LIS508 networking basics and home networking Thomas Krichel 2012-01-08.
70
LIS508 networking basics and home networking Thomas Krichel 2012-01-08
-
Upload
brittney-patterson -
Category
Documents
-
view
214 -
download
0
Transcript of LIS508 networking basics and home networking Thomas Krichel 2012-01-08.
LIS508
networking basics and home networking
Thomas Krichel
2012-01-08
domains
• A web presence start with a domain.
• A domain is a name that allows you to run services on a Internet.
• Domain names are hierarchical. Tiers in the hierarchy are separated by dots.
• Domain names are big-endian.
Top-level domains
• There are a limited number of top level domains such as .edu, .it, .xxx
• These top-level domains are created by ICANN.
• Within these top-level domains, you can lease sub domains.
examples
• There is a top-level domain .it.
• You can register get.it, if this is not already taken.
• Once you have get.it, you can created to.get.it, need.to.get.it, I.need.to.get.it.
Managing a domain on your own
• If you are Thomas or another geek, can manage the domain with a set of text files on a server.
• The server should be available on the internet most of the time.
• It needs to be at a stable IP address.
• Actually you need at least two servers to do it.
Managing a domain at the registrar
• All(?) domain registries allow you to manage your domain using a proprietary interface that the registrar provides you.
• You still need to understand some basic concepts of domain management.
Shortcut domain names
• Typing a full domain name is a pain in the butt. Therefore a lot of client programs allow for shortcuts.
• "localhost" is usually a name at a machine for itself.
• Many machine append a simple name without dot with a domain to search for.
Shortcut domain names
• Typing a full domain name is a pain in the butt. Therefore a lot of client programs allow for shortcuts.
• "localhost" is usually a name at a machine for itself.
• Many machine append a simple name without dot with a domain to search for.
Shortcut examples
• On wotan.liu.edu, you can use "localhost" to refer to wotan.liu.edu.
• On www.liu.edu can probably use "wotan" to refer to wotan.liu.edu.
Literature & status
• The classic book on Computer Networks is Andrew Tannenbaum's book “computer networks”.
• I have read a good part of it, but what I am reporting here is basically from memory.
• It may be wrong, but not so seriously wrong that acting upon the advice here would be problematic.
LAN
A LAN is a Local Area Network. All LANs are broadcasting networks. Hosts on the LANs broadcast messages
(frames) that contain the address on a target host.
Joint broadcast messages collaps, so they have to be retransmitted.
There is a protocol for LANs, the Ethernet.
LAN interfaces
Traffic on any LAN goes through a LAN interface.
If your interface uses a cable, it usually runs a protocol broadly known as Ethernet.
If your are running wireless, it's some kind of wireless Ethernet.
mac address Each LAN interfaces has an address
known as the mac address. Mac stands for media access control.
There are 6 byte addresses. Each interface has a unique address. These are not addresses as used on the
Internet. LAN addresses have to be mapped to Internet addresses.
repeaters A repeater is a device that is used to
connect several computer to a LAN. It just makes sure that the frames issued
by any computers connected to it. It does no further processing with the frames.
That's why repeaters are sometimes called dumb repeaters.
This closes our discussions about LANs.
the Internet The Internet is a connection of physically
different network. There is no physical device known as the
Internet. A protocol stack ensure that we can use
the Internet without being aware that it is made up of different networks.
The Internet is a not a broadcasting network, for sure.
packets
• Communication on the Internet is based on packets.
• Each packet contains data.
• Each packet travels independently from an identified source computer to an identified destination computer.
• The way this is done is specified by the IP protocol.
point-to-point
• The Internet is not a broadcasting network.
• It is a packet-switching network.
• Packets travel between special computers that are used to route packets. These computers are called routers. They are not used to work for woodwork.
• This design was invented by Paul Baran, not Al Gore.
connections• Users don't experience IP packets. They
experience connections between computers. For example when a user downloads a web page, the web user agent open a connection to the server.
• The protocol that enables such connections, despite the fact that the packets travel independently, is called TCP.
• The Internet runs on TCP/IP.
The IP address
• A computer that is connected to the Internet has an IP address.
• An IP address is a sequence of 4 decimal numbers, connected by dots. Each number ranges between 0 at 255. An example number is “148.4.2.231”.
• A computer that has an IP address is not necessarily directly connected the Internet.
special address
• Some IP addresses are reserved for special purposes.
• The most fameous is “127.0.0.1”.
• This is the address a computer uses to talk to itself using the IP protocol.
• Addresses that start with “10.” or with “192.168” are local addresses.
local addresses
• A local address identifies a computer on a local network. Computers on the same local network can use the IP protocol to talk to other machines on the same local network.
• Computers outside the local network can not talk to the machine inside the local network using the local addresses.
• There maybe many many networks where computer use the same local IP addresses.
why local addresses
• A computer reachable on the Internet has to have at least one unique IP address.
• Some computers have many IP addresses.
• The number of unique IP addresses is quite small.
