Revision Presentation
Download
Report
Transcript Revision Presentation
Networking Operating Systems (CO32010)
2. Processes
and
scheduling
1. Operating
Systems
1.1
1.2
1.3
1.4
NOS definition and units
7. Encryption
Computer
Systems
Multitasking and Threading
Exercises
3. Distributed
processing
8. NT, UNIX
and NetWare
Objectives:
• To outline the main areas covered in the module.
• To define some of the basic terminology of operating systems.
• To define the main components of a network operating system.
• To define the differences in operating systems.
6. Routers
5. Routing
protocols
http://www.soc.napier.ac.uk/~bill/nos.html
4. Distributed
file systems
bill@napier, 2002
Definition of an NOS
The infrastructure that allows the
reliable distribution of processes, files
systems, networking components,
networking protocols, and other associated
components in order to produce a system
which is reliable and secure, and which
operates within a required specification.
Routing
Protocols
Encryption
Distributed
Processing
Processing
and scheduling
http://www.soc.napier.ac.uk/~bill/nos.html
Distributed
File
Systems
Router
Programming
and Security
bill@napier, 2002
Server
3. Distributed
Processing
Router
7. NOS’s
2. Processes and
scheduling
Router
Router
5. Routing
Protocols
6. Router
Programming
Router
8. Encryption
http://www.soc.napier.ac.uk/~bill/nos.html
5. Distributed
file systems
bill@napier, 2002
Areas covered
•
•
•
•
•
•
•
•
Introduction. This unit provides a basic introduction to some of the
concepts involved with operating systems, such as the basic definition
involved in computer systems.
Processes and Scheduling. This unit outlines some of the key concepts
in the operation of an operating system, especially related to processes,
and scheduling.
Distributed Processing. This units outline some of the standard
methods which are used to control the distribution of processes over a
network. A key focus is on the RPC protocol, which is a standard method
for distributing processes.
Distributed File Systems. This unit outlines some of the methods
which can be used to distribute file systems over a network. A key focus
of this unit is the NFS standard, which can be used to distribute file
system over a network.
Routing Protocols. This unit outlines some of the key methods, and
problems that occur with standard routing protocols
Routers and ACLs. This unit outlines how routers are programming,
and how ACLs can be applied to facilitate network security.
Encryption. This unit outlines the principles of methods which allow
data to be encrypted.
Networking Operating Systems. This unit outlines the three main
networking operating systems: UNIX, Novell NetWare and Microsoft
Windows.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Hardware, Operating Systems and User Interfaces
User interface:
• Microsoft Windows (Windows 95/NT/2000/XP).
• Microsoft Windows 3.1.
• X-Windows.
Operating system:
• Microsoft Windows (Windows 95/NT/2000?XP).
• DOS.
• UNIX/Linux.
• VMS.
• Novell NetWare.
Hardware:
• x86 architecture.
• SPARC architecture.
• Apple architecture.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Hardware, Operating Systems and User Interfaces
Operating System
User account database
Users
Groups
Operating system
Kernal
Volumes
File system
Resources
Memory
Print Queues
Printer
Printer Server
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Operating system characteristics
Single-user
Multi-user
Stand-alone
Networked
Single-tasking
Multitasking
Single processor
Multi-processor
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Operating system characteristics
Local
processing
Distributed
processing
Embedded
Non-embedded
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Operating Systems
Memory:
- Creating virtual memory systems
- Disk swapping for memory
Device interfacing:
- Access to connected devices
- Multi-user access
- Device drivers
UNIX
LINUX
Networking:
- Remote login/file transfer
- Creating global file systems
Microsoft
Windows
95/98 (OS)
Microsoft
Windows
NT (OS)
Hardware
Mac
OS
File system:
- Creating a file system
- Copying/deleting/moving files
DOS
Multi-user
- Allowing users to loging into system
- Allow users permissions to certain resources
- Managing queues for resources
Multiprocessing
- Allowing several processes to run, at a time
- Scheduling of processing to allow priority
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Application
program
Application
program
Operating System
Components
Communication
with operating system
Operating System
Network
driver
Kernel
Mouse driver
Video driver
Keyboard
driver
Soundcard driver
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Information passed between processes
Process
Process
Data passed between processes
Process
Process
Message or signal
Interrupt
Interrupt
Low-level
Low-level
interrupt
interrupt
Low-level
Low-level
interrupt
interrupt
Network or local computer
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Preemptive Multitasking
Come on. My
turn soon
2
3
Processor
1
Okay No.1, you’ve
had your turn,
get to the back of
the queue. Next!
4
5
Process queue
Pre-emptive multitasking:
Processes are given some time on the processor.
This allows all the processes to have some time on
the processor, and makes for smoother and more
reliable operation
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Hurray. I could
stay here forever.
Anyway, I’m
not going back to
the end of the queue.
Co-operative Multitasking
Hurry up. I’m
waiting. You’ve
been on that
processor
for ages.
This isn’t
very fair!
1
2
Processor
Sorry. You’ll have to
wait until he’s
finished
3
4
5
6
Process queue
Co-operative multitasking:
Processes must yield from
the processor, before other processes
can run on the processor
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Splitting a process into threads
Process approach
Threads approach
Interlinking
of threads
Process
Process splits
into threads
Threads
Independent
threads
Common sharing
of data between threads
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Networking Operating Systems (CO32010)
2. Processes
and
scheduling
2.1
Introduction
Scheduling
1. 2.2
Operating
2.3
Higher-level primitives
Systems
2.4
Signals, pipes and task switching
2.5
Messages
7. Encryption
2.6
Microsoft Windows scheduling
2.7
UNIX process control
3. Distributed
processing
8. NT, UNIX
6. Routers
Objectives:
and NetWare
• To define the main parameters
used in scheduling.
• To define some of the main scheduling techniques and
be able to contrast them.
• To briefly define the usage of parallel processing.
• To outline the usage of high-level primitives, such as
4. Distributed
5.signals,
Routing
pipes and task-switching.
file systems
• Toprotocols
give examples of practical process control.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Networking Operating Systems (CO32010)
3.1
Introduction
2. Processes
3.2
Interprocess communication and
3.3
Flags and semaphores
scheduling
3.4
RPC
3.5
Multi-processor systems
Exercises
1.3.6
Operating
Systems
7. Encryption
6. Routers
3. Distributed
processing
Objectives:
• To define the concept of distributed processing, and
contrast centralized systems against distributed ones.
8. NT,
UNIX control, such as
• To define mechanisms
of interprocess
andand
NetWare
pipes, semaphores, flags,
message queues.
• To define, in detail, how semaphores are used, and how
the can prevent deadlock.
• To define the conditions for deadlock.
• To outline algorithms to prevent deadlock, such as the
4. Distributed
Algorithm.
5.Banker’s
Routing
• Toprotocols
outline practical interprocess control protocols,
file systems
especially RPC.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.1 Centralised v. Distributed
Distributed:
Decision making
Account management
Logistics
Head
Office
Customers
Staff
Logistics
Regional
Office
Local
Office
ATM
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.6 Deadlock
•
•
Resource locking. This is where a process is waiting for a resource
which will never become available. Some resources are pre-emptive,
where processes can release their access on them, and give other
processes a chance to access them. Others, though, are non-preemptive, and processes are given full rights to them. No other
processes can then get access to them until the currently assigned
process is finished with them. An example of this is with the
transmission and reception of data on a communication system. It
would not be a good idea for a process to send some data that required
data to be received, in return, to yield to another process which also
wanted to send and receive data.
Starvation. This is where other processes are run, and the deadlocked
process is not given enough time to catch the required event. This can
occur when processes have a low priority compared with other ones, as
higher priority tasks tend to have a better chance to access the
required resources.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.7 Analogy to deadlock
C
B
A
D
E
F
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.8 Four conditions for deadlock
• Mutual exclusion condition. This is where processes get
exclusive control of required resources, and will not yield the
resource to any other process.
• Wait for condition. This is where processes keep exclusive
control of acquired resources while waiting for additional
resources.
• No pre-emption condition. This is where resources cannot be
removed from the processes which have gained them, until they
have completed their access on them.
• Circular wait condition. This is a circular chain of processes on
which each process holds one or more resources that are
requested by the next process in the chain.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.7 Analogy to deadlock
Circular wait
condition
Mutual exclusion
condition and no
pre-emption. None of
cars will give up their
exclusive access to the
Junction.
C
B
A
D
E
F
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.9 Banker’s Algorithm (Safe condition)
Process A requires a maximum of 50MB.
Process B requires a maximum of 40MB.
Process C requires a maximum of 60MB.
Process D requires a maximum of 40MB.
The current state would be safe as Process A can complete which releases
50 MB (which allows the other processes to complete):
Process
Current allocation
Maximum allocation
required
A
40
50
B
20
40
C
20
60
D
10
40
Resource unallocated
10
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.10 Banker’s Algorithm(Unsafe condition)
Process A requires a maximum of 50MB.
Process B requires a maximum of 40MB.
Process C requires a maximum of 60MB.
Process D requires a maximum of 40MB.
The current state would be unsafe as no process can complete:
Process
Current allocation
Maximum allocation
required
A
15
50
B
30
40
C
45
60
D
0
40
Resource unallocated
5
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.11 Banker’s Algorithm
Each resource has exclusive access to resources that have been
granted to it.
Allocation is only granted if there is enough allocation left for at least
one process to complete, and release its allocated resources.
Processes which have a rejection on a requested resource must wait
until some resources have been released, and that the allocated
resource must stay in the safe region.
Problems:
Requires processes to define their maximum resource requirement.
Requires the system to define the maximum amount of a resource.
Requires a maximum amount of processes.
Requires that processes return their resources in a finite time.
Processes must wait for allocations to become available. A slow
process may stop many other processes from running as it hogs the
allocation.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.12 RPC
Application
Application
program
program
Remote
Remote
process
process
Session layer (RPC) supports
the running of remote
processes and passing run
parameters and results
Transport layer sets up
a virtual connection, and
streams data
Network layer responsible
for the routing data over the
network and delivering it at the
destination
Application
program
Application
Application
Presentation
Presentation
Session
Session
RPC
Transport
Transport
TCP/IP
UDP/IP
Network
Network
Network
Data
DataLink
Link
Physical
Physical
Ethernet/ISDN/
FDDI/ATM/etc
Data link
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
3.13 RPC operation
Server
Client
The caller process
sends a call message,
with all the
procedure’s
parameters
Server process waits
for a call
Process, and
parameters
Server reads
parameters and runs
the process
Caller process waits
for a response
The caller process
sends a call message,
with all the
procedure’s
parameters
Server sends results
to the client
Results
Server process waits
for a call
bill@napier, 2002
http://www.soc.napier.ac.uk/~bill/nos.html
RPC
RPC provides:
• A unique specification of the called procedure.
• A mechanism for matching response parameters with
request messages.
• Authentication of both callers and servers. The call
message has two authentication fields (the credentials
and verifier), and the reply message has one
authentication field (the response verifier).
• Protocol errors/messages (such as incorrect versions,
errors in procedure parameters, indication on why a
process failed and reasons for incorrect authentication).
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
RPC
RPC provides three fields which define the called procedure:
• Remote program number. These are numbers which are
defined by a central authority (like Sun Microsystems).
• Remote program version number. This defines the version
number, and allows for migration of the protocol, where older
versions are still supported. Different versions can possibly
support different message calls. The server must be able to
cope with this.
• Remote procedure number. This identifies the called
procedure, and is defined in the specification of the specific
program’s protocol. For example, file service may define that
an 8 defines a read operation and a 10 defines a write
operation.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
RPC
RPC call message format:
• Message type. This is either CALL (0) or REPLY (1).
• Message status. There are two different message status
fields, depending on whether it is a CALL or a REPLY.
• Rpcvers. RPC Version number (unsigned integer).
• Prog, vers and proc. Specifies the remote program, its
version number and the procedure within the remote program
(all unsigned integers).
• Cred. Authentication credentials.
• Verf. Authentication verifier.
• Procedure specific parameters.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
RPC authentications
RPC authentication
•
•
•
•
No authentication (AUTH_NULL). No authentication is made when
callers do not know who they are or when the server does not care
who the caller is. This type of method would be used on a system that
did not have external connections to networks, and assumes that all
the callers are valid.
Unix authentication (AUTH_UNIX). Unix authentication uses the
Unix authentication system, which generates a data structure with a
stamp (an arbitrary ID which the caller machine may generate),
machine name (such as ‘Apollo’), UID (caller’s effective user ID), GID
(the caller’s effective group ID) and GIDS (an array of groups which
contain the caller as a member).
Short authentication (AUTH_SHORT).
DES authentication (AUTH_DES). Unix authentication suffers from
two problems: the naming is too Unix oriented and there is no verifier
(so credentials can easily be faked). DES overcomes this by
addressing the caller using its network name (such as
‘[email protected]’) instead of by an operating system
specific integer. These network names are unique on the Internet. For
example [email protected] identifies user ID number 111 on
the mycomputer.net system.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
RPC programming
RPC programming levels:
•
•
•
Highest layer. At this level the calls are totally transparent to the
operating system, the computer type and the network. With this the
programmer simply calls the required library routine, and does not
have to worry about any of the underlying computer type, operating
system or networking. For example, the rnusers routine returns the
number of users on a remote computer (as given in Program 3.2).
Middle layer. At this level the programmer does not have to worry
about the network connection (such as the TCP sockets), the Unix
system, or other low-level implementation mechanisms. It just makes
a remote procedure call to routines on other computers, and is the
most common implementation as it gives increased amount of control
over the RPC call. These calls are made with: registerrpc (which
obtains a unique system-wide procedure identification number);
callrpc (which executes a remote procedure call); and svc_run. The
middle layer, in some more complex applications, does not allow for
timeout specifications, choice of transport, Unix process control, or
error flexibility in case of errors. If these are required, the lower layer
is used.
Lowest layer. At this level there is full control over the RPC call, and
this can be used create robust and efficient connections.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
RPC highest level programming
#include <stdio.h>
int main(int argc, char *argv[])
{
int users;
if (argc != 2) {
fprintf(stderr, "Use: rnusers hostname\n");
return(1);
}
if ((users = rnusers(argv[1])) < 0) {
fprintf(stderr, "Error: rnusers\n");
exit(-1);
}
printf("There are %d users on %s\n", users, argv[1]);
return(0);
}
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
RPC middle level programming
#include <stdio.h>
#include <rpc.h>
#define RUSERSPROG
10002
/* Program number
#define RUSERSVERSION 2
/* Version number
#define RUSERPROCVAL 1
/* Procedure number
*/
int main(int argc, char *argv[]) {
unsigned long users;
int
rtn;
if (argc != 2) {
fprintf(stderr, "Use: nusers hostname\n"); exit(-1);
}
if (rtn = callrpc(argv[1], RUSERSPROG, RUSERSVERSION,
RUSERSPROCVAL, xdr_void, 0, xdr_u_long, &users) != 0) {
clnt_perrno(stat); return(1);
}
printf("There are %d users on %s\n", users, argv[1]);
return(0);
}
http://www.soc.napier.ac.uk/~bill/nos.html
*/
*/
bill@napier, 2002
RPC lowest level programming
#include <stdio.h>
#include <rpc.h>
#define RUSERSPROG
10002
#define RUSERSVERSION 2
#define RUSERPROCVAL 1
/* Program number
/* Version number
/* Procedure number
*/
*/
*/
char
*nuser();
int
main(void)
{
registerrpc(RUSERSPROG, RUSERSVERS, RUSERSPROC_NUM, nuser,
xdr_void, xdr_u_long);
svc_run();
fprintf(stderr, "Error: server terminated\n");
return(1);
}
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
RPC lowest level programming
Sample contents of /etc/rpc file:
portmapper
rstatd
rusersd
nfs
ypserv
100000
100001
100002
100003
100004
portmap sunrpc
rstat rstat_svc rup perfmeter
rusers
nfsprog
ypprog
This shows RPC process name, and RPC procedure number.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Networking Operating Systems (CO32010)
Objectives:
2. Processes
• To discuss the advantages ofand
a distributed file system.
