Introduction to Intranets

What exactly is an intranet? It's one of those terms that's more thrown around than understood, and has become more of a buzzword than a commonly understood idea. Simply put, an intranet is a private network with Internet technology used as the underlying architecture. An intranet is built using the Internet's TCP/IP protocols for communications. TCP/IP protocols can be run on many hardware platforms and cabling schemes. The underlying hardware is not what makes an intranet-it's the software protocols that matter.

Intranets can co-exist with other local area networking technology. In many companies, existing "legacy systems" including mainframes, Novell networks, minicomputers, and various databases, are being integrated into an intranet. A wide variety of tools allow this to happen. Common Gateway Interface (CGI) scripting is often used to access legacy databases from an intranet. The Java programming language can be used to access legacy databases as well.

With the enormous growth of the Internet, an increasing number of people in corporations use the Internet for communicating with the outside world, for gathering information, and for doing business. It didn't take long for people to recognize that the components that worked so well on the Internet could be equally valuable internally and that is why intranets are becoming so popular. Some corporations do not have TCP/IP networks, the protocol required to access the resources of the Internet. Creating an intranet in which all the information and resources can be used seamlessly has many benefits. TCP/IP-based networks make it easy for people to access the network remotely, such as from home or while traveling. Dialing into an intranet in this way is much like connecting to the Internet, except that you're connecting to a private network instead of to a public Internet provider. Interoperability between networks is another substantial bonus.

Security systems separate an intranet from the Internet. A company's intranet is protected by firewalls-hardware and software combinations that allow only certain people to access the intranet for specific purposes.

Intranets can be used for anything that existing networks are used for-and more. The ease of publishing information on the World Wide Web has made them popular places for posting corporate information such as company news or company procedures. Corporate databases with easy-to-build front-ends use the Web and programming languages such as Java.

Intranets allow people to work together more easily and more effectively. Software known as groupware is another important part of intranets. It allows people to collaborate on projects; to share information; to do videoconferencing; and to establish secure procedures for production work. Free server and client software and the multitude of services, like newsgroups, stimulated the Internet's growth. The consequence of that growth stimulated and fueled the growth of intranets. The ease with which information can be shared, and with which people can communicate with one another will continue to drive the building of intranets.

A Global View of an Intranet

An intranet is a private corporate or educational network that uses the Internet's TCP/IP protocols for its underlying transport. The protocols can run on a variety of network hardware, and can also co-exist with other network protocols, such as IPX. People from inside an intranet can get at the larger Internet resources, but those on the Internet cannot get into the intranet, which allows only restricted access from the Internet.

• Videoconferencing is an important application that requires sending massive quantities of data. Intranets can be built using components that allow the extremely high bandwidths required for transferring such information.

• Often an intranet is composed of a number of different networks inside a corporation that all communicate with one another via TCP/IP. These separate networks are often referred to as subnets.

• Software that allows people to communicate with each other via e-mail and public message boards and to collaborate on work using workgroup software is among the most powerful intranet programs. Applications that allow different corporate departments to post information, and for people to fill out corporate forms, such as time sheets, and for tapping into corporate financial information are very popular.

• Much of the software used on intranets is standard, off-the-shelf Internet software such as the Netscape Navigator and the Microsoft Explorer Web browsers. And customized programs are often built, using the Java programming language and CGI scripting.

• Intranets can also be used to allow companies to do business-to-business transactions, such as ordering parts, sending invoices, and making payments. For extra security, these intranet-to-intranet transactions need never go out over the public Internet, but can travel over private leased lines instead.

• Intranets are a powerful system for allowing a company to do business online, for example, to allow anyone on the Internet to order products. When someone orders a product on the Internet, information is sent in a secure manner from the public Internet to the company's intranet, where the order is processed and completed.

• In order to protect sensitive corporate information, and to ensure that hackers don't damage computer systems and data, security barriers called firewalls protect an intranet from the Internet. Firewall technology uses a combination of routers, servers and other hardware and software to allow people on an intranet to use Internet resources, but blocks outsiders from getting into the intranet.

• Many intranets have to connect to "legacy systems"-hardware and databases that were built before an intranet was constructed. Legacy systems often use older technology not based on the intranet's TPC/IP protocols. There are a variety of ways in which intranets can tie to legacy systems. A common way is to use CGI scripts to access the database information and pour that data into HTML formatted text, making it available to a Web browser.

