Inside the Mac OS: A look at AppleTalk and zones
AppleTalk is one of the two protocols typically used in today's Mac networks. The other is TCP/IP, which has become the dominant network protocol for all computer networks and is the protocol on which the Internet is based.
AppleTalk is considered a routable and self-configuring protocol. Calling it a routable protocol means that AppleTalk can be used to transmit data across multiple networks with the use of a router. Self-configuring means that although you can manually assign AppleTalk addresses to computers and other devices on a network, devices capable of assigning themselves unique addresses can do so. (By contrast, TCP/IP requires some configuration, even if that configuration is done through the use of a DHCP server.)
When a computer or other device that supports AppleTalk first starts up (or when AppleTalk is enabled on a device already running), it randomly selects an address for itself and broadcasts a special series of 10 AppleTalk address resolution packets. These packets contain both a randomly selected node number (which the device will use as its AppleTalk address on the network) and a selected network number (which will be used to identify this particular LAN from any other). The network number is stored from one AppleTalk session to another and a computer will use the same network number unless told to use a different one.
If there are AppleTalk devices on the network, they respond to the packets in two ways. If the randomly selected node number is in use, a device will respond that it has already taken that node number. The new device then will pick another random number and broadcast another series of address resolution packets. This continues until the device selects a node number unique within the network, at which point it will get no response to the resolution packets. If the device is on a routed AppleTalk network, a router will respond to the network number portion of the resolution packet by supplying the appropriate network number to the device (if that number differs from the one included in the address resolution packets).
Also included in the resolution packet is the computer name, which has been designated by an administrator in the File Sharing control panel (classic Mac OS) or the Sharing pane of System Preferences (Mac OS X). This way, users of other computers will see a computer name (sometimes called an AppleTalk name) rather than a random node number identifying the computer on the network. Should a computer on the network already be using that name, it responds to the resolution packets and the newly booted computer will display an error message saying that it could not be registered on the network because the name is already in use.
I should note something that may seem obvious: For AppleTalk to work across a router, you must use a router that supports the protocol. A router that supports TCP/IP, for example, will not understand the format of the AppleTalk packets it receives and will drop them rather than passing them on to the appropriate network. When working with routers that support AppleTalk, you can create AppleTalk zones. An AppleTalk zone is essentially a way of identifying individual networks that are connected through routers, each of which will need an AppleTalk network number.
AppleTalk zones can be established as a particular floor or department in a company's office or a classroom or lab at a school or college. AppleTalk zones provide an organizational structure to networks in the same way as virtual LANs. In addition to helping limit network traffic and join separate networks, they allow you to group file servers and printers for your users rather than to simply display a large list of all AppleTalk resources.
In fact, VLANs can be used to designate AppleTalk zones that aren't based on the proximity of certain computers and devices. VLANs can also be much more restrictive of network traffic than AppleTalk zones, making them more effective for both security and bandwidth utilization.
In addition to being self-configuring, AppleTalk is also a self-discovering protocol: Users don't need to know the names of devices on an AppleTalk network. When users choose to locate a printer or file server using AppleTalk, for example, the computers they're using broadcasts a multicast request for the names of devices that provide the requested service. Those devices respond, presenting the user with a list of printers or file servers. If AppleTalk zones are in place, the multicast packet is sent only to the devices in the selected zone. But users can select from other zones if need be. Being a self-discovering protocol, AppleTalk offers administrators both an advantage and a disadvantage. It can save administrators from having to specifically identify printers or file servers on each client workstation. Users can open the Chooser (in classic Mac OS) or the Print Center or Connect to Server dialog (in Mac OS X) and be presented with the resources available. But administrators cannot, using AppleTalk alone, control which devices are displayed. Any AppleTalk device that the workstation can locate is displayed, whether the user has access to it. Administrators can, and should, secure these services, and it is often better to allow users to see only what they need. That way they can't attempt to access devices they shouldn't (or bug you for access) and they aren't overwhelmed and confused by a list of devices irrelevant for them. This is one of the advantages of using VLANs on a network because they limit what a user is capable of seeing over AppleTalk.
Another disadvantage to AppleTalk being a self-discovering protocol is that multicast traffic does degrade network performance. Queries about available services are sent to all devices on a network and all devices will look at the packet, regardless of whether they respond to it. In addition, several devices will respond, including devices the user wasn't seeking. There is a misconception that AppleTalk is, by its multicast nature, a very "chatty" protocol, but Apple has done well over various revisions to keep excess traffic to a minimum. Even so, it is best to avoid such multicast traffic wherever possible to improve network performance. VLANs can be a great tool here because they limit multicast requests and responses to the VLAN in which they are generated. Another approach is to predefine network devices for users. The client management abilities of Mac OS X Server are an excellent way to do this, as is preconfiguring workstations for users.
One further disadvantage of AppleTalk is that a computer or device can support only a single AppleTalk address. For workstations with multiple network ports (such as an iBook with both built-in Ethernet and AirPort), only one port can be designated as having AppleTalk active on it. Should users need to switch among multiple ports, as is often the case with mobile users, they will need to switch the active AppleTalk port each time they switch network ports to maintain access to AppleTalk services.
Ryan Faas is the network administrator and offers consulting services specializing in Mac and cross-platform network solutions for small businesses and education institutions. He is the co-author of Troubleshooting, Maintaining, and Repairing Macs and of O'Reilly's forthcoming Essential Mac OS X Server Administration. He can be reached at firstname.lastname@example.org.