TCP/IP Network Administration- P5

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

0
90
lượt xem
30
download

TCP/IP Network Administration- P5

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'tcp/ip network administration- p5', công nghệ thông tin, quản trị mạng phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: TCP/IP Network Administration- P5

  1. [Chapter 4] 4.7 netconfig 172.16.12.2 Enter gateway address: 172.16.12.1 Enter netmask: 255.255.255.0 Will you access a nameserver: Yes Name Server: 172.16.12.1 ## This completes your network setup. ## ## Hold on to the remaining information for future reference.## Broadcast address: 172.16.12.255 Mail server: 172.16.12.1 Mail relay: 172.16.12.1 Print server: 172.16.12.3 NFS server: 172.16.1.2 Previous: 4.6 Informing the TCP/IP Network Next: 4.8 Summary Users Administration 4.6 Informing the Users Book Index 4.8 Summary [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_07.htm (2 of 2) [2001-10-15 09:17:57]
  2. [Chapter 4] 4.6 Informing the Users Previous: 4.5 Other Chapter 4 Next: 4.7 netconfig Getting Started Services 4.6 Informing the Users All of the configuration information that you gather or develop through the planning process must be given to the users so that they can configure their systems. You can distribute information with several techniques. In Chapter 3 we discussed NIS, NFS, and configuration servers. All of these play a role in informing the user and in simplifying the configuration process. NIS supports several system administration databases that provide many of the basic configuration values. NFS can distribute pre-configured system files to client systems. Configuration servers, such as BOOTP and DHCP, offer every parameter needed to configure a TCP/IP system directly to the client. All of these are important, but they are not the complete solution. The servers require that the client is configured to be a client. For NIS and NFS, the client must have a full basic configuration. Even BOOTP and DHCP require that the user know whether BOOTP or DHCP is being used so that he does not enter any incorrect values during the initial system installation. Therefore, the network administrator must directly communicate with the administrator of the end system, usually through written documentation. 4.6.1 Sample Planning Sheets To communicate this information, the network administrator will often create an installation planning sheet - a short list of information for the system administrator. A sample planning sheet for the workstation peanut, based on some of the topics we have discussed, provides basic configuration details. The planning sheet lists the name, address, subnet mask, the fact that DNS is used, and the fact that RIP is used on subnet 172.16.12.0: Hostname: peanut IP address: 172.16.12.2 Subnet mask: Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_06.htm (1 of 4) [2001-10-15 09:17:58]
  3. [Chapter 4] 4.6 Informing the Users 255.255.255.0 Default gateway: 172.16.12.1 (almond.nuts.com) Broadcast address: 172.16.12.255 Domain name: nuts.com Name servers: 172.16.12.1 (almond.nuts.com) 172.16.6.8 (pack.plant.nuts.com) Routing protocol: Routing Information Protocol (RIP) Mail server: 172.16.12.1 (almond.nuts.com) Mail relay: 172.16.12.1 (almond.nuts.com) Print server: 172.16.12.3 (pecan.nuts.com) NFS server: 172.16.1.2 (filbert.nuts.com) A similar sheet prepared for almond (see below) varies slightly from the planning sheet for peanut. The names and address are different, of course, but the real differences are caused by the fact that almond is a gateway. As a gateway, almond has more than one network interface, and each interface requires its own configuration. Each interface has its own address and can have its own name, subnet mask, and routing protocol. Hostname: almond (172.16.12.1) mil-gw (10.104.0.19) IP address: Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_06.htm (2 of 4) [2001-10-15 09:17:58]
  4. [Chapter 4] 4.6 Informing the Users 172.16.12.1 10.104.0.19 Subnet mask: 255.255.255.0 (172.16.12.1) default (10.104.0.19) Default gateway: none Broadcast address: 172.16.12.255 (172.16.12.1) default (10.104.0.19) Domain name: nuts.com Name servers: 172.16.12.1 (almond.nuts.com) 172.16.6.8 (pack.plant.nuts.com) Routing protocol: Routing Information Protocol (RIP) (172.16.12.1) Border Gateway Protocol (BGP) (10.104.0.19) Print server: 172.16.12.3 (pecan.nuts.com) NFS server: 172.16.1.2 (filbert.nuts.com) We use the information from these planning sheets to configure the systems in subsequent chapters. You may, however, want to format your planning sheets differently. In this book we configure the system directly. We use the configuration commands ourselves so that we can understand and master them. In reality many basic configuration tasks are performed by a network configuration script during the initial operating system installation. You may want to format your planning sheet to be compatible with the prompts of that script. One such script is netconfig, which is used on Linux systems. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_06.htm (3 of 4) [2001-10-15 09:17:58]
