By standardizing and enhancing TCP/IP, Microsoft has made Windows 2000 the ultimate Internet server, capable of world-class Web serving performance, advanced routing capabilities, and support for secure Virtual Private Networks (VPN), to name a few obvious benefits.
And TCP/IP is thoroughly integrated into Windows 2000. For example, the new directory service in Windows 2000, known as Active Directory, builds off of TCP/IP and related Internet technologies such as DNS. By embracing these established standards, Microsoft ensures that Windows 2000 will be a good Internet citizen.
Introduction to TCP/IP
TCP/IP (Transmission Control Protocol/Internet Protocol) is a suite of protocols that define how Network Interface Cards (NICs) and other devices (commonly referred to as hosts though this word is also erroneously used to describe individual computers) communicate over a network. TCP/IP is a routable network, meaning that individual hosts can automatically forward TCP/IP information--called packets--intelligently to the proper locations. And, as you probably know, TCP/IP is the network protocol on which the Internet is based: All Internet locations are described in relation to their TCP/IP network address.
Because TCP/IP is a suite of protocols and not just a single protocol, it is often described as a tiered set of four layers. On the lowest level is the Network Interface, which describes low-end interfaces to physical LAN and WAN technologies, such as Ethernet (cabling) and frame relay.
Just above this level is the Internet layer, which is the domain of the Internet Protocol (IP). IP describes how packets are transported and routed across a network.
Above IP is the Transport layer, which includes TCP and UDP (User Datagram Protocol). This layer is responsible for handling host to host communications, with UDP handling small packets of data while TCP is responsible for the more reliable connections required by large amounts of data.
At the uppermost level is the Application layer, where Windows applications access the network. Common Internet applications such as FTP, Telnet, and DNS interact with TCP/IP at the Application level.
Given these levels, the name TCP/IP might make a big more sense: Literally, it means "Transmission Control Protocol over Internet Protocol."
Windows 2000 Improvements to TCP/IP
The TCP/IP standard has existed relatively unchanged for some time. But Microsoft has improved its implementation of TCP/IP in Windows 2000 to include optional (yet still standardized) features that aren't often used in other operating systems, including previous versions of Windows NT.
At the top of this list is packet filtering, where IP packets that are routed through a Windows 2000 Server can be filtered to allow or disallow certain types of network traffic. So, for example, you can protect internal networks from specific kinds of traffic, such as Internet POP Mail or Web traffic, if desired.
Windows 2000 also enables the use of Virtual Private Networks (VPN) where secure data can travel safely over an unsecured network such as the global Internet. This way, mobile users can connect to the internal network from a dial-up connection anywhere in the world and be sure that their communication with the network is secure.
Another exciting addition to TCP/IP in Windows 2000 is Network Address Translation (NAT), a routing technology that allows a Windows 2000 Server to share a single Internet connection--be it dial-up or network interface card-based--with all of the machines on a private network. Previous to the inclusion of this capabilities, administrators needed to purchase separate connection sharing applications such as SyGate or Proxy solutions such as Microsoft Proxy Server or WinGate.
TCP/IP is bound to a NIC, not a computer
Windows 2000, like other advanced Network Operating Systems (NOS), supports multiple NICs in a single computer. This setup, which is known as multi-homing, allows you to connect a single computer to multiple networks, one per card. So, for example, you might establish a Server that acts as a gateway to your local network. One NIC would connect the Server to your local network, while the other could be used to communicate with an external network, such as the Internet. You'll often see a Web server used in this way, where the machine serving Web pages needs to be accessed from the Internet and the local network. This setup is also required to implement NAT, which is sometimes referred to as Internet Connection Sharing.
Installing and Configuring TCP/IP
Typically, TCP/IP is installed and configured during Windows 2000 Server setup, but you can install and/or configure it at any time if you install a new network interface card or decide that you need to make configuration changes later.
To install TCP/IP after Windows 2000 Server has already been setup, simply launch the Network and Dial-up Connections applet in the Control Panel. This supplies an Explorer-based front-end to the network connections that are configured for the server.
