LAN Concepts Module

[Typethedocumenttitle]
Module 1.
LANConcepts
Objectives: After the completion of this module, the student is expected to: Describe what is Local Area Network (LAN) Describe the purpose of a LAN Describe the OSI Model Describe the Media Access Control Address Describe the Internet protocol Describe IP Addressing Describe what is a Hostname and its importance Describe the different transmission protocols Describe ports ad sockets and their roles in a LAN
11
Module 1-1. What is a Network? A Computer Network is a collection of system and devices connected by some sort of data pathway for sharing resources. Some of the types of resources that could be shared are the following: Systems may share Network Printers Most systems nowadays dont have their own printers. Instead, systems are configured to either share or use printers being shared by other systems. Disk resources may be shared via Network File Servers Some systems may be configured to share files and directories on their local file systems, to the network. Thus they are called file servers, serving workstations on the network which could store their files and directories and perform read, write or even execute commands on their files. If a system doesnt have a tape drive for backing up, it may be configured in your network with its own tape drive to become a Tape Backup Server that could allow other systems to use its tape drive remotely. For a centralized database across the network, a good system could be configured in the network to be a Database Server where other systems could query multiple data while an application is being run on a desktop.
There are two categories of Computer Networks, namely the Local Area Network(LAN) and the Wide Area Network(WAN) A Local Area Network or LAN is a network that transmits a large amount of information at a relatively high speed over limited distances within a single facility or site. For example, devices within an office be connected via LAN. A Wide Area Network or WAN is a network that covers a large geographic area, allowing devices in different cities to communicate with one another, though often at a data transmission rate that is much smaller than a LAN. Multiple LAN may be connected via WAN.
12
Module 1-2. The OSI Model
The Open Systems Interconnection (OSI) model was designed by the International Standards Organization to resolve the incompatibility issues and allow products from different manufacturers to communicate with one another. The layered concept taken by the OSI model establishes the set of rules for data transmission on a variety of levels. The following are the layers of the OSI model: Layer 7: The Application Layer provides the software for network services such as file transfer, remote login, remote execution, and electronic mail. It provides interface between the user programs and the network. Layer 6: The Presentation Layer converts outbound data from a machine-specific format to an international standard format. It is also used to convert inbound data to machine-specific format. Layer 5: The Session Layer allows the setup and termination of a communications path and synchronizes a dialog between the two systems. It establishes connections between systems in much the same way as an automatic dialer does between two telephone systems. Layer 4: The Transport Layer provides reliable flow of datagrams between sender and receiver, and ensures that the data arrives at the right destination. Protocols at these layers also ensures that a copy of the data is made in case it is lost in transmission. Layer 3: the Network Layers decides which path will be taken through the network. It provides the packet addressing that will tell computers on the network where to route the users data. Layer 2: The Data Link Layer provides reliable, error free media access for data transmission. It provides the frame around the data. Layer 1: the Physical Layer establishes the actual physical connection(cable connection) between the network and the computer equipment. Physical layer standards determine what type of signaling is used, what cable types and lengths are supported, and what types of connectors may be used.
13
Module 1-3. The Media Access Control Address In order to successfully pass data form host on a local area network, there must be some mechanism for determining which frames of data are destined for which host. The Media Access Control addresses could solve this problem. Every LAN card attached to a local area network must have a unique MAC address assigned to it. The MAC address is a 48-bit number that is set by the LAN card manufacturer. UNIX displays the MAC address as a 12-hexadecimal digit number.
To view the MAC address of a certain LAN card, we shall use the # 1anscan command
14
Module 1-4. The internet Protocol Address The Internet Protocol Address or IP Address makes it possible to group nodes into logical IP networks, and efficiently pass data between these networks. IP Address are usually represented by four 8-bit fields separated by dots. These fields are called octets. Each 8-bit octet is represented by a decimal number in the range from 0 to 255. The field below demonstrates the conversion of several 8-bit binary numbers to their corresponding decimal values: 128 64 32 16 8 4 2 1 Decimal Value 0 5 128 192
0 0 1 1
0 0 0 1
0 0 0 0
0 0 0 0
0 0 0 0
0 1 0 0
0 0 0 0
0 1 0 0
Using the same mechanism, IP addresses may be displayed in either binary or decimal. Consider the following examples: 10000000.00000001.00000001.00000001 = 128.1.1.1 10001010.10000001.00000001.00000010 = 138.129.1.2 10011100.10011011.11000010.10101010 = 156.153.194.170
Some bits within an IP address identify the network to which the host belongs. These Network Bits are used by network devices to route data between networks. Two hosts with identical network bits are said to be on the same IP Network. The remaining Host Bits in the IP address identify each host within the logical network. There are two ways to view your hosts IP address. The first is to use the lanscan command to determine the interface name that has been assigned to each of the LAN card. Next, is to use the ifconfig command to view each of the IP addresses configured for the LAN card.
#lanscan #ifconfig lan0

