trunk/network-administrator/tcpip.sgml

<!-- Debian Network Administartor's Manual - Overview of TCP/IP -->

    <chapt id="tcpip">

      <heading>TCP/IP</heading>

      <p>
      author = Duncan C Thomson <email>duncan@sciuro.demon.co.uk</email>
      </p>

      <p>
        topics = IP protocol, TCP protocol, IP addresses, IP interfaces, Routing
      </p>


<sect>Intro
<p>TCP/IP, as the name suggests, is a pair of protocols, and what most
of the Internet is built on.  Although physically the Internet is
made up of a wide range of networking technologies, from slow modem
links through Ethernet, to high-speed ATM-based switched networks,
and a wide range of different applications run over it - the WWW and
e-mail to name only two, the protocols which tie everything together
are Internet Protocol (IP), and, perhaps almost as great an extent,
Transmission Control Protocol.  Another protocol, UDP, is used
in place of TCP for some applications, especially in LAN
environments, but on the Internet the TCP/IP partnership rules.</p>

<p>diagram: various physical networks, IP, TCP and UDP, apps</p>

<p>This chapter describes firstly the basics of IP networking, and
later describes some of the more advanced features of TCP/IP available
to the Debian user.</p>
</sect>

<sect>IP Addresses

<p>Every computer connected directly to the Internet (or to any IP-based
network) is identified by an IP address.  IP addresses are four bytes
long, and are usually written as four decimal numbers separated by dots,
as in the examples below.
<list>
<item>10.34.92.111</item>
<item>127.0.0.1</item>
<item>172.19.220.2</item>
<item>192.168.50.109</item>
</list>
<p>IP addresses typically identify two things.  Firstly, they identify the
network on which a particular computer is located.  Secondly, they
identify a particular computer on that network.  Both these pieces of
information are present in an IP address, and they can be called the
<em>network part</em> and the <em>host part</em>.
Two special values for the host part
should be mentioned here - if the host part is all zeros, the
address refers to a network (ie it is a <em>network address</em> as
opposed to a <em>host address</em>).  If, alternatively, the host part
is all ones, the address refers to all hosts on the network (ie it is a
<em>broadcast</em> address).</p>

<p>In order to identify which part of the IP address is the host part,
and which part is the network part, there are two methods we can use.  The
first (and original) way is the easier by far to understand, so let's start
by having a look at how it works.  IP addresses are split into a number of
<em>classes</em>, and it is this class which tells us how to split an IP
address into its network and host parts.
<taglist>
<tag>Class A</tag>
<item>A class A IP address has as its first byte a number between 1 and
126.  The first byte of a class A IP address identifies the network, and
the remaining three bytes identify the host.</item>
<tag>Class B</tag>
<item>A class B IP address has as its first byte a number between 128 and
191.  Its first two bytes are the network identifier, and the remaining
two bytes are the host identifier on that network.</item>
<tag>Class C</tag>
<item>A class C IP address has as its first byte a number between 192 and
223.  Its first three bytes identify the network, and the remaining byte
identifies an individual host on that network.</item>
</taglist></p>

<p>From the above list you might notice that IP addresses beginning with
bytes from 224 and upwards are missing.  These belong to other classes of
IP address, not used for a normal IP host, and are beyond the discussion
in this section.</p>

<p>You might also notice that IP addresses beginning with 127 are missing.
IP addresses beginning with 127 are known as <em>loopback</em> addresses,
and can be used for testing TCP/IP without actually having a network
connection.</p>

<p>This is all very well, but what if we have been assigned a single
class C address range, but want to split it among several networks?  This
is where the second method of specifying the network and host parts can be
used.  This method specifies, along with an IP address, a <em>netmask</em>,
which has its bits set to one in the network part, and set to zero in the
host part.  So, for example, the default netmask for the various classes
of network as as below:
<taglist>
<tag>Class A</tag>
<item>255.0.0.0</item>
<tag>Class B</tag>
<item>255.255.0.0</item>
<tag>Class C</tag>
<item>255.255.255.0</item>
</taglist></p>

<p>These don't give us any new information beyond what the original address
classes told us.  The power in using netmasks, though, is that we can
choose arbitrary splits between the network and host parts - for example,
a netmask of 255.255.255.192 would allow us to split a class C network
into four parts, each with 62 host addresses.  Confused?  Let's look at
that example in more detail.</p>

