Types of RAID.

What is RAID? 

In 1987, Patterson, Gibson and Katz at the University of California Berkeley, published a paper entitled "A Case for Redundant Arrays of Inexpensive Disks (RAID)" . This paper described various types of disk arrays, referred to by the acronym RAID. The basic idea of RAID was to combine multiple small, inexpensive disk drives into an array of disk drives which yields performance exceeding that of a Single Large Expensive Drive (SLED). Additionally, this array of drives appears to the computer as a single logical storage unit or drive.

RAID stands for Redundant Array of Independent Disks and it basically involves 

combining two or more drives together to improve the performance and the fault tolerance. 

Combining two or more drives together also offers improved reliability and larger data volume sizes.A RAID distributes the data across several disks and the operating system considers this array as a single disk. 

Using Multiple Hard Drives for Performance and Reliability.

Types of RAID :

RAID 0 - Striping:

It is the Stripped Disk Array with no fault tolerance and it requires at least 2 drives to be implemented. Due to no redundancy feature, RAID 0 is considered to be the lowest ranked RAID level. Striped data mapping technique is implemented for high performance at low cost. 

The I/O performance is also improved as it is loaded across many channels. Regeneration, Rebuilding and functional redundancy are some salient features of RAID 0.

Raid1: Disk mirroring is the basic function occurs.

      1. It creats exact copy of one physical harddisk to another.

      2. It uses one controller

      3. If one drive fails system will boot with other drive.

      4. slow performance.

      5. Increased cost every mirror must be seperate physical device thus you must purchase   twice the storage capacity.

      6. no protection from controller failure.: if controller failure , the mirrored drives as just   inaccessible.

RAID 0+1:

It is the RAID array providing high data transference performance with at least 4 disks needed to implement the RAID 0+1 level. 

It's a unique combination of stripping and mirroring with all the best features of RAID 0 and RAID 1 included such as fast data access and fault tolerance at single drive level. The multiple stripe segments have added high I/O rates to the RAID performance and it is the best solution for maximum reliability.

RAID 2 (ECC):

It is the combination of Inherently Parallel Mapping and Protection RAID array. It's also known as ECC RAID because each data word bit is written to data disk which is verified for correct data or correct disk error when the RAID disk is read. Due to special disk features required, RAID 2 is not very popular among the corporate data storage masses, despite the extremely high data transference rates.

RAID 3:

RAID 3 works on the Parallel Transfer with Parity technique. The least number of disks required to implement the RAID array is 3 disks. 

In the RAID 3, data blocks are striped and written on data drives and then the stripe parity is generated, saved and afterwards used to verify the disk reads. Read and write data transfer rate is very high in RAID 3 array and disk failure causes insignificant effects on the overall performance of the RAID.

RAID 4:

RAID 4 requires a minimum of 3 drives to be implemented. It is composed of independent disks with shared parity to protect the data. Data transaction rate for Read is exceptionally high and highly aggregated. Similarly, the low ratio of parity disks to data disks indicates 

high efficiency.

RAID 5:

RAIDS 5 is Independent Distributed parity block of data disks with a minimum requirement of at least 3 drives to be implemented and N-1 array capacity. It helps in reducing the write inherence found in RAID 4. RAID 5 array offers highest data transaction Read rate, medium data transaction Write rate and good cumulative transfer rate.

Raid 5: Disk stripping with parity.It is completely Software based and higly secured technology.

      1. Raid 5 is in-expensive, but very convinient.

      2.The parity information is stored distributed in different disk .

      3.If one of the disk fails , it is hot swappable.

      4.Parity information is stored in other Harddisk is automatically 

 updated to failed one.

      5.If more than one disk fails, it should be restored from backup.

RAID 6:

RAIDS 6 is Independent Data Disk array with Independent Distributed parity. It is known to be an extension of RAID level 5 with extra fault tolerance and distributed parity scheme added. RAID 6 is the best available RAID array for mission critical applications and data storage needs, though the controller design is very complex and overheads are extremely high.

RAID 7:

RAID 7 is the Optimized Asynchrony array for high I/O and data transfer rates and is considered to be the most manageable RAID controller available. The overall write performance is also known to be 50% to 90% better and improved than the single spindle 

array levels with no extra data transference required for parity handling. RAID 7 is registered as a standard trademark of Storage Computer Corporation.

RAID 10:

RAID 10 is classified as the futuristic RAID controller with extremely high Reliability and performance embedded in a single RAID controller. 

The minimum requirement to form a RAID level 10 controller is 4 data disks. The implementation of RAID 10 is based on a striped array  of RAID 1 array segments, with almost the same fault tolerance level as RAID 1. RAID 10 controllers and arrays are suitable for 

uncompromising availability and extremely high throughput required systems an environment.

