Post on 14-May-2015
Network administrationNetwork administration
SCCI - Master-2SCCI - Master-2
03.10.200703.10.2007
Wagner (SCCI) network 03.10.2007 1 / 55
NetworksNetworks
network
group of interconnected machines
internet
network of networksbased on TCP and IP protocols
Wagner (SCCI) network 03.10.2007 2 / 55
Networks of networksNetworks of networks
Wagner (SCCI) network 03.10.2007 3 / 55
TCP/IPTCP/IP
Internet Protocol
identi�es network interfaceshandles routingfragmentation of data into packets
Transmission Control Protocol
transmissions in connected modeerror corrections, packets arriving in order
Wagner (SCCI) network 03.10.2007 4 / 55
OutlineOutline
1 IP addresses
2 Routing
3 Services
4 Integration between di�erent OS
Wagner (SCCI) network 03.10.2007 5 / 55
IP addressIP address
unique number identifying a network interface
example : 192.168.0.1
example : 127.0.0.1
two parts :
network IDmachine ID
4 bytes :
aaa.bbb.ccc.ddd
Wagner (SCCI) network 03.10.2007 6 / 55
Network classesNetwork classes
3 classes of networks :
class A :
few networkslots of machinesnnn.mmm.mmm.mmm
class B :
lots of middle size networksnnn.nnn.mmm.mmm
class C :
lots of networksfew machinesnnn.nnn.nnn.mmm
Wagner (SCCI) network 03.10.2007 7 / 55
Network maskNetwork mask
possibility to be more �exible
choice : which bits are used for network ID, which bits are usedfor machine ID
example : 255.255.255.0 : mask for class C network
example : 255.0.0.0 : mask for class A network
example : 255.128.0.0 : 9 bits for network, 23 bits for machines
Wagner (SCCI) network 03.10.2007 8 / 55
Basic con�gurationBasic con�guration
ifcon�g command
ifcon�g -a : list all available interfaces
ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up
Wagner (SCCI) network 03.10.2007 9 / 55
Machine namesMachine names
need for human readable names
IP addresses may change ⇒ name does not change
association between names and addresses
several names can be associated to the same address
Wagner (SCCI) network 03.10.2007 10 / 55
URLURL
Uniform Resource Locator
Wagner (SCCI) network 03.10.2007 11 / 55
Domain nameDomain name
Domain Name System
hierarchy :
subdomains : en.wikipedia.orgrecursive address resolution
heavy use of caching
slow propagation of changes (up to several days)di�erent addresses may be seen for a name if requests originatefrom di�erent places
Wagner (SCCI) network 03.10.2007 12 / 55
Address resolvingAddress resolving
di�erent mechanisms : /etc/nsswitch.conf
DNS servers : /etc/resolv.conf
/etc/hosts : list of known machines
may be a cause of process stall
Wagner (SCCI) network 03.10.2007 13 / 55
OutlineOutline
1 IP addresses
2 Routing
3 Services
4 Integration between di�erent OS
Wagner (SCCI) network 03.10.2007 14 / 55
RoutingRouting
routing handled by IP protocol
routes are found from neighbours to neighbours
maybe di�erent routes from source to target
routes may or not be symmetric
possibility to cycle
mechanisms to destroy packets (TTL)
Wagner (SCCI) network 03.10.2007 15 / 55
Routing tablesRouting tables
on each machine : a table indicating to what network interface apacket should be routed
many possible destinations ⇒ table contains generally networkaddresses rather than machines addresses
table displayed and con�gured by the route command
Wagner (SCCI) network 03.10.2007 16 / 55
RouteRoute
man route : good for common tasks (examples)
route : displays routing table
route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0
route add default gw mango-gw
Wagner (SCCI) network 03.10.2007 17 / 55
TracerouteTraceroute
<_wagnerf@chippewa_:~> $ traceroute gnu.org
traceroute to gnu.org (199.232.41.10), 30 hops max, 40 byte packets
1 c-vpn-pub.imag.fr (129.88.1.237) 3.166 ms 3.423 ms 3.998 ms
2 r-vpn-int.imag.fr (129.88.63.254) 4.652 ms 5.416 ms 8.291 ms
