Windows Internet Windows Internet Connection SharingConnection Sharing

Dave Eitelbach Dave Eitelbach Program ManagerProgram ManagerNetworking And CommunicationsNetworking And CommunicationsMicrosoft CorporationMicrosoft Corporation

GoalsGoals

Enable multiple users in the home Enable multiple users in the home to connect to the Internetto connect to the Internet

Handle roaming laptops transparentlyHandle roaming laptops transparently Simplify or eliminate configurationSimplify or eliminate configuration Enable telecommuting using the Enable telecommuting using the

Internet as a WAN (VPNs)Internet as a WAN (VPNs)

Issues For Deployment Issues For Deployment Of Home NetworksOf Home Networks Installation should be easyInstallation should be easy

There are no Net admins at home .There are no Net admins at home .

Automatic Network Configuration Automatic Network Configuration has to be automatichas to be automatic There are no Net admins at home ..There are no Net admins at home ..

Network health and recovery should Network health and recovery should take care of itselftake care of itself There are no Net admins at home ...There are no Net admins at home ...

RequirementsRequirements

Transparent network configuration Transparent network configuration for end userfor end user

No client software (from both No client software (from both IHVs and OEMs)IHVs and OEMs)

Support for legacy and non-Windows clientsSupport for legacy and non-Windows clients Demand dial supportDemand dial support Support for remote client UI for demand dial Support for remote client UI for demand dial

control and progress indicationcontrol and progress indication Dial control and client “usage” APIsDial control and client “usage” APIs

Comprehensive protocol supportComprehensive protocol support Built in support for basic protocols (e.g., FTP, etc.)Built in support for basic protocols (e.g., FTP, etc.) Built-in support for Internet games (no config UI) Built-in support for Internet games (no config UI) Built-in support for VPNs (e.g., PPTP)Built-in support for VPNs (e.g., PPTP)

Connecting To The InternetConnecting To The Internet

Share the Internet connection Share the Internet connection transparently for bothtransparently for both Dial-Up mediaDial-Up media Always-available mediaAlways-available media

Resolve Internet names to addressesResolve Internet names to addresses Use Internet protocols (DNS and Use Internet protocols (DNS and

DHCP) to solve the problemDHCP) to solve the problem Clients on the home network Clients on the home network

should just workshould just work

Addresses And The InternetAddresses And The Internet

Home network clients need to share Home network clients need to share the public IP address of the gateway the public IP address of the gateway system when sending and receiving system when sending and receiving traffic on the Internettraffic on the Internet Internet addresses must be Internet addresses must be

unique and routableunique and routable Private home addresses won’t workPrivate home addresses won’t work

Consumer Internet access (via an ISP) Consumer Internet access (via an ISP) is typically a single IP addressis typically a single IP address

Connection Sharing Connection Sharing ArchitectureArchitecture ““Connection Sharing" components:Connection Sharing" components:

NATNAT transparently shares single public IP transparently shares single public IP address for clients on the local networkaddress for clients on the local network

DHCP AllocatorDHCP Allocator assigns address, gateway assigns address, gateway and name server on the local-network and name server on the local-network

DNS ProxyDNS Proxy resolves names on behalf of resolves names on behalf of local-network clientslocal-network clients

Auto-dialAuto-dial makes connections automatically makes connections automatically

Alternative Gateways Alternative Gateways

Basic options for Internet GatewayBasic options for Internet Gateway Application Proxy ServerApplication Proxy Server Winsock Proxy Server Winsock Proxy Server Network Address Translator (NAT)Network Address Translator (NAT)

Application ProxyApplication Proxy

stackstack

winsockwinsock

appapp

stackstack

winsockwinsock

app-proxyapp-proxy

Every application on every client must be Every application on every client must be configured to use proxyconfigured to use proxy

Proxy requires logic for every applicationProxy requires logic for every application

Winsock ProxyWinsock Proxy

stackstack

winsockwinsock

appapp

stackstack

winsock winsock proxyproxy

Client winsock must be configured to Client winsock must be configured to forward socket calls to winsock proxyforward socket calls to winsock proxy

Transparent for most applicationsTransparent for most applications

Network Address TranslationNetwork Address Translation

stackstack

winsockwinsock

appapp

NATNAT

No client configuration; transparent for all No client configuration; transparent for all applications on the clientapplications on the client

