Upload
nora-ross
View
223
Download
4
Embed Size (px)
Citation preview
CIT 500: IT Fundamentals
Networking
1
Topics
1. Configuring the Network2. IP Addresses and Netmasks3. Name Resolution and DNS4. Inetd
2
Configuring the Network
What you need to know:– Your IP address– Your hostname– IP address of your gateway router– Netmask for your local network– IP addresses of DNS servers
Lots of information– Too complicated for end user.– Too many systems for sysadmin to deal with.
3
Dynamic Host Configuration Protocol
DHCP onfigures network params for clients.– IP address.– Default route.– Server addresses (DNS, NIS, tftp, etc.)– MTU, TTL, etc.
Security issues: unauthorized servers– Any server can respond to DHCP broadcast.– Client typically uses first message received.– Malicious server can control client DNS, routes.
DHCP Conversation1. Client sends
broadcast to discover DHCP svrs.
2. DHCP server broadcasts offer.
3. DHCP client broadcasts request telling server which IP addr it wants.
4. DHCP server acks request, notifying that IP addr reserved.
DHCP Address Allocation
Dynamic– Host given “lease” on IP address for a specified
period of time.– Clients can release leases.– Clients can ask for lease to a specific IP addr.
Automatic– Address permanently assigned to client.
Manual– Address selected by the client.
Red Hat Network Configuration
Start and stop network like other servicesservice network [start | stop | restart ]
Network service uses /etc/sysconfig files/etc/sysconfig/network
/etc/sysconfig/network-scripts/*
7
Red Hat DHCP Configuration
/etc/sysconfig/networkNETWORKING=yesHOSTNAME=myhostname
/etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=eth0BOOTPROTO=dhcp ONBOOT=yes
8
Static IP Addresses
Servers need static IP addresses– Allows users to access them consistently.– So do routers and other network devices.
Static IPs can be useful for desktops too– Easier to access remotely if IP address consistent.– Use automatic address assignation via DHCP.
9
Red Hat Static Configuration
/etc/sysconfig/networkNETWORKING=yesHOSTNAME=myhostnameGATEWAY=192.168.1.1
/etc/sysconfig/network-scripts/ifcfg-eth0DEVICE=eth0BOOTPROTO=staticIPADDR=192.168.1.10NETMASK=255.255.255.0ONBOOT=yes
10
IP Addresses32-bit integers
One for each network interface.Dotted decimal notation: ii.jj.kk.ll
172 . 16 . 254 . 1
10101100 00010000 11111110 00000001
1 byte
32 bits = 4 bytes
Grouping IP AddressesGroups of consecutive IP addrs are called networks.
Routing table would only need 3 entries below.
Network and Host Parts
IP addresses are divided into two parts– Network ID (like zip code)– Host ID (like street address)
Network ID Host ID
Two special IP addresses– Network address (e.g. 130.4.0.0)– Broadcast address (e.g. 130.4.255.255)
Address ClassesClass A: 0.0.0.0-127.255.255.255
8-bit net ID, 24-bit host ID224 – 2 hosts per network; 126 networks
Class B: 128.0.0.0-191.255.255.25516-bit net ID, 16-bit host ID216 – 2 hosts per network; 16,384 networks
Class C: 192.0.0.0-223.255.255.25524-bit net ID, 8-bit host ID(28 – 2) = 254 hosts per network; 2,097,152 networks
Class D: 224.0.0.0-239.255.255.25528-bit multicast group ID
Class E: 240.0.0.0-255.255.255.255Reserved for future use
CIDR
Classless Inter-Domain Routing– Classful routing wastes most IP addresses.– Allocate addresses on bit boundaries instead of
byte boundaries.– Allow ISPs/users to decide on boundaries instead
of basing on IP addresses.
Prefix notation– /x indicates that first x bits are shared.– 192.168.0.0/16 = 192.168.0.0 – 192.168.255.255
Public IP Addresses
ICANN assigns network numbers.– Internet Corporation for Assigned Network
Numbers.– ICANN gives authority to regional orgs, e.g. ARIN
(American Registry for Internet Numbers)– Typically to ISPs, universities, corporations.
ISP assigns IP addresses within network
Private RFC1918 IP AddressesPrivate IP Networks Network Class Count of Networks
10.0.0.0 A 1
172.16.0.0 through
172.31.0.0
B 16
192.168.0.0 through 192.168.255.0
C 256
Private addresses are not usable on the Internet so they must betranslated to public addresses for traffic between private and publicIP addresses.
IPv4 vs IPv6 AddressesFeature IPv4 IPv6
Size of Address 32 bits 128 bits
Example Address 10.1.1.1 0000:0000:0000:0000:FFFF:FFFF:0A01:0101
Abbreviated Address
- ::FFFF:FFFF:0A01:0101
Localhost 127.0.0.1 ::1/128
Possible Addresses
232 (~4 billion) 2128 (~3.4 x 1038)
Network Mask
How do we list subnets in routing table?– Ex: addresses 150.150.4.0 – 150.150.4.255– Table: 155.155.4.0 netmask 255.255.255.0
Subnet mask indicates range– Binary 1s indicate network part of address.– Binary 0s indicate host part of address.– Always consists of 1s followed by 0s.
Prefix notation– Humanly readable form of subnet mask.– Just counts the number of binary 1s in mask.
Classful Address Ranges and MasksClass A
NNNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH
Class BNNNNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH
Class CNNNNNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH
Class Leading Bits
Start End Subnet Mask CIDR
A 0 0.0.0.0 126.255.255.255 255.0.0.0 /8
B 10 128.0.0.0 191.255.255.255 255.255.0.0 /16
C 110 192.0.0.0 231.255.255.255 255.255.255.0 /24
D 1110 224.0.0.0 239.255.255.255 N/A N/A
E 1111 240.0.0.0 255.255.255.0 N/A N/A
ifconfig
ifconfig [-a] int – configure a network interface
Only root can modify settings.Used by Red Hat’s scripts to configure NIC.
[-a] list settings for all interfacesint list settings for the specified interface int
Linux typically uses eth0, eth1 for Ethernet
21
ifconfig output
> ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:16:3e:48:75:3a inet addr:172.31.108.200 Bcast:172.31.108.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe48:753a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:95785918 errors:0 dropped:0 overruns:0 frame:0 TX packets:97352948 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2749061541 (2.5 GB) TX bytes:1206911997 (1.1 GB)
22
route
Route command displays network routes> routeKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface172.31.108.0 * 255.255.255.0 U 0 0 0 eth0default 172.31.108.1 0.0.0.0 UG 100 0 0 eth0
Most machines have only two routes– Local subnet: hosts that can talk to directly.– Default route: send all other packets to default
gateway router.
23
route
To add standard routes to a machineroute add –net 172.31.108.0 netmask 255.255.255.0 dev eth0
route add default gw 172.31.108.1
More than two routes are needed when– Machine has multiple NICs.– Machine is running virtual machines.– Machine is a router, firewall, or similar net device.
24
hostname
hostname – show or set system’s host name; may or may not include DNS
domain.
dnsdomainname – show or set system’s DNS domain name.
25
Basic Testing: Ping
• Test to see if remote host is available.• If connection fails, test link by link
– Ping system on your LAN.– Ping closest router.– Ping next router.– …– Ping target system.
• One link will fail if cannot reach remote host.
26
Troubleshooting with Traceroute
Tracks path through each router to destination– Reports which routers the packets passed through– Reports how much time it took for each hop
Useful for identifying network problems– Identify which links are down– Identify which links are slow
Remote traceroutes via www.traceroute.org.
27
Testing a Protocol Directly> telnet www.google.com 80Trying 72.14.203.99...Connected to www.l.google.com.Escape character is '^]'.GET / HTTP/1.1
HTTP/1.1 200 OKCache-Control: privateContent-Type: text/htmlSet-Cookie: PREF=ID=e812e6c7ead517fe:TM=1131846389:LM=1131846389:S=rD8-
WNplszt1Ko8A; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com
Server: GWS/2.1Transfer-Encoding: chunkedDate: Sun, 13 Nov 2005 01:46:29 GMT
a46<html><head><meta http-equiv="content-type" content="text/html; charset=ISO-8859-
1"><title>Google</title><style>
Name ResolutionTranslate human-readable names to network address.
HOSTS.TXTName translation for entire Internet in 1970s, early 1980s.A single file distributed from a single host, sri-nic.Didn’t scale: Net changed before file distributed everywhere.
