Microsoft® Encyclopedia of Networking, Second Edition

Author Mitch Tulloch and Ingrid Tulloch Pages 1376 Disk 1 Companion CD(s) Level All Levels Published 04/24/2002 ISBN 9780735613782 Price $79.99 To see this book's discounted price, select a reseller below.	More Information About the Book Table of Contents Sample Chapter Index Related Series Related Books About the Author Support: Book & CD Rate this book

Chapter : T continued

TN5250

Overview

TN5250 is to the AS/400 computing environment what TN3270 is to the mainframe world. TN5250 offers full 5250 terminal emulation, including hot backup and security features similar to those included with the TN3270 service. TN5250 provides workstation emulation only and does not include file-transfer or printer-emulation services. TN5250 originally stood for Telnet 5250 but is never referred to this way anymore.

A TN5250 service included with Microsoft Host Integration Server lets TN5250 clients connect to AS/400 systems without installing Transmission Control Protocol/Internet Protocol (TCP/IP) on the AS/400. Using Host Integration Server, TN5250 provides workstation emulation that supports almost all the field attributes and keyboard sequences of a "real" SNA 5250 except text assist.

See Also: Telnet, TN3270

Token Ring

Overview

Token Ring was first developed by IBM in 1984 as an alternative to Ethernet. Token Ring originally operated at 4 megabits per second (Mbps). This speed was later extended to 16 Mbps, which enabled Token Ring to compete favorably for a while with the 10 Mbps speed of standard Ethernet. Over the years, the evolution of Token Ring, however, has not matched that of Ethernet. Fast Ethernet brought speeds of 100 Mbps, and an initiative called High-Speed Token Ring (HSTR) was undertaken jointly by Token Ring vendors IBM, Madge Networks, and Olicom to do the same. But in 1998, in the face of emerging Gigabit Ethernet (GbE) standards, IBM abandoned its HSTR efforts, which spelled the death knell for Token Ring and relegated it to the realm of a legacy technology. Despite this occurrence, there is still a large installed base in some shops, but it seems inevitable that they will have to consider migrating to Ethernet technologies in the near future.

Click to view graphic

Token Ring. The physical and logical topologies of a Token Ring network.

Token Ring was standardized in the Institute of Electrical and Electronics Engineers (IEEE) 802.5 specifications, which describe a token-passing ring network configured as a physical star topology using structured wiring implemented with twisted-pair cabling and active hubs.

Implementation

In a Token Ring network, stations (computers) are wired in a star formation to a central wiring concentrating unit called a Multistation Access Unit (MAU). Note that the term Multistation Access Unit is sometimes abbreviated as MSAU instead of MAU to distinguish it from media attachment unit, a term used in older Ethernet networking technologies.

The MAU unit concentrates wiring in a star topology but internally forms a logical ring topology over which network traffic can travel. Lobes connect the individual stations to the MAU. The maximum cable length for a lobe is 74 feet (22.5 meters) or 328 feet (100 meters), depending on the cable type, but you can extend this distance up to 1.5 miles (2.4 kilometers) using repeaters designed for Token Ring networks. Note that distances between MAUs and attached stations are usually specified as lobe lengths, which refer to round-trip signal paths. Thus, a station with a lobe length of 655 feet (200 meters) actually uses a cable 328 feet (100 meters) long.

MAUs typically support 8 or 16 connections for attaching lobes. You can extend a Token Ring network by connecting the ring-out port of one MAU to the ring-in port of another MAU to form larger rings that can support larger numbers of stations (stackable MAUs simplify this interconnection process). The maximum number of MAUs that can be interconnected in this way is 33. Some MAUs also support interconnection using fiber-optic cabling to create networks that span a building or even a campus. Most MAUs also support in-band management by using Simple Network Management Protocol (SNMP) plus out-of-band management by using a serial interface.

Token Ring networks come in two types, both of which can operate at 4 or 16 Mbps:

• Type 1 Token Ring: Generally uses shielded twisted-pair (STP) cabling with a special data connector developed by IBM for Token Ring installations. However, 16-Mbps MAUs generally have ports for RJ-45 or DB9 connectors.
• Type 3 Token Ring: This type uses standard unshielded twisted-pair (UTP) cabling with RJ-45 connectors.

Type 1 Token Ring is often considered more reliable than Type 3, but the larger installed base of UTP cabling made Type 3 an attractive option for many Token Ring installations. Type 1 configurations support as many as 260 stations per ring, while Type 3 can support up to 72 stations per ring. Most MAUs and NICs are dual-speed and can run at either 4 or 16 Mbps, but not both. However, you can use bridges or routers to connect 4-Mbps Token Ring networks to 16-Mbps Token Ring networks.

STP cabling for Type 1 Token Ring comes in nine types, only two of which are common now:

• Type 1 cable: Uses two-pair 22-gauge shielded, grounded solid copper wire. Use this type for longer cable runs such as those between wiring closets and work areas. The maximum lobe length is 655 feet (200 meters).
• Type 6 cable: Uses two-pair 26-gauge stranded, shielded copper wire and is more flexible (and looks nicer!) than Type 1 cable. Use this type for work areas in which cables will be visible or where equipment will be moved frequently and especially for patch cables. The maximum lobe length is 148 feet (45 meters).