• There is a global address shortage.
home networking
• Typically in home networking, your provider will give you one single IP address.
• Usually, this address is a global address.
• Usually, this address is a dynamic address. That means that the IP address may change over time– when you restart the network
– after a network or power outage
router in the home
Usually, people will want to connect a bunch of computers in the home.
To do this they buy what is known as a router.
It's a hardware device that has lines incoming from all computers in the house and and outgoing line a device controlled by the provider.
how do we get a global address
Upon start, the local router will send a broadcast message.
Basically, the message is “I am here, can anybody give me an IP address.”
Then an upstream router that is under the control of the provider will issue the local router with an IP address and forward the local router's traffic to the Internet.
DHCP
stands for Dynamic Host Configuration Protocol. This is what the protocol explained on the provious slide does.
On a Microsoft windows machine, DHCP is activated with the “get an IP address automatically” option.
On Linux, there is a program called dhclient.
dhclient
Usually you invoque dhclient with “dhclient eth0”
“dhlient –v eth0” will show what’s going on. There “eth0” stands for your first Ethernet
interfaces. If you have wlan, you would probably say
something like “dhclient wlan0”
usual home networking
• In the typical home, several users will have computers requiring Internet access. But there is only one IP address.
• Here is where the consumer level home router comes in.
• The single global IP address is given to the router, rather than to any computer of the home network.
administering the router
The router usually has a web interface. You can use that interface with any web browser.
Details on how you can access your router's web interface is in the documentation, which you have carefully kept at home.
remote administration
• Usually, by default, it is only possible to reach the router from a local IP address in the local network.
• Some routers support remote remote admiminstration. You still have to find the IP address of the router in order to access it.
network access of home users
• When a home user accesses the Internet, say to download a web page, the packets are sent to the router.
• The router establishes a connection with the web server.
• When the response comes back from the server, the response is forwarded be the router to the client machine on the home network.
your local addresses at home
• When you have a router at home, the router hands out local IP addresses.
• The protocal that it uses to do is the good old DHCP.
• The machines inside your network have local IP addresses. They can only communicate with other Internet hosts through the router.
how the router works
• The router craftly replaces the local source address of the home computer with it's own global address.
• When the response comes back it forwards it to the local machine.
• How does it know to which machine to forward the response?
• {to understand this the concept of ports is required}
ports
• A modern computer uses the Internet for many purposes. To keep these purposes separate, each machine that uses the IP protocol has 65536 ports.
• A port can't be seen. Just think of its as a source or destination of IP traffic from or to a computer.
• Think of the computer as a building and each port as an apartment in the building.
ports and router
• When the router sends IP traffic, say to a web server it tells the server to respond to a certain port.
• All the traffic that gets to this port is then forwarded to the home user's machine.
• {We come back to the topic of ports later. This is a useful point for a break}
numbers to names• IP addresses are cumbersome:
– They are hard to remember.
– They on where a computer is located. They are very roughly geographical. An address will change when you move the sever from one location to another.
• Therefore to establish a lasting presence on the Internet you need a name for your machine.
• Names are organized by domains.
domain
• To start with, a domain is a name that you can lease. The act of leasing a domain is commonly knows as domain registration.
• The word “owns” is commonly used when talking about domains.
• There are commercial companies where you can “register” (speak: lease) a domain. Such companies are called domain name registrars.
host names• Once you own a domain, you can create
hosts within the domain. The hosts are created by adding other names to the beginning for the domain.
• Example: if you own “foo.com”, you can create “www.foo.com”, “fool.foo.com” etc.
• To create a host, you add records to your domain information. Each record has a certain type. {later…}
name server
• A name server is a running software that knows about domain names.
• It receives requests for information about names and returns responses for these names.
• “bind” is a popular, free nameserver software that you can run on your Debian server.
name server and registrar
• Usually, a registrar will give you a web interface to manage name records.
• It will also run the name server for you. Actually it will run several name servers for redundancy.
record name types
• Each name record has a type.
• Some common types are “A” “CNAME” “NS” “MX” “TXT” “PTR”
The “A” domain record type
• The “A” record type assigns an IP address to a hosts.
Example: “wotan.liu.edu. IN A 148.4.2.231.
The “IN” is in all records.
the “CNAME” record type
• The CNAME record says that one domain is an alias for another domain
• Example: “www.foo.com IN CNAME foo.com”.
• When a users want to contact “www.foo.com” the name server looks up foo.com, and sends out it's IP address.
the “MX” record type
• The MX record type allows you to say where the mail for the domain is sent to.
• Example: “foo.com IN MX 1 mail.foo.com.”
• Two important notes• the 1 here says this mail server has first priority.
• The final element in the line is a name, not an ip address. Of course that name must be resolvable into an IP address.
hosting at home
• If you want to host at home, you need to deal with some problems– With a dynamic IP address, you need to adjust
the “A” record of the domain that you are hosting to reflect your current IP address. “name problem”
– If you have a router, you must make sure that the incoming traffic is gets to the server “routing problem”.
the name problem
• To look at the name problem, let us forget about the router for a moment.
