Windows 2000 Network Architecture
Windows 2000 Network Architecture |
|
Windows 2000 NDIS includes many new features, such as connection-oriented NDIS and new intermediate and miniport driver support. Other Windows 2000 NDIS features include:
Connection-oriented NDIS (CoNDIS) is the portion of NDIS that supports connection-oriented media. CoNDIS supports connection-oriented media such as dial-up networking, ATM and network streaming over connection-oriented media. Connection-oriented NDIS provides the support to establish, maintain, and close connections.
Wake-On-LAN controls the wake-up of computers based on network events. It is a subset of the OnNow Power Options initiative. In order for Wake-On-LAN to function, the network adapter must be Wake-On-LAN–capable and the device driver must support Wake-On-LAN. A network adapter may be put into a low power mode when the system requests a power level change. The user or system can initiate the request. For example, the user might want to put the system into sleep mode, or the system might request sleep mode based on keyboard or mouse inactivity.
Unless initiated by a user, all overlying network components must agree to the request before the network adapter can be turned off. If there are any active sessions or open files over the network, the turn-off request can be refused by any or all of the components involved.
Many events enable a system to wake up without user intervention. The system may be able to wake up from a lower power state based on network events specified by the networking software. This capability means that any standard Windows network access (such as connections to shared folders, Winsock connections, and service and management applications) can wake the system from lower power states. This is done by:
Network drivers and hardware that do not support Wake-On-LAN can still be used on Windows 2000. Systems having network adapters with no Wake-On-LAN capabilities can be suspended and resumed based on user activity, but not resumed based on network events.
Media Sense is the capability of a network adapter to indicate when it does or does not have a connection to the physical network medium. Most Windows 2000 network technologies support Media Sense. Protocols and applications can receive these notifications and act accordingly. For example, an icon can be displayed indicating the media is disconnected, an event can be logged, and TCP/IP can manage addresses with the knowledge of the state of the network.
Network Plug and Play is a combination of hardware and software support that enables a computer system to recognize and adapt to hardware configuration changes with little or no user intervention. A user can add or remove Plug and Play devices dynamically. No intricate knowledge of computer hardware is necessary. For example, a user can dock a portable computer and use the docking station's Ethernet card to connect to the network without changing the configuration. Later, the user can undock that same computer and use a modem to connect to the network, again without making any manual configuration changes.
TCP/IP Task offload allows tasks normally performed by the transport layer to be processed by the network adapter. This reduces the overhead required of the system CPU for these tasks. This allows the system CPU to do more work, possibly increasing the throughput to the network. A special query is made by the transport driver to find out if the network adapter supports the offload of the computation of TCP/IP checksums, TCP/IP segmentation (large send), Fast Packet Forwarding and IPSec Offload. If one or more of these conditions is detected, the transport can request that the network adapter furnish these services.
TCP/IP checksums verify the integrity of the data packet. TCP/IP queries the miniport to determine its ability to perform checksum calculations. If the miniport is capable of handling offloads, then it performs these calculations. These computations can consume many CPU cycles. This can include send and receive checksum calculations for TCP, User Datagram Protocol (UDP), and IP. The miniport driver requests that the network adapter perform the calculations rather than requiring the CPU to process this request. This can result in enhanced performance.
TCP/IP segmentation (large send) is the creation of TCP packets from data that is too large for transmission over network media. TCP/IP splits data into small segments, adds IP and TCP headers, and creates TCP packets. TCP/IP segmentation can now be performed by NDIS miniports and a capable network adapter. The adapter must be able to calculate IP and TCP checksums for send packets and have an appropriate miniport driver. Offloading these calculations from the CPU results in greater performance for the system.
Fast Packet Forwarding allows multiport network adapters (FastEthernet, FDDI, or similar single-port network adapters) to use Windows 2000 to route packets from one port to another port without passing the packet to the host processor. This increases throughput to the network and reduces work for the CPU.
Internet Protocol Security (IPSec) is an Internet Engineering Task Force (IETF) standard for security at the packet processing layer of IP networks. IPSec provides two security services:
The IPSec protocol information associated with each of these services is inserted into the packet in a header that follows the regular IP header. Included in this information is the Security Parameter Index, which is a 32-bit value used to distinguish between different Security Associations (SAs) terminating at the same destination and using the same IPSec protocol.
The work of encrypting and decrypting each packet can be assigned to the network adapter through the use of NDIS and the associated miniport drivers. With proper configuration of security policy in Windows 2000, outgoing IP packets are authenticated and encrypted before transmission to the network, and incoming IP packets are validated and decrypted.
For more information about new features in NDIS, see the Platform Software Development Kit (SDK). For more information about IPSec, see "Internet Protocol Security" in this book.