1. Understand TCP/IP Basics
TCP/IP is a suite of protocols
that have been the basis for network communication and traffic control
for more than a decade. Although there are other network communication
protocol suites, TCP/IP has emerged as the de facto standard in the vast
majority of operating systems.
The TCP/IP suite of
protocols has undergone a series of revisions. There are currently two
versions of TCP/IP: IP version 4 (IPV4) and IP version 6 (IPV6). IPV4
has been popular as a network protocol since the early versions of
Windows NT. It has a simple 32-bit addressing scheme and provides a
relatively easily routed protocol for inter-network accessibility. The
32-bit address space offers a total of 2^32, or 4,294,967,296,
addresses. Although that seems like a pretty large number, when you
think about the number of client computers connected to the Internet,
add the number of networked appliances like switches and routers, then
add the websites and web servers of the world, and finally add the
servers of the world's businesses, it becomes glaringly apparent that
just over 4 billion addresses is not nearly enough to meet the demand.
The shortfall of IPV4 addresses was addressed (no pun intended) in the
mid-1990s and resulted in the formation of a new suite of protocols
called IPV6.
First supported in Windows
NT 4, IPV6 offers some significant upgrades to IPV4, including but not
limited to a much larger 128-bit address space. This means that the
number of potential addresses in IPV6 is 2^128, an astonishing
340,282,366,920,938,463,463,374,607, 431,768,211,456 addresses. If you
are wondering how you would succinctly express that number, you would
say "340 undecillion," but we think it is much easier to understand the
full impact and potential of the address space to see it listed in all
its base-10, comma-separated, 39-digit glory. Now, 340 undecillion
addresses should at least tide the world's IP address appetite over for a
little while. That is a big number!
Even though IPV6 has
been supported since the Windows NT days, few networks have adopted this
new version of IP despite its potential benefits. Like the old proverb
states, the network world seems to believe "Better the devil you know
than the devil you don't." Choosing between IPV4 and IPV6 is a topic
that has engendered debate and even arguments in networking channels
worldwide.
The question still remains, "Which IP version should you use?"
While Microsoft was
developing the Windows Vista and Windows Server 2008 operating systems,
its Windows Core Networking product team had a revolutionary idea. What
if there were a protocol that understood both IPV4 and IPV6 natively?
This idea resulted in the development of a protocol suite called the
Next Generation TCP/IP stack. This stack represents a complete redesign
of TCP/IP in both IPV4 and IPV6 and provides needed functionality to
meet the communication, connectivity, and performance requirements of
the modern network. This means you can have all of the well-known
benefits of IPV4 and get all the cool new functions and features of
IPV6. You don't have to choose one or the other. You can have both!
2. Troubleshoot TCP/IP
To effectively
troubleshoot TCP/IP, it is necessary that you have an approach to
troubleshooting that will allow you to systematically identify the
source of a problem and then, once the source is identified, allow you
to take corrective action that will rectify the problem. This approach
to troubleshooting is called root cause analysis.
Do not simply "try something" to fix the problem. Often you will mask
the problem with attempts to fix it and create a more complex
environment for future troubleshooting scenarios. The old saying "If it
ain't broke, don't fix it!" applies to troubleshooting.
You will want to employ a
step-by-step approach to troubleshooting TCP/IP problems and utilize a
number of different tools to help you in your quest for problems and the
solutions to resolve those problems.
These are some common questions you might ask:
What are the symptoms of the problem?
What could cause these symptoms?
What stuff is working?
What stuff is not working?
Is there any kind of relationship between the things that don't work?
Is this a new problem or one that has been persistently around for a long period of time?
Have any recent changes been made to the network or systems involved?
What were the changes?
What is the scope of the problem?
Is one machine, a group of machines, or the whole network having problems?
What do the machines that are having problems have in common?
Often if you can ask the right
questions, the answers will lead you to the right place to start
troubleshooting, or at very least they can help you narrow the possible
problems to a manageable set of issues that you can begin testing in
order to identify the culprit.
12.2.1. Understand Troubleshooting Tools
One of the best things
about running Windows Server 2008 R2 is that you have a full complement
of tools that are included or freely available to you to help you
troubleshoot TCP/IP. These tools are included with the installation of
Windows Server or can be downloaded from the http://technet.microsoft.com website.
Event Viewer
The Event Viewer is found in the Control Panel and is likely the most
valuable of the troubleshooting tools. Using the Event Viewer, you will
find informational, warning, and error events that will help you
identify system problems and their associated causes. Remember that
Event Viewer can display information and events about other systems in
your network through the use of subscriptions and so can be used to
monitor not just the local machine but many machines throughout your
network. We recommend you begin your troubleshooting efforts with the
Event Viewer, and when you have a good idea what you are really dealing
with, then you can move to the tools listed next.
Performance
The Performance tool lets you configure hundreds of different functions
of your systems, including some great information related to TCP/IP and
its associated traffic. If you are already capturing IP information in
your network, you will likely want to view the results from captures
before and after a problem is reported.
Command-line tools There are also several command-line tools you can use, as shown in Table 1.
Table 1. TCP/IP Troubleshooting Command-Line Tools
| Tool | Description | Common Commands |
|---|
| IPCONFIG | This
command-line tool is generally the place where your troubleshooting
begins. This command will display detailed information about the
adapters attached to a system and the addressing information associated
with each adapter. This command uses a series of switches that allow you
to customize the output you receive and even do some basic address
updates. | IPCONFIG /ALL |
| HOSTNAME | This command-line utility will display the host name of the local system. | HOSTNAME |
| PING | This
command-line utility sends Internet Control Message Packets (ICMP)
across an inter-network to verify connectivity. It is commonly used to
verify the operation of TCP/IP at different levels of the TCP/IP
protocol stack. | PING 127.0.0.1 |
| PATHPING | This
command-line tool allows you to see the path that an IP packet takes
through an internetwork and will show you information about packet
losses and where they occur. | PATHPING xxx.xxx.xxx.xxx where x's represent IP Address |
| TRACERT | This command-line utility will display information about the network route taken from source to destination. | TRACERT xxx.xxx.xxx.xxx where x's represent destination IP address. |
| ROUTE | This command-line utility will display and allow the editing of routing table information in IPV4. | ROUTE PRINT |
| ARP | This command-line utility will let you view the Address Resolution Protocol cache. | ARP -A |
| NBTSTAT | This command-line utility can be used to display information about packets that running NetBIOS over TCP/IP. | NBTSTAT -C |
| NETSTAT | This command-line utility will show you information about current connections. | NETSTAT -A |
| NETSH | This
command-line utility is not so much a troubleshooting tool as it is a
configuration tool for TCP/IP and a whole bunch of other services. It
uses something called a naming context and allows the configuration of items within its context. The command has a standard IP context an IPV$ context and an IPV6 context that can be used to fix configuration problems in TCP/IP interfaces. | NETSH INTERFACE IPV4 |
| TELNET | This command-line utility will let you establish a TCP connection between two systems on your network. | TELNET |
Each of these tools will
allow you to identify, diagnose, change, or update the TCP/IP
environment of your network. As you use the tools, you will find a
methodology that works for you and, more important, gives you the right
information about the critical segments of your TCP/ IP configuration
and management.