With all the significant RAID levels discussed here briefly, another important point to add is that whichever level of RAID is used regular and consistent data backup maintenance using tape storage is must as the regular tape storage is best media to recover from lost data scene.

RAID 1:

RAID 1 uses mirroring to write the data to the drives. It also offers fault tolerance from the disk errors and the array continues to operate efficiently as long as at least one drive is functioning properly.

The trade-off associated with the RAID 1 level is the cost required to purchase the additional disks to store data.

RAID 2:

It uses Hamming Codes for error correction. In RAID 2, the disks are synchronized and they're striped in very small stripes. It requires multiple parity disks.

RAID 3:

This level uses a dedicated parity disk instead of rotated parity stripes and offers improved performance and fault tolerance. 

The benefit of the dedicated parity disk is that the operation continues without parity if the parity drive stops working during the operation.

RAID 4:

It is similar to RAID 3 but it does block-level stripping instead of the byte-level stripping and as a result, a single file can be stored in blocks. RAID 4 allows multiple I/O requests in parallel but the data transfer speed will be less. 

Block level parity is used to perform the error detection.

RAID 5:

RAID 5 uses block-level stripping with distributed parity and it requires all drives but one to be present to operate correctly. 

The reads are calculated from the distributed parity upon the drive failure and the entire array is not destroyed by a single drive failure. 

However, the array will lose some data in the event of the second drive failure.

The above standard RAID levels can be combined together in different ways to create Nested RAID Levels which offer improved performance.

 Some of the known Nested RAID Levels are -

      RAID 0+1

      RAID 1+0

      RAID 3+0

      RAID 0+3

      RAID 10+0

      RAID 5+0

      RAID 6+0

Hardware RAID

• A conventional Hardware RAID consists of a RAID controller that is installed into the PC or server, and the array drives are connected to it.
• In high end external intelligent RAID controllers, the RAID controller is removed completely from the system to a separate box. Within the box the RAID controller manages the drives in the array, typically using SCSI, and then presents the logical drives of the array over a standard interface (again, typically a variant of SCSI) to the server using the array.

Software RAID:

In software RAID a software does the work of RAID controller in place of a hardware. Instead of using dedicated hardware controllers or intelligent boxes, we use a particular software that manages and implements RAID array with a system software routine.

Comparing Hardware RAID & Software RAID

Portability

• OS Portability

  Software RAID is not usable across operating systems. So you cannot, for example, use two RAID disks configured in Linux with Windows XP and vice versa. This is big issue for dual booting systems where you will either have to provide a non-RAID disk for data sharing between the two operating system or use hardware RAID instead.
  As you know, dual booting is mostly obsolete these days as you can run multiple operating systems on the same machine using virtualization software like vmware & xen.

• Hardware Portability

  Software RAID

  In Linux you can mirror two disks using RAID-1, including the boot partition. If for any reason the hardware goes bad, you can simply take the harddisk to a different machine and it will just run fine on the new hardware. Also with a RAID-1 array, each of the harddisk will have full copy of the operating system and data, effectively providing you with two backups, each of which can be run from a different hardware.

  Unfortunately in Windows it is not so easy to switch a operating systrem from one hardware to another, but that is the story of priprietary licenses and we will keep it for another day.
  

  Hardware RAID

  Hardware RAID is not so portable. You cannot just swap the hardware to a different machine and hope it will work. You have to find a Motherboard which is compatible with your RAID controller card; otherwise you can kiss your data goodbye. Also there is a bigger issue of problem with the RAID controller itself. If it fails and you cannot get the same controller from the market (and it has probably become obsolete by then), then again you can kiss your data goodbye.

Easy & Speedy Recovery

It may seem trivial but trust me, for a busy and loaded server, an easy and speedy recovery, that too inside the operating system without having to reboot is what one can dream of. Imagine if during the peak hours, your RAID system crashes and you are forced to reboot the machine to make changes to it to restore your data! Software RAID's like in Linux, not only continues working even when the hardware has failed, but also starts restoring the RAID array, should any spare disk be available. All of these happens in the background and without affecting your users. This is where software RAID shines brilliantly.

System Performance

Software RAID uses the CPU to do the work of the RAID controller. This is why high-end hardware RAID controller outperforms software RAID, especially for RAID-5, because it has a high powered dedicated processor. However for low end hardware RAID, the difference may be neglible to non-existent. In fact it is possible for the software RAID perform better than low end hardware RAID controller simply because today's desktop's and workstations are powered by very powerful processors and the task is trivial to them.

