Библиотека сайта rus-linux.net
|Purchase||Copyright © 2002 Paul Sheer. Click here for copying permissions.||Home|
Next: 26. TCP and UDP Up: rute Previous: 24. Source and Binary   Contents
- 25.1 Internet Communication
- 25.2 Special IP Addresses
- 25.3 Network Masks and Addresses
- 25.4 Computers on a LAN
- 25.5 Configuring Interfaces
- 25.6 Configuring Routing
- 25.7 Configuring Startup Scripts
- 25.8 Complex Routing -- a Many-Hop Example
- 25.9 Interface Aliasing -- Many IPs on One Physical Card
- 25.10 Diagnostic Utilities
At a hardware level, network cards are capable of transmitting packets (also called datagrams) of data between one another. A packet contains a small block of, say, 1 kilobyte of data (in contrast to serial lines, which transmit continuously). All Internet communication occurs through transmission of packets, which travel intact, even between machines on opposite sides of the world.
Each packet contains a header of 24 bytes or more which precedes the data. Hence, slightly more than the said 1 kilobyte of data would be found on the wire. When a packet is transmitted, the header would obviously contain the destination machine. Each machine is hence given a unique IP address--a 32-bit number. There are no machines on the Internet that do not have an IP address.
The header bytes are shown in Table 25.1.
Version for the mean time is 4, although IP Next Generation (version 6) is in the (slow) process of deployment. IHL is the length of the header divided by 4. TOS (Type of Service) is a somewhat esoteric field for tuning performance and is not explained here. The Length field is the length in bytes of the entire packet including the header. The Source and Destination are the IP addresses from and to which the packet is coming/going.
The above description constitutes the view of the Internet that a machine has. However, physically, the Internet consists of many small high-speed networks (like those of a company or a university) called Local Area Networks, or LANs. These are all connected to each other by lower-speed long distance links. On a LAN, the raw medium of transmission is not a packet but an Ethernet frame. Frames are analogous to packets (having both a header and a data portion) but are sized to be efficient with particular hardware. IP packets are encapsulated within frames, where the IP packet fits within the Data part of the frame. A frame may, however, be too small to hold an entire IP packet, in which case the IP packet is split into several smaller packets. This group of smaller IP packets is then given an identifying number, and each smaller packet will then have the Identification field set with that number and the Offset field set to indicate its position within the actual packet. On the other side of the connection, the destination machine will reconstruct a packet from all the smaller subpackets that have the same Identification field.
The convention for writing an IP address in human readable form is
dotted decimal notation like
each number is a byte and is hence in the range of 0 to 255.
Hence the entire address space is in the range of
255.255.255.255. To further organize
the assignment of addresses, each 32-bit address is divided into
two parts, a network and a host part of the
address, as shown in Figure 25.1.
The network part of the address designates the LAN, and the host part the particular machine on the LAN. Now, because it was unknown at the time of specification whether there would one day be more LANs or more machines per LAN, three different classes of address were created.
Class A addresses begin with the first
bit of the network part set to 0 (hence, a Class A address always has the first
dotted decimal number less than
128). The next 7 bits give the identity of the
LAN, and the remaining 24 bits give the identity of an actual machine on that
LAN. A Class B address begins with a 1 and then a 0 (first decimal number is
191). The next 14 bits give the LAN, and the remaining 16 bits give the
machine. Most universities, like the address above, are Class B addresses.
Lastly, Class C addresses start with a 1 1 0 (first decimal number is
223), and the next 21 bits and then the next 8 bits are the LAN and machine,
respectively. Small companies tend use Class C addresses.
In practice, few organizations require Class A addresses. A university or large company might use a Class B address but then would have its own further subdivisions, like using the third dotted decimal as a department (bits 16 through 23) and the last dotted decimal (bits 24 through 31) as the machine within that department. In this way the LAN becomes a micro-Internet in itself. Here, the LAN is called a network and the various departments are each called a subnet.
Some special-purposes IP addresses are never used
on the open Internet.
192.168.255.255 are private
addresses perhaps used inside a local LAN that does not communicate directly with
127.255.255.255 are used for communication
with the localhost--that is, the machine itself. Usually,
is an IP address pointing to the machine itself.
172.31.255.255 are additional private addresses
for very large internal networks, and
for even larger ones.
Consider again the example of a university with a Class B
address. It might have an IP address range of
126.96.36.199. Assume it was decided that
the astronomy department should get 512 of its own IP
188.8.131.52. We say
that astronomy has a network address of
The machines there all have a network mask of
255.255.254.0. A particular machine in astronomy may
have an IP address of
terminology is used later. Figure 25.2 illustrates
In this section we will use the term LAN to indicate a network of computers that are all more or less
connected directly together by Ethernet cables (this is common for small businesses with up to
about 50 machines). Each machine has an Ethernet card which is referred to as
eth0 throughout all command-line operations. If there is more than
one card on a single machine, then these are named
eth2, etc., and
are each called a network interface
(or just interface, or sometimes Ethernet port) of the machine.
