1
<?xml version="1.0" encoding="UTF-8"?>
2
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
4
<!ENTITY % globalent SYSTEM "../../libs/global.ent">
6
<!ENTITY % gnome-menus-C SYSTEM "../../libs/gnome-menus-C.ent">
8
<!ENTITY % xinclude SYSTEM "../../libs/xinclude.mod">
10
<!ENTITY language "&EnglishAmerican;">
12
<chapter id="networking" status="review">
13
<title>Networking</title>
15
Networks consist of two or more devices, such as computer systems, printers,
16
and related equipment which are connected by either physical cabling or
17
wireless links for the purpose of sharing and distributing information among
18
the connected devices.
21
This section provides general and specific information pertaining
22
to networking, including an overview of network concepts and detailed
23
discussion of popular network protocols.
26
<sect1 id="network-configuration" status="review">
27
<title>Network Configuration</title>
29
Ubuntu ships with a number of graphical utilities to configure your
30
network devices. This document is geared toward server administrators
31
and will focus on managing your network on the command line.
34
<sect2 id="ethernet-interfaces" status="review">
35
<title>Ethernet Interfaces</title>
37
Ethernet interfaces are identified by the system using the naming convention of
38
<emphasis role="italix">ethX</emphasis>, where <emphasis role="italic">X</emphasis>
39
represents a numeric value. The first Ethernet interface is typically identified
40
as <emphasis role="italic">eth0</emphasis>, the second as
41
<emphasis role="italic">eth1</emphasis>, and all others should move up in
45
<sect3 id="identify-ethernet-interfaces" status="review">
46
<title>Identify Ethernet Interfaces</title>
48
To quickly identify all available Ethernet interfaces, you can use the
49
<application>ifconfig</application> command as shown below.
52
<userinput>ifconfig -a | grep eth</userinput>
53
eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a
56
Another application that can help identify all network interfaces available to your system
57
is the <application>lshw</application> command. In the example below, <application>lshw</application>
58
shows a single Ethernet interface with the logical name of <emphasis role="italic">eth0</emphasis>
59
along with bus information, driver details and all supported capabilities.
62
<userinput>sudo lshw -class network</userinput>
64
description: Ethernet interface
65
product: BCM4401-B0 100Base-TX
66
vendor: Broadcom Corporation
68
bus info: pci@0000:03:00.0
71
serial: 00:15:c5:4a:16:5a
76
capabilities: (snipped for brevity)
77
configuration: (snipped for brevity)
78
resources: irq:17 memory:ef9fe000-ef9fffff
82
<sect3 id="ethernet-interface-names" status="review">
83
<title>Ethernet Interface Logical Names</title>
85
Interface logical names are configured in the file
86
<filename>/etc/udev/rules.d/70-persistent-net.rules.</filename> If you would
87
like control which interface receives a particular logical name, find the line
88
matching the interfaces physical MAC address and modify the value of
89
<emphasis role="italic">NAME=ethX</emphasis> to the desired logical name.
90
Reboot the system to commit your changes.
93
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:15:c5:4a:16:5a", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
94
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:15:c5:4a:16:5b", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
98
<sect3 id="ethernet-interface-settings" status="review">
99
<title>Ethernet Interface Settings</title>
101
<application>ethtool</application> is a program that displays and changes Ethernet
102
card settings such as auto-negotiation, port speed, duplex mode, and Wake-on-LAN. It
103
is not installed by default, but is available for installation in the repositories.
106
<userinput>sudo apt-get install ethtool</userinput>
109
The following is an example of how to view supported features and configured
110
settings of an Ethernet interface.
113
<userinput>sudo ethtool eth0</userinput>
115
Supported ports: [ TP ]
116
Supported link modes: 10baseT/Half 10baseT/Full
117
100baseT/Half 100baseT/Full
118
1000baseT/Half 1000baseT/Full
119
Supports auto-negotiation: Yes
120
Advertised link modes: 10baseT/Half 10baseT/Full
121
100baseT/Half 100baseT/Full
122
1000baseT/Half 1000baseT/Full
123
Advertised auto-negotiation: Yes
128
Transceiver: internal
132
Current message level: 0x000000ff (255)
136
Changes made with the <application>ethtool</application> command are temporary
137
and will be lost after a reboot. If you would like to retain settings, simply add
138
the desired <application>ethtool</application> command to a <emphasis role="italic">pre-up</emphasis>
139
statement in the interface configuration file <filename>/etc/network/interfaces</filename>.
142
The following is an example of how the interface identified as <emphasis role="italic">eth0</emphasis>
143
could be permanently configured with a port speed of 1000Mb/s running in full duplex mode.