Support for RAID Standards

High-end Hardware RAID may be slightly more versatile than Software RAID in support for various RAID levels. Software RAID is normally support levels 0, 1, 5 and 10 (which is a combination of RAID 0 and RAID 1) whereas many Hardware RAID controller can also support esoteric RAID levels such as RAID 3 or RAID 1+0. But frankly who uses them?

Cost

This is where software RAID again scores over hardware RAID. Software RAID is free. Hardware RAID is moderate to high priced and can put a strain on your budget if deployed widely.
But over the years the cost of hardware RAID has come down exponentially. So it may not be too far when more affordable RAID-5 cards will be built-in on newer motherboards.

Future Proof

Gone are the days when we could associate software RAIDs with bugs and OS problems. Nowadays software RAIDs are almost flawless. We are using software RAID in linux operating system for several years and haven't experienced any problem whatsoever. On the contrary, hardware RAID has a single point of failure and that is its hardware controller. If it crashes then your only option is to find another equivalent RAID controller from the market; by this time the model may become obsolete and you may not even find anything compatible. You are as such faced with the haunting prospect of losing all your data, should the RAID controller fail. Software RAID will never become obsolete and will continue to get updated with updated versions of your operating system.

Why Use RAID? Benefits and Costs, Tradeoffs and Limitations

RAID offers many advantages over the use of single hard disks, but it is clearly not for everyone. The potential for increased capacity, performance and reliability are attractive, but they come with real costs. Nothing in life is free. In this section I take an overview look at RAID, to help explain its benefits, costs, tradeoffs and limitations. This should give you a better idea if RAID is for you, and help you to understand what RAID can do--and what it can't do.
As you read on, it's essential to keep in mind that with RAID, it's definitely the case that "the devil is in the details". Most common blanket statements made about RAID like "RAID improves availability" or "RAID is for companies that need fast database service" or "RAID level 5 is better than RAID level 0" are only true at best part of the time. In almost every case, it depends. Usually, what RAID is and what it does for you depends on what type you choose and how you implement and manage it. For example, for some applications RAID 5 is better than RAID 0; for others, RAID 0 is vastly superior to RAID 5! There are situations where a RAID design, hardware and software that would normally result in high reliability could result instead in disaster if they are not properly controlled.

RAID Benefits
Alright, let's take a look at the good stuff first. :^) RAID really does offer a wealth of significant advantages that would be attractive to almost any serious PC user . (Unfortunately, there are still those pesky costs ,tradeoffs  and limitations  to be dealt with... :^) ) The degree that you realize the various benefits below does depend on the exact type of RAID that is set up and how you do it, but you are always going to get some combination of the following:
Higher Data Security: Through the use of redundancy, most RAID levels provide protection for the data stored on the array. This means that the data on the array can withstand even the complete failure of one hard disk (or sometimes more) without any data loss, and without requiring any data to be restored from backup. This security feature is a key benefit of RAID and probably the aspect that drives the creation of more RAID arrays than any other. All RAID levels  provide some degree of data protection , depending on the exact implementation, except RAID level 0 .

Fault Tolerance: RAID implementations that include redundancy provide 

a much more reliable overall storage subsystem than can be achieved by a single disk. 

This means there is a lower chance of the storage subsystem as a whole failing 

due to hardware failures. (At the same time though, the added hardware used in 

RAID means the chances of having a hardware problem of some sort 

with an individual component, even if it doesn't take down the storage subsystem, is increased

Improved Availability: Availability refers to access to data. Good RAID systems improve availability both by providing fault tolerance and by providing special features that allow for recovery from hardware faults without disruption. 

Increased, Integrated Capacity: By turning a number of smaller drives into a larger array, 

you add their capacity together (though a percentage of total capacity is lost to overhead or 

redundancy in most implementations). This facilitates applications that require large

 amounts of contiguous disk space, and also makes disk space management simpler. 

Let's suppose you need 300 GB of space for a large database. Unfortunately, no hard disk 

manufacturer makes a drive nearly that large. You could put five 72 GB drives into the system,

 but then you'd have to find some way to split the database into five pieces, and you'd be 

stuck with trying to remember what was were. Instead, you could set up a RAID 0 array 

containing those five 72 GB hard disks; this will appear to the operating system as a single,

 360 GB hard disk! All RAID implementations provide this "combining" benefit, though the 

ones that include redundancy of course "waste" some of the space on that redundant information.

Improved Performance: Last, but certainly not least, RAID systems improve performance by allowing  the controller to exploit the capabilities of multiple hard disks to get around performance-limiting mechanical issues that plague individual hard disks. Different RAID implementations improve performance in different ways and to different degrees, but all improve it in some way.

Installing and Configuring VPN on Windows Server 2003

Installing and Configuring VPN on Windows Server 2003

What is Virtual Private Network (VPN)?

