Windows XP Windows XP Home NetworkingHome Networking

Dennis MorganDennis MorganProgram ManagerProgram ManagerCore NetworkingCore NetworkingMicrosoftMicrosoft

AgendaAgenda

Network ArchitectureNetwork Architecture Setup and ConfigurationSetup and Configuration Internet Connection SharingInternet Connection Sharing Internet Connection FirewallInternet Connection Firewall Network BridgeNetwork Bridge Application CompatibilityApplication Compatibility Network Address TranslationNetwork Address Translation DiagnosticsDiagnostics

Network ArchitectureNetwork Architecture There will be multiple networked PCs There will be multiple networked PCs

and Intelligent Appliances (IA) in the and Intelligent Appliances (IA) in the home and small business home and small business

PCs and devices will be connected over PCs and devices will be connected over multiple network media that are multiple network media that are bridged bridged

IP will be the dominant protocol inside IP will be the dominant protocol inside the home the home

Configuration and setup will be simple Configuration and setup will be simple or automaticor automatic

PCs and devices will securely connect PCs and devices will securely connect to the Internet via dedicated or PC to the Internet via dedicated or PC gatewaygateway

Network ArchitectureNetwork Architecture

Internet

Residential gateway (PC or device)

Why not this Why not this architecture?architecture?

InsecureInsecure Network architecture is publicNetwork architecture is public

Internet Hub

Setup and ConfigurationSetup and Configuration

Out of Box Experience (OOBE)Out of Box Experience (OOBE) Runs on first-bootRuns on first-boot

Auto ConfigurationAuto Configuration Network Setup WizardNetwork Setup Wizard

Configuration tool for setting-up a Configuration tool for setting-up a Home or Small Business networkHome or Small Business network

Runs on down-level clientsRuns on down-level clients New Connection WizardNew Connection Wizard

Dial-up, VPNDial-up, VPN

Network Setup WizardNetwork Setup Wizard

Sets-up a machine as an ICS host Sets-up a machine as an ICS host or a client on the networkor a client on the network TCP/IP settingsTCP/IP settings Unifies workgroupUnifies workgroup IE settingsIE settings UPnPUPnP

Configures network sharesConfigures network shares File and Printer sharesFile and Printer shares

XP, Me, 98 SE and 98 GoldXP, Me, 98 SE and 98 Gold

Internet Connection SharingInternet Connection Sharing

Provides Network ServicesProvides Network Services NAT NAT – share a single Internet connection– share a single Internet connection DHCP DHCP – allocation of private addresses– allocation of private addresses DNSDNS – resolution of home network – resolution of home network

addressesaddresses

Simple checkbox UISimple checkbox UI Discovery and Control via Discovery and Control via

Universal Plug and PlayUniversal Plug and Play Location aware group policyLocation aware group policy

ICS Discovery and ControlICS Discovery and Control

ICS server announces itself on ICS server announces itself on the networkthe network UPnP service (UPnP IG compliant)UPnP service (UPnP IG compliant) Beacon for auto-discoveryBeacon for auto-discovery

ICS clients automatically ICS clients automatically discover and use the ICS serverdiscover and use the ICS server Allows clients to discover ICS host and its Allows clients to discover ICS host and its

connection state to the ISPconnection state to the ISP Allows clients to control connection state Allows clients to control connection state

of ICS hostof ICS host Down level client available via NSWDown level client available via NSW

Internet Connection FirewallInternet Connection Firewall

Uses connection flow information Uses connection flow information to prevent unsolicited inbound to prevent unsolicited inbound connectionsconnections

Thwarts standard scansThwarts standard scans Simple checkbox UISimple checkbox UI Advanced OptionsAdvanced Options

LoggingLogging ICMPICMP

Location aware group policyLocation aware group policy

Network BridgeNetwork Bridge

Allows users to deploy multiple media Allows users to deploy multiple media types in the home to create a seamless types in the home to create a seamless networknetwork

Layer 2 media bridge built to IEEE Layer 2 media bridge built to IEEE 802.1D-1990 specification802.1D-1990 specification Supports Ethernet, HomePNA, IEEE 1394 Supports Ethernet, HomePNA, IEEE 1394

and wireless network devicesand wireless network devices Includes Spanning Tree Algorithm (STA)Includes Spanning Tree Algorithm (STA) Location aware group policyLocation aware group policy

Application CompatibilityApplication Compatibility

Large test matrix of applicationsLarge test matrix of applications Approx. 100 apps tested in Approx. 100 apps tested in

