Technologies: Routers, Gateways, Firewall

A router is a device that directs (routes) data from one path to another in a network. Routers base their switching information on one or more information parameters of the data messages. These parameters may include availability of a transmission path or communications channel, destination address contained within a packet, maximum allowable amount of transmission delay a packet can accept, along with other key parameters. Routers that connect data paths between different types of networks are sometimes called gateways.

Routers provide some of the same functionality as network switches. Their primary function is to provide a path for each routable packet to its destination. When a router is initially installed into a network, it begins its life by requesting a data network address. Using this data network address, it sends messages to nearby routers and begins to store address connections of routers that are located around it. Routers regularly exchange their connection information (lists of devices it is connected to) with nearby routers to help them keep the latest packet routing information.

A router can make decisions on where to forward packets dependent on a variety of factors including the maximum distance or packet priority. Distance vector routing and link state routing allow the router to select paths that match the needs of the data that is being sent through it.

Routers may also have fixed routing tables that are manually programmed by the network administrator. These static routing tables may be inflexible, however the use of static routing ensures other router’s that may have corrupt routing tables does not change the table.

Figure 1 shows a how a router can dynamically forward packets toward their destination. This diagram shows that a router contains a routing table (database) that dynamically changes. This diagram shows a router with address 100 is connected to two other routers with addresses 800 and 900. Each of these routers periodically exchanges information allowing them to build routing tables that allow them to forward packets they receive. This diagram shows that when router 100 receives a packet for a device number 952, it will forward the packet to router 900. Router 900 will then receive that packet and forward it on to another router that will help that packet reach its destination.

Figure 9.11: Router

Gateways are devices that enable information to be exchanged between two dissimilar computer systems or data networks. A gateway reformats data and protocols in such a way that the two systems or networks can communicate. Gateways can convert packets between dissimilar networks.

Figure 2 shows how a gateway can convert large packets from a FDDI into very small packets in an ATM network. Not only does the gateway have to divide the packets, it must also convert the addresses and control messages into formats that can be understood on both networks.

Figure 2: Gateway

A firewall is a device or software program that runs on a computer that provides protection from external network intruders by inhibiting the transfer of unauthorized packets and by allowing through packets that meet safe criteria. There are various processes that can be used by firewalls to determine which packets are authorized and packets that should be rejected (not forwarded).

Because firewalls can use many different types of analysis to determine packets that will be rejected, they can be complicated to setup. If a firewall is not setup correctly, it can cause problems for users that are sending and expected return packets that may be blocked by the firewall. Because firewalls process and analyze information, this process requires additional time and this can slow down network data transfer and response time.

Figure 3 shows how a firewall works. This diagram shows that a user with address 201 is communicating through a firewall with address 301 to an external computer that is connected to the Internet with address 401. When user 201 sends a packet to the Internet requesting a communications session with computer 401, the packet first passes through the firewall and the firewall notes that computer 201 has requested a communication session, what the port number is, and sequence number of the packet. When packets are received back from computer 401, they are actually addressed to the firewall 301. Firewall 301 analyzes the address and other information in the data packet and determines that it is an expected response to the session computer 201 has initiated. Other packets that are received by the firewall that do not contain the correct session and sequence number will be rejected.

Figure 3: Firewall

Firewalls are also appropriate for small office and home office (SOHO) applications. There are low-cost software packages and hardware equipment that offer a moderate level of increased security. They cannot stop all hackers, but they will stop some of them.

1 comment:

Tanveer Iqbal said...

In a world in which computer networks are involved in nearly every facet of business and personal life, it is paramount that each of us understand the basic features, operations and limitations of different types of computer networks.

Telecom Made Simple

Related Posts with Thumbnails