  5. [Chapter 4] 4.6 Informing the Users Previous: 4.5 Other TCP/IP Network Next: 4.7 netconfig Services Administration 4.5 Other Services Book Index 4.7 netconfig [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_06.htm (4 of 4) [2001-10-15 09:17:58]
  6. [Chapter 4] 4.5 Other Services Previous: 4.4 Planning Chapter 4 Next: 4.6 Informing the Getting Started Naming Service Users 4.5 Other Services Three services that are used on many networks are file servers, print servers, and mail servers. The purpose of these services and the protocols they are built on is discussed in Chapter 3. In this section we investigate what information must be passed to the users so that the client systems can be successfully configured, and how the network administrator determines that information. 4.5.1 File servers At a minimum the user needs to know the hostnames of the network file servers. Using the names and the showmount command, the user can determine what filesystems are being offer by the servers and who is permitted to use those filesystems. [8] Without at least the hostname, the user would have to guess which system offered file service. [8] See the showmount command in Chapter 9. A better approach is to give users information that also includes what filesystems are being offered and who should use those filesystems. For example, if the UNIX man pages are made available from a central server, the users should be informed not to install the man pages on their local disk drives and they should be told exactly how to access the centrally supported files. 4.5.2 Print servers Whether printers are shared using lp, lpd, or NFS, the basic information needed to configure the print server's clients is the same: the hostname and IP address of the print server, and the name of the printer. Printer security may also require that the user be given a username and password to access the printer. This is the only information needed to configure the client. However, you probably will want to provide your users with additional information about the features, location and administration of shared printers. 4.5.3 Planning Your Mail System Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_05.htm (1 of 3) [2001-10-15 09:17:58]
  7. [Chapter 4] 4.5 Other Services TCP/IP provides the tools you need to create a reliable, flexible electronic mail system. Servers are one of the tools that improve reliability. It is possible to create a peer-to-peer email network in which every end system directly sends and receives its own mail. However, relying on every system to deliver and collect the mail requires that every system be properly administered and consistently up and running. This isn't practical, because many small systems are offline for large portions of the day. Most networks use servers so that only a few systems need to be properly configured and operational for the mail to go through. The terminology that describes email servers is confusing because all of the server functions usually occur in one computer, and all of the terms are used interchangeably to refer to that system. In this text we differentiate between these functions, but we expect you will do all of these tasks on one UNIX system running sendmail. We use these terms in the following manner: Mail server The mail server collects incoming mail for other computers on the network. It supports interactive logins as well as POP or IMAP so that users can read their mail as they see fit. Mail relay A mail relay is a host that forwards mail between internal systems and from internal systems to remote hosts. Mail relays allow internal systems to have simple mail configurations because only the relay host needs to have software to handle special mail addressing schemes and aliases. Mail gateway A mail gateway is a system that forwards email between dissimilar systems. You don't need a gateway to go from one Internet host to another because both systems use SMTP. You do need a gateway to go from SMTP to X.400 or to a proprietary mailer. In a pure TCP/IP network, this function is not needed. The mail server is the most important component of a reliable system because it eliminates reliance on the user's system. A centrally controlled, professionally operated server collects the mail regardless of whether or not the end system is operational. The relay host also contributes to the reliability of the email system. If mail cannot be immediately delivered by the relay host, it is queued and processed later. An end system also queues mail, but if it is shut down no attempts can be made to deliver queued mail until the system is back online. The mail server and the mail relay are operated 24 hours a day. The design of most TCP/IP email networks is based on the following guidelines: q Use a mail server to collect mail, and POP or IMAP to deliver the mail. q Use a mail relay host to forward mail. Implement a simplified email address scheme on the relay host. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_05.htm (2 of 3) [2001-10-15 09:17:58]