NAT requires protocol handlers for some NAT requires protocol handlers for some protocols (FTP, games, etc) protocols (FTP, games, etc)

Internet

10.0.0.2

10.0.0.3 10.0.0.1 157.55.0.1

Network Address TranslatorNetwork Address Translator

NAT (Network Address Translation)NAT (Network Address Translation) Typically maps set of private addresses Typically maps set of private addresses

to set of public addressesto set of public addresses NAT keeps state on private source IP address and NAT keeps state on private source IP address and

public destination address for outbound flowspublic destination address for outbound flows NAT changes the IP address information and edits NAT changes the IP address information and edits

needed IP header information on the flyneeded IP header information on the fly

10.0.0.2

131.107.1.7D

S 172.31.249.14 10.0.0.2=172.31.249.14

Records the mapping between Records the mapping between original and replacement addressoriginal and replacement address

What Is NAT?What Is NAT?

A NAT changes IP addresses in A NAT changes IP addresses in packets on the flypackets on the fly

Autoconfiguring The Autoconfiguring The Home Network Via DHCPHome Network Via DHCP The client machines in the home network need to be The client machines in the home network need to be

configured for address, name server address, and configured for address, name server address, and default gateway addressdefault gateway address

Static addressing requires “networking 101” Static addressing requires “networking 101” knowledge, and configuration of each PCknowledge, and configuration of each PC

Automatic self-addressing generates a unique Automatic self-addressing generates a unique address for each PC (in single subnet)address for each PC (in single subnet)

DHCP (Dynamic Host Configuration Protocol) DHCP (Dynamic Host Configuration Protocol) assigns IP address, default gateway, and DNS info assigns IP address, default gateway, and DNS info to each clientto each client

DHCP is widely used on both Enterprise and small DHCP is widely used on both Enterprise and small networks (e.g., Small Business Server)networks (e.g., Small Business Server)

Autoconfiguring The Autoconfiguring The Home Network Via DHCPHome Network Via DHCP Enable mobile laptopsEnable mobile laptops

Laptops will come home from Enterprise networkLaptops will come home from Enterprise network They should work on both the Enterprise network They should work on both the Enterprise network

as well as the home network without as well as the home network without reconfigurationreconfiguration

Laptops must return to the Enterprise network Laptops must return to the Enterprise network without causing network problemswithout causing network problems Base solution on standard protocols, DHCPBase solution on standard protocols, DHCP

a c c e s sp o i n t

l o c a lc l i e n t 1

l o c a lc l i e n t 2

l o c a l c l i e n tb r o a d c a s t s

D H C P r e q u e s t

a c c e s s p o i n tg i v e s g a t e w a y

a n d D N S

DHCP AllocatorDHCP Allocator A simplified DHCP server for A simplified DHCP server for

the home networkthe home network Assumes single segment LAN (i.e., single Assumes single segment LAN (i.e., single

subnet) connected to the Internet gatewaysubnet) connected to the Internet gateway Relies on broadcast-based defenseRelies on broadcast-based defense Multiple segments would require true DHCP Multiple segments would require true DHCP

server and potentially DHCP relaysserver and potentially DHCP relays Assigns its own address Assigns its own address

(i.e., the address of the (i.e., the address of the “private” interface of “private” interface of Internet sharing PC) Internet sharing PC) as the DNS address as the DNS address and default gateway and default gateway addressaddress

ac c es spoin t

loc a lc lient 1

loc a lc lient 2

DNSs erv er

runs DNSproxy

ISProuter

servicesDHCP clients

translatesaddresses

DNS ProxyDNS Proxy

DHCP Allocator provides its own address as DNS DHCP Allocator provides its own address as DNS server address to home network client machinesserver address to home network client machines Clients have DNS server address in disconnected dial-up caseClients have DNS server address in disconnected dial-up case Clients are shielded from changing Internet Clients are shielded from changing Internet

DNS server addressesDNS server addresses

Internet DNS requests are then proxied Internet DNS requests are then proxied to the Internet connectionto the Internet connection Dial up link is connected if neededDial up link is connected if needed

Home LANHome LAN

Windows InternetWindows InternetConnection SharingConnection Sharing

169.254.0.3169.254.0.3

169.254.0.4169.254.0.4

InternetInternet

NAT translates NAT translates packets to and from packets to and from the assigned public the assigned public IP addressIP address

C orpora te R A SClients access Clients access corporate networks corporate networks using PPTP through using PPTP through the NATthe NAT

DHCP allocator DHCP allocator assigns address, assigns address, gateway, and name-gateway, and name-server on home LAN;server on home LAN;DNS proxy forwards DNS proxy forwards queriesqueries

Connection Sharing Connection Sharing ExampleExample Auto-configured home/Auto-configured home/

small-office networkingsmall-office networking

Windows Internet Windows Internet Connection SharingConnection Sharing Windows 2000 and Windows 98 will provide Windows 2000 and Windows 98 will provide

base Connection Sharing capabilitiesbase Connection Sharing capabilities DHCP AllocatorDHCP Allocator DNS ProxyDNS Proxy Network Address TranslationNetwork Address Translation

Support for popular applications and gamesSupport for popular applications and games APIs for config, status, and dial controlAPIs for config, status, and dial control Enable ISV hybrid solutions on Enable ISV hybrid solutions on

Windows platformWindows platform

Windows Internet Windows Internet Connection Sharing Connection Sharing Requirements revisitedRequirements revisited Transparent network configuration Transparent network configuration

for end user - for end user - YESYES Support for legacy and non-Windows clients - Support for legacy and non-Windows clients - YESYES Demand dial support - Demand dial support - YESYES Support for remote client UI for demand dial control Support for remote client UI for demand dial control

and progress indication - and progress indication - YESYES Dial control and client “usage” APIsDial control and client “usage” APIs

No client software (from both IHVs and OEMs) - No client software (from both IHVs and OEMs) - YESYES Comprehensive protocol support - Comprehensive protocol support - YESYES

Easy support (e.g., no config UI) for popular Internet games Easy support (e.g., no config UI) for popular Internet games VPN (e.g., PPTP)VPN (e.g., PPTP)

Windows Connection SharingWindows Connection Sharing

TCPIPTCPIPNATNAT

KernelKernel

UserUserDHCPDHCP DNS ProxyDNS Proxy

ExtensionsExtensions

Automates Automates addressing of addressing of LAN clientsLAN clients

Forwards name queries Forwards name queries from LAN clientsfrom LAN clients

Shares single IP Shares single IP address among address among LAN clientsLAN clients

Automatically dials Automatically dials public network for public network for LAN clientsLAN clients

Forwards packets Forwards packets through NAT through NAT before routingbefore routing

Windows 2000 Connection Windows 2000 Connection Sharing ArchitectureSharing Architecture

NDISNDIS

ICSMACICSMAC PPPMACPPPMACEthernetEthernet

IPIP ICSPROTICSPROT

TCP/UDPTCP/UDP

Internal Home Network Modem

NDIS protocolsNDIS protocols

NDIS adaptersNDIS adapters

Data flow in kernelData flow in kernel

Windows 98 Internet Connection Windows 98 Internet Connection Sharing Architecture Sharing Architecture

Windows 2000 Connection Windows 2000 Connection Sharing IntegrationSharing Integration Turning on Turning on

connection connection sharing for sharing for new dial-up new dial-up connectionsconnections

Windows 2000 Connection Windows 2000 Connection Sharing IntegrationSharing Integration Turning on Turning on

connection connection sharing for sharing for existing existing connectionsconnections

Windows 98 Internet Windows 98 Internet Connection SharingConnection Sharing Turning on Turning on

Internet Internet Connection Connection SharingSharing

Windows Internet Windows Internet Connections Sharing DemoConnections Sharing Demo

ICS PCICS PC

Client PCClient PC

Client PCClient PC

Internet

DSL linkDSL link

HomePNAHomePNA

Call To ActionCall To Action

Provide feedback on your key Internet Provide feedback on your key Internet sharing requirementssharing requirements Send e-mail to hnetfb@microsoft.comSend e-mail to hnetfb@microsoft.com

Ship “Sharing Enabled” PCsShip “Sharing Enabled” PCs Broadband + LANBroadband + LAN Dial + LANDial + LAN ISDN + LANISDN + LAN

Build value add control applications Build value add control applications and UI on base Internet Sharing APIsand UI on base Internet Sharing APIs