MillenniumMillennium Approx. 150 apps in XP matrixApprox. 150 apps in XP matrix

Application Layer Gateway (ALG) Application Layer Gateway (ALG) APIAPI Extensibility model for 3Extensibility model for 3rdrd party party

protocolsprotocols Provided via the platform SDKProvided via the platform SDK

Network Network Address Address TranslationTranslation

What Is NAT? What Is NAT? Network Address TranslationNetwork Address Translation

Multiplexes the address space behind the NATMultiplexes the address space behind the NAT Edits source address and ports in IP trafficEdits source address and ports in IP traffic

All network traffic leaving the public side of the NAT All network traffic leaving the public side of the NAT appears originate from one IP addressappears originate from one IP address

Internet

192.168.0.2

192.168.0.3 192.168.0.1 157.55.0.1

Deployment BlockersDeployment Blockers

Peer to Peer applications Peer to Peer applications Remote AssistanceRemote Assistance File SharingFile Sharing

Multi-player gamesMulti-player games XP and Broadband Enabled XP and Broadband Enabled

ExperiencesExperiences Real Time CommunicationReal Time Communication

What is the solution?What is the solution? Program the NAT with Universal Plug Program the NAT with Universal Plug

and Playand Play UPnP is an industry initiativeUPnP is an industry initiative Provides method for discovering servicesProvides method for discovering services Provides methods for interacting with Provides methods for interacting with

devices and services devices and services Internet Gateway Device working Internet Gateway Device working

group defining schema for gatewaysgroup defining schema for gateways Includes method for creating and removing Includes method for creating and removing

port mappings port mappings

Changes for ApplicationsChanges for Applications

Many applications will just workMany applications will just work DirectPlay gamesDirectPlay games Remote AssistanceRemote Assistance Windows MessengerWindows Messenger

New applications use UPnPNew applications use UPnP Use UPnP for port reservationUse UPnP for port reservation Use the public address in exchanges Use the public address in exchanges

with peerswith peers Existing applicationsExisting applications

Provide script to create a static port Provide script to create a static port mappingmapping

Windows client supportWindows client support

Windows XP has native supportWindows XP has native support Windows Me has support Windows Me has support

requires update to UPnP control requires update to UPnP control point software; available via point software; available via Windows UpdateWindows Update

Windows 98SE & 98 GoldWindows 98SE & 98 Gold control point available as part of XP control point available as part of XP

Home Networking packageHome Networking package APIs available in platform SDKAPIs available in platform SDK

DiagnosticsDiagnostics

Repair FeaturesRepair Features

Multiple Entry PointsMultiple Entry Points Status IconStatus Icon Connections FolderConnections Folder PC HealthPC Health

Performs Common Repair TasksPerforms Common Repair Tasks IP Address RenewIP Address Renew ARP and DNS Cache FlushARP and DNS Cache Flush WINS RefreshWINS Refresh DNS re-registerDNS re-register

Network Status FeaturesNetwork Status Features

Network Connection Status IconNetwork Connection Status Icon Error icon shows broken connection, no Error icon shows broken connection, no

connection or signal, or invalid addressconnection or signal, or invalid address Normal icon shows auto-config address, Normal icon shows auto-config address,

and Ad Hoc wireless modeand Ad Hoc wireless mode Tool tips describe simple problemsTool tips describe simple problems

Network Monitor tab in TaskmanNetwork Monitor tab in Taskman Network information displayed on Network information displayed on

connection folder pageconnection folder page Support Tab Added to Status Dialog Support Tab Added to Status Dialog

of connection of connection Replaces WinIPconfig. Replaces WinIPconfig.

DGNet FeaturesDGNet Features

Works with PC Health to gather Works with PC Health to gather system informationsystem information

Three Levels of Display ResultsThree Levels of Display Results User Selectable TestUser Selectable Test

System PropertiesSystem Properties Network Adapter, modem and VPN Network Adapter, modem and VPN

informationinformation Application TestApplication Test

IE Proxy, News Server, Mail IE Proxy, News Server, Mail ServerServer

WirelessWireless

Wireless LAN TrendsWireless LAN Trends Increased WLAN bandwidthIncreased WLAN bandwidth

11Mbps for Wi-Fi11Mbps for Wi-Fi 22Mbps and 54Mbps coming22Mbps and 54Mbps coming

Reduced cost of equipmentReduced cost of equipment $95 per Wi-Fi card, $200 per Access Point$95 per Wi-Fi card, $200 per Access Point