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost.
A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

Components of VPN

A VPN in servers running Windows Server 2003 is made up of a VPN server, a VPN client, a VPN connection (that portion of the connection in which the data is encrypted), and the tunnel (that portion of the connection in which the data is encapsulated). The tunneling is completed through one of the tunneling protocols included with servers running Windows Server 2003, both of which are installed with Routing and Remote Access. The Routing and Remote Access service is installed automatically during the installation of Windows Server 2003. By default, however, the Routing and Remote Access service is turned off.

The two tunneling protocols included with Windows are:

Point-to-Point Tunneling Protocol (PPTP): Provides data encryption using Microsoft Point-to-Point Encryption.

Layer Two Tunneling Protocol (L2TP): Provides data encryption, authentication, and integrity using IPSec.

Your connection to the Internet must use a dedicated line such as T1, Fractional T1, or Frame Relay. The WAN adapter must be configured with the IP address and subnet mask assigned for your domain or supplied by an Internet service provider (ISP). The WAN adapter must also be configured as the default gateway of the ISP router.

NOTE: To turn on VPN, you must be logged on using an account that has administrative rights.

VPN Installation

To install and turn on a VPN server, follow these steps:

1. Click Start, point to Administrative Tools, and then click Routing and Remote Access.
2. Click the server icon that matches the local server name in the left pane of the console. If the icon has a red circle in the lower-left corner, the Routing and Remote Access service has not been turned on. If the icon has a green arrow pointing up in the lower-left corner, the Routing and Remote Access service has been turned on. If the Routing and Remote Access service was previously turn on, you may want to reconfigure the server. To reconfigure the server:
   1. Right-click the server object, and then click Disable Routing and Remote Access. Click Yes to continue when you are prompted with an informational message.
   2. Right-click the server icon, and then click Configure and Enable Routing and Remote Access to start the Routing and Remote Access Server Setup Wizard. Click Next to continue.
   3. Click Remote access (dial-up or VPN) to turn on remote computers to dial in or connect to this network through the Internet. Click Next to continue.
3. Click to select VPN or Dial-up depending on the role that you intend to assign to this server.
4. In the VPN Connection window, click the network interface which is connected to the Internet, and then click Next.
5. In the IP Address Assignment window, click Automatically if a DHCP server will be used to assign addresses to remote clients, or click From a specified range of addresses if remote clients must only be given an address from a pre-defined pool. In most cases, the DHCP option is simpler to administer. However, if DHCP is not available, you must specify a range of static addresses. Click Next to continue.
6. If you clicked From a specified range of addresses, the Address Range Assignment dialog box opens. Click New. Type the first IP address in the range of addresses that you want to use in the Start IP address box. Type the last IP address in the range in the End IP address box. Windows calculates the number of addresses automatically. Click OK to return to the Address Range Assignment window. ClickNext to continue.
7. Accept the default setting of No, use Routing and Remote Access to authenticate connection requests, and then click Next to continue. Click Finish to turn on the Routing and Remote Access service and to configure the server as a Remote Access server.

The Routing and Remote Access Wizard Component

Like most wizards, the first screen of the Routing and Remote Access wizard is purely informational and you can just click Next.

The second screen in this wizard is a lot meatier and asks you to decide what kind of remote access connection you want to provide. Since the goal here is to set up a PPTP-based VPN, select the "Virtual Private Network VPN and NAT" selection and click Next.

Select the VPN option and click Next

The next screen of the wizard, entitled VPN Connection, asks you to determine which network adapter is used to connect the system to the Internet. For VPN servers, you should install and use a separate network adapter for VPN applications. Network adapters are really cheap and separation makes the connections easier to secure. In this example, I've selected the second local area network connection , a separate NIC from the one that connects this server to the network. Notice the checkbox labeled "Enable security on the selected interface by setting up Basic Firewall" underneath the list of network interfaces. It's a good idea to enable since option it helps to protect your server from outside attack. A hardware firewall is still a good idea, too.

Select the network adapter that connects your server to the Internet

With the selection of the Internet-connected NIC out of the way, you need to tell the RRAS wizard which network external clients should connect to in order to access resources. Notice that the adapter selected for Internet access is not an option here.

Select the network containing resources needed by external clients

Just like every other client out there, your external VPN clients will need IP addresses that are local to the VPN server so that the clients can access the appropriate resources. You have two options (really three â€" I'll explain in a minute) for handling the doling out of IP addresses.

First, you can leave the work up to your DHCP server and make the right configuration changes on your network equipment for DHCP packets to get from your DHCP server to your clients. Second, you can have your VPN server handle the distribution of IP addresses for any clients that connect to the server. To make this option work, you give your VPN server a range of available IP addresses that it can use. This is the method I prefer since I can tell at a glance exactly from where a client is connecting. If they're in the VPN "pool" of addresses, I know they're remote, for example. So, for this setting, as shown in below, I prefer to use the "From a specified range of addresses" option. Make your selection and click Next.

