Last updated: 1999.11.17

Introduction

This page is under construction. The comparison of routers has moved.

T&B provides a range of Internet services, aimed at enabling businesses with little in house expertise to host their own permanent Internet connection and servers.

In order to connect a business's LAN (Local Area Network) or intranet to the Internet, a TCP/IP router is required. Below is an introduction to routing a LAN to the internet. We also have a comparison of several hardware and software routers.

---

All Macs today have built in Ethernet, and most LANs today use 10BaseT or 100BaseT Ethernet. Several protocols can be transmitted over Ethernet, including AppleTalk, IPX and TCP/IP. With the increasing dominance of Internet standards, however, TCP/IP is now the most popular protocol. Whenever you check or send email, FTP a file, browse a web page or even share a file, you are most likely using TCP/IP.

For the purposes of this discussion, we'll simplify the TCP/IP concepts a bit.

---

In order for each machine to exist on the network, it needs to be uniquely identified with its own address. This address is made up of four bytes, where each byte can be a number from 0 to 254. They are generally written with a period between each as numbers, such as 192.168.1.1 or 203.57.42.254.

When setting up a local area network (LAN), you can typically assign any IP addresses you like, with two restrictions:

1. If the IP addresses are not registered to you, then you should use an intranet range, reserved for private networks.
   
2. All machines that need to talk to each other directly (such as a server and several clients) need to have an IP address in the same "network" (discussed shortly).
   
   

To satisfy both of the above, machines on a private networks are often assigned addresses in the range 192.168.1.1 through to 192.168.1.254. For instance, a valid address for one computer would be 192.168.1.199.

In the TCP/IP control panel, the configuration looks like this:

---

Two machines are deemed to be on the same TCP/IP network if the first part of their IP addresses is the same. For instance 192.168.1.1 and 192.168.1.2 are on the same network, but 203.57.42.254 is on a different network.

But what is the "first part"? Is it the first three bytes (as in the previous example), only the first two or somewhere in between? The network component of the address (that is the break off point for the "first part") is determined by the subnet mask. It basically just draws the line where the network part ends and the unique machine ID begins.

For simplicity, we'll consider the "class C" subnet mask, which is 255.255.255.0. Each 255 means that the corresponding byte of the IP address is the network address, leaving the bytes matching zeros to be the unique machine ID, called the "node".

So, for an IP address of 192.168.1.1 with a subnet mask of 255.255.255.0, the network is 192.168.1 and the node is 1. The IP address 192.168.1.2 is on the same network but has a different node of 2. The IP address 192.168.2.1 is on a different network 192.168.2.

Continuing our previous example, the TCP/IP control panel settings for our sample workstation will be:

---

The TCP/IP mechanism knows that any machine on the same network can be contacted directly, but machines on another network must be contacted through a router or gateway. The router is a specific device (software or hardware) that forwards a transmission from a local network to other networks.

Since the router is another device on the network, it needs to have its own internal IP address that the computers can contact. So it has to be on the same network but with a unique node. Let's use the example router address of 192.168.1.254.

To configure each computer to use the router for transmission to machines outside of the internal network, we configure each TCP/IP control panel with the router entry, such as:



Assuming that a router exists and is working, each workstation can now contact other LAN machines directly and external servers through the router.

---

For completeness, this section briefly explains the purpose of the remaining fields of the TCP/IP control panel.

When you type an address in your web browser, email or other service, it is normally as a name, such as www.tandb.com.au, rather than a number. But since TCP/IP needs to know the IP address (as a number) of the service to which you are connecting, the name has to be translated. The translation is called "domain name resolving", "host name resolving" or "name server lookup". For instance, www.tandb.com.au would translate to 203.57.42.254. The translation is on the whole name, not each byte between the periods. For instance, "tandb" by itself is meaningless and does not translate to "57".

The name to number translation is handled by a domain name server (DNS) on your network. Like all devices, it has its own IP address (eg 192.168.1.100).

Furthermore, the TCP/IP control panel can be given a search domain, which is added to any partial names. For instance, with a search domain of "mycompany.com.au", a web browser entry of "www" would be expanded to be "www.mycompany.com.au"

Our sample TCP/IP control panel now looks like this:

---

When a one computer sends a stream of data to another computer, that stream fundamentally consists of:



The source IP is the IP address of the originating computer. The destination IP is the IP address of the destination computer.

---

One specific type of router is a network address translation router (NAT router). It is so named because it forwards transmissions from every machine on your network to the internet, but translates those transmissions so they appear to have all come from the same address - the public address of the router.

As already stated, any router needs to have an IP address in the same network (192.168.1.x in our example) as those computers that need to use it. A NAT router also has a second IP address that is used for communication with the internet. For example, a NAT router may have a LAN IP address of 192.168.1.254 and a public (or internet or ISP) IP address of 139.130.5.72. When an internal computer sends a transmission to the internet, the NAT router translates that stream of information so that it appears to have originated from its own public IP address.



For example, if LAN computer requests this web page from T&B, the URL would be:
http://www.tandb.com.au/internet/routing/

The DNS mechanism would lookup www.tandb.com.au as being located at IP address 203.57.42.254. So the stream would look like this as it left the LAN computer:



Since the request is for a computer outside the LAN, it is sent to the router. A normal router would just forward the stream via the internet to the server computer. But a NAT router replaces the source IP with its own public IP address. So, the stream could look like this as it leaves the router via the internet:



When the server receives the stream, it processes the request and sends the result streams (such as an HTML file and a few GIF images) to the original source IP. Since all the server saw was the IP address of the router, it sends the result to the router. The result stream effectively has the source and destination swapped from the request stream. One of the result streams could look like this:



The router receives this result stream and knows from its translation of the original request stream which LAN computer requested it. The NAT router translates the result stream and sends it to the LAN computer that requested it:

---

The NAT Router allows receiving of streams that it expects. If it receives a transmission from an external server that is the result of a recent request from an internal client, then it will receive the stream and forward it to the requesting computer.

If an external client tries to contact an internal server (such as a web server on the LAN), then the NAT router will be default reject the request, preventing it from getting through. But most NAT routers can be configured to allow external clients to connect to specific internal services.

By preventing all inbound connections except those expected or allowed, the router is a "firewall".

---

The single internet IP address feature has seen the popularity of NAT routers increase greatly in over the last few years. Many NAT routers are available, such as those compared on our routers page. Of recent note are Apple's new Airport Base Station that connects Ethernet and wireless LAN clients to the Internet via a single 56k modem. Others have their own compelling features such as support for multiple modems, logging and various filters.

More to be added here soon.

---

Most of these routers use NAT (Network Address Translation) to make multiple network machines appear to the Internet as one IP address. This can create special requirements for the configuration of your domain name servers.