• To outline the different methods
of mounting remote file
scheduling
systems onto a file system structure.
• To outline practical implementations of a distributed file
1. Operating systems, especially NFS.
Systems • To show how domains can be created and managed,
especially using standard protocols, such as3.
NIS.
Distributed
7. Encryption
4.1
4.2
4.3
4.4
processing
8. NT, UNIX
and NetWare
Distributed File Systems
Active Directories
Exercises
Sample exam question
6. Routers
5. Routing
protocols
http://www.soc.napier.ac.uk/~bill/nos.html
4. Distributed
file systems
bill@napier, 2002
4.1 Distributed file system
Administration
services
Network
Mounted as
a local drive
Localized
File storage
(rather than
accessing a
remote file)
Distributed
databases
Networked file
system (NFS)
http://www.soc.napier.ac.uk/~bill/nos.html
Centralized
Configuration
(passwords, user IDs,
and so on)
bill@napier, 2002
4.2 Advantages of distributed file systems
•
•
•
•
File system mirrors the corporate structure. File systems can be
distributed over a corporate network, which might span cities, countries
or even continents. The setup of a complete network file system over a
corporation can allow the network to mirror the logical setup of the
organization, rather than its physical and geographical organization. For
example the Sales Department might be distributed around the world,
but the network in which they connect to is identical to the way that the
Sales Department is organized.
Easier to protect the access rights on file systems. In a distributed
file system it is typical to have a strong security policy on the file system,
and each file will have an owner who can define the privileges on this
file. File systems on user computers tend to have limited user security.
Increased access to single sources of information. Many users can
have access to a single source of information. Having multiple versions
of a file can cause a great deal of problems, especially if it is not know as
to which one is the most up-to-date.
Automated updates. Several copies of the same information can be
stored, and when any one of them is updated they are synchronized to
keep each of them up-to-date. Users can thus have access to a local
copy of data, rather than accessing a remote copy of it. This is called
mirroring files.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
4.3 Advantages of distributed file systems
•
•
•
•
•
•
Improved backup facilities. A user’s computer can be switched-off, but
their files can still be backed-up from the distributed file system.
Increased reliability. The distributed file system can have a backbone
which is constructed from reliable and robust hardware, which are
virtually 100% reliable, even when there is a power failure, or when there
is a hardware fault.
Larger file systems. In some types of distributed file systems it is
possible to build-up large file systems from a network of connected disk
drives.
Easier to administer. Administrators can easily view the complete file
system.
Interlinking of databases. Small databases can be linked together to
create large databases, which can be configured for a given application.
The future may also bring the concept of data mining, where agent
programs will search for information with a given profile by interrogating
databases on the Internet.
Limiting file access. Organizations can setup an organization file
structure, in which users can have a limited view of complete file system.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
4.4 Traditional file structure v. corporate structure
UNIX
NDS/
Active
Directories
\\
users
users
config
config
sales
sales
progs
progs
fred
fred
orgname
orgname
production
production
research
research
Tree
structure
UK
UKOffice
Office
bert
bert
http://www.soc.napier.ac.uk/~bill/nos.html
US
USOffice
Office
bill@napier, 2002
4.5 Flat structures
\\
\\bert
\\fred
Windows NT uses a
flat structure,
where nodes join
into a domain
\\freddy
Network
Local disk
Local disk
Local disk
Domain
Flat
structure
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
4.6 Forest of drives v. single tree
Single
tree
Global
File system
/etc
Drives mounted
over the network
to create a single tree
/progs
/user
/sys
Network
C:
Forest of
drives
E:
D:
F:
http://www.soc.napier.ac.uk/~bill/nos.html
Drives mounted
over the network
to a forest of drives
bill@napier, 2002
4.7 NFS services protocol stack
Application
NFS
NIS
Presentation
XDR
Session
RPC
Transport
TCP
Network
IP
Data link
Ethernet/
Token Ring
Physical
http://www.soc.napier.ac.uk/~bill/nos.html
XDR defines a
common data
format for the
conversion of data
values.
RPC defines a a
number of
procedures which
can be executed on
the server, such as
WRITE, CREATE,
and so on.
RPC is stateless,
where a NFS server
waits for a client to
contact it for a client
to contact it, it then
gets a request for a
service, and sends
back the results.
bill@napier, 2002
4.8 Some RPC procedures used by NFS
No.
Procedure
Name
0
void NULL(void)
No operation
1
attrstat GETATTR(fhandle)
Get file attributes
2
attrstat SETATTR(sattrargs)
Set file attributes
6
readres READ(readargs)
Read from file
8
attrstat WRITE(writeargs)
Write to file
9
diropres CREATE(createargs)
Create file
10
stat REMOVE(diropargs)
Remove file
11
stat RENAME(renameargs)
Rename file
13
stat LINK(linkargs)
Create link to file
14
diropres MKDIR(createargs)
Create symbol link
15
stat RMDIR(diropargs)
Create directory
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
4.9 RPC procedures and responses
NFS server
Remotely accessed
file system
RPC procedures
getattr, setattr,
read, write,
create, remove,
rename, link,
symlink, mkdir,
rmdir, readdir
Network
File system either
mounted onto a single
tree or as a forest
of drives
http://www.soc.napier.ac.uk/~bill/nos.html
RPC response
Requested data,
parameters or
status flag (such as:
NFS_OK and
NFSERR_PERM)
NFS client
bill@napier, 2002
4.10 NIS domain
#/etc/protocols
ip
0
icmp
1
ggp
3
tcp
6
Master NIS server maintains:
/etc/passwd
Domain passwords
/etc/groups
Domain groups
/etc/hosts
IP addresses and host names
/etc/rpc
RPC processes
/etc/network
Used to map IP address to networks
/etc/protocols
Known network layer protocols
/etc/services
Known transport layer protocols
IP
ICMP
GGP
TCP
Server
#/etc/groups
root::0:root
other::1:root,hpdb
bin::2:root,bin
sys::3:root,uucp
freds_grp::4:fred,fred2,fred3
Clients
NIS
Domain
#/etc/rpc
portmapper
rstatd
rusersd
nfs
ypserv
100000
100001
100002
100003
100004
portmap sunrpc
rstat rstat_svc
rusers
nfsprog
ypprog
#/etc/hosts
138.38.32.45
198.4.6.3
193.63.76.2
148.88.8.84
146.176.2.3
bath
compuserve
niss
hensa
janet
#/etc/passwd
root:FDEc6.32:1:0:Super unser:/user:/bin/csh
fred:jt.06hLdiSDaA:2:4:Fred Blogs:/user/fred:/bin/csh
fred2:jtY067SdiSFaA:3:4:Fred Smith:/user/fred2:/bin/csh
#/etc/services
ftp
21/tcp
telnet
23/tcp
smtp
25/tcp
pop3
110/tcp
http://www.soc.napier.ac.uk/~bill/nos.html
#/etc/networks
loopback
127.0.0.0
localnet
146.176.151.0
Production 146.176.142.0
bill@napier, 2002
4.11 NIS master and slave(s)
Master NIS
Server maintains:
/etc/passwd
/etc/groups
/etc/hosts
/etc/rpc
/etc/network
/etc/protocols
/etc/services
and so on.
