Introduction to the Routing and Remote Access Service
Multiprotocol routing support for the Windows NT family of operating systems began with Windows NT 3.51 Service Pack 2, which included components for the Routing Information Protocol (RIP) for IP, RIP for IPX, and the Service Advertising Protocol (SAP) for IPX. Windows NT 4.0 also includes these components. In June 1996, Microsoft released RRAS for Windows NT 4.0, a component that replaced the Windows NT 4.0 remote access service, RIP for IP, RIP for IPX, and SAP for IPX services with a single integrated service providing both remote access and multiprotocol routing. This lesson focuses on how RRAS is implemented in Windows 2000. It discusses installation and configuration, as well authentication and authorization.
Windows 2000 Routing and Remote Access Service
RRAS for Windows 2000 Server continues the evolution of multiprotocol routing and remote access services for the Microsoft Windows platform. When RRAS was implemented in Windows NT 4.0, it added support for the following features:
- RIP version 2 for IP (RIP for IP version 1 is still supported).
- Open Shortest Path First (OSPF) routing protocol for IP
- Demand-dial routing (routing over persistent or on-demand WAN links such as analog phone lines)
- Internet Control Message Protocol (ICMP) router discovery
- Remote Authentication Dial-In User Service (RADIUS) client to benefit from the services provided by a RADIUS server
- RADIUS server for providing centralized authentication, authorization, accounting, and remote access policy to dial-up and VPN remote access clients (included with the Windows NT 4.0 Option Pack)
- IP and IPX packet filtering for protocol-level security
- A graphical user interface (GUI) administrative program called Routing and RAS Admin and a command-line utility called Routemon
Combining Routing and Remote Access
Before RRAS was implemented in Windows NT, the routing services and remote access services worked separately. However, the two services have been combined because of the Point-to-Point Protocol (PPP), which is the protocol suite that is commonly used to negotiate point-to-point connections for remote access clients. PPP provides link parameter negotiation, the exchange of authentication credentials, and network layer protocol negotiation. For example, when you dial an Internet service provider (ISP) via PPP, you agree to the size of the packets you are sending and how they are framed (link negotiation), you log on by using a user name and password (authentication), and you obtain an IP address (network layer negotiation).
Demand-dial routing connections also use PPP to provide the same kinds of services as remote access connections (link negotiation, authentication, and network layer negotiation). Therefore, the integration of routing (which includes demand-dial routing) and remote access is done to leverage the PPP client/server infrastructure available for the remote access components.
The PPP infrastructure of Windows 2000 Server includes support for the following types of access:
- Dial-up remote access (over dial-up equipment such as analog telephone lines, and ISDN) as either the client or server
- VPN remote access as either the client or server
- On-demand or persistent dial-up demand-dial routing (over dial-up equipment such as analog telephone lines, and ISDN) as either the calling router or the answering router
- On-demand or persistent VPN demand-dial routing as either the calling router or the answering router
Features of the Routing and Remote Access Service
RRAS for Windows 2000 includes a wide variety of features that support unicast and multicast IP routing, IPX routing, AppleTalk routing, remote access, and VPN support
Windows 2000 supports the sending, receiving, and forwarding of IP multicast traffic. Multicast traffic is sent to a single host but is processed by multiple hosts who listen for this type of traffic destined for a single host. This is commonly used for delivering real-time data to multiple users, such as when delivering a distributed media presentation. The IP multicast components of RRAS allow you to send and receive IP multicast traffic from remote access clients and multicast-enabled portions of the Internet or a private intranet.
The Windows 2000 Server Router is a fully functional IPX router supporting RIP for IPX, the primary routing protocol used in IPX internetworks; Novell NetWare SAP for IPX, a protocol for the collection and distribution of service names and addresses; and NetBIOS over IPX broadcast forwarding.
Windows 2000 remote access technology allows remote clients to connect to corporate networks or the Internet. This lesson provides an overview of remote access and discusses dial-up remote access connections, remote access security, and managing remote access. This lesson focuses on the Remote Access Service part of RRAS. Hereafter, the acronym RAS will be used to refer to the Remote Access Service component of RRAS
In Windows 2000 RAS, remote access clients are either connected to only the remote access server's resources (point-to-point remote access connectivity), or they are connected to the RAS server's resources and the resources in the network to which the remote access server is attached (point-to-LAN remote access connectivity). The latter type of connection type allows remote access clients to access resources as if they were physically attached to the network.
A Windows 2000 remote access server provides two remote access connection methods:
- Dial-up remote access With dial-up remote access, a remote access client uses the telecommunications infrastructure to create a temporary physical circuit or a virtual circuit to a port on a remote access server. Once the physical or virtual circuit is created, the rest of the connection parameters can be negotiated.
- VPN remote access With virtual private network remote access, a VPN client uses an IP internetwork to create a virtual point-to-point connection with a RAS server acting as the VPN server. Once the virtual point-to-point connection is created, the rest of the connection parameters can be negotiated.
Windows 2000, Windows NT 3.5 or later, Windows 98, Windows 95, Windows for Workgroups, MS-DOS, and Microsoft LAN Manager remote access clients can all connect to a Windows 2000 remote access server. Almost any third-party Point-to-Point Protocol (PPP) remote access clients—including UNIX and Apple Macintosh clients—can connect to a Windows 2000 remote access server.
The Microsoft remote access client is also capable of dialing into a Serial Line Interface Protocol (SLIP) server. SLIP is a legacy dial-in protocol that does not provide the security, performance, or reliability of PPP. A Windows 2000 RAS server does not support SLIP dial-up (dial-in) connections.
Remote Access Service Server
The Windows 2000 remote access server accepts dial-up connections and forwards packets between remote access clients and the network to which the remote access server is attached.
Dial-Up Equipment and WAN Infrastructure
The physical or logical connection between the remote access server and the remote access client is facilitated by dial-up equipment installed at the remote access client, the remote access server, and the telecommunications infrastructure. The nature of the dial-up equipment and telecommunications infrastructure varies depending on the type of connection being made.
Public Switched Telephone Network
The Public Switched Telephone Network (PSTN), also known as Plain Old Telephone Service (POTS), is the analog telephone system designed to carry the minimal frequencies to distinguish human voices. Because the PSTN was not designed for data transmissions, there are limits to the maximum bit rate that a PSTN connection can support. Dial-up equipment consists of an analog modem for the remote access client and the remote access server. For large organizations, the remote access server is attached to a modem bank containing up to hundreds of modems. With analog modems at both the remote access server and the remote access client, the maximum bit rate supported by PSTN connections is 33,600 bits per second, or 33.6 kilobits per second (Kbps).
No comments:
Post a Comment