Network administration Network administration

Network administrationNetwork administration

SCCI - Master-2SCCI - Master-2

03.10.200703.10.2007

Wagner (SCCI) network 03.10.2007 1 / 55

NetworksNetworks

network

group of interconnected machines

internet

network of networksbased on TCP and IP protocols


Networks of networksNetworks of networks


TCP/IPTCP/IP

Internet Protocol

identi�es network interfaceshandles routingfragmentation of data into packets

Transmission Control Protocol

transmissions in connected modeerror corrections, packets arriving in order


OutlineOutline

1 IP addresses

2 Routing

3 Services

4 Integration between di�erent OS


IP addressIP address

unique number identifying a network interface

example : 192.168.0.1

example : 127.0.0.1

two parts :

network IDmachine ID

4 bytes :

aaa.bbb.ccc.ddd


Network classesNetwork classes

3 classes of networks :

class A :

few networkslots of machinesnnn.mmm.mmm.mmm

class B :

lots of middle size networksnnn.nnn.mmm.mmm

class C :

lots of networksfew machinesnnn.nnn.nnn.mmm


Network maskNetwork mask

possibility to be more �exible

choice : which bits are used for network ID, which bits are usedfor machine ID

example : 255.255.255.0 : mask for class C network

example : 255.0.0.0 : mask for class A network

example : 255.128.0.0 : 9 bits for network, 23 bits for machines


Basic con�gurationBasic con�guration

ifcon�g command

ifcon�g -a : list all available interfaces

ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up


Machine namesMachine names

need for human readable names

IP addresses may change ⇒ name does not change

association between names and addresses

several names can be associated to the same address


URLURL

Uniform Resource Locator


Domain nameDomain name

Domain Name System

hierarchy :

subdomains : en.wikipedia.orgrecursive address resolution

heavy use of caching

slow propagation of changes (up to several days)di�erent addresses may be seen for a name if requests originatefrom di�erent places


Address resolvingAddress resolving

di�erent mechanisms : /etc/nsswitch.conf

DNS servers : /etc/resolv.conf

/etc/hosts : list of known machines

may be a cause of process stall


OutlineOutline

1 IP addresses

2 Routing

3 Services



RoutingRouting

routing handled by IP protocol

routes are found from neighbours to neighbours

maybe di�erent routes from source to target

routes may or not be symmetric

possibility to cycle

mechanisms to destroy packets (TTL)


Routing tablesRouting tables

on each machine : a table indicating to what network interface apacket should be routed

many possible destinations ⇒ table contains generally networkaddresses rather than machines addresses

table displayed and con�gured by the route command


RouteRoute

man route : good for common tasks (examples)

route : displays routing table

route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0

route add default gw mango-gw


TracerouteTraceroute

<_wagnerf@chippewa_:~> $ traceroute gnu.org

traceroute to gnu.org (199.232.41.10), 30 hops max, 40 byte packets

1 c-vpn-pub.imag.fr (129.88.1.237) 3.166 ms 3.423 ms 3.998 ms

2 r-vpn-int.imag.fr (129.88.63.254) 4.652 ms 5.416 ms 8.291 ms

3 r-campus.grenet.fr (193.54.185.120) 8.356 ms 9.055 ms 9.544 ms

4 tigre1.grenet.fr (193.54.184.33) 13.604 ms 14.928 ms 14.981 ms

5 grenoble-g3-2.cssi.renater.fr (193.51.181.94) 15.124 ms 17.284 ms 17.338 ms

6 lyon-pos13-0.cssi.renater.fr (193.51.179.237) 29.161 ms 17.866 ms 17.927 ms

7 nri-a-pos9-0.cssi.renater.fr (193.51.179.129) 18.194 ms 18.263 ms 20.084 ms

8 ge3-0-0-dcr2.par.cw.net (195.10.54.65) 30.435 ms 31.029 ms 20.084 ms

9 so-6-0-0-dcr1.was.cw.net (195.2.10.130) 212.538 ms 103.973 ms 104.354 ms

10 so-0-0-0-dcr1.ash.cw.net (195.2.0.218) 109.577 ms 113.545 ms 114.012 ms


ARP protocolARP protocol

IP : high level protocol

network card : mainly ethernet protocol

correspondance between MAC addresses and IP addresses⇒ Address Resolution Protocol

chippewa:/home/wagnerf# arp

Address HWtype HWaddress Flags Mask Iface

10.6.8.254 ether 00:07:EC:CD:18:CA C eth2


External connectionsExternal connections

use of a gateway

a gateway binds two di�erent networks


Two network cardsTwo network cards

eth0 and eth1 in two di�erent networks

machine acting as a gateway

other machines modify their routing tables

activate forwarding

echo 1 > /proc/sys/net/ipv4/ip_forward


MasqueradingMasquerading

we lie on origin of all outgoing packets

packets will be tagged as coming from gateway

goal : connecting a subnet by using only 1 IP address

gateway in charge of correspondences

note : the connected subnet should be a local network(192.168.X.X)