The netstat command could also be used to display the hosts IPaddresses: #netstat -in Note that you must never assign the same IP address to different host. Otherwise, errors may occur in the network.
15
Module 1-5. IP Network Classes The original designers of the internet realized that some networks would be very large, while others would be much smaller. Large networks would require more host bits to provide a unique host address for each host, while smaller networks would require fewer host bits to provide a unique host address for each node. Varying the IP address network/host boundary would make it possible to allocate just enough IP addresses for any size network, although every IP address is 32 bits; the boundary between the network and host portions of an IP addresses from network to network. In the early days of the internet, only three types of networks were recognized. Class A, Class B and Class C. Large organizations were assigned Class A network addresses, medium sized organizations were assigned Class B and small networks were assigned Class C network addresses. Furthermore, the addresses were structured such that network devices could determine an IP addresss class by simply looking at the first few bits. Class Class A Class B Class C Net bits 8 16 24 Host bits 24 16 8 # of Networks 127 16,383 2,094,151 Hosts/Network 16,777,216 65,536 256 Range 1-127 128-191 192-223
IP Address classes and their corresponding structures: Class A address: The first bit is fixed to 0, and the first byte is called the network id which identifies the network. The remaining three bytes are used to identify the host on the network, and comprise the host id. It can be calculated that there is a maximum of 127 class A networks, with each capable of accommodating millions of hosts. Class B address: The first two bits are fixed to 10. The first and second byte are used to identify the network, and the last two bytes are used to identify the host. There can be 65,535 hosts on class B networks, capable of accommodating thousands of hosts.
16
Class C address: The first three bits are fixed to 110, the first, second, and third bytes are used to identify the network, and the last byte is used to identify the host. Class C networks are the smallest of all classes, as each can accommodate a maximum of 254 host(not 256, because 0x0 and 0xff are reserved for other purposes). With three bytes reserved to identify the network, millions of class C networks can be defined. Class D address: The first four bits are fixed to 1110. A class D address is a multicast address, identifying a group of computers that may be running a distributed application on the network. As such, class D does not describe a network of host on the wire.
Consider the address 148.29.4.121. by applying the rules learned above, it can be determined that this is a class B address, since the first byte lies in the 128 to 191 range of values. And since a class B address has the first two bytes for a network address. It can be derived that the network address is 148.29 while the host address is 4.121 on that network. To generalize, given an IP address, its class can be recognized by interpreting the first byte. Consequently, the network portion of the address can be derived from the remaining bytes. Unfortunately, the class A/B/C IP allocation scheme led to inefficient use of the IP address pace, since many organization were given much larger IP address blocks that they actually needed.
17
Module 1-6. The Classless Internet Domain Routing The scheme that is currently used nowadays in creating IP address is called the /xx addressing. The /xx identifies the number of network bits in the IP address. The following demonstrates the effect of shifting the network boundary. This table only shows /8, /16, and /24 networks, though others are possible too. Network Type /8 /16 /24 Network bits 8 16 24 Host bits 24 16 8 Host Addresses / Network 16,777,216 65,536 256
Note: all host addresses are usable. One of the addresses in each of the network serves as the Network Address, and another is used as the Broadcast Address. This applies for both Class and /xx networks.
18
Module 1-7. The Internet Protocol Netmask When configuring the systems IP address, it must be told which bits in your address are the network bits and which are the host bits. This may be done by using the IP Netmask. The Netmask is just like the IP address but is formulated in a different manner. We write a 1 in each of the network bits, and a 0 in each of the host bits. In this way, the network bits could be separated from the host bits by simply comparing the IP address with the netmask. The resulting value may be written in binary, decimal or even hexadecimal. Netmask Type Binary Hexadecimal Decimal
/8 /16 /24
11111111.00000000.00000000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.11111111.11111111
0xff000000 0xffff0000 0xffffff00
255.0.0.0 255.255.0.0 255.255.255.0
To view the hosts netmask, you need to use the lanscan and the ifconfig command on you interface type.
19
Module 1-8. The internet Protocol Network Address An IP Network Address is a special address used by routers and other network devices to reference an entire network of hosts. The network address is formulated by setting all of the host bits in an IP address to 0. Consider the example. Ina 128.1.x.x/16 network, the last 16 bits define the host prtion of the addresses. Setting these 16 bits to 0 yields the following network address: 10000000.00000001.00000000.00000000 = 128.1.0.0/16 In a 192.1.1.x/24 IP address, the last 8 bits define the host portion of the address. Setting these bits to 0 would yield the following network address: 11000000.00000001.00000001.00000000 = 192.1.1.0/24 To view your hosts Network Address using the netstat in command.
110
Module 1-9. The Internet Protocol Broadcast Address The Network Broadcast Address may be used to send a packet to all of the nodes on the hosts network. To formulate the broadcast address, simply set all IP host bits to 1. Consider this example. The 128.1.0.0/16 network has 16 host bits in the last two octets. Placing a 1 in all 16 host bits would yield the following broadcast address: 10000000.00000001.11111111.11111111 = 128.1.255.255
To view the systems broadcast address, you would still use the lanscan and ifconfig command on the interface name. #lanscan #ifconfig lan0
111
Module 1-10. The internet Protocol Loopback Address The IP Loopback or Localhost Address is a special IP address that may be used to reference the local host without actually sending a packet out on the local network. Applications sometimes use the loopback address to send network traffic to other processes on the same machine. Attempts to access the loopback address shouls succeed even if the LAN card is down, disconnected or configured incorrectly. The loopback address is always set to 127.0.0.1
112
Module 1-12. Obtaining an IP Address Each host on a network must have its individual IP address. The IP address that will be used depends on the network that you wish to connect. When connecting to the Public Internet, you must obtain a unique IP address from certain governing bodies. The International Committee for Assigned Names and Numbers (ICANN) is the organization responsible for determining how IP addresses are allocated and used. Its websites URL is http://www.icann.org but has delegated its responsibility according to region. http://www.arin.net for North and South America http://apnic.net for Asia and the Pacific region http://ripe.net for Europe
The administration of Internet addresses is currently handled by the Network Information Center (NIC). The InterNIC could be reached on the Web at http://www.internic.net When creating a private intranet, you should consult the MIS department for your hosts IP address or if you only have a small organization, you could formulate it yourself. This will be discussed in later chapters of the course. Private Intranet needs a firewall if they would need to connect to the public internet. A firewall is a computer that regulates such communication.
113
Module 1-13. Host Names Although systems and other network devices identify hosts by IP addresses, users and applications find IP addresses to be cumbersome method for identifying network hosts: IP addresses are not easily memorizable. Users access many hosts on a regular basis will have a hard time memorizing. Everytime the network topology is changed, IP address are likely to change too.
For these reasons, many users and applications prefer to reference network hosts by Host Names. A Host Name is a user-friendly, easily remembered nickname assigned to each host in the network. There are four rules in choosing a host name for a sysem: The maximum length for the host name is eight characters Host names must only contain letters, numbers and underscores. Punctuation marks and other characters are not allowed. Every host name must be unique.
Choose a meaningful host name. a systems host name may be based on its primary function, user, geography, or any other scheme that the users find memorizable. To view the systems hostname, we use the command:
#hostname Mailsrvr
114
Module 1-14. Resolving Host Names to IP Addresses Although the users may prefer to identify hosts by host names, every host must still have an IP address, and every outgoing packet must have a destination IP address. There are three mechanisms that could be used to convert host names to their corresponding IP addresses: The /etc/hosts file. Each system maintains its own file which lists the names and IP addresses of the other nodes. Network information Service. One system, the NIS Server, maintains a list of all the nodes and IP addresses on the network. When resolving IP addresses, all systems reference the NIS server. Domain Name Service. DNS uses a distributed database of host/IP addresses. Thousands of DNS Servers are scattered across the internet and share responsibility for resolving host names to IP addresses.
115
Module 1-15. TCP/IP Protocol Architecture The TCP/IP communications suite was designed with modularity in mind. This means that instead of developing a solution which integrates all aspects of communications in one single piece of code, the designers wisely chose to break the puzzle into its constituent components and deal with them individually while recognizing the interdependence joining the pieces together. Thus, TCP/IP evolved into a suite of protocols specifying interdependent solutions to the different pieces of the communications puzzle. This approach to problem solving is normally reffered to as the layering approach. Consequently, hereafter, reference will be made to the TCP/IP suite as a layered suite of communications. The above figure shows the four-layer model of the TCP/IP communications architecture. As shown in the diagram, the model is based on an understanding of data communications that involves four sets of interdependent processes: application representative processes, host representative processes, network representative processes, and media access and delivery representative process. Each set of processes take care of the needs of entities it represents whenever an application engages in the exchange of data with its counterpart on the network. These process sets are grouped into the following four layers: application layer, host-to-host (also known as transport) layer, internet layer, and network access layer. Each of these layers may be implemented in separate, yet interdependent, pieces of software code. Application Layer application representative processes take care of reconciling differences in the data syntax between the platforms on which the communicating applications are running. Communicating with an IBM mainframe, for example, might involve character translation between the EBCDIC and ASCII character sets. While performing the translation task the application layer (for instance, application representative process) need not have (and shouldnt care to have) any understanding of how the underlying protocols (for instance, at the host-to-host layer) handles the transmission characters between hosts. Examples of protocols supported at the application layer include FTP, TELNET, NFS, and DNS. Host-to-Host Transport Layer host representative processes (for example, the host-to host, or transport, layer) take care of communicating data reliably between applications running on hosts across the network. It is the responsibility of the host representative process to guarantee the reliability and integrity of the data being exchanged, without confusing the identities of the communication applications. For this reason the host-to host layer is provided with the
116
mechanism necessary to allow it to make the distinction between the applications on whose behalf it is making data deliveries. In other words, assume that two hosts, tenor and alto, are connected to the same network. Internet Layer The internet layer is responsible for determining the best route that data packets should follow to reach their destination. If the destination host is attached to the same network data is delivered directly to that host by the network access layer; otherwise, if the host belongs to another network, the internet layer employs a routing process for discovering the route to that host. Once the route is discovered, data is delivered through intermediate devices, called routers, to its destination. Routers are special devices with connections to two or more networks. Every router contains an implementation of TCP/IP up to and including the internet layer. Network Access Layer The network access layer is where media access and transmission mechanisms take place. At this layer, both the hardware and the software drivers are implemented. The protocols at this layer provide the means for the system to deliver data to other devices on a directly attached network. This is the only layer that is aware of the physical characteristics of the underlying network, including rules of access, data frame (name of a unit of data at this layer) structure, and addressing.
117
Module 1-16. Converting IP addresses to MAC Address Every frame of data passed across a network must include both source and destination MAC addresses. To allow the system to quickly determine a remote nodes MAC address, each local kernel maintains real-time, lookup table known as the Address Resolution Protocol (ARP) cache. The ARP cache maps IP addresses of remote nodes to their corresponding MAC addresses. The ARP cache is a memory resident data structure whose content is maintained and managed by the local systems kernel. By default, the ARP cache contains the IP addresses and the corresponding MAC addresses of nodes which the local system has communicated within the last five minutes. To view the ARP cache we use the command: The figure below illustrates the events which take place between two hosts when they try to communicate with each other. In the diagram, both the IP and the MAC layer addresses are shown for both hosts. It is assumed that a user on host jade wanted to establish a TELNET session with host orbit. The following is what happens: 1. As a result user entering the command telnet jade, the application (telnet, in this case) resolves the name jade to its corresponding IP address. See the note below for an introductory description of name resolution under TCP/IP (more details are provided later in the chapter). By the end if this stage, telnet will have determined that host jades address is 148.27.38.1. Next, telnet passes the address (148.27.34.1) to TCP/IP and requests connection to the target host. Subsequently, TCP packages the request in a TCP header and passes it along with the address to the IP protocol, requesting delivery to corresponding host. At this point, IP compares jades address with other destination addresses included in its routing database. Because both the source and target host have the same network id (148.27.0.0), IP decides to make a direct delivery to jade. Subsequently, IP encapsulates the request passed to it by TCP in an IP datagram, including the destination and source IP addresses (148.27.34.1 and
2.
3.
118
148.27.2.5). Then it submits the datagram, along with jades IP address to the network access layer for delivery on the physical network. This is where ARP comes in to handle the resolution of the IP address and this is useless from Ethernets point of view (assuming Ethernet at the Mac layer) to a MAC address which Ethernet understands. Put differently, ARP translates the symbolic IP address, assigned by the administrator, to the corresponding physical address which the host uses to identify itself at the physical and data link levels. ARP handles address resolution by sending out of the MAC interface (Ethernet) a broadcast message known as ARP request, which simply say, I, host 148.27.34.1. Among the hosts which receive the broadcast, only jade responds using a directed ARP response packet which says, I am 147.27.34.1, and my physical address is 0x0000c015ad18. At this point, both hosts become aware of the others physical identity. The network access layer (on host orbit) then proceeds to the actual phase of data exchange by encapsulating the IP datagram, which is kept on hold until the ARP query was favorably answered in a data frame and sending it to host jade.
4.
5.
119
Module 1-17. Packet Flow with TCP The two main rules that govern how nodes communicate with each other are the Transmission Control Protocol (TCP) and the User Datagram Protocol (UDP) protocols. The TCP protocol requires more overhead but provides more reliability than UDP. Two important concepts in TCP: 1. 2. TCP is a connection oriented protocol. A communication session is established between the two nodes before the data is exchanged. TCP is a reliable protocol. For every datagram sent, an acknowledgement is returned by the receiver. If an acknowledgement is not received, the transmitting node must retransmit the packet.
To transfer data from one node to another using TCP, follow these steps: 1. 2. 3. 4. 5. 6. Before any data is transmitted, a communications sessions is established between the two nodes. Prior to sending data, the sending segments the data into smaller datagram packets. The datagram packets are sent to the destination node. Upon receiving the datagram packets, the destination node sends acknowledgements packets back to the source node. The sending node automatically retransmits unacknowledged datagrams. Upon successfully transmitting all datagrams to the destination node, the connection between the two nodes are closed. Once all diagrams have been received by the destination node, they are reassembled in their proper sequence.
120
Module 1-18. Packet Flow with UDP The second common protocol used between two nodes on a network is the User Datagram Protocol (UDP). UDP requires less network overhead than TCP, but it doesnt provide an acknowledgement mechanism. 1. 2. UDP is a connectionless protocol. No communication session is established before the source node sends the first datagram. UDP is an unreliable protocol. The receiving node does not send acknowledgement packets back to the source node. The source node never knows whether packets arrived at the destination node. To transfer data from one node to another using UDP, we follow these steps: 1. 2. 3. Packets cannot be segmented or streamed; a packet is always sent as a single message. No connection is opened with the node; the packet is simply sent to the node. No acknowledgment is sent back to the original sender. Since the original sender never knows if packet is received, sender never retransmits The receiver does not know if it received all of the intended packets. With UDP, the application is responsible is application is responsible for ensuring data transmission is complete.
121
Module 1-19. Sending Data to Applications via Ports MAC addresses, IP addresses, TCP and UDP are all used to get packets from node to node on a network. Each node though may have dozens, if not hundreds of network services and applications running simultaneously. When data packet arrives on a systems LAN interface, how does UNIX determines which application should receive that packet. Every network application is assigned a unique Port Number that distinguishes that application from all others. Network host specifies which application should receive a packet by including a destination port number in outgoing packets. To view each applications port number, open the /etc/services file.
#more/etc/services #service port/transport tcpmux 1/tcp echo 7/tcp echo 7/udp discard 9/tcp sinknull discard 9/udp sinknull systat 11/tcp users systat 11/udp users daytime 13/tcp daytime 13/udp netstat 15/tcp netstat 15/udp qotd 17/tcp qoute qotd 17/udp qoute ftpdata 20/tcp ftp 21/tcp telnet 23/tcp smtp 25/tcp mail time 37/tcp timeserver time 37/udp timeserver name 42/tcp nameserver name 42/udp nameserver whois 43/tcp nickname More
122
Module 1-20. Managing Ports with Sockets A packets destination application can be identified by the packets destination port number. But what if two or more client access the same service simultaneously? And how do they determine which packet belong to which host? Sockets provide the solution to these problems. A socket is simply an address which identifies a specific network application running on a specific host. A socket address is formed by appending a destination port number to a destination IP address. A socket Connection is defined by the pairing of two sockets together. The first socket identifies a network program on the client node (i.e. 128.1.1.2.50001), and the second socket identifies a network daemon on the server side (i.e. 128.1.1.1.23). The socket connection would then be 128.1.1.2.50001-128.1.1.1.23
123
Module 2.
LANHardware
Objectives: After the completion of this module, the student is expected to: Describe the different LAN hardware and components Describe the factors affecting data transmission Enumerate and describe the different types of transmission media Enumerate and describe the different types of LAN topologies Describe the different LAN Access Methods Enumerate and describe the different connectors us in a LAN Describe the IEEE standards used in Networking
124
Module 2-1. LAN Hardware Components Every LAN is likely to be composed of Workstations and Server nodes, each having a Network Interface Card or NIC. These nodes are interconnected via different transmission media types, such as twisted pair, coax and optical fiber. Each LAN could be organized using several topologies, including bus, star and ring. These nodes could then access each others resources using several methods such as token passing and CSMA/CD. Other devices that could be found in a LAN are: Hubs Repeaters Bridges Switches Routers
125
Module 2-2. Factors Affecting Data Transmission Bandwidth This is the measure of the channel capacity. The wider the bandwidth, the greater the capacity. Bandwidth could be a greater channel (baseband), or it can consist of multiple channels (broadband). Electrical Interference Electrical noise from sources such as telephone and power lines may cause interference with data as it is transmitted over network cables. Shielding the cable reduces errors caused by these interference. Attenuation Attenuation is the weakening of signal as it travels along the transmission media. As the signal weakens, external interferences increases and errors may occur. To boost the signals, amplifiers (analog) and repeaters (digital) are used.
126
Module 2-3. Transmission Media Twisted Pair Cable The Twisted-Pair Cable consists of two single wires, each encased in color-coded plastic insulation, and then twisted together to form a pair. Unshielded twisted-pair was originally designed for telephones. Due to recent technologies, these cables could now be used to transmit both Data and Voice signals. Twisted-pair cable can be used in powerful workstations and large networks. It supports distance of up to 100 meters. The distance may be increased using amplifiers or repeaters. Unshielded Twisted-Pair Cable Categories
UTP Category
Bandwidth
Designation
Support
Cable Length
Category 3
15 MHz
Voice Grade
10Base-T
100m
Category 4
20 MHz
None
10 Base-T
100m
Category 5
100 MHz
Data Grade
10 Base-T 100Base-T
100m
Category 5 is now the standard for creating new networks, though, some networks still use Category 3 UTP because it is the standard telephone wires and works well with 10Mbps networks. Coaxial Cable Coaxial Cable consists of a central conductive wire surrounded by a shield of either fine copper mesh or extruded aluminum sleeve. Between the center conductor is a dielectric material. Coaxial cable is heavier and stiffer to handle than UTP cable. Coaxial cable supports simultaneous transmission of voice, data and video. It is typically used as a backbone, the cable connecting different networks over a major transmission path. Coaxial cable supports an errorfree transmission rate of 10Mbps.
127
Optical Fiber Cable The Optical Fiber cable is made up of glass fiber that transmits data using light pulses. Optical Fiber cable could support extremely high bandwidth using a small cable. It is immune to electrical interference hence; it could transmit error-free data within great distances. The cable is inexpensive but is difficult to install. It is currently limited to point-to-point connections. Optical Fiber supports transmission rates of 10Mbps and 100Mbps. Comparison of LAN Transmission Media
Twisted Pair
Coaxial
Optical Fiber
Transmission Rate
10Mbps and 100Mbps over 100m
10Mbps over 500m
10Mbps and 100Mbps up to 1Km
Flexibility
Flexible
Stiff
Flexible
Ease of Installation
Very Easy
Relatively Easy
Difficult
Cost
Inexpensive
Moderate
Inexpensive cable, costly installation
Reliability
Good
Good
Excellent
128
Module 2-4. LAN Topologies Bus topology is commonly used wiring system in which all equipment is connected to the same cable, and none of the equipment has priority over any other. Bus networks consist of a cable with devices attached at intervals along the link. Devices are connected to the cable-by-cable taps. Messages are broadcast in all directions at the same time. Ring topology consists of nodes connected to nodes in a circular fashion. Data is transmitted from node to node in a relay manner. Each device along the cable path determines whether the message is addressed to it, or should be passed along the communications path. Star topology applies primarily to hubs and switches, where one input signal is replicated over multiple output signals. While this topology appears unique, its implementation is simply that of a collapsed Bus topology.
Module 2-5. LAN Access Methods LAN Access methods are procedures used to gain access to the bandwidth in order to send messages to other nodes on the network. CSMA/CD stands for Carrier Sense, Multiple Access with Collision Detection. It could be defined as Wait, Send and listen. A node waits for a chance to send data across the network. After sending the data, it listens if a collision
129
has occurred in the network. If a collision occurs, all colliding nodes detect the condition and wait for a random amount of time for it to retransmit. CSMA/CD is very efficient in very large LANs. Token Passing involves the passing of a token from node in a continuous manner. A node can only send data if it has the token. If a node has no message to send, it passes the token to the next node. Token passing provides access to every user. It is efficient under heavy traffic.
Module 2-6. LAN Connector Devices Repeaters and Terminators Repeaters enhance data signals thus; it can be used to extend maximum cable length. A repeater allows extending the length of LAN beyond its normal single segment length. Repeaters are generally used to connect two LAN segments. The repeater propagates the signals from one cable to another, creating a single physical network. The maximum topology is four repeaters and five segments between any two nodes of the extended segment. In this setup, it is recommended that only three segments have stations attached. Terminators delete signals at the end of the bus so that no signal reflection occurs. Remember to connect terminators on each end of a bus topology. Hubs
130
A Hub is a multi-port repeater. A hub provides a central connection point for computers and other systems. By using hubs, you could build departmental networks and increase the overall network size and the number of nodes as compared to network composed of single segment cable. A hub is the central part of a wheel where the spokes come together. The term is familiar to frequent fliers who travel through airport hubs to make connecting flights from one point to another. In data communications, a hub is a place of convergence in which data arrive from one or more directions and forward them in one or more directions. A hub usually includes a switch of some kind. (And a product that is called a switch could usually be considered a hub as well). The distinction seems to be that the hub is the place where data comes together and the switch determines how and where data are forwarded from the place where data comes together. Regarded in its switching aspects, a hub can also include a router. 1. In describing network topologies, a hub topology consists of a backbone (main circuit) to which a number of outgoing lines can be attached (dropped), each providing one or more connection port for device to attach to. For internet users not connected to a local area network, this is the general topology used by the access provider. Other common network topologies are the bus network and the ring network. (Either of these could possibly feed into a hub network using a bridge.) As a network product, a hub may include a group of modem cards for dial-in users, a gateway card for connections to a local area network (for example, an Ethernet or a token ring), and a connection to a line Remember that hubs: Automatically repeat the signal across every port Physical star topology, but is implemented as a logical bus toplogy Can easily add/remove nodes without disrupting the network Do not filter a data, thus errors and collisions are passed through Usually use twisted pair instead of coax for workstation connections
2.
Bridges
A bridge is a product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or token ring). You can imagine a bridge as being a device that decides whether a message is going to the local area network in your building or to someone on the local area network in the building across the street. A bridge examines each message on a LAN, passing those known to be within the same LAN, and forwarding those known to be on the other interconnected LAN (LANs). In bridging networks, computer or node addresses have no specific relationship to location. For this reason, messages are sent out to every address on the network and accepted only by the intended destination node. Bridges learn which addresses are on which network and develop a learning table so that subsequent messages can be forwarded to the right network. Bridging networks are generally interconnected local area networks since broadcasting every message to all possible destinations would deluge a larger network with unnecessary traffic. For this reason, router networks such as the Internet use a scheme that assigns addresses to nodes so that a message or packet can be forwarded only in one general direction rather than forwarded in all directions. Abridge works at the data-link (physical network) level of a network, copying a data frame from one network to the next network along the communications path. Like repeaters, bridges could also be used to extend a LAN. They could also improve security by restricting traffic flow. Networks with could be extended with up to eight bridges between any two nodes Switches
131
A Switch is a network device that selects a path or circuit for sending a unit of data to its next destination. A switch may also include the function of the router, a device or program that can determine the route and specifically what adjacent network point the data should be sent to. In general, a switch is a simpler and faster mechanism than a router, which requires knowledge about the network and how to determine the route. A switch offers much of the same advantages as the bridge. Like a bridge, a switch could be used to connect many types of LAN, and can filter frames by MAC address in order to divide a busy network into separate segments. Unlike a bridge, a switch is able to manage multiple parallel conversions across its ports which can help improve the performance of LAN. Relative to the layered Open Systems Interconnections (OSI) communication model, as witch is usually associated with layer 2, the Data-Link layer. However, some switches especially the new ones also perform the routing functions of layer 3, the Network layer. Layer 3 switches are also sometimes called IP switches. On larger networks, the trip from one switch point to another in the network is called a hop the time it takes a switch to figure out where to forward a data unit is called its latency. The price paid for having the flexibility that switches provide in a network is this latency. Switches are found at the backbone and gateway levels of a network where one network connects with another and at the subnetwork level where data is being forwarded close to its destination or origin. The former is often known as core switches and the later as desktop switches. In simple networks, a switch is not required for messages that are sent and received within the network. For example, a local area network may be organized in a token ring or bus arrangement in which each possible destination inspects each message and reads any message with its address. Routers Routers connect two or more independent networks with different network IP addresses. Routers are needed to communicate with remote networks. A router is a device or, in some cases, a software in a computer, that determines the next network point to which a packet should be forwarded toward its destination. The router is connected to at least two networks and decides which way to send each information packet based on its current understanding of the state of the networks it is connected to. A router is located at any gateway (where one network meets another), including each Internet pointof presence. It is often included as part of a network switch. A router may create or maintain a table of the available routes and their conditions and use this information along with distance and cost algorithms to determine the best route for a given packet. Typically, a packet may travel through a number or network points with routers before arriving at its destination. Routers are able to connect networks that are totally different in the OSI Layers 1 to 3. Routers forward packets based on destination IP addresses. They exchange routing information and use this information to build routing tables. Routing Tables contain the IP addresses of different networks and other routers where they could pass packets to determine their destination node. Each router has a minimum of two LAN cards, each having its own IP address belonging to different IP networks. Gateway A gateway is a network point that acts as an entrance to another network. On the Internet, a node or stopping point can be either a gateway node or a host (end-point) node. Both the computers of internet users and the computers that serve pages to users are host nodes. The computers that control traffic within your companys network or at your local Internet service provider (ISP) are the gateway nodes.
132
In the network of an enterprise, a computer server acting as a gateway node often is acting as a proxy server and a firewall server. A gateway is associated with both a router, which knows where to direct a given packet of data that arrives at the gateway, and a switch, which furnishes the actual path in and out of the gateway for a given packet. Gateways match up all the seven layers of the OSI model. They connect very dissimilar network architectures, such as Ethernet-TCP/IP and IBM SNA. Gateways are special-purpose computers with associated software, and at least two network interface cards. Gateway must convert all layers of the OSI model. This could slow the performance of the network. Gateways could perform the tasks of bridges and routers.
Module 2-7. The IEEE Standards The IEEE 802.3 Standard The main features of the IEEE 802.3 Standard are:
Topology Access method Medium Signaling techniques
Bus CSMA/CD Coaxial Cable, Twisted-Pair, Optical Fiber Baseband, 10MHz, Manchester Code
The most significant advantage of the IEEE 802.3 standard is the large number of vendors who design nodes and other devices for attachment to this type of network. The most important sub-specifications of the IEEE 802.3 Standard 10Base5 10Mbps baseband Ethernet specification using standard (thick) 50-ohm baseband coaxial cable, with a distance limit of 500 meters per segment. 10Base2 10Mbps baseband Ethernet specification using 50-ohm thin coaxial cable, with a distance limit of 185 meters per segment. 10BaseT 10Mbps baseband Ethernet specification using two pairs of twisted-pair cabling (category 3,4 or 5), one pair for transmitting data, the other for receiving, with an average distance limit of 100 meters per segment.
133
100BaseT 100Mbps baseband Ethernet specification using Unshielded Twisted-Pair (UTP) wiring. The same signaling technique used by 10baseT.
Supported Cable Types
Thin LAN
Standard Medium Topology Segment Length Nodes per Segment Distance between nodes Speed
Thick LAN EtherTwist