Your choice on this one! I prefer to provide a range of addresses

If you select the "From a specified range of addresses" option on the previous screen, you now have to tell the RRAS wizard exactly which addresses should be reserved for distribution to VPN clients. To do this, click the New button on the Address Range Assignment screen. Type in the starting and ending IP addresses for the new range and click OK. The "Number of addresses" field will be filled in automatically based on your entry. You can also just enter the starting IP address and the number if IP addresses you want in the pool. If you do so, the wizard automatically calculates the ending IP address. Click OK in the New Address Range window; your entry appears in the Address Range Assignment window. Click Next to continue.

You can have multiple address ranges, as long as they are all accessible

The next screen asks you to identify the network that has shared access to the Internet. This is generally the same network that your VPN users will use to access shared resources.

Pick the network adapter that gives you access to the Internet

Authenticating users to your network is vital to the security of your VPN infrastructure. The Windows VPN service provides two means for handling this chore. First, you can use RADIUS, which is particularly useful if you have other services already using RADIUS. Or, you can just let the RRAS service handle the authentication duties itself. Give users access to the VPN services by enabling dial-in permissions in the user's profile (explained below). For this example, I will not be using RADIUS, but will allow RRAS to directly authenticate incoming connection requests.

Decide what means of authentication you want to provide

That's it for the RRAS wizard! You're provided with a summary screen that details the selections you made.

The RRAS wizard summary window

This also completes the installation of the Remote Access/VPN Server role.

User Configuration

By default, users are not granted access to the services offered by the VPN; you need to grant these rights to each user that you want to allow remote access to your network. To do this, open Active Directory Users and Computers (for domains) or Computer Management (for stand alone networks), and open the properties page for a user to whom you'd like to grant access to the VPN. Select that user's Dial-In properties page. On this page, under Remote Access Permissions, select "Allow access". Note that there are a lot of different ways to "dial in to" a Windows Server 2003 system; a VPN is but one method. Other methods include wireless networks, 802.1x, and dial-up. This article assumes that you're not using the Windows features for these other types of networks. If you are, and you specify "Allow access", a user will be able to use multiple methods to gain access to your system. I can't go over all of the various permutations in a single article, however.

Allow the user access to the VPN

Up and Running

These are the steps needed on the server to get a VPN up and running.

How to Configure a VPN Connection from a Client Computer

1. On the client computer, confirm that the connection to the Internet is correctly configured.
2. Click Start, click Control Panel, and then click Network Connections. Click Create a new connection under Network Tasks, and then click Next.
3. Click Connect to the network at my workplace to create the dial-up connection. Click Next to continue.
4. Click Virtual Private Network connection, and then click Next.
5. Type a descriptive name for this connection in the Company name dialog box, and then click Next.
6. Click Do not dial the initial connection if the computer is permanently connected to the Internet. If the computer connects to the Internet through an Internet Service Provider (ISP), click Automatically dial this initial connection, and then click the name of the connection to the ISP. Click Next.
7. Type the IP address or the host name of the VPN server computer (for example, VPNServer.SampleDomain.com).
8. Click Anyone's use if you want to permit any user who logs on to the workstation to have access to this dial-up connection. Click My use only if you want this connection to be available only to the currently logged-on user. Click Next.
9. Click Finish to save the connection.
10. Click Start, click Control Panel, and then click Network Connections.
11. Double-click the new connection.
12. Click Properties to continue to configure options for the connection. To continue to configure options for the connection, follow these steps:
    
    • If you are connecting to a domain, click the Options tab, and then click to select the Include Windows logon domain check box to specify whether to request Windows Server 2003 logon domain information before trying to connect.
    • If you want the connection to be redialed if the line is dropped, click theOptions tab, and then click to select the Redial if line is dropped check box.

To use the connection, follow these steps:

1. Click Start, point to Connect to, and then click the new connection.
2. If you do not currently have a connection to the Internet, Windows offers to connect to the Internet.
3. When the connection to the Internet is made, the VPN server prompts you for your user name and password. Type your user name and password, and then clickConnect.
   Your network resources must be available to you in the same way they are when you connect directly to the network.NOTE: To disconnect from the VPN, right-click the connection icon, and then click Disconnect.

Troubleshooting

Troubleshooting Remote Access VPNs

Cannot Establish a Remote Access VPN Connection

• Cause: The name of the client computer is the same as the name of another computer on the network.
  
  Solution: Verify that the names of all computers on the network and computers connecting to the network are using unique computer names.