Token Ring stations pass a single data packet called a token from one computer to the next rather than let each node transmit independently, as in a contention-based network such as Ethernet. Only one token can be on the network at a time, so collisions do not occur in Token Ring networks as they do in Ethernet networks. This process is analogous to sending messages to a group of people by passing a hat. In order to pass a token in a Token Ring network, each station must know who its neighbors are and must perform a check to make sure that the circuit is unbroken. Messages containing this information are continually sent around the ring. The token circulates so long as this message is received. To generate the required information, the first station online in the ring assumes the role of Active Monitor Station. It creates the token and is responsible for taking action if the token is lost or damaged. The Active Monitor Station sends out an Active Monitor Present frame every seven seconds to the next node down the line. Each node in turn informs its downstream neighbor that it is its Nearest Active Upstream Neighbor. An error-detection process called beaconing occurs if the ring breaks and the token fails to circulate. If the Active Monitor Station fails, another station assumes its role of monitoring the status of the network and generating a new token if the existing one is lost.

If a station wants to transmit data over the network, it waits until the token comes by; if the token has not been claimed by another station, it claims the token and inverts the monitor setting bit to mark it "busy" so that no other station can claim the token for a predefined but variable amount of time. The originating station then removes the last byte from the token (called the delimiter byte), appends data to the token, and appends the delimiter byte to the end to form a frame of variable length (up to 8000 bytes). The token with data circulates around the ring in one direction from station to station. (Each station acts as a repeater to regenerate and forward the token.) When it returns to the originating station, the token and the data are removed and a new token is generated and placed onto the network.

Notes

You can get both types of cable in an adapter cable version (terminated at one end with an IBM data connector and at the other end with a DB9 male connector) or a patch-panel version (terminated at both ends with data connectors). Use patch panel cables to connect MAUs, and use adapter cables to connect stations to MAUs. You can also get baluns, which can convert Type 1 IBM cabling to UTP cabling to connect different Token Ring types, and you can get special adapters that allow data connectors to be connected to RJ-45 ports so that you can use installed UTP cabling with Type 1 MAUs.

Some network interface cards (NICs) for Token Ring networking support software-configurable physical layer addressing, but note that all Token Ring NICs must have unique MAC addresses for communications to work properly on a Token Ring network.

The following table provides suggestions for troubleshooting common Token Ring network problems.

Troubleshooting Tips for Token Ring Networks

Problem	Suggestion
Mismatched ring speed	Be sure that all connected stations use 4 Mbps or that all use 16 Mbps. Do not mix stations of different speeds.
Stations cannot receive	Check cables and reset the MAU.
Conflicting MAC addresses	Use NIC configuration software to change the MAC address on one of the conflicting computers.
Traffic congestion on the network	Segment the network by using a bridge or a router.

See Also: Ethernet, Fast Ethernet, Gigabit Ethernet (GbE), local area network (LAN), MAC address, Multi-station Access Unit (MAU or MSAU), network interface card (NIC), shielded twisted-pair (STP) cabling, unshielded twisted-pair (UTP) cabling

top-level domain (TLD)

Overview

Top-level domains (TLDs) are relatively few in number and are used to identify broad classes of Internet services. The number of TLDs is controlled by the Internet Corporation for Assigned Names and Numbers (ICANN), which keeps this number small to maintain the efficiency of the hierarchical DNS naming system. Name resolution for TLDs is provided by the Internet's 13 root name servers and 10 top-level domain servers.

The various TLDs are listed in the following table. Several additional TLDs, such as .name, .pro, .museum, .aero, and .coop, have been approved by ICANN. The first three TLDs are managed commercially by domain name registrars, and their use varies widely. For example, although .net was originally intended for networking companies only, even some personal home pages use this domain.

Top-Level Domains

Domain	Description
.com	Commercial businesses and miscellaneous other uses
.net	Networking and telecommunications companies
.org	Nonprofit organizations
.edu	Four-year degree-granting universities and colleges in North America
.gov	U.S. federal government
.mil	U.S. military use only
.int	Organizations established by international treaty
.biz	Businesses
.info	General purpose

In addition to the domains listed in the table, countries as well as states and provinces within countries are identified by two-letter country codes. For example, .uk is the top-level domain for the United Kingdom, .ca is the top-level domain for Canada, and mb.ca is the top-level domain for the province of Manitoba in Canada. Although the .com domain is by far the most popular one today due to the way it is marketed, many businesses are forced to use other domains such as .net, .biz, or their country domain because of the shortage of commercial top-level domains.

Notes

A special domain called in-addr.arpa is used for reverse DNS name lookups (resolving a host name given the host's Internet Protocol [IP] address).

See Also: country code, Domain Name System (DNS), in-addr.arpa, Internet, Internet Corporation for Assigned Names and Numbers (ICANN), root name server

topology

Overview

The term topology can refer to either a network's physical topology, which is the actual physical layout or pattern of the cabling, or its logical topology, which is the path that signals actually take around the network. This difference is most evident in Token Ring networks, whose cabling is physically arranged in a star but whose signal flows in a ring from one component to the next. The term topology without any further description is usually assumed to mean the physical layout. The term comes from topos, the Greek word for "place."

When you design a network, your choice of topology will be determined by the network's size, architecture, cost, and management. Basic network topologies include the following:

• Bus topology: The stations are connected in a linear fashion. An example is the 10Base2 form of Ethernet.
• Star topology: The stations are connected to a single concentrating device called a hub (Ethernet) or a Multistation Access Unit, or MAU (Token Ring physical topology).
• Ring topology: The stations are connected in a ring. Examples are Fiber Distributed Data Interface, or FDDI (logical and physical ring), and Token Ring (logical ring and physical star).
• Mesh topology: The stations are connected in a complex, redundant pattern. This topology is generally used only in wide area networks (WANs) in which different networks are connected using routers.

Variations of these basic topologies include the following:

• Star bus topology: Consists of many star networks whose concentrators (hubs) are connected in a linear bus fashion
• Star-wired topology or cascaded-star topology: Consists of star networks whose hubs are joined in star formation to other hubs, forming a kind of tree-shaped network with the main hub at the top

See Also: bus topology, mesh topology, ring topology, star topology

tracert

Overview

Tracert (or traceroute) is used to "trace the route" across an IP internetwork from a local host to a remote one. Tracert uses Internet Control Message Protocol (ICMP) echo packets similar to the way ping operates. When an attempt is made to use tracert to trace the route to a remote IP host, a series of ICMP echo packets are assigned a steadily increasing Time to Live (TTL) to test network connectivity with routers and IP hosts that are farther away along the route. This continues until either connectivity fails or the target host is finally contacted and successfully responds.

Examples

If you run

tracert research.microsoft.com

from Winnipeg through your local Internet service provider (ISP), you might get a display similar to the following, depending on the route the packets take at that moment:

Tracing route to research.microsoft.com [131.107.65.14] over a maximum of 30 hops:
  1   100 ms   100 ms   110 ms  
wnpgas04.mts.net [205.200.55.1]
  2   100 ms    90 ms   100 ms  205.200.55.6
  3    90 ms   100 ms   110 ms  
wnpgbr01-g11-102.mts.net [205.200.28.82]
  4   110 ms   100 ms   100 ms  
dis4-winnipeg32-pos11-0.in.bellnexxia.net [206.108.110.5]
  5   120 ms   100 ms   100 ms  
core2-winnipeg32-pos6-2.in.bellnexxia.net [206.108.102.129]
  6   120 ms   130 ms   120 ms  
core2-toronto12-pos10-1.in.bellnexxia.net [206.108.97.29]
  7   120 ms   130 ms   120 ms  
core3-toronto12-pos6-0.in.bellnexxia.net [64.230.242.201]
  8   180 ms   180 ms   181 ms  
core2-vancouver-pos10-2.in.bellnexxia.net [206.108.101.182]
  9   191 ms   180 ms   190 ms  
core2-seattle-pos12-0.in.bellnexxia.net [206.108.102.209]
 10   180 ms   190 ms   190 ms  
bx3-seattle-pos5-0.in.bellnexxia.net 
[206.108.102.202]
 11   180 ms   190 ms   190 ms  
microsoft-gw.core1-seattle-pos6-2.in.
bellnexxia.net [206.108.108.134]
 12   180 ms   190 ms   190 ms  207.46.190.161
 13   180 ms  1042 ms   180 ms  
iuscixtukc1202-ge-5-0.msft.net [207.46.129.48]
 14   191 ms   190 ms   190 ms  207.46.168.122
 15   181 ms   190 ms   190 ms  131.107.33.50
 16  1142 ms   1021 ms   191 ms  
iusdinetdc7507-fe-0-1-0.msft.net [131.107.34.135]
 17   190 ms   181 ms   190 ms  131.107.40.70
 18   190 ms   191 ms   190 ms  
research.microsoft.com [131.107.65.14]
Trace complete.

Note that the destination host was finally reached after a distance of 18 hops, and note the gradually increasing response times.

See Also: network troubleshooting, ping

transaction

Overview

Transactions are units of work that must succeed or fail as a whole—a transaction can never partially succeed. If a transaction fails while only partially completed, the transaction is rolled back to the beginning. An example is a credit card purchase: The store requests the purchase amount from the credit card company, the company distributes the funds to the store, and the company bills the purchaser. If any part of the transaction fails, the entire transaction must fail to prevent money from being lost.

Component Services on Microsoft Windows 2000 (or Microsoft Transaction Server on Windows NT), a tool that provides the underlying support, or "plumbing," for creating scalable, distributed, transactional Web applications, provides failure isolations and mechanisms for recovering failed transactions and can run components of transactions as isolated processes for greater crash protection. Component Services uses the Distributed Component Object Model (DCOM) programming architecture for communication between components on Microsoft Windows networks.

