Only the network protocol you need is installed and enabled.
Limiting the number of protocols on your computer to improve network performance and reduce network communication.
If Windows 2000 encounters a network connection problem, it will try to establish a connection with each installed network protocol. By installing and enabling the protocol that the system can use, Windows 2000 will not attempt to connect with the protocol it cannot use, and returns status information more efficiently.
Internet Agreement Security (IPSec)
The IPSec is a long-term direction of the security network is a kit based on password-based protection service and security protocol. Because it does not need to change the application or protocol, you can easily deploy IPsec for existing networks.
IPSec provides machine-level authentication and data encryption for VPN connections using the L2TP protocol. The IPSec is negotiated between the computer and its remote tunnel servers before the L2TP connection creation of the password and the data.
L2TP uses standard PPP-based authentication protocols, such as EAP, MS-CHAP, CHAP, SPAP, and PAP using IPSec.
Encryption is determined by the IPSec Security Association (ie, SA). Security associations are combined by target addresses, security protocols, and unique authentication values, called security parameter index (SPI). Available encryption includes:
Data Encryption Standards (DES) with 56-bit keys, which can be used worldwide, but subject to US restrictions on export encryption regulations.
Triple DES (3Des) with 56-bit keys is designed for North American highly safe environments.
Windows 2000 authentication
Windows 2000 authentication includes two parts: interactive login procedure and network authentication process. The success of user authentication depends at these two processes.
Interactive login process
The interactive login process confirms the identity of the user for a domain account or a local computer. The interactive login process is also different depending on the type of user account.
If you hold a domain account, the user can use a password or smart card to log in to the network by storing unilateral signing credentials in Active Directory. Log in using domain accounts, authorized users can access resources in this domain and any trust domain. If you log in to a domain account using your password, Windows 2000 will authenticate with Kerberos V5. If you use a smart card, Windows 2000 will use Kerberos V5 authentication and certificates.
If you hold a local computer account, the user can log in to the local computer by being stored in the Secure Account Manager (SAM) (also the local security account database). Any workstation or member server can store a local user account, but these accounts can only be used to access the local computer.
Network authentication process
Network authentication confirms the identity of any web service that is trying to access. In order to provide this type of authentication, Windows 2000 security system supports multiple authentication mechanisms, including Kerberos V5, Security Sockets / Transportation (SSL / TLS), and LANs supported with Windows NT 4.0. Manager.
Use the user of the domain account does not see network authentication. Use the local computer account must provide credentials (such as user names and passwords) at each access network resource. By using domain accounts, users have credentials, which are automatically used as unilateral signatures.
The X.25 network uses the package switch protocol, bypasing a noise-free telephone line transmission data. This protocol depends on the Wanvia wide area network with the package transfer node, which can participate in the X.25 packet to the specified address.
The connection service (CPS) is a component of Windows 2000 that provides Internet Service Provider (ISP) and the company's ability to automatically update address book files in the employee or Internet user client. These address book files are working together with the Microsoft Connection Manager (CM) (also configurable connection software in the client). TCP / IP
Application layer: Define the interface between the TCP / IP application protocol and the host program and the transport layer service you want to use the network. HTTP, Telnet, FTP, TFTP, SNMP, DN, SMTP, X-WINDOW, and other application protocols
Transport layer: Provide communication session management between hosts. Define the service level and connection status when transferring data. TCP, UDP, RTP
Internet Layer: Load data into an IP datagram, including address information for the source and targets used in the host and the network forwarding data report. Realize the route of IP datagram. IP, ICMP, ARP, RARP
Network Interface Layer: Specifies how to physically send data through the network, including how to direct the bit stream into electrical signals directly with the hardware device that is in contact with the network media (such as the shaft cable, fiber or twisted wire). Ethernet, token ring, FDDI, X.25, Frame Relay, RS-232, V.35
Internet protocol security
Internet Protocol Security (IPSec) is a set of Internet standards that provide encrypted security services:
confidential
IPsec communication is encrypted. If you don't know the encryption key, the captured IPsec communication cannot be known.
Authentication
IPsec communication is a digital signature, with a shared encryption key, so the recipient can verify that it is sent by the IPSec.
Data integrity
IPSec communication includes encryption checksums merged into the encrypted key. The recipient can confirm that the packet is not modified in the transmission.
