TCP/IP, as the name suggests, is a pair of protocols, and what most of the Internet is built on. Although physically the Internet is made up of a wide range of networking technologies, from slow modem links through Ethernet, to high-speed ATM-based switched networks, and a wide range of different applications run over it - the WWW and e-mail to name only two, the protocols which tie everything together are Internet Protocol (IP), and, perhaps almost as great an extent, Transmission Control Protocol. Another protocol, UDP, is used in place of TCP for some applications, especially in LAN environments, but on the Internet the TCP/IP partnership rules.

diagram: various physical networks, IP, TCP and UDP, apps

This chapter describes firstly the basics of IP networking, and later describes some of the more advanced features of TCP/IP available to the Debian user.

Every computer connected directly to the Internet (or to any IP-based network) is identified by an IP address. IP addresses are four bytes long, and are usually written as four decimal numbers separated by dots, as in the examples below. 10.34.92.111 127.0.0.1 172.19.220.2 192.168.50.109

IP addresses typically identify two things. Firstly, they identify the network on which a particular computer is located. Secondly, they identify a particular computer on that network. Both these pieces of information are present in an IP address, and they can be called the network part and the host part. Two special values for the host part should be mentioned here - if the host part is all zeros, the address refers to a network (ie it is a network address as opposed to a host address). If, alternatively, the host part is all ones, the address refers to all hosts on the network (ie it is a broadcast address).

In order to identify which part of the IP address is the host part, and which part is the network part, there are two methods we can use. The first (and original) way is the easier by far to understand, so let's start by having a look at how it works. IP addresses are split into a number of classes, and it is this class which tells us how to split an IP address into its network and host parts. Class A A class A IP address has as its first byte a number between 1 and 126. The first byte of a class A IP address identifies the network, and the remaining three bytes identify the host. Class B A class B IP address has as its first byte a number between 128 and 191. Its first two bytes are the network identifier, and the remaining two bytes are the host identifier on that network. Class C A class C IP address has as its first byte a number between 192 and 223. Its first three bytes identify the network, and the remaining byte identifies an individual host on that network.

From the above list you might notice that IP addresses beginning with bytes from 224 and upwards are missing. These belong to other classes of IP address, not used for a normal IP host, and are beyond the discussion in this section.

You might also notice that IP addresses beginning with 127 are missing. IP addresses beginning with 127 are known as loopback addresses, and can be used for testing TCP/IP without actually having a network connection.

This is all very well, but what if we have been assigned a single class C address range, but want to split it among several networks? This is where the second method of specifying the network and host parts can be used. This method specifies, along with an IP address, a netmask, which has its bits set to one in the network part, and set to zero in the host part. So, for example, the default netmask for the various classes of network as as below: Class A 255.0.0.0 Class B 255.255.0.0 Class C 255.255.255.0

These don't give us any new information beyond what the original address classes told us. The power in using netmasks, though, is that we can choose arbitrary splits between the network and host parts - for example, a netmask of 255.255.255.192 would allow us to split a class C network into four parts, each with 62 host addresses. Confused? Let's look at that example in more detail.

Let's suppose we've been allocated a class C network with IP addresses beginning with 192.168.50. If we convert the netmask 255.255.255.192 into binary, we can see that in the last byte, the first two bits are one (that is, they are included in the network part of the address) and the last six bits are zeros (that is, they form the host part). So, by using the IP addresses we have been given, along with this netmask, we have split our network into four, with network addresses given by setting these two bits to their four possible combinations (00, 01, 10, 11) while keeping the host part set to zeros (to identify the network): 192.168.50.0 192.168.50.64 192.168.50.128 192.168.50.192

Now we know where our four network addresses come from. What about our host addresses? They come from setting the host part in each subnet to all values from 000001 to 111110 (remember - all ones is a broadcast address). That gives us a total of 62 hosts in each network, with addresses: 192.168.50.1 - 192.168.50.62 192.168.50.65 - 192.168.50.126 192.168.50.129 - 192.168.50.190 192.168.50.193 - 192.168.50.254

In Linux, if we don't mention what netmask we are using, it's usually assumed by the software that we want to use the default netmask for that particular class of IP addresses. You should only need to specify a netmask if you are using one which is not the standard scheme for a particular class of IP addresses. It never does any harm to specify it though.