10Base5 Coaxial Bus 500 meters 10BaseT Twisted-Pair Star 100 meters
Fiber-Optic
FOIRL Fiber-Optic Star 2 km
10Base2 Coaxial Bus 185 meters
30
1000
0.5 meters
2.2 meters
N/A
N/A
10Mbps
10Mbps
10-100Mbps
100Mbps
The IEEE 802.5 Standard The main features of the IEEE 802.3 Standard are:
Ring Token passing Twisted-Pair Cable Baseband, 1-16MHz, Diff. Manchester
The 802.5 standard defines the ring network using the token passing access method. IEEE 802.5 ring network is often referred to as the IBM token ring network, because it is based on the LAN networking technologies developed by IBM. The IBM token ring network is the most prevalent IEEE 802.5 compatible network. The FDDI standard
134
The main features of the Fiber Distributed Data Interface (FDDI) Standard are:
Dual Ring Token Passing Twisted-Pair and Fiber-Optic Cable Baseband, 100 MHz, NRZI Code
The FDDI network consists of two independent 100Mbps rings; the primary and the secondary. The Dual-ring approach provides redundancy and the ability to reconfigure the network under fault condition. An FDDI ring has two station types: Dual-Attach (Class A), which connects to either primary or secondary rings, but not to both.
135
Module 3.
ConfiguringIPConnectivity
Objectives: After the completion of this module, the student is expected to: Have an overview of TCP/IP Configuration Verify LAN Card Configuration Describe the Network Startup Files Configure IP Connectivity Configure IP Multiplexing Configure the /etc/hosts file
136
Module 3-1. TCP/IP Configuration Overview These steps should be followed when setting up a system for communication with a network: Obtain an IP address and hostname from the IT department or ISP Physically install the LAN card Install the appropriate LAN software Verify if the new card was successfully configured Configure Link Layer connectivity Configure IP multiplexing (optional)
Your organization must maintain an up-to-date network map and information table to record which host used which IP address and hostname. This method simplifies the troubleshooting of the network. The information table should contain the following about each host: Manufacturer Model Number OS type and version LAN card type IP address and Hostname MAC address Administrator name
137
Module 3-2. Installing LAN Software The first step in configuring a network connection is to physically install a LAN card to your system. Check the UNIX manual if the LAN card is supported. In order to use the LAN card properly, you need to install the proper Networking software on your system. The networking software is bundled with every UNIX OS and most likely is already installed on your system since the default installation. To verify if the software is installed, use:
#swlist -l product Networking
If the software is not yet installed, then use the following command to install the product:
#swinstall(followthemenuthatfollows)
138
Module 3-3. Verifying LAN Card Configuration Assuming that the LAN card and the networking software were properly installed on the system, the UNIX system should now be able to recognize the LAN card upon boot up. To verify if the LAN card was properly configured, use the following command:
#ioscanfunClan
Check the ioscan output and verify the following: If the card appears in the output If the cards S/W state is CLAIMED If it has the proper device files
Diagnostic Device Files Diagnostic device files are required by the LAN diagnostic tools linkloop and lanadmin. These are called DLPIs or Data Link Provider Interface. These are used for network troubleshooting. To verify for the diagnostic device files, use the ls | or || command:
#lsl/dev/dlpi/*
If the diagnostic device files for the LAN card are missing, then you should recreate them using the command:
#cd/dev #insfddlpie
139
Module 3-4. Network Startup Files During the system startup process, the /sbin/rc program starts up several scripts in the /sbin/init.d directory. These scripts read configuration parameters from the configuration files found in the /etc/rc.config.d directory, and initialize the network connection. Note that the scripts in /sbin/init.d should never be modified. Startup script configurable parameters should only be modified via the configuration file in the /etc/rc/config.d.
140
Module 3-5. Configuring IP Connectivity The /etc/rc.config.d/netconf file is the primary TCP/IP configuration file for the HP-UX system. This is read by several startup scripts that configure everything from the system host name to the dynamic routing protocol. The first lines of the netconf file would lokk like the following:
HOSTNAME=mailsrvr OPERATING_SYSTEM=HP-UX LOOPBACK_ADDRESS=127.0.0.1
The following blocks of lines found in the netconf file are:
INTERFACE_NAME[0] #usethenameshowninlanscan IP_ADDRESS[0]=192.168.250.1 #settheIPaddressusingthisparameter SUBNET_MASK[0]=255.255.255.0 #theIPsNetmaskindecimalformat BROADCAST_ADDRESS[0]=192.168.250.255 #theIPsbroadcastaddress INTERFACE_STATE[0]=up #bringcardupatboottime DHCP_ENABLEP[0]=0 #if1,theIPaddresswouldbeassignedbyaDHCPServer
The ifconfig command is used to configure, or to check the configuration values of, the network interface card. You can use ifconfig to assign the network interface an IP address, netmask, broadcast address, or change some of its parameters. To set the IP address form the command line, use the following command:
#ifconfiglan0192.168.250.1netmask255.255.255.0up
If you are using Linux, you need to use the eth# lan card device file. The command needed is:
#ifconfigeth0192.168.250.1netmask255.255.255.0up
Note that when configuring the IP address from the command line, the IP address will be reset once you reboot the computer. If you want the IP address to be set every time the system boots, then you should edit the /etc/rc.config.d/netconf file and add the lines above.
141
Module 3-6. Configuring IP Multiplexing IP Multiplexing makes it possible to assign multiple IP addresses to a single physical interface card. This is done by modifying the /etc/rc.config.d/netconf file. Note that we only need to add some lines in the file. The following are modifications that should be done.
INTERFACE_NAME[0]=lan0: IP_ADDRESS[0]=192.168.150.1 SUBNET_MASK[0]=255.255.255.0 INTERFACE_NAME[1]=lan0:1 IP_ADDRESS[1]=192.168.200.1 SUBNET_MASK[1]=255.255.255.0 INTERFACE_NAME[2]=lan0:2 IP_ADDRESS[2]=192.168.250.1 SUBNET_MASK[2]=255.255.255.0
After creating such modification, activate the other IP addresses by rebooting the system or by using the following commands:
#/sbin/init.d/netstart #ifconfiglan0:0192.168.150.1netmask255.255.255.0up #ifconfiglan0:1192.168.150.1netmask255.255.255.0up #ifconfiglan0:2192.168.150.1netmask255.255.255.0up
For linux users, be sure to use the following commands:
#/sbin/init.d/netstart #ifconfigeth0:0192.168.150.1netmask255.255.255.0up #ifconfigeth0:1192.168.150.1netmask255.255.255.0up #ifconfigeth0:2192.168.150.1netmask255.255.255.0up
142
Module 3-7. Configuring the /etc/hosts File The /etc/hosts file is one of the mechanisms used by hosts to resolve hostnames to IP addresses. Each /etc/hosts file entry should have an IP address and an associated hostname. Each entry should also contain one or more aliases, and an optional comment preceded by a # sign. At a minimum, the /etc/hosts file should contain entries for: Each IP address listed in the /etc/rc.config.d/netconf The 127.0.0.1 loopback address
Additional entries may be added using the vi, or any other text editor. Fields can have any number of blanks or tabs separating them There should only be one host entry per line Do not include leading zeroes in IP addresses Do not delete the localhost/loopback line.
143
Module 4.
ConfiguringRouting
Objectives: After the completion of this module, the student is expected to: Describe the concepts of routing Describe what a routing table is and how it works Configure static routes between networks Configure default routes
144
Module 4-1. Routing Concepts The internet is composed of many physical networks. Network devices known as routers and gateways interconnect these networks. A network router is a device that is physically connected to two or more networks, and is capable of passing packets between these networks. Routing is perhaps the most important function that the internet protocol performs. IP distinguishes between hosts and gateways. A gateway in TCP/IP is actually a router that connects two or more networks for the purpose of providing forwarding services between them. A host is the end system where user applications run. By default, routing on hosts is limited to the delivery of the datagram directly to the remote system, if both hosts are attached to the same network. If not, IP delivers the datagram to a default gateway (i.e. router). The default gateway is defined by the host during TCP/IP configuration, and a router attached to the same network, which the host should trust for assistance in deliveries made to other hosts on remote networks. Currently, the networking industry makes a distinction between a router and a gateway. Routers are said to provide routing services between networks supporting the same network protocol stacks. Gateways, on the other hand, connect networks of dissimilar architectures.
145
Module 4-2. Routing Tables IP protocol performs its routing function by consulting a database that contains information about routes (networks) that it recognizes. This database is called the Route Information Table (RIT), and it is built and maintained by yet another protocol called the Route Information Protocol (RIP). RIP handles route discoverythat is, it is a process whose main purpose is to identify ll the networks on the internetwork and all routers that are closest to each network. RIP is a protocol that runs on all hosts on routers. Hence, every RIP constructs and maintains the database (road map) from the perspective of the workstation or router in which it is running. The RIP includes the following information on each destination it recognizes on the internetwork: Distance: serves as an indication of how far the destination is from the host or router. Normally, it is equal to the number of intervening routers the datagram has to go through to reach its destination. Distance is also referred to as the metric, or number of hops. Next Router: includes the IP address of the router that is trusted to be closer to the destination, and therefore the datagram should be forwarded to the delivery. Output port: specifies which of the network interfaces in the host (if multi-homed) or router is attached to the same network as the next router.
Routing Table for Router A Destination Network

128.1.0.0/16 129.1.0.0/16 130.1.0.0/16
Routing Table for Router B
Next Hop
Destination Network
128.1.0.0/16 129.1.0.0/16 130.1.0.0/16
Next Hop
128.1.0.1 129.1.0.1 129.1.0.2
128.1.0.1 129.1.0.1 129.1.0.2
The first element in each entry identifies a destination network address. When a router receives a packet, it compares the packets destination IP address to the destination network an addresses in the routing table until a matching entry is found. Each route table entry also identifies the next hop required to get to the associated destination network. If the router has a direct connection to the destination network, the hop field specifies the IP address of the router LAN card connected to that network.
146
Module 4-3. Viewing Routing Tables
The UNIX command to display the contents of the routing information table is netstat -rn as shown below:
#netstatrn Routingtables DestinationGatewayFlagsRefsUseInterface Pmtu 127.0.0.1 127.0.0.1 UH 1 0 lo0 4136 87.45.3.4 198.53.237.20UGH 0 0 lan0 4136 100 100.0.0.2 U 4 51 lan0 1500 221.78.39 198.53.237.20UG 0 0 lan0 1500 Default 198.53.237.5UG 0 0 lan0 1500 198.53.237 198.53.237.1U 3 624 lan0 1500
The Destination column refers to the address of the network or host. When a host IP address is specified (as in the first and second entries), the destination is reffered to as specific route. The Gateway column refers to the next router. The Flags column provides status information about the route. Each of the characters in the column describes a specific state. The interpretation of flag characters is U: the route is up. This implies that the destination is reachable. H: the route is specific, or leads to a certain host (as shown in the first and second entries in the above example. G: the route is indirectly accessible via other routers. If the G flag is not set it means that the router (or host) is directly connected to that route D: the route is created by the ICMP protocols route redirect message. M: the route is modified by the ICMP protocols route redirect message. The Refs column shows the number of active connections over that route. Active connections can bu due to ongoing FTP or TELNET sessions among others. Any service or application that utilizes TCP as the underlying protocol increments this column by one when invoked. The Use column keeps track of the number of packets that transverse this route since TCP/IP was started. The interface column includes the name of the local interface from which the datagram should be forwarded to the next router. Upon configuring a network interface card. The Pmtu displays the maximum transmission unit size on the interface card used by the route.
147
Module 4-4. Configuring Static Routes Use the route command to dynamically add and remove route table entries. Using the route add command a static route can be entered to the routing table of a UNIX host. The syntax of the route command is:
#routeaddhost|netdestination_address<netmasknetmask> next_routerhops
host|net: use host if adding a route to a host, use net if adding a route to a network destination_address is the route you want to add to the routing table. netmask is the netmask of network you are routing to, that is if you opt to use net next_router is the address of the next router where to forward the datagram hops is a measure of distance to the destination, normally expressed in number of intervening routers.
The following example shows how to add a new destination to the routing table:
#routeaddhost129.1.1.1128.1.0.11 #routeaddnet129.1.0.0netmask255.255.0.0128.1.0.11
To add or delete a route, the route delete command is used. The syntax is as follows:
#routedeletehost|netdestination_addressnext_router
The following example shows how to delete a destination from the routing table:
#routedeletehost129.1.1.1128.1.0.1 #routedeletenet129.1.0.0netmask255.255.0.0128.1.0.1
To flush all the entries of routing table:
#routef
148
Module 4-5. Configuring the Default Route Individual hosts on a network generally maintain routing tables with very few entries. Every host can directly deliver data packets to other hosts on the same network. To reach other networks, most hosts define the nearest dedicated router as the default route in the routing table. The default route is used whenever there is no specified route in the routing table to a destination. To define the default route, use the following command:
#routeadddefaultnext_routerhops
next_router is the address of the next router where to forward the datagram. hops is a measure of distance to the destination, normally expressed in number of intervening router.
For example, to add a default route to the 128.1.0.0 network, use:
#routeadddefault128.1.0.11
149
Module 4-6. Configuring Routes in /etc/rc.config.d/netconf
To setup routing every time the system starts, edit the /etc/rc.config.d/netconf file and add entries to it. The following are the parameters that you need to modify.
#vi/etc/rc.config.d/netconf ROUTE_DESTINATION[0]=net129.1.0.0 ROUTE_MASK[0]=255.255.0.0 ROUTE_GATEWAY[0]=128.1.0.1 ROUTE_COUNT[0]=1 ROUTE_ARGS= ROUTE_DESTINATION[1]=default ROUTE_MASK[1]= ROUTE_GATEWAY[1]=128.1.0.1 ROUTE_COUNT[1]=1 ROUTE_ARGS
ROUTE_DESTINATION is the address of the host or network you want to route ROUTE_MASK is the netmask of the network you want to route ROUTE_GATEWAY is the IP address of the next router ROUTE_COUNT is the number of hops/routers from your network to the destination network ROUTE_ARGS are routing arguments that could be added Note that the [n] signifies the instance of the route. [0] means it is the first route, [1] means it is the second, etc.
To start the routing capability without rebooting use the following command to reinitiate the network service:
#sbin/init.d/netstart
150
Module 5.
Subnetting
Objectives: After the completion of this module, the student is expected to: Describe the limitations of large networks Describe the subnetting concepts Describe and create subnet address
151
Module 5-1. Limitations of Large Networks Since Class A and Class B networks may contain to many nodes, there are various limitations to be considered. These include: Limitations imposed by the underlying physical network depending on the type of physical network, there is an upper limit on the number of hosts that can be connected to the same network. Ethernet 10BASE-T, for example, imposes a limit of 1024 nodes per physical network. Network Traffic sometimes it might not be feasible to reach the maximum allowable limit of nodes on the underlying physical network. Depending on the amount of traffic applications generated on the network, you might resort to breaking the network into smaller subnetworks to alleviate prevailing network congestion conditions. Administrative challenges simply keeping track of who has which IP address in a 16million node network would be an administrative challenge for even the best network administrator. Poor Network Performance all these issues result in degraded performance as more and more hosts compete for limited bandwidth on a network.
In recognition of the eventual requirement that organizations might need to break their networks into smaller subnetworks, the TCP/IP protocol stack supports the use of same network address to achieve this objective. The use of same network address to achieve this objective. The use of same network address to implement router-connected subnetworks is achieved by modifying the IP address structure, to extend the network ID portion beyond its default boundary. The mechanism for doing such is called Subnetting.
152
Module 5-2. Subnetting Concept Subnetting concept makes it possible to divide a large network IP address into several smaller, more manageable subnets. This network has been divided into 254 subnets. Each of these subnets could potentially have up to 254 hosts. This Subnet addresses are broken as follows:
SubnetAddresses 128.1.1.0 128.1.2.0 ... 128.1.253.0 128.1.254.0
Subnets are separated from one another by routers, which overcome both collision and topological issues.
153
Module 5-3. Addresses in a Subnetted Network In a non-subnetted network, each IP address has just two portions. A portion of the ips bits identify the network on which the host is attached, and the remaining bits uniquely identify individual hosts on the network. Subnetted IP addresses have a third component as well a portion of the IP address host bits are used to define the subnet in which the host belongs. Non-subnetted network: IP addresses have two components
128 1 0 0 10000000.00000001.00000000.00000000 Network Host