MasqueradingMasquerading

Masquerading-Simple-HOWTO

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

iptables will be presented in details in following courses


Useful commandsUseful commands

netstat : lists active sockets

lsof : lists processes using sockets

telnet : sending data interactively

netcat : like cat for network


OutlineOutline

1 IP addresses

2 Routing

3 Services



ServicesServices

examples

print serverweb serverftp servergame servers. . .

servers are executed as daemons


Port numberPort number

di�erent services on one machine

how to di�erentiate them ?

port number

one service = one port + one protocolstandard numbers (web=80, . . .)entry points on a machine


TCP communicationsTCP communications

client side

create a socketconnect to remote host on given portconnection accepted or refusedcommunications following protocol

server side

create a socketbind socket to given portaccept or refuse incoming communications


Common servicesCommon services

/etc/network/services

ftp : 21ssh : 22telnet : 23www : 80pop3 : 110. . .


DHCP serverDHCP server

centralize network con�guration

con�gures IP addresses, routing tables, DNS servers

server : dhcpd

client : dhchcd, pump, dh_client

communication by broadcast


Web serverWeb server

usually apache

many other servers

caudium, yaws, araneida, boa

installation from packages

con�guration �les in /etc/apache2

many di�erent modules


Mail serverMail server

sending :

routing from servers to servers

smtp protocolservers : sendmail, post�x, exim

receiving :

receiving mail in the spool/var/mail/wagnerfthrough network : POP3, IMAP


News serverNews server

messages exchanged in newsgroups

port 119

NNTP protocol : transfer between servers

NNRP protocol : to read news

servers : INN, Dnews, . . .


DNS serverDNS server

name resolver

symbolic name ⇒ IP addressport 53 udp or tcpserver : Bind


Distant connectionsDistant connections

telnet

rlogin

ssh


ProxyProxy

proxy : intermediate element between client and server

handle the �ow of data

goals :

�lter : forbid or removecache : accelerateanonymize : hide end usersauthenticate : simple access to protected resources


Proxy serverProxy server


Some web proxiesSome web proxies

squid

caching proxy

junkbuster

removes advertising from web pages


OutlineOutline

1 IP addresses

2 Routing

3 Services



Heterogeneous networksHeterogeneous networks

di�erent OS in the same network :

linux + windows95 + macOS Xlinux + freebsd + windows NTMS/DOS + windows + macOS. . .


GoalsGoals

network ⇒ sharing of resources

printers�leszip drive, backup services. . .

sharing access to internet

gateway + masquerading


StructureStructure


IP networkIP network

easy to put in place

standard protocolavailable on all systemsimmediate interconnection

resources sharing ?

unix standardse�cientsnot compatible with windows


File sharingFile sharing

NFS (Network File Sharing)

server exports �le systemsclient mounts remote �le systemscompletely transparentkernel or user-space driver


PrintersPrinters

lpd daemon on all machines

daemons communicate

/etc/printcap con�g �le

local printersremote printers

security : authorize or not remote connections


Other devicesOther devices

often NFS is su�cient (e.g. for ZIP drive)

special services for some devices

scanner : sanesound : nas, . . .applications : X

but how to authenticate users ?


Yellow pagesYellow pages

NIS : Network Information Service

centralize network con�guration

table of administrative informations on one serveruser informations (uid, gid)domain namesmachine names in one domainNFS


NISNIS

clients broadcast requests

one map for each serviceypcat map to see one

only one manipulation to add a user on the whole network (ordisk, . . .)

problems

important network usemay not scale very well ⇒ NIS caches


StandardsStandards

several organizations develop standards

ISOC (internet society)IETF (internet engineering task force)IAB (internet architecture board)RIPE (Réseaux IP Européens)


Standards developmentStandards development

at �rst : RFC (Request For Comments)

proposals for new standardsinformative notes

in the old times. . .

if RFC was OK ⇒ implemented ⇒ standarddecision from developers and community


Standards developmentStandards development

modi�cation in 1993/1994

development of the webinternet gains in usersdevelopment from trade

netscape and microsoft add extensions to htmlformat wars (javascript/active X)no respect for standard procedure ⇒ loss of compatibilities forthe internet


netbios / netbuinetbios / netbui

proprietary protocol

development with NT (beginning 90)developed by microsoft, no RFCallows

sharing of �lessharing of printersa little remote administration

initially undocumented


SAMBASAMBA

implementation of netbui for unix

clientserver

set of tools

administration of windows domainsmount windows disksmount unix disks under windowsuser accounts handling


Con�gurationCon�guration

often installed by default

/etc/samba/smb.conf

network con�guration [global]disks :

accounts (homes) [homes]public disks (applications) [public]

printers [printers]


Samba programsSamba programs

smbclient

ftp-likeaccess to all windows resources

smbmount

mount windows directoriescareful with rights !


Documents

Network administration Network administration