Network administration Network administration

720 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
720
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
40
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Network administration Network administration

  1. 1. Network administration SCCI - Master-2 03.10.2007 Wagner (SCCI) network 03.10.2007 1 / 55
  2. 2. Networks network group of interconnected machines internet network of networks based on TCP and IP protocols Wagner (SCCI) network 03.10.2007 2 / 55
  3. 3. Networks of networks Wagner (SCCI) network 03.10.2007 3 / 55
  4. 4. TCP/IP Internet Protocol identies network interfaces handles routing fragmentation of data into packets Transmission Control Protocol transmissions in connected mode error corrections, packets arriving in order Wagner (SCCI) network 03.10.2007 4 / 55
  5. 5. Outline 1 IP addresses 2 Routing 3 Services 4 Integration between dierent OS Wagner (SCCI) network 03.10.2007 5 / 55
  6. 6. IP address unique number identifying a network interface example : 192.168.0.1 example : 127.0.0.1 two parts : network ID machine ID 4 bytes : aaa.bbb.ccc.ddd Wagner (SCCI) network 03.10.2007 6 / 55
  7. 7. Network classes 3 classes of networks : class A : few networks lots of machines nnn.mmm.mmm.mmm class B : lots of middle size networks nnn.nnn.mmm.mmm class C : lots of networks few machines nnn.nnn.nnn.mmm Wagner (SCCI) network 03.10.2007 7 / 55
  8. 8. Network mask possibility to be more exible choice : which bits are used for network ID, which bits are used for machine ID example : 255.255.255.0 : mask for class C network example : 255.0.0.0 : mask for class A network example : 255.128.0.0 : 9 bits for network, 23 bits for machines Wagner (SCCI) network 03.10.2007 8 / 55
  9. 9. Basic conguration ifcong command ifcong -a : list all available interfaces ifconfig eth0 192.168.0.1 netmask 255.255.255.0 up Wagner (SCCI) network 03.10.2007 9 / 55
  10. 10. Machine names need for human readable names IP addresses may change ⇒ name does not change association between names and addresses several names can be associated to the same address Wagner (SCCI) network 03.10.2007 10 / 55
  11. 11. URL Uniform Resource Locator Wagner (SCCI) network 03.10.2007 11 / 55
  12. 12. Domain name Domain Name System hierarchy : subdomains : en.wikipedia.org recursive address resolution heavy use of caching slow propagation of changes (up to several days) dierent addresses may be seen for a name if requests originate from dierent places Wagner (SCCI) network 03.10.2007 12 / 55
  13. 13. Address resolving dierent mechanisms : /etc/nsswitch.conf DNS servers : /etc/resolv.conf /etc/hosts : list of known machines may be a cause of process stall Wagner (SCCI) network 03.10.2007 13 / 55
  14. 14. Outline 1 IP addresses 2 Routing 3 Services 4 Integration between dierent OS Wagner (SCCI) network 03.10.2007 14 / 55
  15. 15. Routing routing handled by IP protocol routes are found from neighbours to neighbours maybe dierent routes from source to target routes may or not be symmetric possibility to cycle mechanisms to destroy packets (TTL) Wagner (SCCI) network 03.10.2007 15 / 55
  16. 16. Routing tables on each machine : a table indicating to what network interface a packet should be routed many possible destinations ⇒ table contains generally network addresses rather than machines addresses table displayed and congured by the route command Wagner (SCCI) network 03.10.2007 16 / 55
  17. 17. Route man route : good for common tasks (examples) route : displays routing table route add -net 192.56.76.0 netmask 255.255.255.0 dev eth0 route add default gw mango-gw Wagner (SCCI) network 03.10.2007 17 / 55
