* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Networking2
Survey
Document related concepts
IEEE 802.1aq wikipedia , lookup
Net neutrality law wikipedia , lookup
Computer network wikipedia , lookup
Network tap wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Distributed firewall wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Dynamic Host Configuration Protocol wikipedia , lookup
Transcript
CIT 500: IT Fundamentals Networking 1 Topics 1. 2. 3. 4. Configuring the Network IP Addresses and Netmasks Name Resolution and DNS Inetd 2 Configuring the Network What you need to know: – Your IP address – Your hostname – IP address of your gateway router – Netmask for your local network – IP addresses of DNS servers Lots of information – Too complicated for end user. – Too many systems for sysadmin to deal with. 3 Dynamic Host Configuration Protocol DHCP onfigures network params for clients. – IP address. – Default route. – Server addresses (DNS, NIS, tftp, etc.) – MTU, TTL, etc. Security issues: unauthorized servers – Any server can respond to DHCP broadcast. – Client typically uses first message received. – Malicious server can control client DNS, routes. DHCP Conversation 1. Client sends broadcast to discover DHCP svrs. 2. DHCP server broadcasts offer. 3. DHCP client broadcasts request telling server which IP addr it wants. 4. DHCP server acks request, notifying that IP addr reserved. DHCP Address Allocation Dynamic – Host given “lease” on IP address for a specified period of time. – Clients can release leases. – Clients can ask for lease to a specific IP addr. Automatic – Address permanently assigned to client. Manual – Address selected by the client. Red Hat Network Configuration Start and stop network like other services service network [start | stop | restart ] Network service uses /etc/sysconfig files /etc/sysconfig/network /etc/sysconfig/network-scripts/* 7 Red Hat DHCP Configuration /etc/sysconfig/network NETWORKING=yes HOSTNAME=myhostname /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes 8 Static IP Addresses Servers need static IP addresses – Allows users to access them consistently. – So do routers and other network devices. Static IPs can be useful for desktops too – Easier to access remotely if IP address consistent. – Use automatic address assignation via DHCP. 9 Red Hat Static Configuration /etc/sysconfig/network NETWORKING=yes HOSTNAME=myhostname GATEWAY=192.168.1.1 /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=eth0 BOOTPROTO=static IPADDR=192.168.1.10 NETMASK=255.255.255.0 ONBOOT=yes 10 IP Addresses 32-bit integers One for each network interface. Dotted decimal notation: ii.jj.kk.ll 172 10101100 . 16 00010000 . 254 11111110 1 byte 32 bits = 4 bytes . 1 00000001 Grouping IP Addresses Groups of consecutive IP addrs are called networks. Routing table would only need 3 entries below. Network and Host Parts IP addresses are divided into two parts – Network ID (like zip code) – Host ID (like street address) Network ID Host ID Two special IP addresses – Network address (e.g. 130.4.0.0) – Broadcast address (e.g. 130.4.255.255) Address Classes Class A: 0.0.0.0-127.255.255.255 8-bit net ID, 24-bit host ID 224 – 2 hosts per network; 126 networks Class B: 128.0.0.0-191.255.255.255 16-bit net ID, 16-bit host ID 216 – 2 hosts per network; 16,384 networks Class C: 192.0.0.0-223.255.255.255 24-bit net ID, 8-bit host ID (28 – 2) = 254 hosts per network; 2,097,152 networks Class D: 224.0.0.0-239.255.255.255 28-bit multicast group ID Class E: 240.0.0.0-255.255.255.255 Reserved for future use CIDR Classless Inter-Domain Routing – Classful routing wastes most IP addresses. – Allocate addresses on bit boundaries instead of byte boundaries. – Allow ISPs/users to decide on boundaries instead of basing on IP addresses. Prefix notation – /x indicates that first x bits are shared. – 192.168.0.0/16 = 192.168.0.0 – 192.168.255.255 Public IP Addresses ICANN assigns network numbers. – Internet Corporation for Assigned Network Numbers. – ICANN gives authority to regional orgs, e.g. ARIN (American Registry for Internet Numbers) – Typically