Transcript port
LIS508
Part: networking basics and
home networking
Thomas Krichel
2010-01-12
Literature & status
• The classic book on Computer Networks is
Andrew Tannenbaum's book “computer
networks”.
• I have read a good part of it, but what I am
reporting here is basically from memory.
• It may be wrong, but not so seriously wrong
that acting upon the advice here would be
problematic.
l
T
I
I
l
T
I
I
LAN
A LAN is a Local Area Network.
All LANs are broadcasting networks.
Hosts on the LANs broadcast messages
(frames) that contain the address on a
target host.
Joint broadcast messages collaps, so they
have to be retransmitted.
There is a protocol for LANs, the Ethernet.
LAN interfaces
Traffic on any LAN goes through a LAN
interface.
If your interface uses a cable, it usually
runs a protocal broadly known as Ethernet.
If your are running wireless, it's some kind
of wireless Ethernet.
mac address
Each LAN interfaces as an address known
as the mac address.
Mac stands for media access control.
There are 8 byte addresses.
Each device has a unique address.
These are not addresses as used on the
Internet. LAN addresses have to be
mapped to Internet addresses.
packets
• Communication on the Internet is based on
packets.
• Each packet contains data.
• Each packet travels independently from an
identified source computer to an identified
destination computer.
• The way this is done is specified by the IP
protocol.
connections
• Users don't experience IP packets. They
experience connections between
computers. For example when a user
downloads a web page, the web user agent
open a connection to the server.
• The protocol that enables such
connections, despite the fact that the
packets travel independently, is called TCP.
• The Internet runs on TCP/IP.
The IP address
• A computer that is connected to the Internet
has an IP address.
• An IP address is a sequence of 4 decimal
numbers, connected by dots. Each number
ranges between 0 at 255. An example
number is “148.4.2.231”.
• A computer that has an IP address is not
necessarily directly connected the Internet.
special address
• Some IP addresses are reserved for special
purposes.
• The most fameous is “127.0.0.1”.
• This is the address a computer uses to talk
to itself using the IP protocol.
• Addresses that start with “10.” or with
“192.168” are local addresses.
local addresses
• A local address identifies a computer on a
local network. Computers on the same local
network can used the IP protocol to talk to
other machines on the same local network.
• Computers outside the local network can
not talk to the machine inside the local
network using the local addresses.
• There maybe many many networks where
computer use the same local IP addresses.
why local addresses
• A computer reachable on the Internet has to
have at least one unique IP address.
• Some computers have many IP addresses.
• The number of unique IP addresses is quite
small.
• There is a global address shortage.
home networking
• Typically in home networking, your provider
will give you one single IP address.
• Usually, this address is a global address.
• Usually, this address is a dynamic address.
That means that the IP address may
change over time
– when you restart the network
– after a network or power outage
router in the home
Usually, people will want to connect a
bunch of computers in the home.
To do this they buy what is known as a
router.
It's a hardware device that has lines
incoming from all computers in the house
and and outgoing line a device controlled
by the provider.
how do we get a global address
Upon start, the local router will send a
broadcast message.
Basically, the message is “I am here, can
anybody give me an IP address.”
Then an upstream router that is under the
control of the provider will issue the local
router with an IP address and forward the
local router's traffic to the Internet.
DHCP
stands for Dynamic Host Configuration
Protocol. This is what the protocol
explained on the provious slide does.
On a Microsoft windows machine, DHCP is
activated with the “get an IP address
automatically” option.
On Linux, there is a program called
dhclient.
dhclient
Usually you invoque dhclient with “dhclient
eth0”
There “eth0” stands for your first Ethernet
interfaces.
If you have wlan, you would probably say
something like “dhclient wlan0”
usual home networking
• In the typical home, several users will have
computers requiring Internet access. But
there is only one IP address.
• Here is where the consumer level home
router comes in.
• The single global IP address is given to the
router, rather than to any computer of the
home network.
administering the router
The router usually has a web interface.
You can use that interface with any web
browser.
Details on how you can access your
router's web interface is in the
documentation, which you have carefully
kept at home.
remote administration
• Usually, by default, it is only possible to
reach the router from a local IP address in
the local network.
