Solaris 8 Training Guide (310-043): Network Administrator Certification (Exam Gear)

TRAINING GUIDE

Solaris 8 Second Edition

Network Administrator Certification Exam: 310-043

Rafeeq Ur Rehman

ii

SOLARIS 8 TRAINING GUIDE: NETWORK ADMINISTRATOR CERTIFICATION

SOLARIS 8 TRAINING GUIDE (310-043): NETWORK ADMINISTRATOR CERTIFICATION Copyright © 2002 by New Riders Publishing All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means—electronic, mechanical, photocopying, recording, or otherwise—without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Neither is any liability assumed for damages resulting from the use of the information contained herein. International Standard Book Number: 1-5787-0264-5 Library of Congress Catalog Card Number: 00-110878 Printed in the United States of America First Printing: 06 05 04 03 02

7 6 5 4 3 2 1

Interpretation of the printing code: The rightmost double-digit number is the year of the book’s printing; the rightmost single-digit number is the number of the book’s printing. For example, the printing code 01-1 shows that the first printing of the book occurred in 2001.

Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. New Riders Publishing cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty of fitness is implied. The information provided is on an “as-is” basis. The authors and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the CD or programs accompanying it.

PUBLISHER David Dwyer ASSOCIATE PUBLISHER Al Valvano PRODUCT MARKETING MANAGER Stephanie Layton MANAGING EDITOR Kristy Knoop ACQUISITIONS EDITOR Jeff Riley DEVELOPMENT EDITOR Ginny Munroe PROJECT EDITOR Todd Zellers COPY EDITOR Keith Cline TECHNICAL EDITORS Edgar Danielyan Guy Bruneau Bill Murray COVER DESIGNER Aren Howell COMPOSITOR Scan Communications Group, Inc. INDEXER Cheryl Lenser SOFTWARE DEVELOPMENT SPECIALIST Jay Payne

SECTION HERE

Contents at a Glance 1 Introduction to Computer Networks ..........................................................................................15 2 The TCP/IP Protocol

........................................................................................................................69

3 Routing in TCP/IP Networks ......................................................................................................141 4 The Client-Server World: Ports and Sockets

........................................................................183

5 Configuring and Managing Dynamic Host Configuration Protocol ..........................239 6 Network Management with SNMP ..........................................................................................281 7 Configuring and Managing Domain Name Server ............................................................299 8 Network Time Protocol ..................................................................................................................345 9 Introduction to IPv6 ........................................................................................................................363 Fast Facts

..............................................................................................................................................385

Study and Exam Prep Tips ..............................................................................................................417 Practice Exam ......................................................................................................................................423 Appendix A: Glossary ........................................................................................................................439 Appendix B: Overview of Certification Process ........................................................................445 Appendix C: What’s on the CD-ROM? ......................................................................................447 Appendix D: Using the ExamGear, Training Guide Edition Software ............................449 Appendix E: Answers to Sample Test Questions ........................................................................471 Appendix F: List of RFCs ................................................................................................................489 Index

......................................................................................................................................................491

iii

TABLE

OF

CONTENTS Introduction

1 Introduction to Computer Networks Introduction

1 15

..........................................................................................................................................18

Network Terminology ...................................................................................................................... 19 Computer Networks .................................................................................................................... 19 Hosts and Nodes .......................................................................................................................... 20 Routers .............................................................................................................................................. 20 Network Protocols ........................................................................................................................ 21 The Internet .................................................................................................................................... 21 Bandwidth........................................................................................................................................ 22 Network Classification ...................................................................................................................... 23 Networks Defined by Geographic Area .............................................................................. 23 Networks Defined by Modulation Technique .................................................................. 24 Networks Defined by Network Topology .......................................................................... 25 Introduction to the ISO-OSI Reference Network Model ................................................ 27 OSI Layers ...................................................................................................................................... 28 Peer Protocols and Interfaces .................................................................................................. 32 Layer Headers and Data Transfer in a Layered Model .................................................. 32 The Utility of the Layered Protocol Model ...................................................................... 34 Network Equipment .......................................................................................................................... 35 Network Adapters ........................................................................................................................ 35 Network Cables ............................................................................................................................ 36 Connectors ...................................................................................................................................... 37 Segments .......................................................................................................................................... 37 Transceiver ...................................................................................................................................... 38 Backbones ........................................................................................................................................ 38 Repeaters .......................................................................................................................................... 38 Hubs .................................................................................................................................................. 39 Bridges .............................................................................................................................................. 39 Switches ............................................................................................................................................ 40 Routers .............................................................................................................................................. 41 Gateways .......................................................................................................................................... 41 Network Access Methods ................................................................................................................ 43 Carrier Sense Multiple Access Collision Detect .............................................................. 43 Token Ring ...................................................................................................................................... 44

CONTENTS

Introduction to the Ethernet ..........................................................................................................44 Types of Ethernet ..........................................................................................................................45 Ethernet Addresses and Broadcasting on the Ethernet ..................................................47 Ethernet Frame Format ..............................................................................................................48 Interframe Gap ..............................................................................................................................50 The Difference Between Standard Ethernet and IEEE 802.3 Frames ....................50 Data Encapsulation ......................................................................................................................51 Managing Ethernet Interfaces in Solaris ....................................................................................52 Listing Installed Ethernet Interfaces ......................................................................................52 Creating Logical Interfaces ...................................................................................................... 53 Making Interfaces UP and DOWN .................................................................................... 53 Troubleshooting Common Ethernet Problems ...................................................................... 54 Using the ifconfig Command .................................................................................................. 54 Using the netstat Command .................................................................................................... 55 Using the snoop Command .................................................................................................... 55 Using the ping Command ........................................................................................................ 59 Using the traceroute Command ............................................................................................ 59 Using the ndd Command ........................................................................................................ 59 Exercises ............................................................................................................................................ 64 Review Questions ........................................................................................................................ 64 Exam Questions ............................................................................................................................ 64 Answers to Review Questions .................................................................................................. 67

2 The TCP/IP Protocol

69

Introduction .......................................................................................................................................... 73 The TCP/IP Suite of Protocols

.................................................................................................... 74

History of the Internet and TCP/IP .......................................................................................... 75 Internet Organizations ................................................................................................................ 76 Internet Documents .................................................................................................................... 76 Introduction to TCP/IP .................................................................................................................. 77 TCP/IP Layers................................................................................................................................ 77 Comparison of TCP/IP Protocol and ISO-OSI Reference Model .......................... 80 TCP/IP: A Combination of Many Protocols .................................................................... 82 Connection-Oriented and Connection-Less Services .................................................... 83 IP Addresses .......................................................................................................................................... 84 Network Addresses and Netmasks ........................................................................................ 85 Network Broadcast ...................................................................................................................... 86 TCP/IP Network Classes .......................................................................................................... 86 Subnets and Subnet Masks ...................................................................................................... 88

v

vi

SOLARIS 8 TRAINING GUIDE: NETWORK ADMINISTRATOR CERTIFICATION

Variable-Length Subnet Masks .............................................................................................. 91 Supernetting .................................................................................................................................. 92 Representing Network Addresses .......................................................................................... 93 Reserved and Special IP Addresses ...................................................................................... 93 Mapping IP Addresses to Hostnames ................................................................................ 95 Obtaining IP Addresses ............................................................................................................ 96 Structure of an IP Header

..............................................................................................................97

The Internet Control Message Protocol (ICMP) ..............................................................101 Type ................................................................................................................................................101 Code ................................................................................................................................................102 Checksum Field ..........................................................................................................................102 Configuring Network Interfaces in Solaris ............................................................................103 Configuring Virtual Interfaces ............................................................................................104 Configuring Virtual Interfaces Manually ........................................................................105 Verifying IP Configuration ....................................................................................................106 Using the netstat Command to Verify Configuration ................................................107 IP Fragmentation, Reassembly, Flow Control, TOS, and TTL ....................................108 Configuring an MTU Value ..................................................................................................109 Flow Control ................................................................................................................................110 TOS ..................................................................................................................................................110 TTL ..................................................................................................................................................110 IP Address Configuration Troubleshooting Commands ..................................................113 The ping Command ..................................................................................................................113 The traceroute Command ......................................................................................................117 Common Network Problems ................................................................................................120 Fine-Tuning TCP in Solaris ..........................................................................................................121 Displaying and Setting Host Parameters ..........................................................................122 Mapping IP Addresses to MAC Addresses..............................................................................122 The Address Resolution Protocol (ARP) ..........................................................................123 Reverse Address Resolution Protocol (RARP) ................................................................124 Role of Ethernet Broadcast in ARP and RARP ..............................................................125 Data Flow in TCP/IP Networks ..........................................................................................125 Using the Solaris arp Command to Manage the ARP Cache ..................................128 The snoop Command and Layer Headers........................................................................130 Exercises ..........................................................................................................................................134 Review Questions ........................................................................................................................134 Exam Questions ..........................................................................................................................134 Answers to Review Questions ................................................................................................138

CONTENTS

3 Routing in TCP/IP Networks

141

Introduction ..................................................................................................................................144 Introduction to Routing in TCP/IP Networks ..............................................................145 Planning TCP/IP Networks ....................................................................................................146 Planning for Network Design ......................................................................................................146 Planning for IP Addressing............................................................................................................147 Network Addresses and Communication Among Different Networks ................148 Types of Routing ........................................................................................................................150 Routed and Routing Protocols ....................................................................................................151 Static Route Configuration

..........................................................................................................153

Default Routes ....................................................................................................................................156 Classless Internet Domain Routing (CIDR) ..........................................................................157 So Which Routing Should I Use? Static or Dynamic ........................................................157 Configuring RIP and RDISC ................................................................................................158 How Does a Host Determine Whether It Is a Router? Configuring RDISC (in.rdisc)

....................................................158

....................................................................................................158

Configuring RIP (in.routed) ........................................................................................................160 Routing Startup and Configuration Files..........................................................................161 The /etc/defaultrouter File ............................................................................................................162 The /etc/gateways File

....................................................................................................................162

The /etc/inet/networks File

..........................................................................................................163

The /etc/init.d/inetinit File ..........................................................................................................163 IP Forwarding ..............................................................................................................................170 Common Routing Problems ..................................................................................................172 Troubleshooting Commands ..................................................................................................172 Using the ping Command

............................................................................................................173

Using the traceroute Command ..................................................................................................173 Using the netstat Command ........................................................................................................173 The ifconfig Command ..................................................................................................................174 Exercises ................................................................................................................................................177 Review Questions ..............................................................................................................................177 Exam Questions

................................................................................................................................177

Answers to Review Questions ......................................................................................................180

vii

viii

SOLARIS 8 TRAINING GUIDE: NETWORK ADMINISTRATOR CERTIFICATION

4 The Client-Server World: Ports and Sockets

183

Introduction ........................................................................................................................................186 Client-Server Terminology ............................................................................................................187 Servers ............................................................................................................................................187 Clients ..............................................................................................................................................187 Port Number ................................................................................................................................188 Socket ..............................................................................................................................................188 Daemon ..........................................................................................................................................188 Introduction to Ports and Sockets ..............................................................................................188 Well-Known Port Numbers ....................................................................................................190 What Is a Socket? ........................................................................................................................193 Client-Server Application Model ..........................................................................................197 Connection-less and Connection-Oriented Communication ..................................197 Configuring Internet Services ......................................................................................................198 Starting Network Services as a Daemon ............................................................................198 Starting Internet Services Using the inetd Daemon ....................................................202 Advantages and Disadvantages of Using the inetd Daemon ....................................209 A List of Running Services ......................................................................................................209 RPC Services ................................................................................................................................211 Common TCP/IP Utilities ............................................................................................................213 Using FTP ......................................................................................................................................214 Using Telnet ..................................................................................................................................220 Using Telnet to Verify a Remote Server Process ............................................................221 Using the finger Command ....................................................................................................223 Using the rwho Command ....................................................................................................225 Using the rup Command ........................................................................................................225 Using the ruptime Command................................................................................................226 Commands Starting with r ............................................................................................................226 Configuring r Commands ......................................................................................................226 Using the rlogin Command ....................................................................................................229 Using the rcp Command ........................................................................................................229 Using the rsh Command ..........................................................................................................230 Important Internet Services and Port Numbers

..................................................................230

Troubleshooting..................................................................................................................................231 Using netstat and rpcinfo Commands ..............................................................................231 Using ndd Command................................................................................................................231 Exercises ..........................................................................................................................................236

CONTENTS

Review Questions ........................................................................................................................236 Exam Questions ..........................................................................................................................236 Answers to Review Questions ................................................................................................238

5 Configuring and Managing the Dynamic Host Configuration Protocol

239

Introduction ........................................................................................................................................242 Introduction to DHCP ..................................................................................................................243 DHCP Lease Time ....................................................................................................................243 DHCP Scope ................................................................................................................................243 Booting a Workstation Using DHCP ......................................................................................244 Discovering the DHCP Server ..............................................................................................244 Lease Offer ....................................................................................................................................244 Offer Selection ..............................................................................................................................244 Lease Acknowledgment ............................................................................................................245 Client Configuration ................................................................................................................245 DHCP Lease Renewal ..............................................................................................................245 Lease Release..................................................................................................................................245 DHCP IP Address Allocation Types ........................................................................................246 Planning DHCP Deployment

....................................................................................................247

Configuring DHCP Using the dhcpmgr Utility ..................................................................248 Adding Additional Networks and Addresses to DHCP..............................................263 Using dhcpconfig to Configure DHCP ................................................................................263 The /etc/default/dhcp File ......................................................................................................267 Automatic Startup of DHCP Server ........................................................................................267 Unconfiguring DHCP Services

..................................................................................................268

Setting Non-Default Server Options ........................................................................................270 Configuring the DHCP Relay Agent ......................................................................................270 Configuring the DHCP Client ..................................................................................................272 Manually Configuring the DHCP Client ........................................................................272 Enabling DHCP on Interfaces at Boot Time ..................................................................272 Troubleshooting DHCP ................................................................................................................273 Running DHCP Client in Debug Mode ..........................................................................273 Exercises ..........................................................................................................................................278 Review Questions ........................................................................................................................278 Exam Questions ..........................................................................................................................278 Answers to Review Questions ................................................................................................279

ix

x

SOLARIS 8 TRAINING GUIDE: NETWORK ADMINISTRATOR CERTIFICATION

6 Network Management with SNMP

281

Introduction ........................................................................................................................................283 Simple Network Management Protocol (SNMP)................................................................283 SNMP Components ..................................................................................................................284 SNMP Versions and Related RFCs ....................................................................................284 Structure of Management Information ....................................................................................285 Object Identifier (OID) ..........................................................................................................285 ASN.1 Language ..........................................................................................................................286 Management Information Base ..................................................................................................287 MIB Groups ..................................................................................................................................289 Private MIBs ..................................................................................................................................289 Community Names ....................................................................................................................290 SNMP Messages ................................................................................................................................290 Authentication Header ..............................................................................................................290 The Protocol Data Unit (PDU) ............................................................................................290 Port Numbers................................................................................................................................291 SNMP in Solaris ................................................................................................................................292 Agent Configuration Files ......................................................................................................292 Exercises ..........................................................................................................................................296 Review Questions ........................................................................................................................296 Exam Questions ..........................................................................................................................296 Answers to Review Questions ................................................................................................297

7 Configuring and Managing Domain Name Server

299

Introduction ........................................................................................................................................302 Introduction to HostName Resolution ....................................................................................303 Reverse HostName Resolution ....................................................................................................304 Using the /etc/inet/hosts File ........................................................................................................304 Introduction to DNS (Domain Name System) ....................................................................305 How Domain Name Data Is Distributed ........................................................................307 How a Client Resolves a Hostname ....................................................................................309 The Difference Between Domains and Zones ................................................................309 Fully Qualified Hostnames (FQHNs) ..............................................................................310 Fully Qualified Domain Name (FQDNs) ........................................................................310 Types of Domain Name Servers ..................................................................................................310 The Primary Domain Name Server ....................................................................................311 The Secondary Domain Name Server ................................................................................311 The Caching Domain Name Server ....................................................................................311

CONTENTS

Configuring the Domain Name Server ....................................................................................312 Resource Record Types..............................................................................................................313 Delegating Subdomains ............................................................................................................316 Configuring Primary DNS Server ........................................................................................316 Configuring the Secondary DNS Server ..........................................................................323 Configuring the Caching DNS Server ..............................................................................324 Converting Old DNS files ......................................................................................................324 Include Files ..................................................................................................................................325 Configuring the DNS Client........................................................................................................325 Configuring /etc/resolv.conf ..................................................................................................326 Configuring /etc/nsswitch.conf ............................................................................................326 Testing with the nslookup Program ....................................................................................328 Securing the DNS Server ..............................................................................................................333 Avoid Unnecessary Resource Records ................................................................................334 Restricting Client Access ..........................................................................................................334 Restricting Zone Transfer Access ..........................................................................................334 DNS Troubleshooting......................................................................................................................335 Testing DNS with nslookup ..................................................................................................335 Testing with the netstat Command ....................................................................................336 Testing with Telnet ....................................................................................................................336 DNS Client Configuration Problems ................................................................................337 DNS Server Configuration Problems ................................................................................338 Exercises ..........................................................................................................................................342 Review Questions ........................................................................................................................343 Exam Questions ..........................................................................................................................343 Answers to Review Questions ................................................................................................344

8 Network Time Protocol

345

Introduction ........................................................................................................................................347 Introduction to NTP ......................................................................................................................347 NTP Client ....................................................................................................................................348 NTP Server ....................................................................................................................................348 Stratum Level ................................................................................................................................348 NTP Peer Servers ........................................................................................................................348 Time Source ..................................................................................................................................348 Time Sources and Configuring the NTP Server ..................................................................349 Configuring the NTP Server to Use Another Server on the Internet ..................350 Configuring a Server to Use the Broadcast Time Signal ............................................350 Configuring the Peer NTP Server ........................................................................................352

xi

xii

SOLARIS 8 TRAINING GUIDE: NETWORK ADMINISTRATOR CERTIFICATION

Configuring the NTP Client ........................................................................................................352 Configuring NTP as a Broadcast Client ..........................................................................352 Using the ntpdate Utility ........................................................................................................353 Troubleshooting NTP......................................................................................................................353 Exercises ..........................................................................................................................................360 Review Questions ........................................................................................................................360 Exam Questions ..........................................................................................................................360 Answers to Review Questions ................................................................................................361

9 Introduction to IPv6

363

Introduction ........................................................................................................................................365 What’s New in the IPv6 Protocol ..............................................................................................366 Expanded Address Space ..........................................................................................................366 Enhanced Routing ......................................................................................................................366 New Header Format ..................................................................................................................366 Header Options Enhancements ............................................................................................367 Security ............................................................................................................................................367 Resource Allocation and Quality of Service Features ..................................................367 Address Autoconfiguration ......................................................................................................367 Neighbor Discovery....................................................................................................................367 Structure of IPv6 Addresses ........................................................................................................368 Text Representation of IPv6 Addresses ..............................................................................369 Unicast Addresses ........................................................................................................................370 Special IPv6 Addresses ..............................................................................................................371 Routing ............................................................................................................................................371 IPv6 Header Composition ............................................................................................................371 IP Options Used in IPv6 ........................................................................................................374 Introduction to ICMPv6 ................................................................................................................375 Configuring IPv6 Addresses in Solaris......................................................................................375 Using Network Troubleshooting Commands with IPv6 Addresses

............................378

Changes in the /etc/inetd.conf Configuration File ............................................................380 Exercises ..........................................................................................................................................382 Review Questions ........................................................................................................................382 Exam Questions ..........................................................................................................................382 Review Questions ........................................................................................................................383 Fast Facts

..............................................................................................................................................385

Study and Exam Prep Tips ..............................................................................................................417

CONTENTS

Practice Exam ......................................................................................................................................423 Appendix A Glossary ..........................................................................................................................439 Appendix B

..........................................................................................................................................445

Appendix C ..........................................................................................................................................447 Appendix D ..........................................................................................................................................449 Appendix E

..........................................................................................................................................471

Appendix F ............................................................................................................................................489 Index

......................................................................................................................................................491

xiii

xiv

SOLARIS 8 TRAINING GUIDE: NETWORK ADMINISTRATOR CERTIFICATION

About the Author Rafeeq Ur Rehman (Solaris Certified Sys Admin, Solaris Certified Net Admin, CCNA, HP Certified HP-UX System Administrator) received his bachelor and master degrees in Electrical and Computer Engineering from the University of Engineering and

Technology, Lahore, India. He has more than nine years of experience in UNIX system and network administration and TCP/IP. His interests include Linux, network protocols, and embedded systems programming. He also is a contributing writer for SysAdmin Journal and Linux Journal.

ABOUT THE TECHNICAL EDITORS Guy Bruneau, GCIA, GCUX

Edgar Danielyan CCDP CCNP (Security)

Guy Bruneau is presently the Intrusion Detection Systems Engineering Coordinator with the Canadian Department of National Defense Computer Incident Response Team (DND CIRT) based in Ottawa, Ontario. Guy’s work with UNIX administration dates to the mid 1990s using Solaris, various flavors of Linux such as Slackware, RedHat, and Mandrake. His experiences are mainly in the field of UNIX security, Computer Network Intrusion Detection, Network Security Auditing, Incident Handling, Response and Reporting. Also firsthand knowledge of using and tailoring Cisco Secure IDS, Shadow, Snort, and RealSecure. He is a SANS GIAC Certified UNIX Security Administrator and a GIAC Certified Intrusion Analyst. A SANS@Night speaker and also the author of SANS Intrusion Detection In-Depth Curriculum course “Introduction to Logfile Analysis,” he is currently pursuing a bachelor degree at the Teluq, University du Quebec.

Currently self-employed, Edgar is a co-founder of a national ISP, has worked for the United Nations, Ministry of Defense, a bank, and has been an associate partner at a law firm. He speaks four languages and in his spare time enjoys hiking, swimming, and mountaineering with his wife, Aysa. His professional interests include security, mobile devices, and UNIX systems. He is the author of many technical articles on Solaris, TCP/IP, and Internet Security published by Inside Solaris magazine. Currently he is working on a Solaris 8 security book to be published by New Riders Publishing in fall 2001.

SECTION HERE

xv

DEDICATION To: Ali, Amer, Jahangir, Jalil, Kamran, Shahid Bokhari, and all others who invested their time, heart, and soul to building the Linux lab at the Department of Electrical Engineering, University of Engineering and Technology, Lahore.

ACKNOWLEDGMENTS Writing this book was a challenge for me, but worth the effort. During this whole process, and as always, my wife Aseyah was encouraging and provided solid support. Jeff Riley at New Riders Publishing needs special thanks for making plans, setting deadlines, and pushing everybody involved to meet these deadlines. Without his efforts, this book would not be. Robin Drake and Ginny Munroe at New Riders Publishing helped a lot in the development process of this book. They suggested logical topic arrangement and recommended many of the figures that help to visually clarify what is being discussed.

Bill Murray put together sample exam questions and answers and did a great job in doing so. I want to thank to Bill for doing such an excellent job. Patty Lickliter and all others at Dedicated Technologies Inc., have always helped and encouraged me to carry out new things. I want to thank everyone at DTI. I also want to thank Mario Cedillo. He is the best manager I have ever worked with. Finally, I want to thank all of my friends who encouraged me and kept checking on this book’s progress.

xvi

SOLARIS 8 TRAINING GUIDE: NETWORK ADMINISTRATOR CERTIFICATION

A Message from New Riders As the reader of this book, you are our most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, in what areas you would like to see us publish, and any other words of wisdom you’re willing to pass our way.

online interaction with other users and with technology experts, and a calendar of trade shows and other professional events with which we’ll be involved. We hope to see you around.

As Executive Editor at New Riders, I welcome your comments. You can fax, email, or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books better. When you write, please be sure to include this book’s title, ISBN, and author, as well as your name and phone or fax number. I will carefully review your comments and share them with the authors and editors who worked on the book.

Email Us from Our Web Site

Please note that I cannot help you with technical problems related to the topic of this book, and that due to the high volume of email I receive, I might not be able to reply to every message. Thanks. Email:

[email protected]

Mail:

Stephanie Wall Executive Editor New Riders Publishing 201 West 103rd Street Indianapolis, IN 46290 USA

Visit Our Web Site: www.newriders.com On our web site, you’ll find information about our other books, the authors we partner with, book updates and file downloads, promotions, discussion boards for

Go to www.newriders.com and click the Contact link if you á Have comments or questions about this book. á Want to report errors that you have found in this book. á Have a book proposal or are interested in writing for New Riders. á Would like us to send you one of our author kits. á Are an expert in a computer topic or technology and are interested in being a reviewer or technical editor. á Want to find a distributor for our titles in your area. á Are an educator/instructor who wants to preview New Riders books for classroom use. In the body/comments area, include your name, school, department, address, phone number, office days/hours, text currently in use, and enrollment in your department, along with your request for either desk/examination copies or additional information.

A MESSAGE FROM NEW RIDERS

You can reach us toll-free at 800-571-5840 + 9 + 3567 (ask for New Riders). If outside the United States, please call 1-317-581-3500 and ask for New Riders. If you prefer, you can fax us at 1-317-581-4663, Attention: New Riders.

NOTE

Call Us or Fax Us Technical Support for This Book Although we encourage entry-level users to get as much as they can out of our books, keep in mind that our books are written assuming a nonbeginner level of user knowledge of the technology. This assumption is reflected in the brevity and shorthand nature of some of the tutorials. New Riders will continually work to create clearly written, thoroughly tested and reviewed technology books of the highest educational caliber and creative design. We value our customers more than anything—that’s why we’re in this business—but we cannot guarantee to each of the thousands of you who buy and use our books that we will be able to work individually with you through tutorials or content with which you may have questions. We urge readers who need help in working through exercises or other material in our books—and who need this assistance immediately—to use as many of the resources that our technology and technical communities can provide, especially the many online user groups and list servers available.

xvii

Introduction This book is the study and exam preparation guide for Solaris 8 Network Administration Examination 310-043. The book contains nine chapters, which are organized according to examination objectives set by Sun Educational Services. Every chapter in the book starts with a list of objectives and topics covered in that chapter. A chapter summary appears at the end of each chapter. You also will find review questions, exercises, and sample exam questions at the end of each chapter. These questions will enable you to test your own knowledge of what you have read. You also should review key terms, the case studies, and the suggested readings for each chapter.

HOW

TO

USE THIS BOOK

This book covers all the exam objectives for Solaris 8 Network Administration Certification Exam 310-043. Each topic covered in this chapter is explained so that it is easy to understand. You will find many examples of command usage in each section. Tips and cautions from real-life experience will help you implement your knowledge in a safe and efficient way. Wherever necessary, tables briefly compare things covered in the same section. This book is organized so that it starts with simple and easy-to-understand concepts. It gradually moves toward more complex tasks, easing the reader to successful accomplishment of progressively more difficult tasks. Sample exam questions at the end of each chapter and the ExamGear CD will help you judge your preparation for the real exam.

WHAT THE SUN-CERTIFIED NETWORK ADMINISTRATOR FOR SOLARIS 8 OPERATING ENVIRONMENT EXAM (310-043) COVERS All exam objectives are covered in this book. Chapter 1, “Introduction to Computer Networks,” is an introduction to computer networking, network technologies, and the OSI model. Chapter 2, “The TCP/IP Protocol,” covers the TCP/IP protocol, IP addressing, and other things related to TCP/IP. Chapter 3, “Routing in TCP/IP Networks,” is about routing in TCP/IP networks. Chapter 4, “The Client-Server World: Ports and Sockets,” covers the Transport layer, ports, sockets, and the client-server model. Chapter 5, “Configuring and Managing Dynamic Host Configuration Protocol,” explains how to configure and manage DHCP on the Solaris 8 platform. Chapter 6, “Network Management with SNMP,” is about network management and SNMP. Chapter 7, “Configuring and Managing Domain Name Server,” covers hostname resolution and domain name system as well as the configuration process of the domain name server on Solaris. Chapter 8, “Network Time Protocol,” is about the Network Time Protocol, and the last chapter (Chapter 9, “Introduction to IPv6”) provides information on the IPv6 protocol. Upon finishing this book, you should have sufficient information about the exam objectives. Following is a list of the objectives themselves and a brief explanation of each objective.

2

SOLARIS 8 TRAINING GUIDE: NETWORK ADMINISTRATOR CERTIFICATION

NETWORK MODEL

ARP

You need to know TCP/IP layers, as well as the TCP, UDP, IP, and ICMP protocols. You also need to know how these protocols work together and how peer-topeer communication takes place in IP networks. The network model objectives follow:

You need to understand Address Resolution and Reverse Address Resolution Protocols and commands to manage the ARP cache. You also should know the configuration files and scripts used to configure network interfaces. The objectives follow:

á Identify the purpose of each layer in the TCP/IP five-layer model. á Describe the functionality of the following network protocols: TCP, UDP, IP, and ICMP. á Describe the relationship between the following network protocols: TCP, UDP, IP, and ICMP. Describe peer-to-peer communication.

LOCAL AREA NETWORKS You must know basic local area network terminology and networking components such as bridges, repeaters, routers, gateways, and switches. In addition to that, you must also know common networking topologies. The local area networks objectives follow:

AND

RARP

á Explain the process of address resolution using ARP and RARP. Identify the commands to manage ARP cache. á Identify the configuration files and scripts used to configure a network interface.

NETWORK LAYER In the Network layer, you should know about IP addressing, classless interdomain routing, netmasks, variable-length subnet masks, and their use. You also should know how to configure a network interface in Solaris. The objectives follow: á Describe the following: IP address, broadcast address, netmask, datagram, and fragment.

á Identify the role of the following LAN components: bridge, repeater, router, switch, and gateway.

á Describe classless interdomain routing (CIDR). Identify the file used to set netmasks.

á Identify the network topologies.

á Identify the features and benefits of the variablelength subnet masks (VLSM).

ETHERNET INTERFACE You need to know basic Ethernet information, such as Ethernet addresses and the configuration commands used in Solaris for Ethernet driver configuration. The objectives follow: á State the purpose of the Ethernet address. á Identify the commands to get and set driver configuration.

á Configure a network interface.

ROUTING You should be able to configure IP routing files and you must have information about Solaris routing daemons. You also should be able to display and manage routing tables and static routes. The objectives for routing follow: á Describe IP routing.

INTRODUCTION

á Identify the Solaris 8 daemons that implement routing protocols. Identify the files used to configure routing. á Identify the purpose of the files used to configure routing. á Administer the routing table.

TRANSPORT LAYER You should be able to distinguish the features of TCP and UDP protocols as well as connection-oriented and connection-less communication. You should know about port numbers and the inetd daemon as well as the syntax of its configuration file. The objectives follow: á Identify the features of the TCP and UDP. á Define the terms connection oriented, connection-less, stateful, and stateless. á Describe the relationships between port numbers, network services, and inetd.

CLIENT-SERVER MODEL

3

DHCP Here you should know why we use Dynamic Host Configuration Protocol (DHCP). You must be able to configure DHCP server and know about its configuration files. You also should be able to configure a DHCP client. The objectives for DHCP follow: á State the benefits of DHCP. á Identify DHCP configuration files. State the purpose of DHCP configuration files. á Administer DHCP clients and servers.

NETWORK MANAGEMENT TOOLS Here you need to have basic information about Simple Network Management Protocol (SNMP) and tools used on Solaris that are related to SNMP. The objectives follow: á Identify tools that use the Simple Network Management Protocol (SNMP). á Describe the (SNMP).

You should be able to know basic client-server terminology and RPC as well as other network services. You also should be able to determine configured and running services on Solaris host. The objectives follow: á Explain the terms client, server, and service. á Administer Internet services and RPC services. á Collect information about services configured on hosts.

DOMAIN NAME SERVICE (DNS) You should know what the host name resolution process is and the different ways to resolve hostnames. You should know about resource records and the steps to configure DNS on Solaris. You also should know the different DNS configuration files. The objectives for DNS follow: á Identify the purpose of DNS.

4

SOLARIS 8 TRAINING GUIDE: NETWORK ADMINISTRATOR CERTIFICATION

á Describe address resolution and reverse address resolution.

á Configure an IPv6 network interface.

á Identify the correct resource record syntax.

List of Objectives

á Explain the steps needed to configure DNS.

Each chapter starts with a list of objectives covered within that chapter so that you know for which part of the exam a particular chapter prepares you.

á Identify the configuration files for DNS. á State the purpose of DNS configuration files.

NETWORK TIME PROTOCOL You need to know what the network time protocol is and how it is implemented on Solaris. You should be able to configure an NTP server and client. The objectives for NTP follow: á Describe the NTP features. á Identify NTP configuration files.

Objectives Explanation After each specific objective is listed, a brief explanation of that objective appears at the start of each chapter.

Notes Notes contain various kinds of information related to the section into which it falls, but it is information that does not fit into the main flow of the book.

á State the purpose of NTP files. á Describe how to configure NTP.

TROUBLESHOOTING You should be able to identify and troubleshoot common network problems. The objectives follow: á Identify common network problems. á Diagnose network problems.

Cautions Cautions alert you to the safe use of commands so that you don’t do something to the system that might be harmful or difficult to fix.

Chapter Summary At the end of each chapter, a chapter summary recaps the material covered in the chapter.

á Resolve network problems.

Key Terms

IPV6 IPv6 is the new version of the IP protocol, and you must have basic information about IPv6 and how to configure IPv6 addresses on Solaris. The objectives follow: á Describe IPv6.

A list of key terms discussed in the chapter is included after the chapter summary.

Exercises This section includes hands-on exercises that enable you to apply the knowledge learned in the chapter. These exercises include an estimated time for comple-

INTRODUCTION

tion to further assess your ability to work with the knowledge gained from the chapter in a timely fashion.

Review Questions This section includes some short-answer questions to test your understanding of concepts discussed in the chapter.

Exam Questions This section contains a list of sample exam questions. Answers to these questions are provided in Appendix E, “Answers to the Sample Test Questions.” In the Appendix E, some answers also contain an explanation to show the user why a particular answer is correct.

Suggested Readings Each chapter lists suggested readings as the last section. This part lists some books and other reading material (RFCs, web sites, and so on) that can be helpful for a reader to get further knowledge on topics discussed in the chapter. You should start this book at the first chapter and read it in sequence. After reading each of the chapters, be sure to complete the exercises, review questions, and exercises. This way you will feel comfortable and confident about what you have learned. Also try the sample exam questions at the end of each chapter. If you are able to answer more than 85% of these questions, you should be able to pass the certification examination. Also consult appendixes at the end of this book. The glossary gives you consolidated information about key networking terms.

ADVICE

ON

TAKING

THE

5

EXAM

More extensive tips are found in the Study and Exam Prep Tips and throughout the book, but keep in mind the following advice as you study for the exam: á Read all the material. This book includes information not reflected in the exam objectives to better prepare you for the exam and for realworld experiences. Read all the material to benefit from this. á Do the step-by-step exercises and complete the exercises at the end of each chapter. á Use the questions to assess your knowledge. Each chapter contains review questions and exam questions. Use these to assess your knowledge and to determine where you need to re-review material. á Review the exam objectives. Develop your own questions and examples for each topic listed. If you can develop and answer several questions for each topic, you should not find it difficult to pass the exam. á Relax and sleep before taking the exam. Time for taking the examination is limited. If you have prepared and you know Solaris network administration, however, you will find plenty of time to answer all the questions. Be sure to rest well for the stress that time limitations put on exam participants. á Don’t be lazy during the examination and answer all the questions as quickly as possible. á If you don’t know answer to a question, just skip it and don’t waste much time.

How to Use This Book New Riders Publishing has made an effort in the editions of its Training Guide series to make the information as accessible as possible for the purposes of learning the certification material. Here, you have an opportunity to view the many instructional features that have been incorporated into the books to achieve that goal.

CHAPTER OPENER Each chapter begins with a set of features designed to allow you to maximize study time for that material. List of Objectives: Each chapter begins with a list of the objectives as stated by Microsoft.

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam: Identify the purpose of each layer in the TCP/IP five-layer model.

. TCP/IP is a five-layer protocol. Each layer has its own special functionality, and you need to identify and understand those functionalities. The first four layers of the protocol are similar to the OSI model. However, the Application layer in TCP/IP covers most of the functionality in the upper three layers of the OSI model.

Objective Explanations: Immediately following each objective is an explanation of it, providing context that defines it more meaningfully in relation to the exam. The objective explanations are designed to clarify any vagueness by relying on the authors’ test-taking experience.

Describe the functionality of the following network protocols: TCP, UDP, IP, and ICMP. Describe the relationship between the following network protocols: TCP, UDP, IP, and ICMP.

. The TCP/IP protocol is a combination of multiple protocols that work on different layers. Some examples of these protocols are TCP, UDP, IP, and ICMP. These protocols coordinate among themselves during a communication session. You should understand these protocols and their relationship. Explain the process of address resolution using ARP and RARP. Identify the commands to manage the ARP cache.

. Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) are used to map MAC layer addresses to Network layer addresses and vice versa, respectively. From the examination perspective, you should understand these protocols and Solaris commands related to them.

C H A P T E R

2

The TCP/IP Protocol

HOW

TO

USE THIS BOOK

7

OUTLINE Introduction

xx

Client-Server Terminology

xx

Common TCP/IP Utilities Using FTP

Servers

xx

Clients

xx

Port Number

xx

Socket

xx

Daemon

xx

Introduction to Ports and Sockets Well-Known Port Numbers

xx xx

What Is a Socket?

xx

Client-Server Application Model

xx

Connection-less and Connection-Oriented Communication

xx

Configuring Internet Services

xx

Starting Network Services as a Daemon

xx

Starting Internet Services Using the inetd Daemon

xx

Advantages and Disadvantages of Using the inetd Daemon

xx xx

Using Telnet

xx

Using Telnet to Verify a Remote Server Process

xx

Using the finger Command

xx

Using the rwho Command

xx

Using the rup Command

xx

Using the ruptime Command

xx

Commands Starting with r

xx

Configuring r Commands

xx

Using the rlogin Command

xx

Using the rcp Command

xx

Using the rsh Command

xx

Important Internet Services and Port Numbers

xx

Troubleshooting

xx

Using netstat and rpcinfo Commands

xx

Using ndd Command

xx

xx

Checking TCP Status

xx

A List of Running Services

xx

Essence of the Case

xx

RPC Services

xx

Analysis

xx

Chapter Summary

Chapter Outline: Learning always gets a boost when you can see both the forest and the trees. To give you a visual image of how the topics in a chapter fit together, you will find a chapter outline at the beginning of each chapter. You will also be able to use this for easy reference when looking for a particular topic.

xx

S T U DY S T R AT E G I E S This chapter introduces you to client-server terminology and Transport layer protocols. These protocols are TCP and UDP. To understand concepts presented in this chapter, use the following study strategies: . Learn basic client-server terminology. . Understand the TCP and UDP protocols and connection-oriented communication and connectionless communication.

. Review the format of the different configuration files that are used to configure Internet services. . Get some hands-on experience with the configuration process for Internet services on Solaris. . Practice configuring r commands. . Learn the troubleshooting process for Internet services. . Complete all the exercises and questions at the end of this chapter.

Study Strategies: Each topic presents its own learning challenge. To support you through this, New Riders has included strategies for how to best approach studying in order to retain the material in the chapter, particularly as it is addressed on the exam.

USE THIS BOOK

INSTRUCTIONAL FEATURES WITHIN THE CHAPTER These books include a large amount and different kinds of information. The many different elements are designed to help you identify information by its purpose and importance to the exam and also to provide you with varied ways to learn the material. You will be able to determine how much attention to devote to certain elements, depending on what your goals are. By becoming familiar with the different presentations of information, you will know what information will be important to you as a test-taker and which information will be important to you as a practitioner.

Exam Tip: Exam Tips appear in the margins to provide specific examrelated advice. Such tips may address what material is covered (or not covered) on the exam, how it is covered, mnemonic devices, or particular quirks of that exam.

Sometimes things go bad in Telnet sessions and you cannot get the prompt back in the Telnet window. The close command is handy for such a situation.

Note: Notes appear in the margins and contain various kinds of useful information, such as tips on the technology or administrative practices, historical background on terms and technologies, or side commentary on industry issues.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Name (ftp.newriders.com:rrehman): anonymous 331 Guest login ok, send your complete e-mail address as ➥password. Password: 230-Welcome to ftp.newriders.com. 230-Restrictions Apply! 230230230-- Management 230230230-Please read the file README 230- it was last modified on Thu Oct 26 22:58:48 2000 - 68 days ago 230 Guest login ok, access restrictions apply. ftp>

Using FTP with a Web Browser You can also transfer files using FTP with a web browser. To connect to an FTP server, such as ftp.newriders.com, as an anonymous user, you have to use the following URL:

NOTE

TO

TIP

HOW

EXAM

8

Anonymous FTP is a potentially problematic service. Do not use it if you don’t really need it!

ftp://ftp.newriders.com

Figure 4.1 shows a screen shot of the Netscape browser when you use this URL. After getting the list of files in your web browser, you can click any file to download it. When you click a directory icon, you just move inside this directory and files in that directory are listed in the browser window.

FIGURE 4.1 FTP using a web browser.

37

HOW

telnet stream tcp6 nowait ➥telnetd in.telnetd

root

TO

USE THIS BOOK

9

/usr/sbin/in.

Telnet is a very useful tool to log on to a remote host. To verify whether the Telnet server is running on your host, the following command should display an open socket with the LISTEN state: bash-2.03# netstat -a|grep telnet *.telnet *.* ➥24576 0 LISTEN bash-2.03#

0

0

Using the Telnet Client Figure 4.2 shows a Telnet logon session. This example logs on to a host with the IP address 192.168.2.222. If you have a hostname mapped to the IP address, you also can use that hostname to telnet to a server. The Telnet client tries to connect to the Telnet server and when the connection is established, a prompt appears. At this prompt, you have to enter a valid username followed by a password. If the username and password are valid, you are allowed to log on to the server.

Using the Telnet Escape Character (^])

FIGURE 4.2 A Telnet logon session.

During the telnet session, you can use the escape sequence ^] by pressing Ctrl+]. This sequence brings you to the telnet> prompt where you can use different commands. The following is the response you should get when you use this escape sequence just after logon:

Figure: To improve readability, the figures have been placed in the margins wherever possible so they do not interrupt the main flow of text.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

19

$4 !~ /noac/{s = 0} END{exit s}’ /etc/mnttab; ➥then /usr/bin/logger -p mail.crit “$ERRMSG1” /usr/bin/logger -p mail.crit “$ERRMSG2” fi ;; ‘stop’) /usr/bin/pkill -x -u 0 sendmail ;; *) echo “Usage: $0 { start | stop }” exit 1 ;; esac exit 0

How to Create Your Own Startup Script This section explains how to create your own startup script.

STEP BY STEP 4.1 Creating a Startup Script Starting your own network server process is a three-step procedure, as shown here: 1. Create a startup script in the /etc/init.d directory. 2. Add a link to this script in the /etc/rcn.d directory for startup, where n is the run level in which you want to start the server process. Name of this link starts with the letter S. 3. Add a link to this script in the /etc/rcn.d directory for shutdown, where n is the run level in which you want to shut down the server process. Name of this link starts with the letter K.

Now let’s create a simple script for a server process. Suppose that the executable file for this process is /sbin/sample-server and the process will be started in run level 3. It will be shut down in run level 2. The simple script may be as shown here: #!/sbin/sh case “$1” in

Step by Step: Step by Steps are hands-on tutorial instructions that walk you through a particular task or function relevant to the exam objectives.

10

HOW

TO

USE THIS BOOK

CASE STUDIES Case Studies are presented throughout the book to provide you with another, more conceptual opportunity to apply the knowledge you are developing. They also reflect the “real-world” experiences of the authors in ways that prepare you not only for the exam but for actual network administration as well. In each Case Study, you will find similar elements: a description of a Scenario, the Essence of the Case, and an extended Analysis section.

C A S E S T U DY : S P L I T D E V E L O P M E N T S Y S T E M S ESSENCE OF THE CASE

SCENARIO

The following are the essentials of the case:

Split Development Systems is a software development company. The main office is in San Jose, California, and a branch office is located in Columbus, Ohio. The company wants to give Internet access to its employees in both of the offices as well manage its own domain name. The company also wants to run its own DNS server in San Jose because people who have expertise in DNS management are located in San Jose. However, the company also wants to have a DNS server in Columbus to serve local clients in that office.

. There are two offices that are a long distance from each other. . Clients in both offices need a local DNS server. . DNS administration people are available in one office only.

A N A LY S I S Because management people are available in the San Jose office, it is wise to install a primary and a secondary name server in the same office in San Jose. These servers will be available on the Internet and will serve the company’s domain name. To provide a local server to the office in Columbus, for example, the company should provide a caching-only DNS server to Columbus. The caching-only server will need the least maintenance because there are no zone data files. This server may not need a DNS expert in Columbus, as simple system management is sufficient for it.

Essence of the Case: A bulleted list of the key problems or issues that need to be addressed in the Scenario.

Scenario: A few paragraphs describing a situation that professional practitioners in the field might face. A Scenario will deal with an issue relating to the objectives covered in the chapter, and it includes the kinds of details that make a difference.

Analysis: This is a lengthy description of the best way to handle the problems listed in the Essence of the Case. In this section, you might find a table summarizing the solutions, a worded example, or both.

HOW

CHAPTER SUMMARY KEY TERMS • client • server • connection-oriented services • connection-less services • socket • port • inetd daemon • Remote Procedure Calls (RPC)

This chapter was devoted to client-server concepts and configuration and management of network services on Solaris. The chapter started with some basic terminology used in the client-server model of user applications. Then you learned about ports and sockets. Port numbers are used to distinguish among different servers running on the same host. A socket is a connection point for clients to connect to a server. A socket also is a combination of the IP address and port number and may be written in dot notation just like IP addresses. Ports are used at the Transport layer level and common services are assigned well-defined port numbers. Well-known port numbers are defined in the /etc/services file. Opened port numbers and connected sockets can be displayed using the netstat command. This chapter also covered the configuration of network services on a Solaris system A service may be started as a daemon or through

Key Terms: A list of key terms appears at the end of each chapter. These are terms that you should be sure you know and are comfortable defining and understanding when you go in to take the exam.

TO

USE THIS BOOK

11

EXTENSIVE REVIEW AND SELF-TEST OPTIONS At the end of each chapter, along with some summary elements, you will find a section called “Apply Your Knowledge” that gives you several different methods with which to test your understanding of the material and review what you have learned.

Chapter Summary: Before the Apply Your Knowledge section, you will find a chapter summary that wraps up the chapter and reviews what you should have learned.

A P P LY Y O U R K N O W L E D G E

Exercises 7.1

5. Configure the DNS client and test this name server.

Configure and Test a DNS Client 7.3

The following steps show you how to configure a DNS client and test it. Estimated Time: 5 minutes 1. Edit the /etc/resolv.con file and add one line for each DNS server. If the DNS server address is 192.168.2.10, the result should look like this: nameserver 192.168.2.10

2. Edit the /etc/nsswitch.conf file and create the following line: hosts: dns

3. Use the nslookup command to verify that the client works.

Restrict Access to a DNS Server

This exercise restricts access to the newly configured DNS server from Exercise 7.2. Estimated Time: 5 minutes 1. Use the allow-query option in the /etc/named.conf file and restrict access for your DNS client. 2. Make sure that you are not able to resolve hostnames using the nslookup command. 3. Try to resolve the hostname from another DNS client. You should be able to resolve hostnames from clients that are not restricted to use of the DNS server.

A P P LY Y O U R K N O W L E D G E

Review Questions 1. What is the difference between a zone and a domain?

4. Which of the following files are used for DNS client configuration? Choose all that apply. A. /etc/inet/hosts

2. Which methods are used for hostname resolution?

B. /etc/resolv.conf

3. What are the different types of domain name servers?

C. /etc/nsswitch.conf

4. What is zone transfer?

Exercises: These activities provide an opportunity for you to master specific hands-on tasks. Our goal is to increase your proficiency with the product or technology. You must be able to conduct these tasks in order to pass the exam.

D. /etc/named.hosts 5. Which of the following is not a valid type of resource record?

Review Questions: These open-ended, shortanswer questions allow you to quickly assess your comprehension of what you just read in the chapter. Instead of asking you to choose from a list of options, these questions require you to state the correct answers in your own words. Although you will not experience these kinds of questions on the exam, these questions will indeed test your level of comprehension of key concepts.

12

HOW

TO

USE THIS BOOK

u

Exam Questions Exam Questions: These questions reflect the kinds of multiple-choice questions that appear on the Microsoft exams. Use them to become familiar with the exam question formats and to help you determine what you know and what you need to review or study more.

1. Which of the following is not a type of domain name server? A. Primary domain name server B. Secondary domain name server C. Backup domain name server D. Caching domain name server 2. Which file determines whether a DNS server is primary, secondary, or caching? A. The /etc/named.conf file B. The named.rev file C. The named.hosts file D. The named.ca file

d

A. NS B. PTR C. NAME D. CNAME 6. Which of the following is not a valid entry in the /etc/inet/hosts file? Choose all that apply. A. 192.168.2.222

fana

loghost

B. laptop C. laptop D. laptop

192.168.2.11 laptop-nt

192.168.2.11

7. Which information is not included in the SOA resource record? A. Serial number

A P P LY Y O U R K N O W L E D G E

Answers to Review Questions

Answers and Explanations: For each of the Review and Exam questions, you will find thorough explanations located at the end of the section.

1. A zone is the administrative boundary within a domain. A domain can consist of only one zone or multiple zones. A zone may contain one or more subdomains. Multiple zones within a domain are usually used to delegate administration responsibilities. 2. The following methods are used for hostname resolution: • The /ets/hosts file

3. There are three basic types of DNS servers: • Primary domain name server • Secondary domain name server • Caching or hint domain name server • The root name server also is considered a type of DNS server. 4. A zone transfer is the process of transferring zone data files from a primary name server to a secondary name server. TCP port 53 is used for this process.

• NIS • NIS+

Suggested Readings and Resources: The very last element in every chapter is a list of additional resources you can use if you want to go above and beyond certification-level material or if you need to spend more time on a particular subject that you are having trouble understanding.

Suggested Readings • Computer Networks. Andrew S. Tanenbaum • Computer Networks and Internets. Douglas E. Comer and Ralph E. Droms • TCP/IP Unleashed. Parker et al.

• TCP/IP Illustrated, vol. 1. Richard Stevens • Internetworking with TCP/IP Vol. I: Principles, Protocols, and Architecture. Douglas E. Comer

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam: Identify the role of the following LAN components: bridge, repeater, router, switch, and gateway. Identify the network topologies. State the purpose of the Ethernet address. Identify the commands to get and set driver configuration. Describe peer-to-peer communication.

. The purpose of the exam objectives discussed in this chapter is to build a basic understanding about computer networks. The reader is required to have knowledge of different components used to build networks. Network topologies show the physical layout of networks. Each network topology has its benefits and drawbacks, and a user is required to understand these. Each computer is connected to the network through network adapters. Network adapters use access methods to gain control of communication media before transmitting any data. Ethernet is the most commonly used technique to access communication media and to physically address computers. You will learn the structure of an Ethernet address and how to configure an Ethernet driver in Solaris.

C H A P T E R

1

Introduction to Computer Networks

OUTLINE Introduction

XX

Network Terminology

XX

Computer Networks

XX

Host and Nodes

XX

Routers

XX

Network Protocols

XX

The Internet

XX

Bandwidth

XX

Layer Headers and Data Transfer in a Layered Model

XX

The Utility of the Layered Protocol Model

XX

Network Equipment

XX

Network Adapters

XX

Network Cables Coaxial Cable Twisted-Pair Cable Fiber-Optic Cable

XX XX XX XX

Connectors

XX

Segments

XX

Transceivers

XX

Backbones

XX

Repeaters

XX

Networks Defined by Modulation Technique XX Baseband Networks XX Broadband Networks XX

Hubs

XX

Bridges

XX

Switches

XX

Networks Defined by Network Topology Bus Topology Star Topology Ring Topology Mixed or Hybrid Topology

Routers

XX

Gateways

XX

Network Classification Networks Defined by Geographic Area Local Area Networks Wide Area Networks

XX XX XX XX

XX XX XX XX XX

Introduction to the ISO-OSI Reference Network Model OSI Layers Physical Layer Data Link Layer Network Layer Transport Layer Session Layer Presentation Layer Application Layer

XX XX XX XX XX XX XX XX

Peer Protocols and Interfaces

XX

Network Access Methods

XX

Carrier Sense Multiple Access Collision Detect

XX

Token Ring

XX

Introduction to the Ethernet

XX

Types of Ethernet 10BASE-2 Ethernet 10BASE-5 Ethernet 10BASE-T Ethernet 100BASE-T Ethernet Gigabit Ethernet

XX XX XX XX XX XX

OUTLINE

S T U DY S T R AT E G I E S

Ethernet Addresses and Broadcasting on the Ethernet

XX

Ethernet Frame Format Preamble Start Frame Delimiter Destination Address Source Address Higher Layer Data Frame Check Sequence

XX XX XX XX XX XX XX

Interframe Gap

XX

. Then go through the chapter again and just look at the section headings.

The Difference Between Standard Ethernet and IEEE 802.3 Frames

XX

Data Encapsulation

XX

. Practice the commands discussed in this chapter to help you build your understanding of network interfaces in Solaris.

Managing Ethernet Interfaces in Solaris

XX

Listing Installed Ethernet Interfaces

XX

Creating Logical Interfaces

XX

Making Interfaces UP and DOWN

XX

Troubleshooting Common Ethernet Problems

XX

Using the ifconfig Command

XX

Using the netstat Command

XX

Using the snoop Command

XX

Using the ping Command

XX

Using the traceroute Command

XX

Using the ndd Command

XX

Chapter Summary

XX

Applying Your Knowledge

XX

This chapter is mostly theoretical information related to introductory concepts and terminology about computer networks. To get the most out of this chapter from the examination point of view, do the following: . Go through the chapter from beginning to end and try to understand the terminology discussed.

18

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

INTRODUCTION Business and personal communication has been significantly impacted in the latter part of the 20th century by networks. This one word, network, signifies the single most important concept that helped usher in the computer revolution. This past decade, the last of the 20th century, has witnessed the evolution of the Internet and the information exchange it has energized. Internetworking gave birth to a completely new industry known as information technology. High-end UNIX servers have been at the heart of Internet services. Among these, Solaris has always been an important Internet platform. Many of the 24 × 7 Internet companies rely on services provided by Solaris servers. In simple terms, a computer network refers to interconnected computers using a communication medium. The goal of a computer network is easy, fast, and reliable transfer of data from one computer to another. Depending on the technology used to build a network, you can achieve this goal in various ways. The more reliability and speed you need to transfer data, the better technology you require to implement the network, and this, in turn, increases the cost of installing and maintaining a network. This chapter is an introduction to computer networks and the various components used to build them. Common terminology related to computer networks begins this discussion; these definitions provide the foundation necessary to expand the discussion. Then the focus of this chapter turns to how networks are classified depending on geographic location. You also learn in this chapter about different network topologies and the pros and cons of each of these. Part of the network topology discussion centers on the International Standards Organization (ISO), which has proposed a model for building network protocols. This model is commonly known as Open Systems Interconnect (OSI); it also is known as ISO-OSI. ISO-OSI is a seven-layer network protocol model in which each layer has different functionality and collaborates with the other layers. Each layer in the OSI model is considered, and you learn how each of these layers interacts with the others. You also learn the advantages of a layered model and how data transfer takes place between two hosts connected to the same network. Finally, you learn about the various types of equipment used in networks. Each of the equipment types used in networks—

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

such as routers, switches, gateways, and cables—is discussed in relation to the layer of the OSI model in which the equipment operates. This chapter also reviews network access methods. Access methods are used to get control of communication media to initiate data transfer. The different types of Ethernet are introduced, as is how a broadcast is effected on Ethernet networks. In addition, you learn commands to list installed Ethernet interfaces in your Solaris system and commands to troubleshoot common Ethernet problems. Data in Ethernet networks is transferred from one host to another host in the form of data frames. A data frame consists of actual data and control information. The control part contains source and destination addresses and information to detect errors. In this chapter, you learn the format of Ethernet frames and how all of this information is packed inside a frame. After completing this chapter, you should understand the basic concepts of computer networking, network terminology, and how networks are built. You should be aware of the layered network model and the ISO-OSI networking model. You should be able to get information about Ethernet adapters in a Solaris system, and you also should be familiar with some of the network troubleshooting commands.

NETWORK TERMINOLOGY As in other technological fields, the computer networking field is flooded with jargon. For a network administrator, knowledge and understanding of the most commonly used terms is essential. This section defines introductory terminology you need to know. As you progress through this book, these terms and their meanings will become more familiar.

Computer Networks A computer network can be defined in a number of ways. In general, a computer network is a collection of computers connected (in one way or another) to each other via a communication medium. A network is comprised of both hardware and software, which integrate to provide various services. Computers connected to a network can communicate with each other with the help of services provided by the network. A device connected to a network is called a host or

19

20

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

node. Hosts have a special piece of hardware installed in them known as a network adapter or network interface. The network adapter is used to connect each host to a common communication medium. This communication medium may be a copper wire, a fiber-optic cable, or just a wireless frequency band.

Hosts and Nodes A node or a host is any device connected to a network. It might be a personal computer, a workstation or server, a router, or any other device. The words host and node are used interchangeably throughout this book. Specific network devices are mentioned clearly by name. When referring to any general concept about a machine connected to a network, for example, the word host or node is used. When specifically talking about something related to the Solaris system, however, the terms Solaris Server or Solaris Workstation are used rather than host or node. Similarly, when talking about a router, it is specifically mentioned.

Routers As the need for information exchange continues to expand, so does the need to connect multiple networks to each other. A router is a device used for this purpose. Typically, a router has multiple network adapters. Each of these adapters is connected to a different network. A router receives data packets from all connected networks and forwards these data packets to destination networks or hosts depending on the destination address. A router can be considered as a collection, sorting, filtering, dropping, and distribution point for data packets. Figure 1.1 shows the typical application of a router. In this case, the router connects three networks with each other. Modern routers do much more than just route data packets. They also serve as security devices implementing a security policy of some type. The most common type of security policy is the use of access lists. Access lists allow certain hosts and networks to enter a network, blocking the rest of the world. In other cases, selected hosts or networks, perhaps those generating offending network traffic, are blocked. The packet-filtering capabilities of routers also make these good firewalls. Some routers have network address translation (NAT) capability. This is a useful feature that enables you to hide private networks behind a router acting as NAT server and/or firewall.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS



FIGURE 1.1  




 

Network Protocols A network protocol may be thought of as a common language that all the hosts on a network understand. Basically, a protocol is a set of rules that governs data transfer among hosts on a network. Many protocols have been developed since research started on computer networks. The most common one is the TCP/IP suite of protocols. The ISO has proposed a layered model of network protocols that is used as a reference model. This model is called Open System Interconnect (OSI), and is discussed in detail later in this chapter. TCP/IP is the standard protocol for computers connected to the Internet. At present, almost all the public Internet-connected networks understand the TCP/IP protocol. The current version of this protocol is 4 (commonly referred to as IPv4). Because of the tremendous growth of the Internet, however, network addresses for this version have become sparse. Due to the inability to satisfy the demand for network addresses and some other problematic issues, this version is being replaced with version 6 (IPv6). During this transitional time, both versions of the protocol coexist to support old systems. Solaris 8 supports both IPv4 and IPv6. All discussions in this book relate to IPv4 until Chapter 9, “Introduction to IPv6.” From a user perspective, the first major difference between these two versions is the length of IP addresses, a number assigned to each host connected to the Internet. The length of this address is 32 bits in IPv4 and 128 bits in IPv6.

The Internet In general, an internet is a combination of multiple, independent networks. Most of the private as well as public networks in the world are connected to each other one way or another. This worldwide interconnection of networks is called the Internet. From now on,

Typical application of a router.

21

22

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

whenever this book refers to the Internet, it means the global, public Internet that provides different services to different types of users. In contrast, an intranet is a privately owned network that provides some of the same services as the Internet. However, access to an intranet is usually restricted to people inside a specific company or organization. Note that computers connected to a single network must understand a common protocol for communication. That said, different types of networks, with different protocols, can be connected to the Internet with the help of special type of network device. These devices are called protocols translators or gateways.

Bandwidth Bandwidth is the measured capacity of a communication medium for data transfer. Data transfer speed is measured in terms of bandwidth. In simple terms, bandwidth refers to the capacity of the communication medium used to interconnect hosts on a network. Technically, bandwidth is the range of frequencies that can pass through a communication medium. The higher the bandwidth, the larger the range of frequencies and the more data that can pass through a network. As a simple analogy, think of bandwidth as the capacity of a pipe for water flow. If you use a bigger pipe (more bandwidth), larger amounts of water can flow through it (more data can pass through). In common parlance, many network people use the word pipe in place of bandwidth for the same reason. As an example, a Fast Ethernet network has a bandwidth of 100Mbps. This means that this type of network can pass 100 megabits per second of data through it. In other words, ideally the maximum rate of data is transmitted over this type of network. All the network standards specify the upper limit on the available bandwidth for a particular type of communication medium. While designing large networks, bandwidth is the most important consideration, because you have to pay your service provider for the amount of bandwidth you need. If a company has many offices in different cities, for example, it can install local networks in each of these offices by laying cables inside the office. However, the com-

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

pany has to go to another company to interconnect these offices. This “other” company will provide an interconnection medium among these offices, but will charge for the amount of bandwidth you purchase. With so many innovations in network technology, demand for bandwidth is growing at a very large scale. Many protocols have been standardized to manage bandwidth and to force some type of quality of service.

NETWORK CLASSIFICATION Networks are categorized in many different ways. The most common classifications are based on three specific criteria: geographical area, modulation technique, and network topology. These are the classifications examined throughout this book, and are briefly introduced in the following sections.

Networks Defined by Geographic Area Depending on the geographic area covered, networks typically fall into one of two categories: local area network (LAN) or wide area network (WAN). Local and wide area networks use completely different technologies for interconnection. The data transfer rates also vary significantly between these two categories.

Local Area Networks Local area networks are usually confined within a building and connect hosts at the departmental or group level. Direct cable connections are used for LANs, and data transmission speeds are quite high as compared to wide area networks. LANs use private cabling and are less expensive to install and maintain. In addition, equipment is less sophisticated and less expensive when compared to WANs.

Wide Area Networks Wide area networks are typically used to connect departmental LANs together and often span multiple cities or countries. Usually, services from third-party service providers and telcos are used for

23

24

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

interconnection. Data transfer speed used in WANs is low because of the high cost of bandwidth. The Internet is the most common example of a wide area network. Some newcomers to the world of computer networking think that wide area networks are just large local area networks spanning a large (“wide”) geographic area. This is not true. LANs and WANs are two completely different technologies. Different types of equipment and different network protocols are used in these two types of networks. For example, Ethernet is a LAN technology that is not used in WANs.

Networks Defined by Modulation Technique Now that you understand what bandwidth is, this section explains how it is utilized. A range of frequencies can be transmitted over a communication medium. This range is divisible into smaller ranges. Each of the smaller ranges of frequency, each a subset of the larger range, is called a band. If a communication medium can transmit frequencies up to 1GHz (1000MHz), we can divide these frequencies into 10 different bands of 100MHz each. These 10 bands contain frequency ranges as shown in Figure 1.2 (section b). Depending on how the available frequency range is used by a network to transmit data, networks typically fall into one of two categories: baseband networks and broadband networks. Usually all network standards show which technique will be used for a particular type of network.





 !




 "  ! "    
!  

FIGURE 1.2 Frequency bands.






 !
 #

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Baseband Networks Baseband networks consider all available frequency as a single band and they transmit data over it utilizing all bandwidth (refer back to Figure 1.2, section a). No bandwidth sharing occurs, and only one network communications session can exist in a particular time slot. No modulation is used in baseband networks because all the available bandwidth is being utilized by just one type of signal. In contrast, the broadband networks use some type of modulation. This is the basic difference between baseband and broadband networks.

Broadband Networks In broadband networks, the available frequencies are divided into different bands. Some modulation technique is used to make it possible for multiple network communications to coexist. In Figure 1.2 (section b), for example, one host on one network can use band 3, and hosts on some other network can use band 7. In this way, multiple communications sessions can occur without interfering with each other. This type of frequency division is also called Frequency Division Multiplexing (FDM). With the increasing use of fiber-optic technology and the high availability of bandwidth in fiber networks, broadband networks are becoming more and more popular for high-speed and wireless data transfer.

Networks Defined by Network Topology The physical interconnection layout of a network is the network topology. Different network topologies have different characteristics. Some of these are low-cost, but are less reliable and difficult to maintain; whereas others are easy to maintain, but are more costly. Similarly, different network topologies have different points of failures. The following sections discuss some of the most common topologies.

Bus Topology In a bus topology, all hosts in the network are connected to a common bus, which is actually a cable (see Figure 1.3). A bus topology is usually used in broadcast networks where only one host can transmit data at one time. This is a low-cost solution and is

FIGURE 1.3 A bus topology network.

25

26

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

easy to install. The maintenance is usually difficult, and in most cases you have to shut down the network when you need to add another host. Also, the bus is the single point of failure for the network. Therefore, if a bus fails at any point, the whole network fails. To avoid signal reflection from the ends of the bus, terminators are used. The terminator is nothing but a resistor that connects signal paths and absorbs signals reaching the endpoints.

Star Topology FIGURE 1.4 A star topology network.

Figure 1.4 shows a star topology, in which all hosts are connected to a central location. This central location is the hub of the network. This is the most common and low-cost solution for local area networks. Star-connected networks also have a single point of failure, which is the hub. However, you do not have to bring down the whole network to add or remove a host. You can remove faulty hosts from the network, and new hosts can be added without disrupting functionality of other hosts.

Ring Topology FIGURE 1.5

A ring-connected network is equivalent to a bus-connected network with two ends of the bus connected together (see Figure 1.5).

A ring topology network.

Double rings also are used to connect networks. The Fiber Distributed Data Interface (FDDI) is the most common example of this type of network. If one of the rings fails, hosts can still use the second ring to transfer data. This provides a higher degree of reliability.

NOTE

Mixed or Hybrid Topology Many readers of this book might have heard of Token Ring networks. Physically, Token Ring networks are not ring-connected networks. They are actually star-connected networks.

Most practical networks are actually a combination of two or more types of topologies. These are mixed or hybrid topology networks. In many networks, for example, computers are connected to hubs in a star topology. These hubs are then connected to each other using a bus backbone. In many campus networks, FDDI is used as the backbone while star or bus topologies are used in smaller network parts. Figure 1.6 shows how a typical network that uses multiple hubs connected via a bus might look.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS



FIGURE 1.6 A typical network connection scheme.

IN THE FIELD Bus-connected networks are suitable only when you do not need to frequently add or remove hosts from the network. Therefore, this type of topology suits only small networks. Star-connected topology is the most commonly used topology because of the lower cost associated with it and its ease of maintenance. Hosts can be added or removed without bringing the network down. Dual-ring networks, such as FDDI, are used as campus backbone networks.

INTRODUCTION TO THE ISO-OSI REFERENCE NETWORK MODEL As previously mentioned, a protocol is a common set of rules that all hosts on a network understand. Protocols are used for the transfer of data from one computer to another. Although multiple protocols may be available on a single network, understanding of a common protocol is necessary for data transfer to take place between two hosts. My favorite analogy for a protocol is the human language. People sitting at one place might be speaking different languages, but for a successful communication between two persons, those two persons must agree on a common language. Similarly, it is possible for one host to understand multiple protocols (just like some human beings can understand multiple languages). To communicate to another host, however, both of the hosts must know a common protocol. Many protocols have been designed over the years. Some of these are very popular and some are not. The ISO has tried to standardize

27

28

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

protocol design methodology by proposing a reference network model (the OSI). Also commonly known as ISO-OSI, this network model is a layered protocol model. In it, the entire process of data transfer from one host to another is divided into different parts (layers). Each layer performs a different task in this process and communicates to layers directly above and below it through well-defined interfaces. ISO-OSI is a seven-layer protocol model. Later in this chapter, you learn the functionality of these various layers.

ISO-OSI Layers Application layer

Note that the OSI model is only a reference model for protocol developers; it is not a protocol itself. Most of the common and popular protocols do not work exactly according to this reference model. For example, the most commonly used protocol is the TCP/IP protocol, which has five layers (as compared to the seven layers in the OSI model).

Presentation layer Session layer Transport layer Data Link layer Physical layer

FIGURE 1.7 The seven layers of ISO-OSI network model.

OSI Layers The OSI model has seven layers. The bottommost layer (Layer 1) is the Physical layer, which deals with the actual hardware and electrical signals. The topmost layer (Layer 7) is the Application layer, and most network user interaction occurs with this layer only. In fact, a network user does not “see” the processes going on at the lower layers. Figure 1.7 shows the position of each layer in the OSI model.

EXAM

TIP

Each layer in the OSI model uses services of its lower layer and provides services to its upper layer. These services are provided through service access points (SAPs). The following sections discuss each of the OSI layers.

For the exam, you need to know which services each layer provides. You also need to know where a layer fits into the OSI model.

Physical Layer The Physical layer is where the actual data transfer takes place in the form of some sort of signal over a communication medium. The most commonly used medium is copper wire with an electrical signal used for data transfer. If fiber-optic cable is used as the communication medium, a light signal is used for data transfer. In wireless networks, electromagnetic waves carry data. Different types of signaling methods are used for different types of networks. Network topologies also play a very important role at the Physical layer. Depending on the communication medium used, dif-

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

ferent types of cables, connectors, and network adapters are used. This layer consists of the physical part of a network that is visible to a network user.

Data Link Layer The Data Link layer (DLL) is directly above the Physical layer. This layer receives data from the upper layer (the Network layer) and transmits it on the Physical layer. The function of this layer is to get access to the communication medium and to ensure that error-free data is transferred from one point to another in a computer network. This layer is divided into two sublayers: the Medium Access Control (MAC) sublayer and Logical Link Control (LLC) sublayer. The MAC sublayer interacts with the Physical layer. This is the part of the DLL where physical addresses for each host are used. These physical addresses also are called MAC addresses. MAC addresses are discussed more fully later in this chapter. Each host should have a unique MAC address in one network. The MAC layer ensures that only one hosts gets access to the communication medium when the medium is shared among many hosts in a physical network. Different access methods can be used to get access to the shared medium. This chapter discusses two of these access methods: the carrier sense multiple access collision detect (CSMA/CD) method and the Token Ring method. The LLC provides services to the Network layer for data transfer. Using LLC, multiple protocols in the Network layer can be multiplexed on a single physical network. Data at the physical layer is treated as signals in the form of 1s and 0s, whereas data at the DLL level is in the form of frames. A frame is a data packet that consists of actual data and control information. Depending on the protocol used for network access, the structure and length of the frames differs. In its most common form, each frame consists of a source and a destination MAC addresses, actual data, and information to detect errors.

Network Layer Individual logical addresses are assigned to hosts in the Network layer. Data entities in the Network layer are called packets. This layer is responsible for point-to-point reliable transfer of data, error detection and correction, and routing. In this layer, network routes are defined across network boundaries. A network route is a path that

29

30

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

data packets take from the source to the destination host. These routes are statically defined or calculated dynamically, depending on network conditions. For a more detailed discussion of the routing process, see Chapter 3, “Routing in TCP/IP Networks.” Depending on the particular network protocol used, the structure of network addresses may vary. In TCP/IP networks (IPv4), for example, all hosts are assigned 32-bit addresses. In IPv6, hosts are assigned 128-bit network addresses.

NOTE

Transport Layer You should understand that addresses defined in the Network layer are logical addresses as compared to MAC addresses, which also are called physical addresses. Network addresses are assigned by network designers and administrators at the time of the installation of a network and can be changed at any time. In contrast, MAC addresses are burned into network adapters and are fixed.

The Transport layer is responsible for end-to-end reliable data transfer. Data received from the upper layers is divided into packets and handed over to the Network layer for transmission. This layer provides the client/server application infrastructure, which is used by the Application layer for the client/server application environment. At the Network layer level, a computer is known by its Network layer address as a single entity to the rest of the world. However, all hosts are capable of running multiple services. The Transport layer implements port addresses that are used to distinguish different services on a host. When incoming packets are received by the Transport layer, it checks the port addresses to sort and forward packets to different server applications depending on port numbers. To establish communication between two hosts, sockets are used. A socket is a combination of the Network layer address and the port number. A server opens a socket on a well-known port and waits for any client to request a service. When a client needs some service, it opens a socket on its own host and connects this socket to the socket opened by the server. Two-way communication then becomes possible using this scheme.

Session Layer The Session layer is responsible for three tasks: á Starting a session á Managing a session á Closing down a session

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

This is the layer that initiates a connection between two hosts on a network. After the communication has finished and the connection is no longer needed, the Session layer disconnects the session.

Presentation Layer The Presentation layer is responsible for any required data conversions. A conversion might be required if different hosts connected on a network use different data presentation schemes. Suppose, for example, that two hosts need to share some data. One host uses ASCII, and the other uses EDCDIC. The Presentation layer is responsible for converting data formats before the data is passed to the Application layer.

Application Layer The Application layer is where the user interacts with the network using different applications. The most common user applications are Telnet and FTP. Using these applications, a user can connect to a particular host on a network. Table 1.1 briefly describes the OSI layers.

TABLE 1.1

OSI L AY E R S Layer

Description

Physical layer

Transfers data in the form of signals over a communication medium.

Data Link layer

Manages MAC addresses. Takes data from the Network layer and transmits it over the Physical layer. Data is treated as frames.

Network layer

Manages logical network and host addresses. Ensures point-to-point correct delivery of data. Responsible for routing.

Transport layer

Responsible for end-to-end data transfer, error detection, and correction.

Session layer

Establishes and tears down communication sessions.

Presentation layer

Converts different types of data to make it suitable for the Application layer.

Application layer

The actual application that interact with the network and provide an interface to network users.

31

32

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Peer Protocols and Interfaces In a layered network model, each layer communicates to its two immediate neighbor layers. One of these layers is the immediate lower layer, and the other one is the immediate upper layer in the reference model. This communication takes place based on welldefined rules, also known as interfaces. Therefore, the network layer has an interface to the Data Link layer and an interface to the Transport layer. During the data transfer process, a layer on one host talks to the layer at the same level on the other host. During communication between two hosts on a network, for instance, the Network layer on one host sends information that is interpreted by the Network layer on the other host. Protocols that govern this type of communication between similar layers on different hosts are called peer protocols. Layers at the same level on different hosts are called peer layers. For example, the Network layer on one host is the peer layer for the Network layer on another host.

Layer Headers and Data Transfer in a Layered Model

Application layer

Applicationlayer

Presentation layer

Presentation layer

Session layer

Session layer

Transport layer

Transport layer

Network layer

Network layer

Data Link layer

Data Link layer

Physical layer

Physical layer

Source Host

Destination Host

FIGURE 1.8 Interaction of a layer with other layers.

Each layer in a layered network model talks to three layers. Two of these layers are the immediate upper and lower layers on the same host. The third layer is the peer layer on the other system. Figure 1.8 shows this process. In this example, the Network layer, shown in a dark gray color, communicates with the three layers shown in a light gray color. These layers are the Transport layer and the Data Link layer on the same host and the Network layer on the other host. To communicate to upper and lower layers, a layer uses interfaces. To communicate to the peer layer, peer protocols are used. Information for the peer layer is attached with data using the layer header. When the Application layer on a host wants to send some data to the Application layer on another host, for example, it attaches an Application layer header with the data. The Application layer header contains information for the

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Application layer on the other system. Using this information, the application on the destination system comes to know how to handle this data. After attaching its header, the Application layer hands over the data to the Presentation layer. The Presentation layer then attaches its own layer header to the data. This header contains information about data codes used so that the Presentation layer on the destination system can determine how to convert the data into a different code, if required. The Presentation layer then hands over the data with the Application layer and the Presentation layer headers to the Session layer. The Session layer then initiates a communication session with the destination host and attaches its own header to the data. In this way, all layers on the sending host attach their layer headers to the actual data. All these headers contain information for the peer layers. When the data reaches the Physical layer, it is transmitted to the destination host. When the data arrives at the destination host, it travels from the Physical layer towards the Application layer. On its way, each layer detaches its peer layer header, gets information about how to deal with the data, and then forwards the data to the upper layer. Figure 1.9 shows this process. In Figure 1.9, the following conventions are used: DATA

The actual data being transferred from an application on one host to an application on another host

AH

Application layer header

PH

Presentation layer header

SH

Session layer header

TH

Transport layer header

NH

Network layer header

DH

Data Link layer header

DATA DATA DATA DATA DATA DATA

AH AH AH AH AH AH

PH PH PH PH PH

SH SH TH SH TH NH XXXXXX XXXXX XXXXX SH TH NH XXXDH XXXXX

Physical layer on Source Host

AH DATA PH AH DATA SH PH AH DATA TH SH PH AH DATA NH TH SH PH AH DATA XXXXXX XXXXXX XXXXX NH TH SH PH AH XDH DATA XXXXXX Physical layer on Data Flow

FIGURE 1.9 Direction of Data Flow

Data transfer process in layered model.

33

34

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

The Utility of the Layered Protocol Model All the network communications protocols are built in layers. Each layer uses the services of its lower layer and provides services to its upper layer. A layer N uses services of layer (N – 1) and provides services to layer (N + 1). Services provided by a layer to its upper layer are accessed using service access points. The topmost layer is usually the Application layer, which provides services to the user of the network protocol. Layered models also are known as protocol stacks. A layered model provides modularity to the protocol design and implementation process. Data transfer across so many different types of communication media and hosts is a complex process. Dividing this process into multiple parts makes it easier to implement the network protocols. A layered network model provides the following benefits for protocol implementation: á The complex task of the network protocol is divided into smaller tasks, which are easy to visualize and implement. á Because each layer of a network protocol stack interacts with its adjacent upper and lower layers, programmers do not need to worry about other layers and their functionality. For example, the application developers need to know only services provided by TCP or UDP layers in the TCP/IP protocol. They do not need to worry about the network access method (Token Ring, Ethernet, or so on). This means that the application development process is independent of network topology or network access method. á Development can be done in parallel once peer protocols and interfaces are defined. á It provides modularity, which makes it easy to maintain the protocol stack. á Multiple instances of a layer can coexist on the lower layer using a technique known as multiplexing. For example, multiple Transport layer protocols can be built upon a single Network layer protocol. Chapter 2, “The TCP/IP Protocol,” discusses TCP, UDP, and other Transport layer protocols that can use the services of IP, a Network layer protocol.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

á Software parts can be reutilized in different protocol implementations. For example, the same implementation of DLL can be used both for the TCP/IP protocol and the IPX protocol.

NETWORK EQUIPMENT Every network has its building blocks. The most important of these are the following three: á Hosts or computers taking part in a network. These hosts may be simple personal computers, workstations and servers, or dedicated machines specially designed for computer networks (such as routers and switches). á Interconnection medium. The interconnection medium is usually some type of cables and connectors. No cables are used in wireless networks. á Network operating systems. The network operating systems control all network communications that take place among different hosts in a network. A major component of network operating systems is the network protocols supported by a particular network operating system.

The network adapter connects a host to the network communication medium, usually via cables. Most commonly, it is a card installed inside a server or a workstation. In some computers, a network adapter is built in to the system board. A network adapter has one or more connection points to connect to network cables. Different types of network adapters are used for different networks. For example, the network adapter used to connect to a Token Ring network differs from the one that connects a host to an Ethernet network. Even for different types of Ethernet, different network adapters are used. When purchasing a network adapter, keep in mind the connector type available on the network adapter.

EXAM

Network Adapters

TIP

This section introduces you to the equipment used to build networks. The equipment ranges from cables and connectors to routers and gateways.

On the exam, you might be asked about the functionality of different types of network equipment. You also might be asked where certain network equipment works (that is, in which layer of the OSI model).

35

36

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Network Cables Cables are the communication medium that one host uses to communicate to another host over a network. Cables carry electrical or light signals that convey information from one point to another. With different types of cable, different types of connectors are used to connect these to network adapters installed inside hosts. The following sections describe the most common types of cables.

Coaxial Cable Coaxial cables use a central wire surrounded by an insulator and wrapped into a conducting cladding. All this assembly is wrapped into a plastic insulator. The central wire is used to carry the actual signal, while the cladding serves as the signal ground. This type of wire is very good where electromagnetic interference is present. Figure 1.10 shows a cross-section of this type of cable. Two types of coaxial cables are in common use today. Thin cable is used for Ethernet network segments of up to 185 meters, and thick coaxial cable is used for distances up to 500 meters.

Twisted-Pair Cables The twisted-pair cable is the most commonly used cable for installing local area networks. It is a voice-grade cable consisting of four pairs of twisted wire wrapped in a plastic insulator. There are different categories of twisted-pair cable. The most common one is the category 5 cable, which can carry data traffic at up to 100Mbps. This type of cable is used in 10BASE-T, 100BASE-T, and Token Ring networks. This cable is not as good a resistor to electromagnetic interference as the coaxial cable is. Plastic Coating

Metal cladding used as signal ground Insulator covering central wire

FIGURE 1.10 Cross-section of a coaxial cable.

Center wire carrying signal

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Twisted-pair cables fall into two major types: shielded twisted-pair cable and unshielded twisted-pair cable. A shielded twisted-pair cable has a metallic shield around four pairs of cables. An outer plastic coating covers this shield. The unshielded cable does not have this coating. The shielded twisted-pair cable has a better resistance to external electromagnetic interference as compared to the unshielded twisted-pair cable. The shielded cable is costly and is used only in high electromagnetic noise locations.

Fiber-Optic Cables Fiber-optic cable is used in high-speed networks. The most common examples of such networks are FDDI and Gigabit Ethernet. In fiberoptic cable, data travels as a light wave signal opposed to other cables through which data is transmitted as electrical signals. Networks that use fiber cable are high-capacity networks, because more bandwidth is available. Because of low latency, the fiber-optic cables make a network faster as compared to copper cables. In addition, these networks can span much larger geographic areas. Different types of fiber cables are available for use in different environments. In large campus networks, fiber-optic cables are used as backbones.

Connectors Connectors are used with each type of cable to connect to the network adapters. The most commonly used connectors are BNCtype connectors used with coaxial cables and RJ-45 connectors used with twisted-pair cables. Fiber-optic cables have different types of connectors. With coaxial cables, a special type of connector is used at both ends of the cables. These connectors are called terminators. End terminators have the same resistance as the cable has. These are used to absorb all signals reaching the endpoints of a cable and thus prevent any reflection.

Segments A network segment may be thought of as a continuous cable section. Network segments may be connected together with repeaters.

37

38

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Transceiver A transceiver (transmitter/receiver) is a special type of equipment used to connect a 10BASE-5 Ethernet network adapter to a coaxial cable.

Backbones Backbone is a common term used for a medium connecting smaller parts of a network to each other. Usually this is a high-capacity medium used to carry higher data rates. For example, local departmental networks in a university may be connected to each other using some type of backbone. A few years ago, FDDI backbones were popular. These days Asynchronous Transfer Mode (ATM) backbones are very common. These may be replaced by Gigabit Ethernet backbones in the future.

Repeaters A repeater is a special type of equipment used to extend the length of a network segment. When an electrical signal travels on a cable, its shape becomes distorted because of the addition of noise and cable resistance. This distortion increases as the signal travels longer and longer distances. If the cable is too long, the signal might distort to such an extent that it becomes hard to recognize, or the information extracted from it may become erroneous. To overcome this problem, repeaters are used. A repeater extends the network length and topology beyond what can be achieved with a single cable segment by regenerating it until it reaches its destination. A repeater takes a distorted input signal and reshapes and regenerates it. Figure 1.11 shows a signal leaving a host, which becomes distorted along the way, and it also shows how the repeater regenerates it. Repeaters work at the Physical layer of the OSI reference model. In Figure 1.11, Host 1 and Host 2 are present on different segments connected by a repeater. Due to noise added to the signal as it traveled, it is distorted to some extent as it reaches the repeater. The repeater regenerates and reshapes the signal, and the signal going out is again clean. You cannot connect an infinite number of repeaters to increase the length of a network. In Ethernet networks, you can use up to four repeaters in a series connecting five segments together.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

FIGURE 1.11

Host 1 Host 2

Signal leaving Host 1

Signal reaching Repeater

Signal leaving Repeater

Hubs A hub acts is a central part of a star-connected network. Sometimes it is also called a multiport repeater. A simple repeater has only two ports. The signal entering one port is regenerated to the other port and vice versa. In the case of a hub, the signal entering one port is regenerated to all other ports. Hubs are available in a number of configurations. Usually multiple hubs are connected to a backbone to create larger local area networks. Like a repeater, a hub works at the Physical layer of the OSI network model.

Bridges A bridge is used to connect networks together. Bridges can have multiple ports, and each port is connected to a separate network. Bridges act at the Data Link layer of the OSI model (see Figure 1.12). Data starts from the Application layer on the source host. When it reaches the bridge, it goes up to the Data Link layer. At this layer, the bridge decides whether to forward a frame to the other network or drop it. A bridge forwards data packets from one network to another network based on Data Link layer addresses, usually known as MAC addresses. A bridge builds a table of MAC addresses and corresponding ports. When it receives a data frame, it checks the destination MAC address and forwards that data frame to the network that has the destination address. If it does not have any record of the destination MAC address, it forwards the data frame to all of its ports. Bridges build their forwarding table dynamically. After receiving each data frame, the bridge analyzes it to find out the source MAC address. If the address is not already in the bridge table, it is inserted into the table.

Signal regeneration by a repeater.

39

40

Chapter 1

FIGURE 1.12 Data path in a bridge.

INTRODUCTION TO COMPUTER NETWORKS

Application layer Presentation layer Session layer Transport layer Network layer Data Link layer Physical layer Source Host

Data Link layer Physical layer Bridge

Application layer Presentation layer Session layer Transport layer Network layer Data Link layer Physical layer Destination Host

Switches Like a hub, a switch acts as the central point of a network. The difference between a switch and a hub is that the signal entering one port of a switch is regenerated to only the destination port of the switch, whereas in a hub, the signal is regenerated to all ports. The advantage of this is that multiple signal paths may exist among different ports of a switch. Switches are used for high-speed networks because overall traffic flow is much larger due to the existence of multiple, simultaneous data paths in the network. A switch works at the Physical and Data Link layer of the OSI model. The switch keeps record of link-layer addresses of hosts connected to its port. When a data frame enters any port of a switch, its destination port is determined by the destination link-layer address or MAC address. The link-layer address table inside the switch is updated dynamically. The switch also works on the data-link layer of the OSI model like the bridge. However, a switch offers much more functionality than a bridge. A switch can be used to provide many parallel simultaneous paths for the data transfer among connected hosts. Switches filter traffic for these paths using MAC addresses. The switch checks the destination MAC address included in the incoming frame and forwards it to the port to which the destination host is connected. If a broadcast packet arrives, it is forwarded to all ports of a switch. Typically, switches have multiple types of ports. For example, a switch might have one Fast Ethernet port (100Mbps) in addition to several 10BASE-T Ethernet ports (10Mbps). Using these ports, switches are often used to connect to a high-speed server. Figure 1.13 shows a typical application of this type of switch. In this example, it is connected to three networks using 10Mbps ports. The switch is connected to a server using a 100Mbps network port. Many clients

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

41

FIGURE 1.13 Server

Connecting a server to high-speed switch port.

100 Mbps port Switch Network A

10 Mbps ports

Network C

Network B

may be distributed on networks A, B, and C. Because the server is connected to the high-speed network port, it can serve clients on all these networks with full bandwidth utilization on 10BASE-T ports.

Routers As mentioned earlier, routers are used to connect networks together. Routers work on the Network layer of the OSI model. The decision to forward or drop a data packet in the router is made on the basis of network layer addresses. The most commonly known Network layer address is the IP address. This section discusses how routers are configured to carry out this function. Figure 1.14 shows the data path in a router. When a data packet reaches a router, it travels up to the Network layer, where the source and destination addresses are checked. The decision to forward the data packet to a particular network or to drop it is made at the Network layer.

Gateways In common network parlance, the word gateway is used for a router. However, a gateway is a special type of machine or software package used to connect dissimilar networks together, whereas a router connects networks of similar types. It means that networks connected by a router must use a common protocol, whereas networks connected by a gateway can run different protocols. That is why gateways also are sometimes called protocol converters.

42

Chapter 1

FIGURE 1.14 Data path in a router.

INTRODUCTION TO COMPUTER NETWORKS

Application layer Presentation layer Session layer Transport layer Network layer Data Link layer Physical layer

Network layer Data Link layer Physical layer

Source Host

Router

Application layer Presentation layer Session layer Transport layer Network layer Data Link layer Physical layer Destination Host

Gateways cover all seven layers of the OSI model. A gateway can connect a TCP/IP network to an IPX/SPX network. Table 1.2 briefly describes all the network equipment discussed in this chapter and the OSI layer in which that particular equipment operates. TABLE 1.2

NETWORK EQUIPMENT Equipment Name

Description

Network adapter

Used to connect a host to the network communication medium at the Physical layer of the OSI model.

Repeater

Used to extend length of a network segment. Operates at the Physical layer of the OSI model.

Hub

The central equipment point of a star-connected network. Also works as a repeater. Operates at the Physical layer of the OSI model.

Bridge

Connects networks with each other. Filters and fowards data frames from one network to another. Operates at the Data Link layer level of the OSI model.

Switch

Similar to a hub, but provides multiple parallel datapaths. Filters and forwards data frames received on one port to another port. Operates at the Data Link layer level of the OSI model.

Router

Used to connect similar networks. It operates at the Network layer level of the OSI model.

Gateway

Used to connect dissimilar networks. Also called a protocol translator. Covers all layers of OSI model.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

NETWORK ACCESS METHODS As previously mentioned, a network is a collection of hosts connected to each other using some type of communication medium. This communication medium is shared by all hosts on a network to send and receive data. If multiple hosts start transmitting data on the communication medium, the signal will mix up, resulting in something not understandable by anyone. This is similar to a situation in which many people in a single room start speaking simultaneously without caring whether anyone else is also speaking. To avoid such a situation, an access method is used in all types of networks. Using a particular type of access method, only one host is permitted to transmit data in any given time slot. If any other host needs to transmit data, it waits for its turn. Currently, three basic types of access methods are used in networks: á Broadcast network access method. The most commonly used broadcast method is the Ethernet. Broadcast methods are used on local area networks only because sending broadcasts on WAN links is too costly. á Token-passing access method. This method allows only the host that has the token to transmit data. The most common example is the Token Ring network. á Nonbroadcast multiple access method. This method is used in public switched networks such as X.25 and Frame Relay. These are beyond the scope of this book. In traditional networks, two access methods are the most common: carrier sense multiple access collision detect (CSMA/CD) and Token Ring. The following sections discuss these methods.

Carrier Sense Multiple Access Collision Detect Carrier sense multiple access collision detect (CSMA/CD) is the most popular access method and is used in Ethernet networks. Hosts are connected to a common broadcast communication medium, and any host is allowed to access the medium without any particular

43

44

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

order (multiple access). When a host needs to transmit data to any other host, it senses the communication medium to check whether any other host is already transmitting data (carrier sense). If a data transmission is in progress, the host waits for a random time and checks availability of the communication medium again. If the communication medium is free, the host starts transmitting data on the communication medium. Sometimes it might happen that two or more hosts check the communication medium and find it free. These hosts then start transmitting data simultaneously. In this case, a collision occurs and is detected by all participating hosts (collision detect). All hosts that detect a collision announce it so that the sending host may resend data. When the sending hosts come to know that a collision has occurred, all of them wait for a random time and try to retransmit the data. CSMA/CD-based networks are nondeterministic networks. In times of heavy traffic, collisions are more frequent and actual data transfer rates cannot be guaranteed.

Token Ring The Token Ring is another network access method, mostly used by IBM networks. In a Token Ring network, a data packet or a token travels over a network from one host to another host. Only that host is allowed to transmit data that has the token. Therefore no collisions occur in Token Ring networks. Token Ring networks are deterministic networks, because the data transfer rate can be estimated. Common data speeds for Token Ring networks are 4Mbps and 16Mbps. Note also that Token Ring networks are not really ring topology networks. Instead, these are installed as star-connected networks.

INTRODUCTION

TO THE

ETHERNET

Ethernet was originally introduced by Digital Equipment Corporation, Intel, and Xerox. This was also called a DIX network (the first letter from each of the three company names). The IEEE later standardized it, under the 802.3 standard. Currently, two major types of Ethernet are still operational in many networks. The first one is the traditional Ethernet or DIX network, and the second one is the IEEE 802.3 standard. There is little difference between these

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

two standards, as noted later in this chapter. However, both of these standards can be used on a single network. Ethernet networks use CSMA/CD as the access method.

Types of Ethernet Currently, several common Ethernet standards are used. Each standard has its own data transmission speed and segment length. Also, specific types of cables and connectors are used for a particular Ethernet standard. The following sections discuss most common Ethernet standards and their properties.

10BASE-2 Ethernet 10BASE-2 Ethernet is perhaps the oldest Ethernet in use. The numeral 10 in the name shows the data transmission speed. You can transmit data up to 10Mbps on a 10BASE-2 Ethernet. However, the actual data transmission speed may be well below this limit depending on the load on the network and the number of hosts contending to transmit data. This is because of the nondeterministic nature of CSMA/CD access method used in Ethernet networks. The word BASE shows that the baseband signal is used for data transmission. Some networks also use broadband technology to transmit data. In baseband technology, the electrical signal is not modulated, and all the available bandwidth is used as a single transmission medium. In broadband technology, different frequency bands are allocated for different signals with the help of modulation such that more than one signal may be traveling on the same medium (for instance, a wire connecting many hosts) using different modulation frequencies. The last part in the standard name shows the maximum length of a single segment. The numeral 2 shows that the maximum length for a 10BASE-2 network is 200 meters. (Actually it is 185 meters; the numeral 2 is used as the closest integer.) A thin coaxial cable and BNC-type connectors are used in 10BASE2 networks. Due to the thin coaxial cable, this type of network is also called a Thinnet. 10BASE-2 networks are organized in a bus topology. You can have up to five segments in one network connected by repeaters. The network cable is of 50-ohm resistance and terminators of the same resistance are used at both ends of the cable.

45

46

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

10BASE-5 Ethernet In 10BASE-5 Ethernet networks, the maximum speed of data transfer is 10Mbps. It uses a baseband signal, and the maximum length of a network segment is 500 meters. A 10BASE-5 network uses a thicker cable as compared to 10BASE-2 and is therefore sometimes called a Thick Ethernet.

10BASE-T Ethernet 10BASE-T Ethernet operates at a data transmission speed of 10Mpbs. The maximum length of one cable segment is 100 meters, and baseband signaling is used. This used to be the most popular networking scheme, but is being replaced with 100BASE-T networks. The letter T in the name shows that twisted-pair cable is used in this type of Ethernet rather than coaxial cable. Category 3 or category 5 twisted-pair cables are used in these networks. This type of Ethernet is used in star topology networks. A hub is located at the center of the network. Hosts are connected to the hub with the help of twisted-pair cable and RJ-45 connectors. In larger networks, many hubs are connected to each other using a backbone cable. Figure 1.6 shows a typical network. In this example, hosts are connected to different hubs, and these hubs are in turn connected to each other with a backbone cable.

100BASE-T Ethernet 100BASE-T networks are similar to 10BASE-T networks. The only difference is that the data transmission speed is 100Mbps, which is 10 times more than 10BASE-T networks. Category 5 cables are used in 100BASE-T networks. The maximum segment length is 100 meters.

Gigabit Ethernet Gigabit Ethernet is the new family of Ethernet networks, and multiple standards for it exist. 1000BASE-SX networks used multimode fiber cables and length may be up to 500 meters. 1000BASE-LX uses single-mode fiber cable and the length may be up to 5 kilometers. 1000BASE-T is the new emerging standard and uses the same category 5 cable used by 100BASE-T networks. The length of this cable is currently limited to 100 meters.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Ethernet Addresses and Broadcasting on the Ethernet Every host on any Ethernet network is recognized by a unique 48-bit number known as an Ethernet address or sometimes as a MAC address. An Ethernet address is burned into all Ethernet network adapters by manufacturers. Some vendors also provide software utilities to make changes to the Ethernet address. No two hosts on a network should have identical MAC address. To list MAC addresses of network adapters installed in your Solaris machine, you can use the ifconfig command, as follows: bash-2.03# ifconfig –a4 lo0: flags=1000849 mtu ➥8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu ➥1500 index 2 inet 192.168.2.222 netmask ffffff00 broadcast ➥192.168.2.255 ether 8:0:20:9e:f0:50 bash-2.03#

This command lists two network interfaces. The lo0 is the logical loopback interface and does not have any MAC address. The hme0 is the real Ethernet adapter and it has the MAC address 8:0:20:9e:f0:50 (as listed in the output of the preceding command). Command list –a is used to list all network adapters and the numeral 4 is used to list only IPv4 addresses. You also can list MAC addresses of some of the other hosts connected to the network using the arp command. This command lists dynamically learned MAC addresses of some of the hosts on your local network. Note that this is not a method to list MAC addresses of all hosts on the local network. The following command lists MAC addresses in the last column of the output. The first column in the output shows the name of the network adapter: bash-2.03# arp -a Net to Media Table: IPv4 Device IP Address ------ -------------------hme0 laptop hme0 desktop hme0 fana bash-2.03#

Mask Flags Phys Addr --------------- ----- --------------255.255.255.255 00:10:7a:b6:03:ce 255.255.255.255 00:e0:29:89:28:59 255.255.255.255 SP 08:00:20:9e:f0:50

The arp command is discussed in more detail later in the book.

47

48

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Ethernet addresses are usually written as a combination of six hexadecimal numbers separated by colon characters. For example, a typical Ethernet address may be written as 4F:36:01:AB:94:12. Because Ethernet is a broadcast-type network, data transmitted by any host on the Ethernet is received by all other hosts on the network. Each host on the network compares the destination Ethernet address with its own address. If the two addresses match, the data frame is forwarded to the higher layer for processing, otherwise it is dropped. Sometimes a broadcast packet needs to be picked and processed by every host. In Ethernet networks, a broadcast data frame has the Destination Address field set to FF:FF:FF:FF:FF:FF. When a host receives a data frame with the destination address equal to the broadcast address, it is forwarded to the upper layer for processing. As discussed later, the Network layer has its own mechanism to broadcast packets; it essentially uses the broadcast facility provided by the Ethernet.

Ethernet Frame Format The Ethernet frame consists of the Ethernet header, the data packet coming from the Network layer, and the frame check sequence, which is used to detect any error during transmission. Figure 1.15 shows the format of the Ethernet frame. The following sections discuss the various fields in the Ethernet frame header.

Preamble The preamble is a 7-byte-long sequence of alternating 1 and 0 bits. These bits are used for synchronization purposes and to detect the signal. These bits also inform listening stations that a frame is arriving.

Start Frame Delimiter A start frame delimiter is a special sequence that follows the preamble. Its shows the start of frame. The bit sequence is 10101011.

FIGURE 1.15 Ethernet frame format.

Preamble (7 Bytes)

Start Frame frame Destination Source Length/ check delimaddress address Type Higher layer data (46-1500 bytes) sequence iter (6 bytes) (6 bytes) (2 bytes) (4 bytes) (1 byte)

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Destination Addresses The destination address is the MAC address of the destination host. This is a 48-bit number that uniquely identifies each host on a network. The destination address may be either a particular address of a host or a broadcast address. A broadcast address has only 1 bit in the destination address part.

Source Address The source address is the MAC address of the sending host. It is again a 48-bit number.

Length/Type The Length/Type field shows either the length of the data part in the frame or the type of the frame. The original DIX Ethernet standard uses this field as the Length field. The IEEE 802.3 standard uses this field as the type of the frame. If this field value is less than 1500, it is considered the length and the frame is considered the DIX Ethernet frame. If the value of this frame is larger greater than 1536, the frame is considered to be the IEEE 802.3 frame and the value of this field shows the type of frame. Table 1.3 lists some hexadecimal values. TABLE 1.3

E T H E R N E T T Y P E F I E L D VA L U E S Type

Company Name

885b

Hewlett-Packard GmbH, Boeblingen, Germany

885c

Hewlett-Packard GmbH, Boeblingen, Germany

885d

Endocardial Solutions, Inc., St. Paul, MN

885e

Quantum Corporation Milpitas, CA

885f

Digidesign Palo Alto, CA

8860

AGCS Phoenix, AZ

8861

Intel Hillsboro, OR

8862

Intel Hillsboro, OR

8863

UUNET Technologies, Inc. Fairfax, VA

49

50

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Higher Layer Data Higher layer data is the actual data received from the Network layer. This data contains the Network layer header and the Transport layer data. The maximum length of this data is 1500 bytes, and the minimum length is 46 bytes. If the data received from the network layer is less than the minimum length, bits are added to make it equal to the minimum length. These bits are called padding. The Ethernet standard defines the minimum length of the Ethernet frame (excluding preamble and start frame delimiter) as 64 bytes. The padding in the data part is used to make the length at least equal to this minimum.

Frame Check Sequence The frame check sequence is a 4-byte-long field that contains the cyclic redundancy check (CRC) value. This value is used for error checking. The sending side calculates the CRC and inserts this value in the Ethernet frame. The receiving side again calculates the CRC on the received frame and compares it to the received CRC. If both values are the same, it is assumed that there is no error in the frame. If the values do not match, the destination host assumes that an error occurred during transmission and it discards the frame.

Interframe Gap Ethernet devices must allow at least 96 bits of time between transmission of consecutive frames. This time is 9.6 microseconds for 10Mbps Ethernet and 960 nanoseconds for 100Mbps Ethernet networks.