• Cause: The Routing and Remote Access service is not started on the VPN server.
  
  Solution: Verify the state of the Routing and Remote Access service on the VPN server.
  
  
  
• Cause: Remote access is not turned on on the VPN server.
  
  Solution: Turn on remote access on the VPN server.
  
  
  
• Cause: PPTP or L2TP ports are not turned on for inbound remote access requests.
  
  Solution: Turn on PPTP or L2TP ports, or both, for inbound remote access requests.
  
  
  
• Cause: The LAN protocols used by the VPN clients are not turned on for remote access on the VPN server.
  
  Solution: Turn on the LAN protocols used by the VPN clients for remote access on the VPN server.
  
  
  
• Cause: All of the PPTP or L2TP ports on the VPN server are already being used by currently connected remote access clients or demand-dial routers.
  
  Solution: Verify that all of the PPTP or L2TP ports on the VPN server are already being used. To do so, click Ports in Routing and Remote Access. If the number of PPTP or L2TP ports permitted is not high enough, change the number of PPTP or L2TP ports to permit more concurrent connections.
  
  
  

.

• Cause: The VPN server does not support the tunneling protocol of the VPN client.
  
  By default, Windows Server 2003 remote access VPN clients use the Automaticserver type option, which means that they try to establish an L2TP over IPSec-based VPN connection first, and then they try to establish a PPTP-based VPN connection. If VPN clients use either the Point-to-Point Tunneling Protocol (PPTP) or Layer-2 Tunneling Protocol (L2TP) server type option, verify that the selected tunneling protocol is supported by the VPN server.
  
  By default, a computer running Windows Server 2003 Server and the Routing and Remote Access service is a PPTP and L2TP server with five L2TP ports and five PPTP ports. To create a PPTP-only server, set the number of L2TP ports to zero. To create an L2TP-only server, set the number of PPTP ports to zero.
  
  Solution: Verify that the appropriate number of PPTP or L2TP ports is configured.
  
  
  

• Cause: The VPN client and the VPN server in conjunction with a remote access policy are not configured to use at least one common authentication method.
  
  Solution: Configure the VPN client and the VPN server in conjunction with a remote access policy to use at least one common authentication method.
  
  
  

• Cause: The VPN client and the VPN server in conjunction with a remote access policy are not configured to use at least one common encryption method.
  
  Solution: Configure the VPN client and the VPN server in conjunction with a remote access policy to use at least one common encryption method.
  
  
  

• Cause: The VPN connection does not have the appropriate permissions through dial-in properties of the user account and remote access policies.
  
  Solution: Verify that the VPN connection has the appropriate permissions through dial-in properties of the user account and remote access policies. For the connection to be established, the settings of the connection attempt must:
  • Match all of the conditions of at least one remote access policy.
  • Be granted remote access permission through the user account (set to Allow access) or through the user account (set to Control access through Remote Access Policy) and the remote access permission of the matching remote access policy (set to Grant remote access permission).
  • Match all the settings of the profile.
  • Match all the settings of the dial-in properties of the user account.
  See the Windows Server 2003 Help and Support Center for an introduction to remote access policies, and for more information about how to accept a connection attempt. Click Start to access the Windows Server 2003 Help and Support Center.

• Cause: The settings of the remote access policy profile are in conflict with properties of the VPN server.
  
  The properties of the remote access policy profile and the properties of the VPN server both contain settings for:
  • Multilink.
  • Bandwidth allocation protocol (BAP).
  • Authentication protocols.
  If the settings of the profile of the matching remote access policy are in conflict with the settings of the VPN server, the connection attempt is rejected. For example, if the matching remote access policy profile specifies that the Extensible Authentication Protocol - Transport Level Security (EAP-TLS) authentication protocol must be used and EAP is not enabled on the VPN server, the connection attempt is rejected.
  
  Solution: Verify that the settings of the remote access policy profile are not in conflict with properties of the VPN server.
  
  See the Windows Server 2003 Help and Support Center for more information about additional information about multilink, BAP and authentication protocols. Click Start to access the Windows Server 2003 Help and Support Center.

• Cause: The answering router cannot validate the credentials of the calling router (user name, password, and domain name).
  
  Solution: Verify that the credentials of the VPN client (user name, password, and domain name) are correct and can be validated by the VPN server.

• Cause: There are not enough addresses in the static IP address pool.
  
  Solution: If the VPN server is configured with a static IP address pool, verify that there are enough addresses in the pool. If all of the addresses in the static pool have been allocated to connected VPN clients, the VPN server cannot allocate an IP address, and the connection attempt is rejected. If all of the addresses in the static pool have been allocated, modify the pool. See the Windows Server 2003 Help and Support Center for more information about TCP/IP and remote access, and how to create a static IP address pool.