• Some routers support remote remote
admiminstration. You still have to find the
IP address of the router in order to access
it.
network access of home users
• When a home user accesses the Internet,
say to download a web page, the packets
are sent to the router.
• The router establishes a connection with
the web server.
• When the response comes back from the
server, the response is forwarded to the
router.
your local addresses at home
• When you have a router at home, the router
hands out local IP addresses.
• The protocal that it uses to do is the good
old DHCP.
• The machines inside your network have
local IP addresses. They can only
communicate with other Internet hosts
through the router.
how the router works
• The router craftly replaces the local source
address of the home computer with it's own
global address.
• When the response comes back it forwards
it to the local machine.
• How does it know to which machine to
forward the response?
• {to understand this the concept of ports is
required}
ports
• A modern computer uses the Internet for
many purposes. To keep these purposes
separate, each machine that uses the IP
protocol has 65536 ports.
• A port can't be seen. Just think of its as a
source or destination of IP traffic from or to
a computer.
• Think of the computer as a building and
each port as an apartment in the building.
ports and router
• When the router sends IP traffic, say to a
web server it tells the server to respond to a
certain port.
• All the traffic that gets to this port is then
forwarded to the home user's machine.
• {We come back to the topic of ports later.
This is a useful point for a break}
numbers to names
• IP addresses are cumbersome:
– They are hard to remember.
– They on where a computer is located. They are very
roughly geographical. An address will change when
you move the sever from one location to another.
• Therefore to establish a lasting presence on
the Internet you need a name for your
machine.
• Names are organized by domains.
domain
• To start with, a domain is a name that you
can lease. The act of leasing a domain is
commonly knows as domain registration.
• The word “owns” is commonly used when
talking about domains.
• There are commercial companies where
you can “register” (speak: lease) a domain.
Such companies are called domain name
registrars.
host names
• Once you own a domain, you can create
hosts within the domain. The hosts are
created by adding other names to the
beginning for the domain.
• Example: if you own “foo.com”, you can
create “www.foo.com”, “fool.foo.com” etc.
• To create a host, you add records to your
domain information. Each record has a
certains type. {We are now looking at
important types}
name server
• A name server is a running software
that knows about domain names.
• It receives requests for information
about names and returns responses
for these names.
• “bind” is a popular, free nameserver
software that you can run on your
Debian server.
name server and registrar
• Usually, a registrar will give you a web
interface to manage name records.
• It will also run the name server for you.
Actually it will run several name servers for
redundancy.
record name types
• Each name record has a type.
• Some common types are “A”
“CNAME” “NS” “MX” “TXT” “PTR”
• But we only need to know about a
couple.
The “A” domain record type
• The “A” record type assigns an IP address
to a hosts.
Example: “wotan.liu.edu. IN A 148.4.2.231.
The “IN” is in all records.
the CNAME record type
• The CNAME record says that one domain
is an alias for another domain
• Example: “www.foo.com IN CNAME
foo.com”.
• When a users want to contact
“www.foo.com” the name server looks up
foo.com, and sends out it's IP address.
hosting at home
• If you want to host at home, you have
usually two issues
– With a dynamic IP address, you need to adjust the “A”
record of the domain that you are hosting to reflect your
current IP address. “name problem”
– If you have a router, you must make sure that the
incoming traffic is gets to the server “routing problem”.
– Third there is a problem with assymetric speeds.
assymetric speed
• Residential providers usually give you good
download speed, but lousy upload.
• Worse: uploads kill download speed.
• This poses contraints on you hosting a lot
of contents at home. When Google comes
for a visit, your network will slow.
the name problem
• To look at the name problem, let us forget
about the router for a moment.
• Assume you have machine at home. It is
the only machine, and it hosts the server.
• Let us further assume that this machine has
only one network interface.
• The name problem can then easily be
solved using a protocol called dynamic
DNS.
dynamic DNS
When a machine renews it's IP address, it
gets access to the Internet.
Once it has access to the Internet, it can
contact a special server via http. It logs in,
reports its IP address, say 34.29.126.129
to the service.
Then the Dynamics DNS sets a A record
“foo.shacknet.nu. IN A 34.29.126.129”
Dynamic DNS providers
There are number of providers.