Subnetted Network: IP addresses have three components
128 1 0 0 10000000.00000001.000000000.00000000 Network SubnetHost
154
Module 5-4. Netmask in a subnetted Network For routers and other network devices, determining where the network/subnet portion of an IP address ends and where the host portion of an IP address begins on a subnetted network, is determined by the Netmask. Just like the Netmask in a non-subnetted IP address, all Network bits are replaced with 1 and this time, all Subnet bits are also replaced with 1. Netmask for a non-subnetted /16 network:
11111111.11111111.00000000.00000000=255.255.0.0 Network Host Netmask
Netmask for /24 subnetworks on a /16 networks:
11111111.11111111.00000000.00000000=255.255.0.0 NetworkSubnetHostNetmask
155
Module 5-5. Subnet Addresses A single network may have multiple subnets. The network bits for all hosts on all of the subnets within a network will be the same. However, each subnet is assigned a unique subnet address. The subnet address is defined in the subnet bits specified by the Netmask. Network 128.1.0.0/16 subnetted into 254 subnets
10000000.00000001.00000001.00000001stsubnet 10000000.00000001.00000010.00000002ndsubnet 10000000.00000001.00000011.00000003rdsubnet ... 10000000.00000001.11111110.00000000254thsubnet
With eight subnet bits, it is possible to represent 256 address:
00000000=0 00000001=1 00000010=2 00000011=3 ... 11111110=254 11111111=255
Notallowedbyrouters
Notallowedbyrouters
156
Module 5-6. Host IP Addresses on a Subnet Each subnet may contain multiple hosts. Within a subnet, all network and subnet bits must be identical for every host. However, each host must have a unique sequence of host bits to distinguish it from all the other hosts on the subnet. Just like in a non-subnetted network, the host address with all 0s represents the address of the entire subnet (Subnetted address). The host address with all 1s represents the broadcast address for the subnet (Subnetwork broadcast address). All other addresses within the subnet may be used for hosts. IP address for subnet 128.1.1.0/24:
Subnet#1:10000000.00000001.00000001.00000000=128.1.1.0/24 Host#1:10000000.00000001.00000001.00000001=128.1.1.1/24 Host#2:10000000.00000001.00000001.00000010=128.1.1.2/24 ... Host#253:10000000.00000001.00000001.11111101=128.1.1.253/24 Host#254:10000000.00000001.00000001.11111110=128.1.1.254/24 Broadcast:10000000.00000001.00000001.11111111=128.1.1.255/24
With eight bits, it is possible to represent 256 values.
00000000=0SubnetworkAddress 00000001=1 00000010=2 ... 11111101=253 11111110=254 11111111=255 SubnetworkBroadcastaddress
157
Module 5-7. Subnetting on a Non-Octet Boundary Subnetting on a non-octet boundary simply means that the subnet/host boundary does not fall on an octet boundary. Network 192.6.12.0/24 subnetted into 6 subnets: Netmask: 255.255.255.224
Subnet#1:11000000.00000110.00001100.00100000=192.6.12.32 Subnet#2:11000000.00000110.00001100.01000000=192.6.12.64 Subnet#3:11000000.00000110.00001100.01100000=192.6.12.96 Subnet#4:11000000.00000110.00001100.10000000=192.6.12.128 Subnet#5:11000000.00000110.00001100.10100000=192.6.12.160 Subnet#6:11000000.00000110.00001100.11000000=192.6.12.192
We have chosen to break the network shown above into six subnets by using three bits from the fourth octet as subnet bits. With three bits, it is possible to represent eight values:
000=0 001=1 010=2 011=3 100=4 101=5 110=6 111=7
Notallowedbyrouters
Notallowedbyrouters
Taking three bits from the last octet to define the subnet leaves just five bits to define the host portion of the IP. IP Address on the first subnet
Subnet#1:11000000.00000110.00001100.00100000=192.6.12.32 Host#1:11000000.00000110.00001100.00100001=192.6.12.33 Host#2:11000000.00000110.00001100.00100010=128.6.12.34 ... Host#29:11000000.00000110.00001100.00111101=192.6.12.61 Host#30:11000000.00000110.00001100.00111110=192.6.12.62 Broadcast:11000000.00000110.00001100.00111111=192.6.12.63
158
Module 6.
NFSConcepts
Objectives: After the completion of this module, the student is expected to: Describe how Network File System (NFS) works Define which files should be shared via NFS Describe the different NFS roles Describe the NFS Remote Mount Model Describe NFS rules Describe the Remote Procedure Call feature
159
Module 6-1. What is NFS? Although network applications such as FTP and TELNET provide mechanisms for sharing computing resources on the network, they come with their self-imposed limitations and inconvenience. Taking FTP, as an example, unless a file was transferred to the local host, a user could not process that file using local programs and shell commands. Even worse, users had to suspend, or exit, the FTP session to process the transferred file. Also, using FTP incurs a learning curve for the commands that FTP supports are distinct from the common UNIX file system-related commands. Network File System (NFS) circumvents the limitations imposed by other file system access methods. In contrast, NFS provides the user with transparent access to remote file systems. From the users perspective, an NFSaccessible resource is treated in exactly the same way a local resource is treated. When setup, a remote file system will appear to the user as part of the local file system. There is no requirement to login, and enter a password to access an NFS file system. To the user, accessing an NFS mounted file system is a simple matter of changing directories in the UNIX file system hierarchy. NFS allows the user to process and program transparent read and write access to remotely mounted file systems. Transparency implies that programs would continue to work and process files located on an NFS-mounted file system without requiring any modifications to their code. This is because NFS is cleverly designed to present remote resources to users as extensions to the local resources. NFS allows the client-server model, where the server is the system which owns the file system resource and is configured to share it with other systems. An NFS shareable resource is usually referred to as exported file system. The client is the resource user. It uses the exported file system as if it was part of the local file system. To achieve this transparency, the client should mount the exported directory to the local file system.
160
Module 6-2. What Files should be shared via NFS? Good Candidates to be shared using NFS: Home directories Applications under /opt Operating System files under /usr Data files used by multiple nodes
Poor candidates for file sharing via NFS: Device files under /dev System-specific configuration files under /etc Dynamic Operating System files under /var Single user mode commands under /sbin
161
Module 6-3. NFS Definitions File System a logical grouping of files and directories. Within a UNIX system, file systems are grouped to form the UNIX system directory tree. Server a machine that physically owns the file system to be shared partly or completely across the network. Client a machine that uses the file system belonging to the server Export the method used by the server to make a file system available for sharing.
162
Module 6-4. The NFS Remote Mount Model The remote mount model works as follows: 1. 2. A server exports all or part of the system. A client mounts the file system onto its local file system tree by specifying the name of the server and the name of the file system.
3.
Client#mountserver:/home/user2/home/user2
The client can then access the files and directories on the remote file system as if they were on the local file system.
163
Module 6-5. NFS Rules Here are some rules that should be remembered before setting up a network to have NFS Servers and Clients: The server can export the entire file system, a directory or a file. A server can only export a local file system. The client can only access files and directories on the exported file system. Any other file systems the server mounts are inaccessible to the client. A client can mount any file or directory on the exported file, not just the root. The client can only access files and directories. If a client tries to access special devices or named pipes, they appear as local drives. Full UNIX semantics are not supported on remote file systems. This is because NFS could be used even on non-UNIX platforms. Remote file systems will be mounted using NFS Protocol Version 3 (PV3) unless otherwise overridden by the mount command.
NFS Stateless Servers performs each operation without regard for other operations that happened previously. The server machine Does not maintain state information Simply creates and returns a file handle when a client looks up a file Does not know which clients have file handles or have its files open
Implications: Operations that require state information, such as file locking, should be done via some other network services. Servers must write all data to disk before returning acknowledgements to a client.
164
Module 6-6. Remote Procedure calls Remote Procedure Call (RPC), developed by Sun Microsystems, provides the foundation supporting NFS among other network service called the RPC-based servers. RPC defines a transparent distributed computing service by which a process is split into two components, the client and the server component. The client component is local to the host that is making the RPC call to the remote network shared resource. The server component manages the shared resource and processes and responds the RPC calls it receives from the client. While the remote procedure is executing at the servers end, the local RPC-user process awaits the return results the way it would have waited if the call had been made to a local resource. Transport Support being a process/application layer protocol, RPC relies on transport layer protocols for exchanging of requests and responses between RPC clients and servers. Under TCP/IP, RPC is supported over both transports UDP and TCP. Most RPC activity is carried by the UDP transport protocol. This is mostly the case because RPC routines live a relatively short life cycle, making the overhead associated with the creation and termination of TCP connections unjustifiably high. For this reason, message sequencing built and reliability checks are built into most of the RPC servers. TCP connections are commonly established for the sake of transmitting large chunks of data. In contrast to other TCP/IP applications, such as FTP and TELNET, RPC servers do not rely on well known transport port numbers. They are, instead, dynamically assigned an available port number at boot time. A complete listing of the RPC servers supported on your host is available; lookup the contents of the /etc/rpc file. Following is partial listings of its contents:
rpcbind rstatd rusersd nfs ypserv mountd ypbind walld yppasswdd sprayd llockmgr nlockmgr statmon status ypupdated rpcnfs pcnfsd
100000 100001 100002 100003 100004 100005 100007 100008 100009 100012 100020 100021 100023 100024 100028 100116 150001
portmapsunrpcrpcbind rstatrupperfmeter rusers nfsprog ypprog mountshowmount rwallshutdown yppasswd spray
ypupdate na.rpcnfs
Each entry in this file includes (left to right) the server name, program number and optionally one or more aliases.
165
Module 6-7. Important Points Regarding RPC Here are some important points regarding the Remote Procedure Call A remote procedure call computers results based entirely on its own parameters. Thus, the procedure and the network service are not tied to any particular operating system or hardware. Each RPC takes one parameter and returns one result. By convention, all data passed onto a remote procedure and returned by a procedure should be encoded on a common data representation since different machines have different byte ordering, size and word alignment. The External Data Representation (XDR, OSI Layer 6) provides routines that remote procedures can use to encode the data into common format allowing data to be exchanged different operating systems. The Remote Procedure Call is the programmatic interface of OSI session layer (Layer 5). It uses rpcbind to access OSI transport (Layer 4).
166
Module 6-8. NFS Daemons Like many UNIX services, NFS is implemented in a set of daemons. Some of the NFS-related daemons run on the server while others run on the client. In addition, a subset of the daemons runs on both sides. Following is a description of what function each of the daemons provide as part of the overall NFS service:
nfsd
IstheNFSserverdaemon.Itrunsontheserverandisresponsibleforhandling,and respondingtoclientrequests.Ithandlesclientrequestsbydecodingrequeststo determinethenatureofthedesiredoperationandsubmittingthecalltolocalI/Odisk accessmechanismforactualexecution.Itisnormallyinvokedwhenthesystemis broughtuptorunlevelthree.Forperformancerelatedreasons,multipleinstancesof nfsdareinvoked. biod Istheblockinput/outputdaemon.ItrunsonNFSclientsandhandlesreadingand writingdatafromandtoNFSserveronbehalfoftheclientprocess.Again, performancerelatedissuesdictatethatmultipleinstancesofthisdaemonbeinvokedo theclient.Becareful,however,becauseinvokingtoomanyinstancesofbiodcan potentiallyleadtodegradationofperformance. Mountd RunsontheNFSserver.Itisresponsibleforhandlingclientmountrequests. Lockd Runbyboththeclientandserver,thisdaemonhandlesfilelocks.Ontheclientsidethe daemonissuessuchrequests,whereastheserverslockdhonorsthoserequestsand managesthelocks. runbyboththeclientandserver,thisdaemonmaintainsthestatusofcurrently enforcedfilelocks.Itsusefulnessisparticularlyrealizedduringservercrashesasit helpsclientstoreclaimlocksplacedonfilesaftertherecoveryoftheserver.
statd
167
Module 6-9. The portmap and rpcbind Daemons An RPC client process uses an RPC program number to request remote RPC program. The RPC associated with the RPC program numbers are listed in the /etc/rpc file for each RPC program. When an RPC server process starts, it register itself with portmap, telling portmap what port number it listens to, and what RPC program it is prepared to serve. When a client wants to make an RPC call to a given program number, it first contacts portmap on the server machine to determine the port number where RPC packets should be sent. The portmap daemon maps RPC programs and version numbers to TCP and UDP port numbers. This program makes dynamic binding of remote programs possible.
168
Module 6-10. NFS PV2 vs. NFS PV3 One of the most beneficial features of NFS Protocol Version 3 (NFS PV3) is its support on large files. NFS Protocol Version 2 (NFS PV2) supported a file size and offset of 32 bits wide, while NFS Version 3 supports 64 bits wide. The maximum file size in NFS PV2 is only 2 Gigabyte, while NFS PV3supports a maximum single file size of 128 Gigabytes. Thus, NFS PV3 introduces: Added support for large files Procedural and data structure changes Improved performance Changes to related protocols
169
Module 7.
ConfiguringNFS
Objectives: After the completion of this module, the student is expected to: Describe the things to consider when configuring NFS Describe how to configure NFS Servers and Clients
170
Module 7-1. NFS Configuration Considerations When designing how a group of systems will share file systems, the following should be considered: Determine the number of clients that will use the server. The greater the number of servers, the better. Consider the characteristics of the applications being used. If the application is not write-intensive, then many clients can use the server. Choose a good system to be used as a server. Consider the superuser access. Commands the require root access should not be made available to clients. Consider which file systems should be exported. Consider system files that should not be shared.
171
Module 7-2. NFS Configuring NFS Servers and Clients The steps to be taken when configuring NFS Servers and Clients: 1. 2. Keep UID and GID consistent Configure the NFS server Ensure the NFS subsystem is in the kernel 3. Edit the servers /etc/rc.config.d/netconf file Start the NFS server functionality manually Create the /etc/exports file Export the directories
Configure the NFS client Ensure the NFS file subsystem in the kernel Edit the servers /etc/rc.config.d/netconf file Start the NFS server functionality manually Create an entry in the /etc/fstab file Mount the NFS file system View the exported and mounted file systems
4.
Keep time synchronized with all other nodes.
172
Module 7-3. Keep UID and GID Consistent The UID field from an entry in the /etc/passwd file and the GID field in the /etc/group entry authenticate NFS users. The client passes this UID and GID to server for use when checking file ownership and permission. Users who have logins on multiple systems must have the same UID and GID on those systems. In the example above, it was shown that user1 from the client has a UID of 102. And that his UID in the NFS server is 101. The user with UID of 102 in the server is user2. This creates an inconsistency within the network. When user1 from the client logs on to the NFS server, he will see and own the files that belong to user2. This is the reason why we must keep UID and GID consistent.
173
Module 7-4. Ensure NFS is Enabled in the Kernel For NFS to work, the Networking subsystem and the NFS subsystem should be complied into the servers kernel. To verify if the subsystems are currently present in the kernel, use the command:
#kmsystem|grepenfselan
174
Module 7-5. Edit the NFS Servers Configuration File When the system starts up to run level 2 or higher, the startup scripts in the /sbin/rc2.d will be executed to start the NFS core and NFS client functionality. When the systems starts up to run level 3 or higher, the start up scripts in the /sbin/rc3.d will also start up NFS server functionality. The startup scripts are linked to the run scripts that reside in /sbin/init.d. The run scripts fetch configurable parameters in the /etc/rc.config.d/nfsconf file.
#vi/etc/rc.config.d/nfsconf NFS_CLIENT=1 >NFSClient NFS_SERVER=1 >NFSServer NFS_NFSD=4 >NFSD4(default) NUM_NFSIOD=4 >BIOD4(default) PCNFS_SERVER=1 >rpc.pcnfsd ... START_MOUNTD=1 >rpc.mountd
175
Module 7-6. Start NFS Server Functionality After configuring the Servers Configuration files, you need to manually initiate the NFS Server functionality. Remember that by not doing this, you need to rstart your computer. To start NFS server daemons:
#/sbin/init.d/nfs.serverstart
176
Module 7-7. Create /etc/exports File The system administrator creates and updates the /etc/exports file to control which directories are being exported by the server, and to apply restrictions to clients. UNIX systems rely on the /etc/exports file to control which directories are exported. Entries in the /etc/exports file must follow the following syntax:
Pathname[option][,option]
Where, pathname specifies the directory being exported and option specifies access-pertinent priviledges. Following is a description of the commonly supported options:
rw[=hostname][:hostname]
Rwgrantsread/writeprivilegestohostsspecifiedusingthe hostnameparameter.Ifnohostnameisspecified,then read/writeaccessisgrantedtoallhostsonthenetwork.Rwis thedefaultaccessprivilegeifnooptionisspecified. Specifiesareadonlypermissiontothedirectorybeingexported. Userattemptstowritetothedirectoryresultsinerrormessages suchasPermissiondenied,orReadonlyfilesystem. Specifiesthenamesofthehoststhataregrantedpermissionto mounttheexporteddirectory.Ifthisoptionisnotincludedinthe entryaffectingtheexporteddirectory,thenallhostsonthe networkcanmountthatdirectory(i.e.thedirectoryendsup beingexportedtoeveryhost). Grantsrootaccessprivilegeonlytorootusersfromspecified hostname(s).otherwise(i.e.ifnohostnameisspecified),root accessisdenied(bydefault)torootusersfromallhosts.
ro
Access=hostname [:hostname]
Root=hostname[:hostname] ...
Examples: 1.
/usr/share/man Exports the man pages with read-write access to every client. /home access=wrkstn1:wrkstn2 Exports the /home directories with read-write permission only to systems wrkstn1 and wrkstn2. Could also be written as /home wrkstn1 wrkstn2 /opt/games ro Exports the games directory to everyone with read-only access. /opt/applications access=wrkstn1:wrkstn2,ro Exports application directory with read-only access to systems wrkstn1 and wrkstn2. /sbin/local rw=wrkstn1:wrkstn2,access=wrkstn3 Exports /sbin/local directory with read-write access to wrkstn1 and wrkstn2 and read-only for system wrkstn3.
2.
3.
4.
5.
177
6. /etc/opt/application rw=wrkstn3,access= wrkstn1,root=wrkstn3 wrkstn3 is the only system with read-write access and its superuser is treated as root. wrkstn1 has read-only access.
Every time the system is booted, the NFS startup scripts execute and process the contents of the /etc/exports file. Normally, for performance reasons, eight instances of the nfsd daemon are started and only one mountd (or rpc.mountd, as called by some systems) is started. The mountd daemon is responsible (as explained earlier) for mounting exported file systems specified in the /etc/exports file, in response to client mount requests.
178
Module 7-8. Exporting Files and Directories An NFS server machine exports a file system, a directory, or a file via the /etc/exports file to allow NFS client systems mount access. When you boot up the NFS server, the necessary daemon will automatically be invoked and the exportfs a command will be executed. The exportfs a command looks in the /etc/exports file and transfers the export entries to the /etc/xtab file. /etc/xtab will be accessed by the mount daemon each time a request is received. Other options for exports are as follows: # exportfs a Export all files listed in /etc/exports
# export i /home Export a file system without adding it to /etc/exports
# exportfs o or -i # exportfs List exported file systems Export a file system with access restrictions
# exportfs u /home unexport a file system
# exportfs ua unexport all file systems
179
Module 7-9. Edit the NFS Clients Configuration File When the system starts up to run level 2 or higher, the startup scripts in the /sbin/rc2.d will be executed to start the NFS core and NFS client functionality. When the system starts up to run level 3 or higher, the start up scripts in the /sbin/rc3.d will also start up NFS server functionally. The startup scripts are linked to the run scripts that reside in /sbin/init.d. The run scripts fetch configurable parameters in the /etc/rc.config.d/nfsconf file.
#vi/etc/rc.config.d/nfsconf NFS_CLIENT >NFSClient NFS_SERVER=0 >NFSServer NUM_NFSD=0 >NFSD0(default) NUM_NFSIOD=4 >BIOD4(default) PCNFS_SERVER=0 >rpc.pcnfsd ... START_MOUNTD=0 >rpc.moutnd
NFS Client variables are NFS_CLIENT=1 Starts /sbin/init.d/nfs.client NUM-NFSIOD=4 Start four buffered I/O daemon /usr/sbin/biod
180
Module 7-10. Start NFS Client Functionality
After configuring the Clients Configuration files, you need to manually initiate the NFS Client Functionality. By not doing this, you need to restart your computer. To start NFS client daemons:
#/sbin/init.d/nfs.clientstart
181
Module 7-11. Mounting Guidelines Mounting remote file systems is the same as mounting local file systems. The following are some guidelines: To mount an NFS file system at boot time, the client should have an appropriate entry in the /etc/fstab file. You can manually mount and unmount NFS file systems. To check with NFS file systems are currently mounted, use the mount command without any option or argument. If a remote directory is mounted on top of a local directory containing files, the directorys files will no longer be accessible, unless you unmount the file system. You should use absolute path names referencing the servers file system or the clients mount point.
182
Module 7-12. Mounting the NFS File System The mount command is used to access and mount NFS file systems in a way similar to how it is used to mount local file systems. Mount examples: # mount Server:/home/user1 /home/user1 # mount /home/user1 Mounts /home/user1 # mount -aF nfs Mounts all file systems of type NFS listed in the /etc/fstab # mount -a Mounts all file systems listed in the /etc/fstab file # mount -v List all file systems currently mounted
183
Module 7-13. Creating a New Entry in /etc/fstab
The entry in the /etc/fstab should follow this structure:
#vi/etc/fstab Server:/home/user1 /home/user1 /nfs defaults 0 0
184
Module 7-14. Unmounting the NFS File System The umount command otells the system to unmount the named file system. Either the file system name or the directory where the file system is mounted may be specified. umount examples: # umount Server:/home/user1 Umounts the NFS file system /home/user1 from the server
# umount /home/user1 Unmounts the NFS file system mounted under the directory /home/user1
# umount -aF nfs Unmounts all NFS file systems currently mounted
# umount -a Unmounts all file systems, including NFS and local file systems
185
Module 7-15. Viewing Exported File Systems
Server Side: # exportfs Displays which file systems are currently exported
# showmount -a Displays which clients have file systems currently mounted
# showmount -e Displays file systems exported by the current server
Client Side: # mount -v Displays which file systems are currently mounted by the client
# showmount -e server Displays file systems exported by the named server
186
Module 8.
ConfiguringNIS
Objective: After the completion of this module, the student is expected to: Describe the Network Information Service (NIS) Describe how NIS works Describe NIS Domains Describe the NIS Files and Daemons Configure NIS Servers and Clients Describe how to restrict access to NIS
187
Module 8-1. What is NIS? Whenever more hosts and users are added on the network, you would normally update all the /etc/hosts and /etc/passwd files on each of the hosts to identify the new hosts and users. In a small network, this is still tolerable. But when the network becomes too large, then you might consider setting up NIS. NIS is the Network Information Service. It allows the hosts and user account files to be managed on a single system on the network called the NIS server and referenced by other systems on the network configured as NIS Clients. With NIS, when a new node or user is added to the network, a single systems files are updated and the changes are propagated out to the other nodes on the network. Another advantage of NIS is the consistency across all nodes on the network. Because all systems reference the same set of files, users need not worry about changing user account password and hostnames.
188
Module 8-2. NIS Maps The ASCII files which NIS are converted into database files when NIS is configured is also known as NIS Maps. NIS Map is sorted based on the fields to index the file. For example, /etc/passwd will be translated to a NIS map having two indices, by name (passwd.byname) and by iud (passwd.byuid). A file named ypservers is not built from an ASCII source file. It is automatically created at NIS configuration and contains a list of all the NIS clients and servers in the NIS domain.
189
Module 8-3. NIS Domains A NIS Domain is a logical grouping of nodes using the same NIS maps. There could more than one NIS domains within a physical network. Nodes that have the same Domain name belong to the same NIS domain. NIS domain-related files are stored under a subdirectory beneath the /var/yp directory of the NIS Server. The subdirectory name corresponds to the name of the NIS domain. For example, if we have a domain named research, then it would have a directory named /var/yp/research that would contain all of the NIS maps for that domain. The /etc/rc.config.d/namesvrs file on each of the system has an NIS_DOMAIN variable which may be used to set the hosts domain. Accordingly, the /usr/bin/domainname command may be used to configure the domain name of the host interactively.
190
Module 8-4. NIS Roles The major component of NIS includes the Master Server, a Slave Server and the Clients. The Master Server is the system in which the original ASCII files are kept and modified. These files are translated into maps on the master server. The Slave Server contains a copy of the maps in the master server and may also serve the network, though it is only optional. The Clients do not have copies of the maps, though they have their local files for backup. They look up entries across the network in the NIS Master or Slave servers.
191
Module 8-5. NIS Startup Files
When the system start to run at level 2, the startup scripts in the /sbin/rc2.d directory will be executed to start the NIS server and NIS client functionality. When these scripts run, they fetch configurable parameters from the /etc/rc.config.d/namesvrs file, but NIS daemons would only be activated if the correct parameters are set. The following are the services started to run NIS: nfs.core used by both NIS server and clients nis.server used by the NIS server and controls the password file, updates maps and transfers them from server to slave nis.client used by the NIS client to bind itself with the NIS server
192
Module 8-6. NIS Daemons The following are the daemons services used by the Master Server only: rpc.yppasswdd The NIS password daemon, it handles all password change request from the yppasswd and passwd command. It changes the passwords in the source file in the master server. rpc.ypupdated This daemon is used to provide a secure mechanism for updating the NIS maps source files on the NIS master server.
The following are the daemons used on both the NIS Master and Slave Servers: ypserv This is the NIS database lookup service which looks up information in the local collection of maps in response to requests. ypxfrd Provides a faster transfer of files from master to slave servers. These are the daemons running on both the NIS Servers and Cleints: ypbind The NIS binder remembers the information and lets client processes on the local machine communicate with the ypserv daemon. keyserv Stores the private encryption keys of all users logged into the system.
193
Module 8-7. Configuring an NIS Master Server These are the steps to be taken when configuring NIS master server 1. Add the /var/yp directory to the roots PATH variable. It contains the ypmake command to update the maps.
#PATH=$PATH:/var/yp
2.
Collect the ASCII source files, which will be used to build maps. They should be up-to-date.
3.
Manually set the domain name.
#domainnameresearch
4.
Build and install the databases.
#ypinitm supplyslaveservernamesinteractively
5.
Edit the /etc/rc.config.d/nameservers.
#vi/etc/rc.config.d/namesvrs NIS_MASTER_SERVER=1 NIS_CLIENT=1 NIS_DOMAIN=research
6.
Reboot the machine.
#shutdownry0
194
Module 8-8. Configuring an NIS Slave Server After configuring the NIS Master Server, you may optionally configure a Slave Server: 1. Manually set the domain name.
2.
#domainnameresearch
Copy the databases from the Master Server.
#/usr/sbin/ypinitsmaster_server
3.
Edit /etc/rc.config.d/namesvrs.