• Information sent across an intranet is sent to the proper destination by routers, which examine each TCP/IP packet for the IP address and determine the packet's destination. It then sends the packet to the next router closest to the destination. If the packet is to be delivered to an address on the same subnetwork of the intranet it was sent from, the packet may be able to be delivered directly without having to go through any other routers. If it is to be sent to another subnetwork on the intranet, it will be sent to another internal router address. If the packet is to be sent to a destination outside the intranet-in other words, to an Internet destination-the packet is sent to a router that connects to the Internet

How TCP/IP and IPX Work on Intranets

What distinguishes an intranet from any other kind of private network is that it is based on TCP/IP-the same protocols that apply to the Internet. TCP/IP refers to two protocols that work together to deliver data: the Transmission Control Protocol (TCP) and the Internet Protocol (IP). When you send information across an intranet, the data is broken into small packets. The packets are sent independently through a series of switches called routers. Once all the packets arrive at their destination, they are recombined into their original form. The Transmission Control Protocol breaks the data into packets and recombines them on the receiving end. The Internet Protocol handles the routing of the data and makes sure it gets sent to the proper destination.

1. In some companies, there may be a mix of TCP/IP-based intranets and networks based on other networking technology, such as NetWare. In that instance, the TCP/IP technology of an intranet can be used to send data between NetWare or other networks, using a technique called IP tunneling. In this instance, we'll look at data being sent from one NetWare network to another, via an intranet. NetWare networks use the IPX (Internet Packet Exchange) protocol as a way to deliver data-and TCP/IP networks can't recognize that protocol. To get around this, when an IPX packet is to be sent across an intranet, it is first encapsulated inside an IP packet by a NetWare server specifically for and dedicated to providing the IP transport mechanism for IPX packets.

2. Data sent within an intranet must be broken up into packets of less than 1,500 characters each. TCP breaks the data into packets. As it creates each packet, it calculates and adds a checksum to the packet. The checksum is based on the byte values, that is, the precise amount of data in the packet.

3. Each packet, along with the checksum, is put into separate IP wrappers or "envelopes." These wrappers contain information that details exactly where on the intranet-or the Internet-the data is to be sent. All of the wrappers for a given piece of data have the same addressing information so that they can all be sent to the same location for reassembly.

4. The packets travel between networks by intranet routers. Routers examine all IP wrappers and look at their addresses. These routers determine the most efficient path for sending each packet to its final destination. Since the traffic load on an intranet often changes, the packets may be sent along different routes, and the packets may arrive out of order. If the router sees the address is one located inside the intranet, the packet may be sent directly to its destination, or it may instead be sent to another router. If the address is located out on the Internet, it will be sent to another router so it can be sent across the Internet.

5. As the packets arrive at their destination, TCP calculates a checksum for each packet. It then compares this checksum with the checksum that has been sent in the packet. If the checksums don't match, TCP knows that the data in the packet has been corrupted during transmission. It then discards the packet and asks that the original packet be retransmitted.

6. TCP includes the ability to check packets and to determine that all the packets have been received. When all the non-corrupt packets are received, TCP assembles them into their original, unified form. The header information of the packets relays the sequence of how to reassemble the packets.

7. An intranet treats the IP packet as it would any other, and routes the packet to the receiving NetWare network. On the receiving NetWare network, a NetWare TCP/IP server decapsulates the IP packet-it discards the IP packet, and reads the original IPX packet. It can now use the IPX protocol to deliver the data to the proper destination.

How the OSI Model Works

A group called the International Standards Organization (ISO) has put together the Open Systems Interconnect (OSI) Reference Model, which is a model that describes seven layers of protocols for computer communications. These layers don't know or care what is on adjacent layers. Each layer, essentially, only sees the reciprocal layer on the other side. The sending application layer sees and talks to the application layer on the destination side. That conversation takes place irrespective of, for example, what structure exists at the physical layer, such as Ethernet or Token Ring. TCP combines the OSI model's application, presentation, and session layers into one which is also called the application layer.

• The application layer refers to application interfaces, not programs like word processing. MHS (Message Handling Service) is such an interface and it operates at this level of the OSI model. Again, this segmentation and interface approach means that a variety of email programs can be used on an intranet so long as they conform to the MHS standard at this application interface level.

• The presentation layer typically simply provides a standard interface between the application layer and the network layers. This type of segmentation allows for the great flexibility of the OSI model since applications can vary endlessly, but, as long as the results conform to this standard interface, the applications need not be concerned with any of the other layers.

