Configure Windows NT in the WAN

Configure Windows NT in the WAN

Windows NT 4.0 is a high-performance, 32-bit multi-user network operating system. Thanks to its user-friendly interface and powerful and intuitive management functions, it can be used by new users or senior system administrators, can quickly construct a Windows NT-based network environment, thus winning the favor of many users. However, with the increasing number of network nodes and the increasing number of connected network segments, the network scale is increasing, and some problems that cannot be encountered in the LAN environment will be gradually exposed. Therefore, how can we ensure that Windows NT fully satisfies users' access across CIDR blocks in a complex environment with multiple CIDR blocks and multiple primary domains, and how to reduce the network bandwidth occupation of Windows NT, maintaining its efficient operation is an urgent problem for every system administrator.

Next we will use a case to analyze how to set some technical parameters of Windows NT in a multi-network segment and multi-primary domain environment.

In this case, the Windows NT network consists of four physical network segments, which are connected through an ATM switch. Each network segment is an independent domain (the domain names are: HK-PDC, HY-PDC, WC-PDC, PDC1 ).

The network number of each CIDR block is:
1. HK-PDC network number 10.228.mask: 255.255.255.0
2. HY-PDC network number 10.228.18.0 mask: 255.255.255.0
3. WC-PDC network number 10.228.19.0 mask: 255.255.255.0
4. The netmask for PDC1 10.228.16.0 is 255.255.255.0.

1.
In the process of applying Windows NT to the Wan, you need to consider the following four aspects:

I. Protocol Optimization
In a small LAN, NetBEUI is undoubtedly your best choice. It does not require any manual settings, and the transmission speed is very fast. It is unmatched by other protocols, including TCP/IP. However, its transmission mechanism is based on intensive broadcast, which will inevitably cause a large amount of network bandwidth to be occupied (when the Ethernet bandwidth usage exceeds 50%, we must consider segmentation ), and cannot be routed to other network segments. Obviously, the NetBEUI Protocol cannot be used for wide area networks. Hotspot Network
The original design idea of TCP/IP is to use it in the WAN for group exchange, its routing mechanism and good cross-network segment affinity, determined the status of the currently undisputed mainstream protocol. Therefore, it is unwise to doubt or resist TCP/IP, but what we need to do is, how to migrate the existing communication protocols in the network to the TCP/IP protocol as soon as possible.
Windows NT uses TCP/IP as its built-in default protocol, which provides excellent internal support for TCP/IP, this minimizes the difficulties that users may encounter when implementing the TCP/IP solution, but this does not mean they will not encounter any problems. Although Microsoft has made great efforts in this regard, it still requires a lot of manual intervention and involves a wide range of aspects.

2. Create a WINS service
We know that WINS is an implementation form of the name service. It serves the same purpose as the widely used DNS on the Internet. It uses computer names (called host names in DNS, usually the two are the same) ing to its IP address, so that the two machines can establish a communication connection at the network layer. The difference is that WINS is dynamically maintained by itself, without human intervention, while DNS is static and completely dependent on manual maintenance. DNS is not allowed unless your network has Internet/Intranet applications.
In a small LAN, if you do not consider the establishment of the WINS service, your network will not be weakened because on Windows NT, the client can use broadcast to find the machines that appear in the browser (not Internet Explorer) and open various resources (such as shared directories and printers. Hotspot Network
In the wide area network, the router does not forward broadcast information to prevent the occurrence of broadcast storms, if the Windows 95/98 client without the WINS option is set to Node B by default, these clients can communicate with each other in broadcast mode, and thus cannot share resources across network segments. If you install WINS, the problem will be solved. Because, your machine can use the query to run the wins nt Server to accurately locate the IP address of the machine you want to use the shared resources.
Of course, you can create only one WINS Server in the wide area network. However, to improve network fault tolerance, it is necessary to create two WINS servers, one as the primary WINS Server (Pirmary WINS Server ), one slave wins server (Sencondery wins server) and establishes a partnership replication relationship for them to ensure data consistency between the two.
Figure 2 shows the content of the WINS database (the WINS server is set up in the 10.228.16.0 network segment). From this, we can see that the WINS clients of the three network segments perform dynamic ing on the WINS server, with the combination of the primary browser (residing in PDC), other clients can easily query the IP addresses of machines in different network segments by accessing the database, this ensures the continuity of cross-network segment browsing.

