Traffic Control: Your Local Network and the Internet

There are fundamental building blocks of networks that are common all the way from your desktop on up to satellites. The first piece is simple: sharing data between two or more computers. Just as no man is an island, no computer is of much use sitting there all by itself. An analogy that we will return to is that of a telephone. A telephone may work perfectly, but unless it is connected to its network, it practically worthless. Some technical language is important here, We need to define things like hubs, switches and routers. This won't be easy because the computer industry in general freely uses these terms to incorrectly describe products all the time. But, some of these terms are important.

Local Area Network

No matter what method you use, your computer has to agree to play with the dominant connection standard, with is TCP/IP: Transmission Control Protocol/Internet Protocol. It is like dial tone on a phone, sort of.

First, we need to be clear about local area networks and wide area networks. A LAN is the network in your home or office; a WAN is the complex of networks that connect the outside world. Let's start with the beginning of your LAN. Your kids' desktop computer, your laptop from work, the inkjet printer and the Playstation all connect with wireless signals and Ethernet cables to form your very own local area network.

A computer that wants to connect to your LAN needs a network interface card (NIC). That is where your Ethernet cable plugs in. The network card converts your data into digital signals that travel across the network cables. Each network card has a certain numerical combination burned into it known as a MAC address. MAC stands for Media Access Control. This MAC address is a unique identifier of that card, and in turn identifies the computer that uses that card. No two network cards in the world have the same MAC address (assuming the manufacturers follow regulations!). So the MAC address gives the computer an identity on the network by virtue of the actual hardware installed. In fact, the first four letter/numbers actually identify the manufacturer. Xerox got the 00-00- prefix, Apple was in at 00-03.

If your computer is wireless, it too has an MAC address burned into its wireless card. Wireless connections and cabled connections are exactly the same, only different! Again, to torture the telephone analogy, every body has their own phone number; with computers, every device has its own MAC address and TCP/IP address.

TCP/IP

While the MAC refers to the actual hard ware of Ethernet and wireless cards, there is also another identifier for a computer in a network, that is configured through the computer's software. That is the computer's IP address. IP stands for internet protocol. IP addresses are of the form xxx.xxx.xxx.xxx or 4 groups of numbers between 0 and 255. For example, on my local network my current IP address is 10.0.1.83. A computer on a network may have an IP address of 10.0.1.1. Other computers on the network would have a similar IP address like 10.0.1.2 or 10.0.1.3 and so on. If you notice, the start of all the IP addresses of the computers on this network are of the form 10.0.1.x but x is different for each computer. A different computer network could have a totally different form of IP addresses such as 192.168.1.x or maybe 192.0.0.x. Remember this is for a small local area network using a single broad band account. So the IP address does two things: first, it identifies a network as a unique family; and second, identifies each computer (all), printers (some) and Playstations, WIIs etc. on that network.

Let's go back to the phone analogy, each computer, each device on the network, has to have its own unique identification. When you make a phone call, your intended recipient must have a unique phone number, when you dial your friend's phone number you expect that call to go to your friend's house, you don't expect to have someone else answer. Similarly when a computer wants to send data to another computer on a network, it doesn't just put data on the network. It sends it as a packet consisting of the data, as well as the address of the destination computer: the IP address, and the MAC address of the destination computer. The IP address and the MAC address are essential to network communications.

The difference between hubs, switches and routers, lies in how they interpret the address information in each data packet being sent over the network. Each of them helps the package along its way, by performing its own unique function.

Let me refer back to the analogy of the telephone. When you dial a number, the area code lets the phone network know what part of what state you are calling. If it's going to a different state, it don't bother to read the town name or house yet.

They simply send it off to one of the major postal processing centers in that destination state. The people there then look to see which city it's destined for. That's all they're interested in. They promptly send it off to that city and it becomes the problem of that city's postal service. The employees at that facility read the zip code and send it to the local post office. And the local post office hands it to the postman, who reads the street name and number. So basically they all play their little role in making the letter reach its destination, but each performs a slightly different function.

Hubs, switches and routers are like these different processing centers. Each is only interested in what it needs to know to send the packet along on its way. Their combined contributions help a network run the way it does. Lets talk about each of them in turn.