  8. [Chapter 4] 4.5 Other Services q Standardize on TCP/IP and SMTP. Users who insist on using a proprietary email system should be responsible for obtaining and configuring an SMTP mail gateway for that system in order to connect to your TCP/IP email network. q Standardize on MIME for binary attachments. Avoid proprietary attachment schemes; they just cause confusion when the users of Brand X email cannot read attachments received from Brand Y. For their client configurations, provide the users with the hostname and IP address of the mail server and the mail relay. The mail server will also require a username and password for each person. Previous: 4.4 Planning TCP/IP Network Next: 4.6 Informing the Naming Service Administration Users 4.4 Planning Naming Service Book Index 4.6 Informing the Users [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_05.htm (3 of 3) [2001-10-15 09:17:58]
  9. file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm Previous: 4.3 Planning Chapter 4 Next: 4.5 Other Services Getting Started Routing 4.4 Planning Naming Service To make your network user-friendly, you need to provide a service to convert hostnames into IP addresses. Domain name service (DNS) and the host table, explained in Chapter 3, perform this function. You should plan to use both. To configure her computer, a network user needs to know the domain name, her system's hostname, and the hostname and address of at least one name server. The network administrator provides this information. 4.4.1 Obtaining a Domain Name The first item you need for domain name service is a domain name. You can obtain an official domain name from the InterNIC. Your ISP may be willing to do this for you or to assign you a name within its domain; however, it is likely that you will have to apply for a domain name yourself. You can download the application from ftp://rs.internic.net/templates/domain-template.txt. Pre-select a domain name and have your primary domain name server up and running before you attempt to register the domain name. Use whois as described in Chapter 13, Internet Information Resources , to see if the name you want is in use. Double-check with nslookup as described in Chapter 8, Configuring DNS Name Service . When you are reasonably sure the domain name is still available, start your primary name server running. If you don't want to run your own server, ask your ISP if they offer this service. If they don't, you must either find a new ISP that does, or run the service yourself. Having the primary server up and running doesn't mean that your entire domain must be fully operational, but it does mean that a server must be running to respond to basic queries. When asked, the server should answer that it is the name server for your domain. Configure the primary server as described in Chapter 8. Test it with nslookup. Once you are sure that it at least answers queries about itself, register the domain name. Submit the domain name application form via email to hostmaster@internic.net with a subject line containing the words "NEW DOMAIN" followed by the name of your domain. For example, assuming the completed template is stored in the file domain.application on a Solaris system, the Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm (1 of 4) [2001-10-15 09:17:59]
  10. file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm following command might be used to mail it to the InterNIC for a domain named nuts.com: % Mail hostmaster@internic.net Subject: NEW DOMAIN nuts.com ~r domain.application "domain.application" 49/2732 ^D EOT In response to your email, you receive a reply that contains a tracking number that you use to monitor the status of your domain registration. Use the domain name registration form to change or delete your existing domain name registration. Just fill in the form with the corrected information and mail it to hostmaster@internic.net with a subject line that contains either "MODIFY DOMAIN" or "REMOVE DOMAIN", as appropriate, followed by your domain name. In the very first field of the application form, item 0, ask for the type of registration action: either New ("N"), Modify ("M"), or Delete ("D"). Make sure the letter in this field matches the action indicated on the subject line when you mail in the application. You're required to use email to submit the domain name application. The logic behind this is that if you don't have at least email access to the Internet, you don't need an Internet domain name. This helps reduce the number of frivolous domain name requests, and it automates part of the registration, further reducing the burden of handling domain name requests. Another thing that dramatically reduces the number of frivolous domain name applications is the $100 registration fee. The registration service charges each domain $50 a year to be maintained in the registry. The initial $100 fee covers the first two years. Question 9 asks if the InterNIC should send the bill for the registration fee to you via email or postal mail. Answer with an "E" or a "P". If your "bean counters" will accept an email bill, go that way. You'll get everything finished more quickly. The application form is largely self-explanatory, but a few items require some thought. Two things may be confusing - handles and servers. One is the request for a NIC handle. You have a NIC handle only if you are registered in the NIC white pages. The white pages (discussed in Chapter 12) is a directory of information about users, networks, hosts, and domains. A NIC handle is a record identifier for this directory. A personal NIC handle for a user entry is composed of the user's initials and perhaps a number. For example, my initials are cwh and my NIC handle is cwh3. It is unlikely that you will have a handle unless you have contacted the NIC before. If you don't have a handle, just leave it blank. The NIC will assign you one. You're also asked for the names and addresses of your primary and secondary name servers. The servers listed must be operational and connected to the Internet. [7] Provide the full domain name of the primary server in response to question 7a; e.g. almond.nuts.com. The primary server is usually a name server located at your site, but not always. It isn't necessary to provide your own primary server; and if you aren't directly connected to the Internet, you can't. Even though you are not connected, you may still want to register your domain name with the NIC if you have email access to the Internet. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm (2 of 4) [2001-10-15 09:17:59]
  11. file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm This allows you to use an email address that clearly identifies your organization. In order to do this, the online service that receives your email must be able to provide your primary name service. Check with them before you fill out this form. [7] Chapter 8 tells you how to get a name server up and running. The secondary server should be on a separate physical network from the primary server. Putting it on a different network guarantees that other sites can look up information about your network, even if access to your network is unavailable for some reason. A large organization may have multiple independent networks, but for many sites this requirement means asking another organization to provide a secondary name server. Who do you ask? Again, you should turn to the people who are providing your Internet access. The network that connects you to the Internet should provide secondary name servers as a service to its users. If they do not, they should be able to point you to other organizations that do provide the service. It is even possible for two organizations who are both applying for new domains to provide secondary service for each other. In other words, you provide someone with a secondary server; in return, they provide a secondary server for you. Read the instructions that come with the domain application. The remainder of the form should be easy to fill out. 4.4.1.1 Obtaining an IN-ADDR.ARPA domain When you obtain your Internet domain name, you should also apply for an in-addr.arpa domain. This special domain is sometimes called a reverse domain. Chapter 8 contains more information about how the in-addr.arpa domain is set up and used, but basically the reverse domain maps numeric IP addresses into domain names. This is the reverse of the normal process, which converts domain names to addresses. If your ISP provides your name service or your ISP assigned you an address from a block of its own addresses, you may not need to apply for an in-addr.arpa domain on your own. Check with your ISP before applying. If you do need to get a reverse domain, you can obtain the application from ftp://rs.internic.net/templates/in-addr-template.txt. 4.4.2 Choosing a Hostname Once you have a domain name, you are responsible for assigning hostnames within that domain. You must ensure that hostnames are unique within your domain or subdomain, in the same way that host addresses must be unique within a network or subnet. But there is more to choosing a host name than just making sure the name is unique. Choosing a hostname is a surprisingly emotional issue. Many people feel very strongly about the name of their computer because they identify their computer with themselves or their work. RFC 1178 provides excellent guidelines on how to choose a hostname. Some key suggestions from these guidelines are: Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm (3 of 4) [2001-10-15 09:17:59]
  12. file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm q Use real words that are short, easy to spell, and easy to remember. The point of using hostnames instead of IP addresses is that they are easier to use. If hostnames are difficult to spell and remember, they defeat their own purpose. q Use theme names. For example, all hosts in a group could be named after human movements: fall, jump, hop, skip, walk, run, stagger, wiggle, stumble, trip, limp, lurch, hobble, etc. Theme names are often easier to choose than unrestricted names, and increase the sense of community among network users. q Avoid using project names, personal names, acronyms, numeric names, and technical jargon. Projects and users change over time. If you name a computer after the person who is currently using it or the project it is currently assigned to, you will probably have to rename the computer in the future. Use nicknames to identify the server function of a system, e.g., www, ftp, ns, etc. Nicknames can easily move between systems if the server function moves. See the description of CNAME records in Chapter 8 for information on creating nicknames. The only requirement for a hostname is that it be unique within its domain. But a well-chosen hostname can save future work and make the user happier. Name service is the most basic network service, and it is one service that you will certainly run on your network. There are, however, other services that you should also include in your network planning process. Previous: 4.3 Planning TCP/IP Network Next: 4.5 Other Services Routing Administration 4.3 Planning Routing Book Index 4.5 Other Services [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_04.htm (4 of 4) [2001-10-15 09:17:59]
  13. [Chapter 4] 4.3 Planning Routing Previous: 4.2 Basic Chapter 4 Next: 4.4 Planning Naming Getting Started Information Service 4.3 Planning Routing In Chapter 2, we learned that hosts communicate directly only with other computers connected to the same network. Gateways are needed to communicate with systems on other networks. If the hosts on your network need to communicate with computers on other networks, a route through a gateway must be defined. There are two ways to do this: q Routing can be handled by a static routing table built by the system administrator. Static routing tables are most useful when the number of gateways is limited. Static tables do not dynamically adjust to changing network conditions, so each change in the table is made manually by the network administrator. Complex environments require a more flexible approach to routing than a static routing table provides. q Routing can be handled by a dynamic routing table that responds to changing network conditions. Dynamic routing tables are built by routing protocols. Routing protocols exchange routing information that is used to update the routing table. Dynamic routing is used when there are multiple gateways on a network, and is essential when more than one gateway can reach the same destination. Many networks use a combination of both static and dynamic routing. Some systems on the network use static routing tables, while others run routing protocols and have dynamic tables. While it is often appropriate for hosts to use static routing tables, gateways usually run routing protocols. The network administrator is responsible for deciding what type of routing to use and for choosing the default gateway for each host. Make these decisions before you start to configure your system. Here are a few guidelines to help you plan routing. If you have: A network with no gateways to other TCP/IP networks No special routing configuration is required in this case. The gateways referred to in this discussion are IP routers that interconnect TCP/IP networks. If you are not interconnecting TCP/IP networks, you do not need an IP router. Neither a default gateway nor a routing protocol needs to be specified. A network with a single gateway If you have only one gateway, don't run any routing protocols. Specify the single gateway as Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (1 of 4) [2001-10-15 09:18:00]
  14. [Chapter 4] 4.3 Planning Routing the default gateway in a static routing table. A network with internal gateways to other subnets and a single gateway to the world Here there is a real choice. You can statically specify each subnet route and make the gateway to the world your default route, or you can run a routing protocol. Decide which you want to do based on the effort involved in maintaining a static table versus the slight overhead of running a routing protocol on your hosts and networks. If you have more than a few hosts, running a routing protocol is probably easiest. A network with multiple gateways to the world If you have multiple gateways that can reach the same destination, use a routing protocol. This allows the gateways to adapt to network changes, giving you redundant access to the remote networks. Figure 4.1 shows a subnetted network with five gateways identified as A through E. A central subnet (172.16.1.0) interconnects five other subnets. One of the subnets has a gateway to an external network. The network administrator would probably choose to run a routing protocol on the central subnet (172.16.1.0) and perhaps on subnet 172.16.12.0, which is attached to an external network. Dynamic routing is appropriate on these subnets because they have multiple gateways. Without dynamic routing, the administrator would need to update every one of these gateways manually whenever any change occurred in the network - for example, whenever a new subnet was added. A mistake during the manual update could disrupt network service. Running a routing protocol on these two subnets is simpler and more reliable. Figure 4.1: Routing and subnets Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (2 of 4) [2001-10-15 09:18:00]
  15. [Chapter 4] 4.3 Planning Routing On the other hand, the administrator would probably choose static routing for the other subnets (172.16.3.0, 172.16.6.0, and 172.16.9.0). These subnets each use only one gateway to reach all destinations. Changes external to the subnets, such as the addition of a new subnet, do not change the fact that these three subnets still have only one routing choice. Newly added networks are still reached through the same gateway. The hosts on these subnets specify the subnet's gateway as their default route. In other words, the hosts on subnet 172.16.3.0 specify B as the default gateway, while the hosts on subnet 172.16.9.0 specify D as the default, no matter what happens on the external networks. Some routing decisions are thrust upon you by the external networks to which you connect. In Figure 4.1 the local network connects to an external network that requires that Border Gateway Protocol (BGP) be used for routing. Therefore, gateway E has to run BGP to exchange routes with the external network. 4.3.1 Obtaining an autonomous system number The Border Gateway Protocol (BGP) requires that gateways have a special identifier called an autonomous system number (ASN). (Refer to the section "Internet Routing Architecture" in Chapter 2 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (3 of 4) [2001-10-15 09:18:00]
  16. [Chapter 4] 4.3 Planning Routing for a discussion of autonomous systems.) Most sites do not need to run BGP. Most sites do not need a unique ASN, even when they do run BGP. Usually those sites can select one of the ASNs that have been set aside for private use, which are the numbers from 64512 to 65535. Select a number and coordinate your selection with your border gateway peers to avoid any possible conflicts. If you connect to the Internet through a single ISP, you almost certainly do not need an official ASN. If after discussions with your service provider you find that you must obtain an official ASN, obtain the application form at ftp://rs.internic.net/templates/asn-template.txt. (See the "Internet Registries" sidebar earlier in this chapter.) If you submit an application, you're asked to explain why you need a unique autonomous system number. Unless you are an ISP, probably the only reason to obtain an ASN is that you are a multi- homed site. A multi-homed site is any site that connects to more than one ISP. Reachability information for the site may be advertised by both ISPs, confusing the routing policy. Assigning the site an ASN gives it direct responsibility for setting its own routing policy and advertising its own reachability information. This doesn't prevent the site from advertising bad routes, but it makes the advertisement traceable back to one site and ultimately to one technical contact. (Once you submit an ASN application, you have no one to blame but yourself!) All of the items we have discussed so far (addressing, subnetting, and routing) are required to configure the basic physical network on top of which the applications and services run. Now we begin planning the services that make the network useful and usable. Previous: 4.2 Basic TCP/IP Network Next: 4.4 Planning Naming Information Administration Service 4.2 Basic Information Book Index 4.4 Planning Naming Service [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_03.htm (4 of 4) [2001-10-15 09:18:00]
  17. [Chapter 4] 4.2 Basic Information Previous: 4.1 Connected Chapter 4 Next: 4.3 Planning Routing Getting Started and Non-Connected Networks 4.2 Basic Information Regardless of whether or not your network is connected to the Internet, you must provide certain basic information to configure the physical TCP/IP network interface. As we see in Chapter 6, Configuring the Interface , the network interface needs an IP address and may also need a subnet mask and broadcast address. In this section we look at how the network administrator arrives at each of the required values. 4.2.1 Obtaining an IP Address Every interface on a TCP/IP network must have a unique IP address. If a host is part of the Internet, its IP address must be unique within the entire Internet. If a host's TCP/IP communications are limited to a local network, its IP address only needs to be unique locally. Administrators whose networks will not be connected to the Internet select an address from RFC 1918, Address Allocation for Private Internets, which lists network numbers that are reserved for private use. [2] The private network numbers are: [2] The address (172.16.0.0) used in this book is an address set aside for use by non- connected enterprise networks. Feel free to use this address on your network if it will not be connected to the Internet. q Class A network 10.0.0.0 (10/8 prefix and a 24-bit block of addresses). q Class B networks 172.16.0.0 to 172.31.0.0 (172.16/12 prefix and a 20-bit block of addresses). q Class C network 192.168.0.0 to 192.168.255.0 (192.168/16 prefix and a 16-bit block of addresses). Networks connecting to the Internet must obtain official network addresses. An official address is needed for every system on your network that directly exchanges data with remote Internet hosts. [3] Obtain the address from your ISP. Your ISP has been delegated authority over a group of network addresses, and should be able to assign you a network number. If your local ISP doesn't offer this service, perhaps the ISP's upstream provider does. Ask your local ISP who it receives service from and ask that organization for an address. If all else fails, you may be forced to go directly to an Internet registry. The box Internet Registries provides information about the Internet registry services. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (1 of 8) [2001-10-15 09:18:01]
  18. [Chapter 4] 4.2 Basic Information The form required for registering an address is available at ftp://rs.internic.net/templates/internet- number-template.txt. Use the application as a last resort to obtain an address. [3] Hosts that communicate with the Internet through a firewall or proxy server may not need official addresses. Check your firewall/proxy server documentation. The advantages to choosing a network address from RFC 1918 are that you do not have to apply for an official address and you save address space for those who do need to connect to the Internet. [4] The advantage to obtaining your address from an Internet registry is that you will not have to change your address in the future if you do connect to the Internet. [4] See Chapter 2, Delivering the Data. If you do choose an address from RFC 1918 it is still possible to connect to the Internet without renumbering all of your systems. But it will take some effort. You'll need a network address translation (NAT) box or a proxy server. NAT is available as a separate piece of hardware or as an optional piece of software in some routers and firewalls. It works by converting the source address of datagrams leaving your network from your private address to your official address. Address translation has several advantages. q It conserves IP addresses. Most network connections are between systems on the same enterprise network. Only a small percentage of systems need to connect to the Internet at any one time. Therefore far fewer official IP addresses are needed than the total number of systems on an enterprise network. NAT makes it possible for you to use a large address space from RFC 1918 for configuring your enterprise network while using only a small official address space for Internet connections. q It eliminates address spoofing, a security attack in which a remote system pretends to be a local system. The addresses in RFC 1918 cannot be routed over the Internet. Therefore, even if a datagram is routed off of your network toward the remote system, the fact that the datagram contains an RFC 1918 destination address means that the routers in the Internet will discard the datagram as a martian. [5] [5] A martian is a datagram with an address that is known to be invalid. q It eliminates the need to renumber your hosts when you connect to the Internet. Network address translation also has disadvantages: Cost NAT may add cost for new hardware or optional software. Performance Address translation adds overhead to the processing of every datagram. When the address is Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (2 of 8) [2001-10-15 09:18:01]
  19. [Chapter 4] 4.2 Basic Information changed, the checksum must be recalculated. Furthermore, some upper-layer protocols carry a copy of the IP address that also must be converted. Reliability NAT is a new technology and there is very little experience with it in the network. Routers never modify the addresses in a datagram header, but NAT does. This might introduce some instability. Similarly, no one has much experience in determining how many addresses should be kept in a NAT address pool or how long an address should be held by a connection before it is released back to the pool. Security NAT limits the use of encryption and authentication. Authentication schemes that include the header within the calculation do not work because the router changes the addresses in the header. Encryption does not work if the encrypted data