Windows NT® Server
Server Operating System
Routing and Remote Access Service for Windows NT Server
Abstract
Microsoft® Routing and Remote Access Service (RRAS) provides independent software vendors (ISVs), independent hardware vendors (IHVs), system integrators, value-added resellers, and network managers with opportunities for deploying internetworking solutions. Routing and Remote Access Service is available to Windows NT® Server 4.0 operating system customers at no additional charge as a released-to-Web product. An enhanced version of RRAS was released as part of Windows 2000. Routing and Remote Access Service is especially valuable for branch office deployments, as well as for use in edge routing where a corporate network connects to the Internet or other wide area network (WAN). Because the service is part of the extensible and open platform of Windows NT Server, there are great opportunities for third-parties to create value-added internetworking solutions. This paper highlights the key features in RRAS today and outlines enhancements in Windows 2000.
© 1997 Microsoft Corporation. All rights reserved.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT.
Microsoft, BackOffice, the BackOffice logo, Windows, and Windows NT are registered trademarks of Microsoft Corporation in the united States and/or other countries.
Other product or company names mentioned herein may be the trademarks of their respective owners.
Microsoft Corporation • One Microsoft Way • Redmond, WA 98052-6399 • USA
0997
Contents
Introduction 1
Creating Solutions with Routing and Remote Access Service 2
A Rich Set of APIs and a Software Development Kit 2
Using RRAS to Create Great Products 2
Server OEM Vendors 2
ISVs Writing Routing Protocols 2
ISVs Writing Monitoring and Management Programs 2
IHVs Providing WAN and LAN Cards 3
Internet Service Providers 3
System Integrators and Network Consultants 3
Providing a Powerful Internetworking Platform Today 4
RIP version 2 (and version 1) for IP 4
OSPF 5
DHCP Relay Agent for IP 5
RIP and SAP for IPX 6
Static Routing 6
Routing APIs 6
Works with Industry Standard LAN and WAN Cards 7
Enhancing Remote Access 8
Auto-dial and Auto Logon Dial 8
Demand Dial Routing 8
Authentication – PAP, CHAP, and MS-CHAP 8
Extensible Authentication Protocol 9
RRAS User Profiles 9
Encryption 9
Point-to-Point Tunneling for Client-to-Server 9
Point-to-Point Tunneling for Server-to-Server 9
Restartable File Copy 10
Multi-Link PPP 10
Bandwidth Allocation Protocol 10
RAS Idle Disconnect 11
Managing Routing and Remote Access Service 12
Management and User Interface APIs 12
Graphical User Interface 12
Wizard for Demand Dial Routing Set-Up 13
Scriptable, Command line User Interface 14
Remote Manageability 15
Securing Network Communication 16
IP Packet Filtering 16
IPX Packet Filtering 17
RADIUS Client RFC 2058 compliant 17
Integration with Microsoft Proxy Server 18
Windows NT Server Security 18
Summary 20
For More Information 21
Microsoft® Routing and Remote Access Service (RRAS) creates a broad range of new opportunities for independent software vendors (ISVs), independent hardware vendors (IHVs), system integrators, value-added resellers (VARs), and network managers involved in creating internetworking solutions, especially for branch office and edge-of-network deployments.
The Windows NT® Server operating system version 4.0 includes “in the box” two important services – Remote Access Service (RAS) and Multi-Protocol Routing. In the Spring of 1997, Microsoft released to Web an enhancement to these services by creating a unified Routing and Remote Access Service (RRAS). This service was made available as a free released-to-Web offering for Windows NT Server 4.0. An enhanced version of Routing and Remote Access Service is included as part of Windows 2000.
The Windows® operating system is emerging as the communications platform of choice, due to the extensive network communications support included across the entire operating system family. Microsoft is making several enhancements to this built-in communications support with Windows 2000, including quality of service support, ATM support, and unified Internet and traditional telephony support. Many of these enhancements are outside the scope of this paper and are covered by other materials. Here is a brief list of some of the communications enhancements planned for Windows 2000 that relate to RRAS.
RRAS arrived at a time in which there was a broad movement toward the Internet Protocol (IP) networking standard, growth in corporate intranets, and a demand for the routing, remote access, virtual private networks (VPN) and other internetworking solutions needed to tie everything together.