<p>Let's suppose we've been allocated a class C network with IP addresses
beginning with 192.168.50.  If we convert the netmask 255.255.255.192 into
binary, we can see that in the last byte, the first two bits are one (that
is, they are included in the network part of the address) and the last six
bits are zeros (that is, they form the host part).  So, by using the IP
addresses we have been given, along with this netmask, we have split our
network into four, with <em>network addresses</em> given by setting these
two bits to their four possible combinations (00, 01, 10, 11) while
keeping the host part set to zeros (to identify the network):
<list>
<item>192.168.50.0</item>
<item>192.168.50.64</item>
<item>192.168.50.128</item>
<item>192.168.50.192</item>
</list></p>

<p>Now we know where our four network addresses come from.  What about our
host addresses?  They come from setting the host part in each <em>subnet</em>
to all values from 000001 to 111110 (remember - all ones is a broadcast
address).  That gives us a total of 62 hosts in each network, with addresses:
<list>
<item>192.168.50.1 - 192.168.50.62</item>
<item>192.168.50.65 - 192.168.50.126</item>
<item>192.168.50.129 - 192.168.50.190</item>
<item>192.168.50.193 - 192.168.50.254</item>
</list></p>

<p>In Linux, if we don't mention what netmask we are using, it's usually
assumed by the software that we want to use the default netmask for that
particular class of IP addresses.  You should only need to specify a netmask
if you are using one which is not the standard scheme for a particular class
of IP addresses.  It never does any harm to specify it though.</p>

<p>Each IP address should be <em>unique</em> on the Internet, or whichever
IP network you are connected to.  This means that your cannot assign IP
addresses at random to your machines, since most IP addresses are already
in use on the Internet.  In order to get a legal set of IP addresses for
your machines, you will normally go through an Internet Service Provider
(ISP).  If you have not been assigned such a range of addresses, you
should use one of the range of <em>private</em> IP addresses, set aside for
internet or testing use.  Be aware that you will not be able to connect to
the Internet directly from such a network; you will need to use some form
of Network Address Translation (NAT) to do this.  The ranges of IP addresses
set aside for private use are:
<list>
<item>10.0.0.0: a single class A network</item>
<item>172.16.0.0 - 172.31.0.0: 16 class B networks</item>
<item>192.168.0.0 - 192.168.255.0: 256 class C networks</item>
</list></p>

</sect>

<sect>IP Interface Configuration

<p>Once we know what IP address we wish to use for our machine, we will
have to bring up one of our network interfaces, and assign that IP address
(possibly along with a netmask) to it.  On most Debian systems this is done
when installing the system, and you are seldom likely to need to change
it on a simple system.</p>

<p>The <prgn>ifconfig</prgn> command is used to configure interfaces in
order to use IP with them.  There are a number of different network
interfaces available with the Linux kernel, some of which are summarised
below:
<taglist>
<tag>Loopback</tag>
<item>The loopback interface (<tt>lo</tt>), usually configured as IP
    address 127.0.0.1</item>
<tag>Ethernet</tag>
<item>Ethernet interfaces (with names like <tt>eth0</tt>, <tt>eth1</tt>,
    <tt>eth2</tt>) are used to access Ethernet cards</item>
<tag>PPP</tag>
<item>PPP stands for Point-to-Point Protocol, and is used to run a variety
    of networking protocols, including IP, over any kind of serial lines
    (null modem, modem, ISDN).  They have names like <tt>ppp0</tt>,
    <tt>ppp1</tt></item>
<tag>Token Ring</tag>
<item>Token Ring devices are accessed with device names like <tt>tr0</tt>,
    <tt>tr1</tt></item>
<tag>Dummy</tag>
<item>The dummy network drivers are used in systems who have an interface
    which is not always used, in order to provide a permanent IP interface
    for the relevant address.  The device names are <tt>dummy</tt>, or
    <tt>dummy0</tt>, <tt>dummy1</tt>, and so on</item>
</taglist>
There are a wide range of other network devices available, including
SLIP, PLIP (serial and parallel line IP), `shaper' devices for controlling
the traffic on certain interfaces, the ability to have several IP addresses
on a single device, as well as frame relay, AX.25, X.25, ARCnet, LocalTalk
and more.  Here, though, we'll concentrate on one of the most common - the
Ethernet interface.</p>