• The session layer allows for the communication between sender and destination. These conversations avoid confusion by speaking in turn. A token is passed to control and to indicate which side is allowed to speak. This layer executes transactions, like saving a file. If something prevents it from completing the save, the session layer, which has a record of the original state, returns to the original state rather than allowing a corrupt or incomplete transaction to occur.

• The transport layer segments the data into acceptable packet sizes and is responsible for data integrity of packet segments. There are several levels of service that can be implemented at this layer, including segmenting and reassembly, error recovery, flow control, and others.

• The IP wrapper is put around the packet at the network or Internet layer. The header includes the source and destination addresses, the sequence order, and other data necessary for correct routing and rebuilding at the destination.

• The data-link layer frames the packets-for example, for use with the PPP (Point to Point). It also includes the logical link portion of the MAC sublayer of the IEEE 802.2, 802.3 and other standards.

• Ethernet and Token Ring are the two most common physical layer protocols. They function at the MAC (Media Access Control) level and move the data over the cables based on the physical address on each NIC (Network Interface Card). The physical layer includes the physical components of the IEEE 802.3 and other specifications.

How TCP/IP Packets Are Processed

Protocols such as TCP/IP determine how computers communicate with each other over networks such as the Internet. These protocols work in concert with each other, and are layered on top of one another in what is commonly referred to as a protocol stack. Each layer of the protocol is designed to accomplish a specific purpose on both the sending and receiving computers. The TCP stack combines the application, presentation, and the session layers into a single layer also called the application layer. Other than that change, it follows the OSI model. The illustration below shows the wrapping process that occurs to transmit data.

• The TCP application layer formats the data being sent so that the layer below it, the transport layer, can send the data. The TCP application layer performs the equivalent actions that the top three layers of OSI perform: the application, presentation, and session layers.

• The next layer down is the transport layer, which is responsible for transferring the data, and ensures that the data sent and the data received are in fact the same data-in other words, that there have been no errors introduced during the sending of the data. TCP divides the data it gets from the application layer into segments. It attaches a header to each segment. The header contains information that will be used on the receiving end to ensure that the data hasn't been altered en route, and that the segments can be properly recombined into their original form.

• The third layer prepares the data for delivery by putting them into IP datagrams, and determining the proper Internet address for those datagrams. The IP protocol works in the Internet layer, also called the network layer. It puts an IP wrapper with a header onto each segment. The IP header includes information such as the IP address of the sending and receiving computers, and the length of the datagram, and the sequence order of the datagram. The sequence order is added because the datagram could conceivably exceed the size allowed for network packets, and so would need to be broken into smaller packets. Including the sequence order will allow them to be recombined properly.

• The Internet layer checks the IP header and checks to see whether the packet is a fragment. If it is, it puts together fragments back into the original datagram. It strips off the IP header, and then sends the datagram to the transport layer.

• The transport layer looks at the remaining header to decide which application layer protocol-TCP or UDP-should get the data. Then the proper protocol strips off the header and sends the data to the receiving application.

• The application layer gets the data and performs, in this case, an HTTP request.

• The next layer down, the data link layer, uses protocols such as the Point-to-Point Protocol (PPP) to put the IP datagram into a frame. This is done by putting a header-the third header, after the TCP header and the IP header-and a footer around the IP datagram to fra-me it. Included in the frame header is a CRC check that checks for errors in the data as the data travels over the network.

• The data-link layer ensures that the CRC for the frame is right, and that the data hasn't been altered while it was sent. It strips off the frame header and the CRC, and sends the frame to the Internet layer.

• On the receiving computer, the packet travels through the stack, but in the opposite order from which the packet was created. In other words, it starts at the bottom layer, and moves its way up through the protocol stack. As it moves up, each layer strips off the header information that was added by the TCP/IP stack of the sending computer.

• The final layer is the physical network layer, which specifies the physical characteristics of the network being used to send data. It describes the actual hardware standards, such as the Ethernet specification. The layer receives the frames from the data link layer, and translates the IP addresses there into the hardware addresses required for the specific network being used. Finally, the layer sends the frame over the network.

• The physical network layer receives the packet. It translates the hardware address of the sender and receiver into IP addresses. Then it sends the frame up to the data link layer.

