Download It

51
Unix Networking Basics

TAGS:

Transcript of Download It

Page 1: Download It

Unix Networking Basics

Page 2: Download It

Material to be covered

• Contents– LAN concepts and components

– Configuring Unix networking

– Configuring Internet services

Page 3: Download It

1. LAN Concepts and Components

• This will be the biggest section, because it’s the most foundational

Page 4: Download It

Application

Presentation

Session

1

2

3

4

5

6

7

Transport

Network

Data Link

Physical

OSI Protocol Stack

Understanding

Transmission

Page 5: Download It

OSI Protocol Stack (cont.)

• Layers 1-4: transmission - how data moves through the network.

• Layers 5-7: understanding - how data appears to applications and users

Page 6: Download It

OSI Protocol Stack (cont.)

• Explanation of the layers:– Physical: Physical cable, electrical signalling, cable

length specifications, connector size.

– Data link: Error free (not reliable) media access for datagrams

– Network: Provides path (route) through the network for data

– Transport: Reliable (usually) flow of datagrams between two nodes

– Session: Synchronises dialogue between two programs

Page 7: Download It

OSI Protocol Stack (cont.)

• Explanation (cont.):– Presentation: Converts data between formats used by

two programs

– Application: Obvious (hopefully)

Page 8: Download It

Application

Presentation

Session

1

2

3

4

5

6

7

Transport

Network

Data Link

Physical

Berkeley/ARPA NFS

XDR

RPC

TCP UDP

ARP

ICMP

IP

802.2

802.3Ethernet

10 base T/2/5 Optical fibre

Internet Protocols and Services

SSL

Page 9: Download It

Transmission Attributes

• Bandwidth– Measure of channel throughput

– Baseband: one channel (most LAN technologies)

– Broadband: multiple channels (cable TV)

• Electrical interference– Noise produced by other electrical devices and cables

– Shielding used to reduce

• Attenuation– Signal decay over the length of the cable

– Reduced by amplifiers (analog), repeaters (digital)

Page 10: Download It

Access Methods

• CSMA/CD (ethernet)– Carrier sense, multiple access, collision detection

– Nodes must wait to transmit, and back off if there is a collision

– Performs poorly under high load conditions

• Token passing (token ring)– A token is passed around from node to node - only the

node with the token can transmit

– If a node has nothing to send, it passes the token to the next node

– Performs well under high load

– Provides guaranteed access to every node

• Point-to-point (SLIP, PPP)

Page 11: Download It

IEEE Standards

• IEEE defined LAN standards– Similar to OSI stack

– Split data link layer into two levels:

» Logical link control (LLC)

» Media access control (MAC)

• Standards– 802.2: LLC

– 802.3: CSMA/CD

– 802.4: Token passing (bus topology)

– 802.5: Token passing (ring topology)

Page 12: Download It

Media Types

• Coaxial (10 base 2): “BNC”, “Thin Ethernet”– Central conductor surrounded by a metal shield and

insulators

– Bus topology

– Pros:

» No powered components

– Cons:

» Breaking one cable breaks whole network

– Length: 180 m total

– Not common any more

Page 13: Download It

Media Types (cont.)

• Twisted pair (10 base T, 100 base T): “UTP”– Pairs of wires (2 or 4 pairs), twisted together

– Star topology

– Pros:

» Each node has a separate connection, thus easy to “plug and play”

» Failure of one cable only affects attached node

» Hubs can provide management information

– Cons:

» Requires a hub, thus more expensive than coaxial

» Failure of hub affects all attached nodes

– Most commonly used cable in the industry

– Length: 90 m per cable run, maximum of 4 hops

Page 14: Download It

Media Types (cont.)

• Optical fibre– Glass fibres transmit light pulses

– Point-to-point connection

– Pros:

» Immune to electrical interference

» High bandwidth

– Cons:

» Installation and maintenance difficult

» Equipment often expensive

– Used for some inter-network connections and high-bandwidth disk connectivity

Page 15: Download It

Transceivers

• Convert signals from a LAN card to specific cable types

• Several types used;– 10 base T

– 10 base 2

– 100 base T

– Gigabit

Page 16: Download It

Application

Presentation

Session

1

2

3

4

5

6

7

Transport

Network

Data Link

Physical

Transport Relay

L3 SwitchRouter

SwitchBridge

HubRepeater

Gateway

Gateways

Page 17: Download It

Gateways

• “Gateway”: Generic term for something that passes data at any level of the OSI stack, but generally used for level 4 or higher.