The Hub

Hubs are devices with many ports (jacks into which network cables can plug in). Assume 4 computers are plugged into a hub computer A, B, C and D. Lets imagine that computer A wants to send a message to computer C. Computer A's network card puts the data onto the network cable along with the IP and MAC address of the destination computer C. This data travels as electrical signals to the hub. Now the hub has to send the data to computer C. However hubs are not very intelligent devices. They don't understand IP addresses and MAC addresses. So the hub repeats the packet it received from computer A out through all its other ports hoping that one of the other computers plugged into it is the destination. That way the same packet gets sent to computer B, computer C and computer D. Of course only computer C will accept the package because it has its address on it, while computer B and D simply discard it. But, computers B and D must spend some amount of time and processing power to make that decision.

My favorite analogy here is the infamous Massachusetts traffic circle. Cars and trucks pour in, spin around and make a dash for the exit. Horns blow, brakes screech, fingers are flown, it is cheap, crowded, accident prone and chaotic. Similarly, a hub takes data signals in through one port, and repeats everything out through all the other ports, hoping that one of the computers plugged into it is the destination computer.

The disadvantage of this behavior is that it causes unnecessary traffic. By sending out the same signal to every computer, it clogs up the lines keeping them busy and preventing other data from being sent over them. If you've ever worked in an office with a slow network, you know of the frustration caused and the lost productivity due to the delays.

The Switch

A switch is as a smart hub. It's a hub that understands MAC addresses (but not IP addresses). Lets look at the same situation computer A, B, C and D, only this time they're plugged into a switch. Computer A decides to send a packet to computer C. The packet travels from computer A to the switch.

Now this is where things work differently. A switch automatically learns the MAC addresses of all the computers plugged into it by communicating with them. It stores these in a little table. When it receives the packet from computer A, it reads the MAC address of the destination computer off the packet. It then looks up its table and says ÒAh! I have a computer with this MAC address connected to one of my portsÓ. And it proceeds to send that packet out through that port, and no other. So the packet goes only to computer C and not to computer B and D. This way the only cables being used are the ones that need to be, and the rest of the network is free to transfer other data.

The switch is a traffic circle with signal lights.

The Router

The router, like the switch, is a smart hub. However, while the switch only concerns itself with MAC addresses, the router only concerns itself with IP addresses. And it doesn't concern itself with the individual IP address, but only the form of the IP address.

Remember what we'd said about IP addresses before? Not only are they unique to each computer on a network, the entire network takes on the same form of IP address. If you have two networks, one with computers that have IP addresses of the form 128.0.0.x, and the other with computers that have IP addresses of the form 64.0.0.x, you could plug a router in the center between these two networks. If a computer within one network tried to communicate with another computer in its own network, the router would notice that the form of the destination IP address is the same as that of the network from which the message originated. Obviously the message was meant for a computer within this network itself. So the router would not allow this packet to pass through it to the other network. It would make sure that information remained isolated within that network only. But if a computer in one network wanted to communicate with a computer in the other network, the router would allow the package to be sent into the other network. This way it allows two networks to communicate with each other, while at the same time limiting traffic to a bare minimum.

Hubs, switches and routers each has its own way of doing things, and you need to decide which combination is an optimum solution.

Now you might well wonder, why not just replace switches with routers. That is possible in some situations, but not all. What if you had three computers with IP addresses 128.0.0.1, 128.0.0.2, and 128.0.0.3 connected to a router. All 3 IP addresses are of the form 128.0.0.x. If one computer tried to send a packet to the other, the router would think to itself ÒThe IP address of the destination is of the same form as the IP address of the sender. The destination computer must obviously be on the same network. I should not allow this packet through meÓ. And so the packet would be blocked off and communication would be impossible.

It is possible to do away with hubs and just use switches in place of them, but switches are usually more expensive than hubs. So cost is a factor too. (however switch prices are falling so this might no longer be an issue).

Your Setup

Lets look at a typical situation: five general use computers, one computer for accounting, two printers, a wireless device and a backup machine.

For a Broadband connection (permanent connection thru ISP's LAN)

You will need 1 hub and 1 router.

All 3 computers will be connected to the hub.

The hub will be connected to the router.

The router will be connected directly to your broadband service provider (broadband socket on wall). It is likely that you will get the router from the service provider itself and they will connect one port to their network. You will only have to plug your 3 computers into the hub using Ethernet cables, and then connect the hub to the router using another Ethernet cable. (Instead of a hub, you can use a switch. However with 3 computers you don't really need to worry about network traffic and delays, so you might as well go for the cheaper device the hub).

The cables you would use to make the connections are the regular Cat5 (category 5) ethernet/network cables. I am going to assume that at this point, no one is still using Cat3 cable.