TCP / IP screening
Filter using TCP / IP, called "TCP / IP Security" in Windows NT 4.0, you can strictly specify the type of incoming TCP / IP communication processed for each IP interface. This feature is designed to isolate communication processed by the Internet or intranet server, where there is no TCP / IP filtering for "Routing and Remote Access" services or other TCP / IP applications or services. TCP / IP screening is disabled by default.
TCP / IP screening is a set of filters for inbound local host TCP / IP communication. Because the target IP address of the inbound TCP / IP communication is configured to configure the specified port address, the appropriate subnet broadcast address or multicast address, the local host communication is a communication by the host. TCP / IP Filter does not apply to routing communication between interfaces.
Use TCP / IP filtering, you can limit the inbound TCP / IP communication of local hosts, according to:
Target TCP port
Target UDP port
IP protocol
Address Analytical Protocol (ARP)
"Address Resolution Protocol (ARP)" is the required TCP / IP standard, defined in RFC 826 Address Resolution Protocol (ARP) ". ARP parses the IP addresses used by TCP / IP software into media access control addresses used by LAN hardware. ARP provides the following protocol services on the same physical network:
What is the media access control address of a media access control address through a network broadcast request? "What is the media access control address of the device configured as an attached IP address?"
When responding to the ARP request, the sender of the ARP reply and the original ARP request will record each other's IP address and media access control address into items in the local table called ARP cache for future references.
Hardware addressing
The hardware used on the local area must contain unique addresses arranged by the vendor for the device. For Ethernet and token ring network hardware, this address is called a media access control address.
Each media access control address uses a 6-byte digital identifier of the physical network with a 6-byte number of read-only memory (ROM). The media access control address usually uses hexadecimal representations (such as 00-AA-00-3F-89-4A). Authorization and registration of media access control addresses are supervised by IEEE. Currently, a single vendor IEEE is registered and assigned a unique number for the top three bytes of the media access control address. Each manufacturer can then assign a single network card to all three bytes of the media access control address.
How is ARP to resolve media access control addresses for local communications
In this case, two TCP / IP hosts, host A and host B are located on the same physical network. The IP address allocated by the host A is 10.0.0.99, and the IP address allocated by the host B is 10.0.0.100.
When the host A is in communication with the host B, the following steps can parse the address (10.0.0.100) specified by the host B software as the media access control address specified by the host B hardware:
1. According to the routing table content on the host A, IP determines that the forwarding IP address used to access host B is 10.0.0.100. Then the host checks the matching hardware address of the host B in its local ARP cache.
2. If the host A does not find a mapping in the cache, the ARP request frame on the local network is broadcast, and what is the hardware and software address of 10.0.0, 100? "The hardware and software address of the source (host A) is included in ARP request.
Each host on the local network receives the ARP request and checks if it matches its IP address. If the host finds mismatch, give up the ARP request.
3. Host B determine that the IP address in the ARP request matches its own IP address, adds the host's hardware / software address mapping to the local ARP cache.
4. Host B will send an ARP reply message containing its hardware address to the host A.
5. When the host A receives the ARP reply message sent from the host B, the ARP cache is updated with the hardware / software address mapping of host B.
Once the media access control address of the host B is determined, the host A can send IP communication to host B, and find the media access control address of the host.
How is ARP to resolve the media access control address for telematics
The ARP is also used to forward IP datagrams to the local router for the goals that are not in the local network. In this case, the ARP parses the media access control address of the router interface on the local network.
In this example, the IP address allocated by the host A is 10.0.0.99, and the IP address used by host B is 192.168.0.99. The router interface 1 is on the same physical network with the host A, and the IP address used is 10.0.0.1. The router interface 2 and host B are on the same physical network, and the IP address used is 192.168.0.1.
When the host A is to communicate with the host B, the following steps can parse the address (10.0.0.1) specified by the router interface software into the media access control address specified by hardware:
1. According to the routing table content on the host A, the IP determines that the forwarding IP address used to access host B is 10.0.0.1, that is, the IP address of the default gateway. The host A then checks the hardware address that matches 10.0.0.1 in its own local ARP cache.
2. If the host A does not find a mapping in the cache, all host broadcast ARP request frames on the local network will ask "What is the hardware address of 10.0.0.1?" The hardware and software address of the source (host A) is included. ARP request.