• Cause: The VPN client is configured to request its own IPX node number and the VPN server is not configured to permit IPX clients to request their own IPX node number.
  
  Solution: Configure the VPN server to permit IPX clients to request their own IPX node number.
  
  

• Cause: The VPN server is configured with a range of IPX network numbers that are being used elsewhere on your IPX network.
  
  Solution: Configure the VPN server with a range of IPX network numbers that is unique to your IPX network.
  
  

• Cause: The authentication provider of the VPN server is improperly configured.
  
  Solution: Verify the configuration of the authentication provider. You can configure the VPN server to use either Windows Server 2003 or Remote Authentication Dial-In User Service (RADIUS) to authenticate the credentials of the VPN client.
  
  

• Cause: The VPN server cannot access Active Directory.
  
  Solution: For a VPN server that is a member server in a mixed-mode or native-mode Windows Server 2003 domain that is configured for Windows Server 2003 authentication, verify that:
  • The RAS and IAS Servers security group exists. If not, create the group and set the group type to Security and the group scope to Domain local.
  • The RAS and IAS Servers security group has Read permission to the RAS and IAS Servers Access Check object.
  • The computer account of the VPN server computer is a member of the RAS and IAS Servers security group. You can use the netsh ras show registeredserver command to view the current registration. You can use thenetsh ras add registeredserver command to register the server in a specified domain.
    
    If you add (or remove) the VPN server computer to the RAS and IAS Serverssecurity group, the change does not take effect immediately (because of the way that Windows Server 2003 caches Active Directory information). To immediately effect this change, restart the VPN server computer.
  • The VPN server is a member of the domain.

• Cause: A Windows NT 4.0-based VPN server cannot validate connection requests.
  
  Solution: If VPN clients are dialing in to a VPN server running Windows NT 4.0 that is a member of a Windows Server 2003 mixed-mode domain, verify that the Everyone group is added to the Pre-Windows 2000 Compatible Access group with the following command:
  "net localgroup "Pre-Windows 2000 Compatible Access""
  If not, type the following command at a command prompt on a domain controller computer, and then restart the domain controller computer:
  net localgroup "Pre-Windows 2000 Compatible Access" everyone /add

• Cause: The VPN server cannot communicate with the configured RADIUS server.
  
  Solution: If you can reach your RADIUS server only through your Internet interface, do one of the following:
  • Add an input filter and an output filter to the Internet interface for UDP port 1812 (based on RFC 2138, "Remote Authentication Dial-In User Service (RADIUS)"). –or-
  • Add an input filter and an output filter to the Internet interface for UDP port 1645 (for older RADIUS servers), for RADIUS authentication and UDP port 1813 (based on RFC 2139, "RADIUS Accounting"). -or-
    
    
  • -or- Add an input filter and an output filter to the Internet interface for UDP port 1646 (for older RADIUS servers) for RADIUS accounting.

• Cause: Cannot connect to the VPN server over the Internet using the Ping.exe utility.
  
  Solution: Because of the PPTP and L2TP over IPSec packet filtering that is configured on the Internet interface of the VPN server, Internet Control Message Protocol (ICMP) packets used by the ping command are filtered out. To turn on the VPN server to respond to ICMP (ping) packets, add an input filter and an output filter that permit traffic for IP protocol 1 (ICMP traffic).
  
  

Cannot Send and Receive Data

• Cause: The appropriate demand-dial interface has not been added to the protocol being routed.
  
  Solution: Add the appropriate demand-dial interface to the protocol being routed.
  
  

• Cause: There are no routes on both sides of the router-to-router VPN connection that support the two-way exchange of traffic.
  
  Solution: Unlike a remote access VPN connection, a router-to-router VPN connection does not automatically create a default route. Create routes on both sides of the router-to-router VPN connection so that traffic can be routed to and from the other side of the router-to-router VPN connection.
  
  You can manually add static routes to the routing table, or you can add static routes through routing protocols. For persistent VPN connections, you can turn on Open Shortest Path First (OSPF) or Routing Information Protocol (RIP) across the VPN connection. For on-demand VPN connections, you can automatically update routes through an auto-static RIP update. See Windows Server 2003 online Help for more information about how to add an IP routing protocol, how to add a static route, and how to perform auto-static updates.

• Cause: A two-way initiated, the answering router as a remote access connection is interpreting router-to-router VPN connection.
• 
  Solution: If the user name in the credentials of the calling router appears under Dial-In Clients in Routing and Remote Access, the answering router may interpret the calling router as a remote access client. Verify that the user name in the credentials of the calling router matches the name of a demand-dial interface on the answering router. If the incoming caller is a router, the port on which the call was received shows a status of Active and the corresponding demand-dial interface is in a Connectedstate.
  
