Linux - Network Administrator's Guide

[The#Danger]

TCP / IP networks

Modern network applications is very sophisticated and thoughtful approach based on an order data to another machine to transfer from one. If you Linux system with many users manage one, the compounds of the remote host record will at the same time, you must ensure that your network connection is split so that all users can be served and not against each other in the way come of it. The concept of the modern network protocols is used by many to be packet-oriented data transmission (packet-switching) is called. A package is a small data package, the network from one machine to another via a transfer. A packet-based network uses single network cables, data to be transmitted by all hosts in the divided packets, transmits them one by one in turn. In this way, each user the impression that he would immediately operated and the power line it would be exclusively available.

The solution of UNIX systems - and many non-UNIX sites - has been adopted, TCP / IP known as. If it is TCP / IP is about, you will encounter the term datagram, the packet is used as a synonym for often, in technical matters but actually has a different meaning. In this section we will consider the underlying concepts.


Introduction to TCP / IP networks

The roots of TCP / IP are in a research project by the U.S. Defense Advanced Research Projects Agency (DARPA) in 1969 was funded years. What is the name of ARPANET began as an experimental network under was in 1975 transferred to the normal operation after it had proved itself successful.

In 1983 family, the new TCP / IP protocol used as the standard, and all hosts on the network you had to use from now on. While ARPANET slowly grew to the Internet (with ARPANET in 1990, ceased to exist), had TCP / IP networks on the Internet has spread outside. Many companies now have corporate networks based on TCP / IP and the Internet has grown so that it can well-regarded mainstream as consumer technology. One finds hardly a newspaper or magazine in which not some reference to the Internet is contained. Almost anyone can now use it.

As a concrete example to illustrate TCP / IP in the following sections, we introduce the land-based Fred somewhere Groucho Marx University (GMU) in. Most institutions operate their own local network, while another common use of one and several others run again. All are connected to each other and share a high-speed cable access to the Internet.

Imagine, your Linux box is a LAN of Unix hosts on the mathematics institute connected to (let's call them just erdos). In order to host the Institute of Physics, say on quark access to, you must enter the following command:

$ rlogin quark.physics Welcome to the Physics Department at GMU (ttyq2) login:

When the prompt appears, you must login name, eg, else, and you enter your password. After the correct input is on quark a shell a start, you can work in as if you were sitting at the console of the system. Once you leave the shell will return to the prompt of your own machine. They thus have a basic, interactive applications currently being used, the IP provides TCP /: remote login, the login to a remote computer.

While you are logged in QuarkXPress, you may want an X11-based application, a word processor, a graphics program or a Web browser running, for example. The X Window System is a fully network-based graphical user interface and many different computer systems available for. In order to inform the application that their expenditure of your computer screen should appear on the, you must set the DISPLAY environment variable:

$ DISPLAY=erdos.maths:0.0
$ export DISPLAY

When you launch the application now, appear not spending more on quark, but on your computer, ie, the window of the application appear on the screen of your computer (provided that runs on X11 erdos). The point here is that TCP / IP, Quark and erdos allowed to send packets back and forth-X11, and pretends you so that you are working on a single system. The network is almost transparent.

Another very important application in TCP / IP networks is NFS, which stands for Network File System. NFS is another way to make transparent networks because it allows you to mount directory hierarchies from other hosts. This will be displayed on your computer as if they were local filesystems. For example, the home directories on a central machine, users are kept of all the other hosts on the LAN, all of the directories to mount. This means that users can always log on any machine and still more in their respective home directory, find themselves. In the same way you can run applications that have a large space (such as databases, documentation or application programs), only one computer and install it on many hosts to allow access. These are obviously only some examples of what you / IP networks, TCP can do everything with. The possibilities are almost unlimited. Some of them we will introduce in the course of the book.

We now take a closer look at how TCP / IP. This information will help you understand how and why you need to configure your machine. We begin by examining the hardware and work our way slowly.

[The#Danger]

Ethernet

The most widely used LAN hardware is known as Ethernet. In its simplest form it consists of a single cable, the host of special connectors, taps or transceiver connects two. Simple Ethernet are relatively inexpensive to install, what - 100 or 1000 megabits per second - certainly for its popularity has maintained, the possible transmission rates of 10 together.

