Transcript Networking2

CIT 500: IT Fundamentals
Networking
1
Topics
1.
2.
3.
4.
Configuring the Network
IP Addresses and Netmasks
Name Resolution and DNS
Inetd
2
Configuring the Network
What you need to know:
– Your IP address
– Your hostname
– IP address of your gateway router
– Netmask for your local network
– IP addresses of DNS servers
Lots of information
– Too complicated for end user.
– Too many systems for sysadmin to deal with.
3
Dynamic Host Configuration Protocol
DHCP onfigures network params for clients.
– IP address.
– Default route.
– Server addresses (DNS, NIS, tftp, etc.)
– MTU, TTL, etc.
Security issues: unauthorized servers
– Any server can respond to DHCP broadcast.
– Client typically uses first message received.
– Malicious server can control client DNS, routes.
DHCP Conversation
1. Client sends broadcast
to discover DHCP svrs.
2. DHCP server
broadcasts offer.
3. DHCP client
broadcasts request
telling server which IP
addr it wants.
4. DHCP server acks
request, notifying that
IP addr reserved.
DHCP Address Allocation
Dynamic
– Host given “lease” on IP address for a specified
period of time.
– Clients can release leases.
– Clients can ask for lease to a specific IP addr.
Automatic
– Address permanently assigned to client.
Manual
– Address selected by the client.
Red Hat Network Configuration
Start and stop network like other services
service network [start | stop |
restart ]
Network service uses /etc/sysconfig files
/etc/sysconfig/network
/etc/sysconfig/network-scripts/*
7
Red Hat DHCP Configuration
/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=myhostname
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=dhcp
ONBOOT=yes
8
Static IP Addresses
Servers need static IP addresses
– Allows users to access them consistently.
– So do routers and other network devices.
Static IPs can be useful for desktops too
– Easier to access remotely if IP address consistent.
– Use automatic address assignation via DHCP.
9
Red Hat Static Configuration
/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=myhostname
GATEWAY=192.168.1.1
/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.1.10
NETMASK=255.255.255.0
ONBOOT=yes
10
IP Addresses
32-bit integers
One for each network interface.
Dotted decimal notation: ii.jj.kk.ll
172
10101100
.
16
00010000
.
254
11111110
1 byte
32 bits = 4 bytes
.
1
00000001
Grouping IP Addresses
Groups of consecutive IP addrs are called networks.
Routing table would only need 3 entries below.
Network and Host Parts
IP addresses are divided into two parts
– Network ID (like zip code)
– Host ID (like street address)
Network ID
Host ID
Two special IP addresses
– Network address (e.g. 130.4.0.0)
– Broadcast address (e.g. 130.4.255.255)
Address Classes
Class A: 0.0.0.0-127.255.255.255
8-bit net ID, 24-bit host ID
224 – 2 hosts per network; 126 networks
Class B: 128.0.0.0-191.255.255.255
16-bit net ID, 16-bit host ID
216 – 2 hosts per network; 16,384 networks
Class C: 192.0.0.0-223.255.255.255
24-bit net ID, 8-bit host ID
(28 – 2) = 254 hosts per network; 2,097,152 networks
Class D: 224.0.0.0-239.255.255.255
28-bit multicast group ID
Class E: 240.0.0.0-255.255.255.255
Reserved for future use
CIDR
Classless Inter-Domain Routing
– Classful routing wastes most IP addresses.
– Allocate addresses on bit boundaries instead of
byte boundaries.
– Allow ISPs/users to decide on boundaries instead
of basing on IP addresses.
Prefix notation
– /x indicates that first x bits are shared.
– 192.168.0.0/16 = 192.168.0.0 – 192.168.255.255
Public IP Addresses
ICANN assigns network numbers.
– Internet Corporation for Assigned Network
Numbers.
– ICANN gives authority to regional orgs, e.g. ARIN
(American Registry for Internet Numbers)
– Typically to ISPs, universities, corporations.
ISP assigns IP addresses within network
Private RFC1918 IP Addresses
Private IP Networks Network Class Count of Networks
10.0.0.0
172.16.0.0 through
172.31.0.0
A
B
1
16
192.168.0.0 through
192.168.255.0
C
256
Private addresses are not usable on the Internet so they must be
translated to public addresses for traffic between private and public
IP addresses.