<p>In many cases, if you wish your kernel to automatically load modules
for certain device drviers, you may require to make changes to your
<prgn>/etc/conf.modules</prgn> or <prgn>/etc/modules</prgn> file.  For
example, to automatically load the NE2000 driver, you could have the
line:
<example>
alias eth0 ne
</example>
in your <prgn>/etc/conf.modules</prgn> file.</p>

<p>The simplest way to call <prgn>ifconfig</prgn> is to simply type its
name:
<example>
# /sbin/ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:18584 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18584 errors:0 dropped:0 overruns:0 carrier:0
          Collisions:0 
</example>
which simply returns information about the interfaces currently
configured.  If we wish now to bring up an Ethernet interface with the
address 192.168.50.23, we'd specify the interface name and the IP address
on <prgn>ifconfig</prgn>'s command line:
<example>
# /sbin/ifconfig eth0 192.168.50.23
# /sbin/ifconfig
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:18584 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18584 errors:0 dropped:0 overruns:0 carrier:0
          Collisions:0 

eth0      Link encap:Ethernet  HWaddr 00:00:E8:C5:64:2A  
          inet addr:192.168.50.23   Bcast:192.168.50.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:55 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          Collisions:7 
          Interrupt:10 Base address:0x300 
</example>
As can be seen from the example, the <prgn>ifconfig</prgn> now gives
information about the new interface, including the netmask, network
statistics, and information about the network driver itself.  The
<prgn>ifconfig</prgn> also allows the specification of a netmask when
the interface is configured, for example:
<example>
# /sbin/ifconfig eth0 192.168.50.23 netmask 255.255.255.192
</example>
Finally, to bring down an interface, use the following invocation of
<prgn>ifconfig</prgn>:
<example>
# /sbin/ifconfig eth0 down
</example>
Full information on the options available to <prgn>ifconfig</prgn> are
available in the manual page - <manref name="ifconfig" section="8">.</p>

<p>If you set up the IP addressing on your machine when you installed
Debian GNU/Linux, you should find that the <prgn>ifconfig</prgn> command
is run automatically on bootup.  This is done from the file
<prgn>/etc/init.d/network</prgn>.  Looking at this file should reveal a
number of lines similar to the following:
<example>
IPADDR=192.168.50.23
NETMASK=255.255.255.0
BROADCAST=192.168.50.255
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
</example>
This is where the setting up of the Ethernet interface takes place.  Above
these lines, you should see a line setting up the loopback interface, and
you should see a number of lines which appear to run a command called
<prgn>route</prgn>.  This program, and its function, is the subject of
the next section.</p>
</sect>

<sect>Basic IP Routing
<p>Once an IP interface has been set up, it is necessary that the Linux
kernel be told where to send IP information for various machines on the
IP network.  The kernel holds a table, called a <em>routing table</em>,
which lists a number of host or network addresses, along with
information on how to send IP packets to these destinations.</p>

<p>The <prgn>route</prgn> command is use to examine or update this table.
If only your loopback interface has been configured, this command used
on its own will typically give output which looks something like the
following:
<example>
# /sbin/route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
127.0.0.0       *               255.0.0.0       U     0      0        2 lo
</example>
<p>This says that any traffic for the network identified as `127' should be
routed through the loopback interface (<tt>lo</tt>).  The `genmask' column
specifies, in a similar way to a netmask, that this particular routing
table entry should be used to match any IP address beginning with the
number 127, no matter what the remainder is.</p>

<p>If our machine is connected to an Ethernet network, then typically we
will want to make sure that the kernel routing table knows how to send
information to this.  Assuming we have set up our machine to be
192.168.50.23, with a default class C netmask, the following command
will add a routing table entry for our local network:
<example>
# /sbin/route add -net 192.168.50.0
# /sbin/route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
127.0.0.0       *               255.0.0.0       U     0      0        2 lo
192.168.50.0    *               255.255.255.0   U     0      0      137 eth0
</example>
<p>This tells the kernel that any IP addresses which start with 192.168.50 are
on our local Ethernet network, and that they should be routed through the
`eth0' interface.  If you are using a non-standard netmask, this can be
specified as a command line option to the <prgn>route</prgn> command:
<example>
/sbin/route add -net 192.158.50.0 netmask 255.255.255.192
</example>
<p>A command like one of the above would be sufficient if our TCP/IP network
consisted of just a single network, not connected to anywhere else.
However, the strengths of TCP/IP are its <em>internetworking</em>
abilities, and normally a IP-based network consists of more than one
network.  In order to route IP packets from your machines to these other
networks, you require to specify <em>gateway</em> hosts (often called
<em>routers</em>) which deal with sending information to these other
networks.  There are in general two possibilities.</p>

<p>The first possibility is that we want to route IP packets to a specific
network, and we know the address of a gateway host or router which deals
with information for that network.  Suppose, for example, that there is
a machine 192.168.50.1 on our network, which is a router for the network
172.20.0.0 (a class B network).  The following options to the
<prgn>route</prgn> command specify this:
<example>
# route add -net 172.20.0.0 gw 192.168.50.1
</example>
<p>Since our routing table already contains an entry telling us how to
send information to 192.168.50.1 (it's on our local network), any traffic
for the remote network 172.20.0.0 is now sent to that machine, which deals
with it appropriately.</p>

<p>The other possibility is that we use a certain gateway as a
<em>default route</em> - a route used for all IP packets which don't
match other rules in our routing table.  If, for example, the machine
with IP address 192.168.50.254 is our router to the rest of the world
(the Internet, for example), we use the <prgn>route</prgn> command as
follows:
<example>
# /sbin/route add default gw 192.168.23.254
</example>
<p>At this stage, let's have another look at our routing table:
<example>
# /sbin/route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
127.0.0.0       *               255.0.0.0       U     0      0        2 lo
192.168.50.0    *               255.255.255.0   U     0      0      137 eth0
172.20.0.0      192.168.50.1    255.255.0.0     UG    1      0        7 eth0
default         192.168.50.254  0.0.0.0         UG    1      0       36 eth0
</example>
        <p>Going through the above table one line at a time:
<enumlist>
<item>We first specify a loopback address for all 127.*.*.* addresses</item>
<item>Next, we specify how to reach all machines on our local network,
    identified as 192.168.50.*</item>
<item>Next, we give a route to all machines on the network (172.20.*.*)
    connected to the machine 192.168.50.1, which is a router (or gateway)
    for that network</item>
<item>Finally, we specify that the machine 192.168.50.254 will deal with
    all other IP traffic</item>
          </enumlist>
</p>
<p>For now, we won't look at what the the various `flags', `metric' and
`ref' entries mean.</p>

<p>Let's have another look at a typical <prgn>/etc/init.d/network</prgn>
file, setup by Debian's installation procedure on a typical
Ethernet-connected machine:
<example>
#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
IPADDR=192.168.50.23
NETMASK=255.255.255.0
NETWORK=192.168.50.0
BROADCAST=192.168.50.255
GATEWAY=192.168.50.254
ifconfig eth0 ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
[ "${GATEWAY}" ] && route add default gw ${GATEWAY} metric 1
</example>
<p>The first two lines of this shell script set up the loopback interface,
and add an entry to the routing table for it.  The variables which follow
set up the IP address of our machine, the netmask, the address of our
local network, the broadcast address, and the IP address of our default
router.  Finally, our local Ethernet interface is set up with
<prgn>ifconfig</prgn>, and two invocations of the <prgn>route</prgn>
command add routing table entries for firstly the local network and
secondly our default gateway.</p>

<p>You may well find that the addresses (of networks and of machines)
in the output from the <prgn>route</prgn> command do not appear as
IP addresses, but are named.  The names of networks can be set up in
the <prgn>/etc/networks</prgn> file (which is normally set up by a
Debian's network setup routines at installation times), and the names
of hosts can come from a variety of machines, including the
<prgn>/etc/hosts</prgn> file and the Domain Name Service (DNS).
Let's now have a look at what DNS is and what it does.</p>

</sect>

<sect>Domain Name Service (DNS)
<p>Every computer connected to the Internet, or any network using
IP as its network protocol, has an IP address, in order that information
be able to be routed correctly to and from it.  IP addresses, though,
are a bit difficult for humans to remember, and for this reason, each
machine is also normally given a name.  When you install Debian, this
is one of the questions you will be asked - what the name of your
computer will be.</p>

<p>The name of your computer will be stored in a few locations.  You can
find out the name of your computer by typing the <prgn>hostname</prgn>
command, which returns the value in the file <prgn>/etc/hostname</prgn>.
If you are connected to the Internet, this name will usually have several
parts, separated from each other by dots, for example:
<example>
debian.anon.com
</example>
It is only the first part of this which is the name of your own
computer - the rest is known as the <em>domain name</em> - this is
the <tt>anon.com</tt> part.  Since there are likely to be several
computers with the same name on the Internet, each one is made unique
by putting it in its own domain.  Within a domain, normally one person
is responsible for giving out computers names, and administering a
database which holds all the names and addresses of the computers in
that domain.  This system is known as DNS, and is like a telephone
directory - you can look up a computer by name, and find out its IP
address.</p>

<p>Before DNS, people had to remember IP addresses in order to use
the Internet, and names were only known for a small subset of machines -
typically the machines in the local network, and maybe one or two machines
which were permanently connected to our site.  These names were stored in
a single file - <prgn>/etc/hosts</prgn> - and you'll normally find that
your own machine's name and IP address were added to that file when Debian
was installed.</p>

<p>DNS is a fairly complex system, and we'll look into more detail on it
later, along with the software (<prgn>bind</prgn>) which allows you to
look after your own DNS domain.</p>

<p>Here, though, we'll have a look at how DNS works from a <em>client's</em>
point of view - ie from the point of view of a machine which only needs to
look up machines in the DNS, rather than one which has to provide a DNS
service.</p>

<p>When a Debian machine needs to look up another computer's name in order
to find out its IP address, it uses a set of routines in the C library
called the <em>resolver</em>.  The resolver routines, in turn, consult
firstly the file <prgn>/etc/nsswitch.conf</prgn>, which, against an entry
for <tt>hosts</tt> will list the places that the resolver should check in
order to find out the IP address.  There are three possible entries here,
and if more than one of them is present, the resolver will check each one
in order.  These entries are:
<taglist>
<tag>files
<item>Check the file <prgn>/etc/hosts</prgn> for an entry for the particular
    hostname
<tag>nis
<item>Check the NIS database (which we will look at later) for the hostname
<tag>dns
<item>Check the Domain Name Service
</taglist>
A typical entry in <prgn>/etc/nsswitch</prgn> might be:
<example>
hosts:         files dns
</example>
This tells the resolver to check firstly the file <prgn>/etc/hosts</prgn>
and then query the DNS.</p>

<p>The DNS is configured by the file <prgn>/etc/resolv.conf</prgn>.  This
file normally specifies two things - firstly, the domain in which our
machine is, and secondly, a number of nameservers to ask for information.
An example would be:
<example>
domain anon.org
nameserver 172.19.0.1
nameserver 172.19.5.1
</example>
The first line tells the resolver library that if we ask for a machine
and don't specify a domain name, it should have <tt>anon.org</tt> appended
to it - ie the resolver, assuming that the machine is in our own domain,
should search it.  The two lines beginning with <tt>nameserver</tt> specify
the IP addresses of machines which we should query using DNS.  These should
always be IP addresses - not names - for obvious reasons.</p>

<p>Most networking utilities will automatically look up a machine's IP
address if you specify a name, but if you want to query the DNS directly,
the <tt>dnsutils</tt> package contains a program called
<prgn>nslookup</prgn>.  <prgn>nslookup</prgn> can be used either
one-off, by giving the name of the machine you are searching for,
possibly along with command-line arguments, or interactively, by
just typing <prgn>nslookup</prgn> on its own.  The interactive mode
allows a number of searches to be made, and provides some limited
help.</p>

<p><prgn>nslookup</prgn>, along with other programs to query the DNS,
and the software to provide a DNS service, will all be described in
more detail later.</p>

<p>For more information on DNS, please see <ref id="bind">.

</sect>

<sect>ICMP and IP Troubleshooting
</sect>

<sect>TCP and UDP
</sect>

<sect>Servers, Daemons and the Superserver
</sect>


    </chapt>

<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:"network-administrator.sgml chapt sect"
sgml-exposed-tags:nil
sgml-local-catalogs:"/usr/lib/sgml/catalog"
sgml-local-ecat-files:nil
End:
-->