147
iface eth0 inet static
148
pre-up /usr/sbin/ethtool -s eth0 speed 1000 duplex full
152
Although the example above shows the interface configured to use the
153
<emphasis role="italic">static</emphasis> method, it actually works with other
154
methods as well, such as DHCP. The example is meant to demonstrate only proper
155
placement of the <emphasis role="italic">pre-up</emphasis> statement in relation
156
to the rest of the interface configuration.
162
<sect2 id="ip-addressing" status="review">
163
<title>IP Addressing</title>
165
The following section describes the process of configuring your systems IP address
166
and default gateway needed for communicating on a local area network and the
170
<sect3 id="temp-ip-assignment" status="review">
171
<title>Temporary IP Address Assignment</title>
173
For temporary network configurations, you can use standard commands
174
such as <application>ip</application>, <application>ifconfig</application>
175
and <application>route</application>, which are also found on most other
176
GNU/Linux operating systems. These commands allow you to configure settings
177
which take effect immediately, however they are not persistent and will
178
be lost after a reboot.
181
To temporarily configure an IP address, you can use the <application>ifconfig</application>
182
command in the following manner. Just modify the IP address and subnet mask to match your
183
network requirements.
186
<userinput>sudo ifconfig eth0 10.0.0.100 netmask 255.255.255.0</userinput>
189
To verify the IP address configuration of <application>eth0</application>,
190
you can use the <application>ifconfig</application> command in the following manner.
193
<userinput>ifconfig eth0</userinput>
194
eth0 Link encap:Ethernet HWaddr 00:15:c5:4a:16:5a
195
inet addr:10.0.0.100 Bcast:10.0.0.255 Mask:255.255.255.0
196
inet6 addr: fe80::215:c5ff:fe4a:165a/64 Scope:Link
197
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
198
RX packets:466475604 errors:0 dropped:0 overruns:0 frame:0
199
TX packets:403172654 errors:0 dropped:0 overruns:0 carrier:0
200
collisions:0 txqueuelen:1000
201
RX bytes:2574778386 (2.5 GB) TX bytes:1618367329 (1.6 GB)
205
To configure a default gateway, you can use the <application>route</application>
206
command in the following manner. Modify the default gateway address to match
207
your network requirements.
210
<userinput>sudo route add default gw 10.0.0.1 eth0</userinput>
213
To verify your default gateway configuration, you can use the <application>route</application>
214
command in the following manner.
217
<userinput>route -n</userinput>
218
Kernel IP routing table
219
Destination Gateway Genmask Flags Metric Ref Use Iface
220
10.0.0.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0
221
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
224
If you require DNS for your temporary network configuration, you can add DNS server
225
IP addresses in the file <filename>/etc/resolv.conf</filename>. The example below
226
shows how to enter two DNS servers to <filename>/etc/resolv.conf</filename>, which
227
should be changed to servers appropriate for your network. A more lengthy description
228
of DNS client configuration is in a following section.
235
If you no longer need this configuration and wish to purge all IP configuration from
236
an interface, you can use the <application>ip</application> command with the flush option
240
<userinput>ip addr flush eth0</userinput>
244
Flushing the IP configuration using the <application>ip</application> command does not clear the
245
contents of <filename>/etc/resolv.conf</filename>. You must remove or modify those entries manually.
250
<sect3 id="dynamic-ip-addressing" status="review">
251
<title>Dynamic IP Address Assignment (DHCP Client)</title>
253
To configure your server to use DHCP for dynamic address assignment, add the
254
<emphasis role="italic">dhcp</emphasis> method to the inet address family statement
255
for the appropriate interface in the file <filename>/etc/network/interfaces</filename>.
256
The example below assumes you are configuring your first Ethernet interface identified as
257
<emphasis role="italic">eth0</emphasis>.
264
By adding an interface configuration as shown above, you can manually enable the
265
interface through the <application>ifup</application> command which initiates the
266
DHCP process via <application>dhclient</application>.
269
<userinput>sudo ifup eth0</userinput>
272
To manually disable the interface, you can use the <application>ifdown</application>
273
command, which in turn will initiate the DHCP release process and shut down the
277
<userinput>sudo ifdown eth0</userinput>
281
<sect3 id="static-ip-addressing" status="review">
282
<title>Static IP Address Assignment</title>
284
To configure your system to use a static IP address assignment, add the
285
<emphasis role="italic">static</emphasis> method to the inet address family statement
286
for the appropriate interface in the file <filename>/etc/network/interfaces</filename>.
287
The example below assumes you are configuring your first Ethernet interface identified as
288
<emphasis role="italic">eth0</emphasis>. Change the <emphasis role="italic">address</emphasis>,
289
<emphasis role="italic">netmask</emphasis>, and <emphasis role="italic">gateway</emphasis>
290
values to meet the requirements of your network.
294
iface eth0 inet static
296
netmask 255.255.255.0
300
By adding an interface configuration as shown above, you can manually enable the
301
interface through the <application>ifup</application> command.