4.
#vi/etc/rc.config.d/namesvrs NIS_SLAVE_SERVER=1 NIS_CLIENT=1 NIS_DOMAIN=research

Reboot.
#shutdownry0
195
Module 8-9. Configuring an NIS Client 1. Edit the /etc/rc.config.d/namesvrs.
#vi/etc/rc.config.d/namesvrs NIS_CLIENT=1 NIS_DOMAIN=research
2.
Ensure that at least one server is booted, then reboot the system.
#shutdownry0
196
Module 8-10. Changing Password on NIS Mode 1. 2. 3. An NIS user issues the passwd command to change his password. The /etc/passwd file on the master server is updated to reflect the new password. The corresponding NIS maps are regenerated to reflect the new password.
#paswd Changingpasswdforuser1 OldNISpassword:******** Newpassword:****** Retypenewpassword:******
To reset a password on the master server, use the following commands:
#passwdrfilesusername #/var/yp/ypmakepasswd
197
Module 8-11. Restricting Access to Clients and Slaves
Module 8-12. Restricting Access to the Master Server
198
To restrict access to the NIS Master Server, the following should be in order to secure the server, 1. Create an alternate password file as source for the maps.
2.
#cp/etc/passwd/etc/passwd.nis
Reduce the /etc/passwd and add escape entries.

3.
#vipw +user20 +user21

NIS will not recognize the escape entries in the /etc/passwd file unless you add the following lines to your /etc/nsswitch.conf file.
#vi/etc/nsswitch.confstop passwd:compat passwd:compat

Edit /etc/rc.config.d/namesvrs and modify the YPPASSWDD_OPTIONS parameters.
#vi/etc/rc.config.d/namesvrs #Change YPPASSWDD_OPTIONS=/etc/passwdmpasswdPWFILE=/etc/passwd #to YPPASSWDD_OPTIONS=/etc/paswd.nismpasswdPWFILE=/etc/passwd.nis
This tells the yppasswdd daemon to manage /etc/passwd.nis instead of /etc/passwd. 4. Stop and activate NIS server functionality.

5.
#/sbin/init.d/nis.serverstop #/sbin/init.d/nis.serverstart
Edit the /var/yp/ypmake and modify the PWFILE parameter. Change the line
#vi/var/yp/ypmake #Change PWFILE=$(toPWFILE:$DIR/passwd) #to PWFILE=$(PWFILE:$DIR/passwd.nis)
199
6. Edit the /var/yp/makefile and modify PWFILE. Change
#vi/var/yp/ypmake #Change PWFILE=$(DIR)/passwd #to PWFILE=$(DIR)/passwd.nis