The Difference Between Standard Ethernet and IEEE 802.3 Frames Among other differences, the major differences between standard Ethernet (commonly called Ethernet-II frames) are as follows: á The Length/Type field has different meaning in standard Ethernet (DIX Ethernet or Ethernet-II) and IEEE 802.3 standards. In DIX Ethernet, the field shows the length of the frame and its value is less than or equal to 1500. In the IEEE 802.3 standard, the value shows the type of the frame.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

á In an Ethernet frame, the Network layer data follows immediControl DSAP SSAP ately after the Type field. In an IEEE 802.3 frame, 3 bytes fol(1 byte) (1 byte) (1 byte) lowing the Type field are part of the Logical Link Control (LLC) layer header and are shown in Figure 1.16. These three fields are part of the IEEE 802.2 standard that defines the LLC layer. FIGURE 1.16 The IEEE 802.2 LLC layer fields. á The destination service access point (DSAP) and the source service access point (SSAP) are pointers to memory for the source and destination hosts. The Control field shows the type of LLC frame. These fields are important in case you are running multiple network layer protocols over the Ethernet. If you want to run TCP/IP and IPX on the same Ethernet, for example, these fields are used to distinguish between different upper-layer protocols. á Another difference between Ethernet and the IEEE 802.3 frame is that the data length in the IEEE 802.3 frame may be from 43 to 1497 bytes, as opposed to 50 to 1500 bytes, because of the 3 bytes used for the LLC fields.

Data Encapsulation In a layered network protocol such as the OSI model, each layer communicates to its peer layer on another host. Each layer takes data from its upper layer, adds its own header to that data, and hands it over to the lower layer for delivery to the destination host. The layer header contains information for the peer layer on the destination host. Typically, the layer header contains information for the peer layer on the destination host about how to handle the data part of a packet. Some type of error checking is also added in the header. This process of adding the layer header to the higher layer data is called encapsulation. Consider the Ethernet frame, for example. It contains many fields, one of which is the data received from the Network layer. While creating this frame, this data is encapsulated into the Ethernet frame. Similarly, if you analyze the Ethernet data part, which is actually the Network layer packet, you will see that it contains Transport layer data and Network layer fields. These fields are the Network layer source and destination addresses among other Network layer information. In other words, the Transport layer data is encapsulated into the Network layer packet by the Network layer.

51

52

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Data encapsulation is an important concept. Each layer encapsulates data received from the upper layer. Technically speaking, each layer sends data packets to its peer layer. These packets are known as Protocol Data Units (PDUs). After creating a PDU, each layer hands it over to its lower layer for onward delivery to the destination. When a layer receives a higher layer PDU, it treats it as payload for its own PDU and includes its own layer headers. This process is the encapsulation process.

MANAGING ETHERNET INTERFACES IN SOLARIS Each Solaris Server or Workstation has one or more Ethernet interfaces. Solaris provides commands to manage Ethernet interfaces. These commands enable you to list the installed interfaces, create logical interfaces, configure interfaces, and make interfaces UP and DOWN.

Listing Installed Ethernet Interfaces You can list the installed interfaces in a Solaris Server or Workstation in two simple ways. The first way is to use the netstat command. The second way is to use the ifconfig command. The ifconfig command is as follows: # ifconfig -a lo0: flags=1000849 mtu ➥8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu ➥1500 index 2 inet 192.168.2.222 netmask ffffff00 broadcast ➥192.168.2.255 ether 8:0:20:9e:f0:50 lo0: flags=2000849 mtu ➥8252 index 1 inet6 ::1/128 hme0: flags=2000841 mtu 1500 ➥index 2 ether 8:0:20:9e:f0:50 inet6 fe80::a00:20ff:fe9e:f050/10 #

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

This command lists all interfaces installed in the system. You also can use this command to list individual interfaces as well as to configure interfaces. Later in this chapter, this command is used to configure Ethernet interfaces. At this point, note that the ifconfig command is used to list and configure all network interfaces, not just the Ethernet interfaces. The netstat command is used for many purposes, one of which is to list the installed and configured interfaces. The following command lists all installed interfaces in a system: # netstat -i Name Mtu Net/Dest lo0 8232 loopback hme0 1500 fana

Address localhost fana

Ipkts 1356 808

Ierrs Opkts 0 1356 0 159

Oerrs Collis Queue 0 0 0 0 0 0

Name Mtu Net/Dest Address Opkts Oerrs Collis lo0 8252 localhost localhost 1356 0 0 hme0 1500 fe80::a00:20ff:fe9e:f050/10 ➥fe80::a00:20ff:fe9e:f050 159 0 0 #

Other uses of this command are discussed later in this book.

Creating Logical Interfaces Logical or virtual interfaces are used to configure multiple Network layer addresses on the same physical interface. The following ifconfig command creates a logical interface hme0:1 over a physical interface hme0: bash-2.03# ifconfig hme0:1 plumb bash-2.03#

Chapter 2 discusses logical interfaces in more detail.

Making Interfaces UP and DOWN You also can use the ifconfig command to bring network interfaces UP and DOWN. The following command brings interface hme0 UP: bash-2.03# ifconfig hme0 up bash-2.03#

Ipkts

Ierrs

1356

0

808

0

53

54

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

The following command brings hme0 interface DOWN: bash-2.03# ifconfig hme0 down bash-2.03#

TROUBLESHOOTING COMMON ETHERNET PROBLEMS Solaris provides commands to troubleshoot common Ethernet and other network problems. The most common commands are as follows: á

ifconfig

á

netstat

á

snoop

á

ping

á

traceroute

á

ndd

This chapter provides just an introduction to these commands. They are discussed in more detail later in this book.

Using the ifconfig Command The ifconfig command can be used for troubleshooting as well. You already know how to list installed network interfaces using this command. To find out the Network layer IP address assigned to a network adapter and other network parameters, you can use the following command: # ifconfig hme0 hme0: flags=1000843 mtu ➥1500 index 2 inet 192.168.2.222 netmask ffffff00 broadcast ➥192.168.2.255 ether 8:0:20:9e:f0:50 #

Chapters 2 and 3 also discuss this command.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Using the netstat Command The netstat command is the most widely used command in network troubleshooting. It is used for many purposes, such as to display routing table entries, available server ports, currently established connections, and so on. The netstat command used as follows lists IPv4 and IPv6 addresses, input and output packets, and the number of errors and collisions on all network interfaces: # netstat -i Name Mtu Net/Dest lo0 8232 loopback hme0 1500 fana

Address localhost fana

Ipkts 1356 808

Ierrs Opkts 0 1356 0 159

Oerrs Collis Queue 0 0 0 0 0 0

Name Mtu Net/Dest Address Opkts Oerrs Collis lo0 8252 localhost localhost 1356 0 0 hme0 1500 fe80::a00:20ff:fe9e:f050/10 ➥fe80::a00:20ff:fe9e:f050 159 0 0

Ipkts

Ierrs

1356

0

808

#

Using the snoop Command The snoop command is used to capture and display network traffic. It is probably the most useful command for network troubleshooting at the packet level. Using this command, you can capture and display network packets with different levels of layer information. You also can save captured packets to a file for debugging purposes. In its simplest form, the command lists all packets traveling on the local network. Following is the output of the command in its simplest mode: # snoop Using device /dev/hme (promiscuous mode) desktop -> fana TELNET C port=1029 desktop -> fana TELNET C port=1029 fana -> desktop TELNET R port=1029 fana -> desktop TELNET R port=1029 fana -> desktop TELNET R port=1029 desktop -> fana TELNET C port=1030 fana -> desktop TELNET R port=1029 fana -> desktop TELNET R port=1029 fana -> desktop TELNET R port=1029 fana -> desktop TELNET R port=1030 desktop -> fana TELNET C port=1029 desktop -> fana TELNET C port=1029

IP: xxx. ... IP: \r\nIP: Versio ETHER: Source TCP: TCP: IP: Using

Data offset = Destination po Destination ad device /dev/hm

0

55

56

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

fana -> desktop TELNET R port=1029 IP: Fragment offse fana -> desktop TELNET R port=1029 IP: Total length = fana -> desktop TELNET R port=1029 IP: xxx. ... desktop -> fana TELNET C port=1029 desktop -> fana TELNET C port=1029 fana -> desktop TELNET R port=1029 ETHER: Ethertype = fana -> desktop TELNET R port=1029 ETHER: Packet size fana -> desktop TELNET R port=1029 ETHER: ----- Ether desktop -> fana TELNET C port=1029 desktop -> fana TELNET C port=1029 fana -> desktop TELNET R port=1029 TCP: No options\r\nTC fana -> desktop TELNET R port=1029 TCP: .... .0. fana -> desktop TELNET R port=1029 TCP: Data offset = 192.168.2.1 -> fana TELNET C port=1028 fana -> 192.168.2.1 TELNET R port=1028 fana -> 192. 192.168.2.1 -> fana TELNET C port=1028 fana -> 192.168.2.1 TELNET R port=1028 192.168.2.1 -> fana 192.168.2.1 -> fana TELNET C port=1028 199.30.29.27 -> 199.30.29.31 NBT Datagram Service Type=17 Source=RR_DESKTOP[0] fana -> 192.168.2.1 TELNET R port=1028 fana -> 192. 192.168.2.1 -> fana TELNET C port=1028 fana -> 192.168.2.1 TELNET R port=1028 192.168.2.1 -> fana 192.168.2.1 -> fana TELNET C port=1028 desktop -> fana TELNET C port=1028 fana -> desktop TELNET R port=1028 desktop -> fana ? -> * ETHER Type=809F (XYZ FANA Systems), size = 60 bytes desktop -> fana TELNET C port=1028 fana -> desktop TELNET R port=1028 fana -> desk desktop -> fana TELNET C port=1028 fana -> desktop TELNET R port=1028 desktop -> fana

The command goes on displaying the captured packets until you press Ctrl+C to break this process. The output of the command shows host names or IP addresses of source and destination hosts. It also shows the type of data packet, the service using this packet, and port numbers. A question mark is printed if the command does not know the packet type. By default, the command tries to resolve IP addresses to host names. If the command does not succeed in resolving any IP address to the host name, the IP address is printed for the source or destination hosts. You also can use the snoop command to save data to a file to be analyzed later. For this, the -o option is used with a filename on the command line, as shown here: # snoop -o snoop.dat Using device /dev/hme (promiscuous mode) 20 ^C #

The last line of this command output keeps changing and it shows the number of packets captured, until you press Ctrl+C to break the command.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

Note that the data is not stored as clear text in the output file. Therefore you cannot display using cat or more commands. You have to use the snoop command once again with –i (lowercase I ) switch to display contents of the captured file, as shown here: # snoop -i snoop.dat 1 0.00000 desktop -> fana 2 0.00005 fana -> desktop ➥port=1029 /dev/hme (promiscu ou 3 0.19981 desktop -> fana 4 0.79476 fana -> desktop 5 0.11008 desktop -> fana 6 0.00004 fana -> desktop 7 0.19979 desktop -> fana 8 0.69000 fana -> desktop 9 0.10984 desktop -> fana 10 0.00004 fana -> desktop 11 0.08355 ? -> * ➥(Spider Systems), size = 60 bytes 12 0.11631 desktop -> fana 13 0.69025 fana -> desktop 14 0.10956 desktop -> fana 15 0.00004 fana -> desktop ➥port=1029 \r\0009 \r\00010 \ r\00011 \r\00012 16 0.19992 desktop -> fana 17 0.69048 fana -> desktop ➥\r\00013 18 0.12436 desktop -> fana 19 0.00004 fana -> desktop ➥\r\00014 \r\00015 \r\00016 20 0.19981 desktop -> fana

TELNET C port=1029 TELNET R

TELNET C port=1029 TELNET R port=1029 TELNET C port=1029 TELNET R port=1029 TELNET C port=1029 TELNET R port=1029 TELNET C port=1029 TELNET R port=1029 ETHER Type=809F

TELNET TELNET TELNET TELNET

C port=1029 R port=1029 C port=1029 R

TELNET C port=1029 TELNET R port=1029 TELNET C port=1029 TELNET R port=1029

TELNET C port=1029

To save the output of snoop in text format, use redirection rather than the –o option, as follows: snoop –v >snoop.dat

To get detailed information about each packet, use the snoop command, as follows: # snoop -v Using device /dev/hme (promiscuous mode) ETHER: ----- Ether Header ----ETHER: ETHER: Packet 31307 arrived at 12:02:24.82 ETHER: Packet size = 1483 bytes ETHER: Destination = 0:e0:29:89:28:59, ETHER: Source = 8:0:20:9e:f0:50, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----IP:

–v

57

58

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 1469 bytes IP: Identification = 47732 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 60 seconds/hops IP: Protocol = 6 (TCP) IP: Header checksum = f896 IP: Source address = 192.168.2.222, fana IP: Destination address = 192.168.2.1, desktop IP: No options IP: TCP: ----- TCP Header ----TCP: TCP: Source port = 23 TCP: TCP: Source port = 23 TCP: Destination port = 1029 TCP: Sequence number = 1967134259 TCP: Acknowledgement number = 4019093 TCP: Data offset = 20 bytes TCP: Flags = 0x10 TCP: ..0. .... = No urgent pointer TCP: ...1 .... = Acknowledgement TCP: .... 0... = No push TCP: .... .0.. = No reset TCP: .... ..0. = No Syn TCP: .... ...0 = No Fin TCP: Window = 24820 TCP: Checksum = 0x0db5 TCP: Urgent pointer = 0 TCP: No options TCP: TELNET: ----- TELNET: ----TELNET: TELNET: “TCP: ----- TCP Header -----\r\nTCP: \r\nTCP: ➥Source port = 10” TELNET: ETHER: ETHER: ETHER: ETHER: ETHER: ETHER:

----- Ether Header ----Packet 31308 arrived at 12:02:24.82 Packet size = 1512 bytes Destination = 0:e0:29:89:28:59, Source = 8:0:20:9e:f0:50, Sun

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

The –v option prints all parts of the data packet separately. As you can see from the output, the Ethernet header is first displayed. Then the Network layer header (IP) is displayed, and then the Transport layer header (TCP or UDP). In the last part, the port numbers for the application using this packet are displayed. You also can use the grep command to filter data for a particular layer. To capture only Ethernet headers, for example, use the following command: snoop –v | grep ETHER

Using the ping Command The ping command is used to determine whether a host is alive. The following command shows that the host desktop is alive: bash-2.03# ping desktop desktop is alive bash-2.03#

The following command shows that the host laptop is dead: bash-2.03# ping laptop no answer from laptop bash-2.03#

More information about the ping command is presented in later chapters.

Using the traceroute Command This command is used to trace the path taken by the data packet from the source to the destination. Chapter 2 provides more information about this command.

Using the ndd Command The ndd command is used to display information about the network drivers. In Solaris 8, many network protocol layers are implemented as drivers. The following command displays parameters supported by the TCP driver: # ndd /dev/tcp \? ? tcp_time_wait_interval

(read only) (read and write)

59

60

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

tcp_conn_req_max_q tcp_conn_req_max_q0 tcp_conn_req_min tcp_conn_grace_period tcp_cwnd_max tcp_debug tcp_smallest_nonpriv_port tcp_ip_abort_cinterval tcp_ip_abort_linterval tcp_ip_abort_interval tcp_ip_notify_cinterval tcp_ip_notify_interval tcp_ipv4_ttl tcp_keepalive_interval tcp_maxpsz_multiplier tcp_mss_def_ipv4 tcp_mss_max_ipv4 tcp_mss_min tcp_naglim_def tcp_rexmit_interval_initial tcp_rexmit_interval_max tcp_rexmit_interval_min tcp_deferred_ack_interval tcp_snd_lowat_fraction tcp_sth_rcv_hiwat tcp_sth_rcv_lowat tcp_dupack_fast_retransmit tcp_ignore_path_mtu tcp_rcv_push_wait tcp_smallest_anon_port tcp_largest_anon_port tcp_xmit_hiwat tcp_xmit_lowat tcp_recv_hiwat tcp_recv_hiwat_minmss tcp_fin_wait_2_flush_interval tcp_co_min tcp_max_buf tcp_strong_iss tcp_rtt_updates tcp_wscale_always tcp_tstamp_always tcp_tstamp_if_wscale tcp_rexmit_interval_extra tcp_deferred_acks_max tcp_slow_start_after_idle tcp_slow_start_initial tcp_co_timer_interval tcp_sack_permitted tcp_trace tcp_compression_enabled tcp_ipv6_hoplimit tcp_mss_def_ipv6 tcp_mss_max_ipv6 tcp_rev_src_routes tcp_wroff_xtra

(read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read (read

and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and and

write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write) write)

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

tcp_extra_priv_ports (read only) tcp_extra_priv_ports_add (write only) tcp_extra_priv_ports_del (write only) tcp_status (read only) tcp_bind_hash (read only) tcp_listen_hash (read only) tcp_conn_hash (read only) tcp_acceptor_hash (read only) tcp_host_param (read and write) tcp_time_wait_stats (read only) tcp_host_param_ipv6 (read and write) tcp_1948_phrase (write only) tcp_close_wait_interval(obsoleted- use tcp_time_wait_interval) (no read or write ) #

As you can see in the following, the UDP driver supports fewer parameters: # ndd /dev/udp \? ? udp_wroff_extra udp_ipv4_ttl udp_ipv6_hoplimit udp_smallest_nonpriv_port udp_do_checksum udp_smallest_anon_port udp_largest_anon_port udp_xmit_hiwat udp_xmit_lowat udp_recv_hiwat udp_max_buf udp_extra_priv_ports udp_extra_priv_ports_add udp_extra_priv_ports_del udp_status #

(read only) (read and write) (read and write) (read and write) (read and write) (read and write) (read and write) (read and write) (read and write) (read and write) (read and write) (read and write) (read only) (write only) (write only) (read only)

To display a particular setting or a configuration parameter, use the parameter name as the command-line argument with the ndd command. The following command displays the Time-To-Live (TTL) value for UDP packets: # ndd /dev/udp udp_ipv4_ttl 255 #

If the parameter has write permission (as listed in the last column), its value can be modified. The following command modifies the default TTL value equal to 30: # #

ndd -set /dev/udp udp_ipv4_ttl 30

61

NOTE

62

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

You also can use the snoop -v command to verify the TTL value for outgoing UDP packets. The ndd command is especially useful for fine-tuning purposes, as discussed in Chapter 2.

After setting a new value, you can use the ndd command again to verify that the new value is indeed set, as follows: # ndd /dev/udp udp_ipv4_ttl 30 #

Table 1.4 summarizes the common uses of these commands.

TABLE 1.4

USE

OF

NETWORK TROUBLESHOOTING COMMANDS

Command

Common Use

ifconfig

The ipconfig command is used to configure network adapters as well as to display existing configuration for each adapter.

snoop

The snoop command is used to capture and display network packets.

ping

The ping command is used to test network connectivity as well as to determine whether a particular host on a network is alive or dead.

traceroute

The traceroute command is used to determine the network path from a source host to a destination host.

ndd

The ndd command is used to get and set parameters for network kernel drivers.

CHAPTER SUMMARY This chapter introduced you to computer networks, terminology, and some of the key Solaris commands. You learned basic terms such as host, network, protocol, and bandwidth. In the network classification section, you learned that networks can be classified based on geographical area, modulation technique, and network topology. In the geographic area classification, a network may be a local area network (LAN) or a wide area network (WAN). When networks are classified based on modulation technique, they are either baseband networks or broadband networks. On the basis of topology, networks are laid out in either bus, star, or ring topologies. You also were introduced to the OSI model, which is a seven-layer network protocol model. It is used as a reference to build network protocols. You learned how the seven layers of the OSI model

KEY TERMS • local area network • wide area network • bus topology • star topology • ring topology • access method • Ethernet • node

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

63

CHAPTER SUMMARY KEY TERMS • bandwidth • router • network protocol • bridge • switch • baseband networks • broadband networks • peer protocols • interfaces • layer header • segment • transceiver • backbone • repeater • gateways • CSMA/CD • preamble • interframe gap • data encapsulation

interact with each other and the functionality of each layer. The OSI model layers are as follows: á Physical layer á Data Link layer á Network layer á Transport layer á Session layer á Presentation layer á Application layer You also learned what peer protocols and interfaces are and how layer headers play their role in the information transfer process. After going through the OSI model, introduction to network equipment was presented, starting from cables and connectors. You learned common network equipment and the OSI layer in which these operate. After that, two network access methods were presented (CSMA/CD and Token Ring). In CSMA/CD networks, a host senses any signal on the network medium before sending a data frame. It transmits data only if the medium is free. In a Token Ring network, only the host that has the token is allowed to transmit data. Then the discussion turned to Ethernet frames and the different types of Ethernet. In the last part of the chapter, you were introduced to some troubleshooting commands for Solaris systems.

64

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

A P P LY Y O U R K N O W L E D G E

Exercises

4. Name the seven layers of OSI network model, starting from the lowest one.

1.1

5. What are the different types of Ethernet networks?

Using the ifconfig and ping Commands

In this exercise, you learn that the ifconfig command is an administrative command that can be used only by the privileged root user. You also learn how to use the ping command. Estimated Time: 5 minutes 1. Log on to a Solaris machine using your own username and try to use the ifconfig plumb hme0:3 command. You will see an ifconfig: plumb: SIOCLIFADDIF: hme0:3: permission denied error message showing that you are not allowed to use this command. 2. Now su to root and try to use the command again. This time you are able to use this command. 3. Find out the host name for your own machine using the uname –a command. Assume that your host name is solaris1. Try to ping to this host name using the following command: bash-2.03# ping solaris1 solaris1 is alive bash-2.03#

Also try to use the snoop, ndd, and netstat commands. You will find out that the snoop and ndd commands also need root privileges for execution.

Review Questions 1. What are different ways to classify networks? 2. Name three common network topologies. 3. Why is a layered network model beneficial?

6. How does CSMA/CD differ from the Token Ring access method?

Exam Questions 1. Which of these network devices operate on the Data Link layer of the OSI reference network model? A. Repeater B. Router C. Bridge D. Switch 2. Which one of the following covers all layers of the OSI model? A. Gateway B. Router C. Switch D. Hub 3. Which of the following is not true about wide area networks? A. These networks span over a large geographic area. B. These are low-speed networks as compared to local area networks. C. 10BASE-T Ethernet can be used in wide area networks. D. Wide area networks are usually costly to install and maintain as compared to local area networks.

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

65

A P P LY Y O U R K N O W L E D G E 4. Which of the following LAN topologies have a single point of failure?

10. The Network layer is responsible for which of the following? Choose all that are true.

B. Star

A. Point-to-point data error detection and correction

C. Dual ring is used for FDDI.

B. End-to-end data error detection and correction

A. Bus

5. Is it possible to mix multiple physical topologies in a single LAN? (Yes/No)

C. Implementation of MAC addresses for hosts

6. It is not necessary for two hosts to have a common protocol to communicate to each other directly? (True/False)

E. Routing

7. What is the true sequence of the upper four layers of the OSI model, starting from the topmost layer?

D. Implementation of logical addresses for hosts 11. Which layer of OSI model is responsible for data format conversion? A. Transport B. Application

A. Presentation, Session, Transport, Application

C. Session

B. Application, Presentation, Session, Transport

D. Presentation

C. Application, Session, Presentation, Transport

E. Data Link

D. Application, Presentation, Transport, Session 8. Protocols that control communication between two adjacent layers in a layered protocol are called what?

12. Which cable is used in 100BASE-T Ethernet networks? A. Category 5 twisted-pair cable B. Category 3 twisted-pair cable

A. Peer protocols

C. Category 2 twisted-pair cable

B. Interfaces

D. Coaxial cable

C. Layered protocols

E. Fiber-optic cable

D. Open Systems Interface 9. Which of the following layers implement MAC addresses? A. Data Link layer B. Physical layer C. Transport layer D. Network layer

13. Which of the following statements are true about repeaters? A. Repeaters regenerate and reshape electrical signal. B. Repeaters are used at the Physical layer of the OSI model. C. You can use as many repeaters as you like to extend the length of a network. D. A hub is also called a multiple-port repeater.

66

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

A P P LY Y O U R K N O W L E D G E 14. Which of the following statements are true about switches?

19. What is an Ethernet broadcast address? A. A 32-bit address with all 1 bit

A. Switches filter data based on MAC addresses.

B. A 48-bit address with all 0 bits

B. Switches provide multiple parallel data paths.

C. The same as an IP network broadcast address

C. Switches recognize hosts by their IP addresses.

D. A 48-bit address with all 1 bit

D. Switches may have different types of interfaces.

E. A 48-bit address with all 0 bits

E. A switch may act as a protocol translator. 15. When a collision occurs in networks based on CSMA/CD, when does the sending host retransmit data? A. After a fixed period of time B. After a variable period of time 16. What is the maximum length of one segment in 10BASE-2 Ethernet networks? A. 200 meters B. 185 meters C. 500 meters

20. How can you list installed Ethernet adapters in a Solaris machine? A. Using the ifconfig command B. Using the netstat command. C. Using the ether command. D. None of the above. 21. You have a workstation with network interface hme0. This network interface is configured and up and is the only network connection for the workstation. Which command cannot be used to display the MAC address of network interface hme0?

D. 1000 meters

A.

ifconfig hme0

E. The length is not fixed.

B.

ifconfig –mac hme0

17. What are Token Ring networks?

C.

ifconfig –a

A. Single-ring topology networks B. Dual-ring topology networks C. Star-connected networks D. Bus-connected networks 18. What is the length of Ethernet or MAC address?

D. arp

–a

22. Which command will you use to capture and display information about network packets in Solaris 8? A.

netstat

B.

ping

A. 20 bytes

C.

traceroute

B. 48 bits

D. snoop

C. 32 bits

E.

D. 60 bits

tcpdump

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

67

A P P LY Y O U R K N O W L E D G E 23. Which two of the following statements are not true? A. Packets captured by the snoop command can be stored in a file for later viewing. B. The snoop command can be used to view a particular layer and a specific part of a packet. C. The snoop command does not display source MAC address of the packet. D. The snoop command does not display the packet size. 24. What is used to avoid reflection of a signal from cable ends in a coaxial cable?

Answers to Review Questions 1. Networks can be classified based on the following: • Geographical area • Modulation technique • Network topology 2. Three network topologies are: • Bus • Star • Ring

C. A connector

3. Network protocols are complex. A layered model divides protocol functionality into different layers. This process makes network visualization and development tasks much simpler and structured.

D. An absorber

4. The layers are:

A. A reflector B. A terminator

25. Which layer of the OSI model is divided into the MAC sublayer and the LLC sublayer? A. Data Link layer

• Physical layer • Data Link layer

B. Physical layer

• Network layer

C. Network layer

• Transport layer

D. None of the above.

• Session layer

26. An RJ-45 connector is used with which type of cable? A. Coaxial cable B. Twisted-pair cable C. Fiber-optic cable D. Thick Ethernet cable

• Presentation layer • Application layer

68

Chapter 1

INTRODUCTION TO COMPUTER NETWORKS

A P P LY Y O U R K N O W L E D G E 5. There are many different types of Ethernet networks, including the following: • 10BASE-2 • 10BASE-5 • 10BASE-T • 100BASE-T

Suggested Readings and Resources Computer Networks. Andrew S. Tanenbaum. Computer Networks and Internets. Douglas E. Comer and Ralph E. Droms. Interconnections, Second Edition. Radia Perlman. User manuals for commands used in this chapter. Solaris 8 Answer book.

6. CSMA/CD differs from the Token Ring access in the following ways: • Token ring is a deterministic access method, whereas CSMA/CD is not. • CSMA/CD is a broadcast method, whereas Token Ring is a token-passing method. • Any host in CSMA/CD can start transmission if the medium is free. In Token Ring, only a host with a token is allowed to transmit.

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam: Identify the purpose of each layer in the TCP/IP five-layer model.

. TCP/IP is a five-layer protocol. Each layer has its own special functionality, and you need to identify and understand those functionalities. The first four layers of the protocol are similar to the OSI model. However, the Application layer in TCP/IP covers most of the functionality in the upper three layers of the OSI model. Describe the functionality of the following network protocols: TCP, UDP, IP, and ICMP. Describe the relationship between the following network protocols: TCP, UDP, IP, and ICMP.

. The TCP/IP protocol is a combination of multiple protocols that work on different layers. Some examples of these protocols are TCP, UDP, IP, and ICMP. These protocols coordinate among themselves during a communication session. You should understand these protocols and their relationship. Explain the process of address resolution using ARP and RARP. Identify the commands to manage the ARP cache.

. Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) are used to map MAC layer addresses to Network layer addresses and vice versa, respectively. From the examination perspective, you should understand these protocols and Solaris commands related to them.

C H A P T E R

2

The TCP/IP Protocol

OBJECTIVES Identify the configuration files and scripts used to configure a network interface.

. Commands, files, and scripts are used to configure network interfaces in Solaris. Understanding of all of these files, commands, and configuration scripts is required. Describe the following: IP address, broadcast address, netmask, datagram, and fragment. Identify the file used to set netmasks. Identify the features and benefits of the variable-length subnet masks (VLSMs). Configure a network interface.

. IP addresses are assigned to network interfaces. Each IP address has two basic parts: a host part and a network part. These two parts are distinguished by the netmask. IP addresses are divided into different classes depending on the size of the network. Three major classes are Class A, Class B, and Class C. Usually netmasks are fixed for these classes. However, using VLSMs, netmasks of choice can be used. Identify common network problems. Diagnose network problems. Resolve network problems.

OUTLINE Introduction

xx

The TCP/IP Suite of Protocols

xx

History of the Internet and TCP/IP

xx

Internet Organizations

xx

Internet Documents

xx

Introduction to TCP/IP TCP/IP Layers Physical Layer Data Link Layer Network Layer Transport Layer Application Layer

xx xx xx xx xx xx

Comparison of TCP/IP Protocol and ISO-OSI Reference Model

xx

TCP/IP: A Combination of Many Protocols

xx

Connection-Oriented and ConnectionLess Services

xx

IP Addresses . Network troubleshooting is a routine task and you should know general network problems, their solutions, and a way to diagnose network problems.

xx

xx

Network Addresses and Netmasks

xx

Network Broadcast

xx

TCP/IP Network Classes Class A Networks Class B Networks Class C Networks Class D Networks Class E Networks

xx xx xx xx xx xx

Subnets and Subnet Masks Dividing a Class C Network Dividing a Class B Network into 8 Subnetworks

xx xx

Variable-Length Subnet Masks

xx

Supernetting

xx

xx

OUTLINE IP Fragmentation, Reassembly, Flow Control, TOS, and TTL xx

Representing Network Addresses

xx

Reserved and Special IP Addresses

xx

Mapping IP Addresses to Hostnames

xx

Configuring an MTU Value

xx

Obtaining IP Addresses

xx

Flow Control

xx

TOS

xx

TTL

xx

Setting the TTL Value for ICMP, UDP, and TCP Packets

xx

Structure of an IP Header

xx

Version (V) and Header Length (IHL)

xx

Type of Service (TOS)

xx

Total Length

xx

Identification

xx

Flags (F)

xx

Fragment Offset

xx

Time-To-Live

xx

Protocol

xx

Header Checksum

xx

Source Address

xx

Destination Address IP Options

The Internet Control Message Protocol (ICMP)

IP Address Configuration Troubleshooting Commands xx

xx

The ping Command Continuous ping Using Different Packet Lengths with the ping Command Sending a Fixed Number of ping Packets Broadcast ping

xx xx

xx

The traceroute Command

xx

Common Network Problems Broken Cables Misconfigured Interfaces Wrong Netmask Wrong Gateways

xx xx xx xx xx

xx

Type

xx

Code

xx

Checksum Field

xx

Fine-Tuning TCP in Solaris Displaying and Setting Host Parameters

Configuring Network Interfaces in Solaris

xx

Mapping IP Addresses to MAC Addresses

xx xx xx

xx xx

xx

Configuring Virtual Interfaces

xx

Configuring Virtual Interfaces Manually

xx

The Address Resolution Protocol (ARP)

xx

Verifying IP Configuration

xx

Using the netstat Command to Verify Configuration

Reverse Address Resolution Protocol (RARP)

xx

xx

Role of Ethernet Broadcast in ARP and RARP

xx

S T U DY S T R AT E G I E S

OUTLINE Data Flow in TCP/IP Networks

xx

Using the Solaris arp Command to Manage the ARP Cache Adding New Entries to the ARP Cache Deleting Entries from the ARP Cache

xx xx xx

The snoop Command and Layer Headers

xx

Essence of the Case

xx

Analysis

xx

. The structure of an IP address and netmask is very important. Pay special attention to structure during your studies.

Chapter Summary

XX

. Having an understanding of ICMP is important for taking the test.

Apply Your Knowledge

XX

This chapter gives introduces the TCP/IP protocol and network interface configuration. Use the following strategies to understand and implement the concepts in this chapter: . Understand TCP/IP layers and compare these with OSI model layers.

. Know what an IP header is and what the various components of it are. . After reading the IP interface configuration process, practice it.

Chapter 2

INTRODUCTION So far, you have an understanding of basic concepts about computer networks. You studied the OSI reference network model in the first chapter of this book. You also know what network layers are and how they interact with each other. The OSI network model is not an actual protocol itself; instead, it is a recommended way to build network protocols. This chapter starts by introducing the most widely used network protocol stack, TCP/IP. The Transmission Control Protocol/Internet Protocol has become the industry standard over the past decade. The TCP/IP and OSI protocol models are similar in many ways, but also differ in other ways. These similarities and differences are discussed in detail in this chapter. This chapter reviews the history of the TCP/IP protocol. You learn the different layers of the protocol. You also learn about Internet documents known as Request For Comments (RFCs), which are being used in the evolution of other complex protocols on the Internet. TCP/IP provides two types of services: connection-less and connection-oriented. You will learn the differences between these two types and their uses. The ICMP protocol is an integral part of all TCP/IP protocol implementation. ICMP is used for flow control, diagnosis, and error reporting. After you have been introduced to TCP/IP, you will learn what IP addresses are and how these are assigned to hosts in a TCP/IP network. IP addresses are divided into address classes. You will learn how to distinguish host addresses and network addresses. Two methods are used in TCP/IP networks to send the same data to multiple hosts. These methods are broadcast and multicast. You’ll learn what these are and the differences between the two methods. Netmask is an important concept to understand, especially when designing IP networks. The netmask defines network boundaries. This chapter presents two examples of how netmasks are used to define network boundaries and divide large networks into smaller ones. From the Solaris point of view, you need to learn how to configure IP addresses on different network interfaces. Commands to assign IP addresses, test IP address configuration, and troubleshoot problems are used in this chapter, as well as other important troubleshooting commands, such as netstat, ping, and traceroute.

THE TCP/IP PROTOCOL

73

74

Chapter 2

THE TCP/IP PROTOCOL

Each IP packet contains an IP header used to route data packets through an IP network and other control fields. We discuss the structure of an IP header and the use of each field in its header. You also learn important concepts such as Type Of Service (TOS) and Time-To-Live (TTL) values. For data communication purposes, MAC addresses are mapped to IP addresses and vice versa. This is necessary so that before handing over any IP data packet to the Data Link layer for onward transmission, knowing the MAC address of the destination host is important. Two protocols are used for this purpose. The Address Resolution Protocol (ARP) is used to determine the MAC address of a host when the IP address is known. The Reverse Address Resolution Protocol (RARP) does just the opposite. It maps MAC addresses to IP addresses. Both of these protocols are very important. The ARP protocol keeps a record of IP-to-MAC address mapping in a special data structure known as the ARP cache, the arp command is used to display and manage IP-to-MAC address mapping table. Both of these are discussed. In addition to gaining a general understanding of the TCP/IP protocol and how it works, you should gain some insight to key concepts and commands that are important for protocol fine-tuning. These include TCP sliding windows, maximum transfer unit (MTU), and packet fragmentation and reassembly.

THE TCP/IP SUITE

OF

PROTOCOLS

The Transmission Control Protocol/Internet Protocol, more commonly known as the TCP/IP protocol, is not a single protocol. It is a family of many protocols that work together. The combination of all these protocols is known as the TCP/IP protocol stack or protocol suite, because these are built upon one another. All these protocols are open and designed to work on the Internet. In this case, open means that there is nothing proprietary and anybody is allowed to use these protocols and develop products based on them. All the information about the design and implementation of TCP/IP is open and public. In many cases, you can find source code for different implementations. Before going into the details of TCP/IP, a short discussion of the history of the Internet, for which TCP/IP is designed, is included here.

Chapter 2

HISTORY OF THE INTERNET AND TCP/IP TCP/IP is at the heart of Internet. When research first started in this area, however, the designer did not consider commercial aspects. Research on a robust and reliable packet-switched network started in the 1960s. Different research papers and infrastructure were proposed by the late 1960s to establish ARPAnet (Advanced Research Projects Agency Network). In 1969, the first node was established at the University of California at Los Angeles (UCLA), which was then connected to a second node at the Stanford Research Institute (SRI). A hostname-to-address resolution service and a directory for RFCs (Request For Comments; the official Internet documents) were also established. The name of the network was ARPAnet because the Advanced Research Project Agency (ARPA) funded it. The original protocol that was used for host-to-host communication was the Network Control Protocol (NCP). In 1971, ARPA changed its name to DARPA (Defense Advanced Research Project Agency) and so the name of the network was modified to DARPAnet. The ARPANET grew into what is called the Internet today. Hosts were quickly connected to the network, and a need for an openended network architecture arose. The Internet was viewed as a combination of multiple independent networks connected to each other. A new version of the protocol was developed for open architecture. This new protocol was TCP/IP. TCP/IP was designed so that the administration of individual networks could be kept independent. The networks were designed to be connected with machines known as routers. Central control over the Internet was not part of the design. Different routing protocols were developed to manage traffic on the Internet. Companies started making products based on the Internet technology, and many changes were made to UNIX systems to incorporate TCP/IP protocols. Organizations such as the National Science Foundation (NSF), AT&T, NASA, and the Department of Energy, provided grants for research and development. Due to the increasing connectivity of independent networks, Domain Name System (DNS) was introduced to keep distributed host name-to-address mapping databases. The invention of Ethernet in the early 1980s and the advent of the personal computer played a major role in the popularity and use of the Internet.

THE TCP/IP PROTOCOL

75

76

Chapter 2

THE TCP/IP PROTOCOL

Services such as FTP, Telnet, and email were offered, making communication easier. These gave birth to what is called the information age. The real popularity of the Internet started with the World Wide Web, where people exchange different types of data. In the 1990s, the Internet got commercialized because of e-commerce technology. Today, you can window shop hundreds of thousands of Internet stores and you can buy things online. The most commonly used protocol today is what is called IP version 4 or IPv4. Because of the unforeseen expansion of the Internet, network addresses in IPv4 have become sparse and a new version of the IP protocol has been proposed, IPv6. Some vendors, including Sun Microsystems, have started implementing this new version along with IPv4 in their products. Solaris 8 implements both IPv4 and IPv6. A more detailed history of the Internet can be found at the Internet Society web site www.isoc.org/internet-history/brief.html.

Internet Organizations Various agencies were established to manage issues related to the Internet. Some important agencies and their web sites are listed here. Information about all of these organizations can be found on their web sites: á Internet Architecture Board (IAB), www.iab.org/ á Internet Engineering Task Force (IETF), www.ietf.org/ á Internet Society, www.isoc.org/ á The Internet Corporation of Assigned Names and Numbers (ICANN), www.icann.org/ á Internet Research Task Force (IRTF), www.irtf.org/ á World Wide Web Consortium (W3C), www.w3.org/

Internet Documents Internet technology is driven by research documents known as RFCs (Request For Comments). These documents provide guidelines and standards to implement existing standards and to introduce new

Chapter 2

technologies and protocols to the Internet. Currently, there are more than 3000 documents. The IETF web site hosts these documents, and you can find a complete list at www.ietf.org/rfc.html or www.rfc-editor.org. You will find references to RFCs throughout this book.

INTRODUCTION

TO

TCP/IP

TCP/IP is a five-layer network protocol designed to interconnect independent networks together. TCP/IP is a collection of many protocols that interact with each other at different layers. Depending on the services, different protocols are used at each layer of the protocol. The following sections introduce you to the TCP/IP layers.

TCP/IP Layers TCP/IP is a five-layer protocol. The first four layers of the protocol resemble the ISO-OSI network model. The fifth layer of TCP/IP protocol (the Application layer) covers the upper three layers of the OSI model. The two most important layers of the protocol are the Network layer, which is also called the IP layer, and the Transport layer, which is also called the TCP/UDP layer. The IP layer deals with network design and routing, which are the two most important tasks for network engineers. The following sections look at these layers one by one.

Physical Layer Like the OSI model, the Physical layer in TCP/IP networks is used to transmit the digital signal in the form of segments from one host to another host. This layer consists of different types of cables (transmission medium) and connectors. Network topologies are also part of the Physical layer. TCP/IP uses many types of physical mediums, including coaxial and twisted-pair cables, fiber-optic cables, and even the wireless medium. Depending on cost, reliability, ease of installation and maintenance, and upper-layer support, a decision is made by the network designer to choose a particular type of communication medium.

THE TCP/IP PROTOCOL

77

78

Chapter 2

THE TCP/IP PROTOCOL

Data Link Layer The Data Link layer is one of the many types available for TCP/IP networks. The Data Link layer provides physical addresses also known as MAC addresses. Some of the most commonly used protocols in the Data Link layer for TCP/IP networks are Ethernet, Token Ring, HDLC, SDLC, Frame Relay, ATM, PPP, and so on. Different types of network adapters are used for these protocols. The Network layer uses services provided by the Data Link layer. These services are provided through a welldefined interface known as the DLPI (Data Link Provider Interface) interface. Data packets at the Data Link layer level are called frames. For each type of Data Link layer protocol, a different structure of frame is used. Each frame at the Data Link layer level has source and destination MAC addresses, checksums to detect errors, and actual data provided by the network layer. Bridges and switches use these MAC addresses to connect different physical networks.

Network Layer The Network layer is where addresses are assigned to individual hosts and networks. These addresses are called IP (Internet Protocol) addresses. Each host on a network has a unique IP address, which is a 32-bit number. All IP addresses are divided into two parts: the network part and the host part. The network part of the IP address is common for all hosts on a particular network, whereas the host part differs for each host. Data packets at the Network layer are also called IP packets in TCP/IP networks. Depending on network and host addresses, IP packets may be routed to other connected networks. Routers are used to make intelligent decision about forwarding IP packets to other networks or dropping these packets. Different routing protocols are used to determine the best route for each packet depending on the source and destination addresses. The easiest ones are static routes, which are defined by network administrators. In complex networks, having many routes from source to destination, routes are calculated dynamically using one or multiple routing algorithms. Routing algorithms fall into one of two basic categories: link state or distance vector. Routing is discussed in more detail in the next chapter.

Chapter 2

Current networks use IPv4 addresses, which are 32-bit numbers. These will be replaced in future networks with IPv6 addresses, which are 128-bit numbers. Each IP data packet has source and destination IP addresses along with actual data. In addition to that, the packet also contains information about the Transport layer protocol and a checksum to detect any errors. Other than the IP protocol, two major protocols are used in the Network layer: ARP and RARP. These protocols are used to map IP addresses to MAC addresses and vice versa. When a host needs to send an IP packet to another host, it needs to determine the MAC address of that host because the Data Link layer does not understand IP addresses. For this purpose, IP uses the ARP protocol, which determines the MAC address of a host given the IP address. Using this MAC address, the Data Link layer forwards data to a particular host. RFC 791 provides detailed information about the IP layer protocol. The Internet Control Message Protocol (ICMP) is used for flow control and error reporting. This protocol is part of the network layer as well as the Transport layer, and it is an integral part of each IP implementation. It is discussed in RFC 792. The ping and traceroute commands use ICMP packets for diagnosis purpose.

Transport Layer Two major protocols are used at the Transport layer level: TCP and UDP. TCP is used for reliable data transfer, whereas UDP does not provide reliability at the Transport layer level. However, UDP is faster compared to TCP. RFC 793 and RFC 768 provide detailed information about the TCP and UDP protocols. Reliable and nonreliable data transfer is discussed later in this chapter. The TCP protocol establishes a connection with the destination host before starting actual data transfer; therefore, it’s also called a connectionoriented protocol. UDP starts sending data without establishing a connection, and hence, it is called a connection-less protocol. Multiple applications in the Application layer can use TCP and UDP services using port numbers between 1 and 65,535. Received data packets are routed to different applications using these port numbers. Port numbers are discussed in more detail in Chapter 4, “The Client-Server World: Ports and Sockets.”

THE TCP/IP PROTOCOL

79

80

Chapter 2

THE TCP/IP PROTOCOL

Application Layer The Application layer is where users of TCP/IP networks interact with the network using applications and utilities. The most commonly used utility these days is a web browser. Until a few years ago, the most commonly used applications were Telnet, FTP, and electronic mail, which are still used extensively. Almost all Internet applications work in Client-Server mode. A server is a computer or a software application that provides some service to a client. Common users interact with servers using clients. For example, an Internet browser is a client that talks to a web server located somewhere on the Internet. Similarly, FTP and Telnet programs are clients that talk to a server. The user of these clients provides a server address to connect to a particular server. Multiple servers can run on a single machine connected to the Internet. For example, one machine can act as a server for FTP and HTTP (Hypertext Transfer Protocol, used for the World Wide Web). To distribute data among multiple servers, each server uses wellknown port numbers. HTTP usually uses TCP port number 80, for example, whereas FTP uses TCP port number 21. When a client tries to connect to a particular server, it attempts to establish a connection at these well-known port numbers. More information about port numbers and these applications is available in Chapter 4.

Comparison of TCP/IP Protocol and ISO-OSI Reference Model The main difference between TCP/IP and ISO-OSI is the number of layers. ISO-OSI reference model has seven layers, whereas TCP/IP has five layers (see Figure 2.1). The Application layer in the TCP/IP network covers the upper three layers of the OSI model. The functionality of each TCP/IP layer is described in Table 2.1.

Chapter 2

ISO-OSI Layers

TCP/IP Layers

Application layer

Session layer Transport layer

Transport layer (TCP/UDP)

Network layer

Network layer (IP)

Data Link layer

Data Link layer

Physical layer

Physical layer

TABLE 2.1

FUNCTIONALITY

OF

81

FIGURE 2.1 Comparison of layers used in the TCP/IP protocol versus the OSI model.

Application layer

Presentation layer

THE TCP/IP PROTOCOL

TCP/IP L AY E R S

Layer

Description

Physical

Handles Physical layer data in the form of segments.

Data Link

Handles the Physical layer access method and MAC addresses. Data received from the IP layer is divided into frames depending on the protocol used at the Data Link layer level. For example, frames format for Ethernet differs from the frame format used for Frame Relay.

IP

IP addresses are assigned to all hosts and networks. Routing protocols are used to route data across different networks. This layer is responsible for point-to-point reliable data transfer.

TCP

TCP and UDP protocols are used in this layer. Port numbers and sockets are used to allow multiple applications to share the same physical machine and IP address.

Application

User applications and programs that provide a user interface to the network are implemented in this layer.

NOTE

82

Chapter 2

THE TCP/IP PROTOCOL

ARP and RARP are not strictly Network layer protocols. These are also part of the Data Link layer.

TCP/IP: A Combination of Many Protocols TCP/IP is not just one protocol as it might seem to a new user. It is a combination of many protocols at each layer. There may be a number of different protocols being used at the two bottom layers (Physical and Data Link) in the same network. The Network layers incorporate three important protocols: IP, ARP, and RARP. The IP protocol is responsible for data transmission from one host to another in the form of IP packets. ARP maps IP addresses to MAC addresses. Before any data transmission takes place, IP needs to know the MAC address of the destination host. This is the point when ARP comes into action and determines the corresponding MAC address to an IP address. ARP is a broadcast protocol and it determines the MAC address by sending a broadcast packet on the attached network, requesting hosts to send back the MAC address corresponding to an IP address. All hosts listen to this broadcast, but only the host that has the destination IP address responds. The response contains the MAC address, which is then used by IP to start transmission. When you use the snoop –v command, you can see the ARP request and ARP response packets traveling on the network. RARP does exactly the opposite job of ARP. It maps MAC addresses to IP addresses, and it is used by many diskless hosts at boot time to determine their own IP address. Diskless workstations cannot store their IP addresses permanently because they don’t have any storage space. At boot time, the host sends the RARP broadcast request and an RARP server responds with an IP address stored on the server corresponding to the MAC address of the client host. Another important protocol is ICMP. This protocol is used for network diagnostics, error reporting, flow control, and other purposes. Two popular commands, ping and traceroute, make use of the ICMP protocol. ICMP is discussed in more detail later in this chapter. The IP header in IPv4 includes a protocol field that shows the protocol being used in the Transport layer. The length of this field is 8 bits, which means that up to 256 protocols can be used over the IP layer. Two major protocols are used at the Transport layer: TCP and UDP. TCP is reliable, but has more communication overhead. UDP is not reliable, but is fast compared to TCP. A communication overhead is

Chapter 2

the additional information that needs to be sent along with the actual data. The differences between TCP and UDP protocols are discussed later in this chapter. Routing protocols are used to determine the optimal path from source to destination. These protocols determine paths (or routes) and fill up a table known as a routing table. A router uses this routing table to send data from source to destination. Routing protocols use different indices to determine suitable route. These indices may be number of hops, available bandwidth on a particular link, reliability of a link, transmission delays, and so on. Most commonly used routing protocols are Routing Information Protocol (RIP), Open Shortest Path First routing protocol (OSPF), and Border Gateway Protocol (BGP). Routing is discussed in detail in the next chapter.

Connection-Oriented and ConnectionLess Services The TCP and UDP protocols provide two different services used in different situations. TCP provides connection-oriented services and is also called a reliable or stateful protocol. It means that a connection is established between a source and destination before actual data transmission starts. Different methods are used during the transmission to keep this connection alive. At the end of the transmission, this connection is released gracefully. During the data transfer process, if a packet is lost or gets any error along the way, there is a mechanism to detect this situation and the destination requests the source to resend this data packet. In this way, end-toend reliable data transmission is guaranteed. That is why TCP is also called a reliable protocol. UDP, on the other hand, does not establish a link between source and destination before starting actual data transmission. This is why it is called a connection-less protocol. The protocol also does not care whether the sent data reaches the destination. This is the reason UDP is called a non-reliable protocol. In UDP transmission, it is the responsibility of the Application layer to determine whether the data correctly reaches the destination. TCP and UDP protocols resemble telephone conversations and the postal services, respectively. In telephone conversations, you dial a number to establish a link before starting the actual conversation. If

THE TCP/IP PROTOCOL

83

84

Chapter 2

THE TCP/IP PROTOCOL

the called party is not attending the phone or if the phone is not available, the conversation never starts. After completing the conversation, you gracefully tear down the connection by saying bye to the other party and putting the handset back on the cradle. This is a connection-oriented service. In the case of sending a letter to someone using the postal service, however, you just post it without establishing any connection with the destination. Your letter may or may not reach the destination, which is why it would be considered a non-reliable and connection-less service. TCP is used where reliability is more important, whereas UDP is useful where some data loss can be tolerated. While transmitting voice over IP network, for example, you can still recognize the speech if a small portion of it is missing or distorted. This might not be the true for a credit card number transmission while you are shopping online, which needs a reliable service. Another use of UDP protocol is the services that use the broadcast method to determine the location of a server. Examples of these are DHCP and NIS, in which a client sends a UDP broadcast packet to locate a server. The DNS also uses UDP for hostname resolution.

IP ADDRESSES An IP address is the Network layer address. With the help of unique IP addresses, hosts on a network are distinguished from each other. Each IP address is a 32-bit-long number and is divided into four parts. Each of these parts is 8 bits long and is called an octet. IP addresses are usually written as a combination of these octets, with each octet separated by a dot character. Because each octet is 8 bits long, the value of an octet may range from 0 to 255. For example, a typical IP address may be written as 192.168.2.201. Unlike MAC addresses, IP addresses are logical addresses and are assigned by network administrators. IP addresses may be changed whenever the need arises. One IP address must be assigned to each network interface connected to the network. However, you also can assign multiple IP addresses to the same network interface adapter using a technique called network aliasing.

Each IP address has two basic parts: the host part and the network part. The host part varies for each host on the network, whereas the network part is fixed for each network. You can choose the rightmost octet as the host part, for example, and the remaining three octets as the network part. These parts may be arbitrarily chosen, but should be consistent for a particular network. In the previously mentioned IP address (192.168.2.201), for example, if you use three octets for the network part and one octet for the host part, the host part will be 201 and the network part will be 192.168.2. This means that every IP address for this network will start with three octets (192.168.2), whereas the rightmost octet will differ for each host on this network. All hosts using the same network part are considered to be part of one network. The network part of the IP address is also called the network address for all hosts in that IP network.

Network Addresses and Netmasks Host addresses in IPv4 networks are 32-bit numbers divided into four octets. While configuring IP networks, every host must have an IP address as well as a netmask. A netmask defines boundaries for the host part and the network part in an IP address. Using this netmask, each host determines the range of IP addresses that are part of its own network. A netmask is a special number used to distinguish the host part and network part in an IP network. The netmask is also written as a combination of four octets. All bits of the netmask that represent the network part of the address are 1s, whereas bits that represent the host part of the address are 0s. For example, if you use only the rightmost octet for host addressing and the remaining three octets for network addressing, the netmask bits will be as shown here. These are written as a combination of groups of 8 bits: 11111111 11111111 11111111 00000000

If decimal dot notation is used for IP addresses, this netmask is written as 255.255.255.0 because the decimal equivalent of an 8-bit sequence with all 1s is 255 and for 8-bit sequence with all 0s it is a 0. The rule of thumb for a netmask is that it starts with a sequence of 1 bits from the left side followed by a sequence of 0 bits. These are

NOTE

Chapter 2

THE TCP/IP PROTOCOL

The first address of IP networks using all 0s in the host part is a special address and is also known as a network address. For example, the address 192.168.2.0 in a network using the rightmost octet as the host part, is the network address. This is common practice to write the network address 192.168.2.0 rather than 192.168.2. This address is not assigned to any host. Similarly, the last address of a network is the broadcast address, and it cannot be assigned to any host. The broadcast address is discussed shortly.

85

NOTE

86

Chapter 2

THE TCP/IP PROTOCOL

Note also that this division of network and host parts of an IP address is logical, and multiple networks may exist on a single physical network. If 10 hosts are connected to a single coaxial cable in a bus topology, you can assign one network address to 6 of these hosts and another to the remaining 4. In this case, two logical networks will exist on the same cable.

the only two sequences allowed in the netmask. It means that you cannot have a 1 bit that comes after a 0 bit in the netmask. For example, the following netmasks are not legal: 11111111 11111111 00000000 11111111 00000000 11111111 11111111 11111111

Network Broadcast You already know about broadcast MAC addresses, in which a special address with all 1s is used for broadcast purposes (FF:FF:FF:FF:FF:FF). In a similar manner, if all bits in the host part of the IP address are 1, it is considered a broadcast address. If you use the rightmost octet for host addressing and the remaining three octets for the network part, for example, all 1s in the rightmost octet will make this address a broadcast address. In network 192.168.2.0, the broadcast address is 192.168.2.255. If you use the two rightmost octets for the host part of the IP address, the netmask will be 255.255.0.0. If a host has an IP address 172.16.20.100 with a netmask 255.255.0.0, the network address will be 172.16.0.0 and the broadcast address will be 172.16.255.255. Address 255.255.255.255 is a special type of broadcast, and any packet sent to this address is received by all hosts on a network. However, routers usually don’t forward broadcast IP packets to avoid flooding the Internet (commonly known as a denial of service, DoS, attack). When the Data Link layer of any host receives an IP packet, it forwards the packet to the IP layer. The IP layer then compares the destination IP address with its own IP address. If the destination address is not the host’s own IP address or a broadcast address, the IP layer discards it.

TCP/IP Network Classes Depending on address ranges and the number of bits in the netmask, IP addresses are divided into five classes. Each class is intended for different sizes of networks. The following sections briefly discuss these classes.

Chapter 2

Class A Networks Class A networks are used for very large networks. Only the leftmost octet in the IP address is used as the network part, while the three octets from the right side are used for host addresses. The range of numbers from 1 to 126 in the leftmost octet is used for Class A networks. Because 24 bits are left in the host part, each network in Class A can have up to 224 – 2 hosts, where two addresses are used as the network address and broadcast address. So the total number of hosts is 16,777,214 in Class A networks. If you look closely at the Class A networks, the starting bit from the left side for all addresses in this range is 0. The netmask for Class A networks is 255.0.0.0.

Class B Networks Class B networks are used for medium-sized networks. Two octets from the left side of the IP address are used for the network part, while two octets are used as the host part. The netmask for Class B networks is 255.255.0.0. The range of addresses assigned to Class B networks is from 128 to 191 in the leftmost octet of the IP address. All these addresses start with the bit pattern 10. Class B networks can contain up to 65,534 (216 – 2) hosts each as the maximum.

Class C Networks Class C network addresses are used for small networks. These networks use only the rightmost octet for the host part, while the other three octets are used for the network part. The maximum number of hosts in a Class C network may be up to 254 (28 – 2). The netmask used for Class C networks is 255.255.255.0. Class C networks range from 192 to 223 in the leftmost octet. These addresses start with bit pattern 110 in the leftmost octet.

Class D Networks Class D networks are special addresses and are known as multicast addresses. The address range starts from 224 in the leftmost octet and goes up to 240. The starting bit pattern of the leftmost octet in these is 1110. Multicast addresses are used to send the same data packet to a selected group of hosts as compared to broadcast packets, which are used to send a data packet to all hosts on a network.

THE TCP/IP PROTOCOL

87

88

Chapter 2

THE TCP/IP PROTOCOL

Class E Networks All addresses above 240 in the leftmost octet are reserved for future use and are not assigned to any host or network. Table 2.2 summarizes different classes of IP addresses. TABLE 2.2

SUMMARY

OF

NETWORK CLASSES

Class

Description

Class A

Starts with bit 0. Used for large networks. The netmask used for Class A networks is 255.0.0.0.

Class B

Starts with bit pattern 10. Used for medium-size networks. The netmask used for Class B networks is 255.255.0.0.

Class C

Starts with bit pattern 110. Used for small networks. The netmask used for Class C networks is 255.255.255.0.

Class D

Starts with bit pattern 1110. Used for multicast networks only.

Class E

All addresses above 240 in the leftmost octet. These are reserved addresses.

Subnets and Subnet Masks It is possible to divide a large network into smaller networks using network masks. All smaller networks are called subnets. The netmask used for these subnets is called the subnet mask. Figure 2.2 shows how the host part in the network address is divided into the subnet and a smaller host part to form multiple smaller networks. In the lower part of the figure, both of the shaded areas (network part and subnet) are used as a larger network part for smaller networks.

Network Part

Network Part

FIGURE 2.2 Subnetting.

Host Part

Subnet

Host Part

Different reasons might influence you to divide larger networks into smaller networks. These reasons could be ease of maintenance, distributed network management, or non-availability of new IP addresses. Consider the example of network 192.168.2.0 with a netmask of 255.255.255.0. In this example, 24 out of 32 bits are used in the network part, and 8 bits are used in the host part, for a maximum of 254 hosts in the network (28 × 2). Now, if 1 or more bits are added to the network part to use 25 bits in the netmask rather than 24, you can divide this network into 2 parts. Similarly, using 26 bits in the netmask, you can have 4 smaller networks. The following sections show how 2 larger networks are divided into smaller ones.

Chapter 2

Dividing a Class C Network The following section provides an example of a Class C network divided into four subnetworks. For each network, you need the following information: á Network address á Broadcast address á Netmask á The range of IP addresses available to be assigned to hosts In this example, the network address 192.168.2.0 has a netmask of Suppose that you want to divide this network into 4 smaller networks. First, determine the new network addresses, netmasks, and the range of IP addresses in each network.

255.255.255.0.

With each addition of 1 bit to the netmask, the network is divided into 2 parts. To divide a network into 4 parts, you have to add 2 bits to the netmask. Now, the netmask consists of 26 bits rather than 24. The new netmask in binary notation is as follows: 11111111 11111111 11111111 11000000

If you convert this netmask to decimal notation with 4 octets, the notation becomes this: 255.255.255.192

Determine the number of hosts in each network. By using 26 bits in the network part, you are left with 6 bits in the host part. A maximum of (26 × 2 = 62) hosts can be put into one subnet. The first IP address in each range will be used as the network address and the last one will be used as the broadcast address. Table 2.3 lists the range of host addresses, network addresses, broadcast addresses, and netmasks. TABLE 2.3

C R E AT I N G S U B N E T S Network Range of IP Network Number Addresses That Can Address Be Assigned to Hosts

Broadcast Address

Netmask

1

192.168.2.1 to 192.168.2.62

192.168.2.0

192.168. 2.63

255.255.255.192

2

192.168.2.65 to 192.168.2.126

192.168.2.64

192.168. 2.127

255.255.255.192

continues

THE TCP/IP PROTOCOL

89

90

Chapter 2

THE TCP/IP PROTOCOL

TABLE 2.3

continued

C R E AT I N G S U B N E T S Network Range of IP Network Number Addresses That Can Address Be Assigned to Hosts

Broadcast Address

Netmask

3

192.168.2.129 to 192.168.2.190

192.168.2.128

192.168. 2.191

255.255.255.192

4

192.168.2.193 to

192.168.2.192

192.168.

255.255.255.192

192.168.2.254

2.255

As you can see from Table 2.3, that subnet mask is the same for all subnetworks. Binary representation of these smaller network addresses is shown in Figure 2.3. Bits that determine a particular subnet are shaded.

Dividing a Class B Network into 8 Subnetworks This section provides an example of a Class B network divided into 8 subnetworks. This example shows the Class B network 172.16.2.0 with a netmask of 255.255.0.0. Suppose that you want to have 8 smaller, equal-sized subnets. To calculate the number of bits to be added to the netmask to divide this network into 8 subnets, you must calculate the value of n in the following formula: 2n = number of subnets

Subnet Part Network Part

Host Part

11000000 10101000 00000010

00

000000

11000000 10101000 00000010

01

000000

11000000 10101000 00000010

10

000000

11000000 10101000 00000010

11

000000

FIGURE 2.3 Dividing a Class C network into 4 smaller networks.

This is generalization of the same principle mentioned in the earlier example, which is that the addition of 1 bit to the netmask divides a network into 2 parts. Addition of 2 bits divides the network into 4 parts, addition of 3 bits to 8 parts, and so on. By solving the equation 2n = 8, n turns out to be 3. The original subnet mask 255.255.0.0 is as follows: 11111111 11111111 00000000 00000000

By adding three 1 bits, the mask becomes this: 11111111 11111111 11100000 00000000

In the decimal notation, this is equivalent to 255.255.224.0. Table 2.4 shows ranges of IP addresses, network addresses, and broadcast addresses for each of these 8 networks.

Chapter 2

THE TCP/IP PROTOCOL

91

TABLE 2.4

C R E AT I N G S U B N E T S Network Range of IP Network Number Addresses That Can Address Be Assigned to Hosts

Broadcast Address

Netmask

1

172.16.0.1 to 172.16.31.254

172.16.0.0

192.168.31.255 255.255.224.0

2

172.16.32.1 to 172.16.63.254

172.16.32.0 172.16.63.255

255.255.224.0

3

172.16.64.1 to 172.16.91.254

172.16.64.0 172.16.91.255

255.255.224.0

4

172.16.92.1 to 172.16.127.254

172.16.92.0 172.16.127.255 255.255.224.0

5

172.16.128.1 to 172.16.159.254

172.16.128.0 172.16.159.255 255.255.224.0

6

172.16.160.1 to 172.16.191.254

172.16.160.0 172.16.191.255 255.255.224.0

7

172.16.192.1 to 172.16.223.254

172.16.192.0 172.16.223.255 255.255.224.0

8

172.16.224.1 to

172.16.224.0 172.16.255.255 255.255.224.0

172.16.255.254

Figure 2.4 shows bits used in the network part, subnet part, and the host part.

Subnet Part Network Part

Host Part

Variable-Length Subnet Masks In the early design of the Internet, the designers thought that using a 32-bit IP address would result in 232 possible IP addresses. This figure seemed to be “too many” or “infinite” at that time. Network addresses were assigned to different organizations generously depending on requests rather than actual needs. With the Internet growth explosion in the middle of the 1990s, this the potential number of addresses fell short of the need for them. RFC 950 was then designed to overcome the shortage of network addresses and to divide large networks into smaller networks. In this scheme, a big network could be divided into smaller networks of equal size, known as subnets. Later, new techniques were defined to divide a large network into smaller networks of different sizes. For example, it is possible to divide a Class C network 192.168.2.0 into 3 networks, as shown in Table 2.5.

10101100 00010000 000

0000 00000000

10101100 00010000 001

0000 00000000

10101100 00010000 010

0000 00000000

10101100 00010000 011

0000 00000000

10101100 00010000 100

0000 00000000

10101100 00010000 101

0000 00000000

10101100 00010000 110

0000 00000000

10101100 00010000 111

0000 00000000

FIGURE 2.4 Dividing a Class B network into 8 subnetworks.

92

Chapter 2

THE TCP/IP PROTOCOL

TABLE 2.5

C R E AT I N G V A R I A B L E - L E N G T H S U B N E T S Network Range of IP Network Number Addresses That Can Address Be Assigned to Hosts

Broadcast Address

Subnet Netmask

1

192.168.2.1 to 192.168.2.126

192.168.2.0

192.168. 2.127

255.255.255.128

2

192.168.2.129 to 192.168.2.190

192.168. 2.128

192.168. 2.191

255.255.255.192

3

192.168.2.193 to

192.168.

192.168.

255.255.255.192

192.168.2.254

2.192

2.255

The key idea here is to divide network 192.168.2.0 into 2 parts and then again divide the second part into 2 parts. This way, you get 3 networks; one of these consists of 126 hosts, and the other two consist of 62 hosts each. As you can see from this table, the netmasks for all these networks are not the same. This technique of subnetting is called variable-length subnetting and subnet masks are called variable length subnet masks (VLSMs). Host Part

Network Part

VLSM is very useful to optimally use available IP addresses in large organizations.

11000000 10101000 000000000 000000000 11000000 10101000 000000001 000000000 11000000 10101000 000000010 000000000 11000000 10101000 000000011 000000000 11000000 10101000 000000100 000000000 11000000 10101000 000000101 000000000 11000000 10101000 000000110 000000000 11000000 10101000 000000111 000000000 (a) Network Part

Host Part

11000000 10101000 00000 000 000000000 (b)

FIGURE 2.5 Supernetting.

Supernetting Supernetting is the reverse process of subnetting. Class A and Class B network addresses have been exhausted now. If any large organization needs a large number of IP addresses, the only way solution is to assign multiple Class C IP addresses. For example, an organization might be assigned 8 Class C networks. To avoid large numbers of routing entries in routing tables on the Internet, these networks are combined into one network using the supernetting method. Suppose, for example, that Class C networks from 192.168.0.0 to 192.168.7.0 are allocated to an organization. These networks are listed in binary notation in Figure 2.5 (a): Now you can see that only the rightmost 3 bits in the network part of all these networks are changing. If you add these 3 bits to the host part, you can have a single network, as shown in Figure 2.5 (b). The network address for this network is 192.168.0.0, and the subnet mask is 255.255.248.0 rather than 255.255.255.0.

Chapter 2

Using supernetting, routing tables on the Internet are reduced to a greater extent. Instead of creating eight routing entries for individual Class C networks, for example, a single routing entry for the supernet mentioned previously can suffice.

Representing Network Addresses A network is fully defined by its network address and netmask. The network address shows the first IP address in the network, whereas the netmask shows the number of bits in the host and the network part for that network. The network part bits in the netmask are 1s, whereas the host part bits are 0s. Usually netmasks are written in the dot notation. Another way to convey full network information is to add a slash character (/) after the network address followed by the number of bits in the network part of IP addresses. If a network has the network address 192.168.2.0 and the netmask is 255.255.255.0, for instance, you also can write it as 192.168.2.0/24 because there are 24 bits in the netmask which are 1s. Similarly, networks in Class A are represented by /8, and networks in Class B are represented by /16. A network with the network address 192.168.2.64 and with the netmask 255.255.255.192 uses 26 bits in the netmask and can be written as 192.168.2.64/26. In a similar way, individual IP addresses may also be represented in either the IP address and netmask combination or as IP addresses followed by a slash followed by the number of 1 bits in the netmask.

Reserved and Special IP Addresses Some IP addresses are not assigned to hosts on the Internet. Some of these addresses are reserved, some are used for special purposes, and some are just experimental. These addresses are as follows: á Addresses starting with the leftmost octet 0 are not used by any host. á Network address 127.0.0.0 is not assigned to any network on the Internet. Address 127.0.0.1 is a special address, which is assigned to the loopback interface on each host. This address may be used for testing applications when no network adapter is installed in a host.

THE TCP/IP PROTOCOL

93

94

Chapter 2

THE TCP/IP PROTOCOL

á Addresses ranging from 10.0.0.0 to 10.255.255.255 are experimental addresses in Class A. á Addresses ranging from 172.16.0.0 to 172.16.255.255 are experimental addresses in Class B. á Addresses ranging from 192.168.0.0 to 192.168.255.255 are experimental address in Class C. Note that experimental addresses are not assigned to any host on the Internet. These may be used for isolated networks, however, or for hosts not visible on the Internet. á Each network has a special IP address, which is known as the network address. This is the first IP address for each network and is not assigned to any host (for instance, 192.168.30.0). á The last address of each network is used as the broadcast address and is not assigned to any host on the network (for instance, 192.168.30.255). Table 2.6 summarizes the reserved IP addresses.

TABLE 2.6

R E S E R V E D IP A D D R E S S E S Address

Description

First IP address of each network

Used as the network address.

Last IP address of each network

Used as the broadcast address.

127.0.0.0

Used with the loopback network. Address 127.0.0.1 is always assigned to the loopback interface.

10.0.0.0 to 10.255.255.255

Experimental-range IP addresses. These are usually used on private networks for hosts not visible on the Internet.

172.16.0.0 to 172.31.255.255 192.168.0.0

to

192.168.255.255

Chapter 2

THE TCP/IP PROTOCOL

Mapping IP Addresses to Hostnames Keeping in mind the complexity of the Internet, it is not possible to remember IP addresses assigned to hosts on the Internet. However, it is easy to remember hosts by hostnames. A hostname is a name that is easily remembered and that is assigned to a host connected to a network. Network administrators may also use a host naming convention for their networks. Hostnames are mapped to IP addresses so that when a user uses a hostname to access a service, this name can be resolved to an IP addresses associated with the host providing a service. Different address-resolution schemes are used on the Internet. The most widely used is the Domain Name System (DNS), which is discussed in Chapter 7, “Configuring and Managing Domain Name Server.” For very small networks, the simplest method is the use of the /etc/inet/hosts file to keep record of host names and corresponding IP addresses. A sample /etc/inet/hosts file is shown here: bash-2.03# cat /etc/inet/hosts # # Internet host table # 127.0.0.1 localhost 192.168.2.222 fana loghost 192.168.2.11 laptop 192.168.2.1 desktop bash-2.03#

You can edit this file manually using any of your favorite editors. However, another way to edit this file is to use the admintool utility provided with Solaris. When you start the admintool in X Window GUI and select Hosts from the Browse menu, the window like the one shown in Figure 2.6 displays with entries in the /etc/inet/hosts file. Using the Edit menu in this window, you can add, delete, or modify an entry in the file. Note that the display order of host names and IP address has changed. In this window, host names display first in each line.

NOTE

The first column in this file shows IP addresses. After the IP address, the hostname is written. One or more aliases also can be written after the host name. A hostname may be as simple as one word or it may be a fully qualified domain name. You learn about domain names in Chapter 7. The /etc/hosts file is actually a link to the /etc/inet/hosts file on Solaris. On other UNIX systems, this link does not exist and the file is saved as /etc/hosts.

95

96

Chapter 2

THE TCP/IP PROTOCOL

FIGURE 2.6 Using admintool to edit the /etc/inet/ hosts file.

Obtaining IP Addresses All hosts on a TCP/IP network must have a unique IP address. This is true for all hosts connected to the Internet. If your network is isolated (not connected to the Internet), you can use any range of IP addresses. Because you might not know when a need arises to connect a network to the Internet, however, it is safer to get a legal IP address even for private isolated networks. That way, when you connect any network to the Internet, you don’t need to change IP addresses assigned to hosts. If you already have a network installed and don’t want to modify your current addressing scheme, however, you can connect to the Internet in other ways using a single IP address. This can be done using a proxy server or network address translation (NAT) on your router machine. To get legal IP addresses, you have to contact one of the three IP registrars mentioned in the following list, depending on the region in which your network resides. Note that these organizations are not the same as domain name registrars. These registrars used to assign IPv4 addresses, but now you can also get IPv6 addresses from these registrars. The names and web site addresses are listed here. You can find all the required forms and mailing addresses on the web sites themselves: á North and South America. American Registry for Internet Numbers (ARIN) (www.arin.net) á Europe. RIPE Network Coordination Center (www.ripe.net) á Asia-Pacific Region. Asia Pacific Network Information Center (APNIC) (www.apnic.net)

Chapter 2

Usually, to get a range of IP addresses, you have to justify their use; that justification is usually based on the size of your network. While requesting IP addresses, keep in mind the potential growth rate of your network for next five years. If you need a small range of IP addresses, your Internet service provider (ISP) can also provide you with IP addresses.

STRUCTURE

OF AN

IP HEADER

Now it’s time to take a closer look at what an IP packet looks like and how it works. The IP header is the controlling part of any IP packet. The actual data follows the IP header part in the IP packet. Routing decisions and priorities are determined by values in different parts of the IP header. The structure of the IP header might not be important for the Solaris network administration certification purpose, but it is really helpful in understanding many of the networking concepts that are discussed here and in upcoming chapters. Figure 2.7 shows the basic IPv4 header. Each horizontal row represents 32 bits, which is a standard way to represent packet structures in Internet documents (RFCs, for example). Numbers written at the top of the figure show where a byte ends. The following sections briefly review the field definitions of the IP header.

Version (V) and Header Length (IHL) The first byte of the IP header is divided into two fields: a 4-bit Version field (V) and a 4-bit Header Length field (IHL). The Version field is represented by V in the header. This is a 4-bit field and shows the IP version used for the packet. Currently, the version field is either 4 or 6, representing a version 4 or a version 6 IP data packet. The basic IP header consists of 20 bytes, as shown in Figure 2.7. There are 5 rows, each comprised of 4 bytes. The IHL field is a 4-bitlong field and it represents the header in 32-bit numbers (a row of 4 bytes). In Figure 2.7, the value of this field is 5 because there are 5 rows (20 bytes). In some cases, the IP header may be up to 60 bytes (15 rows) long, so the maximum value of this field is 15. Additional bytes are used for IP options discussed later in this chapter.

THE TCP/IP PROTOCOL

97

98

Chapter 2

THE TCP/IP PROTOCOL

FIGURE 2.7 Structure of an IP header.

1 IHL TOS Identification TTL Protocol

2

V

3 Total Length F Fragment Offset Header Checksum

4

Source Address Destination Address

Type Of Service (TOS) Type of Service (TOS) is an 8-bit-long field and is used to define the priority of the IP packet. By default this field has the value 0, representing normal priority.

Total Length This field shows the total length of the IP packet, including header and data. This is a 16-bit field, which means that the maximum length of an IP packet may be 216, which is 64KBs.

Identification The 16-bit-long Identification field is used to identify an IP packet. Sometimes, long IP packets are fragmented and need to be reassembled at the destination. This field is used to identify different segments of the same packet at the destination.

Flags (F) This is a 3-bit part of the IP header. It contains information about whether a packet may be fragmented. If a packet is fragmented, these flags show whether the current IP packet is the last fragment of a bigger IP packet or whether more fragments are still expected.

Fragment Offset In case of fragmentation, this field shows where in the IP packet this fragment belongs. This is a 13-bit field.

Time-To-Live (TTL) This is an 8-bit field and shows the number of hops a packet can travel. The value of this field is decremented at each hop. If the value becomes 0 before the packet reaches the destination, the packet

Chapter 2

THE TCP/IP PROTOCOL

is dropped. This field is useful to overcome the problem of infinite routing loops; that is, it keeps IP packets from traveling forever in case someone misconfigures routers. In Solaris, you can display the default TTL value by using the following command: bash-2.03# ndd /dev/ip ip_def_ttl 255 bash-2.03#

Protocol The Protocol field shows the upper-layer protocol used in an IP packet. IP can transmit data from different upper-layer protocols, such as TCP and UDP. Common protocol numbers are listed in the /etc/protocols file, as shown here. Using this field, a user also can use a proprietary protocol for an application. bash-2.03# cat /etc/protocols #ident “@(#)protocols 1.5

99/03/21 SMI”

# # Internet (IP) protocols # ip 0 IP ber icmp 1 ICMP ggp 3 GGP tcp 6 TCP egp 8 EGP pup 12 PUP udp 17 UDP hmp 20 HMP xns-idp 22 XNS-IDP rdp 27 RDP # # Internet (IPv6) extension headers # hopopt 0 HOPOPT ipv6 41 IPv6 ipv6-route 43 IPv6-Route ipv6-frag 44 IPv6-Frag esp 50 ESP ah 51 AH ipv6-icmp 58 IPv6-ICMP ipv6-nonxt 59 IPv6-NoNxt v6 ipv6-opts 60 IPv6-Opts bash-2.03#

/* SVr4.0 1.1

*/

# internet protocol, pseudo protocol num # # # # # # # # #

internet control message protocol gateway-gateway protocol transmission control protocol exterior gateway protocol PARC universal packet protocol user datagram protocol host monitoring protocol Xerox NS IDP “reliable datagram” protocol

# # # # # # # #

Hop-by-hop options for IPv6 IPv6 in IP encapsulation Routing header for IPv6 Fragment header for IPv6 Encap Security Payload for IPv6 Authentication Header for IPv6 IPv6 internet control message protocol No next header extension header for IP

# Destination Options for IPv6

99

100

Chapter 2

THE TCP/IP PROTOCOL

The ping command uses the ICMP protocol and is normally used for network troubleshooting. As you can see in this listing of the /etc/protocols file, the value of this field for the ICMP packet is 1. Similarly, the value for the TCP protocol is 6, and value for the UDP protocol in 17.

Header Checksum The Header Checksum field is a 16-bit field and is computed at every host that a data packet passes through. This is used to check for errors in the IP header (not the data part).

NOTE

Source Address Note that the source and destination addresses are not in the usual dot notation. Instead, these are 32-bit numbers with each 8-bit part representing an octet in the IP address.

This part shows the address of the source host from where the IP packet originated. The destination host uses this 32-bit field to determine from where an IP packet came.

Destination Address The destination address is used to compute routes and to deliver an IP packet to its destination.

IP Options In addition to the standard IPv4 header consisting of 20 bytes, you can add additional bytes to the IP header for various purposes. This additional part of the IP header is called IP options and may be as long as 40 bytes. This means that the total length of an IP header may be up to 60 bytes. The IHL field correctly shows the actual header length in an IP packet. These additional bytes are used for following purposes: NOTE

á Getting time stamps These options are complex and an explanation of how these are used is beyond the scope of this book. For complete information, refer to RFC 791 on the IETF web site (www.ietf.org).

á Source routing á Stream ID á Security á Route recording

Chapter 2

THE TCP/IP PROTOCOL

THE INTERNET CONTROL MESSAGE PROTOCOL (ICMP) As reflected in its name, the ICMP protocol is used for control messages. ICMP is an integral part of all IP protocol implementation. ICMP packets are used by user applications, such as ping, to diagnose network problems. Hosts also may generate ICMP packets to report network problems to other hosts on the network. The Protocol field in the IP header is set to 1 for ICMP packets. After the IP header part in the IP packet, there is a variable-length ICMP header. In Figure 2.8, the ICMP header is shown as a shaded area. The first three fields are present in all ICMP packets, and these are described in the following sections. After these three fields, consisting of 4 bytes in total, the remaining ICMP header can be of variablelength depending on the values in the Type and Code fields.

Type The Type field is an 8-bit field of the ICMP header and it shows the type of ICMP packet. Some of the most common ICMP packet types are as follows: á Destination Unreachable message. á Time Exceeded. It shows either TTL exceeded or reassembly time exceeded. This type is used with the traceroute program. á Parameter Problem. It shows a problem with a header parameter. 1 IHL TOS Identification TTL Protocol

V

2

3 Total Length F Fragment Offset Header Checksum

4

Source Address Destination Address Type

Code

Checksum

Variable length ICMP header part

FIGURE 2.8 ICMP packet header.

101

102

Chapter 2

THE TCP/IP PROTOCOL

á Source Quench. This type is used to notify the sender about network congestion in the path. á Redirect message. á Echo Request and Echo Reply. á Time Stamp Request and Time Stamp Reply. á Information Request and Information Reply. As you can see from this list, ICMP packets are used for many purposes.

Code Different code values are used to further identify a problem. If a Destination Unreachable message displays, for example, the type of ICMP packet is 3. Different code values with this type show different situations. Table 2.7 shows the circumstances under which the code is set to 3. TABLE 2.7

CODES

WITH A

D E S T I N AT I O N U N R E A C H A B L E M E S S A G E

Code

Description

0

Network unreachable.

1

Host unreachable.

2

Protocol unreachable.

3

Port unreachable. (This type is used with the well-known traceroute program.)

4

A packet was dropped because fragmentation was required, but the Don’t Fragment (DF) bit was set. (The DF bit is discussed later in this chapter.)

5

A packet was dropped because the source route failed.

Checksum Field This field is used as an ICMP header checksum to detect any error in the header. The checksum is calculated both at the source and the destination. If an error occurs in the ICMP packet, these two checksums are not the same, which reflects an error.

Chapter 2

CONFIGURING NETWORK INTERFACES IN SOLARIS Network interfaces in Solaris machines are usually named as hmen or len, where n is a number. The term hme or le actually shows a driver type attached to a network interface. Number n is usually 0 for the first interface, 1 for the second, and so on. If you have only one network adapter installed in your host, the name for this interface is probably hme0. There are three basic steps to configure interface hme0 with the IP address 192.168.2.222 and netmask 255.255.255.0

STEP BY STEP 2.1 Configuring a Network Interface Follow these steps to configure a network interface: 1. Create a file, /etc/hostname.hme0, with a single line.

Name the host as shown here: fana

2. Edit the /etc/inet/hosts file to add the IP address for host

fana. Remember that /etc/hosts is a link to file /etc/inet/hosts. A line in this file looks like the following: 192.168.2.222

fana

3. Edit the file /etc/inet/netmasks and add the following line

to it: 192.168.2.0

255.255.255.0

The /etc/inet/netmasks associates the network addresses with the netmasks. At boot time, the network initialization script, /etc/init.d/network, gets executed, reads these files, and configures the network interfaces. Note that this configuration is permanent and persists after rebooting the machine. You can use the ifconfig command to temporarily configure a network adapter. The following command configures adapter hme0 with an IP address 192.168.5.6 and a netmask 255.255.255.0. bash-2.03# ifconfig hme0 192.168.5.6 netmask 255.255.255.0 up

THE TCP/IP PROTOCOL

103

104

Chapter 2

THE TCP/IP PROTOCOL

You also can specify the netmask by the number of bits rather than by dot notation. For example, the following command does the same job and specifies to use 24 bits in the netmask: bash-2.03# ifconfig hme0 192.168.5.6/24 up

Configuring Virtual Interfaces Multiple IP addresses can be assigned to a single physical network adapter. This proves useful when you want to run multiple services on a single host using different IP addresses. Virtual interfaces are used for this purpose. A virtual interface is like any physical interface, but with a colon and a number added at the end of the adapter name. If you have hme0 network adapter installed in your system, for example, you can use multiple virtual interfaces such as hme0:n, where n is a number equal to or greater than 1. So the first virtual interface is hme0:1, the second one is hme0:2, and so on. You can configure virtual interfaces just like the physical interfaces.

STEP BY STEP 2.2 Configuring a Virtual Network Interface To configure IP address 192.168.20.28 with netmask 255.255.255.0 on this virtual interface, follow these three steps: 1. Create a /etc/hostname.hme0:1 file with a host name line

in it. I used fana-nt as the host name. The only line in this file is as follows: fana-nt

2. Add a line to /etc/inet/hosts file with the new host name

and IP address. After adding this entry, the file contents are as follows: 192.168.2.222 192.168.20.28

fana fana-nt

3. Add a line to the existing /etc/inet/netmasks file to add a

netmask for the new interface. The file now looks like the following: 192.168.2.0 192.168.20.0

255.255.255.0 255.255.255.0

This completes the process. The next time you reboot your system, the logical interface hme0:1 will be there.

Chapter 2

Configuring Virtual Interfaces Manually To manually configure a virtual interface without a reboot, follow the next step-by-step approach.

STEP BY STEP 2.3 Configuring a Virtual Network Interface Manually 1. First, enable the virtual interface. The following command

enables the virtual interface hme0:2: bash-2.03# ifconfig hme0:2 plumb bash-2.03#

2. Display the virtual interface setting using the following

command: bash-2.03# ifconfig hme0:2 hme0:2: ➥flags=1000842 mtu 1500 index 2 inet 0.0.0.0 netmask 0 bash-2.03#

3. As you can see, no IP address is yet configured on this

interface. To configure an IP address 192.168.5.5 with a netmask 255.255.255.0, use the following command: bash-2.03# ifconfig hme0:2 192.168.5.5 ➥netmask 255.255.255.0 up bash-2.03#

4. Verify the configured IP address using the ifconfig com-

mand shown in the following example. You also can use the ping command to verify that you are receiving a response from this IP address. bash-2.03# ifconfig hme0:2 hme0:2: ➥flags=1000842 mtu 1500 index 2 inet 192.168.5.5 netmask ffffff00 ➥broadcast 192.168.5.255 bash-2.03# ping 192.168.5.5 192.168.5.5 is alive bash-2.03#

THE TCP/IP PROTOCOL

105

106

Chapter 2

THE TCP/IP PROTOCOL

Like other interfaces, the configuration of a virtual interface can be modified at any time. The following command modifies the IP address to 192.168.5.6 and the netmask to 255.255.255.192 (26 bits) on the virtual interface hme0:2. Note that I have used the number of bits in the netmask, but you can use netmask in dot notation also. The next command displays the current configuration: bash-2.03# ifconfig hme0:2 192.168.5.6/26 up bash-2.03# ifconfig hme0:2 hme0:2: flags=1000843 mtu 1500 index 2 inet 192.168.5.6 netmask ffffffc0 broadcast ➥192.168.5.255 bash-2.03#

Verifying IP Configuration After configuring interfaces, you can display information to make sure that these are configured. To list all network interfaces, use the ifconfig command as follows: bash-2.03# ifconfig -a lo0: flags=1000849 mtu ➥8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 ➥mtu 1500 index 2 inet 192.168.2.222 netmask ffffff00 broadcast ➥192.168.2.255 ether 8:0:20:9e:f0:50 hme0:1: flags=1000843 ➥mtu 1500 index 2 inet 192.168.20.28 netmask ffffff00 broadcast ➥199.30.29.31 lo0: flags=2000849 ➥mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841 mtu 1500 ➥index 2 ether 8:0:20:9e:f0:50 inet6 fe80::a00:20ff:fe9e:f050/10 bash-2.03#

The second thing is to test routes. To do so, use the netstat command as follows: bash-2.03# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ------ ---- -----------------192.168.20.0 192.168.20.28 U 1 17 hme0:1 192.168.2.0 192.168.2.222 U 1 2 hme0

Chapter 2

224.0.0.0 127.0.0.1

192.168.2.222 127.0.0.1

U UH

1 23

0 20670

THE TCP/IP PROTOCOL

hme0 lo0

Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use If -------------------- -------------------- ------ ---- -----------------fe80::/10 fe80::a00:20ff:fe9e:f050 U 1 0 hme0 ff00::/8 fe80::a00:20ff:fe9e:f050 U 1 0 hme0 default fe80::a00:20ff:fe9e:f050 U 1 0 hme0 ::1 ::1 UH 1 0 lo0 bash-2.03#

Another test may be to use the ping command to verify that an interface is responding, as shown here: bash-2.03# ping fana-nt fana-nt is alive bash-2.03#

You also can use the IP address in place of hostname as follows:

fana-nt,

bash-2.03# ping 192.168.20.28 192.168.20.28 is alive bash-2.03#

Using the netstat Command to Verify Configuration The netstat –rn command, which you have already seen, actually displays routing tables, as discussed in the following chapter. In addition to the routing table, the -rn command shows IP addresses configured on each interface. You also can use the netstat –i command to find details (information) about each interface. The next command listed here displays the following information about all IPv4 and IPv6 interfaces: á The interface name. á The MTU value configured on that interface. This is discussed in the next section. á The name used for that interface. á The hostname or IP addressed configured on that interface. á The number of input packets. á The number of errors in the input packets. á The number of output packets.

107

108

Chapter 2

THE TCP/IP PROTOCOL

á The number of errors in the output packets. á The number of collisions on that interface. á The queue length for that interface. You can locate all this listed information in the output of the following command: bash-2.03# Name Mtu lo0 8232 hme0 1500

netstat -i Net/Dest loopback fana

Address localhost fana

Ipkts 31919 5486

Ierrs Opkts 0 31919 0 681

Oerrs Collis Queue 0 0 0 0 4 0

Name Mtu Net/Dest Address Opkts Oerrs Collis lo0 8252 localhost localhost 31919 0 0 hme0 1500 fe80::a00:20ff:fe9e:f050/10 ➥fe80::a00:20ff:fe9e:f050 681 0 4

Ipkts

Ierrs

31919

0

5486

0

bash-2.03#

This command and its uses are discussed throughout the book.

IP FRAGMENTATION, REASSEMBLY, FLOW CONTROL, TOS, AND TTL Consider the output of the following ifconfig command: bash-2.03# ifconfig hme0 hme0: flags=1000843 ➥mtu 1500 index 2 inet 192.168.2.222 netmask ffffff00 broadcast ➥192.168.2.255 ether 8:0:20:9e:f0:50 bash-2.03#

You might have noticed a field with the name MTU (Maximum Transmit Units) in the output of the ifconfig command. This field shows the maximum length of a data frame that can be transmitted on a physical interface. The value of this field in the previous command is 1500, which shows that a frame of a maximum length of 1500 bytes can be sent through interface hme0. Before sending any packet through an interface, IP checks the MTU value. If the MTU value is smaller

Chapter 2

THE TCP/IP PROTOCOL

109

than the length of IP packet size, the packet needs to be fragmented. If an application sends an IP packet of 2000 bytes, for example, it will be fragmented into two packets. The first packet will contain 1500 bytes, and the second will carry the remaining bytes. The Flags field in the IP header is used to pass the fragmentation information to the destination address. The fragmentation offset field is 0 for the first packet. The value of this field in the packets that follow the first packet show the placement of those packets in the actual big IP packet. When the destination host receives fragments, it reassembles these into a single packet before processing it. The Flags field is used for this purpose. This process is called packet reassembly. One of the bits in the Flags field of IP header is called a Don’t Fragment (DF) bit. If this bit is set, it requires a packet not to be fragmented. In this case, if the MTU value is less than the packet size at any point during the path and DF bit is set, the packet is dropped. The dropping host sends back an ICMP packet error message notifying the sender that the packet was dropped because of DF bit set and fragmentation was required. This ICMP packet has a type field 3 and code field 4, as mentioned earlier. This method is used to detect the minimum MTU value for a path between the source and destination host on the Internet.

The value of the MTU field is configurable using the ifconfig command. By default, Ethernet interfaces have an MTU value of 1500. The following command sets the MTU value to 1000: bash-2.03# ifconfig hme0 mtu 1000 bash-2.03#

If you use the ifconfig command again, it will display a new MTU value, as shown here: bash-2.03# ifconfig hme0 hme0: flags=1000843 ➥mtu 1000 index 2 inet 192.168.2.222 netmask ffffff00 broadcast ➥192.168.2.255 ether 8:0:20:9e:f0:50 bash-2.03#

CAUTION

Configuring an MTU Value Don’t change the MTU value on any interface unless you are sure about what you are doing. This may result in serious performance problems.

110

Chapter 2

THE TCP/IP PROTOCOL

NOTE

Flow Control Note that this type of flow control is implemented at the IP layer level. Higher layers have their own flow control mechanism. As one example, the flow control mechanism used by the TCP layer is discussed later in this chapter.

As mentioned earlier, ICMP packets can be used to send information, such as the possibility of network congestion, back to the sender. An ICMP type 4 packet (Source Quench) is generated in case of congestion. A gateway usually generates a Source Quench ICMP message when it runs out of buffer space to queue a packet for processing and the packet is dropped. When the sender side receives the Source Quench packet, it slows down its rate of sending data. A Source Quench ICMP packet also might be generated by the destination host when the packet receiving rate is too fast to be processed by the destination host.

TOS The Type Of Service field in the IP packet header is used to prioritize IP traffic. Following are the types of IP traffic listed in RFC 791. á Network control á Internetwork control á CRITIC/ECP á Flash override á Flash á Immediate á Priority á Routine The actual implementation of this field is complicated. Some implementations of the IP protocol use this field in different ways from the definition of RFC 791. Some implementations of IP do not implement this filed at all and make it 0 (routine) for all packets.

TTL The TTL field controls the number of hops that an IP packet can travel. The value of this field is decremented by routers at every hop. If a packet does not reach the destination and its value becomes 0, the packet is dropped. Using this field, you can control the maximum distance between your Solaris host and another host in terms

Chapter 2

of the number of hops. If you set the default TTL to 20, for example, any packet generated from your host cannot reach another host that is farther than 20 network hops.

Setting the TTL Value for ICMP, UDP, and TCP Packets As mentioned earlier, TTL is one of the IP header fields. You can set a particular TTL value for higher layer protocols such as TCP, UDP, or even ICMP. If you set the default TTL value for ICMP packets, for instance, all ICMP packets will use that value. To display the current TTL value used for ICMP packets, use the following command: bash-2.03# ndd /dev/icmp icmp_ipv4_ttl 255 bash-2.03#

You can verify that this value is indeed used by sending one ping packet to a host. To do so, send an ICMP packet from the command line and use the snoop command to capture the packet being sent. The following command sends one ICMP echo request packet to host desktop. (The ping command is discussed in detail later in this chapter.) bash-2.03# ping -s desktop 100 1 PING desktop: 100 data bytes 108 bytes from desktop (192.168.2.1): icmp_seq=0. time=1. ms ----desktop PING Statistics---1 packets transmitted, 1 packets received, 0% packet loss round-trip (ms) min/avg/max = 1/1/1 bash-2.03#

The host will respond with an ICMP echo reply packet. To check the TTL value in both of these packets, you can use snoop command on another terminal window. Just open another window and use the following snoop command before using the ping command mentioned earlier: snoop –v | grep IP

As soon as the ping command is issued, the following message will display on the snoop command window: ETHER: Ethertype = 0800 (IP) IP: ---- IP Header ---IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00

THE TCP/IP PROTOCOL

111

112

Chapter 2

THE TCP/IP PROTOCOL

IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 128 bytes IP: Identification = 348 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 1 (ICMP) IP: Header checksum = d4f1 IP: Source address = 192.168.2.222, fana IP: Destination address = 192.168.2.1, desktop IP: No options IP: ETHER: Ethertype = 0800 (IP) IP: ---- IP Header ---IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 128 bytes IP: Identification = 21004 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 128 seconds/hops IP: Protocol = 1 (ICMP) IP: Header checksum = 2241 IP: Source address = 192.168.2.1, desktop IP: Destination address = 192.168.2.222, fana IP: No options IP:

This output shows two IP packets’ header part. In the first part, the TTL value is 255, which is the default TTL value for ICMP packets. The second part shows TTL value 128, which is the TTL value of ICMP echo reply packet sent by host desktop. Now use the following command to set this value to 30, and repeat the preceding experiment: bash-2.03# ndd -set /dev/icmp icmp_ipv4_ttl 30 bash-2.03#

Again use the ping command as mentioned earlier and grab the output of the snoop command on another window. This time you will notice that the TTL value of the outgoing ICMP packet is 30. In the

Chapter 2

same way, you also can define a default TTL value for TCP and UDP packets. The following two commands set TTL values for TCP and UDP, respectively. ndd -set /dev/tcp tcp_ipv4_ttl 30 ndd -set /dev/udp udp_ipv4_ttl 30

IP ADDRESS CONFIGURATION TROUBLESHOOTING COMMANDS The ping command is usually the first step to diagnose any IP address configuration problem. You can use the command in a number of ways, as discussed in the following sections. You also can use the traceroute command to diagnose reachability problems.

The ping Command The ping command is the most widely used command by network administrators. It uses ICMP echo request type ICMP packets. When a host receives this type of packet, it replies with an ICMP echo reply type ICMP packet that can be used to determine the round-trip time of the ICMP packet between the source and destination hosts. By default, the command displays only two messages, showing whether a host is alive or dead. The following two commands show that host desktop is alive, whereas the host laptop is dead: bash-2.03# ping desktop desktop is alive bash-2.03# ping laptop no answer from laptop bash-2.03#

You can use this command for many purposes, as listed here: á To determine the reachability of a particular host á To determine whether a host is alive or dead á To discover routing problems á To determine the minimum MTU between a source and destination á To check a particular path using the source route

THE TCP/IP PROTOCOL

113

114

Chapter 2

THE TCP/IP PROTOCOL

á To find broken or faulty cables á To determine network response time á To determine packet loss in the network These are just few uses of the command. Being a network administrator, you will use this command routinely to troubleshoot network problems. In fact, this is the first step in the network troubleshooting process.

Continuous ping By default, the ping command just tells you whether a host is alive or dead by sending ICMP echo request type packets. If the command gets a response from this packet in the form of an ICMP echo reply packet, a Host Alive message is printed. However, you also can send continuous ping packets (ICMP echo request type packets) to a host using the following command:

CAUTION

bash-2.03# ping -s desktop PING desktop: 56 data bytes 64 bytes from desktop (192.168.2.1): icmp_seq=0. time=0. ms 64 bytes from desktop (192.168.2.1): icmp_seq=1. time=0. ms 64 bytes from desktop (192.168.2.1): icmp_seq=2. time=0. ms 64 bytes from desktop (192.168.2.1): icmp_seq=3. time=0. ms 64 bytes from desktop (192.168.2.1): icmp_seq=4. time=0. ms 64 bytes from desktop (192.168.2.1): icmp_seq=5. time=0. ms 64 bytes from desktop (192.168.2.1): icmp_seq=6. time=0. ms ^C ----desktop PING Statistics---7 packets transmitted, 7 packets received, 0% packet loss round-trip (ms) min/avg/max = 0/0/0 bash-2.03#

The continuous ping command should be used cautiously on lowbandwidth links. It may use a significant part of the available bandwidth in some cases.

You have to press Ctrl+C to break the continuous ping command. When you break the command using Ctrl+C, the command shows ping statistics and brings back the command prompt. The statistics show how many packets were sent, how many packets received, and percentage loss. It also shows minimum, average, and maximum round-trip time. The continuous ping command is very useful to troubleshoot a problem over a time and to monitor response of the network in terms of network delays at varying network load.

Chapter 2

Using Different Packet Lengths with the ping Command By default, the ping command uses 56 + 8 bytes long data packet. However to check response of network for larger packets, however, you can specify packet length with the ping command. This may also prove beneficial to know whether a host is dropping packets due to IP fragmentation. The following command sends (6000 + 8)byte-long data packets to host desktop: bash-2.03# ping -s desktop 6000 PING desktop: 6000 data bytes 6008 bytes from desktop (192.168.2.1): icmp_seq=0. time=11. ➥ms 6008 bytes from desktop (192.168.2.1): icmp_seq=1. time=10. ➥ms 6008 bytes from desktop (192.168.2.1): icmp_seq=2. time=10. ➥ms 6008 bytes from desktop (192.168.2.1): icmp_seq=3. time=10. ➥ms 6008 bytes from desktop (192.168.2.1): icmp_seq=4. time=10. ➥ms 6008 bytes from desktop (192.168.2.1): icmp_seq=5. time=10. ➥ms ^C ----desktop PING Statistics---6 packets transmitted, 6 packets received, 0% packet loss round-trip (ms) min/avg/max = 10/10/11 bash-2.03#

As you can notice from the preceding output of the command, response time for larger packets has increased. In the previous command, which used (56 + 8)-byte data packets, the average return time was 0 milliseconds, whereas in this case the average time is 10 milliseconds.

Sending a Fixed Number of ping Packets You also can send a predefined number of ping packets to a destination host. The following command sends 4 packets of 100-byte data length to host desktop: bash-2.03# ping -s desktop 100 4 PING desktop: 100 data bytes 108 bytes from desktop (192.168.2.1): icmp_seq=0. time=0. ➥ms 108 bytes from desktop (192.168.2.1): icmp_seq=1. time=0. ➥ms

THE TCP/IP PROTOCOL

115

116

Chapter 2

THE TCP/IP PROTOCOL

108 bytes from desktop (192.168.2.1): icmp_seq=2. time=0. ➥ms 108 bytes from desktop (192.168.2.1): icmp_seq=3. time=0. ➥ms ----desktop PING Statistics---4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 0/0/0 bash-2.03#

Table 2.8 lists other useful options that you can use with the ping command.

TABLE 2.8

OPTIONS USED

WITH THE PING

COMMAND

Option

Description

-g gateway

Specifies a gateway through which you want to route the data packet. Multiple gateway addresses can be used to route a packet through a specific path in the network.

-I interval

Interval between successive ICMP packets.

-i interface

Defines the interface address through which a packet should go out.

-P tos

Sets the Type Of Service field in IP header

-t ttl

Sets the TTL field value in IP header.

Note that you can obtain a complete list of options to use with the ping command by using the man ping command. Table 2.8 lists only the most widely used options.

Broadcast ping You can use broadcast ping to find out all hosts on your network. You can send a broadcast to all hosts using the address 255.255.255.255 or only to a particular network using a network broadcast address. The following command sends ping packets to all hosts: bash-2.03# ping -s 255.255.255.255 PING 255.255.255.255: 56 data bytes 64 bytes from fana (192.168.2.222): icmp_seq=0. time=0. ms 64 bytes from laptop (192.168.2.11): icmp_seq=0. time=3. ms 64 bytes from fana (192.168.2.222): icmp_seq=1. time=0. ms 64 bytes from laptop (192.168.2.11): icmp_seq=1. time=0. ms 64 bytes from fana (192.168.2.222): icmp_seq=2. time=0. ms 64 bytes from laptop (192.168.2.11): icmp_seq=2. time=0. ms

Chapter 2

THE TCP/IP PROTOCOL

64 bytes from fana (192.168.2.222): icmp_seq=3. time=0. ms 64 bytes from laptop (192.168.2.11): icmp_seq=3. time=0. ms ^C ----255.255.255.255 PING Statistics---4 packets transmitted, 8 packets received, 2.00 times ➥amplification round-trip (ms) min/avg/max = 0/0/3 bash-2.03#

The response of this command shows the IP addresses and host names that replied to the broadcast ping. The sequence number in each line shows the ping packet number to which the reply is intended. As you can see, two lines have sequence number 0. The IP addresses in these two lines are 192.168.2.222 and 192.168.2.11. These lines show that the reply for the ping packet sequence number 0 was received from both of these hosts. The following command sends ping packets to hosts on network 192.168.2.0 only: bash-2.03# ping -s 192.168.2.255 PING 192.168.2.255: 56 data bytes 64 bytes from fana (192.168.2.222): icmp_seq=0. time=0. ms 64 bytes from laptop (192.168.2.11): icmp_seq=0. time=1. ms 64 bytes from fana (192.168.2.222): icmp_seq=1. time=0. ms 64 bytes from laptop (192.168.2.11): icmp_seq=1. time=0. ms 64 bytes from fana (192.168.2.222): icmp_seq=2. time=0. ms 64 bytes from laptop (192.168.2.11): icmp_seq=2. time=0. ms ^C ----192.168.2.255 PING Statistics---3 packets transmitted, 6 packets received, 2.00 times ➥amplification round-trip (ms) min/avg/max = 0/0/1 bash-2.03#

Broadcast ping is a very useful feature to determine all hosts on your local network. Be aware, however that some hosts, such as Microsoft Windows PCs, don’t respond to broadcast ping packets. Also routers usually don’t forward broadcast ping packets to other networks (to avoid network flooding).

The traceroute Command The traceroute command is used to find gateway hosts from source to destination. In other words, the command displays the path taken by IP packets from source to destination. The following command traces the path from my Solaris workstation to host www.newriders.com: bash-2.03# traceroute www.newriders.com traceroute: Warning: Multiple interfaces found; using 209.79.180.218 @ hme0:1 traceroute to newriders.com (63.69.110.220), 30 hops max, 40 byte packets 1 tnt10-fa0.vntrcs.pbi.net (64.161.163.134) 7.480 ms 3.098 ms 3.049 ms

117

118

Chapter 2

THE TCP/IP PROTOCOL

2 pop1-fe-6-1-0.vntrcs.pbi.net (64.161.163.145) 31.903 ms 27.808 ms 28.567 ms 3 206.171.129.2 (206.171.129.2) 31.492 ms 31.444 ms 31.883 ms 4 edge1-ge1-0.lsan03.pbi.net (206.13.29.144) 33.490 ms 29.909 ms 31.896 ms 5 47.81.254.93 (47.81.254.93) 66.579 ms 77.139 ms 63.744 ms 6 47.81.255.38 (47.81.255.38) 63.823 ms 60.853 ms 72.159 ms 7 47.255.253.1 (47.255.253.1) 69.440 ms 83.567 ms 74.826 ms 8 47.255.252.34 (47.255.252.34) 69.794 ms 67.788 ms 72.499 ms 9 47.243.2.2 (47.243.2.2) 68.592 ms 105.874 ms 63.696 ms 10 47.243.0.1 (47.243.0.1) 81.927 ms 88.656 ms 60.835 ms 11 209.0.252.133 (209.0.252.133) 75.920 ms 60.990 ms 90.940 ms 12 lo0.mp1.SanJose1.level3.net (209.247.8.239) 78.549 ms 62.283 ms 70.621 ms 13 pos9-0.core2.SanFrancisco1.level3.net (209.247.10.238) 77.213 ms 68.281 ms 77.159 ms 14 ATM3-0.BR5.SAC1.ALTER.NET (137.39.52.145) 66.028 ms 67.430 ms 88.403 ms 15 502.at-5-0-0.XR1.SAC1.ALTER.NET (152.63.52.226) 70.063 ms 91.439 ms 66.66 3 ms 16 185.at-1-0-0.TR3.SCL1.ALTER.NET (152.63.50.154) 125.117 ms 133.248 ms 121 .238 ms 17 107.at-5-1-0.TR1.NYC8.ALTER.NET (146.188.140.201) 140.197 ms 136.864 ms 1 37.554 ms 18 185.ATM6-0.XR1.EWR1.ALTER.NET (152.63.20.217) 147.568 ms 144.596 ms 136.9 49 ms 19 193.ATM7-0.GW7.EWR1.ALTER.NET (152.63.24.197) 150.979 ms 149.565 ms 142.0 15 ms 20 headland-media-gw.customer.ALTER.NET (157.130.19.94) 143.146 ms 144.311 ms 150.976 ms 21 63.69.110.66 (63.69.110.66) 142.059 ms 140.763 ms * bash-2.03#

The traceroute command uses UDP packets to find intermediate gateway hosts. It sends UDP packets with increasing TTL values, starting with 1. When a packet with a TTL value of 1 reaches the first gateway host, it decreases the TTL value by one and the TTL value becomes 0. So the first gateway host drops this packet and generates an ICMP packet to notify the sending host that the packet was dropped. In this way, the first-hop gateway host shows its identity. The second-hop gateway host is determined by a UDP TTL value of 2 and so on. By default, three probe packets are sent for each hop (with the same TTL). The output of the traceroute command displays one line for each hop. In each line, the hostname and IP address of the gateway host along with return time of the three probe packets display. If no response packet is received from a gateway, an asterisk is printed. Consider the following line in the output: 4 edge1-ge1-0.lsan03.pbi.net (206.13.29.144) 33.490 ms ➥29.909 ms 31.896 ms

The first number in the line shows that this gateway is 4 hops away. The next hostname and IP address of the gateway host is printed.

Chapter 2

The return time for the first probe packet is 33.490 milliseconds, for the second probe packet 29.909 milliseconds, and for the third probe 31.896 milliseconds. The command tries to reach destinations up to 30 hops away, by default. If a destination is not reached within this limit, the command finishes. The traceroute command is often used to troubleshoot routing problems of broken links on the intermediate gateways. Using this command, you can determine at what point in the network a link is broken. Different error messages also may display, which are described in man pages of the command. Like the ping command, you can use different packet lengths with the traceroute command. The following command uses a 4000byte packet to traceroute from source to destination host. The default probe length is 40 bytes. bash-2.03# traceroute www.newriders.com 4000 traceroute: Warning: Multiple interfaces found; using ➥209.79.180.218 @ hme0:1 traceroute to newriders.com (63.69.110.220), 30 hops max, ➥4000 byte packets

Table 2.9 lists other useful options for the traceroute command.

TABLE 2-9

OPTIONS USED

WITH TRACEROUTE

COMMAND

Option

Description

-F

Set DF bit in the IP header.

-f first_hop

Sets first-hop TTL. The default is 1. This is used to skip a certain number of gateways at the start of probes.

-g gateway

This option is used to set a gateway in loose source routing.

-m maxhops

This option is used to set a maximum TTL value. The default maximum value is 30.

-p port

Port number to be used to UDP packets.

-q probes

Sets the number of probes for each hop.

-v

Verbose output. Prints some more information.

THE TCP/IP PROTOCOL

119

120

Chapter 2

THE TCP/IP PROTOCOL

As shown in Table 2.9, you also can start probing a path after a certain number of hops. The following command starts probing from the tenth gateway host: bash-2.03# traceroute -f 10 www.newriders.com traceroute: Warning: Multiple interfaces found; using 199.30.29.28 @ hme0:1 traceroute to newriders.com (63.69.110.220), 30 hops max, 40 byte packets 10 47.243.0.1 (47.243.0.1) 93.138 ms 61.599 ms 59.434 ms 11 209.0.252.133 (209.0.252.133) 87.134 ms 87.914 ms 65.217 ms 12 lo0.mp1.SanJose1.level3.net (209.247.8.239) 69.618 ms 200.415 ms 62.717 m s 13 pos9-0.core2.SanFrancisco1.level3.net (209.247.10.238) 63.504 ms 62.820 ms 74.109 ms 14 ATM3-0.BR5.SAC1.ALTER.NET (137.39.52.145) 87.010 ms 67.563 ms 66.055 ms 15 502.at-5-0-0.XR1.SAC1.ALTER.NET (152.63.52.226) 72.317 ms 128.004 ms 95.7 27 ms 16 185.at-1-0-0.TR3.SCL1.ALTER.NET (152.63.50.154) 82.839 ms 95.486 ms 68.29 0 ms 17 107.at-5-1-0.TR1.NYC8.ALTER.NET (146.188.140.201) 138.995 ms 143.264 ms 1 60.059 ms 18 185.ATM6-0.XR1.EWR1.ALTER.NET (152.63.20.217) 143.494 ms 136.689 ms 221.0 95 ms 19 193.ATM7-0.GW7.EWR1.ALTER.NET (152.63.24.197) 143.529 ms 154.610 ms 145.6 80 ms 20 headland-media-gw.customer.ALTER.NET (157.130.19.94) 165.344 ms 175.200 ms 156.264 ms 21 63.69.110.66 (63.69.110.66) 191.748 ms 147.439 ms * bash-2.03#

Common Network Problems Some of the common network problems and diagnosis methods are listed in the following sections.

Broken Cables If a cable is broken, you should be able to ping to the IP addresses configured on your own Solaris machine, but you will not be able to ping to any other host on the network.

Misconfigured Interfaces A network adapter may be misconfigured in a number of ways. You might have assigned the wrong IP address, the wrong netmask, or the wrong gateway. Use the ifconfig command to find the current configuration on all network adapters and then modify the configuration if you find an error.

Chapter 2

Wrong Netmask Check the netmask value configured on other hosts and compare it with your own value. You can find this value using the ifconfig or netstat command.

Wrong Gateways Use the traceroute command to trace the route to a host, which is not on your local network. If the gateway address is wrong, you will not be able to reach the first hop. Check gateway values on other hosts on your network to make a correction.

FINE-TUNING TCP

IN

SOLARIS

When using the TCP protocol on TCP/IP networks, the receiving side acknowledges all received data packets. If the packet is received correctly, a positive acknowledgment is sent. In case of any error, the receiving side requests the data packet to be sent again. That is why TCP is called a reliable protocol, as compared to UDP where no acknowledgments are sent. The sending host continues to send data packets without waiting for any acknowledgment up to a certain limit. If the limit is reached and no acknowledgment is received, the sending side waits for the acknowledgment from the recipient. This limit is called TCP window size. If the limit is set in terms of the number of packets and its value is 7, the sending side will send up to 7 TCP packets without receiving an acknowledgment. The window size plays an important role in bandwidth utilization of long-delay links, such as satellites. The window size is negotiated between source and destination at the time a TCP connection is established. Solaris supports large window sizes to get better throughput on slow links. Much fine-tuning can be done for the TCP protocol using the ndd command. Some of the important TCP parameters that play a role in TCP performance are listed in this section. You can modify these parameters by using the ndd command. Transmit High Water Mark tcp_xmit_hiwat This parameter is used to define the transmit buffer size. Receive High Water Mark tcp_recv_hiwat This parameter specifies the default size of the receive buffer, which is the space allocated to receive data.

THE TCP/IP PROTOCOL

121

122

Chapter 2

THE TCP/IP PROTOCOL

Maximum Buffer Size tcp_max_buf This parameter specifies the maximum buffer size that can be allocated for the socket option. You will learn about sockets in Chapter 4, “The ClientServer World: Ports and Sockets.”

Displaying and Setting Host Parameters You can define and display default values of parameters for different hosts and networks by using the tcp_host_param parameters with the ndd command. The following command sets send_buffer to 32000 bytes and receive_buffer to 48000 bytes for host 192.168.2.100: bash-2.03# ndd -set /dev/tcp tcp_host_param ‘192.168.2.100 ➥sendspace 32000 recvspace 48000’ bash-2.03#

To display current settings of host parameters, use the following command: bash-2.03# ndd /dev/tcp tcp_host_param Hash HSP Address Subnet Mask Send ➥Receive TStamp 014 300007d7608 192.168.002.100 016.014.016.004 0000032000 ➥0000048000 0 bash-2.03#

You also can delete host parameters with the same command, as follows: bash-2.03# ndd -set /dev/tcp tcp_host_param ‘192.168.2.100 ➥delete’ bash-2.03#

To have a complete list of parameters that can be set for TCP, use the command ndd /dev/tcp \?. The output of this command provides a long list of parameters that can be set and displayed with the help of the ndd command.

MAPPING IP ADDRESSES TO MAC ADDRESSES Before any host sends IP data to a destination address, it determines the MAC address of the destination host, because the Data Link layer knows only about MAC addresses. The Address Resolution Protocol

Chapter 2

(ARP) is a part of the TCP/IP stack implementation, and it maps IP addresses to MAC addresses. This protocol determines the MAC address given to an IP address. Another protocol, the Reverse Address Resolution Protocol (RARP), does the reverse process and maps the MAC addresses to IP addresses. RARP is used with diskless workstations. These protocols are explained in the following sections.

The Address Resolution Protocol (ARP) The Address Resolution Protocol is a broadcast protocol. When a host wants to get a MAC address corresponding to an IP address, it sends a broadcast packet on the local network. This packet basically asks all hosts on the local network whether anyone has that IP address. All hosts listen to this request, and the host that has the IP address replies. The reply data packet contains the MAC address of the host. If no host on the local network has that particular IP address assigned to it, no reply is received. The broadcast method of getting a MAC address is similar to the following situation. Suppose you are in a big room with many people inside. You want to talk to someone named Boota. To locate Boota, you make an announcement asking Boota to raise his hand. Now if Boota is present, he will raise his hand and you will be able to locate him. If no one by this name is present, you will not get a reply. ARP plays an important role in network communication on TCP/IP networks. Without such a method, it would not be possible for the Network layer to locate the MAC address of a host having the destination IP address. To verify ARP packets on your local network, you can use the snoop command. Lines starting with ARP in the following output of the snoop –v command show the ARP part of a packet: ETHER: ---- Ether Header ---ETHER: ETHER: Packet 6 arrived at 12:53:25.90 ETHER: Packet size = 42 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:e0:29:89:28:59 ETHER: Ethertype = 0806 (ARP) ETHER: ARP: ---- ARP/RARP Frame ---ARP: ARP: Hardware type = 1 ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes

THE TCP/IP PROTOCOL

123

124

Chapter 2

THE TCP/IP PROTOCOL

ARP: Length of protocol address = 4 bytes ARP: Opcode 1 (ARP Request) ARP: Sender’s hardware address = 0:e0:29:89:28:59 ARP: Sender’s protocol address = 192.168.2.1, desktop ARP: Target hardware address = ? ARP: Target protocol address = 192.168.2.222, 192.168.2.222 ARP:

The previous listing shows the ARP request packet. You can find the following important information in this packet: á MAC address of the destination, which is a broadcast address ff:ff:ff:ff:ff:ff

á MAC address of the source host á IP address of the source host á IP address of the destination Following is the output of the snoop ARP reply packet:

–v

command that shows an

ETHER: ---- Ether Header ---ETHER: ETHER: Packet 2 arrived at 13:01:8.43 ETHER: Packet size = 42 bytes ETHER: Destination = 0:e0:29:89:28:59, ETHER: Source = 8:0:20:9e:f0:50, Sun ETHER: Ethertype = 0806 (ARP) ETHER: ARP: ---- ARP/RARP Frame ---ARP: ARP: Hardware type = 1 ARP: Protocol type = 0800 (IP) ARP: Length of hardware address = 6 bytes ARP: Length of protocol address = 4 bytes ARP: Opcode 2 (ARP Reply) ARP: Sender’s hardware address = 8:0:20:9e:f0:50 ARP: Sender’s protocol address = 192.168.2.222, fana ARP: Target hardware address = 0:e0:29:89:28:59 ARP: Target protocol address = 192.168.2.1, desktop ARP:

Reverse Address Resolution Protocol (RARP) The Reverse Address Resolution Protocol is used by diskless workstations. Because there is no permanent storage space, the IP address configuration cannot be stored on these workstations. Instead, the configuration of each diskless host is stored on the RARP server.

Chapter 2

THE TCP/IP PROTOCOL

RARP servers keep a mapping of the MAC addresses to the IP addresses. When you turn on the diskless workstation, it broadcasts a request to locate the RARP server to find its IP address configuration. If an RARP server is present on the network, it replies to this request with an IP address. To send out the correct IP address to the requesting workstation, the RARP server checks its tables to find the IP address that corresponds to the MAC address of the requesting workstation.

Role of Ethernet Broadcast in ARP and RARP As you know, each network has an IP broadcast address. This is the last address in the range of IP addresses contained in that network. When the IP layer wants to send a broadcast packet to all hosts, it does not need to use ARP to find the destination MAC address. Instead, it uses a predefined MAC address used for a broadcast. This MAC address is ff:ff:ff:ff:ff:ff, which consists of all 1s in the 48-bit MAC address. Every host on the local network receives this IP packet and processes it. The same broadcast MAC address is used by ARP and RARP protocols to find the required server. From the output of the snoop –v command shown earlier, you can determine that this broadcast address is used for ARP requests.

Data Flow in TCP/IP Networks Before sending data to any other host, the sending host determines whether the destination host resides on the local network or any other network. To do so, the sending hosts performs an AND operation on its netmask and the destination IP address. If the result equals the network address, the destination host resides on the local network. If this is not the case, however, the destination host is present on some other host, and a router must be used to send that data packet to the destination address. If the destination host is on the local network, the sending host uses ARP to find the MAC address of the destination and sends that data packet directly to the destination host. If the destination is on some other network, however, the sending host checks the routing table to find out the

NOTE

The RARP protocol is being replaced by the Dynamic Host Configuration Protocol (DHCP), which is more flexible and easier to maintain.

Usually IP, ICMP, or UDP packets are used for broadcast. TCP is not used for broadcast.

125

126

Chapter 2

THE TCP/IP PROTOCOL

router address to send data to the destination. It then uses ARP to get the MAC address of the router and delivers the data packet to the router. After that, it is the responsibility of the router to determine how to deliver that data packet to the destination host. The AND process mentioned previously can be explained with an example. Assume that the sending host IP address is 192.168.2.10 and the netmask is 255.255.255.0. This is a Class C network, and the network address is 192.168.2.0. These numbers are shown in the binary notation here: Host address (192.168.2.10)

11000000 10101000 00000010 ➥00001010

Netmask (255.255.255.0)

11111111 11111111 11111111 ➥00000000

Network address (192.168.2.0)

11000000 10101000 00000010 ➥00000000

Assume this host wants to send data to a host with the IP address 192.168.2.64. To determine whether the destination host is on the local network, the sending host performs an AND operation on the destination host IP address (for instance, 192.168.2.64) and the netmask. This address in binary notation is shown here: Destination address (192.168.2.64)

11000000 10101000 ➥00000010 01000000

If you AND this number with the netmask, you get 11000000 10101000 which is 192.168.2.0, and you can see that this is the network address. In this way, the sending side comes to know that the host is on the local network. If you perform the same AND operation on another destination address, 23.54.10.123, with the netmask 255.255.255.0, the result is 23.54.10.0, which is not equal to the local network address. Therefore, any packet to this IP address must be sent through a gateway router.

00000010 00000000,

Data packets are forwarded to their destination in TCP/IP networks as follows: 1. Check the destination address to find out whether the destination resides on the local network. 2. If the destination resides on the local network, use ARP to find out the MAC addresses of the destination host.

Chapter 2

THE TCP/IP PROTOCOL

3. If the destination address resides on another network, check available routes to find out the router through which the packet should go. Find out the MAC address of the router. 4. Send the data packet to the destination host if destination is on the same network, or to the router if the destination is on another network. 5. If the destination is on another network, the router will repeat the same procedure to forward it to the destination host or to another router. Figure 2.9 uses a flow chart to show this process. Perform AND operation on netmask and destination address

If result is equal to network address, destination host is present on the local network

No

Destination on local network?

Check routing table to find out router through which data should be forwarded

Yes Use ARP to find MAC address of the destination host

Use ARP to find address of the route Send data packet to destination host directly

Send data to the router

Process next data packet

FIGURE 2.9 Data forwarding in TCP/IP networks.

127

128

Chapter 2

THE TCP/IP PROTOCOL

Using the Solaris arp Command to Manage the ARP Cache The Address Resolution Protocol keeps resolved MAC addresses in a temporary table, which is called the ARP cache. Entries in this table are mappings of IP addresses to hostnames. After some time, the ARP entries in this table are deleted automatically. Solaris provides the arp command to display and manage this table. The following command displays all entries in this table: bash-2.03# arp -a Net to Media Table: IPv4 Device IP Address ------ -------------------hme0 laptop hme0 desktop hme0 rehman-router hme0 fana hme0 fana-nt hme0 BASE-ADDRESS.MCAST bash-2.03#

Mask Flags Phys Addr -------------- ---- -------------255.255.255.255 00:10:7a:b6:03:ce 255.255.255.255 00:e0:29:89:28:59 255.255.255.255 08:00:39:03:3f:39 255.255.255.255 SP 08:00:20:9e:f0:50 255.255.255.255 SP 08:00:20:9e:f0:50 240.0.0.0 SM 01:00:5e:00:00:00

The first column in the output of this command shows the name of the network interface through which this entry was learned. The second column shows the hostname or IP address. The command tries to display the hostname if a hostname can be resolved. If the hostname cannot be resolved, the IP address displays in the second column. The third column displays the netmask used for this entry. The Flags column shows some information about this address. For example, the S flag shows that the entry is static, which is usually a host’s own IP address. The M flag shows that this entry is used for a multicast address. The last column shows the MAC address or physical address to which that IP address is assigned. Note that this command may be used indirectly to discover MAC addresses of other hosts. On large networks, the list generated by the arp –a command may be long. To find the entry for a particular host, you can use the following command, which determines the MAC address used by the host laptop: bash-2.03# arp laptop laptop (192.168.2.11) at 0:10:7a:b6:3:ce bash-2.03#

In this way, you can display the IP address as well as MAC address for a particular host.

Chapter 2

THE TCP/IP PROTOCOL

Adding New Entries to the ARP Cache Every resolved MAC address is automatically added to the ARP cache. You also can create an entry for a hostname yourself using the arp command. The following command adds an entry for the IP address 192.168.30.30 and sets its MAC address to 23:fd:a3:45:98:20: arp -s 192.168.2.30 23:fd:a3:45:98:20 pub

After that you can display the ARP cache and the new entry will appear in the listing, as shown here. The pub keyword makes these entries public for other hosts as well: bash-2.03# arp -a Net to Media Table: IPv4 Device IP Address ------ -------------------hme0 laptop hme0 192.168.2.30 hme0 desktop hme0 rehman-router hme0 fana hme0 fana-nt hme0 BASE-ADDRESS.MCAST bash-2.03#

Mask Flags Phys Addr -------------- ---- -------------255.255.255.255 00:10:7a:b6:03:ce 255.255.255.255 SP 23:fd:a3:45:98:20 255.255.255.255 00:e0:29:89:28:59 255.255.255.255 08:00:39:03:3f:39 255.255.255.255 SP 08:00:20:9e:f0:50 255.255.255.255 SP 08:00:20:9e:f0:50 240.0.0.0 SM 01:00:5e:00:00:00

To add multiple entries manually, you can use a text file. For this process, add all entries in the form shown here with one entry in each line: <MAC Address> pub

After creating this file, use the following command to add all entries listed in the file in a single step: Adding ARP entries is necessary for the host that wants to listen to IP packets on behalf of any other host. This situation arises when some other host is connected to this host (for example, on a PPP link using a modem line).

Deleting Entries from the ARP Cache The following command deletes the entry for the address 192.168.30.30 from the ARP cache: bash-2.03# arp -d 192.168.2.30 192.168.2.30 (192.168.2.30) deleted bash-2.03#

NOTE

arp –f

In normal operations, you don’t need to add or remove entries in ARP cache.

129

130

Chapter 2

THE TCP/IP PROTOCOL

The snoop Command and Layer Headers As mentioned in Chapter 1, each layer adds its header to the actual data. From the output generated by the snoop command, you can separate headers for each layer. Consider the following output of this command. All lines that start with ETHER are the Data Link layer header part. Lines starting with IP show the Network layer (IP) layer header part. Lines starting with TCP show the Transport layer header part. All lines starting with TELNET in this output show the Application layer header part: # snoop -v Using device /dev/hme (promiscuous mode) ETHER: ---- Ether Header ---ETHER: ETHER: Packet 31307 arrived at 12:02:24.82 ETHER: Packet size = 1483 bytes ETHER: Destination = 0:e0:29:89:28:59, ETHER: Source = 8:0:20:9e:f0:50, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ---- IP Header ---IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 1469 bytes IP: Identification = 47732 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 60 seconds/hops IP: Protocol = 6 (TCP) IP: Header checksum = f896 IP: Source address = 192.168.2.222, fana IP: Destination address = 192.168.2.1, desktop IP: No options IP: TCP: ---- TCP Header ---TCP: TCP: Source port = 23 TCP: TCP: Source port = 23 TCP: Destination port = 1029 TCP: Sequence number = 1967134259 TCP: Acknowledgement number = 4019093

Chapter 2

TCP: Data offset = 20 bytes TCP: Flags = 0x10 TCP: ..0. .... = No urgent pointer TCP: ...1 .... = Acknowledgement TCP: .... 0... = No push TCP: .... .0.. = No reset TCP: .... ..0. = No Syn TCP: .... ...0 = No Fin TCP: Window = 24820 TCP: Checksum = 0x0db5 TCP: Urgent pointer = 0 TCP: No options TCP: TELNET: ---- TELNET: ---TELNET: TELNET: “TCP: ---- TCP Header ----\r\nTCP: Source port = 10” TELNET: ETHER: ETHER: ETHER: ETHER: ETHER: ETHER:

\r\nTCP:

---- Ether Header ---Packet 31308 arrived at 12:02:24.82 Packet size = 1512 bytes Destination = 0:e0:29:89:28:59, Source = 8:0:20:9e:f0:50, Sun

From this output of the snoop command, you can correlate the conceptual discussion in Chapter 1 to the actual process of adding layer headers in a data packet.

THE TCP/IP PROTOCOL

131

132

Chapter 2

THE TCP/IP PROTOCOL

C A S E S T U DY : T H E B O O TA R E S E A R C H I N C . N E T WO R K I N S TA L L AT I O N ESSENCE OF THE CASE Following are the essentials of the case: . This is a relatively small network. . Due to multimedia applications, high traffic volume is expected. . The number of IP addresses allocated by the ISP is sufficient because there are only 40 hosts.

Boota Research Inc. is a newly established research organization. The organization is doing research on multimedia products and occupies 2 floors in a building. There are about 40 hosts present on their network. The organization got an Internet connection from XYZ Internet service provider. The ISP allocated 64 IP addresses to the organization. Due to multimedia applications, high traffic volume is expected on the network. Keeping this issue in mind, the organization wants to divide the network into two separate physical networks and use the IP addresses and bandwidth in an efficient way.

A N A LY S I S The network can be divided into 2 equal parts with 20 hosts in each network. Because the organization occupies 2 floors, it is a good idea to keep a separate network segment on each floor. Both of these network segments can be connected using a bridge so that traffic on one network segment does not pass through to the other segment. Available IP addresses can also be divided into 2 equal parts, each having 32 addresses. Netmask 255.255.255.224 will be used for each network having 32 hosts.

Chapter 2

THE TCP/IP PROTOCOL

133

CHAPTER SUMMARY This chapter introduced the TCP/IP protocol. The discussion started with a brief history of the protocol and a list of agencies responsible for operations on the Internet. You then learned about the different TCP/IP layers, and a comparison of these with OSI layers was presented. Then you learned about the structure of IP addresses and how an IP address is divided into host and network parts. Different IP address classes were also discussed here. You learned address ranges for all of these classes and their use. After that, there was an important discussion about network masks and subnetting. This concept was explained with two examples. You also learned about some other TCP/IP concepts such as supernetting, VLSM, IP address-to-host name mapping and reserved IP addresses. One of the most important parts of this chapter is the discussion of the structure of an IP header. The basic IP header consists of 20 bytes and has many fields in it. These fields include IP Version, Header Length, Type Of Service, and source and destination addresses, among others. An introduction to IP options was provided as well. The ICMP protocol is used for many purposes, and some of these were presented in this chapter. The ping and traceroute commands use the ICMP protocol. You also learned the structure of an ICMP header. Configuration of network interfaces is accomplished using the ifconfig command. To make a configuration permanent, you have to edit some files. You learned how to perform this task in this chapter. You also learned how to verify configuration using different commands. An overview of other concepts, such as IP fragmentation and reassembly, flow control, and TTL, was presented as well in this chapter. You read about common network problems and how to solve these. The ndd command was used to fine-tune some TCP parameters. The last part of the chapter was about ARP and RARP. These protocols are used to map IP addresses to MAC addresses and vice versa. After going through this chapter, you should be able to understand the TCP/IP protocol and configure IP addresses for LAN interfaces.

KEY TERMS • Transport Control Protocol/Internet Protocol (TCP/IP) • IP address • network address • netmask • subnetting • variable-length subnet mask (VLSM) • IP header • Time-To-Live (TTL) • fragmentation and reassembly • Type Of Service (TOS) • Internet Control Message Protocol (ICMP) • maximum transfer unit (MTU) • Address Resolution Protocol (ARP) • Reverse Address Resolution Protocol (RARP) • connection-less protocol • connection-oriented protocol • network classes

134

Chapter 2

THE TCP/IP PROTOCOL

A P P LY Y O U R K N O W L E D G E

Exercises

2. Use the ping command to send ICMP packets to another host.

2.1

3. Note what the TTL value is from the packets captured by the ndd command.

Display the Contents of ARP Packets Using the snoop Command

The purpose of this exercise is to demonstrate that hosts use ARP packets to find the MAC address of the destination host before sending an IP packet. Estimated Time: 10 minutes

4. Change the TTL value for the ICMP packets using the ndd command. 5. Again, capture packets with the snoop command to verify that the TTL value is changed now.

1. Log in to Solaris using the root user account. 2. Use the ifconfig command to display the current configuration of IP addresses on your host. 3. Use the arp command to display the ARP cache entries. Then try to ping to another host on the network. 4. Now, use the ifconfig command to configure a different IP address on your network interface. This IP address should not be in your own network. 5. Try to ping the same host again as you used in step 3. You should not be able to do so. In fact, you have misconfigured your own host. Bring the original configuration back using the ifconfig command. 6. Use the snoop –v command to display all the packets traveling on your local network. You should be able to find the ARP request and reply packets on the network. 2.2

Changing the TTL Value

The purpose of this exercise is to change the TTL value and then verify it using the ndd command. Estimated Time: 10 minutes 1. Start the snoop command on one terminal.

Review Questions 1. Name the different IP classes. 2. What is a netmask, and how is it used to define network boundaries? 3. Divide the network 172.16.0.0/16 into four subnetworks of equal size. 4. What is the use of the TTL field of the IP header? 5. What are common network problems, and how do you troubleshoot these? 6. What is the use of the ARP and RARP protocols?

Exam Questions The answers to these questions are provided in Appendix E, “Answers to Sample Exam Questions.” 1. Which of the following layers in the TCP/IP protocol covers the three upper layers of the OSI model? A. IP layer B. TCP layer C. Data Link layer D. Application layer

Chapter 2

THE TCP/IP PROTOCOL

135

A P P LY Y O U R K N O W L E D G E 2. The IP Layer can use which of the following lower layer protocols?

6. At which layer of the OSI model do the TCP and UDP protocols operate?

A. Ethernet

A. Data Link layer

B. HDLC

B. Network layer

C. Frame Relay

C. Transport layer

D. PPP

D. Application layer

E. All of the above

E. Session layer

3. What is the length of IPv4 addresses? A. 32 bits B. 48 bits C. 64 bits D. 128 bits 4. Which protocol maps IP addresses to MAC addresses? A. ARP B. RARP C. ICMP D. UDP 5. The ICMP protocol is used for which of the following? A. Error reporting in IP networks B. Network diagnostics C. The ping command D. All of the above

7. What information can you find in the /etc/inet/services file? Choose all that are correct. A. Names of different services B. Information about which services are operational and which are not C. Port numbers used by these services D. Number of connections allowed for each service 8. What is not true about ARP? A. ARP uses the broadcast method. B. ARP maps IP addresses to host names. C. Resolved MAC addresses are kept in the ARP cache table forever. D. Before sending any IP packet, ARP is used to determine the MAC address of the destination. 9. Any protocol, other than TCP and UDP, can also be used over IP. (True/False)

136

Chapter 2

THE TCP/IP PROTOCOL

A P P LY Y O U R K N O W L E D G E 10. Which statements about connection-less and connection-oriented services are true. Choose all that are correct. A. In connection-oriented services, an end-toend connection is established before starting transmission of data. B. TCP is used in connection-oriented services.

C. 255.255.255.0 D. 255.255.0.255 14. What is the broadcast address for a network number of 192.168.20.64 with network mask of 255.255.255.224? A. 192.168.20.255 B. 192.168.20.127

C. UDP may be used both for connection-less and connection-oriented services.

C. not 192.168.20.95

D. Connection-less services are reliable.

D. 192.168.20.63

E. TCP is slow as compared to UDP because there is a communication overhead to provide reliability for data transfer. 11. Which of the following statements about an IP address are true. Choose all that are correct. A. An IP address consists of 4 octets. B. The value of each octet may range from 0 to 256. C. Each octet in an IP address consists of 8 to 16 bits. D. 182.268.20.30 is not a legal IP address. 12. Which of the following subnet masks is not legal? A. 255.255.255.0 B. 255.255.255.224 C. 255.255.255.244 D. 255.255.255.248 13. What is the default netmask address for Class B networks? A. 255.0.0.0 B. 255.255.0.0

15. How many hosts can you have in a Class C network? A. 256 B. 255 C. 254 D. As many as you want 16. In which class of IP addresses does the network 126.0.0.0 reside? A. Class A B. Class B C. Class C D. Class D 17. Addresses in Class C networks start with which bit pattern? A. 00 B. 01 C. 110 D. 0111

Chapter 2

THE TCP/IP PROTOCOL

137

A P P LY Y O U R K N O W L E D G E 18. Which class of IP addresses is used for multicast networks? A. Class A B. Class B C. Class C D. Class D E. Class M 19. How many bits do you need to add to the netmask to divide a Class C network into four subnets? A. 1 B. 2 C. 4 D. 8 20. The method used to divide a network into subnetworks of different lengths is called what? A. Subnetting B. Supernetting C. VLSM D. CIDR 21. Which of the following is the correct way to write a Class C network? A. 192.168.2.0/8 B. 192.168.2.0/16 C. 192.168.2.0/24 D. 192.168.2.0/32

22. Which addresses are not used on the Internet because they are in an experimental range? Choose all that apply. A. 192.168.2.0 B. 172.16.0.0 C. 168.16.0.0 D. 10.0.0.0 E. 10.1.0.0 23. Which IP address is assigned to a loopback interface? A. 127.0.0.0 B. 127.0.0.1 C. 10.0.0.1 D. 0.0.0.0 24. The /etc/inet/hosts file can use which syntax? Choose all that apply. A. B. C. D. 25. How do you find out about the IP version used in an IP packet? A. The version command B. The Version field in an IP packet C. The Protocol field in IP packet D. The source and destination address field in an IP packet

138

Chapter 2

THE TCP/IP PROTOCOL

A P P LY Y O U R K N O W L E D G E 26. From which file can you find protocol numbers assigned to different protocols? 27. ICMP packets are used for which of the following? Check all that apply. A. Parameter Problem B. Source Quench

30. How can you set the MTU value for a LAN interface? A. The ifconfig command B. The ndd command C. The mtu command D. The arp command

C. Redirect message D. Echo Request and Echo Reply E. All of the above 28. Which of the following command configures network interface hme0 correctly? A. ifconfig

netmask 255.255.255.0 hme0

192.168.5.6 up

Answers to Review Questions 1. The following are the different IP classes: • Class A networks • Class B networks • Class C networks

B. ifconfig

hme0:0 192.168.5.6 255.255.255.0

• Class D networks

C. ifconfig

192.168.5.6 hme0 netmask

• Class E networks

255.255.255.0 up

D. ifconfig

hme0 192.168.5.6 netmask

255.255.255.0 up

29. Which of the following commands can be used to check IP address on an interface? Check all that apply. A. ifconfig B. netstat C. ping D. traceroute

2. A netmask shows how many bits in an IP address are part of the network part of the IP address. Given an IP address and a netmask, network boundaries can be easily determined. For example, a netmask of 255.255.255.0 shows that the rightmost 8 bits in an IP address show the host part of an IP address. The remaining 24 bits on the left side show the network part of the IP address. The network part of the IP address remains fixed within a network. If you combine this netmask with IP address 192.168.2.20, you can easily see that network boundaries are from 192.168.2.0 to 192.168.2.255. This is determined by keeping 24 bits from the left side and varying the rightmost 8 bits.

Chapter 2

THE TCP/IP PROTOCOL

139

A P P LY Y O U R K N O W L E D G E 3. The default netmask for this network is 255.255.0.0. If you add 2 more bits to this net mask, the network will be divided into 4 smaller networks. The resulting scheme is shown in the following table: Network Number

1

Range of IP Addresses That Can Be Assigned to Hosts 172.16.0.1 to

Network Address

Broadcast Address

Netmask

172.16.64.1 to

172.16.128.1 to

192.168.63.255

255.255.192.0

172.16.64.0

172.16.127.255

255.255.192.0

172.16.128.0 172.16.191.255

255.255.192.0

172.16.192.0 172.16.255.255

255.255.192.0

172.16.191.254 4

172.16.192.1 to

• Wrong IP addresses

• Broken cables 172.16.0.0

172.16.127.254 3

5. Some of the common network problems are as follows:

• Wrong netmask.

172.16.63.254 2

4. The TTL value determines the number of hops a packet can travel. It is decremented at every hop, and a packet is dropped if it becomes 0.

• Wrong gateway address • The ping, traceroute, and netstat commands enable you to troubleshoot these problems. 6. ARP is used to map IP addresses to MAC addresses, and RARP is used in just the opposite way with MAC addresses mapping to IP addresses.

172.16.255.254

Suggested Readings and Resources Computer Networks. Andrew S. Tanenbaum Computer Networks and Internets. Douglas E. Comer and Ralph E. Droms TCP/IP Unleashed. Parker et al. TCP/IP Illustrated vol. 1. Richard Stevens

Internetworking with TCP/IP Vol. I: Principles, Protocols, and Architecture. Douglas E. Comer IP Fundamentals : What Everyone Needs to Know About Addressing & Routing. Thomas A. Maufer RFC 791

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam: Describe IP routing. Identify the Solaris 8 daemons that implement routing protocols. Identify the files used to configure routing.

. TCP/IP networks are usually connected to each other using devices known as routers. These routers run special type of protocols, known as routing protocols. Routing protocols determine the path from the source host to the destination host before a data packet can be sent to the destination. There are multiple types of routing protocols. Types that are available on the Solaris platform by default are the Routing Information Protocol (RIP) and the Router Discovery Protocol (RDISC). Identify the purpose of the files used to configure routing.

. Configuration files are used to configure these protocols, and you need to know the syntax and purpose of these files. Administer the routing table.

. Routing table entries are managed by the route command. You can display these entries using the netstat command. You need to know how to manage a routing table using these commands. Describe classless interdomain routing.

. Some information about classless interdomain routing (CIDR) is also needed. This type of routing is explained later in this chapter.

C H A P T E R

3

Routing in TCP/IP Networks

OUTLINE Introduction

xx

Introduction to Routing in TCP/IP Networks xx

Planning TCP/IP Networks

xx

Planning for Network Design

xx

Planning for IP Addressing

xx

Routing Startup and Configuration Files

xx

The /etc/defaultrouter File

xx

The /etc/gateways File

xx

The /etc/inet/networks File

xx

The /etc/init.d/inetinit File

xx

IP Forwarding

xx

Network Addresses and Communication Among Different Networks

xx

Common Routing Problems

xx

Types of Routing

xx

Troubleshooting Commands

xx

Routed and Routing Protocols

xx

Using the ping Command

xx

Static Route Configuration

xx

Using the traceroute Command

xx

Default Routes

xx

Using the netstat Command

xx

xx

The ifconfig Command

xx

Essence of the Case

xx

Analysis

xx

Classless Internet Domain Routing (CIDR) So Which Routing Should I Use? Static or Dynamic

Configuring RIP and RDISC How Does a Host Determine Whether It Is a Router?

xx

xx xx

Configuring RDISC (in.rdisc)

xx

Configuring RIP (in.routed)

xx

Chapter Summary

XX

Apply Your Knowledge

XX

S T U DY S T R AT E G I E S Routing in IP networks is a relatively complicated task. Everybody learns it with experience. To learn this process, the following study strategies are recommended: . Go through this chapter and complete all the examples.

. Configure a host and configure default routes on it.

. Configure a host as a router using static routes. . Configure a host as a router using RIP as the routing protocol.

Once again, note that you need lots of exercise to master routing on Solaris systems. Because of that, this chapter places the most emphasis on practical exercises.

144

Chapter 3

ROUTING IN TCP/IP NETWORKS

INTRODUCTION Interconnection is what the Internet is all about. Whenever networks are connected together, a mechanism must exist by which data packets can be filtered and routed to other connected networks. As mentioned in Chapter 1, “Introduction to Computer Networks,” routers are the devices used to connect networks together. Sometimes these routers are called gateways. The term gateway was used in a different context in Chapter 1, but from this point on, router and gateway are used interchangeably in this book unless explicitly differentiated. This chapter starts with an introduction to TCP/IP network planning. There is some description of network addresses and how communication takes place among multiple networks connected by routers. There are two major types of routing: static and dynamic. In static routing, the routing table is defined by network administrators, and it remains there until modified by someone. In dynamic routing, one or more routing protocols are used to manage the routing table. Entries in the routing table are added, deleted, or modified depending on network conditions. There are two major types of routing protocols: distance vector and link state. This chapter covers both types of routing. RIP and RDISC are used on Solaris systems for dynamic routing. This chapter teaches you how to configure and use both of these on Solaris. You also learn about the files used for the configuration and startup of network routing on Solaris. Then you learn how to enable or disable IP forwarding from one network interface to another in Solaris. Finally, this chapter covers some common routing problems and ways to troubleshoot for these. After going through this chapter, you should be able to understand basic routing concepts and be able to differentiate between static and dynamic routing. You also should be able to define the static route and you should be able to configure dynamic routing. You also should know how to troubleshoot common routing problems.

Chapter 3

INTRODUCTION TO ROUTING TCP/IP NETWORKS

ROUTING IN TCP/IP NETWORKS

IN

This chapter evaluates how data packets travel from source to destination. Before transmitting an IP packet, the sending host checks the destination address to determine its mask, which was discussed in detail in Chapter 2, “The TCP/IP Protocol.” If the destination host lies on the local network, the IP packet is directly transferred to the destination using a lower-layer mechanism. The ARP protocol is used to find the MAC address that corresponds to the destination IP address. If the destination address does not lie on the local network, however, the sending host determines to which router it should be forwarded. Most of the time only one router is known as the default gateway. When a router receives an IP packet, it checks the destination IP address to determine which network should it be routed. Routers use their routing tables for this purpose. If a router cannot find any route to the destination, it drops the data packet generating an ICMP message for the source host. This ICMP message is the Destination Unreachable type packet. Each IP packet contains the source and destination IP address. Routing decisions are made depending on these addresses. Traditional routing uses only the destination IP address to make a route decision. Policy-based routing also uses the source address to route a packet through a particular path. When a packet reaches its destination, and the destination host needs to send back some information to the source host, it uses the source IP address in the incoming IP packet. Routers operate at the Network layer level of TCP/IP networks. Figure 3.1 shows a typical data path taken by an IP packet from a source to a destination connected by a router. When the data packet reaches the router, it travels upward to the IP layer, where the decision to forward or drop the data packet is made.

145

146

Chapter 3

ROUTING IN TCP/IP NETWORKS

FIGURE 3.1 Routing in TCP/IP networks.

Application layer

Application layer TCP/UDP layer IP layer Data Link layer Physical layer Source Host

IP layer Data Link layer Physical layer Router

TCP/UDP layer IP layer Data Link layer Physical layer Destination Host

Note that multiple routers may reside along the path from the source to the destination host. The IP packet travels from the Physical layer to the IP layer at each router until it reaches the destination or until it is dropped.

PLANNING TCP/IP NETWORKS Planning makes life much easier when it comes to computer networks. Networks grow, regardless of whether you foresee it. During network growth, there are two main possibilities. If you have planned your network well, you know how to deal with network growth demands. If not, you end up meeting network growth needs as they arise. Obviously, the first situation makes forecasting the needs of the network much easier. While planning a network, you have to do two types of major planning work: the physical network layout and the IP-level planning. The network topology is what defines a physical network. The logical network involves the network design at the IP level.

Planning for Network Design While designing the physical network and selecting different network technologies, keep in mind the following factors: á The number of client and server machines on your network á The types of servers For some servers, you might have to install multiple network adapters when the network interface becomes a bottleneck. Also, a server might be connected to multiple physical networks and you might want to keep network traffic for these networks separate.

Chapter 3

ROUTING IN TCP/IP NETWORKS

á The amount of expected data flow on the network For high volumes of data flow, you need to use a high-speed connection method. á The physical span of the network For smaller networks, 10BASE-T might suffice, but if a network spans over a large area, you might need to think about FDDI or an ATM backbone. After considering these factors, you can decide about the following: á Network topology (whether it will be a bus, a star, a ring, or a mixture of these) á Network media (such as Ethernet, Token Ring, FDDI, or anything else) á Cabling and connector types (which will support the required speed for your network) Based on this information, you also have to decide about other network equipment, such as routers, switches, and so on. You also have to divide your network into different segments, connected by bridges, switches, or routers. If you use switches or bridges to connect segments of your network, you should keep those hosts that exchange data with each other frequently on the same segment so that data flow among different segments is kept to a minimum.

Planning for IP Addressing Planning to use available IP addresses more efficiently is crucial. You might have to divide your available IP addresses into subnets. Note that multiple IP networks can exist on a single physical network because these are logical networks. While planning for IP networks, keep in mind the future growth of your network and consider the traffic generated by different servers. Typically, network administrators keep some IP addresses free on all IP networks in case they need to add more hosts in the future. While planning networks on the logical level, keep the following things in mind: á IP addresses division You can divide the available IP addresses into subnets if necessary.

147

148

Chapter 3

ROUTING IN TCP/IP NETWORKS

á The IP addressing scheme á The naming scheme for hosts á Network registration You must register your network with the Internet registration authorities. á Hostname resolution schemes (DNS, NIS, NIS+) and any servers required for these á Potential DHCP use (discussed in Chapter 5, “Configuring and Managing Dynamic Host Configuration”). á Routing methods If there are routers involved in your network, you must determine which routing method to use. After you have dealt with these issues, you can start the actual work of installing your network.

NETWORK ADDRESSES AND COMMUNICATION AMONG DIFFERENT NETWORKS You already know about the structure of IP addresses. You also know that all hosts in a network must have unique IP addresses. These IP addresses are assigned by the network administrator while setting up the network. Addresses also may be assigned using the Dynamic Host Configuration Protocol, which is discussed in Chapter 5. At the same time, another type of address is set up as well. This address is for each host and is known as the network address. A network address is the same for all hosts in a network. Just as IP addresses uniquely define a particular host in a network of many hosts, a network address uniquely defines a particular network in an internetwork environment. Usually, all the data traffic routing decisions are made on the basis of network addresses, although routes can be defined for individual hosts as well. When you add a host to an IP network, you must supply at least the following three configuration parameters to the host:

Chapter 3

ROUTING IN TCP/IP NETWORKS

149

á IP address for the host á Network address to which that host belongs

Suppose, for example, that a host has an IP address of 192.168.2.10, a network address of 192.168.2.0, and a netmask of 255.255.255.0. If you don’t have any of these three numbers, a host can’t take part in the IP network. Netmasks are used to define network address boundaries. A netmask is a special type of number that shows how many bits in the IP address of all hosts taking part in the network are common. If all these bits are marked as 1s and all variable bits are marked as 0s, you get a netmask. Netmasks also are written in dot notation like IP addresses and network addresses. Consider an example of three hosts in a Class C network. IP addresses for these hosts are 192.168.2.10, 192.168.2.34, and 192.168.2.37. The common part in these IP addresses is 192.168.2, which are the left three octets. Now replace this common part with 1s and the remaining octet with 0s. This results in netmask 255.255.255.0, which is the default netmask for all Class C networks. Networks are connected using routers. A router has information about all the connected networks. If a router is connected to four networks, for example, it has a list of all these networks in what is called a routing table. The routing table is a kernel data structure that keeps a record of the available paths in a network. As soon as a router receives an IP packet, it checks the destination IP address present in the header of that IP packet. Based on that destination IP address, the router forwards the IP address to a particular network. This decision is made after looking up the routing table for available routes. If the router does not find any destination network for the IP packet, it just drops that IP packet and sends back an ICMP packet to the source showing that the destination for the IP packet could not be reached. Routers also are connected to other routers and depending on the destination IP address and routing table, a packet might also be forwarded to another router. This other router is usually called as the next hop for the IP packet. When the packet reaches the next hop, that router decides the fate of the IP packet.

NOTE

á Netmask, which defines the range of IP addresses that belong to the network Default netmasks are used with different classes of IP networks. These default netmasks are as follows:

• For Class A networks, the default netmask is 255.0.0.0. • For Class B networks, the default netmask is 255.255.0.0. • For Class C networks, the default netmask is 255.255.255.0.

150

Chapter 3

ROUTING IN TCP/IP NETWORKS

For routers placed at network edges and customer premises, a default route is defined as well. This default route enables the router to forward an IP packet to a more intelligent router for which it cannot find a destination route in its own routing table. If a default route is defined, the router does not drop packets meant for an unknown destination. Instead, the router sends the packet to this default router, assuming that the next hop router will find a destination route for the packet. How does a packet reach a router in the first place? When a host needs to send an IP packet to another host, it checks the destination IP address to find out whether the destination host is present on the local network. If it is, the sending host directly forwards the data packet to the destination. If the destination host does not lie on the local network, the data packet is forwarded to the router. It is then the responsibility of the router to forward it to the destination host on a directly connected network or through another router. As a data packet travels toward its destination, it passes through many routers. Each step in this process is called a hop. The Routing Information Protocol (RIP) uses this hop count to determine the shortest path between a source and destination.

TYPES

OF

ROUTING

There are two types of routing in IP networks: static and dynamic. Static routing, as its name suggests, is fixed routing. Network administrators define static routes, and these are kept constant unless changed manually by an administrator. Dynamic routes, on the other hand, are calculated at runtime depending on network conditions. Different network parameters play an important role in calculating dynamic routes. These parameters include the number of hops between the source and destination hosts, bandwidth on interconnecting network segments, reliability of different paths, time delays, and so on. The routing path also depends on the type of routing protocol used while calculating a route. If both static and dynamic routes are available for a particular destination, usually static routes are preferred. Before discussing these two methods of routing, it’s important to look at the differences between routing and routed protocols.

Chapter 3

ROUTING IN TCP/IP NETWORKS

Routed and Routing Protocols A routed protocol is a protocol that can be routed across different networks. For example, IP is a routed protocol. It means that using some other mechanism (a routing protocol), a decision about forwarding IP packets from one network to another can be made. A routing protocol is one that determines which data packet of a routed protocol should take a particular path from source to destination. The routing protocols provide a mechanism to determine the lowest cost path. The cost of a path is determined by the number of hops from source to destination, bandwidth, latency, or other factors. Two major types of routing protocols are discussed in the following sections. The basic difference between these two protocols is the way that they discover the optimal routes from a source to a destination.

Distance-Vector Routing Protocols In the distance-vector routing algorithm, each router forwards its knowledge of connected networks to its neighboring routers using broadcast or multicast. The listening router gets this information from the neighboring routers, builds its own routing table, and forwards its routing information to other neighboring routers. Each router sends distance information about connected networks in terms of the number of hops, which is not the physical distance. When this transfer completes, each router has knowledge of the connected networks. This routing algorithm is also known as the Bellman-Ford algorithm. The most common example of a protocol that uses the distance-vector routing is the Routing Information Protocol. Distance-vector routing is simple but has some drawbacks. If a link failure occurs, the algorithm takes some time to converge or stabilize. During this time, routers might have inconsistent knowledge of the network, which might result in routing loops. You would need to take care of this. Because the distance from source to destination is measured in terms of the number of hops, the routing algorithm might choose a longer physical path while deciding on a route. Similarly, the algorithm might also decide on a low-bandwidth path even though a highbandwidth path is available just because the low-bandwidth path has

151

152

Chapter 3

ROUTING IN TCP/IP NETWORKS

a fewer number of hops. In smaller network designs, it is important to optimally utilize bandwidth along different paths. In a bad design, you might end up overutilizing (and hence long delays) some of the links while other links stay free. The good thing about distance-vector routing protocols is that they are easy to configure and maintain.

Link-State Routing Protocols Cumulatively known as Shortest Path First (SPF) routing algorithms, link-state routing algorithms keep a much more complex and complete knowledge of the interconnected network topology. Exchange of information about a change in the network is done through the link-state advertisement (LSA). As soon as an event is detected in the network, the LSA transfer is triggered, which means routing tables can be rebuilt as soon as possible. This process is much faster than the distance-vector protocol, in which information is exchanged on a timely basis rather than events. Link-state routing protocols, unlike the distance-vector routing protocols, maintain full knowledge of the network topology. Link-state routing protocols can use other information in addition to the number of hops to calculate an optimal route. This helps better utilize the available bandwidth on different links. In the initial network discovery process, link-state protocols use a lot of data transmission and might degrade network performance for some time. These protocols need much more computation and memory compared to distance-vector protocols and might not be suitable for low-computational-power routers or routers with small memory. Link-state routing protocols are useful for networks of any size. In normal use, routers using these protocols exchange less data if there are no topological changes. Networks using link-state routing are more scalable and provide more stability during topology changes. The most common example of a link-state routing protocol is the Open Shortest Path First (OSPF) protocol.

Chapter 3

ROUTING IN TCP/IP NETWORKS

Static Route Configuration As mentioned earlier, static routes are configured manually and these routes stay there until someone changes them. Static routes are used when a network has a small number of interconnections to other networks. For example, small private networks usually connect only to their service provider network, and there is only one route to send and receive data to the rest of the world. In such a case, there is no need to use dynamic routing at all. The network administrator sets up a static route in his router that transfers all outgoing data through this route. Static routes are set up using the route command. The following command sets up a route to network 192.168.20.0 to go through router 192.168.2.1: bash-2.03# route add -net 192.168.20.0/24 192.168.2.1 add net 192.168.20.0/24: gateway 192.168.2.1 bash-2.03#

If the route creation is successful, the command displays an output to show the route creation. To verify that route creation is successful, you can use the netstat command to display the current routing table. The following command shows a typical set of available routes both for IP version 4 and 6: bash-2.03# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ---- ---- ------ -------192.168.2.0 192.168.2.222 U 1 0 hme0 192.168.20.0 192.168.2.1 UG 1 0 224.0.0.0 192.168.2.222 U 1 0 hme0 default 192.168.2.1 UG 1 12 127.0.0.1 127.0.0.1 UH 22 6931 lo0 Routing Table: IPv6 Destination/Mask Gateway -------------------------- -------------------------fe80::/10 fe80::a00:20ff:fe9e:f050 ff00::/8 fe80::a00:20ff:fe9e:f050 default fe80::a00:20ff:fe9e:f050 ::1 ::1 bash-2.03#

Flags Ref Use If ---- ---- ------ ---U 1 0 hme0 U 1 0 hme0 U 1 0 hme0 UH 1 0 lo0

153

154

Chapter 3

ROUTING IN TCP/IP NETWORKS

A route set up in this way will be lost as soon as you reboot our server or workstation. To enable static routes each time you boot up your computer, a permanent record of static routes must be maintained.

Static Routes Example Now consider an example that relates to setting up static routes. Three networks are shown in Figure 3.2. These networks are marked as Network 1, Network 2, and Network 3. The network address for Network 1 is 192.168.10.0, for Network 2 it is 192.168.20.0, and for Network 3 it is 192.168.30.0. Router 1 connects Network 1 and Network 2 while Router 2 connects Network 2 and Network 3. The network interface of Router 1, which is connected to Network 1, is assigned the IP address 192.168.10.12, and the network interface of Router 1 connected to Network 2 is assigned the IP address 192.168.20.21. Similarly, the network interface of Router 2, which is connected to Network 2, is assigned the IP address 192.168.20.23, and the network interface of Router 2, which is connected to Network 3 is assigned the IP address 192.168.30.32. As you might have noticed, the last two digits of each IP address assigned to the router network interfaces show connecting networks. FIGURE 3.2 Defining static routes. 192.168.20.21 Router 1 Network 1 192.168.10.0

192.168.10.12

Network 2 192.168.20.0

Router 2

192.168.20.23 Network 3 192.168.30.0

192.168.30.32

Chapter 3

ROUTING IN TCP/IP NETWORKS

Any network traffic originating from Network 1 that is going to Network 2 or Network 3 must pass through Router 1. So all hosts on Network 1 must have static routes pointing to the IP address of the interface of Router 1, which is connected to Network 1. To do so, you have to issue the following two commands on all hosts of Network 1: route add 192.168.20.0/24 192.168.10.12 route add 192.168.30.0/24 192.168.10.12

These two entries show that all data packets whose destination address lies in networks 192.168.20.0 or 192.168.30.0 must be forwarded to host 192.168.10.12, which is Router 1. When any such data packet reaches Router 1, it will analyze the destination address of the packet. If it is for a host in Network 2, it will be directly delivered to that host. If the destination address lies in Network 3, however, Router 1 will forward that IP packet to Router 2. Router 2 will then deliver this IP packet to the destination address. Now consider which static routes will be configured for hosts in Network 2. If a host in Network 2 wants to send a data packet to any other host in the same network, it will be delivered directly. If the destination address lies in Network 1, the packet should be forwarded to that interface of Router 1, which is directly connected to Network 2. The interface IP address in this example is 192.168.20.21. Similarly, if the destination address for an IP packet lies in Network 3, it must be forwarded to that interface of Router 2, which is directly connected to Network 2. In this example, the interface address is 192.168.20.23. Therefore, all hosts of Network 2 have the following two static routing entries: route add 192.168.10.0/24 192.168.20.21 route add 192.168.30.0/24 192.168.20.23

For hosts in Network 3, all IP packets for destination addresses in Network 1 or Network 2 should be forwarded to the interface of Router 2, which is directly connected to Network 3. In this example, the IP address of this router is 192.168.30.32 and the routing entries are as follows: route add 192.168.10.0/24 192.168.30.32 route add 192.168.20.0/24 192.168.30.32

155

156

Chapter 3

ROUTING IN TCP/IP NETWORKS

When an IP packet reaches Router 2, it will examine the destination address for that IP packet. If the destination address lies in Network 2, it will be directly delivered to the destination host. If the destination IP address lies in Network 1, the packet will be forwarded to Router 1. Router 1 will then deliver this IP packet to the destination host in Network 1. Note that if you are responsible for configuring the routers, you also have to set routing entries in these routers. These routers might be dedicated machines from other companies or they might be Solaris Workstations or Servers. If Solaris is being used as routers, the routing entry for Router 1 is as follows: route add 192.168.30.0/24 192.168.20.23

The routing entry for Router 2 is as follows: route add 192.168.10.0/24 192.168.20.21

Note that you have to set up only one entry in each router, and this is for the network, which is not directly connected to the router. Each router already has knowledge of directly connected networks, so there is no need to define any static routing entries.

Default Routes Default routes are commonly used on all hosts in a network. A default route is a route of last resort and is used only when no route is available to forward a packet. Default routes on hosts usually point to a router that connects the local network to the Internet or to a more intelligent router. In case a host needs to send a packet to another host for which no route is available, it forwards it to the default router. The router then looks up its own routing table to send the packet to its destination. Like hosts, routers also might have a default route defined. The default route for routers usually points to a more intelligent router. Routers on the customer premises use the default route to send IP packets to the main router connected to the Internet. This main router is usually the ISP router. Configuring a default router is easy on Solaris systems. The /etc/defaultrouter file contains an IP address or host name of the default router. A typical entry in this file might be something like this: 192.168.2.1

Chapter 3

ROUTING IN TCP/IP NETWORKS

The preceding line configures 192.168.2.1 as default router for the host. You also can use a host name instead. In this case, the host name for the default router must be present in the /etc/inet/hosts file. To verify that a default router has been defined for your host, use the netstat –rn command. It should list a line such as the following in the displayed routing table: default

192.168.2.1

UG

1

17

If you are using any of the dynamic routing protocols, a default route may be selected from one of the available routers having higher preference. Higher preference is given to one of the available routes having lower cost.

Classless Internet Domain Routing (CIDR) Historically, routing was done on the basis of IP network classes. While maintaining routing tables, for example, Class B networks were treated as a single entity. When IP addresses became sparse, need for better utilization of IP addresses was felt. Therefore, these days you can split networks into subnetworks and you can also combine networks to form supernets. Routing that can handle subnetworks and supernetworks is called Classless Internet Domain Routing (CIDR). Solaris supports CIDR, but some routing protocols still don’t support it.

So Which Routing Should I Use? Static or Dynamic The choice of using static or dynamic routing depends on reliability, ease of maintenance, and network size among other factors. Generally speaking, static routing is used for small networks, typically with fewer than 10 routers. With static routes, no broadcast or any other type of information exchange occurs, and hence static routes require zero network overhead. However, you might have to modify configuration on multiple routers when a change in routing is required. Dynamic routing, on the other hand, is used for larger networks. The maintenance overhead is low compared to static routes.

157

158

Chapter 3

ROUTING IN TCP/IP NETWORKS

CONFIGURING RIP

AND

RDISC

Two commonly used dynamic routing methods are available on Solaris to fill up routing tables: the Router Discovery Protocol (RDISC) and the Routing Information Protocol (RIP). RDISC is used to discover available routers on the networks. RDISC is run either in Host mode or in Router mode. If it is running in Host mode, it listens only to router broadcasts. If it is running in Router mode, it broadcasts messages on the network. RDISC uses the ICMP router discovery method. The in.rdisc daemon is used to support RDISC. RIP uses in.routed daemon and is started at the boot time. It is used to exchange routing information among hosts and routers. Both RIP and RDISC are standard TCP/IP protocols.

How Does a Host Determine Whether It Is a Router? A host acts as a router if one of the following conditions is true: á There are multiple /etc/hostname.interface files present. It shows that multiple network interfaces are configured. An example of this file is /etc/hostname.hme0, which shows the presence of the network interface hme0. á Someone configures multiple network interfaces manually using ifconfig command.

Configuring RDISC (in.rdisc) The ICMP type field values 9 and 10 in the ICMP header part of the ICMP packet are used for RDISC. Type 9 is used for a router advertisement, and Type 10 is used for router selection. The in.rdisc daemon uses ICMP router discovery protocol and there are two modes of the daemon: the Host mode and the Router mode. RDISC uses multicast addresses to fill out routing tables. These modes are discussed in the following sections.

Running RDISC in Host Mode When you start in.rdisc in Host mode, in.rdisc listens to the ALL_HOSTS multicast address. This address is 244.0.0.1 and routers advertise messages on this address. At the start time, in.rdisc

Chapter 3

ROUTING IN TCP/IP NETWORKS

ignores all router advertisements except for those routers that are present on one of the directly connected networks. The higher preference routers are selected to enter default routing entries in the routing table. Sometimes in.rdisc can also sends router solicitation messages on the ALL_ROUTERS (224.0.0.2) multicast address to find available routers. The in.rdisc gives up if a response is not received after three solicitation messages.

Running RDISC in Router Mode When started in Router mode, in.rdisc starts listening to the ALL_ROUTERS multicast address. It starts sending messages on the ALL_HOSTS multicast address. Initially, it sends a number of advertisements in the first 30 seconds. After that in.rdisc advertises routing every 10 minutes. If it finds any router solicitation message, it sends routing information to the requesting host.

TABLE 3.1

COMMAND-LINE OPTIONS USED

WITH IN.RDISC

Option

Description

-r

Runs the daemon in Router mode.

-p <preference>

Sets the preference number transmitted in solicitation messages. The default is 0.

-a

Accepts all routers ignoring preference. Normally in.rdisc accepts only routers with the highest preference.

-s

Sends three solicitation messages and if no response is received, it gives up.

-f

Runs in.rdisc forever even if no response is received to the initial solicitation messages.

-T

Sets the interval between consecutive advertisements. The default interval is 600 seconds.

NOTE

The daemon is usually started through the /etc/rc2.d/S69inet script. Table 3.1 shows common command-line options used with in.rdisc.

On the router, you should run RIP in addition to RDISC to be able to exchange routing information among different routers. RDISC cannot be used as a general-purpose routing protocol on the Internet.

159

160

Chapter 3

ROUTING IN TCP/IP NETWORKS

Disabling RDISC To stop RDISC broadcasts, you might want to disable it on some hosts. The easiest way to disable RDISC is to rename the /usr/sbin/in.rdisc file to a different name and reboot the system. Don’t delete the file, you might need to enable RDISC again.

Configuring RIP (in.routed) The in.routed daemon implements the Routing Information Protocol and is started using the /etc/rc2.d/S69inet script. It listens to port number 520 for routing information advertisements. It periodically exchanges routing tables with directly connected routers. It uses hop counts to find an optimal route to a destination. Hop count 16 and above are considered unreachable. This hop count is also called infinity. When exchanging routing table information, the daemon sends the hop count with each connected route. Depending on information received from the neighboring routers, it automatically updates its own routing table. Updating the routing table is done if one of the following conditions is true: á The received packet contains information about a new route, and the hop count is not infinity. á The update is received from the router through which packets are being forwarded to the destination. á A new route is received, the previous route has not been updated for 90 seconds, and the new route is as cost effective as the old one. á The new route describes a shorter path than the existing one. If an entry in the routing table has not been updated for three minutes, it is marked as infinity. Initially, the daemon checks the /etc/gateways file to fill out entries in the routing table.

RIP Advertisement by a Solaris Machine You can use the snoop command to display the type of information being advertised by RIP. Following is the output of the snoop –v command that shows one RIP packet with an advertisement route to network 192.168.2.0: ETHER: ETHER:

------ Ether Header ------

Chapter 3

ROUTING IN TCP/IP NETWORKS

ETHER: Packet 24 arrived at 12:53:38.53 ETHER: Packet size = 66 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 8:0:20:9e:f0:50, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ------ IP Header -----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 52 bytes IP: Identification = 47726 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 1 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = f6d2 IP: Source address = 192.168.2.222, fana-nt IP: Destination address = 192.168.2.255 IP: No options IP: UDP: ------ UDP Header -----UDP: UDP: Source port = 520 UDP: Destination port = 520 (RIP) UDP: Length = 32 UDP: Checksum = 6E79 UDP: RIP: ------ Routing Information Protocol -----RIP: RIP: Opcode = 2 (route response) RIP: Version = 1 RIP: RIP: Address Port Metric RIP: 192.168.2.0 192.168.2.0 0 1

ROUTING STARTUP AND CONFIGURATION FILES Some configuration and startup files are used in Solaris to start routing protocols at the boot time. Entries in these files play an important role and must be configured carefully. The following sections describe each of these files and their configurations.

161

162

Chapter 3

ROUTING IN TCP/IP NETWORKS

The /etc/defaultrouter File The /etc/defaultrouter file contains one or more routers that can be used as default routers. Usually only one IP address or hostname is present in this file that is used as a router of last resort. If multiple host names or IP addresses are used, these are separated by white spaces. Lines starting with the # symbol are comment lines in this file. Following is a typical /etc/defaultrouter file:

NOTE

NOTE

bash-2.03# cat /etc/defaultrouter 192.168.2.1 bash-2.03#

When you use hostnames for default routers, they must be present in the /etc/inet/hosts file. This is necessary because at the time of configuration of the default router, no name service is running and /etc/inet/hosts is the only way to resolve the hostname of the default router.

If you use DHCP to configure a host, entries in the default router file are ignored, and those routes that are used are supplied by the DHCP server.

If the default router file is present but empty, Solaris tries to run one of the routing protocols, RDISC or RIP. First it initializes RDISC to find any routers present by sending router solicitation messages. If it fails, it starts RIP.

The /etc/gateways File The /etc/gateways file is used with the in.routed routing daemon to add active or passive gateways. Gateways that can exchange routing information are active gateways, and gateways that cannot exchange routing information are passive gateways. At startup, the in.routed daemon reads this file. Routes defined in passive gateways are added to the routing table at the startup time. These can be modified later on depending on the discovery of other routes. Entries in the /etc/gateways file follow this general format: <destination> gateway

metric <passive | active>

Following is a breakdown of this format: á The field defines whether the route is for a network or a host. Each line in the file starts with word net or host. á The <destination> field is the name or address of the destination host or network. á The

is the name or address of the gateway router. á The shows the metric value for this route. It should be less than or equal to 15 to make a route reachable. á The <passive | active> field shows whether the gateway is active or passive.

Chapter 3

ROUTING IN TCP/IP NETWORKS

163

The /etc/inet/networks File This file is linked to the /etc/networks and maps network names to network addresses. The general format of each line in the file follows:

[network aliases]

The last part is optional and used only when you need to define an alias to a network. Fields in the file are separated by space or Tab characters. Lines starting with the # symbol are comment lines. A sample file is shown here: #ident “@(#)networks 1.4 92/07/14 SMI” /* SVr4.0 ➥1.1 */ # # The networks file associates Internet Protocol (IP) ➥network numbers # with network names. The format of this file is: # # network-name network-number nicnames . . . # # # The loopback network is used only for intra-machine ➥communication # loopback 127 # # Internet networks # arpanet 10

arpa

# Historical

The /etc/init.d/inetinit File This script is the main network initialization script. It also is linked as the /etc/rc2.d/S69inet startup script. The file is displayed here, and comments are added where an explanation is required. Following is the contents of this file that comes with Solaris 8: #!/sbin/sh## Copyright “@(#)inetinit 1.44 # # # # # # # #

1995, 1997-1999 by Sun Microsystems, Inc.# All rights reserved.##pragma ident 99/10/04 SMI”

This is the second phase of TCP/IP configuration. The first part, run in the “/etc/rcS.d/S30rootusr.sh” script, does all configuration necessary to mount the “/usr” filesystem via NFS. This includes configuring the interfaces and setting the machine’s hostname. The second part, run in this script, does all configuration that can be done before NIS or NIS+ is started. This includes configuring IP routing, setting the NIS domainname and setting any tunable parameters. The

164

# # # # #

Chapter 3

ROUTING IN TCP/IP NETWORKS

third part, run in a subsequent startup script, does all configuration that may be dependent on NIS/NIS+ maps. This includes a final re-configuration of the interfaces and starting all internet services.

case “$1” in ‘start’) ;; # Fall through -- rest of script is the initialization code ‘stop’) # # If we were routing dynamically, we will note this with # the .dynamic_routing file, so that we can leave the routes # in place without thinking they’re static route entries # when we come back into states 2 or 3. # if /usr/bin/pgrep -x -u 0 ‘in.routed | in.rdisc’ >/dev/null 2>&1; then /usr/bin/pkill -x -u 0 ‘in.routed | in.rdisc’ > /etc/.dynamic_routing fi exit 0 ;; *) echo “Usage: $0 { start | stop }” exit 1 ;; esac # # Initialize IPsec only if ipsecinit.conf exists. Otherwise, save the # kernel memory that’ll be chomped if IPsec is loaded. # if [ -f /etc/inet/ipsecinit.conf ] ; then /usr/sbin/ipsecconf -qa /etc/inet/ipsecinit.conf fi # # Set the RFC 1948 entropy, regardless of if I’m using it or not. If present, # use the encrypted root password as a source of entropy. Otherwise, # just use the pre-set (and hopefully difficult to guess) entropy that # tcp used when it loaded. # encr=`/usr/bin/awk -F: ‘/^root:/ {print $2}’ /etc/shadow` [ -z “$encr” ] | | /usr/sbin/ndd -set /dev/tcp tcp_1948_phrase $encr unset encr # # # # # #

Set TCP ISS generation. By default the ISS generation is time + random()-delta. This might not be strong enough for some users. See /etc/default/inetinit for settings and further info on TCP_STRONG_ISS. If not set, use TCP’s internal default setting.

# Get value of TCP_STRONG_ISS

Chapter 3

ROUTING IN TCP/IP NETWORKS

[ -f /etc/default/inetinit ] && . /etc/default/inetinit if [ $TCP_STRONG_ISS ]; then /usr/sbin/ndd -set /dev/tcp tcp_strong_iss $TCP_STRONG_ISS fi # # # # # # # # # # # # # # # # # # # #

Configure default IPv4 routers using the local “/etc/defaultrouter” configuration file. The file can contain the hostnames or IP addresses of one or more default routers. If hostnames are used, each hostname must also be listed in the local “/etc/hosts” file because NIS and NIS+ are not running at the time that this script is run. Each router name or address is listed on a single line by itself in the file. Anything else on that line after the router’s name or address is ignored. Lines that begin with “#” are considered comments and ignored. The default routes listed in the “/etc/defaultrouter” file will replace those added by the kernel during diskless booting. An empty “/etc/defaultrouter” file will cause the default route added by the kernel to be deleted. Note that the default router file is ignored if we received routes from a DHCP server. Our policy is to always trust DHCP over local administration.

In the following lines of this script file, you can verify whether you used DHCP to configure the host. If you did, you will not use any of the configuration files or the configuration provided by the DHCP server. if [ “$_INIT_NET_STRATEGY” = “dhcp” ] && [ -n “`/sbin/dhcpinfo Router`” ]; then defrouters=`/sbin/dhcpinfo Router`

The following lines in the file check to see whether the /etc/defaultrouter file is present and whether it is empty. If the file is present, add the routers present in this file, as shown here: elif [ -f /etc/defaultrouter ]; then defrouters=`/usr/bin/grep -v \^\# /etc/defaultrouter | \ /usr/bin/awk ‘{print $1}’` if [ -n “$defrouters” ]; then # # We want the default router(s) listed in /etc/defaultrouter # to replace the one added from the BOOTPARAMS WHOAMI response # but we must avoid flushing the last route between the running # system and its /usr file system. # # First, remember the original route. shift $# set -- `/usr/bin/netstat -rn -f inet | /usr/bin/grep ‘^default’` route_IP=”$2”

165

166

Chapter 3

ROUTING IN TCP/IP NETWORKS

# # Next, add those from /etc/defaultrouter. While doing this, # if one of the routes we add is for the route previously # added as a result of the BOOTPARAMS response, we will see # a message of the form: # “add net default: gateway a.b.c.d: entry exists” # do_delete=yes for router in $defrouters; do set -- `/usr/sbin/route -n add default $router` [ $? -eq 0 -a “x$5” = “x$route_IP:” ] && do_delete=no done # # Finally, delete the original default route unless it was # also listed in the defaultrouter file. # if [ -n “$route_IP” -a $do_delete = yes ]; then /usr/sbin/route -n delete default $route_IP > /dev/null fi else /usr/sbin/route -fn > /dev/null fi else defrouters= fi # # Set NIS domainname if locally configured. # if [ -f /etc/defaultdomain ]; then /usr/bin/domainname `cat /etc/defaultdomain` echo “NIS domainname is `/usr/bin/domainname`” fi

In the next lines of this startup script, you start RDISC if required. You can do so by using the following code: # # Run in.routed/router discovery if we don’t already have a default # route installed or if we had been running them in a previous # multiuser state. # if [ -z “$defrouters” -a ! -f /etc/.dynamic_routing ]; then # # No default routes were setup by “route” command above - check the # kernel routing table for any other default routes. # /usr/bin/netstat -rn -f inet | \ /usr/bin/grep default >/dev/null 2>&1 && defrouters=yes fi [ -f /etc/.dynamic_routing ] && /usr/bin/rm -f /etc/.dynamic_routing if [ -z “$defrouters” ]; then #

Chapter 3

ROUTING IN TCP/IP NETWORKS

# Determine how many active interfaces there are and how many pt-pt # interfaces. Act as an IPv4 router if there are more than 2 interfaces # (including the loopback interface) or one or more point-point # interface. Also act as an IPv4 router if /etc/gateways exists. # # Do NOT act as an IPv4 router if /etc/notrouter exists. # Do NOT act as an IPv4 router if DHCP was used to configure # interface(s) # inetifaddrs=”`/usr/sbin/ifconfig -a4u | /usr/bin/grep inet`” numifs=`echo “$inetifaddrs” | /usr/bin/wc -l` numptptifs=`echo “$inetifaddrs” | /usr/bin/egrep -c -e ‘-->’` if [ “$_INIT_NET_STRATEGY” = “dhcp” ]; then numdhcp=`/usr/sbin/ifconfig -a4 | /usr/bin/grep -c DHCP` else numdhcp=0 fi

In the next lines of this script file, you check conditions to verify whether you need to start in.routed and in.rdisc. These conditions are as follows: á The /etc/notrouter file is not present. á You are not using DHCP. á The number of interfaces is greater than 2 or the /etc/gateways file is present. If the machine is being used as router, you also enable IP forwarding. Otherwise you disable it. The following code serves this purpose: if [ ! -f /etc/notrouter -a $numdhcp -eq 0 -a \ \( $numifs -gt 2 -o $numptptifs -gt 0 -o -f /etc/gateways \) ]; then # # Machine is an IPv4 router: turn on ip_forwarding, run # in.routed, and advertise ourselves as a router using router # discovery. # echo ‘Machine is an IPv4 router.’ /usr/sbin/ndd -set /dev/ip ip_forwarding 1 [ -f /usr/sbin/in.routed ] && /usr/sbin/in.routed -s [ -f /usr/sbin/in.rdisc ] && /usr/sbin/in.rdisc -r else # # # # # # #

Machine is an IPv4 host: if router discovery finds a router then we rely on router discovery. If there are no routers advertising themselves through router discovery run in.routed in quiet mode. In both cases, turn off ip_forwarding.

167

168

Chapter 3

ROUTING IN TCP/IP NETWORKS

/usr/sbin/ndd -set /dev/ip ip_forwarding 0 if [ -f /usr/sbin/in.rdisc ] && /usr/sbin/in.rdisc -s; then echo ‘Starting IPv4 router discovery.’ elif [ -f /usr/sbin/in.routed ]; then /usr/sbin/in.routed -q echo ‘Starting IPv4 routing daemon.’ fi fi else /usr/sbin/ndd -set /dev/ip ip_forwarding 0 fi # # Run IPv6 if more than lo0 plumbed for IPv6. # /usr/sbin/ifconfig -a6u >/tmp/ifconfig.$$ numv6ifs=`/usr/bin/grep -c inet6 /tmp/ifconfig.$$` if [ $numv6ifs -gt 1 ]; then # # Run IPv6 routing only if /etc/inet/ndpd.conf exists, otherwise just # run the host portion. # if [ -f /etc/inet/ndpd.conf ]; then # # Machine is an IPv6 router: turn on ip6_forwarding, # ip6_send_redirects and ip6_ignore_redirect, run in.ripngd, and # advertise ourselves as a router using neighbor discovery. # echo “Machine is an IPv6 router.” /usr/sbin/ndd -set /dev/ip ip6_forwarding 1 /usr/sbin/ndd -set /dev/ip ip6_send_redirects 1 /usr/sbin/ndd -set /dev/ip ip6_ignore_redirect 1 if [ -f /usr/lib/inet/in.ndpd ]; then /usr/lib/inet/in.ndpd fi if [ -f /usr/lib/inet/in.ripngd ]; then /usr/lib/inet/in.ripngd -s fi else # Machine is an IPv6 host - just run neighbor discovery. /usr/sbin/ndd -set /dev/ip ip6_forwarding 0 /usr/sbin/ndd -set /dev/ip ip6_send_redirects 0 /usr/sbin/ndd -set /dev/ip ip6_ignore_redirect 0 if [ -f /usr/lib/inet/in.ndpd ] ; then echo “Starting IPv6 neighbor discovery.” /usr/lib/inet/in.ndpd fi fi # # Add a static route for multicast packets out of a link-local # interface, although would like to specify multicast interface using # an interface name! # set -- `/usr/bin/awk ‘ /inet6 fe80:/ { print substr($2, 1, index($2, “/”) - 1)

Chapter 3

ROUTING IN TCP/IP NETWORKS

}’ /tmp/ifconfig.$$` if [ -n “$1” ]; then echo “Setting default IPv6 interface for multicast: \c” /usr/sbin/route -n add -interface -inet6 “ff00::/8” “$1” fi else /usr/sbin/ndd -set /dev/ip ip6_forwarding 0 /usr/sbin/ndd -set /dev/ip ip6_send_redirects 0 /usr/sbin/ndd -set /dev/ip ip6_ignore_redirect 0 fi /usr/bin/rm -f /tmp/ifconfig.$$ # # # # # # # # # # # # #

Configure tunnels which was deferred by /etc/rcS.d/S30network.sh since it depends on the tunnel endpoints being reachable i.e. routing must be running. WARNING: you may wish to turn OFF forwarding if you haven’t already, because of various possible security vulnerabilities when configuring tunnels for Virtual Private Network (VPN) construction. Also, if names are used in the /etc/hostname.ip.tun* file, those names have to be in either DNS (and DNS is used) or in /etc/hosts, because this file is executed before NIS or NIS+ is started.

# # IPv4 tunnels # The second component of the name must be either “ip” or “ip6”. # interface_names=”`/usr/bin/ls /etc/hostname.ip*.*[0-9] 2>/dev/null | \ /usr/bin/grep ‘/etc/hostname\.ip6\{0,1\}\.’`” if [ -n “$interface_names” ]; then ( echo “configuring IPv4 tunnels:\c” # Extract the part after the first ‘.’ set -- `for intr in $interface_names; do \ /usr/bin/expr //$intr : ‘[^.]*\.\(.*\)$’; done` while [ $# -ge 1 ]; do # Skip empty files if [ ! -s /etc/hostname\.$1 ]; then shift continue fi /usr/sbin/ifconfig $1 plumb 2>&1 >/dev/null while read ifcmds; do if [ -n “$ifcmds” ]; then /usr/sbin/ifconfig $1 inet $ifcmds \ 2>&1 >/dev/null fi done
169

170

Chapter 3

ROUTING IN TCP/IP NETWORKS

fi # # IPv6 Tunnels # The second component of the name must be either “ip” or “ip6”. # interface_names=”`/usr/bin/ls /etc/hostname6.ip*.*[0-9] 2>/dev/null | \ /usr/bin/grep ‘/etc/hostname6\.ip6\{0,1\}\.’`” if [ -n “$interface_names” ]; then ( echo “configuring IPv6 tunnels:\c” # Extract the part after the first ‘.’ set -- `for intr in $interface_names; do \ /usr/bin/expr //$intr : ‘[^.]*\.\(.*\)$’; done` while [ $# -ge 1 ]; do # Skip empty files if [ ! -s /etc/hostname6\.$1 ]; then shift continue fi /usr/sbin/ifconfig $1 inet6 plumb 2>&1 >/dev/null while read ifcmds; do if [ -n “$ifcmds” ]; then /usr/sbin/ifconfig $1 inet6 $ifcmds \ 2>&1 >/dev/null fi done
This is a quite long script file that does many things at the startup. A good understanding of this file enables you to better solve startup problems related to the network.

IP FORWARDING IP forwarding is a process of forwarding IP packets received on one network interface to another network interface. This means that the host that is doing the IP forwarding is neither the source of data nor the sink. IP forwarding must be enabled on hosts that act as routers. Such a host is essentially connected to two or more networks. It receives IP packets from one network, analyzes the packets to determine to which network the packet should be forwarded using a routing mechanism, and then sends the packet to the destination using another network interface.

Chapter 3

ROUTING IN TCP/IP NETWORKS

To list available IP forwarding parameters supported by your system, use the following command: bash-2.03# ndd /dev/ip \? | grep forwarding ip6_forwarding (read and write) ip_forwarding (read and write) lo0:ip_forwarding (read and write) hme0:ip_forwarding (read and write) bash-2.03#

The previous list shows that IPv4 forwarding can be enabled or disabled using the ip_forwarding parameter. To enable or disable IPv6 forwarding, ip6_forwarding is used instead. IP forwarding can also be enabled or disabled on a per-interface basis. For example, in the preceding list the hme0:ip_forwarding parameter is used to enable or disable IP forwarding on the interface hme0. To view the current setting for IP forwarding, use the following command: bash-2.03# ndd /dev/ip ip_forwarding 0 bash-2.03#

This shows that IP forwarding is disabled. To enable IP forwarding, you have to set this parameter to 1. The following two commands enable IP forwarding and then display it again: bash-2.03# ndd -set /dev/ip ip_forwarding 1 bash-2.03# ndd /dev/ip ip_forwarding 1 bash-2.03#

Note that when you enable IP forwarding with the preceding command, it is enabled on all interfaces automatically. You can then disable it on specific interfaces after this, if you want to. This is the situation when your host is connected to a private network and you don’t want data from that private network to pass through to other networks. If you disable IP forwarding to any of the available interfaces, IP packets received from that interface will not be forwarded to any other interface. The reverse is also true—that is, IP packets from any other interface will not be forwarded to this interface. In Figure 3.3, a host is connected to three networks (A, B, and C). Interface hme0 connects to Network A, interface hme1 connects to Network B, and hme2 connects to Network C. If IP forwarding is disabled on hme0, no packet arriving from Network A will be forwarded to Network B and C. Similarly, if any packet from Network B or Network C needs to be forwarded to Network A, it will be dropped by the host.

171

172

Chapter 3

ROUTING IN TCP/IP NETWORKS

FIGURE 3.3 IP forwarding.

Network A

hme0

hme2 hme1

Network C

Network B

NOTE

TTL Value If your host has only one interface, IP forwarding will be disabled by default. The /etc/init.d/inetinit (/etc/rc2.d/S69inet) script checks the number of up interfaces on a host at the boot time. If two or more interfaces are up at the boot time, the forwarding is enabled on all interfaces. Also note that IP forwarding as well as dynamic routing is disabled by default if the etc/notrouter file exists.

The TTL value for each packet forwarded will be decremented by 1. If it becomes 0, the packet is dropped rather than forwarded. A new checksum also will be placed in the IP header due to the changed TTL value because the old checksum becomes invalid when any of the IP header value changes.

COMMON ROUTING PROBLEMS If a host does not come up after reboot, there may be a problem with some of the initialization scripts. In this case, boot the system in Single User mode and verify the initialization scripts. If the host cannot communicate with any of the hosts on the network, there is a problem with the network interface. It may be a physical problem or a configuration problem. Use the ifconfig command to find out whether there is a configuration problem. Most common configuration problems are wrong IP address or a wrong netmask. If a host cannot communicate with hosts on other networks, but can communicate with hosts on the local network, you have a problem with the routing table or the router. To verify that the routing table is working, use the netstat command. Use the traceroute command to trace route hosts on other networks and see where it fails.

TROUBLESHOOTING COMMANDS You can use three main troubleshooting commands for routing problems: ping, traceroute, and netstat. Sometimes the snoop, ifconfig, and ndd commands also prove handy to use. The

Chapter 3

ROUTING IN TCP/IP NETWORKS

following sections briefly show how to use these commands for routing troubleshooting.

Using the ping Command The ping command is the basic test for routing configuration. First, try to ping to your own IP address. If you cannot do so, you have a problem with your interface configuration. If you can ping to your own IP address, try to ping to another host on the network. If you are successful, the route for the local network is working fine. If you cannot ping to a host on the local network, either the cable is broken or there is a problem in route to local network. Now try to ping to any of the gateways. Success with this confirms that you can reach the gateway. In case of failure, check the default route entry. After that, try to ping to a host that is on another network. If this goes through, the route for the remote network is also configured correctly. If it fails, either the gateway is dead or the default route is not correct.

Using the traceroute Command If your local configuration is correct and you can ping to hosts on the local network as well as your default gateway but not hosts on other networks, the traceroute command can locate the place where there is a problem. Use the traceroute command to trace the path to the remote host. It should stop at some point and start displaying asterisk characters as you have already seen in previous chapters. This is the place where there is a routing problem. If you have access to this router, you can correct it yourself; alternatively, you can contact the person responsible for that router to correct the problem.

Using the netstat Command The netstat command is one of the most useful network troubleshooting commands. It is used for many purposes, including displaying the lists of all routes defined on a host, as shown here: bash-2.03# netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ---- ---- ------ --------192.168.2.0 192.168.2.222 U 1 8 hme0 224.0.0.0 192.168.2.222 U 1 0 hme0

173

174

Chapter 3

127.0.0.1

ROUTING IN TCP/IP NETWORKS

127.0.0.1

UH

30

57789

lo0

Routing Table: IPv6 Destination/Mask Gateway Flags Ref Use -------------------------- -------------------------- ------ ------ ---fe80::/10 fe80::a00:20ff:fe9e:f050 U 1 0 ff00::/8 fe80::a00:20ff:fe9e:f050 U 1 0 default fe80::a00:20ff:fe9e:f050 U 1 0 ::1 ::1 UH 1 0 bash-2.03#

If hme0 hme0 hme0 lo0

Because this example is using both IPv4 and IPv6 on the host fana, routes for both of the protocols are listed. Table 3.2 lists common options used with the netstat command.

TABLE 3.2

OPTIONS

F O R T H E N E T S TAT

COMMAND

Option

Description

-a

Lists all sockets, ports, and connections used on a system.

-I

Shows the state of interfaces.

-I

Displays information about a particular interface.

-n

Shows the network addresses in dot notation rather than host names.

-r

Shows the routing table.

-s

Shows per-protocol statistics.

-P

Limits the output to a particular protocol.

-v

Verbose. Shows more detail.

-D

Shows statistics for the DHCP-configured interface.

Interval

Repeats statistics after a given interval.

The ifconfig Command The ifconfig command is used to display and correct problems with your local interface configuration. You need this command to correct problems such as a bad netmask. A wrong netmask can also

Chapter 3

ROUTING IN TCP/IP NETWORKS

175

cause routing problems. For example, you should use netmask 255.255.0.0 for Class B networks. If you use netmask 255.255.255.0 instead, you will not be able to reach many hosts on the local network. To correct this problem, you can use ifconfig command to reassign the correct netmask.

C A S E S T U DY : N E T W O R K E X PA N S I O N

FOR

TEENDA INC.

ESSENCE OF THE CASE

SCENARIO

The following are the essentials of the case:

Teenda Inc. already has a network consisting of a single segment, which is connected to the Internet through a router. The company is expanding and wants to add another network segment for its research division. Teenda got another Class C network address for this segment. The company wants to use the existing Internet connectivity for the new segment. A new Solaris machine is required to be installed acting as router between the new network segment and the existing network.

. To add a new segment with a different class of IP addresses to the network, you need a router. . Because this is a very small network consisting of only two routers, dynamic routing is not required. The routing is done only for a Class C network, which cannot be very big. So you can use static routes. . The Solaris machine must have at least two network adapters to be connected to two networks.

A N A LY S I S The Solaris machine used as the router can be placed between the new network segment and the segment on which the router connecting to the Internet exists. In this case, the routing will be very simple. On the Solaris machine, you set a default route entry that points to the router connecting to the Internet. On the router connected to the Internet, you need to define a routing entry for the new Class C network that points to the Solaris machine.

176

Chapter 3

ROUTING IN TCP/IP NETWORKS

CHAPTER SUMMARY KEY TERMS • routing protocol • routed protocol • static route • dynamic route • routing table • distance-vector routing protocol • link-state routing protocol • Routing Information Protocol (RIP) • Router Discovery Protocol (RDISC) • default route • Classless Interdomain Routing (CIDR) • IP forwarding

Routing is a very important part of installing and managing TCP/IP networks. This chapter started with an introduction to the routing process. Information about how to plan TCP/IP networks and planning for IP addressing was also presented. Then there was an outline of how communication takes place between two hosts on the same or different networks. There are two basic types of routing: static and dynamic. Introduction to configuration of both of these types of routing was presented. You also learned about link-state and distance-vector routing protocols (including the differences between the two). An example was presented to configure static routes. Then you learned how to configure RIP and RDISC routing protocols. The discussion then turned to the different configuration and startup files used with the IP routing process. You learned about IP forwarding and the role of TTL values. The last part was about common routing problems and the troubleshooting process. After going through this chapter, you should be able to distinguish between static and dynamic routing processes and be able to configure static and dynamic routes. You also should be able to diagnose and correct common routing problems.

Chapter 3

ROUTING IN TCP/IP NETWORKS

177

A P P LY Y O U R K N O W L E D G E

Exercises 3.1

Adding and Removing Default Route

In this exercise, you learn to add and remove a default route and its effect on routing data traffic. For the sake of this exercise, assume that the host is connected to the Internet and you can use a web browser to access Internet web sites. Estimated Time: 10 minutes 1. Use the netstat command to display the current routing table. You will find a default route entry in the routing table. Start the Netscape browser and access the New Riders’ web site at http://www.newriders.com. 2. Use the route command with the del commandline option to delete the default route entry. 3. Again, try to access the web site. This time you will not be able to access it because your host does not know where to send the request data packets. 4. Use the route command with the add commandline option to add the default route again.

Review Questions 1. What is IP forwarding? 2. What is the difference between link-state and distant-vector routing protocols? 3. List three commands to troubleshoot routing problems. 4. How does communication take place between two hosts on different networks?

Exam Questions The answers to these questions are provided in Appendix E, “Answers to Sample Exam Questions.” 1. Two routers, A and B, are connected together through Ethernet ports. Host C is connected to the Ethernet port of Router B, as shown in Figure 3.4. Router A

192.168.10.1

Router B

192.168.10.2

192.168.20.1 192.168.10.2

5. Again, check whether you can reach the New Riders’ web site. Check the effect of other routing entries by adding and deleting these.

Host C

FIGURE 3.4 Connection scheme.

178

Chapter 3

ROUTING IN TCP/IP NETWORKS

A P P LY Y O U R K N O W L E D G E IP addresses assigned to different ports of routers are also shown in the figure. Both routers and the host have static routes defined, as shown in the following: Output of netstat –rn –f inet on Router A bash-2.03# netstat –rn –f inet Routing Table: IPv4 Destination -------------------192.168.10.0 224.0.0.0 default 127.0.0.1

Gateway Flags Ref Use Interface -------------------- -------- ------ -------192.168.10.1 U 1 0 hme0 192.168.10.1 U 1 0 hme0 192.168.10.2 UG 1 14 127.0.0.1 UH 22 16239 lo0

bash-2.03# Output of netstat –rn –f inet on Router B bash-2.03# netstat -rn Routing Table: IPv4 Destination -------------------192.168.10.0 192.168.20.0 224.0.0.0 default 127.0.0.1 bash-2.03#

Gateway Flags Ref Use Interface -------------------- -------- ------ -------192.168.10.2 U 1 0 hme0 192.168.20.1 U 1 0 hme1 192.168.10.2 U 1 0 hme0 192.168.10.1 UG 1 14 127.0.0.1 UH 22 16239 lo0

Output of netstat –rn –f inet on Host C bash-2.03# netstat –rn –f inet Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- -------- ------ -------192.168.20.0 192.168.20.2 U 1 0 hme0 127.0.0.1 127.0.0.1 UH 22 16239 lo0 bash-2.03#

A user can ping to the Ethernet adapter of Router B (192.168.20.1) from Host C. A user cannot ping from Host C (192.168.10.1) to Router A. A user also cannot ping to the second Ethernet adapter on Router B (192.168.10.2).

1. What is one possible reason that the user cannot ping to the second Ethernet adapter on Router B? A. There may be a cable problem. B. The routing table on Router A is not appropriate for forwarding packets.

Chapter 3

ROUTING IN TCP/IP NETWORKS

179

A P P LY Y O U R K N O W L E D G E C. There is a problem with the routing table on Host C. D. There is a problem with the routing table on Router B. 2. In the preceding question, what is a possible solution? Choose all that apply. A. Add a default routing entry on Host C that points to address 192.168.20.1. B. Add a routing entry on Host C for network 192.168.10.0 that points to address 192.168.20.1. C. Add a routing entry for network 192.168.20.0 on Router A. D. None of the above. 3. Which are the two major types of routing? A. Dynamic routing B. Static routing C. Hierarchical routing D. Flat routing 4. Which of the following are advantages of linkstate routing? Choose all that apply. A. Can be used for networks of any size B. Simple C. Easy to maintain D. Scalable E. Converges quickly 5. Which of the following are routing protocols? Check all that apply. A. IP B. TCP

C. RIP D. RDISC E. IPX 6. In normal running (not the startup), what is the default interval when in.rdisc advertises its routing table? A. Every 10 minutes B. Every 10 seconds C. Every 30 seconds D. Every 5 minutes 7. What is the ALL_ROUTERS multicast address? A. 224.0.0.1 B. 224.0.0.2 C. 224.0.0.7 D. 224.0.0.0 8. How do you run in.rdisc in Router mode? A. Use the –r option on command line. B. Use the /etc/rdisc configuration file. C. Use the –router command-line option. D. Use the /etc/defaultrouter file. 9. Which of the two types of gateways are present in the /etc/gateways file? A. Active B. Passive C. Local D. Remote E. Default

180

Chapter 3

ROUTING IN TCP/IP NETWORKS

A P P LY Y O U R K N O W L E D G E 10. Which port number is used by RIP? A. 420 B. 520 C. 110 D. 25 11. Gateways that can exchange routing information are called what? A. Active gateways B. Passive gateways C. Routing gateways D. Connected gateways

Answers to Review Questions 1. IP forwarding is a process in which a router forwards IP packets received on one network interface to another network interface. 2. Among other factors, the basic difference is that distance vector measures distance between two hosts in terms of number of hops from source to destination. The link state calculates distance using other variables, such as bandwidth, delay, and so on. The link-state method uses less bandwidth and converges in a short period of time as compared to distance vector.

3. You can use the following three commands to troubleshoot routing problems: • ping • netstat • traceroute 4. Communication takes place between two hosts on different networks in multiple steps, as listed here: a. The sender of data determines whether the destination host is present on the local network. In this case, it uses ARP to find out the MAC address of the destination host and forwards the packet directly to the destination host. b. If the destination host is not on the local network, the sender checks its routing table to determines whether it has a route available to the destination host. If a route is present, it uses that route to send the data packet. c. If no route is present, the sender checks whether a default route entry exists in the routing table. If a default route exists, the packet is forwarded to the default router. It is then the responsibility of the default router to send the data packet to the destination. d. If none of the previously described methods can be used, the data packet is dropped.

Chapter 3

ROUTING IN TCP/IP NETWORKS

A P P LY Y O U R K N O W L E D G E Suggested Readings and Resources 1. Books

2. Internet

• Computer Networks. Andrew S. Tanenbaum

• Internet Protocol. RFC 791

• Computer Networks and Internets. Douglas E. Comer and Ralph E. Droms

• Internet Control Message Protocol. RFC 792

• TCP/IP Unleashed. Parker et al.

• Information on Bellman-Ford Algorithm at web site http://hissa.nist.gov/

• TCP/IP Illustrated, Vol. 1. Richard Stevens • Internetworking with TCP/IP Vol. I: Principles, Protocols, and Architecture. Douglas E. Comer • IP Fundamentals : What Everyone Needs to Know About Addressing & Routing. Thomas A. Maufer

dads/HTML/bellmanford.html

• Information about RIP at web site http://www.ietf.org/ html.charters/ rip-charter.html

181

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam. Explain the terms client, server, and service.

. Most of the network services on Solaris are clientserver applications. A server offers its services to clients on the network. Clients of a service can connect to a server using well-defined port numbers. The socket mechanism is used to access these ports. Administer Internet services and RPC services. Collect information about services configured on hosts. Identify the features of the TCP and UDP. Define the terms connection-oriented, connection-less, stateful, and stateless.

. Servers can offer their services either through TCP ports or UDP ports. Understanding how to administer Internet and RPC services is important to effectively identify the features of TCP and UDP. TCP is a connection-oriented or stateful method of communication where integrity of data is guaranteed. It also is called a reliable protocol. In contrast, UDP provides connection-less services, which are stateless in nature. It is called an unreliable protocol. Other than the Internet services, there is another class of services known as Remote Procedure Calls (RPC). RPC is used for services such as the network file system. Describe the relationships between port numbers, network services, and inetd.

. Server processes can be started as network daemons. A daemon is a process that runs in the background and listens to incoming connection requests. Servers also can be started using the inetd daemon, which acts as a wrapper. The inetd daemon listens to incoming connection requests on behalf of many servers. It invokes a particular server process when a request for that server is received.

C H A P T E R

4

The Client-Server World: Ports and Sockets

OUTLINE Introduction

Client-Server Terminology

xx

xx

Servers

xx

Clients

xx

Port Number

xx

Socket

xx

Daemon

xx

Introduction to Ports and Sockets

xx

Well-Known Port Numbers

xx

What Is a Socket?

xx

Client-Server Application Model

xx

Connection-less and Connection-Oriented Communication

xx

Configuring Internet Services

xx

Starting Network Services as a Daemon

xx

Starting Internet Services Using the inetd Daemon

xx

Advantages and Disadvantages of Using the inetd Daemon

Common TCP/IP Utilities

xx

Using FTP

xx

Using Telnet

xx

Using Telnet to Verify a Remote Server Process

xx

Using the finger Command

xx

Using the rwho Command

xx

Using the rup Command

xx

Using the ruptime Command

xx

Commands Starting with r

xx

Configuring r Commands

xx

Using the rlogin Command

xx

Using the rcp Command

xx

Using the rsh Command

xx

Important Internet Services and Port Numbers

xx

Troubleshooting

xx

Using netstat and rpcinfo Commands

xx

Using ndd Command

xx

xx

Checking TCP Status

xx

A List of Running Services

xx

Essence of the Case

xx

RPC Services

xx

Analysis

xx

Chapter Summary

xx

Apply Your Knowledge

xx

S T U DY S T R AT E G I E S This chapter introduces you to client-server terminology and Transport layer protocols. These protocols are TCP and UDP. To understand concepts presented in this chapter, use the following study strategies: . Learn basic client-server terminology. . Understand the TCP and UDP protocols and connection-oriented communication and connectionless communication.

. Review the format of the different configuration files that are used to configure Internet services. . Get some hands-on experience with the configuration process for Internet services on Solaris. . Practice configuring r commands. . Learn the troubleshooting process for Internet services. . Complete all the exercises and questions at the end of this chapter.

186

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

INTRODUCTION Applications running over TCP/IP networks usually act in a clientserver model. Each application uses services provided by the Transport layer. The Transport layer uses a port number to distinguish among different applications. Just as IP addresses are used to distinguish among hosts on a network, port numbers are used to distinguish different network services running on the same host. Every network service uses a well-defined port number, which is used by clients to connect to that network service. For example, your email clients know that they have to connect to port 110 for POP3 service and port 25 for SMTP service. All email servers on the Internet use the same port numbers, so any client can connect to any server on the Internet. Multiple clients can connect to a service simultaneously. For example, many users can access a web site at the same time. To distinguish among different clients, sockets are used. A socket is a combination of IP address and port number. Clients of a service usually open a socket before they begin to communicate to a server. After opening a socket, the client connects this socket to a server socket. If the server accepts a connection request, a communication channel is established between the client and the server. Both the client and the server use this communication channel for data communication. In the OSI network model, the Session layer is responsible for establishing, maintaining, and tearing down a communication session. In the TCP/IP protocol, there is no Session layer. Instead, the Application layer is responsible for carrying out Session layer tasks. Therefore, it is the Application layer that establishes a session and disconnects it. When a client application needs to establish a connection, it opens a socket on its own side and binds a protocol to the socket. It then sends a request to the server process to connect its own socket to the server socket. If the server accepts the request, the connection is established and communication between the client and server takes place using an Application layer level protocol, such as SMTP. This chapter starts with an introduction to ports and sockets. Then you see how a connection is established between a client and a server. You also learn about Internet services and how these are configured. There are basically two ways to start a service: either directly as a daemon or through the inetd master daemon. You learn to use

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

both of these methods in this chapter. An example of a script is provided to start a service at the boot time. Next, some common network utilities are discussed. These include FTP and Telnet client utilities among others. After that, you learn about services that start with the character r and you learn how to configure and use these services. The r services are usually used to do something on a remote machine (hence they start with r). Traditionally these came from the BSD version on UNIX. Some security issues are discussed as well. Finally, troubleshooting network services is discussed. After going through this chapter, you should know how to distinguish between ports and sockets. You also should understand addressing at different layers of the TCP/IP protocol as well as configuration and the use of common network services.

CLIENT-SERVER TERMINOLOGY In the client-server world, some terms are ubiquitous. Some of these are defined in this section. These provide a basis for starting discussion on different aspects of the client-server method of network applications.

Servers A server is a piece of hardware or software that provides a particular service to its clients. Examples of common servers used by every network user are the web server, mail server, domain name server, and so on.

Clients A client is a user application that is used to access a service provided by a server. A web browser such as Netscape is a client application that uses services provided by a web server. Similarly, you also can use clients for email when using services provided by mail servers. Clients are also PCs/computers that do not provide services to other computers.

187

188

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Port Number A port number is the access point for a service. Port numbers are used to distinguish multiple services running on the same physical machine. This is analogous to different service counters in a bank. To get a particular service, you have to go to a particular counter. Similarly, you have to access different port numbers for different services. For example, you use port 25 for email and port number 23 for Telnet.

Socket A socket is used to connect a client to a server. A socket is used to distinguish among different simultaneous communication sessions. A socket is a combination of IP address and port number. Every communication session between a client and server uses a different socket.

Daemon A daemon is a server process that runs in the background and serves clients. A server can run as a daemon or get started through in.inetd when a client sends a request.

INTRODUCTION AND SOCKETS

TO

PORTS

Every layer in the TCP/IP network uses some kind of mechanism to distinguish its services. In the previous chapters, you learned about MAC and IP addresses. A MAC address is a 48-bit number and is a unique address used to distinguish hosts at the Data Link layer level. All communication taking place at the Data Link layer level is done using MAC addresses. When the IP layer needs to send data to some other host on a network, it must resolve the destination IP address to its MAC address using the ARP protocol. In the same way, the Network layer (IP layer) uses IP addresses to distinguish different hosts on a network. An IP address is a 32-bit number and must be unique for all connected networks and hosts. Hostnames are mapped to IP addresses to make it easy to remember different servers.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

At the Transport layer level, port numbers are used to distinguish different services. This is necessary because many services may be running on a single physical host. For example, the same machine might be simultaneously used as a web server, an FTP server, as well as a mail server. So how should you distinguish among different incoming data packets to which server application they should go? The port number is the mechanism used for this purpose. As previously discussed, each layer puts data in its layer header. The Transport layer on the sending side puts port numbers in the layer header so that the receiving-side Transport layer can distinguish among incoming packets. The receiving-side Transport layer checks these port numbers and forwards data packets to different applications depending on the port numbers. At the Application layer level, multiple clients may access a single service simultaneously. The most common example of this situation is the web servers and browsers. Thousands of users all over the world access web services of the same company simultaneously. While receiving an incoming data packet, a web server must know from which client this data packet came. Similarly, on the client side, you may have opened multiple web browser windows to access different web sites simultaneously. When your machine receives a data packet from a web server, it must have a mechanism that knows to which browser window that data packet belongs. A mechanism called sockets is used for this purpose, which can be thought of as the recognition of the particular instance of an application. To summarize, each layer has a mechanism to distinguish among hosts or applications. Different Network layers and their mechanisms to distinguish data from multiple hosts are listed in Table 4.1. TABLE 4.1

M E C H A N I S M T O D I S T I N G U I S H D ATA F R O M M U LT I P L E H O S T S AT D I F F E R E N T L AY E R L E V E L S Layer

Mechanism

Data Link layer

MAC addresses: a 48-bit number

IP layer

IP addresses: a 32-bit number for IPv4 addresses, and 128-bit number for Ipv6 addresses

TCP/UDP layer

Port numbers: a 16-bit number

Application layer

Sockets: a combination of IP address and port number

189

190

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Well-Known Port Numbers Port numbers for all the common Internet services have been standardized. Internet services usually use the TCP protocol or the UDP protocol. Some services also use both protocols. Port numbers for both of the protocols are fixed for commonly used services. On UNIX systems, including Solaris, standard port numbers are listed in the /etc/inet/services file. The sample /etc/inet/services file shown here is present on Solaris machines. The format of entries in this file is discussed next: bash-2.03$ cat /etc/inet/services #ident “@(#)services 1.25 99/11/06 SMI” ➥1.8 */ # ## Copyright 1999 by Sun Microsystems, Inc. # All rights reserved. # # Network services, Internet style # tcpmux 1/tcp echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users daytime 13/tcp daytime 13/udp netstat 15/tcp chargen 19/tcp ttytst source chargen 19/udp ttytst source ftp-data 20/tcp ftp 21/tcp telnet 23/tcp smtp 25/tcp mail time 37/tcp timserver time 37/udp timserver name 42/udp nameserver whois 43/tcp nicname ➥to sri-nic domain 53/udp domain 53/tcp bootps 67/udp ➥BOOTP/DHCP server bootpc 68/udp ➥BOOTP/DHCP client hostnames 101/tcp hostname ➥to sri-nic pop2 109/tcp pop-2 ➥Protocol - V2 pop3 110/tcp ➥Protocol - Version 3

/* SVr4.0

# usually

# # # usually # Post Office # Post Office

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

sunrpc 111/udp rpcbind sunrpc 111/tcp rpcbind imap 143/tcp imap2 ➥Mail Access Protocol v2 ldap 389/tcp ➥Lightweight Directory Access P rotocol ldap 389/udp ➥Lightweight Directory Access P rotocol ldaps 636/tcp ➥protocol over TLS/SSL (wa s sldap) ldaps 636/udp ➥protocol over TLS/SSL (wa s sldap) # # Host specific functions # tftp 69/udp rje 77/tcp finger 79/tcp link 87/tcp ttylink supdup 95/tcp iso-tsap 102/tcp x400 103/tcp x400-snd 104/tcp csnet-ns 105/tcp pop-2 109/tcp ➥Office uucp-path 117/tcp nntp 119/tcp usenet ➥News Transfer ntp 123/tcp ➥Time Protocol ntp 123/udp ➥Time Protocol netbios-ns 137/tcp ➥Name Service netbios-ns 137/udp ➥Name Service netbios-dgm 138/tcp ➥Datagram Service netbios-dgm 138/udp ➥Datagram Service netbios-ssn 139/tcp ➥Session Service netbios-ssn 139/udp ➥Session Service NeWS 144/tcp news ➥System slp 427/tcp slp ➥Location Protocol, V2 slp 427/udp slp ➥Location Protocol, V2

# Internet

#

#

# LDAP

# LDAP

# ISO Mail

# Post

# Network # Network # Network # NETBIOS # NETBIOS # NETBIOS # NETBIOS # NETBIOS # NETBIOS # Window # Service # Service

191

192

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

mobile-ip 434/udp mobile-ip cvc_hostd 442/tcp ➥Console # # UNIX specific services # # these are NOT officially assigned # exec 512/tcp login 513/tcp shell 514/tcp cmd ➥passwords used printer 515/tcp spooler ➥printer spooler courier 530/tcp rpc ➥experimental uucp 540/tcp uucpd ➥daemon biff 512/udp comsat who 513/udp whod syslog 514/udp talk 517/udp route 520/udp router routed ripng 521/udp klogin 543/tcp ➥authenticated rlogin kshell 544/tcp cmd ➥authenticated remote shell new-rwho 550/udp new-who ➥experimental rmonitor 560/udp rmonitord ➥experimental monitor 561/udp ➥experimental pcserver 600/tcp ➥Integrated PC board srvr kerberos-adm 749/tcp ➥V5 Administration kerberos-adm 749/udp ➥V5 Administration kerberos 750/udp kdc ➥key server kerberos 750/tcp kdc ➥key server krb5_prop 754/tcp ➥V5 KDC propogation ufsd 1008/tcp ufsd ➥server ufsd 1008/udp ufsd cvc 1495/tcp ➥Console ingreslock 1524/tcp www-ldap-gw 1760/tcp ➥LDAP gateway www-ldap-gw 1760/udp ➥LDAP gateway

# Mobile-IP # Network

# no # line # # uucp

# Kerberos # Kerberos

# # # # ECD # Kerberos # Kerberos # Kerberos # Kerberos # Kerberos # UFS-aware

# Network

# HTTP to # HTTP to

Chapter 4

listen 2766/tcp ➥listener port nfsd 2049/udp ➥server daemon (clts) nfsd 2049/tcp ➥server daemon (cots) eklogin 2105/tcp ➥encrypted rlogin lockd 4045/udp ➥daemon/manager lockd 4045/tcp dtspc 6112/tcp ➥subprocess control fs 7100/tcp ➥server

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

# System V nfs

# NFS

nfs

# NFS # Kerberos # NFS lock

# CDE # Font

This file is linked to the /etc/services file for compatibility with BSD versions of UNIX. Each line in this file has the following format: <service name>

<portnumber/protocol>



The <service name> is the official name of the service. This may contain any printable characters excluding the comment character, which is defined shortly. Some service names mentioned in this file are FTP, Telnet, Time, SMTP, and so on. The <portnumber/protocol> field shows the port number and protocol used for the service. For example, 23/tcp in the line starting with telnet shows that the Telnet service uses port number 23 and the protocol TCP. The same port number can be used with multiple protocols. Some services use both TCP and UDP. For example, the Time service uses both TCP and UDP protocols on port number 37. The last part of a line shows one or more aliases used for the service. This is an optional field and may or may not be present for a service. The number or hash character (#) is used as comment character. Any line starting with this character is a comment line. If this character is somewhere inside a line, all characters after that character are considered comment characters.

What Is a Socket? The socket is a mechanism that connects multiple clients to a service simultaneously. A socket is a combination of an IP address and a port number. If a service is using TCP, the client opens a socket and uses a connect() system call to connect to the server socket on a local or remote server. If a service is using a UDP socket, the connect()

193

NOTE

194

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

If you are installing a new service for which no port number is yet defined, you can add that service name into the /etc/inet/services file. The netstat and other commands use entries in this file while displaying the status of connections to different services. When you use the netstat –a command, for example, you will find some lines in the output of this command as follows: TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ---- ------ ------*.* *.* 0 0 24576 0 IDLE *.sunrpc *.* 0 0 24576 0 LISTEN *.* *.* 0 0 24576 0 IDLE *.sunrpc *.* 0 0 24576 0 LISTEN *.* *.* 0 0 24576 0 IDLE *.ftp *.* 0 0 24576 0 LISTEN *.telnet *.* 0 0 24576 0 LISTEN

If you edit the /etc/inet/services file and comment out the line for the Telnet entry and again run the same command, the output will differ for the last line as shown here: TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ---- ------ ------*.* *.* 0 0 24576 0 IDLE *.sunrpc *.* 0 0 24576 0 LISTEN *.* *.* 0 0 24576 0 IDLE *.sunrpc *.* 0 0 24576 0 LISTEN *.* *.* 0 0 24576 0 IDLE *.ftp *.* 0 0 24576 0 LISTEN *.23 *.* 0 0 24576 0 LISTEN

Note that Telnet is replaced by 23 in the last line shown here because now the command cannot find which service is using port 23. Note also that the output of the netstat –a command shown here is not complete. I have taken a few lines from the output to demonstrate the idea.

system call is not generally used and the communication starts immediately. Sockets can be thought of as analogous to sockets used with water pipes. A water pipe is connected to something on both ends using sockets. The water pipe may be considered a communication channel between two applications connected through a socket. Sockets are used as a way to communicate between a client and a server. If multiple clients connect to a server, the server can distinguish among different clients because a different socket is used for each client. Similarly, multiple clients running on the same machine but connecting to different servers also distinguish incoming data depending on sockets.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

There are three major types of sockets: á The TCP sockets, known as SOCK_STREAM á The UDP sockets, known as SOCK_DGRAM á The raw sockets, known as SOCK_RAW

Sockets are written as a combination of the IP address and port number separated by a dot character. For example, a socket address for a host using the IP address 192.168.2.1 and port number 23 will be 192.168.2.1.23. Sockets also are written as a combination of the hostname and port names defined in the /etc/inet/services file. If the host 192.168.2.1 has the name fana and port number 23 is defined as the Telnet port in the /etc/inet/services file, the socket address can be written as fana.telnet as well. Wildcards can be used with sockets, usually with unconnected sockets. If a host is listening to the Telnet port and nobody is connected to the port, for example, the socket may also be written as *.telnet or *.23. Connected and open sockets in Solaris machines can be listed using the netstat –a command. A partial output of this command is shown here:

NOTE

Raw sockets are used for all protocols other than TCP or UDP. Using raw sockets, an application can directly use services provided by the IP layer, bypassing the Transport layer. Raw sockets also provide a way to define and use protocols other than TCP or UDP.

Because a port is a 16-bit number, there may be as many as 64K (216) sockets on each host for one IP address.

TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ---- ------ ---- ------ -----*.* *.* 0 0 24576 0 IDLE *.sunrpc *.* 0 0 24576 0 LISTEN *.* *.* 0 0 24576 0 IDLE *.sunrpc *.* 0 0 24576 0 LISTEN *.* *.* 0 0 24576 0 IDLE *.ftp *.* 0 0 24576 0 LISTEN *.telnet *.* 0 0 24576 0 LISTEN *.shell *.* 0 0 24576 0 LISTEN *.shell *.* 0 0 24576 0 LISTEN *.login *.* 0 0 24576 0 LISTEN *.exec *.* 0 0 24576 0 LISTEN *.exec *.* 0 0 24576 0 LISTEN *.uucp *.* 0 0 24576 0 LISTEN *.finger *.* 0 0 24576 0 LISTEN *.time *.* 0 0 24576 0 LISTEN *.echo *.* 0 0 24576 0 LISTEN *.discard *.* 0 0 24576 0 LISTEN *.daytime *.* 0 0 24576 0 LISTEN

195

196

Chapter 4

*.chargen *.32774 *.32775 *.32776 *.32777 *.32778 *.32779 *.fs *.32780 *.lockd *.lockd *.5987 *.8888 *.32788 *.32789 *.32790 *.32791 *.32792 *.* *.6000 fana.telnet

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

*.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* *.* 192.168.2.1.1043

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 8494

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1

24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24576 24820

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN IDLE LISTEN ESTABLISHED

Output of this command has different sections for TCP and UDP sockets as well as for version 4 and version 6 of TCP/IP. The first column in this output shows the local socket address and the second column shows the remote socket address. The last column shows the current state of the socket. The most common states are CONNECTED and LISTENING. The CONNECTED state shows that a client is connected to this socket, and the LISTENING state shows that a server process is listening to incoming connection requests. Initially, when a server process starts, it opens a socket that is in the LISTENING state. When a client has established connection to the socket, it goes into the CONNECTED state. After completing the communication process, the client closes the connection. During the connection process, the socket also goes through some other transient states, which is beyond the scope of this book. In a connected socket, the socket displays as hostname.port if the hostname can be resolved; otherwise it is listed as IP_address.port format. The first column in the last line in the command’s output shows that the local hostname is fana and the port number is the one used for Telnet. You can consult the /etc/inet/services file to find the port number for the Telnet service, which is 23. In the next column, you find the number 192.168.2.1.1043, which shows that the remote client connected to the Telnet port has the IP address 192.168.2.1 and the port number used on the remote Telnet client is 1043. ESTABLISHED in the last column shows that this socket is connected.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

197

Client-Server Application Model Network applications work in a client-server model. As previously discussed, a server is an application running on a host that listens to incoming connection requests and provides a particular service. Clients are typically user applications that connect to server applications to request a service. Each client-server pair uses an Application layer level protocol to exchange information. Some of the most popular Application layer protocols are listed in Table 4.2. TABLE 4.2

Protocol

Description

Simple Mail Transfer Protocol (SMTP)

This protocol is used to exchange electronic mail messages. It uses TCP port number 25.

Network Time Protocol (NTP)

This protocol is used to exchange time information on the network. It is useful to synchronize time on network servers.

File Transfer Protocol (FTP)

This protocol is used to transfer files from one host to another. It uses TCP port 20 and 21.

Post Office Protocol (POP)

This is used to download electronic mail messages from a mail server. It uses TCP port 110.

Client-server is a very powerful model for developing network applications. It provides a systematic way to design and implement public services.

Connection-less and ConnectionOriented Communication As you already learned in Chapter 2, “The TCP/IP Protocol,” servers use connection-less or connection-oriented means of communication. In a connection-oriented service, handshaking takes place between a client and server to establish a connection. Actual communication starts after this handshake is successful. In the case

NOTE

A P P L I C AT I O N L AY E R P R O T O C O L S

The word server is sometimes confused by network users. A server is something that provides a service to clients. It may be a piece of hardware, a software application, or a combination of both. Multiple software server applications may be running on the same physical machine. Also note that a single machine may simultaneously act as a client and as a server for the same or different services.

198

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

of the connection-less communication method, a client starts communicating with a server without establishing any connection. Usually TCP is used for connection-oriented services and UDP is used for connection-less services. Each communication method has its own advantages and disadvantages. Connection-oriented services are more reliable but are slow compared to connection-less services.

CONFIGURING INTERNET SERVICES Network services on a computer are started at boot time so that as soon as a server boots up, it may be accessed by network clients. The server processes run in the background and wait for incoming connection requests from clients. At startup, each server opens one or more sockets on well-known ports. Clients of these services can use these ports to connect to the socket opened by the server process. If a server uses security features, it authenticates network clients when a connection request is made. The usual authentication method is to prompt for a logon name and password. When you use the Telnet client to connect to a Telnet server, for example, it prompts you to enter a logon name and password and then authenticates this logon name and password using different methods. There are two common ways to start these server processes. You can start a service process as a daemon and it will run forever waiting for incoming connection requests. The other way is to use the inetd master daemon, which can listen to incoming connection requests on behalf of other services. The inetd is started at boot time and acts as the master daemon. As soon as a connection request arrives, it invokes the required service process. In principal, each service can be started as daemon or through inetd.

Starting Network Services as a Daemon Startup scripts are used to start network servers at boot time or at any later stage. These scripts are usually present in the /etc/init.d directory on Solaris systems. The same script is used to start or shut down a service. Links to these scripts are present in run-level directories that cause a service to start or shut down in different run levels.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

You also can manually invoke these scripts to start or shut down a service when required.

Starting a Service Manually The startup script for the Sendmail daemon is present as the /etc/init.d/sendmail file. To start the Sendmail daemon, you can use the following command with the start command-line argument: /etc/init.d/sendmail start

The following command can be used to verify that Sendmail is running. The second line in the output shows that the daemon is running: bash-2.03# ps -ef |grep root 410 365 0 ➥sendmail root 407 1 0 ➥/usr/lib/sendmail -bd bash-2.03#

sendmail 21:01:01 pts/2 21:00:13 ? -q15m

0:00 grep 0:00

To manually stop the Sendmail process, you can use the following command with a stop command-line argument: /etc/init.d/sendmail stop

If you use the script without a command-line argument or with a wrong argument, a short help message displays, as shown here:

NOTE

bash-2.03# /etc/init.d/sendmail Usage: /etc/init.d/sendmail { start | stop } bash-2.03#

Other than check whether a service process is running, you also can use the netstat –a command to verify whether a server process is listening to a port. In the preceding case, output of the netstat –a command will show a line similar to the following one if the Sendmail daemon is running (listening to the SMTP port): *.smtp

*.*

0

0 24576

Sample Startup Script for Sendmail Following is the startup script for Sendmail that comes with Solaris. You can see a case statement that causes the script to act differently with various command-line arguments. With a start command-line argument, the script starts the service. With a stop command-line

0 LISTEN

199

200

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

argument, the script kills the Sendmail process. In any other case, it displays a help message: #!/sbin/sh # # Copyright 1992, 1995, 1997 - 1999 by Sun Microsystems, ➥Inc. # All rights reserved. # #ident “@(#)sendmail 1.15 99/01/28 SMI” ERRMSG1=’WARNING: /var/mail is NFS-mounted without setting ➥actimeo=0,’ ERRMSG2=’this can cause mailbox locking and access problems.’ case “$1” in ‘start’) if [ -f /usr/lib/sendmail -a -f ➥/etc/mail/sendmail.cf ]; then if [ ! -d /var/spool/mqueue ]; then /usr/bin/mkdir -m 0750 ➥/var/spool/mqueue /usr/bin/chown root:bin ➥/var/spool/mqueue fi MODE=”-bd” if [ -f /etc/default/sendmail ]; then . /etc/default/sendmail fi # # # * MODE should be “-bd” or null (MODE= or ➥MODE=””) or # left alone. Anything else and you’re ➥on your own. # * QUEUEINTERVAL should be set to some ➥legal value; # a sanity check is done below. # * OPTIONS is a catch-all; set with care. # if [ -z “$QUEUEINTERVAL” ]; then QUEUEINTERVAL=”15m” fi case $QUEUEINTERVAL in *s | *m | *h | *d | *w) ;; *) QUEUEINTERVAL=”15m” ;; esac if [ $QUEUEINTERVAL -le 0 ]; then QUEUEINTERVAL=”15m” fi /usr/lib/sendmail $MODE -q$QUEUEINTERVAL ➥$OPTIONS & fi if /usr/bin/nawk ‘BEGIN{s = 1} $2 == “/var/mail” && $3 == “nfs” && $4 !~ ➥/actimeo=0/ &&

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

$4 !~ /noac/{s = 0} END{exit s}’ /etc/mnttab; ➥then /usr/bin/logger -p mail.crit “$ERRMSG1” /usr/bin/logger -p mail.crit “$ERRMSG2” fi ;; ‘stop’) /usr/bin/pkill -x -u 0 sendmail ;; *) echo “Usage: $0 { start | stop }” exit 1 ;; esac exit 0

How to Create Your Own Startup Script This section explains how to create your own startup script.

STEP BY STEP 4.1 Creating a Startup Script Starting your own network server process is a three-step procedure, as shown here: 1. Create a startup script in the /etc/init.d directory. 2. Add a link to this script in the /etc/rcn.d directory for startup, where n is the run level in which you want to start the server process. Name of this link starts with the letter S. 3. Add a link to this script in the /etc/rcn.d directory for shutdown, where n is the run level in which you want to shut down the server process. Name of this link starts with the letter K.

Now let’s create a simple script for a server process. Suppose that the executable file for this process is /sbin/sample-server and the process will be started in run level 3. It will be shut down in run level 2. The simple script may be as shown here: #!/sbin/sh case “$1” in

201

202

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

‘start’) if [ -f /sbin/sample-server ]; then /sbin/sample-server fi ;; ‘stop’) /usr/bin/pkill -x -u 0 sample-server ;; *) echo “Usage: $0 { start | stop }” exit 1 ;; esac exit 0

Save this script as the /etc/init.d/my-server file. This script has a case statement in it. If you use start as the command-line argument with this script, it will start the server process. When you use stop as the command-line argument, the script will stop the server process. If the command-line argument does not match start or stop, the script will print the usage message shown in the last part of the script. Now link this script to the startup and shutdown directories using the ln command. The following command creates a startup link in the /etc/rc3.d directory. This link will cause the server process to start in run level 3: ln –s /etc/init.d/my-server /etc/rc3.d/S900my-server

The following command creates a shutdown link in the /etc/rc2.d directory. This link will cause the server process to shut down in run level 2:

NOTE

ln –s /etc/init.d/my-server /etc/rc2.d/K900my-server

You might already know that links starting with S start a service and links starting with K stop a service.

Starting Internet Services Using the inetd Daemon The inetd is a master daemon also called a wrapper. It gets started at boot time and can listen to incoming connection requests on behalf of many network services. When an incoming connection request is received, inetd invokes the requested server process and a connection between a client and server is established. A configuration file for this daemon is /etc/inet/inetd.conf, and it is used to provide information to the inetd daemon about which service needs to be started

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

for a particular request. Following is the default /etc/inet/inetd.conf file that comes with Solaris: ##ident “@(#)inetd.conf 1.44 99/11/25 SMI” /* SVr4.0 1.5 */ # # # Configuration file for inetd(1M). See inetd.conf(4). # # To re-configure the running inetd process, edit this ➥file, then # send the inetd process a SIGHUP. # # Syntax for socket-based Internet services: # <service_name> <socket_type> <proto> <user> ➥<server_pathname> <args> # # Syntax for TLI-based Internet services: # # <service_name> tli <proto> <user> ➥<server_pathname> <args> # # IPv6 and inetd.conf # By specifying a <proto> value of tcp6 or udp6 for a ➥service, inetd will # pass the given daemon an AF_INET6 socket. The following ➥daemons have # been modified to be able to accept AF_INET6 sockets # # ftp telnet shell login exec tftp finger printer # # and service connection requests coming from either IPv4 ➥or IPv6-based # transports. Such modified services do not normally ➥require separate # configuration lines for tcp or udp. For documentation on ➥how to do this # for other services, see the Solaris System Administration ➥Guide. # # You must verify that a service supports IPv6 before ➥specifying <proto> as # tcp6 or udp6. Also, all inetd built-in commands (time, ➥echo, discard, # daytime, chargen) require the specification of <proto> as ➥tcp6 or udp6 # # The remote shell server (shell) and the remote execution ➥server # (exec) must have an entry for both the “tcp” and “tcp6” ➥<proto> values. # # Ftp and telnet are standard Internet services. # ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd

203

204

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

➥telnet stream tcp6 nowait root /usr/sbin/in.telnetd ➥in.telnetd # # Tnamed serves the obsolete IEN-116 name server protocol. # name dgram udp wait root /usr/sbin/in.tnamed in.tnamed # # Shell, login, exec, comsat and talk are BSD protocols. # shell stream tcp nowait root /usr/sbin/in.rshd in.rshd shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd login stream tcp6 nowait root /usr/sbin/in.rlogind ➥in.rlogind exec stream tcp nowait root /usr/sbin/in.rexecd ➥in.rexecd exec stream tcp6 nowait root /usr/sbin/in.rexecd ➥in.rexecd comsat dgram udp wait root /usr/sbin/in.comsat ➥in.comsat talk dgram udp wait root /usr/sbin/in.talkd in.talkd # # Must run as root (to read /etc/shadow); “-n” turns off ➥logging in utmp/wtmp. # uucp stream tcp nowait root /usr/sbin/in.uucpd in.uucpd # # Tftp service is provided primarily for booting. Most ➥sites run this # only on machines acting as “boot servers.” # #tftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd ➥-s /tftpboot # # Finger, systat and netstat give out user information ➥which may be # valuable to potential “system crackers.” Many sites ➥choose to disable # some or all of these services to improve security. # finger stream tcp6 nowait nobody /usr/sbin/in.fingerd ➥in.fingerd #systat stream tcp nowait root /usr/bin/ps ps -ef #netstat stream tcp nowait root /usr/bin/netstat ➥netstat -f inet # # Time service is used for clock synchronization. # time stream tcp6 nowait root internal time dgram udp6 wait root internal # # Echo, discard, daytime, and chargen are used primarily ➥for testing. # echo stream tcp6 nowait root internal echo dgram udp6 wait root internal discard stream tcp6 nowait root internal

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

discard dgram udp6 wait root internal daytime stream tcp6 nowait root internal daytime dgram udp6 wait root internal chargen stream tcp6 nowait root internal chargen dgram udp6 wait root internal # # # RPC services syntax: # <rpc_prog>/ <endpoint-type> rpc/<proto> ➥<user> \ # <pathname> <args> # # <endpoint-type> can be either “tli” or “stream” or “dgram”. # For “stream” and “dgram” assume that the endpoint is a ➥socket descriptor. # <proto> can be either a nettype or a netid or a “*”. The ➥value is # first treated as a nettype. If it is not a valid nettype ➥then it is # treated as a netid. The “*” is a short-hand way of saying ➥all the # transports supported by this system, ie. it equates to ➥the “visible” # nettype. The syntax for <proto> is: # *||{[,]} # For example: # dummy/1 tli rpc/circuit_v,udp wait root /tmp/test_svc ➥test_svc # # Solstice system and network administration class agent ➥server 100232/10 tli rpc/udp wait root /usr/sbin/sadmind sadmind # # Rquotad supports UFS disk quotas for NFS clients # rquotad/1 tli rpc/datagram_v wait root /usr/lib/nfs/ ➥rquotad rquotad # # The rusers service gives out user information. Sites ➥concerned # with security may choose to disable it. # rusersd/2-3 tli rpc/datagram_v,circuit_v wait root ➥/usr/lib/netsvc/rusers/rpc.rusersd rpc.rusersd # # The spray server is used primarily for testing. # sprayd/1 tli rpc/datagram_v wait root ➥/usr/lib/netsvc/spray/rpc.sprayd rpc.sprayd # # The rwall server allows others to post messages to users ➥on this machine. # walld/1 tli rpc/datagram_v wait root ➥/usr/lib/netsvc/rwall/rpc.rwalld rpc.rwalld #

205

206

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

# Rstatd is used by programs such as perfmeter. # rstatd/2-4 tli rpc/datagram_v wait root ➥/usr/lib/netsvc/rstat/rpc.rstatd rpc.rstatd # # The rexd server provides only minimal authentication and ➥is often not run # #rexd/1 tli rpc/tcp wait root /usr/sbin/rpc.rexd ➥rpc.rexd # # rpc.cmsd is a data base daemon which manages calendar ➥data backed # by files in /var/spool/calendar # # # Sun ToolTalk Database Server # 100083/1 tli rpc/tcp wait root /usr/dt/bin/rpc.ttdbserverd ➥rpc.ttdbserverd # # UFS-aware service daemon # #ufsd/1 tli rpc/* wait root /usr/lib/fs/ufs/ufsd ufsd -p # # Sun KCMS Profile Server # 100221/1 tli rpc/tcp wait root /usr/openwin/bin/kcms_server kcms_server # # Sun Font Server # fs stream tcp wait nobody /usr/openwin/lib/fs.auto fs # # CacheFS Daemon # 100235/1 tli rpc/tcp wait root /usr/lib/fs/cachefs/cachefsd ➥cachefsd # # Kerberos V5 Warning Message Daemon # 100134/1 tli rpc/ticotsord wait root /usr/lib/krb5/ ➥ktkt_warnd ktkt_warnd # # Print Protocol Adaptor - BSD listener # printer stream tcp6 nowait root /usr/lib/print/in.lpd ➥in.lpd # # GSS Daemon # 100234/1 tli rpc/ticotsord wait root /usr/lib/gss/gssd ➥gssd # # AMI Daemon #

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

100146/1 tli rpc/ticotsord wait root /usr/lib/security/ ➥amiserv amiserv 100147/1 tli rpc/ticotsord wait root /usr/lib/security/ ➥amiserv amiserv # # OCF (Smart card) Daemon # 100150/1 tli rpc/ticotsord wait root /usr/sbin/ocfserv ➥ocfserv dtspc stream tcp nowait root /usr/dt/bin/dtspcd /usr/dt/ ➥bin/dtspcd 100068/2-5 dgram rpc/udp wait root /usr/dt/bin/rpc.cmsd ➥rpc.cmsd # rpc.metad 100229/1 tli rpc/tcp wait root /usr/sbin/rpc.metad ➥rpc.metad # rpc.metamhd 100230/1 tli rpc/tcp wait root /usr/sbin/rpc.metamhd ➥rpc.metamhd # SunVTS Daemon 100153/1 dgram rpc/udp wait root /opt/SUNWvts/ ➥bin/sunvts /opt/SUNWvts/bin/sunvts -g

Lines starting with the hash symbol (#) are comment lines. Lines for common socket-based services in this file are in the following syntax: <service_name> <socket_type> <proto> <user> <server_pathname> <args>

These fields are explained in Table 4.3. TABLE 4.3

SOCKET SERVICE FIELDS Fields

Meaning

Service name

This is the name of the service. This service name is listed in /etc/inetd/services file and is also used by the netstat command.

Socket type

This file shows the socket type used for the service. The stream socket type is used for TCP-based services and dgram socket is used for UDP services. The raw socket type is used for services that use IP directly, bypassing the Transport layer protocol.

Proto

This field shows which protocol will be used for the service. Here you find TCP, UDP, or some other protocol. If a service uses multiple protocols, a combination of these may also be present here. These protocols also are listed in /etc/inet/ protocols file.

continues

207

208

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

TABLE 4.3

continued

SOCKET SERVICE FIELDS Fields

Meaning

Flags

This field is set to wait or nowait. The wait flag is used for UDP services, and nowait is used for TCP services. The nowait flag enables multiple instances of the server process running at the same time.

User

This is the name of the user who will own the server process. For security, different user names are used here.

Server path name

This is the actual server executable file that is started in response to a request.

Args

These are the command-line arguments that may be passed to a server process when it is invoked. The first argument (argument 0) is always the server name itself.

Let’s analyze the following line in the file: telnet stream /usr/sbin/in.telnetd

tcp nowait in.telnetd

root

This line shows that the service name is Telnet and it uses a stream socket type. The protocol used for the service is TCP. The nowait flag shows that multiple server processes may be started by inetd. The user root will own the server processes. The server executable file is /usr/sbin/in.telnetd, and there is no command-line argument for this program because only the executable file name is listed as the argument.

STEP BY STEP 4.2 Starting a Service Through the inetd Daemon To start a service through the inetd daemon, follow these three steps: 1. Add a line for the service name in the /etc/inet/ services file. 2. Add a line for the service in the /etc/inet/ inetd.conf file. 3. Restart the inetd daemon either by sending a HUP signal or by restarting your system.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Advantages and Disadvantages of Using the inetd Daemon There is a basic difference between services started as a daemon and services started through inetd, as noted here: á A server process started as a daemon runs forever, even if there is no client connection request. The process is started at boot time and stays in memory. á A server process started through the inetd daemon is invoked when a request arrives. It serves the request and then dies. Every time a request arrives, it has to be reloaded into the memory again and again. There are pros and cons for each of these methods of starting network services. A service is started as a daemon when there are frequent connection requests. Examples of these services are Sendmail and web servers. For such services, if the server process is started using inetd, the performance can be degraded because inetd has to invoke the executable file in response to each request. For services where the client access is not so frequent, the inetd method is better because you can save memory and CPU cycles by not running all the processes all the time.

A List of Running Services You can display list of currently running services, running either through a daemon process or the inetd daemon, by using the netstat command. Here is an output of the netstat –a command that lists all types of running services for all types of protocols: bash-2.03# netstat -a UDP: IPv4 Local Address Remote Address State -------------------- -------------------- ------*.* Unbound *.sunrpc Idle *.* Unbound *.32771 Idle *.sunrpc Idle *.* Unbound *.32775 Idle *.* Unbound *.* Unbound *.name Idle

209

210

Chapter 4

*.biff *.talk *.time *.echo *.discard *.daytime *.chargen *.32776 *.32777 *.32778 *.32779 *.32780 *.32781 *.32782 *.32783 *.32784 *.32785 0 32768 *.* *.smtp fana.telnet localhost.32878 localhost.32793 localhost.32881 localhost.32880 *.*

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Idle Idle Idle Idle Idle Idle Idle Idle Idle Idle Idle Idle Idle Idle Idle Idle Idle 0 ESTABLISHED *.* *.* desktop.1026 localhost.32793 localhost.32878 localhost.32880 localhost.32881 *.*

0 0 8666 32768 32768 32768 32768 0

0 0 1 0 0 0 0 0

24576 24576 24820 32768 32768 32768 32768 24576

0 0 0 0 0 0 0 0

IDLE LISTEN ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED IDLE

TCP: IPv6 Local Address Remote Address Swind Send-Q Rwind Recv-Q State If --------------------------------- -------------------------------- ---- --------- ------ ---------- ---*.* *.* 0 0 24576 0 IDLE *.sunrpc *.* 0 0 24576 0 LISTEN *.* *.* 0 0 24576 0 IDLE *.ftp *.* 0 0 24576 0 LISTEN *.telnet *.* 0 0 24576 0 LISTEN *.shell *.* 0 0 24576 0 LISTEN *.login *.* 0 0 24576 0 LISTEN *.exec *.* 0 0 24576 0 LISTEN *.finger *.* 0 0 24576 0 LISTEN *.time *.* 0 0 24576 0 LISTEN *.echo *.* 0 0 24576 0 LISTEN

Chapter 4

*.discard 24576 0 LISTEN *.daytime 24576 0 LISTEN *.chargen 24576 0 LISTEN *.32774 24576 0 LISTEN *.32776 24576 0 LISTEN *.32778 24576 0 LISTEN *.32780 24576 0 LISTEN *.printer 24576 0 LISTEN *.32782 24576 0 LISTEN *.32784 24576 0 LISTEN *.32785 24576 0 LISTEN *.lockd 24576 0 LISTEN *.32788 24576 0 LISTEN *.32791 24576 0 LISTEN *.smtp 24576 0 LISTEN

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

*.*

0

0

Active UNIX domain sockets Address Type Vnode Conn Local Addr Remote Addr 3000088fc30 stream-ord 30000073ce8 00000000 /tmp/.X11-unix/X0 3000088fdd8 stream-ord 00000000 00000000 bash-2.03#

You also can display services for a particular protocol. The following command lists only UDP-based services: netstat -a -P udp

RPC Services Remote Procedure Calls (RPC) is a mechanism used to invoke service procedures on a remote network system. The rpcbind is the main server process that handles all RPC requests. The rpcbind server must be running on the server to make a service request to that server machine. Each RPC server process uses a special number known as the RPC program number, which is used to distinguish the service. When any RPC service starts up, it registers itself with the rpcbind

211

212

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

daemon using this number. These program numbers are present in the /etc/rpc file. Some lines of this file are listed in the following: rpcbind rstatd rusersd nfs ypserv mountd ypbind walld yppasswdd etherstatd rquotad sprayd

100000 100001 100002 100003 100004 100005 100007 100008 100009 100010 100011 100012

portmap sunrpc rpcbind rstat rup perfmeter rusers nfsprog ypprog mount showmount rwall shutdown yppasswd etherstat rquotaprog quota rquota spray

Each line starts with an RPC server name. It is followed by the program number used by the server. After that, one or more optional aliases are used for this server name. Any lines starting with hash symbol (#) are comment lines. Because rpcbind is required to register any RPC service, it must be started before starting any other RPC-based service. RPC services are used by network daemons such as NFS. So before starting NFS or another RPC-based service, make sure the rpcbind is already running. If you go through the /etc/inet/inetd.conf file, you will find some RPC services that are started using the inetd daemon. The rpcinfo command is used to display and troubleshoot RPC services. By default, this command lists all RPC-based services registered with rpcbind on the local host, as shown here: bash-2.03# rpcinfo program version netid rpcbind superuser 100000 3 ticots 100000 4 ticotsord 100000 3 ticotsord 100000 4 ticlts 100000 3 ticlts 100000 4 tcp 100000 3 tcp 100000 2 tcp 100000 4 udp 100000 3 udp 100000 2 udp

address

service

owner

100000

fana.rpc fana.rpc fana.rpc fana.rpc fana.rpc 0.0.0.0.0.111 0.0.0.0.0.111 0.0.0.0.0.111 0.0.0.0.0.111 0.0.0.0.0.111 0.0.0.0.0.111

rpcbind rpcbind rpcbind rpcbind rpcbind rpcbind rpcbind rpcbind rpcbind rpcbind rpcbind

superuser superuser superuser superuser superuser superuser superuser superuser superuser superuser superuser

4

ticots

fana.rpc

The list of services generated by rpcbind is quite long. To display a short list, use the following command: bash-2.03# rpcinfo -s program version(s) netid(s) 100000 2,3,4 udp6,tcp6,udp,tcp,ticlts, ticotsord,ticots

service rpcbind

owner superuser

Chapter 4

100232 100011 100002

10 1 3,2

100012 100008 100001 100083 100221 100235 100134 100234 100146 100147 100150 100068 100229 100230 100153 100024

1 1 4,3,2 1 1 1 1 1 1 1 1 5,4,3,2 1 1 1 1

100133

1

100021 100099 300598

4,3,2,1 3 1

805306368

1

100249

1

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

udp,udp6 ticlts,udp,udp6 ticots,ticotsord,tcp,tcp6, ticlts,udp,udp6 ticlts,udp,udp6 ticlts,udp,udp6 ticlts,udp,udp6 tcp,tcp6 tcp,tcp6 tcp,tcp6 ticotsord ticotsord ticotsord ticotsord ticotsord udp tcp,tcp6 tcp,tcp6 udp ticots,ticotsord,ticlts,tcp, udp,tcp6,udp6 ticots,ticotsord,ticlts,tcp, udp,tcp6,udp6 tcp,udp,tcp6,udp6 ticotsord ticots,ticotsord,ticlts,tcp, udp,tcp6,udp6 ticots,ticotsord,ticlts,tcp, udp,tcp6,udp6 ticots,ticotsord,ticlts,tcp, udp,tcp6,udp6

sadmind rquotad rusersd

superuser superuser superuser

sprayd walld rstatd amiserv amiaux ocfserv metad metamhd status

superuser superuser superuser superuser superuser superuser superuser superuser superuser superuser superuser superuser superuser superuser superuser superuser

-

superuser

nlockmgr -

superuser superuser superuser

-

superuser

-

superuser

bash-2.03#

You also can use this command to display registered services on other hosts by specifying the hostname on the command line. The following command will show all registered RPC services in short format on the host fana: rpcinfo –s fana

COMMON TCP/IP UTILITIES This section demonstrates the use of some common TCP/IP utilities that every network user frequently uses. If you are an old-timer in the network world, you can safely skip this section. The FTP command is used to transfer files from one host to another on a network. The Telnet client is used to log on to a remote host. The finger command is used to find information about a user on a local or remote host. Email is used to send messages to another user on a network. The following sections describe each of these.

213

214

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Using FTP File Transfer Protocol (FTP) is a client-server system used to transfer files from one host to another host. A user connects to the FTP server using an FTP client. FTP clients can be a text-based command-line utility, a GUI tool, or a web browser. The FTP server accepts many commands from the client to perform operations on files and directories. Files can be transferred in text or binary modes. If a file is transferred in text mode, the client takes care of the proper format conversion. As you might know, in Solaris (and other UNIX systems), there is no carriage return character at the end of the line. All lines end with a linefeed character. In Microsoft Windows-based systems, however, each line in text files has both characters at the end. If you transfer a file from Solaris to a Windows system, the client will automatically insert a carriage return character at the end of each line. So the size of the text file transferred from Solaris to Windows may differ. FTP sessions time out after a period of inactivity. By default, an FTP server on Solaris disconnects after 15 minutes. Some clients use the NOOP command to keep the session alive. At the time of establishing a connection, the client must provide a username and password when prompted by the server. After logon, the user has the same privileges for file operations as the logon name used. In addition to transferring files, you can perform other operations on files and directories. Examples of these operations are creating directories, deleting directories, deleting files, and so on.

Using the FTP Client The ftp command is used to connect to an FTP server. You have to provide the server name or IP address at the command line to connect to a server. When you start this command, the server prompts for a logon name followed by a password. A typical FTP logon session is shown here: bash-2.03# ftp fana Connected to fana. 220 fana FTP server (SunOS 5.8) ready. Name (fana:rrehman): rrehman 331 Password required for rrehman. Password: 230 User rrehman logged in. ftp>

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

After logon, you get the ftp> prompt. By default, you enter the home directory of the user whose ID was used to log on to the FTP server. At the FTP command prompt, you can use many FTP commands. You can display a list of available commands using the help command, as shown here: ftp> help Commands may be abbreviated. ! $ account append ascii bell binary bye case cd cdup close ftp>

cr delete debug dir disconnect form get glob hash help lcd ls

Commands are: macdef mdelete mdir mget mkdir mls mode mput nmap ntrans open prompt

proxy sendport put pwd quit quote recv remotehelp rename reset rmdir runique

send status struct sunique tenex trace type user verbose ?

To get help with a particular command, you can use the command name as an argument to the help command. The command help dir will give you information about the dir command. To list files on the server, for example, use the ls or dir command at the FTP command prompt, as follows: ftp> dir 200 PORT command successful. 150 ASCII data connection for /bin/ls (192.168.2.222,32801) (0 bytes). total 66956 drwxr-xr-x 6 rrehman staff 1024 Jan 2 22:05 . drwxr-xr-x 5 root root 512 Dec 24 13:29 .. -rw------1 rrehman staff 445 Dec 31 19:57 .bash_history drwxr-xr-x 11 rrehman staff 512 Dec 31 12:58 .dt -rwxr-xr-x 1 rrehman staff 5111 Dec 24 13:29 .dtprofile -rw-r--r-1 rrehman staff 79 Dec 31 16:12 .plan -rw-r--r-1 rrehman staff 582 Dec 16 11:00 .profile -rw-r--r-1 rrehman staff 5 Dec 31 19:37 .rhosts drwx-----2 rrehman staff 512 Dec 31 12:45 .solregis -rw------1 rrehman staff 75 Dec 31 12:45 .TTauthority -rw-r--r-1 rrehman staff 2048 Dec 31 12:47 .user52.rdb -rw------1 rrehman staff 147 Dec 31 12:44 .Xauthority -rw-r--r-1 root other 6598201 Dec 17 21:15 acrobat-405.tar.gz -rw-r--r-1 root other 659 Dec 28 13:02 arp-rep.txt -rw-r--r-1 root other 667 Dec 28 12:56 arp-req.txt drwxr-xr-x 2 root other 2048 Dec 29 17:48 book -rw-r--r-1 root other 5614 Dec 17 12:01 fig02-02.tif -rw-r--r-1 root other 7504 Dec 25 19:04 fig04-01.tif -rw-r--r-1 rrehman staff 19382718 Dec 16 13:52 gcc-2.95.gz 226 ASCII Transfer complete.

215

216

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

2053 bytes received in 0.016 seconds (124.58 Kbytes/s) ftp> ftp> ls 200 PORT command successful. 150 ASCII data connection for /bin/ls (192.168.2.222,32803) (0 bytes). acrobat-405.tar.gz arp-rep.txt arp-req.txt book fig02-02.tif fig04-01.tif gcc-2.95.gz 226 ASCII Transfer complete. 249 bytes received in 0.019 seconds (12.58 Kbytes/s) ftp>

As you can see, there are some differences between ls and dir commands. The dir command also lists hidden files. To set the ASCII transfer mode, you use the ascii command. Similarly, to set the binary mode for file transfer, you use the binary command. Commands can be abbreviated as long as the abbreviation uniquely represents a particular command. For example, you can use bin in place of binary to set the Binary mode of file transfer. You use the put command to upload a file from the FTP client host to the server host. You can use the get command to download a file from the server host to the client host. The following two commands set the Binary mode of transfer, and it downloads the file fig02-02.tif from the server host to the current directory on your local host: ftp> binary 200 Type set to I. ftp> get fig02-02.tif 200 PORT command successful. 150 Binary data connection for fig02-02.tif (192.168.2.222,32804) (5614 bytes). 226 Binary Transfer complete. local: fig02-02.tif remote: fig02-02.tif 5614 bytes received in 0.02 seconds (272.00 Kbytes/s) ftp>

Some important FTP commands are listed in Table 4.4. TABLE 4.4

I M P O R TA N T FTP C L I E N T C O M M A N D S Command

Description

ascii

Use ASCII mode of file transfer.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Command

Description

binary

Use Binary mode of file transfer.

bye

End FTP session.

cd

Change directory on server.

dir

List files on the server.

get

Download a file.

help

Get help on a command.

lcd

Change the directory on local host.

mget

Download multiple files.

mput

Upload multiple files.

put

Upload a file.

pwd

Display the current directory on the server.

?

Same as the help command.

Configuring the FTP Server The FTP server on Solaris is run through the inetd daemon. The following line in the /etc/inet/inetd.conf file enables the FTP server: ftp stream ➥in.ftpd

tcp6

nowait

root

/usr/sbin/in.ftpd

The FTP server uses two TCP ports, 20 and 21, for its operation. The following two lines in the /etc/inet/services file list the FTP ports: ftp-data ftp

20/tcp 21/tcp

Port number 21 is used to establish a connection while port number 20 is used for the data stream. You can use different switches with the in.ftpd daemon as listed in Table 4.5. TABLE 4.5

COMMAND-LINE OPTIONS USED

WITH IN.FTPD

Switch

Description

-d

Debug information will be logged to the syslogd daemon.

-l

All FTP sessions will be logged to the syslogd daemon.

continues

217

218

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

TABLE 4.5

continued

COMMAND-LINE OPTIONS USED

WITH IN.FTPD

Switch

Description

-t

Sets the FTP server timeout. If there is no activity within this time, the FTP session is closed.

If the FTP server is configured and running, the netstat command should give you an output like the following: bash-2.03# netstat -a |grep ftp *.ftp *.* ➥24576 0 LISTEN *.ftp ➥0 0 24576 0 LISTEN bash-2.03#

0

0

*.*

If the FTP server is not running, the command will not generate any output at all.

Disabling the FTP Server To disable the FTP server, comment out the following line in the /etc/inet/inetd.conf file by inserting a hash sign (#) at the beginning of the line. You have to restart the inetd daemon after commenting the line so that changes take effect. ftp stream ➥in.ftpd

tcp6

nowait

root

/usr/sbin/in.ftpd

Anonymous FTP Anonymous FTP is used to allow everybody access to a limited part of an FTP server. Usually public files are kept in this area. All users can log on to the server using anonymous logon and by providing an email address as the password. The following is a typical logon to an anonymous FTP server: bash-2.03# ftp ftp.newriders.com Connected to ftp.newriders.com. 220-************************************* 220-********* FTP.NEWRIDERS.COM ********* 220-************************************* 220220 ftp.newriders.com FTP server (Version wu-2.6.1(2) Thu ➥Oct 26 20:22:47 EDT 20 00) ready.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Name (ftp.newriders.com:rrehman): anonymous 331 Guest login ok, send your complete e-mail address as ➥password. Password: 230-Welcome to ftp.newriders.com. 230-Restrictions Apply! 230230230-- Management 230230230-Please read the file README 230- it was last modified on Thu Oct 26 22:58:48 2000 - 68 days ago 230 Guest login ok, access restrictions apply. ftp>

You can also transfer files using FTP with a web browser. To connect to an FTP server, such as ftp.newriders.com, as an anonymous user, you have to use the following URL:

NOTE

Using FTP with a Web Browser Anonymous FTP is a potentially problematic service. Do not use it if you don’t really need it!

ftp://ftp.newriders.com

Figure 4.1 shows a screen shot of the Netscape browser when you use this URL. After getting the list of files in your web browser, you can click any file to download it. When you click a directory icon, you just move inside this directory and files in that directory are listed in the browser window.

FIGURE 4.1 FTP using a web browser.

219

220

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Using Telnet Telnet is used to remotely log on to a host. The Telnet client connects to the Telnet server on the destination host using TCP port 23. The Telnet server is also launched using the inetd daemon. The following line in the /etc/inet/inetd.conf file enables or disables the Telnet server: telnet stream tcp6 nowait ➥telnetd in.telnetd

root

/usr/sbin/in.

Telnet is a very useful tool to log on to a remote host. To verify whether the Telnet server is running on your host, the following command should display an open socket with the LISTEN state: bash-2.03# netstat -a|grep telnet *.telnet *.* ➥24576 0 LISTEN bash-2.03#

0

0

Using the Telnet Client Figure 4.2 shows a Telnet logon session. This example logs on to a host with the IP address 192.168.2.222. If you have a hostname mapped to the IP address, you also can use that hostname to telnet to a server. The Telnet client tries to connect to the Telnet server and when the connection is established, a prompt appears. At this prompt, you have to enter a valid username followed by a password. If the username and password are valid, you are allowed to log on to the server. FIGURE 4.2 A Telnet logon session.

Using the Telnet Escape Character (^]) During the telnet session, you can use the escape sequence ^] by pressing Ctrl+]. This sequence brings you to the telnet> prompt where you can use different commands. The following is the response you should get when you use this escape sequence just after logon: bash-2.03$ telnet fana Trying 192.168.2.222... Connected to fana. Escape character is ‘^]’.

SunOS 5.8 login: rrehman Password: Last login: Wed Jan 24 20:38:17 from 192.168.2.100 $ telnet>

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Now, if you use the help command at the telnet> prompt, you get a list of commands that can be used, as shown here: telnet> help Commands may be abbreviated. close logout ➥connection display mode ➥?’ for more) open quit send ➥more) set unset ➥more) status toggle ➥more) slc ➥for more) z ! environ ➥for more) ? telnet>

Commands are:

close current connection forcibly logout remote user and close the display operating parameters try to enter line or character mode (‘mode connect to a site exit telnet transmit special characters (‘send ?’ for set operating parameters (‘set ?’ for more) unset operating parameters (‘unset ?’ for print status information toggle operating parameters (‘toggle ?’ for change state of special charaters (‘slc ?’ suspend telnet invoke a subshell change environment variables (‘environ ?’ print help information leave command mode

You can use the close command to close a Telnet session, as follows:

You can use the Telnet client to connect to a port that is different from the standard Telnet port 23. This is a very handy feature to verify whether a server is running on a remote host. To connect the Telnet client to a different port, use the following syntax: telnet hostname [port_number]

To connect to port 25 on the host fana, use the following command: telnet fana 25

EXAM

Using Telnet to Verify a Remote Server Process

TIP

telnet> close Connection closed. bash-2.03$

Sometimes things go bad in Telnet sessions and you cannot get the prompt back in the Telnet window. The close command is handy for such a situation.

221

222

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

The following section shows how you can use the Telnet client to verify if the mail server and SMTP server are running on host 192.168.2.222.

The SMTP (Electronic Mail) Server Test The following session shows the Telnet client session with an SMTP server. Lines shown in boldface show the user input. As you can see from this session, you can use SMTP commands to talk to the SMTP server. If no SMTP server is running on the destination host, you cannot connect to it: bash-2.03# telnet 192.168.2.222 25 Trying 192.168.2.222... Connected to 192.168.2.222. Escape character is ‘^]’. 220 fana ESMTP Sendmail 8.9.3+Sun/8.9.3; Mon, 25 Dec 2000 ➥19:10:42 -0800 (PST) helo fana.com 250 fana Hello fana [192.168.2.222], pleased to meet you help 214-This is Sendmail version 8.9.3+Sun 214-Topics: 214HELO EHLO MAIL RCPT DATA 214RSET NOOP QUIT HELP VRFY 214EXPN VERB ETRN DSN 214-For more info use “HELP ”. 214-To report bugs in the implementation contact Sun ➥Microsystems 214-Technical Support. 214-For local information send email to Postmaster at your ➥site. 214 End of HELP info quit 221 fana closing connection Connection closed by foreign host. bash-2.03#

The quit command brings back the command prompt.

The FTP Server Test The following session tests the presence of an FTP server. The FTP server is using port 21 to listen to incoming requests and you use the same port number to connect to the server. From the following output, you can see that there has to be a password to log on to the host with the username rrehman: bash-2.03$ telnet fana 21 Trying ::1... Connected to fana.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Escape character is ‘^]’. 220 fana FTP server (SunOS 5.8) ready. USER rrehman 331 Password required for rrehman. PASS abcd349 230 User rrehman logged in. LIST 425 Can’t build data connection: Connection refused. HELP 214-The following commands are recognized: USER EPRT STRU MAIL* ALLO CWD STAT* XRMD PASS LPRT MODE MSND* REST* XCWD HELP PWD ACCT* EPSV RETR MSOM* RNFR LIST NOOP XPWD REIN* LPSV STOR MSAM* RNTO NLST MKD CDUP QUIT PASV APPE MRSQ* ABOR SITE* XMKD XCUP PORT TYPE MLFL* MRCP* DELE SYST RMD STOU 214 (*’s => unimplemented) NOOP 200 NOOP command successful. MKD test 257 MKD command successful. quit 221 Goodbye. Connection closed by foreign host. bash-2.03$

Use the USER command to set the username, and the PASS command to enter the password for the user. The MKD command is used to create the test directory.

Using the finger Command The finger command is used to list currently logged on users on a remote host or to find information about a particular user. The finger command lists logged on users on a local host: bash-2.03# finger Login Name root Super-User rrehman ??? 199.30.29.27 ➥bash-2.03#

TTY console pts/2

Idle When Where 4 Thu 20:13 :0 Thu 20:02

The following command shows some information about user rrehman on the local host: bash-2.03# finger rrehman Login name: rrehman Directory: /export/home/rrehman Shell: ➥/usr/bin/bash On since Jan 4 20:02:13 on pts/2 from 192.168.29.27 No unread mail

223

224

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Plan: Complete the Solaris book as soon as possible. Make it useful for the reader. bash-2.03#

This information includes the following: á Home directory of user rrehman á Shell used by the user á If the user is currently logged on, his logon time, and the port on which he is logged on á Number of unread mail messages á First line of .project file in the home directory of the user rrehman á Contents of .plan file in the home directory of user rrehman The following command shows the short form of information about user rrehman at host fana: bash-2.03# finger rrehman@fana [fana] Login Name TTY ➥Where rrehman ??? pts/2 ➥199.30.29.27 bash-2.03#

Idle

When Thu 20:02

The following command lists information about all the users on host fana in long format: bash-2.03# finger -l @fana [fana] Login name: root In real life: ➥Super-User Directory: / Shell: ➥/usr/bin/bash On since Jan 4 20:13:59 on console from :0 5 minutes 31 seconds Idle Time No unread mail No Plan. Login name: rrehman Directory: /export/home/rrehman Shell: ➥/usr/bin/bash On since Jan 4 20:02:13 on pts/2 from 199.30.29.27 No unread mail Plan:

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

225

Complete the Solaris book as soon as possible. Make it useful for the reader. bash-2.03#

The rwho command lists all the users on the hosts present on the local network. The in.rwhod daemon must be running to use this command. Typical output of this command is shown here: bash-2.03# rwho root fana:console Jan root fana:pts/5 Jan rrehman fana:pts/2 Jan bash-2.03#

4 20:13 :20 4 20:22 :08 4 20:02

Using the rup Command The rup command is used to list uptime, load average, and other information about hosts present on the local network. The command uses the UDP broadcast method to send a packet to all hosts on a network and get the information back. The following command shows output of the rup command received on my local network: bash-2.03# rup fana up ➥0.06, 0.06, 0.09 fana-nt up ➥0.06, 0.06, 0.09 fe80::a00:20ff: up ➥0.05, 0.06, 0.09 bash-2.03#

25 mins,

load average:

25 mins,

load average:

25 mins,

load average:

You can specify a list of hosts on the command line to find information about those hosts only. You also can use command-line options to sort the output of this command. These options are listed in Table 4.6. TABLE 4.6

COMMAND-LINE OPTIONS

FOR THE RUP

Option

Description

-h

Sort display by hostname.

-l

Sort display by load average.

-t

Sort display by uptime.

COMMAND

CAUTION

Using the rwho Command

The finger command may be used in an attack, so it is recommended to disable it.

226

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Using the ruptime Command The ruptime command displays additional information that the rup command doesn’t display. This command needs the in.rwhod daemon and additionally displays the number of users logged on to all systems. Typical output of the command is shown here: bash-2.03# ruptime -a fana up 0:44, ➥0.03 bash-2.03#

3 users,

COMMANDS STARTING

load 0.00, 0.00,

WITH

r

Some commands on Solaris systems start with the letter r and have special features associated with them. These commands are used for access to a remote host on the network, usually without requiring a password. These commands are handy for shell scripts that interact with multiple hosts on a network. Table 4.7 shows some of these commands and their use. TABLE 4.7

C O M M A N D S S TA R T I N G

WITH

r

Command

Description

rcp

Remote file copy.

rlogin

Remote Login.

rsh

Execution of command on a remote host.

remsh

Same as rsh command.

Configuring r Commands Two files on the remote host control access to the host for these commands. The systemwide control file is /etc/hosts.equiv. In addition, each user can have a files named .rhosts (dot rhosts) in her home directory that gives special permission on a per-user basis. The

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

remote host will not require a password for r commands if one of the following conditions is true: á The current hostname where a user is logged on and the username are listed in the /etc/hosts.equiv file on the remote host. á Your system name and username are listed in the .rhosts file of the user on the remote system.

Format of the /etc/hosts.equiv File The /etc/hosts.equiv file determines which users on particular hosts are allowed access to the r commands. Each entry in the file may start with a positive or negative sign. The general format of each line is as follows: hostname [username]

When a connection request for an r command is received on a host, it searches through this file to find a matching hostname entry for the client. The search to find the hostname continues until a matching entry is found or until the file ends. If a matching entry with a positive sign is found, the user is granted access. A user is denied access if a matching entry with a negative sign is found or you reach the end of the file. The username is optional. If no username is specified, all users of a remote host are granted access. Some example entries in these files are listed in this section. The following line in this file will allow user kaka to use the r commands from any host: + kaka

The following line will allow every user of a host fana: fana +

The following line will explicitly deny access to user kaka on the host fana: fana –kaka

The following line allows every user on every host (quite dangerous!) to access the r commands: +

227

228

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Order of the entries plays an important role. The search process finishes when the first matching entry is found. If there are multiple entries in the files for the same user, only the first entry is used. For example, the second line for user kaka on host fana is meaningless because he has been denied access by the first line: fana –kaka fana +

CAUTION

The following search order is used for entries in this file: Using the r services is extremely risky and may have serious security implications if they are misconfigured. If at all possible, do not use these services and promote the use of other methods of secure remote access. If you place a plus sign only in the first line of the file, for example, everybody in the universe is declared a trusted user and no other entry in the file is ever consulted. This is a big security hole and must be taken care of by the system administrators.

á

+

á

-hostname

á

+hostname

Format of the ~/.rhosts File Syntax of the .rhosts file is similar to the /etc/hosts.equiv file. This file is used to specify trusted users and hosts on a per-user basis. If authentication for a user fails from the /etc/hosts.equiv file, the remote hosts checks for .rhosts file in the home directory of the user that is claiming to be trusted. If the user is authenticated by this file, the user is allowed to use r commands without a password. A remote user can be declared trusted by individual users even if the user is declared as explicitly untrusted by the /etc/hosts.equiv file. A major difference between the .rhosts file and the /etc/hosts.equiv file is that you can grant access to users or remote hosts who want to access r commands with your usernames. If your logon name is kaka on host solaris7 and you want to grant access to a remote user majha on a remote host fana to use your own account, for example, add the following line in your .rhosts file: fana majha

The user majha can then specify your username and your hostname on the command line when using the r command. When user majha needs to copy the file /etc/hosts from host solaris7 to his local home directory, for example, he will use the following rcp command on remote host fana: rcp kaka@solaris7:/etc/hosts ~/

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

Using the rlogin Command The rlogin command is similar to the telnet command and is used for remote login. The only difference is that if configured properly, the command allows you to log on to a remote host without entering a password. This feature makes this command very useful when using shell scripts to carry out tasks automatically on the remote machines. The following is a typical session of remote logon using the rlogin command: bash-2.03$ rlogin fana Last login: Sun Dec 31 19:37:12 from fana bash-2.03$

As you can see from the listing, you don’t need to enter a password to log on to a remote host with this command. If the r services are not configured properly, you have to enter a password even for this command to log on to the remote host.

Using the rcp Command The rcp command is used to copy files to and from a remote host without entering a password. This is another way to copy files such as FTP without entering a password. The following command copies the /etc/profile file from host fana to the current directory on the local host: bash-2.03# rcp fana:/etc/profile ./ bash-2.03#

The following command copies the test.txt file from the local directory to the /export/home/rrehman directory on host fana: bash-2.03# rcp test.txt fana:/export/home/rrehman bash-2.03#

The rcp command does not ask for a password like FTP does, which makes it very useful to be used in shell scripts. It also can be used to copy complete directory trees from one host to another. The following command copies the entire /var/lp tree from host fana to the current directory: bash-2.03# rcp -r fana:/var/lp ./ bash-2.03#

229

230

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

If the –p option is used with the command, the command also tries to copy the same file permissions, ownerships, and modification times with each file. To use another username at the remote host rather than the current username, the username@hostname format is used. For example, the following command uses username kaka on hostname fana to copy the /etc/profile file to the current directory on the local host: bash-2.03# rcp kaka@fana:/etc/profile ./ bash-2.03#

Keep in mind that you must have permission to use another user name on the remote host.

Using the rsh Command The rsh command is used to execute a command on a remote host. The command is executed on a remote machine and the results display on the local terminal. The following command lists files in the /etc/inet/hosts directory on host fana: bash-2.03$ rsh fana ls /etc/inet datemsk.ndpd hosts inetd.conf ipnodes ipsecinit.sample mipagent.conf-sample mipagent.conf.fa-sample mipagent.conf.ha-sample netmasks networks ntp.client ntp.server protocols services slp.conf.example sock2path bash-2.03$

IMPORTANT INTERNET SERVICES PORT NUMBERS

AND

Table 4.8 shows a list of important services that may be useful from a certification point of view.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

TABLE 4.8

PORTS USED

BY

DIFFERENT INTERNET SERVICES

Service

Protocol

Port

FTP

TCP

20, 21

Telnet

TCP

23

SMTP

TCP

25

NTP

TCP, UDP

123

DNS

TCP, UDP

53

TFTP

UDP

69

POP3

TCP

110

TROUBLESHOOTING Troubleshooting is the most important job of a network administrator. With good troubleshooting skills, you can diagnose problems and fix them before they become a major problem. Therefore, in addition to experience, you should know how to use the troubleshooting tools discussed in the following sections.

Using netstat and rpcinfo Commands The netstat and rpcinfo commands have already been discussed in this book. They are briefly described here to emphasize their importance. The netstat command shows all the open ports and servers running on a host. It also shows established connections. In addition to troubleshooting network services, there are many other uses of the netstat command. The rpcinfo command is the basic command to troubleshoot RPC-based services on local and remote hosts.

Using ndd Command This command also has been discussed in previous chapters. In addition to the other uses of the ndd command, it can show you statistics for both TCP and UDP protocols on a per-port basis. The

231

232

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

following command shows UDP port statistics. It shows open UDP ports and established connections and remote port numbers used in case of an established connection. The following is an example of this command that shows the status of UDP ports: bash-2.03# ndd /dev/udp udp_status UDP lport src addr dest addr ➥state 300005516d0 0 :: :: 0 UNBOUND 30000551310 111 :: :: 0 IDLE 30000551590 0 :: :: 0 UNBOUND 30000551090 32771 :: :: 0 IDLE 300005507d0 111 ::ffff:0.0.0.0 :: 0 IDLE 30000550690 0 :: :: 0 UNBOUND 30000550410 32775 ::ffff:0.0.0.0 :: 0 IDLE 300005e5818 0 :: :: 0 UNBOUND 300005e51d8 0 :: :: 0 UNBOUND 300005e4918 42 ::ffff:0.0.0.0 :: 0 IDLE 30000639960 512 ::ffff:0.0.0.0 :: 0 IDLE 300006396e0 517 ::ffff:0.0.0.0 :: 0 IDLE 30000638ce0 37 :: :: 0 IDLE 300006387e0 7 :: :: 0 IDLE 300006382e0 9 :: :: 0 IDLE 3000062bd28 13 :: :: 0 IDLE 3000062b828 19 :: :: 0 IDLE 3000062b468 32776 :: :: 0 IDLE 3000062b328 32777 ::ffff:0.0.0.0 :: 0 IDLE 3000062b0a8 32778 :: :: 0 IDLE 3000062ae28 32779 ::ffff:0.0.0.0 :: 0 IDLE 3000062aba8 32780 :: :: 0 IDLE 3000062a928 32781 ::ffff:0.0.0.0 :: 0 IDLE 3000062a1a8 32782 :: :: 0 IDLE 3000061be70 32783 ::ffff:0.0.0.0 :: 0 IDLE 3000061bbf0 32784 :: :: 0 IDLE 3000061b970 32785 ::ffff:0.0.0.0 :: 0 IDLE 3000061b6f0 32786 :: :: 0 IDLE 3000061b470 32787 ::ffff:0.0.0.0 :: 0 IDLE 30000603ab8 32788 ::ffff:0.0.0.0 :: 0 IDLE 30000602e38 32789 ::ffff:0.0.0.0 :: 0 IDLE

port

Each line in the preceding output shows a UDP port number, source and destination host addresses, and the current status of the port.

Checking TCP Status The following command shows TCP protocol statistics. In the case of connected ports, it lists local and remote port numbers: bash-2.03# ndd /dev/tcp tcp_status TCPB dest snxt ➥rnxt rack

suna

swnd

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

rwnd rto mss w sw rw t recent [lport,fport] ➥state 300002ac538 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375 01220 0 00 14 0 00000000 [0, 0] TCP_IDLE 30000550cd0 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375 01220 0 00 14 0 00000000 [111, 0] TCP_LISTEN 30000550a50 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375 01220 0 00 14 0 00000000 [0, 0] TCP_IDLE 30000550190 ::ffff:0.0.0.0 00000000 00000000 0000000000 ➥00000000 00000000 00000 24576 03375 00536 0 00 14 0 00000000 [111, 0] TCP_LISTEN 300005e5e58 ::ffff:0.0.0.0 00000000 00000000 0000000000 ➥00000000 00000000 00000 24576 03375 00536 0 00 14 0 00000000 [0, 0] TCP_IDLE 300005e4e18 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375 01220 0 00 14 0 00000000 [21, 0] TCP_LISTEN 300005e4b98 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375 01220 0 00 14 0 00000000 [23, 0] TCP_LISTEN 300005e4698 ::ffff:0.0.0.0 00000000 00000000 0000000000 ➥00000000 00000000 00000 24576 03375 00536 0 00 14 0 00000000 [514, 0] TCP_LISTEN 300005e4418 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375 01220 0 00 14 0 00000000 [514, 0] TCP_LISTEN 300005e4198 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375 01220 0 00 14 0 00000000 [513, 0] TCP_LISTEN 30000639e60 ::ffff:0.0.0.0 00000000 00000000 0000000000 ➥00000000 00000000 00000 24576 03375 00536 0 00 14 0 00000000 [512, 0] TCP_LISTEN 30000639be0 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375 01220 0 00 14 0 00000000 [512, 0] TCP_LISTEN 30000639460 ::ffff:0.0.0.0 00000000 00000000 0000000000 ➥00000000 00000000 00000 24576 03375 00536 0 00 14 0 00000000 [540, 0] TCP_LISTEN 300006391e0 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375 01220 0 00 14 0 00000000 [79, 0] TCP_LISTEN 30000638f60 :: 00000000 00000000 0000000000 00000000 ➥00000000 0000024576 03375

You should experiment with these commands as much as you can before taking the test.

233

234

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

C A S E S T U DY : I N T E R N E T S E R V I C E S ESSENCE OF THE CASE

FOR AN

ISP

. For small number of users, it is perfectly alright to use a single server for multiple services.

The NextStep Internet Services Company wants to move its Internet services to a Solaris machine. The services are provided in a small town and a single host can run email, web, and FTP servers. The company needs to decide which of these services should be run as a daemon and which should be started through inetd.

. Services that are not frequently used can be started through the inetd daemon.

A N A LY S I S

The following items are the essentials of the case:

A server frequently contacted by clients should be running as a daemon. The advantage is that the server process stays in memory and serves the requests upon arrival. There is no loading and unloading of the server process for each request, making response time fast. Servers that are not used frequently may be started using inetd. Every time a request comes in, the server process is loaded into the memory and it terminates after serving the request. Generally, email and web services are the most commonly used. Both of these services should be started in Daemon mode. The FTP server is not used frequently, and it can be started using the inetd daemon.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

235

CHAPTER SUMMARY KEY TERMS • client • server • connection-oriented services • connection-less services • socket • port • inetd daemon • Remote Procedure Calls (RPC)

This chapter was devoted to client-server concepts and configuration and management of network services on Solaris. The chapter started with some basic terminology used in the client-server model of user applications. Then you learned about ports and sockets. Port numbers are used to distinguish among different servers running on the same host. A socket is a connection point for clients to connect to a server. A socket also is a combination of the IP address and port number and may be written in dot notation just like IP addresses. Ports are used at the Transport layer level and common services are assigned well-defined port numbers. Well-known port numbers are defined in the /etc/services file. Opened port numbers and connected sockets can be displayed using the netstat command. This chapter also covered the configuration of network services on a Solaris system. A service may be started as a daemon or through inetd on demand. If a service is configured to be started through inetd, the server process is invoked when a connection request is received. To start services at the boot time, startup and shutdown scripts are used. These scripts are present in the /etc/init.d directory. You also learned about RPC-based services. These services are used to invoke a procedure on a remote host. RPC services register themselves with the rpcbind daemon on startup. The rpcinfo command is the main command to troubleshoot RPC-based services. Client-service based utilities, such as FTP and Telnet were presented, including an example of using Telnet as a troubleshooting tool for other services. Other utilities presented in this section were finger, rwho, rup and ruptime. An important part of Solaris network administration is the use of r commands. These commands are very useful for shell scripting, but there are some security risks involved with them. You should now know how to configure these commands and how to use rlogin, rcp, and rsh. The rlogin command is used for remote logon, rcp is used to transfer files from one host to another, and rsh is used to execute a command on a remote host. Finally, you should know the port numbers used for common network services.

236

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

A P P LY Y O U R K N O W L E D G E

Exercises

4. Use the netstat command to verify that Telnet is disabled.

4.1

5. Try to Telnet to the server; you should not get any response to the telnet command.

Listing Services Enabled on a Solaris Host

This exercise is used to list services enabled on a Solaris host.

6. Enable the service again by un-commenting the Telnet line and by restarting the inetd daemon.

Estimated Time: 10 minutes 1. Display the contents of the /etc/services file and try to find the port numbers used by the services you know. 2. Find out which services use the TCP protocol and which services use the UDP protocol. 3. Find out which services use both TCP and UDP. 4. Finally, use the netstat –a command to find out which of these services are currently running. 4.2

Enabling and Disabling Services Started by the inetd Daemon

The purpose of this exercise is to demonstrate how to enable and disable the services started by the inetd daemon. Estimated Time: 10 minutes 1. Display contents of the /etc/inet/inetd.conf file and see which services are being started by inetd daemon.

Review Questions 1. Can a computer act as a server for multiple services? 2. What is the difference between a port and a socket? 3. List three common client-server-based services used in Solaris.

Exam Questions The answers to these questions are provided in Appendix E, “Answers to Sample Exam Questions.” 1. What is true about the client-server model of services? Choose all true statements. A. RPC-based services also work in clientserver model. B. A computer may act as a client or a server at one time, but not both.

2. Disable the Telnet service by commenting out the line that is being used for Telnet.

C. Multiple services may run on the same host simultaneously.

3. Restart the inetd daemon by sending a HUP signal.

D. Client-server-based utilities use only the TCP protocol.

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

237

A P P LY Y O U R K N O W L E D G E 2. Port number are used in which layer of the OSI model? A. Network layer B. Transport layer C. Application layer D. Physical layer 3. Which port number is used by Telnet?

C. The rpcd daemon D. The nfsd daemon 7. Which type of socket is used for the service started using the following line in /etc/inet/inetd.conf file? login stream tcp6 ➥/usr/sbin/in.rlogind

A. TCP socket

A. 25

B. UDP socket

B. 23

C. Raw socket

C. 21

D. All of the above

D. 110 4. What is true about a socket? Check all that apply.

8. What is the escape sequence used with Telnet? A. ^]

A. It is the same as port number.

B. ^[

B. It is the same as IP address on the server.

C. ^}

C. It is the same as IP address on the client.

D. ^{

D. It is a combination of IP address and port number. 5. Which file lists port numbers used by network services? A. /etc/inet/ports

nowait root in.rlogind

9. The rwho command can be used to do which of the following: A. Check logged on users on local host B. Check logged on users on a remote host

B. /etc/inet/services

C. Check logged on users on multiple hosts on local network

C. /etc/inet/networks

D. All of the above

D. /etc/inet/sockets 6. Which daemon should be started before starting any RPC-based service?

10. A single plus symbol in /etc/hosts.equiv file does what regarding the rlogin command? A. It allows all users on the local host.

A. The inetd daemon

B. It allows all users on all hosts.

B. The rpcbind daemon

C. It allows nobody to use the rlogin command. D. It does nothing.

238

Chapter 4

THE CLIENT-SERVER WORLD: PORTS AND SOCKETS

A P P LY Y O U R K N O W L E D G E

Answers to Review Questions 1. A computer can act a server for multiple services. Different services listen to requests on different port numbers. 2. A port is an addressing scheme for services in the Transport layer. A socket is a combination of IP address and port number. It provides a connection mechanism between a client and a server.

3. The following are the three common clientserver-based services used in Solaris: • FTP • Telnet • Electronic mail

Suggested Readings • Computer Networks. Andrew S. Tanenbaum • Computer Networks and Internets. Douglas E. Comer and Ralph E. Droms • TCP/IP Unleashed. Parker et al.

• TCP/IP Illustrated, vol. 1. Richard Stevens • Internetworking with TCP/IP Vol. I: Principles, Protocols, and Architecture. Douglas E. Comer

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam: State the benefits of Dynamic Host Configuration Protocol (DHCP). Identify DHCP configuration files. State the purpose of DHCP configuration files. Administer DHCP clients and servers.

. The Dynamic Host Configuration Protocol (DHCP) is used to assign network parameters to hosts in Client-Server mode. This is a very handy way to manage growing networks, and you need to know the benefits of DHCP . On Solaris systems, DHCP can be configured as a client, a server, or as a relay agent. Solaris provides text bases as well as a GUI method to configure DHCP and you need to know how to use these methods. The DHCP configuration is saved in configuration files that are used at boot time by the DHCP client and server. You need to know these files and their content. From the exam perspective, you also need to know how to administer DHCP and troubleshoot DHCP problems.

C H A P T E R

5

Configuring and Managing the Dynamic Host Configuration Protocol

OUTLINE Introduction

XX

Setting Non-Default Server Options

XX

Introduction to DHCP

XX

Configuring the DHCP Relay Agen

XX

DHCP Lease Time

XX

Configuring the DHCP Client

XX

DHCP Scope

XX

Manually Configuring the DHCP Client

XX

Enabling DHCP on Interfaces at Boot Time

XX

Booting a Workstation Using DHCP

XX Troubleshooting DHCP

Discovering the DHCP Server Lease Offer

XX

XX

Running DHCP Client in Debug Mode

XX

Offer Selection

XX

Essence of the Case

XX

Lease Acknowledgment

XX

Analysis

XX

Client Configuration

XX

DHCP Lease Renewal

XX

Lease Release

XX

DHCP IP Address Allocation Types

XX

Planning DHCP Deployment

XX

Configuring DHCP Using the dhcpmgr Utility

XX

Adding Additional Networks and Addresses to DHCP

Using dhcpconfig to Configure DHCP The /etc/default/dhcp File

XX

XX XX

Automatic Startup of DHCP Server

XX

Unconfiguring DHCP Services

XX

Chapter Summary

XX

Exercises

XX

Review Questions

XX

Exam Questions Answers to Review Questions

XX

Suggested Reading

XX

S T U DY S T R AT E G I E S DHCP works in Client-Server mode. You need to know the client-server method and terminology before you start reading this chapter. For this chapter, the following study strategy is recommended. . Try to understand DHCP terminology. . It is very important that you understand the way the DHCP client interacts with the DHCP server. . Make sure you understand the different types of DHCP messages. . Try to configure a DHCP server using the method outlined in this chapter. . Try to configure a DHCP client and use the command to make sure that it is trying to locate a DHCP server.

snoop

Consult the additional references listed at the end of this chapter for further information on DHCP.

242

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

INTRODUCTION Not very long ago, networks used to be small and static in nature and easy to manage on a per-host basis. Plenty of IP addresses were available, and these IP addresses were assigned statically to all hosts connected to a network. An IP address was reserved for each host in this scheme even if the host was not turned on. This scheme worked fine until networks grew larger and mobile hosts, such as laptops and PDAs, started creeping in. Mobile hosts that moved frequently from one network to another needed special attention, because of the difficulty of reconfiguring a laptop computer whenever it was connected to a different network. With very large networks, the need for centralized configuration management also became an issue. The Dynamic Host Configuration Protocol (DHCP) solves these problems by dynamically assigning network configuration to hosts at boot time. A DHCP server keeps information about IP addresses that can be allocated to hosts. It also keeps other configuration data, such as the default gateway address, Domain Name Server (DNS) address, the NIS server, and so on. A DHCP client broadcasts a message that locates a DHCP server. If one or more DHCP servers are present, they offer an IP address and other network configuration data to the client. If the client receives a response from multiple servers, it accepts the offer from one of the servers. The server then leases one IP address to the client for a certain period of time and the client configures itself with network configuration parameters provided by the server. If the client host needs an IP address for a longer period, it can renew the lease time. If a client host goes down before the lease time is over, it sends a message to the DHCP server to release the IP address so that it can be assigned to another host. DHCP is usually not used for hosts that need static IP addresses, although it has the provision to assign static IP addresses to clients. These hosts include different types of servers and routers. Servers need static IP addresses so that clients of that server always connect to the right host. Similarly, routers need a static IP address to have a consistent and reliable routing table. Other than that, user PCs, workstations, and laptop computers may be assigned dynamic addresses.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

This chapter starts with an introduction to DHCP and how to plan DHCP deployment. The DHCP configuration process is explained using the dhcpconfig command-line utility as well as the GUI. Ways to configure the DHCP client, server, and relay agent are explained. The last part of the chapter covers some troubleshooting tips.

INTRODUCTION

TO

DHCP

The Dynamic Host Configuration Protocol is based on the Bootstrap Protocol (BOOTP) defined in RFC 951. BOOTP was used to boot diskless workstations. BOOTP has many limitations, however, including the manual configuration on the BOOTP server. DHCP also can be used to configure several more network parameters compared to BOOTP, and it is more flexible. RFCs 1533, 1534, 1541, 1542, 2131, and 2132 define the DHCP protocol. Before delving into DHCP, it is important to review two important parameters: DHCP lease time and DHCP scope.

DHCP Lease Time When a client connects to a DHCP server, the server offers an IP address to the client for a certain period of time. This time is called the lease time. If the client does not renew the lease, the IP address is revoked after the designated time. If configured as such, the client can renew its lease as many times as it likes. Later in this chapter, you learn how to configure the DHCP lease time.

DHCP Scope Scope is the range of IP addresses from a network that a DHCP server can assign to clients. A server may have multiple scopes. However, a server must have at least one scope to be able to assign IP addresses to DHCP clients. DHCP scope is defined at the time of configuring the DHCP server. Later in this chapter you learn how to configure the DHCP scope.

243

244

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

BOOTING A WORKSTATION USING DHCP DHCP uses BOOTP port numbers 67 (for clients) and 68 (for servers). The process of booting a host using DHCP consists of a number of steps. First, a DHCP client locates a DHCP server using a broadcast packet on the network. All the DHCP servers listen to this request and send a lease offer. The client accepts one of the lease offers and requests the offering server to assign an IP address and other network parameters. The following sections describe these steps in more detail.

Discovering the DHCP Server First, the DHCP client sends a DHCPDISCOVER type of broadcast message to find the available DHCP servers on the network. The source address in this message is 0.0.0.0 because the DHCP client does not know its own IP address at this time. If no DHCP server responds to this message, the message send attempt is retried. The number of retries depends on the client.

Lease Offer When the DHCP server listens to the DHCPDISCOVER message, a response is sent back using the DHCPOFFER message. A client may receive multiple offers depending on how many DHCP servers are present on the network. The DHCPOFFER message contains the offered IP address and other network configuration information. Output of a snoop command later in this chapter shows more information about this.

Offer Selection The DHCP client then selects one of the DHCP servers and accepts its offer. This is done by sending a DHCPREQUEST message to the offering server. The selected DHCP server then goes ahead with the configuration process of the client.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

Lease Acknowledgment The selected DHCP server then sends back a DHCP acknowledgment message (DHCPACK) to the DHCP client. If response from the client is too late and the server is not able to fulfill the offered IP address, a negative acknowledgment (DHCPNAK) is sent back to the client.

Client Configuration When a client receives an acknowledgment message with configuration parameters, it verifies that any other host on the network is not using the offered IP address. If the IP address is free, the client starts using it. Later in this chapter you will see an example of the snoop command that explains how data packets are exchanged between a client and a server during the time that the client verifies that no other host is using the offered IP address.

DHCP Lease Renewal A DHCP client requests the DHCP server to renew the IP lease time when 50% of the lease time has passed. It does so by sending a DHCPREQUEST message to the server. If the server responds with a DHCPACK message, the lease is renewed and a time counter is reset. If the client does not receive an acknowledgment from the server, it again tries to renew the lease when 87.5% of the lease time has passed. If it does not receive a message for this request, it restarts the DHCP configuration process at the end of the lease time.

Lease Release If a client shuts down before the lease time is expired, it sends a DHCPRELEASE message to the DHCP server telling it that it is going down and the IP address is going to be free. A server can then reuse this IP address immediately. If the client does not send this message before shutting down, the IP address may still be marked as being in use.

245

246

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

Table 5.1 shows a list of common types of DHCP messages exchanged between a client and server. TABLE 5.1

C O M M O N DHCP M E S S A G E S E X C H A N G E D BETWEEN CLIENT AND SERVER Message

Description

DHCPDISCOVER

This broadcast message is sent by the DHCP client to discover DHCP servers present on the network.

DHCPOFFER

This message is sent by the DHCP server in response to the DHCPDISCOVER message. It contains the offer and configuration parameters.

DHCPREQUEST

When a client accepts an offer from a DHCP server, it sends this message to show its acceptance. This message is also used to renew a lease.

DHCPACK

In response to the DHCPREQUEST message, the DHCP server sends this message to acknowledge the confirmation of the lease.

DHCPRELEASE

This message is sent by the client to the server to relinquish the leased IP address.

DHCP IP ADDRESS ALLOCATION TYPES Basically, the following three types of IP address allocations are used by DHCP when assigning IP addresses to DHCP clients: á Automatic. The automatic lease is used to assign permanent IP addresses to hosts. No lease expiration time applies to automatic IP addresses. á Dynamic. The dynamic lease is the most commonly used type. Leased IP addresses expire after lease time is over, and the lease must be renewed if the DHCP client wants to continue to use the IP address. á Manual. A manual allocation is used by system administrators to allocate fixed IP addresses to certain hosts.

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

PLANNING DHCP DEPLOYMENT Normally two types of hosts reside on a network: those hosts that have fixed IP address allocation and those that can have dynamic IP address allocation. Usually servers and routers have fixed allocation, whereas user PCs and workstations can be assigned IP addresses dynamically. When planning DHCP on a network, keep in mind the following things: á How many IP addresses can be used with DHCP? When you calculate this number keep in mind the number of IP addresses assigned to servers and routers. These are the fixed IP addresses that will not be used in DHCP. Subtract this number from the total available IP addresses to determine the number of available IP addresses for DHCP. Remember that you also might need more fixed IP addresses in the future than you are currently using. á How many DHCP servers should be installed? This depends on the number of DHCP clients and the lease time. The larger the number of clients, the more servers should be used. If the lease time is too short, it might load DHCP servers (because in such a case, each DHCP client has to renew its lease very often). The number of DHCP servers also depends on the number of network segments. á How many people use laptops or mobile units that may be connected to different networks? Practically, it might not be realistic to figure this number out, but you should make an educated guess. á Do people reboot their systems on a daily basis or do they keep their systems running? This will help you choose the appropriate lease time. á If you have plenty of IP addresses, you might want to install backup DHCP servers. Remember that two DHCP servers cannot have the same scope; therefore, there isn’t really a “true” DHCP server backup. You must have a different scope for each DHCP server. If you install two DHCP servers on the same network but with a different scope of IP addresses, one of these can respond to clients if the other one is dead. If you have fewer than 100 DHCP clients on network 192.168.2.0,

NOTE

Chapter 5

The most commonly used lease type is the dynamic lease because this type of lease requires the least configuration.

247

248

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

for example, you can have two DHCP servers. One of these DHCP servers has the scope of IP addresses from 192.168.2.51 to 192.168.2.150, and the other one has a scope of IP addresses from 192.168.2.151 to 192.168.2.250. When planning to deploy DHCP, follow these steps: 1. Collect information about your network topology to find out how many DHCP servers or relay agents are required. DHCP cannot be used where multiple IP networks use the same network physical media. 2. Select the best available servers for DHCP. 3. Determine which data storage method should be used. The data storage method tells the DHCP server how to keep the DHCP database. Two methods are available on Solaris systems: the files method and the nisplus (NIS+) method. In the files method, DHCP database files are stored in a local directory on the DHCP server. In the NIS+ method, the DHCP data is stored in NIS+ database on the NIS+ server. I recommend using the files method; in fact, NIS+ is seldom used. 3. Determine a lease policy for your network. Keep in mind the factors mentioned earlier while deciding on a lease policy. Also decide whether you’ll use a dynamic or permanent lease type. 4. Determine which routers you need for DHCP clients. You have to assign these addresses to clients when offering a lease. 5. Determine the IP addresses to be managed by each server. After going through each of these steps, you should have a fairly good idea about how to proceed with the installation of DHCP on your network.

CONFIGURING DHCP USING dhcpmgr UTILITY

THE

With Solaris 8, Sun Microsystems has provided a graphical user interface (GUI) to help when configuring the DHCP server. The /usr/sadm/admin/bin/dhcpmgr is a graphical utility used to config-

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

249

ure DHCP server and is called the DHCP Manager. You must be root to use this program. When you start this program, the screen shown in Figure 5.1 displays. As you can see in the figure, the DHCP service can be configured as a pure DHCP server or as a DHCP/BOOTP relay agent. When you configure it as a relay, the service acts on behalf of another DHCP server. It receives requests from clients and forwards these requests to one of the configured remote DHCP servers. This is covered in more depth later in the chapter. To configure the service as a DHCP server, just press the OK button. The screen shown in Figure 5.2 displays. The screen shot shown in this figure shows you how to select the NIS+ domain and how to enter the directory path where the DHCP configuration files will be stored.

FIGURE 5.1 Starting the DHCP Manager to configure DHCP server.

This directory contains two or more important files: the dhcptab file, which contains the DHCP server configuration macros; and the other file(s), which keeps a list of the assigned and unassigned addresses in each network. If you are using multiple networks managed by a DHCP server (multiple scopes), one file will correspond to each network. The names of these files are the same as the network address, with dot characters replaced by the underscore character. For example, a file that keeps records for IP addresses in the 192.168.2.0 network is named 192_168_2_0. The default directory path is /var/dhcp, but you can choose a different path if you like. Select the directory, and then press the right-arrow button on the bottom of the screen to move to the next screen, which is shown in Figure 5.3.

FIGURE 5.2 Selecting a storage location.

250

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

FIGURE 5.3 Selecting the lease policy.

Figure 5.3 shows how to select the lease policy. There are two important lease policy parameters. The first one is the length of the lease period. Depending on your network situation, you can select a particular lease period. Usually a lease period of one day should be okay. If hosts on your network don’t reboot frequently, however, you might want to increase the lease time. The other policy parameter determines whether clients can renew their lease. If you check the box, clients can renew their lease. In most cases, you should check this box and enable clients to renew leases. After selecting this, move on to the next screen, which is shown in Figure 5.4. As shown in Figure 5.4, you have to select the domain name and the Domain Name Server’s IP address for the domain. You can add multiple Domain Name Servers to the list by pressing the Add button. You also can move a Domain Name Server up or down in the list by using the up- and down-arrow buttons. Doing so changes the order in which a client accesses the Domain Name Servers. The domain name and the Domain Name Server addresses that you select are passed on to the DHCP clients when a lease is offered. This helps when configuring the DHCP clients with a particular domain name in a single step. Also note that changing the Domain Name Server address is easy when using DHCP. You have to make a change on the DHCP server only.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

251

After selecting the DNS, you have to select the primary scope for the DHCP server. Go to the next screen by pressing the right-arrow button (see Figure 5.5). On this screen, the example shows network 192.168.2.0 selected as the network from which the DHCP server can assign IP addresses to DHCP clients. The netmask for this network has been specified as 255.255.255.0. In the initial configuration process, only one network address may be added. However, you can add more networks later on using the Network Wizard from within this configuration utility. The network address selected here is usually the network in which the DHCP server itself resides. FIGURE 5.4 Selecting the domain name and the DNS address.

FIGURE 5.5 Selecting the network address for DHCP clients.

252

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

After selecting the network, press the right-arrow button to move to the next screen where you’ll configure the default router or a routing method (if static routing is not used). You also can select the network type, as shown in Figure 5.6. Figure 5.6 shows that this example is using Local Area Network as the network type and RDISC as the routing method. If you use a default router, it should be listed in the box at the bottom of Figure 5.6. Next you select the NIS domain and NIS servers if NIS is being used (see Figure 5.7). If you are not using NIS, just leave the boxes in this screen blank. For the purposes of this example, NIS is not used. If you use NIS+ on your network, you must select a NIS+ domain and one or more NIS+ servers (see Figure 5.8). Leave the boxes blank if you aren’t using NIS+. FIGURE 5.6 Selecting the network type and routing method.

FIGURE 5.7 Selecting NIS domain name.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

The DHCP server configuration is now complete. You should now see a summary of the currently configured parameters as shown in Figure 5.9. Note that the summary shows that /var/dhcp is selected as the directory where DHCP configuration files are stored. The default length of the lease is one day, and clients can renew this lease time. boota.org is the domain name, and the domain name server address is 192.168.2.100. The network address is 192.168.2.0, and the netmask is 255.255.255.0. This example is connected to a LAN and uses the Router Discovery Protocol to determine available routers. In this example, NIS or NIS+ is not configured for the DHCP server. FIGURE 5.8 Selecting NIS+ domain and servers.

FIGURE 5.9 Summary of the DHCP configuration.

253

254

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

If the summary information is correct, press the Finish button. If any of this information is not correct, you can go back and correct it. When you press the Finish button, you should see the screen shown in Figure 5.10. Here, the Address Wizard is run automatically to add addresses to DHCP scope. Press the Yes button to start the Address Wizard. When you do so, the screen shown in Figure 5.11 displays. Figure 5.11 shows how to select the number of IP addresses that will be available to the DHCP server for leasing to clients. These addresses exist in the network you already have selected—in the example, 192.168.2.0. In this case, 100 has been selected, which means that 100 out of 254 addresses in the network are available to the DHCP server. FIGURE 5.10 Starting the Address Wizard.

FIGURE 5.11 Selecting the number of IP addresses available for leasing to DHCP clients.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

Press the right-arrow button. The screen shown in Figure 5.12 appears. Select the starting IP address for the address range, as shown in Figure 5.12. For this example, 192.168.2.101 has been selected as the starting IP address. Recall that there will be 100 IP addresses in the DHCP scope. IP addresses are automatically added from 192.168.2.101 to 192.168.2.200 to the list of IP addresses in the DHCP scope. You also need to select the server name for the DHCP server. You also can select to generate names for these IP addresses. If you check the box to generate client names and you select the root name fana, client names will be selected as fana-101, fana-102, and so on. However, you must have entries of these names in your DNS database to be able to resolve these names to IP addresses. Generally, you don’t need names for IP addresses assigned by the DHCP server, so I recommend not checking this box. Figure 5.13 shows a list of IP addresses that will be available to DHCP clients. Before displaying this list, the server will take a while to confirm that these IP addresses are not already being used by any of the hosts. This ensures that there will not be any address conflicts when assigning any of the IP addresses to a host. Confirm the list, and then move to the screen shown in Figure 5.14. A client configuration macro is created as shown in Figure 5.14, and you can safely move on to the next screen shown in Figure 5.15. If you want to look at the configuration macro, however, you can press the View button and a new screen will appear showing you the configuration for this macro. FIGURE 5.12 Selecting the starting IP address for the address range and the server name.

255

256

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

FIGURE 5.13 Verification of the list of available IP addresses.

FIGURE 5.14 The client configuration macro.

FIGURE 5.15 Selecting the lease type.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

257

Figure 5.15 shows how to select a lease type. The usual lease type is the dynamic lease, under which clients can get any of the available IP addresses and can renew their leases. Therefore, when you boot your host, you might get a different IP address each time. After going through this step, you are ready to review your configuration (see Figure 5.16). Figure 5.16 shows the client configuration parameters you just selected. If this information is correct, press the Finish button to finalize the settings. The server will add the IP addresses to its database and a screen like the one shown in Figure 5.17 will appear showing the progress. The server confirms that the IP addresses are available and not assigned to any host at the present time. After the process shown in Figure 5.17 is complete, the screen will disappear and you will see the DHCP Manager screen as shown in Figure 5.18. This shows a list of the IP addresses in the current scope and their status. Later on when you go to this screen and some of the IP addresses are assigned to DHCP clients, their lease time and client IDs will also be displayed in this screen. FIGURE 5.16 Reviewing the information for client configuration.

FIGURE 5.17 Adding IP addresses to server database.

258

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

FIGURE 5.18 Current status of IP addresses.

At this point, you have configured the DHCP server and now DHCP clients can connect to the DHCP server. If you look at the running processes using the ps command, you should find the in.dhcpd process running, as shown here: bash-2.03# ps -ef | grep dhcpd root 606 1 0 17:03:56 ? bash-2.03#

0:00 /usr/lib/inet/in.dhcpd

Now try to connect to the DHCP server using a DHCP client. You can use another Solaris machine or a Windows PC as the DHCP client. You can start the snoop command on one of the terminal windows to see the DHCP request and reply packets flowing on the network. When the DHCP client starts looking for the DHCP server, you would find output from the snoop command like the following:. OLD-BROADCAST -> BROADCAST DHCP/BOOTP DHCPDISCOVER fana -> (broadcast) ARP C Who is 192.168.2.101, 192.168.2.101 ? fana -> (broadcast) ARP C Who is 192.168.2.101, 192.168.2.101 ? fana -> (broadcast) ARP C Who is 192.168.2.101, 192.168.2.101 ? fana -> 192.168.2.101 DHCP/BOOTP DHCPOFFER OLD-BROADCAST -> BROADCAST DHCP/BOOTP DHCPREQUEST fana -> 192.168.2.101 DHCP/BOOTP DHCPACK 192.168.2.101 -> (broadcast) ARP C Who is 192.168.2.101, 192.168.2.101 ? 192.168.2.101 -> 224.0.0.2 ICMP Router solicitation 192.168.2.101 -> 224.0.0.2 ICMP Router solicitation 192.168.2.101 -> 224.0.0.2 ICMP Router solicitation 192.168.2.101 -> 192.168.2.255 NBT NS Registration Request for RR_DESKTOP[3], Success 192.168.2.101 -> 192.168.2.255 NBT NS Registration Request for BOOTA[0], Success 192.168.2.101 -> 192.168.2.255 NBT NS Registration Request for RR_DESKTOP[0], Success 192.168.2.101 -> 192.168.2.255 NBT NS Registration Request for RR_DESKTOP[0], Success 192.168.2.101 -> 192.168.2.255 NBT NS Registration Request for BOOTA[0], Success 192.168.2.101 -> 192.168.2.255 NBT NS Registration Request for RR_DESKTOP[3], Success 192.168.2.101 -> 192.168.2.255 NBT NS Registration Request for RR_DESKTOP[0], Success 192.168.2.101 -> 192.168.2.255 NBT NS Registration Request for BOOTA[0], Success

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

192.168.2.101 192.168.2.101 192.168.2.101 192.168.2.101

-> -> -> ->

192.168.2.255 192.168.2.255 192.168.2.255 192.168.2.255

NBT NBT NBT NBT

NS NS NS NS

Registration Registration Registration Registration

Request Request Request Request

for for for for

RR_DESKTOP[3], Success RR_DESKTOP[3], Success BOOTA[0], Success RR_DESKTOP[0], Success

As you can see from the output of the snoop command, a DHCP client configuration process is present in these packets. First, a DHCP client sends a DHCPDISCOVER message to determine whether any DHCP servers are available on the network. The line showing this information is listed here: OLD-BROADCAST -> BROADCAST

DHCP/BOOTP DHCPDISCOVER

The DHCP server then offers a lease. The line that shows this offer is as follows: fana -> 192.168.2.101 DHCP/BOOTP DHCPOFFER

This line shows that the offer comes from the DHCP server fana and the offered IP address is 192.168.2.101. This is the first IP addresses in the DHCP scope just configured. The client accepts this lease offer and sends the following packet: OLD-BROADCAST -> BROADCAST

DHCP/BOOTP DHCPREQUEST

Note that this DHCPREQUEST packet is still a broadcast packet. After receiving this packet, the DHCP server sends an acknowledgment to assign the IP address to the host, as shown here: fana -> 192.168.2.101 DHCP/BOOTP DHCPACK

After getting this acknowledgment packet, the client verifies that nobody on the network is already using the offered IP address. This is done by the client using ARP packets, as shown here: 192.168.2.101 -> (broadcast)

ARP C Who is 192.168.2.101, 192.168.2.101 ?