Master sends updates to
NIS slaves
NIS
Domain
Slave NIS
server
2. Client broadcasts
an NIS request to the
domain
1. Client is
started
3. The client then binds to
the first server which
responds
Slave NIS
server
http://www.soc.napier.ac.uk/~bill/nos.html
NIS
client
bill@napier, 2002
4.12 inetd.conf – defines the network services that are started
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
# Echo, discard and daytime are used primarily for testing.
echo
stream
tcp nowait
root
internal
echo
dgram
udp wait
root
internal
discard stream
tcp nowait
root
internal
discard dgram
udp wait
root
internal
daytime stream
tcp nowait
root
internal
daytime dgram
udp wait
root
internal
time
dgram
udp wait
root
internal
#
# These are standard services.
ftp
stream
tcp nowait
root
/usr/sbin/tcpd
/usr/sbin/wu.ftpd
telnet
stream
tcp nowait
root
/usr/sbin/tcpd
/usr/sbin/in.telnetd
#
# Shell, login, exec and talk are BSD protocols.
shell
stream
tcp nowait
root
/usr/sbin/tcpd
/usr/sbin/in.rshd
login
stream
tcp nowait
root
/usr/sbin/tcpd
/usr/sbin/in.rlogind
talk
dgram
udp wait
root
/usr/sbin/tcpd
/usr/sbin/in.ntalkd
ntalk
dgram
udp wait
root
/usr/sbin/tcpd
/usr/sbin/in.ntalkd
#
# Pop mail servers
pop3
stream
tcp nowait
root
/usr/sbin/tcpd
/usr/sbin/in.pop3d
#
bootps
dgram
udp wait
root
/usr/sbin/tcpd
/usr/sbin/in.bootpd
#
finger
stream
tcp nowait
daemon /usr/sbin/tcpd
/usr/sbin/in.fingerd
systat
stream
tcp nowait
guest
/usr/sbin/tcpd
/usr/bin/ps -auwwx
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Networking Operating Systems (CO32010)
Objectives:
2. Processes
• To outline the fundamental techniques
using in routing
and
protocols.
scheduling
• To define the main problem in routing protocol
techniques, such as routing loops, and count-to-infinity,
1. Operating and how the may be overcome.
Systems • To outline practical protocols, especially RIP and IGRP,
and reflect on their strengths and weaknesses.
3. Distributed
processing
7. Encryption
5.1
5.2
5.3
5.4
5.5
5.6
5.7
Introduction
Routing fundamentals8. NT, UNIX
Routing protocol techniques
and NetWare
RIP
OSPF
IGRP
EGP/BGP
6. Routers
5. Routing
protocols
http://www.soc.napier.ac.uk/~bill/nos.html
4. Distributed
file systems
bill@napier, 2002
5.1 Alternative Routes
2
Net5
4
Net6
Net1
A
Net4
11
6
Net8
Net2
3
2
A
1
3
Net3
B
Net7
5
4
6
B
5
6
B
5
6
B
2
4
6
http://www.soc.napier.ac.uk/~bill/nos.html
B
bill@napier, 2002
5.2 Best route?
Routing based on hops:
Route (1,3,5,6) = 4 hops [BEST]
Route (1,3,5,2,4,6) = 6 hops
Routing based on delay (latency):
Route(2,4,6) = 1.5+1.25 = 2.75
Route(2,5,6) = 1.1+1.3 = 2.4 [BEST]
Routing based on error probability:
Pe(2 – 5)=0.01
Pe(2 – 4)=0.05
Pnoerror(2,5,6)
Pnoerror(2,4,6)
Pe(5 – 6)=0.15
Pe(4 – 6)=0.1
=(1 – 0.01) (1 – 0.15) = 0.8415
=(1 – 0.05) (1 – 0.1) = 0.855 [BEST]
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.2 Best route?
Error probability
• Challenge 1.
• Challenge 2.
0.2
B
0.2
0.05
A
0.1
C
D
0.3
Lowest error
probability Wins!
Route: ABCD
No Error
=(1-0.2)x(1-0.05)x(1-0.3)
= 0.532
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.2 Best route?
Delay (ms)
• Challenge 1.
• Challenge 2.
2
B
2
0.5
A
1
C
Route: ABCD
Delay
=(2)+(0.5)+(3) ms
= 5.5 ms
http://www.soc.napier.ac.uk/~bill/nos.html
D
3
Lowest delay
Wins!
bill@napier, 2002
5.3 Layer 3 protocols
Routing protocols. A routing protocol provides a mechanism for
routers to share routing information. These protocols allow routers
to pass information between themselves, and update their routing
tables. Examples of routing protocols are Routing Information
Protocol (RIP), Interior Gateway Routing Protocol (IGRP),
Enhanced Interior Gateway Routing Protocol (EIGRP), and Open
Shortest Path First (OSPF).
Routed protocols. These protocols are any network layer
protocol that allows for the addressing of a host and a destination
on a network, such as IP and IPX. Routers are responsible for
passing a data packet onto the next router in, if possible, an
optimal way, based on the destination network address. The
definition of an optimal way depends on many things, especially its
reachability. With IP, routers on the path between a source and a
destination, examine the network part of the IP address to achieve
their routing. Only the last router, which is connected to the
destination node network, examines the host part of the IP
address.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.4 Types of Routing
Dynamic routing. In dynamic routing, the routers monitor the
network, and can change their routing tables based on the current
network conditions. The network thus adapts to changing
conditions. Unfortunately, this method tends to reveal everything
known about an internetwork to the rest of the network. This may
be inappropriate for security reasons.
Static routing. In static routing, a system administrator sets up a
manual route when there is only one route to get to a network (a
stub network). This type of configuring reduces the overhead of
dynamic routing. Static routing also allows the internetwork
administrator to specify the information that is advertised about
restricted parts of a network.
Default routing. These are manually defined by the system
administrator and define the path that is taken if there is not a
known route for the destination.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.5 Best Route Parameters?
Bandwidth. The data capacity of a link, which is typically
defined in bps.
Delay. The amount of time that is required to send a
packet from the source to a destination.
Load. A measure of the amount of activity on a route.
Reliability. Relates to the error rate of the link.
Hop count. Defined by the number of routers that it takes
between the current router and the destination.
Ticks. Defines the delay of a link by a number of ticks of a
clock.
Cost. An arbitrary value which defines the cost of a link,
such as financial expense, bandwidth, and so on.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.6 Type of Update?
Broadcast. In broadcast, routers transmit their information to
other routers at regular intervals. A typical broadcast routing
protocol is RIP, in which routers send their complete routing table
once every few minutes, to all of their neighbors. This technique
tends to be wasteful in bandwidth, as changes in the route do not
vary much over short amounts of time.
Event-driven. In event-driven routing protocols, routing
information is only sent when there is a change in the topology or
state of the network. This technique tends to be more efficient than
broadcast, as it does not use up as much bandwidth.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.7 Routing protocol types
Hybrid (IS-IS)
+
Layer
Layer33
protocols
protocols
Routed
(IP, IPX,
NetBEUI)
Types
Types
+
+
Link-state
Distance-vector
+
+
Routing
(RIP, OSPF)
Session
Session
Transport
Transport
Network
Network
Data
Datalink
link
Physical
Physical
Updates
Updates
Routing
Routing
HTTP
HTTP
TCP
TCP
IP
IPRIP
RIP
Ethernet/
Ethernet/
FDDI
FDDI
Each router
transmits routing
information to
all other routers
only when there
are changes
(OSPF/BGP/EGP)
Distance
Distance
metrics
metrics
Each router
periodically sends
information to
each of itsneighbors
(RIP).
