tyt13fi.htm

tcpip 协议学习电子书籍 第一次上传东西

<BR>

<P>When large networks are necessary, several routers can be used to split the load. Intelligent network routers can optimize the routing of datagrams, as well as monitor and control network traffic and bottlenecks at any location.

<BR>

<P>On many occasions the advantages of a bridge and a router together are ideal. These combined devices, called <I>brouters,</I> are now making an appearance. Brouters can perform routing with some messages and bridging with others by examining incoming datagrams and using a filter mask to decide which function is performed. Brouters have the capability to handle multiple protocols, much like routers.

<BR>

<BR>

<A ID="E68E120" NAME="E68E120"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Configuring a Network</B></FONT></CENTER></H3>

<BR>

<P>Equipment available today is much more capable than was available when TCP/IP began its development cycle. In some ways, this has simplified the task of adding to or configuring a network, but it has also posed some problems of its own. Most equipment can be added to a network by simply attaching the network medium (such as a coaxial or twisted-pair cable) and configuring the interface with the IP address and domain name.

<BR>

<P>Of course, the more complicated the network, the more work must be done. Configuring a bridge, for example, can be as simple as connecting it to the networks it serves. Most bridges can autoconfigure themselves and watch the network traffic to build a table of network address. However, adding filters to restrict traffic or limiting access through blocking ports requires more detailed configuration processes.

<BR>

<P>Configuring a network and TCP/IP is not difficult, but it can be time-consuming. Different operating systems approach the task in a variety of ways. UNIX, for example, uses a large number of small configuration files scattered throughout the file system. IBM mainframes use a single large file. Configurations on some systems use a menu-driven interface that guides the user through all the necessary steps, ensuring that no errors are made.

<BR>

<P>For most networks and their interface cards, the following information is required:

<BR>

<UL>

<LI><B>Physical address:</B> Usually provided by the interface manufacturer.

<BR></LI>

<BR>

<LI><B>IP address:</B> Optional with serial-line interfaces.

<BR></LI>

<BR>

<LI><B>Subnet mask:</B> Specifies the network address.

<BR></LI>

<BR>

<LI><B>Protocol:</B> IP, if TCP/IP or UDP is used.

<BR></LI>

<BR>

<LI><B>Routing protocols:</B> Whether ARP or RARP is used.

<BR></LI>

<BR>

<LI><B>Broadcast address:</B> Format to use for broadcasts, usually all 1s.

<BR></LI>

<BR>

</UL>

<P>Secondary IP addresses can be used for devices such as routers, which can handle two logical networks. As noted, serial interfaces do not need an IP address, although they can be supplied. Serial interfaces also require a setting to indicate whether the device is configured to act as Data Terminal Equipment (DTE) or Data Communications Equipment (DCE), the serial port's baud rate and parity, and settings for the maximum size of a transmission.

<BR>

<P>Whatever equipment is used on a network, they all have a physical connection to the network transport medium. Typically this is a network card in a workstation, desktop PC, or printer. Software supplied with the device controls the interface, eliminating most of the worries of matching hardware, software, and protocols. After deciding on an IP address, the setting can be programmed either by switches or software, and the device is ready to talk to the network.

<BR>

<P>IP addresses can be chosen at random by the system administrator, but this can cause problems when the datagrams are released to a larger internetwork such as the Internet. Ideally, a network mask is assigned by the Network Information Center (NIC). This is then combined with the administrator's own numbering scheme in the LAN to produce the full IP address.

<BR>

<P>The IP addresses are assigned by the NIC based on the <I>class</I> of network, which reflects the size of the organization and the number of local equipment addresses required. As shown in Figure 13.6, there are four NIC-approved IP address structures. Class A addresses are for very large networks that need 24 bits available for local addresses, reducing the network address to 7 bits. Class B assigns 16 bits locally and 14 bits for the network address, whereas Class C enables only 8 bits for local addresses and 21 bits for the network address. Class C networks are for small companies only, because only 256 local addresses can be created. Class D addresses are used for special systems not usually encountered by users.

<BR>

<P><B><A HREF="13tyt06.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/13tyt06.gif">Figure 13.6. The four IP address class </B><B>structures.</A></B>

<BR>

<P>Numbering schemes within a network are left to the administrator's whim, although a convention of assigning low numbers to routers and bridges is usually followed. It is also useful to use Address Resolution Protocol (ARP) on local servers or routers to provide for faster startup when machines query for their IP addresses. This prevents system-wide broadcasts. The manner in which user equipment starts up (whether it uses BOOTP, ARP, or RARP) can affect the configuration of the local servers and routers.

<BR>

<P>Physical addresses of network connectors seldom have to be changed from their default settings. Most vendors guarantee a unique physical setting for their hardware, so these can usually be maintained with no change. For the conversion of IP address to physical address, this information must be stored in a routing table.

<BR>

<P>Routing tables for small networks are often created and maintained by hand. Larger networks might involve too many changes for the manual approach to be effective, so a routing protocol such as Routing Information Protocol (RIP) is used. Several routing protocols are available, including RIP and Open Shortest Path First (OSPF). The choice of the routing protocol can be important and usually depends on the size of the network and the connections between subnetworks and external systems. Routing protocols should be started automatically when the network is booted.

<BR>

<P>Configuring the network includes setting the domain name and network IP mask, following the formats approved by the NIC. Many operating systems have utilities that help configure the domain name and network IP mask. The <I>Domain Administrator's Guide,</I> which describes the process of forming a domain name,<I> </I>is available from the NIC (RFC 1032). These steps apply only if the network is to connect to the Internet or a similar internetwork. If the network is autonomous with no outside connections, the administrator can choose any network IP mask and domain name (although future connections might force a complete reconfiguration of the network if an NIC-consistent scheme is not used).

<BR>

<P>Connections to the Internet require an Autonomous System (AS) number from the NIC, which provides other systems with your border router address. Gateway protocols such as the Exterior Gateway Protocol (EGP) or newer Border Gateway Protocol (BGP) must be installed and configured to provide Internet routing.

<BR>

<P>Also involved in naming are the name-to-address resolution tables, which convert a symbolic name to an IP address. These are usually configured manually, although some automated formatting tools are offered with different operating systems. If the Domain Name System (DNS) is to be implemented, that adds another level of complexity to the name configuration, the details of which are best left to more specialized texts.

<BR>

<P>Some routers can be configured to filter message traffic. In these cases, the masks used to restrict or enable datagrams must be added to the router tables, as well as any limitations or exceptions to requests for socket services (such as Telnet). Setting ARP tables in routers can help bring up newly started machines more quickly than if a broadcast is sent network-wide to the primary ARP server. Several routers can be configured for priority routing, enabling priority based on the protocol, type of service, or a selected criteria such as IP address or socket.

<BR>

<P>Router software can be accessed either locally through a dedicated terminal or over the network. The latter enables a system administrator to log in using Telnet from a machine on the network and then run configuration or maintenance utilities. It is advisable to make access to these utilities extremely limited.

<BR>

<P>After the network addresses have been established, TCP can be configured. This is normally performed on a per-machine basis using an interface utility. In the TCP software configuration are settings for default window sizes and maximum segment size. If changes over the standard TCP port assignments are required, the configuration files must be edited. Processes that start TCP and monitor ports for connections (such as inetd, described on Day 6, &quot;Telnet and FTP,&quot;) must be added to the system startup files. Other services such as electronic mail (which might use a dedicated protocol such as SNMP) must be installed and properly configured.

<BR>

<BR>

<A ID="E68E121" NAME="E68E121"></A>

<H3 ALIGN=CENTER>

<CENTER>

<FONT SIZE=5 COLOR="#FF0000"><B>Monitoring and Basic Troubleshooting Utilities</B></FONT></CENTER></H3>

<BR>

<P>On Days 6 and 7 I looked at TCP/IP network utilities such as ping, finger, ruptime, and netstat, which help determine the status of connections and interfaces. I mention them here again briefly and also introduce some new commands. Several software vendors now offer talented network monitoring products that provide excellent information about the network, its connections, and the traffic it carries. Many of these products also enable dynamic configuration of the system.

<BR>

<P>The ping (Packet Internet Groper) command is the easiest method to check a machine's connection to the network. It uses the Internet Control Message Protocol (ICMP) to send a request for response. The ping command is useful with routers, because it can check each interface. Different versions of ping are available, some with different options. 

<BR>

<P>The following output shows a character-based system using ping to check on another machine on the network. The command line uses the -c option to limit the number of packets sent. As you can see, an IP address was used to indicate the destination machine, and the machine translated this to the symbolic name pepper based on the host table.

<BR>

<PRE>

<FONT COLOR="#000080"># ping -c5 205.150.89.2

PING 205.150.89.2 (205.150.89.2): 56 data bytes

64 bytes from pepper (205.150.89.2): icmp_seq=0 ttl=32 time=40 ms

64 bytes from pepper (205.150.89.2): icmp_seq=1 ttl=32 time=0 ms

64 bytes from pepper (205.150.89.2): icmp_seq=2 ttl=32 time=0 ms

64 bytes from pepper (205.150.89.2): icmp_seq=3 ttl=32 time=0 ms

64 bytes from pepper (205.150.89.2): icmp_seq=4 ttl=32 time=0 ms

--- 205.150.89.2 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max = 0/8/40 ms</FONT></PRE>

<P>A GUI-based ping utility is shown in Figure 13.7. This shows the ChameleonNFS ping utility sending a single packet to a remote device (in this case a network printer with the IP address 205.150.89.200) and getting a positive response.

<BR>

<P><B><A HREF="13tyt07.gif" tppabs="http://www.mcp.com/817948800/0-672/0-672-30885-1/13tyt07.gif">Figure 13.7. </B><B>ping</B><B> can also be used on GUI systems, </B><B>although usually with fewer options than on UNIX.</A></B>

<BR>

<P>A similar utility is spray, which uses a Remote Procedure Call (RPC, discussed on Day 9, &quot;Setting Up a Sample TCP/IP Network: Servers&quot;) to send a constant stream of datagrams or ICMP messages. The difference between ping and spray is that spray sends the datagrams constantly, whereas ping has an interval between datagrams. This can be useful for checking burst-mode capabilities of the network. The output of a spray command on a BSD UNIX system looks like this:

<BR>

<PRE>

<FONT COLOR="#000080">$ spray -c 5 tpci_sun2

sending 5 packets of lnth 86 to tpci_sun2 ...

   in 0.3 seconds elapsed time,

   1 packets (20.00%) dropped by tpci_sun2

Sent: 19 packets/sec, 1.8K bytes/sec

Rcvd: 16 packets/sec, 1.6K bytes/sec</FONT></PRE>

<P>Day 7, &quot;TCP/IP Configuration and Administration Basics,&quot; covered the netstat command in some detail. It is useful for checking the status of the network. The implementations of netstat vary widely depending on the operating system version.

<BR>

<P>Some systems have a utility called traceroute (available as public domain software), which sends a series of UDP datagrams to the target. The datagrams are constructed slightly differently depending on their location in the stream. The first three datagrams have the Time to Live (TTL) field set to 1, meaning the first time a router encounters the message it is returned with an expired message. The next three messages have the TTL field set to 2, and so on until the destination is reached.

<BR>

<P>The traceroute output shows the round-trip time of each message (which is useful for identifying bottlenecks in the network) and the efficiency of the routing algorithms (through a number of routers that might not be the best route). A sample output from a traceroute command (all machine names and IP address are invented) follows:

<BR>

<PRE>

<FONT COLOR="#000080">$ traceroute black.cat.com

1  TPCI.COM (127.01.13.12)           51ms   3ms   4ms

2  BEAST.COM (143.23.1.23)           60ms   5ms   7ms

3  bills_machine.com (121.22.56.1)   121ms  12ms  12ms

4  SuperGateway.com (130.12.14.2)    75ms   13ms  10ms

5  black.cat.com  (122.13.2.12)      45ms   4ms   6ms</FONT></PRE>

<P>When dealing with RPC, a utility called rpcinfo can determine which RPC services are currently active on the local or any remote system that supports RPC. The options supported by rpcinfo vary with the implementation, but all enable flags to decide which type of service to check. For example, the -p option displays the local portmapper. The following example shows the options supported on the SCO UNIX version of rpcinfo, as well as the output for the portmapper:

<BR>

<PRE>

<FONT COLOR="#000080">$ rpcinfo

Usage: rpcinfo [ -n portnum ] -u host prognum [ versnum ]

       rpcinfo [ -n portnum ] -t host prognum [ versnum ]

       rpcinfo -p [ host ]

       rpcinfo -b prognum versnum

$ rpcinfo -p

   program vers proto   port

    100000    2   tcp    111  portmapper

    100000    2   udp    111  portmapper

    150001    1   udp   1026  pcnfsd

    150001    2   udp   1026  pcnfsd

    100008    1   udp   1027  walld

    100002    1   udp   1028  rusersd

    100002    2   udp   1028  rusersd

    100024    1   udp   1029  status

    100024    1   tcp   1024  status

    100020    1   udp   1034  llockmgr

    100020    1   tcp   1025  llockmgr

    100021    2   tcp   1026  nlockmgr

    100021    1   tcp   1027  nlockmgr

    100021    1   udp   1038  nlockmgr

    100021    3   tcp   1028  nlockmgr

    100021    3   udp   1039  nlockmgr</FONT></PRE>

<P>Monitoring NFS (an RPC service) can be more complicated. A few utility programs are available. The nfsstat command displays information about recent calls:

<BR>

<PRE>

<FONT COLOR="#000080">$ nfsstat

Server rpc:

calls      badcalls   nullrecv   badlen     xdrcall

458        0          1          2          0