See Also: Distributed Component Object Model (DCOM)

transaction log

Overview

Transaction logs are used in products such as the Microsoft Exchange Server directory services database and information store and Microsoft SQL Server. Using Exchange Server as an example, data is written to transaction log files before it is applied to the directory or information store databases. This improves the performance of write operations to the Exchange databases. In Exchange, you might have several transaction logs in your database directory. When a database is backed up, the transaction logs are then purged.

Transaction logs also play an important role in providing fault tolerance and recoverability for databases. If a system crash corrupts the database files, you can use the transaction logs (if they are intact) to restore all changes to the database since the last backup. Transaction logs make online incremental and differential backups possible. Without transaction logs, you would be able to perform full backups only when backing up databases online.

Transact-SQL

Overview

Transact-SQL (sometimes called T-SQL) is a superset of the SQL-92 standard developed by the American National Standards Institute (ANSI) and the International Organization for Standards (ISO). Transact-SQL includes all the features of standard SQL plus several enhancements, including

• Conditional programming constructs such as IF and WHILE
• System stored procedures

Transact-SQL has continued to evolve with each new version of SQL Server released by Microsoft and is a powerful data manipulation language for relational database management systems (RDBMS).

See Also: American National Standards Institute (ANSI), database, International Organization for Standardization (ISO), SQL Server, Structured Query Language (SQL)

transceiver

Overview

In the 1980s transceivers were often separate devices attached to thicknet cabling using vampire taps, but today most network interface cards (NICs) have onboard transceivers built into them. Some Fast Ethernet NICs also have a media independent interface (MII) to which an external transceiver can be connected to provide different kinds of 100-megabits per second (Mbps) networking. This allows greater flexibility in your networking options. For example, 100BaseTX transceivers have an RJ-45 port for connecting unshielded twisted-pair (UTP) cabling, and 100BaseFX transceivers have an SC-type port for connecting fiber-optic cabling.

See Also: baseband transmission, network interface card (NIC), thicknett

transceiver cable

See: drop cable

Transmission Control Protocol (TCP)

Overview

Transmission Control Protocol (TCP) is one of two transport layer protocols used by TCP/IP, the other being User Datagram Protocol (UDP). Although UDP supports only unreliable, connectionless network communications, TCP provides support for reliable, connection-oriented delivery of Internet Protocol (IP) packets. TCP supports only point-to-point communications between two hosts and does not support multipoint communications as UDP does.

Some of the features of TCP communications include

• Byte stream: TCP accepts a stream of bytes from application level protocols and apportions it into TCP packets without regard to application-level message boundaries within the stream.
• Connection-oriented: Before transferring packets, TCP negotiates a connection between sending and receiving hosts using a process called a TCP Three-Way Handshake. TCP connections are also closed using the same process, and connections are maintained using a keep-alive process to ensure that they do not unnecessarily time out. These procedures enable TCP to guarantee that transmitted data will be delivered to its targeted destination.
• Full-duplex: A TCP connection consists of two logical pipes for transmitting packets in opposite directions.
• Reliable: All TCP packets within a particular byte stream (part of a specific communication session) are sequenced to ensure that the byte stream can be properly reconstructed at the destination. Packets that successfully arrive at their destination cause acknowledgements (ACKs) to be generated so the sending host will know that delivery has been successful. Packets that arrive out of order are buffered, and missing packets are retransmitted after a period of time when the sending host determines that no acknowledgements have been received for these packets. Sender-side and receiver-side flow control are implemented to prevent loss of packets when buffers are full and to eliminate subsequent unnecessary retransmissions. In addition, TCP checksums are included to enable the receiving host to verify the bit-level integrity of the transmission.

Notes

Microsoft Corporation's implementation of TCP on its Microsoft Windows 2000, Windows XP, and Windows .NET Server platforms include support for advanced features such as self-tuning to ensure that data is sent at a speed optimal for the receiving host, dead gateway detection to ensure that inoperative gateways do not hinder packet delivery, and checksums for ensuring error-free delivery.

See Also: ACK, connectionless protocol, connection- oriented protocol, Internet Protocol (IP), Trans-mission Control Protocol/Internet Protocol (TCP/IP), User Datagram Protocol (UDP)

Transmission Control Protocol/ Internet Protocol (TCP/IP)

Overview

Transmission Control Protocol/Internet Protocol (TCP/ IP) was developed in the 1970s and 1980s as a standard protocol for linking hosts and networks into wide area networks (WANs). TCP/IP is an open networking standard that is independent from underlying physical network transport mechanisms. It uses a simple addressing scheme called IP addresses that allow billions of individual hosts to communicate with one another on the Internet. TCP/IP is also a routable protocol that is suitable for connecting dissimilar systems (such as Microsoft Windows and UNIX hosts) in heterogeneous networks and is the most common network transport in use today.

