Module 2:Next Generation Networking

Module Overview

Networking with Windows Server 2008

New Networking Features

DNS with Windows Server 2008

Lesson 1: Networking with Windows Server 2008

Review of Windows Server Network Architecture

New Networking Features

The New TCP/IP Architecture

Routing Compartments

IPv6

Demonstration: Introducing IPv6 Addresses

IP

Review of Windows Server Network Architecture

ICMP

Named Pipes

NDIS Wrapper

IP Forwarder

IP Filtering IGMP ARP

TCP

Windows Sockets

Application

Applications and User Mode Services

User

NetBIOSApplication

RPC Application

Win32 Wnet/Wininet Application

RPC WNet Wininet NetBIOS Support

Windows Sockets

Application Interfaces

Kernel

Redirector/Server

NetBT AFD

Packet SchedulerPacket Queue

Packet Queue

Packet Queue

Packet Queue

Packet Classifie

r

Traffic Control

Driver Interfaces

New Networking Features

IPv6 Enhancements

Next Generation TCP/IP Stack

Policy-Based Quality of Service

The New TCP/IP Architecture

Win

dow

s

Filte

ring

P

latfo

rm A

PI

IPv4

802.3

WSK

WSK Clients TDI Clients

NDIS

WLAN Loop-back

IPv4 Tunnel

IPv6 Tunnel

IPv6

RAWUDPTCP

Next Generation TCP/IP stack (tcpip.sys)

AFD

TDX

TDI

Winsock User ModeKernel Mode

• Dual-IP layer architecture for native IPv4 and IPv6 support• Better security through expanded IPsec integration• Improved performance via hardware accelerationQ• Network auto-tuning and optimization algorithms• Greater extensibility and reliability through rich APIs

Routing Compartments

Corporate Intranet

IP routing

table

IP routing

table

IPv6

New header format

Large address space

Efficient and hierarchical addressing and routing infrastructure

Stateless and stateful address configuration

Built-in security

Better support for prioritized delivery

New protocol for neighboring node interaction

Extensibility

Demonstration: Introducing IPv6 Addresses

Show the Link-Local Address

Identify the Interface ID

Lesson 2: New Networking Features

Security Features

Performance

Receive Window Auto-Tuning

Policy Based Quality of Service

Scalability

Server and Domain Isolation

Server and Domain Isolation in Action

Security Features

Reduce the risk of network security threats

An additional layer of defense-in-depth

Reduced attack surface area to known computers

Increased manageability and more healthy clients

Full featured, enterprise functionality

Support for computer and user authentication with IPsec

Network Access Protection over VPNs and IPsec

Secure routing compartments extends isolation to VPN

Safeguard sensitive data and intellectual property

Authenticated, end-to-end network communications

Scalable, tiered access to trusted networked resources

Protect the confidentiality and integrity of data

Performance

Automatically adjusts for maximum efficiency

Faster network transfers, especially across WAN links

Optimized use of available network bandwidth

Reduced packet loss, resulting in fewer retransmits

Optimized performance without loss

Intelligent, automated tuning of TCP receive window size

Better packet loss resiliency

Advanced congestion control for better throughput

Receive Window Auto Tuning

Replicating data between Tukwila, Bay Area

Default configurations

On Windows Server 2003 SP1

100Mbps NICs, 10Mbps throughput

On Windows Server 2008

100Mbps NICs, 80Mbps throughput 1000Mbps NICs, 400Mbps throughput

Policy-Based Quality of Service

•Source IPv4/IPv6 addresses

•Destination IPv4/IPv6 addresses

•Protocol

•Source or destination ports

Scalability

Cost-effectively scale networking up and outSpecialized hardware frees CPU(s) for applications

Ease consolidation with support for multiple Gbps

More efficient use of large server resources

Adopt hardware acceleration and offloadingReceive-side scaling optimizes multi-processor systems

Architected to support latest TCP offload hardware

Offload hardware less expensive than new high-end PCs

HR Workstation

Server and Domain Isolation

Untrusted

UnmanagedComputer

Domain Isolation

Active Directory Domain Controller

X

Server Isolation

X

Trusted Resource Server

Corporate Network

Managed ComputerManaged

Computer

Servers with Sensitive Data

Policies, Procedures & Awareness

Physical Security

Server and Domain Isolation in Action

Data

Application

Host

Internal Network

Perimeter

Server and Domain Isolation

Lesson 3: DNS with Windows Server 2008

DNS Overview

DNS Functionality

New DNS Features in Windows Server 2008

DNS Client Changes

DNS Overview

DNS

DNS Functionality

Support for Active Directory Domain Services

Stub Zones

Integration with other Microsoft networking services

Improved ease of administration

RFC-compliant dynamic update protocol support

Support for incremental zone transfer between servers

Conditional forwarders

New DNS Features in Windows Server 2008

DNS

Background Zone Loading

Support for IPv6 Addresses

RODC Support

GlobalNames Zone

DNS Client Changes

LLMNR

DNS Server

LLMNR

DNS Server

Changes to the way DNS Clients Locate

DCs

Link-Local Multicast Name Resolution

Review

Networking with Windows Server 2008

New Networking Features

DNS with Windows Server 2008

Lab 1: Reviewing Networking Defaults and Settings

Exercise 1: Review the Network Center

Exercise 2: Creating Domain Isolation Policies

Exercise 3: Create a Centralized QoS Policy

Exercise 4: Communicate with Link-Local Addresses

Lab 2: DNS Management Settings

Exercise 1: Creating Zones in Windows Server 2008

Exercise 2: Create Resource Records

Exercise 3: Configure Zone Transfers