Problems:
• Bandwidth
• Step-by-step updates
Problems:
• Initial flooding
• Processing/memory
Hop count
+
Delay
Tick
+
Bandwidth
+
Event driven v. broadcast
Cost
+
Reliability
+
Static .v. dynamic
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.8 Example routing
Dest Hops
A
B
C
1
2
1
Next
Dest
x
z
z
A
B
C
W
Dest
A
B
C
Hops Next
2
1
0
w
y
Network C
0
1
2
Z
Network C
Network A
y
y
Network A
X
2
1
Hops Next
3
Dest
4
Y
A
B
C
Hops Next
1
0
1
x
Network B
z
Network B
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.9 Routing loops
Timing of
events
AA
E.E.Network
NetworkAA
reachable
reachable
BB
CC
DD
EE
B.B.I Ican
canreach
reach
Network
NetworkAAinin
33hops
hops
W
X
2
1
Z
A.A.Network
NetworkAA
unreachable
unreachable
3
4
D.D.Network
NetworkAA
reachable
reachable
Y
A.A.Network
Router Z thinks it can
NetworkAA
unreachable
unreachable
reach Network A in 4 hops,
as Router W says it can
reach it in 3 hops, this overrules
the information from
C.C.Network
Router Y which says it cannot
NetworkAA
Reachable
Reachablevia
via
reach Network A
Router W
Network
unreachable
V
Network A
Router W
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.10 Overcoming Distance Vector Problems
Setting infinity values. The count-to-infinity will eventually resolve
itself when the routers have counted to infinity (as infinity will be
constrained with the maximum definable value), but while the network
is counting to this value, the routing information will be incorrect. To
reduce the time that it takes to get to this maximum, a maximum value
is normally defined. In RIP this value is set at 16 hops for hop-count
distance-vectors, thus the maximum number of hops that can occur is
15. This leads to a problem in that a destination which has a distance of
more than 15 hops is unreachable, as a value of 16 or more defines
that the network is unreachable.
Split horizon. This method tries to overcome routing loops. With this
routers do not update their routing table with information on a
destination if they know that the network is already connected to the
router (that is, the router knows more about the state of the network
than any other router, as it connects to it). Thus in Figure X, Router Z
and Router X will not send routing information on Network B to Router
Y, as they know that Network B is connected to Router Y.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.11 Overcoming Distance Vector Problems
Hold-Down Timers. This method overcomes the count-to-infinity problem.
With a hold-time time, a router starts a hold-time timer when it receives an
update from a neighbor indicating that a previously accessible network is
now inaccessible. It also marks the route as inaccessible. There are then
three possible situations:
o
If, at any time before the hold-down timer expires, an update is
sent from the same neighbor which alerted the initial problem saying
that it is now accessible, the router marks the network as accessible
and removes the hold-down timer.
o
If an update arrives from a different neighboring router with a
better metric than the original metric, the router marks the network as
accessible and removes the hold-down timer.
o
If, at any time before the hold-down timer expires, an update is
sent from a different neighbor which alerted the initial problem saying
that it is accessible, but has a poorer metric than the previously
recorded metric, the update is ignored. Obviously after the timer has
expired the network will still be prone to looping routes, but the timer
allows for a longer time for the network to settle down and recover the
correct information.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
5.12 Link-state overview
Network 1 becomes unreachable for a short time
LSP:Network
LSP:Network
Reachable
Reachable
Methods
Methods
Problem
Problem
W
LSP:Network
LSP:Network
Unreachable
Unreachable
1
LSP
(Link state
packets)
+
X
2
Network
unreachable
arrives after
network
reachable
3
4
Z
Y
LSP:Network
LSP:Network
Unreachable
Unreachable
+
Topological
database
(for SPF)
Link-state
Link-state
Operation
Operation
OSPF
OSPF(RFC1583)
(RFC1583)
Ver
.
Ver . Type
Type Message
MessageLen.
Len.
Router
ID
Router ID
Area
AreaID
ID
Checksum
Auth.
Checksum
Auth.Type
Type
LSP
A change in
topology causes
updates to all
other routers
Concerns
Concerns
Authentication
Authentication
+
Processing
Increased processing
power required to
build trees
Memory
Increased
amount of
storage memory
for tree
http://www.soc.napier.ac.uk/~bill/nos.html
Each router
builds up a tree
topology of the
subnetworks and find
shortest path
bill@napier, 2002
OSPF header
5.13 OSPF overview
OSPF
OSPF(RFC1583)
(RFC1583)
Ver.
Type
Ver.
Type Message
MessageLen.
Len.
Router
ID
(unique
in
AS)
Router ID (unique in AS)
Area
AreaID
ID(similar
(similarto
tosubnetting)
subnetting)
Checksum
Auth.
Checksum
Auth.Type
Type
+
Hello [1]. Used to establish and maintain aconnection.
Routers agree HelloIntervaland RouterDeadInterval.
• HelloInterval. Number of seconds between Hello
packets. The smaller the value, the fastest the detection
of topological changes. X.25 uses 30 sec, LANs uses
10 sec.
• RouterDeadInterval. Number of seconds before arouter
assumes that a route is down. It should be a multiple
of HelloInterval (such as four times).
+
Database Description[2]. Used to send database
between routers.
+
Link-state Request [3]. Request parts of aneighbor’s
database, which may be more up-to-date.
+
Link-state Update [4]. Used to flood link state advertisements.
+
Link-state Acknowledgement [5]. Used to acknowledge
flooded advertisements.
Authentication
Authentication
Additional
Information
(depends on
packet type)
32 bits
Gateways
OSPF is
an IGP (Interior
Gateway Protocol)
which distributes
routing information between
routers in a single autonomous
system. All routers have the
same database.
Separate
domains
Autonomous
Autonomous
System
System
Autonomous
Autonomous
System
System
Autonomous
Autonomous
System
System
Internet
http://www.soc.napier.ac.uk/~bill/nos.html
EGP used between AS’s
bill@napier, 2002
5.14 Tree-like topology v. Internet-like topology
Single backbone
Org1
Site1
Site2
Org2
Site3
Site1
Site2
Site3
Org 3
LAN1
LAN2
LAN3
LAN1
LAN2
Org1
LAN3
Org2
Site1
Site2
Site3
Site1
LAN1
LAN2
Site3
LAN3
LAN1
http://www.soc.napier.ac.uk/~bill/nos.html
Site2
LAN2
LAN3
bill@napier, 2002
5.15 Autonomously attached networks
Autonomously
Autonomously
Gateway
attached
attached
(G/W)
network
network
(AAN)
(AAN)
G/W
G/W
AAN
AAN
G/W
G/W
AAN
AAN
G/W
G/W
AAN
AAN
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Networking Operating Systems (CO32010)
2. Processes
Objectives:
and
• To outline the main elements scheduling
of a router.
• To be able to understand the main elements in the
programming of a router.
1. Operating • To be able to program a router for a given specification.
Systems • To understand the operation of firewalls, and how these
are implemented on a firewall.
7. Encryption
3. Distributed
processing
8. NT, UNIX
and NetWare
Introduction
6. Routers
6.1
6.2
Router configuration and startup
6.3
Router commands
6.4
Access Control Lists (ACLs)
6.5
Exercises
Cisco router commands4. Distributed
5. 6.6
Routing
protocols
http://www.soc.napier.ac.uk/~bill/nos.html
file systems
bill@napier, 2002
6.1 Routers
Modem
Console
port
Router
Serial1
Console
Port (RJ-45)
Auxiliary
Port (RJ-45)
Ether0
Auxiliary
port
Ether1
Serial0
Console
terminal
Interfaces
ROUTER
Serial0
(DB-60)
Serial1
(DB-60)
Ether0 Ether1
(DB-15) (DB-15)
http://www.soc.napier.ac.uk/~bill/nos.html
Virtual
Terminal
(through
telnet)
TFTP
Server
(to download
configuration
files over the
network)
bill@napier, 2002
6.2 Router modes
User EXEC.
View configuration
parameters
ROM
Executes
User commands
Bootstrap
program
Perform
hardware
tests
Run
EXEC
Load
operating
system
Global,
process
and
interface
information
Load configuration
file from NVRAM
http://www.soc.napier.ac.uk/~bill/nos.html
Privileged EXEC.
Edit configuration
parameter/
debug/testing
Setup mode
Used to configure
the router when
first started
RXBOOT
Maintenance mode,
such as recovering
lost passwords
Global Config
Performs simple
configuration tasks
bill@napier, 2002
6.2 Example topology
201.100.11.1
Switch
Ether1
LAB-A
205.7.5.0 (Router)
192.5.5.0
Ether0
Serial0
201.100.11.2
Serial1
201.100.11.0
LAB-B
(Router)
219.17.100.0
Hub
199.6.13.1
Ether0
Hub
199.6.13.2
Serial0
Serial1
199.6.13.0
LAB-C
(Router)
Serial0
223.8.151.0
Serial1
LAB-D
(Router)
Ether0
210.93.105.0 Ether0
LAB-E
(Router)
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.3 Router startup
•
•
•
•
•
The bootstrap loader is loaded from ROM and run on the processor.