TCP/IP is a constantly evolving protocol suite whose development is steered by such bodies as the Internet Society (ISOC), the Internet Architecture Board (IAB), and the Internet Engineering Task Force (IETF). The various protocols, addressing schemes, and concepts of TCP/IP are defined in a series of documents called Requests for Comments (RFCs) issued by the IETF under an open standards process.

The foundation of the TCP/IP protocol suite is the Internet Protocol (IP), which provides the addressing scheme and supports routing of traffic between networks. The current version of IP is called IPv4 (Internet Protocol version 4) and uses a 32-bit addressing scheme. Due to the explosion of popularity of the Internet in recent years, this addressing scheme is viewed as inadequate to handle the Internet's future growth. As a result, a new version called IPv6 is likely to be widely implemented over the next several years.

Architecture

As shown in the diagram, TCP/IP has a layered architecture consisting of four distinct operational layers. These four layers map loosely to the seven layers of the Open Systems Interconnection (OSI) reference model. The four-layer TCP/IP architecture is sometimes referred to as the DoD Model because TCP/IP was developed in connection with the ARPANET project of the U.S. Department of Defense (DoD). Each layer of the TCP/IP protocol suite has its associated component protocols, the most important of which are listed here:

• Application layer protocols: These are responsible for application-level access to TCP/IP networking services. These include Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Telnet, Simple Mail Transfer Protocol (SMTP), Simple Network Management Protocol (SNMP), and numerous others. In the Microsoft implementation of TCP/IP, application layer protocols interact with transport layer protocols by using either Windows Sockets or NetBIOS over TCP/IP (NetBT).
• Transport layer protocols: These establish communication through connection-oriented sessions and connectionless broadcasts. Protocols at this layer include Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).
• Internet layer protocols: These are responsible for routing and encapsulation into IP packets. Protocols at this layer include Internet Protocol (IP), Address Resolution Protocol (ARP), Internet Control Message Protocol (ICMP), and Internet Group Management Protocol (IGMP).
• Network layer protocols: These place frames on the network. TCP/IP can operate over a wide variety of network transports include the various local area network (LAN) architectures (such as Ethernet and Token Ring) and WAN telecommunication service technologies, including dial-up modem connections over the Public Switched Telephone Network (PSTN), Integrated Services Digital Network (ISDN), and Asynchronous Transfer Mode (ATM) networks.

TCP/IP employs two naming schemes to identify hosts and networks on an internetwork:

• IP addresses: These are logical 32-bit (4-byte) numeric addresses usually written in the form w.x.y.z. Using an associated subnet mask, IP addresses are split into two portions, a network ID that uniquely identifies the local network on the internetwork and a host ID that uniquely identifies the host on the local network. For example, the IP address 205.116.8.44 is partitioned using the subnet mask 255.255.255.0 into the network ID 25.116.8.0 and the host ID 44. IP addresses are the basic or primary way of identifying hosts and networks on an internetwork; they can either be assigned to hosts manually as static addresses or automatically using DHCP as dynamic addresses.
• Fully qualified domain names (FQDNs): These are alphanumeric names generally expressed in the form <host_name>.<domain_name> where <domain_name> identifies the particular network to which the host belongs and <host_name> uniquely identifies the host on the specific network. FQDNs are based on a hierarchical worldwide naming system called the Domain Name System (DNS). As an example, the FQDN server12.microsoft.com represents a host named server12 that belongs to a network whose domain name is microsoft.com. This microsoft.com domain is a second-level domain that belongs to the top-level domain named .com, which itself belongs to the root DNS domain named "." (dot). FQDNs are essentially "friendly" names that are easier to remember than IP addresses. For TCP/IP communications to take place, however, FQDNs must first be resolved into their associated IP addresses by using either a DNS server called a name server or using a hosts file stored on the local machine.

Click to view graphic

Transmission Control Protocol/Internet Protocol (TCP/IP). How the four layers of the DoD TCP/IP model map to the seven-layer OSI reference model.

See Also: Address Resolution Protocol (ARP), Asynchronous Transfer Mode (ATM), Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Ethernet, File Transfer Protocol (FTP), fully qualified domain name (FQDN), hosts file, Hypertext Transfer Protocol (HTTP), Integrated Services Digital Network (ISDN), Internet, Internet Architecture Board (IAB), Internet Control Message Protocol (ICMP), Internet Engineering Task Force (IETF), Internet Group Management Protocol (IGMP), Internet Protocol (IP), Internet Society (ISOC), IP address, NetBIOS over TCP/IP (NetBT), Open Systems Interconnection (OSI) reference model, Public Switched Telephone Network (PSTN), Request for Comments (RFC), Simple Mail Transfer Protocol (SMTP), Simple Network Management Protocol (SNMP), subnet mask, Telnet, Token Ring, Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Windows Sockets

transport layer

Overview

The transport layer is responsible for providing reliable transport services to the upper-layer protocols. These services include:

• Flow control to ensure that the transmitting device does not send more data than the receiving device can handle
• Packet sequencing for segmentation of data packets and remote reassembly
• Error handling and acknowledgments to ensure that data is retransmitted when required
• Multiplexing for combining data from several sources for transmission over one data path
• Virtual circuits for establishing sessions between communicating stations

Notes

Transmission Control Protocol (TCP) resides at the equivalent of the OSI transport layer in the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols.