IPv4 vs IPv6 Addresses
Feature
IPv4
IPv6
Size of Address
Example Address
32 bits
10.1.1.1
128 bits
0000:0000:0000:
0000:FFFF:FFFF
:0A01:0101
Abbreviated
Address
Localhost
-
::FFFF:FFFF:0A
01:0101
::1/128
Possible
Addresses
127.0.0.1
232 (~4 billion)
2128 (~3.4 x 1038)
Network Mask
How do we list subnets in routing table?
– Ex: addresses 150.150.4.0 – 150.150.4.255
– Table: 155.155.4.0 netmask 255.255.255.0
Subnet mask indicates range
– Binary 1s indicate network part of address.
– Binary 0s indicate host part of address.
– Always consists of 1s followed by 0s.
Prefix notation
– Humanly readable form of subnet mask.
– Just counts the number of binary 1s in mask.
Classful Address Ranges and Masks
Class A
NNNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH
Class B
NNNNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH
Class C
NNNNNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH
Class
Leading
Bits
Start
End
Subnet Mask
CIDR
A
0
0.0.0.0
126.255.255.255
255.0.0.0
/8
B
10
128.0.0.0 191.255.255.255
255.255.0.0
/16
C
110
192.0.0.0 231.255.255.255
255.255.255.0
/24
D
1110
224.0.0.0 239.255.255.255
N/A
N/A
E
1111
240.0.0.0 255.255.255.0
N/A
N/A
ifconfig
ifconfig [-a] int – configure a network interface
Only root can modify settings.
Used by Red Hat’s scripts to configure NIC.
[-a]
int
list settings for all interfaces
list settings for the specified interface int
Linux typically uses eth0, eth1 for Ethernet
21
ifconfig output
> ifconfig eth0
eth0
Link encap:Ethernet HWaddr 00:16:3e:48:75:3a
inet addr:172.31.108.200 Bcast:172.31.108.255 Mask:255.255.255.0
inet6 addr: fe80::216:3eff:fe48:753a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:95785918 errors:0 dropped:0 overruns:0 frame:0
TX packets:97352948 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2749061541 (2.5 GB) TX bytes:1206911997 (1.1 GB)
22
route
Route command displays network routes
> route
Kernel IP routing table
Destination Gateway
Genmask
Flags Metric Ref Use Iface
172.31.108.0 *
255.255.255.0 U 0 0
0 eth0
default
172.31.108.1 0.0.0.0
UG 100 0
0 eth0
Most machines have only two routes
– Local subnet: hosts that can talk to directly.
– Default route: send all other packets to default
gateway router.
23
route
To add standard routes to a machine
route add –net 172.31.108.0 netmask
255.255.255.0 dev eth0
route add default gw 172.31.108.1
More than two routes are needed when
– Machine has multiple NICs.
– Machine is running virtual machines.
– Machine is a router, firewall, or similar net device.
24
hostname
hostname – show or set system’s host name;
may or may not include DNS domain.
dnsdomainname – show or set system’s DNS
domain name.
25
Basic Testing: Ping
• Test to see if remote host is available.
• If connection fails, test link by link
– Ping system on your LAN.
– Ping closest router.
– Ping next router.
–…
– Ping target system.
• One link will fail if cannot reach remote host.
26
Troubleshooting with Traceroute
Tracks path through each router to destination
– Reports which routers the packets passed through
– Reports how much time it took for each hop
Useful for identifying network problems
– Identify which links are down
– Identify which links are slow
Remote traceroutes via www.traceroute.org.
27
Testing a Protocol Directly
> telnet www.google.com 80
Trying 72.14.203.99...
Connected to www.l.google.com.
Escape character is '^]'.
GET / HTTP/1.1
HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Set-Cookie: PREF=ID=e812e6c7ead517fe:TM=1131846389:LM=1131846389:S=rD8WNplszt1Ko8A; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/;
domain=.google.com
Server: GWS/2.1
Transfer-Encoding: chunked
Date: Sun, 13 Nov 2005 01:46:29 GMT
a46
<html><head><meta http-equiv="content-type" content="text/html; charset=ISO-88591"><title>Google</title><style>
Name Resolution
Translate human-readable names to network address.
HOSTS.TXT
Name translation for entire Internet in 1970s, early 1980s.
A single file distributed from a single host, sri-nic.
Didn’t scale: Net changed before file distributed everywhere.
DNS
Designed to resolve scalability issues in 1984 (RFC 882-3).
Distributed database: many files, many servers.
Allows local control of segments.