304
<userinput>sudo ifup eth0</userinput>
307
To manually disable the interface, you can use the <application>ifdown</application>
311
<userinput>sudo ifdown eth0</userinput>
315
<sect3 id="loopback-interface" status="review">
316
<title>Loopback Interface</title>
318
The loopback interface is identified by the system as <emphasis role="italic">lo</emphasis>
319
and has a default IP address of 127.0.0.1. It can be viewed using the ifconfig command.
322
<userinput>ifconfig lo</userinput>
323
lo Link encap:Local Loopback
324
inet addr:127.0.0.1 Mask:255.0.0.0
325
inet6 addr: ::1/128 Scope:Host
326
UP LOOPBACK RUNNING MTU:16436 Metric:1
327
RX packets:2718 errors:0 dropped:0 overruns:0 frame:0
328
TX packets:2718 errors:0 dropped:0 overruns:0 carrier:0
329
collisions:0 txqueuelen:0
330
RX bytes:183308 (183.3 KB) TX bytes:183308 (183.3 KB)
333
By default, there should be two lines in <filename>/etc/network/interfaces</filename>
334
responsible for automatically configuring your loopback interface. It is recommended that you
335
keep the default settings unless you have a specific purpose for changing them. An example of
336
the two default lines are shown below.
340
iface lo inet loopback
346
<sect2 id="name-resolution" status="review">
347
<title>Name Resolution</title>
349
Name resolution as it relates to IP networking is the process of mapping IP addresses
350
to hostnames, making it easier to identify resources on a network. The following section
351
will explain how to properly configure your system for name resolution using DNS and static
355
<sect3 id="dns-client-configuration" status="review">
356
<title>DNS Client Configuration</title>
358
To configure your system to use DNS for name resolution, add the IP addresses of the DNS
359
servers that are appropriate for your network in the file <filename>/etc/resolv.conf</filename>.
360
You can also add an optional DNS suffix search-lists to match your network domain names.
363
Below is an example of a typical configuration of <filename>/etc/resolv.conf</filename>
364
for a server on the domain "<emphasis role="italic">example.com</emphasis>" and using
365
two public DNS servers.
373
The <emphasis role="italic">search</emphasis> option can also be used with multiple domain names
374
so that DNS queries will be appended in the order in which they are entered. For example,
375
your network may have multiple sub-domains to search; a parent domain of
376
<emphasis role="italic">example.com</emphasis>, and two sub-domains,
377
<emphasis role="italic">sales.example.com</emphasis> and
378
<emphasis role="italic">dev.example.com</emphasis>.
381
If you have multiple domains you wish to search, your configuration might look like the following.
384
search example.com sales.example.com dev.example.com
389
If you try to ping a host with the name of <emphasis role="italic">server1</emphasis>, your system
390
will automatically query DNS for its Fully Qualified Domain Name (FQDN) in the following order:
395
server1<emphasis role="bold">.example.com</emphasis>
400
server1<emphasis role="bold">.sales.example.com</emphasis>
405
server1<emphasis role="bold">.dev.example.com</emphasis>
410
If no matches are found, the DNS server will provide a result of
411
<emphasis role="italic">notfound</emphasis> and the DNS query will fail.
415
<sect3 id="static-hostnames" status="review">
416
<title>Static Hostnames</title>
418
Static hostnames are locally defined hostname-to-IP mappings located in the file <filename>/etc/hosts</filename>.
419
Entries in the <filename>hosts</filename> file will have precedence over DNS by default. This means that if your
420
system tries to resolve a hostname and it matches an entry in /etc/hosts, it will not attempt to look up the
421
record in DNS. In some configurations, especially when Internet access is not required, servers that
422
communicate with a limited number of resources can be conveniently set to use static hostnames instead of DNS.
425
The following is an example of a <filename>hosts</filename> file where a number of local servers
426
have been identified by simple hostnames, aliases and their equivalent Fully Qualified Domain Names (FQDN's).
430
127.0.1.1 ubuntu-server
431
10.0.0.11 server1 vpn server1.example.com
432
10.0.0.12 server2 mail server2.example.com
433
10.0.0.13 server3 www server3.example.com
434
10.0.0.14 server4 file server4.example.com
438
In the above example, notice that each of the servers have been given aliases in addition to their
439
proper names and FQDN's. <emphasis role="italic">Server1</emphasis> has been mapped to the name
440
<emphasis role="italic">vpn</emphasis>, <emphasis role="italic">server2</emphasis> is referred
441
to as <emphasis role="italic">mail</emphasis>, <emphasis role="italic">server3</emphasis> as
442
<emphasis role="italic">www</emphasis>, and <emphasis role="italic">server4</emphasis> as
443
<emphasis role="italic">file</emphasis>.