• Assume you have machine at home. It is the only machine, and it hosts the server.
• Let us further assume that this machine has only one network interface.
• The name problem can then easily be solved using a protocol called dynamic DNS.
dynamic DNS
When a machine renews it's IP address, it gets access to the Internet.
Once it has access to the Internet, it can contact a special server via http. It logs in, reports its IP address, say 34.29.126.129 to the service.
Then the Dynamics DNS sets a A record “foo.shacknet.nu. IN A 34.29.126.129”
Dynamic DNS providers
There are number of providers. The one I use is DynDNS.org. You register to create an account. You can create say up to five hosts, in
domains owned by the provider. You can not set the IP adress to your own
domain name. You don't have to.
own name and DynDNS
If you own foo.com, and want to host on the machine with the IP address that has registered itself as foo.shacknet.nu, all you need is a DNS CNAME
“foo.com. IN CNAME foo.shacknet.nu”
ddclient install
ddclient is the dynamics DNS client software.
You can install it with “apt-get install ddclient”.
When you do so, have your dynamic DNS provider data ready, the install interface will ask you for it.
ddclient configuration
This can be done by editing the file /etc/ddclient.conf.
Then restart the ddclient daemon with “/etc/init.d/ddclient restart”.
router and dynamic DNS
• If you have a router, the name problem has an interseting twist. The IP address that you need to report is not the IP address of the server (because it is has a local address), but the IP address of the router.
• This is the name + router problem.
dynDNS in the router
• Modern consumer level routers have support for dynamic DNS.
• You can enter the information of your dynamic DNS account.
• In that case you should not run ddclient on the server. It will send erroneous information.
ddclient with router support
It is possible that ddclient can enter your routers web interface, read the IP addresso of the router then report that IP address to the dynamic DNS provider.
I had a configuration of ddcilent like that. Google is your friend here to look for a
suitable configuration.
example ddclient with router# /etc/ddclient.confpid=/var/run/ddclient.pidprotocol=dyndns2use=if, if=eth0syslog=yesuse=linksys # I have a linksys routerfw-login=router_loginfw-password=my_router_passwordfw=192.168.1.1/Status.htmfw-skip=WAN.*?IP Addressserver=members.dyndns.orglogin=krichelpassword=aoeuidibbart.dyndns.info
the routing problem
• If you have solved the naming problem, traffic for your name foo.com appears at your router.
• But the router does not provide the services.
• Incoming traffic has to be forwarded to the server.
• The easiest way to do that is to use a setting called the DMZ host.
DeMilitarized Zone
The DMZ host is a host to which the router forward all incoming traffic to that it does not know already how to deal with.
This is the most primitive way of running a firewall.
summary: the router
• When a client behind the router want to open a connection to the server outside the local network, it is the router that opens the connection.
• The response goes to a port on the router that the router sets out with the request.
• The response is forwarded to the client.
two more problems
• There are two more problems that you have when you host at home.
• You can’t do much about either of them.
• These are asymmetric speeds and port blocking.
asymmetric speed
• Residential providers usually give you good download speed, but lousy upload.
• Worse: uploads kill download speed.
• This poses contraints on you hosting a lot of contents at home. When Google comes for a visit, your network will slow.
ports
The router uses different ports to keep track of which local machine to send traffic to.
But ports also have a role as destination points of service.
well-known ports
When we are open a http connection to http://foo.org, to which port does the connection go?
Answer: port 80. Why? Because 80 is the well-know port for
http.
can it go somewhere else?
Yes. But in this case you have to give the URL
as http://foo.com:port where port is the number of the non standard port. 8080 is often used: http://foo.com:8080.
other well known ports
smtp: 25 ssh: 22 dns: 53 See /etc/services for more examples.
port filtering Sometimes Internet providers kill all
packets with the source or destination address at a certain port.
This ghastly, despicable and evil practice is known as port filtering.
Because services use well-know ports, port filtering can make it hard for server owners to run services the Internet service provider does not want them to.
example problem
You have a machine “bar” that has port 80 blocked.
You want to run a web server on “bar” without using a port in the web address.
You have a machine “foo” that has no ports blocked.
example solution
You run a web server on port 80 at foo. You run a web server on port 8080 at bar. You forward all queries to port 80 at foo to
port 8080 at bar. When the answer from bar comes to foo,
the foo forwards it. This is standard technology with modern
web servers.
bandwidth issues
• Most consumer level Internet connections use assymetric speeds. – They have fast downloads
– They have very slow dowloads
If you don't run a big site, you won't see much of a problem.
But backups are difficult unless you use physical media that you ship outside the house (yuck).
problem with commercial hosting
Do not rely on their backup. You need a backup. One way to get a backup to set up a
backup server at home...
http://openlib.org/home/krichel
Please shutdown the computers when
you are done.
Thank you for your attention!