Network Security

If you were to use the setup for a broadband connection, the main point of entry for anything from the internet would be through your router. All routers come with a basic firewall. You can purchase better router firewall software if you choose to. The firewall offers a good level of protection. Besides, even if a hacker does break through that firewall, he won't be breaking into your computer. He will be breaking into the router. He's not going to find anything of value on your router. So routers are pretty safe. You should reset the routers password for security. I would still recommend installing firewalls on all the computers. If cost is an issue, get a free one like the free version of Zone Alarm.

Switches do not generally come with firewalls although there are a few out there. Hubs do not generally come with firewalls either but once again there are a few that do. In any case, in the hub + router setup you would have the firewall protected router the main gateway so the switch/hub would not need a firewall.

It's fairly simple, actually. You would need a bit of an understanding of how TCP/IP works to make sense of it. Everything done on the 'Net may seem like a seemless stream of information, but it's not. Everything is broken down into "packets" that are a fixed length and format. Each packet, like your standard postal letter has the source and destination routing, (the TO: and FROM: on the envelope) as well as a fixed block of plain text. Information that's larger than one packet is broken down into multiple packets. Even mulitmedia (audio, video, etc...) is first converted to text and broken down into packets. It's the responsibility of the recieving end to decode and reconvert the packets into audio/video. (This is why multimedia streams can sometimes be choppy. But I digress.)

Now then, we can look at each device, it's function and go forward from there. A car analogy works fairly well for how networking works. Consider each packet as a car travelling on a road.

A hub is a "dumb" device that allows multiple computers to communicate with each other. Think of it as an uncontrolled intersection on the highway - no stop signs or lights. As you can imagine, without any sort of control, crashes are bound to occur. And they do. Frequently. Fortunately, no one, or nothing really gets hurt. The system that sent the original packet merely resends it (the car in our analogy) until it does manage to get through.

A switch is like a hub, except that it has traffic control built into it. It has the means to control which computer on the network talks to the other(s) and when. Think of it as a traffic cop at the intersection and it's directing traffic. Since there are fewer crashes, throughput is a lot faster and more reliable.

A router is a device that sits between your DSL (or cable) modem and directs traffic. Think of it like the guy in an old fashioned mail room who sorts incoming mail into the appropriate cubby hole by looking at the address it's coming from and where it's going. Routers use something called Network Address Translation (NAT) to do this.

When you sign up for DSL (or Cable), you get one TCP/IP address allocated for your use. Each computer, however, needs an individual and unique IP address in order to get the appropriate packets directed to that machine. A router has the ability to create an independent set of IP addresses on the "inside" which then allow you to share one "outside" IP address with up to 255 different computers. (side note: The actual number of devices a router can handle may vary by manufacturer/model. See the documentation for more info on that.) NAT allows the router to flag each packet and keep track of where it came from and where the replies to those packets are supposed to go.

Making sense of it all

Nothing could be as easy as the above, manufactures make routers that have built-in switches that also supply wireless service.

First, there's the phone jack at the wall. Next, there's the filter (supplied with your DSL installation kit). Then, you've got your DSL modem. This would plug into the router's WAN port. You then simply plug your computers into the router's LAN ports. This is assuming you've got a router with multiple ports.

If you're going with a separate switch, everything is the same until you get to the router. You would plug the router's LAN port into any port on your switch and plug your computers into the switch.

The first option as mentioned above, requires one fewer plug on the surge protector and in all probability is cheaper. Wireless has it's place, but opens a kettle of fish best left covered for novice users. If you do decide to go wireless, best to read the instructions and follow them very carefully or have your friendly neighborhood computer geek give you a hand setting it up.

One other consideration for wireless... Most desktops do not come with wireless built in. You will need a wireless network card for each machine before you can connect to the access point/router. This, of course, raises the price significantly. CAT5 or CAT6 network cable is significantly cheaper.

CAT5 and CAT6

CAT5 and CAT6 are designations for network wiring. They generally come in fixed lengths from 3 feet to 50 feet. The numeric part of the designation (the 5 or 6) has to do with the quality of the wiring inside the cable and how much data it's rated to move. CAT5 is suited for 10/100 million bits per second (10-BaseT or 100-BaseT) networking which is typical for most home networking applications. CAT6 is a newer standard that's designed to handle gigabit networking (1000-BaseT) or 1000 million bits per second throughput. While it's a nice thing to have, it's more bandwidth than most home networks need - even if you're sharing video over your home network. Given most DSL tops out at 1.5 million bits per second, and cable's best is about 3 million bits/second, a typical 10/100 network is more than adequate unless you're frequently copying HUGE files between your computers. And by HUGE - I mean ones that are a gigabyte or larger. A network that handles 100 MBits/second is plenty fast for most typical applications.