3. Establish a DHCP service
DHCP allows the client to dynamically obtain the lease right of the IP address from the DHCP server for a period of time, which not only effectively saves the occupied IP address, but also greatly simplifies the system maintenance burden, in the WAN environment, it is incredible to manually assign IP addresses to clients without DHCP.
After you set the client to automatically obtain the IP address (for example, on Windows 95/98 or Windows NT client, select "Get IP address from DHCP server "), the rest of the TCP/IP settings can be completed by the DHCP server on your behalf. In Windows nt wan environment, you generally need to set the following four options in the DHCP server:

1. 003 option-specify the default gateway for the client.
2. 006 DNS-specify the IP address of the DNS server (if not, you can not set it ).
3. 044 WINS/NBNS-specify the IP address of the WINS server.
4. 046 WINS/NBT node type-set to 0x8 h-node type.

For detailed descriptions of NBNS (NetBIOS Name Service) and NBT (NetBIOS Node Type), refer to RFC 1001 technical documents.
Once the preceding parameters are set on the DHCP server, these parameters will be used as the established configuration of the client together with the IP address rented to the client during client reboot, send them together for use.

In the planning and design of Wan, you can centrally manage the distribution of IP addresses in the entire network and the setting of TCP/IP parameters on a DHCP server, this DHCP server can correctly respond to IP Address requests from different CIDR blocks and issue IP addresses of corresponding CIDR blocks for them.

As shown in figure 3, the DHCP server (IP Address: 10.228.16.1) is divided into four CIDR blocks to respond to the application of clients from the four CIDR blocks, respectively, with dynamic IP addresses in the corresponding CIDR blocks.

In "option configuration" on the right, we can see that the above four options have been set.

Take 10.228.16.0 as an example:
1. The default gateway for the client is 10.228.16.31.
2. There are two DNS servers specified for the client: 10.228.16.6 and 10.228.0.1.
3. The primary WINS server specified for the client is 10.228.16.6, And the slave WINS server is 10.228.16.3.
4. The Node Type of the specified client is 0x8 (that is, the h node-first queries through WINS, and then queries by broadcast after the query fails ).
After the client is booted, run the WINIPCFG command (Windows 95) and IPCONFIG/ALL command (Windows NT) to check whether the settings obtained by the client are correct.

4. Establish trust relationships
To achieve resource sharing and Remote Account Verification (also called transfer verification) between multiple Windows NT domains, it is essential to establish a trust relationship, in the two domains with a trust relationship, the domain that your resources are provided to others is called a trust domain (Windows NT 4.0 is changed to a delegated domain ), the domain that can access other domain resources is called the trusted domain (Windows NT 4.0 changed to the entrusted domain ), the establishment of a two-way trust relationship or one-way trust relationship can be limited according to the user's actual needs.

As shown in figure 4, we can see that:
1. The local PDC1 has opened (or delegated) its own resources to HK-PDC, HY-PDC, WC-PDC three domain use.
2. HK-PDC and HY-PDC have also delegated their resources to PDC1 for use.
3. PDC1 and HK-PDC, PDC1 and HY-PDC are two-way trust relationship.
4. There is a one-way trust relationship between PDC1 and WC-PDC. In this example, PDC1 trusts the WC-PDC, but the WC-PDC does not trust PDC1, so that the result is that the WC-PDC can access the resources of PDC1, but PDC1 cannot access the resources of the WC-PDC.

With this instance, we can see that in addition to several multi-domain trust relationships recommended by Microsoft, users can also be based on industry characteristics and actual needs, flexible and diverse design of feasible multi-domain trust relationships.

V. Conclusion
Through the anatomy of an instance, this paper briefly introduces four issues that should be paid attention to when applying Windows NT to Wan construction. The purpose is, I will contribute some of my accumulated experience in managing Windows NT in my daily work, and give them a reference to my peers for mutual improvement. Hotspot Network

Contact address: zhanghui@netease.com, please send to us