Increased use of laptops and PDAsIncreased use of laptops and PDAs Mobile usersMobile users

Growth of Wi-Fi embedded in laptopsGrowth of Wi-Fi embedded in laptops Wi-Fi is growing rapidlyWi-Fi is growing rapidly

Wireless LAN ScenariosWireless LAN Scenarios EnterpriseEnterprise

Want secure user authentication and Want secure user authentication and key distributionkey distribution

Want to support guest access to the Want to support guest access to the InternetInternet

Public places (Airports, Malls, etc)Public places (Airports, Malls, etc) Want user authentication for billingWant user authentication for billing

HomeHome Want simple, no new wires networkWant simple, no new wires network

RoamingRoaming Want transparent roamingWant transparent roaming

Windows XP Windows XP Simplifies WirelessSimplifies Wireless Zero configuration Zero configuration

Automatically scans for networkAutomatically scans for network Automatically configures Wi-Fi NIC Automatically configures Wi-Fi NIC

Secure LAN accessSecure LAN access IEEE 802.1XIEEE 802.1X Supports different credentials, Supports different credentials,

limited access & guest accountslimited access & guest accounts RoamingRoaming

Alternative IP configurationAlternative IP configuration Network location awarenessNetwork location awareness

SummarySummary Windows XP brings Millennium Windows XP brings Millennium

parity to the 2000 code baseparity to the 2000 code base Windows XP makes networking Windows XP makes networking

accessible to consumersaccessible to consumers Simplified set-up and diagnosticsSimplified set-up and diagnostics Focus on key scenariosFocus on key scenarios

Windows XP is the best platform Windows XP is the best platform ever for always connected and ever for always connected and broadband connectivitybroadband connectivity ICS, Bridge, FirewallICS, Bridge, Firewall Roaming, wireless supportRoaming, wireless support

Backup slidesBackup slides

Call to ActionCall to Action

IHVs/ISVsIHVs/ISVs Use UPnP to detect and configure Use UPnP to detect and configure

Internet gateway Internet gateway take NAT into consideration when take NAT into consideration when

writing protocolswriting protocols Compatibility: test early, test oftenCompatibility: test early, test often Plan now for IPv6Plan now for IPv6

IHVsIHVs: ensure network cards : ensure network cards report promiscuous mode report promiscuous mode properlyproperly

ResourcesResources

Home Networking feedback – Home Networking feedback – hnetfb@microsoft.comhnetfb@microsoft.com

Writing NAT friendly apps – Writing NAT friendly apps – http://www.microsoft.com/Windows2000/library/howihttp://www.microsoft.com/Windows2000/library/howitworks/communications/networkbasics/natdoc1.asptworks/communications/networkbasics/natdoc1.asp

Universal Plug and Play website Universal Plug and Play website – http://www.upnp.org– http://www.upnp.org

Network Address Network Address TranslationTranslation

What is Network Address What is Network Address Translation (NAT)?Translation (NAT)?

Multiplexes the address space behind the Multiplexes the address space behind the NATNAT

Edits source address and ports in IP trafficEdits source address and ports in IP traffic All network traffic leaving the public side of the All network traffic leaving the public side of the

NAT appears originate from one IP addressNAT appears originate from one IP address

Internet

192.168.1.2

192.168.1.3 192.168.1.1 157.55.0.1

How NAT worksHow NAT works

Default gateway is the NATDefault gateway is the NAT NAT maps internal source address and port with NAT maps internal source address and port with

specific external source addressspecific external source address Modifies packet with NAT’s external address and new Modifies packet with NAT’s external address and new

source portsource port Forwards packet to serverForwards packet to server Response packet internal destination is resolved by Response packet internal destination is resolved by

NAT based on port state table NAT based on port state table

212.3.2.10

Src: 212.3.2.10:5205Dest: 212.3.2.4:80

Client

192.168.1.5Src: 192.168.1.5:3123

Dest: 212.3.2.4:80Gateway: 192.168.1.1

Server

212.3.2.4

NAT

192.168.1.1

Working with NAT is criticalWorking with NAT is critical

Many firewalls are based on NATMany firewalls are based on NAT With 24 x 7 connectivity, the # of personal With 24 x 7 connectivity, the # of personal

firewalls deployed will increase.firewalls deployed will increase. WindowsWindows®® ICS is widely deployed ICS is widely deployed There are lots of other NATs from lots of There are lots of other NATs from lots of

vendorsvendors Cable modemsCable modems DSL modemsDSL modems ISDN routersISDN routers Other combo router/gateway/edge devicesOther combo router/gateway/edge devices

