I'm going to go over some REALLY COOL time-saving ideas so you can put your feet up and, well, be lazy like me. What do you think about securing your local network and setting the clock automatically? Sound good? OK, let's go secure that network!
Fun with numbers
The Internet is a public network (with a TON of funny numbers) that declares your address in cyberspace. That address consists of four sets of numbers known as "octets," which define your location. The importance of the numbers is that they tell the world which routers to hop over to so your information can point directly back to you. Most connections are "ask/response" where the remote systems say, "Hey, can you tell me about hybrid cars?" And the location of that document starts with an IP address, then a document location, which then displays on your browser. So far, so good.
Let's number our local network now, shall we? You remember I mentioned that we have all these neat numbers that direct the Internet where to go to get the information from. Well, that network (the Internet!) is a PUBLIC network. That public network routes all the numbers around. So that our world can be protected, we can number our INTERNAL or local network using NON-routable numbers that only we can see. Since those numbers can't be routed over the Internet, you create this barrier separating the local and Internet. These numbers are designated as follows:
Class A -- 10.0.0.0 - 10.255.255.255
Class B -- 172.16.0.0 - 172.31.255.255
Class C -- 192.168.0.0 - 192.168.255.255
The Class A number, which is ANYTHING with a 10 DOT in the address, gives your internal network MILLIONS of possibilities internally for numbering. OK -- WOW -- but with MILLIONS of possibilities, I still need to ROUTE that info around my internal network. The Class B and Class C local networks are far easier to manage, and they still offer the same NON-routable protections.
Why have different numbers?
Our office systems have these sophisticated devices called firewalls. These systems BREAK the connection between the outside world and your safe cozy office. That ability to interrupt the connection from outside world to the inside world is a translation (Network Address Translation or NAT) from the outside to the inside. This conserves the Internet's addresses and protects your internal network from people on the outside. Wow! You're doing all that by simply numbering things.
But wait -- there's more! Let's organize them as well. My office at headquarters is huge, but we just got a remote office in Cleveland. Now what? From my internal address scheme, we can CHANGE one of the octets and send traffic to AND from the remote office rather efficiently. So the local office is 172.16.1.1, and the remote office is 172.16.2.1. Need more? The 172 private addresses allow for that, so 172.16.0.0 is your local office and your office in Cleveland would be 172.17.0.0. The routers know to send this to the remote office because they will be programmed to say, "If it's addressed outside this scheme, send it my way."
Be sure to set the proper "Sub-Net" mask so that your TCP/IP traffic is routed properly. For Class A networks, the minimum setting for the Sub-Net mask is "255.0.0.0", for Class B networks, the minimum setting is "255.255.0.0", and for Class C networks, the minimum setting is "255.255.255.0" -- the 0's are where the network resides. These can be calculated even further down, limiting how the networks are configured and route the communications within that particular segment. A neat trick is to treat your Class A network as a Class C network and segment accordingly.
These numbers are discussed in detail within documents on the Internet called "Request For Comments" (RFCs) in document number 1918. A copy of that can be seen at http://www.faqs.org/rfcs/rfc1918.html. All RFCs are searchable at http://www.faqs.org/rfcs/.
You can also use a "switch" inside your networks instead of a "hub" to route traffic INTERNALLY within your local office. Switches are intelligent devices that figure out where the addresses are and send ONLY the information to and from that device when requested. So, you ask for information from your AS/400 or iSeries, it figures out where THAT system is within the switch, and points your request to it, speeding up your network.
Now let's get lazy!
What helps you manage this within the OS/400 is software that gives each system connecting to your network its own number (if configured to receive it, that is) instead of your having to assign IP addresses to each system. Dynamic Host Configuration Protocol (DHCP) is a GREAT way to let the computers do the thinking for us. (By the way, this software is BUILT INTO OS/400.) You can declare lots of things, such as gateways, name servers, etc., which then get programmed into your systems when they plug into your network and ask for a connection. That also means, however, that if ANYONE plugs their computers into a network port and their PC "requests" a number, it will assign one.
Please consider your security implications before utilizing this sort of scheme. Assigning these configurations to PCs within your network is time-consuming, and changing them is also time-consuming, but it prevents outsiders from just "plugging in" and hacking within your networks. True, with some knowledge they can walk over to an existing workstation and figure out this scheme or utilize scanners to figure out the scheme, so you're merely slowing those ruffians down, not stopping them completely. Thorough password protection and proper security considerations minimize this threat to your network.
Let's set our clock
As of V5R1, OS/400 has the ability to set the clock on the system to the thousands of a second. This is called Simple Network Time Protocol (SNTP), which you can read gobs about at http://www.faqs.org/rfcs/rfc2030.html. SNTP simply looks at a designated time server and sets itself accordingly to the thousands of a second accuracy. WOW!
Name serving and other OS/400 servers
OS/400 comes from the factory with name serving, e-mail serving and receiving, PC file serving, and many more servers BUILT IN. If you have any questions about these other neato, coolie wow servers, let me know, and I'll answer them as best as I can -- OR I can write a whole article about them. But understand that ALL have their roots in the RFCs where the real understanding of the protocols can be found.
It's not all so serious
I've been citing all these neat RFCs that are SOO serious and boring. Well, not all of them are. Look at RFC1149 to understand TCP/IP Avian protocols. It details wrapping the pigeon's legs with each TCP/IP packet and routing the information -- or the new HTCPCP. Or look at the Hyper Text Coffee Pot Control Protocol. I never knew about that! When will the OS/400 support THOSE RFCs? I thought this system was TCP/IP-compliant!
Let me know what else you want to see
There are TONS of TCP/IP tools within OS/400. Let me know what you want to see, and I'll detail that technology in a future article. Until then, this is the Lazy Coder, putting his feet up and taking a nap . . .
-----------------------------------------
About the author: Andrew Borts is webmaster at United Auto Insurance Group in North Miami, Fla. He is often a frequent speaker at COMMON and is past president of The Southern National Users Group, an iSeries-AS/400 user group based in Deerfield Beach, Fla.
