently connected digital service. Dial-up ISP accounts mainly
record time usage. ISDN ISP packages may record both time usage and
network traffic.
Some ISPs charge additional monthly fees when the estimated traffic
volume or time limits are exceeded. This can be very expensive! Others
simply reduce the network speed for the balance of the month. This is a
safer approach that is often referred to as an unlimited account.
1710_reading.doc 9
© State of New South Wales, Department of Education and Training 2006
Reading: Ensure basic Internet connectivity
Number of IP addresses
ISPs will normally provide one public IP address per connection by default.
This IP address will be held by the computer’s dialup adapter, in the case of
a modem connection and by the router if a network shares the connection.
As shown in the Internet Connection Models shown previously, one address
may or may not suit the client’s needs.
Summary
This learning pack has covered the basic methods of connecting a network
to the Internet. There are many different ways in which to approach the
implementation of Internet access from a local area network. However, the
main goal of any system upgrade is that it meets the needs of the client. It is
clear that the area of Internet connectivity will continually change as new
technologies are released.
1710_reading.doc 10
© State of New South Wales, Department of Education and Training 2006