  18. 18. Traceroute _wagnerf@chippewa_:~ $ traceroute gnu.org traceroute to gnu.org (199.232.41.10), 30 hops max, 40 byt 1 c-vpn-pub.imag.fr (129.88.1.237) 3.166 ms 3.423 ms 2 r-vpn-int.imag.fr (129.88.63.254) 4.652 ms 5.416 ms 3 r-campus.grenet.fr (193.54.185.120) 8.356 ms 9.055 m 4 tigre1.grenet.fr (193.54.184.33) 13.604 ms 14.928 ms 5 grenoble-g3-2.cssi.renater.fr (193.51.181.94) 15.124 6 lyon-pos13-0.cssi.renater.fr (193.51.179.237) 29.161 7 nri-a-pos9-0.cssi.renater.fr (193.51.179.129) 18.194 8 ge3-0-0-dcr2.par.cw.net (195.10.54.65) 30.435 ms 31. 9 so-6-0-0-dcr1.was.cw.net (195.2.10.130) 212.538 ms 1 10 so-0-0-0-dcr1.ash.cw.net (195.2.0.218) 109.577 ms 11 Wagner (SCCI) network 03.10.2007 18 / 55
  19. 19. ARP protocol IP : high level protocol network card : mainly ethernet protocol correspondance between MAC addresses and IP addresses ⇒ Address Resolution Protocol chippewa:/home/wagnerf# arp Address HWtype HWaddress Flags Mask Iface 10.6.8.254 ether 00:07:EC:CD:18:CA C eth2 Wagner (SCCI) network 03.10.2007 19 / 55
  20. 20. External connections use of a gateway a gateway binds two dierent networks Wagner (SCCI) network 03.10.2007 20 / 55
  21. 21. Two network cards eth0 and eth1 in two dierent networks machine acting as a gateway other machines modify their routing tables activate forwarding echo 1 /proc/sys/net/ipv4/ip_forward Wagner (SCCI) network 03.10.2007 21 / 55
  22. 22. Masquerading we lie on origin of all outgoing packets packets will be tagged as coming from gateway goal : connecting a subnet by using only 1 IP address gateway in charge of correspondences note : the connected subnet should be a local network (192.168.X.X) Wagner (SCCI) network 03.10.2007 22 / 55
  23. 23. Masquerading Masquerading-Simple-HOWTO iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables will be presented in details in following courses Wagner (SCCI) network 03.10.2007 23 / 55
  24. 24. Useful commands netstat : lists active sockets lsof : lists processes using sockets telnet : sending data interactively netcat : like cat for network Wagner (SCCI) network 03.10.2007 24 / 55
  25. 25. Outline 1 IP addresses 2 Routing 3 Services 4 Integration between dierent OS Wagner (SCCI) network 03.10.2007 25 / 55
  26. 26. Services examples print server web server ftp server game servers ... servers are executed as daemons Wagner (SCCI) network 03.10.2007 26 / 55
  27. 27. Port number dierent services on one machine how to dierentiate them ? port number one service = one port + one protocol standard numbers (web=80, . . .) entry points on a machine Wagner (SCCI) network 03.10.2007 27 / 55
  28. 28. TCP communications client side create a socket connect to remote host on given port connection accepted or refused communications following protocol server side create a socket bind socket to given port accept or refuse incoming communications Wagner (SCCI) network 03.10.2007 28 / 55
  29. 29. Common services /etc/network/services ftp : 21 ssh : 22 telnet : 23 www : 80 pop3 : 110 ... Wagner (SCCI) network 03.10.2007 29 / 55
  30. 30. DHCP server centralize network conguration congures IP addresses, routing tables, DNS servers server : dhcpd client : dhchcd, pump, dh_client communication by broadcast Wagner (SCCI) network 03.10.2007 30 / 55
  31. 31. Web server usually apache many other servers caudium, yaws, araneida, boa installation from packages conguration les in /etc/apache2 many dierent modules Wagner (SCCI) network 03.10.2007 31 / 55
  32. 32. Mail server sending : routing from servers to servers smtp protocol servers : sendmail, postx, exim receiving : receiving mail in the spool /var/mail/wagnerf through network : POP3, IMAP Wagner (SCCI) network 03.10.2007 32 / 55
  33. 33. News server messages exchanged in newsgroups port 119 NNTP protocol : transfer between servers NNRP protocol : to read news servers : INN, Dnews, . . . Wagner (SCCI) network 03.10.2007 33 / 55
  34. 34. DNS server name resolver symbolic name ⇒ IP address port 53 udp or tcp server : Bind Wagner (SCCI) network 03.10.2007 34 / 55
  35. 35. Distant connections telnet rlogin ssh Wagner (SCCI) network 03.10.2007 35 / 55