By default, TCP/IP network connections are named "Local Area Connection," "Local Area Connection 2," and so on. You can change these names to something more descriptive by simply click twice slowly on the name of the connection icon in Network and Dial-up Connections. For example, on a multi-homed system that acts as a gateway to the Internet, you might name the external connection as ISP connection and the internal connection as Internal connection or similar.
You can edit the properties of any network connection by right-clicking its icon and choosing Properties. In this dialog, you can access the settings for any service, protocol, or client software that's been configured for that connection. If TCP/IP has already been installed, one of the listed installed components will read as Internet Protocol (TCP/IP). If TCP/IP isn't installed, you can install it by clicking the Install button and choosing Protocol then Internet Protocol (TCP/IP).
To edit the configuration for TCP/IP on the selected network connection, select Internet Protocol (TCP/IP) from the list and click the Properties button. TCP/IP properties include a wealth of possibilities, but it's not as complicated as it first seems. On the first dialog, there are two basic choices: automatic and manual settings. If you choose to let Windows 2000 automatically configure TCP/IP, the choices Obtain and IP address automatically and Obtain DNS server addresses automatically will be selected and the rest of the options will be grayed out. If this network connection is not an Internet gateway or you receive an IP address automatically from another DHCP server, this is how TCP/IP should be configured.
However, if this network connection is used to connect to the outside world or you're running a small network with hard-coded IP addresses, you may need to change the way this connection is configured. Typically, you will receive the following information from an ISP or other network service provider:
- IP address -- The hard-coded IP address for this network connection.
- Subnet Mask -- A 32-bit number that is combined with your IP address to uniquely identify this connection on the network. This number will range from 0.0.0.0 to 255.255.255.255.
- Default Gateway -- The IP address of the network connection (be it on the local machine or some other machine on the local network) that connects your machine to an external network, such as the Internet.
- First DNS server -- The IP address of the first machine that is used to resolve IP addresses into Internet names such as wininformant.com.
- Second DNS server -- The IP address of a second machine that is used to resolve IP addresses. This is used as a fail-over should the first DNS server be unreachable or unable to resolve an Internet name.
Configuring a Static IP Address
If you are going to be using a static IP address, you'll want to override the default settings because Windows 2000 will set itself up to obtain its IP address automatically from a DHCP server upon boot-up.
For internal networks that will never connect directly to the Internet, it's standard practice to use IP addresses and subnet masks from a list that has been set aside specifically for this purpose. The following IP address ranges and their corresponding subnet masks are guaranteed to not appear on the Internet, so they are therefore safe to use on isolated networks:
|IP address range||Subnet mask|
|10.0.0.0 to 10.255.255.255||255.255.255.0|
|172.16.0.0 to 172.31.255.255||255.255.0.0|
|192.168.0.0 to 192.168.255.255||255.0.0.0|
Given this information, you might set up machines on a local network with IP addresses such as 172.16.0.1, 172.16.0.2, and the like. In this case, the subnet mask for each network connection would be the same: 255.255.0.0. Let's see how we might do this.
As described in the previous section, you can modify an existing network connection by using the Control Panel applet named Network and Dial-up Connections. Locate the icon for the network connection you'd like to setup, right-click it and choose Properties. This will display the Properties dialog for the connection and you should see Internet Protocol (TCP/IP) as one of the installed components. Choose this component and click the Properties dialog to display the properties for TCP/IP.
To configure a static IP address, select the radio button titled Use the following IP address. Then, enter the IP address and subnet mask for the connection (you might use 172.16.0.1 and 255.255.0.0, respectively, for an internal private network, for example). If you know the IP of a machine on the network that is used as a gateway to the Internet, enter that address as well: Your ISP or network administrator should have this information. Otherwise, leave Default gateway blank.
Likewise, you will want to enter the addresses of one or more DNS servers if your ISP or network administrator has given you this information. If you need to enter more than two DNS server addresses, you can click the Advanced button and navigate to the DNS page of the resulting dialog to do so.
Using Static IPs on a DHCP network
Even when you're using DHCP, there are going to be times where certain network connections will require static IP addresses. For example, any servers that act as DNS servers will need a static IP as will the DHCP server itself. And any server that acts as a gateway to the Internet will need to have one static IP address that is used to connect to the outside world. If you do configure network connections on a DHCP-based network with static IP addresses, make sure that these machines are using IPs within the range specified by the local network. These IPs should also be excluded from the list that the DHCP server is allowed to give out.
Unlike previous versions of Windows NT (and Windows), you won't need to reboot your computer when you change a network configuration. However, it is a good idea to stop then restart the connection whenever you make any changes. You do this by doubling-clicking the connection icon in Network and Dial-up Connections and clicking the Disconnect button. When the connection has disconnected, the button will change to read Connect. Click this button to reestablish your connection with the new settings.
Configuring a Dynamic IP Address for DHCP
If your network is using DHCP, you will want to configure your network connections to obtain an IP address automatically from a DHCP server.
Network connections that are configured this way send a request for an IP address every time the machine reboots or when the network connection is restarted. A DHCP server on the network will be expecting these requests and will dole out an appropriate address any time a request is received.
As described previously, you can modify an existing network connection by accessing the Control Panel applet named Network and Dial-up Connections. Locate the icon for the network connection you'd like to setup, right-click it and choose Properties. This will display the Properties dialog for the connection and you should see Internet Protocol (TCP/IP) as one of the installed components. Choose this component and click the Properties dialog to display the properties for TCP/IP.
To configure TCP/IP to obtain an IP address automatically, select the radio button titled Obtain an IP address automatically. This will gray out the section directly below this choice. Optionally, you can configure the addresses of one or more DNS servers if your ISP or network administrator has provided you with this information. If you need to enter more than two DNS server addresses, you can click the Advanced button and navigate to the DNS page of the resulting dialog. Generally, however, you shouldn't need to enter this information: If this is the case, simply choose the radio button titled Obtain DNS server addresses automatically. This will cause the network connection to obtain its DNS server addresses from a network connection on the DHCP server.
Using Automatic Private IP Addressing
Windows 2000 supports a new TCP/IP feature that allows network connections to automatically obtain IP addresses without the presence of a DHCP server. This could be useful in situations where the DHCP server is unavailable, perhaps because of hardware or software problems that causes it to crash.
Automatic Private IP Addressing, as this feature is called, is automatically installed anytime you configure a network connection to obtain its IP address automatically. In this scenario, the system reboots or the network connection is disconnected then reconnected. First, the network connection will attempt to obtain its IP address from a DHCP server. If a DHCP server doesn't respond to the request, Automatic IP Addressing generates an IP address in the range of 169.254.0.0 to 169.254.255.255, which has been reserved for this purpose and will thus not conflict with any publicly available Internet addresses. The subnet mask for this range is 255.255.0.0.
When Automatic Private IP Addressing generates an address, it broadcasts this address over the network to ensure that no other machine is currently using it. If the address is unique, it assigns the address to the network connection and continues to use it until the DHCP server comes online again. At that point, the automatically assigned IP is dropped and a new address is obtained from the DHCP server.
You may have already figured out the small snag with this scheme: The local network will need to use IP addresses that fall within the range of the addresses used by Automatic Private IP Addressing. Otherwise, there is no way for a network connection that uses this feature to communicate with the other machines on the network. To take advantage of Automatic IP Private Addressing, then, you'll need to configure your DHCP server to use that range of addresses.
DCHP in a heterogeneous network
DHCP isn't limited to Windows 2000 Server: Clients such as Windows 2000 Professional, Windows NT, Windows 95/8, Windows for Workgroups, Macintosh, and Linux can also be configured for DHCP and receive their IP address automatically from a Windows 2000 Server running the DHCP service.