LANs work as follows. Network cards transmit a frame to the LAN, and other network cards read that frame from the LAN. If any one network card transmits a frame, then all other network cards can see that frame. If a card starts to transmit a frame while another card is in the process of transmitting a frame, then a clash is said to have occurred, and the card waits a random amount of time and then tries again. Each network card has a physical address of 48 bits called the hardware address (which is inserted at the time of its manufacture and has nothing to do with IP addresses). Each frame has a destination address in its header that tells what network card it is destined for, so that network cards ignore frames that are not addressed to them.
Since frame transmission is governed by the network cards, the destination
hardware address must be determined from the destination IP address before
a packet is sent to a particular machine. This is done is through the
Address Resolution Protocol
(ARP). A machine will transmit
a special packet that asks ``What hardware address is this IP address?'' The
guilty machine then responds, and the transmitting machine stores the result
for future reference. Of course, if you suddenly switch network cards, then other
machines on the LAN will have the wrong information, so ARP has time-outs and
re-requests built into the protocol. Try typing the command
arp to get
a list of hardware address to IP mappings.
Most distributions have a generic way to configure your interfaces. Here, however, we first look at a complete network configuration using only raw networking commands.
We first create a
lo interface. This is called
the loopback device (and has nothing to do with loopback block devices:
/dev/loop? files). The loopback device is an imaginary network card that is
used to communicate with the machine itself; for instance, if you are
telneting to the local machine, you are actually connecting
via the loopback device. The
command is used to do anything with interfaces. First, run
to delete any existing interfaces, then run
which creates the loopback interface.
Create the Ethernet interface with:
broadcast address is a special
address that all machines respond to. It is usually the first or last address
of the particular network.
to view the interfaces. The output will be
which shows various interesting bits, like the 48-bit
hardware address of the network card (hex bytes
The interfaces are now active. However, nothing tells the kernel what packets should go to what interface, even though we might expect such behavior to happen on its own. With UNIX, you must explicitly tell the kernel to send particular packets to particular interfaces.
Any packet arriving through any interface is pooled by the kernel. The kernel then looks at each packet's destination address and decides, based on the destination, where it should be sent. It doesn't matter where the packet came from; once the kernel has the packet, it's what its destination address says that matters. It is up to the rest of the network to ensure that packets do not arrive at the wrong interfaces in the first place.
We know that any packet having the network address
.??? must go
to the loopback device (this is more or less a convention).
adds a route to the
an imaginary one.
eth0 device can be routed as follows:
The command to display the current routes is
route to not print
IP addresses as host names) with the following output:
This output has the meaning, ``packets with destination address
notation network/mask is often used to denote ranges of IP address.]must be sent to the
loopback device,'' and ``packets with destination address
192.168.3.0/255.255.255.0 must be sent to
is zero, hence, is not set (see the following commands).
The routing table now routes
192.168.3. packets. Now we need a route
for the remaining possible IP addresses. UNIX can have a route
that says to send packets with particular destination IP
addresses to another machine on the LAN, from whence they
might be forwarded elsewhere. This is sometimes called the
gateway machine. The command is:
This is the most general form of the command, but it's often easier to just type:
when we want to add a route that applies to all remaining packets.
This route is called the default gateway.
default signifies all packets; it is the same as
but since routes are ordered according to
more specific routes are used in preference to less specific
Finally, you can set your host name with:
A summary of the example commands so far is
Although these 7 commands will get your network working, you should not do such a manual configuration. The next section explains how to configure your startup scripts.
Most distributions will have a modular and extensible system of startup scripts that initiate networking.
RedHat systems contain the directory
which contains configuration files to automatically bring up networking.
You can see that these two files are equivalent to the example configuration done above. These two files can take an enormous number of options for the various protocols besides IP, but this is the most common configuration.
/etc/sysconfig/network-scripts/ifcfg-lo for the
loopback device will be configured automatically at installation;
you should never need to edit it.
To stop and start networking (i.e., to bring up and down the interfaces and routing), type (alternative commands in parentheses):
which will indirectly read your
You can add further files, say,
for a secondary Ethernet device. For example,
ifcfg-eth1 could contain
and then run
echo "1" > /proc/sys/net/ipv4/ip_forward
enable packet forwarding between your two interfaces.
Debian, on the other hand, has a directory
/etc/network/ containing a
/etc/network/interfaces. [As usual, Debian has a neat and
clean approach.] (See also
interfaces(5).) For the same configuration
as above, this file would contain:
contains the same forwarding (and some other) options:
To stop and start networking (i.e., bring up and down the interfaces and routing), type
which will indirectly read your
/etc/init.d/networking script merely runs
ifup(8). You can alternatively run these commands directly for finer control.
We add further interfaces similar to the RedHat example above by appending
The Debian equivalent is,
and then set
ip_forward=yes in your
Finally, whereas RedHat sets its host name from the line
/etc/sysconfig/network, Debian sets it from the contents of the
/etc/hostname, which, in the present case, would contain just
Consider two distant LANs that need to communicate. Two dedicated machines, one on each LAN, are linked by some alternative method (in this case, a permanent serial line), as shown in Figure 25.3.