448
<sect3 id="name-service-switch-config" status="review">
449
<title>Name Service Switch Configuration</title>
451
The order in which your system selects a method of resolving hostnames to IP addresses is
452
controlled by the Name Service Switch (NSS) configuration file <filename>/etc/nsswitch.conf</filename>.
453
As mentioned in the previous section, typically static hostnames defined in the systems
454
<filename>/etc/hosts</filename> file have precedence over names resolved from DNS. The following
455
is an example of the line responsible for this order of hostname lookups in the file
456
<filename>/etc/nsswitch.conf</filename>.
459
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
465
<emphasis role="bold">files</emphasis> first tries to resolve static hostnames located in
466
<filename>/etc/hosts</filename>.
471
<emphasis role="bold">mdns4_minimal</emphasis> attempts to resolve the name using Multicast DNS.
476
<emphasis role="bold">[NOTFOUND=return]</emphasis> means that any response of
477
<emphasis role="italic">notfound</emphasis> by the preceding
478
<emphasis role="italic">mdns4_minimal</emphasis> process should be treated as
479
authoritative and that the system should not try to continue hunting for an answer.
484
<emphasis role="bold">dns</emphasis> represents a legacy unicast DNS query.
489
<emphasis role="bold">mdns4</emphasis> represents a Multicast DNS query.
495
To modify the order of the above mentioned name resolution methods, you can
496
simply change the <emphasis role="italic">hosts:</emphasis> string to the value
497
of your choosing. For example, if you prefer to use legacy Unicast DNS versus
498
Multicast DNS, you can change the string in <filename>/etc/nsswitch.conf</filename>
502
hosts: files dns [NOTFOUND=return] mdns4_minimal mdns4
507
<sect2 id="bridging" status="review">
508
<title>Bridging</title>
511
Bridging multiple interfaces is a more advanced configuration, but is very useful in multiple scenarios.
512
One scenario is setting up a bridge with multiple network interfaces, then using a firewall to filter traffic
513
between two network segments. Another scenario is using bridge on a system with one interface to allow virtual
514
machines direct access to the outside network. The following example covers the latter scenario.
518
Before configuring a bridge you will need to install the <application>bridge-utils</application> package. To install the
519
package, in a terminal enter:
523
<command>sudo apt-get install bridge-utils</command>
527
Next, configure the bridge by editing <filename>/etc/network/interfaces</filename>:
532
iface lo inet loopback
535
iface br0 inet static
538
netmask 255.255.255.0
539
broadcast 192.168.0.255
550
Enter the appropriate values for your physical interface and network.
555
Now restart networking to enable the bridge interface:
559
<command>sudo /etc/init.d/networking restart</command>
562
The new bridge interface should now be up and running. The <application>brctl</application> provides useful information
563
about the state of the bridge, controls which interfaces are part of the bridge, etc. See <command>man brctl</command>
564
for more information.
568
<sect2 id="network-config-resources" status="review">
569
<title>Resources</title>
578
The <ulink url="https://help.ubuntu.com/community/Network">Ubuntu Wiki Network page</ulink> has
579
links to articles covering more advanced network configuration.
584
The <ulink url="http://manpages.ubuntu.com/manpages/&distro-short-codename;/en/man5/interfaces.5.html">interfaces man page</ulink> has
585
details on more options for <filename>/etc/network/interfaces</filename>.
590
The <ulink url="http://manpages.ubuntu.com/manpages/&distro-short-codename;/en/man8/dhclient.8.html">dhclient man page</ulink> has
591
details on more options for configuring DHCP client settings.
596
For more information on DNS client configuration see the
597
<ulink url="http://manpages.ubuntu.com/manpages/&distro-short-codename;/en/man5/resolver.5.html">resolver man page</ulink>. Also, Chapter
598
6 of O'Reilly's <ulink url="http://oreilly.com/catalog/linag2/book/ch06.html">Linux Network Administrator's Guide</ulink> is
599
a good source of resolver and name service configuration information.
604
For more information on <emphasis>bridging</emphasis> see the
605
<ulink url="http://manpages.ubuntu.com/manpages/&distro-short-codename;/en/man8/brctl.8.html">brctl man page</ulink> and the Linux Foundation's
606
<ulink url="http://www.linuxfoundation.org/en/Net:Bridge">Net:Bridge</ulink> page.
613
<sect1 id="tcpip" status="review">
614
<title>TCP/IP</title>
616
The Transmission Control Protocol and Internet Protocol (TCP/IP) is a standard
617
set of protocols developed in the late 1970s by the Defense Advanced Research
618
Projects Agency (DARPA) as a means of communication between different types of
619
computers and computer networks. TCP/IP is the driving force of the Internet,
620
and thus it is the most popular set of network protocols on Earth.
622
<sect2 id="tcpip-introduction" status="review">
623
<title>TCP/IP Introduction</title>
625
The two protocol components of TCP/IP deal with different aspects of computer networking.