Each host on the local network receives the ARP request and checks if it matches its IP address. If the host finds mismatch, give up the ARP request.
3, the router determines the IP address in the ARP request to match your IP address and add the hardware / software address mapping of the host A to the local ARP cache. 4, then the router will send the ARP reply message containing its hardware address to the host A.
5. When the host A receives the ARP reply message sent from the router, update its ARP cache with 10.0.0.1 hardware / software address mapping.
Once the media access control address of the router interface 1 is determined, the host A can send IP communication to the router to find the media access control address of the routing interface 1. Then the router forwards communication to the host, and the ARP process is the same as the ARP discussed in the local communication parsing media access control address.
ARP cache
To make the broadcast amount, the ARP maintains the IP address to the media access control address mapping to future use. The ARP cache can include dynamic and static projects. Dynamic projects are automatically added and deleted over time. Static items remain in the cache until the computer is restarted.
The potential life cycle of each dynamic ARP cache item is ten minutes. The items in the new cache have a timestamp. If a project is not used in two minutes after adding, this item expires and removes from the ARP cache. If an item is already in use, it receives two minutes of life cycle. If a project is always in use, it will additionally receive two minutes of life cycle, until ten minutes of longest life cycle.
You can use the ARP command to view the ARP cache. To see an ARP cache on a computer running Windows 2000, type ARP -A at the Windows 2000 command prompt. To see an ARP command line option, type arp /?.
Internet Protocol (IP)
IP is the desired TCP / IP standard, defined in RFC 791 Internet Protocol (IP) ". IP is unconnected, unreliable datagram protocol, primarily responsible for addressing and selecting the routes of packets between hosts.
No connection means that the session cannot be established before exchange data. Unreliable means that the delivery is not guaranteed. IP always tries to deliver packets. IP packets may be lost, transfer, repeat or delay in sequence. IP does not attempt to recover from these error types. The confirmation of the delivered packets and the recovery of the lost packet are the responsibility of the higher level protocol, such as TCP.
IP packet, also known as IP datagram, consisting of IP headers and IP loads
Internet Convolution (ICMP)
The InterCinal Message Protocol (ICMP) is the required TCP / IP standard, defined in the RFC 792 Internet Message Protocol (ICMP). With ICMP, hosts and routers using IP communication can report errors and exchange restricted control and status information.
In the following cases, ICMP messages are usually sent:
IP Datashers cannot access the target.
IP router (gateway) cannot forward datagrams according to current transmission rate.
The IP router redirects the host to the use of better routes to reach the target.
Different types of ICMP messages are identified in the ICMP title. Since the ICMP message is carried in the IP datagram, it is unreliable.
Internet Packet Management Agreement (IGMP)
The use of IP multicast in the TCP / IP network is defined as the TCP / IP standard in the RFC 1112 Internet Packet Management Protocol (IGMP).
What is IP multicast?
Multicast IP communication is sent to a single address, but is processed by multiple hosts. IP multicast is similar to the Subscription of the newsletter. If only the subscriber is received at the time of the newsletter, only the host of the data multicast group receives and processes the IP communication sent to the group preserved IP address. The host group listens on a particular IP multicast address is called a multicast group.
Other important aspects of IP multicast include the following:
Group members are dynamic, allowing hosts to join or leave groups at any time.
The capabilities of the host add multicast group are performed by sending IGMP messages.
The group is not limited by the size, and the member can extend to multiple IP networks (if connected to the router supports propagating IP multicast communication and group member information). The host can send IP communication to the group IP address without having to belong to the corresponding group.
Multicast addressing
The IP multicast address is reserved and assigned within the D address range of 224.0.0.0 and 239.255.255.255. The following table is a D class address used in some known Windows 2000 components, which is registered for IP multicast reservations and is registered by the specified Internet Number (IANA).
User Data News Agreement (UDP)
The User Dataset Protocol (UDP) is a TCP / IP standard that is defined in the RFC 768 "User Data News Protocol (UDP)".
UDP provides the connectionless datagram service that is tried to transmit, which means that UDP cannot guarantee the order of delivery or verify the datagram. A source host that requires reliable communication must use TCP or provide procedures for your own order and confirmation.
UDP message package and send in IP datagram
UDP port
The UDP port provides a location where the UDP message is sent. The UDP port works as a separate message queue to receive all the datagrams you want by the program specified by each protocol port number. This means that UDP-based programs can receive multiple messages each time.