  36. 36. Proxy proxy : intermediate element between client and server handle the ow of data goals : lter : forbid or remove cache : accelerate anonymize : hide end users authenticate : simple access to protected resources Wagner (SCCI) network 03.10.2007 36 / 55
  37. 37. Proxy server Wagner (SCCI) network 03.10.2007 37 / 55
  38. 38. Some web proxies squid caching proxy junkbuster removes advertising from web pages Wagner (SCCI) network 03.10.2007 38 / 55
  39. 39. Outline 1 IP addresses 2 Routing 3 Services 4 Integration between dierent OS Wagner (SCCI) network 03.10.2007 39 / 55
  40. 40. Heterogeneous networks dierent OS in the same network : linux + windows95 + macOS X linux + freebsd + windows NT MS/DOS + windows + macOS ... Wagner (SCCI) network 03.10.2007 40 / 55
  41. 41. Goals network ⇒ sharing of resources printers les zip drive, backup services ... sharing access to internet gateway + masquerading Wagner (SCCI) network 03.10.2007 41 / 55
  42. 42. Structure Wagner (SCCI) network 03.10.2007 42 / 55
  43. 43. IP network easy to put in place standard protocol available on all systems immediate interconnection resources sharing ? unix standards ecients not compatible with windows Wagner (SCCI) network 03.10.2007 43 / 55
  44. 44. File sharing NFS (Network File Sharing) server exports le systems client mounts remote le systems completely transparent kernel or user-space driver Wagner (SCCI) network 03.10.2007 44 / 55
  45. 45. Printers lpd daemon on all machines daemons communicate /etc/printcap cong le local printers remote printers security : authorize or not remote connections Wagner (SCCI) network 03.10.2007 45 / 55
  46. 46. Other devices often NFS is sucient (e.g. for ZIP drive) special services for some devices scanner : sane sound : nas, . . . applications : X but how to authenticate users ? Wagner (SCCI) network 03.10.2007 46 / 55
  47. 47. Yellow pages NIS : Network Information Service centralize network conguration table of administrative informations on one server user informations (uid, gid) domain names machine names in one domain NFS Wagner (SCCI) network 03.10.2007 47 / 55
  48. 48. NIS clients broadcast requests one map for each service ypcat map to see one only one manipulation to add a user on the whole network (or disk, . . .) problems important network use may not scale very well ⇒ NIS caches Wagner (SCCI) network 03.10.2007 48 / 55
  49. 49. Standards several organizations develop standards ISOC (internet society) IETF (internet engineering task force) IAB (internet architecture board) RIPE (Réseaux IP Européens) Wagner (SCCI) network 03.10.2007 49 / 55
  50. 50. Standards development at rst : RFC (Request For Comments) proposals for new standards informative notes in the old times. . . if RFC was OK ⇒ implemented ⇒ standard decision from developers and community Wagner (SCCI) network 03.10.2007 50 / 55
  51. 51. Standards development modication in 1993/1994 development of the web internet gains in users development from trade netscape and microsoft add extensions to html format wars (javascript/active X) no respect for standard procedure ⇒ loss of compatibilities for the internet Wagner (SCCI) network 03.10.2007 51 / 55
  52. 52. netbios / netbui proprietary protocol development with NT (beginning 90) developed by microsoft, no RFC allows sharing of les sharing of printers a little remote administration initially undocumented Wagner (SCCI) network 03.10.2007 52 / 55
  53. 53. SAMBA implementation of netbui for unix client server set of tools administration of windows domains mount windows disks mount unix disks under windows user accounts handling Wagner (SCCI) network 03.10.2007 53 / 55
  54. 54. Conguration often installed by default /etc/samba/smb.conf network conguration [global] disks : accounts (homes) [homes] public disks (applications) [public] printers [printers] Wagner (SCCI) network 03.10.2007 54 / 55
  55. 55. Samba programs smbclient ftp-like access to all windows resources smbmount mount windows directories careful with rights ! Wagner (SCCI) network 03.10.2007 55 / 55

×