DNSDesigned to resolve scalability issues in 1984 (RFC 882-3).Distributed database: many files, many servers.Allows local control of segments.
/etc/hostsMaps hostnames to IP addresses.
127.0.0.1 localhost10.30.10.15 myhost.nku.edu myhost me10.30.10.22 xerxes.nku.edu xerxes logsvr10.30.10.33 darius.nku.edu darius10.30.10.42 cyrus.nku.edu cyrus10.30.10.55 ntp.nku.edu ntp-server10.30.10.57 artaxerxes.nku.edu
/etc/hosts
Oldest, simplest means of name resolution.Derived from original HOSTS.TXT file.
Available during boot process.Before DNS available.
Available when DNS is down.Store essential name mappings for reliability.
Can share between hosts.rsync, NIS, LDAP, etc.
A minimal /etc/hosts
Name mappings for localhost.127.0.0.1 localhost10.30.10.15 myhost.nku.edu myhost
Name mappings for default gateway.10.30.10.1 gw-5.nku.edu gw-5
Name mappings for essential servers10.23.4.250 dns3.nku.edu dns310.88.9.253 ldap3.nku.edu ldap310.92.5.250 nfs4.nku.edu nfs4
The Domain Name System
DNS Clients
Configuration file: /etc/resolv.confSets search domains.Sets primary and backup DNS servers.Auto-created by DHCP if used.
Example:search nku.edu
nameserver 172.28.10.29
nameserver 172.28.10.30
DNS Lookups
> host www.google.comwww.google.com is an alias for www.l.google.com.www.l.google.com has address 216.239.37.104www.l.google.com has address 216.239.37.99> host www.nku.eduwww.nku.edu has address 192.122.237.7
Dig: DNS Lookupdig [options]
Purpose Interact with name servers specified in/etc/resolv.conf and display
their responsesOutputResponses of name servers for queries
sent to themCommonly used option/features:-f file For batch operation , take domain names
(or IP addresses) from ‘file-p port Interact with a name server at ‘port’
instead of the default port53
Dig Example> dig www.google.com
; <<>> DiG 8.3 <<>> www.google.com;; res options: init recurs defnam dnsrch;; got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5,
ADDITIONAL: 0;; QUERY SECTION:;; www.google.com, type = A, class = IN
;; ANSWER SECTION:www.google.com. 14m40s IN CNAME www.l.google.com.www.l.google.com. 4m40s IN A 72.14.203.104www.l.google.com. 4m40s IN A 72.14.203.99
Choosing services
Configuration file: /etc/nsswitch.confControls where data is found about:
User accounts and groups.Hostnames and IP addresses.Network configuration.E-mail addresses and cryptographic keys.
Potential data sourcesFiles (usually under /etc)NIS or NIS+LDAPDNS
Choosing services# /etc/nsswitch.conf## Example cfg of GNU Name Service Switch functionality.
passwd: compatgroup: compatshadow: compat
hosts: files dnsnetworks: files
protocols: db filesservices: db filesethers: db filesrpc: db files
netgroup: nis
xinetd superserver
Manages low resource services.Handles networking issues for service.Low # of connections, orSmall effort/connection.Examples: telnet, ftp, daytime, echo
Additional featuresAccess control: /etc/hosts.{allow,deny}Logging.Resource management.
Global Configuration: /etc/xinetd.conf
# Global xinetd defaultsdefaults{ instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30}
includedir /etc/xinetd.d
Per-Service ConfigurationExample: /etc/xinetd.d/telnet
service telnet { socket_type = stream wait = no nice = 10 user = root server = /usr/etc/in.telnetd
disable = no rlimit_as = 8M rlimit_cpu = 20 }
References
1. Daniel J. Barrett, Robert G. Byrnes, Richard E. Silverman, SSH, The Secure Shell, 2nd edition, O’Reilly, 2005.
2. Wendell Odom, CCNA Official Exam Certification Library, 3rd edition, Cisco Press, 2007.
3. Bill Parkhurst, Routing First-Step, Cisco Press, 2005.4. Doc Searls and David Weinberger, World of Ends,
http://www.worldofends.com/, 2003.5. W. Richard Stevens, TCP/IP Illustrated, Addison-Wesley,
19946. Nicholas Wells, The Complete Guide to Linux System
Administration, Thomson Course Technology, 2005.
43