Transcript Windows Internet Connection Sharing Dave Eitelbach Program Manager
Windows Internet Connection Sharing
Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation
Goals
Enable multiple users in the home to connect to the Internet Handle roaming laptops transparently Simplify or eliminate configuration Enable telecommuting using the Internet as a WAN (VPNs)
Issues For Deployment Of Home Networks
Installation should be easy
There are no Net admins at home .
Automatic Network Configuration has to be automatic
There are no Net admins at home ..
Network health and recovery should take care of itself
There are no Net admins at home ...
Requirements
Transparent network configuration for end user No client software (from both IHVs and OEMs) Support for legacy and non-Windows clients Demand dial support Support for remote client UI for demand dial control and progress indication
Dial control and client “usage” APIs Comprehensive protocol support
Built in support for basic protocols (e.g., FTP, etc.) Built-in support for Internet games (no config UI) Built-in support for VPNs (e.g., PPTP)
Connecting To The Internet
Share the Internet connection transparently for both
Dial-Up media
Always-available media Resolve Internet names to addresses Use Internet protocols (DNS and DHCP) to solve the problem
Clients on the home network should just work
Addresses And The Internet
Home network clients need to share the public IP address of the gateway system when sending and receiving traffic on the Internet
Internet addresses must be unique and routable
Private home addresses won’t work Consumer Internet access (via an ISP) is typically a single IP address
Connection Sharing Architecture
“Connection Sharing" components:
NAT transparently shares single public IP address for clients on the local network DHCP Allocator assigns address, gateway and name server on the local-network
DNS Proxy resolves names on behalf of local-network clients
Auto-dial makes connections automatically
Alternative Gateways
Basic options for Internet Gateway
Application Proxy Server
Winsock Proxy Server Network Address Translator (NAT)
Application Proxy
app winsock stack app-proxy winsock stack
Every application on every client must be configured to use proxy Proxy requires logic for every application
Winsock Proxy
app winsock stack winsock proxy stack
Client winsock must be configured to forward socket calls to winsock proxy Transparent for most applications
Network Address Translation
app winsock stack NAT
No client configuration; transparent for all applications on the client NAT requires protocol handlers for some protocols (FTP, games, etc)
Network Address Translator
NAT (Network Address Translation)
Typically maps set of private addresses to set of public addresses NAT keeps state on private source IP address and public destination address for outbound flows
NAT changes the IP address information and edits needed IP header information on the fly
10.0.0.2 Internet 10.0.0.3 10.0.0.1 157.55.0.1
What Is NAT?
A NAT changes IP addresses in packets on the fly
Records the mapping between original and replacement address S D
131.107.1.7
10.0.0.2=172.31.249.14
Autoconfiguring The Home Network Via DHCP
The client machines in the home network need to be configured for address, name server address, and default gateway address Static addressing requires “networking 101” knowledge, and configuration of each PC Automatic self-addressing generates a unique address for each PC (in single subnet) DHCP (Dynamic Host Configuration Protocol) assigns IP address, default gateway, and DNS info to each client DHCP is widely used on both Enterprise and small networks (e.g., Small Business Server)
Autoconfiguring The Home Network Via DHCP
Enable mobile laptops
Laptops will come home from Enterprise network They should work on both the Enterprise network as well as the home network without reconfiguration Laptops must return to the Enterprise network without causing network problems
Base solution on standard protocols, DHCP
DHCP Allocator
A simplified DHCP server for the home network Assumes single segment LAN (i.e., single subnet) connected to the Internet gateway
Relies on broadcast-based defense Multiple segments would require true DHCP server and potentially DHCP relays Assigns its own address (i.e., the address of the “private” interface of Internet sharing PC) as the DNS address and default gateway address
local client broadcasts DHCP request local client 1 access point access point gives gateway and DNS local client 2
DNS Proxy
DHCP Allocator provides its own address as DNS server address to home network client machines
Clients have DNS server address in disconnected dial-up case Clients are shielded from changing Internet DNS server addresses Internet DNS requests are then proxied to the Internet connection
Dial up link is connected if needed
local client 2 local client 1 runs DNS proxy access point services DHCP clients ISP router translates addresses DNS server
Connection Sharing Example
Auto-configured home/ small-office networking NAT translates packets to and from the assigned public IP address DHCP allocator assigns address, gateway, and name server on home LAN; DNS proxy forwards queries Clients access corporate networks using PPTP through the NAT Home LAN 169.254.0.3
Windows Internet Connection Sharing Internet 169.254.0.4
Corporate RAS
Windows Internet Connection Sharing
Windows 2000 and Windows 98 will provide base Connection Sharing capabilities
DHCP Allocator
DNS Proxy Network Address Translation
Support for popular applications and games APIs for config, status, and dial control Enable ISV hybrid solutions on Windows platform
Windows Internet Connection Sharing
Requirements revisited
Transparent network configuration for end user YES Support for legacy and non-Windows clients YES Demand dial support YES Support for remote client UI for demand dial control and progress indication YES
Dial control and client “usage” APIs No client software (from both IHVs and OEMs) YES Comprehensive protocol support YES
Easy support (e.g., no config UI) for popular Internet games VPN (e.g., PPTP)
Windows 2000 Connection Sharing Architecture
Automates addressing of LAN clients Forwards packets through NAT before routing Automatically dials public network for LAN clients Windows Connection Sharing DHCP DNS Proxy Forwards name queries from LAN clients User Kernel TCPIP Extensions NAT Shares single IP address among LAN clients
Windows 98 Internet Connection Sharing Architecture NDIS protocols NDIS adapters Ethernet TCP/UDP IP NDIS ICSMAC ICSPROT PPPMAC Internal Home Network Data flow in kernel Modem
Windows 2000 Connection Sharing Integration
Turning on connection sharing for new dial-up connections
Windows 2000 Connection Sharing Integration
Turning on connection sharing for existing connections
Windows 98 Internet Connection Sharing
Turning on Internet Connection Sharing
Windows Internet Connections Sharing Demo
Client PC HomePNA ICS PC Internet DSL link Client PC
Call To Action
Provide feedback on your key Internet sharing requirements
Send e-mail to [email protected]
Ship “Sharing Enabled” PCs
Broadband + LAN Dial + LAN
ISDN + LAN Build value add control applications and UI on base Internet Sharing APIs