The operation system (Cisco IOS – Internetwork Operating System) is
then loaded from the boot field of a configuration register (which specifies
either boot from flash memory, boot from the network or manual boot).
The lower four bits of the configuration register define the boot field.
The operating system is then booted, and it determines the hardware
and the software on the system, and displays these to the console
terminal.
The operating system then loads the configuration file from NVRAM and
executes it one line at a time. These lines start different processes, and
define addresses and protocol types.
If there is no configuration file in NVRAM, the router automatically goes
into user setup mode, where the router asks the user questions about
the router configuration. Once these have been specified the router saves
these to NVRAM, so that the settings will be saved. Once saved, the
router should automatically boot, without going into user setup mode. As
much as possible the router tries to discover its environment, and tries to
minimize the settings that the user has to add. Typically values are given
in squared brackets, which are defaults that the user can choose if the
return key is pressed at the option.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.4 Router memory
•
•
•
•
NVRAM. This type of memory does not lose its contents when the power
is withdrawn, but can be written to. It is used to store the router’s
backup/startup configuration file. One of the options in the configuration is
where the operating system image is loaded from, typically either from
flash memory, or from a TFTP server.
Flash. This is erasable, reprogrammable ROM, which keeps its contents
when the power is taken away. It is used in the router to contain one or
more copies of the operating
system image and microcode. Flash
memory allows for easy updates to the operating system software,
without having to replace any parts of the hardware.
ROM. This is a permanent type of memory, which cannot be changed,
and does not lose its contents when the power is withdrawn. On the
router it contains power-on diagnostics, a bootstrap program, and
operating system software. Upgrades to ROM require a change of a ROM
integrated circuit.
RAM. This is the main memory of the router and stores running programs
and the current running configuration file. Along with this the RAM stores
routing tables, ARP cache, packet buffering and packet hold queues. The
contents of the RAM are lost when the power is withdrawn.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.5 Router commands (enable)
LAB-A con0 is now available
Press RETURN to get started.
User Access Verification
Password: *******
LAB-A>
?
Exec commands:
access-enable
Create a temporary Access-List entry
access-profile
Apply user-profile to interface
clear
Reset functions
connect
Open a terminal connection
::::::::
LAB-A>
enable
Password: **********
LAB-A#
?
Exec commands:
access-enable
Create a temporary Access-List entry
access-profile
Apply user-profile to interface
access-template Create a temporary Access-List entry
cd
Change current directory
::::::::
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.6 Router commands (enable)
show arp. Displays the current status of router’s ARP tables, which map IP addresses to MAC address.
Session run 6.6 gives an example of this command.
show buffers. This command shows detailed statistics on the buffers within the router. Session run 6.2
gives an example of this command. In this case, the memory buffers split into small buffers (104 bytes),
middle buffers (600 bytes), big buffers (1524 bytes), very big buffers (4520 bytes), large buffers (5024
bytes) and huge buffers (18024 bytes).
show flash. This command displays information on the data stored in the flash memory. An example is
given in Session run 6.8.
show hosts. This command displays a lists of connected hosts and their IP addresses.
show interfaces. This command displays statistics for all interfaces configured on the router. Session
run 6.10 shows an example.
show mem. This command displays the usage of the routers memory. Session run 6.3 shows an
example.
show processes. This command shows the active processes.
show protocols. This command displays the status of currently running protocols (such as IP, IPX,
AppleTalk and DECnet). It can be seen from Session run 6.9 that there are three active interfaces
(Ethernet0, Serial0 and Serial1), and that each of the interfaces is operating (‘they are up’). For example
the IP address of Ethernet0 interface is 219.17.100.1/24, which specifies that it has an IP address of
219.17.100.1 and that 24 bits are used to define the network part of the address (as expected as it is a
Class C address).
show running-config. This command displays the active configuration file.
show startup. Displays the startup configuration file.
show version. This command display information on the hardware, software version, configuration file
name, and the boot image.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.7 Router commands (show buffers)
LAB-A#
show buffers
Buffer elements:
500 in free list (500 max allowed)
2026 hits, 0 misses, 0 created
Public buffer pools:
Small buffers, 104 bytes (total 50, permanent 50):
49 in free list (20 min, 150 max allowed)
669 hits, 0 misses, 0 trims, 0 created
::::::::
Huge buffers, 18024 bytes (total 0, permanent 0):
0 in free list (0 min, 4 max allowed)
0 hits, 0 misses, 0 trims, 0 created
0 failures (0 no memory)
Interface buffer pools:
Ethernet0 buffers, 1524 bytes (total 32, permanent 32):
8 in free list (0 min, 32 max allowed)
24 hits, 0 fallbacks
8 max cache size, 8 in cache
::::::::
Serial0 buffers, 1524 bytes (total 32, permanent 32):
7 in free list (0 min, 32 max allowed)
102 hits, 0 fallbacks
8 max cache size, 8 in cache
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.8 Router commands (show hosts)
LAB-A> show hosts
Default domain is not set
Name/address lookup uses domain service
Name servers are 255.255.255.255
Host
LAB-B
LAB-C
LAB-D
LAB-E
LAB-A
Flags
(perm, OK)
(perm, OK)
(perm, OK)
(perm, OK)
(perm, OK)
Age
17
18
19
18
19
Type
IP
IP
IP
IP
IP
Address(es)
201.100.11.2 219.17.100.1
199.6.13.1
199.6.13.2 223.8.151.1
204.204.7.1
204.204.7.2 210.93.105.1
210.93.105.2
192.5.5.1 205.7.5.1 201.100.11.1
201.100.11.2
LAB-A
LAB-A
(Router)
(Router)
Serial1
201.100.11.0
199.6.13.1
LAB-B
LAB-B
(Router)
(Router)
201.100.11.2
199.6.13.2
Serial0
199.6.13.0
LAB-C
LAB-C
(Router)
(Router)
Ether0
219.17.100.0
Hub
Hub
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.9 Router commands (show protocols)
Lab-B> show protocols
Internet Protocol routing is enabled
Ethernet0 is up, line protocol is up
Internet address is 219.17.100.1/24
Serial0 is up, line protocol is up
Internet address is 199.6.13.1/24
Serial1 is up, line protocol is up
Internet address is 201.100.11.2/24
201.100.11.2
LAB-A
LAB-A
(Router)
(Router)
Serial1
201.100.11.0
199.6.13.1
LAB-B
LAB-B
(Router)
(Router)
201.100.11.2
199.6.13.2
Serial0
199.6.13.0
LAB-C
LAB-C
(Router)
(Router)
Ether0
219.17.100.0
Hub
Hub
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.10 Router commands (show running-config)
Lab-B# show running-config
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
LAB-A
LAB-A
no service password-encryption
(Router)
(Router)
!
hostname Lab-B
!
enable password class
!
ip subnet-zero
!
interface Ethernet0
ip address 219.17.100.1 255.255.255.0
no ip directed-broadcast
!
interface Serial0
ip address 199.6.13.1 255.255.255.0
ip directed-broadcast
no ip mroute-cache
no fair-queue
clockrate 56000
!
http://www.soc.napier.ac.uk/~bill/nos.html
201.100.11.2
Serial1
201.100.11.0
199.6.13.1
LAB-B
LAB-B
(Router)
(Router)
201.100.11.2
199.6.13.2
Serial0
199.6.13.0
LAB-C
LAB-C
(Router)
(Router)
Ether0
219.17.100.0
Hub
Hub
bill@napier, 2002
6.11 Router commands (show running-config – cont.)
interface Serial1
ip address 201.100.11.2 255.255.255.0
no ip directed-broadcast
!
router rip
LAB-A
network 199.6.13.0
LAB-A
(Router)
(Router)
network 201.100.11.0
network 219.17.100.0
!
no ip classless
!
line con 0
password cisco
login
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end
!