7. Rebuild and propagate the new passwd maps.
#/var/yp/ypmakepasswd
1100
Module 9.
ConfiguringDNS
Objectives: After the completion of this module, the student is expected to: Describe how systems resolve host names to IP addresses Describe how Domain Name Service works Describe the DNS Hierarchical Name Space Distinguish between Public and Private Name Spaces Describe Name Servers, Name Server Zones and their functions Configure a DNS Server
1101
Module 9-1. Resolving Host Names to IP Addresses Communication on an IP network generally requires that you provide the IP address of a host to be able to send packets to it. And since we prefer to provide host names rather than IP address to easily remember individual hosts, these host names must be translated into their corresponding IP addresses. The translation of host names to IP addresses is done by the gethostname() library function. This is also called the resolver, because it resolves host names to IP addresses.
1102
Module 9-2. DNS Overview A hosts table-based approach to name resolution is convenient for reasonably small networks with few entries to include in the /etc/hosts file, provided that these networks are not connected to the Internet and do not need to run DNS services. Even if the network is not connected to the Internet, the idea of maintaining identical /etc/hosts files on all UNIX hosts is a time-demanding idea as it requires that changes made to one must be consistently implemented in all others. An approach that can easily become nightmarish as the size of the network increases. Domain Name System (DNS) is an alternative way to performing name resolution. Using DNS to resolve host names to IP addresses involves the use of a global, hierarchical and distributed database containing information (including IP addresses) about all hosts on the network as well as those on the Internet. The hierarchy allows for the subdivision of the name space into independently manageable partitions called domains (or subdomains). The distributed nature allows for the relocation of partitions (subdomains) of the database onto name servers belonging to sites around the network or the Internet. Consequently, sites hosting name services can be delegated the responsibility for managing their subdomains. A name server is a host maintaining a partition of the DNS database and running a server process (in UNIX it is called named daemon) that handles name-to-IP address resolution in addition to providing some other pertinent host information. The Berkeley Internet Name Domain (BIND) is the most popular implementation of the Domain Name Service (DNS). It consists of three parts: A Hierarchical Name Space as opposed to the flat name space used by /etc/hosts Name Servers holds information about the domains tree structure and set information. The server program is called named. Resolvers library routines that have the responsibility to resolve names to IP addresses. For BIND, the resolver will extract information from the Name Server.
1103
Module 9-3. The DNS Hierarchical Name Space When setting up DNS, certain rules should be followed in organizing the domain. Understanding these rules is as important to the proper implementation of DNS as understanding the rules which govern file system organization for the effective administration of the UNIX system. The Internets DNS organization will be used throughout the module to illustrate DNS concepts. Also, a fictitious subdomain (harmonics.com) will be introduced to illustrate some of the associated concepts at this level. It is important to keep in mind that your situation may dictate a different organization from the Internets. The rules and concepts, however, are still the same. DNS is a hierarchical database of host information. Its structure resembles, to a great extent that of computer file systems. The figure above illustrates an analogy between the organization of DNS and that of the UNIX file system. In both cases, the organization follows that of an inverted tree with the root at the top of the structure, where the root of the file system is written as a slash /, that of DNS is written as a dot . representing the null character. Below the root level, the uppermost domain is defined and may be subdivided into domains, which can be further divided into subdomainssimilar to dividing the UNIX file system into subdivision called directories and subdirectories. Each subdomain is assigned a name (or a label), which can be up to 63 characters long, and can be divided further into subdomains. DNS allows nesting of up to 127 domains in one tree. Each domain (or subdomain) represents a partition of the database, which may contain information about hosts in that domain, and/or information about lower domains (using the file system analogy, a directory or subdirectory represents a partition of the file system where information about both files and lower subdirectories is kept). A directory, or file, under the UNIX file system, can be referred to as using relative paths or an absolute path specified relative to the root. The lib directory in the figure (b) can be referenced relative to its parent share directory, or relative to the root /, to become /usr/share/lib. In a similar fashion, a domain under DNS can be referred relative to its parent domain using its name only, or relative to the root domain. A domain name specification relative to the root is known as Fully Qualified Domain Name (FQDN). An example would be www.yahoo.com.
1104
To translate these into real terms, you are presented with a partial portrait of the organization of the top level of the Internets domain. The Internet authorities have divided the root level domain into top level domains, of which only the org and corn domains are shown in the diagrams. While the root level domain is served by a group of root servers, top level domains are served in their turn by their own servers with each maintaining a partition of the global database. How does a DNS server know which type of information is being queried? Each resource record stored in the database is assigned a type. When a client sends a query to a name server it must specify which type of information is requested. To be able to telnet a host for example, the client must request that the name be resolved into an IP address of a host. However, a mail application may request that the name be resolved into the IP address of a mail exchanger. One last rule to point out: the hierarchical structure of DNS allows two or more hosts to have the same name as long as they do not belong to the same subdomain. Similarly two files may have the same filename as long as they belong to different subdirectories. The Internet Top-Level Domains. Many may have already encountered domain labels in the form of www.internic.net, or e-mail addresses in the form of owen@earth.net. This section familiarize you with the organization of the Internet from which these labels are derived. A kind of familiarity which is particularly important if your network is currently connected to the Internet, or if you are planning on this connection sometime in the future. The Internet DNS name space is hierarchical in organization, and follows the same rules depicted earlier. As depicted in the diagram, upper levels of the internet domain adhere to certain traditions. At the top level, the Internet started by introducing domain labels which designate organization associations. The following table provides a list of those domains and the associated affiliations. Top-Level Domain com edu gov mil net org int arpa Associated Affiliation Commercial organizations Educational organizations U.S. government organizations Military organizations Networking organizations Non-commercial organizations International organizations Special domain, for reverse resolution
1105
As an example: To name the host la, we use la.ca.hp.com
1106
Module 9-4. Public and Private Name Spaces Public Name Spaces Networks can be connected to the public network, such as the internet network. In this case, official IP addresses and domain names are required from the public DNS administration. The Internet Corporation for Assigned Names and Numbers (ICANN) has delegated responsibly for assigning domain names and IP addresses to some companies. As the network administrator, it is your responsibility to add host to your domain. You can choose an IP address belonging to the network address that you were assigned. Private Name Spaces In this case, the customer is isolated from the public networks. Domain names and IP addresses can be chosen freely. However, to facilitate possible future connection to the public network, it is better to ask for an official IP address and follow the naming convention.
Module 9-5. The In-addr.arpa Name Space The figure above shows a partial of the organization of the Internets global DNS service. Of particular interest is the in-addr.arpa reverse resolution domain. It is called as such because it is used to reversely resolve an IP address to its fully qualified domain name. Reverse resolution is particularly useful for security. Some of the remote access services, such as rlogin and remote copy (rcp), are only accessible if the hosts from which users are attempting to access are privileged to do so. A host
1107
supporting such services normally maintains in the names (not the IP addresses) of the other hosts allowed access in special files (such as $HOME/r.hosts and /etc/hosts.equiv). Upon receiving a request for remote access service, a secure server issues a query to the name server requesting reverse resolving the address to its domain name for subsequent verification for eligibility to the service. The in-addr.arpa domain is designed to provide an efficient mechanism for responding to queries requesting reverse resolution. As shown in the figure, in-addr.arpa is simply another domain that uses IP addresses for subdomain names. The in-addr.arpa domain itself is organized into 256 domains, one corresponding to each possible value of the first byte of the IP address. Similarly, below each of these domains, there can be up to 256 subdomains corresponding to the second byte of the IP address, and so on, until the entire address space is represented in the in-addr.arpa domain.
1108
Tonamehostlausingtheinaddr.arpanamespace,weuse: 3.1.1.128.inaddr.arpa
Whenever an organization joins the Internet, it is delegated the responsibility to administer two or more domains. These are the official domains that were registered under them. For instance, in the case of Harmonics Inc. it is the harmonics.com domain, and the in-addr.arpa domain that corresponds to the address range that it has been assigned by the appropriate Internet authority. If for example, Harmonics inc. was assigned Class C pool of address 198.58.63.0, then it is delegated the authority for managing the 63.58.198.in-addr.arpa domain. Notice how the IP address portion of the reverse domain is spelled backwards. This is in compliance with the DNS naming rules that were discussed earlier. For example, if the IP address of oboe.ny.harmonics.com is 198.58.63.2, its in-addr.arpa domain label becomes 2.63.58.198.in-addr.arpa, again in accordance with the way fully qualified domain names should be referenced. Assuming that a host receives a remote login request from host address 198.58.63.2, the receiving host authenticates the request by sending out a query for reverse resolution (officially known as a pointer query type) to its local name server. The local name server then must find the domain names corresponding to the specified host IP address by undergoing the same resolution referral process, that was outlined earlier, starting at 198.in-addr.arpa level and moving downward the tree until it successfully reaches the domain label 2.63.58.in-addr.arpa, which is then fetched for the corresponding host domain label (oboe.ny.harmonics.com). The name is then returned to the remote access server for use in verifying access privileges.
Module 9-6. Name Servers Setting up DNS services to support the domain or zone for which an organization is delegated authority involves creating a set of authoritative servers for that zone. At a minimum, two servers (a primary and secondary) should be setup. The primary name server is where the database files are being maintained and is the most time consuming to setup. Changes made to the DNS whether to the layout or structure of the domain being delegated or simple updates to the database should be administered and reflected on the primary name server. For example, to add a new host to the network, you have to assign it both a name and an IP address, and you should enter those assignments in the DNS database contained on the primary server.
1109
The secondary name server is easier to set up that the primary. It is different from the primary in that it derives its database from the primary by virtue of replicating it through a process known as zonal transfer. Once it has been set up, the secondary requires very little maintenance. Every time the secondary server is rebooted, it undergoes the zonal transfer by contacting the primary server for the zone for which they both are responsible, and requesting all the information pertaining to that zone. Thereafter, the secondary server routinely polls the primary server for any updates that might have been made to the database. As will be shown under the section Implementing DNS, a secondary server can be easily configured to backup the zone data after transfer to disk files. This option allows the secondary server reload its data using the backup files instead of undergoing zonal transfers, and the better availability of data in case the secondary fails to hear for the primary when the transfer is initiated. It is not absolutely necessary to install any other server than the primary server in order to bring up the DNS service. Including a secondary server has, however, the following advantages: Redundancy: there is no difference between a primary and secondary server except for the source of information that each relies in responding to name queries. Both servers are equally capable to responding to such queries. Consequently, with the presence of a secondary server, should one of them accidentally stop responding to user queries, one could be capable of taking over, provided that user workstations are setup to contact both servers for queries. Distribution of workload: because both servers are equally capable in responding to all types of queries, the environment can be setup so that the workload on these servers is fairly shared. The added benefit of sharing the workload is improved response time. Physical proximity: by having more than one server, you will be able to strategically locate each of them so they are readily available where they are needed most. Thus cutting on response time.
mail.yahoo.com us.mail.yahoo.com europe.mail.yahoo.com asia.mail.yahoo.com
66.168.70.0 66.168.75.1 66.168.80.2 66.168.85.3
Whenever a name server is queried by a client, it is mandatory that the server responds with a valid answer regardless of whether the query pertains to the domain for which the server is authoritative or not. Queries pertaining to other domains, on the local network, or around the Internet should be forwarded to other servers for a response. To query name servers on behalf of the client, every name server should maintain pointers (that is, entries including the IP addresses) to the root servers. Root servers in turn should maintain data about all top-level domains, and so on. The process of querying other services on behalf of a client is commonly known as a resolution referral process. Module 9-7. Name Server Zones Name server zones have complete information about a part of the domain space called a zone. The server has authority over that zone. Once the authority for a subdomain is delegated to an organization, that organization may subdivide its domain into lower level subdomains. Subdividing a domain should not necessarily lead to delegating every subdomains autonomy to other member departments in the organization. So although a domain is partitioned into may lower-level domains, authority over the domain can be aligned along zone boundaries, in which case a zone may contain a subset of the domains that the parent domain contains.
1110
A zone is a subset of the domain. It excludes the delegated subdomains, but includes the non-delegated subdomains. The delegated subdomains control their own local name, IP addresses and so on. All of these data are unknown to the parent server, which only know their domain names and IP addresses. The zone data contains all of the information controlled by the primary name server, plus pointers to the delegated servers. The figure above illustrates the difference between a domain and a zone. As shown in the figure, harmonics domain contains the ott, ny, and paris subdomains. Yet, only two zones of authority are established: the harmonics zone which includes both ott and paris subdomains, and the ny zone including to the ny domain. When setting up name servers, you will be assigning zones of authorityyou will be configuring them to maintain complete information about the zone for which they are said to have authority. You can, if you wish, make a name server authoritative for more than one zone.
Module 9-8. Resolving Hostnames Resolving Hostnames in the Local Domain The task of the Resolver is to: Determine if the local node is using BIND, NIS or /etc/hosts Build a list of absolute possible domain names in case the target address is a relative domain name Query the name server, locally or on a remote host configured in /etc/resolv.conf, to translate domain names into IP addresses. If the name servers do not reply, the host program would hang for a short while. If the Name servers reply but the IPs are unavailable, then we use the NIS or /etc/hosts.
Resolving Hostnames in Other Domains When querying hostnames in other domains, the DNS client still sends the request to the local DNS name server to resolve the host name to an IP addresses. If the requested host name is not found within the local zone data, the DNS server performs a recursive search of other domains for the host name.
1111
The sequence for the recursive search is as follows: The root server is queried The local DNS server then queries the next name server, which responds with a referral to the next server until it gets to the server which has the responsibility for the requested host. If another query is done to the local DNS server for the same hostname, the local DNS server responds immediately with the cached data.
Module 9-9. Configuring a Primary DNS Server There is at least one server that you need to configure. This is the Primary DNS server. The second would be an optional Secondary Server. To configure the Primary DNS Server, do the following steps: Notify the internic of the new subdomain. Fully qualify host names in the /etc/hosts. Create a directory for the DNS database files. Create a parameter file for the hosts_to_named service. Create the DNS data and boot files with hosts_to_named. Download the db.cache file with pointers to the root servers. Modify the /etc/rc.config.d/namesvrs and start the named daemons. Configure the DNS client functionality on the primary server.
1. Register Your Domain Name
1112
In order for the others in the internet to resolve hostnames in your domain, you must officially register your domain name. You should go to http://www.icann.org website for officially recognized domain registrars. If you are creating a subdomain in a domain already established by your company, you may have to deal with your internal IT department instead. In either case, you need to provide a contact name for your subdomain, your subdomain name, and the names and addresses of your primary and secondary name servers. 2. Fully Qualify Hostnames in /etc/hosts The hosts_to_named utility can be used to create the DNS files on your primary server using the information in your /etc/hosts file. In order for this to work, you must fully qualify the entries in your /etc/hosts file. A fully qualified /etc/hosts file would contain the full name of the host name and their corresponding IP address. An entry could also contain an alias.
#vi/etc/hosts #IPaddress FullHostname 127.0.0.1 localhost 128.1.1.1 sanfran.ca.hp.com 128.1.1.2 oakland.ca.hp.com 128.1.1.3 la.ca.hp.com
Alias loopback sanfran Oakland la
3 . Create a Delegate Directory The hosts_to_named program will create several DNS data files. These data files are typically stored in the /etc/named.data directory. You must create the named.data directory manually with the mkdir command. 4. Create the param file The hosts_to_named is a powerful tool for building DNS database files. The hosts_to_named looks for a param file to determine which domains your name server will serve. Include a d entry for each of the domain this name server will be responsible. Include a n for each subnet included in the domain The b option determines where the DNS boot configuration will be stored. /etc/named.boot is the standard location. Any secondary name servers should download the necessary files from the primary server. The z options creates the necessary files that the secondary server will download.
#viparam dca.hp.com n128.1.1 z128.1.1.1 b/etc/named.boot
#usethedomainname(s)here #usethesubnetaddress(es)here #usetheprimaryserversIPaddresshere #DNbootconfigurationfile
1113
5. Create the DNS Data and Boot Files The hosts_to_named automatically creates all the DNS data files needed to resolve host names to IP addresses in your domain using the /etc/hosts file, and the option defined in the param file.
#hosts_to_namedfparam
6. Download the db.cache File The hosts_to_named utility creates all the necessary DNS database files except one. You should manually populate the db.cache file with the addresses of the root-level name servers. You can ftp a file containing the current root server list from the internic web site. Since the list of the root servers changes from time to time, you will need to download this file on a regular basis.
The following are the contents of the db.cache file:
. A.ROOTSERVERS.NET. . B.ROOTSERVERS.NET. . C.ROOTSERVERS.NET. . D.ROOTSERVERS.NET. . E.ROOTSERVERS.NET. 192.203.230.10D.ROOT SERVERS.NET. . E.ROOTSERVERS.NET.
3600000 IN 3600000 3600000 3600000 3600000 3600000 3600000 3600000 3600000 3600000 3600000 3600000 3600000
NS NS NS NS NS A NS
A.ROOTSERVERS.NET. A 198.41.0.4 B.ROOTSERVERS.NET. A 128.9.0.107 C.ROOTSERVERS.NET. A 192.33.4.12 D.ROOTSERVERS.NET. A 128.8.10.90 E.ROOTSERVERS.NET. A 128.8.10.90 E.ROOTSERVERS.NET. A 192.203.230.10
7. Modify /etc/rc.config.d/namesvrs
1114
In order to ensure that the name server daemon, named, starts during the boot process, set the NAMED variable in the /etc/rc.config.d/namesvrs configuration file to 1.
#vi/etc/rc.config.d/namesvrs NAMED=1 NAMED_ARGS= #/sbin/init.d/namedstart
Module 9-10. Configuring a Secondary DNS Server To configure an optional secondary DNS server, you need to follow these procedures: 1. 2. 3. 4. 5. Create a directory for the DNS data files. FTP a boot configuration file from the primary server. FTP copies of the DNS data files from the primary. Modify /etc/rc.config.d/namesvrs and start named. Configure DNS client functionality.
1. Create a Delegate Directory On the secondary server, create a separate directory for the database and configuration files. Most secondary servers store local copies of the domains DNS database files. These database files are typically stored in the /etc/named.data directory. 2. FTP Boot Configuration File FTP the boot configuration file from the primary server. The named daemon determines where its DNS database files are stored by consulting the /etc/named.boot file at startup. You can download the named.boot file from the primary server. The secondary server should have two versions of the named.boot file: 1. /etc/named.data/boot.sec.save
1115
2. /etc/named.data/boot.sec
#ftp192.168.250.254 #FTPyouprimaryserver >get/etc/named.data/boot.sec.save/etc/named.boot >boot
3. FTP the db.cache FTP a copy of the db.127.0.0 and db.cache from the primary server. Two DNS data files are required in every name server, regardless of the name server type. The db.127.0.0 file is used to resolve the loopback address. The db.cache file is required so that the name servers can find the root level name servers.
#ftp192.168.250.254 >get/etc/named.data/db.127.0.0 >get/etc/named.data/db.cache
#ftptheprimaryserver #getdb.127.0.0 #getdb.cache
4. FTP the DNS Databases If you want the secondary server to maintain its local disk copies of the DNS database files, you would need to download these files from the primary server. After initially downloading the files, the secondary server will automatically download updates at regular intervals.
#ftp192.168.250.254 >get/etc/named.dat/db.* >quit
#ftptheprimaryserver #gettheDNSdatafiles
5. Modify /etc/rc.config.d/namesvrs The last step in creating a secondary name server is to modify the /etc/rc.config.d/namesvrs file. After doing such, you need to start the named daemon manually.
#vi/etc/rc.config.d/namesvrs NAMED=1 NAMED_ARGS= (optional)
#/sbin/init.d/namedstart
1116
Module 9-11. Testing the Name Servers You can ensure that DNS servers are functioning properly by using the nslookup command.
#nslookup >server128.1.1.1 >oakland.ca.hp.com >128.1.1.2 >exit #Chooseanameserver #ResolveahostnametoanIPaddress #resolveanIPaddresstohostname
1117
Module 9-12. Configuring DNS Clients
The following are the steps to take when configuring DNS Clients:
1.
Create /etc/resolv.conf
#vi/etc/resolv.conf search www.mapua.edu.phmail.mapua.edu.ph nameserver 192.168.250.1 nameserver 192.168.250.254
2.
Modify the /etc/nsswitch.conf
#vi/etc/nsswitch.conf ... hosts: ... dnsnisfiles
3.
Modify the /etc/hosts
#vi/etc/hosts 127.0.0.1 192.168.250.1 localhost www.mapua.edu.phmapua 1118
4. Modify ~/.rhosts,/etc/hosts.equiv and other files
#vi~/.rhosts www.mapua.edu.ph mail.mapua.edu.ph Module 9-13. Testing Resolvers With nsquery eeececoe.mapua.edu.ph
To test if the resolver is working properly, use the nsquery command. This command would look like the following:
#nsqueryhostswww.mapua.edu.ph #nsqueryhosts192.168.250.125
The nsquery first checks the /etc/nsswitch.conf file to determine which switch policy to use. If you have chosen files, then nsquery simply looks at the local /etc/hosts file. If DNS is chosen, then it looks at the /etc/resolv.conf to find the address of the default nameserver, and forwards the resolution request accordingly. The nsquery reports the result of each of the lookup service consulted, so you can determine which switch policy was used.
1119
Module 10.
ConfiguringNTP
Objectives: After the completion of this module, the student is expected to: Describe how Network Time Protocol (NTP) works Enumerate the different NTP time source Describe the NTP Stratum levels Describe the different NTP roles Configure NTP Servers, Peers and Clients
1120
Module 10-1. Network Time Protocol (NTP) The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source, such as a radio or satellite receiver or modem. It provides accuracies typically within a millisecond on LANs and up to a few tens of milliseconds on WANs relative to Coordinated Universal Time (UTC) via a Global Positioning Service (GPS) receiver, for example. Typical NTP configurations utilize multiple redundant servers and diverse network paths in order to achieve high accuracy and reliability. Time synchronization determines consistency of: Time stamps used by incremental backup utilities Encryption key expiration dates Programmers make files and other files
UNIX uses NTP for time synchronization:
1121
Module 10-2. NTP Time Sources
NTP time sources could include: Radio clocks using signals from GPS satellites the cost are around $1000/yr, but are the most accurate. The list of available Radio clocks could be found at http://www.ece.udel.edu/~ntp Network Time Sources on the Internet if you cannot afford to subscribe for a radio clock, then you could use the free Public NTP servers listed in http://www.ece.udel.edu~ntp Built-in System Clock if you dont have a radio clock or connection to the internet, then you could delegate a host in your network as the network time server, though this is least accurate.
1122
Module 10-3. NTP Stratum Levels Accuracy of a time source is defined by its stratum level: Stratum 1: Most accurate Stratum 10: Least accurate
1123
Module 10-4. NTP Roles
NTP Servers provides time service to other systems NTP Peers many NTP servers form peer relationships with other same-stratum level servers to check for each others time synchronization. NTP Direct Polling Clients regularly poll one or more NTP Servers for time synchronization. NTP Broadcast Clients passively listens for NTP broadcasts from NTP Servers on the local network.
1124
Module 10-5. Defining NTP Servers
Referring to the same figure given in the previous module, we configure each of the possible NTP servers in the diagram: Defining Stratum 1 NTP Servers For server1a with locally attached radio clock:
#vi/etc/ntp.conf Server peer 127.127.26.1 serverlb
The IP address is used by the system to identify the radio clock attached to the system. Radio clocks normally have their own IP addresses. The above example is the IP address of an HP58503A GPS clock. Each stratum 1 server should peer itself with another stratum 1 server in case the local radio clock becomes unavailable.
Defining Stratum 2 NTP Servers For server2a which polls two stratum1 servers, and provides broadcast service:
#vi/etc/ntp.conf server server peer driftfile broadcast server1a server1b server2b /etc/ntp.drift 128.1.255.255
The server entry determines the stratum 1 server from which it polls NTP information The peer defines the peer relationships with other S2 servers. The driftfile specifies the name of the file used to track the long term drift of the local clock. The broadcast defines the broadcast address of the network to which NTP information would be sent.
1125
Defining Stratum 10 NTP Servers For stratum 10 server that uses its own system clock:
#vi/etc/ntp.conf server fudge broadcast 127.127.1.1 127.127.1.1stratum10 128.1.255.255
The IP address defines the system as a local time zone. The fudge defines the stratum level to be assigned to the system clock. The broadcast entry causes the server to broadcast NTP information to broadcast clients.
1126
Module 10-6. Defining NTP Clients
For Direct Polling Clients:
#vi/etc/ntp.conf server server driftfile server2a server2b /etc/ntp.drift
The server entry determines the server from which it polls NTP information. The driftfile specifies the name of the file used to track the long term drift of the local clock.
For Broadcast Clients:
#vi/etc/ntp.conf broadcastclient yes driftfile/etc/ntp.drift
The broadcastclient defines if the client is only listening to NTP broadcasts from any server available in the network. The driftfile specifies the name of the file used to track the long term drift of the local clock.
1127
Module 10-7. How NTP Works Network Time protocols work with several daemons and services available in UNIX. These are services and files that are needed for proper operation. It also describes what their functions are. /usr/sbin/ntpupdate -b server server server Utility called once at system boot Polls one or more NTP servers Steps local clock immediately to match most accurate server
/usr/bin/xntpd Daemon started at boot time Polls one or more NTP servers at regular intervals Slews local clock gradually to match most accurate server
/etc/ntp.drift File maintained and used by xntpd Tracks the local clocks accuracy over time
1128
Module 10-8. Configuring an NTP Server
To configure an NTP Server, follow these steps (This assumes you are setting up a stratum 10 NTP Server): 1. Modify the /etc/rc.config.d/netdaemons file