626
<emphasis>Internet Protocol</emphasis>, the "IP" of TCP/IP is a
627
connectionless protocol which deals only with network packet routing using the <emphasis
628
role="italics">IP Datagram</emphasis> as the basic unit of networking information. The
629
IP Datagram consists of a header followed by a message. The <emphasis>
630
Transmission Control Protocol</emphasis> is the "TCP" of TCP/IP and enables network hosts
631
to establish connections which may be used to exchange data streams. TCP also guarantees
632
that the data between connections is delivered and that it arrives at one network host in
633
the same order as sent from another network host.
636
<sect2 id="tcpip-configuration" status="review">
637
<title>TCP/IP Configuration</title>
639
The TCP/IP protocol configuration consists of several elements which must be set by
640
editing the appropriate configuration files, or deploying solutions such as the Dynamic
641
Host Configuration Protocol (DHCP) server which in turn, can be configured to provide the
642
proper TCP/IP configuration settings to network clients automatically. These
643
configuration values must be set correctly in order to facilitate the proper network
644
operation of your Ubuntu system.
647
The common configuration elements of TCP/IP and their purposes are as follows:
651
<emphasis role="bold">IP address</emphasis> The IP address is a unique
652
identifying string expressed as four decimal numbers ranging from zero (0)
653
to two-hundred and fifty-five (255), separated by periods,
654
with each of the four numbers representing eight (8) bits of the address for a
655
total length of thirty-two (32) bits for the whole address. This format is called
656
<emphasis>dotted quad
657
notation</emphasis>.</para>
661
<emphasis role="bold">Netmask</emphasis> The Subnet Mask (or simply,
662
<emphasis>netmask</emphasis>) is a local bit mask, or set of flags
663
which separate the portions of an IP address significant to the network from the
664
bits significant to the <emphasis>subnetwork</emphasis>. For example,
665
in a Class C network, the standard netmask is 255.255.255.0 which masks the first
666
three bytes of the IP address and allows the last byte of the IP address to
667
remain available for specifying hosts on the subnetwork.
672
<emphasis role="bold">Network Address</emphasis> The Network Address represents the
673
bytes comprising the network portion of an IP address. For example, the host 12.128.1.2
674
in a Class A network would use 12.0.0.0 as the network address, where twelve (12)
675
represents the first byte of the IP address, (the network part) and zeroes (0)
676
in all of the remaining three bytes to represent the potential host values. A network
677
host using the private IP address 192.168.1.100
678
would in turn use a Network Address of 192.168.1.0, which specifies the first three
679
bytes of the Class C 192.168.1 network and a zero (0) for all the possible hosts on the
685
<emphasis role="bold">Broadcast Address</emphasis> The Broadcast Address is an IP address
686
which allows network data to be sent simultaneously to all hosts on a given subnetwork rather
687
than specifying a particular host. The standard general broadcast address for IP networks is
688
255.255.255.255, but this broadcast address cannot be used to send a broadcast message to
689
every host on the Internet because routers block it. A more appropriate broadcast address
690
is set to match a specific subnetwork. For example, on the private Class C IP network,
691
192.168.1.0, the broadcast address is 192.168.1.255. Broadcast messages are
692
typically produced by network protocols such as the Address Resolution Protocol (ARP) and the
693
Routing Information Protocol (RIP).
698
<emphasis role="bold">Gateway Address</emphasis> A Gateway Address is the IP address through which
699
a particular network, or host on a network, may be reached. If one network host wishes to communicate
700
with another network host, and that host is not located on the same network, then a
701
<emphasis>gateway</emphasis> must be used. In many cases, the Gateway Address will be that
702
of a router on the same network, which will in turn pass traffic on to other networks or hosts, such as
703
Internet hosts. The value of the Gateway Address setting must be correct, or your system will not be able
704
to reach any hosts beyond those on the same network.