See Also: Open Systems Interconnection (OSI) reference model, Transmission Control Protocol (TCP), Transmission Control Protocol/Internet Protocol (TCP/IP)

Transport Layer Security (TLS)

Overview

Transport Layer Security (TLS) is based on SSL 3 and is very similar in architecture and operation to that protocol. Netscape Communications originally developed SSL in 1993 to provide secure communications over the Internet for Hypertext Transfer Protocol (HTTP) traffic. SSL included support for public and symmetric key cryptography, two-way encrypted authentication, support for anonymous connections, client/server negotiation of the encryption algorithm to be used, and message integrity using digital certificates.

TLS supports all these features of SSL and provides services for secure authentication, data integrity, and confidentiality. TLS is used to secure HTTP, Simple Mail Transfer Protocol (SMTP), and other forms of Internet traffic.

TLS is defined in RFC 2246. A variant of TLS called EAP-TLS that uses the Extensible Authentication Protocol (EAP) extension to Point-to-Point Protocol (PPP) is defined in RFC 2716.

See Also: Extensible Authentication Protocol (EAP), Hypertext Transfer Protocol (HTTP), Point-to-Point Protocol (PPP), public key cryptography, Secure Sockets Layer (SSL), Simple Mail Transfer Protocol (SMTP)

tree

See: domain tree

Trivial File Transfer Protocol (TFTP)

Overview

Trivial File Transfer Protocol (TFTP) is a simple file transfer protocol that differs from the more popular File Transfer Protocol (FTP) mainly in that it does not support any form of authentication. TFTP copies files to and from remote hosts by using the User Datagram Protocol (UDP). The remote host must be running the TFTP service or daemon for the TFTP client to be able to communicate with it. TFTP is defined in RFC 1350.

Uses

One place where TFTP is sometimes used is in UNIX environments where the bootstrap protocol (BOOTP) is used for booting diskless workstations. In this scenario, TFTP is used to download the boot disk image from the BOOTP server to the workstation. Another use for TFTP is in Cisco router networking where TFTP can be used to upload or download router configuration information or even perform a flash install of a new version of Cisco Systems' Internetwork Operating System (IOS).

Notes

The Microsoft Windows 2000 and Windows .NET Server platforms include both a command-line TFTP client and an optional TFTP service called the Trivial File Transfer Protocol Daemon (TFTPD) that is installed when the Remote Installation Services component is enabled.

See Also: bootstrap protocol (BOOTP), File Transfer Protocol (FTP), Internetwork Operating System (IOS), router, User Datagram Protocol (UDP)

trunking

Overview

Trunking provides a way of overcoming the bandwidth limitations of a single physical network link. Trunking is generally employed in three contexts:

• In switched Ethernet networking, trunking can be used in either switch-switch or switch-server connections to relieve traffic congestion by providing increased bandwidth.
• In remote access and wide area networking, trunking is often used to aggregate multiple wide area network (WAN) links into a single fat pipe.
• In telecommunications, telcos sometimes use trunking to aggregate multiple Digital Subscriber Line (DSL) connections for transmission over T1 lines using Asynchronous Transfer Mode (ATM).

The Institute of Electrical and Electronics Engineers (IEEE) 802.3ad standard ensures interoperability among Fast Ethernet and Gigabit Ethernet (GbE) switches that support trunking.

Implementation

Looking specifically at trunking in switched Ethernet networks, trunking is essentially a form of inverse multiplexing that can be either hardware-based or software-based in its implementation. Trunking was originally developed to reduce congestion in switch-switch connections in switched local area network (LAN) environments. By aggregating several 100-megabit-per-second (Mbps) links between Fast Ethernet switches, for example, you can achieve data rates of 300 or 400 Mbps between the switches to accommodate network backbone traffic. In a full-duplex configuration, this means rates of 600 or 800 Mbps, which rivals the more expensive GbE technology and gives new life to old switches. Not only is it often more economical to trunk Fast Ethernet lines than to upgrade to GbE, but trunked Fast Ethernet cable runs can go farther than GbE cable runs. However, in certain situations trunking does not improve matters. For example, trunking cannot speed up server-to-server backups. GbE switches can be similarly joined for increased backbone capacity in congested enterprise networks. Note, however, that although the theoretical speed for quadruple-trunked full-duplex Fast Ethernet connections is 800 Mbps, in practice the maximum achievable rate is about 560 Mbps because of traffic overhead. Note that switches must be intelligent if they are to support trunked connections properly, so check your switch documentation before you attempt to implement trunking on your network.