• For the lower levels, more specific terms are normally used.

Page 18: Download It

Physical Gateways

• Repeater: Re-generates signal

• Allows extension of network beyond standard cable length limits

• Hub: Multi-port repeater

Page 19: Download It

Data Link Gateways

• Bridge: Uses link-level address to determine passing of packets

• Will only transmit frames if the destination address belongs to a node on the other side (learn this automatically)

• Switch: Multi-port bridge– Switches turn CSMA/CD into point to point, enabling it to

scale much more effectively

Page 20: Download It

Network Gateways

• Router: Transmits packets based on IP addresses

• Unix systems can be routers by turning on packet forwarding

• Not recommended: Let routers do routing, and Unix boxes do Unix applications

Page 21: Download It

IP Family Protocols

• TCP: Transmission Control Protocol– Layer 4 connection-oriented (stream) protocol

– Guarantees delivery order and reliability of packets

• UDP: User Datagram Protocol– Layer 4 connectionless (datagram) protocol

– Packets could be lost, duplicated, or out of sequence

• IP(v4): Internet Protocol

• ICMP: Internet Control Message Protocol

• ARP: Address Resolution Protocol

• Unix file: /etc/protocols

Page 22: Download It

Application

Presentation

Session

1

2

3

4

5

6

7

Transport

Network

Data Link

Physical

Port

IP

MAC

Addressing

Host Name

Page 23: Download It

Link Level Addresses

• Also called:– Ethernet address, MAC address, station address,

hardware address

• 48-bits

• Top 24 bits: vendor id

• Bottom 24 bits: node id

• Looks like this:– 000502879BD1, 08:00:09:C8:2D:F0

• Unix commands:– lanscan (HP-UX), ifconfig (Solaris, Linux)

Page 24: Download It

IP Addresses

• Address notation– 32 bit number

– Expressed in “dotted-quad” notation, e.g. 164.112.128.1

• Address classes– Allocate addresses efficiently to different sized

organisations

– Use high-order bits of address to determine class

• Class A– For large organisations

– 24 bits for host addresses

– High order bit: 0

– Network numbers: 1 - 126 (0x00 - 0x7F)

Page 25: Download It

IP Addresses (cont.)

• Class B– For medium-sized organisations

– 16 bits for host addresses

– High order bits: 10

– Network numbers: 128 - 191 (0x80 - 0xBF)

• Class C– For small organisations

– 8 bits for host addresses

– High order bits: 110

– Network numbers: 192 - 223 (0xC0 - 0xDF)

Page 26: Download It

IP Addresses (cont.)

• Class D (Multicast)– Special purpose, datagram only

– Mainly targeted at multimedia broadcasts

– High order bits: 1110

– Network numbers: 224 - 239 (0xE0 - 0xEF)

• Reserved– 240-255: Reserved (undefined?)

• Private networks (RFC 1918):– 10.0.0.0

– 172.16.0.0 - 172.31.0.0

– 192.168.0.0 - 192.168.255.0

– NAT is used to connect private networks to the Internet

Page 27: Download It

IP Addresses (cont.)

• Site notes:– Class B: most nodes

– Class A private: 10.0.0.0 (some routers)

– Class C private: 192.168.x.x (clusters, private backup LANs)

– Class D: 224.0.x.x (NTP, OSPF, RIP, others?)

• Unix commands:– ifconfig: interfaces

– netstat -in: interfaces

– netstat -gn: multicast

– netstat -rn: routing

Page 28: Download It

Subnets

• Subnets are a way of breaking up a larger network into smaller chunks

• Your subnet is the group of hosts you can talk to without going through a router

• Subnets can vary in length, up to the size of the network

• The main reason to use different sizes of subnets is to use address space efficiently, and optimise performance of hosts and routers

Page 29: Download It

Special IP Addresses

• Network: the address on each subnet where the host address is all zeros

• Broadcast: the address on each subnet where the host address is all ones. All hosts on the local subnet should respond to this address

• Loopback: 127.0.0.1. Only the local host will ever respond to this.

Page 30: Download It

Subnet Masks

• Subnet masks are how subnet lengths are specified

• They consist of a bit mask, with the number of 1 bits indicating the number of bits used for the network portion of the IP address.

• 32 bit number, specified as dotted quad, e.g.:– 255.255.252.0

– 255.255.255.0

– 255.255.255.192

• Can also be specified after IP address as a number of bits, e.g.: 10.20.30.0/24

Page 31: Download It

Subnet Masks (cont.)

• Given any IP address and subnet mask, you can work out which subnet it’s in by ANDing the subnet mask with the IP address:

– IP 10.20.30.81 = 0x0A141E51– mask 255.255.255.192 = 0xFFFFFFC0– AND 10.20.30.64 = 0x0A141E40

• To find out the broadcast address, invert the subnet mask and OR them:

– network 10.20.30.81 = 0x0A141E51– ~mask 0.0.0.63 = 0x0000003F– OR 10.20.30.127 = 0x0A141E7F

Page 32: Download It

Subnet Masks (cont.)

• In the above example, everything between 10.20.30.65 and 10.20.30.126 is a useable node address on this subnet

• Common conventions:1:

– Low addresses are communications equipment

– High addresses are servers

2:

– Low addresses are servers

– Middle addresses are workstations

– High addresses are communications equipment

Page 33: Download It

IP Addresses: Warnings

• The same IP address may not be assigned to different hosts (under normal circumstances)

• A node can have more than one interface card

• An interface card can have more than one IP address. This is not supported by HP until HP-UX 11.x; Solaris (and others?) are no problem

• HP-UX, Solaris (and others?) cannot have more than one interface card on the same LAN without problems

Page 34: Download It

TCP/UDP Addresses

• Port number

• 16 bits

• Separate TCP and UDP address spaces

• Unix files:– /etc/services - all known port assignments

– /etc/inetd.conf - active port assignments (mostly)

• Command:– netstat -an - shows all active ports

Page 35: Download It

Host Naming

• Unix host name– hostname

– uname -n

• Network naming systems:– NIS:

» Flat name space» Does more than just hosts: users, groups, protocols,

home directories, etc.– DNS:

» hierarchical» Internet standard» Does mainly hostnames and email routing

– NIS+: combines features of NIS and DNS, adding secure authentication

Page 36: Download It

2. Configuring Unix Networking

• This section will be a bit more practical, but shorter

• We’ll cover:– LAN cards

– IP addresses

– Routes

– Hosts

– Troubleshooting

• Some details are applicable to HP-UX only

Page 37: Download It

LAN Cards

• General hardware information: ioscan -u

• Specific LAN card information: lanscan

• Detailed LAN card information: lanadmin

• Software: swlist -l product | grep Networking

Page 38: Download It

IP Addresses and Routes

• General information: netstat -in

• Multicast: netstat -gn

• Per-LAN card information: ifconfig <lan>

• Routing tables: netstat -rn, route

• Routing daemons: gated, rdpd

• Startup files: /etc/rc.config.d/{netconf,netdaemons}

Page 39: Download It

Host Names

• Looking up hosts– Local: /etc/hosts

– NIS: ypcat hosts

– DNS: nslookup host(on HP-UX, this does local and NIS also)

• Configuring hostname resolution– Resolution order: /etc/nsswitch.conf

– NIS, DNS: /etc/rc.config.d/namesvrs

– DNS: /etc/resolv.conf

Page 40: Download It

Troubleshooting Commands

• ping

• traceroute

• arp

• netstat

• linkloop

• lanadmin

Page 41: Download It

3. Configuring Internet Services

• In this section:– Internet services overview

– Configuration and startup

– Checking connections

Page 42: Download It

Internet Services

C a p a b i l i t y G e n e r a l ( m o s t l y A R P A )B e r k e l e y ( B S D )L o g in T e ln e t r lo g inF ile tr a n s fe r F T P , T F T P r c pC o m m a n d e x e c u tio n r e x e c , r e m s h ( r s h )E m a il s e n d m a ilN e tw o r k in fo r m a tio n r w h o , r u p tim e , fin g e rD y n a m ic r o u tin g g a te d r o u te dN a m e s e r vic e s B IN D , N IST im e s y n c h r o n iz a tio nN T P tim e dD y n a m ic c o n fig u r a tio nB O O T P , D H C PS y s te m lo g g in g s y s lo g dP r in tin g lp d

Page 43: Download It

Clients and Servers

D a e m o n ( / u s r / s b i n )S e r v e r ( / u s r / l b i n )C l i e n t ( / u s r / b i n )S e r v i c ein e t d t e ln e t d , r lo g in dt e ln e t , r lo g in L o g in

f t p d , t f t p d f t p , t f t p F ile t r a n s f e rr e m s h d r c p F ile t r a n s f e rr e x e c d , r e m s h dr e x e c , r e m s h ( r s h )C o m m a n d e x e c u t io ns e n d m a il m a il E m a ilr w h o d , f in g e r d r w h o , r u p t im e , f in g e rN e t w o r k in f o r m a t io n

b o o t p d b o o t p d b o o t p q u e r y D y n a m ic c o n f ig u r a t io ng a t e d , r d p d D y n a m ic r o u t in gn a m e d n s lo o k u p N a m e s e r v ic e sx n t p d n t p q , n t p d a t e T im e s y n c h r o n iz a t io ns y s lo g d s y s lo g d , lo g g e r S y s t e m lo g g in gr lp d a e m o n lp ( r lp ) P r in t in g

Page 44: Download It

How inetd Works

• Listens on ports, waiting for connections

• When connection arrives, UNIX checks against security file /var/adm/inetd.sec to allow or deny access

Linux uses tcpd for the same purpose: /etc/hosts.{allow,deny}

• Sets up socket connection

• Invokes server process and transfers control to it

• Returns to listening

Page 45: Download It

inetd Configuration Files

• /etc/services: Well-known ports

• /etc/inetd.conf: Active inetd services

• /var/adm/inetd.sec: Access control for inetd

• /etc/rc.config.d/netdaemons: Command line parameters for inetd startup

Page 46: Download It

Service StartupService Startup Script Startup Configuration

/sbin/init.d /etc/rc.config.dDynamic routing gated netconfInternet daemon inetd netdaemonsDNS named namesvrsGeneral networking net netconfTracing and logging nettl nettlNFS nfs.client nfsconfNFS nfs.core nfsconfNFS nfs.server nfsconfNIS nis.client namesvrsNIS nis.server namesvrsNetwork informationrwhod netdaemonsEmail sendmail mailservsSystem logging syslogdNTP xntp netdaemons

Page 47: Download It

Checking Connections

• netstat

• netstat -a

Page 48: Download It

Remote Login

• rlogin configuration files:– /etc/hosts.equiv

» System-wide

» Permissions 444

» root ignores it

– $HOME/.rhosts

» Per-user

» Permissions 600

» Can override hosts.equiv

» Can be overridden with rlogind -l

Page 49: Download It

FTP

• /etc/ftpusers– Lists users not allowed to login via ftpd

– All users without passwords are also not allowed to login

• $HOME/.netrc– Specifies hosts, usernames, and passwords for ftp &

rexec

– Don’t use it!

Page 50: Download It

Anonymous FTP

• Uses ftp user home directory

• Does a chroot() to ~ftp so that user is “sandboxed”

• Needs certain directories & files to work:– ~ftp/usr/bin/ls, mode 111

– ~ftp/etc/{passwd,group,logingroup}, mode 444

• Other directories:– ~ftp/dist: outgoing files (elsewhere ~ftp/pub)

– ~ftp/pub: incoming files (elsewhere ~ftp/incoming)

• ftpd -l logs information to syslog

Page 51: Download It

Other Protocols and Services

• See the separate handout for:– Router Discovery Protocol (RDP)

– Network Time Protocol (NTP)

– Network Information Service (NIS)

– Network File System (NFS)