The last step in this case is to discover the router because this example has configured the DHCP server with RIDSC. The client now sends packets like the following to discover a router: 192.168.2.101 -> 224.0.0.2

ICMP Router solicitation

To find detailed packet information, use the snoop –v command. The following output of the command shows detailed information about the DHCP lease renew request. The ETHER part of the packet shows the source and destination of MAC addresses. The IP part of the header shows that this packet is sent by the client 192.168.2.101 to the DHCP server 192.168.2.222. It also shows that the protocol used for this packet is the UDP protocol. The UDP part shows that

259

260

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

the source port is 68 and the destination port is 67. As discussed earlier in this chapter, these port numbers are used by the BOOTP server and the client, respectively. The DHCP part of the packet contains information, such as the client IP address, the client hardware address (MAC address), the message type, and the request options. ETHER: ----- Ether Header ----ETHER: ETHER: Packet 1 arrived at 18:04:54.49 ETHER: Packet size = 342 bytes ETHER: Destination = 8:0:20:9e:f0:50, Sun ETHER: Source = 0:e0:29:89:28:59, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 328 bytes IP: Identification = 23296 IP: Flags = 0x0 IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 128 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 5811 IP: Source address = 192.168.2.101, 192.168.2.101 IP: Destination address = 192.168.2.222, fana IP: No options IP: UDP: ----- UDP Header ----UDP: UDP: Source port = 68 UDP: Destination port = 67 (BOOTPS) UDP: Length = 308 UDP: Checksum = 6BC9 UDP: DHCP: ----- Dynamic Host Configuration Protocol ----DHCP: DHCP: Hardware address type (htype) = 1 (Ethernet (10Mb)) DHCP: Hardware address length (hlen) = 6 octets DHCP: Relay agent hops = 0 DHCP: Transaction ID = 0x810b830b DHCP: Time since boot = 0 seconds DHCP: Flags = 0x0000 DHCP: Client address (ciaddr) = 192.168.2.101 DHCP: Your client address (yiaddr) = 0.0.0.0 DHCP: Next server address (siaddr) = 0.0.0.0

Chapter 5

DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP:

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

Relay agent address (giaddr) = 0.0.0.0 Client hardware address (chaddr) = 00:E0:29:89:28:59 ----- (Options) field options ----Message type = DHCPREQUEST Client Identifier = 0x01 0x00 0xE0 0x29 0x89 0x28 0x59 (unprintable) Client Hostname = rr_desktop Requested Options: 1 (Subnet Mask) 3 (Router) 6 (DNS Servers) 15 (DNS Domain Name) 44 (NetBIOS RFC 1001/1002 Name Servers) 46 (NetBIOS Node Type) 47 (NetBIOS Scope) 57 (Maximum DHCP Message Size)

The following packet shows a DHCP lease renewal acknowledgment from the server. From the DHCP part of the packet, you can find out that the server responded with the lease time, domain name, name server address, and other information: ETHER: ----- Ether Header ----ETHER: ETHER: Packet 2 arrived at 18:04:54.59 ETHER: Packet size = 353 bytes ETHER: Destination = 0:e0:29:89:28:59, ETHER: Source = 8:0:20:9e:f0:50, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 339 bytes IP: Identification = 11385 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = c78c IP: Source address = 192.168.2.222, fana IP: Destination address = 192.168.2.101, 192.168.2.101 IP: No options IP: UDP: ----- UDP Header -----

261

262

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

UDP: UDP: UDP: UDP: UDP: UDP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP: DHCP:

Source port = 67 Destination port = 68 (BOOTPC) Length = 319 Checksum = 5196 ----- Dynamic Host Configuration Protocol ----Hardware address type (htype) = 1 (Ethernet (10Mb)) Hardware address length (hlen) = 6 octets Relay agent hops = 0 Transaction ID = 0x810b830b Time since boot = 0 seconds Flags = 0x0000 Client address (ciaddr) = 0.0.0.0 Your client address (yiaddr) = 192.168.2.101 Next server address (siaddr) = 0.0.0.0 Relay agent address (giaddr) = 0.0.0.0 Client hardware address (chaddr) = 00:E0:29:89:28:59 ----- (Options) field options ----Message type = DHCPACK DHCP Server Identifier = 192.168.2.222 Subnet Mask = 255.255.255.0 Perform Router Discovery Flag flag = 0x1 Broadcast Address = 192.168.2.255 UTC Time Offset = -28800 seconds RFC868 Time Servers at = 192.168.2.222 IP Address Lease Time = 86400 seconds DNS Domain Name = boota.org DNS Servers at = 192.168.2.100

Now if you go to View menu in the DHCP Manager GUI and choose Refresh from this menu, the window will show you that address 192.168.2.101 is assigned to the host shown in Figure 5.19.

FIGURE 5.19 Address 192.168.2.101 is assigned to a client.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

Adding Additional Networks and Addresses to DHCP As mentioned earlier in the configuration process, only one network address is added to the DHCP scope in the initial configuration. To add more network addresses, you can use the DHCP Manager GUI. Addition of more network addresses is a two-step process. In the first step, you have to go to the Edit menu and select Network Wizard to add more networks. Then you have to go to the Edit menu and select Address Wizard to add IP addresses from the newly added network. Each newly added network address appears under the Network column shown on the left side of the screen shown in Figure 5.19.

USING dhcpconfig TO CONFIGURE DHCP The traditional DHCP configuration utility available in Solaris systems is the dhcpconfig program. Using dhcpconfig, you can configure the DHCP server and the DHCP relay agent. In addition, you can also “unconfigure” DHCP services. Most of the steps in dhcpconfig are the same as discussed in the DHCP Manager GUI. This section discusses each step. When you start dhcpconfig, it lists four options as shown in the following: bash-2.03# dhcpconfig *** DHCP Configuration

***

Would you like to: 1) Configure DHCP Service 2) Configure BOOTP Relay Agent 3) Unconfigure DHCP or Relay Service 4) Exit

Choice:

263

264

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

Select option 1 to start the configuration of the DHCP server. The next question asks whether you want to stop the DHCP service if it is already running. Would you like to stop the DHCP service? (recommended) ([Y]/N):y

It is a good idea to stop the service before starting a new configuration so that any client connecting to the DHCP server won’t get the wrong information during the configuration process. In the next step, you have to select data storage scheme as shown here: ### ###

DHCP Service Configuration ### Configure DHCP Database Type and Location

###

Enter datastore (files or nisplus) [nisplus]: files

If you are not using NIS+ (nisplus), you have to select files in the preceding process. By selecting files, you can create DHCP database files on the local host. Enter absolute path to datastore directory [/var/dhcp]:

By default, the DHCP server creates database files in /var/dhcp. However, you can select another path in which to store the files. Next you can specify any options used with the DHCP server daemon as shown here: ###

Common daemon option setup

###

Would you like to specify nondefault daemon options (Y/[N]):n ### DHCP server option setup ###

Choose Y here if you want to log DHCP messages to the SYSLOG facility. In this case, you have to modify the /etc/syslog.conf file to specify the log filename for DHCP messages. Would you like to specify nondefault server options (Y/[N]):n

If you choose Y for the preceding question, you can set different options for the DHCP server. These options include: á The amount of time a DHCP server should keep outstanding DHCP requests. á How often a DHCP server should scan the dhcptab file. By default, the server scans this file only at boot time. You can specify a time in minutes if you frequently modify the database.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

á Whether to enable the BOOTP compatibility mode. Enabling BOOTP compatibility is useful if you have some old BOOTP clients. If you choose Y here, you also can configure few BOOTP options. In the next line, you can specify the DHCP lease policy: ###

Initialize dhcptab table

###

Enter default DHCP lease policy (in days) [3]: 1

Here, one day is designated as the lease time. Do you want to allow clients to renegotiate their leases? ([Y]/N):y

As discussed earlier, it is a good idea to allow lease negotiation; therefore, you should select Y here. ###

Select Networks For BOOTP/DHCP Support

###

Enable DHCP/BOOTP support of networks you select? ([Y]/N):y

Answering Y to the preceding question enables DHCP support on the network. In this case, it enables support for the network selected in the following code. The next questions are similar to the ones used in the DHCP Manager GUI. ###

Configure Local Networks

###

Configure BOOTP/DHCP on local LAN network: 192.168.2.0? ([Y]/N):y Do you want hostnames generated and inserted in the files hosts table? (Y/[N]):n Enter starting IP address [192.168.2.0]: 192.168.2.101 Enter the number of clients you want to add (x < 255): 10

In the next questions, don’t disable ping verification. Ping helps detect any IP addresses already in use. If an IP address is already in use, it is not added to the DHCP database. From the following output, you can see that address 192.168.2.101 is in use and is not added to the DHCP database. In this example, 10 IP addresses were chosen to be added, but only 9 addresses are added because 1 is already in use: Disable (ping) verification of 192.168.2.0 address(es)? (Y/[N]):n Warning: Address 192.168.2.101 in 192.168.2.0 in use... skipping... - 80% Complete.

265

266

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

Configured 9 entries for network: 192.168.2.0. ###

Configure Remote Networks

###

Would you like to configure BOOTP/DHCP service on remote networks? ([Y]/N):n Would you like to restart the DHCP service? (recommended) ([Y]/N):y *** DHCP Configuration ***

Would you like to: 1) Configure DHCP Service 2) Configure BOOTP Relay Agent 3) Unconfigure DHCP or Relay Service 4) Exit

Choice: 4 bash-2.03#

At the end of DHCP configuration process, the DHCP service is restarted by this utility. Note that many of the options are selected as defaults if you don’t enter anything in response to a question. The default option for each question is listed in square brackets. Important DHCP management utilities are listed in Table 5.2. Note that the administrator does not use dhtadm and pntadm directly most of the time. These utilities are used by dhcpconfig or dhcpmgr background. TABLE 5.2

C O M M O N DHCP C O N F I G U R AT I O N U T I L I T I E S Name

Description

dhtadm

DHCP configuration table management utility

dhcpconfig

DHCP service configuration utility

dhcpmgr

GUI-based DHCP Manager

pntadm

DHCP network table management utility

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

The /etc/default/dhcp File This file contains the type of resources used by DHCP. When using local files to store DHCP databases, it contains the directory where these files are stored. A typical /etc/default/dhcp file is shown here: bash-2.03# cat /etc/default/dhcp RUN_MODE=server RESOURCE=files PATH=/var/dhcp bash-2.03#

Table 5.3 lists important DHCP configuration files. TABLE 5.3

DHCP C O N F I G U R AT I O N F I L E S File

Description

dhcp_network

This file is present in the same directory as the dhcptab file. The actual name of the file is in the NNN_NNN_NNN_NNN notation, where NNN shows octet values in the network address.

dhcptab

This is a DHCP macro table file.

/etc/default/dhcp

This file contains the location of the preceding two files along with other information.

AUTOMATIC STARTUP DHCP SERVER

OF

When you configure the DHCP service using dhcpmgr or dhcpconfig utilities, startup and shutdown scripts are created in appropriate directories. The default startup script for DHCP is present in /etc/init.d/dhcp and is shown here: bash-2.03# cat /etc/init.d/dhcp #!/sbin/sh #

267

268

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

# Copyright 1996-1999 by Sun Microsystems, Inc. # All rights reserved. # #ident “@(#)dhcp 1.17 99/10/23 SMI” # Make sure that /usr is mounted [ ! -d /usr/bin ] && exit 1 case “$1” in ‘start’) if [ -x /usr/lib/inet/in.dhcpd ]; then /usr/lib/inet/in.dhcpd > /dev/console 2>&1 fi ;; ‘stop’) /usr/bin/pkill -x -u 0 in.dhcpd ;; *) echo “Usage: $0 { start | stop }” exit 1 ;; esac exit 0 bash-2.03#

This is a simple script and is copied as /etc/rc3.d/S34dhcp to start the DHCP service and as /etc/rc2.d/K34dhcp to shut down DHCP services. Ideally you don’t need to do anything if you are using one of the DHCP configuration methods discussed earlier. However, you also can create and modify the script manually.

UNCONFIGURING DHCP SERVICES The DHCP services can be unconfigured using the dhcpconfig utility. This utility also can delete DHCP configuration files. The following session of the command unconfigures DHCP and deletes all data files created during the configuration process: # dhcpconfig Would you like to: 1) Configure DHCP Service

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

2) Configure BOOTP Relay Agent 3) Unconfigure DHCP or Relay Service 4) Exit

Choice: 3 Unconfigure will stop the DHCP service and remove /etc/default/dhcp. Are you SURE you want to disable the DHCP service? ([Y]/N):y

###

WARNING WARNING WARNING

###

Unconfigure can delete the following tables in the current resource (files): 1) dhcptab. 2) ALL dhcp-network tables. If you are sharing the DHCP service tables either via ➥NISplus or file sharing among multiple DHCP servers, those servers will be ➥unable to service requests after these tables are removed. Note that any hosts table entries which have been added ➥will need to be manually removed. Are you SURE you want to remove the DHCP tables? (Y/[N]): y Removing: dhcptab... Removing: 192_168_2_0... Would you like to: 1) Configure DHCP Service 2) Configure BOOTP Relay Agent 3) Unconfigure DHCP or Relay Service 4) Exit

Choice:

269

270

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

SETTING NON-DEFAULT SERVER OPTIONS If you select to configure non-default server options during the dhcpconfig configuration process, you will be offered additional questions, as shown here. In addition to other configuration parameters, you can choose to enable the BOOTP compatibility mode here: ###

DHCP server option setup

###

Would you like to specify nondefault server options ➥(Y/[N]):y How long (in seconds) should the DHCP server keep ➥outstanding OFFERs? [10]: How often (in minutes) should the DHCP server rescan the ➥dhcptab? [Never]:10 Do you want to enable BOOTP compatibility mode? (Y/[N]):y Do you want the server to allocate IP addresses to new ➥BOOTP clients? ([Y]/N):

If you select BOOTP compatibility, the DHCP server will serve both DHCP and BOOTP clients.

CONFIGURING THE DHCP RELAY AGENT A DHCP relay agent acts on behalf of a DHCP server on a local network. It can receive queries from the DHCP clients and forward these to a real DHCP server. Figure 5.20 shows one of the possible arrangements for installing a DHCP relay service. In this case, the DHCP client and DHCP server are on different networks. The broadcast DHCPDISCOVER message usually does not go through to the DHCP server in general cases because broadcast messages are not forwarded across routers. However, the DHCP relay can forward this message to the DHCP server and can act as a bridge between the client and the server. The dhcpconfig utility can be used to configure the DHCP relay by selecting option 2, as shown here: ***

DHCP Configuration

***

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

Would you like to: 1) Configure DHCP Service 2) Configure BOOTP Relay Agent 3) Unconfigure DHCP or Relay Service 4) Exit

Choice: 2 Would you like to stop the DHCP service? (recommended) ➥([Y]/N): ###

BOOTP Relay Agent Configuration ###

###

Common daemon option setup

###

Would you like to specify nondefault daemon options ➥(Y/[N]): Enter destination BOOTP/DHCP servers. Type ‘.’ when ➥finished. IP address or Hostname: 192.168.3.100 IP address or Hostname: . Would you like to restart the DHCP service? (recommended) ➥([Y]/N): Y

You can add multiple DHCP servers while configuring DHCP relay. When you are finished entering DHCP server addresses, enter a dot to terminate the process. DHCP Server

DHCP Relay

DHCP Client

FIGURE 5.20 Router

Operation of the DHCP relay.

271

272

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

CONFIGURING

THE

DHCP CLIENT

You can enable DHCP on one or more of the network interfaces installed on your server or workstation. Configuring a DHCP client is very easy. First you must determine on which interface you want to enable DHCP. If this interface is already configured with an IP address, you have to unconfigure it using the ifconfig unplumb command.

Manually Configuring the DHCP Client Use the ifconfig command to list the interfaces. If an interface is not listed but you know it is present, use the ifconfig plumb command to bring it up. The following command brings hme1 up: bash-2.03# ifconfig bash-2.03#

hme1 plumb

Use the following command to list this interface to determine what the current configuration is: bash-2.03# ifconfig hme1 hme1: flags=1000842 mtu ➥1500 index 2 inet 0.0.0.0 netmask 0 bash-2.03#

Enable DHCP on the interface by using the following command: ifconfig hme1 dhcp

You can check the status of DHCP on this interface by using the following command: ifconfig hme1 dhcp status

Enabling DHCP on Interfaces at Boot Time To enable DHCP on an interface at boot time, you have to create two files. If you want to enable DHCP on the newly configured interface hme1, for example, you have to create the following two files in the /etc directory: homename.hme1 dhcp.hme1

Next time you reboot your system, interface hme1 will be configured with DHCP.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

TROUBLESHOOTING DHCP If you are using files to store DHCP databases rather than nisplus, you should have few problems to troubleshoot. The following common DHCP server problems may occur: á The reutilization of IP addresses. It may happen that one or more IP addresses included in the DHCP scope are statically assigned to other hosts. In this case, there is conflict of IP addresses. Use the snoop command in conjunction with the ping command to find the MAC address of the other host that is using the conflicting IP address. á Same IP address included in scopes of multiple DHCP servers. An IP conflict may also occur if overlapping IP addresses are included in the scope of multiple DHCP servers. You should use DHCP Administrator or dhcpconfig to correct this problem. á A client asks to renew a lease for an IP address that has been marked as unusable. A message from the DHCP server will appear in the SYSLOG message, if configured, in such a case. You can use DHCP Manager to correct this problem. This also might happen if a client ID is configured for a particular IP address and that address is marked as unusable. á If you see a message such as No more IP addresses, the number of DHCP clients is more than the number of available IP addresses. You can trace many DHCP problems using the snoop command. This command will show network packets flowing on a particular interface. You also can trace DHCP problems by running DHCP client and DHCP server in Debug mode.

Running DHCP Client in Debug Mode The best approach to troubleshoot common DHCP client problems is to run both client and server in Debug mode. If you receive a message such as the following at boot time, you might have to restart the DHCP client and server in Debug mode and then troubleshoot it: “DHCP or BOOTP server not responding”

273

274

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

To run DHCP client in Debug mode, use the following three commands: á Kill the DHCP client process using the following command: pkill –x dhcpagent

á Now restart it in Debug mode using the following command: /sbin/dhcpagent –d1 –f &

á Initialize DHCP on the interface. If the interface is hme1, use the following commands: ifconfig hme1 unplumb ifconfig hme1 plumb ifconfig hme1 dhcp

If the DHCP client cannot find a DHCP server, the following types of messages appear: /sbin/dhcpagent: debug: set_packet_filter: set filter 0x22d50 (DHCP filter)0 /sbin/dhcpagent: debug: init_ifs: initted interface hme1 /sbin/dhcpagent: debug: insert_ifs: hme1: sdumax 1500, optmax 1260, hwtype 1, hwlen 6 /sbin/dhcpagent: debug: insert_ifs: inserted interface hme1 /sbin/dhcpagent: debug: set_packet_filter: set filter 0x22d50 (DHCP filter) /sbin/dhcpagent: debug: init_ifs: initted interface hme1 /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply ifconfig: hme1: wait timed out, operation still pending... /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: async_pending: async command left, attempting cancellation /sbin/dhcpagent: debug: async_timeout: asynchronous command 4 still pending /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply /sbin/dhcpagent: debug: select_best: no valid OFFER/BOOTP reply

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

The Debug mode shows information about DHCP activity on all interfaces. To find the status of DHCP on a particular interface, use the following command: ifconfig hme1 dhcp status

You also can start the DHCP server in Debug mode for troubleshooting purposes. For this you have to stop the server and then restart it using the following two commands: pkill –x in.dhcpd /usr/lib/inet/in.dhcpd –d –v

Both the DHCP client and server should start displaying messages on the console about DHCP’s progress and negotiation. Also use the snoop command to determine what type of packets are traveling on the network. You should see messages such as the following on the DHCP server: Daemon Version: 3.3 Maximum relay hops: 4 Run mode is: DHCP Server Mode. Datastore: files Path: /var/dhcp DHCP offer TTL: 10 Ethers compatibility enabled. ICMP validation timeout: 1000 milliseconds, Attempts: 2. Monitor (0005/hme0) started... Thread Id: 0005 - Monitoring Interface: hme0 ***** MTU: 1500 Type: SOCKET Broadcast: 192.168.2.255 Netmask: 255.255.255.0 Address: 192.168.2.222 Read 3 entries from DHCP macro database on Fri Feb 16 21:39:02 2001 Datagram received on network device: hme0 Started ICMP thread 7 to validate IP 192.168.2.101, PENDING ICMP thread 7 exiting, IP: 192.168.2.101 = plp->d_icmpflag: AVAILABLE... Using ICMP validated address: 192.168.2.101 Unicasting datagram to 192.168.2.101 address. Adding ARP entry: 192.168.2.101 == 00107AB603CE Added offer: 192.168.2.101 Datagram received on network device: hme0 Found offer for: 192.168.2.101 Client: 0100107AB603CE maps to IP: 192.168.2.101 Unicasting datagram to 192.168.2.101 address. Adding ARP entry: 192.168.2.101 == 00107AB603CE

Similar messages should appear on the DHCP client side. Looking at these messages, you can diagnose DHCP problems with the client or server. A detailed discussion of all the messages appearing on either the client or server is available in Solaris Answerbook2.

275

276

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

CASE STUDY: GROWING NETWORK

OF

ESSENCE OF THE CASE • There are 500 new nodes on the network. Configuration of these nodes requires a lot of work. • It is expected that new DNS servers will

be added. This will require reconfiguration of many nodes. • The company wants to avoid this extra

work.

BOOTA INC. Boota Inc. just added 500 nodes to its network because of its exponential growth and the induction of new employees. The company has 4 new Class C addresses to be assigned to these hosts. However, the company wants to minimize overhead of maintaining network settings on each of these hosts. Additionally, it is expected that multiple domain name servers will be installed in the near future and that this will require reconfiguration of network setting on most of the new machines. The company has decided to use DHCP as a quick way to overcome this problem and configure all the new hosts from a central DHCP server.

A N A LY S I S Because DHCP can provide network configuration to hosts, it is the best way to avoid the work of configuring each new host. A DHCP database can be maintained on the DHCP server, and each node will take its network configuration from this central place. The DHCP server can also provide DNS settings to its clients. So when a change is made in DNS server, the company needs to change only the DHCP database. The DHCP clients will automatically get the new DNS information from the DHCP server.

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

CHAPTER SUMMARY This chapter opened by introducing DHCP and briefly describing how it works. You learned basic terms, such as lease time and DHCP scope. You learned the steps involved when using DHCP to boot up a workstation: First a DHCP client sends a DHCPDISCOVER broadcast message. In response, the DHCP server sends back a DHCPOFFER message. When the client selects one of the offers, it sends a DHCPREQUEST message to select an offer. The server then responds with a DHCPACK message. The DHCP lease can be renewed and at the time of shutdown, the DHCP client relinquishes the leased IP address. You also learned about DHCP allocation types. Addresses can be allocated dynamically or statically to some of the clients. This chapter also showed you how to configure the DHCP server. Two methods were presented. The DHCP Manager (dhcpmgr) is a GUI utility that can be used to configure DHCP. The other method is dhcpconfig, which is a text-based utility. You also learned how to use the snoop command to look into DHCP packets on the network. The configuration utilities automatically configure the DHCP server to start at boot time. You also learned how to unconfigure the DHCP server, relay agent, and client. Finally, you were given tips on troubleshooting DHCP and how to start the server and client in Debug mode.

Key Terms • Dynamic Host Configuration Protocol (DHCP) • DHCP server • DHCP client • DHCP relay • DHCP lease time • DHCP scope • Debug mode

277

278

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

A P P LY Y O U R K N O W L E D G E

Exercises 1.1

Configure DHCP Server Using the DHCP Manager GUI and Test Using the DHCP Client

In this exercise, configure DHCP using the DHCP Manager GUI. Estimated Time: 30 minutes 1. Configure a DHCP server using the DHCP Manager GUI. List the files in the /var/dhcp directory. 2. Unconfigure DHCP using dhcpconfig, and again, list the files in the /var/dhcp directory. 3. Use a Microsoft Windows PC as a DHCP client to determine whether the DHCP server is working properly. 4. Stop the DHCP server, as described earlier in this chapter. Restart it in Debug mode. 5. Find and evaluate the troubleshooting messages. 6. Use the snoop command to capture the IP packet. 7. Configure DHCP client and test its configuration using the ifconfig command.

Review Questions 1. What are the advantages of DHCP? 2. How do you plan a DHCP installation? 3. What are different ways of configuring the DHCP server? 4. What is a DHCP relay agent?

Exam Questions 1. What is the minimum number of scopes a DHCP server must have to assign IP addresses to a DHCP client? A. 0 B. 1 C. 2 D. 10 2. At what time does a client send a request for the first time to renew the lease? A. Right at the beginning of the lease time B. When half of the lease time has elapsed C. When two-thirds of the lease time has elapsed D. When three-fourths of the lease time has elapsed 3. What is the correct sequence of DHCP messages at the time of configuration of a DHCP client? A. DHCPREQUEST, DHCPACK, DHCPDISCOVER, DHCPOFFER B. DHCPDISCOVER, DHCPREQUEST, DHCPACK, DHCPOFFER C. DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPACK D. DHCPDISCOVER, DHCPOFFER, DHCPACK, DHCPREQUEST 4. Which message is used by a DHCP client to select an offer from a DHCP server? A. DHCPACK B. DHCPREQUEST C. DHCPSELECT D. DHCPNAK

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

279

A P P LY Y O U R K N O W L E D G E 5. Which DHCP lease type has no lease expiration? A. Dynamic

10. Which of the following acts as a DHCP client daemon?

B. Static

A. in.dhcpd

C. Automatic

B. dhcpd

D. Trivial

C. dhcpclient

6. Which of the following can be used to store DHCP data? Check all that are correct. A. Local files

D. dhcpagent

B. NIS

Answers to Review Questions

C. NIS+

1. Some of the DHCP advantages are as follows:

D. Web server 7. Can the DHCP server supply DNS information to clients? (Yes or No) 8. How many network addresses can be added in the initial process of DHCP server configuration using the DHCP Manager? A. 1 B. 2 C. 10 D. Any number of networks 9. Which file contains information about the location of DHCP data storage? A. /etc/dhcp B. /etc/default/dhcp C. dhcptab D. /var/dhcp

• Less network management work. • Best utilization of available IP addresses. • Changes to network settings are easy to propagate to all nodes. • Mobile hosts such as laptop computers are easy to move from one network to another. 2. In the DHCP planning phase, you get information about your network. This information includes, but is not limited to, the following: • Number of hosts that need static IP addresses • Number of segments in a network • Lease policy • One DHCP server or multiple 3. DHCP can be configured using the DHCP Manager GUI or dhcpconfig command. 4. A DHCP relay agent acts on behalf of a DHCP server. It receives queries from DHCP clients and forwards these to the DHCP server. Similarly, it receives a response from the DHCP server and sends it to DHCP clients.

280

Chapter 5

CONFIGURING AND MANAGING THE DYNAMIC HOST CONFIGURATION PROTOCOL

Suggested and A P PReadings LY Y O U R Resources KNOWLEDGE • Solaris Answerbook2 • The DHCP Handbook: Understanding, Deploying, and Managing Automated Configuration Services by Ted Lemon and Ralph E. Droms • Documentation on web site www.dhcp.org

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam: Identify tools which use the Simple Network Management Protocol (SNMP). Describe the Simple Network Management Protocol (SNMP).

. The Simple Network Management Protocol is used to monitor and manage network elements. This chapter provides information about the protocol and its use in the Solaris environment.

C H A P T E R

6

Network Management with SNMP

OUTLINE

S T U DY S T R AT E G I E S

Introduction

xx

Simple Network Management Protocol (SNMP)

xx

SNMP Components

xx

SNMP Versions and Related RFCs

xx

Structure of Management Information

xx

Object Identifier (OID)

xx

ASN.1 Language

xx

Management Information Base

xx

MIB Groups

xx

Private MIBs

xx

Community Names

xx

SNMP Messages

xx

Authentication Header

xx

The Protocol Data Unit (PDU) SNMP GET SNMP GETRESPONSE SNMP GETNEXT SNMP SET SNMP GETBULK SNMP TRAP

xx xx xx xx xx xx xx

Port Numbers

xx

SNMP in Solaris

xx

Agent Configuration Files Master Agent Resource Configuration File Agent Registration File Agent Access Control File

xx xx xx xx

Chapter Summary

xx

Apply Your Knowledge

xx

The Simple Network Management Protocol (SNMP) has evolved over a long period of time. You should use the following strategies to study for this objective: . Learn SNMP terminology. . Learn port numbers used by the SNMP agent and management station to communicate with each other. . Read some of the RFCs to understand detailed information about SNMP’s history. . Practice the configuration of the SNMP agent on a Solaris machine.

Chapter 6

NETWORK MANAGEMENT WITH SNMP

INTRODUCTION The Simple Network Management Protocol (SNMP) is used to monitor and manage hosts on a network from local or remote locations. Information about a host is collected by the SNMP agent running on that host. An SNMP management station can send a request to an SNMP agent running on a host to provide management information using an authentication method. An SNMP agent also can convey important information asynchronously to a preconfigured SNMP management station using a mechanism known as traps. Trap destination is usually configured on each host running an SNMP agent. SNMP is actually a set of rules and regulations that govern communication between the SNMP agent the and SNMP management station. In addition to requesting information from SNMP agents, the management station also can set certain parameters on hosts running the SNMP agent. The agent maintains information in certain tables and scalar objects collectively known as the Management Information Base (MIB). Like files, objects in MIB also have read and write permissions. The SNMP agent keeps MIB objects updated and relays information contained in these objects to the SNMP management station when requested to do so. An SNMP management station also can update information in a MIB object, which has write permission. This chapter introduces you to the SNMP and its components. Information about the SNMP agent implementation in Solaris also is presented in this chapter. You should gain an understanding of basic SNMP terminology and how SNMP works.

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) Since networks started growing larger and larger, network management has become a much more complex task. Practically, it is not possible to monitor and keep an eye on each and every aspect of network management in large networks. Since the birth of the Internet, the need for a reliable simple framework for network management has always existed. SNMP was approved as a standard in 1988, and almost all vendors use SNMP in their products now.

283

284

Chapter 6

NETWORK MANAGEMENT WITH SNMP

The Simple Network Management Protocol is a collection of management station(s), network elements, and rules that govern communication between these two. The network elements run a piece of software, which is called the SNMP agent. Network elements may be simple hosts, servers, routers, bridges, or anything connected to a network. The SNMP agents residing on each device communicate with one or multiple SNMP management stations to exchange information. The role of the SNMP agent is to collect network management information and pass it on to the management station when requested. It also can pass critical information to the management station asynchronously to report important events through a mechanism known as traps. If an SNMP management station needs to set the value of a managed object, it can direct the SNMP agent to do so. The SNMP agent keeps the management information in special tables and scalar objects known as a Management Information Base (MIB). There is a special format in which MIBs are defined, as discussed later in this chapter.

SNMP Components The three basic components of the SNMP protocol are as follows: á Structure of Management Information (SMI) á Management Information Base (MIB) á SNMP messages A complete SNMP framework is a collection of all of these elements. Each of these is discussed throughout this chapter.

SNMP Versions and Related RFCs Three main versions of SNMP are currently in use: versions 1, 2, and 3. Most of the discussion in this chapter focuses on versions 1 and 2 of the SNMP. There are more than 50 RFCs related to the SNMP, MIBs, and SMI. For a list all SNMP-related RFCs, check out www.ietf.org.

Chapter 6

NETWORK MANAGEMENT WITH SNMP

STRUCTURE OF MANAGEMENT INFORMATION Entities that can be managed using SNMP are called objects. The Structure of Management Information (SMI) provides a framework to manage these objects. Each object has properties, including the following: á Name á Syntax á Encoding The object name is defined in a special way using object identifiers (OIDs). These are discussed later in the chapter. The syntax refers to the data type used to store the value of that object. If you find the following in the definition of a MIB, for instance, it means the object name is sysServices and it is of the data type integer. Its value can change from 0 to 127, as noted here: sysServices OBJECT-TYPE SYNTAX INTEGER (0..127) ACCESS read-only STATUS mandatory DESCRIPTION

The encoding defines the way information about that object will be transmitted over the network.

Object Identifier (OID) Each object identifier is defined using integers separated by dot characters. These OIDs are arranged in a tree structure. This tree structure is a special ordered way of representing different objects. Each node in the tree has a name as well as a number associated with it. Figure 6.1 shows a typical tree structure that starts with the root node. To specify the OID for the maximum transmission unit (MTU) value of a network interface, you start from the root node and traverse the tree until you reach the ifMtu node. You write down numbers associated with the nodes traversed during this process and separate these numbers with dot characters to form an OID for this object. In this example, the OID for the ifMtu object is 1.3.6.1.2.1.2.2.1.4. Similarly, OIDs for all other objects can be listed.

285

286

Chapter 6

NETWORK MANAGEMENT WITH SNMP

root

FIGURE 6.1 Tree structure used to represent OIDs.

iso (1)

ccitt (0)

joint-iso-ccitt (3)

org (3)

dod (6)

internet (1)

mgmt (2)

experimental (3)

private (4)

MIB (1) Interface (2)

IP (4)

ifNumber (1)

ifTable (2) ifEntry (1)

ifIndex (1)

ifType (3)

ifIvftu (4)

ASN.1 Language Abstract Syntax Notation One (ASN.1) is used to define objects and their data types inside an MIB. It uses key values to define objects. Table 6.1 lists some of these keys.

T A B L E 6.1

ASN.1 K E Y D E F I N I T I O N S

Key

Description

SYNTAX

Defines the object’s data type.

ACCESS

Level of access to the object. Values may be read-only, read-write, and so on.

STATUS

Defines whether an object is obsolete, mandatory, or optional.

DESCRIPTION

A brief description of the object.

DEFVAL

Default value of the object, if used.

The following section discusses these key definitions in more detail.

Chapter 6

NETWORK MANAGEMENT WITH SNMP

MANAGEMENT INFORMATION BASE The Management Information Base (MIB) is a hierarchical organization of objects used in SNMP. This organization is like a tree. Individual objects are leaves of the tree. Each object has an OID, which is a sequence of numbers separated by dot characters. As described earlier, you can determine the OID of an object by traversing the tree from the root node to the node that represents that object and noting the numbers associated with all the nodes along the way. The MIB is implemented as a data structure of tables and scalar objects in which values of these objects are stored for retrieval by the SNMP management station. ASN.1 is used to describe the structure of these tables and data types associated with different objects. The following list shows part of an MIB represented in ASN.1. This list shows the following three objects in the MIB: á

ifDescr

á

ifType

á

ifMtu

The SYNTAX part of each object displays the data type and range used for the object. The ACCESS part shows read and write permissions for the object. The DESCRIPTION part shows a short description of the object. You will find ASN.1 listings such as the following in many RFCs: ifDescr OBJECT-TYPE SYNTAX DisplayString (SIZE (0..255)) ACCESS read-only STATUS mandatory DESCRIPTION “A textual string containing ➥information about the interface. This string should ➥include the name of the manufacturer, the product name ➥and the version of the hardware interface.” ::= { ifEntry 2 } ifType OBJECT-TYPE SYNTAX INTEGER { other(1), regular1822(2), hdh1822(3), ddn-x25(4),

287

288

Chapter 6

NETWORK MANAGEMENT WITH SNMP

rfc877-x25(5), ethernet-csmacd(6), iso88023-csmacd(7), iso88024-tokenBus(8), iso88025-tokenRing(9), iso88026-man(10), starLan(11), proteon-10Mbit(12), proteon-80Mbit(13), hyperchannel(14), fddi(15), lapb(16), sdlc(17), ds1(18), e1(19), basicISDN(20), primaryISDN(21), propPointToPointSerial(22), ppp(23), softwareLoopback(24), eon(25), ethernet-3Mbit(26), nsip(27), slip(28), ultra(29), ds3(30), sip(31), frame-relay(32) } ACCESS read-only STATUS mandatory DESCRIPTION “The type of interface, distinguished ➥according to the physical/link protocol(s) ➥immediately `below’ the Network layer in the protocol ➥stack.” ::= { ifEntry 3 } ifMtu OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION “The size of the largest datagram ➥which can be sent/received on the interface, ➥specified in octets. For interfaces that are ➥used for transmitting network datagrams, this ➥is the size of the largest network datagram that ➥can be sent on the interface.” ::= { ifEntry 4 }

Chapter 6

NETWORK MANAGEMENT WITH SNMP

289

MIB Groups The beauty of the tree structure for objects is that it generates groups. Every level of the tree is analogous to a group. Objects of similar types fall inside one group. Like individual objects, groups also have OIDs. To simplify the process, some standard MIB groups are defined in RFCs. For example, Interface and IP are two groups shown in Figure 6.1. These groups have OIDs 1.3.6.1.2.1.2 and 1.3.6.1.2.1.4, respectively, and are defined in MIB-II (RFC 1213). Table 6.2 lists some other groups. TABLE 6.2

MIB G R O U P S Group Name and OID

Description

System (1.3.6.1.2.1.1)

Objects related to system administration (such as uptime)

Interface (1.3.6.1.2.1.2)

Objects related to manageable interfaces

IP (1.3.6.1.2.1.4)

Information related to the IP protocol and protocol statistics

ICMP (1.3.6.1.2.1.5)

Information related to the ICMP protcol and protocol statistics

TCP (1.3.6.1.2.1.6)

Information related to the TCP protocol and protocol statistics

UDP (1.3.6.1.2.1.6)

Information related to the UDP protocol and protocol statistics

Many vendors have their own private MIBs that are used to store management information related to vendor-specific objects. Each vendor is assigned a specific OID for this purpose. Private MIBs for a particular vendor fall under this OID. The OID assigned to Sun Microsystems is 1.3.6.1.4.1.42, which means that all objects in private MIBs for Sun will have an OID of 1.3.6.1.4.1.42. Figure 6.1 shows the branch for the private MIB part (OID 1.3.6.1.4).

NOTE

Private MIBs You also can write OIDs as words. For example, the OID for the private MIBs part (1.3.6.1.4) can also be written as iso.org.dod.internet.private.

290

Chapter 6

NETWORK MANAGEMENT WITH SNMP

EXAM

TIP

Community Names Because community names are used for authentication, they should be kept secret, just like passwords, and they should not be obvious. By default, public is used as the community name, and it should be modified.

Community names are like passwords and are used to exchange information between the SNMP agent and management stations. Usually two community names are used: the GET community name and SET community name. The GET community name is used for GET, GETBULK, and GETNEXT type SNMP messages. The SET community name is for SET SNMP messages. The following section discusses SNMP messages in more detail.

NOTE

SNMP MESSAGES The community name is not part of a MIB, but it is a configurable parameter of the SNMP agent. This means that the community name does not have an OID.

The network management information between an SNMP agent and the SNMP management station is exchanged in the form of SNMP messages. These SNMP messages consist of two major parts: the Authentication Header and the Protocol Data Unit (PDU). PDUs have a specific format so that SNMP components from different vendors can understand each other.

Authentication Header The Authentication Header consists of two parts: the version number and the community string. The first part is the version number of the SNMP message. If the version number of the incoming message is not understandable or supported by the SNMP agent or management station, the message is ignored. The second part is the community string, which is used as a password. Each SNMP agent and management station is part of a community with a specific name.

The Protocol Data Unit (PDU) The Protocol Data Unit is the actual part of the SNMP message that conveys information to an agent or management station. There are different types of PDUs. Some of these are discussed in the following sections.

SNMP GET The SNMP GET PDU is sent by the SNMP management station to the SNMP agent to retrieve the current value of an object.

Chapter 6

NETWORK MANAGEMENT WITH SNMP

SNMP GETRESPONSE The SNMP GETRESPONSE PDU is used by the SNMP agent to send a response to a management station. The response contains the value of the object requested by the management station or an error message if the value of the object is not available.

SNMP GETNEXT The SNMP GETNEXT PDU is used by the SNMP management station to get the value of the next object in an MIB table. This is normally used to walk through all objects in an MIB table. Management stations can be used to display all object values contained in a table using this type of message.

SNMP SET Th SNMP SET PDU is sent by the management station to the SNMP agent to set the value of a particular object. The MIB table must have write permission for this object. Usually a different community name (password) is used for setting a value.

SNMP GETBULK The SNMP GETBULK PDU is used in SNMPv2 and above. It is used to get bulk amounts of data from the SNMP agent.

SNMP TRAP Sometimes SNMP agents need to send information about a critical event on a host. These events are sent to the management station using a special type of message, the SNMP TRAP PDU. The trap destination is a management station available to receive traps. You can configure one or more trap destinations in Solaris using the SNMP agent configuration files.

Port Numbers UDP port 161 is used for SNMP messages, and port 162 is used for traps. The agent opens port 161 to receive incoming requests from the management station. The management stations open port 162 to receive incoming trap messages.

291

292

Chapter 6

NETWORK MANAGEMENT WITH SNMP

SNMP

IN

SOLARIS

The SNMP agent in Solaris works in the master agent — subagent model. The SNMP master agent is started at boot time. The master agent snmpdx is present in the /usr/lib/snmp directory. It is started by the /etc/rc3.d/S76snmpdx initialization script in run level 3. It starts listening to the UDP port number 161 for SNMP requests. It reads different configuration files and invokes various subagents. It also opens another port to listen to traps sent to the master agent from subagents. Depending on its configuration, it forwards these traps to one or more SNMP management stations for notification. The master agent has the following functions: á Invokes subagents á Sends requests to subagents á Receives responses from subagents á Communicates with SNMP management stations á Receives traps from subagents á Sends traps to SNMP management stations The master agent communicates with each subagent on a separate port and ensures that each subagent is running. It sends different requests to subagents on a periodic basis to make sure that the subagent is responding to these requests. A subagent does not communicate directly with any SNMP management stations. Instead, it communicates only with the master agent. Each subagent registers itself with the master agent when it is invoked. If a subagent is started manually by the network administrator using a startup script, it should be started after the master agent has been started. Otherwise, it is not possible for the subagent to register with the master agent.

Agent Configuration Files The master agent on Solaris has various configuration files, as listed next in this section. The default location of these files is /etc/snmp/conf and /var/snmp directories. The following sections discuss the main files used for SNMP agent configuration on Solaris.

Chapter 6

NETWORK MANAGEMENT WITH SNMP

293

Master Agent Resource Configuration File The master agent resource configuration file is used by the master agent only. This file contains information about all subagents that are managed by the master agent. The default name for this configuration file is /etc/snmp/conf/snmpdx.rsrc. You can use commandline options of snmpdx when using a different file as the resource file. See the user’s manual of snmpdx for more information.

Agent Registration File Each agent has its own registration file. Among other information about the subagent, the file includes the following information. á Name of the subagent á OIDs of the subtree managed by the subagent á Preferred port number á Request timeout á Macros

Agent Access Control File The agent access control file is used by both the master agent and subagents. It contains information about community names and traps. The default path name of this file is /etc/snmp/conf/snmpdx.acl and can be modified through the command line. In addition to these files, the master agent also has a status file that keeps information about spawned subagents and process IDs.

C A S E S T U DY : M A N A G E M E N T S TAT I O N S ESSENCE OF THE CASE

SCENARIO

Here are the essential elements in this case:

ABC Company has a network distributed over many cities. The network is used for mission-critical applications and has a number of Solaris servers. The company has a network operation center where the health of these servers is monitored. The ABC Company has decided to install a management solution that employs SNMP. The SNMP

. SNMP management software is installed in the network operations center. . Solaris servers are distributed in many cities.

continues

294

Chapter 6

NETWORK MANAGEMENT WITH SNMP

C A S E S T U DY : M A N A G E M E N T S TAT I O N S continued . In addition to SNMP polling, servers are required to send traps to the management system. . Some configuration also is required in the management software.

management solution shows a graphical view of the network to the operators and generates different alarms depending on changes in different parameters on managed hosts. The ABC Company needs to know the steps and effort needed to bring Solaris servers into the framework of SNMP management. Solaris servers are required to send traps for critical events to the management system in the network operations center.

A N A LY S I S To make the Solaris servers talk to the management system located in the network operations center, the SNMP agent must be running on these servers. First, you need to configure the SNMP client on each of the Solaris servers. You can use the same community name for all servers or a different community name for each of these. You need to configure these community names in the management software also. It is a good practice to have different GET and SET community names to avoid accidentally changing a parameter on managed nodes. The solution also needs critical events to be forwarded to the management station. You also need to configure a trap destination on each of the Solaris servers for this purpose. On the management station, you can configure actions corresponding to each received trap. Examples of these actions are displaying a pop-up window with an error message, sending an email, having someone paged, and so on. In the event that some private MIBs are present on Solaris servers, the MIBs need to be loaded in the management software. To periodically check the health of these servers, you should configure polling frequency for each of these server on the management station. Critical servers should be polled more frequently.

Chapter 6

NETWORK MANAGEMENT WITH SNMP

CHAPTER SUMMARY This chapter discussed the Simple Network Management Protocol. This protocol provides a framework for monitoring and managing network objects present on different hosts from a central location. SNMP works in “agent management station” fashion. An SNMP agent resides on all hosts to be managed. The management station communicates with these agents to exchange management information. Agents keep information in tabulated data structures known as Management Information Bases (MIBs). Abstract Syntax Notation One (ASN.1) notation is used to defines MIB tables and objects. Each object is represented by an object identifier (OID). An OID is a sequence of numbers separated by dot characters. The SNMP agent in Solaris is split into a master agent and multiple subagents. The master agent communicates with subagents and SNMP management stations. Subagents do not communicate directly with any of the management stations. Subagents can be invoked by startup scripts or by the master agent. Subagents, on the other hand, should be invoked only after the master agent is running.

KEY TERMS • Simple Network Management Protocol (SNMP) • Abstract Syntax Notation One (ASN.1) • Object Identifier (OID) • Management station • SNMP agent • Master agent • Traps

295

296

Chapter 6

NETWORK MANAGEMENT WITH SNMP

A P P LY Y O U R K N O W L E D G E

Exercises

C. Run level 3 D. Run level 5

6.1

Verifying that the Master Agent Is Running

2. What is the port number used by snmpdx?

This exercise demonstrates how to verify that the master agent is running on your machine.

A. 121

Estimated Time: 5 minutes

C. 25

1. Use the ps command to verify that the master agent is running on your machine. Using this command, you can find out whether the snmpdx process is running. The command should look something like this: bash-2.03# ps -ef | grep snmpdx | grep -v grep root 402 1 0 17:54:39 ? 0:00 usr/lib/snmp/snmpdx -p 50161 -y -c ➥/etc/snmp/conf bash-2.03#

2. If the agent is not running, try to start the master SNMP agent using the command line. 3. If you need help, use the startup script, /etc/init.d/init.snmpdx.

Review Questions 1. What is an OID? 2. What is a community name?

Exam Questions The answers to the exam questions can be found in Appendix E, “Answers to Sample Exam Questions.” 1. In which run level is the snmpdx master SNMP agent started by default? A. Run level 1 B. Run level 2

B. 161

D. 23 3. Which version(s) of SNMP is/are currently in use? Check all that apply. A. Version 1 B. Version 2 C. Version 3 D. Version 7 E. Version 8 4. Which community names are used in SNMP? Choose all that apply. A. GET B. SET C. READ D. WRITE 5. When should an SNMP subagent be started in Solaris? A. Before starting any of the network services B. Before starting the master SNMP agent C. After starting the master SNMP agent D. In no particular order

Chapter 6

NETWORK MANAGEMENT WITH SNMP

297

A P P LY Y O U R K N O W L E D G E

Answers to Review Questions 1. OID (or object identifier) is a dot-separated number or name that uniquely defines an object in the MIB. OID is constructed by traversing the MIB tree from the root of the tree to the object and noting the numbers of all nodes traversed.

2. A community name is a string used for authentication in SNMP messages. The agent responds to an incoming message only if its community name matches with locally the configured community name.

Suggested Readings and Resources 1. Books • SNMP, SNMPv2, SNMPv3 and RMON 1 and 2. William Stallings • Understanding SNMP MIBs. David Perkins and Evan McGinnis • Managing Internetworks with SNMP, Third Edition. Mark A. Miller

2. URLs • The home page for the SNMP Working Group at http://ietf.org/html.charters/ snmpv3-charter.html

• The Network Management Forum at www.nmf.org

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam: Identify the purpose of DNS. Describe address resolution and reverse address resolution. Identify the correct resource record syntax. Explain the steps needed to configure DNS. Identify the configuration files for DNS. State the purpose of DNS configuration files.

. The hostname resolution is a process of mapping hostnames to IP addresses. The process is used to find, given just a hostname, an IP address. Different techniques are used for this purpose. One of these schemes is the Domain Name System or (DNS). This is a client-server system that utilizes a hierarchical scheme of host naming. A DNS server listens to client queries on UDP port 53 and responds to these with resolved hostnames. It listens to TCP port 53 for zone transfers that take place between two Domain Name Servers. . Other than DNS, /etc/inet/hosts and Network Information System (NIS) can be used to resolve hostnames as well. The /etc/inet/hosts file, or just hosts, is described in this chapter, but NIS is beyond the scope of this book. . In the reverse address resolution process, a hostname is determined based on an IP address. This process is often needed by many Solaris services for security purposes. C H A P T E R

. The DNS server uses its configuration and data files at boot time. Information in DNS data files is stored in the form of resource records (RRs). Each type of RR is used for a particular type of host. These are discussed in this chapter. You need to know the syntax and types of these RRs.

7

Configuring and Managing Domain Name Server

OUTLINE Introduction

xx

Introduction to HostName Resolution

xx

Reverse HostName Resolution

xx

Using the /etc/inet/hosts File

xx

Introduction to DNS (Domain Name System)

xx

Delegating Subdomains

xx

Configuring the Primary Domain Name Server Creating the /etc/named.conf File The named.ca File The named.local File The named.hosts File The named.rev File

xx xx xx xx xx xx

Configuring the Secondary Domain Name Server

xx

Configuring the Caching Domain Name Server

xx

How Domain Name Data Is Distributed

xx

Converting Old DNS Files

xx

How a Client Resolves a HostName

xx

Include Files

xx

The Difference Between Domains and Zones

xx

Fully Qualified HostNames (FQHNs)

xx

Fully Qualified Domain Names (FQDNs)

xx

Types of Domain Name Servers

xx

The Primary Domain Name Server

xx

The Secondary Domain Name Server

xx

The Caching Domain Name Server

xx

Configuring the Domain Name Server

xx

Resource Record Types Start of Authority Resource Record (SOA) Name Server Resource Record (NS) Address Resource Record (A) Mail Exchanger Resource Record (MX) The Pointer Resource Record (PTR) The Canonical Name Resource Record (CNAME) The HINFO Resource Record The TXT Resource Record The WKS Resource Record

xx xx xx xx xx xx xx xx xx xx

Configuring the DNS Client Configuring /etc/resolv.conf

xx xx

Configuring /etc/nsswitch.conf

xx

Testing with the nslookup Program Interactive nslookup Session Short and Fully Qualified Hostnames Unresolved HostNames Reverse HostName Resolution Changing the Default Name Server Getting Help Listing Records Testing BIND Version

xx xx xx xx xx xx xx xx xx

Securing the Domain Name Server

xx

Avoid Unnecessary Resource Records

xx

Restricting Client Access

xx

Restricting Zone Transfer Access

xx

DNS Troubleshooting

xx

Testing DNS with nslookup

xx

Testing with the netstat Command

xx

OUTLINE

S T U DY S T R AT E G I E S

Testing with Telnet

xx

DNS Client Configuration Problems Problems with the /etc/nsswitch. conf File Problems with the /etc/resolv. conf File

xx

DNS Server Configuration Problems Updated Zone File Doesn’t Get Propagated to the Secondary Server Problems with rsh, rlogin, and Similar Commands

xx

xx xx

xx xx

Case Study

xx

Chapter Summary

xx

Apply Your Knowledge

xx

This chapter is divided into two logical parts. In the first part, the theory behind the name resolution process and different types of hostname resolution are presented. An introduction to the domain name system is also provided here. The second part of this chapter focuses on the practical configuration of the DNS client and server. To learn the configuration process, you need to understand the theoretical part. To get the most out of this chapter, use the following study strategies: . Learn the hostname resolution terminology. . Understand each method that is used for hostname resolution. Because the /etc/inet/hosts file is the easier method of resolution, try it first. . Learn the DNS configuration process and know how to configure a DNS server. . Configure the DNS client and then test it.

302

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

INTRODUCTION Right from the beginning of the Internet, people have been using different methods to map hostnames to IP addresses. After all, hostnames are more convenient and easy for everyone to remember than IP addresses (especially when you consider the number of servers present on the Internet). To use hostnames rather than IP addresses, a mechanism was required to map IP addresses to hostnames. Initially, a centrally managed text file named HOSTS.TXT contained these mappings. All hosts on the Internet periodically copied this file, and it was modified whenever a server was added to the Internet. With the rapid growth of the Internet, it became practically impossible to frequently update and copy this file for such a large number of hosts. It was then realized that centralized management of hostname resolution should be distributed among several autonomous domains, each domain being a set of hosts and/or networks managed by its respective administrators. These days, multiple methods are used for hostname resolution. These include a text file–based, old type of hostname resolution method, Network Information System (NIS), NIS+, and Domain Name System (DNS). The /etc/inet/hosts file is used for text file–based hostname resolution. This chapter contains information about this file and about DNS. NIS and NIS+ are beyond the scope of this book. Multiple name resolution services can be configured simultaneously such that if one service fails, the other can be used as a fallback option. The name service switch configuration file, /etc/nsswitch. conf, is used for this purpose. The chapter starts with an introduction to the hostname resolution process and then reviews the hostname resolution methods. A brief introduction to domain name system is presented. After that, different types of DNS servers and ways to configure these DNS servers are presented. You also learn about resource records, which is a way to represent DNS data in its data files, and you learn how to configure the DNS client. Finally, this chapter covers the testing and troubleshooting of the DNS server and client.

CONFIGURING AND MANAGING DOMAIN NAME SERVER

After reading this chapter, you should understand each of the different hostname resolution methods. You also should know how to configure different types of DNS servers and the DNS client. Finally, you should know how to troubleshoot common DNS problems.

INTRODUCTION RESOLUTION

TO

HOSTNAME

A hostname is an easy-to-remember name assigned to a host connected to a network. Hostnames are used because it is very hard to remember IP addresses for different servers scattered all over the Internet. Additionally, hostnames may be kept the same even if host IP addresses change from time to time. By definition, the process of mapping hostnames to IP addresses is known as hostname resolution. Reverse hostname resolution also is used in some cases when there is a need to know the hostname for a particular machine, provided the IP address for that machine is known. Reverse hostname resolution is needed for many purposes, including commands such as rlogin and rcp. Multiple methods are available in Solaris 8 to resolve hostnames, as listed here. Depending on the environment, you can select a particular method: á The /etc/inet/hosts file. This file is linked to the /etc/hosts file for compatibility with other UNIX systems. This is a textbased file, and each line in this file contains an IP address, a hostname, and one or more aliases used for the host. á NIS. The Network Information System is a client-server system that has many other uses. Discussion of this method is beyond the scope of this book. á NIS+. This is an advanced version of the Network Information System. Discussion of it is also beyond the scope of this book. á Domain Name System or DNS. This method is the focus of this chapter.

NOTE

Chapter 7

303

DNS is used both for Domain Name System as well as Domain Name Server. Domain Name Server is a server process that implements a Domain Name System and is used to resolved hostnames.

304

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Use of any of these methods depends on the type of environment in which you are working. If you are connecting a host to the Internet, DNS is a must. For small private networks, other methods can be used. You also can use a combination of these methods such that if one method fails, another method can be used for hostname resolution.

NOTE

REVERSE HOSTNAME RESOLUTION Reverse hostname resolution is also used for security purposes. For example, Sendmail will not accept mail if it cannot resolve incoming mail server names. This feature prevents spamming.

Reverse hostname resolution is used to find an IP address when a hostname is specified. Almost all the hostname resolution methods are used for both forward and reverse hostname resolution. Many systems need reverse hostname resolution for security and other purposes. When a system receives an incoming connection request, for example, it contains the IP address of the client machine. Before you allow or deny this connection request, you need to know whether the requesting system is trusted. If you need to compare the hostname for that IP address from a list of trusted hosts, you need to find out the hostname corresponding to that IP address. Reverse hostname resolution is proven useful in this case. An example of hostname resolution is the use of commands that start with r (for instance, rlogin). If you use the /etc/inet/hosts file for hostname resolution, reverse hostname resolution is automatically enabled. If you use DNS, however, you must create another file to allow reverse hostname resolution.

USING

THE /etc/inet/hosts

FILE

The /etc/inet/hosts file is the most basic and oldest hostname resolution method. It was used for quite some time on the Internet. Now it is used only for small private networks. The /etc/inet/hosts is a simple text file. Each line in this file represents one entry for a hostname. Lines starting with hash symbol (#) are comment lines. Each line starts with the IP address followed by the hostname. The last part of the line is optional and it is used to represent aliases for the hostname. A typical file is shown here: # # Internet host table # 127.0.0.1 localhost

Chapter 7

305

During the hostname resolution, lines are scanned from top to bottom in this file and first matching entry is taken. So if there are multiple entries for a hostname in this file, only the first entry is used each time and following entries are ignored. Hostname resolution using this file is simple and works well for small networks with fewer than 10 hosts. Whenever you modify this file, you need to copy it to all hosts on the network. If your network is connected to the Internet, however, you should use DNS rather than the hosts file. This will enable you to resolve hostnames on the Internet and it will allow people on the Internet to resolve hostnames present on your network.

CAUTION

fana loghost laptop desktop fana-nt kaka

Most of the time, network administrators add new entries in the /etc/inet/hosts file at the end of the file. If a previous entry for the host already exists somewhere in the file, the new entry will never be used. So, before you add an entry to this file, make sure that there is no previous entry for the host in the file. Similarly, if you are using multiple hostnames for the same IP address, this problem might arise in the reverse hostname lookup. Multiple hostnames for the same IP address are typically used when multiple services are running on the same physical machine. An example of this situation is when you run FTP and a web server on the same machine but use different names for both servers. In such a case, instead of creating multiple entries, you should use aliases in this file.

TIP

192.168.2.222 192.168.2.11 192.168.2.1 192.168.29.28 192.168.30.30

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Sometimes network administrators use this file along with DNS to resolve hostnames that are not required to be visible on the Internet or an intranet for security reasons.

Domain name system is a distributed client-server system for resolving hostnames. This is implemented as an Application layer level protocol in TCP/IP networks. This system provides a distributed database of hostname to–IP address mapping. Each host on the global network is supposed to be part of a domain. A domain is thus defined as a combination of hosts sharing a common rightmost part in their name. A domain is a completely logical structure of hosts and has nothing to do with where the hosts are physically located. These hosts may be present on one network or several networks. Usually those hosts are included in one domain managed by a common administrative authority. This administrative authority may be an individual or a group of people. For example, a company might have a particular domain name for its computers that might be managed by a particular department within that company. Management of domains and subdomains is usually delegated—that is, they are not centrally managed. A hostname in a domain is a combination of dot-separated words similar to IP addresses, which are dot-separated numbers. A typical hostname is boota.newriders.com, in which boota is the hostname

EXAM

INTRODUCTION TO DNS (DOMAIN NAME SYSTEM)

306

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

and newriders.com is the domain name. There may be multiple words in a domain name, but the total length of a fully qualified domain name (FQDN) should not exceed more than 255 characters. A domain name may contain all letters and numbers including dash and underscore symbols. The DNS is not case sensitive—that is, it does not differentiate between uppercase and lowercase letters. Domain names are assigned in a hierarchy, which is similar to a UNIX file system hierarchy. The first word from the right side (or the last word from the left side) in a domain name is called the toplevel domain. In the preceding example of boota.newriders.com, the word com is the top-level domain name. A top-level domain name is like the root file system in UNIX file systems. All other domains are under the top-level domain. Each top-level domain has some significance that shows the type of organizations that fall under it. For example, all domains under the top-level domain com are used for commercial organizations. Table 7.1 lists top-level domains. TABLE 7.1

TOP-LEVEL DOMAINS Domain Name

Description

com

Commercial organizations and business companies

org

Non-business organizations

net

Companies in the networking business

mil

Military domain

gov

Government organizations and departments

edu

Educational organizations, schools, and universities

int

International organizations (NATO, Council of Europe, and so on)

Top-level name servers for each domain are present on the Internet and handle requests for each domain and hierarchy underneath it. Due to the overpopulation of existing domains, new top-level domain names are proposed. Table 7.2 lists these proposed names. In addition to these domains, each country has its own top-level domain. For example, the top-level domain for the United States is us. These domains are used for regional and country-specific organizations and business entities. Table 7.3 lists some countryspecific domains.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

307

TABLE 7.2

PROPOSED TOP-LEVEL DOMAINS Domain

Description

arts

Organizations related to arts and culture

nom

Personal and family addresses

rec

Recreational organizations

firm

Business organizations

info

Information-related services

TABLE 7.3

C O U N T R Y -S P E C I F I C D O M A I N N A M E S Domain

Country

pk

Pakistan

us

United States

uk

United Kingdom

de

Germany (Deutschland )

ca

Canada

Different countries have their own hierarchical scheme under country-specific top-level domain names. For example, commercial organizations in the United Kingdom are assigned names under the .co.uk domain. Each domain may have multiple subdomains down the hierarchy, just like a directory in a file system may have multiple subdirectories. Subdomains may in turn have more levels of hierarchy, like subdirectories that have subdirectories. Figure 7.1 shows where in the tree structure the host boota.newriders.com lies.

How Domain Name Data Is Distributed As mentioned earlier, some root domain name servers on the Internet keep record of top-level domain names. Hostnames and IP addresses of these name servers are public, and they are listed in Table 7.4. The list can also be obtained from a number of places on the Internet.







  !"

FIGURE 7.1 Hierarchical structure of domain name system.

308

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

TABLE 7.4

ROOT NAME SERVERS Hostname for the Root Name Server

IP Address

H.ROOT-SERVERS.NET

128.63.2.53

B.ROOT-SERVERS.NET

128.9.0.107

C.ROOT-SERVERS.NET

192.33.4.12

D.ROOT-SERVERS.NET

128.8.10.90

E.ROOT-SERVERS.NET

192.203.230.10

I.ROOT-SERVERS.NET

192.36.148.17

F.ROOT-SERVERS.NET

192.5.5.241

F.ROOT-SERVERS.NET

39.13.229.241

G.ROOT-SERVERS.NET

192.112.36.4

A.ROOT-SERVERS.NET

198.41.0.4

Usually an organization is assigned one or more domain names that fall under one of the top-level domain names. New Riders Publishing is assigned the domain name newriders.com, for example, which is under the com top-level domain. The organization is then responsible to set up two or more domain name servers for the domain name and to maintain a database of all hosts under the domain(s) it own. These organizational name servers are registered on the Internet as responsible name servers for that domain. One of these name servers is known as the primary domain name server which keeps the up-to-date copy of the database of hosts for that domain and a record of other name servers. Multiple secondary name servers may also be used to back up the primary server. In case the primary domain name server fails, the secondary name servers can be used for hostname resolution. The primary name server can create subdomains and delegate the authority of a subdomain to other name servers. Subdomains are very useful for large organizations where the number of hosts become large and the namespace becomes saturated. In these circumstances, subdomains can be used for departments within a domain.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

How a Client Resolves a Hostname Hostname resolution using the domain name system is a multistep process. Every DNS client is configured to contact one or more DNS servers in a particular order. These DNS servers are usually present somewhere on the local network. When contacted by a DNS client, a DNS server looks in its own database to see whether the hostname lies within the local domain. If the hostname is not inside the local domain, the DNS server looks into its cache to determine whether the hostname was previously resolved and its entry exists in the cache. If the entry exists in the cache, it is resolved and the response is sent back to the DNS client. If the DNS server does not have any knowledge of the hostname, however, it contacts one of the root name servers to find the address of another DNS server that is responsible for keeping the information of the domain in which that host resides. The root name servers have information about DNS servers from where a hostname can be resolved. After getting this information from the root name server, the local domain name server then contacts that name server to resolve the hostname. After resolving the hostname in this way, the local domain name server provides the answer to the DNS client.

The Difference Between Domains and Zones A domain name may consist of multiple smaller entities known as subdomains. In the domain newriders.com, for example, there may be different subdomains for sales, marketing, finance, and so on. You can delegate administrative authority of some of these subdomains to other DNS servers. The area of authority of a domain name server is called a zone. A zone may consist of one domain, one subdomain, or multiple subdomains. Figure 7.2 shows the difference between a domain, a subdomain, and a zone. As you can see, newriders.com is a domain name. This domain contains four subdomains, as follows: á

sales.newriders.com

á

finance.newriders.com

309

310

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

FIGURE 7.2  

The difference between a zone and a subdomain.

!" 

#!

!$%&

 

á

marketing.newriders.com

á

acquisition.newriders.com

!'( % 

Zone 1 consists of the hosts under newriders.com and the sales. newriders.com subdomain. The second zone (Zone 2) consists of the subdomain finance.newriders.com and marketing.newriders.com. Zone 3 consists of only one subdomain, acquisition.newriders.com.

Fully Qualified Hostnames (FQHNs) Usually we use hostnames that consist of a single word and represents a short hostname. A fully qualified hostname is a combination of this short hostname and the domain name under which it lies. If you have a hostname develop-01 in a domain newriders.com, for example, the hostnameFQHN for this host is develop-01.newriders.com.

NOTE

An FQDN is similar to the absolute path of a directory, whereas a fully qualified hostname (FQHN) is similar to the absolute path of a file in that directory.

NOTE

Fully Qualified Domain Name (FQDNs)

The FQHN is not widely used. FQDN, on the other hand, is commonly used both as fully qualified hostname and fully qualified domain name.

In a domain hierarchy, each domain name is known as a fully qualified domain name, which is represented by traversing the domain hierarchy tree from leaf node toward root node (bottom to top). In Figure 7.1, for example, boota.newriders.com is an FQDN. FQDN resembles the absolute path for a directory in the UNIX directory tree structure.

TYPES

OF

DOMAIN NAME SERVERS

Multiple types of the domain name servers are present on the Internet, categorized by the role they play. The following sections discuss the different types of domain name servers.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

311

The Primary Domain Name Server Each domain must have a primary (or master) domain name server. This server is registered on the Internet for the domain name to be visible. The primary name server is an authority over a domain or zone. A DNS administrator maintains database files on the primary domain name server. This domain name server is responsible for resolving all hosts in a domain or zone. There may be one or more secondary domain name servers that act as a backup to the primary name server. The primary domain name server enforces an expiration policy for hostname records after which the secondary name servers refresh their databases. If the domain name is registered on the Internet, the IP address and hostname for the primary name server is a public record known to everyone on the Internet. Using this public record, clients on the Internet can reach the domain name server that serves a particular domain.

The Secondary Domain Name Server The secondary (or slave) name server is used to back up the primary name server. There may be one or more secondary name servers. Secondary name servers are used in case the primary name server does not respond. Secondary name servers copy database files from the primary name server periodically. One or more secondary name server addresses are also public and known on the Internet.

The caching name server does not have any database files. It is used to resolve hostnames on remote networks using some other name servers. It keeps record of previously resolved hostnames and is used for one of the following reasons: á To speed up hostname resolution using cache á To offload hostname resolution task from the main domain name server á To reduce network traffic on large networks

NOTE

The Caching Domain Name Server Because the caching name server does not have its own database, persons and organizations that don’t have any authority on a domain or zone may also use it.

312

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

EXAM

TIP

CONFIGURING THE DOMAIN NAME SERVER Be consistent when naming hosts and networks.

Before you start configuring the domain name server, you need to collect certain information about your domain. This information includes your domain name and the primary and secondary domain name servers registered on the Internet. If your network is isolated, you don’t need to register your domain name servers on the Internet. You also need to decide about having subdomains or zones. If you are installing multiple domain name servers, you might need to decide which domain name server is the authority for a particular zone so that you can delegate management responsibilities. Domain name and name servers can be easily registered on the Internet. Contact your service provider for this purpose. You also can go to one of the registrars to register a domain name and name server. A list of registrars is available on the following web site: www.internic.net/regist.html

The in.named daemon acts as domain name server on Solaris. It is taken from Berkeley Internet Name Domain (BIND) distribution and supports BIND version 8. It is started through network initialization script S72inetsvc at run level 2. After starting, it reads its main configuration file /etc/named.conf to get information about its authority zones and zone data files. In addition to other information, zone data files contain mapping of hostname–to–IP address. The domain name server configuration process involves the following steps: 1. Register a domain name. 2. Create a list of hostnames and their IP addresses. 3. Create the /etc/named.conf file. 4. Create zone data files. These files are discussed later in this chapter. After creating these files, you can start in.named from the command line or it will automatically start at the next boot time.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

313

Resource Record Types Information in zone data files is stored in a special format. Pieces of this information are called resource records (RRs). Each resource has a particular meaning and keyword associated with it. Standard RRs are listed in the following sections.

Start of Authority Resource Record (SOA) The Start of Authority RR marks the beginning of a zone data. It also defines the default parameters for a zone. These default parameters include a serial number, refresh time, Time-To-Live (TTL) value, and so on. A typical SOA RR looks like the following: IN SOA fana.boota.org postmaster.fana.boota.org ( 2001041602 ; Serial 10800 ; Refresh - 180 Minutes 1800 ; Retry - 30 minute 1209600 ; Expire - 2 Weeks 43200) ; Minimum TTL - 12 Hours

The SOA RR is present in the start of all zone files and it contains the name of the primary DNS server. In the preceding example, the primary DNS server is fana.boota.org. The next thing in the RR is the technical contact’s name, which is postmaster.fana.boota.org. Note that there is no at symbol (@) after the username; instead there is a dot character. The next item is the serial number, which is used as a version for RRs. It should be incremented whenever you modify DNS zone files. The current example uses a popular way of representing serial numbers, which is in the form of YYYYMMDD##. Two characters on the right side show the version number, which is 02 in the preceding example. Other numbers in the serial number are used to represent the date of modification. A serial number is used by the secondary name server to detect changes on the primary DNS server. If you don’t update it, secondary name servers think that data files are not modified on the primary name server. This delays updating of data files on the secondary name server(s). The refresh time is the time interval after which the secondary name server tries to refresh its database from the primary name server. It looks into the serial number used in the SOA database. If it has changed since the last update, the name server database needs to be updated.

NOTE

@

This is not the only way to represent serial numbers. You can define your own method for writing serial numbers to distinguish among versions.

314

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

The retry time is the interval after which the secondary name server retries to contact the primary name server if its previous attempt to update the database failed. The expiry time is the interval after which the domain database on the secondary server becomes invalid if not updated from the primary name server. Minimum TTL is the time for which a hostname remains valid without updating, if not specified explicitly.

Name Server Resource Record (NS) The Name Server RR is used to list name servers for a domain or zone. Typical entries for the NS RR in zone files are listed in the following: ; ; Nameservers ; boota.org.

IN IN

NS NS

fana.boota.org kaka.boota.org

Address Resource Record (A) The Address RR is used to specify the IP address for a host in the DNS database. The A RR may be used with absolute or relative hostnames. The absolute hostname is an FQHN. A relative name is only a short form of a hostname. The domain name is appended to it by the DNS itself, as shown here:

WA R N I N G

; ; use of absolute hostname fana.boota.org. IN A ; use of relative hostname lota IN A

Note that you should not put a dot (.) at the end of the hostname when using a relative name. In the case of absolute names, you should put a dot at the end of the name. This is the most common error people make when configuring DNS.

192.168.2.100 192.168.2.210

Note that in the previous example, lota is equivalent to lota.boota.org.

Mail Exchanger Resource Record (MX) The Mail Exchanger RRs are used for hosts responsible to exchange email for a domain. A preference value is used with MX records to give preference to one server over another. The lower preference value server is used first as an email exchanger. Typical email exchanger RRs are listed in the following:

Chapter 7

; email email2

IN IN IN IN

A A MX MX

CONFIGURING AND MANAGING DOMAIN NAME SERVER

192.168.2.20 192.168.2.21 5 email 10 email2

The first preference goes to the host email, which is used as the mail exchanger. If this is not available, host email2 will act as the backup email exchanger.

The Pointer Resource Record (PTR) The Pointer RR is usually used for reverse hostname resolution. An example of a PTR RR is presented later in this chapter, during the discussion about named.rev file.

The Canonical Name Resource Record (CNAME) The Canonical Name RR is used to define aliases for a hostname. The situation arises when you have multiple services running on the same machine. If you are running an FTP server and a web server on the same host (not a good idea from security point of view), for example, you can use two names for the same machine, as follows: www ftp

IN IN

A CNAME

192.168.2.30 www

The CNAME RR proves very useful when you are moving services from one host to another host. In this case, you just need to change the CNAME entry in DNS and the client won’t even notice the change.

The Host Info Resource Record (HINFO) The HINFO RR is used to provide host information. It lists hardware information and operating system information. You can include the HINFO record for each host. From a security point of view, however, it is not desirable to include HINFO records in zone data files. A typical HINFO record is shown here: fana

IN

HINFO

ultra-5

UNIX

The Text Resource Record (TXT) The TXT RR provides text information. Any text information about a host is provided using this record. A typical TXT RR is shown here: fana

IN

TXT

“this host is present in my home”

315

316

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

The Well-Known Services Resource Record (WKS) The WKS RR provides information about well-known services available on a host. However, it is not desirable from a security point of view. A typical WKS record is shown here: fana

IN

WKS

192.168.2.222

TCP ( smtp netstat nntp )

Table 7.5 shows a list of RRs and a short description of each.

TABLE 7.5

DNS R E S O U R C E R E C O R D S Resource Record

Description

SOA

Start of Authority RR

NS

Name Server RR

A

The Address RR

MX

The Mail Exchanger RR

PTR

Pointer RR

CNAME

Canonical Name RR

HINFO

Host Info RR

TXT

Text RR

WKS

Well-Known Services RR

Delegating Subdomains Subdomains can be delegated to other name servers using the NS type RR. The following line delegates the subdomain sales.boota.org to the name server ns3.boota.org. sales.boota.org.

IN

NS

ns3.boota.org.

Configuring Primary DNS Server When you configure a primary name server, you create one boot configuration file, /etc/named.conf and multiple zone data files. The DNS daemon in Solaris is in.named and is started using the /etc/init.d/inetsvc startup script.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Creating the /etc/named.conf File The named.conf file contains important information used by the in.named daemon on Solaris at boot time. Among other things, this information contains the following: á The name of the directory where the DNS zone data files are stored á Names of zones á Names of zone data files á The type of server, whether primary, secondary, or caching-only á Logging options á Security options The file contains statements, and each statement ends with a semicolon. A statement may be in the form of a block, and the block also ends with a semicolon character. Table 7.6 lists some statements that can be included in this file.

TABLE 7.6

S TAT E M E N T S

TO

BE INCLUDED

I N /etc/named.conf

FILE

Statement

Description

ACL

Used to control access to DNS.

Include

Include a file at this point in the file. This is useful when you use multiple files for DNS data. This means that contents of an external file will be included in the /etc/named.conf file at the point where the include statement is located.

Key

Security key used for authentication and authorization.

Logging

This is used to log server information.

Options

Used to control options and default values.

Server

Configuration for a remote server. Also used to specify options on a per-server basis.

Zone

Used to define a zone and selectively apply options on a per-zone basis.

317

318

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

A sample /etc/named.conf file is shown here: options { directory “/etc/named”; pid-file “/etc/named.pid”; }; zone “boota.org” in { type master; file “named.hosts”; }; zone “2.168.192.in-addr.arpa” in type master; file “named.rev”; };

{

zone “0.0.127.in-addr.arpa” in { type master; file “named.local”; }; zone “.” in { type hint; file “named.ca”; };

Consider this file line by line. The first statement in this file is the options statement. It is used to set the directory name where zone data files will be located. The directory keyword is used to set this directory name. It also tells the in.named daemon where to store the process ID (PID) of the in.named process. This is done using the pid-file keyword. It means that whenever in.named starts, it will store its own PID in the /etc/named.pid file. The file is useful when you need to restart the in.named process using a shell script. The following line in a script will restart the in.named daemon: kill –HUP `cat /etc/named.pid`

Now take a look at the next block in the /etc/named.conf file, which is listed here: zone “boota.org” in { type master; file “named.hosts”; };

The zone name is defined as boota.org. The example also declares that this is the master name server for this zone. The filename in which the hostname to IP mapping is stored is named.hosts. Note that the filename is relative to the directory name previously mentioned. This means that the full path name for the file is /etc/named/named.hosts.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

The next two blocks are used for reverse hostname resolution so that when someone needs to find the IP address assigned to a particular hostname, it can be displayed. The last block of the /etc/named.conf file is shown in the here, and it needs some explanation: zone “.” in { type hint; file “named.ca”; };

This is a special zone, and it is used to specify the name of the file that contains addresses for the root name servers. Note that the type field in this block is hint, neither master, nor slave. The file named.ca contains a list of root name servers. If your network is not connected to the Internet and you have multiple name servers, you should have one root name server on your own network. This will ensure consistency of DNS information across all name servers. In the case of isolated networks, however, if there are only primary and secondary name servers and you have only one zone, you can live without any root name servers. In this case, you can just take this block off the /etc/named.conf file.

The named.ca File The named.ca file contains information about root name servers. These name servers are contacted by a DNS server to get information about a particular name server that can resolve a hostname. The latest copy of this file can be downloaded from the following FTP site: ftp://ftp.rs.internic.net/domain/named.root

The latest copy of the file available at this time is as follows: ; This file holds the information on root name servers needed to ; initialize cache of Internet DNS servers ; (e.g. reference this file in the “cache . ” ; configuration file of BIND DNS servers). ; ; This file is made available by InterNIC registration services ; under anonymous FTP as ; file /domain/named.root ; on server FTP.RS.INTERNIC.NET ; -OR- under Gopher at RS.INTERNIC.NET ; under menu InterNIC Registration Services (NSI) ; submenu InterNIC Registration Archives ; file named.root ; ; last update: Aug 22, 1997

319

320

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

; related version of root zone: 1997082200 ; ; ; formerly NS.INTERNIC.NET

; . 3600000 IN NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4 ; ; formerly NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 128.9.0.107 ; ; formerly C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12 ; ; formerly TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90 ; ; formerly NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10 ; ; formerly NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241 ; ; formerly NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4 ; ; formerly AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53 ; ; formerly NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17 ; ; temporarily housed at NSI (InterNIC) ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 198.41.0.10 ; ; housed in LINX, operated by RIPE NCC

; .

3600000

NS

K.ROOT-SERVERS.NET.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

K.ROOT-SERVERS.NET. 3600000 A ; ; temporarily housed at ISI (IANA) ; . 3600000 NS L.ROOT-SERVERS.NET. 3600000 A ; ; housed in Japan, operated by WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. 3600000 A ; ; ; End of File

193.0.14.129

L.ROOT-SERVERS.NET. 198.32.64.12

M.ROOT-SERVERS.NET. 202.12.27.33

The name server contacts one of the root name servers at boot time. Things might go wrong if it cannot contact any of the root name servers.

The named.local File The named.local file is usually used to resolve hostname configured on a loopback interface. A typical example of this file is shown here: @

IN

SOA

1

fana.boota.org. root.fana.boota.org. ( 2001021602 ; Serial number 10800 ; Refresh time ➥- 180 minutes 1800 ; Retry time ➥- 30 minutes 1209600 ; Expire - 2 weeks 43200) ; Minimum TTL ➥- 12 hours IN NS fana.boota.org. IN NS kaka.boota.org. IN

PTR

localhost.

This file is necessary for the DNS server for name resolution to work properly on the loopback network 127.0.0.0.

The named.hosts File This file contains a list of all hosts present in your domain. It is used to map hostnames to IP addresses. All the canonical names (aliases) and mail exchanger addresses are also defined in this file. A typical file is shown here: @

IN

SOA

fana.boota.org. root.fana.boota.org. ( 2001021602 ; Serial number 10800 ; Refresh time ➥- 180 minutes

321

322

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

localhost fana fant kaka www ftp

1800 ; Retry time ➥- 30 minutes 1209600 ; Expire - 2 weeks 43200) ; Minimum TTL ➥- 12 hours fana.boota.org. kaka.boota.org.

IN IN

NS NS

IN IN IN IN IN IN

A A A A CNAME CNAME

127.0.0.1 192.168.2.222 192.168.2.100 192.168.2.200 fana fana

The following two lines are equivalent in this file, and either of these can be used. Don’t forget to use a dot character in the second line where you use hostnamethe FQHN. fana fana.boota.org.

IN IN

A A

192.168.2.222 192.168.2.222

The named.rev File This file is used for reverse hostname resolution. When you want to find the IP address for a given hostname, this file is used by DNS. A typical file for reverse hostname resolution is shown here: @

NOTE

222 200

Note that when you use the in-addr. arpa zone, you have to put a dot character at the end of word arpa in the zone data file.

IN

SOA

fana.boota.org. root.fana.boota.org. ( 2001021602 ; Serial number 10800 ; Refresh time ➥- 180 minutes 1800 ; Retry time ➥- 30 minutes 1209600 ; Expire ➥2 weeks 43200) ; Minimum TTL ➥- 12 hours IN NS fana.boota.org. IN NS kaka.boota.org. IN IN

PTR PTR

fana.boota.org. kaka.boota.org.

If you want to write down the complete IP address in the reverse order, a special type of zone, in-addr.arpa, is used in this file. The following two lines are equivalent to each other, and either of these may be used. Note that in the second entry the IP address is used in the reverse order: 200 200.2.168.192.in-addr.arpa.

IN IN

PTR PTR

kaka.boota.org. kaka.boota.org.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Configuring the Secondary DNS Server Configuring a secondary name server is similar to the configuration process of a primary name server with the following differences: á You don’t create zone data files; these are automatically copied from the primary name server. á In /etc/named.conf file, you replace the word master with slave in the type field. á You provide the IP address of the master name server for each zone file. A typical /etc/named.conf file for the secondary name server is shown here: options { directory “/etc/named”; pid-file “/etc/named.pid”; }; zone “boota.org” in { type slave; file “named.hosts”; masters { 192.168.2.10; }; }; zone “2.168.192.in-addr.arpa” in { type slave; file “named.rev”; masters { 192.168.2.10; }; }; zone “0.0.127.in-addr.arpa” in { type master; file “named.local”; }; zone “.” in { type hint; file “named.ca”; };

Note that the address for the primary name server is 192.168.2.10, and it is used in all the zone data files except named.ca. The named.ca file should also be manually copied to the slave server during the configuration process.

323

324

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Configuring the Caching DNS Server A caching-only name server doesn’t have any data files. It is used to reduce the load on the main DNS server(s) and usually serves only local clients. You only need to copy the named.ca file that contains information about the root name server. The following named.conf file works for a caching-only name server: options { directory “/etc/named”; pid-file “/etc/named.pid”; }; zone “.” in { type hint; file “named.ca”; };

Note that there are no master or slave zones in this file. The hint zone configuration file (named.ca) contains a list of root name servers.

Converting Old DNS files Solaris 8 comes with BIND version 8, which provides additional security features. The boot configuration file used with BIND version 4 differs from the boot file used with BIND version 8. With version 4, you use the /etc/named.boot file, whereas you use the /etc/named.conf file with version 8. A typical named.boot file is shown here: directory primary primary primary cache

/etc/named boota.org named.hosts 0.0.127.IN-ADDR.ARPA named.local 2.168.192.IN-ADDR.ARPA named.rev . named.ca

Solaris provides the named-bootconf utility to convert the old file to a new one. By default, this utility reads the /etc/named.boot file and writes down the /etc/named.conf file. So before using this command, make a backup copy of the existing /etc/named.conf file, because it will be overwritten by this command. If you run this command on the named.boot file, the generated named.conf file that results is as follows: options { directory };

“/etc/named”;

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

zone “boota.org” in { type master; file “named.hosts”; }; zone “0.0.127.in-addr.arpa” in { type master; file “named.local”; }; zone “2.168.192.in-addr.arpa” in { type master; file “named.rev”; }; zone “.” in { type hint; file “named.ca”; };

Note that the reason for using a new file format with BIND version 8 is that the new format is much more flexible compared to the old one. Because Solaris 8 comes with BIND version 8, you need this command only if you are migrating the DNS server from an old machine to Solaris 8.

Include Files Separate files can be included at any point in the DNS configuration file using the include keyword. The following line includes the /var/ named/my-zone file at the current location in the configuration file: include “/var/named/my-zone”

CONFIGURING

THE

DNS CLIENT

Configuring Solaris as a DNS client is a two-step process. First you have to configure the machine to use DNS as a hostname resolution service. DNS can be configured as a primary hostname resolution service or as a fallback to another service, such as /etc/inet/hosts. This is done with the help of the /etc/nsswitch.conf file. The next step is to configure IP addresses for available DNS servers. This is done through the /etc/resolv.conf file. The client resolves the hostname using two basic library routines: gethostbyname() and gethostbyaddr(). Cumulatively, these are called the resolver library

325

326

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

and they are responsible for mapping hostnames to IP addresses and vice versa. The following sections take a closer look at the structure and configuration of these files.

Configuring /etc/resolv.conf Entries in the /etc/resolv.conf file are shown in the following: domain boota.org search boota.org nameserver 192.168.2.222 nameserver 192.168.2.200

This file contains two types of entries. The first line shows that this host is part of the domain boota.org. The second line shows which hostnames may be resolved without specifying an FQHN. This means that if you try to resolve a hostname fana, the resolver will first append the domain name to the host, making it fana.boota.org, and it will try to resolve it. The last two lines list available name servers.

Configuring /etc/nsswitch.conf Among other things, the /etc/nsswitch.conf file control mechanism is used for hostname resolution. Selection of a particular method for resolving hostnames is done using the /etc/nsswitch.conf file. A sample /etc/nsswitch.conf file is shown here: passwd: files group: files # You must also set up the /etc/resolv.conf file for DNS name # server lookup. See resolv.conf(4). hosts: dns [NOTFOUND=continue] files networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files # At present there isn’t a ‘files’ backend for netgroup; ➥ the system will # figure it out pretty quickly, and won’t use netgroups ➥at all. netgroup: files automount: files aliases: files services: files sendmailvars: files

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Lines starting with the hash symbol (#) are comment lines, as with other Solaris configuration files. Lines starting with the word hosts control which hostname resolution service will be used. Multiple services may be configured as shown in the sample file. Here, if DNS fails to resolve a hostname, we fall back to the /etc/inet/hosts file represented by keyword files on this line. Each service returns a code for hostname resolution, which is used to choose a fallback method. Table 7.7 lists these codes.

TABLE 7.7

CODES RETURNED

BY

H O S T N A M E R E S O L U T I O N S E RV I C E S

Code

Description

SUCCESS

The hostname resolution was successful.

UNAVAL

The service is not responding.

NOTFOUND

The service is available, but the hostname entry is not found.

TRYAGAIN

The service is busy at this time, but may respond if you try again.

Based on these codes, you can select one of the following two actions: This action tries the next service in the list.

á

continue

á

return This action returns back without trying the next service. If the current service failed, the hostname resolution process fails.

The following line consults the /etc/inet/hosts file only if DNS is down: hosts: dns [NOTFOUND=return] files

The [NOTFOUND=return] part in the previous line will force NOT to use the /etc/inet/hosts file if DNS is alive but was not available to resolve a hostname. In case the return code is UNAVAIL or TRYAGAIN, we fall back to this file for hostname resolution. Obviously, if you receive SUCCESS from the DNS, you have already resolved the hostname and there is no need to consult the /etc/inet/hosts file. The following line in the file shows that only DNS should be used for hostname resolution: hosts: dns

327

328

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

The following line in this file shows that only the /etc/inet/hosts file should be used for hostname resolution: hosts: files

The following line shows that you should use the /etc/inet/hosts file for hostname resolution. If the hostname is not resolved using this method, you should use DNS. This provides a fallback mechanism for hostname resolution: hosts: files [NOTFOUND=continue] dns

Using this file, you can use multiple services such that if the hostname resolution process does not succeed using one service, you can fall back to the next available service.

Testing with the nslookup Program The nslookup program is the most widely used program for DNS testing. In fact, this is the only program that comes with Solaris 8. Some other programs (such as dig) are not included in the Solaris 8 standard distribution. The basic form of resolving a hostname using this program is shown here. In this example, the hostname kaka.boota.org is resolved using nslookup: bash-2.03# nslookup kaka.boota.org Server: fana.boota.org Address: 192.168.2.222 Name: kaka.boota.org Address: 192.168.2.200 bash-2.03#

Note that the command displays the DNS server name and IP address in the first two lines of the output. Next, the hostname and IP address for the required hostname is printed.

Interactive nslookup Session You also can start the nslookup command in Interactive mode by not specifying any hostname on the command line, as shown in this section. In this case, the command displays the hostname and IP address of the default DNS server and then displays its prompt

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

329

(>) and waits for user input. This interactive session can be closed by using the exit sub command on the nslookup prompt. In the following session, two hostnames are resolved, fana and kaka, and then the session ends using the exit command: bash-2.03# nslookup Default Server: fana.boota.org Address: 192.168.2.222 > fana Server: fana.boota.org Address: 192.168.2.222 Name: fana.boota.org Address: 192.168.2.222 > kaka Server: fana.boota.org Address: 192.168.2.222 Name: kaka.boota.org Address: 192.168.2.200 > exit bash-2.03#

Note that both short names and FQHNs can be resolved by the nslookup command, as shown here. You can see that the response for kaka and kaka.boota.org is the same: bash-2.03# nslookup Default Server: fana.boota.org Address: 192.168.2.222 > kaka.boota.org Server: fana.boota.org Address: 192.168.2.222 Name: kaka.boota.org Address: 192.168.2.200 > kaka Server: fana.boota.org Address: 192.168.2.222 Name: kaka.boota.org Address: 192.168.2.200 >

NOTE

Short and Fully Qualified Hostnames The /etc/resolv.conf file must contain a search entry as shown here for this to work: search boota.org

330

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Unresolved Hostnames If a hostname cannot be resolved, a message such as the following displays: bash-2.03# nslookup Default Server: fana.boota.org Address: 192.168.2.222 > aloo Server: fana.boota.org Address: 192.168.2.222 *** fana.boota.org can’t find aloo: Server failed >

This usually happens when you are trying to resolve a hostname that does not exist.

Reverse Hostname Resolution The following session is used for reverse hostname resolution and finds a hostname corresponding to the IP address 192.168.2.200: bash-2.03# nslookup Default Server: fana.boota.org Address: 192.168.2.222 > 192.168.2.200 Server: fana.boota.org Address: 192.168.2.222 Name: kaka.boota.org Address: 192.168.2.200 >

This output shows that hostname corresponding to IP address 192.168.2.200 is kaka.boota.org.

Changing the Default Name Server While using the nslookup command in Interactive mode, you can change the default DNS server for the following queries. The following session changes the default server to fana.boota.org and then queries this server for host kaka. Note that the new server address displays in the response: bash-2.03# nslookup Default Server: baba.boota.org Address: 192.168.2.222 > server fana.boota.org Default Server: fana.boota.org Address: 192.168.2.100

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

> kaka Server: fana.boota.org Address: 192.168.2.100 Name: kaka.boota.org Address: 192.168.2.200 >

This technique is useful if you want to test hostname resolution by a non-default server and compare it with the default server.

Getting Help To find available commands that you can use with the nslookup prompt, you can use the help command as shown here. This command lists all available subcommands and a short description of each of these: bash-2.03# nslookup Default Server: fana.boota.org Address: 192.168.2.222 > help #pragma ident

“@(#)nslookup.help

1.6

96/09/12 SMI”

Commands: (identifiers are shown in uppercase, [] ➥means optional) NAME - print info about the host/domain NAME ➥using default server NAME1 NAME2 - as above, but use NAME2 as server help or ? - print info on common commands; see ➥nslookup(1) for details set OPTION - set an option all - print options, current server and host [no]debug - print debugging information [no]d2 - print exhaustive debugging information [no]defname - append domain name to each query [no]recurse - ask for recursive answer to query [no]vc - always use a virtual circuit domain=NAME - set default domain name to NAME srchlist=N1[/N2/.../N6] - set domain to N1 and search ➥list to N1,N2, etc. root=NAME - set root server to NAME retry=X - set number of retries to X timeout=X - set initial time-out interval to X seconds querytype=X - set query type, e.g., A,ANY,CNAME,HINFO, ➥MX,PX,NS,PTR,SOA,TXT,WKS port=X - set port number to send query on type=X - synonym for querytype class=X - set query class to one of IN (Internet), ➥CHAOS, HESIOD or ANY

331

332

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

server NAME - set default server to NAME, using current ➥default server lserver NAME - set default server to NAME, using initial ➥server finger [USER] - finger the optional USER at the current ➥default host root - set current default server to the root ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to FILE) -a - list canonical names and aliases -h - list HINFO (CPU type and operating system) -s - list well-known services -d - list all records -t TYPE - list records of the given type (e.g., ➥A,CNAME,MX, etc.) view FILE - sort an ‘ls’ output file and view it ➥with more exit - exit the program, ^D also exits >

Listing Records Records can be listed using the ls subcommand, which is a very useful feature. It lists all the RRs for a given domain name or subdomain name. The following command lists RRs for the boota.org domain: bash-2.03# nslookup Default Server: fana.boota.org Address: 192.168.2.222 > ls -d boota.org [fana.boota.org] @

12H IN SOA

fana root.fana ( 2001021602 ; ➥serial 3H ; ➥refresh 30M ; ➥retry 2W ; ➥expiry 12H ) ; ➥minimum

fant fana localhost www ftp kaka @

12H 12H 12H 12H 12H 12H 12H 12H 12H

fana kaka 192.168.2.222 192.168.2.222 127.0.0.1 fana fana 192.168.2.200 fana root.fana (

IN IN IN IN IN IN IN IN IN

NS NS A A A CNAME CNAME A SOA

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

2001021602 ➥serial 3H ➥refresh 30M ➥retry 2W ➥expiry 12H ) ➥minimum

; ; ; ; ;

>

Testing BIND Version You can find the current version of the in.named daemon using the nslookup command. The following series of commands display the version of BIND used on your system: bash-2.03# nslookup Default Server: fana.boota.org Address: 192.168.2.222 > set class=chaos > set type=txt > version.bind Server: fana.boota.org Address: 192.168.2.222 text = “BIND 8.1.2”

The following three subcommands are used in the preceding output of the nslookup command: set class=chaos set type=txt version.bind

SECURING

THE

DNS SERVER

Security is a big issue for hosts connected to the Internet as the number of attacks against DNS servers are increasing. At the time of writing this book, about every 15 minutes on average, someone checks each host connected to the Internet for security holes. You can verify this by putting an intrusion detection system on your network. It is not hard to imagine how important it is to secure each and every host.

NOTE

VERSION.BIND >

For more information on these commands, see the nslookup user’s manual.

333

334

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Simple DNS attacks include listing all hosts present on your network and downloading the complete DNS database. A host acting as a secondary DNS can get the complete database of a primary DNS server. In the case of large databases of hosts, repeated operations can also consume your bandwidth. The following sections discuss some of the measures that you can take to safeguard your DNS server.

Avoid Unnecessary Resource Records As a first security measure, you should not use TXT, HINFO, and WKS RRs on your DNS unless it is necessary to do so. These are optional DNS RRs, and you can easily live without them.

NOTE

Restricting Client Access If you don’t add allow-query to the /etc/named.conf file, anyone is allowed to query your name server.

You can restrict DNS client access by adding allow-query to the options section of the /etc/named.conf file. The following options section allows clients in the 192.168.2.0/24 network to query the DNS server. Clients from other networks will be refused: options { directory “/etc/named”; pid-file “/etc/named.pid”; allow-query {192.168.2.0/24;}; };

The following options section in the /etc/named.conf file denies queries from the network 192.168.2.0/24 but allows all other clients. Note that the exclamation mark (!) reverses the host selection criteria: options { directory “/etc/named”; pid-file “/etc/named.pid”; allow-query {!192.168.2.0/24;}; };

Restricting Zone Transfer Access To restrict a zone transfer, you have to add an allow-transfer line in the options listed in the /etc/named.conf file. You can restrict zone transfer on a per-zone basis also. The following block in the /etc/named.conf file restricts transfer of zone data files to the secondary name server 192.168.2.200 only:

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

zone “boota.org” in { type master; file “named.hosts”; allow-transfer {192.168.2.200;}; };

DNS TROUBLESHOOTING There may be a number of problems with the DNS client or DNS server or both. Some of the common problems and their solutions are discussed in the following sections. First, however, you should know the ways to verify that both server and client are working.

Testing DNS with nslookup You have already seen in this chapter how to use the nslookup utility, which is the most widely used tool to troubleshoot DNS problems. If this command fails, either the DNS server or client or both are not configured properly. When the nslookup test fails, you should start testing other things. First, test the DNS client configuration. Follow this general procedure: 1. Verify that the /etc/resolve.conf file is configured properly. 2. Verify that the /etc/nsswitch.conf file is configured properly. If both of these files are configured correctly, start testing the DNS server. A possible procedure is as follows: 1. Use the nslookup command with a DNS server that is known to work. This will ensure that there is no problem with the command itself or the DNS client configuration. 2. Check the /etc/named.conf file for any errors. 3. Check zone data files for any errors. If you can resolve hostnames in your own domain but not on the Internet, there may be a problem with the named.ca file or your Internet connection.

335

336

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Testing with the netstat Command The netstat command will show you whether the DNS port is open and whether in.named is listening to it. In case of any trouble with the DNS server, this may be a useful troubleshooting tip. You should find something similar to the following on your name server if the DNS port (port 53) is open. If it is not, the command should return back to the prompt without showing anything: bash-2.03# netstat -a | grep domain localhost.domain fana.domain fana-nt.domain fana.32850 fana.domain 32768 0 TIME_WAIT localhost.domain *.* 24576 0 LISTEN fana.domain *.* 24576 0 LISTEN fana-nt.domain *.* 24576 0 LISTEN Active UNIX domain sockets bash-2.03#

Idle Idle Idle 32768

0

0

0

0

0

0

0

Testing with Telnet A simple Telnet session reveals whether in.named is accepting incoming connections. You have to Telnet to port 53 on the name server. If in.named is accepting the connection, Telnet will succeed and you will see something like the following on your terminal screen: bash-2.03# telnet fana.boota.org 53 Trying 192.168.2.222... Connected to fana.boota.org. Escape character is ‘^]’.

If you see the preceding output, it means that the DNS server is listening on the DNS TCP port used for incoming zone transfer requests. Now, you can close the Telnet session by pressing Ctrl+] and typing in the close command, as follows. ^] telnet> close Connection closed. bash-2.03#

If in.named is not accepting incoming connections, Telnet will fail with a message similar to the following:

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

bash-2.03# telnet fana.boota.org 53 Trying 192.168.2.222... telnet: Unable to connect to remote host: Connection refused bash-2.03#

If you cannot connect to this port, the named process might not be running. Use the ps command to verify that the named process is not running and start it.

DNS Client Configuration Problems Two major files are configured for the DNS client. These are the /etc/resolv.conf file and the /etc/nsswitch.conf file. Common problems with these files are discussed in the following sections.

Problems With the /etc/nsswitch.conf File Any error or misconfiguration in the /etc/nsswitch.conf file causes DNS client problems. The most common is using only the files keyword in the hosts entry, as shown here: hosts: files

In this case, the client never contacts the DNS server because /etc/inet/hosts is the only hostname resolution method allowed. Sometimes you get a different IP addresses from the one you are expecting. This is because of the wrong order of hostname resolution services configured in the hosts entry in /etc/nsswitch.conf file. For example, consider the following hosts entry in /etc/nsswitch.conf file: hosts: files dns

If you are trying to resolve a hostname fana, which also has an entry in the /etc/inet/hosts file with a different IP address, you will not get it from DNS. You will get the IP address present in the /etc/inet/hosts file. This can be corrected by reversing the order of files and dns words in the /etc/nsswitch.conf file.

Problems with the /etc/resolv.conf File If you can resolve FQHNs, but cannot resolve short hostnames, you probably forgot to add a search entry in the /etc/resolv.conf file. When you add a search entry in this file, this domain name is automatically added to the short name to form an hostname FQHN. Note that multiple search entries in this file may exist.

337

338

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

Sometimes you enter a wrong IP address for the name server entry in the /etc/resolv.conf file. If the nslookup command fails, a message like the following appears: *** Can’t find server name for address x.x.x.x *** Default servers are not available.