3 r-campus.grenet.fr (193.54.185.120) 8.356 ms 9.055 ms 9.544 ms
4 tigre1.grenet.fr (193.54.184.33) 13.604 ms 14.928 ms 14.981 ms
5 grenoble-g3-2.cssi.renater.fr (193.51.181.94) 15.124 ms 17.284 ms 17.338 ms
6 lyon-pos13-0.cssi.renater.fr (193.51.179.237) 29.161 ms 17.866 ms 17.927 ms
7 nri-a-pos9-0.cssi.renater.fr (193.51.179.129) 18.194 ms 18.263 ms 20.084 ms
8 ge3-0-0-dcr2.par.cw.net (195.10.54.65) 30.435 ms 31.029 ms 20.084 ms
9 so-6-0-0-dcr1.was.cw.net (195.2.10.130) 212.538 ms 103.973 ms 104.354 ms
10 so-0-0-0-dcr1.ash.cw.net (195.2.0.218) 109.577 ms 113.545 ms 114.012 ms
Wagner (SCCI) network 03.10.2007 18 / 55
ARP protocolARP protocol
IP : high level protocol
network card : mainly ethernet protocol
correspondance between MAC addresses and IP addresses⇒ Address Resolution Protocol
chippewa:/home/wagnerf# arp
Address HWtype HWaddress Flags Mask Iface
10.6.8.254 ether 00:07:EC:CD:18:CA C eth2
Wagner (SCCI) network 03.10.2007 19 / 55
External connectionsExternal connections
use of a gateway
a gateway binds two di�erent networks
Wagner (SCCI) network 03.10.2007 20 / 55
Two network cardsTwo network cards
eth0 and eth1 in two di�erent networks
machine acting as a gateway
other machines modify their routing tables
activate forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Wagner (SCCI) network 03.10.2007 21 / 55
MasqueradingMasquerading
we lie on origin of all outgoing packets
packets will be tagged as coming from gateway
goal : connecting a subnet by using only 1 IP address
gateway in charge of correspondences
note : the connected subnet should be a local network(192.168.X.X)
Wagner (SCCI) network 03.10.2007 22 / 55
MasqueradingMasquerading
Masquerading-Simple-HOWTO
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables will be presented in details in following courses
Wagner (SCCI) network 03.10.2007 23 / 55
Useful commandsUseful commands
netstat : lists active sockets
lsof : lists processes using sockets
telnet : sending data interactively
netcat : like cat for network
Wagner (SCCI) network 03.10.2007 24 / 55
OutlineOutline
1 IP addresses
2 Routing
3 Services
4 Integration between di�erent OS
Wagner (SCCI) network 03.10.2007 25 / 55
ServicesServices
examples
print serverweb serverftp servergame servers. . .
servers are executed as daemons
Wagner (SCCI) network 03.10.2007 26 / 55
Port numberPort number
di�erent services on one machine
how to di�erentiate them ?
port number
one service = one port + one protocolstandard numbers (web=80, . . .)entry points on a machine
Wagner (SCCI) network 03.10.2007 27 / 55
TCP communicationsTCP communications
client side
create a socketconnect to remote host on given portconnection accepted or refusedcommunications following protocol
server side
create a socketbind socket to given portaccept or refuse incoming communications
Wagner (SCCI) network 03.10.2007 28 / 55
Common servicesCommon services
/etc/network/services
ftp : 21ssh : 22telnet : 23www : 80pop3 : 110. . .
Wagner (SCCI) network 03.10.2007 29 / 55
DHCP serverDHCP server
centralize network con�guration
con�gures IP addresses, routing tables, DNS servers
server : dhcpd
client : dhchcd, pump, dh_client
communication by broadcast
Wagner (SCCI) network 03.10.2007 30 / 55
Web serverWeb server
usually apache
many other servers
caudium, yaws, araneida, boa
installation from packages
con�guration �les in /etc/apache2
many di�erent modules
Wagner (SCCI) network 03.10.2007 31 / 55
Mail serverMail server
sending :
routing from servers to servers
smtp protocolservers : sendmail, post�x, exim
receiving :
receiving mail in the spool/var/mail/wagnerfthrough network : POP3, IMAP
Wagner (SCCI) network 03.10.2007 32 / 55
News serverNews server
messages exchanged in newsgroups
port 119
NNTP protocol : transfer between servers
NNRP protocol : to read news
servers : INN, Dnews, . . .