709
<emphasis role="bold">Nameserver Address</emphasis> Nameserver Addresses represent the IP addresses of
710
Domain Name Service (DNS) systems, which resolve network hostnames into IP addresses. There are three levels of
711
Nameserver Addresses, which may be specified in order of precedence: The
712
<emphasis>Primary</emphasis>
713
Nameserver, the <emphasis>Secondary</emphasis> Nameserver, and the
714
<emphasis>Tertiary</emphasis>
715
Nameserver. In order for your system to be able to resolve network hostnames into their
716
corresponding IP addresses, you must specify valid Nameserver Addresses which you are authorized to use
717
in your system's TCP/IP configuration. In many cases these addresses can and will be provided by your
718
network service provider, but many free and publicly accessible nameservers are available for use, such as
719
the Level3 (Verizon) servers with IP addresses from
720
4.2.2.1 to 4.2.2.6. </para>
723
The IP address, Netmask, Network Address, Broadcast Address, and Gateway Address
724
are typically specified via the appropriate directives in the file <filename>/etc/network/interfaces</filename>. The Nameserver Addresses are typically specified via <emphasis>nameserver</emphasis>
725
directives in the file <filename>/etc/resolv.conf</filename>. For more information,
726
view the system manual page for <filename>interfaces</filename> or <filename>resolv.conf</filename> respectively, with the following commands typed at a terminal prompt:
730
Access the system manual page for <filename>interfaces</filename> with the following command:
734
<command>man interfaces</command>
738
Access the system manual page for <filename>resolv.conf</filename> with the following command:
742
<command>man resolv.conf</command>
749
<sect2 id="ip-routing" status="review">
750
<title>IP Routing</title>
752
IP routing is a means of specifying and discovering paths in a TCP/IP network along which
753
network data may be sent. Routing uses a set of <emphasis>routing tables</emphasis>
754
to direct the forwarding of network data packets from their source to the destination, often
755
via many intermediary network nodes known as <emphasis>routers</emphasis>.
756
There are two primary forms of
757
IP routing: <emphasis>Static Routing</emphasis> and
758
<emphasis>Dynamic Routing.</emphasis>
761
Static routing involves manually adding IP routes to the system's routing table, and this is usually
762
done by manipulating the routing table with the <application>route</application> command. Static routing enjoys
763
many advantages over dynamic routing, such as simplicity of implementation on smaller networks,
764
predictability (the routing table is always computed in advance, and thus the route is precisely the
765
same each time it is used), and low overhead on other routers and network links due to the lack of a
766
dynamic routing protocol. However, static routing does present some disadvantages as well. For example,
767
static routing is limited to small networks and does not scale well. Static routing also fails completely
768
to adapt to network outages and failures along the route due to the fixed nature of the route.
771
Dynamic routing depends on large networks with multiple possible IP routes from a source to a destination
772
and makes use of special routing protocols, such as the Router Information Protocol (RIP), which handle
773
the automatic adjustments in routing tables that make dynamic routing possible. Dynamic routing
774
has several advantages over static routing, such as superior scalability and the ability to adapt
775
to failures and outages along network routes. Additionally, there is less manual configuration of the
776
routing tables, since routers learn from one another about their existence and available routes. This trait
777
also eliminates the possibility of introducing mistakes in the routing tables via human error.
778
Dynamic routing is not perfect, however, and presents disadvantages such as heightened complexity and
779
additional network overhead from router communications, which does not immediately benefit the end users,
780
but still consumes network bandwidth.
783
<sect2 id="tcp-and-udp" status="review">
784
<title>TCP and UDP</title>
786
TCP is a connection-based protocol, offering error correction and guaranteed delivery of
787
data via what is known as <emphasis>flow control</emphasis>. Flow control
788
determines when the flow of a data stream needs to be stopped, and previously sent data
789
packets should to be re-sent due to problems such as <emphasis>collisions</emphasis>,
790
for example, thus ensuring complete and accurate delivery of the data. TCP is typically
791
used in the exchange of important information such as database transactions.
794
The User Datagram Protocol (UDP), on the other hand, is a <emphasis>connectionless</emphasis>
795
protocol which seldom deals with the transmission of important data because it lacks flow
796
control or any other method to ensure reliable delivery of the data. UDP is commonly used
797
in such applications as audio and video streaming, where it is considerably faster than
798
TCP due to the lack of error correction and flow control, and where the loss of a few packets
799
is not generally catastrophic.
802
<sect2 id="icmp" status="review">
805
The Internet Control Messaging Protocol (ICMP) is an extension to the Internet Protocol (IP) as defined
806
in the Request For Comments (RFC) #792 and supports network packets containing control, error, and
807
informational messages. ICMP is used by such network applications as the <application>ping</application>
808
utility, which can determine the availability of a network host or device. Examples of some error messages
809
returned by ICMP which are useful to both network hosts and devices such as routers, include
810
<emphasis>Destination Unreachable</emphasis> and <emphasis>Time Exceeded</emphasis>.
813
<sect2 id="daemons" status="review">
814
<title>Daemons</title>
816
Daemons are special system applications which typically execute continuously in the background and
817
await requests for the functions they provide from other applications. Many daemons are network-centric; that is,
818
a large number of daemons executing in the background on an Ubuntu system may provide network-related functionality.
819
Some examples of such network daemons include the <emphasis>Hyper Text Transport Protocol Daemon</emphasis>
820
(httpd), which provides web server functionality; the <emphasis>Secure SHell Daemon</emphasis> (sshd), which
821
provides secure remote login shell and file transfer capabilities; and the <emphasis>Internet Message Access
822
Protocol Daemon</emphasis> (imapd), which provides E-Mail services.