This means that the IP address specified for the domain name server in /etc/resolv.conf is not correct or the DNS server is down. The x.x.x.x is the IP address configured in the /etc/resolv.conf file.

DNS Server Configuration Problems Most of the DNS server configuration problems are related to the /etc/named.conf file or zone data files. In most cases, a semicolon, a period, or a bracket is missing in the configuration or zone data files. Some of the common problems are discussed in the following sections.

Updated Zone File Doesn’t Get Propagated to the Secondary Server When the zone file doesn’t get propagated to the secondary server, it’s because you updated the zone data files but didn’t increment the version number in the SOA RR. The slave server checks the version number, and if it sees no increment in the version number, it thinks that the data has not been updated yet. Just modify the version number in zone data files and the problem will be solved.

Problems with rsh, rlogin, and Similar Commands These commands need reverse hostname resolution. If you have not added all hostname entries in named.rev file, the reverse hostname resolution fails and these commands require a password to be entered. Just add entries for all hosts in named.rev file to solve this problem. Also check whether you see a message in SYSLOG or on the console when you restart DNS server. Some DNS configuration errors are also reported on the console when you send a HUP signal to in.named process.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

339

C A S E S T U DY : S P L I T D E V E L O P M E N T S Y S T E M S ESSENCE OF THE CASE

SCENARIO

The following are the essentials of the case:

Split Development Systems is a software development company. The main office is in San Jose, California, and a branch office is located in Columbus, Ohio. The company wants to give Internet access to its employees in both of the offices as well manage its own domain name. The company also wants to run its own DNS server in San Jose because people who have expertise in DNS management are located in San Jose. However, the company also wants to have a DNS server in Columbus to serve local clients in that office.

. There are two offices that are a long distance from each other. . Clients in both offices need a local DNS server. . DNS administration people are available in one office only.

A N A LY S I S Because management people are available in the San Jose office, it is wise to install a primary and a secondary name server in the same office in San Jose. These servers will be available on the Internet and will serve the company’s domain name. To provide a local server to the office in Columbus, for example, the company should provide a caching-only DNS server to Columbus. The caching-only server will need the least maintenance because there are no zone data files. This server may not need a DNS expert in Columbus, as simple system management is sufficient for it.

340

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

CHAPTER SUMMARY KEY TERMS • Hostname resolution • domain name • zone • resource records • primary name server • secondary name server • caching server • zone data files • zone transfer • fully qualified hostname (FQHN) • fully qualified domain name (FQDN)

This chapter provided information on the hostname resolution process and an introduction to the domain name system. Hostname resolution is the mapping of an IP address to a hostname or vice versa. Traditionally many hostname resolution methods are used on UNIX systems. These methods include the following:

á The /etc/inet/hosts file á NIS á NIS+ á DNS This chapter discussed the /etc/inet/hosts file and DNS. The /etc/inet/hosts file is a simple text-based file that contains mapping of hostnames to IP addresses, and this is the first method used for hostname resolution on the Internet. Domain Name System (DNS) is a hierarchical and distributed way of resolving hostnames. DNS data is distributed all over the Internet and is accessed using the DNS server. Each host on the Internet is part of a domain. A domain name is a set of words separated by dot characters. A fully qualified hostname (FQHN) represents a host on the Internet and is a combination of the short hostname and the domain name in which that host is present. There are three major types of domain name servers:

á The primary domain name server is the authority server for a domain or zone. It keeps record of all hosts present in that domain or zone. á The secondary name server is used to back up the primary domain name server. It gets its copy of data files from the primary name server and keeps it updated by synchronizing it with the primary name server from time to time. á The caching name server does not have its own data files and is used to resolve hostnames only. The main purpose is to offload hostname resolution from primary name server.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

CHAPTER SUMMARY When you configure a name server, the task is to configure the name server boot configuration file /etc/named.conf and create multiple data files. These data files contain information in the form or resource records (RRs). Many types of RRs are discussed in this chapter. Different types of information is used in /etc/named.conf file to configure a server as primary, secondary, or caching name server. Configuring a DNS client is a two-step process in which you configure the /etc/resolv.conf file and the /etc/nsswitch.conf file. The /etc/resolv.conf file contains information about DNS servers and domain names. Multiple DNS server addresses may be present in this file and order of these servers determines the order in which these will be consulted to resolve a hostname. The /etc/nsswitch.conf file is used to configure the order in which different hostname resolution methods will be used to resolve a hostname. The DNS client may be tested using nslookup command, which is the most widely used command for hostname resolution-related tasks. It also can be used to troubleshoot different problems with the DNS server and client. In addition to that, netstat and telnet commands can also be used for troubleshooting purposes.

341

342

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

A P P LY Y O U R K N O W L E D G E

Exercises 7.1

5. Configure the DNS client and test this name server.

Configure and Test a DNS Client 7.3

The following steps show you how to configure a DNS client and test it. Estimated Time: 5 minutes 1. Edit the /etc/resolv.con file and add one line for each DNS server. If the DNS server address is 192.168.2.10, the result should look like this: nameserver 192.168.2.10

2. Edit the /etc/nsswitch.conf file and create the following line: hosts: dns

3. Use the nslookup command to verify that the client works. 7.2

Configure a DNS Server

The following steps will show you how to configure a DNS server. This exercise assumes that the domain name you are using is not registered on the Internet. Estimated Time: 25 minutes 1. Select a name of your choice for your domain. 2. Using the example in this chapter, create a /etc/named.conf file. 3. Using examples in this chapter, create the zone data files. 4. Start the DNS server process by typing the in.named command.

Restrict Access to a DNS Server

This exercise restricts access to the newly configured DNS server from Exercise 7.2. Estimated Time: 5 minutes 1. Use the allow-query option in the /etc/named.conf file and restrict access for your DNS client. 2. Make sure that you are not able to resolve hostnames using the nslookup command. 3. Try to resolve the hostname from another DNS client. You should be able to resolve hostnames from clients that are not restricted to use of the DNS server. 7.4

Configure a Secondary Name Server

This exercise will show you the steps needed to configure a secondary name server. Estimated Time: 20 minutes 1. Configure a primary name server as outlined in Exercise 7.2. 2. Using the example of the /etc/named.conf file presented in this chapter, configure a secondary name server. 3. Start the secondary name server by typing in the in.named command at the command prompt. 4. Use the nslookup command to verify that this server is able to resolve hostnames.

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

343

A P P LY Y O U R K N O W L E D G E

Review Questions 1. What is the difference between a zone and a domain?

4. Which of the following files are used for DNS client configuration? Choose all that apply. A. /etc/inet/hosts

2. Which methods are used for hostname resolution?

B. /etc/resolv.conf

3. What are the different types of domain name servers?

C. /etc/nsswitch.conf

4. What is zone transfer?

Exam Questions 1. Which of the following is not a type of domain name server? A. Primary domain name server B. Secondary domain name server C. Backup domain name server D. Caching domain name server 2. Which file determines whether a DNS server is primary, secondary, or caching? A. The /etc/named.conf file B. The named.rev file C. The named.hosts file D. The named.ca file 3. Which UDP port number is used for DNS queries? A. 35 B. 53 C. 21 D. 123

D. /etc/named.hosts 5. Which of the following is not a valid type of resource record? A. NS B. PTR C. NAME D. CNAME 6. Which of the following is not a valid entry in the /etc/inet/hosts file? Choose all that apply. A. 192.168.2.222 B. 192.168.2.11 C. laptop D. laptop

fana

loghost

laptop 192.168.2.11

laptop-nt

192.168.2.11

7. Which information is not included in the SOA resource record? A. Serial number B. Refresh time C. Retry time D. Access control

344

Chapter 7

CONFIGURING AND MANAGING DOMAIN NAME SERVER

A P P LY Y O U R K N O W L E D G E

Answers to Review Questions 1. A zone is the administrative boundary within a domain. A domain can consist of only one zone or multiple zones. A zone may contain one or more subdomains. Multiple zones within a domain are usually used to delegate administration responsibilities. 2. The following methods are used for hostname resolution: • The /ets/hosts file • NIS • NIS+ • DNS

Suggested Readings and Resources 1. Books • DNS and BIND, 4th. Edition. Paul Albitz, Cricket Liu • The named man pages 2. URLs • Internet Consortium web site (www.isc.org/products/bind/)

3. There are three basic types of DNS servers: • Primary domain name server • Secondary domain name server • Caching or hint domain name server • The root name server also is considered a type of DNS server. 4. A zone transfer is the process of transferring zone data files from a primary name server to a secondary name server. TCP port 53 is used for this process.

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam: Describe the NTP features. Identify NTP configuration files. State the purpose of NTP files. Describe how to configure NTP.

. The Network Time Protocol or NTP is used to synchronize system time of a host with a standard time source. By doing so, system time on all the hosts on a network can be kept the same. NTP is a clientserver application. It can be configured on Solaris systems with the help of configuration files. You are required to identify these configuration files and how to edit these to make NTP work on Solaris. You should know how to configure both the NTP client and the NTP server.

C H A P T E R

8

Network Time Protocol

S T U DY S T R AT E G I E S

OUTLINE Introduction

xx

Keep the following strategies in mind when studying for the test:

Introduction to NTP

xx

. Before you configure NTP, make sure that you understand NTP terminology and concepts. Selection of a time source is important.

NTP Client

xx

NTP Server

xx

Stratum Level

xx

NTP Peer Servers

xx

Time Source Symmetric Active/Passive Mode Client/Server Mode Broadcast/Multicast Mode

xx xx xx xx

. Be able to identify the configuration file and its syntax. . Understand the configuration files /etc/inet/ ntp.server and /etc/inet/ntp.client. This will give you an idea of how the NTP client and server are configured. . Be able to configure the NTP client and test it.

Time Sources and Configuring the NTP Server

xx

Configuring the NTP Server to Use Another Server on the Internet

xx

Configuring a Server to Use the Broadcast Time Signal

xx

Configuring the Peer NTP Server

xx

Configuring the NTP Client

xx

Configuring NTP as a Broadcast Client Configuring the Multicast Client Configuring the Polling Client

xx xx xx

Using the

xx

ntpdate

Utility

Troubleshooting NTP Using the

xntpdc

Using the

ntpq

Using the

snoop

Command

Command Command

xx xx xx xx

Chapter Summary

xx

Apply Your Knowledge

xx

. Be able to configure the NTP server and test it with another NTP client on the local network.

Chapter 8

INTRODUCTION The Network Time Protocol (NTP) is a useful addition to Solaris 8. It is used to synchronize the system clock time on different hosts on a network. Real-time clocks usually have small drifts that result in different system time settings on different hosts. In a multiserver environment, where time-critical transactions take place, it is important that all machines have exactly the same clock setting. This is where the NTP comes into play. Using NTP, you can synchronize time on hosts with a reference time source. This time source can be an NTP server on a local network, a standard time server on the Internet, a global positioning satellite (GPS), a broadcast signal, or some other method of synchronizing time. The NTP protocol is implemented using the xntpd daemon on Solaris, which is compatible with NTP protocol versions 1, 2, and 3. These NTP versions are defined in RFCs 1059, 1119, and 1305, respectively. The daemon is started at boot time in run level 2 and reads its configuration from the configuration file, /etc/inet/ ntp.conf. Using this file, you can configure a host as an NTP server or as an NTP client. This chapter starts with an introduction to NTP, and some basic terminology related to NTP is presented. An overview of reference time sources used in Solaris also is given. Different ways to configure the NTP server and the NTP client are presented. The NTP server can be configured as a broadcast/ multicast server, a peer server, or as a server listening to incoming client requests. Also, you are shown how to configure the NTP as a broadcast client, multicast client, or as a polling client. The ntpdate utility is used to synchronize the time of a host with one or more NTP servers. Finally, the chapter ends with some troubleshooting tips.

INTRODUCTION

TO

NTP

The Network Time Protocol is the standard Internet protocol that exchanges time information among hosts connected on a network. NTP uses standard port 123 to exchange messages over IP networks. The following sections define terminology used with NTP.

NETWORK TIME PROTOCOL

347

348

Chapter 8

NETWORK TIME PROTOCOL

NTP Client The NTP client is a machine that synchronizes its time with a reference time source. Depending on configuration, a client can listen to broadcast time messages from the NTP server, or it can poll a particular server on a regular basis.

NTP Server The NTP server provides time synchronization information to other servers and clients. Depending on configuration, it might or might not get its own time synchronization information from other NTP servers.

Stratum Level The stratum level is a number from 0 to 15, and it shows the reliability of a time source. The value 0 is the most reliable, and 15 is the least reliable. Each server has a stratum level. Servers that have lower stratum levels or more reliability have more accurate time. The stratum level of a server is a configurable parameter. Stratum level 0 servers are directly connected to the standard time source.

NTP Peer Servers Peer servers exchange time information among themselves. Usually these servers are on the same stratum level.

Time Source A time source provides reference time to NTP servers. Different time sources can be used with Solaris systems. A configured time source is specified in the ntp.conf file and is used by the NTP server to synchronize its own time. There are multiple modes of operation for NTP on Solaris. The three most common modes of operation are symmetric active/ passive, client/server, and broadcast/multicast. These are discussed in the following sections.

Chapter 8

Symmetric Active/Passive Mode In this mode of operation, multiple servers act as peers and exchange time information. This mode is useful in a multiple-server environment. One of the servers may be configured as a preferred server. A preferred server is the one that is more reliable or reachable from the network standpoint.

Client/Server Mode In this mode, clients are configured to contact an NTP server for time synchronization. The server may synchronize its time from another server or get time information from a reference time source.

Broadcast/Multicast Mode In this mode, the NTP server sends broadcast or multicast messages, and clients listen to these messages to synchronize their time. This method is very useful when you have a multiple number of clients and don’t want to make a configuration on a per-client basis. A standard configuration on all clients works fine, and they configure themselves automatically.

TIME SOURCES AND CONFIGURING THE NTP SERVER An NTP implementation on Solaris 8 can use many reference time sources. These reference time sources include, but are not limited to, the following: á A reference time server on a local network or on the Internet á A global positioning satellite system receiver card installed inside the host á A broadcast signal from NIST (National Institute of Standards and Technology) or some other broadcast service A server can use its own clock as a reference time source. On startup, the NTP daemon xntpd reads its configuration file, /etc/ inet/ntp.conf. Lines starting with the hash symbol (#) in this file are treated as a comment line. Blank lines are ignored. The basic

NETWORK TIME PROTOCOL

349

350

Chapter 8

NETWORK TIME PROTOCOL

one-line configuration file that can be used to start the NTP server is shown here: broadcast 192.168.2.255

After creating the /etc/inet/ntp.conf file with this line, you can start the NTP server with the following command: /etc/init.d/xntpd start

A running server is stopped using the following command: /etc/init.d/xntpd stop

If the configuration file is present, the server will start automatically at the boot time. Solaris comes with a sample server configuration file, /etc/inet/ntp.server, which you can use as an example to configure your NTP server.

NOTE

Configuring the NTP Server to Use Another Server on the Internet You can use either the IP address or hostname (if DNS is configured) for the NTP server. The following line is perfectly legal in this file: server abc.boota.org

If a reference time server on a local network or on the Internet is used for synchronization, its IP address or hostname is specified in the /etc/inet/ntp.conf file. The configuration file then looks like this: server 192.168.10.10 broadcast 192.168.2.255

The preceding two lines of code configure the server to take time from server 192.168.10.10 and broadcast it to the local network 192.168.2.255.

Configuring a Server to Use the Broadcast Time Signal If a broadcast source or GPS source is used, usually an interface card is installed inside your host, and its driver acts as a serial port. Then, a special IP address is used for that card in the configuration file. This special address is of the form 127.127.t.u; where t is an integer that indicates the clock type, and u is an integer that indicates the unit number. The following entry for the server

Chapter 8

in the configuration file shows that we used a Spectracom WWVB receiver in our system and it is installed as unit 0: server 127.127.4.0 fudge 127.127.4.0 stratum 4

Table 8.1 lists available clock types.

TABLE 8.1

CLOCK TYPES Type

Device

RefID

Description

1

local

LCL

Undisciplined local clock

2

trak

GPS

TRAK 8820 GPS receiver

3

pst

WWV

PSTI/Traconex WWV/WWVH receiver

4

wwvb

WWVB

Spectracom WWVB receiver

5

true

TRUE

TrueTime GPS/GOES receivers

6

irig

IRIG

IRIG audio decoder

7

chu

CHU

Scratchbuilt CHU receiver

8

parse

—

Generic reference clock driver

9

mx4200

GPS

Magnavox MX4200 GPS receiver

10

as2201

GPS

Austron 2201A GPS receiver

11

arbiter

GPS

Arbiter 1088A/B GPS receiver

12

tpro

IRIG

KSI/Odetics TPRO/S IRIG interface

13

leitch

ATOM

Leitch CSD 5300 master clock controller

15

*

*

TrueTime GPS/TM-TMD receiver

17

datum

DATM

Datum Precision Time System

18

acts

ACTS

NIST Automated Computer Time Service

19

heath

WWV

Heath WWV/WWVH receiver

20

nmea

GPS

Generic NMEA GPS receiver

22

atom

PPS

PPS clock discipline

23

ptb

TPTB

PTB automated computer time service

24

usno

USNO

USNO modem time service

25

*

*

TrueTime generic receivers

26

hpgps

GPS

Hewlett-Packard 58503A GPS receiver

27

arc

MSFa

Arcron MSF receiver

NETWORK TIME PROTOCOL

351

352

Chapter 8

NETWORK TIME PROTOCOL

Configuring the Peer NTP Server To configure a server as a peer NTP server, add the following line to the ntp.conf file: peer 192.168.20.10

Multiple peer servers can be configured. If you want to give preference to one of these peer servers, you have to add the prefer keyword to the end of the line. The NTP server xntpd is started in run level 2 by script S74xntpd. This is the same script as the /etc/init.d/xntpd script.

CONFIGURING

THE

NTP CLIENT

The NTP client can be configured in two basic ways: either as a broadcast client or as a polling client. A broadcast client listens to messages sent by the NTP server. A polling client polls a server periodically, depending on the accuracy of the local clock. The following file represents a sample client script: /etc/inet/ntp.client

This file can be copied as the /etc/inet/ntp.conf file to configure the host as a client.

Configuring NTP as a Broadcast Client To configure an NTP client as a broadcast client, use the following line in the configuration file: broadcastclient

This broadcast method is used to discover NTP server(s) present on the network.

Configuring the Multicast Client A multicast client acts the same way as the broadcast client. However, you have to enter the multicast address in the configuration file. The standard multicast address used with NTP is 124.0.1.1. The following line configures a client as a multicast client: multicast 124.0.1.1

Chapter 8

Configuring the Polling Client The server line in the configuration file configures a Solaris host as a polling client. A drift file entry is used to keep information about the difference between local time and the reference time provided by the server. This information is used to determine how frequent polling should occur to maintain the time. The xntpd daemon updates the drift file periodically, and the file should have write permissions for the daemon. Usual entries in the configuration file are as follows: server 192.168.10.10 driftfile /var/ntp/ntp.drift

To get a complete list of configurable parameters, go to the user’s manual of xntpd.

Using the ntpdate Utility The ntpdate utility is used to synchronize the local time with one or more NTP servers. The following command synchronizes time with server 192.168.10.10: ntpdate 192.168.10.10

Multiple server addresses can be used on the command line, and this increases reliability of the new time. The command is especially useful to run through a cron script to update time periodically or at the boot time.

TROUBLESHOOTING NTP There may be a number of problems with the NTP server and the client setup. A good knowledge of networking and use of proper tools can make the troubleshooting task quite easy. The following sections discuss some of the troubleshooting commands you can use to ensure that the NTP server and client setups are working properly. If a client cannot update its time, you must first use the ping command to make sure that the server is reachable from the client. If this is true, you can use the netstat command to make

NETWORK TIME PROTOCOL

353

354

Chapter 8

NETWORK TIME PROTOCOL

sure that the server process is running on the NTP server host. You can do this with the following command: bash-2.03# netstat -a | grep ntp *.ntp Idle localhost.ntp Idle fana.ntp Idle fana-nt.ntp Idle bash-2.03#

Output of the command on your system may be different, but it should show that the NTP port is open on the host. The first line of the preceding output of the command shows that this is the case.

Using the xntpdc Command You also can use ntpq or xntpdc utilities to run certain commands on the NTP server. These utilities show a prompt where you can enter different commands. The following xntpdc session uses four commands—help, version, sysinfo and quit: bash-2.03# xntpdc xntpdc> help Commands available: addpeer addrefclock addserver addtrap authinfo broadcast clkbug clockstat clrtrap controlkey ctlstats debug delay delrestrict disable dmpeers enable exit fudge help host hostnames iostats kerninfo keyid keytype leapinfo listpeers loopinfo memstats monlist passwd peers preset pstats quit readkeys requestkey reset reslist restrict showpeer sysinfo sysstats timeout timerstats traps trustedkey unconfig unrestrict untrustedkey version xntpdc> version xntpdc 3-5.93e Mon Sep 20 15:47:24 PDT 1999 (1) xntpdc> sysinfo system peer: 0.0.0.0 system peer mode: unspec leap indicator: 11 stratum: 16 precision: -17 root distance: 0.00000 s root dispersion: 0.00000 s reference ID: [0.0.0.0] reference time: 00000000.00000000 Wed, Feb 6 2036 ➥22:28:16.000 system flags: monitor pll stats kernel_sync frequency: 0.000 ppm stability: 0.000 ppm broadcastdelay: 0.003906 s authdelay: 0.000122 s xntpdc> quit bash-2.03#

Chapter 8

The help command lists all subcommands available under xntpdc. The version subcommand shows the version number of the xntpdc command. The sysinfo subcommand shows information about current xntpd settings. The quit subcommand ends the xntpdc session.

Using the ntpq Command The following ntpq session uses two commands—help and ntpversion—to show that NTP version 3 is implemented: bash-2.03# ntpq ntpq> help Commands available: addvars associations authenticate cl clearvars clocklist clockvar cooked cv debug delay exit help host hostnames keyid keytype lassociations lopeers lpassociations lpeers mreadlist mreadvar mrl mrv ntpversion opeers passociations passwd peers poll pstatus quit raw readlist readvar rl rmvars rv showvars timeout version writelist writevar ntpq> ntpversion NTP version being claimed is 3 ntpq>

Using the snoop Command In addition to these commands, you can use the snoop command to display NTP packets. The following output of the snoop command shows that the NTP client 192.168.2.10 is sending NTP requests, but the NTP server is not running. This is evident from the fact that there is an ICMP Port Unreachable message being sent back by the NTP server: 192.168.2.10 -> fana NTP client (Sat Apr 7 11:14:02 2001) ➥fana -> 192.168.2.10 ICMP Destination unreachable ➥(UDP port 123 unreachable) 192.168.2.10 -> fana NTP client (Sat Apr 7 11:14:34 2001) ➥fana -> 192.168.2.10 ICMP Destination unreachable ➥(UDP port 123 unreachable)

The following lines show that the NTP server is servicing NTP requests: 192.168.2.10 -> fana NTP client (Sat Apr 7 11:13:14 2001) ➥fana -> 192.168.2.10 NTP server (Sat Apr 7 11:13:14 2001) 192.168.2.10 -> fana NTP client (Sat Apr 7 11:13:30 2001) ➥fana -> 192.168.2.10 NTP server (Sat Apr 7 11:13:30 2001)

NETWORK TIME PROTOCOL

355

356

Chapter 8

NETWORK TIME PROTOCOL

If you run the snoop command with the –v command-line option, you can see in detail what information is included in the NTP request and reply packets. This information is useful for debugging purposes. The following output of the snoop command is for an incoming NTP request by a client: ETHER: ----- Ether Header ----ETHER: ETHER: Packet 9 arrived at 11:16:58.48 ETHER: Packet size = 90 bytes ETHER: Destination = 8:0:20:9e:f0:50, Sun ETHER: Source = 0:10:7a:b6:3:ce, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 76 bytes IP: Identification = 28162 IP: Flags = 0x0 IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 128 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 4666 IP: Source address = 192.168.2.10, 192.168.2.10 IP: Destination address = 192.168.2.222, fana IP: No options IP: UDP: ----- UDP Header ----UDP: UDP: Source port = 1277 UDP: Destination port = 123 (NTP) UDP: Length = 56 UDP: Checksum = 7194 UDP: NTP: ----- Network Time Protocol ----NTP: NTP: Leap = 0x0 (OK) NTP: Version = 3 NTP: Mode = 3 (client) NTP: Stratum = 0 (unspecified) NTP: Poll = 0 NTP: Precision = 0 seconds NTP: Synchronizing distance = 0x0000.0000 (0.000000) NTP: Synchronizing dispersion = 0x0000.0000 (0.000000) NTP: Reference clock = NTP: Reference time = 0x00000000.00000000 (Wed Feb 6 ➥22:28:16 2036)

Chapter 8

NTP: NTP: NTP:

Originate time = 0x00000000.00000000 (Wed Feb ➥22:28:16 2036) Receive time = 0x00000000.00000000 (Wed Feb ➥22:28:16 2036) Transmit time = 0xbe79d81a.70a3e000 (Sat Apr ➥11:16:58 2001)

6 6 7

The last part of the output in which each line starts with NTP shows the NTP part of the data packet. Here, you can see the version number of NTP being used, the packet mode (client or server), the stratum level, and other information. Following is the reply packet sent by the NTP server to the client in response to the preceding packet. This packet shows that a lot of information was sent by the server to the client. You can easily find out that the UDP protocol is being used and NTP version 3 is employed in this session: ETHER: ----- Ether Header ----ETHER: ETHER: Packet 10 arrived at 11:16:58.48 ETHER: Packet size = 90 bytes ETHER: Destination = 0:10:7a:b6:3:ce, ETHER: Source = 8:0:20:9e:f0:50, Sun ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 76 bytes IP: Identification = 61530 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 255 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 050d IP: Source address = 192.168.2.222, fana IP: Destination address = 192.168.2.10, 192.168.2.10 IP: No options IP: UDP: ----- UDP Header ----UDP: UDP: Source port = 123 UDP: Destination port = 1277 UDP: Length = 56 UDP: Checksum = 05FB UDP: NTP: ----- Network Time Protocol ----NTP:

NETWORK TIME PROTOCOL

357

358

Chapter 8

NETWORK TIME PROTOCOL

NTP: NTP: NTP: NTP: NTP: NTP: NTP: NTP: NTP: NTP: NTP: NTP: NTP:

Leap = 0x3 (alarm condition (clock unsynchronized)) Version = 3 Mode = 4 (server) Stratum = 0 (unspecified) Poll = 4 Precision = 239 seconds Synchronizing distance = 0x0000.0000 (0.000000) Synchronizing dispersion = 0x0001.0018 (1.000366) Reference clock = Reference time = 0x00000000.00000000 (Wed Feb 6 ➥22:28:16 2036) Originate time = 0xbe79d81a.70a3e000 (Sat Apr 7 ➥11:16:58 2001) Receive time = 0xbe79d81a.7c2a0000 (Sat Apr 7 ➥11:16:58 2001) Transmit time = 0xbe79d81a.7c3c8000 (Sat Apr 7 ➥11:16:58 2001)

C A S E S T U DY : C O M PA N Y XYZ ESSENCE OF THE CASE

SCENARIO

Here are the essentials of the case:

Company XYZ has a local area network of about 20 Solaris servers and workstations. This network is connected to the Internet. There is a need for a low-cost solution for system time synchronization. The company has a workstation that is not utilized much and can be made available for the NTP server. The project must be completed quickly and in the shortest period of time.

. In evaluating the number of hosts in the network, it is obvious that this is not a big network. This means that a highpower NTP server is not required. . The solution required has to be low-cost. . The solution must be quick and easy to implement.

A N A LY S I S Because the budget is tight and the LAN is already connected to the Internet, you can use an NTP server on the Internet as the standard time source for time synchronization. This also is the quickest way to do the job. There are two possibilities: • Configure all hosts to be clients to an NTP server on the Internet. • Configure a local NTP server that takes its time information from a server on the Internet. Make all other hosts clients of this NTP server.

Chapter 8

NETWORK TIME PROTOCOL

359

C A S E S T U DY : C O M PA N Y XYZ The first choice increases Internet traffic. Time on different servers and workstations on the local network may be out of sync if the Internet connection is lost. In the second case, only the local NTP server will need access to the Internet. If the Internet connection is lost, time on all the other hosts will still be the same because they are accessing the local NTP server. Therefore, the preferable choice is the second method.

This is a small network of servers and workstations, so only one NTP server is needed. A workstation will not need much power to serve 20 hosts for time synchronization. Therefore, you can use the workstation that is the least utilized as the configured NTP server. You configure all other hosts as clients of this NTP server.

CHAPTER SUMMARY The chapter described the Network Time Protocol (NTP), which is used to synchronize the time of Solaris hosts with a reference time source. NTP can be used in client/server mode or as a broadcast service. The xntpd is the main NTP daemon used by the server and client systems. It uses a configuration file, /etc/inet/ntp.conf, that determines whether a system acts as a client or as a server. There are multiple ways to configure both the client and server systems. NTP can use different time sources, including global positioning system satellites, reference time broadcast signals, and standard time servers on the Internet.

KEY TERMS • Network Time Protocol • Reference time source • Stratum level • Time server

360

Chapter 8

NETWORK TIME PROTOCOL

A P P LY Y O U R K N O W L E D G E

Exercises

Exam Questions

8.1

The answers to the exam questions can be found in Appendix E, “Answers to the Sample Exam Questions.”

Using the snoop Command

This exercise demonstrates how to use the snoop command to check NTP data packets. Estimated Time: 30 minutes 1. Configure NTP as a broadcast time server. 2. Configure an NTP client on another Solaris system and find out whether communication between these two is taking place. 3. Use the snoop command to display NTP packets traveling on the local network. 4. Now, configure a Solaris host to poll an NTP client. 5. Stop the NTP server and again use the snoop command to make sure that ICMP port’s unreachable packets are being sent by the NTP server when the NTP client polls the server.

Review Questions 1. Why is NTP used? 2. What are the different ways to configure an NTP server? 3. What are two different types of NTP clients?

1. Which port number is used for NTP? A. 23 B. 37 C. 123 D. 137 2. How can you set a preference for a peer NTP server? A. By adding the prefer keyword at the end of the line in the ntp.conf configuration file B. By adding the prefer keyword at the beginning of the line in the ntp.conf configuration file C. By adding the prefer keyword at the command line while starting xntpd D. By adding the prefer keyword at the end of the line in the xntpd.conf configuration file 3. What is the default multicast address for NTP? A. 124.0.0.1 B. 124.0.1.1 C. 124.1.1.0 D. 124.1.0.1 4. What is the xntpd daemon configuration filename? A. /etc/xntpd.conf B. /etc/inet/xntpd.conf C. /etc/inet/ntp.conf D. /var/ntp/ntp.conf

Chapter 8

NETWORK TIME PROTOCOL

361

A P P LY Y O U R K N O W L E D G E 5. Which NTP versions are supported in Solaris 8? Choose all that apply. A. Version 1 B. Version 2 C. Version 3 D. Version 4

Answers to Review Questions 1. NTP is used to synchronize system time on a host with a standard time source. This is very useful when you want to ensure that the system clocks of all hosts on a network have the same time.

Suggested Readings and Resources The NTP web site www.ntp.org User’s Manual of xntpd daemon

2. An NTP server can be configured in many ways, including these three methods: A. As a peer NTP server. B. As an NTP server that uses another server on the Internet as the standard time source. C. As an NTP server that uses a broadcast signal as a time source. In this case, you need to add a card in the server that interfaces to the broadcast signal. 3. There are two types of NTP client: polling and broadcast.

OBJECTIVES This chapter covers the following Sun-specified objectives for the 310-043 exam: Describe IPv6. Configure an IPv6 network interface.

. IP version 6 is the newest version of the IP protocol and will replace the existing IP version 4. This new version expands the length of an IP address from 32 bits to 128 bits. You need to understand the structure of IP version 6 addresses and other major changes to the protocol. You also must be able to configure a network interface using IPv6 addresses.

C H A P T E R

9

Introduction to IPv6

OUTLINE

S T U DY S T R AT E G I E S

Introduction

xx

What’s New in the IPv6 Protocol

xx

Expanded Address Space

xx

Enhanced Routing

xx

New Header Format

xx

Header Options Enhancements

xx

Security

xx

Resource Allocation and Quality of Service Features

xx

Address Autoconfiguration

xx

Neighbor Discovery

xx

Structure of IPv6 Addresses

xx

Text Representation of IPv6 Addresses

xx

Unicast Addresses

xx

Special IPv6 Addresses

xx

Routing

xx

IPv6 Header Composition IP Options Used in IPv6

Introduction to ICMPv6

xx

xx

Configuring IPv6 Addresses in Solaris

xx

Using Network Troubleshooting Commands with IPv6 Addresses

xx

Changes in the /etc/inetd.conf Configuration File

xx

Chapter Summary

xx

Exercises

xx

Chapter Summary

xx

Apply Your Knowledge

xx

This chapter presents some new concepts related to the next generation of IP protocols. The following study strategies are recommended: . Understand the differences between version 4 and version 6 of IP protocols. . Make sure you understand IPv6 addresses and the different way to represent these. . Use commands to configure and display the settings for IPv6.

Chapter 9

INTRODUCTION Today’s TCP/IP networks are the result of an evolutionary process of more than three decades. Different versions of the IP protocol are in use, and the one we are familiar with is version 4, commonly known as IPv4. This version has been in use over the Internet for a long time. The IP header format discussed in Chapter 2, “The TCP/IP Protocol,” is used in IP version 4 data packets. Every host in IPv4 networks is assigned a 32-bit address, which, in most cases, is unique all over the world. Therefore, it’s possible to have up to 232 (4, 294, 9677, 296) hosts in an IPv4 network. This number seems large, but in the late 1980s, the Internet started to run out of IP address space at a tremendous speed. In addition, there were new requirements because of wide use of the Internet in so many different areas of life. The most important of these requirements are traffic prioritization, automatic configuration, and security features, none of which is present in IPv4. The Internet Engineering Task Force (IETF), the Internet standards body, then asked for proposals to move to a new version of IP networks to overcome these problems. In the early 1990s, several proposals were presented to the IETF and some RFCs were approved. These RFCs define a new version of IP addresses, which is commonly known as IP Next Generation (IPng) or IP version 6 (IPv6). With IPv6, many new features were added to the Internet Protocol, and the header of the data packet was modified. Each address in IPv6 is 128 bits long compared to the 32-bit-long IP addresses in IPv4. Therefore, theoretically it is possible to have up to 2128 (3.4028236692093846346337460743177 e+38) hosts on the Internet, which is quite a large quantity. With such a large number of hosts, every square meter on the earth is estimated to have 6 × 1023 hosts. In addition, the IPv6 also solves other problems such as security and traffic prioritization. This chapter introduces you to IPv6, and to the structure of IP addresses. This chapter also discusses the structure of the IPv6 data packet header and how to encapsulate IPv4 packets inside IPv6

INTRODUCTION TO IPv6

365

366

Chapter 9

INTRODUCTION TO IP V 6

packets. Then this discussion moves on to practical things, such as how to configure IPv6 addresses in the Solaris environment. Finally, network troubleshooting commands in IPv6 networks are discussed. After going through this chapter, you should be able to understand and configure IPv6 addresses on your Solaris machines. You also should be able to design and implement IPv6 local networks.

WHAT’S NEW PROTOCOL

IN THE

IPV6

IP version 6 adds many new features to IP networks. These features provide more address space, and they make IP networks more efficient and reliable. Some of these features are described in the following sections.

Expanded Address Space Address size in IPv6 networks is increased to 128 bits compared to the 32-bit addresses in IPv4 networks. As explained earlier, this greatly increases the number of available IP addresses. Existing IP addresses in the IPv4 range are expected to exhaust by year 2005.

Enhanced Routing The Scope field improves multicast routing. In addition, anycast addresses are added. IPv4 has unicast, multicast, and broadcast addresses, but not anycast addresses. Multiple hosts are members of one anycast address. Using the anycast address, a host can send an IP packet to one of these hosts (the nearest one) in an anycast address.

New Header Format Some of the fields present in the IPv4 header are not present in the IPv6 header, making it simpler. Therefore, it takes less time to analyze the header part of the IP packet processing them more efficiently.

Chapter 9

Header Options Enhancements A different type of options scheme is used in an IPv6 header, which is more flexible and more efficient to handle.

Security Security features that support authentication and data security are added as well. A specification called IP Security Architecture (IPsec for short) is responsible for security in IPng networks. Note that IPsec also works with the current Internet Protocol. Solaris 8 supports IPsec.

Resource Allocation and Quality of Service Features The Quality of Service (QoS) features in IPv6 enable important data to be delivered to the destination with enhanced priority. The Typeof-Service field in the IPv4 header is replaced by a Flow Label through which a sender can request special handling of particular data traffic.

Address Autoconfiguration Dynamic IP addresses can be assigned to hosts automatically in IPv6. Autoconfiguration is explained later in this chapter.

Neighbor Discovery IPv6’s neighbor-discovery feature solves some of IPv4’s problems. Some of these enhancements are as follows: á Router discovery á Prefix discovery, which enables hosts to determine which set of addresses is connected locally á Parameter discovery, such as MTU á Duplicate address detection á Redirect information

INTRODUCTION TO IPv6

367

368

Chapter 9

INTRODUCTION TO IP V 6

STRUCTURE

OF

IPV6 ADDRESSES

Each IPv6 address is a 128-bit number. IPv6 addresses are assigned to interfaces, and each interface may be assigned multiple IP addresses. The following three basic types of IPv6 addresses are used: á Unicast. Unicast addresses are used for a single interface. á Anycast. Anycast addresses are used for a set of interfaces. Packets that are sent to the anycast address are delivered to the nearest interface. The nearest interface is calculated by a routing protocol.

NOTE

á Multicast. Multicast addresses are used for a group of interfaces. Packets sent to multicast address are delivered to all interfaces in the multicast group. All multicast addresses start with bit pattern 1111 1111 from the left side.

Note that no broadcast address is used in IPv6.

Because a greater number of IP addresses is available in IPv6 networks, routing becomes an important issue. You must take great care to keep the routing table from growing too much. For this purpose, leading bits of each IPv6 address, known as a prefix, specify the type of the address. Some of these address types are shown in Table 9.1. TABLE 9.1

A L L O C AT I O N O F IP V 6 A D D R E S S E S D E P E N D I N G P R E F I X (L E A D I N G ) B I T P AT T E R N

ON THE

Prefix

Allocation

0000 0000

Reserved

0000 0001

Unassigned

0000 001

Reserved for NSAP allocation

0000 010

Reserved for IPX allocation

010

Provider-based unicast addresses

100

Geographic-based unicast addresses

1111 1111

Multicast addresses

1111 1110 11

Site local use addresses

1111 1110 10

Link local use addresses

Chapter 9

Text Representation of IPv6 Addresses Each IPv6 address is divided into 8 parts. Each part consists of 16 bits. These 8 parts are separated by the colon character while writing the IP address. There are multiple ways to represent IPv6 addresses. The following rules apply to IPv6 addresses: á Typical representation of IP address is in the form x:x:x:x:x:x:x:x, where each x character represents 16 bits. For example, an IP address might be as follows: FEDC:234D:1234:45AC:CDAE:10FF:4579:013A

á If a 16-bit number consists of all 0s, these can be represented by a single 0. Also leading 0s can be omitted. An example address is as follows: 1080:0:0:0:3:300:4C:1093

á If long strings of 0s are in the address, these can be compressed by two colon characters (::). Use of these characters shows multiple groups of 16-bit numbers that are 0s. The following two addresses are the same. 1080:0:0:0:3:300:4C:1093 1080::3:300:4C:1093

Note that these two colon characters can appear only once in an address. The following address is not correct due to this reason: 1080::3::1093

á When dealing with mixed environment of IPv4 and IPv6 hosts, the x:x:x:x:x:x:x:x notation is changed to a x:x:x:x:x:x:d.d.d.d notation. In this case, we take out two x characters from the right side and replace these with four d characters. The d characters are used to show IPv4 addresses. An example of an IPv4-compatible IPv6 address is as follows: 0:0:0:0:0:0:192.168.2.23

or ::192.168.2.23

INTRODUCTION TO IPv6

369

370

Chapter 9

INTRODUCTION TO IP V 6

An example of an IPv4-mapped IPv6 address is as follows: 0:0:0:0:0:FFFF:192.168.2.23

or ::FFFF:192.168.2.23

á Prefixes can be used with IPv6 addresses, just like with IPv4 addresses. The following examples show the use of prefixes: 1080::3456:23/60 1080:0:0:345::/60

You will learn some ways to represent IPv6 addresses later in this chapter. RFC 2373 is an excellent resource for more information about IPv6 addresses.

Unicast Addresses Unicast addresses come in a few different forms. Each form of a unicast address is used for a specific purpose. Some of these forms are as follows: á Aggregate global unicast addresses. These are used for global communications. á Site local use addresses. These start with the 1111 1110 11-bit pattern. They are used in a single site and don’t have global routing capabilities. The last part is the interface ID, which is usually the MAC address in autoconfiguration. á Link local use addresses. These start with the 1111 1110 10bit pattern followed by n number of 0 bits. The last part of the address shows the interface ID and it is (118 – n) bits long. If you use 48 bits for the interface ID, for example, n is 70. Link local addresses are used on a single link and do not have routing capabilities. They may be used for auto address configuration. The interface ID part is usually taken from the MAC address used on the interface. á IPv4-compatible host addresses. These have an IPv4 address in the rightmost 32 bits, and all other bits are 0.

Chapter 9

INTRODUCTION TO IPv6

Special IPv6 Addresses Some addresses have special meaning in IPv6. Two important special addresses are the loopback address and the unused address. The loopback address has only a rightmost bit equaling 1, with all other bits 0. It is written in the following ways: á

0:0:0:0:0:0:0:1

or á

::1

The unspecified address contains all 0s, and it can be used by hosts that do not know their IP address. One example is the DHCP client that does not know its IP address at boot time. The unspecified address can be written as follows: á

0:0:0:0:0:0:0:0

or á

::

Routing Routing in IPv6 networks is similar to classless interdomain routing (CIDR) in IPv4 networks. All routing protocols, such as RIP, OSPF, and so on, can be used on IPv6 networks. IPv6 networks also provide some additional routing enhancements.

IPV6 HEADER COMPOSITION Before starting discussion on the IPv6 header, it’s important to review the IPv4 header. The standard IPv4 header, which is 20 octets long, is shown in Figure 9.1. Descriptions of some fields are shown in Table 9.2. 8 V

IHL

16 TOS

Identification TTL

24 Total Length F

Protocol

32

Fragment Offset Header Checksum

Source Address Destination Address

FIGURE 9.1 Structure of IPv4 IP header.

371

372

Chapter 9

INTRODUCTION TO IP V 6

TABLE 9.2

IP V 4 H E A D E R F I E L D S Field

Description

Version

Shows the version of the IP protocol used in the packet.

IHL

Shows the length of the header in 32-bit long words.

TOS

The Type-of-Service field.

Total Length

This is the total length of the data packet.

FLAGS

Control fragmentation and reassembly, among other things.

TTL

Shows the Time-To-Live value.

Checksum

Packet checksum to detect transmission errors.

Source Address

Shows the source address of the data packet.

Destination Address

Address to where the data packet is going.

The IPv6 header shown in Figure 9.2 has a fewer number of fields than does the IPv4 header. The standard header length of the IPv6 is 40 octets compared to 20 octets in IPv4. The second difference is the number of fields in the header. The IPv4 header has 12 fields, whereas the IPv6 header has only 8 fields. Reduction in the number of fields reduces the work that has to be done by the router to process an IP packet. Some of the less frequently used fields in the IPv4 header are removed in IPv6. Several options in the IPv6 header may be used, if required. These options follow the standard IPv6 header. As you can see, the header length in IPv6 packets is still double the length of the IPv4 header because of the longer source and destination addresses. Table 9.3 describes the IPv6 header fields. 0

4 Version

8 Priority Payload Length

16

24 Flow Label Next Header

Source Address

FIGURE 9.2 Structure of IPv6 packet header.

Destination Address

32 Hop Limit

Chapter 9

TABLE 9.3

IP V 6 H E A D E R F I E L D S Field

Description

Version

This 4-bit field shows the version of the packet. Its value is 6 in IPv6.

Priority

This 4-bit field shows the priority of the packet. The value of this field can range from 0 to 15, and these values are divided into two ranges. Values from 0 to 7 are used for traffic for which the hosts provide congestion control, such as TCP. Values from 8 to 15 are used for non-congestioncontrolled traffic. Recommended values for priority are shown in Table 9.4. The priority value 0 is the lowest priority value, and 15 is the highest priority value.

Payload Length

This 16-bit field shows the length of the data part in the IP packet.

Next Header

This field shows the type of header immediately following the IPv6 header. This is similar to the IPv4 Protocol field.

Hop Limit

This 8-bit field is decremented at every hop. The packet is dropped if its value becomes 0.

Source Address

This is a 128-bit IPv6 address of the originator of the IP packet.

Destination Address

This is a 128-bit field for the intended recipient of the IP packet. This might not be the ultimate destination address.

In addition to this basic header, the IPv6 packet may contain multiple options following this header, which are discussed in the following section. TABLE 9.4

R E C O M M E N D E D VA L U E S HEADER

FOR

PRIORITIES

Priority

Description

0

Normal traffic

1

“Filler” traffic, such as netnews

2

Unattended traffic, such as email

3

Reserved

IN AN

IP V 6

continues

INTRODUCTION TO IPv6

373

374

Chapter 9

INTRODUCTION TO IP V 6

continued

TABLE 9.4

R E C O M M E N D E D VA L U E S IP V 6 H E A D E R

FOR

PRIORITIES

IN AN

Priority

Description

4

Attended bulk transfer, such as FTP and HTTP

5

Reserved

6

Interactive traffic, such as Telnet

7

Internet control traffic, such as SNMP and routing protocols

IP Options Used in IPv6 IPv6 options are defined as the extension header. Option length is not limited by 40 octets as they are in IPv4. Instead, options may be of an arbitrary length. Most of these option extension headers are not examined by routers on the way, which makes for efficient processing of IP packets. Note that in IPv4 packets, options are examined at every hop. Lengths of option headers are always in multiples of 8 octets. Some of the option headers currently defined for IPv6 are as follows: á Routing á Fragmentation á Encapsulation á Authentication á Hop-by-Hop Options á Destination Options These option headers are placed between the IPv6 header and the Transport layer header. The last option header contains the Next Header field, which shows the type of Transport layer–level protocol.

Chapter 9

INTRODUCTION

TO

ICMPV6

To meet the requirements of the new version of the IP protocol, a new version of the Internet Control Message Protocol (ICMP) is also proposed (commonly known as ICMPv6 ). ICMPv6 is defined in RFC 1885. Its header has a structure similar to the ICMP header used in version 4 of the IP protocol, and it has the fields found in Table 9.5. TABLE 9.5

ICMP V 6 F I E L D S Field

Description

Type

This 8-bit field identifies the type of ICMPv6 message.

Code

This 8-bit field shows some parameters with the Type field.

Checksum

This 16-bit field applies to the entire ICMPv6 message.

Parameters

This 32-bit long space is used for different parameters.

It also contains a pseudo header that contains source and destination addresses. Discussion on this is beyond the scope of this book.

CONFIGURING IPV6 ADDRESSES SOLARIS

IN

Configuring IPv6 in Auto Discovery mode on Solaris systems is quite easy. You just need to create an empty file, /etc/hostname6. interface, on which to configure IPv6 addresses. To configure IPv6 address using Auto Discovery mode on network interface hme0, for example, create an empty file named /etc/hostname6.hme0. Next time you boot the system, the in.ndpd daemon automatically discovers different network parameters for address autoconfiguration. A site local unicast address is configured on the interface.

INTRODUCTION TO IPv6

375

376

Chapter 9

INTRODUCTION TO IP V 6

STEP BY STEP 9.1 Configuring the IPv6 Interface for Auto Discovery Mode 1. Configure the IPv6 address on the hme0 interface by creating the /etc/hostname6.hme0 file. This is done using the following command: touch /etc/hostname6.hme0

2. Now reboot the system and use the ifconfig command to verify that the IPv6 address is indeed configured on the interface. Output of the following command shows that the IPv6 address fe80::a00:20ff:fe9e:f050 is configured on interface hme0: bash-2.03# ifconfig -a lo0: flags=1000849 ➥mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu ➥1500 index 2 inet 192.168.2.222 netmask ffffff00 broadcast ➥192.168.2.255 ether 8:0:20:9e:f0:50 lo0: flags=2000849 ➥mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841 mtu ➥1500 index 2 ether 8:0:20:9e:f0:50 inet6 fe80::a00:20ff:fe9e:f050/10 bash-2.03#

The rightmost part of this address is taken from the MAC address of the interface. During the autoconfiguration process, the IPv6 protocol makes sure that any other host on the network is not using the address being configured. 3. To make sure that the address is working properly, use the ping command, as follows: bash-2.03# ping fe80::a00:20ff:fe9e:f050 fe80::a00:20ff:fe9e:f050 is alive bash-2.03#

Chapter 9

INTRODUCTION TO IPv6

377

The in.ndpd daemon implements the following important features: á Router discovery á Prefix discovery for IPv6 addresses á Parameter discovery á Address autoconfiguration

STEP BY STEP 9.2 Configuring the IPv6 Interface Manually 1. You also can manually configure the IPv6 address on an interface. The following command creates a logical interface hme0:3 for IPv6: bash-2.03# ifconfig hme0:3 inet6 plumb bash-2.03#

2. Now you can use the ifconfig command to verify that the interface does exist. The way to do so is as follows: bash-2.03# ifconfig -a lo0: flags=1000849 ➥mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu ➥1500 index 2 inet 192.168.2.222 netmask ffffff00 broadcast ➥192.168.2.255 ether 8:0:20:9e:f0:50 lo0: flags=2000849 ➥mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841 mtu ➥1500 index 2

NOTE

The daemon has the following configuration file /etc/inet/ndpd.conf. This file is needed only when you want the host to act as a router for IPv6. In the normal Host mode, this configuration file is not required. For more information, see the user’s manual of the in.ndpd daemon.

To configure a particular IPv6 address on an interface instead of using the auto discovery method, you can put that address in the interface configuration file /etc/hostname6.hme0 instead of leaving it blank. Note, however, that this is not a preferred method in IPv6 networks because auto discovery is added to IPv6 for this very purpose.

378

Chapter 9

INTRODUCTION TO IP V 6

ether 8:0:20:9e:f0:50 inet6 fe80::a00:20ff:fe9e:f050/10 hme0:3: flags=2000840 mtu 1500 ➥index 2 inet6 ::/0 bash-2.03#

3. The following command configures an IPv6 address on the interface and brings the interface up: bash-2.03# ifconfig hme0:3 inet6 1234::abcd/64 up bash-2.03#

4. You can verify the configuration using the ifconfig command once again. The following command shows that the IP address recently configured on the interface is being displayed: bash-2.03# ifconfig hme0:3 inet6 hme0:3: flags=2000841 mtu ➥1500 index 2 inet6 1234::abcd/64 bash-2.03#

5. As a final step, use the ping command for testing the newly configured IP address, as follows: bash-2.03# ping 1234::abcd 1234::abcd is alive bash-2.03#

USING NETWORK TROUBLESHOOTING COMMANDS WITH IPV6 ADDRESSES All the network troubleshooting and network management commands in Solaris have been modified to support IPv6. These commands include, but are not limited to, the following: á

ifconfig

á

ping

á

netstat

á

ndd

á inetd daemon á Network server daemons

Chapter 9

To use a command for just an IPv6 address, add the inet6 command-line option. The following command shows configuration of only IPv6 interfaces: bash-2.03# ifconfig -a inet6 lo0: flags=2000849 mtu ➥8252 index 1 inet6 ::1/128 hme0: flags=2000841 mtu 1500 ➥index 2 inet6 fe80::a00:20ff:fe9e:f050/10 hme0:3: flags=2000841 mtu 1500 ➥index 2 inet6 1234::abcd/64 bash-2.03#

Note that to use a command for IPv4 only, you must use the inet command-line option rather than inet6. For example, the following command shows only IPv4 interfaces: bash-2.03# ifconfig -a inet lo0: flags=1000849 mtu ➥8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 ➥mtu 1500 index 2 inet 192.168.2.222 netmask ffffff00 broadcast ➥192.168.2.255 hme0:1: flags=1000843 ➥mtu 1500 index 2 inet 199.30.29.28 netmask fffffff8 broadcast ➥199.30.29.31 bash-2.03#

If you don’t use the inet or the inet6 option, both IPv4 and IPv6 configuration displays. Similarly, the following netstat command lists only the routing table corresponding to IPv6 addresses: bash-2.03# netstat -rn -f inet6 Routing Table: IPv6 Destination/Mask ➥Flags Ref Use If ------------------------------ --- ------ ----1234::/64 ➥1 0 hme0:3 fe80::/10 ➥1 0 hme0 ff00::/8 ➥1 0 hme0 default ➥1 0 hme0 ::1 ➥UH 1 0 lo0 bash-2.03#

Gateway --------------------------- 1234::abcd

U

fe80::a00:20ff:fe9e:f050

U

fe80::a00:20ff:fe9e:f050

U

fe80::a00:20ff:fe9e:f050

U

::1

INTRODUCTION TO IPv6

379

380

Chapter 9

INTRODUCTION TO IP V 6

CHANGES IN THE /etc/inetd.conf CONFIGURATION FILE To enable IPv6 on network daemons started through the inetd master network daemon, some changes to the /etc/inetd.conf file are made. If IPv6 is supported on a TCP-based server, for example, use the protocol name as tcp6 in place of tcp. Similarly, udp would be replaced by udp6. For reference, some lines from this file are shown here: tftp dgram udp6 wait root /usr/sbin/in.tftpd ➥in.tftpd -s /tftpboot finger stream tcp6 nowait nobody ➥/usr/sbin/in.fingerd in.fingerd time stream tcp6 nowait root internal time dgram udp6 wait root internal echo stream tcp6 nowait root internal echo dgram udp6 wait root internal

In Solaris 8, Sun Microsystems has made changes to the network server daemons to support IPv6 addresses. The server daemons in Solaris support IPv4 as well as IPv6 addresses.

C A S E S T U DY : IP V 6 T E S T E X P E R I M E N TA L N E T W O R K (B O O TA I N C .) ESSENCE OF THE CASE The following are the essentials of this case: • Because Solaris 8 supports IPv6, it can be used for training. • Both IPv4 and IPv6 can coexist. Therefore, the Solaris hosts can be used for other purposes as well.

Boota Inc. has installed Solaris 8 hosts on its network. Although the company does not plan to move to IPv6 at this point, training of staff is required. The company wants to use Solaris hosts to build an experimental network for staff training.

A N A LY S I S Moving to IPv6 is not required at this point because the industry has not yet matured to IPv6. However, this is a good time to get started toward this direction. IPv6 networks can be easily set up using Auto Discovery mode because this needs least configuration. At the same time, IPv6 addresses also can be configured so that the hosts can be utilized for other purposes as well.

Chapter 9

INTRODUCTION TO IPv6

CHAPTER SUMMARY This chapter introduced you to the IPv6 protocol and to the configuration process of IPv6 addresses in Solaris 8. The chapter started with an introduction to the enhancements made to IPv6 compared to IPv4. The chapter also discussed the structure of IPv6 addresses. There are three basic types of IPv6 addresses, as follows: á Unicast á Anycast á Multicast Broadcast addresses are not present in IPv6. Each IPv6 address starts with a prefix that determines the type of IP address. The easiest way to use IPv6 addresses is to use site local use unicast addresses and link local use unicast addresses. The IPv6 packet header is simpler than the IPv4 IP header and contains a fewer number of fields. This makes it simpler and more efficient for routers to process IP packets. You should now have an understanding of the IPv4 and IPv6 header fields and how these compare to each other. The basic IP header in IPv6 consists of 40 octets, and there may be an arbitrary number of IPv6 option headers following the basic header. A new version of the ICMP protocol also is defined to work with IPv6. This is known as ICMPv6. The last part of the chapter described how to configure IPv6 addresses on the Solaris interface and how to use different network administration and troubleshooting commands.

KEY TERMS • IP Next Generation • IP version 6 • unicast addresses • multicast addresses • anycast addresses • packet header • address autoconfiguration

381

382

Chapter 9

INTRODUCTION TO IP V 6

A P P LY Y O U R K N O W L E D G E

Exercises

Exam Questions

9.1.

The answers to these questions are provided in Appendix E, “Answers to Sample Exam Questions.”

Creating Logical Interfaces and Configuring IPv6 Addresses

In this exercise, you use two Solaris 8 machines to create logical interfaces using the ifconfig command. You also configure IPv6 addresses on these logical interfaces. Estimated Time: 15 minutes 1. Create logical interfaces hem0:3 on both hosts using ifconfig hme0:3 inet6 plumb command. 2. Configure IPv6 addresses on the logical interfaces for each machine. Keep in mind that you have to specify the inet6 command-line option with the ifconfig command. 3. Use the ifconfig command to display the configured IP addresses. 4. Try to ping to the other system using IPv6 address. If you can ping to the other host, the IPv6 configuration is successful.

1. What type of address does not exist in the IPv6 protocol? A. Unicast B. Multicast C. Anycast D. Broadcast 2. What is the length of an IPv6 address? A. 128 bits B. 64 bits C. 48 bits D. 32 bits 3. How many priority levels are defined in IPv6? A. 4 B. 8

Review Questions 1. What are the major differences between IPv4 and IPv6 addresses? 2. Why is packet handling more efficient in IPv6 than in IPv4?

C. 16 D. 256 4. Which file enables IPv6 address configuration on network interface hme0? A. /etc/hostname6.hme0 B. /etc/hostname.hme0 C. /etc/ipv6.hme0 D. /etc/ipng.hme0

Chapter 9

INTRODUCTION TO IPv6

383

A P P LY Y O U R K N O W L E D G E

Review Questions 1. Major differences between Ipv4 and Ipv6 include the following: • The length of an IP address is 32 bits in IPv4 and 128 bits in IPv6. • The IP header in IPv6 contains fewer fields, making routing more efficient.

• The scheme of IP header options is changed in IPv6. • Security features have been added. • IPv6 supports Quality of Service. 2. Packet handling is more efficient in IPv6 than in IPv4 because the router has to look at fields present in the IP packet header. Because an IPv6 header has fewer fields, packet handling is more efficient.

Suggested Readings and Resources 1. Books • Solaris Answerbook2 • IPv6 Clearly Explained. Peter Loshin and Pete Loshin • Implementing IPV6: Supporting the Next Generation Internet Protocols. P. E. Miller and Mark A. Miller

2. URLs • Routing Aspects of Ipv6 Transition, RFC 2185 www.ietf.org/rfc/rfc2185.txt • IP Version 6 Addressing Architecture, RFC 2373 www.ietf.org/rfc/rfc2373.txt

Now that you have read the nine chapters of this book, you should consider a few things before taking the exam. What are the key points covered in this book? What do you need to go back over for better understanding? Perhaps you just need to refresh your memory. The Fast Facts in this section are intended as a refresher, a condensation of key concepts, definitions, and important information to help you digest some of the more critical elements before the exam. These are the things that would make the best material for questions on an exam. Review these before going in to take the test. They will help give you an idea of what to expect.

Fast Facts Solaris 8 Network Administrator Certification Exam

386

FAST FACTS

NETWORK TERMINOLOGY The following is a list of important network terms: á Computer networks. A computer network is a collection of computers connected to each other over a communication medium. A network is usually a combination of hardware and software. Both of these elements are integrated together to provide different services. á Host or node. A node or a host is any device connected to a network. It can be a personal computer, a workstation or server, a router, or any other device. á Router. As the need for information exchange expands, the need to connect multiple networks to each other has increased. A router is a device used for this purpose. Typically a router may have multiple network adapters. Each of these adapters is connected to a different network. A router receives data packets from all connected networks and forwards data packets to destination networks or hosts depending on the destination address. A router may be considered as collection, sorting, filtering, dropping, and distribution point for data packets. á Network protocol. A network protocol may be thought of as a common language that all hosts on a network understand. Basically, a protocol is a set of rules and regulations that govern data transfer among hosts on a network. Many protocols have been developed since research started on computer networks. The most common one is the TCP/IP suite of protocols. á Internet. In general, the Internet is a combination of multiple independent networks. Most private and public networks globally are connected to each other. This worldwide interconnection of networks is called the Internet. á Bandwidth. Bandwidth is the capacity of a communication medium for data transfer. The speed of

data transfer is measured in terms of bandwidth. In simple terms, bandwidth may be thought of as capacity of communication medium used for interconnecting hosts on a network. Technically, bandwidth is the range of frequencies that can pass through a communication medium. The higher the bandwidth, the larger the range of frequencies, and the more data can be passed through a network.

Network Topologies The physical interconnection layout of a network is the network topology. A network topology shows how hosts in a network are physically interconnected. Different network topologies have different characteristics, as noted in this list: á Bus topology. A bus topology is usually used in broadcast networks where only one host can transmit data at one time. The maintenance is usually difficult and in most cases you have to shut down the network when you need to add another host. Also, the bus is a single point of failure for the network. á Star topology. All hosts are connected to a central location within a star topology network. This central location is the hub of the network. Star connected networks also have a single point of failure, the hub. á Ring topology. A ring-connected network is equivalent to a bus-connected network with two ends of the bus connected together. Double rings are also used to connect networks, and Fiber Distributed Data Interface (FDDI) is the most common example of this type of network. If one of the rings fails, hosts can still use the second ring for data transfer. á Mixed or hybrid topology networks. Most of the practical networks are a combination of two or more types of topologies. In many networks, for

FAST FACTS

example, computers are connected to hubs in star topologies. These hubs are then connected to each other using a bus backbone. In many campus networks, FDDI is used as backbone, whereas star or bus topologies are used in smaller network parts.

Routers, Switches, Bridges, Repeaters, Hubs Routers work on the Network layer of the OSI model. The decision to forward or drop a data packet in the router is made on the basis of Network layer addresses.

387

A switch also works on the Data Link layer of the OSI model like the bridge. However a switch offers much more functionality than a bridge. A switch can be used to provide many parallel simultaneous paths for the data transfer among connected hosts. The switch filters traffic for these paths using MAC addresses. If a broadcast packet arrives, it is forwarded to all ports of a switch. Switches may have multiple types of ports.

Bridges

Figure 1 shows the data path in a router. When a data packet reaches a router, it travels up to the network layer, where the source and destination addresses are checked. The decision to forward the data packet to a particular network or drop it is made at the Network layer.

A bridge is used to connect networks together. Bridges can have multiple ports; each port is connected to a separate network. Bridges act at the Data Link layer of the OSI model. Data starts from the Application layer on the source host. When it reaches the bridge, it goes up to the Data Link layer. At this layer, the bridge decides whether to forward a frame to the other network or drop it.

Switches

Repeaters

Switches are used for high-speed networks, because overall traffic flow is much larger due to the existence of multiple simultaneous data paths in the network.

A repeater is a special type of equipment used to extend the length of a network segment. When an electrical signal travels on a cable, its shape becomes distorted because of the addition of noise and cable resistance. This distortion goes on increasing as the signal travels longer and longer distances. If the cable is too long, the signal might be distorted to such an extent that it may be hard to recognize it, or the information extracted from it might become erroneous. To overcome this problem, repeaters are used. A repeater takes a distorted input signal, reshapes and regenerates it.

A switch works at the Physical and Data Link layer of the OSI model. A switch keeps record of link-layer addresses of hosts connected to its port. When a data frame enters any port of a switch, its destination port is determined by the destination link-layer address or MAC address. Application layer Presentation layer Session layer Transport layer Network layer Data Link layer Physical layer

Network layer Data Link layer Physical layer

Source Host

FIGURE 1 The data path of a router.

Router

Application layer Presentation layer Session layer Transport layer Network layer Data Link layer Physical layer Destination Host

Hubs A hub acts as a central part of a star-connected network. Sometimes a hub is also called a multiport repeater. A hub’s signal enters one port and is regenerated to all other ports.

388

FAST FACTS

Hubs are available in a number of configurations. Usually multiple hubs are connected to a backbone to create larger local area networks.

Network Access Methods Carrier sense multiple access collision detect (CSMA/CD) is the most popular access method and is used in Ethernet networks. Hosts are connected to a common broadcast communication medium and any host is allowed to access the medium without any particular order (multiple access). When a host needs to transmit data to any other host, it senses the communication medium to check whether any other host is already transmitting data (carrier sense). If a data transmission is in progress, this host waits for a random time and checks availability of the communication medium again. If the communication medium is free, the host starts transmitting data on the communication medium. In a given scenario, where two or more hosts check the communication medium and find it free, hosts then start transmitting data simultaneously. In this case, a collision occurs and is detected by all participating hosts (collision detect). All hosts that detect a collision announce it so that the sending host may resend data. When the sending hosts comes to know that a collision has occurred, all hosts wait for a random time and try to retransmit data again. Networks based on CSMA/CD are nondeterministic networks. In case of heavy traffic, collisions are more frequent and the actual data transfer rate may not be guaranteed.

The ISO-OSI Model The International Standards Organization (ISO) has tried to standardize protocol design methodology by proposing a reference network model known as Open Systems Interface (OSI): á ISO-OSI is a layered protocol model, with seven layers. á Layers each perform a task and communicate with layers directly above and below. á ISO-OSI is only a reference for protocol models, not an actual protocol itself. á For example, TCP/IP uses only five layers, rather than seven. The OSI model has seven layers. The bottommost layer is the Physical layer, which deals with the actual hardware and electrical signals. The topmost layer is the Application layer and most of the network users’ interaction is with this layer only. Figure 2 shows the position of each layer in the OSI model. ISO-OSI Layers Application layer Presentation layer Session layer Transport layer Data Link layer Physical layer

FIGURE 2 The seven layers of the ISO-OSI model.

FAST FACTS

Each layer in the ISO-OSI model has a specific purpose, as defined in Table 1. TABLE 1

DEFINITIONS

OF THE

ISO-OSI L AY E R S

Layer

Description

Application layer

The actual application that interacts with the network and provides an interface to network users.

Presentation layer

The Presentation layer converts different types of data to make it suitable for the Application layer.

Session layer

The Session layer establishes and tears down communication sessions.

Transport layer

The Transport layer is responsible for end-to-end data transfer, error detection, and correction.

Network layer

The Network layer manages logical network and host addresses. Ensures point-topoint correct delivery of data. Responsible for routing.

Data Link layer

Manages MAC addresses. Takes data from the Network layer and transmits it over the Physical layer. Data is treated as frames.

Physical layer

The Physical layer transfers data in the form of signals over a communication medium.

Ethernet Many common Ethernet standards are used these days. Each standard has its own data transmission speed and segment length. Also specific types of cables and connectors are used for a particular Ethernet standard. The most common Ethernet standards and their properties are as follows: á 10BASE-2 Ethernet. Number 10 in the name shows the data transmission speed. Data can be

389

transmitted at up to 10Mbps on a 10BASE-2 Ethernet. However, the actual data transmission speed may be well below this limit depending on the load on the network and the number of hosts contending to transmit data. The word BASE shows that the baseband signal is used for data transmission. Some networks also use broadband technology to transmit data. In baseband technology, the electrical signal is not modulated, and all the available bandwidth is used as a single transmission medium. In broadband technology, different frequency bands are allocated for different signals with the help of modulation such that more than one signal may be traveling on the same medium (for instance, a wire connecting many hosts) using different modulation frequencies. The last part in the standard name shows the maximum length of a single segment. Number 2 shows that the maximum length for a 10BASE-2 network may be 200 meters. (Well, actually it is 185 meters. Number 2 is used as the closest integer.) á 10BASE-5 Ethernet. The network’s maximum speed of data transfer is 10Mbps. It uses a baseband signal, and the maximum length of a network segment is 500 meters. 10BASE-5 networks use a thicker cable as compared to 10BASE-2 and sometimes are also called a Thick Ethernet. á 10BASE-T Ethernet. Operates at 10Mbps data transmission speed. The maximum length of one cable segment is 100 meters and baseband signaling is used. The letter T in the name shows the use of twisted-pair cable in this type of Ethernet rather than coaxial cable. Category 3 or category 5 twisted-pair cables are used in these networks. This type of Ethernet is used in star topology networks. A hub is located at the center of the

390

FAST FACTS

network. Hosts are connected to the hub with the help of twisted-pair cable and RJ-45 connectors. In larger networks, many hubs are connected to each other using a backbone cable. 100BASE-T networks are similar to 10BASE-T networks. The only difference is that data transmission speed is 100Mbps, which is 10 times more than 10BASET networks. Category 5 cables are used in 100BASE-T networks. Maximum segment length is 100 meters. á Gigabit Ethernet. Gigabit Ethernet is the new family of Ethernet networks, and multiple standards for it exist. 1000BASE-SX networks use multimode fiber cables, and the length may be up to 500 meters. 1000BASE-LX use single-mode fiber cable, and the length may be up to 5 kilometers. 1000BASE-T is the new emerging standard that uses the same category 5 cable that was used by 100BASE-T networks. Length of this cable is currently limited to 100 meters.

Managing Ethernet Interfaces in Solaris Each Solaris server or workstation has one or more Ethernet interfaces. Solaris provides commands to manage Ethernet interfaces. These commands enable you to list the installed interfaces, create logical interfaces, configure interfaces, and make interfaces up and down. There are two simple ways to list the installed interfaces in a Solaris server or workstation: á

ifconfig. The ifconfig command lists all interfaces installed in the system, when used with the -a option. The command can also be used to list individual interfaces as well as to configure interfaces.

á

netstat.

The following commands are used to bring network interfaces up and down: á

Ethernet Addresses Every host on an Ethernet network is recognized by a unique 48-bit number known as the Ethernet address or sometimes as a MAC address. Manufacturers burn Ethernet addresses into all Ethernet network adapters. Some vendors also provide software utilities to make changes to Ethernet addresses. No two hosts on a network should have identical MAC addresses. The Ethernet address is usually written as a combination of six hexadecimal numbers separated by colon characters. For example, a typical Ethernet address may be written as 4F:36:01:AB:94:12.

The netstat command is used for many purposes, but one of these is to list installed and configured interfaces, when used with the -i option.

# ifconfig hme0 up. hme0

á

This command brings the

interface up.

# ifconfig hme0 down. hme0

This command brings the

interface down.

Troubleshooting Common Ethernet Problems Several utilities are available within the Solaris environment for troubleshooting common Ethernet as well as other network problems. The most common commands are shown in Table 2.

FAST FACTS

TABLE 2

USEFUL TROUBLESHOOTING COMMANDS Command

Common Use of the Command

ifconfig

The ifconfig command is used to configure network adapters to display existing configuration for each adapter(s).

391

The Application layer in a TCP/IP network covers the upper three layers of the OSI model. Table 4 briefly explains the functionality of each TCP/IP layer. TABLE 4

TCP/IP L AY E R F U N C T I O N A L I T Y Layer

Description

Physical layer

Handles Physical layer data in the form of segments.

Data Link layer

Handles the Physical layer access method and MAC addresses. Data received from the IP layer is divided into frames depending on the protocol used at the Data Link layer. For example, the frames format for Ethernet is different from that of Frame Relay.

IP layer

FUNCTIONALITY OF TCP/IP LAYERS

IP addresses are assigned to all hosts and networks. Routing protocols are used to route data across different networks. This layer is responsible for point-to-point reliable data transfer.

TCP layer

As opposed to the seven layers of the OSI model, TCP/IP has only five. Table 3 shows the layers for the OSI model and TCP/IP.

TCP and UDP protocols are used in this layer. Port numbers and sockets are used to allow multiple applications to share the same physical machine and IP address.

Application layer

User applications and programs that provide a user interface to the network are implemented in this layer.

snoop

The snoop command is used to capture and display network packets.

ping

The ping command is used to test network connectivity as well as to determine whether a particular host on network is alive or dead.

traceroute

The traceroute command is used to determine network path from a source host to a destination host.

ndd

The ndd command is used to get and set parameters for network kernel drivers.

TABLE 3

ISO-OSI L AY E R S

AND

TCP/IP L AY E R S

ISO-OSI Layers

TCP/IP Layers

Application layer

Application layer

Presentation layer

Application layer

Session layer

Application layer

Transport layer

Transport layer (TCP/UDP)

Network layer

Network layer (IP)

Data Link layer

Data Link layer

Physical layer

Physical layer

IP Addresses An IP address is a 32-bit-long number and is divided into four parts. Each of these parts is 8 bits long and is called an octet. IP addresses are usually written as a combination of these octets, and each octet is separated by a dot character. Because each octet is 8 bits long, the value of an octet may range from 0 to 255. For example, a typical IP address may be written as 192.168.2.201.

392

FAST FACTS

Unlike MAC addresses, IP addresses are logical addresses and are assigned by network administrators. IP addresses may be changed whenever a need arises. One IP address must be assigned to each network interface connected to a network.

Network Classes Depending on address ranges and the number of bits in the netmask, IP addresses are divided into five classes, as described in Table 5.

Netmasks A netmask is a special number used to distinguish the host part and network part in an IP network. A netmask is also written as a combination of four octets. All bits of the netmask that represent the network part of the address are 1s, whereas bits that represent the host part of the address are 0s. If you use only the rightmost octet for host addressing and the remaining three octets for network addressing, for example, the netmask bits will written as a combination of groups of eight bits, as shown here: 11111111 11111111 11111111 00000000

TABLE 5

NETWORK CLASSES Class

Network Mask

Possible # of Hosts

Start Bits

Range of Addresses

Class A

255.0.0.0

224 – 2 or 16,777,214

0

0–127

Class B

255.255.0.0

216 – 2 or 65,534

10

128–191

Class C

255.255.255.0

28 – 2 or 254

110

192–223

Class D

Special

Special

1110

224–240

Class E

Special

Special

11110

241–254

Class D networks are special addresses and are known as multicast addresses. Multicast addresses are used to send the same data packet to a selected group of hosts as compared to broadcast packets that are used to send a data packet to all hosts on a network. All addresses above 240 in the leftmost octet are reserved for future use and are not assigned to any host or network.

In decimal dot notation used for IP addresses, this netmask is written as 255.255.255.0 because the decimal equivalent of 8 bits with all 1s is 255 and for eight bits with all 0s it is a 0.

Subnetting It is possible to divide a large network into smaller networks using network masks. All smaller networks are called subnets. A netmask used for these subnets is called a subnet mask. Figure 3 shows how the host part in the network address is divided into a subnet and smaller host part to form multiple smaller networks. In the lower part of the figure, both of the shaded areas (network part and subnet) are used as a larger network part for smaller networks.


  
   FIGURE 3 Subnetting.

   


  

FAST FACTS

There may be different reasons to divide larger networks into smaller networks, including ease of maintenance, distributed network management, or nonavailability of new IP addresses.

The Internet Control Message Protocol (ICMP) The ICMP protocol is used to control messages. ICMP is an integral part of all IP protocol implementations. ICMP packets are used by user applications, such as ping, to diagnose network problems. ICMP packets also may be generated by hosts to report network problems to other hosts on the network.

Configuring Network Interfaces in Solaris Network interfaces in Solaris machines are usually named as hmen or len, where n is a number. The number n is usually 0 for the first interface, 1 for the second, and so on. If you have only one network adapter installed in your host, the name for this interface is probably hme0. There are three basic steps to configure interface hme0 with the IP address 192.168.2.222 and netmask 255.255.255.0, as shown here: 1. Create a file /etc/hostname.hme0 with a single line with the name of the host as shown here: fana

2. Edit the /etc/inet/hosts file to add the IP address for host fana. Remember that the /etc/hosts file is a link to file /etc/inet/hosts. A line in this file looks like the following: 192.168.2.222

fana

393

3. Edit the /etc/inet/netmasks file and add the following line: 192.168.2.0

255.255.255.0

The /etc/inet/netmasks associates network addresses with netmasks. At boot time, the network initialization script, /etc/init.d/network, that reads these files and configures network interfaces gets executed. At boot time, the network initialization script /etc/init.d/network gets executed. It uses the files mentioned in the previous steps to configure network interfaces during boot. Note that this configuration is permanent and persists after rebooting the machine. You can use the ifconfig command to temporarily configure a network adapter. The following command configures adapter hme0 with an IP address 192.168.5.6 and netmask 255.255.255.0: # ifconfig hme0:2 192.168.5.6 netmask 255.255.255.0 up

You also can specify the netmask in number of bits rather than dot notation. The following command does the same job, specifying to use 24 bits in the netmask: # ifconfig hme0 192.168.5.6/26 up

The ping Command The ping command is the most widely used command by network administrators. It uses ICMP echo request type ICMP packets. When a host receives this type of packet, it replies with an ICMP echo reply type ICMP packet that can be used to determine the round-trip time of the ICMP packet between the source and destination hosts. By default, the ping command just tells you whether a host is alive or dead by sending ICMP echo request type packets. If the command gets response for this

394

FAST FACTS

packet in the form of an ICMP echo reply packet, a Host Alive message is printed. However, you can also send continuous ping packets (ICMP echo request type packets) to the host using the ping –s command. By default, the ping command uses (56 + 8)-bytes-long data packet. To check the response of the network for larger packets, however, you can specify packet length with the ping command. This may also be beneficial to know if a host is dropping packets due to IP fragmentation. The ping –s desktop 6000 command sends (6000 + 8)-byte-long data packets to host desktop. You also can send a predefined number of ping packets to a destination host. The ping –s desktop 100 4 command sends 4 packets of 100-byte-long data to the host desktop. Table 6 lists other options available for use with the ping command. TABLE 6

OPTIONS USED

W I T H T H E ping

COMMAND

Option

Description

-g gateway

Specifies a gateway through which you want to route a data packet. Multiple gateway addresses can be used to route a packet through a specific path in the network.

-I interval

Interval between successive ICMP packets.

-i interface

Defines an interface address through which a packet should go out.

-P tos

Sets Type Of Service field in the IP header.

-t ttl

Sets TTL field value in IP header.

traceroute Command The traceroute command is used to find gateway hosts from source to destination. In other words, the command displays the path taken by IP packets from source to destination.

The traceroute command uses UDP packets to find intermediate gateway hosts. It sends UDP packets with an increasing TTL value, starting with 1. When a packet with TTL value 1 reaches the first gateway host, it decreases the TTL value by one and the TTL value becomes 0. So the first gateway host drops this packet and generates an ICMP packet to notify the sending host that the packet was dropped. In this way the firsthop gateway host shows its identity. The second-hop gateway host is determined by a UDP value of TTL value 2 and so on. By default three probe packets are sent for each hop (with the same TTL). Table 7 lists the options used with the command.

traceroute

TABLE 7

OPTIONS USED COMMAND

WITH THE TRACEROUTE

Option

Description

-F

Sets the Don’t Fragment bit in the IP header.

-f first_hop

Sets first-hop TTL. The default is 1. This is used to skip a certain number of gateways in the start of probes.

-g gateway

This option is used to set a gateway in loose source routing.

-m maxhops

This option is used to set maximum TTL value. The default maximum value is 30.

-p port

Port number to be used to UDP packets.

-q probes

Sets number of probes for each hop.

-v

Verbose output. Prints some more information.

Address Resolution Protocol (ARP) Before a host sends any IP data to a destination address, it determines the MAC address of the destination host because the Data Link layer knows only about

FAST FACTS

MAC addresses. Address Resolution Protocol (ARP) is a part of TCP/IP stack implementation and it maps IP addresses to MAC addresses. Given an IP address, this protocol determines the MAC address. The Reverse Address Resolution Protocol (RARP) does the reverse process and maps MAC addresses to IP addresses. RARP is used with diskless workstations. The Address Resolution Protocol is a broadcast protocol. When a host wants to get a MAC address corresponding to an IP address, it sends a broadcast packet on the local network. This packet basically asks all hosts on the local network whether anyone has that IP address. All hosts listen to this request and only the host with that IP address should reply. The reply data packet contains the MAC address of the host. If no host on the local network has that particular IP address assigned to it, no reply is received. The Address Resolution Protocol plays an important role in network communication on TCP/IP networks. Without such a method, it is not possible for the network layer to locate the MAC address of a host having the destination IP address. To watch ARP packets on your local network, you can use the snoop command.

Reverse Address Resolution Protocol (RARP) The RARP protocol is used by diskless workstations. Because there is no permanent storage space, IP address configuration can’t be stored on these workstations. Instead, the configuration of each diskless host is stored on a RARP server. RARP servers keep a mapping of MAC addresses to IP addresses. When you turn on the diskless workstation, it broadcasts a request to locate the RARP server to find its IP address configuration. If an RARP server is present on the network, it replies to this request with an IP address. To send out the correct IP address to the requesting workstation, the RARP server checks its tables to find an IP address corresponding to a MAC address of the requesting workstation.

395

ROUTING There are two types of routing in IP networks: static and dynamic. Static routing, as its name suggests, is fixed routing. Network administrators define static routes, and these are kept constant unless changed manually. Dynamic routes, on the other hand, are calculated at runtime depending on network conditions.

Routed and Routing Protocols A routed protocol is a protocol that can be routed across different networks. For example, IP is a routed protocol. It means that using some other mechanism, a decision about forwarding IP packets from one network to another can be made. A routing protocol is one that determines which data packet of a routed protocol should take a particular path from source to destination. The routing protocols provide a mechanism to determine the lowest cost path. The cost of a path may be determined in number of hops from source to destination, bandwidth, latency, or other factors.

Distance-Vector Routing Protocols In a distance-vector routing algorithm, each router forwards its knowledge of connected networks to its neighboring routers using broadcast or multicast. The listening router gets this information from the neighboring routers, builds its own routing table, and forwards its routing information to other neighboring routers. Each router sends distance information about connected networks in terms of number of hops, which is not the physical distance. When this transfer completes, each router has knowledge of connected networks. This routing algorithm is also known as Bellman-Ford algorithm. The most common example

396

FAST FACTS

of protocol that uses the distance-vector routing is the Routing Information Protocol (RIP).

How Does a Host Determine Whether It’s a Router?

Link-State Routing Protocols

A host acts as a router if one of the following conditions is true:

Cumulatively known as Shortest Path First (SPF) routing algorithms, link-state routing algorithms keep a complex and complete knowledge of interconnected network topology. Exchange of information about a change in the network is done through a link-state advertisement (LSA). As soon as an event is detected in the network, the LSA transfer is triggered, which make it possible to rebuild routing tables as soon as possible. This process is much faster than the distance-vector protocol, in which the exchange of information occurs on a timely basis rather than upon events. Link-state routing protocols, unlike the distance-vector routing protocols, maintain full knowledge of network topology.

Configuring RIP and RDISC The two most commonly used dynamic routing methods available on Solaris to fill up routing tables are the Router Discovery Protocol (RDISC) and the Routing Information Protocol (RIP). RDISC is used to discover available routers on the networks. RDISC is run either in Host mode or in Router mode. If it is running in Host mode, it listens only to router broadcasts. If it is running in Router mode, it broadcasts messages on the network. RDISC uses the ICMP router discovery method. The in.rdisc daemon is used to support RDISC. RIP uses the in.routed daemon and is started at boot time. It is used to exchange routing information among hosts and routers. Both RIP and RDISC are standard TCP/IP protocols.

á There are multiple /etc/hostname.interface files present. It shows that you have multiple network interfaces configured. An example of this file is /etc/hostname.hme0, which shows the presence of network interface hme0. á If someone configures multiple network interfaces manually using the ifconfig command.

Running RDISC in Host Mode When you start in.rdisc in Host mode, it listens to ALL_HOSTS multicast address. This address is 224.0.0.1 and routers advertise messages on this address. At the start time, in.rdisc ignores all router advertisements but for those routers present on one of the directly connected networks. The highest preference routers are selected to enter default routing entries in the routing table. Sometimes in.rdisc can also send router solicitation messages on ALL_ROUTERS (224.0.0.2) multicast address to discover available routers. The in.rdisc gives up if a response is not received after three solicitation messages.

Running RDISC in Router Mode When started in Router mode, in.rdisc starts listening to ALL_ROUTERS multicast address. It starts sending messages on ALL_HOSTS multicast address. Initially it sends a number of advertisements in the first 30 seconds. After that, in.rdisc advertises routing every 10 minutes.

FAST FACTS

If it finds any router solicitation message, it sends routing information to the requesting host. The daemon is usually started through /etc/rc2.d/ S69inet script. Table 8 shows common command-line options used with in.rdisc.

TABLE 8

C O M M A N D -L I N E O P T I O N S U S E D

WITH IN.RDISC

Option

Description

-r

Run the daemon in Router mode.

-p <preference>

Sets the preference number transmitted in solicitation messages. The default is 0.

-a

Accepts all routers, ignoring the preference. Normally in.rdisc accepts only routers with the highest preference.

-s

Send three solicitation messages and if no response is received, give up.

-f

Run in.rdisc forever, even if no response is received to initial solicitation messages.

-T

Sets interval between consecutive advertisements. Default interval is 600 seconds.

RIP (in.routed) The in.routed daemon implements RIP and is started using /etc/rc2.d/S69inet script. It listens to port number 520 for routing information advertisements. It periodically exchanges routing tables with directly connected routers. It uses hop counts to find an optimal route to a destination. Hop counts of 16 and above are considered as unreachable. This hop count is also called infinity. When exchanging routing table information, the daemon sends the hop count with each connected route. Depending on information received from the neighboring routers, it automatically updates its own

397

routing table. Updating of routing tables is done if one of the following conditions is true: á The received packet contains information about a new route and the hop count is not infinity. á The update is received from the router through which packets are being forwarded to the destination. á A new route is received while the previous route has not been updated for 90 seconds, and the new route is as cost-effective as the old one. á The new route describes a shorter path than the existing one. If an entry in the routing table has not been updated for three minutes, it is marked as infinity. Initially the daemon checks the /etc/gateways file to fill out entries in the routing table.

Routing Startup and Configuration Files The /etc/defaultrouter file contains one or more routers that can be used as default routers. Usually there is only one IP address or host name present in this file that is used as router of last resort. If multiple host names or IP addresses are used, these are separated by white spaces. Lines starting with the hash symbol (#) are comment lines in this file. Following is a typical /etc/defaultrouter file: # cat /etc/defaultrouter 192.168.2.1

If the defaultrouter file is present but is empty, Solaris tries to run one of the routing protocols (RDISC or RIP). First it initializes RDISC to discover any routers present by sending router solicitation messages. If it fails, it starts RIP.

398

FAST FACTS

When you use host names for default routers, these must be present in /etc/inet/hosts file. This is necessary because at the time of configuration of the default router, no name service is running and /etc/inet/hosts is the only way to resolve the host name of the default router.

The /etc/gateway file The /etc/gateways file is used with in.routed routing daemon to add active or passive gateways. Gateways that can exchange routing information are active gateways, and gateways that can’t exchange routing information are passive gateways. At startup the in.routed daemon reads this file. Routes defined in passive gateways are added to the routing table at the startup time. These may be modified later depending on discovery of other routes. The /etc/networks file maps network names to network addresses. The general format of each line in the file is as follows: aliases]

[network

The last part is optional and used only when you need to define any alias to a network. Fields in the file are separated by spaces or Tab characters.

The /etc/init.d/inetinit File This script is the main network initialization script. It also is linked as /etc/rc2.d/S69inet startup script.

Common Routing Problems If a host does not come up after reboot, there may be a problem with some initialization scripts. In this case, boot the system in Single-User mode and verify the initialization scripts. If the host cannot communicate with any of the hosts on the network, there is some problem with network interface. It may be a physical or a configuration problem.

Use the ifconfig command to find out whether a configuration problem exists. Most common configuration problems are wrong IP addresses or wrong netmasks. If the host cannot communicate with hosts on other networks but can communicate with networks on the local network, there is a problem with a routing table or the router. To verify the routing table, use the netstat command. Use the traceroute command to trace route hosts on other networks and see where it fails.

Troubleshooting Commands The following commands are the main troubleshooting commands for routing problems: á The ping Command. The ping command is the basic test for routing configuration. First of all, try to ping to your own IP address. If you are not able to do so, there is some problem with your interface configuration. If you can ping to your own IP address, try to ping to another host on the network. If you are successful, the route for the local network is working fine. Now try to ping to any of the gateways. Success with this confirms that you can reach the gateway. After that, try to ping to a host that is on another network. If this goes through, the route for the remote network is also configured correctly. á Using the traceroute Command. If your local configuration is correct and you can ping to hosts on the local network as well as your default gateway but not hosts on other networks, the traceroute command can locate the place where there is a problem. Use the traceroute command to trace a path to the remote host. It should stop at some point and start displaying asterisk characters as you have already seen in previous chapters. This is the place where there is a routing problem. If you have access to this router, you can correct it

FAST FACTS

yourself or you can contact the responsible person for that router to correct the problem. á Using the netstat Command. The netstat command is one of the most useful network troubleshooting commands. It is used for many purposes, including displaying lists of all routes. Table 9 lists options that you can use with the netstat command. TABLE 9

OPTIONS

F O R T H E N E T S TAT

Option

COMMAND

Description

-a

Lists all the sockets, ports, and connections used on a system.

-i

Shows the state of the interfaces.

-I

Displays information about a particular interface.

-n

Shows the network addresses in dot notation rather than as hostnames.

-r

Shows the routing table.

-s

Shows per-protocol statistics.

-P

Limits output to a particular protocol.

-v

Verbose. Shows more detail.

-D

Shows statistics for a DHCPconfigured interface.

Interval

Repeats statistics after a given interval.

á The ifconfig Command. The ifconfig command is used to display and correct problems with your local interface configuration. You need this command to correct problems such as a bad netmask. A wrong netmask can also cause routing problems.

399

CLIENT-SERVER TERMINOLOGY The following are common client-server terms: á Server. A server is a piece of hardware or software that provides a particular service to its clients. Examples of common servers used by every network user are web servers, mail servers, Domain Name Servers, and so on. á Client. A client is a user application used to access a service provided by a server. A web browser such as Netscape is a client application that uses services provided by a web server. Similarly, you also use clients for email that use services provided by mail servers. á Port number. A port number is the access point for a service. Port numbers are used to distinguish multiple services running on the same physical machine. To get a particular service, you have to go to a particular counter. Similarly you have to access different port numbers for different services. For example, you use port 25 for email and port number 23 for Telnet. á Socket. A socket is used to connect a client to a server. A socket is used to distinguish among different simultaneous communication sessions. A socket is a combination of the IP address and port number. Every communication session between a client and server uses a different socket. á Daemon. A daemon is a server process that runs in the background and serves clients. A server may run daemons or get started when a client sends a request.

400

FAST FACTS

TCP and UDP Ports Port numbers for all the common Internet services have been standardized. Internet services usually use the TCP protocol or UDP protocol. Some services use both protocols. Port numbers for both of the protocols are fixed for commonly used services. On UNIX systems, including Solaris, standard port numbers are listed in the /etc/inet/services file. The file is linked to the /etc/services file for compatibility with BSD versions of UNIX. Each line in this file has the following format: <service name> <portnumber/protocol>

The <service name> is the official name of the service. This may contain any printable characters excluding the comment character. Some service names mentioned in this file are FTP, Telnet, Time, SMTP, and so on. The <portnumber/protocol> field shows the port number and protocol used for the service. For example, 23/tcp in the line starting with telnet shows that the Telnet service uses port number 23 and the TCP protocol. The same port number can be used with multiple protocols. As mentioned previously, some services use both TCP and UDP protocol. For example, the Time service uses both TCP and UDP protocols on port number 37. The last part of a line shows one or more aliases used for the service. This is an optional field and may or may not be present for a service.

requests from clients. At the startup time, each server opens one or more sockets on well-known ports. Clients of these services can use these ports to connect to the socket opened by the server process. If a server uses security features, it authenticates network clients when a connection request is made. The usual way to do this is to prompt for a login name and password. When you use a Telnet client to connect to a Telnet server, for instance, it prompts you to enter a login name and password and then authenticates this login name and password using different methods. There are two common ways to start these server processes. You can start a service process as a daemon, and it will run forever waiting for incoming connection requests. The other way is to use the inetd master daemon, which can listen to incoming connection requests on behalf of other services. The inetd is started at boot time and acts as the master daemon. As soon as a connection request arrives, it invokes the required service process. In principal, each service can be started as a daemon or through inetd.

The r Commands The r commands are used for access to a remote host on a network. Usually, passwords are not required for access. Table 10 describes each of these commands.

TABLE 10

THE r COMMANDS

Configuring Internet Services Network services on a computer are started at boot time so that as soon as a server boots up, it may be accessible for network clients. The server processes run in the background and wait for incoming connection

Command

Description

rcp

Remote file copy

rlogin

Remote login

rsh

Execution of command on a remote host

remsh

Same as the rsh command

FAST FACTS

USING

THE

DHCP MANAGER

With Solaris 8, Sun Microsystems has provided a graphical user interface (GUI) to help configure a DHCP server. The /usr/sadm/admin/bin/dhcpmgr is a graphical utility to configure DHCP server and is called the DHCP Manager. You must be root to use this program. As you can see from Figure 4, the DHCP service can be configured as a pure DHCP server or as a DHCP/BOOTP relay agent. If you configure it as a relay, the service acts on behalf of some other DHCP server. It receives requests from clients and forwards these requests to one of the configured remote DHCP servers. Table 11 shows the messages exchanged between DHCP clients and servers.

Using dhcpconfig to Configure DHCP The traditional DHCP configuration utility available in Solaris systems is the dhcpconfig program. Using dhcpconfig, you can configure a DHCP server and a DHCP relay agent. In addition, you can unconfigure DHCP services. Most of the steps in dhcpconfig are the same as discussed with regard to the DHCP Manager GUI.

401

TABLE 11

C O M M O N DHCP M E S S A G E S E X C H A N G E D BETWEEN CLIENT AND SERVER Message

Description

DHCPDISCOVER

This is a broadcast message sent by a DHCP client to discover DHCP servers present on the network.

DHCPOFFER

This message is sent by a DHCP server in response to the DHCPDISCOVER message. It contains a lease offer and configuration parameters.

DHCPREQUEST

When a client accepts an offer from a DHCP server, it sends this message to show its acceptance. This message is also used to renew a lease.

DHCPACK

In response to a DHCPREQUEST message, the DHCP server sends this message to acknowledge the confirmation of the lease.

DHCPRELEASE

This message is sent by a client to a server to relinquish a leased IP address.

When you start dhcpconfig, it lists four options, as shown here: # dhcpconfig *** DHCP Configuration Would you like to: 1) Configure DHCP Service 2) Configure BOOTP Relay Agent 3) Unconfigure DHCP or Relay Service 4) Exit Choice:

***

Automatic Startup of a DHCP Server FIGURE 4 DHCP server configuration.

When you configure a DHCP service using the dhcpmgr or dhcpconfig utilities, startup and shutdown scripts are created in appropriate directories. The default startup

402

FAST FACTS

script for DHCP is present in /etc/init.d/dhcp. This is a simple script: # cat /etc/init.d/dhcp #!/sbin/sh # # Copyright 1996-1999 by Sun Microsystems, Inc. # All rights reserved. # #ident “@(#)dhcp 1.17 99/10/23 SMI” # Make sure that /usr is mounted [ ! -d /usr/bin ] && exit 1 case “$1” in ‘start’) if [ -x /usr/lib/inet/in.dhcpd ]; then /usr/lib/inet/in.dhcpd > ➥/dev/console 2>&1 fi ;; ‘stop’) /usr/bin/pkill -x -u 0 in.dhcpd ;; *) echo “Usage: $0 { start | stop }” exit 1 ;; esac exit 0

The script is copied as /etc/rc3.d/S34dhcp to start the DHCP service and as /etc/rc2.d/K34dhcp to shut down DHCP services. You also can create and modify the script manually. Some utilities for configuring DHCP are described in Table 12. TABLE 12

C O M M O N DHCP C O N F I G U R AT I O N U T I L I T I E S Name

Description

dhtadm

DHCP configuration table management utility.

dhcpconfig

DHCP service configuration utility.

dhcpmgr

GUI-based DHCP manager.

pntadm

DHCP network table management utility.

Unconfiguring DHCP Services You can unconfigure DHCP services by using the dhcpconfig utility. It also can optionally delete DHCP configuration files. The following session of the dhcpconfig command unconfigures DHCP and deletes all data files created during the configuration process: # dhcpconfig Would you like to: 1) Configure DHCP Service 2) Configure BOOTP Relay Agent 3) Unconfigure DHCP or Relay Service 4) Exit Choice: 3 Unconfigure will stop the DHCP service and ➥remove /etc/default/dhcp. Are you SURE you want to disable the DHCP ➥service? ([Y]/N):y ###

WARNING WARNING WARNING

###

Unconfigure can delete the following tables in ➥the current resource (files): 1) dhcptab. 2) ALL dhcp-network tables. Are you SURE you want to remove the DHCP ➥tables? (Y/[N]): y Removing: dhcptab... Removing: 192_168_2_0... Would you like to: 1) Configure DHCP Service 2) Configure BOOTP Relay Agent 3) Unconfigure DHCP or Relay Service 4) Exit Choice:

If you are sharing the DHCP service tables either via NIS+ or file sharing among multiple DHCP servers, those servers will be unable to service requests after these tables are removed. Note that any hosts table entries that have been added will need to be manually removed.

FAST FACTS

Setting Nondefault Server Options

DHCP Server

DHCP Relay

403

DHCP Client

If you select to configure nondefault server options during the dhcpconfig configuration process, you will be offered additional questions, as shown here: ### DHCP server option setup ### Would you like to specify nondefault server ➥options (Y/[N]):y How long (in seconds) should the DHCP server ➥keep outstanding OFFERs? [10]: How often (in minutes) should the DHCP server ➥rescan the dhcptab? [Never]:10 Do you want to enable BOOTP compatibility mode? ➥(Y/[N]):y Do you want the server to allocate IP addresses ➥to new BOOTP clients? ([Y]/N): ***end code*** If you select BOOTP compatibility, the DHCP ➥server will serve both DHCP and BOOTP clients. In addition to other configuration parameters, ➥you can also choose to enable BOOTP ➥compatibility mode here.

Configuring the DHCP Relay Agent A DHCP relay agent acts on behalf of a DHCP server on a local network. It can receive queries from DHCP clients and forward these to a real DHCP server. Figure 5 shows one of the possible arrangements for installing a DHCP relay service. In this case, the DHCP client and DHCP server are on different networks. The broadcast DHCPDISCOVER message usually does not go through to the DHCP server in normal cases because broadcast messages are not forwarded across routers. However, the DHCP relay can forward this message to the DHCP server and can act as a bridge between the client and the server. The dhcpconfig utility can be used to configure the DHCP relay.

Router FIGURE 5 A DHCP relay.

Configuring the DHCP Client You can enable DHCP on one or more of the network interfaces installed in your server or workstation. Configuring a DHCP client is very easy, but there are some steps involved. First, you must find the interface on which you want to enable DHCP. If this interface is already configured with an IP address, you might have to unconfigure it first using the ifconfig unplumb command. Use the ifconfig command to list all interfaces. If an interface is not listed but is present, you can use the ifconfig plumb command to bring this interface up. The following command brings up hme1: # ifconfig

hme1 plumb

Find the current configuration of the interface using the following command: # ifconfig hme1 hme1: flags=1000842 mtu 1500 index 2 inet 0.0.0.0 netmask 0

Use the following command to enable DHCP on the interface: # ifconfig hme1 dhcp

404

FAST FACTS

ured for a particular IP address and that address is marked as unusable.

You can check the status of DHCP on that interface using the following command: # ifconfig hme1 dhcp status

To enable DHCP on an interface at boot time, you have to create two files. If you want to enable DHCP on interface hme1, for example, you have to create the following two files in the /etc directory:

á If you see a message such as No more IP addresses, the number of DHCP clients is more than the number of available IP addresses. Many DHCP problems can also be traced using the command. This command will show network packets flowing on a particular interface. DHCP problems also can be traced by running DHCP client and DHCP server in Debug mode.

snoop

á homename.hme1 á dhcp.hme1 Next time you reboot your system, interface hme1 will be configured with DHCP.

Table 13 lists the files used for configuring DHCP. TABLE 13

Troubleshooting DHCP If you are using files to store DHCP databases rather than NIS+, you might have fewer problems to troubleshoot. The common DHCP server problems that might occur are as follows: á Sometimes there is a reutilization of IP addresses. It may happen that one or more IP addresses included in the DHCP scope are statically assigned to other hosts. In this case, there is conflict of IP addresses. You can use the snoop command in conjunction with the ping command to discover the MAC address of the other host that is using a particular IP address. á The same IP address included in the scope of multiple DHCP servers. IP conflict also might occur if overlapping IP addresses are included in the scope of multiple DHCP servers. You should use DHCP Administrator or dhcpconfig to correct this problem. á A client is asking to renew a lease for an IP address that has been marked as unusable. A message from the DHCP server will appear in a SYSLOG message, if configured, in such a case. You can use DHCP Manager to correct this problem. This also might happen if a client ID is config-

DHCP C O N F I G U R AT I O N F I L E S File

Description

dhcp_network

This file is present in the same directory as the dhcptab file. The actual name of the file is in the NNN_NNN_NNN_NNN notation, where NNN shows octet values in the network address.

dhcptab

This is a DHCP macro table file.

/etc/default/dhcp

This file contains the location of the preceding two files listed here along with other information.

SIMPLE NETWORK MANAGEMENT PROTOCOL (SNMP) The Simple Network Management Protocol is a collection of management station(s) and network elements. The network elements run a piece of software, which is called the SNMP agent. Network elements may be simple hosts, servers, routers, bridges, or anything connected to a network. The SNMP agents that reside on the

FAST FACTS

network elements communicate with one or more SNMP management stations to exchange information. The role of the SNMP agent is to collect network management information and pass it on to the management station when requested. It also can pass critical information to the management station asynchronously to report important events through a mechanism known as traps. If an SNMP management station needs to set the value of a managed object, it can direct the SNMP agent to do so. The SNMP agent keeps the management information in special tables known as a Management Information Base (MIB). The SNMP protocol is comprised of the following three basic components: á Structure of Management Information (SMI) á Management Information Base (MIB)

The SYNTAX part of each object displays data type and range used for the object. The ACCESS part shows read and write permissions for the object. The DESCRIPTION part shows a short description of the object. MIB objects and their descriptions are shown in Table 14.