to ISPs, universities, corporations. ISP assigns IP addresses within network Private RFC1918 IP Addresses Private IP Networks Network Class Count of Networks 10.0.0.0 172.16.0.0 through 172.31.0.0 A B 1 16 192.168.0.0 through 192.168.255.0 C 256 Private addresses are not usable on the Internet so they must be translated to public addresses for traffic between private and public IP addresses. IPv4 vs IPv6 Addresses Feature IPv4 IPv6 Size of Address Example Address 32 bits 10.1.1.1 128 bits 0000:0000:0000: 0000:FFFF:FFFF :0A01:0101 Abbreviated Address Localhost - ::FFFF:FFFF:0A 01:0101 ::1/128 Possible Addresses 127.0.0.1 232 (~4 billion) 2128 (~3.4 x 1038) Network Mask How do we list subnets in routing table? – Ex: addresses 150.150.4.0 – 150.150.4.255 – Table: 155.155.4.0 netmask 255.255.255.0 Subnet mask indicates range – Binary 1s indicate network part of address. – Binary 0s indicate host part of address. – Always consists of 1s followed by 0s. Prefix notation – Humanly readable form of subnet mask. – Just counts the number of binary 1s in mask. Classful Address Ranges and Masks Class A NNNNNNNN.HHHHHHHH.HHHHHHHH.HHHHHHHH Class B NNNNNNNN.NNNNNNNN.HHHHHHHH.HHHHHHHH Class C NNNNNNNN.NNNNNNNN.NNNNNNNN.HHHHHHHH Class Leading Bits Start End Subnet Mask CIDR A 0 0.0.0.0 126.255.255.255 255.0.0.0 /8 B 10 128.0.0.0 191.255.255.255 255.255.0.0 /16 C 110 192.0.0.0 231.255.255.255 255.255.255.0 /24 D 1110 224.0.0.0 239.255.255.255 N/A N/A E 1111 240.0.0.0 255.255.255.0 N/A N/A ifconfig ifconfig [-a] int – configure a network interface Only root can modify settings. Used by Red Hat’s scripts to configure NIC. [-a] int list settings for all interfaces list settings for the specified interface int Linux typically uses eth0, eth1 for Ethernet 21 ifconfig output > ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:16:3e:48:75:3a inet addr:172.31.108.200 Bcast:172.31.108.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fe48:753a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:95785918 errors:0 dropped:0 overruns:0 frame:0 TX packets:97352948 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2749061541 (2.5 GB) TX bytes:1206911997 (1.1 GB) 22 route Route command displays network routes > route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.31.108.0 * 255.255.255.0 U 0 0 0 eth0 default 172.31.108.1 0.0.0.0 UG 100 0 0 eth0 Most machines have only two routes – Local subnet: hosts that can talk to directly. – Default route: send all other packets to default gateway router. 23 route To add standard routes to a machine route add –net 172.31.108.0 netmask 255.255.255.0 dev eth0 route add default gw 172.31.108.1 More than two routes are needed when – Machine has multiple NICs. – Machine is running virtual machines. – Machine is a router, firewall, or similar net device. 24 hostname hostname – show or set system’s host name; may or may not include DNS domain. dnsdomainname – show or set system’s DNS domain name. 25 Basic Testing: Ping • Test to see if remote host is available. • If connection fails, test link by link – Ping system on your LAN. – Ping closest router. – Ping next router. –… – Ping target system. • One link will fail if cannot reach remote host. 26 Troubleshooting with Traceroute Tracks path through each router to destination – Reports which routers the packets passed through – Reports how much time it took for each hop Useful for identifying network problems – Identify which links are down – Identify which links are slow Remote traceroutes via www.traceroute.org. 27 Testing a Protocol Directly > telnet www.google.com 80 Trying 72.14.203.99... Connected to www.l.google.com. Escape character is '^]'. GET / HTTP/1.1 HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html Set-Cookie: PREF=ID=e812e6c7ead517fe:TM=1131846389:LM=1131846389:S=rD8WNplszt1Ko8A; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=.google.com Server: GWS/2.1 Transfer-Encoding: chunked Date: Sun, 13 Nov 2005 01:46:29 GMT a46 <html><head><meta http-equiv="content-type" content="text/html; charset=ISO-88591"><title>Google</title><style> Name Resolution Translate human-readable names to network address. HOSTS.TXT Name translation for entire Internet in 1970s, early 1980s. A single file distributed from a single host, sri-nic. Didn’t scale: Net changed before file distributed everywhere. DNS Designed to resolve scalability issues in 1984 (RFC 882-3). Distributed database: many files, many servers. Allows local control of segments. /etc/hosts Maps hostnames to IP addresses. 