The server side of each program that uses UDP is listening to the message to the known port number. All UDP server port numbers that are less than 1024 (and some bigger numbers) are all "The specified Internet Number (IANA)" is reserved and registered.
Each UDP server port is identified by a reserved or known port number. The following table is some list of known UDP server port numbers used by the Standard UDP program.
53 DNS name query
69 zero broken file transfer protocol (TFTP)
137 NetBIOS Name Service
138 NetBIOS Datashers Service
161 Simple Network Management Agreement (SNMP)
520 Routing Information Agreement (RIP)
UDP and TCP
Typically, the difference between UDP and TCP delivery data is similar to the difference between the telephone and the postcard. TCP is like a phone, you must first verify that the target can be accessed before ready to communicate. UDP is like a postcard, the amount of information is small and the possibility of success is high, but it cannot be fully guaranteed.
UDP is usually used by a small amount of data or a real-time required program. In these cases, the low overhead and multicast capabilities of UDP (such as a data report, multiple recipients) are more suitable than TCP.
The services and functions provided by UDP and TCP are directly compared. The following table compares the difference in TCP / IP communication based on whether to use UDP or TCP transmission data.
UDP has no connection service; no session is established between the host. TCP is a connection-oriented service; establishing a session between the host.
UDP does not ensure or recognize data delivery or serialization data. TCP ensures data delivery by confirming and sequentially transmitting data in order.
Using UDP programs are responsible for providing reliability required to transfer data. Programs that use TCP ensure reliable data transmission.
UDP is very fast, with low overhead requirements, and supports point-to-peer and a point-to-multi-point communication. TCP is slow, there is a higher overhead requirement, and only support point-to-point communication.
Transmission Control Protocol (TCP)
The Transmission Control Protocol (TCP) is the desired TCP / IP standard, defined in the RFC 793 Transmission Control Protocol (TCP) ", providing reliable, connected datagram transfer services. Transmission control protocol:
Make sure the IP datagram has been successfully passed.
Segment and reorganize the bulk data sent by the program.
Make sure that proper sorting and segmentation data are delivered sequentially.
By calculating the checksum, the integrity check of transmission data is performed.
Whether the data is successfully transmitted based on the data. By having a selection confirmation, it is also negatively confirmed to the data that is not received.
To provide a preferred method for a program that must use a reliable session-based data transmission, such as a client / server database, and an email program.
TCP working principle
TCP is based on point-to-point communication between two network hosts. TCP receives data from the program and processes the data into byte stream. Bytes are divided into segments, then TCP is numbered and sorted to pass. The session must be established before two TCP hosts can exchange data. The TCP session is initialized by the process of three-way handshake. This process synchronizes the serial number and provides control information required to establish a virtual connection between two hosts.
Once the initial three-way handshake is completed, sequentially sequentially, sequentially, sequentially, and confirmation segments in sequence. Turning off the connection The TCP uses a similar handshake process to verify that both hosts are sent and receive all data.
TCP segment package and send in IP datagram
TCP port
The TCP port uses a specific program port to pass the data transmitted using the Transmission Control Protocol (TCP). The TCP port is most complex, different from the UDP port operation.
Although the UDP port is operated for the UDP-based communication as a single message queue and network endpoint, all TCP communication endpoints are unique connections. Each TCP connection is uniquely identified by two endpoints.
Since all TCP connections are uniquely identified by two pairs of IP addresses and TCP ports (each connected host has an address / port pair), each TCP server port can provide sharing access to multiple connections.
The server side of each program using the TCP port is listening to the message to the known port number. All TCP server port numbers that are less than 1024 (and some higher) are all specified Internet Number (IANA) reserved and registered.
The following table is some list of some known TCP server ports used by the standard TCP program.
TCP port number
20 FTP server (data channel)
21 FTP Server (Control Channel)
23 Telnet server
53 domain name system area transmission
80 Web Server (HTTP)
139 NetBIOS Session Service
IP addressing
Each TCP / IP host is identified by a logical IP address. This address is unique to each host using TCP / IP communication. Each 32-bit IP address identifies the location of the system on the network, just like the street address identifies the housing on the city street.