TABLE 14

MIB G R O U P S Group Name and OID

Description

System (1.3.6.1.2.1.1)

Objects related to system administration (such as uptime)

Interface (1.3.6.1.2.1.2)

Objects related to manageable interfaces

IP (1.3.6.1.2.1.4)

Information related to IP protocol and protocol statistics

ICMP (1.3.6.1.2.1.5)

Information related to ICMP protocol and protocol statistics

TCP (1.3.6.1.2.1.6)

Information related to TCP protocol and protocol statistics

UDP (1.3.6.1.2.1.6)

Information related to UDP protocol and protocol statistics

á SNMP messages

Management Information Base The Management Information Base is a hierarchical organization of objects used in SNMP. This organization is like a tree. Individual objects are leafs of the tree. Each object has an OID, which is a sequence of numbers separated by dot characters. As described earlier, the OID of an object is determined by traversing the tree from root node to that node and noting the numbers associated with all nodes on the way. The MIB is implemented as a data structure of tables, where values of these objects are stored for retrieval by the SNMP management station. ASN.1 is used to describe the structure of these tables and data types associated with different objects. The following list shows a part of an MIB represented in ASN.1. It shows three objects in the MIB: á ifDescr á ifType á ifMtu

405

SNMP Messages Network management information between an SNMP agent and the SNMP management station is exchanged in the form of SNMP messages. These SNMP messages consist of two major parts: á Authentication Header. The Authentication Header consists of two parts. The first part is the version number of the SNMP message. If the version number of an incoming message is not understandable by the SNMP agent or management station, the message is ignored. The second part is the community string, which is used as a password.

406

FAST FACTS

Each SNMP agent and management station is part of a community with a specific name. á The Protocol Data Unit (PDU). The PDU is the actual part of the SNMP message that conveys information to an agent or management station. PDUs have a specific format so that SNMP components from different vendors can understand each other. There are different types of PDUs, as listed here: á SNMP GET. This PDU is sent by the SNMP management station to the SNMP agent to retrieve the current value of an object. á SNMP GETRESPONSE. This PDU is used by the SNMP agent to send a response to a management station. á SNMP GETNEXT. This PDU is used by the SNMP management station to get the value of the next object in an MIB table. This is usually used to walk through all objects in an MIB table. Management stations can be used to display all object values contained in a table using this type of message. á SNMP SET. This PDU is sent by the management station to the SNMP agent to set the value of a particular object. The MIB table must have write permission for this object. Usually a different community name (password) is used for setting a value. á SNMP TRAP. Sometimes SNMP agents need to send information about a critical event on a host. These events are sent to the management station using a special type of message known as a trap. A trap destination is a management station available to receive traps. One or more trap destinations can be configured in Solaris using the SNMP agent configuration files.

SNMP in Solaris SNMP agent in Solaris works in a master agent–subagent model. An SNMP master agent is started at boot time. The master agent snmpdx is present in the /usr/lib/snmp directory. It is started by the /etc/rc3.d/S76snmpdx initialization script in run level 3. It starts listening to UDP port number 161 for SNMP requests. It reads different configuration files and invokes various subagents. It also opens another port to listen to traps sent to master subagent from subagents. Depending on its configuration, it forwards these traps to one or more SNMP management stations for notification. The master agent has the following functions: á Invokes subagents á Sends requests to subagents á Receives response from subagents á Communicates with SNMP management stations á Receives traps from subagents á Sends traps to SNMP management stations

Agent Configuration Files The master agent on Solaris has various configuration files, as listed next in this section. The default location of these files is the /etc/snmp/conf and /var/snmp directories. The following are the main files used for the SNMP agent configuration on Solaris: á Master agent resource configuration file. This file is used by the master agent only. This file contains information about all subagents managed by the master agent. á Agent registration file. Each agent has its own registration file. Among other information about the subagent, the file includes the following information: • Name of the subagent • OIDs of the subtree managed by the subagent

FAST FACTS

407

• Preferred port number

The /etc/inet/hosts File

• Request timeout

This is the basic and oldest host name resolution method. It was used for quite some time on the Internet. Now it is used only for small private networks. The /etc/inet/hosts file is a simple text file. Each line in this file represents one entry for a hostname. Lines starting with hash symbol (#) are comment lines. Each line starts with IP address followed by a hostname. The last part of the line is optional and it is used to represent aliases for the hostname. A typical file is shown here:

• Macros á Agent access control files. Both master agent and subagents use the agent access control files. They contain information about community names and traps. In addition to these files, the master agent also has a status file that keeps information about spawned subagents and process IDs.

REVERSE HOSTNAME RESOLUTION Reverse hostname resolution is used to discover an IP address when a host name is specified. Almost all the hostname resolution methods are used for both forward and reverse hostname resolution. Many systems need reverse hostname resolution for security and other purposes. When a system receives an incoming connection request, for example, it contains the IP address of the client machine. Before you allow or deny this connection request, you need to know whether the requesting system is trusted. Now if you need to compare the hostname for that IP address from a list of trusted hosts, you need to discover the hostname corresponding to that IP address. Reverse hostname resolution is useful in this case. An example of hostname resolution is the use of commands that start with r (for instance, rlogin). If you use the /etc/inet/hosts file for hostname resolution, reverse hostname resolution is automatically enabled. If you use DNS, however, you have to create another file to allow reverse hostname resolution.

# # Internet host # 127.0.0.1 192.168.2.222 192.168.2.11 192.168.2.1 192.168.29.28 192.168.30.30

table localhost fana loghost laptop desktop fana-nt kaka

During the hostname resolution, lines are scanned from top to bottom in this file and the first matching entry is taken. So if there are multiple entries for a hostname in this file, only the first entry is used each time and the following entries are never used.

Types of DNS Servers There are three main types of DNS servers: á Primary domain name server. Each domain must have a primary domain name server. This server is registered on the Internet for the domain name to be visible. The primary name server is an authority over a domain or zone. The DNS administrator maintains database files on the primary domain name server. This domain name server is responsible for resolving all hosts in a domain or zone. One or more secondary domain

408

FAST FACTS

name servers may act as backup to the primary name server. The primary domain name server enforces an expiration policy for host name records after which secondary name servers refresh their databases. The IP address and host name for the primary name server is a public address known to everyone on the Internet. á Secondary domain name server. A secondary name server is used to back up the primary name server. There may be one or more secondary name servers. Secondary name servers are used when a primary name server does not respond. Secondary name servers copy database files from the primary name server periodically. One or more secondary name server addresses are also public and known on the Internet. á Caching domain name server. The caching name server itself does not have any database files. This is used to resolve hostnames on remote networks using some other name servers. It keeps record of previously resolved hostnames and is used for one of the following reasons: • To speed up hostname resolution using the cache • To offload a host name resolution task from the main domain name server • To reduce network traffic on large networks Because a caching name server does not have its own database, persons and organization that don’t have any authority on a domain or zone may also use it.

Configuring the Domain Name Server The domain name server configuration process involves the following steps: 1. Register a domain name. 2. Create a list of host names and their IP addresses. 3. Create the /etc/named.conf file. 4. Create zone data files. After this, you can start in.named from the command line, or it will automatically start at the next bootup.

Resource Record Types Information in zone data files is stored in a special format. Pieces of this information are called resource records (RRs). Each resource has a particular meaning and keyword associated with it. Standard RRs include the following: á Start of Authority resource record (SOA). This RR marks the beginning of a zone data. It also defines default parameters for the zone. These default parameters include serial number, refresh time, TTL value, and so on. A typical SOA RR looks like this: @ IN SOA fana.boota.org ➥postmaster.fana.boota.org ( 2001041602 ; Serial 10800 ; ➥Refresh - 180 Minutes 1800 ; Retry ➥- 30 minute 1209600 ; ➥Expire - 2 Weeks 43200) ; ➥Minimum TTL - 12 Hours

FAST FACTS

The SOA RR is present in the start of all zone files, and it contains the name of the primary domain name server. In the preceding example, the primary domain name server is fana.boota.org. The next thing in the RR is the technical contact person name, which is postmaster.fana.boota.org. Note that there is no at symbol (@) after the username, instead there is a dot character. The next thing is the serial number, which is used as a version for RRs. It should be incremented whenever you modify DNS zone files. This example uses a popular way of representing serial numbers, the form YYYYMMDD##. Two characters on the right side show the version number, which is 02 in this example. Other numbers in the serial number are used to represent the date of modification. á Name Server resource record (NS). The Name Server RR is used to list name servers for a domain or zone. Typical entries for the NS record in zone files are listed here: ; ; Nameservers ; boota.org.

IN IN

NS NS

fana.boota.org kaka.boota.org

á Address resource record (A). This RR is used to specify the IP address for a host in a DNS database. The A record may be used with absolute or relative host names. The absolute host name is a fully qualified host name. A relative name is just a short form of the host name. The domain name is appended to it by the DNS itself. ; ; use of absolute hostname fant.boota.org. IN A ➥192.168.2.100 ; use of relative hostname lota IN ➥192.168.2.210

A

409

In the previous example, lota is equivalent to lota.boota.org. á Mail Exchanger resource record (MX). The MX RRs are used for hosts that are responsible to exchange email for a domain. A preference value is used with MX records to prefer a server to another. The lower preference value server is used first as an email exchanger. Typical email exchanger resource records include the following: ; email email2

IN IN IN IN

A A MX MX

192.168.2.20 192.168.2.21 5 email 10 email2

Now the first preference goes to host email, which will be used as the mail exchanger. If this is not available, host email2 will act as the backup email exchanger. á The Pointer resource record (PTR). This is a pointer type resource record. This resource record is usually used for reverse host name resolution. á The Canonical Name resource record (CNAME). This record is used to define aliases for a host name. The situation arises when you have multiple services running on the same machine. If you are running an FTP server and a web server on the same host (not a good idea from security point of view!), for example, you can use two names for the same machine, as shown here: www ftp

IN IN

A CNAME

192.168.2.30 www

The CNAME RR is very useful when you are moving services from one host to another host. In this case, you just need to change the CNAME entry in the DNS, and the client won’t even notice any change at all.

410

FAST FACTS

á The HINFO resource record. This record is used to provide host information. It may list hardware information and operating system. You can include a HINFO record for each host. From a security point of view, however, it is not desirable to include HINFO records in zone data files. A typical HINFO record is as shown here: fana

IN

HINFO

ultra-5

UNIX

á The TXT resource record. This record provides text information. Any text information of any type about a host can be provided using this record. A typical record is shown here: fana IN TXT ➥present in my home”

á Type of a server, whether primary, secondary, or caching-only á Logging options á Security options The file contains statements and each statement ends with a semicolon. A statement may be in the form of a block, and a block also ends with a semicolon. Some statements that can be included in this file are listed in Table 15. TABLE 15

“this host is

á The WKS resource record. This record provides information about well-known services. This record provides a list of well-known services available on a host. This RR is not desirable from a security point of view. A typical WKS RR is as shown here: fana IN WKS 192.168.2.222 ➥( smtp netstat nntp )

S TAT E M E N T S T O B E I N C L U D E D / E T C / N A M E D. C O N F F I L E Statement

Description

ACL

Used to control access to DNS.

Include

Include a file at this point. This is useful when you use multiple files for DNS data.

Key

Security key used for authentication and authorization.

Logging

Used to log server information.

Options

Used to control options and default values.

Server

Configuration for a remote server. Also used to specify options on a per-server basis.

Zone

Used to define a zone and selectively apply options on a per-zone basis.

TCP

When you configure a primary name server, you create one boot configuration file (/etc/named.conf ) and multiple zone data files. The DNS daemon in Solaris is in.named and is started using /etc/init.d/inetsvc startup script.

IN THE

Configuring the /etc/named. conf File The named.conf file contains important information used by the in.named daemon on Solaris at boot time. This information contains the following: á Name of the directory where the DNS zone data files are stored á Names of zones á Names of zone data files

Configuring DNS Client Configuring Solaris as a DNS client is a two-step process. First, you have to configure the machine to use DNS as the host name resolution service. DNS may be configured as the primary hostname resolution service or you can fall back to another service, such as /etc/inet/hosts. This is done with the help of the /etc/nsswitch.conf file. The next step is to configure IP

FAST FACTS

addresses for available domain name servers. This is done through the /etc/resolv.conf file. The client resolves the host name by using two basic library routines known as gethostbyname() and gethostbyaddr(). Cumulatively, these are called the resolver library and are responsible for mapping host names to IP addresses and vice versa.

Configuring /etc/resolv.conf Typical entries in the /etc/resolv.conf file are as follows: domain boota.org search boota.org nameserver 192.168.2.222 nameserver 192.168.2.200

This file has two types of entries. The first line shows that we are part of domain boota.org. The second line shows which hostnames may be resolved without specifying a fully qualified hostname. This means that if you try to resolve a hostname fana, the resolver will first append the domain name to the host, making it fana.boota.org and will try to resolve it.

Configuring /etc/nsswitch.conf This file controls which mechanism is used for host name resolution. Selection of a particular method for resolving hostnames is done using the /etc/nsswitch.conf file, as shown here: passwd: files group: files # You must also set up the /etc/resolv.conf file ➥for DNS name # server lookup. See resolv.conf(4). hosts: dns [NOTFOUND=continue] files networks: files protocols: files rpc: files ethers: files netmasks: files bootparams: files publickey: files # At present there isn’t a ‘files’ backend for ➥netgroup; the system will # figure it out pretty quickly, and won’t use ➥netgroups at all. netgroup: files

411

automount: files aliases: files services: files sendmailvars: files

Lines starting with the hash symbol (#) are comment lines as with other Solaris configuration files. Lines starting with word hosts control which hostname resolution service will be used. Multiple services may be configured, as shown in the sample file. Here if DNS fails to resolve a hostname, we fall back to /etc/inet/hosts file represented by keyword files on this line. Each service returns a code for hostname resolution, which is used to choose a fallback method. These codes are listed in Table 16. TABLE 16

CODES RETURNED BY HOSTNAME RESOLUTION SERVICES Code

Description

SUCCESS

The hostname resolution was successful.

UNAVAL

The service is not responding.

NOTFOUND

The service is available, but the hostname entry is not found.

TRYAGAIN

The service is busy at this time, but may respond if you try again.

DNS Troubleshooting When troubleshooting DNS, first verify that both the server and client are working well. Use one of these methods: á Test DNS with nslookup. You have already used the nslookup utility, which is the most widely used tool to troubleshoot DNS problems. If this command fails, either the DNS server, the client, or both are not configured properly.

412

FAST FACTS

á Test with the netstat command. The netstat command shows you whether the DNS port is open and whether in.named is listening to it. This command proves helpful for troubleshooting the DNS server. á Test with Telnet. A simple Telnet session will reveal whether in.named is accepting incoming connections. You have to telnet to port 53 on the name server. If in.named is accepting the connection, telnet will succeed. If in.named is not accepting incoming connections, telnet will fail.

TIME SOURCES AND CONFIGURING AN NTP SERVER NTP implementation on Solaris 8 can use many reference time sources. These reference time sources include, but are not limited to, the following: á A reference time server on a local network or on the Internet. á A global positioning satellite system receiver card installed inside the host. á A broadcast signal from NIST (National Institute of Standards and Technology) or some other broadcast service. A server may use its own clock as a reference time source. On startup, the NTP daemon xntpd reads its configuration file /etc/inet/ntp.conf. Lines starting with the hash symbol (#) in this file are treated as comment lines. Blank lines are ignored. The basic one-line configuration file that can be used to start NTP server is as shown here: broadcast 192.168.2.255

After creating the /etc/inet/ntp.conf file with this line, you can start NTP server with the following command: /etc/init.d/xntpd start

A running server may be stopped using the following command: /etc/init.d/xntpd stop

If the configuration file is present, the server will start automatically at boot time. Solaris comes with a sample server configuration file, /etc/inet/ntp.server, which can be used as an example to configure your NTP server.

Configuring NTP Clients An NTP client can be configured in two basic ways: as a broadcast client or as a polling client. A broadcast client listens to messages sent by the NTP server. A polling client polls a server periodically depending on the accuracy of the local clock. A sample client script is present as /etc/inet/ntp.client and can be copied as /etc/inet/ntp.conf to configure a host as a client. To configure a client as a broadcast client, use the following line in the configuration file: broadcastclient

The broadcast method is used to discover NTP server(s) present on the network. A multicast client acts the same way as the broadcast client. However, you have to enter multicast address in the configuration file. The standard multicast address used with NTP is 124.0.1.1. The following line configures a client as a multicast client: multicast 124.0.1.1

The server line in the configuration file configures a Solaris host as a polling client. A drift file entry is used to keep information about difference between the local time and the reference time provided by the server.

FAST FACTS

This information is used to determine how frequently polling should be to maintain the time. The xntpd daemon updates the drift file periodically, and the file should have write permissions for the daemon. The ntpdate utility is used to synchronize local time with one or more NTP server. The following command synchronizes time with server 192.168.10.10: ntpdate 192.168.10.10

Multiple server addresses can be used on the command line, and this increases reliability of the new time. The command is especially useful to run through a cron script to update time periodically.

Troubleshooting NTP A good knowledge of networking and use of proper tools can make troubleshooting NTP an easy task. If a client is not able to update its time, you first have to use the ping command to make sure that the server is reachable from the client. If the server is reachable, you can use the netstat command to make sure that the server process is running on the NTP server host. You also can use ntpq or xntpdc utilities to run certain commands on the NTP server. These utilities show a prompt where you can enter different commands. In addition to these commands, you can use the snoop command to display NTP packets. The following output of the snoop command shows that NTP client 192.168.2.10 is sending NTP requests, but NTP server is not running. This is evident from the fact that ICMP Port Unreachable message is being sent back by the NTP server: 192.168.2.10 -> fana NTP client ➥(Sat Apr 7 11:14:02 2001) fana -> 192.168.2.10 ICMP Destination ➥unreachable (UDP port 123 unreachable)

413

192.168.2.10 -> fana NTP client ➥(Sat Apr 7 11:14:34 2001) fana -> 192.168.2.10 ICMP Destination ➥unreachable (UDP port 123 unreachable) Following lines show that the NTP server is ➥servicing NTP requests. 192.168.2.10 -> fana NTP client ➥(Sat Apr 7 11:13:14 2001) fana -> 192.168.2.10 NTP server ➥(Sat Apr 7 11:13:14 2001) 192.168.2.10 -> fana NTP client ➥(Sat Apr 7 11:13:30 2001) fana -> 192.168.2.10 NTP server ➥(Sat Apr 7 11:13:30 2001)

If you run the snoop command with -v command-line option, you can see in detail what information is included in the NTP request and reply packets. The following output of the snoop command is for an incoming NTP request by a client: ETHER: ----- Ether Header ----ETHER: ETHER: Packet 9 arrived at 11:16:58.48 ETHER: Packet size = 90 bytes ETHER: Destination = 8:0:20:9e:f0:50, Sun ETHER: Source = 0:10:7a:b6:3:ce, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 76 bytes IP: Identification = 28162 IP: Flags = 0x0 IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 128 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = 4666 IP: Source address = 192.168.2.10, ➥192.168.2.10 IP: Destination address = 192.168.2.222, fana

414

FAST FACTS

STRUCTURE ADDRESSES

OF

IPV6

Each IPv6 address is a 128-bit number. IPv6 addresses are assigned to interfaces, and each interface may be assigned multiple IP addresses. Three basic types of IPv6 addresses are used: á Unicast. A unicast address is used for a single interface. á Anycast. An anycast address is used for a set of interfaces. A packet sent to an anycast address is delivered to the nearest interface. The nearest interface is calculated by a routing protocol. á Multicast. A multicast address is used for a group of interfaces, and packets sent to multicast address are delivered to all interfaces in that multicast group. Note that no broadcast address is used in IPv6. Because a much greater number of IP addresses are available in IPv6 networks, routing is an important issue. Special care must be taken to keep the routing table from growing extraordinarily. For this purpose, leading bits of each IPv6 address, known as the prefix, specify the type of the address, as shown in Table 17.

Configuring IPv6 Addresses in Solaris Configuring IPv6 in Auto Discovery mode on Solaris systems is easy. You create an empty file, /etc/hostname6.interface, to configure the IPv6 address. Next time you boot the system, the in.ndpd daemon automatically discovers different network parameters for address autoconfiguration. A site local unicast address is configured on the interface.

TABLE 17

A L L O C AT I O N O F IP V 6 A D D R E S S E S D E P E N D I N G O N P R E F I X (L E A D I N G ) B I T P AT T E R N Prefix

Allocation

0000 0000

Reserved

0000 0001

Unassigned

0000 001

Reserved for NSAP allocation

0000 010

Reserved for IPX allocation

010

Provider-based unicast addresses

100

Geographic-based unicast addresses

1111 1111

Multicast addresses

1111 1110 11

Site local use addresses

To configure an IPv6 address on the hme0 interface, create the /etc/hostname6.hme0 file. Use the following command: touch /etc/hostname6.hme0

Reboot the system and use the ifconfig command to verify that the IPv6 address is indeed configured on the interface. The following command shows that the IPv6 address fe80::a00:20ff:fe9e:f050 is configured on interface hme0: bash-2.03# ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu 1500 index 2 inet 192.168.2.222 netmask ffffff00 ➥broadcast 192.168.2.255 ether 8:0:20:9e:f0:50 lo0: flags=2000849 mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841 ➥mtu 1500 index 2 ether 8:0:20:9e:f0:50 inet6 fe80::a00:20ff:fe9e:f050/10 bash-2.03#

FAST FACTS

To make sure that the address is working properly, use the ping command: bash-2.03# ping fe80::a00:20ff:fe9e:f050 fe80::a00:20ff:fe9e:f050 is alive

The in.ndpd daemon implements the following important features: á Router discovery á Prefix discovery for IPv6 addresses á Parameter discovery á Address autoconfiguration The daemon has the configuration file, /etc/inet/ndpd. conf, which is needed only when you want the host to act as a router for IPv6. In the normal Host mode, this configuration file is not required. To configure a particular IPv6 address on an interface instead of using the auto-discovery method, you can put that address in the interface configuration file /etc/hostname6.hme0 instead of leaving it blank. You also can manually configure an IPv6 address on an interface. The following command creates a logical interface hme0:3 for IPv6. bash-2.03# ifconfig hme0:3 inet6 plumb

Use the ifconfig command to verify that the interface does exist, as shown here: bash-2.03# ifconfig -a lo0: flags=1000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu 1500 index 2 inet 192.168.2.222 netmask ffffff00 ➥broadcast 192.168.2.255 ether 8:0:20:9e:f0:50 lo0: flags=2000849 mtu 8252 index 1 inet6 ::1/128

415

hme0: flags=2000841 ➥mtu 1500 index 2 ether 8:0:20:9e:f0:50 inet6 fe80::a00:20ff:fe9e:f050/10 hme0:3: flags=2000840 ➥mtu 1500 index 2 inet6 ::/0 bash-2.03#

The following command configures an IPv6 address on the interface and brings the interface up: bash-2.03# ifconfig hme0:3 inet6 1234::abcd/64 up

You can verify the configuration using the ifconfig command. The following command shows that the IP address recently configured on the interface is being displayed: bash-2.03# ifconfig hme0:3 inet6 hme0:3: flags=2000841 ➥mtu 1500 index 2 inet6 1234::abcd/64 bash-2.03#

Use the ping command to test the newly configured IP address, as shown here: ***begin code*** bash-2.03# ping 1234::abcd 1234::abcd is alive

Using Network Troubleshooting Commands with IPv6 Addresses All the network troubleshooting and network management commands in Solaris have been modified to support IPv6. These commands include the following: á The ifconfig command á The ping command á The netstat command

416

FAST FACTS

á The ndd command á The inetd daemon á Network server daemons To use a command for only IPv6 addresses, add the command-line option. The following command shows only IPv6 interfaces:

inet6

bash-2.03# ifconfig -a inet6 lo0: flags=2000849 mtu 8252 index 1 inet6 ::1/128 hme0: flags=2000841 ➥mtu 1500 index 2 inet6 fe80::a00:20ff:fe9e:f050/10 hme0:3: flags=2000841 ➥mtu 1500 index 2 inet6 1234::abcd/64

Note that to use a command for IPv4 only, use the inet command-line option rather than inet6. For example, the following command shows only IPv4 interfaces: bash-2.03# ifconfig -a inet lo0: flags=1000849 mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843 mtu 1500 index 2 inet 192.168.2.222 netmask ffffff00 ➥broadcast 192.168.2.255 hme0:1: flags=1000843 mtu 1500 index 2 inet 199.30.29.28 netmask fffffff8 ➥broadcast 199.30.29.31 bash-2.03#

If you don’t use the inet or inet6 option, both the IPv4 and IPv6 configurations display.

These study and exam prep tips provide you with some general guidelines to help prepare for the Solaris Network Administrator exam. The information is organized into two sections. The first section addresses your pre-exam preparation activities and covers general study tips. Following this are some tips and hints for the actual test-taking situation. Before tackling those areas, however, think a little bit about how you learn.

LEARNING

AS A

PROCESS

To better understand the nature of preparation for the exams, it is important to understand learning as a process. You probably are aware of how you best learn new material. You might find that outlining works best for you, or you might need to “see” things as a visual learner. Whatever your learning style, test preparation takes place over time. Obviously, you cannot start studying for this exam the night before you take it; it is very important to understand that learning is a developmental process. And as part of that process, you need to focus on what you know and what you have yet to learn. Learning takes place when we match new information to old. You have some previous experience with computers, and now you are preparing for this certification exam. Using this book, software, and supplementary materials will not just add incrementally to what you know; as you study, you will actually change the organization of your knowledge as you integrate this new information into your existing knowledge base. This will lead you to a more comprehensive understanding of the tasks and concepts outlined in the objectives and of computing in general. Again, this happens as a repetitive process rather than a singular event. Keep this model of learning in mind as you prepare for the exam, and you will make better decisions concerning what to study and how much more studying you need to do.

Study and Exam Prep Tips

418

STUDY AND EXAM PREP TIPS

STUDY TIPS There are many ways to approach studying, just as there are many different types of material to study. The following tips, however, should work well for the type of material covered on the certification exam.

Study Strategies Although individuals vary in the ways they learn, some basic principles apply to everyone. You should adopt some study strategies that take advantage of these principles. One of these principles is that learning can be broken into various depths. Recognition (of terms, for example) exemplifies a more surface level of learning in which you rely on a prompt of some sort to elicit recall. Comprehension or understanding (of the concepts behind the terms, for example) represents a deeper level of learning. The ability to analyze a concept and apply your understanding of it in a new way represents an even deeper level of learning. Your learning strategy should enable you to know the material at a level or two deeper than mere recognition. This will help you do well on the exam. You will know the material so thoroughly that you can easily handle the recognition-level types of questions used in multiple-choice testing. You also will be able to apply your knowledge to solve new problems.

Macro and Micro Study Strategies One strategy that can lead to this deeper learning includes preparing an outline that covers all the objectives for the exam. You should delve a bit further into the material and include a level or two of detail beyond the stated objectives for the exam. Then expand the outline by coming up with a statement of definition or a summary for each point in the outline.

An outline provides two approaches to studying. First, you can study the outline by focusing on the organization of the material. Work your way through the points and subpoints of your outline with the goal of learning how they relate to one another. Be certain, for example, that you understand how each of the objective areas is similar to and different from the others. Next, you can work through the outline, focusing on learning the details. Memorize and understand terms and their definitions, facts, rules and strategies, advantages and disadvantages, and so on. In this pass through the outline, attempt to learn detail rather than the big picture (the organizational information that you worked on during the first pass through the outline). Research has shown that attempting to assimilate both types of information at the same time seems to interfere with the overall learning process. To better perform on the exam, separate your studying into these two approaches.

Active Study Strategies Develop and exercise an active study strategy. Write down and define objectives, terms, facts, and definitions. In human information-processing terms, writing forces you to engage in more active encoding of the information. Just reading over it exemplifies more passive processing. Next, determine whether you can apply the information you have learned by attempting to create examples and scenarios on your own. Think about how or where you could apply the concepts you are learning. Again, write down this information to process the facts and concepts in a more active fashion.

Commonsense Strategies Finally, you also should follow commonsense practices when studying. Study when you are alert, reduce or eliminate distractions, take breaks when you become fatigued, and so on.

STUDY AND EXAM PREP TIPS

Pre-Testing Yourself Pre-testing enables you to assess how well you are learning. One of the most important aspects of learning is what has been called meta-learning. Meta-learning has to do with realizing when you know something well or when you need to study some more. In other words, you recognize how well or how poorly you have learned the material you are studying. For most people, this can be difficult to assess objectively on their own. Practice tests are useful in that they reveal more objectively what you have learned and what you have not learned. You should use this information to guide review and further study. Developmental learning takes place as you cycle through studying, assessing how well you have learned, reviewing, and assessing again until you think you are ready to take the exam. You may have noticed the practice exam included in this book. Use it as part of the learning process. The ExamGear software on the CD-ROM also provides a variety of ways to test yourself before you take the actual exam. By using the practice exam, you can take an entire timed, practice test quite similar in nature to that of the actual Solaris exam. The ExamGear Adaptive Exam option can be used to take the same test in an adaptive testing environment. This mode monitors your progress as you are taking the test to offer you more difficult questions as you succeed. By using the Study Mode option, you can set your own time limit, focus only on a particular domain (for instance, DHCP) and also receive instant feedback on your answers. You should set a goal for your pre-testing. A reasonable goal would be to score consistently in the 90% range. See Appendix D, “Using the ExamGear, Training Guide Edition Software,” for a more detailed explanation of the test engine.

419

EXAM PREP TIPS The Solaris certification exam reflects the knowledge domains established by Sun. The exam is based on a fixed set of exam questions. The individual questions are presented in random order during a test session. If you take the same exam more than once, you will see the same number of questions, but you won’t necessarily see the exact same questions. Solaris exams are identical in terms of content coverage, number of questions, and allotted time, but the questions differ. You may notice, however, that some of the same questions appear on, or rather are shared among, different final forms. When questions are shared among multiple final forms of an exam, the percentage of sharing is generally small. Solaris exams also have a fixed time limit in which you must complete the exam. The ExamGear test engine on the CD-ROM that accompanies this book provides fixed-form exams. Finally, the score you achieve on a fixed-form exam is based on the number of questions you answer correctly. The exam’s passing score is the same for all final forms of a given fixed-form exam. Table 1 shows the format for the exam.

TABLE 1

TIME, NUMBER OF QUESTIONS, SCORE FOR EXAM Exam Solaris 8 Network Administrator Exam

AND

PA S S I N G

Time Limit in Minutes

Number of Questions

Passing %

120

58

67

420

STUDY AND EXAM PREP TIPS

Remember that you do not want to dwell on any one question for too long. Your 120 minutes of exam time can be consumed very quickly.

Putting It All Together Given all these different pieces of information, the task now is to assemble a set of tips that will help you successfully tackle the Solaris certification exam.

More Pre-Exam Prep Tips Generic exam-preparation advice is always useful. Tips include the following: á Become familiar with general network terminology and equipment. Hands-on experience is one of the keys to success. Review the exercises and the Step by Steps in the book. á Review the current exam-preparation guide on the Sun web site. á Memorize foundational technical detail, but remember that you need to be able to think your way through questions as well. á Take any of the available practice tests. We recommend the ones included in this book and the ones you can create using the ExamGear software on the CD-ROM. á Look on the Sun web site at http://suned.sun. com/US/certification/guide/index.html for samples and demonstration items.

During the Exam Session The following generic exam-taking advice that you have heard for years applies when taking this exam: á Take a deep breath and try to relax when you first sit down for your exam session. It is very important to control the pressure you may (naturally) feel when taking exams. á You will be provided scratch paper. Take a moment to write down any factual information and technical detail that you committed to shortterm memory. á Carefully read all information and instruction screens. These displays have been put together to give you information relevant to the exam you are taking. á Read the exam questions carefully. Reread each question to identify all relevant details. á Tackle the questions in the order they are presented. Skipping around will not build your confidence; the clock is always counting down. á Do not rush, but also do not linger on difficult questions. The questions vary in degree of difficulty. Don’t let yourself be flustered by a particularly difficult or verbose question. á Note the time allotted and the number of questions appearing on the exam you are taking. Make a rough calculation of how many minutes you can spend on each question and use this to pace yourself through the exam.

STUDY AND EXAM PREP TIPS

á Take advantage of the fact that you can return to and review skipped or previously answered questions. Record the questions you cannot answer confidently, noting the relative difficulty of each question, on the scratch paper provided. After you have made it to the end of the exam, return to the more difficult questions. á If session time remains after you have completed all questions (and if you aren’t too fatigued!), review your answers. Pay particular attention to questions that seem to have a lot of detail or that involved graphics.

421

á As for changing your answers, the general rule of thumb here is don’t! If you read the question carefully and completely and you thought like you knew the right answer, you probably did. Do not second-guess yourself. If as you check your answers, one clearly stands out as incorrectly marked, of course you should change it. If you are at all unsure, however, go with your first impression. If you have done your studying and follow the preceding suggestions, you should do well. Good luck!

Practice Exam

424

PRACTICE EXAM

1. Which of the following best describes the OSI reference model? Choose all that apply. A. The OSI model is just a reference model and is not actually a protocol itself. B. The OSI model is made up of five layers. C. The abbreviation OSI stands for Open Systems Interface. D. The OSI model is made up of seven layers. 2. Which of the following layers does this statement best describe? The bottommost layer of the OSI model deals with actual hardware and electrical signals, whereas the topmost layer of the OSI model deals with the actual applications that interact with networks and provides an interface to network users. Choose all that apply. A. Network layer B. Application layer C. Presentation layer D. Transport layer E. Physical layer 3. TCP/IP is a five-layer protocol. The Physical layer, for example, is used to transmit signals in the form of segments from one host to another host. Which two major protocols are used within the Transport layer?

C. UDP D. UDP 5. A local area network (LAN) is usually confined within a building and connects hosts at the departmental or group level. Which of the following options are benefits of operating a LAN? Choose all that apply. A. A LAN makes use of private cabling and is therefore less expensive to install and maintain. B. Data transfer can be much faster compared to a WAN within a LAN environment. C. Less sophisticated and inexpensive equipment is required to install a LAN compared to a WAN. D. None of the above statements are features of a LAN. 6. This device may have multiple network adapters. Each of these adapters is connected to a different network. This device receives data packets from all connected networks and forwards data packets to destination networks or hosts depending on the destination address. This device is also considered to be the collection point for sorting, filtering, dropping, and distribution of data packets. These statements best describe what type of device? A. Switch B. Bridge

A. ICMP

C. Router

B. UDP

D. Repeater

C. TCP D. IP 4. Given the following protocols, which one is used for flow control and error reporting and is part of the Network layer as well as the Transport layer? A. IP B. ARP

7. When an electrical signal travels on a cable, its shape becomes distorted because of the addition of noise and cable resistance. This distortion increases as signals travel longer distances. If the cable is too long, the signal can be distorted to such an extent that it can be hard to recognize, or the information extracted from it can become

PRACTICE EXAM

erroneous. To overcome this problem, which of the following equipment is used? A. Repeater B. Switch C. Router D. Gateway 8. Which of the following networks has hosts connected to a central location and also has a single point of failure, the hub? A. Ring network B. Star network C. Bus network D. None of the above 9. Which of the following network media types operates at 10Mbps, has a maximum length of one cable segment of 100 meters, and uses baseband signaling? A. 10BASE-2 Ethernet B. 10BASE-5 Ethernet C. 10BASE-T Ethernet D. 100BASE-T Ethernet E. Gigabit Ethernet 10. An Ethernet address is usually written as a combination of how many hexadecimal numbers separated by colon character?

11. An Ethernet frame consists of several fields. Which of the following are valid fields within an Ethernet frame? Choose all that apply. A. Start Frame Delimiter B. Length/Type C. Destination Addresses D. Preamble E. MAC 12. Analyze the following process. In a layered network protocol such as the OSI model, each layer communicates to its peer layer on another host. Each layer takes data from its upper layer, adds its own header to that data, and sends it over to the lower layer for delivery to the destination host. Which process does this statement best describe? A. Data transfer B. PDU C. Encapsulation D. None of the above 13. This section within the Ethernet frame, is a 4-byte-long field that contains the cyclic redundancy check (CRC) value. This value is used for error checking. Which of the following does this statement best describe? A. Higher layer data B. Frame check sequence

A. 4

C. Start frame delimiter

B. 6

D. Packet data

C. 8 D. 10 E. 12

425

14. This protocol is a broadcast. When a host wants to get a MAC address that corresponds to an IP address, it sends a broadcast packet on the local network. This packet basically asks all hosts on

426

PRACTICE EXAM

the local network whether they have that IP address. All hosts listen to this request and only the host with the IP address replies. The reply data packet contains the MAC address of the host. Which protocol does this statement best describe? A. RARP B. TCP C. ARP D. UDP 15. To add and publish host 192.168.2.30 with a MAC address of 23:fd:a3:45:98:20 in the Address Resolution Protocol cache, which of the following commands would you use? A. arp 192.168.2.30 23:fd:a3:45:98:20 pub B. arp -d 192.168.2.30 23:fd:a3:45:98:20 pub C. arp -f 192.168.2.30 23:fd:a3:45:98:20 pub D. arp -a 192.168.2.30 23:fd:a3:45:98:20 pub E. arp -s 192.168.2.30 23:fd:a3:45:98:20 pub 16. To remove host 192.168.2.30 with a MAC address of 23:fd:a3:45:98:20 from the Address Resolution Protocol cache, which of the following commands would you use? A. arp -r 192.168.2.30 23:fd:a3:45:98:20 B. arp -r 192.168.2.30 C. arp -d 192.168.2.30 23:fd:a3:45:98:20 D. arp -d 192.168.2.30 17. Which of the following network classes has special addresses that are known as multicast addresses? The address range starts from 224 in the leftmost octet and goes up to 240.

A. Class A networks B. Class B networks C. Class C networks D. Class D networks E. Class E networks 18. Which of the following statements best describe an IP address? Choose all that apply. A. IP addresses have 2 basic parts, the host part and the network part. B. Multiple IP addresses can be assigned to one network interface. C. IP addresses are comprised of 4 parts, and each part is an octet that is 4 bits in length. D. IP addresses are 32-bit-long numbers. 19. A netmask is a special number used to distinguish the host part and network part in an IP network. Which of the following statements are true of netmasks? Choose all that apply. A. Netmasks are written in a combination of four octets. B. All bits of the netmask that represent the network part of the address are 0s. C. The following netmask is perfectly legal: 255.255.0.255. D. With a netmask address, any 1 bit that comes after a 0 bit in the netmask would be an illegal netmask. E. A netmask defines boundaries for the host part and the network part in an IP address. 20. Which of the following class of networks has all addresses above 240 in the leftmost octet, reserved for future use and not assigned to any host or network?

PRACTICE EXAM

A. Class A B. Class B C. Class C D. Class D E. Class E 21. Which of the following class of networks starts with a bit pattern of 110 and is used for small networks? The netmask used for this class of network is 255.255.255.0. A. Class A B. Class B C. Class C D. Class D E. Class E 22. Which of the following daemons are used to support the Router Discovery Protocol (RDISC) and the Routing Information Protocol (RIP) protocol. Choose all that apply. A. in.routed B. in.rdisc C. in.route D. in.rdisk 23. Routing configuration and startup within the Solaris environment are controlled by which of the following files? Choose all that apply. A. /etc/init.d/inetinit B. /etc/defaultrouter C. /etc/gateways D. /etc/inetinit

427

24. The /etc/defaultrouter configuration file contains one or more routers that can be used as default routers. What type of information is in the /etc/gateways file within the Solaris environment? A. The /etc/gateways file contains a logical gateway for the default interface. B. The /etc/gateways file is used with the in.routed routing daemon to add active or passive gateways. C. The /etc/gateways file is linked to /etc/networks and maps network names to network addresses. D. The /etc/gateways file is the core routing file within the Solaris environment. 25. What command do you use to set up a route to network 192.168.20.0 to go through router 192.168.2.1? A. route -net 192.168.20.0/24 192.168.2.1 B. route 192.168.20.0/24 192.168.2.1 C. route -net add 192.168.20.0/24 192.168.2.1 D. route add -net 192.168.20.0/24 192.168.2.1 26. Which of the following statements best describe the Transport layer? Choose all that apply. A. The Transport layer is responsible for end-toend reliable data transfer. B. The Transport layer is responsible for starting a session. C. The Transport layer is responsible for closing a session. D. The Transport layer provides a client-server application infrastructure used by the Application layer for the client-server application environment.

428

PRACTICE EXAM

27. This daemon is a master daemon and also is called a wrapper. It gets started at boot time and can listen to incoming connection requests on behalf of many network services. Which of the following daemons does this statement best describe? A. in.rdisc B. in.routed C. inetd D. xntpd 28. Which of the following statements best describe a port number within the Solaris environment? Choose all that apply. A. A port number is an access point for a given service. B. Port numbers are used to distinguish between multiple services. C. A port number is used to distinguish among different simultaneous communication sessions. D. A port number is used at the Transport layer of the OSI model. 29. Which of the following statements is true of the client-server model? Choose all that apply. A. Applications running over TCP/IP networks usually act in a client-server model. B. A client is an application running on a host that listens to incoming connection requests and provides a particular service. C. A server is an application running on a host that listens to incoming connection requests and provides a particular service. D. A client is typically a user application that connects to a server application to request a service. E. A server is usually a user application that connects to a server application to request a service.

30. Remote Procedure Calls (RPCs) is a mechanism used to invoke service procedures on a remote network system. Which process is the main server process that handles all RPC requests? A. rpcbin.d B. rpcind C. rpcbin D. rpcbind 31. Which of the following commands is used to display and troubleshoot RPC services? A. rpcinfo B. rpcservice C. rpc D. rpclist 32. An RPC server process uses a special number known as an RPC program number, which is used to distinguish the service. When an RPC service starts up, it registers itself with the rpcbind daemon using this number. These program numbers are present in which of the following files? A. /etc/rpcd/rpc B. /etc/rpc C. /etc/rpc/rpcbind D. /etc/default/rpc 33. To display a short listing of RPC services on remote host fana, which of the following would you use? A. rpcservice -s fana B. rpcinfo -s fana C. rpc -s fana D. rpcinfo -sr fana

PRACTICE EXAM

34. The Domain Name Service (DNS) uses which of the following protocol(s) and port number(s) within the Solaris environment? Choose all that apply. A. UDP B. 57 C. TCP D. 53 35. The Network Time Protocol (NTP) uses which of the following protocol(s) and port number(s) within the Solaris environment? Choose all that apply.

37. Which of the following are valid DHCP configuration files? Choose all that apply. A. dhcp_network B. dhcptab C. /var/dhcp/dhcp D. /etc/default/dhcp 38. Which of the following DHCP configuration utilities is the DHCP network table management utility? A. dhcpconfig B. dhtadm

A. TCP

C. pntadm

B. 123

D. dhcpmgr

C. UDP D. 133 36. The Dynamic Host Control Protocol (DHCP) has several benefits within a network environment. Which of the following statements are true regarding DHCP? Choose all that apply. A. A DHCP server keeps information about IP addresses that can be allocated to hosts on a network. B. Hosts within a DHCP environment receive their network information at boot time. C. DHCP is usually not used for hosts that need static IP addresses, although it has provision to assign static IP addresses to clients. D. DHCP is usually used for hosts that need static IP addresses, because it has no provision to assign static IP addresses to clients.

429

39. This DHCP configuration file contains the type of resources that are being used for DHCP. If you are using local files to store DHCP databases, it contains a directory where these files are stored? Which of the following DHCP configuration files is being described here? A. dhcp_network B. /etc/dhcp/inittab C. dhcptab D. /etc/default/dhcp 40. To enable DHCP on the active interface hme1, which of the following commands would be used? A. ifconfig hme1 dhcp -e B. ifconfig hme1 dhcp -a C. ifconfig hme1 dhcp D. ifconfig hme1 dhcp –v

430

PRACTICE EXAM

41. A protocol data unit is the actual part of the SNMP message that conveys information to an agent or management station. There are different types of protocol data units. Which of the following is used by an SNMP management station to get the value of the next object in a MIB table? A. TRAP B. SET C. GETNEXT D. GETRESPONSE E. GET 42. The master agent on Solaris has various configuration files. Where is the default location of these files? Choose all that apply. A. /etc/snmp/conf B. /var/spool/snmp C. /etc/default/snmp/conf D. /var/snmp 43. Which of the following statements best describe the features/capabilities of the Simple Network Management Protocol (SNMP) within the Solaris environment. Choose all that apply. A. The Simple Network Management Protocol is a collection of management station(s) and network elements. B. The network elements of SNMP run a piece of software called the SNMP agent. C. The Simple Network Management Protocol is used to monitor and manage hosts on a network from local or remote locations. Information about a host is collected by the SNMP agent running on that host. D. The Simple Network Management Protocol was approved as standard in 1988 and almost all vendors use SNMP in their products now.

44. Which of the following statements best describe the Domain Name System. Choose all that apply. A. The Domain Name System is a client-server system for resolving hostnames. B. The Domain Name System provides a distributed database of hostname-to-IP address mapping. C. The Domain Name System is implemented as an Application layer protocol in TCP/IP networks. D. The Domain Name System is implemented as an Transport layer protocol in TCP/IP networks. E. Domain names are assigned in a hierarchy that is similar to the UNIX file system hierarchy. 45. Information in zone data files is stored in a special format. Pieces of this information are called resource records (RR). Which of the following are not valid resource records? Choose all that apply. A. SOA B. A C. NIS D. PTR E. MX F. CNAME G. CIX 46. A client resolves hostnames using which of the following library routines? Choose all that apply. A. gethostbyname( ) B. gethehostbyname( ) C. gethehostbyname( ) D. gethostbyaddr( )

PRACTICE EXAM

47. When configuring a DNS client, which of the following steps are part of the configuration process? Choose all that apply. A. The client needs to be configured to use DNS as a hostname resolution service. B. Configure IP addresses for available domain name servers through the /etc/resolv.conf file. C. Edit the /etc/init/host file. D. Start the DNS daemon. 48. Which of the following configuration files contains important information used by the in.named daemon on Solaris at boot time. Among other things, this file also contains information such as logging options, security options, and names of zones. A. resolv.conf B. named.conf C. hosts D. named.ca 49. Within a Network Time Protocol (NTP) environment, a client may be configured as which of the following. Choose all that apply. A. NTP server

C. The Network Time Protocol is used to synchronize clock times on different hosts on a network. D. The Network Time Protocol uses standard time port 123 for exchanging messages over IP networks. 51. When configuring multiple peer servers within a Network Time Protocol environment, which of the following statements would you add to the ntp.conf configuration file to make one peer server a preference over the others? A. pref B. prefer C. default D. preference 52. An NTP client can be configured in two basic ways: as a broadcast client or as a polling client. A broadcast client listens to messages sent by the NTP server. A polling client polls a server periodically depending on the accuracy of the local clock. A sample client script is present within the Solaris environment. This sample script may be copied as /etc/inet/ntp.conf to configure a host as which client?

B. Polling client

A. /etc/ntp/ntp.client

C. Multicast client

B. /etc/default/ntp.client

D. Broadcast client

C. /etc/ntp.client

50. Which of the following statements best describe the Network Time Protocol (NTP)? Choose all that apply. A. The Network Time Protocol is the standard Internet protocol to exchange time information among hosts connected on a network. B. The Network Time Protocol uses the standard time port 26 for exchanging messages over IP networks.

431

D. /etc/inet/ntp.client 53. Which of the following utilities is used to synchronize the local time with one or more NTP servers? A. xntpdc B. ntpupdate C. ntpdate D. ntpq

432

PRACTICE EXAM

54. Which of the following netstat commands will display the routing table within the Solaris environment? Choose all that apply.

58. When manually configuring an IPv6 address on an interface, which of the following commands creates a logical interface hme0:3 for IPv6?

A. netstat –rn

A. ifconfig hme0:3 inet6 plumb

B. netstat –a

B. ifconfig hme0 inet6 plumb

C. netstat –m

C. ifconfig hme0:3 plumb

D. netstat –rnv

D. ifconfig hme0:3 inet6 unplumb

55. When troubleshooting network problems within the Solaris environment, which of the following utilities could be used? Choose all that apply. A. netstat B. ping C. traceroute D. snoop 56. This command is used to display and amend problems with your local interface configuration within the Solaris environment. Which of the following commands does this statement best describe? A. netstat B. ndd C. ifconfig D. snoop 57. When configuring IPv6 in Auto Discovery mode on Solaris systems, you need to create an empty file (for instance, /etc/hostname6.interface), on which to configure an IPv6 address. Next time you reboot the system, which of the following daemons automatically discovers different network parameters? A. in.dpd daemon B. in.ndpd daemon C. in.npd daemon D. in.ndd daemon

PRACTICE EXAM ANSWERS 1. A, C, D. The OSI model is only a reference model for protocol developers, it is not a protocol itself. The abbreviation OSI stands for Open Systems Interface, and the OSI model is made up of seven layers (Application, Presentation, Session, Transport, Network, Data Link, and Physical). 2. B, E. The bottom layer of the OSI model is the Physical layer, which is where the actual data transfer takes place in the form of some sort of signal over a communication medium. The most commonly used medium is copper wire, and an electrical signal is used for data transfer. The top layer of the OSI model is the Application layer, which is where users interact with networks using different applications. The most common applications that every network user uses are Telnet and FTP. Using these applications, a user can connect to a particular host on a network. 3. B, C. Within the Transport layer of the TCP/IP model, two major protocols are used: the Transport Control Protocol (TCP) and User Datagram Protocol (UDP). TCP is used for reliable data transfer, whereas UDP does not provide reliability at the Transport layer level.

PRACTICE EXAM

4. D. ICMP is used for flow control and error reporting. This protocol is part of the Network layer as well as the Transport layer and is an integral part of each IP implementation, as discussed in RFC 792. The ping and traceroute commands use ICMP packets for diagnosis purposes. 5. A, B, C. A local area network (LAN) is usually confined within a building and connects hosts at the departmental or group level. Direct cable connections are used for LANs and data transmission speeds are quite high compared to wide area networks. LANs use private cabling and are less expensive to install and maintain. You also need less sophisticated and inexpensive equipment to install a LAN compared to a WAN. 6. C. A router can have multiple network adapters. Each of these adapters is connected to a different network. A router receives data packets from all connected networks and forwards data packets to destination networks or hosts depending on the destination address. A router also may be considered as the collection point for sorting, filtering, dropping, and distribution of data packets. 7. A. A repeater is a special type of equipment used to extend the length of a network segment. When an electrical signal travels on a cable, its shape becomes distorted because of the addition of noise and cable resistance. This distortion increases as signals travel longer distances. If the cable is too long, the signal can be distorted to such an extent that it can be hard to recognize it, or the information extracted from it can become erroneous. To overcome this problem, repeaters are used. A repeater takes a distorted input signal and reshapes and regenerates it. 8. B. Within a star-networked environment, all hosts are connected to a central location. This

433

central location is the hub of the network. This is the most common and low-cost solution for local area networks. Star-connected networks also have a single point of failure, the hub. However, there is no need to bring down the whole network to add or remove a host. Faulty hosts can be removed from the network and new hosts can be added without disrupting the functionality of other hosts. 9. C. 10BASE-T Ethernet operates at a 10Mbps data transmission speed. The maximum length of one cable segment is 100 meters and baseband signaling is used. This was the most popular networking scheme, but it is being replaced with 100BASE-T networks. The letter T in the name shows that you use twisted-pair cable in this type of Ethernet rather than coaxial cable. Category 3 or category 5 twisted-pair cables are used in these networks. 10. B. An Ethernet address is usually written as a combination of six hexadecimal numbers separated by colon characters. For example, a typical Ethernet address may be written as 4F:36:01:AB:94:12. 11. A, B, C, D. The Start Frame Delimiter field is a special sequence that follows the Preamble, and it shows the start of frame. The Length/Type field shows either length of the data part in the frame or the type of the frame. The destination address is the MAC address of the destination host. This 48-bit number uniquely identifies each host on a network. The destination address may be either a particular address of a host or a broadcast address, and the Preamble field is a 7-byte-long sequence of alternating 1 and 0 bits. These bits are used for synchronization purposes and to detect signals. These bits also inform listening stations that a frame is arriving.

434

PRACTICE EXAM

12. C. In a layered network protocol, such as the OSI model, each layer communicates to its peer layer on another host. Each layer takes data from its upper layer, adds its own header to that data, and sends it over to the lower layer for delivery to the destination host. The layer header contains information for the peer layer on the destination host explaining how to handle the data part of the packet. Some type of error checking is also added in the header. This process of adding a layer header to the higher layer data is called encapsulation. 13. B. The Frame Check Sequence is a 4-byte-long field that contains the cyclic redundancy check (CRC) value. This value is used for error checking. The sending side calculates the CRC and inserts this value in the Ethernet frame. The receiving side again calculates the CRC on the received frame and compares it with the received CRC. If both values are the same, it is assumed that there is no error in the frame. If the values aren’t the same, the destination host assumes that there was an error during transmission and discards the frame. 14. C. The Address Resolution Protocol is a broadcast protocol. When a host wants to get a MAC address corresponding to an IP address, it sends a broadcast packet on the local network. This packet basically asks all hosts on the local network whether they have that IP address. All hosts listen to this request and only the host with the IP address replies. The reply data packet contains the MAC address of the host. If no host on the local network has that particular IP address assigned to it, no reply is received. 15. E. When adding a published entry to the ARP cache, the correct command format is arp -s hostname etheraddress trail ].

[ temp ]

[ pub ]

[

The –s option will create an ARP entry for the host, and [ pub ] will publish this information in the ARP cache.

16. D. When removing an entry from the ARP cache, the correct command format is arp -d hostname. The -d option removes/deletes the entry from the ARP cache table. 17. D. Class D networks are special addresses and are known as multicast addresses. This address range starts from 224 in the leftmost octet and goes up to 240. The starting bit pattern of the leftmost octet is 1110. Multicast addresses are used to send the same data packet to a selected group of hosts, in contrast to broadcast packets, which are used to send a data packet to all hosts on a network. 18. A, B, D. Each IP address has two basic parts: the host part and the network part. The host part varies for each host on the network, whereas the network part is fixed for each network. Multiple IP addresses can be assigned to one network interface adapter using a technique called network aliasing, IP addresses are 32-bit-long numbers that are divided into four parts. Each of these parts is 8-bits long and is called an octet. 19. A, B, D, E. A netmask is a special number used to distinguish the host part and network part in an IP network. Netmask also is written as a combination of four octets, each octet being 8 bits in length. All bits of the netmask that represent the network part of the address are 1s, whereas bits that represent host part of the address are 0s. The general rule of thumb for netmask is that it starts with a sequence of 1 bits from the left side followed by a sequence of 0 bits. These are the only two sequences allowed in the netmask. It means that you cannot have any 1 bit that comes after a 0 bit in the netmask. The following netmask for example would be deemed to be illegal: 11111111 11111111 00000000 11111111 (that is, 255.255.0.255)

PRACTICE EXAM

20. E. With Class E networks, all addresses above 240 in the leftmost octet are reserved for future use and are not assigned to any host or network. 21. C. A Class C network starts with a bit pattern of 110 and is used for small networks. The netmask used for Class C networks is 255.255.255.0 22. A, B. The in.rdisc daemon is used to support RDISC. RIP uses the in.routed daemon and is started at the boot time. It is used to exchange routing information among hosts and routers. Both RIP and RDISC are standard TCP/IP protocols. 23. A, B, C. The /etc/init.d/inetinit file is the main network initialization script. It also is linked to the /etc/rc2.d/S69inet startup script. The /etc/defaultrouter file contains one or more routers that can be used as default routers. Usually there is only one IP address or hostname present in this file used as the router of last resort. If multiple hostnames or IP addresses are used, they are separated by white spaces. The /etc/gateways file is used with the in.routed routing daemon to add active or passive gateways. 24. B. The /etc/gateways file is used with in.routed routing daemon to add active or passive gateways. Gateways that can exchange routing information are active Gateways and gateways that can’t exchange routing information are passive gateways. 25. D. Static routes are set up using the route command. The following command sets up a route to network 192.168.20.0 to go through router 192.168.2.1: # route add -net 192.168.20.0/24 192.168.2.1

26. A, D. The Transport layer is responsible for endto-end reliable data transfer. Data received from the upper layers is divided into packets and handed over to the Network layer for transmission. This layer provides a client-server application infrastruc-

435

ture which is used by the application layer for the client-server application environment. 27. C. The inetd is a master daemon and also is called a wrapper. It gets started at boot time and can listen to incoming connection requests on behalf of many network services. When an incoming connection request is received, inetd invokes the requested server process, and a connection between a client and server is established. A configuration file for this daemon, /etc/inet/inetd.conf, is used. It provides information to the inetd daemon about which service needs to be started for a particular request. 28. A, B, D. A port number is the access point for a service. Port numbers are used to distinguish multiple services running on the same physical machine. This is analogous to different service counters in a bank. To get a particular service, you have to go to a particular counter. Similarly, you have to access different port numbers for different services. For example, you use TCP port 25 for email and port number 23 for Telnet. A port number is used at the Transport layer of the OSI model. 29. A, C, D. Network applications work in a client-server model. A server is an application running on a host that listens to incoming connection requests and provides a particular service. Clients are usually user applications that connect to server applications to request a service. Each client-server pair uses an Application layer–level protocol to exchange information. 30. D. Remote Procedure Calls (RPCs) is a mechanism used to invoke service procedures on a remote network system. The rpcbind is the main server process that handles all RPC requests. The rpcbind server must be running on the server to make a service request to that server machine.

436

PRACTICE EXAM

31. A. The rpcinfo command is used to display and troubleshoot RPC services. By default, this command lists all RPC-based services registered with rpcbind on the local host. 32. B. An RPC server process uses a special number known as RPC program number, which is used to distinguish the service. When an RPC service starts, it registers itself with the rpcbind daemon using this number. These program numbers are present in the /etc/rpc file. 33. B. To display a short listing of RPC services on remote host fana, the following command is used: rpcinfo –s fana

The -s option tells the rpcinfo utility to display a <short> listing of the output. 34. A, C, D. The Domain Name Service (DNS) uses the Transmission Control Protocol and the User Datagram Protocol within the Solaris environment, on port number 53. 35. A, B, C. The Network Time Protocol (NTP) uses the Transmission Control Protocol and the User Datagram Protocol within the Solaris environment, on port number 123. 36. A, B, C. A DHCP server keeps information about IP addresses that can be allocated to hosts. It also keeps other configuration data, such as default gateway address, DNS server address, NIS server, and so on. Hosts within a DHCP environment receive their network information at boot time. DHCP is usually not used for hosts that need static IP addresses, although it has provision to assign static IP addresses to clients. These hosts include different types of servers and routers. You need a static IP address for servers so that clients of that server always connect to the right host. 37. A, B, D. The dhcp_network file is present in the same directory as the dhcptab file. The actual

name of the file is in the NNN_NNN_NNN_ NNN notation where NNN shows octet values in the network address. The dhcptab file is a DHCP macro table file, and the /etc/default/ dhcp file contains the location of the previously mentioned two files along with other information. 38. C. The pntadm utility is the DHCP network table management utility. 39. D. The /etc/default/dhcp file contains what type of resources are being used for DHCP. If you are using local files to store DHCP databases, it contains the directory where these files are stored. The following is a default example of this file: • RUN_MODE=server • RESOURCE=files • PATH=/var/dhcp 40. C. To enable DHCP on an active interface hme1, the following ifconfig command is used with the dhcp option: # ifconfig hme1 dhcp

To then check the current DHCP status of the interface hme1, use the following command: # ifconfig hme1 dhcp status

41. C. The GETNEXT PDU is used by the SNMP management station to get the value of the next object in an MIB table. This is usually used to walk through all objects in an MIB table. Management stations can be used to display all object values contained in a table using this type of message. 42. A, D. The master agent on Solaris has various configuration files. The default location of these files is in the /etc/snmp/conf and /var/ snmp directories.

PRACTICE EXAM

43. A, B, C, D. The Simple Network Management Protocol (SNMP) is a collection of management station(s) and network elements. The network elements run a piece of software, which is called the SNMP agent. Network elements may be simple hosts, servers, routers, bridges, or anything connected to a network. The SNMP is used to monitor and manage hosts on a network from local or remote locations. The SNMP was approved as standard in 1988, and almost all vendors use SNMP in their products now. 44. A, B, C, E. The Domain Name System is a client-server system for resolving hostnames. This is implemented as an Application layer–level protocol in TCP/IP networks. The Domain Name System provides a distributed database of hostname-to-IP address mapping. Domain names are assigned in a hierarchy, which is similar to the UNIX file system hierarchy. 45. C, G. NIS and CIX are invalid resource record names. In contrast, the following resource records are valid: • SOA. This resource record marks the beginning of a zone data. It also defines default parameters for zone. These default parameters include serial number, refresh time, TTL value, and so on. • A. This resource record is used to specify the IP address for a host in the DNS database. The A record may be used with absolute or relative hostnames. Absolute hostname is a fully qualified hostname. A relative name is only a short form of hostname. The domain name is appended to it by the DNS itself. • PTR. This is a Pointer type resource record. This resource record is usually used for reverse hostname resolution. • MX. The Mail Exchanger records are used for hosts that are responsible to exchange email

437

for a domain. A preference value is used with MX records to assign preference to a server. The lower preference value server is used first as an email exchanger. • CNAME. This record is used to define aliases for a hostname. The situation arises when you have multiple services running on the same machine. 46. A, D. Clients resolve hostnames using two basic library routines, known as gethostbyname() and gethostbyaddr(). Cumulatively, these are called resolver library and are responsible for mapping hostnames to IP addresses and vice versa. 47. A, B. Configuring Solaris as a DNS client is a two-step process. First you must configure the machine to use DNS as a hostname resolution service. DNS may be configured as the primary hostname resolution service or fall back to another service, such as /etc/inet/hosts. This is done with the help of the /etc/nsswitch.conf file. The next step is to configure IP addresses for available domain name servers. This is done through the /etc/resolv.conf file. 48. B. The named.conf file contains important information used by the in.named daemon on Solaris at boot time. Among other things, this information contains the following: • Name of directory where DNS zone data files are stored • Names of zones • Names of zone data files • Type of a server, whether primary, secondary, or caching-only • Logging options • Security options

438

PRACTICE EXAM

49. B, C, D. Network Time Protocol clients can be configured as either broadcast clients, multicast clients, or as a polling client. 50. A, C, D. The Network Time Protocol is used to synchronize clock time on different hosts on a network and is the standard Internet protocol to exchange time information among hosts connected on a network. The Network Time Protocol uses standard time port 23 for exchanging messages over IP networks. 51. B. Multiple peer servers can be configured within an NTP environment. If you want to prefer one of these peer servers to others, you have to add the prefer keyword at the end of the line, as follows:

54. A, B, D. The -a option used with the netstat command will show the state of all sockets and all routing table entries. netstat used with the rn options will show network addresses as numbers and will show the routing tables. The -v option is verbose, which shows additional information for the sockets and routing tables. 55. A, B, C, D. The netstat utility is one of the most useful network troubleshooting commands. It is used for many purposes, including the display of lists for all routes defined on a host. The ping command is the basic test for routing configuration. The traceroute command is used to trace a path to the remote host, and the snoop command captures packets from the network and displays their contents.

peer 192.168.20.10 prefer

52. D. An NTP client can be configured in two basic ways: as a broadcast client or as a polling client. A broadcast client listens to messages sent by the NTP server. A polling client polls a server periodically depending on accuracy of the local clock. A sample client script is present as /etc/inet/ntp.client and may be copied as /etc/inet/ntp.conf to configure a host as a client. 53. C. The ntpdate utility is used to synchronize local time with one or more NTP servers. The following command synchronizes time with server 192.168.10.10: # ntpdate 192.168.10.10

Multiple server addresses can be used on the command line, and this increases reliability of the new time. The command is especially useful to run through a cron script to update time periodically.

56. C. The ifconfig command is used to display and amend problems with your local interface configuration. The ifconfig command is used to amend problems such as a bad netmask. A wrong netmask can also cause routing problems. 57. B. When configuring IPv6 in Auto Discovery mode on Solaris systems, you just need to create an empty file, such as the /etc/hostname6.interface, on which to configure the IPv6 address. Next time when you reboot the system, the in.ndpd daemon automatically discovers different network parameters for address autoconfiguration. A site-local unicast address is then configured on the interface. 58. A. When manually configuring IPv6 addresses on an interface, the following command creates a logical interface hme0:3 for IPv6: # ifconfig hme0:3 inet6 plumb

A P P E N D I X

A

Glossary Common Solaris terminology is presented in this appendix. To obtain a global glossary on Solaris, go to http://docs.sun.com and search for “global glossary”. At this web site, the Sun Global Glossary Collection defines all terms related to Solaris.

B bandwidth This term is used to show the capacity of a link. BGP Border Gateway Routing Protocol. This protocol is used for routing.

A

broadcast A method of sending a message to all hosts connected to a network.

active gateways These are gateways that take part in routing information exchange. Passive gateways don’t take part in routing information exchange.

bus topology A way of connecting hosts to a network. All hosts are connected to the same cable.

anycast address An IP address assigned to multiple interfaces on different hosts in IPv6. APNIC Asia Pacific Network Information Center. More information on APNIC is available at www.apnic.net

ARIN American Registry for Internet Numbers. Find more information on ARIN at www.arn.net. ARP Address Resolution Protocol. This is a network layer protocol that maps IP addresses to MAC addresses. ASN.1 Abstract Syntax Notation One. This is a syntax definition language. It is used with SNMP MIB definitions.

C caching name server This is a special type of name server that does not have any data files and has no authority over any domain or zone. It is used only to off-load primary name servers. CIDR Classless Internet Domain Routing. This technique is used in TCP/IP networks for better utilization of available IP addresses. IP address classes are ignored in CIDR. client A computer or a user application that requests a service from a server.

authentication header This is the part of an SNMP message used for authentication purposes. This contains the community name for SNMP.

client/server model A common way of designing Internet services. A server offers some services while clients connect to a server for a service.

IPv6 authentication header An extension header in IPv6 used for security purposes.

connectionless service Another name for services using the UDP protocol.

440

Appendix A

GLOSSARY

connection-oriented service Another name for services using the TCP protocol.

D

F FDDI Fiber Distributed Data Interface. This is a type of network, based on a dual, fiber-optic ring network. The data transfer rate is 100Mbps per second. It is mostly used in campus backbone networks.

default router A router to which all those packets are forwarded for which no route is available.

FQDN

DF bit This is a special bit in the IP packet header. If set, it stops packet fragmentation.

FQHN Fully qualified hostname. A long hostname that includes short hostname and domain name in which that host lies.

DHCP Dynamic Host Configuration Protocol. This protocol is used to provide network configuration to requesting hosts.

Fully qualified domain name.

FTP File Transfer Protocol. This application layer level protocol is used to transfer files over the network. The ftp command acts as an FTP client.

DHCP relay A server that acts on behalf of another DHCP server. diskless client A network system that doesn’t have its own storage space. It gets its network configuration information from another host on the network at boot time. DLPI Data Link Provider Interface. An interface used to communicate with the data link layer. DNS Domain Name System. A method of resolving hostnames to IP addresses. DNS domain Part of the Internet name resolution hierarchy that comes under one administrative authority.

H hop A way of measuring the distance between two hosts on a network. It shows in how many steps a packet takes from source to destination. host A commonly used term for a machine that has its own IP address in an IP network. It may be a personal computer, a workstation/server, or a dedicated router. hostname resolution A process of mapping hostnames to IP addresses and vice versa.

DNS zone The administrative boundary for domain name servers. DNS zone files Files where the DNS server keeps information about hostname-to-address information. domain name A common name used for a set of computers on the Internet. Each domain has a separate administration authority. DSAP Destination Service Access Point. A field used in IEEE 802.3 Ethernet frame.

I ICMP Internet Control Message Protocol. This protocol is used in TCP/IP networks for network diagnosis, error reporting, and other purposes. IETF Internet Engineering Task Force. More information on IETF is available at its web site at www.ietf.org.

Appendix A

GLOSSARY

441

IP Internet Protocol. This is the network layer protocol used in TCP/IP networks.

N

IP address

name resolution The process of mapping hostnames to IP addresses. Also called hostname resolution.

An address assigned to a hostname.

IP forwarding The process of forwarding IP packets from one network interface to another. IPng IP Next Generation. Another name used for IPv6. IPX/SPX Protocol stack used in earlier versions of Novell NetWare. ISO International Standards Organization. An international body responsible for development of standards.

L LAN Local area network. A computer network that spans a short geographical area, most commonly within a building.

M MAC address Medium access control address. Address used at the data link layer to distinguish different hosts in a network. These addresses also are called physical addresses.

name server A server that provides hostname resolution and other services. name server switch Commonly used name for the /etc/nsswitch.conf file. NCP Network Control Protocol. The original protocol that was used on ARPAnet for host-to-host communication. neighbor discovery attached links.

A way of discovering routers on

netmask The number used to separate the host and network parts in an IP address. NIS Network Information Service. A type of name service commonly used on Solaris and other UNIX systems. NIS+ Network Information Service Plus. This is a replacement for NIS, but it’s not very popular due to its complexity. node See host. The terms host and node are used interchangeably. NTP Network Time Protocol. This protocol is used for time synchronization. It uses TCP and UDP ports 123.

Master DNS server A domain name server that keeps the master copy of data files. MIB Management Information Base. An information storage scheme used to keep SNMP management information. MTU Maximum transfer units. This is the maximum size of data segment that can be transferred on a physical interface. multicast address A common IP address used for multiple hosts. All hosts that are part of that multicast address receive data packets sent to this address.

O octet An 8-bit part of an IP address. Each IP address in version 4 has four octets separated by dot characters. The value of each octet can range from 0 to 255. OSI Open System Interface. A layered network model proposed by the International Standards Organization that should be used as reference for building network protocols.

442

Appendix A

GLOSSARY

OSPF Open Shortest Path First. A commonly used hierarchical routing protocol.

ring topology An interconnection topology in which all hosts are connected in a ring fashion.

P

RIP Routing Information Protocol. This is a routing protocol that determines a route based on the number of hops from source to destination.

passive gateways Gateways that don’t take part in routing information exchange. See also active gateways. PDU Protocol data unit. This is the entity of data exchanged between peer layers on source and destination hosts.

router A device used to connect different networks. It filters and forwards network traffic from one network to other networks based on network layer addresses. RPC Remote Procedure Calls. A mechanism used to invoke service procedures on remote network servers.

physical address It is the lower-layer-level address (below the network layer) used for network interfaces. In most cases, the terms MAC address and physical address are used interchangeably.

RPC program number A special number used for each RPC service. These numbers are listed in the /etc/rpc file.

POP Post Office Protocol. This is an application layer protocol used to download email from an email server to client machines.

S

port Port is a number used as a connection point for applications. Well-defined port numbers are used for common applications such as FTP, DNS, and so on.

SAP Service access point. SAP is used by layer N in a layered network model to access services provided by its lower layer (N–1).

primary name server This is a DNS server that is authoritative over a domain or zone.

secondary name server A name server used to back up the primary name server.

protocol A set of rules and regulations used by hosts taking part in a network for communication.

server A computer or an application that provides a service to clients.

R RARP Reverse Address Resolution Protocol. A network layer protocol that does the opposite of ARP. It maps MAC addresses to IP addresses. See also ARP. RDISC Router Discovery protocol. This is an ICMP-based protocol used to discover available routers on a network. resource records These are a way to present DNS data in its zone data files.

SMTP Simple Mail Transfer Protocol. This is an application layer protocol used to transfer email. SNMP Simple Network Management Protocol. A protocol used for network management. SNMP PDU SNMP protocol data unit. The form of SNMP message used to exchange information among different SNMP components. socket A socket is a combination of an IP address and a port number. Applications use sockets in the client/server model.

Appendix A

GLOSSARY

443

SSAP Source service access point. A filed used in IEEE 802.3 Ethernet frame.

U

star topology An interconnection topology in which all hosts are connected to a central point known as a hub.

UDP User Datagram Protocol. This protocol is used in the transport layer of TCP/IP networks.

stateful autoconfiguration A process of obtaining an address and other information from a server.

unicast address single host.

stateless autoconfiguration A process of configuring a host’s own address using information available locally to a host.

V

T

VLSM Variable-length subnet mask. This is a subnetting method in which a large network can be partitioned into smaller networks of different sizes.

TCP Transmission Control Protocol. This is the transport layer protocol used in IP networks.

VPN Virtual private network. A mechanism used over the Internet to secure traffic between two points.

TCP/IP Transmission Control Protocol / Internet Protocol. A set of protocols used on the Internet. IP is used at the network layer level and TCP is used at the transport layer level. Other protocols are an essential part of this set. Examples of these other protocols include ICMP and ARP.

An IP address that identifies a

W WAN Wide area network. A computer network that spans large areas. See also LAN.

Telnet This is used to log in to a remote machine. TOS Type of Service field. This is used in the IP header to prioritize certain data packets.

Z

TTL Time-to-Live field used in the IP header. TTL value is decremented by one at each hop. If the TTL value of an IP packet becomes zero before a packet reaches its destination, it is discarded.

zone Part of a domain that is managed by a primary name server.

tunneling A method by which one protocol packet is placed in another protocol packet for transmission over a network.

zone data files Files that contain actual host-to-IP address mapping. zone transfer The process of transferring zone data files from primary to secondary name servers.

A P P E N D I X

B

Overview of the Certification Process DESCRIPTION OF CERTIFICATION

THE

PATH

TO

Sun provides a number of different types and levels of professional certification for Java developers and Solaris administrators. The certifications directly related to the content of this Training Guide are those having to do with the Solaris 8 operating system: the Sun Certified System Administrator and the Sun Certified Network Administrator.

ABOUT THE SOLARIS 8 CERTIFICATION PROGRAM The Sun Certified Solaris 8 certifications are industry recognized certifications designed to reflect the competencies exhibited by those knowledgeable in the areas of Solaris 8 system and network administration. Each of the certifications and its requirements is discussed in the next two sections.

Sun Certified System Administrator for Solaris 8 Sun, like many of the other product vendors who have turned to a certification program, has responded to the need in the industry for standardized credentials

indicative of a certain level of expertise with the Solaris operating system. In the case of the Sun Certified System Administrator certification, it is meant to reflect a demonstrated level of knowledge and skills with the operating system including printing, security, disk management, backup, and recovery. The successful Sun Certified System Administrator for Solaris 8 candidate must pass two examinations. The two exams, 310-011 and 310-012, are referred to as Part I and Part II. Part I is, in essence, a prerequisite for Part II; you must pass the 310-011 exam before attempting the 310-012 exam. The Part I exam requires you to pass 66% of 57 questions (38 correct). You will be presented with multiple-choice, free-response, and drag-and-drop questions. You will have 90 minutes to complete the exam. The Part II exam requires you to have passed the Part I exam and then to pass 70% of 61 questions (43 correct). This exam also is based on multiple-choice, free-response, and drag-and-drop questions. You have 90 minutes to complete the exam. Sun also has suggested that scenario questions may appear on the Solaris 8 exams. Scenario questions are just multiple-choice questions with longer “stems” that present you with an information technology situation. You are typically asked what action you would take in that situation to resolve a problem or bring about a desired state. They are used in an attempt to evaluate analysis and problem-solving skills rather than just recall of factual information. The intent behind these questions is to measure more “real-world” ability to apply skills rather than simple “book” knowledge.

446

Appendix B

OVERVIEW OF THE CERTIFICATION PROCESS

Sun Certified Network Administrator for Solaris 8 With the Network Administrator certification, Sun has again responded to the need in the industry for a standardized credential. In this case, it is indicative of a more advanced level of expertise with the Solaris 8 operating system. This certification is meant to reflect a demonstrated superior level of expertise encompassing the system administrator skills and the ability to implement more complex local area networks in a client/server environment, including TCP/IP and associated protocols. To become certified as a Sun Certified Network Administrator for Solaris 8, you first must be certified as a Sun Certified System Administrator for the Solaris Operating Environment version 2.5, 2.6, 7, or 8. Then you must pass the Sun Certified Network Administrator (310-043) exam. The exam requires you to pass 67% of 58 questions (39 correct). You are given 120 minutes to complete the exam. Question formats will be similar to those for the System Administrator exams: multiplechoice, fill-in, drag-and-drop, and scenario.

HOW

TO

SCHEDULE

AN

EXAM

You can purchase your exam voucher from your local Sun Educational Services office. In the United States, you can purchase an exam voucher by calling 800-4228020. If you reside outside of the United states, contact your local Sun Educational Services office. After you have purchased your testing voucher, contact your authorized Prometric Testing Center (contact Prometric at 800-795-EXAM or www.2test.com) to schedule your exam date, time, and location; all exams take place at Authorized Prometric Testing Centers. In certain countries, you can register for exams online. Sun recommends that the price of the exam should be $150, but the cost may vary by country. You can find out how you did on the exam by going to www.galton.com/~sun/. Test results are received there after four business days have elapsed. We are confident that after working through the material in this Training Guide, you will not have to retake an exam. If this need should arise, however, be aware that Sun policy is that you must wait a minimum of two weeks before taking the exam again. Within five weeks after successfully completing all certification requirements, you will receive a welcome kit from Sun.

A P P E N D I X

C

What’s on the CD-ROM This appendix is a brief rundown of what you will find on the CD-ROM that accompanies this book. For a more detailed description of the ExamGear test engine, see Appendix D, “Using the ExamGear, Training Guide Edition Software.”

EXAMGEAR ExamGear is a test engine developed exclusively for New Riders Publishing. It is, we believe, the best test engine available because it closely emulates the look and feel of the Prometric test engine and the Solaris 8 exams. The CD contains 150 questions that reflect the content of the exam objectives and the style of the questions on the actual exam. Each time you run ExamGear, it randomly selects a set of questions from the question database, so you never take the same exam twice. In addition to providing a way to evaluate your knowledge of the exam material, ExamGear features several innovations that help you to improve your mastery of the subject matter. ExamGear also includes an adaptive testing feature that simulates the adaptive testing method into which many certification vendors eventually convert their exams.

The practice tests enable you to check your score by exam area or category, to determine which topics you need to study further. Other test preparation modes provide immediate feedback on your responses, explanations of correct answers, and even hyperlinks to the chapter in an electronic version of the book where the topic is covered. Again, for a complete description of the benefits of ExamGear, see Appendix D.

EXCLUSIVE ELECTRONIC VERSION OF TEXT The CD-ROM also contains the electronic version of this book in Portable Document Format (PDF). In addition to the links to the book that are built in to ExamGear, you can use this version to help search for terms you need to study or other book elements. The electronic version comes complete with all figures as they appear in the book.

COPYRIGHT INFORMATION DISCLAIMER

AND

New Riders Publishing’s ExamGear test engine: Copyright © 2001 New Riders Publishing. All rights reserved. Made in U.S.A.

A P P E N D I X

D

Using the ExamGear, Training Guide Edition Software This Training Guide includes a special version of ExamGear—a revolutionary new test engine designed to give you the best in certification exam preparation. ExamGear offers sample and practice exams for many of today’s most in-demand technical certifications. This special Training Guide Edition is included with this book as a tool to utilize in assessing your knowledge of the Training Guide material while also providing you with the experience of taking an electronic exam. The focus of the exam questions is on the material covered in the Training Guide. This appendix describes in detail what ExamGear, Training Guide Edition is, how it works, and what it can do to help you prepare for the exam.

EXAM SIMULATION One of the main functions of ExamGear, Training Guide Edition is exam simulation. To prepare you to take the actual vendor certification exam, the Training Guide Edition of this test engine is designed to offer the most effective exam simulation available.

Question Quality The questions provided in the ExamGear, Training Guide Edition simulations are written to high standards of technical accuracy. The questions tap the content of the Training Guide chapters and help you assess and review your knowledge before you take the actual exam.

Interface Design The ExamGear, Training Guide Edition exam simulation interface provides you with the experience of taking an electronic exam. This enables you to effectively prepare for taking the actual exam by making the test experience a familiar one. Using this test simulation can help eliminate the sense of surprise or anxiety that you might experience in the testing center, because you will already be acquainted with computerized testing.

STUDY TOOLS ExamGear provides you with several learning tools to help prepare you for the actual certification exam.

450

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

Effective Learning Environment The ExamGear, Training Guide Edition interface provides a learning environment that not only tests you through the computer, but also teaches the material you need to know to pass the certification exam. Each question comes with a detailed explanation of the correct answer and provides reasons why the other options were incorrect. This information helps to reinforce the knowledge you have already and also provides practical information you can use on the job.

Automatic Progress Tracking ExamGear, Training Guide Edition automatically tracks your progress as you work through the test questions. From the Item Review tab (discussed in detail later in this appendix), you can see at a glance how well you are scoring by objective, by chapter, or on a question-by-question basis (see Figure D.1). You also can configure ExamGear to drill you on the skills you need to work on most.

HOW EXAMGEAR, TRAINING GUIDE EDITION WORKS ExamGear comprises two main elements: the interface and the database. The interface is the part of the program that you use to study and to run practice tests. The database stores all the question and answer data.

Interface The ExamGear, Training Guide Edition interface is designed to be easy to use and provides the most effective study method available. The interface enables you to select from the following modes: á Study mode. In this mode, you can select the number of questions you want to see and the time you want to allow for the test. You can select questions from all the chapters or from specific chapters. This enables you to reinforce your knowledge in a specific area or strengthen your knowledge in areas pertaining to a specific objective. During the exam, you can display the correct answer to each question along with an explanation of why it is correct. á Practice Exam mode. In this mode, you take an exam designed to simulate the actual certification exam. Questions are selected from all test objective groups. The number of questions selected and the time allowed are set to match those parameters of the actual certification exam.

F I G U R E D. 1 Item review.

á Adaptive Exam mode. In this mode, you take an exam simulation using the adaptive testing technique. Questions are taken from all test objective groups. The questions are presented in a way that ensures your mastery of all the test objectives. After you have a passing score or if you reach a point where it is statistically impossible for you to pass, the exam ends. This method provides a rapid assessment of your readiness for the actual exam.

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

Note: The current Solaris 8 exams are not adaptive and it is not known whether Sun and Prometric will provide an exam in this format. However, most certification vendors eventually adopt this format because of the advantages it provides in the areas of efficiency and security.

451

An Internet connection is not required for the software to work, but it is required for online registration and to download product updates. á A web browser. A web browser is not required for the software to work, but it is invoked from the Online, Web Sites menu option.

Database The ExamGear, Training Guide Edition database stores a group of around 150 test questions and answers. The questions are organized by chapters.

INSTALLING AND REGISTERING EXAMGEAR, TRAINING GUIDE EDITION This section provides instructions for ExamGear, Training Guide Edition installation and describes the process and benefits of registering your Training Guide Edition product.

Requirements ExamGear requires a computer with the following: á Microsoft Windows 95, Windows 98, Windows NT 4.0, Windows 2000, or Windows ME. A Pentium or later processor is recommended. á 20–30MB free disk space. á A minimum of 32MB of RAM. As with any Windows application, the more memory, the better your performance. á A connection to the Internet.

Installing ExamGear, Training Guide Edition Install ExamGear, Training Guide Edition by running the setup program on the ExamGear, Training Guide Edition CD. Follow these instructions to install the Training Guide Edition on your computer: 1. Insert the CD in your CD-ROM drive. The AutoRun feature of Windows launches the software. If you have AutoRun disabled, click Start and choose Run. Go to the root directory of the CD and choose START.EXE. Click Open and then click OK. 2. Click the button in the circle. A Welcome screen appears. From here you can install ExamGear. Click the ExamGear button to begin installation. 3. The Installation Wizard appears onscreen and prompts you with instructions to complete the installation. Select a directory on which to install ExamGear, Training Guide Edition. 4. The Installation Wizard copies the ExamGear, Training Guide Edition files to your hard drive, adds ExamGear, Training Guide Edition to your Program menu, adds values to your Registry, and installs the test engine’s DLLs to the appropriate system folders. To ensure that the process was successful, the setup program finishes by running ExamGear, Training Guide Edition.

452

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

5. The Installation Wizard logs the installation process and stores this information in a file named INSTALL.LOG. This log file is used by the uninstall process in the event that you choose to remove ExamGear, Training Guide Edition from your computer. Because the ExamGear installation adds Registry keys and DLL files to your computer, it is important to uninstall the program appropriately (see the section “Removing ExamGear, Training Guide Edition from Your Computer”).

usability and usefulness of this product. It takes only a few seconds to fill out and transmit the registration data. A confirmation dialog box appears when registration is complete. After you have registered and transmitted this information to New Riders, the registration option is removed from the pull-down menus.

Registration Benefits Registering enables New Riders to notify you of product updates and new releases.

Registering ExamGear, Training Guide Edition The Product Registration Wizard appears when ExamGear, Training Guide Edition is started for the first time, and ExamGear checks at startup to see whether you are registered. If you are not registered, the main menu is hidden, and a Product Registration Wizard appears. Remember that your computer must have an Internet connection to complete the Product Registration Wizard. The first page of the Product Registration Wizard details the benefits of registration; however, you can always elect not to register. The Show This Message at Startup Until I Register option enables you to decide whether the registration screen should appear every time ExamGear, Training Guide Edition is started. If you click the Cancel button, you return to the main menu. You can register at any time by selecting Online, Registration from the main menu. The registration process is composed of a simple form for entering your personal information, including your name and address. You are asked for your level of experience with the product you are testing on and whether you purchased ExamGear, Training Guide Edition from a retail store or over the Internet. The information will be used by our software designers and marketing department to provide us with feedback about the

Removing ExamGear, Training Guide Edition from Your Computer In the event that you elect to remove the ExamGear, Training Guide Edition product from your computer, an uninstall process has been included to ensure that it is removed from your system safely and completely. Follow these instructions to remove ExamGear from your computer: 1. Click Start, Settings, Control Panel. 2. Double-click the Add/Remove Programs icon. 3. A list of software installed on your computer displays. Select ExamGear, Training Guide Edition from the list and click the Add/Remove button. The ExamGear, Training Guide Edition software is then removed from your computer. It is important that the INSTALL.LOG file be present in the directory where you have installed ExamGear, Training Guide Edition should you ever choose to uninstall the product. Do not delete this file. The INSTALL.LOG file is used by the uninstall process to safely remove the files and Registry settings that were added to your computer by the installation process.

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

453

USING EXAMGEAR, TRAINING GUIDE EDITION

The Practice Exam mode has many of the same options as Study mode, but you cannot reveal the answers. This way, you have a more traditional testing environment with which to practice.

ExamGear is designed to be user-friendly and very intuitive, eliminating the need for you to learn some confusing piece of software just to practice answering questions. Because the software has a smooth learning curve, your time is maximized because you start practicing almost immediately.

The Adaptive Exam mode questions continuously monitor your expertise in each tested topic area. If you reach a point at which you either pass or fail, the software ends the examination. As in the practice exam, you cannot reveal the answers.

General Description of How the Software Works ExamGear has three modes of operation: Study mode, Practice Exam mode, and Adaptive Exam mode (see Figure D.2). All three sections have the same easy-to-use interface. Using Study mode, you can hone your knowledge as well as your test-taking abilities through the use of the Show Answers option. While you are taking the test, you can expose the answers along with a brief description of why the given answers are right or wrong. This enhances your understanding of the material presented.

Menu Options The ExamGear, Training Guide Edition interface has an easy-to-use menu that provides the options listed in the following table. Menu

Command

Description

File

Print

Prints the current screen.

Print Setup

Enables you to select the printer.

Exit ExamGear

Exits the program.

Registration

Starts the Registration Wizard and enables you to register online. This menu option is removed after you have successfully registered the product.

Online

Check for Product Updates

Help

F I G U R E D. 2 The opening screen offers three testing modes.

Opens the ExamGear web site with available updates.

Web Sites

Opens the web browser with either the New Riders Publishing or ExamGear home pages.

Contents

Opens ExamGear, Training Guide Edition’s Help file.

About

Displays information about ExamGear, Training Guide Edition, including serial number, registered owner, and so on.

454

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

File

Starting a Study Mode Session

The File menu enables you to exit the program and configure print options.

Study mode enables you to control the test in ways that actual certification exams do not allow:

Online

á You can set your own time limits.

In the Online menu, you can register ExamGear, Training Guide Edition, check for product updates (update the ExamGear executable as well as check for free, updated question sets), and surf applicable web sites. The Online menu is always available, except when you are taking a test.

á You can concentrate on selected skill areas (chapters).

Registration Registration is free and enables you access updates. Registration is the first task that ExamGear, Training Guide Edition asks you to perform. You will not have access to the free product updates if you do not register.

Check for Product Updates This option takes you to ExamGear, Training Guide Edition’s web site, where you can update the software. You must be connected to the Internet to use this option. The ExamGear web site lists the options that have been made available since your version of ExamGear was installed on your computer.

á You can reveal answers or have each response graded immediately with feedback. á You can restrict the questions you see again to those missed or those answered correctly a given number of times. á You can control the order in which questions are presented—random order or in order by skill area (chapter). To begin testing in Study mode, click the Study Mode button from the main Interface screen. You are presented with the Study Mode configuration page (see Figure D.3).

Web Sites This option provides a convenient way to start your web browser and connect to either the New Riders or ExamGear home page.

Help As it suggests, this menu option gives you access to ExamGear’s Help system. It also provides important information such as your serial number, software version, and so on.

F I G U R E D. 3 The Study Mode configuration page.

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

At the top of the Study Mode configuration screen, you see the Exam drop-down list. This list shows the activated exam that you have purchased with your ExamGear, Training Guide Edition product, as well as any other exams you may have downloaded or any preview exams that were shipped with your version of ExamGear. Select the exam with which you want to practice from the drop-down list. Below the Exam drop-down list, you see the questions available for the selected exam. Each exam has at least one question set. You can select the individual question set or any combination of the question sets if more than one is available for the selected exam. Below the Question Set list is a list of skill areas or chapters on which you can concentrate. These skill areas or chapters reflect the units of exam objectives defined by Sun for the exam. Within each skill area you will find several exam objectives. You can select a single skill area or chapter to focus on, or you can select any combination of the available skill areas/chapters to customize the exam to your individual needs. In addition to specifying which question sets and skill areas you want to test yourself on, you also can define which questions are included in the test based on your previous progress working with the test. ExamGear, Training Guide Edition automatically tracks your progress with the available questions. When configuring the Study mode options, you can opt to view all the questions available within the question sets and skill areas you have selected, or you can limit the questions presented. Choose from the following options: á Select from All Available Questions. This option causes ExamGear, Training Guide Edition to present all available questions from the selected question sets and skill areas.

455

á Exclude Questions I Have Answered Correctly X or More Times. ExamGear offers you the option to exclude questions that you have previously answered correctly. You can specify how many times you want to answer a question correctly before ExamGear considers you to have mastered it. (The default is two times.) á Select Only Questions That I Have Missed X or More Times. This option configures ExamGear, Training Guide Edition to drill you only on questions that you have missed repeatedly. You may specify how many times you must miss a question before ExamGear determines that you have not mastered it. (The default is two times.) At any time, you can reset ExamGear, Training Guide Edition’s tracking information by clicking the Reset button for the feature you want to clear. At the upper-right side of the Study Mode configuration page, you can see your access level to the question sets for the selected exam. Access levels are either Full or Preview. For a detailed explanation of each of these access levels, see the section “Obtaining Updates” in this appendix. Under your access level, you see the score required to pass the selected exam. Below the required score, you can select whether the test will be timed and how much time will be allowed to complete the exam. Select the Stop Test After 90 Minutes check box to set a time limit for the exam. Enter the number of minutes you want to allow for the test. (The default is 90 minutes.) Deselecting this check box enables you to take an exam with no time limit. You also can configure the number of questions included in the exam. The default number of questions changes with the specific exam you have selected. Enter the number of questions you want to include in the exam in the Select No More than X Questions option.

456

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

You can configure the order in which ExamGear, Training Guide Edition presents the exam questions. Select from the following options: á Display Questions in Random Order. This option is the default option. When selected, it causes ExamGear, Training Guide Edition to present the questions in random order throughout the exam. á Order by Skill Area. This option causes ExamGear to group the questions presented in the exam by skill area. All questions for each selected skill area are presented in succession. The test progresses from one selected skill area to the next, until all the questions from each selected skill area have been presented. ExamGear offers two options for scoring your exams. Select one of the following options: á Grade at the End of the Test. This option configures ExamGear, Training Guide Edition to score your test after you have been presented with all the selected exam questions. You can reveal correct answers to a question; but if you do, that question is not scored. á Grade as I Answer Each Question. This option configures ExamGear to grade each question as you answer it, providing you with instant feedback as you take the test. All questions are scored unless you click the Show Answer button before completing the question. You can return to the ExamGear, Training Guide Edition main startup screen from the Study Mode configuration screen by clicking the Main Menu button. If you need assistance configuring the Study mode exam options, click the Help button for configuration instructions.

After you have finished configuring all the exam options, click the Start Test button to begin the exam.

Starting Practice Exams and Adaptive Exams This section describes the practice and adaptive exams, defines the differences between these exam options and the Study mode option, and provides instructions for starting them.

Differences Between the Practice and Adaptive Exams and Study Mode Question screens in the practice and adaptive exams are identical to those found in Study mode, except that the Show Answer, Grade Answer, and Item Review buttons are not available while you are in the process of taking a practice or adaptive exam. The practice exam provides you with a report screen at the end of the exam. The adaptive exam gives you a brief message indicating whether you have passed or failed the exam. When taking a practice exam, the Item Review screen is not available until you have answered all the questions. This is consistent with the behavior of most vendors’ current certification exams. In Study mode, Item Review is available at any time. When the exam timer expires, or if you click the End Exam button, the Examination Score Report screen comes up.

Starting an Exam From the ExamGear, Training Guide Edition main menu screen, select the type of exam you want to run. Click the Practice Exam or Adaptive Exam button to begin the corresponding exam type.

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

457

What Is an Adaptive Exam?

Studying for Adaptive Exams

To make the certification testing process more efficient and valid and therefore make the certification itself more valuable, some vendors in the industry are using a testing technique called adaptive testing. In an adaptive exam, the exam “adapts” to your abilities by varying the difficulty level of the questions presented to you.

Studying for adaptive exams is no different from studying for traditional exams. You should make sure that you have thoroughly covered all the material for each of the test objectives specified by the certification exam vendor. As with any other exam, when you take an adaptive exam, either you know the material or you don’t. If you are well prepared, you will be able to pass the exam. ExamGear, Training Guide Edition enables you to familiarize yourself with the adaptive exam testing technique. This will help eliminate any anxiety you might experience from this testing technique and allow you to focus on learning the actual exam material.

The first question in an adaptive exam is typically an easy one. If you answer it correctly, you are presented with a slightly more difficult question. If you answer that question correctly, the next question you see is even more difficult. If you answer the question incorrectly, however, the exam “adapts” to your skill level by presenting you with another question of equal or lesser difficulty on the same subject. If you answer that question correctly, the test begins to increase the difficulty level again. You must correctly answer several questions at a predetermined difficulty level to pass the exam. After you have done this successfully, the exam is ended and scored. If you do not reach the required level of difficulty within a predetermined time (typically 30 minutes), the exam is ended and scored.

Why Do Vendors Use Adaptive Exams? Many vendors who offer technical certifications have adopted the adaptive testing technique. They have found that it is an effective way to measure a candidate’s mastery of the test material in as little time as necessary. This reduces the scheduling demands on the test taker and allows the testing center to offer more tests per test station than they could with longer, more traditional exams. In addition, test security is greater, and this increases the validity of the exam process.

ExamGear’s Adaptive Exam The method used to score the adaptive exam requires a large pool of questions. For this reason, you cannot use this exam in Preview mode. The adaptive exam is presented in much the same way as the practice exam. When you click the Start Test button, you begin answering questions. The adaptive exam does not allow item review, and it does not allow you to mark questions to skip and answer later. You must answer each question when it is presented.

Assumptions This section describes the assumptions made when designing the behavior of the ExamGear, Training Guide Edition adaptive exam: á You fail the test if you fail any chapter, earn a failing overall score, or reach a threshold at which it is statistically impossible for you to pass the exam. á You can fail or pass a test without cycling through all the questions.

458

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

á The overall score for the adaptive exam is Pass or Fail. To evaluate user responses dynamically, however, percentage scores are recorded for chapters and the overall score.

Algorithm Assumptions This section describes the assumptions used in designing the ExamGear, Training Guide Edition Adaptive Exam scoring algorithm.

Chapter Scores You fail a chapter (and the exam) if any chapter score falls below 66%.

Overall Scores To pass the exam, you must pass all chapters and achieve an overall score of 86% or higher. You fail if the overall score percentage is less than or equal to 85% or if any chapter score is less than 66%.

Inconclusive Scores If your overall score is between 67 and 85%, it is considered to be inconclusive. Additional questions will be asked until you pass or fail or until it becomes statistically impossible to pass without asking more than the maximum number of questions allowed.

Multiple Choice Most of the questions you see on a certification exam are multiple-choice (see Figure D.4). This question type asks you to select an answer from the list provided. Sometimes you must select only one answer, often indicated by answers preceded by option buttons (round selection buttons). At other times, multiple correct answers are possible, indicated by check boxes preceding the possible answer combinations. You can use three methods to select an answer: á Click the option button or check box next to the answer. If more than one correct answer to a question is possible, the answers will have check boxes next to them. If only one correct answer to a question is possible, each answer will have an option button next to it. ExamGear, Training Guide Edition prompts you with the number of answers you must select. á Click the text of the answer. á Press the alphabetic key that corresponds to the answer.

Question Types and How to Answer Them Because certification exams from different vendors vary, you will face many types of questions on any given exam. ExamGear, Training Guide Edition presents you with different question types to enable you to become familiar with the various ways an actual exam may test your knowledge. This section describes each of the question types presented by ExamGear and provides instructions for answering each type.

F I G U R E D. 4 A typical multiple-choice question.

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

You can use any one of three methods to clear an option button: á Click another option button. á Click the text of another answer. á Press the alphabetic key that corresponds to another answer. You can use any one of three methods to clear a check box: á Click the check box next to the selected answer. á Click the text of the selected answer. á Press the alphabetic key that corresponds to the selected answer. To clear all answers, click the Reset button. Remember that some of the questions have multiple answers that are correct. Do not let this throw you off. The multiple-correct questions do not have one answer that is more correct than another. In the single-correct format, only one answer is correct. ExamGear, Training Guide Edition prompts you with the number of answers you must select.

459

Standard ExamGear, Training Guide Edition Options Regardless of question type, a consistent set of clickable buttons enables you to navigate and interact with questions. The following list describes the function of each of the buttons you may see. Depending on the question type, some of the buttons will be grayed out and will be inaccessible. Buttons appropriate to the question type are active. á Run Simulation. This button is enabled if the question supports a simulation. (It is disabled for this book.) Clicking this button begins the simulation process. á Exhibits. This button is enabled if exhibits are provided to support the question. An exhibit is an image, video, sound, or text file that provides supplemental information needed to answer the question. If a question has more than one exhibit, a dialog box appears, listing exhibits by name. If only one exhibit exists, the file is opened immediately when you click the Exhibits button.

Hot Spot Questions Hot spot questions ask you to correctly identify an item by clicking an area of the graphic or diagram displayed (see Figure D.5). To respond to the question, position the mouse cursor over a graphic. Then press the right mouse button to indicate your selection. To select another area on the graphic, you do not need to deselect the first one. Just click another region in the image. F I G U R E D. 5 A typical hot spot question.

460

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

á Reset. This button clears any selections you have made and returns the question window to the state in which it appeared when it was first displayed. á Instructions. This button displays instructions for interacting with the current question type. á Item Review. This button leaves the question window and opens the Item Review screen. For a detailed explanation of the Item Review screen, see the “Item Review” section later in this appendix. á Show Answer. This option displays the correct answer with an explanation of why it is correct. If you choose this option, the current question will not be scored. á Grade Answer. If Grade at the End of the Test is selected as a configuration option, this button is disabled. It is enabled when Grade as I Answer Each Question is selected as a configuration option. Clicking this button grades the current question immediately. An explanation of the correct answer is provided, just as if the Show Answer button were pressed. The question is graded, however. á End Exam. This button ends the exam and displays the Examination Score Report screen. á << Previous. This button displays the previous question on the exam. á Next >>. This button displays the next question on the exam. á << Previous Marked. This button displays if you have opted to review questions that you have marked using the Item Review screen. This button displays the previous marked question. Marking questions is discussed in more detail later in this appendix.

á << Previous Incomplete. This button displays if you have opted to review questions that you have not answered using the Item Review screen. This button displays the previous unanswered question. á Next Marked >>. This button displays if you have opted to review questions that you have marked using the Item Review screen. This button displays the next marked question. Marking questions is discussed in more detail later in this appendix. á Next Incomplete>>. This button displays if you have opted to review questions, using the Item Review screen, that you have not answered. This button displays the next unanswered question.

Mark Question and Time Remaining ExamGear provides you with two methods to aid in dealing with the time limit of the testing process. If you find that you need to skip a question or if you want to check the time remaining to complete the test, use one of the options discussed in the following sections.

Mark Question Check this box to mark a question so that you can return to it later using the Item Review feature. The adaptive exam does not allow questions to be marked because it does not support item review.

Time Remaining If the test is timed, the Time Remaining indicator is enabled. It counts down minutes remaining to complete the test. The adaptive exam does not offer this feature because it is not timed.