includes the source address. Proxy servers provide many of the same advantages as NAT boxes. In fact, these terms are often used interchangeably. But there are differences. Proxy servers are application gateways originally created as part of firewall systems to improve security. Internal systems connect to the outside world through the proxy server, and external systems respond to the proxy server. Unlike routers, even routers with network address translation, the external systems do not see a network of internal systems. They see only one system - the proxy server. All ftp, telnet, and other connections appear to come from one IP address: the address of the proxy server. Therefore, the difference between NAT boxes and proxy servers is that NAT uses a pool of IP addresses to differentiate the connection between internal and external systems. The true proxy server has only one address and therefore must use protocol numbers and port numbers to differentiate the connections. Internet Registries The original network information center was the SRI NIC, sri-nic.arpa. In 1992 the NIC moved to nic.ddn.mil and became the DDN NIC. Then in April 1993 the registration, directory, and information services it provided for the Internet moved to the new Internet NIC, internic.net. The InterNIC still provides these services but it does not do so alone. Almost every large network has its own network information center. Most of these NICs provide access to all the RFCs, FYIs, and other TCP/IP documentation. A few provide registration services. For the Internet to work properly, IP addresses and domain names must be unique. To guarantee this addressing, authority is carefully delegated. Authority to delegate domains and addresses has been given to the Internet Resource Registries (IRR). Currently these are: RIPE for Europe, APNIC for Asia and the Pacific, CA*net for Canada, RNP for Brazil, and InterNIC for the rest of us. More registries may be created at any time. (See the discussion of generic top-level domains (gTLDs) in Chapter 3, Network Services.) Additionally large groups of addresses have been delegated to ISPs so that they can assign them to their customers. The place to start looking for registry services is your ISP. If it does not provide these services, contact the InterNIC. You can contact the InterNIC at the postal address: Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (3 of 8) [2001-10-15 09:18:01]
  20. [Chapter 4] 4.2 Basic Information Network Solutions InterNIC Registration Services 505 Huntmar Park Drive Herndon, VA 22070 You can also reach the InterNIC via telephone at 703-742-4777 or via fax at 703-742-4811. All of the forms needed to register an address, domain name, or other essential value can be obtained from the InterNIC using either anonymous FTP or a Web browser. Obtain the forms via anonymous FTP from rs.internic.net, where they are stored in the templates directory. Via the Web, connect to the Registration Template Guide at http://rs.internic.net/help/templates.html. It provides links to all of the forms and descriptions of when they are used and how they are filled in. Proxy servers often have added security features. Address translation can be done at the IP layer. Proxy services require the server to handle data up to the application layer. Security filters can be put in proxy servers that filter data at all layers of the protocol stack. Given the differences discussed here, network address translation servers should scale better than proxy servers, and proxy servers should provide better security. Proxy servers are frequently used in place of address translation for small networks. Before you decide to use either NAT or proxy services, make sure they are suitable for your network needs. 4.2.1.1 Assigning host addresses So far we have been discussing network numbers. Our imaginary company's network (nuts-net) was assigned network number 172.16.0.0/16. The network administrator assigns individual host addresses within the range of IP addresses available to the network address; i.e., the nuts-net administrator assigns the last two bytes of the four-byte address. [6] The portion of the address assigned by the administrator cannot have all bits 0 or all bits 1; i.e., 172.16.0.0 and 172.16.255.255 are not valid host addresses. Beyond these two restrictions, you're free to assign host addresses in any way that seems reasonable to you. [6] The range of addresses is called the address space. Network administrators usually assign host addresses in one of two ways: One address at a time Each individual host is assigned an address, perhaps in sequential order, through the address range. Groups of addresses Blocks of addresses are delegated to smaller organizations within the overall organization, which then assign the individual host addresses. Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark. file:///C|/mynapster/Downloads/warez/tcpip/ch04_02.htm (4 of 8) [2001-10-15 09:18:01]
Đồng bộ tài khoản