Trunking can also be implemented in switch-server connections so that multiple connections to a single server can be aggregated. This form of trunking can be purely software based or can be implemented as a combination of both hardware and software. For example, trunking software installed on multiple network interface cards (NICs) in the server automatically handles load balancing across the various server interfaces and can remove an interface from the trunking group if the interface goes down. This provides increased bandwidth between the server and the switch and ensures fault-tolerant operation. Note that software-based trunking adds an overhead of up to 5 percent to the server's CPU, depending on the software and the NIC used. Look for special NICs from trunking software vendors with on-board processors that can run the trunking software and thus reduce the load on the CPU. Also, do not mix and match trunking software or hardware from different vendors in a single trunking group.

Click to view graphic

Trunking. Two forms of trunking used in switched Ethernet networks.

There are two basic approaches to how trunking can be implemented:

• Symmetrical trunking: Allows any port in a trunking group to transmit packets to any other port. Full-duplex connections are thus supported over all links in the group. For example, a server can both transmit and receive data at 400 Mbps in a trunked group of four interfaces and one switch.
• Asymmetrical trunking: Allows any port in a trunking group to transmit packets but allows only one port (the port on the switch) to receive packets. The server can transmit data at 400 Mbps but can receive data at only 100 Mbps.

Notes

Trunking by itself is limited to point-to-point connections between two switches or between a switch and a server. However, you can use the Multipoint Link Aggregation (MPLA) technology developed by 3Com Corporation to aggregate physical links connected to different switches into a single logical link. MPLA thus supports multipath trunking between multiple switches and servers, giving network administrators flexibility in configuring their hardware for optimal traffic servicing. Other vendors are working on similar multipath trunking technologies, but standards are still developing in this arena.

See Also: 802.3ad, Digital Subscriber Line (DSL), Ethernet, Ethernet switch, Fast Ethernet, Gigabit Ethernet (GbE), network interface card (NIC), T1

trust

Overview

Trust relationships allow users in one domain to access resources in another domain. Trusts work by having one domain trust the authority of the other domain to authenticate its user accounts.

Windows NT trusts, which are based on Windows NT Challenge/Response Authentication, are managed by the Windows NT Directory Services (NTDS). In Windows NT, trusts are one-way—the trusting domain (or resource domain) trusts the trusted domain (or accounts domain). This means that global users in the trusted domain can be authenticated for accessing resources in the trusting domain. Global users from the trusted domain can log on to any computer in either domain and can access resources in either domain if they have the appropriate permissions. Windows NT trusts are also nontransitive. In other words, if domain A trusts domain B and domain B trusts domain C, it is not true that domain A trusts domain C. If you want to establish a two-way trust between two Windows NT domains, you must create two trusts, one in each direction.

Administrators can set up trust relationships between domains by using the Policies menu in User Manager for Domains. The administrator on the accounts domain should permit the trust first, and then the administrator on the resource domain should complete the trust. Only global accounts (global users and global groups) can cross trusts. By using trusts, you can join Windows NT domains into a variety of domain models, including the complete trust model, the master domain model, and the multiple master domain model. You can join domains to support 100,000 or more users for enterprise-level networks.

Click to view graphic

Trust. How trust relationships work in Windows NT and Windows 2000.

In Windows 2000 and Windows .NET Server, trusts are managed by Active Directory directory service and are based on the Kerberos v5 security protocol. These trusts are always two-way—in other words, if domain A trusts domain B, users in either domain can access resources in the other domain if they have the appropriate permissions. These trusts are also transitive—in other words, if domain A trusts domain B and domain B trusts domain C, domain A also trusts domain C. Trusts are much easier to manage on these platforms than earlier Windows NT trusts, primarily because there are far fewer trusts to manage. This is because Windows 2000 and Windows .NET Server domains are combined into hierarchical structures called domain trees. All users in a domain tree can access resources in any domain of the tree if they have suitable permissions. In Windows 2000 and Windows .NET Server, you can also use another type of trust called an explicit trust, which is a one-way trust similar to that implemented in Windows NT, to form a trust relationship between two domain forests.

See Also: Active Directory, domain (DNS), domain tree, Kerberos, two-way transitive trust

T-SHARE

See: Remote Desktop Protocol (RDP)

tunneling

Overview

Tunneling is a way of using one network infrastructure (called the transit network) for carrying traffic for a different network. This is done by encapsulating the packets of the sending node in frames of the transit network and adding a suitable header to route the frame across the transit network to the receiving node. When the encapsulated frame arrives at the receiving node, it is de-encapsulated so the node can read it. The two nodes (sending and receiving) are called the tunnel endpoints, and the path over which encapsulated frames are routed across the transit network is called the tunnel. In addition to encapsulating traffic, most tunneling technologies also encrypt traffic for greater security as it travels over the transit network, usually an intermediate public network such as the Internet.

Types

Tunneling is widely used as a wide-area networking (WAN) technology for connecting networks using an intermediate public network such as the Internet. Some common examples of tunneling technologies include the following:

• IPX over IP: Here Internetwork Packet Exchange (IPX) packets are encapsulated in Internet Protocol (IP) datagrams to enable them to be routed over an IP internetwork such as the Internet. This process allows legacy NetWare 3.x networks to communicate over IP.
• SNA over IP: Here Systems Network Architecture (SNA) traffic is encapsulated in IP using User Datagram Protocol (UDP) headers, a process described in RFC 1795 and also known as Data Link Switching (DLSw).
• Point-to-Point Tunneling Protocol (PPTP): This is a Microsoft Corporation protocol for tunneling IP, IPX, and NetBIOS Enhanced User Interface (NetBEUI) traffic over the Internet.
• Layer-2 Tunneling Protocol (L2TP): This protocol supports tunneling of IP, IPX, and NetBEUI traffic over any point-to-point datagram delivery service including X.25, frame relay, Asynchronous Transfer Mode (ATM), and IP.
• IP Security (IPsec): This protocol has a tunnel mode that allows IP traffic to be encapsulated and encrypted for transmission over a public IP network such as the Internet.

See Also: Internet, Internet Protocol (IP), Internet Protocol Security (IPsec), Internetwork Packet Exchange (IPX), Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), Systems Network Architecture (SNA), wide area network (WAN)

twinax cabling

Overview

Twinax cabling typically uses 20 AWG stranded copper conductors, has an outside diameter of 1/3 inch, and comes with a polyvinyl chloride or plenum jacket. Twinax cabling typically has an impedance of 80 to 100 ohms. Twinax cabling is used primarily for connecting IBM System 3X or AS/400 systems to 5250 terminals.

Notes

To extend a twinax connection over long distances, use a repeater. Twinax repeaters can typically transmit signals up to 1 mile (1.6 kilometers) over unshielded twisted-pair (UTP) cabling and over longer distances using duplex fiber-optic cabling. One repeater is required at both ends of the connection.

Use a multiport repeater (hub) to connect several terminals over a single connection to an AS/400 or System 3X host. You can use twinax-to-RJ-45 baluns to connect the terminals and mainframe host to the hub by using UTP cabling. Some repeaters have RJ-11 ports for extending twinax connections over standard telephone cabling. Twinax cabling is traditionally used in a daisy-chained topology, but if you use a multiport repeater, you can also use a star topology configuration.

See Also: cabling, coaxial cabling, repeater, unshielded twisted-pair (UTP) cabling

twisted-pair cabling

Overview

In computer networking and telecommunications, twisted-pair cabling may consist of from one to four pairs of color-coded insulated stranded copper wires that are twisted together in pairs and enclosed in a protective outer sheath. The twists in twisted-pair cabling help reduce frequency loss and improve signal transmission by reducing the effects of crosstalk. This is because twisting the wires together makes the cabling more resistant to electromagnetic interference (EMI), which helps maintain a high signal-to-noise ratio for reliable network communication to take place.

The earliest uses for twisted-pair cabling was for the Plain Old Telephone System (POTS), where the cabling was used for local loop wiring and was terminated with RJ-11 connectors. Twisted-pair cabling was developed in both shielded and unshielded configurations, with shielded cabling having better performance but costing more. Twisted-pair cabling is today the cabling medium of choice for building computer networks of all sizes from departmental local area networks (LANs) to structured wiring systems for office towers and campuses. Such twisted-pair cabling used for networking purposes employs RJ-45 connectors instead of the RJ-11 connectors used for telephony applications.

Twisted-pair cabling used in Ethernet networking is usually unshielded twisted-pair (UTP) cabling, but shielded twisted-pair (STP) cabling is typically used in Token Ring networks. UTP cabling comes in different grades for different purposes, the most common of which is Category 5 (Cat5) cabling.

Notes

In a telephone environment, one pair of wires is sufficient for ordinary telephone communication to take place. Most customer premises wiring established by telcos uses two-pair wiring in case a second line is later needed for fax or modem use.

See Also: Category 5 (Cat5) cabling, crosstalk, electromagnetic interference (EMI), Ethernet, Plain Old Telephone Service (POTS), RJ connectors, shielded twisted-pair (STP) cabling, Token Ring, unshielded twisted-pair (UTP) cabling

two-way transitive trust

Overview

By default, all Windows 2000 and Windows .NET Server trusts are two-way, meaning that each domain trusts the authority of the other domain for authentication. A Windows 2000 trust is also transitive—if domain A trusts domain B and domain B trusts domain C, domain A trusts domain C. Windows 2000 two-way transitive trusts are based on the Kerberos v5 security protocol.

Because of the two-way transitive nature of Windows 2000 and Windows .NET Server trusts, all domains in a domain tree implicitly trust one another. This means that resources of one domain are available to users in all other domains in the domain tree if they have suitable permissions.

Notes

You can also create one-way nontransitive trusts for Windows 2000- and Windows .NET Server-based networks. These one-way trusts are similar to the trust relationships formed by Windows NT domain controllers. A one-way trust between a domain and a domain tree provides users of the domain with access only to the domain in the tree to which it is joined. One-way trusts can be useful when domains require a less permanent relationship—for example, when two companies take part in a joint venture. Only the resources needed by the other company are made available to the trusted domain; the entire domain tree is not exposed.

See Also: Active Directory, domain (DNS), Kerberos, trust

Last Updated: April 8, 2002

Top of Page