NetBIOS vs. TCP/IP over FE

[Symfornix]

This is my first post to the forum, so be easy on me:

I have a simple FE LAN connected to the Internet, as follows-

LAN (single segment)
34 PC's >> 4x3Com 3300 Switches (stacked)
12 PC's >> 10Mbit Hub >> (3300 stack)
------------------------------------------
WAN
(3300 stack) >> Cisco 2621 (2 FE, 1 Ser Wan) >> T1 >> ISP >> Internet
------------------------------------------

All clients run NetBIOS as well as TCP/IP. All clients/servers are NT. I config'd it this way thinking that NB would be used to communicate thru LAN to NT Servers, and TCP/IP would be for Net xfer.. logical, correct?

But lately, I have been hearing that NB has quite an overhead, is very "chatty", and is really of no practical use; especially since all clients have TCP/IP configured for Internet.

What would the implications be if I were to remove NB from ALL PC's and servers? Would my LAN need/use NB over TCP/IP, or would TCP/IP suffice for NT client/server communications? My understanding is that a "microsoft-based" network (basically when all PC's are NT Wkstn and Server) will somehow need to run NB, and will resist (or won't) communicating over TCP/IP directly. Is this what NB over TCP/IP is for?

Thanks in advance!

 

[Garion]

Welcome to the wonderful world of Microsoft networking.

NetBIOS is the method of communication that MS networks use for communicating between client and server. It is a bit chatty, yes. Unfortunately, there's really nothing you can do about it. And also, no real way to remove it.

The thing to keep in mind about TCP/IP is that it was designed to be used on the Internet and we've all made it work for use on the LAN. In order to make it work on the LAN we have to have a lot of name resolution services (i.e., WINS, DNS, etc.), keepalives, etc. In short, it's one of those necessary evils with Microsoft.

.. Of course, if you think NetBIOS is bad you should see some of the IPX and NetBEUI broadcasts. Talk about chatty!

- G

 

[Symfornix]

So by removing the NB protocol from clients and servers, and leaving only Tcp/IP, would it all still work (assuming that all clients would have NB over Tcp/IP)?

Or is it best to leave things the way they are?

 

[spidey07]

one question: is your network running well now? if so then don't muck with it.

All windows operating systems require some form of netbios (with the exception of 2K). Now what you CAN do is take netbios and run it over TCP/IP.

You could eliminate a lot of network "noise" by not running both protocols. For a network this small you could install WINS on a server or two, point all machines to these WINS server and help with name resolution. Once you have good name resolution with IP you could eliminate netbeui. Could speed up your network by eliminating all the broadcasts.

Best way to tackle this? Take a machine or two and remove netbeui, but keep only IP protocol loaded. Try it and see if it works (should). Then during a maintenance windows load the WINS service on a single server and point the test machines to it. Take small steps and you'll eventually eliminate netbeui.

I forget the binding order MS chooses between IP and netbeui. Doesn't really matter though, damn boxes will just spit out both protocols all the time and just randomly pick one. I've done a lot of traces troubleshooting MS networks...it ain't pretty.

 

[Symfornix]

Thanx guys.. I really appreciate the advice! I think I'll try the WINS stuff.. always been curious about it..

My network is running "OK", but I support a group of 10 engineers that do Solid Modeling with Solidworks.. it was on a SolidWorks forum that I first heard about the NB performance issues..thx again!

 

[67gt500]

ok I'm confused somewhat.. you were referring to netbios over tcp/ip and someone else was talking about netbueui... two different things here.

The only way to disable netbios over tcp/ip is to detach your file/print and ms network bindings from tcp/ip. You do this and you won't have any file sharing over that lan.

netbios is chatty, but that is easily remedied. Simply close off ports 137, 138 and 139 on your router and problem is solved.

The last thing you would want to do is unbind file/print from tcp/ip and then disable netbios. TCP/IP is the best protocol to use in that sort of environment, I would only recommend netbeui if this was a small peer to peer setup.

As for WINs... isn't a must but it certainly makes resolution across the LAN an easier go. Whether you use DNS or WINs for this it is your call. I personally use WINs and find it to increase performance and reliability.

edit: some of those comments are applicable for win9x workstations and I now realize you have NT workstations. My recommendation in this situation is to leave netbios in tact and close those ports off on your router. Your problem will then be solved.

for more info on just what netbios is and how it functiosn go here

http://support.baynetworks.com/library/tpubs/html/router/soft1200/117358AA/B_39.HTM

 

[Symfornix]

thanks gt..

1 ? tho>> if my router is only connecting to my ISP, with nat enabled, what purpose would closing off the ports you had mentioned serve? Isn't netbios non-routable? remember, I have only 1 LAN segment, and the "WAN" in my case, is my ISP

Thanks for the link! it's a great help!

 

[67gt500]

well you would be putting your trust in your ISP to filter off those three ports

and perhaps I am not going to say this explanatoin right but I'll do my best to explain: netbios is non routable you are correct. But, tcp/ip sort of makes it routable. By binding netbios over tcp/ip you are essentially opening yourself up to the rest of the internet which UNDERSTANDS tcp/ip.

Example,
you have a LAN with file/print sharing running.. and shares wide open.. lets call this a peer to peer between win9x clients. You are running netbeui as your protocol but also have tcp/ip installed so that you can connect to the internet. What you forget is that netbios is by default bound to tcp/ip. With no changes or security precautions to those ports I listed, ANYONE can access your shares from ANYWHERE.

Same goes for a lan with an nt pdc with netbios running. Wide open to the world without proper precauations because netbios binds itself to tcp/ip.

This is the brilliance of microsoft networking.

 

[67gt500]

I should also mention that if you are running the NAT within that router then you should be fine. Unless yhou have set a wildcard to one of your servers addresses and not set any filters.

 

[JackMDS]

As the Man said Symfornix, it seems that you are mixing to independent terms.

There is NetBEUI, which is an independent simple Protocol, that is not Routable to the Internet.

There is NETBIOS, which can run over TCP/IP.

A quote from:

http://ourworld.compuserve.com/homepages/TimothyDEvans/intro.htm#Introduction

"There is no formal standard which defines the protocol(s) used with NetBIOS; in practice the IBM LAN Technical Reference IEEE 802.2 and NetBIOS Application Program Interfaces is used as a reference.
There are many implementations of NetBIOS networking and these implementations are generally incompatible. It is because of the diversity and lack of a formal standard that makes understanding NetBIOS networking difficult.
It is not clear whether there is only one protocol or several protocols involved in NetBIOS networking. The original implementation for the PC Network certainly seemed to have the above mentioned protocols (NMP, DMP, UDP and SMP) however the distinction is less clear with NetBIOS on Token-Ring and other implementations. Given that at least network layer and session layer functions are involved, the various packets used will be discussed in terms of the original protocols for convenience, even if the distinctions are some what arbitrary."