Last update : September 7, 2015
A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, or office building. It is contrasted to a wide area network (WAN), which covers a larger geographic distance and may involve leased telecommunication circuits. Ethernet over twisted pair cabling and Wi-Fi (WLAN) are the two most common transmission technologies in use for local area networks.
The term Virtual Host refers to the practice of running more than one website (such as dev.radiologic.fr and local.radiologic.fr) on a single machine. The fact that they are running on the same physical server is not apparent to the end user. Apache was one of the first servers to support virtual hosts right out of the box.
Computer Name, Address and Route
To find and access a computer in an network, we must know the following informations :
- Name : to indicate what we seek ( > Domain Name )
- Address : to indicate where it is ( > IP Address )
- Route : to indicate how to get there ( > Routing )
Domain names are used to identify one or more IP addresses. They are used in URLs to identify particular web pages. Domain names can be local or public. The latter must be registered with an ICANN accredited registrar.
A domain name consists of one or more parts, technically called labels, that are conventionally concatenated, and delimited by dots, such as example.com. The right-most label conveys the top-level domain (TLD), including the generic top-level domains (gTLDs), such as the prominent domains com, info, net, edu, and org, and the country code top-level domains (ccTLDs) such as lu, de, fr.
Below the top-level domains in the domain name hierarchy are the second-level domain (SLD) names. These are the names directly to the left of the top-level domains. Second-level domain names are usually created based on the name of a company, product or service. There can be additional sub-level domains with virtually no limitation. Below these levels, the most right domain name component is used to designate a particular host server, for example www for a world wide web server, ftp for an FTP server, or any other label. A domain name with TLD, SLD and hostname is called a fully qualified domain name (FQDN), for example dev.radiologic.fr.
Local domain names used in local networks can be freely chosen by the network administrator, but some TLD’s should be avoided. For example Apple uses the domain extension .local for it’s implementation of zero-configuration networking called Bonjour.
To map domain names to IP addresses, a Domain Name System (DNS) is used.
An IP Address (Internet Protocol address) is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. The designers of the Internet Protocol defined an IP address as a 32-bit number (IPv4) which is still in use today. A new version of IP (IPv6), using 128 bits for the address was developed in 1995 to avoid a depletion of the available addresses. Its deployment has been ongoing since the mid-2000s.
IP addresses are usually written and displayed in human-readable notations, such as 172.16.254.1 (IPv4), and 2001:db8:0:1234:0:567:8:1 (IPv6).
An IP address is logically recognized as consisting of two parts: the network prefix and the host identifier, or interface identifier (IPv6). The routing prefix is expressed in CIDR (Classless Inter-Domain Routing) notation. It is written as the first address of a network, followed by a slash character (/), and ending with the bit-length of the prefix. For example, 192.168.1.0/24 is the IPV4 prefix starting at the given address, having 24 bits allocated for the network prefix, and the remaining 8 bits reserved for host addressing.
IPv4 reserves some addresses for special purposes such as private (local) networks or multicast addresses. The following ranges are reserved for private networks :
In IPV6, the reserved address blocks for private networks are referred to as unique local addresses (ULA) and they use the routing prefix fc00::/7.
IP addresses can be static (fix) or dynamic. Static IP addresses are manually assigned to a computer by the network administrator. Dynamic IP addresses are assigned either by a server (router) using Dynamic Host Configuration Protocol (DHCP) or by the computer itself, as in Zeroconf. In the last case of address autoconfiguration (link-local address) the address block 169.254.0.0/16 is reserved in IPv4 networks and the block fe80::/10 in IPV6 networks.
In IPV4 a subnet mask is used to indicate how the IP address is divided into network and host parts. A subnet mask is made by setting network bits to all “1”s and setting host bits to all “0”s. For example, 255.255.255.0 is the network mask for the 192.168.1.0/24 prefix.
Routing is the process of selecting best paths in a network. Routing schemes differ in their delivery semantics:
- unicast : destination is a single specific node in the network
- broadcast : destinations are all nodes in the network
- multicast : destinations are all interested nodes in the network
- anycast : one to many routing topology
- geocast : destinations are all nodes in a geographical area
Unicast is the dominant form of message delivery on the Internet.
The main job of a DNS server is to store DNS name data and serve it when it receives requests. The main job of a DNS resolver is to transform a DNS name into an IP address, but this is only one of several types of resolution services performed by DNS. The process to resolve an hostname to an ip address is normally called dns lookup.
Reverse DNS lookup or reverse DNS resolution (rDNS) is the determination of a domain name that is associated with a given IP address.
Accessing local virtual hosts
There are different ways that local websites can be viewed from other computers which are connected within the same LAN. These computers can be desktops or laptops running Windows, Mac OSX, Linux or be mobile devices like tablets (iPad, Samsung, …) or smart phones (iPhone, Android, …).
- Use the LAN IP of the server : downside – only one website can be accessed
- Use the LAN host name of the server : downside – only one website can be accessed
- Use a LAN-wide hosts file : downside – this doesn’t work on iOS and most other mobile devices
- Use own DNS server : downside – setup is complex ; DNS server must always be turned on
- Use a Wi-Fi router with DNS Masquerading : downside – only a few routers support this option
- Use registered domain names : downside – all website domain names must have a common base; works only with Internet access
- Use a HTTP proxy server : downside – multiple
We are analyzing now what solution to adapt for a real network case, related to the specific RadioLogic project.
RadioLogic project requirements
RadioLogic is an university education tool for radiologists which uses three websites, working as virtual hosts :
- www.radiologic.fr : hosted on Amazon AWS, this website provides the tools and data for public users
- local.radiologic.fr : hosted on a local server, this website provides the tools and data for private users on a local network
- dev.radiologic.fr : hosted on a local server, this website provides the beta versions of new tools and data for testing before deployment on the public and private hosts
If possible, the IT consumerization policy BYOD (Bring your own device) is promoted allowing the radiologists in residence to use their own devices. The local server is a MacBookAir laptop running OSX Yosemite 10.10.5 or later. The clients are iPads running iOS 8.1.4 or later. Both the server and the clients will be used for other purposes.
There exist four operational modes :
- The server is used as standalone client without Internet connection
- The server is used as standalone client with an Internet connection through a Wi-Fi router
- An iPad is used as client with an Internet connection through the same Wi-Fi router (same local network)
- An iPad is used as client with a local AdHoc Wi-Fi Connection (SSID = radiologic-open) established by the server
The following figure shows the four operational modes.
RadioLogic : four operational modes
The project requirement is that the same host names are used in each operation mode to access the three websites. Let’s examine how to achieve this goal.
Server without Internet connection used as a client
Without Internet connection, it’s not possible to access the public website www.radiologic.fr. To access the local websites local.radiologic.fr and dev.radiologic.fr, the most simple solution is to use the internal hosts file available on every desktop computer (Windows, Linux, Mac OSX, …). This configuration file for the loopback interface is located at /private/etc/hosts on the Mac OSX, but it’s also accessible through the more traditional location /etc/hosts. This file is configured as follows :
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
The default values are the IP addresses for the localhost in IPV4 and IPV6 and the broadcasthost for IPV4. The radiologic hosts have been added.
Server with Internet connection used as a client
Accessing the public website www.radiologic.fr is now possible and the preceding loopback solution is also working.
iPad used as a client with Internet connection in local network
There is no problem to access the public website www.radiologic.fr, but the simple loopback solution to access the local hosts is not possible on mobile devices without jailbreaking.
The next possibility consists in using a local DNS server. Setting up a DNS server on the Mac laptop with primary zones for the local hosts needs a parameter change in the DNS configuration of the iPad Wi-Fi connection.
Wi-Fi settings in iPad
We must change the IP address of the DNS server, assigned by the Internet provider via the Wi-Fi router, by the local IP address of the Mac laptop, which leads to various problems :
- The IP address of the Mac laptop changes when you use it in a different local network or when the DHCP server assigns a new address in the same network at booting
- The DNS server of the Mac laptop must be continuously running to use the iPad for Internet surfing
- Using an additional DNS server with forwarding to a public DNS server to set up an Internet connection may lead to delays or performance problems
- Frequent changes of the DNS addresses on an iPad is an error-prone process for a normal user
I recommend to never change the network parameters assigned by the Internet provider on your router and local devices to avoid all sort of problems.
There exist a third solution to access the local hosts in our case, which some developers consider as a hack : using the public DNS server to point towards the internal private IP address of the Mac computer.
This solution is simple and feasible in our case because all hosts use the same domain name radiologic.fr which is registered and managed in a public DNS server. Instead of creating an A record for both dev.radiologic.fr and local.radiologic.fr we can use a wild-card (*) to catch all DNS records.
Some reasons to not use a public DNS server with local IP addresses, invoked by other developers, are the following :
- leak of internal informations to third parties
- it’s not considered best practice
- external clients may inadvertently be redirected to a host on their own local network
- it’s likely to cause confusion and human miscommunication
- risk of mail delivery timeouts or mail bounces
- risk of DNS rebinding attacks
I don’t agree with these arguments that I consider as minor problems or not applicable in specific cases. I think the solution is not a such bad idea in practice and I will use it in the RadioLogic project.
Some routers provide a security feature to protect against DNS rebinding attacks by suppressing DNS responses that refer to IP addresses in the home network. My router FRITZ!Box 7390 is such a device. It allows to enter domain names in a list of exceptions where this protection should be disabled. In our case these are dev.radiologic.fr and local.radiologic.fr.
Exceptions to the DNS rebinding protection in the Fritz!Box router 7390
iPad used as a client connected to an AdHoc network
The only workable solution in this case is the use of a local private DNS server. You may ask what about the problems listed in the preceding chapter ? Well, these are no longer issues in the case of an AdHoc Wi-Fi network :
- The self-assigned IP address of the AdHoc Wi-Fi interface in the range 169.254.0.0/16 can be defined as static
- The DNS server is always running when the Mac laptop runs the AdHoc network
- Without Internet connection there is no forwarding to a public DNS server
- The DNS address is changed once in the configuration of the AdHoc Wi-Fi connection which is different from the configuration of the other Wi-Fi infrastructure connections
In iOS and OSX Wi-fi settings, each Wi-fi connection has a Search Domains section which is simply a convenience that allows the system to convert host names to Fully Qualified Domain Names (FQDN). Anyplace you might use a FQDN, such as in the location bar of Safari, you can use a simple host name. If the system can’t resolve that host name to an IP address, then it will try appending the search domain to the host name and try again. If you specified more than one search domain, it will try them each in order.
If we set the search domain to radiologic.fr, we can use the host names dev and local to access the corresponding websites. I didn’t opt for this solution because it introduces more complexity and an additional delay in setting up connections.
Network Diagnose Tools
There are several tools available for iPads to diagnose access problems in local networks:
iPad Network Analyzer : ping statistics – LAN overview
The following list provides links to websites with additional informations about accessing local virtual hosts :