This arrangement can be summarized by five machines
X, A, B, C, and D. Machines
X, A, and B form LAN 1 on subnet
Machines C and D form LAN 2 on subnet
192.168.1.128/26. Note how we use the ``
/26'' to indicate
that only the first 26 bits are network address bits, while the remaining
6 bits are host address bits. This means that we can have at most
IP addresses on each of LAN 1 and 2.
Our dedicated serial link comes between machines B and
Machine X has IP address
192.168.1.1. This machine is the
gateway to the Internet. The Ethernet port of machine B
is simply configured with an IP address of
192.168.1.2 with a default gateway of
that the broadcast address is
192.168.1.63 (the last 6 bits set
The Ethernet port of machine C is configured with
an IP address of
192.168.1.129. No default gateway should
be set until serial line is configured.
We will make the network between B and C subnet
192.168.1.192/26. It is effectively a LAN on its own, even
though only two machines can ever be connected. Machines
B and C will have IP addresses
192.168.1.253, respectively, on their facing interfaces.
This is a real-life example with an unreliable serial
link. To keep the link up requires
pppd and a shell script
to restart the link if it dies. The
pppd program is covered
in Chapter 41. The script for Machine B
Note that if the link were an Ethernet link instead
(on a second Ethernet card), and/or a genuine LAN between machines
B and C (with subnet
then the same script would be just
in which case all ``
ppp0'' would change to ``
in the scripts that follow.
Routing on machine B is achieved with the following
script, provided the link is up. This script must be executed
pppd has negotiated
the connection and can therefore be placed in the file
pppd executes automatically as soon as the
interface is available:
Our full routing table and interface list for machine B then looks like this [RedHat 6 likes to add (redundant) explicit routes to each device. These may not be necessary on your system]:
On machine C we can similarly run the script,
and then create routes with
Our full routing table for machine C then looks like:
Machine D can be configured like any ordinary machine on a LAN.
It just sets its default gateway to
192.168.1.129. Machine A,
however, has to know to send packets destined for subnet
through machine B. Its routing table has an extra entry
192.168.1.128/26 LAN. The full routing table for machine
To avoid having to add this extra route on machine A, you can instead add the same route on machine X. This may seem odd, but all that this means is that packets originating from A destined for LAN 2 first try to go through X (since A has only one route), and are then redirected by X to go through B.
The preceding configuration allowed machines to properly send
packets between machines A and D and out through the
Internet. One caveat:
ping sometimes did not work even though
telnet did. This may be a peculiarity of the kernel version we were
the kernel documentation on this.)
If you have one network card which you would like to double as several
different IP addresses, you can. Simply name
eth0:n where n is from
to some large integer. You can use
ifconfig as before as many
times as you like on the same network card--
--in addition to your regular
eth0 device. Here, the
same interface can communicate to three LANs having networks
192.168.6.0. Don't forget
to add routes to these networks as above.
It is essential to know how to inspect and test your network to resolve problems. The standard UNIX utilities are explained here.
ping command is the most common network utility.
IP packets come in three types on the Internet, represented
in the Type field of the IP header: UDP,
TCP, and ICMP. (The first two, discussed
later, represent the two basic methods of communication
between two programs running on different machines.)
ICMP stands for Internet Control Message Protocol
and is a diagnostic packet that is responded to in a special way.
or specify some other well-known host. You will get output like:
What is happening is that
ping is sending ICMP packets
metalab.unc.edu, which is automatically responding
with a return ICMP packet. Being able to
ping a machine
is often the acid test of whether you have a correctly configured
and working network interface. Note that some sites explicitly filter
out ICMP packets, so, for example,
ping cnn.com won't work.
ping sends a packet every second and measures
the time it takes to receive the return packet--like a
submarine sonar ``ping.'' Over the Internet, you can get times
in excess of 2 seconds if the place is remote enough. On a local
LAN this delay will drop to under a millisecond.
ping does not even get to the line
it means that
ping cannot resolve the host name. You should then check that
your DNS is set up correctly--see Chapter 27. If
gets to that line but no further, it means that the packets are not
getting there or are not getting back. In all other cases,
ping gives an error message reporting the absence of
either routes or interfaces.
traceroute is a rather fascinating utility to identify
where a packet has been. It uses UDP packets or, with the
option, ICMP packets to detect the routing path. On my machine,
You can see that there were twenty machines [This is actually
a good argument for why ``enterprise''-level web servers have no use in
non-U.S. markets: there isn't even the network speed to load such servers,
thus making any kind of server speed comparisons superfluous.] (or
hops) between mine and
tcpdump watches a particular interface for all
the traffic that passes it--that is, all the traffic of all the
machines connected to the same hub (also called the segment
or network segment). A network card usually
grabs only the frames destined for it, but
puts the card into promiscuous mode, meaning that the
card is to retrieve all frames regardless of their destination
hardware address. Try
Next: 26. TCP and UDP Up: rute Previous: 24. Source and Binary   Contents