TCP/IP Administration - Pravin Shetty > Resume

Download Report

Transcript TCP/IP Administration - Pravin Shetty > Resume

TCP/IP Administration
IP addresses & Names
DNS, BOOTP, DHCP, IP Routing, Routing protocols
www.infotech.monash.edu
Addressing Issues
• Name to IP address conversion
• /etc/hosts file
– used first
• If unsatisfied, need to find a nameserver
– use /etc/resolv.conf to search find resolver
> [may be running a local nameserver (named)
so this may not be necessary]
www.infotech.monash.edu
2
Domain Name Service (DNS)
• Server listens on UDP port 53
• Provides distributed database of names and associated
IP addresses
• Consists of local network-based servers that connect to
authoritative servers if they cannot resolve name
• Local servers cache responses for future use
www.infotech.monash.edu
3
Domain Hierarchy
Top-level domain (.) has root servers
• these have only information about top-level domains
– au, .., za, edu, org, com, etc
• Top-level servers have information about their particular
domain
eg…
“org.au” server has all registered names listed
www.infotech.monash.edu
4
Name Server software
DNS on UNIX systems use Berkeley Internet Name
Daemon (BIND)
• http://www.isc.org/sw/bind/
• Consists of two parts:
– resolver implements a policy that requests the lookup of a name
– nameserver responds to the request
www.infotech.monash.edu
5
Name Server software - Types
BIND usually runs as the process “named”
on systems that provide name service
Categories of name server:
• Primary
–
–
–
–
loads information from disk
has complete information about the domain
always accurate
Authoritative - only one server per domain
www.infotech.monash.edu
6
Name Server software - Types
• Secondary
– periodically transfers from primary server - authoritative for their
own domain
• Caching-only
– get answers for all name service queries
from other name servers
– non-authoritative
use second-hand and incomplete DNS data
www.infotech.monash.edu
7
New Domain Names must be registered
• ensure appropriate allocation
– Identify organisations and responsible persons (not always
done!)
• create pointers to
– authoritative server
• create DNS entries [primary and secondary]
www.infotech.monash.edu
8
Why register domain?
New network setup
• A new organisation will need a domain registered for their
network if they intend to connect to the Internet.
Web-hosting
• Web servers differentiate between hosted sites using different
domain names
– eg, www.netcomp.monash.edu.au is neptune.netcomp.monash.edu.au
www.infotech.monash.edu
9
named Configuration
Several files used by the nameserver daemon:
• named.boot
sets general parameters and points to domain database
information (local files or remote servers)
• named.ca
points to the root domain servers
• named.hosts
maps host names to IP addresses
www.infotech.monash.edu
10
named Configuration…
• named.rev
reverse domain maps IP addresses to host names
• named.local
used for loopback address resolution
http://www.isc.org/sw/bind/arm94/Bv9ARM.ch03.html
http://www.netadmintools.com/art25.html
www.infotech.monash.edu
11
named.boot
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
;
Description:
Syntax:
The named.boot file is required to boot a BIND name server.
directory
;[comment]
primary
secondary
cache
slave
forwarders
<directory_name>
;[comment]
domain
host
<directory_name>
<domain> <file>
<domain> [<host> <host>...] <file>
<domain> <file>
<host> [<host> <host>...]
location where domain data files are stored
text following the ';' character is ignored
For a secondary or primary line, the name of the BIND
domain for which the server is a secondary or primary
server. For a cache line, the name of the domain for
which the file, <file>, is a cache.
For a secondary line, the IP address of a primary or
secondary server distributing the database for domain,
<domain>. For a forwarders line, the IP address of a host
to which queries should be forwarded.
www.infotech.monash.edu
12
Named.boot continued…
; file
For a secondary line, the name of the file in which the
;
data of domain, <domain>, received from one of the hosts
;
specified can be dumped. For a primary line, the file from
;
which to read the master copy of the domain data. For a
;
cache line, the name of the file in which the cache is
;
stored.
;
Directory
/etc/namedb
;
;secondary
newcontent.net.au 203.24.105.16 db.newcontent
;secondary
maplecorp.com.au 203.24.105.16 db.maplecorp
;secondary
avram.com.au
24.192.21.121 avram.com.au.sec
;
;
Primary 0.0.127.in-addr.arpa named.local
Primary avram.com.au avram.com.au
;
; load the cache data last
Cache
.
named.ca
www.infotech.monash.edu
13
named.ca
; BIND data file for initial cache data for root domain servers.
;
.
99999999
IN
NS
ns.nic.ddn.mil.
.
99999999
IN
NS
aos.arl.army.mil.
.
99999999
IN
NS
c.psi.net.
.
99999999
IN
NS
terp.umd.edu.
.
99999999
IN
NS
ns.nasa.gov.
.
99999999
IN
NS
nic.nordu.net.
.
99999999
IN
NS
ns1.isi.edu.
.
99999999
IN
NS
ns.isc.org.
.
99999999
IN
NS
ns.internic.net.
ns.nic.ddn.mil. 99999999
IN
A
192.112.36.4
aos.arl.army.mil. 99999999
IN
A
128.63.4.82
99999999
IN
A
192.5.25.82
c.psi.net.
99999999
IN
A
192.33.4.12
terp.umd.edu.
99999999
IN
A
128.8.10.90
ns.nasa.gov.
99999999
IN
A
128.102.16.10
99999999
IN
A
192.52.195.10
nic.nordu.net.
99999999
IN
A
192.36.148.17
ns1.isi.edu.
99999999
