Building a Home

Network

Kent Reuber

Outline



Will focus on physical layouts.

Hard to get very specific.



Too many OS versions and

network hardware

combinations.



Example network layouts.



Example home network

General recommendations



Buying things:

 _{Ask questions (e.g., Expert Partners list)} before you buy. Have a goal…

 _{Check online to see if manuals are available.}  _{Buy stuff that you can return, if possible.}



Use dedicated hardware (e.g., print

servers, broadband routers) rather than

software

 _{Dedicated hardware is more robust and} simpler to operate.

Networking shopping list



Necessary or highly recommended:



Internet Service Provider (ISP).



Broadband (NAT) router.



Print server or network printer.



Cables.



Optional:



Wireless access point.



Wireless repeater.

Network addressing

 _{All IP addresses}

within the network must be unique.

 _{Check your docs for}

subnet mask and gateway.

 _{Most broadband}

routers have DHCP servers, so you don’t have to manage

addresses manually. “All I did was to ask for her

Broadband (NAT) router



Hides network

from the outside

world using NAT.



Connections:

 _{WAN Ethernet} interface for

connection to ISP equipment.

 _{Ethernet LAN} interface(s).

 _{Usually also has} wireless.

QuickTime™ and a

What is NAT?



NAT = “Net Address Translation”



Several different methods. For the gory

details, see RFC 1613.



Most frequently encountered method is

the one used in home broadband

routers which “hide” an entire

non-routable network range behind a single

routable “public” IP address.



Ref: Bill Dutcher: “The NAT Handbook”

Why would you want to

use NAT?



Allows you to buy a single IP address

from your ISP and share that address

among a large number of devices. (May

save $$)



All devices on the local network can

access the Internet at the same time,

though the bandwidth is shared.



Firewall:

 _{Outside hosts can *reply* to hosts behind the}

NAT router.

 _{Inside hosts have to initiate the connection.}

NAT router setup

 _{NAT routers are given}

two IP’s addresses:  _{1 non-routable (LAN --}

you)

 _{1 routable (WAN – ISP)}

 _{Machines on LAN side}

get special non-routable addresses (usually 10.*.*.* or 192.168.*.*).

 _{No IP addresses in}

these ranges are

routed on the Internet.

How NAT works

 _{Normal routers}

maintain source and destination IP

addresses from end-to-end.

 _{NAT routers change IP}

addresses and port.  _{Outgoing packets}

appear to come from the NAT router’s public address.

 _{NAT routers keep track}

of each “flow” so that replies can be

returned.

QuickTime™ and a TIFF (LZW) decompressor are needed to see this picture.

How NAT firewalling works

 _{Suppose a host (either friendly or malicious) sends a}

packet to the NAT router without the connection being initiated from the inside.

 _{Outside hosts can’t send directly to the hosts on the local}

network side -- they have non-routable addresses!

 _{Since there is no entry in the flow table, the NAT router}

has no idea where to forward it and drops the packet. Instant firewall!

Circumventing the NAT

firewall (if you must)

 _{You may want to run a server behind your NAT}

router. How do you let in some traffic?

 _{NAT routers have a limited ability to “port}

forward”, sending all traffic to a given computer on the internal net and bypassing the flow table.

 _{For example:}

 _{Send all Web traffic (port 80) to 192.168.1.3}

 _{Send all mail traffic (port 25) to 192.168.1.5}

 _{You can get hacked if forwarded port is running a}

vulnerable service! For example, if your IIS Web server isn’t patched, your firewall won’t help

Should you use a NAT

router?



It’s your only choice if you get 1

address from your ISP and you want to

create a network.



If you get multiple addresses from your

ISP, you don’t necessarily need one, but

it’s still a good idea.

 _{Examples: Stanford DSL, Stanford West,} Welch Rd. apartments.

 _{May want to put one or more hosts on the} public side of the NAT (e.g., file server).  _{You should keep most private information}

Example home network:

mixed public/NAT setup

Wireless frequency

choices



Usually you’ll want wireless

802.11b/g support.



My opinion: wait on 802.11n until

the standard is more mature.



Internet access speed is usually

limited by the ISP.



Most DSL is only 1 Mbps. Even

802.11b won’t be a bottleneck.



Faster 802.11g usually only matters

Wireless network name



A computer will be able to roam freely

between access points with the same

network name (also called SSID)

 _{Any of your access points should have a} different SSID than those of your neighbors.  _{In most cases, all of your access points}

should broadcast the same SSID.



If you put up your own wireless on

campus, it should not use the SSID

Wireless protection

 _{Use address filters,}

WEP or WPA to

prevent neighbors from using your wireless.

 _{May want to use}

hidden SSID

(network name).

 _{Use encrypted}

protocols (https,

SSH, Kerberos, SSL) especially in public wireless areas.

QuickTime™ and a

Print server



Used to network a

printer that

doesn’t have a

network interface.



Usually has one

Ethernet and one

or more parallel or

USB interfaces.



Wireless also

available.

QuickTime™ and a

Cables



Ethernet cables



Category 5 or 5e is sufficient. No

need for Category 6.



Only 2 pair cable is necessary for

10/100. Gigabit needs 4 pairs.



May need crossover cables for

switch-switch connections.



May also need USB or parallel

Wireless access point



Wireless broadband router without

the router.



Usually only 1 Ethernet port.



Use if you need more than one

wireless for coverage.



Also useful if your broadband

router doesn’t have wireless.



Range extenders are also

Hubs and switches



Probably doesn’t matter which you

use. Unlikely that your net is so

congested that a switch would add

performance.



Switch speed is almost always faster

than your ISP, so switch speed will not

be a bottleneck to accessing the

Internet.



Always remember not to create loops

Web cams



Many of the new

Internet cameras

have built-in Web

servers so that

you don’t need a

computer.



Some people use

cams for security

or just to watch

their kittens…

QuickTime™ and a

Voice over IP (VoIP)



Many companies are starting to sell

equipment that can place calls

over Internet connections.



Expect lower quality voice, but you

may save money.

QuickTime™ and a

Stanford DSL

 _{5 usable Stanford IP addresses.}

 _{Network is ready to go.}

 _{Can access resources IP limited resources (e.g.,}

journals)

 _{Don’t need a broadband router, but it’s still a}

good idea.

 _{Netopia router (provided):}

 _{Can distribute your addresses via DHCP. Good for}

laptops.

 _{Has 4 10/100 ports for devices.}

 _{Only routes IP.}

 _{DNS is provided by campus servers.}

Kent’s Stanford DSL

Network

Stanford West/Welch Rd.



10Mbit Ethernet service. Not DSL!

 _{Way faster than DSL. 100Mbit service}

available.

 _{Up to 4 Stanford IP address for each paid jack.}

Can also get additional private (non-routable) addresses for print-servers, access points, etc.



Like department Ethernet networks, any

network protocol that gets sent onto the

wire can affect your neighbors. Play nice!



DHCP & DNS provided by campus

Books



“

Linksys Networks, the

Official Guide

”, Kathy Ivens,

Larry Seltzer, Osborne



“

Home Networking Bible

”,

Web Sites



Stanford West/Welch Rd.

Computing FAQ:



http://www.stanford.edu/services/sta

nfordwest/faq.html



Stanford VPN Service:



http://vpn.stanford.edu



Stanford DSL Service: