unx37.htm

来自「Unix Unleashed, Third Edition is written」· HTM 代码 · 共 2,306 行 · 第 1/5 页

<FONT SIZE=3><B>Item 8</B>

<BR></FONT></CENTER></H6>

<P>This should not be a problem. If you are a commercial organization, your net is most likely commercial.

<BR></P>

<H6 ALIGN="CENTER">

<CENTER>

<FONT SIZE=3><B>Item 9</B>

<BR></FONT></CENTER></H6>

<P>This needs only a short response on how you plan to use the network. The big justification is in Item 7 on the class of network required.

<BR></P>

<P>Filing the application is simple enough. If you are requesting a connected network number, send your application via electronic mail to your Internet service provider, who will file it with the NIC on your behalf or assign you a number from their pool 
of addresses. If the application is for a nonconnected network, and you have access to electronic mail, that is the preferred method of filing. If this is not the case, print out the application and mail it to the address on the form.

<BR></P>

<H5 ALIGN="CENTER">

<CENTER><A ID="I8" NAME="I8">

<FONT SIZE=3><B>Broadcast Address</B>

<BR></FONT></A></CENTER></H5>

<P>In IP messages are addressed to a single node, to all nodes on the subnet, or to all nodes on the network. The last two are called broadcast addresses. When IP was first implemented, the address of all 0s for the node number was used for the broadcast 
address. This was later changed to all 1s. To retain backward-compatibility, IP implementations will accept either all 0s or all 1s as the broadcast address. In addition, if the network number is all 0s or all 1s it is considered a networkwide broadcast 
address. This makes the following broadcast addresses:

<BR></P>

<UL>

<LI>x.y.z.255 Subnet broadcast on subnet x.y.z

<BR>

<BR></LI>

<LI>x.y.255.255 Subnet broadcast on subnet x.y

<BR>

<BR></LI>

<LI>x.255.255.255 Subnet broadcast on subnet x

<BR>

<BR></LI>

<LI>255.255.255.255 Global broadcast

<BR>

<BR></LI></UL>

<P>To prevent a broadcast address in one network from leaking to other networks by accident, most routers are configured not to propagate a broadcast across network boundaries.

<BR></P>

<H5 ALIGN="CENTER">

<CENTER><A ID="I9" NAME="I9">

<FONT SIZE=3><B>Net Mask</B>

<BR></FONT></A></CENTER></H5>

<P>Since the IP address is broken into two parts, the network number and the node number, some way must be used to split the address into these two parts. This is the netmask. It is a bit mask that when bit-wise anded with the full 32-bit address results 
in the network number portion of the address. Although the specifications of IP do not require this mask to be a consecutive set of 1s followed by all 0s, most implementations of IP do require this. The default netmask for IP addresses is the following:

<BR></P>

<UL>

<LI>For Class A: 255.0.0.0

<BR>

<BR></LI>

<LI>For Class B: 255.255.0.0

<BR>

<BR></LI>

<LI>For Class C: 255.255.255.0

<BR>

<BR></LI></UL>

<P>The net mask is heavily involved in routing. Packets with a network number matching your network number are considered local and are not routed. Packets with a network number different from your network number are routed. The netmask is used to make 
this distinction.

<BR></P>

<P>As an example, you have a Class B address of 190.109.252.6 for your workstation. This could be configured as one of the following:

<BR></P>

<UL>

<LI>One big network with many thousands of possible addresses, with a netmask of 255.255.0.0 and a network number of 190.109.0.0 and a node address of 252.6.

<BR>

<BR></LI>

<LI>A subnet allowing only a few nodes under the big network, with a netmask of 255.255.255.0 and a network number of 190.109.252 and a node address of 6.

<BR>

<BR></LI>

<LI>A larger subnet allowing more nodes under the big network, with a netmask of 255.255.240.0 and a network number of 190.109.240.0 and a node address of 12.6.

<BR>

<BR></LI></UL>

<H4 ALIGN="CENTER">

<CENTER><A ID="I10" NAME="I10">

<FONT SIZE=3><B>Routing</B>

<BR></FONT></A></CENTER></H4>

<P>A network by it self is not as much use as one that can connect to other networks. To get a message off your network and onto the others requires knowing where and how to deliver the packets. This is known as routing.

<BR></P>

<P>In IP each network keeps track of only the first hop on the route to all other networks. It keeps track of which gateway to use for each other network to which it wants to communicate. Those nodes know the next hop for the packet, and so on. Eventually 

the packet reaches its destination. This is called store and forward routing, because each node in the chain receives the packet and then forwards it to the next destination. However, it is networks that have routes to gateway nodes, not nodes that have 
routes.

<BR></P>

<P>There are several types of routes:

<BR></P>

<UL>

<LI><B>Default</B> All packets for networks you don't explicitly list elsewhere are sent to this node for forwarding. If your network has only one gateway, this is all you need.

<BR>

<BR></LI>

<LI><B>Static</B> A command is used to add a route for one or more networks, and it never changes. This is used when there are a few gateways to fixed networks, and normally a default route is used for the remaining networks.

<BR>

<BR></LI>

<LI><B>Dynamic</B> The system listens to broadcasts of routes from the gateways and adjusts automatically. Many Internet nodes use this method.

<BR>

<BR></LI></UL>

<P>Routing is transparent and automatic by the system. You can turn it off by performing a modification to the TCP parameters in the operating system. Firewall gateways, which are used to protect networks from security breaches, turn off this automatic 
forwarding.

<BR></P>

<H4 ALIGN="CENTER">

<CENTER><A ID="I11" NAME="I11">

<FONT SIZE=3><B>Naming</B>

<BR></FONT></A></CENTER></H4>

<P>Although you can refer to anything via its dotted quad, you may have difficulty remembering the dotted quad. So the developers of the Internet and IP invented a scheme to assign names to the numbers. A name can be used to map to dotted quad network node 

address. Thus, the node 190.109.252.6 could be referred to as fasthost. A table of translations between the names and the dotted quads is kept on UNIX systems in /etc/hosts. Not only hosts, but also dotted quad values, can have names, as in:

<BR></P>

<UL>

<LI>190.109.252.0 The network on which fastnode resides could be fastnet.

<BR>

<BR></LI>

<LI>190.109.252.255 The broadcast address for that network could be fastnet-broadcast.

<BR>

<BR></LI>

<LI>255.255.255.0 The netmask for fastnet could be fastnet-netmask.

<BR>

<BR></LI>

<LI>190.109.0.0 The Class B overall net could be backbone-net.

<BR>

<BR></LI></UL>

<P>These names are interchangeable in UNIX commands with dotted quads wherever a node address or network number is needed.

<BR></P>

<H4 ALIGN="CENTER">

<CENTER><A ID="I12" NAME="I12">

<FONT SIZE=3><B>Port Number</B>

<BR></FONT></A></CENTER></H4>

<P>In addition to the IP address, some of the IP protocols use a port number. This is a 16-bit quantity that allows for more than one connection to the node. Each concurrent connection is to a port, and with 16 bits this limits any node to 65535 
connections simultaneously. Port numbers lower than 1024 are considered privileged and require root access to open.

<BR></P>

<H4 ALIGN="CENTER">

<CENTER><A ID="I13" NAME="I13">

<FONT SIZE=3><B>UDP Versus TCP</B>

<BR></FONT></A></CENTER></H4>

<P>The two major protocols in IP are UCP and TDP. These two are used by most other services and protocols to transfer the data. 

<BR></P>

<P>UDP is the simpler of the two and is an unnumbered message sent to a particular IP address and port. UNIX buffers the request and provides the message to any process that reads that port. It is a connectionless service and no acknowledgment of reception 

is sent to the sending system. It is only possible to read complete messages. The messages may be of any size less than the buffer size of the UDP queue (usually less than 24 KB).

<BR></P>

<P>TCP is a connection-oriented protocol. It guarantees delivery of the data, in order and error free. A TCP connection is a unique combination of four values:

<BR></P>

<UL>

<LI>The sending IP address

<BR>

<BR></LI>

<LI>The sending port number

<BR>

<BR></LI>

<LI>The receiving IP address

<BR>

<BR></LI>

<LI>The receiving port number

<BR>

<BR></LI></UL>

<P>This allows multiple connections at the same time to the same receiving port, as all four values uniquely identify a connection. The connection is bidirectional, and what is written at one end is read by the other, and vice versa.

<BR></P>

<P>TCP connections work just like stream I/0 in that any number of bytes at a time can be read or written. When the connection is broken, a write receives a broken pipe error and a read receives EOF (End of File).

<BR></P>

<H4 ALIGN="CENTER">

<CENTER><A ID="I14" NAME="I14">

<FONT SIZE=3><B>ARP</B>

<BR></FONT></A></CENTER></H4>

<P>Behind the scenes, the IP protocol still needs to converse over the EtherNet. In doing so, it has to address the message to an EtherNet address, not just an IP address. This is necessary so that the EtherNet hardware receives the message and passes it 
on for further processing. This conversion from IP address to EtherNet address is handled by the Address Resolution Protocol (ARP).

<BR></P>

<P>A node needing to convert an IP address to an EtherNet address for the first time broadcasts a message using the ARP protocol, asking what is the EtherNet address for a particular IP address. When a node running ARP hears its IP address, it responds 
with its EtherNet address directly (not via broadcast) to the requesting node. That node then caches the result for later reuse. If an address is not used in a while, it is timed out and flushed from the cache.

<BR></P>

<H4 ALIGN="CENTER">

<CENTER><A ID="I15" NAME="I15">

<FONT SIZE=3><B>RARP</B>

<BR></FONT></A></CENTER></H4>

<P>The opposite translation&#151;converting an EtherNet address to an IP address&#151;is performed by the Reverse Address Resolution Protocol (RARP). In any network, several nodes are usually set up to run rarp daemons. (Daemons are processes that run in 
the background&#151;they are discussed later in this chapter.) These programs listen for rarp requests, and using a data table provided in a disk file, respond with the IP address that is mapped to that EtherNet address.

<BR></P>

<P>RARP can be used by nodes when they boot. Instead of configuring the node with its IP address in a system configuration file, it can ask the network, and therefore some central mapping server, what IP address it is to use. Once it has the IP address, it 

can use the naming service or the host's file to determine its hostname. Diskless workstations have no local configuration and rely on RARP for boot time setup.

<BR></P>

<H4 ALIGN="CENTER">

<CENTER><A ID="I16" NAME="I16">

<FONT SIZE=3><B>ICMP</B>

<BR></FONT></A></CENTER></H4>

<P>When something goes wrong, someone has to act as traffic cop. That role belongs to the Internet Control Message Protocol (ICMP). ICMP is used to transparently control the network and for diagnostic purposes. If too much traffic is being generated by a 
connection, the system can send it an ICMP source quench message and ask it to slow down. If a packet is being sent to a host that a gateway knows does not exist, an ICMP host unreachable message is returned. If a gateway receives a packet, but doesn't 
know how to route it to its final destination, a ICMP network unreachable message is returned. If the wrong gateway is used for a packet, an ICMP redirect message is used to instruct the connection about the proper route. But the most well-known ICMP 
message is echo. It just echoes what it receives and is how the ping command works. (ping is covered later in this chapter.)

<BR></P>

<H4 ALIGN="CENTER">

<CENTER><A ID="I17" NAME="I17">

<FONT SIZE=3><B>Well-Known Services</B>

<BR></FONT></A></CENTER></H4>

<P>Many daemons listen for connections on pre-agreed on ports. These are the well-known services. The port numbers are specified in the file /etc/services. Many of these services are controlled by the Internet dispatch daemon, inetd.

<BR></P>

<HR ALIGN=CENTER>

<NOTE>

<IMG SRC="note.gif" WIDTH = 35 HEIGHT = 35><B>NOTE:</B> Daemons are special processes that run exclusively in the background. Most of the time you can tell that a process or command that has run or is running is a daemon because it ends in the letter d 
(for example, inetd, nfsd, and lockd). Some daemons allow to run multiple copies of themselves in memory (for example, nfsd, which is one of the network file system daemons discussed later in the chapter).

<BR></NOTE>

<HR ALIGN=CENTER>

<H5 ALIGN="CENTER">

<CENTER><A ID="I18" NAME="I18">

<FONT SIZE=3><B>Telnet</B>

<BR></FONT></A></CENTER></H5>

<P>Remote serial communication via IP is performed via telnet. The receiving UNIX system listens either via a telnetd daemon or via inetd for telnet connection requests on TCP port 23. A connection request is made using the telnet program. Once a 
connection is established, telnetd establishes a connection to the login program, and a remote login session is started.

<BR></P>

<H5 ALIGN="CENTER">

<CENTER><A ID="I19" NAME="I19">

<FONT SIZE=3><B>FTP</B>

<BR></FONT></A></CENTER></H5>

<P>If an interactive session isn't needed, but file transfer is desired, the file transfer protocol (ftp) is used. ftp is actually run under the TCP protocol, but is called a protocol itself because it uses specific commands to transfer the information. 
Again, as with telnet, an ftpd or inetd listens for a connection on TCP port 20. Using the ftp program a UNIX user establishes a connection. The ftpd program accepts login information and provides file transfer capabilities both to and from each system.

<BR></P>

<P>ftp is one of the original four-letter command and three-digit response protocols that are common in TCP/IP. Commands sent from ftp to ftpd include USER to log in and PASS to provide the password. Responses are three-digit numeric codes with a 
human-readable explanation following. The number codes are divided into response groups:

<BR></P>

<UL>

<LI>1xx Informative message.

<BR>

<BR></LI>

<LI>2xx Command succeeded.

<BR>

<BR></LI>

<LI>3xx Command ok so far, send the rest of it.

<BR>

<BR></LI>

<LI>4xx Command was correct, but couldn't be performed for some reason. This error group generally means try again later.

<BR>

<BR></LI>

<LI>5xx Command unimplemented, or incorrect, or a serious problem has occurred. Abort this command and do not retry it later.

<BR>

<BR></LI></UL>

<P>This same protocol style is used by almost all protocols run on top of TCP/IP.

<BR></P>

<H5 ALIGN="CENTER">

<CENTER><A ID="I20" NAME="I20">

<FONT SIZE=3><B>DNS</B>

<BR></FONT></A></CENTER></H5>

<P>Whereas telnet and ftp are examples of TCP-based services, the domain name service (DNS) is an example of a UDP-based service. The DNS daemon, named, listens on UDP port 53. When it receives a request to look up a name or number, it searches in memory 
tables for the answer. If it has seen the answer recently, it can respond immediately from its in-memory tables. If not, it asks a higher-level server whom to ask for this query and then requests the information from that server. This provides a very 
fast-responding, totally distributed naming service.

<BR></P>

<H3 ALIGN="CENTER">

<CENTER><A ID="I21" NAME="I21">

<FONT SIZE=4><B>Haste Makes Waste, So Plan!</B>

<BR></FONT></A></CENTER></H3>

<P>Providing a reliable, responsive network takes planning. Except in the smallest of networks, you can't just connect all the systems together, slap on any address, and then expect everything to work perfectly. This section contains some guidelines to 
help you plan your network so that it works not only reliably but also responsively for your UNIX system.

<BR></P>

<H4 ALIGN="CENTER">