Like the standard format of the street address is two parts (street name and residential number), each IP address is divided into two parts, network ID and host ID:
Network ID, also called network addresses, identifies a single network segment within a large-scale TCP / IP Internet network (network consisting of network). Connecting to and sharing all systems accessed access to the same network with a common network ID within its complete IP address. This ID is also used to uniquely identify each network within a large-scale interior of the Internet.
The host ID is also called a host address, identifies TCP / IP nodes within each network (workstation, server, router, or other TCP / IP device). The host ID of each device uniquely identifies a single system within the network.
Below is an example of a 32-bit IP address:
10000011 01101011 00010000 11001000
To simplify the IP addressing, the IP address is represented by a dotted decimal symbol. 32-bit IP addresses are divided into four eight-bit bytes. The eight-bit byte number is converted into a decimal number (the base is the numbering system of 10), and separated by the English sentence. Therefore, the previous IP address example is converted into a decimal number with a sentence is 131.107.16.200.
Subnet mask
Network ID and host IDs in the IP address are distinguished by subnet mask. Each subnet mask is a 32-bit number, using a continuous bits identifier network ID, all of which identifies the host ID of the IP address.
For example, IP address 131.107.16.200 Usually use a subnet mask is the following 32-bit binary number:
11111111 11111111 00000000 00000000
The subnet mask is a bit of 1, followed by a bit of 0, indicating that the network ID of the IP address is 16 bits. Typically, the subnet mask shows a decimal symbol 255.255.0.0.0.
IP route
In the usual term, the route is a process of forwarding a packet between the connected network. For TCP / IP-based networks, routing is part of the Internet Protocol (IP), combined with other network protocol services, providing the ability to forward each other between the host based on the individual network segments based on the TCP / IP.
IP is the "post office" of the TCP / IP protocol, which is responsible for separating and delivering IP data. Each incoming or outgoing packet is called an IP datagram. The IP datagon contains two IP addresses: sending the source address of the host and the target address of the receiving host. Unlike the hardware address, the IP address inside the datagnet remains unchanged during the TCP / IP network.
Routing is the main function of IP. By using the IP of the Internet layer, IP datagram is exchanged and processed on each host.
On the top of the IP layer, the transmission service on the source host transmits source data in the form of a TCP segment or UDP message in the IP layer. The IP layer is assembled using the address information of the source and the target of the data on the network. The IP layer then transmits the datagram to the network interface layer. At this layer, the data link service converts IP datagrans to frames transmitted on a physical network. This process is performed in the opposite order on the target host.
Each IP datagram contains the IP address of the source and target. The IP layer service on each host checks the target address of each datagram, comparing this address with the locally maintained routing table, and then determine the next forwarding operation. The IP router is connected to two or more IP network segments that can forward the packets. The following sections further discuss the use of IP routers and routing tables in detail.
Routing table
TCP / IP host uses routing tables to maintain information about other IP networks and IP hosts. Network and host identify with IP addresses and subnet masks. In addition, since the routing table provides information about how to communicate with the remote network and host, the routing table is important.
For each computer on an IP network, you can use a project that communicates with the local computer to maintain the routing table. Usually this is not practical, so the default gateway (IP router) can be used.
When the computer is ready to send an IP datagram, it inserts its IP address and the recipient's target IP address to the IP header. Then the computer checks the target IP address, comparing it with the local maintained IP routing table, performs the corresponding operation according to the comparison result. The computer performs one of the following three operations:
The data is reported to the protocol layer above the local host IP.
The network interface forwarding the datagram passes through one of the connected network interfaces.
Discard the datagram.
IP searches for routing with the target IP address in the routing table. From the most accurate route to the least accurate route, arrange them in the following order:
The route matching with the target IP address (host route).
The route matching the network ID of the target IP address (network route).
The default route.
If the matching route is not found, IP discards the datagram.
Jump
The number of hops indicates the use of route overhead, usually the number of hop points to the IP target position. Anything on the local net is a hop, and each router after it is another hop. If you have multiple routes of different hop numbers to the same goal, the lowest routing of the number of hops is selected.
Name analysis
Since the IP is designed to handle the 32-bit IP address of the source and the target host, the computer can be used by those who are not kind to using and remember the IP address of the computer to communicate. People are more good at using and remember the name, not the IP address.
If the name is used as an alias of the IP address, you need to make sure that the name is unique, and can be parsed into the correct IP address.