Ethernet is available in three versions: Thick, Thin and two wire (twisted pair). Thin and thick Ethernet each use a coaxial cable, each in thickness and in the way different but, like a host cable is connected to this. Thin Ethernet uses a T-shaped "BNC" connector, which you insert into the cable and the connector on the back of your computer to attach. If you have thick Ethernet cable into the small hole drill, and a transceiver using a so-called Vampire Taps "used". One or more hosts can then be combined this with a transceiver. The cable for Thin and Thick-Ethernet allowed length of 200 and 500 meters do not exceed a maximum. It is, therefore, 10Base-2 or 10Base-5 called. The word "Base" refers to "baseband modulation" and simply means that any data the cable modem directly passed in without. The left number shows speed in megabits per second to the right number and the maximum length of cable as a multiple of hundred (in meters). "Twisted Pair" uses a two-wire copper cable, and usually additional hardware that is known as an active hub. Twisted Pair 10Base-T is also called, the "T" stands for the twisted pair cable. The version with 100 Mbits per second is commonly known as 100Base-T.

Although adding another host to a thick Ethernet is a somewhat thorny issue, but it brings the network does not crash. Add host in a thin Ethernet is one, set contrast, the network, at least for a few minutes lame, because you have to cut the cable to insert the connector. Twisted-pair networks are still simpler. When connecting node using a so-called "hub". You can connect to these other hosts, or remove hosts connected without disturbing other users. functions, you can safely host a hub insert into or remove him, without users even in the least disturbing the other.

Most people prefer thin Ethernet before, because it is very cheap. Cards for the PC for less than DM 100 offered significantly. The price of cable is one to two marks per meter. For larger installations pair is thick Ethernet or twisted the better choice. For example, at the Mathematical Institute of the GMU uses a thick Ethernet, so the network must not be shut down every time a new computer is added. Meanwhile, installations are often twisted pair carried out in various versions. The Hub hardware is getting cheaper, and small appliances are now fallen to a level that it makes for interesting small home networks as well. Twisted-pair cabling can all at tremendous cost savings from large installations, and the cable itself is the bargain much more flexible than the coaxial cable to the other systems used in Ethernet. The network administrators of the Mathematical Institute of the GMU intend to year, the entire network through a twisted-pair network to replace coming in, because on the one hand the latest in state of the art does and the other in significant time savings is one of, if it comes new host computer or install to other locations to relocate existing hosts.

A disadvantage of Ethernet technology is the limited length of the cable, which limits the use on LANs. On the other hand, you can connect multiple Ethernet segments together by repeaters, bridges or routers use so-called. Repeaters simply copy the signals between two or more segments, which means that segments all work together, as if it were a single Ethernet. Due to the timing requirements may not hosts on the network no more than four repeaters between two uses. Bridges and routers are as even more complex. They analyze incoming data and then pass only when receiving host is not located in the local Ethernet.

Ethernet works like a bus system in which packets (or frames) with a size of up to 1,500 bytes on a different host in the same Ethernet can transmit host. A host will be a six-byte address addressed, the Ethernet card set is registered in the firmware. These addresses are typically used as a sequence of two-digit hexadecimal numbers written, the colon-separated from each other by (such as aa: bb: cc: dd: ee: ff).

[The#Danger]

A frame is emitted from one computer to all computers connected by registered, but only the target host reads the packet and processes it. Stations at the same time try to send two, so-called collision occurs to one. This collision is, however, by the electronics on the network cards quickly identified and resolved by the sending station to cancel both random time and wait for a re-try to transfer data. You may have heard stories about the problems of such collisions is that many of the Ethernet and only one third of its actual capacity can take advantage of such a result. Ethernet collisions are a normal phenomenon, and in heavily loaded Ethernets you do not have to wonder if the collision rate of about 30 percent occur there. You must, therefore, from a workload of about 60 percent worry only because the more realistic limits of practicable transmission capacity of an Ethernet.


Other types of hardware

For larger installations such as Groucho Marx University, Ethernet is usually only used not. There are also many other data communication protocols. They are supported by Linux, but we go here for space reasons, only briefly. For more in-depth observations is the existing protocols of the HOWTO documents referenced.

At GMU, the backbone LANs of all institutions connected with the university, a fiber optic cable, over the FDDI (Fiber Distributed Data Interface) is running. FDDI uses a different approach to data transmission in which a number of so called tokens are emitted. A station may only transmit a packet, if they could catch this one of a token. The main advantages of FDDI are primarily in the significantly lower number of collisions and therefore not affect the capacity of the transport medium can exploit almost completely. This results in speeds of up to 100 Mbps. The length of a fiber optic cable can be much larger than the wire-based technologies. The limit is only about 200 miles - ideal for linking many buildings in cities or - in the case of GMU - of the many buildings on campus.

Installations of IBM Token Ring networks are found especially in situations where parts of the technical equipment of IBM product. Token Ring is some LAN environments as an alternative to Ethernet deployed in and provides about the same advantages as FDDI, which utilize the full transmission capacity of the transport medium concerns. the wire cables used to achieve Token Ring networks can only transfer rates of up to 4 Mbps or 16 Mbps, this cable but are much cheaper than fiber optic cable. In Linux, the token-ring network support configured as practical such as Ethernet, so that we can not further elaborate on here.

Although it is far less common these days, other LAN technologies such as ArcNet or DECNet be installed. Linux supports these too, but we will not explain it.

Many national networks that are managed by telecom companies to support so-called packet-switching protocols (Packet Switching Protocols). The most popular of these is X.25. Many of the so-called public data networks - such as Tymnet in the U.S., Australia or Austpack Datex-P in Germany - a range of services to them. X.25 defines itself a number of networking protocols that describe how (eg a host computer) with a data communications equipment (X.25 switch) to communicate data terminals. X.25 requires a synchronous data connection and therefore special synchronous serial interfaces. It is also possible to use normal serial ports if you have a special hardware called PAD (Packet Assembler / Disassembler) is available. A PAD is a device with a synchronous serial interface and one or more asynchronous serial interfaces. It manages the X.25 protocol so that even simple and accept-able terminals establish connections X.25. X.25 is a vehicle for other network protocols such as TCP / IP is often used. Because IP packets X.25 packets are implemented can not easily (conversely, not incidentally), they are simply packages "packaged" in X.25 and sent over the network. In Linux, the X.25 protocol is currently supported only experimentally.

A more recent protocol, which is offered by telecommunications companies is often the so-called Frame Relay. This protocol has some similarities to the X.25 protocol behaves, but almost like the IP protocol. Such as X.25 and Frame Relay requires special synchronous serial hardware. Because of their common support many network cards both protocols simultaneously. However, there are also versions available, the internal hardware to do without. They are based on an external device that Relay Access Device (FRAD) is designated as frame and data transfer for the "proof" of IP packets in frame relay packets is responsible for. Frame Relay is ideal for the transmission of TCP / IP packets between sites. Linux provides support for some internal frame relay maps.

If you need a high-speed network, the normal data, various media such as digitized voice and video can transfer your save, perhaps ATM (Asynchronous Transfer Mode) is just the place for you. ATM is a new network technology that was specially designed, high speed and low delay to transfer data while (Quality of Service [QA]) to maintain quality control purposes. Many telecom companies built all the infrastructure in ATM networks because they have a combination of a variety of network services in a single platform with them and thereby reducing administrative and support costs a hope. ATM is usually transport of TCP / IP data used to. The Networking HOWTO provides information on the support of ATM in Linux.

Amateur radio operators often use their radio equipment to network their computers. This technique is radio (or Ham radio) called packet. One of the protocols used by amateur radio operators is called AX.25 and is derived in some way on X.25. It is used to transfer TCP / IP and other protocols used as well. AX.25 as needed X.25 synchronous serial hardware, or a particular device, the Terminal Node Controller "is called" as. This will come in packets over an asynchronous serial connection, the data packets converted to transmitted synchronously. There are a variety of different interface cards, the radio mode can work package: they are called "Z8530 SCC-based means (according to the most frequently used communications controller). Two other frequently with AX.25 transmitted (network layer) protocols are NetRom and Rose. Since both protocols run over AX.25, they have the same hardware requirements. Linux offers full support for AX.25, NetRom and Rose. The AX25-HOWTO is a good source of information about the Linux implementations of these protocols.

Other techniques use slow but cheap serial lines for Internet access via dial-up lines (telephone, ISDN etc.). This again requires a different protocol for data transmission, such as SLIP or PPP.

[The#Danger]

The Internet Protocol
Of course, you do not know that your Ethernet network or a point-to-point connection is limited to. Ideally, you should host computer can communicate with one without having to take regardless of what type of network it is connected. For example, you can find at a larger installation, usually a number of separate networks, the way must be connected to each other and any kind on. On the Mathematics Department of GMU is working with two Ethernets: a network with fast machines for professors and academic staff and one with slow machines for the students. Both networks depend on the university's FDDI backbone.
The connection is from a particular host, called a gateway, managed, and the outgoing packets between two Ethernets and the fiber line copies a. Let's assume, for example, sit in the mathematical institute and want from your Linux computer on the LAN of the physical quark Institute access. The network software packages can not directly send to quark, because it is not the same is in Ethernet. The software must therefore now rely on a gateway that forwards the packet accordingly. The gateway (let's call it sophus) directs the packets to the gateway niels on, the function of the Physics department accepts this. Transmission is via the backbone, and delivers the data niels then out to the target computer. This scheme of transfer of data to a remote host is called routing. The data packets are in this context often referred to as datagrams. To simplify things somewhat, datagrams are exchanged via a single protocol that the hardware is completely independent of: IP or Internet Protocol. The main advantage of IP is that there are different networks into one apparently homogeneous network sums up physically. This is called "internetworking" called, and the resulting meta-network "is known as the Internet. Note here the subtle difference between an Internet and the Internet. The Internet is the official name of a certain global Internet.

Of course, IP also requires a hardware-independent addressing scheme. This is achieved in that each host a unique 32-bit number is assigned, the so-called IP address. Shown is an IP address usually by four decimal numbers, one for each 8-bit portion that are separated by dots. For example, QuarkXPress IP address 0x954C0C04 have the ones you write as it would be 149.76.12.4. This format is also dotted decimal notation or dotted quad notation called and occurs more recently under the name IPv4 (Internet Protocol version 4) in appearance. Meanwhile, a new standard called IPv6 development, the much more flexible addressing scheme is based on one and to offer more advanced features added. However, it is the release of this book at least a year to take up IPv6 in a larger scale is used.

You will have noticed that we have three different types of addresses have: First, we have host names like quark, then there are IP addresses, and finally, there are hardware addresses as the 6-byte Ethernet address. All this must fit together somehow so that when you type rlogin quark, the network software the IP address can be passed from Quark.

[The#Danger]

IP over serial lines

For serial lines, there is a SLIP (Serial Line IP) known as "de facto" standard. A modified version of SLIP is CSLIP, or SLIP, in which the compressed IP header compressed to the relatively low bandwidth serial links better use. Another serial protocol is PPP (Point-to-Point Protocol). PPP over SLIP offers a number of other features that make it attractive to do something. The main advantage over SLIP is that it is to transport IP datagrams is restricted to not, but any datagram types get along with.
Transmission Control Protocol

With the transfer of datagrams from one host to another is not enough. If you log in to quark, you want a reliable connection between your rlogin process on erdos and the shell process on quark. however, means that information transmitted from the transmitter in packets and the receiver split again into a data stream must be composed of the right's. Thus you may seem trivial, the even, so this approach involves, however, a number of complicated tasks.

A very important fact you should know about IP is that it is basically unreliable, and that on purpose! Just imagine that ten people in the same time start your Ethernet, the latest edition of the Web browser of Netscape from the FTP server of the GMU download sites. The amount of data to be transmitted could be too much for the gateway, because it slowly, or not enough memory is loaded with too. If you now want a package sent to Quark, the buffer could be full of sophus straight, and the computer in this case would not be able to forward the packet. IP solves this problem by this package easy to "forget" - the package is lost irretrievably. The responsibility for the integrity, and completeness of the data is therefore in the communicating hosts that it must take care accordingly, re-send data packets in case of error.

This is yet another protocol called TCP, or Transmission Control Protocol, done by the reliable service to IP based one. The main feature of TCP is that it uses IP to give the impression to you, that a simple connection between the two processes on your host and the remote machine exists. You do not need to worry about which route the data to actually go and how. A TCP connection works basically like a two-way pipe that both processes can write and read on. Think of it as a simple telephone conversation.

TCP identifies the end points of such a connection using the IP addresses of the two hosts and the number of a so-called ports on each host. Ports can be a kind of access point for network connections of as. If we stick to our telephone example, you can address with area code numbers (numbers for specific cities) and port numbers with the local code (numbers of individual students) compare IP. A single host can offer many different services, the port numbers distinguish their basis.

In our application example opens rlogin (rlogin) the client a port on erdos and connects to port 513 on quark ago, the server uses the rlogind. In this way a TCP connection is established. Through this connection leads rlogind authorization by first and starts (spawns) a shell. The standard input and output of the shell, the TCP connection is redirected ("redirection"). This means that all you rlogin to your machine by typing over the TCP stream and standard input passed to the shell used as is.
User Datagram Protocol
Of course, TCP is not the only TCP / IP networking protocol used. Although suitable for applications such as rlogin, prohibits the use of TCP because of the overhead to manage by itself for some applications such application is NFS, which related to the TCP or UDP User Datagram Protocol) is used. Just as TCP and UDP allows an application service on a remote computer via a specific port to connect one into contact with. However, it is no connection established, but there are individual packages to the appropriate service sent only - hence the name.
Suppose you want a smaller amount of data from a database server query. For this to be at least three TCP datagrams to establish a connection, another three datagrams to send each data packet (in each direction) and three more datagrams to close the connection needed. The same result is achieved with only two UDP datagrams. UDP is "connectionless" called, because it requires no connection setup and removal. We need our data to a datagram just pack in and send it to the server. In the same way, the server sends back its response. This process is considerably faster than TCP, suitable only for very simple transactions but. UDP is in contrast to TCP data not cope with losses. It is therefore for the application (eg name server), to make sure.
More on Ports
You can port as access points for network connections imagine. Will an application offering a service, it uses a specific port and waits for clients. (This wait is a "listening" or listening on the port also known.) If a client wants to use the service, it provides a port on its local computer and connects to the port of the server on the remote host. The same port can be many different machines to open, but on each machine can process only one currently open a port.
An important property of ports is that, once a connection between the client and the server went up, another copy of the server to the server port to attach and clients can listen to more. This allows, for example, that a number of external login port 513 on the same host use the same time. TCP is able to distinguish the different compounds, because they all come from different ports or hosts. If you, for example, from twice to log in quark erdos, the first port uses the local rlogin client 1023 and the second port 1022nd Both represent but a connection to port 513 on quark ago. The two compounds are the port numbers used in erdos distinguished based.
This example illustrates the use of ports as a meeting place to which it is run by clients when a particular service should be taken in right. In order for a client the correct port number is attractive as well, numbers have an agreement between the administrators of both systems are made of this. For services that are spread far so as rlogin, the numbers centrally managed. This is the IETF (Internet Engineering Task Force) done by the regular intervals, called Assigned Numbers RFC (RFC) 1700 published. This document describes, among other things, the port numbers of well-known services. Linux uses a file called / etc / services, the service names to port numbers links.
It should be noted would be added that both TCP and UDP ports to build, but not to perform these numbers conflict. That is, for example, TCP port 513 UDP port 513 is not identical. In fact, these ports serve as access points for two different services, namely rlogin (TCP) and rwho (UDP), to be exact.

[The#Danger]

The Socket Library
The UNIX operating system is the software that performs these tasks and logs all, usually integrated directly into the kernel, and so it is with Linux. The most common programming in the Unix world is the Berkeley Socket Library. The name comes from a famous analogy, the port sockets (sockets) and the connection to a port as a "Plugging" describes. The library provides the bind function that allows you to host, a transport protocol and a service can specify a remote, which a program can connect to or on the can listen to. For this purpose, the functions connect, listen and accept ready. The socket library is somewhat more general, because it offers not only a class of TCP / IP based sockets (the AF_INET sockets), but a class (the AF_UNIX class), which also manages connections to the local to held calculator. Some implementations can use other classes such as the protocol XNS (Xerox Networking System) or X.25 work around it.

In Linux, the socket library of the Standard C Library (libc). It supports the AF_INET and AF_INET6 for TCP / IP and AF_UNIX for Unix domain sockets, also AF_IPX for Novell network protocols, AF_X25 for the X.25 network protocol, AF_ATMPVC and AF_ATMSVC for the ATM network protocol and AF_AX25 - AF_NETROM - and AF_ROSE sockets for amateur radio protocols. Other protocol families are being developed and added to over time.

[The#Danger]

The call that leaves our plant has to get to the plant where the person you want to talk. No cables hundred million between them, but there is a link, which can be of various types. This link will be multiplexed to all subscribers of the plant can talk on the phone. This multiplexing is what makes a difference when it comes to the quality of service to the user. The multiplexing system using telephone exchanges called TDM: Time Division Multiplex. Is to divide the data stream equally 64k (called time-slots), so that data are the first party in the first time-slot, corresponding to the second in the second, and so on. Assuming a 2 Mbps link bandwidth, as conveyed 64k, could be up to 32 subscribers talking at once. This time multiplexing are separated and then rejoined the voice streams ranging from one exchange to another in a transparent manner for which it is used. The good thing is that as this technology is divided by a fixed time, you can ensure the time-slot and know that it always corresponds to the first party is the first time-slot and so on. Once communication is established, is guaranteed the bandwidth needed to speak without interruption. This, in particular, is very opposed to what is IP, or any links to packages that can be collisions, packet loss, etc.. Since in these links is very difficult to ensure that initial quality is maintained throughout the conversation, you may find that there are packets arriving earlier than others, the connection is saturated, and many other factors that affect the final quality of audio. In conclusion, TDM is one of the essential differences between ordinary telephone and Voice over IP, provides a predictive network and ensure quality.