Disabling Automatic Private IP Addressing
If you decide that you'd rather not use Automatic Private IP Addressing, you can disable this feature by hacking the Registry a bit: Run the Registry Editor and navigate to the HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Services\ Tcpip\ Parameters\ Interfaces\ Adapters key. Add a new value titled IPAutoconfigurationEnabled and set it to 0 (zero); make sure the data type is REG_DWORD.
Testing a TCP/IP Connection
Once you've configured a network connection for TCP/IP, you will want to make sure that your system can connect to the network, be it a local private network or the global Internet. Windows 2000 contains a host of TCP/IP utilities that are designed for this purpose, but sometimes it's better to start with the basics.
If you're connected to the Internet, the first obvious thing you should try is to open Internet Explorer (IE) and see whether it connects to a Web site. By default, IE tries to connect to the Microsoft Network (MSN, http://www.msn.com) Web site. If this Web site comes up, chances are all is well with your connection. If it doesn't load any valid Web addresses, try typing an IP address such as 220.127.116.11 (one of MSN's Internet addresses) into the Address bar of the browser. If this works, then something is wrong with your DNS name resolution: One obvious solution here is to manually add two DNS entries in the TCP/IP properties for the network connection.
If the network connection is internal and not connected to the Internet, you should use My Network Places to attempt to browse shared network resources. If you browse to Computers Near Me in My Network Places and don't see any machines when you know that there should be machines present, then something is wrong. The most obvious culprit here is an incorrect IP address/subnet mask, meaning that your network connection is not registered as a member of the network the other machines are on. Make sure you are using an IP address that is within the same range as the other machines in your network and that the subnet mask is identical. If you're using automatic IP addressing with DHCP, this shouldn't be an issue.
Overview of TCP/IP Utilities in Windows 2000
Beyond these simple tests, Windows 2000 supplies a host of command line utilities that can be used to test your TCP/IP connections. The most famous of these is ping, which is used to test a connection to another host. You can test connections using machine name or IP address with ping, which will by default send four 32-byte packets to the host you specify and report on the approximate round-trip times. If the host is unreachable for some reason, ping will tell you this.
You can also use the arp utility to display information about any network connections on the local machine, including IP address and the method used to obtain the address (dynamic or static). This tool can be handy when you're not sure why your machine isn't communicating with the rest of the network. For even more information--including any configured DNS servers and default gateway, try ipconfig.
If you're interested in seeing the route packets travel between your network connection and a specific host (such as www.microsoft.com or a machine on your network), use tracert, which will also show you where any slowdowns may exist.
You can also determine the host name of the local computer with the hostname utility. Machines on the local network should be able to access your machine by its host name or IP address.
If your network connection isn't communicating with the network, you'll want to adopt a plan to fix the problem. The following steps walk you through a typical TCP/IP debugging session:
- The first step is to ensure that the connection is configured properly. Type ipconfig /all at a command line to see a detailed list of the TCP/IP properties for all network connections on the local machine. The results you'll see will differ depending on whether DHCP is enabled, but be sure to check any of the settings you've configured for accuracy.
- Next, try pinging your loopback address, 127.0.0.1, which is a software-based network connection address that will always exist when TCP/IP is enabled. If this reports any errors, restart the computer.
- If pinging the loopback address worked, trying pinging the address of the network connection, which can obtained with ipconfig. If this fails, restart the computer.
- Next, ping the default gateway. This can be obtained with ipconfig as well. If this fails, make sure that the correct gateway IP address is configured. If it is (or, you're using DHCP) and you can't ping the gateway, restart the computer.
- Finally, trying pinging remote hosts such as www.microsoft.com. If this fails, try pinging an IP address outside of your local network. If this works, ping one of the DNS servers. The address of a DNS server can be obtained with ipconfig. Make sure the DNS addresses are configured properly and reboot if you need to change anything.
Well, this is one of those "works in theory" things. Most of the time, you should be able to change network settings without rebooting (though Windows 2000 will tell you if you absolutely need to reboot). However, sometimes you'll change network settings and nothing works. If this is the case, just reboot the machine. Nine times out of ten, all will be well.