127.0.0.1 10.30.10.15 10.30.10.22 10.30.10.33 10.30.10.42 10.30.10.55 10.30.10.57 localhost myhost.nku.edu myhost me xerxes.nku.edu xerxes logsvr darius.nku.edu darius cyrus.nku.edu cyrus ntp.nku.edu ntp-server artaxerxes.nku.edu /etc/hosts Oldest, simplest means of name resolution. Derived from original HOSTS.TXT file. Available during boot process. Before DNS available. Available when DNS is down. Store essential name mappings for reliability. Can share between hosts. rsync, NIS, LDAP, etc. A minimal /etc/hosts Name mappings for localhost. 127.0.0.1 10.30.10.15 localhost myhost.nku.edu myhost Name mappings for default gateway. 10.30.10.1 gw-5.nku.edu gw-5 Name mappings for essential servers 10.23.4.250 10.88.9.253 10.92.5.250 dns3.nku.edu dns3 ldap3.nku.edu ldap3 nfs4.nku.edu nfs4 The Domain Name System DNS Clients Configuration file: /etc/resolv.conf Sets search domains. Sets primary and backup DNS servers. Auto-created by DHCP if used. Example: search nku.edu nameserver 172.28.10.29 nameserver 172.28.10.30 DNS Lookups > host www.google.com www.google.com is an alias for www.l.google.com. www.l.google.com has address 216.239.37.104 www.l.google.com has address 216.239.37.99 > host www.nku.edu www.nku.edu has address 192.122.237.7 Dig: DNS Lookup dig [options] Purpose Interact with name servers specified in /etc/resolv.conf and display their responses Output Responses of name servers for queries sent to them Commonly used option/features: -f file For batch operation , take domain names (or IP addresses) from ‘file -p port Interact with a name server at ‘port’ instead of the default port53 Dig Example > dig www.google.com ; <<>> DiG 8.3 <<>> www.google.com ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 0 ;; QUERY SECTION: ;; www.google.com, type = A, class = IN ;; ANSWER SECTION: www.google.com. 14m40s IN CNAME www.l.google.com. www.l.google.com. 4m40s IN A 72.14.203.104 www.l.google.com. 4m40s IN A 72.14.203.99 Choosing services Configuration file: /etc/nsswitch.conf Controls where data is found about: User accounts and groups. Hostnames and IP addresses. Network configuration. E-mail addresses and cryptographic keys. Potential data sources Files (usually under /etc) NIS or NIS+ LDAP DNS Choosing services # /etc/nsswitch.conf # # Example cfg of GNU Name Service Switch functionality. passwd: group: shadow: compat compat compat hosts: networks: files dns files protocols: services: ethers: rpc: db db db db netgroup: nis files files files files xinetd superserver Manages low resource services. Handles networking issues for service. Low # of connections, or Small effort/connection. Examples: telnet, ftp, daytime, echo Additional features Access control: /etc/hosts.{allow,deny} Logging. Resource management. Global Configuration: /etc/xinetd.conf # Global xinetd defaults defaults { instances = 60 log_type = SYSLOG authpriv log_on_success = HOST PID log_on_failure = HOST cps = 25 30 } includedir /etc/xinetd.d Per-Service Configuration Example: /etc/xinetd.d/telnet service telnet { socket_type = stream wait = no nice = 10 user = root server = /usr/etc/in.telnetd disable = no rlimit_as = 8M rlimit_cpu = 20 } References 1. Daniel J. Barrett, Robert G. Byrnes, Richard E. Silverman, SSH, The Secure Shell, 2nd edition, O’Reilly, 2005. 2. Wendell Odom, CCNA Official Exam Certification Library, 3rd edition, Cisco Press, 2007. 3. Bill Parkhurst, Routing First-Step, Cisco Press, 2005. 4. Doc Searls and David Weinberger, World of Ends, http://www.worldofends.com/, 2003. 5. W. Richard Stevens, TCP/IP Illustrated, Addison-Wesley, 1994 6. Nicholas Wells, The Complete Guide to Linux System Administration, Thomson Course Technology, 2005. 43