Forcing NAT to edit protocols does not scale Forcing NAT to edit protocols does not scale with either the # of protocols or the # of with either the # of protocols or the # of NAT solutionsNAT solutions

Things that break with NATThings that break with NAT

Using IP addresses in data payloadsUsing IP addresses in data payloads Using port numbers in payloadsUsing port numbers in payloads Assuming that you can always send or Assuming that you can always send or

receive on a specific port, range of ports, or receive on a specific port, range of ports, or sequence of portssequence of ports

Assuming hosts will keep the same IP Assuming hosts will keep the same IP address throughout a conversationaddress throughout a conversation

Assuming that your application can receive Assuming that your application can receive unsolicited inbound connectionsunsolicited inbound connections

Assuming that all application clients have Assuming that all application clients have the same view of the network that you havethe same view of the network that you have

Building NAT friendly protocolsBuilding NAT friendly protocols

Don’t rely on embedded address and port Don’t rely on embedded address and port informationinformation Use fully qualified domain names and/or user Use fully qualified domain names and/or user

names where possiblenames where possible Let DNS do the workLet DNS do the work

Don’t make assumptions about addresses Don’t make assumptions about addresses and ports staying the sameand ports staying the same

Avoid having unsolicited inbound Avoid having unsolicited inbound connections in your protocolconnections in your protocol

Encrypted protocols should avoid having the Encrypted protocols should avoid having the checksum cover the IP headerchecksum cover the IP header

Test your protocol with ICS and other NATsTest your protocol with ICS and other NATs Remember IPv6 Remember IPv6

Wireless Zero ConfigurationWireless Zero Configuration

Automatically scans for wireless LANs Automatically scans for wireless LANs nearbynearby Configure 802.11 NIC to match available networkConfigure 802.11 NIC to match available network User can setup one or more preferred networksUser can setup one or more preferred networks

Possible to disable non-preferred networksPossible to disable non-preferred networks If no 802.11 networks nearby configure 802.11 If no 802.11 networks nearby configure 802.11

NIC to peer-to-peer modeNIC to peer-to-peer mode Possible to disable peer-to-peer mode or force Possible to disable peer-to-peer mode or force

itit

Integrated with securityIntegrated with security If security fails find another network to useIf security fails find another network to use

LAN Access SecurityLAN Access Security IEEE 802.1XIEEE 802.1X

Standard protocol for authenticated network accessStandard protocol for authenticated network access Supported on Ethernet and 802.11Supported on Ethernet and 802.11 User and machine authentication using User and machine authentication using

RadiusRadius Same as used for dial-up and VPN authenticationSame as used for dial-up and VPN authentication Windows 2000 Internet Authentication Server can Windows 2000 Internet Authentication Server can

be integrated with Active Directory user databasebe integrated with Active Directory user database Level of network access is under admin Level of network access is under admin

controlcontrol No access (don’t even get an IP address)No access (don’t even get an IP address) Complete accessComplete access Guest accessGuest access

Supports distribution of encryption keys to Supports distribution of encryption keys to clientsclients

RoamingRoaming Alternative IP configurationAlternative IP configuration

DHCP + static IP configurationDHCP + static IP configuration Automatic switch between configurationsAutomatic switch between configurations

Extended Windows 2000 auto DHCP renewExtended Windows 2000 auto DHCP renew Check IP address on roamingCheck IP address on roaming

Extended Windows 2000 reconfiguration Extended Windows 2000 reconfiguration support on IP address changesupport on IP address change QoS reservations updatedQoS reservations updated IE proxy settings re-detectedIE proxy settings re-detected

IP prefers fastest network interfaceIP prefers fastest network interface E.g. 11Mbps wireless and 100Mbps EthernetE.g. 11Mbps wireless and 100Mbps Ethernet

RoamingRoamingNetwork location extensions to WinsockNetwork location extensions to Winsock

Applications that want to be network Applications that want to be network awareaware E.g. Firewall, IEE.g. Firewall, IE

Information about the network Information about the network connectivity the machine hasconnectivity the machine has Speed, interface type, network type (e.g. Speed, interface type, network type (e.g.

connected to the Interface), ICS connected to the Interface), ICS information, 802.1X informationinformation, 802.1X information

Connectivity change notificationConnectivity change notification