/etc/hosts
Maps hostnames to IP addresses.
127.0.0.1
10.30.10.15
10.30.10.22
10.30.10.33
10.30.10.42
10.30.10.55
10.30.10.57
localhost
myhost.nku.edu myhost me
xerxes.nku.edu xerxes logsvr
darius.nku.edu darius
cyrus.nku.edu cyrus
ntp.nku.edu ntp-server
artaxerxes.nku.edu
/etc/hosts
Oldest, simplest means of name resolution.
Derived from original HOSTS.TXT file.
Available during boot process.
Before DNS available.
Available when DNS is down.
Store essential name mappings for reliability.
Can share between hosts.
rsync, NIS, LDAP, etc.
A minimal /etc/hosts
Name mappings for localhost.
127.0.0.1
10.30.10.15
localhost
myhost.nku.edu myhost
Name mappings for default gateway.
10.30.10.1
gw-5.nku.edu gw-5
Name mappings for essential servers
10.23.4.250
10.88.9.253
10.92.5.250
dns3.nku.edu dns3
ldap3.nku.edu ldap3
nfs4.nku.edu nfs4
The Domain Name System
DNS Clients
Configuration file: /etc/resolv.conf
Sets search domains.
Sets primary and backup DNS servers.
Auto-created by DHCP if used.
Example:
search nku.edu
nameserver 172.28.10.29
nameserver 172.28.10.30
DNS Lookups
> host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 216.239.37.104
www.l.google.com has address 216.239.37.99
> host www.nku.edu
www.nku.edu has address 192.122.237.7
Dig: DNS Lookup
dig [options]
Purpose
Interact with name servers specified in
/etc/resolv.conf and display their
responses
Output
Responses of name servers for queries
sent to them
Commonly used option/features:
-f file For batch operation , take domain names
(or IP addresses) from ‘file
-p port Interact with a name server at ‘port’
instead of the default port53
Dig Example
> dig www.google.com
; <<>> DiG 8.3 <<>> www.google.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5,
ADDITIONAL: 0
;; QUERY SECTION:
;;
www.google.com, type = A, class = IN
;; ANSWER SECTION:
www.google.com.
14m40s IN CNAME www.l.google.com.
www.l.google.com.
4m40s IN A
72.14.203.104
www.l.google.com.
4m40s IN A
72.14.203.99
Choosing services
Configuration file: /etc/nsswitch.conf
Controls where data is found about:
User accounts and groups.
Hostnames and IP addresses.
Network configuration.
E-mail addresses and cryptographic keys.
Potential data sources
Files (usually under /etc)
NIS or NIS+
LDAP
DNS
Choosing services
# /etc/nsswitch.conf
#
# Example cfg of GNU Name Service Switch functionality.
passwd:
group:
shadow:
compat
compat
compat
hosts:
networks:
files dns
files
protocols:
services:
ethers:
rpc:
db
db
db
db
netgroup:
nis
files
files
files
files
xinetd superserver
Manages low resource services.
Handles networking issues for service.
Low # of connections, or
Small effort/connection.
Examples: telnet, ftp, daytime, echo
Additional features
Access control: /etc/hosts.{allow,deny}
Logging.
Resource management.
Global Configuration: /etc/xinetd.conf
# Global xinetd defaults
defaults
{
instances
= 60
log_type
= SYSLOG authpriv
log_on_success = HOST PID
log_on_failure = HOST
cps
= 25 30
}
includedir /etc/xinetd.d
Per-Service Configuration
Example: /etc/xinetd.d/telnet
service telnet
{
socket_type
= stream
wait
= no
nice
= 10
user
= root
server
= /usr/etc/in.telnetd
disable
= no
rlimit_as
= 8M
rlimit_cpu
= 20
}
References
1. Daniel J. Barrett, Robert G. Byrnes, Richard E. Silverman,
SSH, The Secure Shell, 2nd edition, O’Reilly, 2005.
2. Wendell Odom, CCNA Official Exam Certification Library, 3rd
edition, Cisco Press, 2007.
3. Bill Parkhurst, Routing First-Step, Cisco Press, 2005.
4. Doc Searls and David Weinberger, World of Ends,
http://www.worldofends.com/, 2003.
5. W. Richard Stevens, TCP/IP Illustrated, Addison-Wesley,
1994
6. Nicholas Wells, The Complete Guide to Linux System
Administration, Thomson Course Technology, 2005.
43