Flexibility for network managers and opportunities for third-party developers are enhanced by the openness and extensibility of the Windows NT Server platform and its Routing and Remote Access Service. The Network Driver Interface Specification (NDIS), which provides a standard layer to which all local area network (LAN) and WAN cards, can be built to support Windows NT. This allows network managers and system integrators to choose from an array of IHVs providing NDIS-based network cards. Application programming interfaces (APIs) provide great extensibility to allow third-party developers to create custom routing or network management solutions.
Additional third-party value-add opportunities are found in the integration of Routing and Remote Access Service with the Windows NT Server platform. System integrators, VARs, and network managers can provide complete single-box, turn-key solutions for branch office, small business, and edge routing deployments. The same Windows NT Server-based computer that hosts routing, RAS, and VPNs, can also host integrated communications applications or productivity applications such as Microsoft BackOffice and Microsoft Internet Information Server.
The widespread migration toward the Internet Protocol creates a golden age for ISVs, IHVs, system integrators, network consultants, and Net managers who are creating and implementing IP-based internetworking solutions.
Organizations around the world are redesigning their networks to be more Internet-centric. Windows 2000 with its Routing and Remote Access Service is the ideal platform for hosting internetworking solutions.
The same Windows NT Server-based system that is placed in a branch office for applications, such as the Microsoft BackOffice family, can also host virtual private networks with Point-to-Point Tunneling Protocol (PPTP)-based connections, enabled by RRAS. The built-in routing capabilities interface with a broad array of industry standard network interface cards (NICs) and routing gear. And the IP and IPX packet filtering, especially when combined with Microsoft Proxy Server 2.0, provides great firewall protection. Third-party firewalls and management programs can also be deployed because of the open nature of the Windows NT Server and RRAS platform.
To enable third-party value-added development, RRAS supports a set of APIs, exposed and documented in an associated Software Development Kit (SDK), which makes the service an extensible platform. The APIs allow routing protocols to be added, the user interface to be completely customizable, and the manageability to be directed by a variety of third-party hardware and software companies and system integrators.
Hardware vendors can package network access solutions using RRAS and Windows NT Server. Because Windows NT Server is a true network operating system, hardware vendors can provide full functional internetworking products on the platform. This is a great example of applying the PC industry business model to the internetworking business.
Many legacy installations will still need implementations of unique protocols running on standard PC hardware. In addition, the set of routing and internetworking protocols continues to evolve. These specialized routing protocols can be built on or ported to the routing APIs of Routing and Remote Access Service. This is expected to create opportunities for software vendors to sell these protocols to customers through system integrators or via OEMs.
Independent software vendors can use the extensive set of APIs to create custom monitoring, management, auditing, and accounting packages. Routing and Remote Access Service also supports a standard set of management information bases (MIBs). Microsoft provides a set of management tools with the service, but there are great opportunities for ISVs to build upon this foundation to create their own packages to meet specialized, and general, business needs.
Network interface card (NIC) vendors can benefit from Routing and Remote Access Service by participating in the rapidly growing routing and internetworking market. Single-port LAN or WAN cards that support Windows NT Server can be used to support routing and internetworking. In addition, multi-port LAN and WAN cards can also be used with the service.
Internet service providers (ISPs) can either sell or lease to their customers complete turn-key packages for remote client or branch office networking. Various estimates indicate that about 25% of all routers are sold to customers by ISPs in conjunction with the deployment of Internet access. ISPs can also offer out-sourced service functions such as using the Internet as a Virtual Private Network (VPN). Internet VPNs offer some compelling pricing and flexibility advantages over traditional long distance or leased line arrangements. In addition, Internet VPNs represent another way for an ISP to add value and differentiate its offerings.
System integrators and network consultants, like OEMs, can assemble edge routing, remote access, VPN and other internetworking solutions based on RRAS and Microsoft Windows NT Server. This is the ideal platform for delivering turnkey, best-of-breed, customized solutions for customers.
