IP over ATM
Setting up and maintaining an IP over ATM network provides real benefits, but it also requires additional start-up work to configure an optimally efficient network. Logical IP subnets and PVCs are just some of the tools available to system administrators to keep a network performing; both are described in more detail in the following sections.
Enhancing Security through Logical IP Subnets
A logical IP subnet (LIS) prevents communication between other IP hosts except through a router. (The term is defined in RFC 1577).
Adding clients to a LIS is performed at the client level by establishing an SVC to the ARP server and using a static or DHCP-assigned IP address within the same IP subnet and having the same subnet mask. A LIS can also be established by using a PVC between clients in the same IP network or subnet and subnet mask.
For instance, an IP over ATM network can be set up to contain two LISs, one for users on site, and a second in another department or group or PVCs. The ATM ARP server examines all users who call it to join the CLIP network. All those who access the same IP over ATM server address with DHCP share the same IP network or subnet number and subnet mask are members of the same LIS. The LIS members have full network access to each other. Security is enforced simply by the inability of other networks connecting to the LIS or its members.
The security feature works to prevent others from accessing the network. To extend the example further, a second LIS can be formed using the same ATMARP server address but with a different IP network/ subnet number and subnet mask by static addressing or through a DHCP server on the second LIS. For a member of the second LIS to gain access to the secured servers in LIS 1, they must cross a router, which can enforce the desired security protocol. Routing is required even though both LISs are logically served by the same ATMARP server since the LISs do not share the same IP network.
Combining PVCs and a LIS reveals another useful property of IP over ATM. ATM ARP clients can be pointed to one another through the ATM Call Manager and IP over ATM to utilize a common PVC that has been set up on the ATM switch and that operates without the use of ATM addresses. You can then use IP addresses within the same IP network or subnet and subnet mask to form a small and secure LIS. The LIS is completely secure between the systems on the subnet and unavailable to other LISs, even through the ATM switch, without routing the IP packets from one of the systems. Additional uses for PVCs are described below.
Using PVCs Effectively
PVCs are similar to LISs as they are also useful in private ATM networks in certain situations. For instance, a large campus LAN might need to migrate to a higher-speed ATM backbone. In backbone configurations, the connections required are just a few static configurable switch paths that change infrequently. Permanent configuration of an ATM circuit serves this function well.
As another example, consider a small WAN with a limited number of sites that require a continuous dedicated high-speed connection to guarantee a fixed Quality of Service between site locations. With a circuit permanently established, the ATM switches at both WAN sites do not suffer the added latency and overhead of call signaling, or connection setup and teardown, each time ATM cell traffic data is sent on the network. When data is sent it is forwarded directly over the PVCs established between sites.
In Windows 2000, PVCs are set up from the Network Connections interface. PVCs are used for special situations, such as custom connections (like raw channel access), PPP over ATM server & client, and ATMARPC over PVCs. To configure them, go to the advanced properties of the ATM Call Manager.
Setting Up IP over ATM for a PVC-Only Environment
It is possible to configure Windows 2000 Professional or Windows 2000 Server computers to use IP over ATM using just PVCs. Doing so, however, requires some preparation.
First, allocate IP addresses for each computer. Each computer requires an IP address. You also need a PVC (that is, a VPI/VCI pair) for each pair of communicating computer. Write down the VPI/VCI values at each end of the PVC; each direction uses the same value for the PVC, but those values must be entered at both endpoints. Set up your switches with the PVC and port information; the PVCs can all be set up as UBR (line rate) virtual circuits.
Follow these steps:
To enable IP over ATM
From Control Panel , click Network .
In the Network Connections dialog box, select the Properties tab and then double-click on the ATM adapter to display all protocols bound to the ATM adapter.
Select TCP/IP Protocol , and then click Enable .
To assign the IP address to the computer
Right-click Internet Protocol (TCP/IP) on the ATM Connection Properties page.
In the TCP/IP Properties dialog box, select your ATM adapter name in the Connect Using field.
Click Use the following IP Address , and then enter the appropriate information in the IP Address , Subnet Mask , and Default Gateway fields.
Optionally, click WINS Address and complete the corresponding fields.
To configure the ATMARP Client on each computer for PVC-only
In Control Panel , click Network and Dial-Up Connections , and then right-click ATM Connection .
Click the Properties tab, and select ATM Call Manager ; click the Properties tab from the ATM Call Manager dialog box.
Click Add .
In the ATM PVC Configuration dialog box, enter the PVC's name and VCI number, and then change the Application Type from Custom to Default .
.gif "important-icon")
Important
The Application Type defaults to the Custom value on the ATM PVC Configuration page. You must change the Application Type to ATMARP every time you enter a new PVC value.
Once you have configured all the PVCs you need for the IP Mesh, the IP over ATM protocol uses this information along with the Inverse ARP to populate the address mapping cache (ARPCache) of the ARP server. This happens automatically; once the PVCs are configured, the network is ready for operation.