Each IP address should be unique on the Internet, or whichever IP network you are connected to. This means that your cannot assign IP addresses at random to your machines, since most IP addresses are already in use on the Internet. In order to get a legal set of IP addresses for your machines, you will normally go through an Internet Service Provider (ISP). If you have not been assigned such a range of addresses, you should use one of the range of private IP addresses, set aside for internet or testing use. Be aware that you will not be able to connect to the Internet directly from such a network; you will need to use some form of Network Address Translation (NAT) to do this. The ranges of IP addresses set aside for private use are: 10.0.0.0: a single class A network 172.16.0.0 - 172.31.0.0: 16 class B networks 192.168.0.0 - 192.168.255.0: 256 class C networks

Once we know what IP address we wish to use for our machine, we will have to bring up one of our network interfaces, and assign that IP address (possibly along with a netmask) to it. On most Debian systems this is done when installing the system, and you are seldom likely to need to change it on a simple system.

The ifconfig command is used to configure interfaces in order to use IP with them. There are a number of different network interfaces available with the Linux kernel, some of which are summarised below: Loopback The loopback interface (lo), usually configured as IP address 127.0.0.1 Ethernet Ethernet interfaces (with names like eth0, eth1, eth2) are used to access Ethernet cards PPP PPP stands for Point-to-Point Protocol, and is used to run a variety of networking protocols, including IP, over any kind of serial lines (null modem, modem, ISDN). They have names like ppp0, ppp1 Token Ring Token Ring devices are accessed with device names like tr0, tr1 Dummy The dummy network drivers are used in systems who have an interface which is not always used, in order to provide a permanent IP interface for the relevant address. The device names are dummy, or dummy0, dummy1, and so on There are a wide range of other network devices available, including SLIP, PLIP (serial and parallel line IP), `shaper' devices for controlling the traffic on certain interfaces, the ability to have several IP addresses on a single device, as well as frame relay, AX.25, X.25, ARCnet, LocalTalk and more. Here, though, we'll concentrate on one of the most common - the Ethernet interface.

In many cases, if you wish your kernel to automatically load modules for certain device drviers, you may require to make changes to your /etc/conf.modules or /etc/modules file. For example, to automatically load the NE2000 driver, you could have the line: alias eth0 ne in your /etc/conf.modules file.

The simplest way to call ifconfig is to simply type its name: # /sbin/ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:18584 errors:0 dropped:0 overruns:0 frame:0 TX packets:18584 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 which simply returns information about the interfaces currently configured. If we wish now to bring up an Ethernet interface with the address 192.168.50.23, we'd specify the interface name and the IP address on ifconfig's command line: # /sbin/ifconfig eth0 192.168.50.23 # /sbin/ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0 UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1 RX packets:18584 errors:0 dropped:0 overruns:0 frame:0 TX packets:18584 errors:0 dropped:0 overruns:0 carrier:0 Collisions:0 eth0 Link encap:Ethernet HWaddr 00:00:E8:C5:64:2A inet addr:192.168.50.23 Bcast:192.168.50.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:55 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 Collisions:7 Interrupt:10 Base address:0x300 As can be seen from the example, the ifconfig now gives information about the new interface, including the netmask, network statistics, and information about the network driver itself. The ifconfig also allows the specification of a netmask when the interface is configured, for example: # /sbin/ifconfig eth0 192.168.50.23 netmask 255.255.255.192 Finally, to bring down an interface, use the following invocation of ifconfig: # /sbin/ifconfig eth0 down Full information on the options available to ifconfig are available in the manual page - .

If you set up the IP addressing on your machine when you installed Debian GNU/Linux, you should find that the ifconfig command is run automatically on bootup. This is done from the file /etc/init.d/network. Looking at this file should reveal a number of lines similar to the following: IPADDR=192.168.50.23 NETMASK=255.255.255.0 BROADCAST=192.168.50.255 ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST} This is where the setting up of the Ethernet interface takes place. Above these lines, you should see a line setting up the loopback interface, and you should see a number of lines which appear to run a command called route. This program, and its function, is the subject of the next section.

Once an IP interface has been set up, it is necessary that the Linux kernel be told where to send IP information for various machines on the IP network. The kernel holds a table, called a routing table, which lists a number of host or network addresses, along with information on how to send IP packets to these destinations.