http://www.soc.napier.ac.uk/~bill/nos.html
201.100.11.2
Serial1
201.100.11.0
199.6.13.1
LAB-B
LAB-B
(Router)
(Router)
201.100.11.2
199.6.13.2
Serial0
199.6.13.0
LAB-C
LAB-C
(Router)
(Router)
Ether0
219.17.100.0
Hub
Hub
bill@napier, 2002
6.12 MAC and IP address
ARP TABLE
Protocol
Internet
Internet
Internet
(in LAB-A)
Address
205.7.5.254
192.5.5.1
192.5.5.12
Internet
205.7.5.1
MAC:
IP:
-
0030.8071.9f40
205.7.5.254
Switch
Age (min)
108
1
205.7.5.0
MAC:
IP:
Hardware Addr
0030.8071.9f40
0010.7b81.1d72
0000.b430.b332
Type
ARPA
ARPA
ARPA
Interface
Ethernet1
Ethernet0
Ethernet0
0010.7b81.1d73
ARPA
Ethernet1
0010.7b81.1d73
205.7.5.1
LAB-A
(Router)
192.5.5.0
MAC:
IP:
0010.7b81.1d72
192.5.5.1
MAC:
IP:
0000.b430.b332
192.5.5.12
Hub
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.13 Router programming
Router> enable
Router#
Router# config t
Enter configuration commands, one per line. End with END.
Router (config)# hostname LAB_A
LAB_A (config)#
LAB_A (config)# enable secret class
LAB_A (config)# exit
LAB_A# exit
LAB_A> enable
Password: ccc
Password: class
LAB_A#
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.14 Router programming
LAB_A# config t
LAB_A (config)# int e0
LAB_A (config-if)# ip address 192.5.5.1 255.255.255.0
LAB_A (config-if)# no shutdown
LAB_A (config-if)# exit
LAB_A (config)# int e1
LAB_A (config-if)# ip address 205.7.5.1 255.255.255.0
LAB_A (config-if)# no shutdown
LAB_A (config-if)# exit
LAB_A (config)# int s0
LAB_A (config-if)# ip address 201.100.11.1 255.255.255.0
LAB_A (config-if)# clock rate 56000
LAB_A (config-if)# no shutdown
LAB_A (config-if)# exit
LAB_A
LAB_A
LAB_A
LAB_A
LAB_A
LAB_A
(config)# router
(config-router)#
(config-router)#
(config-router)#
(config-router)#
(config)#
rip
network 192.5.5.0
network 205.7.5.0
network 201.100.11.0
exit
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.15 ACLs
For example the firewall may
block FTP traffic going out of
the network.
Router
A port on a router can be setup with ACLs
to filter traffic based on the network address or
the source or destination port number
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.16 ACLs
• Source IP address. The address that the data packet
was sent from.
• Destination IP address. The address that the data
packet is destined for.
• Source TCP port. The port that the data segment
originated from. Typical ports which could be blocked
are FTP (port 21), TELNET (port 23), and WWW (port
80).
• Destination TCP port. The port that the data segment
is destined for.
• Protocol type. This filters for UDP or TCP traffic.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.17 Standard ACLs
Router# access-list access-list-value {permit | deny} source source-mask
Router# access-list 1 deny 156.1.1.10 0.0.0.0
Router# access-list 1 deny 156.1.1.0 0.0.0.255
Router# access-list 1 deny 156.1.1.0 0.0.0.255
Router# access-list 1 permit ip any any
Router (config)# interface Ethernet0
Router (config-if)# ip address 156.1.1.130 255.255.255.0
Router (config-if)# ip access-group 1 in
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
6.18 Extended ACLs
Router# access-list access-list-value {permit | deny} {test-conditions}
Router(config)#access-list 100 deny ip host 156.1.1.134 156.70.1.1
0.0.0.0
Router(config)#access-list 100 permit ip any any
Router(config)#access-list 100 deny ip 156.1.1.0 0.0.0.255 156.70.1.0
0.0.0.255
Router(config)#access-list 100 permit ip any any
Router(config)#access-list 100 deny ip 156.1.1.0 0.0.0.254
host 156.70.1.1
Router(config)#access-list 100 permit ip any any
Router (config)# interface Ethernet0
Router (config-if)# ip address 156.1.1.130 255.255.255.192
Router (config-if)# ip access-group 100 in
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Networking Operating Systems (CO32010)
Objectives:
Processes
• To outline the usage of the2.three
main NOS’s: NT/2000,
and
UNIX and Netware.
• To define the usage of objectscheduling
properties in each of the
NOS’s.
• To define how distributed files systems are created in the
1. Operating three main NOS’s (UNIX – NFS, Active Directories –
Systems
NT/2000 and NDS – NetWare)
3. Distributed
processing
7. Encryption
8.1
8.2
8.3
8.4
8.5
Introduction
Microsoft Windows
UNIX
Novell NetWare
NDS
6. Routers
8. NT, UNIX
and NetWare
5. Routing
protocols
http://www.soc.napier.ac.uk/~bill/nos.html
4. Distributed
file systems
bill@napier, 2002
Local audit policy
Success Failure
• User login/logout
• File and object access
• Use of user rights
• User and group management
• Security policy changes
• Restart/shutdown
• Process tracking
\\freds_pc
\\bills_
pc
Domain
Domain
(my_d)
(my_d)
\\server1
Domain audit policy
• User login/logout
• File and object access
• etc
http://www.soc.napier.ac.uk/~bill/nos.html
Success Failure
bill@napier, 2002
UNIX file attributes
file owner
name
-rwxr-xr-x
1 bill_b
group’s
name
date/time
last modified
staff
28 May 12
filename
1993 gopc
directory
attribute
d rwx rwx rwx
User
USER
Group
GROUP WORLD
World
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
UNIX
•
•
•
•
•
•
•
•
•
•
•
•
•
TCP/IP for its communications.
NFS for mounting files over a network.
ICMP (for ping, traceroute, and so on).
RIP (for routing).
ARP (for determination of MAC addresses).
DNS (for determining domain names).
BOOTP (for IP address allocation).
FTP (for file transfer).
TELNET (for remote login).
NIS (for creating domains).
RPC (for remote processing execution).
SMTP (for e-mail).
SNMP (for network management)
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Application
Application
Presentation
Presentation
Application
Applicationprogram
program
Session
Session
Transport
Transport
Network
Network
NetWare
NetWare
(SPX/IPX)
(SPX/IPX)
UNIX/
UNIX/
Internet
Internet
(TCP/IP)
(TCP/IP)
Transport Driver
Interface (TDI)
Windows
Windows
(NetBEUI)
(NetBEUI)
Data
Datalink
link
Media
MediaAccess
AccessControl
Control
Physical
Physical
Ethernet/
Ethernet/ATM/
ATM/ISDN/
ISDN/etc.
etc.
http://www.soc.napier.ac.uk/~bill/nos.html
Network Device
Interface Specification
(NDIS)
NDIS
Wrapper NDIS NIC
Driver
NIC
bill@napier, 2002
Application
programs
NetWare shell
(NETx)
software
NCP (network
core protocol)
SPX/IPX
ODI (open
data-link interface)
hardware
NetWare client: Windows NT, Windows 3.1,
Unix, OS/2, Mac or DOS
NIC (network
interface card)
server
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Application
Application
program
Presentation
NetWare
shell
Session
NCP redirector/
NETBIOS emulator
Transport
SPX
Network
IPX
Open-device
interface (ODI)
Data link
Physical
Ethernet,
Token Ring,
etc.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Problems with Novell NetWare 3
• It uses SPX/IPX which is incompatible with TCP/IP
traffic.
• It is difficult to synchronize servers with user
information.
• The file structure is local to individual servers.
• Server architecture is flat and cannot be
organized into a hierarchical structure (Bindery
services).
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
NDS
• Hierarchical server structure.
• Network-wide users and groups.
• Global objects. NDS integrates users, groups, printers,
servers, volumes and other physical resources into a
hierarchical tree structure.