2.
#vi/etc/rc.config.d/netdaemons exportNTPUPDATE_SERVER= exportXNTPD=1 exportXNTPD_ARGS=

Modify the /etc/TIMEZONE file as appropriate

3.
#vi/etc/TIMEZONE TZ=CST6CDT exportTZ

Modify the /etc/ntp.conf as described previously
#vi/etc/ntp.conf server fudge broadcast 127.127.1.1 127.127.1.1stratum10 128.1.255.255
4.
Run the /sbin/init.d/xntpd script
#/sbin/init.d/xntpdstart
5. 6.
Wait the NTP to establish associations with servers and peers Run ntpq p to check for associations
#ntpqp
Note: if you are using the local clock, you could use the following command to adjust the time:
#datemmddhhmmyyyy Example: #date070213302002 Thiscommandsetsthedatetomarch12,20021:30pm 1129
Module 10-9. Configuring NTP Clients
To configure an NTP Client, follow these steps (this assumes you are setting up a NTP Broadcast Client): 1. Modify the /etc/rc.config.d/netdaemons file.
#vi/etc/rc.config.d/netdaemons exportNTPUPDATE_SERVER=server1server2 exportXNTPD=1 exportXNTPD_ARGS=
2.
Modify the /etc/Timezone file as appropriate
#vi/etc/TIMEZONE TZ=CST6CDT exportTZ
3.
Modify the /etc/ntp.conf as described previously
#vi/etc/ntp.conf broadcastclient yes driftfile/etc/ntp.drift
4.
Run the /sbin/init.d/xntpd script
5. 6.
#/sbin/init.d/xntpdstart
Wait the NTP to establish associations with servers and peers Run ntpq p to check for associations
#ntpqp
1130
Module 10-10. Verifying NTP Functionality
View NTP activity and errors over time:
#more/var/adm/syslog/syslog.log
Verify that xntpd is running:
#psef|grepxntpd
Check associations with other nodes
#ntpqp
1131

LAN Concepts Module

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

LAN Concepts Module

Uploaded by

Copyright:

Available Formats

[Typethedocumenttitle]

Module 1-2. The OSI Model

#lanscan #ifconfig lan0

11111111.00000000.00000000.00000000 11111111.11111111.00000000.00000000 11111111.11111111.11111111.11111111

0xff000000 0xffff0000 0xffffff00

255.0.0.0 255.255.0.0 255.255.255.0

10Mbps and 100Mbps over 100m

10Mbps over 500m

10Mbps and 100Mbps up to 1Km

Inexpensive cable, costly installation

Topology Access method Medium Signaling techniques

Supported Cable Types

Thick LAN EtherTwist

10Base2 Coaxial Bus 185 meters

Topology Access method Medium Signaling techniques

Ring Token passing Twisted-Pair Cable Baseband, 1-16MHz, Diff. Manchester

Topology Access method Medium Signaling techniques

#swlist -l product Networking

HOSTNAME=mailsrvr OPERATING_SYSTEM=HP-UX LOOPBACK_ADDRESS=127.0.0.1

The following blocks of lines found in the netconf file are:

INTERFACE_NAME[0]=lan0: IP_ADDRESS[0]=192.168.150.1 SUBNET_MASK[0]=255.255.255.0 INTERFACE_NAME[1]=lan0:1 IP_ADDRESS[1]=192.168.200.1 SUBNET_MASK[1]=255.255.255.0 INTERFACE_NAME[2]=lan0:2 IP_ADDRESS[2]=192.168.250.1 SUBNET_MASK[2]=255.255.255.0

#/sbin/init.d/netstart #ifconfiglan0:0192.168.150.1netmask255.255.255.0up #ifconfiglan0:1192.168.150.1netmask255.255.255.0up #ifconfiglan0:2192.168.150.1netmask255.255.255.0up

For linux users, be sure to use the following commands:

#/sbin/init.d/netstart #ifconfigeth0:0192.168.150.1netmask255.255.255.0up #ifconfigeth0:1192.168.150.1netmask255.255.255.0up #ifconfigeth0:2192.168.150.1netmask255.255.255.0up

Routing Table for Router A Destination Network

Routing Table for Router B

128.1.0.1 129.1.0.1 129.1.0.2

128.1.0.1 129.1.0.1 129.1.0.2

Module 4-3. Viewing Routing Tables

To flush all the entries of routing table:

For example, to add a default route to the 128.1.0.0 network, use:

Module 4-6. Configuring Routes in /etc/rc.config.d/netconf

SubnetAddresses 128.1.1.0 128.1.2.0 ... 128.1.253.0 128.1.254.0

128 1 0 0 10000000.00000001.00000000.00000000 Network Host

128 1 0 0 10000000.00000001.000000000.00000000 Network SubnetHost

11111111.11111111.00000000.00000000=255.255.0.0 Network Host Netmask

Netmask for /24 subnetworks on a /16 networks:

10000000.00000001.00000001.00000001stsubnet 10000000.00000001.00000010.00000002ndsubnet 10000000.00000001.00000011.00000003rdsubnet ... 10000000.00000001.11111110.00000000254thsubnet

With eight subnet bits, it is possible to represent 256 address:

00000000=0 00000001=1 00000010=2 00000011=3 ... 11111110=254 11111111=255

With eight bits, it is possible to represent 256 values.

00000000=0SubnetworkAddress 00000001=1 00000010=2 ... 11111101=253 11111110=254 11111111=255 SubnetworkBroadcastaddress

000=0 001=1 010=2 011=3 100=4 101=5 110=6 111=7

portmapsunrpcrpcbind rstatrupperfmeter rusers nfsprog ypprog mountshowmount rwallshutdown yppasswd spray

Keep time synchronized with all other nodes.

# export i /home Export a file system without adding it to /etc/exports

# exportfs u /home unexport a file system

# exportfs ua unexport all file systems

Module 7-10. Start NFS Client Functionality

Module 7-13. Creating a New Entry in /etc/fstab

The entry in the /etc/fstab should follow this structure:

#vi/etc/fstab Server:/home/user1 /home/user1 /nfs defaults 0 0

Module 7-15. Viewing Exported File Systems

# showmount -a Displays which clients have file systems currently mounted

# showmount -e Displays file systems exported by the current server

# showmount -e server Displays file systems exported by the named server

Module 8-5. NIS Startup Files

Manually set the domain name.

Build and install the databases.

Edit the /etc/rc.config.d/nameservers.

#vi/etc/rc.config.d/namesvrs NIS_MASTER_SERVER=1 NIS_CLIENT=1 NIS_DOMAIN=research

Reboot the machine.

#paswd Changingpasswdforuser1 OldNISpassword: Newpassword: Retypenewpassword: