Download It

Unix Networking Basics

Material to be covered

• Contents– LAN concepts and components

– Configuring Unix networking

– Configuring Internet services

1. LAN Concepts and Components

• This will be the biggest section, because it’s the most foundational

Application

Presentation

Session

Transport

Network

Data Link

Physical

OSI Protocol Stack

Understanding

Transmission

OSI Protocol Stack (cont.)

• Layers 1-4: transmission - how data moves through the network.

• Layers 5-7: understanding - how data appears to applications and users

• Explanation of the layers:– Physical: Physical cable, electrical signalling, cable

length specifications, connector size.

– Data link: Error free (not reliable) media access for datagrams

– Network: Provides path (route) through the network for data

– Transport: Reliable (usually) flow of datagrams between two nodes

– Session: Synchronises dialogue between two programs

• Explanation (cont.):– Presentation: Converts data between formats used by

two programs

– Application: Obvious (hopefully)

Application

Presentation

Session

Transport

Network

Data Link

Physical

Berkeley/ARPA NFS

TCP UDP

802.3Ethernet

10 base T/2/5 Optical fibre

Internet Protocols and Services

Transmission Attributes

• Bandwidth– Measure of channel throughput

– Baseband: one channel (most LAN technologies)

– Broadband: multiple channels (cable TV)

• Electrical interference– Noise produced by other electrical devices and cables

– Shielding used to reduce

• Attenuation– Signal decay over the length of the cable

– Reduced by amplifiers (analog), repeaters (digital)

Access Methods

• CSMA/CD (ethernet)– Carrier sense, multiple access, collision detection

– Nodes must wait to transmit, and back off if there is a collision

– Performs poorly under high load conditions

• Token passing (token ring)– A token is passed around from node to node - only the

node with the token can transmit

– If a node has nothing to send, it passes the token to the next node

– Performs well under high load

– Provides guaranteed access to every node

• Point-to-point (SLIP, PPP)

IEEE Standards

• IEEE defined LAN standards– Similar to OSI stack

– Split data link layer into two levels:

» Logical link control (LLC)

» Media access control (MAC)

• Standards– 802.2: LLC

– 802.3: CSMA/CD

– 802.4: Token passing (bus topology)

– 802.5: Token passing (ring topology)

Media Types

• Coaxial (10 base 2): “BNC”, “Thin Ethernet”– Central conductor surrounded by a metal shield and

insulators

– Bus topology

– Pros:

» No powered components

– Cons:

» Breaking one cable breaks whole network

– Length: 180 m total

– Not common any more

Media Types (cont.)

• Twisted pair (10 base T, 100 base T): “UTP”– Pairs of wires (2 or 4 pairs), twisted together

– Star topology

– Pros:

» Each node has a separate connection, thus easy to “plug and play”

» Failure of one cable only affects attached node

» Hubs can provide management information

– Cons:

» Requires a hub, thus more expensive than coaxial

» Failure of hub affects all attached nodes

– Most commonly used cable in the industry

– Length: 90 m per cable run, maximum of 4 hops

Media Types (cont.)

• Optical fibre– Glass fibres transmit light pulses

– Point-to-point connection

– Pros:

» Immune to electrical interference

» High bandwidth

– Cons:

» Installation and maintenance difficult

» Equipment often expensive

– Used for some inter-network connections and high-bandwidth disk connectivity

Transceivers

• Convert signals from a LAN card to specific cable types

• Several types used;– 10 base T

– 10 base 2

– 100 base T

– Gigabit

Application

Presentation

Session

Transport

Network

Data Link

Physical

Transport Relay

L3 SwitchRouter

SwitchBridge

HubRepeater

Gateway

Gateways

• “Gateway”: Generic term for something that passes data at any level of the OSI stack, but generally used for level 4 or higher.

• For the lower levels, more specific terms are normally used.

Physical Gateways

• Repeater: Re-generates signal

• Allows extension of network beyond standard cable length limits

• Hub: Multi-port repeater

Data Link Gateways

• Bridge: Uses link-level address to determine passing of packets

• Will only transmit frames if the destination address belongs to a node on the other side (learn this automatically)

• Switch: Multi-port bridge– Switches turn CSMA/CD into point to point, enabling it to

scale much more effectively

Network Gateways

• Router: Transmits packets based on IP addresses

• Unix systems can be routers by turning on packet forwarding

• Not recommended: Let routers do routing, and Unix boxes do Unix applications

IP Family Protocols

• TCP: Transmission Control Protocol– Layer 4 connection-oriented (stream) protocol

– Guarantees delivery order and reliability of packets

• UDP: User Datagram Protocol– Layer 4 connectionless (datagram) protocol

– Packets could be lost, duplicated, or out of sequence

• IP(v4): Internet Protocol

• ICMP: Internet Control Message Protocol

• ARP: Address Resolution Protocol

• Unix file: /etc/protocols

Application

Presentation

Session

Transport

Network

Data Link

Physical

Addressing

Host Name

Link Level Addresses

• Also called:– Ethernet address, MAC address, station address,

hardware address

• 48-bits

• Top 24 bits: vendor id

• Bottom 24 bits: node id

• Looks like this:– 000502879BD1, 08:00:09:C8:2D:F0

• Unix commands:– lanscan (HP-UX), ifconfig (Solaris, Linux)

IP Addresses

• Address notation– 32 bit number

– Expressed in “dotted-quad” notation, e.g. 164.112.128.1

• Address classes– Allocate addresses efficiently to different sized

organisations

– Use high-order bits of address to determine class

• Class A– For large organisations

– 24 bits for host addresses

– High order bit: 0

– Network numbers: 1 - 126 (0x00 - 0x7F)

IP Addresses (cont.)

• Class B– For medium-sized organisations

– High order bits: 10

– Network numbers: 128 - 191 (0x80 - 0xBF)

• Class C– For small organisations

– Network numbers: 192 - 223 (0xC0 - 0xDF)

• Class D (Multicast)– Special purpose, datagram only

– Mainly targeted at multimedia broadcasts

– Network numbers: 224 - 239 (0xE0 - 0xEF)

• Reserved– 240-255: Reserved (undefined?)

• Private networks (RFC 1918):– 10.0.0.0

– 172.16.0.0 - 172.31.0.0

– 192.168.0.0 - 192.168.255.0

– NAT is used to connect private networks to the Internet

• Site notes:– Class B: most nodes

– Class A private: 10.0.0.0 (some routers)

– Class C private: 192.168.x.x (clusters, private backup LANs)

– Class D: 224.0.x.x (NTP, OSPF, RIP, others?)

• Unix commands:– ifconfig: interfaces

– netstat -in: interfaces

– netstat -gn: multicast

– netstat -rn: routing

Subnets

• Subnets are a way of breaking up a larger network into smaller chunks

• Your subnet is the group of hosts you can talk to without going through a router

• Subnets can vary in length, up to the size of the network

• The main reason to use different sizes of subnets is to use address space efficiently, and optimise performance of hosts and routers

Special IP Addresses

• Network: the address on each subnet where the host address is all zeros

• Broadcast: the address on each subnet where the host address is all ones. All hosts on the local subnet should respond to this address

• Loopback: 127.0.0.1. Only the local host will ever respond to this.

Subnet Masks

• Subnet masks are how subnet lengths are specified

• They consist of a bit mask, with the number of 1 bits indicating the number of bits used for the network portion of the IP address.

• 32 bit number, specified as dotted quad, e.g.:– 255.255.252.0

– 255.255.255.0

– 255.255.255.192

• Can also be specified after IP address as a number of bits, e.g.: 10.20.30.0/24

Subnet Masks (cont.)

• Given any IP address and subnet mask, you can work out which subnet it’s in by ANDing the subnet mask with the IP address:

– IP 10.20.30.81 = 0x0A141E51– mask 255.255.255.192 = 0xFFFFFFC0– AND 10.20.30.64 = 0x0A141E40

• To find out the broadcast address, invert the subnet mask and OR them:

– network 10.20.30.81 = 0x0A141E51– ~mask 0.0.0.63 = 0x0000003F– OR 10.20.30.127 = 0x0A141E7F

Subnet Masks (cont.)

• In the above example, everything between 10.20.30.65 and 10.20.30.126 is a useable node address on this subnet

• Common conventions:1:

– Low addresses are communications equipment

– High addresses are servers

– Low addresses are servers

– Middle addresses are workstations

– High addresses are communications equipment

IP Addresses: Warnings

• The same IP address may not be assigned to different hosts (under normal circumstances)

• A node can have more than one interface card

• An interface card can have more than one IP address. This is not supported by HP until HP-UX 11.x; Solaris (and others?) are no problem

• HP-UX, Solaris (and others?) cannot have more than one interface card on the same LAN without problems

TCP/UDP Addresses

• Port number

• 16 bits

• Separate TCP and UDP address spaces

• Unix files:– /etc/services - all known port assignments

– /etc/inetd.conf - active port assignments (mostly)

• Command:– netstat -an - shows all active ports

Host Naming

• Unix host name– hostname

– uname -n

• Network naming systems:– NIS:

» Flat name space» Does more than just hosts: users, groups, protocols,

home directories, etc.– DNS:

» hierarchical» Internet standard» Does mainly hostnames and email routing

– NIS+: combines features of NIS and DNS, adding secure authentication

2. Configuring Unix Networking

• This section will be a bit more practical, but shorter

• We’ll cover:– LAN cards

– IP addresses

– Routes

– Hosts

– Troubleshooting

• Some details are applicable to HP-UX only

LAN Cards

• General hardware information: ioscan -u

• Specific LAN card information: lanscan

• Detailed LAN card information: lanadmin

• Software: swlist -l product | grep Networking

IP Addresses and Routes

• General information: netstat -in

• Multicast: netstat -gn

• Per-LAN card information: ifconfig <lan>

• Routing tables: netstat -rn, route

• Routing daemons: gated, rdpd

• Startup files: /etc/rc.config.d/{netconf,netdaemons}

Host Names

• Looking up hosts– Local: /etc/hosts

– NIS: ypcat hosts

– DNS: nslookup host(on HP-UX, this does local and NIS also)

• Configuring hostname resolution– Resolution order: /etc/nsswitch.conf

– NIS, DNS: /etc/rc.config.d/namesvrs

– DNS: /etc/resolv.conf

Troubleshooting Commands

• ping

• traceroute

• arp

• netstat

• linkloop

• lanadmin

3. Configuring Internet Services

• In this section:– Internet services overview

– Configuration and startup

– Checking connections

Internet Services

C a p a b i l i t y G e n e r a l ( m o s t l y A R P A )B e r k e l e y ( B S D )L o g in T e ln e t r lo g inF ile tr a n s fe r F T P , T F T P r c pC o m m a n d e x e c u tio n r e x e c , r e m s h ( r s h )E m a il s e n d m a ilN e tw o r k in fo r m a tio n r w h o , r u p tim e , fin g e rD y n a m ic r o u tin g g a te d r o u te dN a m e s e r vic e s B IN D , N IST im e s y n c h r o n iz a tio nN T P tim e dD y n a m ic c o n fig u r a tio nB O O T P , D H C PS y s te m lo g g in g s y s lo g dP r in tin g lp d

Clients and Servers

D a e m o n ( / u s r / s b i n )S e r v e r ( / u s r / l b i n )C l i e n t ( / u s r / b i n )S e r v i c ein e t d t e ln e t d , r lo g in dt e ln e t , r lo g in L o g in

f t p d , t f t p d f t p , t f t p F ile t r a n s f e rr e m s h d r c p F ile t r a n s f e rr e x e c d , r e m s h dr e x e c , r e m s h ( r s h )C o m m a n d e x e c u t io ns e n d m a il m a il E m a ilr w h o d , f in g e r d r w h o , r u p t im e , f in g e rN e t w o r k in f o r m a t io n

b o o t p d b o o t p d b o o t p q u e r y D y n a m ic c o n f ig u r a t io ng a t e d , r d p d D y n a m ic r o u t in gn a m e d n s lo o k u p N a m e s e r v ic e sx n t p d n t p q , n t p d a t e T im e s y n c h r o n iz a t io ns y s lo g d s y s lo g d , lo g g e r S y s t e m lo g g in gr lp d a e m o n lp ( r lp ) P r in t in g

How inetd Works

• Listens on ports, waiting for connections

• When connection arrives, UNIX checks against security file /var/adm/inetd.sec to allow or deny access

Linux uses tcpd for the same purpose: /etc/hosts.{allow,deny}

• Sets up socket connection

• Invokes server process and transfers control to it

• Returns to listening

inetd Configuration Files

• /etc/services: Well-known ports

• /etc/inetd.conf: Active inetd services

• /var/adm/inetd.sec: Access control for inetd

• /etc/rc.config.d/netdaemons: Command line parameters for inetd startup

Service StartupService Startup Script Startup Configuration

/sbin/init.d /etc/rc.config.dDynamic routing gated netconfInternet daemon inetd netdaemonsDNS named namesvrsGeneral networking net netconfTracing and logging nettl nettlNFS nfs.client nfsconfNFS nfs.core nfsconfNFS nfs.server nfsconfNIS nis.client namesvrsNIS nis.server namesvrsNetwork informationrwhod netdaemonsEmail sendmail mailservsSystem logging syslogdNTP xntp netdaemons

Checking Connections

• netstat

• netstat -a

Remote Login

• rlogin configuration files:– /etc/hosts.equiv

» System-wide

» Permissions 444

» root ignores it

– $HOME/.rhosts

» Per-user

» Permissions 600

» Can override hosts.equiv

» Can be overridden with rlogind -l

• /etc/ftpusers– Lists users not allowed to login via ftpd

– All users without passwords are also not allowed to login

• $HOME/.netrc– Specifies hosts, usernames, and passwords for ftp &

– Don’t use it!

Anonymous FTP

• Uses ftp user home directory

• Does a chroot() to ~ftp so that user is “sandboxed”

• Needs certain directories & files to work:– ~ftp/usr/bin/ls, mode 111

– ~ftp/etc/{passwd,group,logingroup}, mode 444

• Other directories:– ~ftp/dist: outgoing files (elsewhere ~ftp/pub)

– ~ftp/pub: incoming files (elsewhere ~ftp/incoming)

• ftpd -l logs information to syslog

Other Protocols and Services

• See the separate handout for:– Router Discovery Protocol (RDP)

– Network Time Protocol (NTP)

– Network Information Service (NIS)

– Network File System (NFS)

Download It

Documents

Download It