Page 176 / 238 Scroll up to view Page 171 - 175
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
A-2
Technical Specifications
202-10085-01, March 2005
Interface Specifications
LAN:
10BASE-T or 100BASE-Tx, RJ-45
WAN:
10BASE-T or 100BASE-Tx
Page 177 / 238
Network, Routing, Firewall, and Basics
B-1
202-10085-01, March 2005
Appendix B
Network, Routing, Firewall, and Basics
This chapter provides an overview of IP networks, routing, and networking.
Related Publications
As you read this document, you may be directed to various RFC documents for further
information. An RFC is a Request For Comment (RFC) published by the Internet Engineering
Task Force (IETF), an open organization that defines the architecture and operation of the Internet.
The RFC documents outline and define the standard protocols and procedures for the Internet. The
documents are listed on the World Wide Web at
www.ietf.org
and are mirrored and indexed at
many other sites worldwide.
Basic Router Concepts
Large amounts of bandwidth can be provided easily and relatively inexpensively in a local area
network (LAN). However, providing high bandwidth between a local network and the Internet can
be very expensive. Because of this expense, Internet access is usually provided by a slower-speed
wide-area network (WAN) link such as a cable or DSL modem. In order to make the best use of the
slower WAN link, a mechanism must be in place for selecting and transmitting only the data traffic
meant for the Internet. The function of selecting and forwarding this data is performed by a router.
Page 178 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
B-2
Network, Routing, Firewall, and Basics
202-10085-01, March 2005
What is a Router?
A router is a device that forwards traffic between networks based on network layer information in
the data and on routing tables maintained by the router. In these routing tables, a router builds up a
logical picture of the overall network by gathering and exchanging information with other routers
in the network. Using this information, the router chooses the best path for forwarding network
traffic.
Routers vary in performance and scale, number of routing protocols supported, and types of
physical WAN connection they support. The FVS124G ProSafe VPN Firewall 25 with 4 Gigabit
LAN and Dual WAN Ports is a small office router that routes the IP protocol over a single-user
broadband connection.
Routing Information Protocol
One of the protocols used by a router to build and maintain a picture of the network is the Routing
Information Protocol (RIP). Using RIP, routers periodically update one another and check for
changes to add to the routing table.
The FVS124G VPN Firewall supports both the older RIP-1 and the newer RIP-2 protocols.
Among other improvements, RIP-2 supports subnet and multicast protocols. RIP is not required
for most home applications.
IP Addresses and the Internet
Because TCP/IP networks are interconnected across the world, every machine on the Internet must
have a unique address to make sure that transmitted data reaches the correct destination. Blocks of
addresses are assigned to organizations by the Internet Assigned Numbers Authority (IANA).
Individual users and small organizations may obtain their addresses either from the IANA or from
an Internet service provider (ISP). You can contact IANA at www.iana.org.
The Internet Protocol (IP) uses a 32-bit address structure. The address is usually written in dot
notation (also called dotted-decimal notation), in which each group of eight bits is written in
decimal form, separated by decimal points.
For example, the following binary address:
11000011
00100010
00001100
00000111
is normally written as:
Page 179 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
Network, Routing, Firewall, and Basics
B-3
202-10085-01, March 2005
195.34.12.7
The latter version is easier to remember and easier to enter into your computer.
In addition, the 32 bits of the address are subdivided into two parts. The first part of the address
identifies the network, and the second part identifies the host node or station on the network. The
dividing point may vary depending on the address range and the application.
There are five standard classes of IP addresses. These address classes have different ways of
determining the network and host sections of the address, allowing for different numbers of hosts
on a network. Each address type begins with a unique bit pattern, which is used by the TCP/IP
software to identify the address class. After the address class has been determined, the software
can correctly identify the host section of the address. The follow figure shows the three main
address classes, including network and host sections of the address for each address type.
Figure 9-1:
Three Main Address Classes
The five address classes are:
Class A
Class A addresses can have up to 16,777,214 hosts on a single network. They use an eight-bit
network number and a 24-bit node number. Class A addresses are in this range:
1.x.x.x to 126.x.x.x.
Class B
Class B addresses can have up to 65,354 hosts on a network. A Class B address uses a 16-bit
network number and a 16-bit node number. Class B addresses are in this range:
7261
Class A
Network
Node
Class B
Class C
Network
Node
Network
Node
Page 180 / 238
Reference Manual for the ProSafe VPN Firewall 25 with 4 Gigabit LAN and Dual WAN Ports
B-4
Network, Routing, Firewall, and Basics
202-10085-01, March 2005
128.1.x.x to 191.254.x.x.
Class C
Class C addresses can have 254 hosts on a network. Class C addresses use 24 bits for the
network address and eight bits for the node. They are in this range:
192.0.1.x to 223.255.254.x.
Class D
Class D addresses are used for multicasts (messages sent to many hosts). Class D addresses are
in this range:
224.0.0.0 to 239.255.255.255.
Class E
Class E addresses are for experimental use.
This addressing structure allows IP addresses to uniquely identify each physical network and each
node on each physical network.
For each unique value of the network portion of the address, the base address of the range (host
address of all zeros) is known as the network address and is not usually assigned to a host. Also,
the top address of the range (host address of all ones) is not assigned, but is used as the broadcast
address for simultaneously sending a packet to all hosts with the same network address.
Netmask
In each of the address classes previously described, the size of the two parts (network address and
host address) is implied by the class. This partitioning scheme can also be expressed by a netmask
associated with the IP address. A netmask is a 32-bit quantity that, when logically combined (using
an AND operator) with an IP address, yields the network address. For instance, the netmasks for
Class A, B, and C addresses are 255.0.0.0, 255.255.0.0, and 255.255.255.0, respectively.
For example, the address 192.168.170.237 is a Class C IP address whose network portion is the
upper 24 bits. When combined (using an AND operator) with the Class C netmask, as shown here,
only the network portion of the address remains:
11000000
10101000
10101010
11101101 (192.168.170.237)
combined with:
11111111
11111111
11111111
00000000 (255.255.255.0)
Equals:
11000000
10101000
10101010
00000000 (192.168.170.0)

Rate

4 / 5 based on 1 vote.

Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top