Networking Advance Concepts : part 1

Viewing & monitoring Network Interfaces:

Following are the three important commands used for viewing & monitoring network interfaces:


1. ifconfig: 

This command shows OSI layer 2 related information. To display all the status of all interfaces use following command:
# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
The above command shows that the interface lo0 is up with IP address 127.0.0.1

ifconfig can be used to up or down the interface:

#ifconfig lo0 down
#ifconfig lo0 up

2. ping: 

This command is used to communicate with another system over the network. The ping uses ICMP protocol to communicate.
#ping computer1
computer1 is alive
#ping computer2
no answer

In the above example the computer1 is reachable but computer2 is not reachable.


3. snoop:

It is used to capture and inspect network packets to determine the kind of data transferred between systems.
#snoop system1 system2
system1 -> system2 ICMP Echo request (ID:710 Sequence number:0)
system2 -> system1 ICMP Echo reply (ID:710 Sequence number:0)

The above command is used to intercept the communication between system1 & system2. The system1 is trying to ping system2 and the ping is success.


snoop -o <file name>: Saves captured packets in file name as they are captured
snoop -i <file name>: Displays packets previously captured in file name
snoop -d <device>: Receives packets from a network interface specified by device



The Network Interfaces in Solaris is controlled by files & services:
svcs:/network/physical:default Service
This service calls /lib/svcs/method/net-physical method script. This script is run every time the system is rebooted.
This script uses ifconfig utility to configure each interface. It searches for file /etc/hostname.xxn. For each /etc/hostname.xxn file, the script uses ifconfig command with the plumb option to make kernel ready to communicate to the interface. The script then configures the names interfaces by using other options of the ifconfig command.

Note: In Solaris 8 & 9, the /etc/rcS.d/S30network.sh file is used to perform the same function. Before Solaris 8 OS, the /etc/rcS.d/S30rootusr.sh fiel was used.

/etc/hostname.xxn files

These file contains an entry that configures a corresponding interface. The variable component (xx) is replaced by an interface type and a number that differentiates between multiple interface of the same type configured in the system.The following table shows an example of file entries for Ethernet interfaces commonly found in Solaris systems:
/etc/hostname.e1000g0First e1000g (Intel PRO/1000 Gigabit family device driver) Ethernet interface in the system
/etc/hostname.bge0First bge (Broadcom Gigabit Ethernet device driver) Ethernet interface in the system
/etc/hostname.bge1Second bge Ethernet interface in the system
/etc/hostname.ce0First ce (Cassini Gigabit Ethernet Device driver) Ethernet interface in the system
/etc/hostname.qfe0First qfe(Quad Fast-Ethernet Device driver) Ethernet interface in the system 
/etc/hostname.hme0First hme (Fast-Ethernet Device driver) Ethernet interface in the system
/etc/hostname.eri0First eri (eri Fast-Ethernet Device driver) Ethernet interface in the system
/etc/hostname.nge0First nge (Nvidia Gigabit Ethernet Device driver) Ethernet interface in the system

The /etc/hostname.xxn files contain either the host name or the IP address of the system that contains the xxn interface.
The host name must be there in the file /etc/inet/hosts file so that it can be resolved to an IP address at system boot.
Example:
# cat /etc/hostname.ce0
Computer1 netmask + broadcast + up

/etc/inet/hosts file:

It is the file which associates the IP addresses of hosts with their names.It can be used with, or instead of , other hosts databases including DNS, NIS hosts map & NIS+ hosts table.
The /etc/inet/hosts file contains at least the loopback & host information. It has one entry for each IP address of each host. The entries in the files are in following format:
<IP address> <Host name> [aliases]
127.0.0.1 localhost

/etc/inet/ipnodes file:

It is a local database or file that associates the names of nodes with their IP addresses. It is a symbolic link to the /etc/inet/hosts file. It associates the names of nodes with their Internet Protocol (IP) addresses. The ipnodes file can be used in conjuction with, instead of, other ipnodes databases, including the DNS, the NIS ipnodes map, and LDAP.
The fomat of each line is:
<IP address> <Host Name> [alias]
# internet host table
::1 localhost
127:0:0:1 localhost
10.21.108.254 system1

Changing the System Host Name:

The system host name is in four system files & we must modify these files and perform a reboot to change a system host name:
/etc/nodename 
/etc/hostname.xxn
/etc/inet/hosts
/etc/inet/ipnodes

sys-unconfig Command:
The /usr/sbin/sys-unconfig command is used to restore a system configuration to an unconfigured state. This command does the following:
1. It saves the current /etc/inet/hosts files information in the /etc/inet/hosts.saved file.
2. It saves the /etc/vfstab files to the /etc/vfstab.orig file if the current /etc/vfstab file contains NFS mount entries.
3. It restores the default /etc/inet/hosts file. 


NETSTAT:

It lists the connection for all protocols and address family to and from machine.
The address family (AF) includes:
INET – ipv4
INET - ipv6
UNIX – Unix Domain Sockets(Solaris/FreeBSD/Linux etc.)

Protocols supported in INET/INET6 are:
TCP, IP, ICMP(PING), IGMP, RAWIP, UDP(DHCP, TFTP)

NETSTAT also list:
1. routing tables,
2. any multi-cast entry for NIC,
3 .DHCP status for various interfaces,
4.net-to-media/MAC table.

Usage: 

# netstat
UDP: Ipv4
Local Address Remote Address State
-------------------- -------------------- ----------
System1.bge0.54844 10.95.8.202.domain Connected
System1.bge0.54845 10.95.8.213.domain Connected
TCP: Ipv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -----------
localhost.41771 localhost.3306 49152 0 49152 0 ESTABLISHED
localhost.3306 localhost.41771 49152 0 49152 0 ESTABLISHED
localhost.50230 localhost.3306 49152 0 49152 0 CLOSE_WAIT
localhost.50231 localhost.3306 49152 0 49152 0 CLOSE_WAIT

Note: NETSTAT returns sockets by protocol using /etc/services lookup. Below example gives detailed information about the /etc/services files.

# ls -ltr /etc/services
lrwxrwxrwx 1 root root 15 Apr 8 2009 /etc/services -> ./inet/services(its soft link to /etc/inet/services)
The below example shows the content of the /etc/services file. Its columns represents Network services, port number and Protocol.
# less /etc/services
#
# Copyright 2008 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "@(#)services 1.34 08/11/19 SMI"
#
# Network services, Internet style
#
tcpmux 1/tcp
echo 7/tcp
echo 7/udp
discard 9/tcp sink null
discard 9/udp sink null
systat 11/tcp users
daytime 13/tcp
daytime 13/udp
netstat 15/tcp

Note: The NETSTAT command resolves the host name with the help of local /etc/hosts file or DNS server. There is an important file /etc/resolv.conf which tells resolver what look up facilities such as LDAP, DNS or files to use. /etc/nssswitch.conf is consulted by netstat to resolve names for IP.

/etc/resolv.conf:
# cat /etc/resolv.conf
domain WorkDomain
nameserver 10.95.8.202
nameserver 10.95.8.213


/etc/hosts file:
# cat /etc/hosts
127.0.0.1 localhost
172.30.228.58 mysystem.bge0 bge0
172.30.228.58 mysystem loghost

The command netstat -a will dump the connection including name lookup from /etc/services directly. It returns all protocols for all address families (TCP/UDP/UNIX).
#netstat -a
UDP: Ipv4
Local Address Remote Address State
-------------------- -------------------- ----------
*.snmpd Idle
*.55466 Idle
System1.bge0.55381 10.95.8.202.domain Connected
System1-prod.bge0.55382 10.95.8.213.domain Connected
*.32859 Idle

#netstat -an : 
-n option disables the name resolution of hosts and ports and speed up the o/p time

#netstat -i: 
returns state of configured interfaces.
# netstat -i
Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis Queue
lo0 8232 loopback localhost 1498672734 0 1498672734 0 0 0
nge0 1500 System1.bge0 System1.bge0 1081897064 0 1114394170 6 0 0

#netstat -m : 
It returns streams(TCP) statistics

streams allocation:
cumulative allocation
current maximum total failures
streams 408 4350 28881897 0
queues 841 4764 43912097 0
mblk 7062 40068 780613980 0
dblk 7062 45999 4815973363 0
linkblk 5 84 6 0
syncq 17 75 58511 0
qband 0 0 0 0
2469 Kbytes allocated for streams data

#netstat -p : 
It returns net to media information(MAC/layer-2 information).
Net to Media Table: Ipv4
Device IP Address Mask Flags Phys Addr
------ -------------------- --------------- -------- ---------------
nge0 defaultrouter 255.255.255.255 00:50:5a:1e:e4:01
nge0 172.30.228.54 255.255.255.255 00:14:4f:6f:39:13
nge0 172.30.228.52 255.255.255.255 o 00:14:4f:7e:97:53
nge0 172.30.228.53 255.255.255.255 o 00:14:4f:6f:4f:75
nge0 172.30.228.49 255.255.255.255 00:1e:68:86:84:16
nge0 System1.bge0 255.255.255.255 SPLA 00:21:28:70:19:36
nge0 System2 255.255.255.255 o 00:21:28:6b:c6:7a
nge0 172.30.228.57 255.255.255.255 SPLA 00:21:28:70:19:36
nge0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00
#netstat -P <protocol> (ip|ipv6|icmp|icmpv6|tcp|udp|rawip|raw|igmp): returns active sockets for selected protocol.
#netstat -r : returns routing table
# netstat -r
Routing Table: Ipv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ---------- ---------
default defaultrouter UG 1 53637
172.30.228.0 System1.bge0 U 1 3295 nge0
172.30.228.0 172.30.228.57 U 1 0 nge0:1
224.0.0.0 System1.bge0 U 1 0 nge0
localhost localhost UH 201 15889818 lo0


#netstat -D : 
It returns DHCP Configuration information (lease duration/renewal etc.)

#netstat -a -f <address_family>: 
It returns result corresponding to the specified address family
netstat -a -f inet|inet6|unix
netstat -a -f inet : It returns ipv4 information only.



Network Configuration

There are two main configuration:
1. Local files : configuration is defined statically via key files
2. Network configuration : DHCP is used to auto-config interfaces

dladm command: It is used to determine the physical interfaces using following command:
dladm show-dev or show-link.
The another command to check the same is ifconfig -a. However there is a difference between O/Ps.
The dladm shows layer 1 related information whereas ifconfig command returns layer 2&3 related information.

# dladm show-dev
ce0             link: unknown   speed: 1000  Mbps       duplex: full
ce1             link: unknown   speed: 1000  Mbps       duplex: full
ge0             link: unknown   speed: 1000  Mbps       duplex: unknown
eri0            link: unknown   speed: 100   Mbps       duplex: full

# ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
        inet 127.0.0.1 netmask ff000000 
ce0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 6
        inet 10.22.213.80 netmask ffffff00 broadcast 10.22.213.255
        ether 0:14:4f:67:90:c1 
ce1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
        inet 10.22.217.35 netmask ffffff00 broadcast 10.22.217.255
        ether 0:14:4f:44:4:50 
eri0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 4
        inet 10.22.224.147 netmask ffffff00 broadcast 10.22.224.255
        ether 0:14:4f:47:92:5e 
ge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 5
        inet 10.22.240.108 netmask ffffff00 broadcast 10.22.240.255
        ether 0:14:4f:47:92:5f 

Key network configuration files:svcs -a | grep physical : This command can be used to see the service responsible for running/starting the physical interfaces.
svcs -a | grep loopback: This command can be used to see the service responsible for running/starting the local loopback interface.

Configuring Network
1. IP Address( /etc/hostname.interface): We need to configure /etc/hostname.interface(e.g /etc/hostname.e1000g0, /etc/hostname.iprb01) for each physical and virtual interface listed by the dladm command. The IP address must be listed in this file. However this is not a requirement in DHCP or network configuration mode.

2. Domain name( /etc/defaultdomain): We need to configure /etc/defaultdomain. This is not a requirement in case of DHCP mode of network configuration. This contains domain name information for the host.

3.Netmask(/etc/inet/netmasks): We need to create a files /etc/inet/netmasks if not there. This is also managed by DHCP. The netmasks file associates Internet Protocol (IP) address masks with IP network numbers.
network-number netmask
The term network-number refers to a number obtained from the Internet Network Information Center. Both the network-number and the netmasks are specified in "decimal dot" notation, e.g: 128.32.0.0 255.255.255.0

4. Hosts database(/etc/hosts): It is symbolically linked with /etc/inet/hosts, contains the entry for the loopback adapter and for each IP address linked with the network adapter for name resolution. It gets auto configured by DHCP.

5. Client DNS resolver file(/etc/resolv.conf): It reveals dns resolver related information. It gets auto configured by DHCP.

6. Default gateway(/etc/defaultrouter): It is required for communicating with outside network. It is also managed by DHCP under network configuration mode.

7. Node name(/etc/nodename): This file contains the host name and is not mandatory as the host name is resolved by the /etc/hosts file. This is taken care by DHCP in network configuration.

Name service configuration file(/etc/nsswitch.conf)
: It will reveal resolution of various objects.

For manually configuring the network from DCP to local files(static) mode, the above mentioned files need to be configured as stated. Once that is done, move/rename/delete the file dhcp.<interfacename>, so that the DHCP agent is not invoked.

Plumb/enable the iprb0 100mbps interface(Plumbing interfaces is analogous to enable interfaces):
1. ifconfig iprb0 plumb up → This will enable iprb0 interface.
2. ifconfig iprb0 172.16.20.10 netmask 255.255.255.0 → This will enable layer 3 Ipv4 address.
3. Ensure that the newly plumbed persists across reboot:
1. Creating a file /etc/hostname.interface: echo “172.16.20.10” > /etc/hostname.<interfacename>
2. Create an entry in /etc/hosts file:
echo “172.16.20.10 NewHostName” >> /etc/hosts
3. Create an entry in file /etc/inet/netmasks 
echo “172.16.20.0 255.255.255.0” >> /etc/inet/netmasks


Unplumb(disable) an interface: ifconfig <interface name> unplumb down
Making an interface to go down without unplumb : ifconfig <interfacename> down
Removing an interface: ifconfig <interfacename> removeif <IP Address of interface>

Note: If you want the interface to be managed DHCP, create a file dhcp.<interfacename> under /etc directory.


Logical(Sub-interfaces) Network Interfaces:For each physical interface many logical interfaces can be created connected to a switch port. This means adding additional IP address to a physical interface.
1. Use ‘ifconfig <interfacename> addif <ip address> <net mask>’:
ifconfig e100g0 addif 192.168.1.51 (RFC-1918 – defaults /24)
This will automatically create e100g0:1 logical interface.
2.Making the interface to go up: ifconfig e100g0:1 up

Note:
1. This will automatically create an e100g0:1 logical interface.
2. Solaris places new logical interface in down mode by default.
3. Logical/sub-interface are contingent upon physical interface. It means if the physical interface is down the logical interface will also be down.
4. Connections are sourced using the IP address of the physical interface.

Save logical/sub-interface for persistent across reboots:
1. Create file /etc/hostname.<interfacename> and make interface IP address as entry to it.
2. Optionally update/etc/hosts file.
3. Optionally update /etc/inet/netmasks file – when subnetting.

NSSWITCH.CONF(/etc/nsswitch.conf)It saves primarily name service configuration information.
It functions as a policy/rules file for various resolution namely: DNS, passwd(/etc/passwd, /etc/shadow), group(/etc/group), protocols(/etc/inet/protocols), ethers or mac-to-IP mappings, where to look for host resolution. The figure below shows a sample nsswitch.conf file.

In the above nsswitch.conf file, the password and group informational resolution is set to files which means the system check for the local files like /etc/shadow, /etc/passwd. For host name resolution which is set to files, first hosts file(/etc/hosts) is checked and if it fails then it is send to appropriate DNS server.




NTP(Network Time Protocol):
It synchronizes the local system and can be configured to synchronize any NTP aware host.
Its hierarchical in design and supports from 1 to 16 strata(precision).
Stratum 1 servers are connected to external, more accurate time sources such as GPS. Less latency results in more accurate time.


NTP Client configuration:
xntpd or ntp service searches for /etc/inet/ntp.conf for configuration file.
1. Copy ntp.client file as ntp.conf file: cp ntp.client ntp.conf
2. Edit ntp.conf and make an entry for the NTP server : server 192.168.1.100
3. Enable ntp service: svcadm enable ntp
4.execute “date” command to check synchronization. The synchronization can be done using
ntpdate command as: ntpdate <ServerName>

The command “
ntpq -p <ServerName>”: This will query the remote system time table. If we just give the command without mentioning the server name, it will list the peers or server for time sync. If we just run the “ntpq “ command, it will run in interactive mode and if we type “help” in that mode it will list various options that can be performed.

The command “
ntptrace”: Traces path to the time source. If we run it without any option it will default to local system. The command “ntptrace <ServerName>” gives the path and stratum details from the server mentioned to the local system.


NTP Server configuration:
1. We need to find the NTP pool site such as: 
http://www.ntp.org/ . We will derive NTP public server from their lists.
2. Once the list is derived, we need to make the entry of that list in the file /etc/inet/ntp.conf as shown below:
server 0.asia.pool.ntp.org
server 1.asia.pool.ntp.org
server 2.asia.pool.ntp.org
server 3.asia.pool.ntp.org
3. Restart the NTP service: svcadm restart ntp.
4. Making out NTP client machine as NTP server:
1. Go to /etc/inet: cd /etc/inet
2. Disable the NTP service: svcadm disable ntp
3. Copy the file ntp.server to ntp.conf: cp ntp.server ntp.conf
4. Edit ntp.conf file: Make an entry into the file with the servers list obtained from the NTP pool site and local server.
5. Comment the crontab entry for the ntpdate command.
1. crontab -e
2. Comment the line where ntpdate command is run.
6. Enable the NTP service: svcadm enable ntp





No comments:

Post a Comment