Hello all,
I had a very interesting experience last night.
I went to an upcoming business quite obviously with a massive investment
but they did not take care to ensure that their systems administrator
was competitive.
It is laughable that someone who shells out crores and crores of rupees
on infrastructure including IT infrastructure like computers and
telephones and Internet cannot spend a mere 40,000 rupees as salary on a
competent sys admin.
It is also true that people sorely lack experience and finding good
quality systems administrators and programmers is a difficult task
indeed.
Anyway I got so moved by this that I decided to write a short tutorial
on the basics of TCP/IP networking and routing.
This is by no means comprehensive, complete or instructive. It is merely
indicative and attempts to clear certain myths and put things in
perspective. That is all. You are always welcome to correct me whenever
I am wrong.
You can refer to http://www.sirsasana.org/seminar ;
for the slides of day I. Unfortunately even the slides are not
comprehensive enough. In any case let us get started.
Before we start I request you to go through the excellent IP addressing
tutorial here.
http://www.sirsasana.org/seminar/papers/IP_addressing.pdf
It is not written by me, so you can trust it. :)
First of all certain basics.
a) Every IP address has a network portion and a host portion and the
network portion always starts at the left end (prefix) and the host portion
starts at the right end (suffix). This has nothing to do with little
endian or big endian arithmetic. ( Hope this does not confuse)
For instance, in 192.168.1.5 , the network portion starts with 192...
and the host portion starts with 5 backwards.
And you should learn to use subnet masks well. According to RFC1918,
private addresses in the range 192.168/16 can be used for private
networks. Also 10/8 and 172.16/12.
This means a subnet mask with the first 16 bits set to 1. Subnet mask is
nothing but a special form of IP address in which the bits that are set
to 1 indicate the network portion of IPs in that network.
I shall try to give as many examples as possible to illustrate the
concepts. Perhaps it will help you a bit.
So in this case, 192.168.0.0/16 or 192.168/16 means every IP address in
that network has the network portion constant: the prefix of every IP
will be 192.168. All IPs will have the form 192.168.x.x where x stands
for any integer between 1 and 254.
And the suffix stands for the host portion.
The IP address dished out by most DHCP servers behind NAT dole out IP
addresses in the 192.168.1/24 range.
It is really easy to construct a subnet mask with this convention.
What is the IP address mask with the first 16 bits set to it?
Obviously it is 255.255.0.0.
What is the mask for /24 networks?
It is 255.255.255.0.
But things get complicated when the masks cross the IP address byte
boundaries. But the underlying concept is the same.
For instance, a mask of 255.255.255.240 has a network portion of /28.
If you have trouble figuring this out, just type out the BCD hex
representation.
For instance in my favourite pdksh shell,
I type
$ printf "%0x\n" 240
f0
So the first 4 bits of the 8 bits are set to 1. This network can have a
maximum of 2^4 or 16 hosts. Of course you have to give allowance to
broadcast addresses but we are discussing basics now. Let us ignore that
for the moment.
Now you have a grasp on how to interpret IP addresses and the network
they reside in with the help of subnet mask.
Subnet masks are usually represented in the 255.... form but it helps to
think in the other form I used above /bits.
Onto the second important concept now.
b) Gateways are required only for conveying packets between networks. It
is never used for "routing" packets within a network.
So for instance in a 192.168/16 or 192.168.1/24 network, there would be
no need for a gateway to reach any host/router within 192.168 or
192.168.1 network.
It is meaningless to configure a route/gateway for reaching any host
within the network portion of the IP address.
A good rule of the thumb is this.
Any IP address with the network portion same : i.e, 192.168 in the
first case and 192.168.1 in the second case does not need any explicit
route.
The moment you configure an interface for instance,
# ifconfig eth0 192.168.1.5 netmask 255.255.255.0
the kernel figures out that a routing table entry for this network has
to have the form
# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
Can you interpret this line?
It says that for all destinations in the network range 192.168.1/24, the
default gateway is 0.0.0.0.
Which is to say that no gateway is required.
Let me give you a very simple and interesting analogy.
For going to Bangalore or Kashmir you do not need a visa or passport.
Since they belong to India. Gateways are the people at the
boundary of a region to help you cross network boundaries.
The main point that many people miss is this. You do not have to specify
any route manually for this.
It is obvious to the kernel. If you configure an IP with a subnet mask,
all hosts in that network automatically become reachable and you can
ping them. If you cannot ping them, something is wrong somewhere.
You can ping? Good. Now let us move on to the next topic.
c) Adding gateways for hosts and networks
You can add entries to the kernel routing table in two ways. You can add
host specific routes or network specific routes. And then you have a
default route. It is like a fallback. Almost like the error condition
in a C program. If nothing else works, take this route. Hence it is
called "default".
It is very instructive and interesting that most packets on the Internet
actually take the default route most of the time. :)
This is because very few sites run dynamic routing protocols and all
static routing relies mainly on the default route.
You can inspect the default route entry very easily.
Train yourself to identify the same since you will be seeing it often.
Default route line :
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
This seemingly innocent line does all the work for you.
It says that for a wildcard destination of 0.0.0.0, the gateway is
192.168.1.1.
The way to interpret routing tables is this.
Ask this question: Which is the destination host/network?
The first field of the netstat -nr output on linux boxen.
Which is the gateway to reach that host/network?
The answer lies in the second field. Then you should ask: Can I reach
the gateway directly? I can only use IPs that are directly reachable
from my machine as gateways.
Now I got this from my home BSNL network and 192.168.1.1 is the IP
address of the BSNL modem.
On the public interface of the modem, the phone line has a PPPoE/PPPoA
allocated public IP. So the modem simply acts as a two port router which
dumbly ferries packets both ways.
Now, I want you to focus on a key concept.
All the entries configured as "gateways" in the kernel routing table
have to be directly connected.
What does this mean?
You should be able to ping them without adding any route.
Which is to say that the moment you assign an IP address to an interface
or an alias, the kernel automatically adds the routing entry for all
hosts on its network.
You can only add a particular host on this network range as gateways.
It is impossible to use as a gateway a host which is not accessible
without adding a route. This is like the proverbial chicken and egg
problem. So this will not work. All gateways have to be reachable
without a specific routing entry.
Now, let us see how to add a host specific route. Usually host specific
routes will not be needed but sometimes this facility comes in handy.
# route add -host 10.1.1.5 gw 192.168.1.1
# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.1.1.5 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
Simple eh?
Yes indeed.
You can quickly spot a host specific route with the subnet mask
"Genmask" field. It will be all 1s.
This is the case for all point to point links like PPP over dialup
links.
To add a network specific route, it is again simple.
# route add -net 10.1.1.0/24 gw 192.168.1.1
# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.1.1.0 192.168.1.1 255.255.255.0 UG 0 0 0 eth1
I have snipped out the relevant entry for you.
You could also use the subnet mask method if you prefer for the route
add command.
d) Subnets and physical interconnectivity
A router is any device with more than one interface on which you are
running the IP protocol ( don't get academic on this). For all practical
purpose Internet has only IP today.
This interface could be a physical link like an ethernet interface, a
USB NIC, a Wifi interface, a bluetooth dongle or a serial port running
PPP.
Please don't get confused with the details.
Break the problem down into its logical equivalent.
An interface has an IP address. Every IP address has a subnet mask. So
every IP address needs a network portion and a host portion.
So now, a device with multiple physical interfaces running IP will
obviously belong to multiple subnets.
Why?
Reason is simple. It is stupid to have two interfaces have the same
network address/subnet mask. Why would you do that? You can eminently
use aliases for adding as many IP addresses in as many network ranges
you want on a single physical interface.
The basic purpose of having multiple interfaces is to route packets
between networks. So obviously they should belong to multiple networks.
And there is a very good correspondence between the physical
interconnectivity and the IP address allocation.
I think you got my idea. If you don't please read again. It is not so
hard to understand.
It used to be that case for several years that only routers had more
than one interface.
But nowadays every laptop has a Wifi interface and an ethernet interface
and the even mobiles have internet connectivity. So the term router has
assumed much larger significance now and perhaps lost its original
definition.
Oops!
My tutorial became really long.
TCP/IP networking is tremendous fun and a source of joy if you spend
effort and time understanding the basics.
There are plenty of tools in the UNIX world all free and open source for
you to play with and learn networking.
I am by no means a tools guy but the niceful ping command, traceroute,
hping, socat, netcat, iperf, tcpdump, sing, fping and so on come to
mind.
But you really cannot do anything much without spending sweat and blood
understanding how the Internet works.
You can apply the above logic to even logical interfaces exported by
hypervisors like Xen or emulators like qemu. Even on pseudo interfaces
like tun/tap, bridge or most other, the scenario is very similar.
Networking is by no means simple: so take your time to play with it and
learn. All you need is a linux PC you can get for a throwaway price.
You can also buy an ethernet hub on the cheap in Richie street. Get
another PC and you are all set to do network hacking.
You could of course use virtual machines for learning the same.
Hope you enjoy reading this the same way I enjoyed writing the same.
Thanks!
Best of luck!
regards,
Girish