By Garrett Seeley and Clint Williams
In past articles, we discussed the purpose and use of layer two networking hardware such as switches and wireless access points. Continuing with networking discussions, let’s evaluate layer three hardware. This is a very useful set of hardware because layer three of the OSI model uses the IP address.
The following hardware will use an IP address in its settings: routers, gateways, DNS servers, firewalls, VPNs, access control lists and cybersecurity appliances. Recall that the letters IP literally mean Internet protocol, it is the setting to access the Internet. The most important additional concepts are the gateway and Domain Name Servers (DNS). These settings are in routers used in home networks and servers in hospitals.
The settings for Internet access were discussed in the article on TCP/IP and in the article on advanced subnetting. To recap, all Internet devices use an IP, subnet, gateway and DNS. IP address is a location of a device on a Local Area Network (LAN), and the subnet is a description of the scope of the network. For home networks, the gateway and DNS settings are usually the local router IP. To view these settings, go to the command prompt. To run this, search “cmd” in any Windows based machine. This will bring up the command prompt. From there type, “IPCONFIG/ALL” to see the IP settings. The two settings not previously explained are the gateway and the DNS. A gateway is just as it sounds. A gate is a way to leave somewhere. A gateway allows a device using an IP to communicate to a device outside of the LAN. It allows for communication to the Internet, which is a wide area network or WAN. If this is confusing, look at the graphic.
To get to the Internet, traffic from the computers must leave the LAN through the router. The router functions as a gateway and provides Internet sharing. One connection on the router connects the entire network to the Internet. Technically, this does not have to be done by a router. It could be accomplished with a server and two different NIC adaptors; one for each network. The pictured router has a built-in gateway server, as well as a switch for the three devices connected to it. It also has a wireless access point because it has two integrated antennas. Most home routers will perform these functions. Look at a home network for a live view of this network flow. Keep in mind the gateway had two IP addresses, one for the LAN side and one for the WAN/Internet side. These are often marked on the router as separate network ports. The switch and access point share this connector to the attached devices. This is the purpose of a gateway, and all routers are gateways.
The hard part of understanding routers isn’t the integrated hardware of services, it is the way it sorts data. Picture a scenario where two people are on the same website. They are both accessing the same search from the Internet. Their local network router sends data between the computer and the laptop, sorted because they each have a different IP, let’s say 192.168.1.101 and 192.168.1.102 respectively. Assume they are both looking at 142.250.191.206. The computers are both doing different things on the same server. The Network Address Translation table, or NAT, in the router knows which answer from 142.250.191.206 is intended for 192.168.1.101 and which is for 192.138.1.102. It does this by using the ports as a separator. If this is not clear, do not worry. A NAT is just something a biomed technician should be aware of, and full understanding is not required. Just know that the router will keep the communications separate, even when receiving replies from the same WAN server for devices on the same LAN.
The DNS setting in a home network is usually the router as well, but it does not have to be. The DNS is like a phone book for the Internet. The Internet does not use names. It uses numbers. However, people use names for websites. For example, pinging Google.com may give an answer from the IP: 142.250.191.206. A DNS is the server matching human given names to an IP number. It is like a global phonebook for the Internet. It describes to LAN devices how to get to the IP that represents the name. The best machine on a home LAN to give these numbers for the names on the Internet is the router. If the router does not know, it will ask the router of DNS it attaches to, and so on and so forth. Eventually, a DNS router or server that knows the answer gives back a number. This is sufficient for a small network. However, larger networks have too many DNS requests for a router to focus on this task. For this reason, hospitals will run a separate DNS server. This also allows for internal DNS names. A LAN server can be given a name by a local DNS as if it were an Internet web address. Other devices can use this LAN name instead of an IP. Because of the convenience of this feature, most hospitals use a separate DNS server on their LAN. In a hospital setting, it is almost never the router or gateway.
There are other things that routers can do. For example, they can work together. They can be used inside a LAN to separate the subnets and restrict access from the larger LAN. This creates an issue called “port forwarding.” Just know that rules can be set to allow communication through a router to another subnet on a LAN. This is also programable using routing protocols. Again, like NAT, it is important to be aware of these things. Thankfully, it is not required that the average biomedical technician know how to set these things up. There is a whole separate degree for this work called network administration. Just be aware that routers can be used inside a LAN as well, usually on the divisions of subnet to isolate LAN traffic. This gives better control of LAN access to that subnet. Future articles will discuss the use of firewalls, port forwarding and permissible traffic. This is really where networking takes off and warrants its own article. Unfortunately, biomed technicians are being pulled into dealing with firewalls, port forwarding, VPN access, ACL lists and even basic concepts of routing protocols. More will have to follow on this subject.
For now, just look at the router at home. It’s a marvel performing thousands of operations per second. Look at its integrated switch, LAN and WAN ports, and wireless access points. Perhaps it even has integrated USB for file and print server functions. If not done already, download the router manual and read on its settings and capabilities. The best lab to learn this stuff is right at home. Get to it and enjoy exploring it.