  

• Cause: Packet filters on the demand-dial interfaces of the calling router and answering router are preventing the flow of traffic.
  
  Solution: Verify that there are no packet filters on the demand-dial interfaces of the calling router and answering router that prevent the sending or receiving of traffic. You can configure each demand-dial interface with IP and IPX input and output filters to control the exact nature of TCP/IP and IPX traffic that is permitted into and out of the demand-dial interface.
  
  

• Cause: Packet filters on the remote access policy profile are preventing the flow of IP traffic.
  
  Solution: Verify that there are no configured TCP/IP packet filters on the profile properties of the remote access policies on the VPN server (or the RADIUS server if Internet Authentication Service is used) that are preventing the sending or receiving of TCP/IP traffic. You can use remote access policies to configure TCP/IP input and output packet filters that control the exact nature of TCP/IP traffic permitted on the VPN connection. Verify that the profile TCP/IP packet filters are not preventing the flow of traffic.
  

Network Questions - I

1.      What is the difference between TCP and UDP

TCP is a connection oriented protocol, which means that everytime a packet is sent say from host A to B, we will get an acknowledgement. Whereas UDP on the other hand, is a connection less protocol.

Where will it be used : TCP -> Say you have a file transfer and you need to ensure that the file reaches intact, and time is not a factor, in such a case we can use TCP.

UDP-> Media Streaming, question is say you are watching a movie…would you prefer that your movie comes..perfectly….but u need to wait a long time before you see the next frame ?..or would you prefer the movie to keep streaming…Yes…The second option is definely better….This is when we need UDP

2.      What is a MAC address?

MAC is a machines Physical address, The internet is addressed based on a logical addressing approach. Say, when the packet reaches say the bridge connection a LAN, the question is..how does it identify, which computer it needs to send the packet to. For this it uses the concept of ARP, Address Resolution Protocol, which it uses over time to build up a table mapping from the Logical addresses to the Physical addresses. Each computer is identified using its MAC/Physical address ( u can use the ipconfig -all option to get ur MAC address).

3.      What is MTU?

The MTU is the “Maximum Transmission Unit” used by the TCP protocol. TCP stands for Transmission Control Prototcol. The MTU determines the size of packets used by TCP for each transmission of data. Too large of an MTU size may mean retransmissions if the packet encounters a router along its route that can’t handle that large a packet. Too small of an MTU size means relatively more overhead and more acknowledgements that have to be sent and handled. The MTU is rated in “octets” or groups of 8 bits. The so-called “official” internet standard MTU is 576, but the standard rating for ethernet is an MTU of 1500.

4.      Difference Between. Switch , Hub, Router..

Hub: 1.it is a layer1 device..used to connect various machine on Lan.
2.It forwards broadcast by default.
3.It supports one collision domain and one broadcast domain.
4.it works on Bus topology resulting less speed.
Switch: 1. A layer2 device.
2. Forward broadcast first time only.
3. one broadcast domain & collision domains depends on no. of ports.
4.It is based on Star Topology giving 100mbps to every pc on Lan.
Router: 1. Does not Broadcast by default.
2. breaks up Broadcast domain.
3. Also called Layer3 switch.

5.      VPN.....
VPN(Virtual Private Network )… these are basically the logical networks on the physical line… you can have many VPN over same line..
Need of VPN arises when your company need to increase the network but don’t want to buy any more switches.. take an eg. your dept. your room is packed with employees and ur company need to add 4 more persons to ur deptt. what will they do.. the solution is to create VPN’s…you can configure the switch ports in other deptts. and create a specific VLAN of ur deptt. So that the persons can sit there and access to the required pcs.

6.      ARP & RARP.....

      Stands for Address Resolution Protocol…whenever a request is sent by a node on one network to the node on another network the Physical address(MAC) is required and for this the IP address need to be flow over the network..whenever a router with that network (IP) gets the msg. the required MAC address is sent through the network this process of converting the IP address to MAC address is Called ARP..and the reverse thats the convertion of the Mac address to the IP address is called RARP ( Reverse Address Resolution Protocol)

7.      What is the difference between layer 2 and layer 3 in the OSI model?

Layer 2 is responsible for switching data whereas Layer 3 is responsible for routing the data.

Layer3: With information gathered from user, Internet protocol make one IP packet with source IP and Destination IP and other relevant information. It can then route packet through router to the destination.

Layer2: Soon after it receives IP packet from layer 3, it encapsulate it with frame header (ATM header in case of ATM technology) and send it out for switching. In case of Ethernet it will send data to MAC address there by it can reach to exact destination.