• System-wide login with a single password. This allows
users to access resources which are connected to remote
servers.
• NDS processes logins between NetWare 3.1 and
NetWare 4/5 servers, if the login names and passwords
are the same.
• Supports distributed file system.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
NDS (cont.)
• Synchronization services. NDS allows for directory synchronization,
which allows directories to be mirrored on different partitions or
different servers. This provides increased reliability in that if a server
develops a fault then the files on that server can be replicated by
another server.
• Standardized organizational structure for applications, printers,
servers and services. This provides a common structure across
different organizations.
• It integrates most of the administrative tasks in Windows-based
NWADMIN.EXE program.
• It is a truly distributed system where the directory information can
be distributed around the tree.
• Support for NFS server for UNIX resources.
• Multiple login scripts, as opposed to system and user login scripts in
NetWare 3.1.
• Windows NT support.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Organization
Electrical
Mechanical
Root
objects
Production
Administration
Container
objects
BINS/VOL1
Q_LASER
Containe
objects
CD_DISK
SYS/VOL2
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
[ROOT]. This is the top level of the inverted tree and contains all the
objects within the organizational structure.
Organization. This object class defines the organizational name (such
as FRED_AND_CO). It is normally the next level after [ROOT] (or
below the C=Country object).
User. This object defines an individual user. The first user created in a
NetWare 4 system is the ADMIN user, which is typically the only user
with rights to add and delete objects on the whole of the NDS structure.
NCP (NetWare Control Protocol) Server. This appears for all
NetWare 4 servers.
Volume. This identifies the mounted volume for file services. A network file system data links to the Directory tree through Volume
objects.
The most commonly used objects are:
Bindery. These allow compatibility with existing Bindery-based
NetWare 3, NetWare 3 clients and NetWare 4 servers which do not
completely implement NDS. They display any object that isn’t a user,
group, queue, profile or print server, which was created using the bindery services.
Organizational unit. This object represents the OU part of the NDS
tree. These divide the NDS tree into subdivisions, which can represent
different geographical sites, different divisions or workgroups. Different divisions might be PRODUCTION, ACCOUNT, RESEARCH, and
so on. Each Organizational Unit has its own login script.
Organization role. This object represents a defined role within an
organization object. It is thus easy to identify users who have an administrative role within the organization.
Group. This object represents a grouping of users. All users within a
group inherit the same access rights.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Directory map. This object points to a file system directory on a
mounted volume. It is typically used to create a global file system
which has physically separate parts.
Alias. This identifies an object with another name. For example, a
print queue which is called NET_PRINT1 might have an alias name of
HP _LASER_JET_6.
Printer. This can either be connected to the printer port of a PC, or
connected to a NetWare server.
Print queue. This object represents the queue of print jobs.
Profile. This object defines a special scripting file. This can be a
global login script, a location login script or a special login script.
Print server. This object allows print jobs to be queued, waiting to be
serviced by the associated printer.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
• [ROOT]. This is the top level of the tree. The top of the NDS tree is the
[ROOT] object.
• C=Country. This object can be used, or not, to represent different countries,
typically where an organization is distributed over two or more countries. If it
is used then it must be placed below the [ROOT] object. NDS normally does
not use the Country object and uses the Organization Unit to define the
geographically located sites, such as SALES_UK.[ROOT], SALES_USA.[ROOT],
and so on.
• L=Locality. This object defines locations within other objects, and identifies
network portions. The Country and Locality objects are included in the X.500
specification, but they are not normally used, because many NetWare 4
utilities do not recognize it. When used, it must be placed below the [Root]
object, Country object, Organization object, or Organizational Unit object.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Leaf Objects (CN - Common Name)
Apart from the container objects (C, O, OU, and so
on) there are leaf objects. These are assigned a CN
(for Common Name). They include:
CN=AFP Server
CN=Bindery
CN=Bindery Queue CN=Computer
CN=Directory Map CN=Group
CN=Organizational Role
CN=Print Queue
CN=Print Server
CN=Printer
CN=Profile
CN=Server
CN=User
CN=Volume
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
[ROOT]
O=Organization
(such as: O=FRED_ANDCO)
OU=Organizational Unit
(such as: OU=TEST)
OU=Organizational Unit
(such as: OU=SALES)
User1
Groups
User2
Print Queues
Printer
Printer Server
http://www.soc.napier.ac.uk/~bill/nos.html
Volumes
bill@napier, 2002
• LP=Licensed Product. This object is automatically created when a license
certificate is installed. When used, it must be placed below the [Root] object,
Country object, Organization object, or Organizational Unit object.
• O=Organization. This object represents the name of the organization, a
company division or a department. Each NDS Directory tree has at least one
Organization object, and it must be placed below the [Root] object (unless the
tree uses the Country or Locality object).
• OU=Organization Unit. This object normally represents the name of the
organizational unit within the organization, such as Production, Accounts, and
so on. At this level, User objects can be added and a system level login script
is created. It is normally placed below the Organizational object.
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Secondary server
Primary server
NIC
MSL
adapter
Duplexed
traffic
MSL
adapter
NIC
Network connections
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Remote access to network
PPP/SLIP
Remote access
connection
Remote
access server
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
PPTP
PPTP
Virtual flow
PPTP encapsulates the
required protocol
(TCP/IP, IPX, AppleTalk,
NETBEUI)
Remote
access server
Virtual Private Network
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
IP
IPX
IP
IPX
IP
IPX
IP
IPX
IP
IPX
IP
IPX
IPCP
PPP
IPXCP
ACP
IPCP
IPXCP
Network
layer
ACP
NCP
NCP
Authentication and LCP
Authentication and LCP
Asynchronous/synchronous
media
Asynchronous/synchronous
media
PPP trailer
IP
Data
link
layer
PPP header
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Flag
(01111110)
1 byte
Address
(11111111)
1 byte
Control
(00000011)
Protocol
Data
FCS
1 byte
2 bytes
variable
2 or 4
bytes
Network protocols:
0021h –
IP
0029h –
Appletalk
002bh –
Novell IPX
Flag
(01111110)
1 byte
Network Control Protocols:
8021h –
IP Control Protocol
8029h –
Appletalk Control Protocol
802bh –
Novell IPX Control Protocol
Link Control Protocols:
C021h – Link Control Protocol
C023h – PAP
C025h – Link Quality Report
C223h – CHAP
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
2 or 4
bytes
2 bytes
Flag
(01111110)
Address
(11111111)
Control
(00000011)
1 byte
1 byte
1 byte
Code
Protocol
(C021h - LCP )
FCS
Flag
(01111110)
1 byte
Identifier
Length
1
Configure-Request
2
Configure-Ack
3
Configure-Nak
4
Configure-Reject
5
Terminate-Request
6
Terminate-Ack
7
Code-Reject
8
Protocol-Reject
9
Echo-Request
10 Echo-Reply
http://www.soc.napier.ac.uk/~bill/nos.html
Data
bill@napier, 2002
Network
connection
Client
Server
LCP AND NCP packets
• Link establishment phase
• Link quality phase
• Network-layer protocol phase
• Link termination phase
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
Network
Hostname; remotenode
Password; pass 1
“Remotenode pass 1”
Accept/reject
http://www.soc.napier.ac.uk/~bill/nos.html
Password sent
with clear text
bill@napier, 2002
Client
Server
Hostname; remotenode
Password; pass 1
Challenge
Response
Accept/reject
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
RCR sta
Tut
Closed
str
Closing
Open
Close
Opened
sca
RCN,TO +
scn
Req-sent
RCA
RCR+
TO+
RCR-
RCN,TO + scr
Ack-Rcvd
RCA
scn
Ack-Sent
sca
RCR+
RCR-
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002
LCP configuration
packets
Link Dead
Phase
Up
Link
Establishment
Phase
Opened
Authentication
Phase
Fail
Fail
Success/
none
Down
Link
Terminatation
Phase
Closing
NetworkLayer Protocol
Phase
NCP packets
http://www.soc.napier.ac.uk/~bill/nos.html
bill@napier, 2002