825
<sect2 id="tcpip-resources" status="review">
826
<title>Resources</title>
831
There are man pages for <ulink url="http://manpages.ubuntu.com/manpages/&distro-short-codename;/en/man7/tcp.7.html">TCP</ulink> and
832
<ulink url="http://manpages.ubuntu.com/manpages/&distro-short-codename;/man7/ip.7.html">IP</ulink> that contain more useful information.
837
Also, see the <ulink url="http://www.redbooks.ibm.com/abstracts/gg243376.html">TCP/IP Tutorial and Technical Overview</ulink>
843
Another resource is O'Reilly's <ulink url="http://oreilly.com/catalog/9780596002978/">TCP/IP Network Administration</ulink>.
850
<sect1 id="dhcp" status="review">
851
<title>Dynamic Host Configuration Protocol (DHCP)</title>
853
The Dynamic Host Configuration Protocol (DHCP) is a network service that enables
854
host computers to be automatically assigned settings from a server as opposed to
855
manually configuring each network host. Computers configured to be DHCP clients have
856
no control over the settings they receive from the DHCP server, and the
857
configuration is transparent to the computer's user.
860
The most common settings provided by a DHCP server to DHCP clients include:
862
<itemizedlist spacing="compact">
864
<para>IP-Address and Netmask</para>
874
However, a DHCP server can also supply configuration properties such as:
876
<itemizedlist spacing="compact">
878
<para>Host Name</para>
881
<para>Domain Name</para>
884
<para>Default Gateway</para>
887
<para>Time Server</para>
890
<para>Print Server</para>
894
The advantage of using DHCP is that changes to the network, for example a change
895
in the address of the DNS server, need only be changed at the DHCP server, and all
896
network hosts will be reconfigured the next time their DHCP clients poll the
897
DHCP server. As an added advantage, it is also easier to integrate new computers
898
into the network, as there is no need to check for the availability of an IP
899
address. Conflicts in IP address allocation are also reduced.
902
A DHCP server can provide configuration settings using two methods:
906
<term>MAC Address</term>
909
This method entails using DHCP to identify the unique hardware address
910
of each network card connected to the network and then continually
911
supplying a constant configuration each time the DHCP client makes a
912
request to the DHCP server using that network device.
917
<term>Address Pool</term>
920
This method entails defining a pool (sometimes also called a range or
921
scope) of IP addresses from which DHCP clients are supplied their
922
configuration properties dynamically and on a "first come, first served"
923
basis. When a DHCP client is no longer on the network for a specified
924
period, the configuration is expired and released back to the address
925
pool for use by other DHCP Clients.
931
Ubuntu is shipped with both DHCP server and client. The server is
932
<application>dhcpd</application> (dynamic host configuration protocol daemon).
933
The client provided with Ubuntu is <application>dhclient</application> and should
934
be installed on all computers required to be automatically configured. Both
935
programs are easy to install and configure and will be automatically started at
938
<sect2 id="dhcp-installation" status="review">
939
<title>Installation</title>
941
At a terminal prompt, enter the following command to install
942
<application>dhcpd</application>:
945
<command>sudo apt-get install dhcp3-server</command>
948
You will probably need to change the default configuration
949
by editing /etc/dhcp3/dhcpd.conf to suit your needs and particular configuration.
952
You also need to edit /etc/default/dhcp3-server to specify the interfaces dhcpd
953
should listen to. By default it listens to eth0.
956
NOTE: dhcpd's messages are being sent to syslog. Look there for
957
diagnostics messages.
960
<sect2 id="dhcp-configuration" status="review">
961
<title>Configuration</title>
963
The error message the installation ends with might be a little confusing, but the
964
following steps will help you configure the service:
967
Most commonly, what you want to do is assign an IP address randomly. This can be
968
done with settings as follows:
971
# Sample /etc/dhcpd.conf
972
# (add your comments here)
973
default-lease-time 600;
975
option subnet-mask 255.255.255.0;
976
option broadcast-address 192.168.1.255;
977
option routers 192.168.1.254;
978
option domain-name-servers 192.168.1.1, 192.168.1.2;
979
option domain-name "mydomain.example";
981
subnet 192.168.1.0 netmask 255.255.255.0 {
982
range 192.168.1.10 192.168.1.100;
983
range 192.168.1.150 192.168.1.200;
987
This will result in the DHCP server giving a client an IP address from the range
988
192.168.1.10-192.168.1.100 or 192.168.1.150-192.168.1.200. It will lease an IP
989
address for 600 seconds if the client doesn't ask for a specific time frame.
990
Otherwise the maximum (allowed) lease will be 7200 seconds. The server will also
991
"advise" the client that it should use 255.255.255.0 as its subnet mask,
992
192.168.1.255 as its broadcast address, 192.168.1.254 as the router/gateway and
993
192.168.1.1 and 192.168.1.2 as its DNS servers.