IN
A
128.9.0.107
ns.isc.org.
99999999
IN
A
192.5.5.241
ns.internic.net. 99999999
IN
A
198.41.0.4
; BIND
; BIND
; BIND
; BIND
; BIND
;
;
;
;
BIND
BIND
BIND
BIND
www.infotech.monash.edu
14
named.local
;
; BIND data file for local loopback interface.
;
@
IN
SOA
broncho.ct.monash.edu.au.
postmaster.broncho.ct.monash.edu.au. (
1
; Serial
3600
; Refresh
300
; Retry
3600000 ; Expire
3600 ) ; Minimum
IN
NS
broncho.ct.monash.edu.au.
1
IN
PTR
localhost.
b
www.infotech.monash.edu
15
Subnet masks
• Sub network masks provide an alternative to class-based
IP addressing
• An administrator will have the responsibility for setting
subnet masks for routers and workstations
• May be used to identify IP addresses that are local to a
subnetwork
• 255.255.255.0 is the usual value
(same as Class C addressing)
http://antionline.com/archive/index.php/t-125580.html
www.infotech.monash.edu
16
BOOTP
• Used to allocate an IP address to a particular computer
• BOOTP host resides on the local network. Network node
needing address allocation requests by broadcasting a
bootp packet
• receives a response with address and other associated
information [eg, nameserver address, gateway address]
www.infotech.monash.edu
17
Dynamic Host Configuration Protocol
• Also used to allocate IP address
• Network node needing address allocation requests using
DHCP broadcast
• Receives a response with address and other associated
information [eg, nameserver, gateway, time server, etc]
from DHCP servers
• Has provision for reuse of addresses from a pool of
dynamic (ie reusable) IP addresses
www.infotech.monash.edu
18
Windows Internet Name Server WINS
• Microsoft technique for locating other windows machines
• A WINS server receives nameservice requests from windows
workstations
• WINS resolution is necessary in larger IP networks.
• As well as IP, also resolve NetBIOS addresses
• May be carried out using DCHP or DNS.
www.infotech.monash.edu
19
Routers
• Packets must be forwarded between networks
• Routers can link dissimilar LANs
– ie LANs using dissimilar physical/datalink transport
• Routing decisions are made at network layer based on IP
address whereas bridging (switching) forwards packets
based on datalink address (eg ethernet)
www.infotech.monash.edu
20
Routers connecting between remote sites
www.infotech.monash.edu
21
Network Routing
• To ensure the appropriate routing of the traffic, routers
implement either proprietary routing methods (eg
netBIOS) or one of the standard routing protocols (eg
Internet Protocol).
• IP-routing is the common form used in TCP/IP networks
and is based upon a table look-up. Routing is done by a
device which could either be a computer or a dedicated
hardware unit providing the interface between subnetworks of a larger internetwork.
Required Reading:
http://www.networkcomputing.com/netdesign/1122ipr.html
(please follow the links therein under table of contents to all six
parts of this primer on IP routing).
www.infotech.monash.edu
22
IP Routing
Eg the following network, has 3 subnetworks which would
be identified in the networks file as:
IP address
Name
223.1.2
development
223.1.3
accounting
223.1.4
factory
www.infotech.monash.edu
23
IP Routing…
all machines have /etc/hosts file
with the entries shown below
IP address
Name
223.1.1.1
alpha
223.1.2.2
epsilon
223.1.3.2
iota
223.1.1.1
devnetrouter, delta
223.1.2.1
accnetrouter
223.1.3.1
facnetrouter
www.infotech.monash.edu
24
Each machine maintains a route table
For machine ALPHA
Target
Network
Network Name
Local?
Router IP
Interface
223.1.1
Development
Direct
-
1
223.1.2
Accounting
Indirect
223.1.1.1
1
223.1.3
Factory
Indirect
223.1.1.1
1
Local?
Router IP
Interface
For machine DELTA
Target
Network
Network Name
223.1.1
Development
Direct
-
1
223.1.2
Accounting
Direct
-
2
223.1.3
Factory
Direct
-
3
www.infotech.monash.edu
25
Route table (cont’d)
IP address
223.1.1.2
223.1.2.2
223.1.3.2
223.1.1.1
223.1.2.1
223.1.3.1
Name
alpha
epsilon
iota
devnetrouter delta
accnetrouter
facnetrouter
www.infotech.monash.edu
26
Route table (cont’d)
• It is essential that each router operates using the same
routing table, but how can multiple copies of a common
table be kept up to date?
• This requires a separate exchange of messages between
neighbouring routers so that each can advise others
when something changes…
• These are called “Routing Protocols”
www.infotech.monash.edu
27
Routing protocols
Routing Information Protocol (RIP)
• Regularly broadcasts entire routing table to all neighbours
• Best route is then chosen based on network path that has
minimum number of hops
Inter-Gateway Routing Protocol (IGRP)
• Chooses network path based on:
–
–
–
–
measured round-trip delay for transfer of data, or
smallest bandwidth, or
channel capacity or
the reliability of the path
Required Reading
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/igrp.htm
www.infotech.monash.edu
28
Link State Routing Protocols
Open Shortest Path First (OSPF)
• routing information flooded
IS-IS INTERMEDIATE SYSTEM - INTERMEDIATE SYSTEM
• For large collections of independent networks
• Allows internal routing method to be hidden from internet
• Border Gateway Protocol (BGP)
• Netware Link Services Protocol (NLSP)
Required Reading:
http://www.ciscopress.com/articles/article.asp?p=26850&rl=1
www.infotech.monash.edu
29
End…
www.infotech.monash.edu