The one I use is DynDNS.org.
You register to create an account.
You can create say up to five hosts, in
domains owned by the provider.
You can not set the IP adress to your own
domain name. You don't have to.
own name and DynDNS
If you own foo.com, and want to host on
the machine with the IP address that has
registered itself as foo.shacknet.nu, all you
need is a DNS CNAME
“foo.com. IN CNAME foo.shacknet.nu”
ddclient install
ddclient is the dynamics DNS client
software.
You can install it with “apt-get install
ddclient”.
When you do so, have your dynamic DNS
provider data ready, the install interface will
ask you for it.
ddclient configuration
This can be done by editing the file
/etc/ddclient.conf.
Then restart the ddclient daemon with
“/etc/init.d/ddclient restart”.
router and dynamic DNS
• If you have a router, the name problem has
an interseting twist. The IP address that you
need to report is not the IP address of the
server (because it is has a local address),
but the IP address of the router.
• This is the name + router problem.
dynDNS in the router
• Modern consumer level routers have
support for dynamic DNS.
• You can enter the information of your
dynamic DNS account.
• In that case you should not run ddclient on
the server. It will send erroneous
information.
ddclient with router support
It is possible that ddclient can enter your
routers web interface, read the IP
addresso of the router then report that IP
address to the dynamic DNS provider.
I had a configuration of ddcilent like that.
Google is your friend here to look for a
suitable configuration.
example ddclient with router
# /etc/ddclient.conf
pid=/var/run/ddclient.pid
protocol=dyndns2
use=if, if=eth0
syslog=yes
use=linksys # I have a linksys router
fw-login=router_login
fw-password=my_router_password
fw=192.168.1.1/Status.htm
fw-skip=WAN.*?IP Address
server=members.dyndns.org
login=krichel
password=aoeuid
ibbart.dyndns.info
the routing problem
• If you have solved the naming problem,
traffic for your name foo.com appears at
your router.
• But the router does not provide the
services.
• Incoming traffic has to be forwarded to the
server.
• The easiest way to do that is to use a
setting called the DMZ host.
DeMilitarized Zone
The DMZ host is a host to which the router
forward all incoming traffic to that it does
not know already how to deal with.
This is the most primitive way of running a
firewall.
summary: the router
• When a client behind the router want to
open a connection to the server outside the
local network, it is the router that opens the
connection.
• The response goes to a port on the router
that the router sets out with the request.
• The response is forwarded to the client.
ports
The router uses different ports to keep
track of which local machine to send traffic
to.
But ports also have a role as destination
points of service.
well-known ports
When we are open a http connection to
http://foo.org, to which port does the
connection go?
Answer: port 80.
Why? Because 80 is the well-know port for
http.
can it go somewhere else?
Yes.
But in this case you have to give the URL
as http://foo.com:port where port is the
number of the non standard port. 8080 is
often used: http://foo.com:8080.
other well known ports
smtp: 25
ssh: 22
dns: 53
See /etc/services for more examples.
port filtering
Sometimes Internet providers kill all
packets with the source or destination
address at a certain port.
This ghastly, despicable and evil ipractice
is known as port filtering.
Because services use well-know ports,
port filtering can make it hard for server
owners to run services the Internet service
provider does not want them to.
example problem
You have a machine “bar” that has port 80
blocked.
You want to run a web server on “bar”
without using a port in the web address.
You have a machine “foo” that has no ports
blocked.
example solution
You run a web server on port 80 at foo.
You run a web server on port 8080 at bar.
You forward all queries to port 80 at foo to
port 8080 at bar.
When the answer from bar comes to foo,
the
This is standard technology with modern
web servers.
bandwidth issues
• Most consumer level Internet connections
use assymetric speeds.
– They have fast downloads
– They have very slow dowloads
If you don't run a big site, you won't see much
of a problem.
But backups are difficult unless you use
physical media that you ship outside the
house (yuck).
problem with commercial hosting
Do not rely on their backup.
You need a backup.
One way to get a backup to set up a
backup server at home...
http://openlib.org/home/krichel
Please shutdown the computers when
you are done.
Thank you for your attention!