The route command is use to examine or update this table. If only your loopback interface has been configured, this command used on its own will typically give output which looks something like the following: # /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 127.0.0.0 * 255.0.0.0 U 0 0 2 lo

This says that any traffic for the network identified as `127' should be routed through the loopback interface (lo). The `genmask' column specifies, in a similar way to a netmask, that this particular routing table entry should be used to match any IP address beginning with the number 127, no matter what the remainder is.

If our machine is connected to an Ethernet network, then typically we will want to make sure that the kernel routing table knows how to send information to this. Assuming we have set up our machine to be 192.168.50.23, with a default class C netmask, the following command will add a routing table entry for our local network: # /sbin/route add -net 192.168.50.0 # /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 127.0.0.0 * 255.0.0.0 U 0 0 2 lo 192.168.50.0 * 255.255.255.0 U 0 0 137 eth0

This tells the kernel that any IP addresses which start with 192.168.50 are on our local Ethernet network, and that they should be routed through the `eth0' interface. If you are using a non-standard netmask, this can be specified as a command line option to the route command: /sbin/route add -net 192.158.50.0 netmask 255.255.255.192

A command like one of the above would be sufficient if our TCP/IP network consisted of just a single network, not connected to anywhere else. However, the strengths of TCP/IP are its internetworking abilities, and normally a IP-based network consists of more than one network. In order to route IP packets from your machines to these other networks, you require to specify gateway hosts (often called routers) which deal with sending information to these other networks. There are in general two possibilities.

The first possibility is that we want to route IP packets to a specific network, and we know the address of a gateway host or router which deals with information for that network. Suppose, for example, that there is a machine 192.168.50.1 on our network, which is a router for the network 172.20.0.0 (a class B network). The following options to the route command specify this: # route add -net 172.20.0.0 gw 192.168.50.1

Since our routing table already contains an entry telling us how to send information to 192.168.50.1 (it's on our local network), any traffic for the remote network 172.20.0.0 is now sent to that machine, which deals with it appropriately.

The other possibility is that we use a certain gateway as a default route - a route used for all IP packets which don't match other rules in our routing table. If, for example, the machine with IP address 192.168.50.254 is our router to the rest of the world (the Internet, for example), we use the route command as follows: # /sbin/route add default gw 192.168.23.254

At this stage, let's have another look at our routing table: # /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 127.0.0.0 * 255.0.0.0 U 0 0 2 lo 192.168.50.0 * 255.255.255.0 U 0 0 137 eth0 172.20.0.0 192.168.50.1 255.255.0.0 UG 1 0 7 eth0 default 192.168.50.254 0.0.0.0 UG 1 0 36 eth0

Going through the above table one line at a time: We first specify a loopback address for all 127.*.*.* addresses Next, we specify how to reach all machines on our local network, identified as 192.168.50.* Next, we give a route to all machines on the network (172.20.*.*) connected to the machine 192.168.50.1, which is a router (or gateway) for that network Finally, we specify that the machine 192.168.50.254 will deal with all other IP traffic

For now, we won't look at what the the various `flags', `metric' and `ref' entries mean.

Let's have another look at a typical /etc/init.d/network file, setup by Debian's installation procedure on a typical Ethernet-connected machine: #! /bin/sh ifconfig lo 127.0.0.1 route add -net 127.0.0.0 IPADDR=192.168.50.23 NETMASK=255.255.255.0 NETWORK=192.168.50.0 BROADCAST=192.168.50.255 GATEWAY=192.168.50.254 ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST} route add -net ${NETWORK} [ "${GATEWAY}" ] && route add default gw ${GATEWAY} metric 1

The first two lines of this shell script set up the loopback interface, and add an entry to the routing table for it. The variables which follow set up the IP address of our machine, the netmask, the address of our local network, the broadcast address, and the IP address of our default router. Finally, our local Ethernet interface is set up with ifconfig, and two invocations of the route command add routing table entries for firstly the local network and secondly our default gateway.

You may well find that the addresses (of networks and of machines) in the output from the route command do not appear as IP addresses, but are named. The names of networks can be set up in the /etc/networks file (which is normally set up by a Debian's network setup routines at installation times), and the names of hosts can come from a variety of machines, including the /etc/hosts file and the Domain Name Service (DNS). Let's now have a look at what DNS is and what it does.