First of all the basics of how networked computers communicate with each other. Now everyone please keep in mind I am trying to keep this simple and straightforward for everyone to understand so there won't be a lot of jargon throwing. When a group of computers are connected together you have a network. That network can be 2 computers in your home, 10 computers in a small office, 500 computers in a growing business, or millions of computers across the globe. Every one of those computers has to be uniquely identified between all the other computers it has the ability to talk to through it's network.

These numbers are all assigned to assist in "routing" traffic across your network. When you request something from another PC, your computer makes a connection over to the IP address of the desired machine and they start talking amongst themselves to resolve whatever it is you want. This routing also enables you to talk between networks (hence my requests to google.com get routed out of my network and over to the google.com server). This basic explanation was done to assist you in understanding the following:

Hub - is the most basic of connections possible between PC's. When traffic comes into the hub from any one PC connected to it, that same info gets sent out to ALL the other connected PC's and it is up to each of the computers to determine whether the traffic was meant for them or not. There is no filtering, or special handling of the data. Hubs are fairly old-school and cause a lot of unnecessary traffic across your network as well as lots of data "collisions" (traffic coming out of a PC while traffic is also trying to go in which can cause network slowdowns since the traffic is sent over again until it gets a response from each computer as to whether that traffic was intended for it or not).

Switch - also allows multiple computers to be connected (same as with a hub you can get switches with 4 connections all the way up to 24 (or more) in a single switch. The benefit of switches are that they isolate the flow of traffic. They have just enough intelligence built into them so that once it is determined which PC you are trying to connect to a direct connection is made between just those 2 computers, and data flow is greatly improved. None of the other PC's on the network are bothered by the traffic generated and they can all communicate on their own at the same time. Much better data flow and fewer "collisions" (see Hub).

Router - also controls traffic flow like a switch, however they have the added ability to be able to "talk" outside of their existing network (assuming a connection to outside networks (the internet) exists. A router will have a particular plug you would connect your broadband router into (either cable, DSL, or fiber optic).

When you have a connection to the internet the device connecting is assigned an IP address by your ISP (Internet Service Provider) and if your PC is connected directly to your modem, then it is your PC that gets that IP address. In order to connect more than 1 computer to your internet connection you need to be able to "share" that IP address across all your PC's. This is where the router comes into play. The router would then be assigned the IP address from your ISP, and in turn it assigns IP addresses to each of the computers on your network. So when you get on your computer and request a page from the internet, the router receives that request, and based on the IP addressing it determines that what you are looking for is outside of the local network. It then sends out a request on your behalf for that information, makes a note of which PC on the local network requested that information, and waits for a response. When the reply comes back in to the router, it looks into its notes to determine which local PC requested that information, and then forwards (or routes) it to you. So if you and the wife are each connecting to the internet and requesting different web pages, the router keeps track of who is asking for what, but all the websites either of you visit would think it was the same PC asking for the data because the IP address used on the internet side of things would be the same.

Most routers also have a built in firewall, but even if they don't they protect you greatly from outside sources since out on the internet side of things all anyone ever sees is your router and not your PC. So even in situations where you only have a single PC in your house, it would be in your best interests to install a router between your PC and your internet connection to minimize the ability of people getting in and seeing your data.

On a final note - the assigning of those IP addresses on your local network is usually handled by the router using a protocol called DHCP (Dynamic Host Configuration Protocol). This tends to be turned on by default in most routers (it can be switched off but I wouldn't recommend it) as you would then need to hand assign IP addresses in each PC on your network. Alternatively if you are connecting to a hub or switch you would also have to assign IP addresses as they don't handle any of that for you. Easier to just tell the computers to be assigned an IP address using a DHCP server and let the router handle it all for you.

And, while you can install software firewalls in each of the PC's with a router in place you don't necessarily need that extra layer. Although some people feel better with it there, the additional work of configuring a hardware and software firewall is directly dependent on your level of security concerns. So it is a bit of a judgment call, if you have a lot of critical information you are completely paranoid about people seeing, then you will want the extra protection.