996
If you need to specify a WINS server for your Windows clients, you will need to
997
include the netbios-name-servers option, e.g.
1000
option netbios-name-servers 192.168.1.1;
1003
Dhcpd configuration settings are taken from the DHCP mini-HOWTO, which can be found
1004
<ulink url="http://www.tldp.org/HOWTO/DHCP/index.html">here</ulink>.
1007
<sect2 id="dhcp-references" status="review">
1008
<title>References</title>
1013
The <ulink url="https://help.ubuntu.com/community/dhcp3-server">dhcp3-server Ubuntu Wiki</ulink> page has more information.
1018
For more <filename>/etc/dhcp3/dhcpd.conf</filename> options see the
1019
<ulink url="http://manpages.ubuntu.com/manpages/&distro-short-codename;/en/man5/dhcpd.conf.5.html">dhcpd.conf man page</ulink>.
1024
Also see the <ulink url="http://www.dhcp-handbook.com/dhcp_faq.html">DHCP FAQ</ulink>
1032
<sect1 id="NTP" status="review">
1033
<title>Time Synchronisation with NTP</title>
1035
This page describes methods for keeping your computer's time accurate. This is useful for servers, but is not necessary (or desirable) for desktop machines.
1038
NTP is a TCP/IP protocol for synchronising time over a network. Basically a client requests the current time from a server, and uses it to set its own clock.
1041
Behind this simple description, there is a lot of complexity - there are tiers of NTP servers, with the tier one NTP servers connected to atomic clocks (often via GPS), and tier two and three servers spreading the load of actually handling requests across the Internet. Also the client software is a lot more complex than you might think - it has to factor out communication delays, and adjust the time in a way that does not upset all the other processes that run on the server. But luckily all that complexity is hidden from you!
1044
Ubuntu has two ways of automatically setting your time: ntpdate and ntpd.
1047
<sect2 id="ntpdate" status="review">
1048
<title>ntpdate</title>
1050
Ubuntu comes with ntpdate as standard, and will run it once at boot time to set up your time according to Ubuntu's NTP server. However, a server's clock is likely to drift considerably between reboots, so it makes sense to correct the time occasionally. The easiest way to do this is to get cron to run ntpdate every day. With your favorite editor, as root, create a file
1051
<code>/etc/cron.daily/ntpdate</code>
1055
ntpdate -s ntp.ubuntu.com
1058
The file <code>/etc/cron.daily/ntpdate</code> must also be executable.
1060
<screen>sudo chmod 755 /etc/cron.daily/ntpdate
1063
<sect2 id="ntpd" status="review">
1066
ntpdate is a bit of a blunt instrument - it can only adjust the time once a day, in one big correction. The ntp daemon ntpd is far
1067
more subtle. It calculates the drift of your system clock and continuously adjusts it, so there are no large corrections that could
1068
lead to inconsistent logs for instance. The cost is a little processing power and memory, but for a modern server this is negligible.
1072
To install ntpd, from a terminal prompt enter:
1076
<command>sudo apt-get install ntp</command>
1080
<sect2 id="timeservers" status="review">
1081
<title>Changing Time Servers</title>
1083
In both cases above, your system will use Ubuntu's NTP server at <emphasis>ntp.ubuntu.com</emphasis> by default. This is OK, but you might
1084
want to use several servers to increase accuracy and resilience, and you may want to use time servers that are geographically closer
1085
to you. to do this for ntpdate, change the contents of <filename>/etc/cron.daily/ntpdate</filename> to:
1089
ntpdate -s ntp.ubuntu.com pool.ntp.org
1093
And for ntpd edit <filename>/etc/ntp.conf</filename> to include additional server lines:
1097
server ntp.ubuntu.com
1102
You may notice <emphasis>pool.ntp.org</emphasis> in the examples above. This is a really good idea which uses round-robin DNS to
1103
return an NTP server from a pool, spreading the load between several different servers. Even better, they have pools for different
1104
regions - for instance, if you are in New Zealand, so you could use <emphasis>nz.pool.ntp.org</emphasis> instead of
1105
<emphasis>pool.ntp.org</emphasis>. Look at <ulink url="http://www.pool.ntp.org/">http://www.pool.ntp.org/</ulink> for more details.
1109
You can also Google for NTP servers in your region, and add these to your configuration. To test that a server works, just type:
1113
<command>sudo ntpdate ntp.server.name</command>
1117
<sect2 id="ntp-references" status="review">
1118
<title>References</title>
1123
See the <ulink url="https://help.ubuntu.com/community/UbuntuTime">Ubuntu Time</ulink> wiki page for more information.
1128
<ulink url="http://support.ntp.org/bin/view/Support/WebHome">NTP Support</ulink>
1133
<ulink url="http://www.ntp.org/ntpfaq/NTP-a-faq.htm">The NTP FAQ and HOWTO</ulink>