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

461

Item Review The Item Review screen enables you to jump to any question. ExamGear, Training Guide Edition considers an incomplete question to be any unanswered question or any multiple-choice question for which the total number of required responses has not been selected. If the question prompts for three answers and you selected only A and C, for example, ExamGear considers the question to be incomplete. The Item Review screen enables you to review the exam questions in different ways. You can enter one of two browse sequences (series of similar records): Browse Marked Questions or Browse Incomplete Questions. You also can create a custom grouping of the exam questions for review based on a number of criteria. When using Item Review, if Show Answer was selected for a question while you were taking the exam, the question is grayed out in Item Review. The question can be answered again if you use the Reset button to reset the question status. The Item Review screen contains two tabs. The Questions tab lists questions and question information in columns. The Current Score tab provides your exam score information, presented as a percentage for each chapter and as a bar graph for your overall score.

The Item Review Questions Tab The Questions tab on the Item Review screen presents the exam questions and question information in a table (see Figure D.6). You can select any row you want by clicking in the grid. The Go To button is enabled whenever a row is selected. Clicking the Go To button displays the question on the selected row. You also can display a question by double-clicking that row.

F I G U R E D. 6 The Questions tab on the Item Review screen.

Columns The Questions tab contains the following six columns of information: á Seq. Indicates the sequence number of the question as it was displayed in the exam. á Question Number. Displays the question’s identification number for easy reference. á Marked. Indicates a question that you have marked using the Mark Question check box. á Status. The status can be M for Marked, ? for Incomplete, C for Correct, I for Incorrect, or X for Answer Shown. á Chapter Name. The chapter associated with each question. á Type. The question type, which can be MultipleChoice or Hot Spot.

462

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

To resize a column, place the mouse pointer over the vertical line between column headings. When the mouse pointer changes to a set of right and left arrows, you can drag the column border to the left or right to make the column more or less wide. Just click with the left mouse button and hold that button down while you move the column border in the desired direction. The Item Review screen enables you to sort the questions on any of the column headings. Initially, the list of questions is sorted in descending order on the sequence number column. To sort on a different column heading, click that heading. You will see an arrow appear on the column heading indicating the direction of the sort (ascending or descending). To change the direction of the sort, click the column heading again. The Item Review screen also enables you to create a custom grouping. This feature enables you to sort the questions based on any combination of criteria you prefer. For instance, you might want to review the question items sorted first by whether they were marked, then by the chapter name, and then by sequence number. The Custom Grouping feature enables you to do this. Start by checking the Custom Grouping check box (see Figure D.7). When you do so, the entire questions table shifts down a bit onscreen, and a message appears at the top of the table that reads Drag a Column Header Here to Group by That Column. Just click the column heading you want with the left mouse button, hold that button down, and move the mouse into the area directly above the Questions table (the custom grouping area). Release the left mouse button to drop the column heading into the custom grouping area. To accomplish the custom grouping previously described, first check the Custom Grouping check box. Then drag the Marked column heading into the custom grouping area above the Questions table. Next, drag the Chapter Name column heading into the custom grouping area. You will see the two column headings joined together by a line that indicates the order of the custom

F I G U R E D. 7 The Custom Grouping check box enables you to create your own question sort order.

grouping. Finally, drag the Seq column heading into the custom grouping area. This heading will be joined to the Chapter Name heading by another line indicating the direction of the custom grouping. Notice that each column heading in the custom grouping area has an arrow indicating the direction in which items are sorted under that column heading. You can reverse the direction of the sort on an individual column heading basis using these arrows. Click the column heading in the custom grouping area to change the direction of the sort for that column heading only. For example, using the custom grouping created previously, you can display the question list sorted first in descending order by whether the question was marked, in descending order by chapter name, and then in ascending order by sequence number. The custom grouping feature of the Item Review screen gives you enormous flexibility in how you choose to review the exam questions. To remove a custom grouping and return the Item Review display to its default setting (sorted in descending order by sequence number), just uncheck the Custom Grouping check box.

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

The Current Score Tab The Current Score tab of the Item Review provides a real-time snapshot of your score screen (see Figure D.8). The top half of the screen is an expandable grid. When the grid is collapsed, scores display for each chapter. Chapters can be expanded to show percentage scores for objectives and subobjectives. Information about your exam progress is presented in the following columns: á Chapter Name. This column shows the chapter name for each objective group. á Percentage. This column shows the percentage of questions for each objective group that you answered correctly. á Attempted. This column lists the number of questions you answered either completely or partially for each objective group. á Correct. This column lists the actual number of questions you answered correctly for each objective group.

463

á Answer Shown. This column lists the number of questions for each objective group that you chose to display the answer to using the Show Answer button. The columns in the scoring table are resized and sorted in the same way as those in the questions table on the Item Review Questions tab. Refer to the earlier section “The Item Review Questions Tab” for more details. A graphical overview of the score is presented below the grid. The graph depicts two red bars: The top bar represents your current exam score; the bottom bar represents the required passing score. To the right of the bars in the graph is a legend that lists the required score and your score. Below the bar graph is a statement that describes the required passing score and your current score. In addition, the information can be presented on an overall basis or by exam chapter. The Overall tab shows the overall score. The By Chapter tab shows the score by chapter. Clicking the End Exam button terminates the exam and passes control to the Examination Score Report screen. The Return to Exam button returns to the exam at the question from which the Item Review button was clicked.

Review Marked Items The Item Review screen enables you to enter a browse sequence for marked questions. When you click the Review Marked button, questions that you have previously marked using the Mark Question check box are presented for your review. While browsing the marked questions, you will see the following changes to the buttons available: F I G U R E D. 8 The Current Score tab on the item review screen.

á The caption of the Next button becomes Next Marked. á The caption of the Previous button becomes Previous Marked.

464

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

Review Incomplete The Item Review screen enables you to enter a browse sequence for incomplete questions. When you click the Review Incomplete button, the questions you did not answer or did not completely answer display for your review. While browsing the incomplete questions, you will see the following changes to the buttons: á The caption of the Next button becomes Next Incomplete. á The caption of the Previous button becomes Previous Incomplete.

Examination Score Report Screen The Examination Score Report screen appears when the study mode, practice exam, or adaptive exam ends—as the result of timer expiration, completion of all questions, or your decision to terminate early (see Figure D.9).

This screen provides you with a graphical display of your test score, along with a tabular breakdown of scores by chapter. The graphical display at the top of the screen compares your overall score with the score required to pass the exam. Buttons below the graphical display enable you to open the Show Me What I Missed browse sequence, print the screen, or return to the main menu.

Show Me What I Missed Browse Sequence The Show Me What I Missed browse sequence is invoked by clicking the Show Me What I Missed button from the Examination Score Report or from the configuration screen of an adaptive exam. Note that the window caption is modified to indicate that you are in the Show Me What I Missed browse sequence mode. Question IDs and position within the browse sequence appear at the top of the screen, in place of the Mark Question and Time Remaining indicators. Main window contents vary, depending on the question type. The following list describes the buttons available within the Show Me What I Missed browse sequence and the functions they perform: á Return to Score Report. Returns control to the Examination Score Report screen. In the case of an adaptive exam, this button’s caption is Exit, and control returns to the adaptive exam configuration screen. á Run Simulation. Opens a simulation in Grade mode, causing the simulation to open displaying your response and the correct answer. If the current question does not offer a simulation, this button is disabled.

F I G U R E D. 9 The Examination Score Report screen.

á Exhibits. Opens the Exhibits window. This button is enabled if one or more exhibits are available for the question.

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

á Instructions. Shows how to answer the current question type. á Print. Prints the current screen. á Previous or Next. Displays missed questions.

CHECKING

THE

WEB SITE

To check the New Riders home page or the ExamGear, Training Guide Edition home page for updates or other product information, choose the desired web site from the Web Sites option of the Online menu. You must be connected to the Internet to reach these web sites.

465

Free Program Updates Free program updates include changes to the ExamGear, Training Guide Edition executables and runtime libraries (DLLs). When any of these items are downloaded, ExamGear automatically installs the upgrades. ExamGear, Training Guide Edition will be reopened after the installation is complete.

Free Database Updates Free database updates include updates to the exam or exams that you have registered. Exam updates are contained in compressed, encrypted files and include exam databases and exhibits. ExamGear, Training Guide Edition automatically decompresses these files to their proper location and updates the ExamGear software to record version changes and import new question sets.

Frequently Asked Questions ExamGear FAQ can be found at http://www.newriders.com/examgear/support/faq.cfm.

OBTAINING UPDATES The procedures for obtaining updates are outlined in this section.

The Catalog Web Site for Updates Selecting the Check for Product Updates option from the Online menu shows you the full range of products you can either download for free or purchase from your web browser. You must be connected to the Internet to reach these web sites.

Types of Updates Several types of updates may be available for download, including various free updates and additional items available for purchase.

CONTACTING NEW RIDERS PUBLISHING At New Riders, we strive to meet and exceed the needs of our customers. We have developed ExamGear, Training Guide Edition to surpass the demands and expectations of network professionals seeking technical certifications, and we think it shows. What do you think? If you need to contact New Riders regarding any aspect of the ExamGear, Training Guide Edition product line, feel free to do so. We look forward to hearing from you. Contact us at the following address or phone number: New Riders Publishing 201 West 103rd Street Indianapolis, IN 46290 800-545-5914 You also can reach us on the World Wide Web: http://www.newriders.com

466

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

Technical Support Technical support is available by email or at the following phone number during the hours specified: Telephone: 317-581-3833 Email: [email protected] Monday through Friday, 10 a.m—3 p.m. Central Standard Time. You can visit the online support web site at www.newriders.com/support and submit a support request over the Internet.

Customer Service If you have a damaged product and need a replacement or refund, please call the following phone number:

LICENSE AGREEMENT YOU SHOULD CAREFULLY READ THE FOLLOWING TERMS AND CONDITIONS BEFORE BREAKING THE SEAL ON THE PACKAGE. AMONG OTHER THINGS, THIS AGREEMENT LICENSES THE ENCLOSED SOFTWARE TO YOU AND CONTAINS WARRANTY AND LIABILITY DISCLAIMERS. BY BREAKING THE SEAL ON THE PACKAGE, YOU ARE ACCEPTING AND AGREEING TO THE TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, DO NOT BREAK THE SEAL. YOU SHOULD PROMPTLY RETURN THE PACKAGE UNOPENED.

LICENSE

800-858-7674

Product Updates Product updates can be obtained by choosing ExamGear, Training Guide Edition’s Online pull-down menu and selecting Check for Products Updates. You will be taken to a web site with full details.

Product Suggestions and Comments We value your input! Please email your suggestions and comments to the following address: [email protected]

Subject to the provisions contained herein, New Riders Publishing (NRP) hereby grants to you a nonexclusive, nontransferable license to use the object-code version of the computer software product (Software) contained in the package on a single computer of the type identified on the package.

SOFTWARE AND DOCUMENTATION NRP shall furnish the Software to you on media in machine-readable object-code form and may also provide the standard documentation (Documentation) containing instructions for operation and use of the Software.

Appendix D

LICENSE TERM

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

AND

CHARGES

The term of this license commences upon delivery of the Software to you and is perpetual unless earlier terminated upon default or as otherwise set forth herein.

TITLE Title, ownership right, and intellectual property rights in and to the Software and Documentation shall remain in NRP and/or in suppliers to NRP of programs contained in the Software. The Software is provided for your own internal use under this license. This license does not include the right to sublicense and is personal to you and therefore may not be assigned (by operation of law or otherwise) or transferred without the prior written consent of NRP. You acknowledge that the Software in source code form remains a confidential trade secret of NRP and/or its suppliers and therefore you agree not to attempt to decipher or decompile, modify, disassemble, reverse engineer, or prepare derivative works of the Software or develop source code for the Software or knowingly allow others to do so. Further, you may not copy the Documentation or other written materials accompanying the Software.

UPDATES This license does not grant you any right, license, or interest in and to any improvements, modifications, enhancements, or updates to the Software and Documentation. Updates, if available, may be obtained by you at NRP’s then-current standard pricing, terms, and conditions.

LIMITED WARRANTY DISCLAIMER

467

AND

NRP warrants that the media containing the Software, if provided by NRP, is free from defects in material and workmanship under normal use for a period of sixty (60) days from the date you purchased a license to it. THIS IS A LIMITED WARRANTY AND IT IS THE ONLY WARRANTY MADE BY NRP. THE SOFTWARE IS PROVIDED “AS IS” AND NRP SPECIFICALLY DISCLAIMS ALL WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. FURTHER, COMPANY DOES NOT WARRANT, GUARANTEE, OR MAKE ANY REPRESENTATIONS REGARDING THE USE, OR THE RESULTS OF THE USE, OF THE SOFTWARE IN TERMS OR CORRECTNESS, ACCURACY, RELIABILITY, CURRENTNESS, OR OTHERWISE AND DOES NOT WARRANT THAT THE OPERATION OF ANY SOFTWARE WILL BE UNINTERRUPTED OR ERROR FREE. NRP EXPRESSLY DISCLAIMS ANY WARRANTIES NOT STATED HEREIN. NO ORAL OR WRITTEN INFORMATION OR ADVICE GIVEN BY NRP, OR ANY NRP DEALER, AGENT, EMPLOYEE, OR OTHERS SHALL CREATE, MODIFY, OR EXTEND A WARRANTY OR IN ANY WAY INCREASE THE SCOPE OF THE FOREGOING WARRANTY, AND NEITHER SUBLICENSEE OR PURCHASER MAY RELY ON ANY SUCH INFORMATION OR ADVICE. If the media is subjected to accident, abuse, or improper use, or if you violate the terms of this Agreement, then this warranty shall immediately be

468

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

terminated. This warranty shall not apply if the Software is used on or in conjunction with hardware or programs other than the unmodified version of hardware and programs with which the Software was designed to be used as described in the Documentation.

LIMITATION

OF

LIABILITY

Your sole and exclusive remedies for any damage or loss in any way connected with the Software are set forth below. UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, TORT, CONTRACT, OR OTHERWISE, SHALL NRP BE LIABLE TO YOU OR ANY OTHER PERSON FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, LOSS OF PROFIT, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, OR FOR ANY OTHER DAMAGES EVEN IF NRP SHALL HAVE BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES, OR FOR ANY CLAIM BY ANOTHER PARTY. NRP’S THIRD-PARTY PROGRAM SUPPLIERS MAKE NO WARRANTY, AND HAVE NO LIABILITY WHATSOEVER, TO YOU. NRP’s sole and exclusive obligation and liability and your exclusive remedy shall be: upon NRP’s election, (i) the replacement of our defective media; or (ii) the repair or correction of your defective media if NRP is able, so that it will conform to the above warranty; or (iii) if NRP is unable to replace or repair, you may terminate this license by returning the Software. Only if you inform NRP of your problem during the applicable warranty period will NRP be obligated to honor this warranty. SOME STATES OR JURISDICTIONS

DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATION OR EXCLUSION OF CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATIONS OR EXCLUSIONS MAY NOT APPLY TO YOU. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS AND YOU MAY ALSO HAVE OTHER RIGHTS WHICH VARY BY STATE OR JURISDICTION.

MISCELLANEOUS If any provision of the Agreement is held to be ineffective, unenforceable, or illegal under certain circumstances for any reason, such decision shall not affect the validity or enforceability (i) of such provision under other circumstances or (ii) of the remaining provisions hereof under all circumstances, and such provision shall be reformed to and only to the extent necessary to make it effective, enforceable, and legal under such circumstances. All headings are solely for convenience and shall not be considered in interpreting this Agreement. This Agreement shall be governed by and construed under New York law as such law applies to agreements between New York residents entered into and to be performed entirely within New York, except as required by U.S. Government rules and regulations to be governed by Federal law. YOU ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT, AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. YOU FURTHER AGREE THAT IT IS THE COMPLETE AND EXCLUSIVE STATEMENT OF THE AGREEMENT BETWEEN US THAT SUPERSEDES ANY PROPOSAL OR PRIOR AGREEMENT, ORAL OR WRITTEN, AND ANY OTHER COMMUNICATIONS BETWEEN US RELATING TO THE SUBJECT MATTER OF THIS AGREEMENT.

Appendix D

USING THE EXAMGEAR, TRAINING GUIDE EDITION SOFTWARE

U.S. GOVERNMENT RESTRICTED RIGHTS Use, duplication, or disclosure by the Government is subject to restrictions set forth in subparagraphs (a) through of the Commercial Computer-Restricted Rights clause at FAR 52.227-19 when applicable, or in subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013, and in similar clauses in the NASA FAR Supplement.

469

A P P E N D I X

E

Answers to Sample Exam Questions This appendix contains the answers to the exam at the end of each chapter. Some of the answers have explanations listed with them. Others do not have explanations and should be self-explanatory. If they aren’t, you should refer back to the chapter in which the question was discussed.

CHAPTER 1 1. Which of these network devices operate on the Data Link layer of the OSI reference network model? Choose all that apply. A. Repeater B. Router C. Bridge D. Switch Answer: C, D. The repeater works on the Physical layer, whereas the router covers the first three layers (Physical, Data Link, Network). 2. Which one of the following covers all layers of the OSI model? A. Gateway B. Router C. Switch D. Hub

Answer: A. The hub works on the Physical layer level. The switch covers the first two layers of the OSI model. The router covers the first three layers of the OSI model. Gateway covers all layers. 3. Which of the following is not true about wide area networks? A. These networks span over a large geographic area. B. These are low-speed networks as compared to local area networks. C. 10BASE-T Ethernet can be used in wide area networks. D. Wide area networks are usually costly to install and maintain as compared to local area networks. Answer: C. 10BASE-T Ethernet is standard for local area networks only, and therefore it’s not true for WANs. 4. Which of the following LAN topologies have a single point of failure? Choose all that apply. A. Bus B. Star C. Dual ring used for FDDI Answer: A, B. In the case of a dual-ring FDDI, if one ring fails, the other one can still be used for network communication.

472

Appendix E

ANSWERS TO SAMPLE EXAM QUESTIONS

5. Is it possible to mix multiple physical topologies in a single LAN? (Yes/No) Answer: Yes. Most practical networks use mixed topologies. 6. It is not necessary for two hosts to have a common protocol to communicate to each other directly. (True/ False) Answer: False. A common protocol is a must for communication between two hosts on a network directly. If there is a protocol translator in between these two hosts (gateway), however, hosts with different protocols can still communicate. 7. What is the true sequence of the upper four layers of the OSI model, starting from the topmost layer?

9. Which of the following layers implement MAC addresses? A. Data Link layer B. Physical layer C. Transport layer D. Network layer Answer: A. 10. The Network layer is responsible for which of the following? Choose all that apply. A. Point-to-point data error detection and correction B. End-to-end data error detection and correction C. Implementation of MAC addresses for hosts

A. Presentation, Session, Transport, Application

D. Implementation of logical addresses for hosts

B. Application, Presentation, Session, Transport

E. Routing

C. Application, Session, Presentation, Transport D. Application, Presentation, Transport, Session Answer: B. 8. Protocols that control communication between two adjacent layers in a layered protocol are called what?

Answer: A, D, E. End-to-end data error detection and correction is done by the Transport layer. MAC addresses are implemented by the Data Link layer, not the Network layer. 11. Which layer of the OSI model is responsible for data format conversion?

A. Peer protocols

A. Transport

B. Interfaces

B. Application

C. Layered protocols

C. Session

D. Open Systems Interface

D. Presentation

Answer: B. Peer protocols control communication between two layers at the same level but on different hosts. C and D are not protocol names.

E. Data Link Answer: D.

Appendix E

12. Which cable is used in 100BASE-T Ethernet networks? A. Category 5 twisted-pair cable B. Category 3 twisted-pair cable C. Category 2 twisted-pair cable D. Coaxial cable E. Fiber-optic cable Answer: A. 13. Which of the following statements are true about repeaters? Choose all that apply. A. Repeaters regenerate and reshape electrical signals. B. Repeaters are used at the Physical layer of OSI model. C. You can use as many repeaters as you want to extend the length of a network.

ANSWERS TO SAMPLE EXAM QUESTIONS

15. When a collision occurs in networks based on CSMA/CD, when does the sending host retransmit data? A. After a fixed period of time B. After a variable period of time Answer: B. 16. What is the maximum length of one segment in 10BASE-2 Ethernet networks? A. 200 meters B. 185 meters C. 500 meters D. 1000 meters E. The length is not fixed. Answer: B. 17. What are Token Ring networks?

D. A hub is also called a multiple-port repeater.

A. Single-ring topology networks

Answer: A, B, D. There is a limit on the use of the number of repeaters to extend networks; therefore answer C is incorrect. In Ethernet networks, a maximum of four repeaters can be used.

B. Dual-ring topology networks

14. Which of the following statements are true about switches? Choose all that apply. A. Switches filter data based on MAC addresses. B. Switches provide multiple parallel data paths. C. Switches recognize hosts by their IP addresses. D. Switches may have different types of interfaces. E. A switch may act as a protocol translator. Answer: A, B, D. Answer C is not true because IP addresses are implemented in the Network layer, which is not covered by switches. Answer E is not true because this is the function of a gateway, not a switch.

473

C. Star-connected networks D. Bus-connected networks Answer: C. 18. What is the length of an Ethernet or MAC address? A. 20 bytes B. 48 bits C. 32 bits D. 60 bits Answer: B.

474

Appendix E

ANSWERS TO SAMPLE EXAM QUESTIONS

19. What is an Ethernet broadcast address?

B. ping

A. It is a 32 bit address with all 1 bits.

C. traceroute

B. It is a 48 bit address with all 0 bits.

D. snoop

C. It is the same as IP network broadcast address.

E. tcpdump

D. It is a 48 bit address with all 1 bits. Answer: D. 20. How can you list installed Ethernet adapters in a Solaris machine? Choose all that apply. A. Using the

ifconfig

command

B. Using the netstat command C. Using the ether command

Answer: D. The first three commands can’t be used to capture packets. The snoop command comes with Solaris 8. The tcpdump is a freely available package that may be installed separately, but it is not a part of Solaris 8. 23. Which two of the following statements are not true?

D. None of the above

A. Packets captured by the snoop command can be stored in a file for later viewing.

Answer: A, B. Answer C is not true because there is no such thing as an ether command in Solaris.

B. The snoop command can be used to view a particular layer and a specific part of a packet.

21. You have a workstation with network interface hme0. This network interface is configured and up and is the only network connection for the workstation. Which command cannot be used to display the MAC address of a network interface hme0? A. ifconfig

hme0

B. ifconfig

–mac hme0

C. ifconfig

–a

D. arp

–a

Answer: B. The first command specifically displays information about interface hme0. The third and fourth commands display information about all network interfaces. The second command has an invalid switch, -mac, which does not display the MAC address. 22. Which command will you use to capture and display information about network packets in Solaris 8? A. netstat

C. The snoop command does not display source MAC address of the packet. D. The snoop command does not display the packet size. Answer: C, D. Answers C and D are not true because the snoop command can be used for both of these tasks. 24. What is used to avoid the reflection of a signal from cable ends in a coaxial cable? A. A reflector B. A terminator C. A connector D. An absorber Answer: B.

Appendix E

25. Which layer of the OSI model is divided into the MAC sublayer and the LLC sublayer? A. Data Link layer

ANSWERS TO SAMPLE EXAM QUESTIONS

475

C. Frame Relay D. PPP E. All of the above

B. Physical layer C. Network layer D. None of the above Answer: A. 26. An RJ-45 connector is used with which type of cable?

Answer: E. 3. What is the length of IPv4 addresses? A. 32 bits B. 48 bits C. 64 bits

A. Coaxial cable

D. 128 bits

B. Twisted-pair cable

Answer: A.

C. Fiber-optic cable D. Thick Ethernet cable Answer: B.

4. Which protocol maps IP addresses to MAC addresses? A. ARP B. RARP

CHAPTER 2 1. Which of the following layers in the TCP/IP protocol covers three upper layers of the OSI model? A. IP layer B. TCP layer C. Data Link layer D. Application layer Answer: D. The Application layer in TCP/IP protocol covers the upper three layers of OSI (Session layer, Presentation layer, and Application layer). 2. The IP Layer can use which of the following lower layer protocols? A. Ethernet B. HDLC

C. ICMP D. UDP Answer: A. The Address Resolution Protocol (ARP) is used for this purpose. RARP does the opposite task of ARP. ICMP is used for network control and other purposes, whereas UDP is a Transport layer level protocol. 5. The ICMP Protocol is used for which of the following? A. Error reporting in IP networks B. Network diagnostics C. The ping command D. All of the above Answer: D.

476

Appendix E

ANSWERS TO SAMPLE EXAM QUESTIONS

6. At which layer of the OSI model do the TCP and UDP protocols operate? A. Data Link layer

10. Which statements about connection-less and connection-oriented services are true. Choose all that are correct.

C. Transport layer

A. In connection-oriented services, an end-toend connection is established before starting transmission of data.

D. Application layer

B. TCP is used in connection-oriented services.

E. Session layer

C. UDP may be used both for connection-less and connection-oriented services.

B. Network layer

Answer: C. 7. What information can you find in the /etc/inet/services file? Choose all that apply. A. Names of different services B. Information about which services are operational and which are not C. Port numbers used by these services D. Number of connections allowed for each service Answer: A, C. The /etc/inet/services file does not contain any information about Answers B and D. 8. What is not true about ARP? A. ARP uses the broadcast method.

D. Connection-less services are reliable. E. TCP is slow as compared to UDP because there is a communication overhead to provide reliability for data transfer. Answer: A, B, E. Answer C is not true because UDP is always used in connection-less services. Answer D is not true because connection-less services are not reliable. 11. Which of the following statements about an IP address are true. Choose all that apply. A. An IP address consists of 4 octets. B. The value of each octet may range from 0 to 256.

B. ARP maps IP addresses to hostnames.

C. Each octet in an IP address consists of 8 to 16 bits.

C. Resolved MAC addresses are kept in the ARP cache table forever.

D. 182.268.20.30 is not a legal IP address.

D. Before sending any IP packet, ARP is used to determine the MAC address of the destination.

Answer: A, D. Answer B is not true because the range of each octet is from 0 to 255. Answer C is not true because each octet is 8 bits long.

Answer: B, C. Resolved addresses are kept in the ARP cache only for a certain period of time. 9. Any protocol, other than TCP and UDP, can also be used over IP. (True/False) Answer: True.

12. Which of the following subnet masks is not legal? A. 255.255.255.0 B. 255.255.255.224 C. 255.255.255.244 D. 255.255.255.248

Appendix E

Answer: C. In Answer C, a 1 bit follows a 0 bit, which is not allowed in a netmask. 13. What is the default netmask address for Class B networks? A. 255.0.0.0 B. 255.255.0.0

ANSWERS TO SAMPLE EXAM QUESTIONS

477

16. In which class of IP addresses does the network 126.0.0.0 reside? A. Class A B. Class B C. Class C D. Class D

C. 255.255.255.0 D. 255.255.0.255 Answer: B. 14. What is the broadcast address for a network number of 192.168.20.64 with a network mask of 255.255.255.224?

Answer: A. 17. Addresses in Class C networks start with which bit pattern? A. 00 B. 01

A. 192.168.20.255

C. 110

B. 192.168.20.127

D. 0111

C. 192.168.20.95

Answer: C.

D. 192.168.20.63 Answer: C. The range of addresses in this network is from 192.168.20.64 to 192.168.20.95. The last address is the broadcast address so option C is the correct answer. 15. How many hosts can you have in a Class C network?

18. Which class of IP addresses is used for multicast networks? A. Class A B. Class B C. Class C D. Class D

A. 256

E. Class M

B. 255

Answer: D.

C. 254 D. As many as you want Answer: C. There are 256 addresses in Class C networks. One of these addresses is used as a network address, and another is used as a broadcast address. So there may be 254 host addresses.

19. How many bits do you need to add to the netmask to divide a Class C network into four subnets? A. 1 B. 2 C. 4 D. 8 Answer: B.

478

Appendix E

ANSWERS TO SAMPLE EXAM QUESTIONS

20. The method used to divide a network into subnetworks of different lengths is called what?

23. Which IP address in assigned to the loopback interface?

A. Subnetting

A. 127.0.0.0

B. Supernetting

B. 127.0.0.1

C. VLSM

C. 10.0.0.1

D. CIDR

D. 0.0.0.0

Answer: C. This is the variable-length subnet masking method. 21. Which of the following is the correct way to write a Class C network?

Answer: B. 24. The /etc/inet/hosts file can use which syntax? Choose all that apply. A.

A. 192.168.2.0/8

B.

B. 192.168.2.0/16

C.

C. 192.168.2.0/24

D.

D. 192.168.2.0/32 Answer: C. The last number after the slash character in an IP address shows the number of bits used in the network part of an address. Because Class C networks use 24 bits in the network address, Answer C is the correct answer. 22. Which addresses are not used on the Internet because they are in an experimental range? Choose all that apply.

Answer: A, B. 25. How do you find out about the IP version used in an IP packet? A. The version command B. The Version field in an IP packet C. The Protocol field in IP packet D. The source and destination address field in an IP packet

A. 192.168.2.0 B. 172.16.0.0 C. 168.16.0.0 D. 10.0.0.0 E. 10.1.0.0 Answer: A, B, D, E.

Answer: B. This can be done using the snoop command. 26. From which file can you find protocol numbers assigned to different protocols? Answer: /etc/inet/protocols

Appendix E

27. ICMP packets are used for which of the following? Choose all that apply.

ANSWERS TO SAMPLE EXAM QUESTIONS

30. How can you set the MTU value for a LAN interface?

A. Parameter Problem

A. The ifconfig command

B. Source Quench

B. The ndd command

C. Redirect message

C. The mtu command

D. Echo Request and Echo Reply

D. The arp command

E. All of the above

479

Answer: A.

Answer: E. 28. Which of the following command configures network interface hme0 correctly? A. ifconfig

192.168.5.6 up

B. ifconfig

hme0:0 192.168.5.6 255.255.255.0

C. ifconfig

192.168.5.6 hme0 netmask

255.255.255.0 up

D. ifconfig

CHAPTER 3

netmask 255.255.255.0 hme0

hme0 192.168.5.6 netmask

255.255.255.0 up

1. Two routers, A and B, are connected together through Ethernet ports. Host C is connected to the Ethernet port of Router B, as shown in Figure 3.4.     

    

      

Answer: D. 29. Which of the following commands can be used to check the IP address on an interface? Choose all that apply. A. ifconfig B. netstat C. ping D. traceroute Answer: A, B.

  FIGURE 3.4 Connection scheme.

480

Appendix E

ANSWERS TO SAMPLE EXAM QUESTIONS

IP addresses assigned to different ports of routers are also shown in the figure. Both routers and the host have static routes defined, as shown in the following: Output of netstat –rn –f inet on Router A

bash-2.03# netstat –rn –f inet Routing Table: IPv4 Destination

Gateway

Flags

Ref

Use

Interface

—————————— —————————— ——— ——— ——— ————— 192.168.10.0

192.168.10.1

U

1

0

hme0

224.0.0.0

192.168.10.1

U

1

0

hme0

default

192.168.10.2

UG

1

14

127.0.0.1

127.0.0.1

UH

22

16239

lo0

bash-2.03#

Output of netstat –rn –f inet on Router B

bash-2.03# netstat -rn Routing Table: IPv4 Destination

Gateway

Flags

Ref

Use

Interface

—————————— —————————— ——— ——— ——— ————— 192.168.10.0

192.168.10.2

U

1

0

hme0

192.168.20.0

192.168.20.1

U

1

0

hme1

224.0.0.0

192.168.10.2

U

1

0

hme0

default

192.168.10.1

UG

1

14

127.0.0.1

127.0.0.1

UH

22

16239

lo0

bash-2.03#

Output of netstat –rn –f inet on Host C

bash-2.03# netstat –rn –f inet Routing Table: IPv4 Destination

Gateway

Flags

Ref

Use

Interface

—————————— —————————— ——— ——— ——— ————— 192.168.20.0

192.168.20.2

127.0.0.1

127.0.0.1

bash-2.03#

U UH

1

0

22

16239

hme0 lo0

Appendix E

A user can ping to the Ethernet adapter of Router B (192.168.20.1) from Host C. A user cannot ping from Host C (192.168.10.1) to Router A. A user also cannot ping to the second Ethernet adapter on Router B (192.168.10.2).

ANSWERS TO SAMPLE EXAM QUESTIONS

3. Which are the two major types of routing? A. Dynamic routing B. Static routing C. Hierarchical routing

What is one possible reason that the user cannot ping to the second Ethernet adapter on Router B?

D. Flat routing

A. There may be a cable problem.

Answer: A, B.

B. The routing table on Router A is not appropriate for forwarding packets.

4. Which of the following are advantages of linkstate routing? Choose all that apply.

C. There is a problem with the routing table on Host C.

A. Can be used for networks of any size

D. There is a problem with the routing table on Router B.

C. Easy to maintain

Answer: C. Host C does not know how to reach network 192.168.10.0, so it cannot ping to any IP address on that network. 2. In the preceding question, what is a possible solution? Choose all that apply. A. Add a default routing entry on Host C that points to address 192.168.20.1. B. Add a routing entry on Host C for network 192.168.10.0 that points to address 192.168.20.1. C. Add a routing entry for network 192.168.20.0 on Router A. D. None of the above. Answer: A, B. The problem is that host does not know where to send packets for network 192.168.10.0. This problem can be solved either by adding a default route or by adding a route for this network on Host C.

481

B. Simple

D. Scalable E. Converges quickly Answer: A, D, E. Answers B and C are advantages of distance-vector routing protocols. 5. Which of the following are routing protocols? Choose all that apply. A. IP B. TCP C. RIP D. RDISC E. IPX Answer: C, D.

482

Appendix E

ANSWERS TO SAMPLE EXAM QUESTIONS

6. In normal running (not the startup) what is the default interval when in.rdisc advertises its routing table? A. Every 10 minutes B. Every 10 seconds C. Every 30 seconds D. Every 5 minutes Answer: A. 7. What is the ALL_ROUTERS multicast address?

10. Which port number is used by RIP? A. 420 B. 520 C. 110 D. 25 Answer: B. 11. Gateways that can exchange routing information are called what? A. Active gateways

A. 224.0.0.1

B. Passive gateways

B. 224.0.0.2

C. Routing gateways

C. 224.0.0.7

D. Connected gateways

D. 224.0.0.0

Answer: A.

Answer: B. 8. How do you run in.rdisc in Router mode? A. Use the –r option on command line. B. Use the /etc/rdisc configuration file. C. Use the –router command-line option.

CHAPTER 4 1. What is true about the client-server model of services? Choose all that apply.

D. Use the /etc/defaultrouter file.

A. RPC-based services also work in client-server model.

Answer: A.

B. A computer may act as a client or a server at one time, but not both.

9. Which two types of gateways are present in/etc/gateways file? A. Active B. Passive C. Local D. Remote E. Default Answer: A, B.

C. Multiple services may run on the same host simultaneously. D. Client-server-based utilities use only the TCP protocol. Answer: A, C. Answer B is not correct because a computer may act as a client, as a server, or both at the same time. Answer D is incorrect because client-server utilities may use other protocols also.

Appendix E

2. Port numbers are used in which layer of the OSI model? A. Network layer B. Transport layer C. Application layer D. Physical layer Answer: B. 3. Which port number is used by Telnet? A. 25 B. 23 C. 21 D. 110 Answer: B.

483

ANSWERS TO SAMPLE EXAM QUESTIONS

A. The inetd daemon B. The rpcbind daemon C. The rpcd daemon D. The nfsd daemon. Answer: B. 7. Which type of socket is used for the service started using the following line in the /etc/inet/inetd.conf file? login

stream

tcp6

➥/usr/sbin/in.rlogind

nowait

root

in.rlogind

A. TCP socket B. UDP socket C. Raw socket D. All of the above

4. Which statement is true about a socket? A. It is the same as port number. B. It is the same as IP address on the server. C. It is the same as IP address on the client. D. It is a combination of IP address and port number. Answer: D. 5. Which file lists port numbers used by network services? A. /etc/inet/ports B. /etc/inet/services

Answer: A. The keyword stream shows that the socket type is TCP. 8. What is the escape sequence used with Telnet? A. ^] B. ^[ C. ^} D. ^{ Answer: A. 9. The rwho command can be used to do which of the following?

C. /etc/inet/networks

A. Check logged on users on local host

D. /etc/inet/sockets

B. Check logged on users on a remote host

Answer: B.

C. Check logged on users on multiple hosts on local network

6. Which daemon should be started before starting any RPC-based service?

D. All of the above Answer: D.

484

Appendix E

ANSWERS TO SAMPLE EXAM QUESTIONS

10. A single plus symbol in the /etc/hosts.equiv file does what regarding the rlogin command? A. It allows all users on the local host. B. It allows all users on all hosts. C. It allows nobody to use the rlogin command. D. It does nothing. Answer: B. This is a security hole and should not be done ever.

A. DHCPREQUEST, DHCPACK, DHCPDISCOVER, DHCPOFFER B. DHCPDISCOVER, DHCPREQUEST, DHCPACK, DHCPOFFER C. DHCPDISCOVER, DHCPOFFER, DHCPREQUEST, DHCPACK D. DHCPDISCOVER, DHCPOFFER, DHCPACK, DHCPREQUEST Answer: C.

CHAPTER 5

4. Which message is used by a DHCP client to select an offer from a DHCP server? A. DHCPACK

1. What is the minimum number of scopes a DHCP server must have to assign IP addresses to a DHCP client?

B. DHCPREQUEST C. DHCPSELECT

A. 0

D. DHCPNAK

B. 1

Answer: B.

C. 2

5. Which DHCP lease type has no lease expiration?

D. 10

A. Dynamic

Answer: B. A DHCP server must have at least one scope.

B. Static

2. At what time does a client send a request for the first time to renew the lease? A. Right at the beginning of the lease time B. When half of the lease time has elapsed

C. Automatic D. Trivial Answer: C. 6. Which of the following can be used to store DHCP data? Choose all that apply.

C. When two-thirds of the lease time has elapsed

A. Local files

D. When three-fourths of the lease time has elapsed

B. NIS C. NIS+

Answer: B. 3. What is the correct sequence of DHCP messages at the time of configuration of a DHCP client?

D. Web server Answer: A, C.

Appendix E

7. Can the DHCP server supply DNS information to clients? (Yes/No) Answer: Yes. 8. How many network addresses can be added in the initial process of DHCP server configuration using DHCP Manager?

ANSWERS TO SAMPLE EXAM QUESTIONS

CHAPTER 6 1. In which run level is the snmpdx master SNMP agent started by default? A. Run level 1 B. Run level 2

A. 1

C. Run level 3

B. 2

D. Run level 5

C. 10

Answer: C.

D. Any number of networks Answer: A. 9. Which file contains information about the location of DHCP data storage?

2. What is the port number used by snmpdx? A. 121 B. 161 C. 25

A. /etc/dhcp

D. 23

B. /etc/default/dhcp

Answer: B.

C. dhcptab D. /var/dhcp Answer: B. 10. Which of the following acts as a DHCP client daemon?

3. Which versions of SNMP are in use? Choose all that apply. A. Version 1 B. Version 2 C. Version 3

A. in.dhcpd

D. Version 7

B. dhcpd

E. Version 8

C. dhcpclient D. dhcpagent Answer: D.

485

Answer: A, B, C.

486

Appendix E

ANSWERS TO SAMPLE EXAM QUESTIONS

4. Which community names are used in SNMP? Choose all that apply. A. GET B. SET

A. The /etc/named.conf file B. The named.rev file C. The named.hosts file D. The named.ca file

C. READ D. WRITE Answer: A, B. 5. When should an SNMP subagent be started in Solaris? A. Before starting any of the network services B. Before starting the master SNMP agent C. After starting the master SNMP agent

Answer: A. Answers B, C, and D show zone data files. 3. Which UDP port number is used for DNS queries? A. 35 B. 53 C. 21 D. 123

D. In no particular order Answer: C.

Answer: B. 4. Which of the following files are used for DNS client configuration? Choose all that apply?

CHAPTER 7 1. Which of the following is not a type of DNS server? A. Primary DNS server B. Secondary DNS server C. Backup DNS server D. Caching DNS server Answer: C. The secondary name server actually acts as backup name server. There is no specific backup name server term. 2. Which file determines whether a DNS server is primary, secondary, or caching?

A. /etc/inet/hosts B. /etc/resolv.conf C. /etc/nsswitch.conf D. /etc/named.hosts Answer: B, C. Answer A lists a text file that is used for host-to-IP address mapping. The file in Answer D is used for DNS server configuration. 5. Which of the following is not a valid type of resource record? A. NS B. PTR C. NAME D. CNAME Answer: C.

Appendix E

6. Which of the following is not a valid entry in /etc/inet/hosts file? Choose all that apply. A. 192.168.2.222

fana

B. 192.168.2.11

laptop

C. laptop D. laptop

loghost

487

B. By adding the prefer keyword at the beginning of the line in the ntp.conf configuration file C. By adding the prefer keyword at the command line while starting xntpd D. By adding the prefer keyword at the end of the line in the xntpd.conf configuration file

192.168.2.11 laptop-nt

ANSWERS TO SAMPLE EXAM QUESTIONS

192.168.2.11

Answer: C, D. All entries in this file start with the IP address. 7. Which information is not included in the SOA resource record? A. Serial number B. Refresh time C. Retry time D. Access control Answer: D.

Answer: A. 3. What is the default multicast address for NTP? A. 124.0.0.1 B. 124.0.1.1 C. 124.1.1.0 D. 124.1.0.1 Answer: B. 4. What is the xntpd daemon configuration filename? A. /etc/xntpd.conf B. /etc/inet/xntpd.conf

CHAPTER 8

C. /etc/inet/ntp.conf D. /var/ntp/ntp.conf

1. Which port number is used for NTP? A. 23 B. 37

Answer: C. 5. Which NTP versions are supported in Solaris 8? Choose all that apply.

C. 123

A. Version 1

D. 137

B. Version 2

Answer: C. 2. How can you set a preferred peer NTP server? A. By adding the prefer keyword at the end of the line in the ntp.conf configuration file

C. Version 3 D. Version 4 Answer: A, B, C.

488

Appendix E

ANSWERS TO SAMPLE EXAM QUESTIONS

CHAPTER 9

3. How many priority levels are defined in IPv6? A. 4

1. What type of address does not exist in the IPv6 protocol? A. Unicast B. Multicast C. Anycast D. Broadcast Answer: D. 2. What is the length of an IPv6 address? A. 128 bits B. 64 bits C. 48 bits D. 32 bits Answer: A.

B. 8 C. 16 D. 256 Answer: C. 4. Which file enables the IPv6 address configuration on network interface hme0? A. /etc/hostname6.hme0 B. /etc/hostname.hme0 C. /etc/ipv6.hme0 D. /etc/ipng.hme0 Answer: A.

A P P E N D I X

F

List of RFCs The RFCs listed here are useful to your understanding of protocols used on the Internet. All of these RFCs are available on several web sites. I use the IETF web site located at www.ietf.org/rfc.html, but you can download these from anywhere. They are the same regardless. Some of the RFCs become obsolete from time to time, but they are still worth reading. RFC Number

Title

RFC Number

Title

791

Internet Protocol

1466

Guidelines for Management of IP Address Space

792

Internet Control Message Protocol

1550

781

Specification of the Internet Protocol (IP) Timestamp Option

IP: Next Generation (IPng) White Paper Solicitation

1667

Modeling and Simulation Requirements for IPng

815

IP Datagram Reassembly Algorithms

1668

Unified Routing Requirements for IPng

877

Standard for the Transmission of IP Datagrams over Public Data Networks

1669

Market Viability as an IPng Criteria

1670

Input to IPng Engineering Considerations

894

Standard for the Transmission of IP Datagrams over Ethernet

1671

IPng White Paper on Transition and Other Considerations

896

Congestion Control in IP/TCP Internetworks

1672

Accounting Requirements for IPng

1046

Queuing Algorithm to Provide Type-of-Service for IP Links

1675

Security Concerns for IPng

1051

Standard for the Transmission of IP Datagrams and ARP Packets

1678

IPng Requirements of Large Corporate Networks

1809

Using the Flow Label Field in IPv6

1063

IP MTU Discovery Options

1812

Requirements for IP Version 4 Routers

1144

Compressing TCP/IP Headers for Low-Speed Serial Links

1826

IP Authentication Header

1827

IP Encapsulating Security Payload (ESP)

1180

TCP/IP Tutorial

1828

IP Authentication Using Keyed MD5

1365

An IP Address Extension Proposal

1881

IPv6 Address Allocation Management

1366

Guidelines for Management of IP Address Space

1883

Internet Protocol, Version 6 (IPv6) Specification

1375

Suggestion for New Classes of IP Addresses

1884

IP Version 6 Addressing Architecture

1385

EIP: The Extended Internet Protocol

490

Appendix F

LIST OF RFCs

RFC Number

Title

RFC Number

Title

1886

DNS Extensions to Support IP Version 6

1157

Simple Network Management Protocol (SNMP)

1887

An Architecture for IPv6 Unicast Address Allocation

1066

Management Information Base for Network Management of TCP/IP-Based Internets

1888

OSI NSAPs and IPv6

1156

1897

IPv6 Testing Address Allocation

Management Information Base for Network Management of TCP/IP-Based Internets

1917

An Appeal to the Internet Community to Return Unused IP Networks

1059

Network Time Protocol (Version 1)

1119

Network Time Protocol (Version 2)

1129

Internet Time Synchronization: The Network Time Protocol

1305

Network Time Protocol (Version 3)

1155

Structure and Identification of Management Information for TCP/IP-Based Internets

1901

Introduction to Community-Based SNMPv2

1902

Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2)

1970

Neighbor Discovery for IP Version 6 (IPv6)

1971

IPv6 Stateless Address Autoconfiguration

1972

A Method for the Transmission of IPv6 Packets over Ethernet

2003

IP Encapsulation Within IP

2073

An IPv6 Provider-Based Unicast Address Format

2147

TCP and UDP over IPv6 Jumbograms

2373

IP Version 6 Addressing Architecture

2374

An IPv6 Aggregatable Global Unicast Address Format

1903

Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2)

2460

Internet Protocol, Version 6 (IPv6) Specification

1904

2461

Neighbor Discovery for IP Version 6 (IPv6)

Conformance Statements for Version 2 of the Simple Network Management Protocol (SNMPv2)

2462

IPv6 Stateless Address Autoconfiguration

1905

1531

Dynamic Host Configuration Protocol

Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2)

1541

Dynamic Host Configuration Protocol

1906

Transport Mappings for Version 2 of the Simple Network Management Protocol (SNMPv2)

2131

Dynamic Host Configuration Protocol

1907

1885

Internet Control Message Protocol (ICMPv6) for the Internet

Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2)

2463

Internet Control Message Protocol (ICMPv6) for the Internet

1908

793

Transmission Control Protocol

Coexistence between Version 1 and Version 2 of the Internet-Standard Network Management Framework

768

User Datagram Protocol

1909

An Administrative Infrastructure for SNMPv2

1067

Simple Network Management Protocol

1910

User-Based Security Model for SNMPv2

1098

Simple Network Management Protocol (SNMP)

Index rhosts file configuring r commands, 228 /etc/default/dhcp file, 267 /etc/defaultrouter file, 162 /etc/gateways file, 162, 398 /etc/hosts.equiv file configuring r commands, 227-228 /etc/inet/hosts file, 95-96, 302-305, 407 /etc/inet/inetd.conf file, 203-207 /etc/inet/networks file, 163 /etc/inet/services file, 190-193 installing new services, 194 /etc/inetd.conf file changes for IPv6, 380 /etc/init.d/inetinit file, 163-170, 398 /etc/named.boot file converting to /etc/named.conf file, 324-325 /etc/named.conf file creating, 317-319, 410 /etc/nsswitch.conf file configuring, 326, 328, 411 troubleshooting, 337 /etc/resolv.conf file configuring, 326, 411 troubleshooting, 337-338 100BASE-T Ethernet, 46 10BASE-2 Ethernet, 45, 389 10BASE-5 Ethernet, 46, 389 10BASE-T Ethernet, 46, 389-390

A A (Address) resource record, 314, 409 Abstract Syntax Notation One (ASN.1), 286 access control files SNMP agents, 293, 407 access lists defined, 20

access methods defined, 19 networks, 43, 388 broadcast, 43 CSMA/CD, 43-44 nonbroadcast, 43 Token Ring, 44 token-passing, 43 acknowledgment of lease offer DHCP servers, 245 active gateways defined, 162 active study strategies, 418 adapters (network), 35 Adaptive Exam mode ExamGear, Training Guide Edition software, 450, 457-458 compared to Study mode, 456 studying for, 457 Address (A) resource record, 314, 409 address autoconfiguration IPv6 new features, 367 Address Resolution Protocol. See ARP, 74, 123 address size IPv6 new features, 366 Address Wizard configuring DHCP, 254-256, 263 addresses broadcast address defined, 94 broadcast addresses, 86 defined, 85 Ethernet, 47-48, 390 experimental addresses, 94 IP, 188 IP addresses, 78-79, 391-392 adding to DHCP scope, 254-256, 263

492

INDEX

class A networks, 87, 392 class B networks, 87, 392 class C networks, 87, 392 class D networks, 87, 392 class E networks, 88, 392 classes, summary of, 88 configuring network interfaces, 103-104, 393 configuring virtual interfaces, 104-106 data flow, 125-127 dynamic allocation. See DHCP, 246 mapping host names to, 302 mapping host names to. See also DNS, 302 mapping to hostnames, 95-96 mapping to MAC addresses, 122-124, 394-395 netmasks, 85-86, 149, 392 obtaining, 96-97 operational overview, 84-85 planning TCP/IP networks, 147-148 reserved addresses, 93-94 subnet masks, 88-92, 392-393 supernetting, 92-93 troubleshooting, 113-114, 116-120 verifying network interface configuration, 106108, 393-394 IPv6, 368, 414 configuring, 375-378, 414-415 network troubleshooting commands, 378-379, 415-416 routing, 371 special addresses, 371 text representation of, 369-370 unicast addresses, 370 MAC, 47-48, 188, 390 MAC addresses, 29, 78 ARP cache, 128-129 broadcast addresses, 125 multicast addresses, 87 network addresses, 148-150 compared to MAC addresses, 30 defined, 85, 94 dot notation, 93 Advanced Research Projects Agency Network (ARPAnet), 75 advertisements

RIP, 160-161 agent access control files SNMP agents, 293, 407 agents (SNMP), 283-284 configuration files, 292-293, 406-407 master agent-subagent model, 292, 406 aggregate global unicast addresses IPv6, 370 American Registry for Internet Numbers (ARIN) web site, 96 AND process data flow in TCP/IP networks, 125-127 anonymous FTP, 218-219 anycast addresses IPv6, 368, 414 IPv6 new features, 366 APNIC (Asia Pacific Network Information Center) web site, 96 Application layer protocols, 197 sockets, 189 TCP/IP, 80, 391 Application layer (OSI network model), 31, 389 applications client-server. See client-server applications, 186 ExamGear, 419 ARIN (American Registry for Internet Numbers) web site, 96 ARP, 79, 123-124, 394-395 (Address Resolution Protocol), 74, 123 broadcast addresses, 125 operational overview, 82 ARP cache adding new entries, 129 deleting entries, 129 displaying entries in, 128 arp command, 47, 128-129 ARPAnet (Advanced Research Projects Agency Network), 75 ascii command, 216 Asia Pacific Network Information Center (APNIC) web site, 96 ASN.1 (Abstract Syntax Notation One), 286 Authentication Header (SNMP messages), 290, 405

INDEX

Auto Discovery mode configuring IPv6 addresses for, 376 automatic lease (DHCP), 246

B backbones (networks), 38 bandwidth defined, 22-23, 386 frequency range, 24 baseband networks, 25 Bellman-Ford routing algorithm, 151 Berkeley Internet Name Domain (BIND), 312 BGP (Border Gateway Protocol), 83 binary command, 216 BIND (Berkeley Internet Name Domain), 312 BIND version determining, 333 boot process DHCP, 244 client configuration, 245 lease acceptance, 244 lease acknowledgment, 245 lease offer, 244 lease release, 245 lease renewal, 245 server discovery, 244 boot time. See startup, 272 BOOTP (Bootstrap Protocol), 243 Bootstrap Protocol (BOOTP), 243 Border Gateway Protocol. See BGP, 83 bridges (networks), 39, 387 broadband networks, 25 broadcast address defined, 94 broadcast addresses, 86 defined, 85 broadcast clients (NTP) configuring, 352 broadcast MAC addresses, 125 broadcast network access method, 43 broadcast ping command, 116-117

493

broadcast protocols defined, 123 broadcast time signals configuring NTP servers, 350-351 broadcast/multicast mode (NTP), 349 broken cables troubleshooting, 120 bus topology, 25-26, 386 buttons ExamGear, Training Guide Edition software, 459460

C cables broken cables troubleshooting, 120 cables (networks), 36 coaxial cables, 36 fiber-optic cables, 37 twisted-pair cables, 36-37 caching domain name servers, 311, 408 configuring, 324 Canonical Name (CNAME) resource record, 315, 409 capturing packets, 55-57, 59, 391 carrier sense multiple access collision detect. See CSMA/CD, 43 case studies client-server applications, 234 DHCP, 276 DNS, 339 IPv6, 380 NTP (Network Time Protocol), 358-359 routing, 175 SNMP, 293-294 TCP/IP networks, 132 certification process, 445 scheduling exams, 446 Sun Certified Network Administrator, 446 Sun Certified System Administrator, 445 Checksum field (ICMP packets), 102

494

INDEX

CIDR (classless interdomain routing), 371 CIDR (classless internet domain routing), 157 class A networks, 87, 392 class B networks, 87, 392 dividing into subnets, 90-91 class C networks, 87, 392 dividing into subnets, 89-90 class D networks, 87, 392 class E networks, 88, 392 classes summary of network classes, 88 classes interdomain routing (CIDR), 371 classless internet domain routing (CIDR), 157 client-server applications, 80, 186-187 Application layer protocols, 197 case study, 234 clients defined, 187, 399 connection-less communication versus connectionoriented communication, 197 daemons defined, 188, 399 finger command, 223-225 FTP (File Transfer Protocol), 214 anonymous FTP, 218-219 clients, 214-217 servers, 217-218 with web browser, 219 objectives, 183 port numbers, 189 defined, 186, 188, 399 list of, 230-231 well-known port numbers, 190-194, 400 r commands, 226, 400 configuring, 226-228 rcp, 229-230 rlogin, 229 rsh, 230 rup command, 225 ruptime command, 226 rwho command, 225 servers defined, 187, 197, 399 services

list of running services, 209-211 RPC (Remote Procedure Calls), 211-213 sockets, 189, 193, 195-196 defined, 186, 188, 399 naming conventions, 195 types of, 195 starting services, 198, 400 advantages of different methods, 209 as daemons, 198-202 with inetd daemon, 202, 204-208 Telnet, 220 clients, 220 escape sequence (^]), 220-221 verifying remove server processes, 221-223 troubleshooting, 231 ndd command, 231-233 netstat command, 231 rpcinfo command, 231 client/server mode (NTP), 349 clients defined, 80, 187, 399 DHCP boot process, 244-245 configuring, 272, 403-404 running in Debug mode, 273-275 DNS host name resolution, 309 FTP (File Transfer Protocol), 214-217 Telnet, 220 clients (DNS) access restrictions, 334 configuring, 325, 410-411 /etc/nsswitch.conf file, 326, 328, 411 /etc/resolv.conf file, 326, 411 troubleshooting, 337-338 clients (NTP), 348 configuring, 352, 412-413 as broadcast clients, 352 as multicast clients, 352 as polling clients, 353 ntpdate utility, 353 clock synchronization. See NTP (Network Time Protocol), 347 close command, 221

INDEX

CNAME (Canonical Name) resource record, 315, 409 coaxial cables, 36 Code field (ICMP packets), 102 commands arp, 47, 128-129 ascii, 216 binary, 216 broadcast ping, 116-117 close, 221 continuous ping, 114 dir, 215 finger, 223-225 ftp, 214 FTP client command, 216-217 get, 216 help, 215, 221, 331-332 ifconfig, 47, 52-54, 103, 106, 108, 174, 390-391, 399 ifconfig plumb, 272 ls, 215, 332-333 ndd, 59-62, 122, 231-233, 391 netstat, 53, 55, 153, 173-174, 209-211, 218, 231, 390, 399 troubleshooting DNS, 336, 412 netstat -a, 195 netstat -i, 107-108 netstat -rn, 106-107 ping, 59, 107, 111, 113-114, 116-117, 173, 391, 393-394, 398 ps, 258 put, 216 r commands, 226, 400 configuring, 226-228 rcp, 229-230 rlogin, 229 rsh, 230 route, 153 rpcinfo, 212-213, 231 rup, 225 ruptime, 226 rwho, 225 snoop, 55-57, 59, 111, 123, 130-131, 160, 258, 273, 391

traceroute, 59, 117-120, 173, 391, 394, 398 communication connection-less communication, 197 connection-oriented communication, 197 community names (SNMP), 290 computer networks. See networks, 18, 386 configuration files routing, 161, 397-398 /etc/defaultrouter file, 162 /etc/gateways file, 162, 398 /etc/inet/networks file, 163 /etc/init.d/inetinit file, 163-170, 398 SNMP agents, 292-293, 406-407 configuring caching domain name servers, 324 DHCP non-default server options, 270, 403 utilities for, 266 with DHCP Manager, 248-261, 263, 401 with dhcpconfig utility, 263-267, 401 DHCP client during boot process, 245 DHCP clients, 272, 403-404 DHCP relay agents, 270-271, 403 DNS clients, 325, 410-411 /etc/nsswitch.conf file, 326, 328, 411 /etc/resolv.conf file, 326, 411 troubleshooting, 337-338 DNS servers, 312, 408 converting /etc/named.boot file, 324-325 include files, 325 resource record types, 313-316, 408-410 subdomain delegation, 316 troubleshooting, 314, 338 FTP servers, 217-218 IP addresses troubleshooting, 113-114, 116-120 IPv6 addresses, 375-378, 414-415 MTU value for IP packets, 109 network interfaces, 103-104, 393 verifying configuration, 106-108, 393-394 NTP clients, 352, 412-413 as broadcast clients, 352 as multicast clients, 352

495

496

INDEX

as polling clients, 353 ntpdate utility, 353 NTP servers, 349-352, 412 primary domain name servers, 316 named.ca file, 319-321 named.conf file creation, 317-319, 410 named.hosts file, 321-322 named.local file, 321 named.rev file, 322 r commands, 226-228 RDISC, 158 Host mode, 158-159, 396 Router mode, 159, 396-397 RIP, 160, 397 advertisements, 160-161 secondary domain name servers, 323 static routing, 153-154 example, 154-156 Study mode (ExamGear, Training Guide Edition software), 454-456 virtual interfaces, 104-106 connect() system call, 193 CONNECTED state (sockets), 196 connection-less communication, 197 connection-less services TCP/IP, 83-84 connection-oriented communication, 197 connection-oriented services TCP/IP, 83-84 connections between networks, 35 connectors (networks), 37 continuous ping command, 114 converting /etc/named.boot file to /etc/named.conf file, 324325 country-specific domains, 307 CRC (cyclic redundancy check) value Ethernet frames, 50 creating startup scripts, 201-202 CSMA/CD (carrier sense multiple access collision detect), 4344

cyclic redundancy check (CRC) value Ethernet frames, 50

D daemons defined, 188, 399 in.ftpd command-line options, 217-218 in.rdisc. See RDISC, 158 in.routed. See RIP, 160, 397 inetd starting services with, 202, 204-209 rpcbind, 211-213 starting services as, 198-202 xntpd, 347 DARPAnet (Defense Advanced Research Project Agency Network), 75 data encapsulation Ethernet, 51-52 data flow TCP/IP networks, 125-127 data frames defined, 19 Data Link layer MAC addresses, 188 TCP/IP, 78, 391 Data Link layer (OSI network model), 29, 389 Data Link Provider Interface (DLPI), 78 data storage methods, 248 data transfer process OSI network model, 32-33 database ExamGear, Training Guide Edition software, 451 Debug mode troubleshooting DHCP, 273-275 default DNS server changing with nslookup utility, 330-331 default netmasks, 149 default routes, 156-157 defined, 150 Defense Advanced Research Project Agency Network

INDEX

(DARPAnet), 75 deleting ARP cache entries, 129 DHCP configuration files, 268-269, 402 destination address Ethernet frames, 49 Destination Address field (IP headers), 100 destination service access point (DSAP), 51 DHCP (Dynamic Host Configuration Protocol), 242-243 boot process, 244 client configuration, 245 lease acceptance, 244 lease acknowledgment, 245 lease offer, 244 lease release, 245 lease renewal, 245 server discovery, 244 case study, 276 client configuration, 272, 403-404 configuring non-default server options, 270, 403 utilities for, 266 with DHCP Manager, 248-261, 263, 401 with dhcpconfig utility, 263-267, 401 lease time, 243 lease types, 246-247 messages, 246 objectives, 239 planning deployment, 247-248 relay agent configuration, 270-271, 403 scope, 243 adding IP addresses to, 254-256, 263 startup script, 267-268, 401-402 troubleshooting, 273, 404 running client in Debug mode, 273-275 unconfiguring, 268-269, 402 DHCP (Dynamic Host Configuration Protocol), 125 DHCP Manager configuring DHCP, 248-261, 263, 401 DHCPACK message, 245-246, 401 dhcpconfig utility, 266 configuring DHCP, 263-267, 401

unconfiguring DHCP, 268-269, 402 DHCPDISCOVER message, 244, 246 dhcpmgr utility, 266 configuring DHCP, 248-261, 263, 401 DHCPNAK message, 245 DHCPOFFER message, 244, 246, 401 DHCPRELEASE message, 245-246, 401 DHCPREQUEST message, 244, 246, 401 dhtadm utility, 266 dir command, 215 disabling FTP servers, 218 RDISC, 160 distance-vector routing protocols, 151-152, 395 DIX Ethernet. See Ethernet, 50 DLPI (Data Link Provider Interface), 78 DNS (Domain Name Server), 303 ***do not delete, not same as Domain Name System***, 303 (Domain Name System), 75, 95, 302 case study, 339 domains country-specific domains, 307 defined, 305 naming conventions, 306-307 top-level domains, 306-307 versus zones, 309-310 FQDN (fully qualified domain name), 306 FQDNs (fully qualified domain names), 310 FQHNs (fully qualified hostnames), 310 host name resolution, 309 objectives, 299 operational overview, 305-307 troubleshooting, 335, 411-412 client configuration problems, 337-338 server configuration problems, 338 with netstat command, 336, 412 with nslookup, 335, 411 with Telnet, 336-337, 412 DNS clients configuring, 325, 410-411 /etc/nsswitch.conf file, 326, 328, 411 /etc/resolv.conf file, 326, 411

497

498

INDEX

troubleshooting, 337-338 DNS name servers list of root name servers, 307-308 DNS servers caching domain name servers, 311, 408 configuring, 324 configuring, 312, 408 converting /etc/named.boot file, 324-325 include files, 325 resource record types, 313-316, 408-410 subdomain delegation, 316 troubleshooting, 314, 338 configuring DHCP, 250 host name resolution, 309 primary domain name servers, 311, 407-408 configuring, 316-322, 410 secondary domain name servers, 311, 408 configuring, 323 security, 333-334 client access restrictions, 334 resource records, avoiding unnecessary, 334 zone transfer access restrictions, 334 testing with nslookup, 328 BIND version, 333 changing default DNS server, 330-331 help command, 331-332 Interactive mode, 328-329 listing resource records, 332-333 reverse hostname resolution, 330 short and fully qualified hostnames, 329 unresolved hostnames, 330 DNS. See also mapping IP addresses to hostnames, 95 Domain Name Server (DNS), 303 Domain Name Servers. See DNS servers, 250 Domain Name System. See DNS, 75, 95, 302 domains country-specific domains, 307 defined, 305 DNS servers list of root name servers, 307-308 naming conventions, 306-307 top-level domains defined, 306-307

versus zones, 309-310 dot notation network addresses, 93 DOWN interfaces Ethernet making, 53, 390 DSAP (destination service access point), 51 Dynamic Host Configuration Protocol (DHCP), 125 Dynamic Host Configuration Protocol. See DHCP, 242 dynamic lease (DHCP), 246 dynamic routing, 144, 150, 395 compared to static routing, 157

E encapsulation Ethernet, 51-52 escape sequence (^]) Telnet, 220-221 Ethernet, 44, 389 100BASE-T, 46 10BASE-2, 45, 389 10BASE-5, 46, 389 10BASE-T, 46, 389-390 addresses, 47-48, 390 compared to IEEE 802.3 frames, 50-51 creating logical interfaces, 53, 390 data encapsulation, 51-52 frame format, 48-50 Gigabit Ethernet, 46, 390 interframe gap, 50 listing installed interfaces, 52-53, 390 making UP and DOWN interfaces, 53, 390 troubleshooting, 54, 390-391 ifconfig command, 54, 391 ndd command, 59-62, 391 netstat command, 55 ping command, 59, 391 snoop command, 55-57, 59, 391 traceroute command, 59, 391

INDEX

Ethernet addresses. See also MAC addresses, 390 ExamGear, 419 ExamGear, Training Guide Edition software, 449450 Adaptive Exam mode, 450, 457-458 studying for, 457 buttons, types of, 459-460 database, 451 Examination Score Report screen, 464-465 hot spot questions, 459 installing, 451-452 interface, 450-451 Item Review screen, 461-464 marking questions, 460 menu options, 453-454 modes of operation, 453 multiple-choice questions, 458-459 Practice Exam mode, 450 registering, 452 requirements, 451 Study mode, 450, 454-456 compared to Practice Exam mode and Adaptive Exam mode, 456 time remaining, 460 uninstalling, 452 updates, 465 web site, 465 Examination Score Report screen ExamGear, Training Guide Edition software, 464465 exams certification process. See certification process, 445 learning process, 417 pre-testing, 419 prep tips, 419-420 scheduling, 446 scores, 419 sessions, 420-421 study tips, 418 experimental addresses, 94 extension headers IPv6, 374

F FDDI (Fiber Distributed Data Interface), 26 FDM (Frequency Division Multiplexing), 25 Fiber Distributed Data Interface (FDDI), 26 fiber-optic cables, 37 File Transfer Protocol (FTP), 214 anonymous FTP, 218-219 clients, 214-217 server, 217-218 with web browser, 219 files data storage method, 248 finger command, 223-225 Flags field (IP headers), 98 flow control IP packets, 110 FQDN (fully qualified domain name), 306 FQDNs (fully qualified domain names), 310 FQHNs (fully qualified hostnames), 310 Fragment Offset field (IP headers), 98 fragmentation IP packets, 108-109 configuring MTU value, 109 frame check sequence Ethernet frames, 50 frames defined, 29, 78 Ethernet, 48-50 compared to IEEE 802.3 frames, 50-51 interframe gap, 50 Frequency Division Multiplexing (FDM), 25 frequency range bandwidth, 24 FTP (File Transfer Protocol), 214 anonymous FTP, 218-219 clients, 214-217 servers, 217-218 with web browser, 219 ftp command, 214 FTP servers testing for presence of, 222-223 fully qualified domain name (FQDN), 306 fully qualified domain names (FQDNs), 310

499

500

INDEX

fully qualified hostnames nslookup utility, 329 fully qualified hostnames (FQHNs), 310

G gateways, 144 active gateways defined, 162 defined, 22 passive gateways defined, 162 troubleshooting networks, 121 gateways (networks), 41-42 gateways. See also routers, 144 GET (SNMP PDU), 290, 406 get command, 216 GETBULK (SNMP PDU), 291 GETNEXT (SNMP PDU), 291, 406 GETRESPONSE (SNMP PDU), 291, 406 Gigabit Ethernet, 46, 390 groups (MIB), 289, 405

H handshaking defined, 197 Header Checksum field (IP headers), 100 header format IPv6 new features, 366 Header Length field (IP headers), 97 headers IPv6 fields, 372-373 IPv4 fields, 371-372 option extension headers, 374 priorities, 373-374 TCP/IP layers, 130-131 headers. See IP headers, 97 help command, 215, 221, 331-332 higher layer data

Ethernet frames, 50 HINFO (Host Info) resource record, 315, 410 history of the Internet, 75-77 hme (network interface), 103 hops defined, 149-150 infinity, 160 Host Info (HINFO) resource record, 315, 410 Host mode RDISC, 158-159, 396 host name resolution /etc/inet/hosts file, 303-305, 407 defined, 303 NIS (Network Information System), 303 NIS+, 303 with DNS, 309 host name resolution. See also DNS, 302 host names defined, 303 mapping to IP addresses, 302 mapping to IP addresses. See also DNS, 302 host parameters (TCP) setting, 121-122 host portion IP addresses, 85 hostnames mapping IP addresses to, 95-96 hosts, 35 acting as routers, 158, 396 defined, 20, 386 distinguishing among, 189 named.hosts file, 321-322 HOSTS.TXT file, 302 hot spot questions ExamGear, Training Guide Edition software, 459 hubs (networks), 39, 387 hybrid topology, 26-27, 386

I IAB (Internet Architecture Board) web site, 76 ICANN (Internet Corporation of Assigned Names

INDEX

and Numbers) web site, 76 ICMP, 82 (Internet Control Message Protocol), 79, 101, 393 packets Checksum field, 102 Code field, 102 Type field, 101-102 ICMPv6, 375 Identification field (IP headers), 98 IEEE 802.3 frames compared to Ethernet, 50-51 IETF (Internet Engineering Task Force), 365 IETF (Internet Engineering Task Force) web site, 76 IETF web site, 489 ifconfig command, 47, 52-54, 103, 106, 108, 174, 390-391, 399 ifconfig plumb command, 272 in.ftpd daemon command-line options, 217-218 in.rdisc daemon. See RDISC, 158 in.routed daemon. See RIP, 160, 397 include files configuring DNS servers, 325 inetd daemon starting services with, 202, 204-208 advantages/disadvantages, 209 infinity (hop counts), 160 information age, 76 information technology defined, 18 installed interfaces Ethernet listing, 52-53, 390 installing ExamGear, Training Guide Edition software, 451452 new services, 194 Interactive mode (nslookup utility), 328-329 interface ExamGear, Training Guide Edition software, 450451 interfaces

501

Ethernet creating logical interfaces, 53, 390 listing installed interfaces, 52-53, 390 making UP and DOWN interfaces, 53, 390 network interfaces configuring, 103-104, 393 troubleshooting, 120 verifying configuration, 106-108, 393-394 OSI network model, 32 virtual interfaces configuring, 104-106 interframe gap Ethernet, 50 International Standards Organization (ISO), 18 Internet defined, 21, 386 history of, 75-77 Internet Architecture Board (IAB) web site, 76 Internet Control Message Protocol version 6. See ICMPv6, 375 Internet Control Message Protocol. See ICMP, 79, 101, 393 Internet Corporation of Assigned Names and Numbers (ICANN) web site, 76 Internet Engineering Task Force (IETF), 365 Internet Engineering Task Force (IETF) web site, 76 Internet Protocol. See IP, 82 Internet Research Task Force (IRTF) web site, 76 Internet services. See services, 198, 400 Internet Society web site, 76 intranets defined, 22 IP (Internet Protocol), 82 operational overview, 82 IP addresses, 78-79, 188, 391-392 adding to DHCP scope, 254-256, 263 broadcast addresses, 86 class A networks, 87, 392 class B networks, 87, 392 class C networks, 87, 392 class D networks, 87, 392 class E networks, 88, 392 classes, summary of, 88

502

INDEX

configuring network interfaces, 103-104, 393 verifying, 106-108, 393-394 configuring virtual interfaces, 104-106 data flow, 125-127 dynamic allocation. See DHCP, 246 mapping host names to, 302 mapping host names to. See also DNS, 302 mapping to hostnames, 95-96 mapping to MAC addresses, 122-124, 394-395 netmasks, 85-86, 392 defined, 149 obtaining, 96-97 operational overview, 84-85 planning TCP/IP networks, 147-148 reserved addresses, 93-94 subnet masks, 88, 392-393 class B networks, 90-91 class C networks, 89-90 variable-length subnet masks, 91-92 supernetting, 92-93 troubleshooting, 113 ping command, 113-114, 116-117 traceroute command, 117-120 IP forwarding, 170-172 IP headers, 97 Destination Address field, 100 Flags field, 98 Fragment Offset field, 98 Header Checksum field, 100 Header Length field, 97 Identification field, 98 IP Options field, 100 Protocol field, 99-100 Source Address field, 100 Time-To-Live field, 98 Total Length field, 98 Type of Service field, 98 Version field, 97 IP layer. See Network layer, TCP/IP, 391 IP Options field (IP headers), 100 IP packets flow control, 110 fragmentation, 108-109 configuring MTU value, 109

TOS (Type of Service) field, 110 TTL field, 110-113 IP packets. See packets, 78 IP Security Architecture (IPsec), 367 IPsec (IP Security Architecture), 367 IPv4, 21, 76 historical overview of IPv6, 365 protocol field, 82 IPv4 header fields, 371-372 IPv4-compatible host addresses IPv6, 370 IPv6, 21, 76 /etc/inetd.conf file changes, 380 addresses, 368, 414 configuring, 375-378, 414-415 network troubleshooting commands, 378-379, 415-416 routing, 371 special addresses, 371 text representation of, 369-370 unicast addresses, 370 case study, 380 header fields, 372-373 IPv4 fields, 371-372 option extension headers, 374 priorities, 373-374 historical overview, 365-366 new features, 366-367 objectives, 363 IRTF (Internet Research Task Force) web site, 76 ISO (International Standards Organization), 18 ISO-OSI. See OSI, 18 Item Review screen ExamGear, Training Guide Edition software, 461464

L LANs (local area networks), 23 layer headers OSI network model, 32-33

INDEX

layered protocol model. See OSI network model, 34 le (network interface), 103 learning process, 417 lease offer acceptance by DHCP clients, 244 DHCP servers, 244 acknowledgment of offer, 245 lease release DHCP clients, 245 lease renewal DHCP boot process, 245 lease time (DHCP), 243 lease types DHCP, 246-247 Length/Type field Ethernet frames, 49 link local use addresses IPv6, 370 link-state advertisement (LSA), 152 link-state routing protocols, 152, 396 LISTENING state (sockets), 196 LLC (Logical Link Control) sublayer (OSI network model), 29 local area networks (LANs), 23 logical interfaces Ethernet creating, 53, 390 Logical Link Control (LLC) sublayer (OSI network model), 29 logical networks, 86 planning TCP/IP networks, 147-148 loopback address IPv6, 371 loopback interface named.local file, 321 network address for, 93 ls command, 215, 332-333 LSA (link-state advertisement), 152

M MAC (Medium Access Control) sublayer (OSI network model), 29

503

MAC addresses, 29, 47-48, 78, 188, 390 ARP cache adding new entries, 129 deleting entries, 129 displaying entries in, 128 broadcast addresses, 125 compared to network addresses, 30 mapping IP addresses to, 122-124, 394-395 macro study strategies, 418 Mail Exchanger (MX) resource record, 314-315, 409 Management Information Base. See MIB, 283 management stations (SNMP), 283 manual allocation (DHCP), 246 manually configuring DHCP clients, 272 manually configuring virtual interfaces, 105-106 manually starting services, 199 mapping host names to IP addresses, 302 host names to IP addresses. See also DNS, 302 IP addresses to hostnames, 95-96 master agent resource configuration files SNMP agents, 293, 406 master agent-subagent model (SNMP), 292, 406 maximum transmission unit (MTU), 285 Maximum Transmit Units. See MTU, 108 Medium Access Control (MAC) sublayer (OSI network model), 29 menu options ExamGear, Training Guide Edition software, 453454 messages DHCP, 246 messages (SNMP), 290, 405 Authentication Header, 290, 405 PDU (Protocol Data Unit), 290-291, 406 port numbers, 291 MIB (Management Information Base), 283-284, 287288, 405 groups, 289, 405 private MIBs, 289 micro study strategies, 418 mixed topology, 26-27, 386 MTU

504

INDEX

(Maximum Transmit Units), 108 configuring value for, 109 MTU (maximum transmission unit), 285 multicast addresses, 87 IPv6, 368, 414 multicast clients (NTP) configuring, 352 multicast routing IPv6 new features, 366 multiple-choice questions ExamGear, Training Guide Edition software, 458459 multiport repeaters. See hubs, 39 MX (Mail Exchanger) resource record, 314-315, 409

N name resolution. See DNS, host name resolution, 302 Name Server (NS) resource record, 314, 409 named-bootconf utility, 324 named.boot file converting to named.conf file, 324-325 named.ca file, 319-321 named.conf file creating, 317-319, 410 named.hosts file, 321-322 named.local file, 321 named.rev file, 322 naming conventions domains, 306-307 sockets, 195 NAT (network address translation), 20, 96 NCP (Network Control Protocol), 75 ndd command, 59-62, 122, 231-233, 391 neighbor discovery IPv6 new features, 367 netmasks default, 149 defined, 85-86, 149, 392 troubleshooting networks, 121 netstat -a command, 195

netstat -i command, 107-108 netstat -rn command, 106-107 netstat command, 53, 55, 153, 173-174, 209-211, 218, 231, 390, 399 troubleshooting DNS, 336, 412 network address translation (NAT), 20, 96 network addresses, 148-150 compared to MAC addresses, 30 defined, 85 dot notation, 93 network administrator certification process, 446 network aliasing defined, 84 network classes summary of, 88 Network Control Protocol (NCP), 75 Network Information System (NIS), 302-303 network interfaces configuration troubleshooting, 120 configuring, 103-104, 393 verifying configuration, 106-108, 393-394 Network layer IP addresses, 188 TCP/IP, 78-79, 391 Network layer (OSI network model), 29-30, 389 network management SNMP. See SNMP, 293 network operating systems, 35 network portion IP addresses, 85 network routes defined, 29 network services. See services, 198, 400 Network Time Protocol. See NTP, 345 network troubleshooting commands for IPv6 addresses, 378-379, 415-416 networks access lists defined, 20 access methods, 43, 388 broadcast, 43 CSMA/CD, 43-44 defined, 19

INDEX

nonbroadcast, 43 Token Ring, 44 token-passing, 43 adapters, 35 backbones, 38 bandwidth defined, 22-23, 386 frequency range, 24 baseband networks, 25 bridges, 39, 387 broadband networks, 25 cables, 36 coaxial cables, 36 fiber-optic cables, 37 twisted-pair cables, 36-37 class A networks, 87, 392 class B networks, 87, 392 class C networks, 87, 392 class D networks, 87, 392 class E networks, 88, 392 connections between, 35 connectors, 37 data frames defined, 19 defined, 18-19, 386 dividing into subnets, 88, 392-393 class B networks, 90-91 class C networks, 89-90 variable-length subnet masks, 91-92 Ethernet, 44, 389 100BASE-T, 46 10BASE-2, 45, 389 10BASE-5, 46, 389 10BASE-T, 46, 389-390 addresses, 47-48, 390 compared to IEEE 802.3 frames, 50-51 creating logical interfaces, 53, 390 data encapsulation, 51-52 frame format, 48-50 Gigabit Ethernet, 46, 390 interframe gap, 50 listing installed interfaces, 52-53, 390 making UP and DOWN interfaces, 53, 390 troubleshooting, 54-57, 59-62, 390-391

gateways, 41-42 defined, 22 hardware description list, 42 hosts, 35 defined, 20, 386 hubs, 39, 387 Internet defined, 21, 386 intranets defined, 22 LANs (local area networks), 23 logical networks, 86 objectives, 15 OSI network model, 27 advantages of, 34-35 Application layer, 31, 389 compared to TCP/IP layers, 80-81, 391 Data Link layer, 29, 389 data transfer process, 32-33 interfaces, 32 layers, 28, 31, 388-389 Network layer, 29-30, 389 peer protocols, 32 Physical layer, 28-29, 389 Presentation layer, 31, 389 Session layer, 30-31, 389 Transport layer, 30, 389 protocols defined, 21, 27, 386 repeaters, 38, 387 routers, 41, 387 defined, 20-21, 386 segments, 37 supernetting, 92-93 switches, 40-41, 387 Token Ring, 26 topologies, 25, 386 bus topology, 25-26, 386 hybrid topology, 26-27, 386 ring topology, 26, 386 star topology, 26, 386 transceivers, 38 troubleshooting, 120 broken cables, 120

505

506

INDEX

gateways, 121 interface misconfiguration, 120 netmasks, 121 WANs (wide area networks), 23-24 netwrk addresses defined, 94 new features IPv6, 366-367 NIS (Network Information System), 302-303 NIS+, 303 NIS+ (nisplus) data storage method, 248 nisplus (NIS+) data storage method, 248 nodes. See hosts, 20 non-default server options configuring DHCP, 270, 403 non-reliable protocols defined, 83 nonbroadcast network access method, 43 NS (Name Server) resource record, 314, 409 nslookup testing DNS servers, 328 BIND version, 333 changing default DNS server, 330-331 help command, 331-332 Interactive mode, 328-329 listing resource records, 332-333 reverse hostname resolution, 330 short and fully qualified hostnames, 329 unresolved hostnames, 330 troubleshooting DNS, 335, 411 NTP (Network Time Protocol, 345 broadcast/multicast mode, 349 case study, 358-359 client/server mode, 349 clients, 348 configuring, 352-353, 412-413 objectives, 345 overview, 347 peer servers, 348 configuring, 352 servers, 348 configuring, 349-352, 412 stratum level, 348

symmetric active/passive mode, 349 time sources, 348 configuring servers, 349-352, 412 troubleshooting, 353-354, 413 ntpq utility, 355 snoop command, 355-358 xntpdc utility, 354-355 xntpd daemon, 347 ntpdate utility, 353 ntpq utility troubleshooting NTP, 355

O object identifiers (OIDs), 285 objectives client-server applications, 183 DHCP, 239 DNS, 299 IPv6, 363 networks, 15 NTP (Network Time Protocol), 345 routing, 141 services, 183 SNMP (Simple Network Management Protocol), 281 TCP/IP, 15, 69-70 objects (SNMP), 285 MIB groups, 289, 405 octets defined, 84 OIDs private MIBs, 289 OIDs (object identifiers), 285 Open Shortest Path First. See OSPF, 83 Open Systems Interconnect. See OSI, 18 OSI (Open Systems Interconnect), 18 OSI network model, 27 advantages of, 34-35 data transfer process, 32-33 interfaces, 32

INDEX

layers, 28, 31, 388-389 Application layer, 31, 389 compared to TCP/IP layers, 80-81, 391 Data Link layer, 29, 389 Network layer, 29-30, 389 Physical layer, 28-29, 389 Presentation layer, 31, 389 Session layer, 30-31, 389 Transport layer, 30, 389 peer protocols, 32 OSPF (Open Shortest Path First), 83 outlines preparing, 418

P packet lengths ping command, 115 packet reassembly defined, 109 packets capturing, 55-57, 59, 391 defined, 78 hops defined, 149-150 ICMP packets, 101, 393 Checksum field, 102 Code field, 102 Type field, 101-102 IP forwarding, 170-172 IP headers, 97 Destination Address field, 100 Flags field, 98 Fragment Offset field, 98 Header Checksum field, 100 Header Length field, 97 Identification field, 98 IP Options field, 100 Protocol field, 99-100 Source Address field, 100 Time-To-Live field, 98 Total Length field, 98

507

Type of Service field, 98 Version field, 97 layer headers, 130-131 TTL value, 172 packets (IP) flow control, 110 fragmentation, 108-109 configuring MTU value, 109 TOS (Type of Service) field, 110 TTO field, 110-113 packets. See PDUs, 52 padding Ethernet frames, 50 parameters host parameters (TCP) setting, 121-122 passive gateways defined, 162 PDU (Protocol Data Unit) SNMP messages, 290-291, 406 PDUs (protocol data units), 52 peer protocols OSI network model, 32 peer servers (NTP), 348 configuring, 352 Physical layer TCP/IP, 77, 391 Physical layer (OSI network model), 28-29, 389 physical topology planning TCP/IP networks, 146-147 ping command, 59, 107, 111, 113-114, 116-117, 173, 391, 393-394, 398 planning DHCP deployment, 247-248 TCP/IP networks, 146 logical networks, 147-148 physical topology, 146-147 pntadm utility, 266 Pointer (PTR) resource record, 315, 409 polling clients (NTP) configuring, 353 port numbers, 189 defined, 186, 188, 399 list of, 230-231

508

INDEX

SNMP messages, 291 well-known port numbers, 190-194, 400 Practice Exam mode ExamGear, Training Guide Edition software, 450 compared to Study mode, 456 pre-testing, 419 preamble Ethernet frames, 48 prefixes IPv6 addresses, 368, 414 prep tips, 419-420 preparing outlines, 418 Presentation layer (OSI network model), 31, 389 primary domain name servers, 311, 407-408 configuring, 316 named.ca file, 319-321 named.conf file creation, 317-319, 410 named.hosts file, 321-322 named.local file, 321 named.rev file, 322 defined, 308 private MIBs, 289 problems. See troubleshooting, 54 Protocol Data Unit (PDU) SNMP messages, 290-291, 406 protocol data units (PDUs), 52 protocol field IPv4, 82 Protocol field (IP headers), 99-100 protocol stacks defined, 34 protocol translators. See gateways, 22 protocols Application layer, 197 ARP. See ARP, 74, 123 BGP. See BGP, 83 BOOTP (Bootstrap Protocol), 243 broadcast protocols defined, 123 defined, 21, 27, 386 DHCP (Dynamic Host Configuration Protocol), 125 DHCP. See DHCP, 242 FTP (File Transfer Protocol), 214

anonymous FTP, 218-219 clients, 214-217 servers, 217-218 with web browser, 219 ICMP. See ICMP, 79, 101, 393 ICMPv6. See ICMPv6, 375 IP. See IP, 82 IPv6. See IPv6, 365 NCP (Network Control Protocol), 75 non-reliable protocols defined, 83 NTP. See NTP (Network Time Protocol), 345 OSI network model, 27 advantages of, 34-35 Application layer, 31, 389 compared to TCP/IP layers, 80-81, 391 Data Link layer, 29, 389 data transfer process, 32-33 interfaces, 32 layers, 28, 31, 388-389 Network layer, 29-30, 389 peer protocols, 32 Physical layer, 28-29, 389 Presentation layer, 31, 389 Session layer, 30-31, 389 Transport layer, 30, 389 OSPF. See OSPF, 83 RARP. See RARP, 74, 123 RDISC. See RDISC, 158, 396 reliable protocols defined, 83 RIP. See RIP, 83, 158, 396 routed protocols defined, 151, 395 routing protocols, 83 defined, 151, 395 distance-vector routing, 151-152, 395 link-state routing, 152, 396 SNMP. See SNMP (Simple Network Management Protocol), 281 TCP (Transmission Control Protocol), 79 TCP/IP defined, 21 TCP/IP. See TCP/IP, 73

INDEX

Telnet, 220 clients, 220 escape sequence (^]), 220-221 verifying remote server processes, 221-223 UDP (User Datagram Protocol), 79 ps command, 258 PTR (Pointer) resource record, 315, 409 put command, 216

Q QoS (Quality of Service) IPv6 new features, 367 Quality of Service (QoS) IPv6 new features, 367 questions exams, 419 marking ExamGear, Training Guide Edition software, 460

R r commands, 226, 400 configuring, 226-228 rcp, 229-230 rlogin, 229 rsh, 230 RARP, 79, 124, 395 (Reverse Address Resolution Protocol), 74, 123 broadcast addresses, 125 operational overview, 82 raw sockets, 195 rcp command, 229-230 RDISC (Router Discovery Protocol), 158, 396 configuring, 158 Host mode, 158-159, 396 Router mode, 159, 396-397 disabling, 160 reference time sources. See time sources (NTP),

509

349, 412 registering ExamGear, Training Guide Edition software, 452 registrars for DNS servers web site for, 312 registration files SNMP agents, 293, 406 relay agents (DHCP) configuring, 270-271, 403 reliable protocols defined, 83 remote hosts r commands, 226, 400 configuring, 226-228 rcp, 229-230 rlogin, 229 rsh, 230 remote logons Telnet, 220 clients, 220 escape sequence (^]), 220-221 verifying remote server processes, 221-223 Remote Procedure Calls (RPC), 211-213 remote server processes verifying with Telnet, 221-223 removing. See uninstalling, 452 repeaters (networks), 38, 387 Request for Comments. See RFCs, 75 requirements ExamGear, Training Guide Edition software, 451 reserved IP addresses, 93-94 resource configuration files SNMP agents, 293, 406 resource records (RRs), 313, 408-410 Address (A), 314, 409 avoiding unnecessary, 334 Canonical Name (CNAME), 315, 409 Host Info (HINFO), 315, 410 listing, 332-333 Mail Exchanger (MX), 314-315, 409 Name Server (NS), 314, 409 Pointer (PTR), 315, 409 Start of Authority (SOA), 313-314, 408-409 Text (TXT), 315, 410

510

INDEX

Well-Known Services (WKS), 316, 410 Reverse Address Resolution Protocol. See RARP, 74, 123 reverse host name resolution defined, 303-304, 407 reverse hostname resolution named.rev file, 322 nslookup utility, 330 RFCs, 76 (Request for Comments), 75 for SNMP list of, 284 list of, 489-490 ring topology, 26, 386 RIP (Routing Information Protocol), 83, 158, 396 configuring, 160, 397 advertisements, 160-161 RIPE Network Coordination Center web site, 96 rlogin command, 229 root name servers list of, 307-308 named.ca file, 319-321 route command, 153 routed protocols defined, 151, 395 Router Discovery Protocol. See RDISC, 158, 396 Router mode RDISC, 159, 396-397 routers, 144 default routes defined, 150 defined, 20-21, 386 hosts acting as, 158, 396 routing tables defined, 149 routers (networks), 41, 387 routers. See also gateways, 144 routers. See also routing, 144 routing Bellman-Ford routing algorithm, 151 case study, 175 CIDR (classless internet domain routing), 157 configuration files, 161, 397-398

/etc/defaultrouter file, 162 /etc/gateways file, 162, 398 /etc/inet/networks file, 163 /etc/init.d/inetinit file, 163-170, 398 default routes, 156-157 dynamic routing, 144, 150, 395 compared to static routing, 157 in TCP/IP networks operational overview, 145-146 IP forwarding, 170-172 IPv6, 371 objectives, 141 RDISC (Router Discovery Protocol), 158, 396 configuring, 158 disabling, 160 Host mode, 158-159, 396 Router mode, 159, 396-397 RIP (Routing Information Protocol), 158, 396 advertisements, 160-161 configuring, 160, 397 SPF (Shortest Path First) routing algorithms, 152, 396 static routing, 144, 150, 395 compared to dynamic routing, 157 configuring, 153-154 example, 154-156 troubleshooting, 172, 398 ifconfig command, 174, 399 netstat command, 173-174, 399 ping command, 173, 398 traceroute command, 173, 398 Routing Information Protocol. See RIP, 83, 158, 396 routing protocols, 83 defined, 151, 395 distance-vector routing, 151-152, 395 link-state routing, 152, 396 routing tables defined, 83, 149 routing. See also routers, 144 RPC (Remote Procedure Calls), 211-213 RPC program numbers

INDEX

defined, 211 rpcinfo command, 212-213, 231 rpdbind daemon, 211-213 RRs. See resource records, 313 rsh command, 230 running services displaying list of, 209-211 rup command, 225 ruptime command, 226 rwho command, 225

S SAPs (service access points), 28, 34 scheduling exams, 446 scope (DHCP), 243 adding IP addresses to, 254-256, 263 score exams, 419 scripts DHCP startup script, 267-268, 401-402 starting services as daemons, 198-202 secondary domain name servers, 311, 408 configuring, 323 secondary name servers defined, 308 security DNS servers, 333-334 client access restrictions, 334 resource records, avoiding unnecessary, 334 zone transfer access restrictions, 334 IPv6 new features, 367 segments (networks), 37 Sendmail daemon sample startup script, 199, 201 starting manually, 199 serial numbers in resource records, 313 servers defined, 80, 187, 197, 399 DHCP

511

discovery during boot process, 244 lease acknowledgment during boot process, 245 lease offer during boot process, 244 running in Debug mode, 275 DNS servers host name resolution, 309 list of root name servers, 307-308 DNS servers. See DNS servers, 310 FTP (File Transfer Protocol), 217-218 FTP servers testing for presence of, 222-223 SMTP servers Telnet client sessions, 222 servers (NTP), 348 configuring, 349-352, 412 service access points (SAPs), 28, 34 services case study, 234 connection-less communication versus connectionoriented communication, 197 installing new, 194 list of port numbers, 230-231 list of running services, 209-211 objectives, 183 port numbers, 189 RPC (Remote Procedure Calls), 211-213 starting, 198, 400 advantages of different methods, 209 as daemons, 198-202 with inetd daemon, 202, 204-208 Session layer (OSI network model), 30-31, 389 sessions exam, 420-421 SET (SNMP PDU), 291, 406 shielded twisted-pair cables, 37 Shortest Path First (SPF) routing algorithms, 152, 396 Simple Network Management Protocol. See SNMP, 281 site local use addresses IPv6, 370 SMI (Structure of Management Information), 285 OIDs (object identifiers), 285 SMTP servers

512

INDEX

Telnet client sessions, 222 SNMP (Simple Network Management Protocol), 281 agents, 283-284 configuration files, 292-293, 406-407 master agent-subagent model, 292, 406 ASN.1 (Abstract Syntax Notation One), 286 case study, 293-294 community names, 290 components of, 284 management stations, 283 messages, 290, 405 Authentication Header, 290, 405 PDU (Protocol Data Unit), 290-291, 406 port numbers, 291 MIB (Management Information Base), 283-284, 287-288, 405 groups, 289, 405 private MIBs, 289 objectives, 281 overview, 283-284, 404-405 RFCs, list of, 284 SMI (Structure of Management Information), 285 OIDs (object identifiers), 285 traps, 283-284 versions, 284 snoop command, 55-57, 59, 111, 123, 130-131, 160, 258, 273, 391 troubleshooting NTP, 355-358 SOA (Start of Authority) resource record, 313-314, 408-409 sockets, 189, 193, 195-196 defined, 30, 186, 188, 399 naming conventions, 195 types of, 195 Solaris 8 certification process. See certification process, 445 source address Ethernet frames, 49 Source Address field (IP headers), 100 Source Quench packets (flow control), 110 source service access point (SSAP), 51 special addresses

IPv6, 371 SPF (Shortest Path First) routing algorithms, 152, 396 SSAP (source service access point), 51 star topology, 26, 386 start frame delimiter Ethernet frames, 48 Start of Authority (SOA) resource record, 313-314, 408-409 starting services, 198, 400 advantages of different methods, 209 as daemons, 198-202 with inetd daemon, 202, 204-208 startup enabling DHCP at, 272 startup script DHCP, 267-268, 401-402 static routing, 144, 150, 395 compared to dynamic routing, 157 configuring, 153-154 example, 154-156 strategies study, 418 stratum level (NTP), 348 Structure of Management Information (SMI), 285 OIDs (object identifiers), 285 Study mode ExamGear, Training Guide Edition software, 450, 454-456 compared to Practice Exam mode and Adaptive Exam mode, 456 studying exams sessions, 420-421 learning process, 417 pre-testing, 419 study tips, 418 subdomains delegating, 316 versus zones, 309-310 subnet masks, 88, 392-393 class B networks, 90-91 class C networks, 89-90

INDEX

variable-length subnet masks, 91-92 Sun Certified Network Administrator certification process, 446 Sun Certified System Administrator certification process, 445 supernetting defined, 92-93 switches (networks), 40-41, 387 symmetric active/passive mode (NTP), 349 synchronization time synchronization. See NTP (Network Time Protocol), 347 system administrator certification process, 445 system calls connect(), 193 system requirements ExamGear, Training Guide Edition software, 451

T TCP, 82 connection-oriented services, 83-84 host parameters setting, 121-122 TCP (Transmission Control Protocol), 79 TCP layer. See Transport layer, TCP/IP, 391 TCP window size defined, 121 TCP/IP, 77 (Transmission Control Protocol/Internet Protocol), 73 case study, 132 connection-less services, 83-84 connection-oriented services, 83-84 data flow, 125-127 defined, 21 history of the Internet, 75-77 layers, 77, 391 Application layer, 80, 391 compared to OSI network model layers, 80-81, 391 Data Link layer, 78, 391 headers for, 130-131

Network layer, 78-79, 391 Physical layer, 77, 391 Transport layer, 79, 391 objectives, 15, 69-70 protocol suite, 74, 82-83 TCP/IP networks network addresses, 148-150 planning, 146 logical networks, 147-148 physical topology, 146-147 routing operational overview, 145-146 TCP/IP utilities finger command, 223-225 FTP (File Transfer Protocol), 214 anonymous FTP, 218-219 clients, 214-217 servers, 217-218 with web browser, 219 rup command, 225 ruptime command, 226 rwho command, 225 Telnet, 220 clients, 220 escape sequence (^]), 220-221 verifying remote server processes, 221-223 TCP/IP. See also IP addresses, 86 Telnet, 220 clients, 220 escape sequence (^]), 220-221 troubleshooting DNS, 336-337, 412 verifying remote server processes, 221-223 terminators defined, 26, 37 testing DNS servers with nslookup, 328 BIND version, 333 changing default DNS server, 330-331 help command, 331-332 Interactive mode, 328-329 listing resource records, 332-333 reverse hostname resolution, 330 short and fully qualified hostnames, 329 unresolved hostnames, 330

513

514

INDEX

pre-testing, 419 testing. See also exams, 419 Text (TXT) resource record, 315, 410 Thick Ethernet defined, 46 Thinnet defined, 45 time exams, 419 time remaining ExamGear, Training Guide Edition software, 460 time sources (NTP), 348 configuring servers, 349-352, 412 time synchronization. See NTP (Network Time Protocol), 347 Time-To-Live field (IP headers), 98 tips exams sessions, 420-421 prep tips, 419-420 study, 418 Token Ring, 44 Token Ring networks, 26 token-passing network access method, 43 top-level domains defined, 306-307 topologies, 25, 386 bus topology, 25-26, 386 hybrid topology, 26-27, 386 ring topology, 26, 386 star topology, 26, 386 topology physical topology planning TCP/IP networks, 146-147 TOS (Type of Service) field IP packets, 110 Total Length field (IP headers), 98 traceroute command, 59, 117-120, 173, 391, 394, 398 transceivers (networks), 38 Transmission Control Protocol (TCP), 79 Transmission Control Protocol/Internet Protocol. See TCP/IP, 73 Transport layer

port numbers, 189 TCP/IP, 79, 391 Transport layer (OSI network model), 30, 389 TRAP (SNMP PDU), 291, 406 traps (SNMP), 283-284 troubleshooting client-server applications, 231 ndd command, 231-233 netstat command, 231 rpcinfo command, 231 DHCP, 273, 404 running client in Debug mode, 273-275 DNS, 335, 411-412 client configuration problems, 337-338 server configuration problems, 338 with netstat command, 336, 412 with nslookup, 335, 411 with Telnet, 336-337, 412 DNS configuration, 314 Ethernet, 54, 390-391 ifconfig command, 54, 391 ndd command, 59-62, 391 netstat command, 55 ping command, 59, 391 snoop command, 55-57, 59, 391 traceroute command, 59, 391 IP address configuration, 113 ping command, 113-114, 116-117 traceroute command, 117-120 IPv6 addresses, 378-379, 415-416 networks, 120 broken cables, 120 gateways, 121 interface misconfiguration, 120 netmasks, 121 NTP (Network Time Protocol), 353-354, 413 ntpq utility, 355 snoop command, 355-358 xntpdc utility, 354-355 routing, 172, 398 ifconfig command, 174, 399 netstat command, 173-174, 399 ping command, 173, 398 traceroute command, 173, 398

INDEX

TTL field IP packets, 110-113 TTL value (packets), 172 twisted-pair cables, 36-37 TXT (Text) resource record, 315, 410 Type field (ICMP packets), 101-102 Type of Service (TOS) field IP packets, 110 Type of Service field (IP headers), 98

U UDP, 82 connection-less services, 83-84 UDP (User Datagram Protocol), 79 unconfiguring DHCP, 268-269, 402 unicast addresses IPv6, 368, 370, 414 uninstalling ExamGear, Training Guide Edition software, 452 unresolved hostnames nslookup utility, 330 unshielded twisted-pair cables, 37 unused address IPv6, 371 UP interfaces Ethernet making, 53, 390 updates ExamGear, Training Guide Edition software, 465 User Datagram Protocol (UDP), 79

V variable-length subnet masks (VLSMs), 91-92 verifying network interface configuration, 106-108, 393394 Version field (IP headers), 97 versions

515

NTP (Network Time Protocol), 347 versions of SNMP, 284 virtual interfaces configuring, 104-106 VLSMs (variable-length subnet masks), 91-92

W W3C (World Wide Web Consortium) web site, 76 WANs (wide area networks), 23-24 web browsers FTP with, 219 web sites ExamGear, Training Guide Edition software, 465 IETF, 489 Internet Architecture Board (IAB), 76 Internet Corporation of Assigned Names and Numbers (ICANN), 76 Internet Engineering Task Force (IETF), 76 Internet Research Task Force (IRTF), 76 Internet Society, 76 IP registrars, 96 registrars for DNS servers, 312 RFCs for SNMP, list of, 284 RFCs, list of, 77 World Wide Web Consortium (W3C), 76 well-known port numbers, 190-194, 400 Well-Known Services (WKS) resource record, 316, 410 wide area networks (WANs), 23-24 window sizes (TCP) defined, 121 WKS (Wll-Known Services) resource record, 316, 410 workstations. See clients, 244 World Wide Web Consortium (W3C) web site, 76 wrappers defined, 202

X xntpd daemon, 347

516

INDEX

xntpdc utility troubleshooting NTP, 354-355

Z zone transfer (DNS) access restrictions, 334 zones versus domains, 309-310 ^] (Telnet escape sequence), 220-221