Host name analysis
Host name resolution means successfully maping the hostname to an IP address. The host name is assigned to the IP node alias that identifies the TCP / IP host. The host name can have up to 255 characters, which can contain letters and digital symbols, even characters, and periodic. You can assign multiple hostnames to the same host. Windows Sockets, such as Internet Explorer, and FTP utilities, you can use one of the two values of the target to be connected: IP address or host name. You don't need a name resolution when you specify an IP address. When specifying the host name, the host name must be parsed into an IP address before starting IP-based communication with the desired resource.
The host name can be in different forms. Two most common forms are nicknames and domain names. Nickname is an alias for the IP address of personal assignment and use. The domain name is a structured name in the hierarchical structure namespace called the Domain Name System (DNS). Www.microsoft.com/ is a typical example of the domain name.
The domain name is parsed by sending a DNS name query to the configured DNS server. The DNS server is a computer that stores a domain name or IP address map or a computer that knows another DNS server. The DNS server parses the domain name you want to query into an IP address and then send it back.
You need to configure the IP address of the DNS server to configure the Windows 2000 to resolve the domain name. The IP address of the DNS server is configured for the computer based on Active Directory running Windows 2000.
NetBIOS name analysis
The NetBIOS name resolution means that the NetBIOS name is successfully mapped into IP addresses. The NetBIOS name is 16-byte addresses for identifying NetBIOS resources on the network. The NetBIOS name is either unique (exclusive) or the group (non-exclusive) name. The only name is used when the NetBIOS process communicates with a specific process on a particular computer. The group name is used when the NetBIOS process communicates with multiple processes on multiple computers.
A process example using the NetBIOS name is the "File and Printer Sharing" service of the Microsoft Network on the computer running Windows 2000. When you start your computer, the server registers the unique NetBIOS name according to your computer name. The exact name of the service is 15 characters plus the 16th character 0x20. If the computer name is not 15 characters long, the insertion space has until 15 characters long.
When you try to establish a shared file connection with a computer running Windows 2000, the "File and Printer Shared" service of the Microsoft Network on the specified file server corresponds to a specific NetBIOS name. For example, when you try to connect a computer called CorpServer, the corresponding NetBIOS name is:
Corpserver [20]
Note that the computer name is filled with a space. Before establishing a file and print a shared connection, you must first create a TCP connection. To establish a TCP connection, the NetBIOS name "CORSERVER [20]" must be parsed into an IP address.
The NetBIOS name parsing the exact mechanism of the IP address is dependent on the type of node configured for the NetBIOS node. RFC 1001, "NetBIOS Services on TCP / UDP Transport: Concepts and Methods" Define NetBIOS's node type, as listed in the table below.
WINS server
The WINS server can store and analyze the NetBIOS name into an IP address. When the TCP / IP host configures the IP address of the WINS server, the TCP / IP host registers its NetBIOS name on the WINS server and sends a NetBIOS name query to the WINS server used to resolve. There are multiple network sections or computers in the network that is based on Active Directory (for example, computer running Windows NT 4.0, Windows 95, and Windows 98), strongly recommends using the WINS server. There is no need to configure the WINS server for a network consisting of a network segment.
Dynamic configuration
The TCP / IP configuration will be automatically executed when the computer is started by using DHCP. Dynamic configuration requirements Configure the DHCP server. By default, the computer running Windows 2000 is a DHCP client. By correcting the DHCP server, TCP / IP hosts can get IP addresses, subnet mask, default gateways, DNS servers, NetBIOS node types, and configuration information of the WINS server. For medium-sized to large TCP / IP networks, it is recommended to use dynamic configuration (using DHCP).
Reason for using the gateway
The default gateway is very important to run IP routing effectively. In most cases, the router (the specified router or computer that is specified or connected to the two or more network segments) is served as the information of other networks in large networks and how to access information.
The TCP / IP host relies on the default gateway to meet the needs of host communication on the remote network segment. In this way, the individual host eliminates the need to maintain a wide and sustained information update for a separate remote IP network segment. Only routers that act as the default gateway need to maintain routing information on this level of remote network segments in large-scale internet networks.
If the default gateway fails, communication outside the local network segment may be weakened. To prevent this, you can specify multiple default gateways using the Advanced TCP / IP Settings dialog box (in "Network, and Dial-up Connections" to each connection. You can also use the route command to manually add a routing that frequently used hosts or networks to the routing table.