Wagner (SCCI) network 03.10.2007 33 / 55
DNS serverDNS server
name resolver
symbolic name ⇒ IP addressport 53 udp or tcpserver : Bind
Wagner (SCCI) network 03.10.2007 34 / 55
Distant connectionsDistant connections
telnet
rlogin
ssh
Wagner (SCCI) network 03.10.2007 35 / 55
ProxyProxy
proxy : intermediate element between client and server
handle the �ow of data
goals :
�lter : forbid or removecache : accelerateanonymize : hide end usersauthenticate : simple access to protected resources
Wagner (SCCI) network 03.10.2007 36 / 55
Proxy serverProxy server
Wagner (SCCI) network 03.10.2007 37 / 55
Some web proxiesSome web proxies
squid
caching proxy
junkbuster
removes advertising from web pages
Wagner (SCCI) network 03.10.2007 38 / 55
OutlineOutline
1 IP addresses
2 Routing
3 Services
4 Integration between di�erent OS
Wagner (SCCI) network 03.10.2007 39 / 55
Heterogeneous networksHeterogeneous networks
di�erent OS in the same network :
linux + windows95 + macOS Xlinux + freebsd + windows NTMS/DOS + windows + macOS. . .
Wagner (SCCI) network 03.10.2007 40 / 55
GoalsGoals
network ⇒ sharing of resources
printers�leszip drive, backup services. . .
sharing access to internet
gateway + masquerading
Wagner (SCCI) network 03.10.2007 41 / 55
StructureStructure
Wagner (SCCI) network 03.10.2007 42 / 55
IP networkIP network
easy to put in place
standard protocolavailable on all systemsimmediate interconnection
resources sharing ?
unix standardse�cientsnot compatible with windows
Wagner (SCCI) network 03.10.2007 43 / 55
File sharingFile sharing
NFS (Network File Sharing)
server exports �le systemsclient mounts remote �le systemscompletely transparentkernel or user-space driver
Wagner (SCCI) network 03.10.2007 44 / 55
PrintersPrinters
lpd daemon on all machines
daemons communicate
/etc/printcap con�g �le
local printersremote printers
security : authorize or not remote connections
Wagner (SCCI) network 03.10.2007 45 / 55
Other devicesOther devices
often NFS is su�cient (e.g. for ZIP drive)
special services for some devices
scanner : sanesound : nas, . . .applications : X
but how to authenticate users ?
Wagner (SCCI) network 03.10.2007 46 / 55
Yellow pagesYellow pages
NIS : Network Information Service
centralize network con�guration
table of administrative informations on one serveruser informations (uid, gid)domain namesmachine names in one domainNFS
Wagner (SCCI) network 03.10.2007 47 / 55
NISNIS
clients broadcast requests
one map for each serviceypcat map to see one
only one manipulation to add a user on the whole network (ordisk, . . .)
problems
important network usemay not scale very well ⇒ NIS caches
Wagner (SCCI) network 03.10.2007 48 / 55
StandardsStandards
several organizations develop standards
ISOC (internet society)IETF (internet engineering task force)IAB (internet architecture board)RIPE (Réseaux IP Européens)
Wagner (SCCI) network 03.10.2007 49 / 55
Standards developmentStandards development
at �rst : RFC (Request For Comments)
proposals for new standardsinformative notes
in the old times. . .
if RFC was OK ⇒ implemented ⇒ standarddecision from developers and community
Wagner (SCCI) network 03.10.2007 50 / 55
Standards developmentStandards development
modi�cation in 1993/1994
development of the webinternet gains in usersdevelopment from trade
netscape and microsoft add extensions to htmlformat wars (javascript/active X)no respect for standard procedure ⇒ loss of compatibilities forthe internet
Wagner (SCCI) network 03.10.2007 51 / 55
netbios / netbuinetbios / netbui
proprietary protocol
development with NT (beginning 90)developed by microsoft, no RFCallows
sharing of �lessharing of printersa little remote administration
initially undocumented
Wagner (SCCI) network 03.10.2007 52 / 55
SAMBASAMBA
implementation of netbui for unix
clientserver
set of tools
administration of windows domainsmount windows disksmount unix disks under windowsuser accounts handling
Wagner (SCCI) network 03.10.2007 53 / 55
Con�gurationCon�guration
often installed by default
/etc/samba/smb.conf
network con�guration [global]disks :
accounts (homes) [homes]public disks (applications) [public]
printers [printers]
Wagner (SCCI) network 03.10.2007 54 / 55
Samba programsSamba programs
smbclient
ftp-likeaccess to all windows resources
smbmount
mount windows directoriescareful with rights !
Wagner (SCCI) network 03.10.2007 55 / 55