How Bridges Work

Bridges are hardware and software combinations that connect different parts of a single network, such as different sections of an intranet. They connect local area networks (LANs) to each other. They are generally not used, however, for connecting entire networks to each other, for example, for connecting an intranet to the Internet, or an intranet to an intranet, or to connect an entire subnetwork to an entire subnetwork. To do that, more sophisticated pieces of technology called routers are used.

1. When there is a great amount of traffic on an Ethernet local area network, packets can collide with one another, reducing the efficiency of the network, and slowing down network traffic. Packets can collide because so much of the traffic is routed among all the workstations on the network.

2. In order to cut down on the collision rate, a single LAN can be subdivided into two or more LANs. For example, a single LAN can be subdivided into several departmental LANs. Most of the traffic in each departmental LAN stays within the department LAN, and so it needn't travel through all the workstations on all the LANs on the network. In this way, collisions are reduced. Bridges are used to link the LANs. The only traffic that needs to travel across bridges is traffic bound for another LAN. Any traffic within the LAN need not travel across a bridge.

3. Each packet of data on an intranet has more information in it than just the IP information. It also includes addressing information required for other underlying network architecture, such as for an Ethernet network. Bridges look at this outer network addressing information and deliver the packet to the proper address on a LAN

4. Bridges consult a learning table that has the addresses of all the network nodes in it. If a bridge finds that a packet belongs on its own LAN, it keeps the packet inside the LAN. If it finds that the workstation is on another LAN, it forwards the packet. The bridge constantly updates the learning table as it monitors and routes traffic.

5. Bridges can connect LANs in a variety of different ways. They can connect LANs using serial connections over traditional phone lines and modems, over ISDN lines, and over direct cable connections. CSU/DSU units are used to connect bridges to telephone lines for remote connectivity.

6. Bridges and routers are sometimes combined into a single product called a brouter. A brouter handles both bridging and routing tasks. If the data needs to be sent only to another LAN on the network or subnetwork, it will act only as a bridge delivering the data based on the Ethernet address. If the destination is another network entirely, it will act as a router, examining the IP packets and routing the data based on the IP address.

How Intranet Routers Work

Just as routers direct traffic on the Internet, sending information to its proper destination, and routers on an intranet perform the same function. Routers-equipment that is a combination of hardware and software-can send the data to a computer on the same sub network inside the intranet, to another network on the intranet, or outside to the Internet. They do this by examining header information in IP packets, and then sending the data on its way. Typically, a router will send the packet to the next router closest to the final destination, which in turn sends it to an even closer router, and so on, until the data reaches its intended recipient.

1. A router has input ports for receiving IP packets, and output ports for sending those packets toward their destination. When a packet comes to the input port, the router examines the packet header, and checks the destination in it against a routing table-a database that tells the router how to send packets to various destinations.

2. Based on the information in the routing table, the packet is sent to a particular output port, which sends the packet to the next closest router to the packet's destination.

3. If packets come to the input port more quickly than the router can process them, they are sent to a holding area called an input queue. The router then processes packets from the queue in the order they were received. If the number of packets received exceeds the capacity of the queue (called the length of the queue), packets may be lost. When this happens, the TCP protocol on the sending and receiving computers will have the packets re-sent.

4. In a simple intranet that is a single, completely self-contained network, and in which there are no connections to any other network or the intranet, only minimal routing need be done, and so the routing table in the router is exceedingly simple with very few entries, and is constructed automatically by a program called ifconfig.

5. In a slightly more complicated intranet which is composed of a number of TCP/IP-based networks, and connects to a limited number of TCP/IP-based networks, static routing will be required. In static routing, the routing table has specific ways of routing data to other networks. Only those pathways can be used. Intranet administrators can add routes to the routing table. Static routing is more flexible than minimal routing, but it can't change routes as network traffic changes, and so isn't suitable for many intranets.

6. In more complex intranets, dynamic routing will be required. Dynamic routing is used to permit multiple routes for a packet to reach its final destination. Dynamic routing also allows routers to change the way they route information based on the amount of network traffic on some paths and routers. In dynamic routing, the routing table is called a dynamic routing table and changes as network conditions change. The tables are built dynamically by routing protocols, and so constantly change according to network traffic and conditions.

7. There are two broad types of routing protocols: interior and exterior. Interior routing protocols are typically used on internal routers inside an intranet that routes traffic bound only for inside the intranet. A common interior routing protocol is the Routing Information Protocol (RIP). Exterior protocols are typically used for external routers on the Internet. A