Windows NT Server is a networking and communications platform and Routing and Remote Access Service provides some elements of this platform. RRAS includes a set of routing protocols and other features including:
· RIP version 2 (and version 1) for IP
· OSPF
· DHCP Relay Agent for IP
· RIP and SAP for IPX
· Static routing
· Routing APIs
· Compatibility with Industry Standard LAN and WAN Cards
Routing Information Protocol, the frequently used routing protocol for small to mid-sized networks, is relatively easy to use and provides very good performance. RRAS supports both version 1 and version 2 of RIP.
A RIP router maintains a routing table and periodically sends announcements to inform other RIP routers on the network of the networks it can reach. RIP also announces when it can no longer reach networks. RIP version 1 uses IP broadcast packets for its announcements. A later enhancement, RIP version 2, uses IP multicast packets for its announcements.
Each entry in a RIP routing table provides information about the entry, including the ultimate destination address, the next hop on the way to the destination, and a metric which indicates the distance in number of hops to the destination, its "cost" to the router. Other information can also be present in the routing table, including various timers associated with the route.
Initially, each router’s table includes only the links to which it is physically connected. A router depends on periodic updates from other routers to keep current information on what routes are reachable through them. RIP maintains only the best route to a destination through broadcast messages at 30-second intervals, or triggered updates. Triggered updates occur when the network topology changes and routing update messages are sent which reflect those changes. For example, when a router detects a link failure or a router failure, it recalculates its routes and sends routing update messages (triggered updates). Each router receiving a routing update message that includes a change updates its tables and propagates the change.
The biggest advantage of RIP is that it is straightforward to configure and deploy. The biggest disadvantage of RIP is that as networks grow larger in size, the periodic announcements by each RIP router cause excessive traffic on the network. RIP is widely deployed in networks with up to 50 servers or so, but most larger organizations use other routing protocols.
Open Shortest Path First is an Internet Engineering Task Force (IETF) standard link-state routing protocol used for routing IP. OSPF is a more sophisticated routing protocol than RIP, offering faster routing algorithm convergence. The service’s OSPF implementation is a result of collaborative effort between Microsoft and Bay Networks, a leading provider of internetworking systems.
Developed in response to the inability of RIP to serve large, heterogeneous internetworks, OSPF is a link-state protocol based on the Shortest Path First (SPF) algorithm. This algorithm computes the shortest path between one source node and the other nodes in the network. Various industry sources indicate that about 35% to 40% of the routed networks in place today make use of OSPF and this number is growing.
Instead of exchanging distances to destinations like RIP routers do, OSPF routers maintain a “map” of the network that is updated after any change in the network topology. This map, called the link-state database, is used to compute the network routes, which must be computed again after any change in the topology. From this computation, the router derives the next hop for the destination, that is, the next router to which the data should be sent and the link that should be used for reaching this next router. Network changes are propagated or flooded across the entire network to ensure that each copy of the database is accurate at all times.
Because OSPF routers keep an overview of the network from the perspective of any router, some of the problems that are inherent in RIP (such as loops) are eliminated.
The new service’s router OSPF implementation supports the following features:
· Route filters for controlling interaction with other routing protocols
· Dynamic reconfiguration of all OSPF parameters
· Coexistence with RIP
· Dynamic addition and deletion of interfaces
Dynamic Host Configuration Protocol (DHCP) provides lower cost of ownership for IP networks because it dynamically assigns IP addresses to PCs or other resources connected to an IP network. This is a dramatic improvement in time and dollar savings compared to manually assigning useable IP addresses. Routing and Remote Access Service provides a relay agent function for DHCP servers so that DHCP assignments can be made across routed networks regardless of whether the connection is made via LAN or WAN links.
Additionally, Windows Internet Name Service provides a distributed, dynamically updated database of host names mapped to IP addresses. This allows users to use friendly host names instead of IP address to locate network resources. Microsoft Domain Naming System (DNS) server running under Windows NT Server 4.0 is a Request For Comment (RFC)-compliant DNS name server that is used to manage and administer DNS services on a TCP/IP network. Microsoft DNS server supports RFC’s 1033, 1034, 1035, 1101, 1123, 1183, and 1536 and is also compatible with the Berkeley Internet Name Domain (BIND) DNS implementation.
Integration of DNS and Windows Internet Name Service services is an important feature that allows inter-operability between non-Microsoft and Windows-based TCP/IP network clients....
LucjaR