Windows Networking And Alternate Transports

Windows Networking is the suite of programs that provide file and printer sharing between computers running Microsoft Windows (and compatible Operating Systems, such as Linux). Windows Networking runs at the Application level of the OSI Network Model, and, in its default configuration, uses NetBIOS Over TCP/IP (NetBT) and TCP/IP, for logical connectivity. It can be customised to use alternate transports, like IPX/SPX or NetBEUI.

Microsoft supports only NetBT and TCP/IP, though you may use IPX/SPX or NetBEUI, if you're prepared to deal with the support issues. There are advantages and disadvantages to using either alternative. (Update): Windows Vista will not support NetBEUI.

Similar in effect to IPX/SPX / NetBEUI, we have a commercial product called Network Magic. Network Magic requires no complicated configuration, you just install it and it works. Unfortunately, nobody that I know knows how it works, or if it's OSI Network compliant. And, just as the disadvantages of IPX/SPX / NetBEUI, if there's a problem with the network outside its scope of effect, you may not be able to diagnose such a problem as reliably as with IP.

Advantages Of Alternate Transports


  • No filtering problems. A misconfigured or overlooked personal firewall can cause problems with IP based networks. Neither IPX/SPX nor NetBEUI is affected by firewall problems.
  • Segments are isolated. Any separate networks, connected by routers, won't pass IPX/SPX or NetBEUI based traffic between them. Windows Networking simply won't leak onto any networks connected by routers, such as the Internet.
  • Easier to setup. There's no need to configure TCP/IP settings, both IPX/SPX and NetBEUI attach directly to the hardware, and both setup automatically.


Disadvantages Of Alternate Transports

  • Network complexity. You'll likely have redundant system components in use by each computer, and redundant network traffic between each computer.
  • Lack of diagnostics. The ipconfig and ping utilities can identify logical and physical connectivity problems on an IP network. This is not available on non-IP networks, and may not give consistent results when you deal with problems on mixed networks.
  • Lack of filtering. Firewalls only filter IP network traffic.
  • Limited effect. Using alternate transports provides a workaround only for TCP/IP configuration problems, or filtering problems. It does nothing for physical problems, or for problems caused by authentication / authorisation.
  • Only TCP/IP can link multiple segments. Any separate networks, connected by routers, won't pass IPX/SPX or NetBEUI based traffic between them. If your network is segmented, for physical reasons, you'll have to bridge the segments (which is, by design, what NBT does).
  • Have to be setup properly. If just one computer on the network attaches Windows Networking to NBT, convenience and security gains are eliminated.


>> Top

Filtering
IP traffic, by design, can be filtered by personal firewalls and routers. IPX/SPX and NetBEUI, which attach directly to the physical transport and in parallel to TCP/IP, are not affected by IP based filtering. This has its good side and its bad side.

If you're having a problem with a personal firewall on a computer, you can work around that problem. IPX/SPX and NetBEUI are not affected by personal firewalls.

However, if you depend upon a personal firewall providing protection against malicious network traffic, you won't have that. Any malicious network traffic, IPX/SPX or NetBEUI based, won't be filtered.

>> Top

Segmentation
IP traffic, by design, passes thru routers; IPX/SPX and NetBEUI traffic doesn't. This has its good side and its bad side.

If you have a network in a single segment, and you use IPX/SPX or NetBEUI to provide a transport for Windows Networking, all Windows Networking traffic will stay on that segment. All shares will be totally safe from malicious access from other network segments, including the Internet.

If your network includes multiple segments, connected by routers, and you use IPX/SPX or NetBEUI as a transport for Windows Networking, all Windows Networking traffic will stay on each segment. Computers on separate segments will be unable to access each other, unless you build bridges between the segments. NBT was designed as that bridge.

>> Top

Setup
A network, using IPX/SPX or NetBEUI, is easy to setup. It's not so easy to setup properly though.

A simple IPX/SPX or NetBEUI network, in a single segment, requires no configuration. Both transports essentially set themselves up. There's no subnetting or other complicated TCP/IP settings to make.

If you want to access the Internet from your computers, though, you will still have to have TCP/IP on each computer. If you do not separate Windows Networking from TCP/IP on even one single computer, your entire Windows Networking environment may be exposed. And without protection by personal firewalls, all computers may be at risk more than if they were using NBT.

>> Top

Complexity and Use of Network and System Resources

IPX/SPX and NetBEUI are not significantly more chatty than NBT, and do not use significantly more network or system resources. If your computers only use IPX/SPX or NetBEUI, there is no complexity or resource problem.

But, if your computers will be accessing the Internet too, you'll need TCP/IP on each computer. IPX/SPX, NetBEUI, and TCP/IP, although each run under the same operating system, use different system components. And while they each generate traffic on the same network, the content of that traffic is different. So, with multiple combinations of IPX/SPX, NetBEUI, and TCP/IP operating on your network, your computers will have to work harder (to use multiple protocols), and your network hardware will have to work harder (to transport multiple protocols, with a higher volume of traffic).

If Windows Networking functions like browsing, or name resolution, run thru dual protocols on one computer, or if all computers on the LAN aren't identically setup and different computers run services thru different protocols, you'll really have problems. And some problems might not be immediately obvious either.

Separating Internet traffic (using TCP/IP) from Intranet (Windows Networking) traffic (using IPX/SPX or NetBEUI) has an effect similar to using a Virtual LAN. But using a common protocol (TCP/IP) with a properly designed layered security strategy is more efficient in the long run.

>> Top

Network Diagnostic Tools

With any network, any time there's a problem, such as an "access denied" error, you'll want to first look for a possible physical problem (by observing the lights on the network devices, and by running Device Manager diagnostics). Having dismissed the physical possibility, on a TCP/IP network, you'll be looking at IPConfig, and pinging one computer from the other. You have to eliminate lower level problems, before you can diagnose higher level problems.

If you have TCP/IP on each computer, for Internet access, you can still use ipconfig and ping. But if Windows Networking is using a separate transport, neither ipconfig or ping will be conclusively valid.
  • Just because you have IP connectivity (valid ping results), that doesn't mean that you have IPX connectivity.
  • Just because your computers are on separate subnets (from a bad IP configuration, indicated by ipconfig), you can't expect to find a NetBEUI connectivity problem.
  • If you don't install TCP/IP on each computer (or if you completely detach it from any computer), then ipconfig, ping, and other IP based diagnostics won't provide consistently relevant results.


>> Top

Limitations of Effectiveness

If you have problems with either IP configuration, or with a personal firewall, either IPX/SPX or NetBEUI will provide a good workaround. But, if the problem causing the "access denied" error is a bad cable or connection, or if you haven't setup file sharing authentication / authorisation properly, you'll have the same problem with IPX/SPX or NetBEUI. But now you won't have diagnostic tools to identify the problem.

>> Top

0 comments: