Network addressing

From LQWiki
Jump to navigation Jump to search

IP Adressing

IPv4 - The current Internet standard

To connect to an IP network, your host (specifically your host's network interface) will need a unique IP address to identify itself as a host on the network. In IPV4, an IP address is a 32-bit number that uniquely identifies your NIC on a network. For ease of readability we divide this 32-bit number into 4 octets with a period (.) separating each one. Each octet has a decimal equivalent of 0-255. A typical IP address then would look something like this: 192.168.5.26.

Assigning IP Address

There are two ways to set the IP address for a NIC. You can do it manually or you can have it set automatically via DHCP. DHCP dynamically assigns IP addresses and other information such as subnet mask, DNS server, and default gateway to hosts upon bootup. Most network routers have DHCP built in and enabled by default. However, for small networks it may be preferable to set the IP address manually.

Subnet Masks

Subnet masks also known as network masks are used to logically split a network into "subnetworks".

When the IP address scheme was originally designed, there were three Network Classes: Class "A", which had 126 networks of 16 million addresses in each network, Class "B" which had about 65,000 networks of 65,534 addresses in each network, and Class "C" networks which were millions of networks of 254 addresses each. You could tell what kind of network you were on by looking at the first byte of the IP address: 1-126 was class A, 128 to 191 was class "B", and 192 to 254 was class "C". (255 was reserved for special purposes).

The problem with this scheme is that it is too inflexible. You might need only 2 addresses on a network. So the subnet mask was invented, to give the network designer more control and flexibility. Simply put, a subnet mask identifies what portion (that is, which bits) of an address form the logical network number (the subnet), and what portion forms the host number on that network. (Note: all hosts/devices on your local network must share the same subnet if you want them to able to communicate, otherwise the use of routing will be necessary.).

So, for example, suppose I need a network with a single machine on it. I need a second IP address on the default router for that network. I also will need an IP address for multicasting. So I can use a subnet mask of 255.255.255.252. If my IP address is 216.39.145.57, then the network part of my IP address is 216.39.145.56 and the host part of the address is 0.0.0.1. To see how this is done, work in binary.

address 216.39.145.57    11011000.00011011.10010001.00111001   
mask    255.255.255.252  11111111.11111111.11111111.11111100 
result  216.39.145.56    11011000.00011011.10010001.00111000 

My address is 216.39.145.57, the default router or gateway is at 216.39.145.58, and 216.39.145.59 is reserved for multicasting.

Working with strings of bits, e.g. 11111111.11111111.11111111.11111100, is awkward for humans. Working with dotted quads,e.g. 255.255.255.252 is also frequently awkward. So sometimes a network is refered to by its network portion, a slash, and the number of bits in the netmask, e.g. 216.39.145.56/30.

See also: Subnet mask and Network Class

Connecting to the Internet

An IP address must be unique to your computer, so that others wishing to exchange data with you can know how to route the data. This becomes a problem once you connect your machine to the Internet, normally resolved by the IANA (Internet Assigned Numbers Authority). Unless you want to go through the application process at IANA, you get an IP address (or range of addresses) from your ISP. An ISP will often assign IP addresses dynamically, giving your computer whichever unique IP address is available from a range it has been assigned. This means your IP address could constantly change; this is not always a problem, but if your machine offers public services, it needs to have a static IP address (or else you get into dynamic DNS issues). To have a static IP address, you must ask your ISP to provide you with one. (Buying a range of IP addresses can be expensive.)

Private IP Space

To overcome this there are 3 ranges of address space which have been reserved for private use, and thus are non-routable (they cannot be sent across the internet -- a router will refuse to forward packets addressed to these). These are:

   IP - 10.0.0.0 - 10.255.255.255      Subnet - 255.0.0.0 
   IP - 172.16.0.0 - 172.31.255.255    Subnet - 255.255.0.0 
   IP - 192.168.0.0 - 192.168.255.255  Subnet - 255.255.255.0

Connecting Multiple Machines

Since these addresses (sometimes referred to as "private addresses") cannot not be routed to the global Internet, you might ask "so how will I connect my hosts with private addresses to the Internet?". This is achieved through some tricks:

  • Router with Network Address Translation (NAT) and Port Address Translation (PAT). For outgoing packets, NAT will take a private IP address from the internal LAN and replace it with a public one provided by your ISP. At the same time, it makes a note of this replacement, so that when a return packet arrives, it can undo the replacement and forward the return packet to the correct recipient. This process works for all exchanges that are initiated from behind the NAT portal, but will not work for an transaction initiated from the public Internet. PAT handles this case by accepting incoming traffic on a particular port, and translating the IP address to a pre-configured private address; the corresponding machine must be set up to handle traffic for that port.
  • Proxy server - This is a machine on your network which accepts requests for internet access from the private LAN then masquerades as that machine to the external network.

Configuring Linux Host

To set up a Linux machine on a network, you may use the network configuration program that comes with your Linux distribution (see below), or can do it "by hand". If you do the network configuration "by hand", then you must first be familiar with how Linux references your network interface card (NIC). Each NIC on a Linux machine is labeled "ethN" where N is and a number, by default the first being 0. Therefore if you have only one NIC on your machine it will most likely be labeled eth0. To see a list of settings for your network card use the ifconfig command (normally you must be root to run this command).

The IP address can be configured on the command line using ifconfig, the example below configures the device eth0 with IP address 192.168.1.1[1] and a subnet mask of 255.255.255.0:

   ifconfig eth0 192.168.1.1 netmask 255.255.255.0

To have the address dynamically assigned by a DHCP server on your network with hostname and domain name assigned also:

   dhcpd -HD eth0

These settings will only apply until your next reboot, different distributions have various ways of permanently configuring a computer's NIC.

On some distributions, network configuration information is stored in the /etc/sysconfig directory. On a SuSE system for instance, you will find the network configuration settings in the ifcfg-eth0 file in this directory. This file contains a list of tuples, or key=value pairs, that tell Linux how to configure the eth0 interface. There are many options that can be set in this file but the following example gives the minimal list of required settings:

  BOOTPROTO='static'
  STARTMODE='onboot'
  BROADCAST='192.168.5.255'
  IPADDR='192.168.5.178'
  NETMASK='255.255.255.0'
  NETWORK='192.168.5.0'

In order for changes in this file to take effect, you must restart your interface. You can do this by using the ifdown and ifup commands. So if I have made changes to the eth0 interface I would do the following to restart that interface:

  ifdown eth0
  ifup eth0

Again, you need to be root to do this.

For a small private network you should use a private address as defined above

Many people use "1" (e.g.192.168.1.1) as the final octet for their router or gateway. Look at the following example of IP addresses on some made-up LAN. All netmasks should be 255.255.255.0:

  Router: 192.168.1.1 
  Server 1: 192.168.1.10
  Server 2: 192.168.1.11
  Print server 1: 192.168.1.50
  Print server 2: 192.168.1.51
  PC 1: 192.168.1.100
  PC 2: 192.168.1.101
  PC 3: 192.168.1.102
  DHCP Range: 192.168.1.150-200

This gives a general make up that should help define a structured and maintainable network.

Distribution network configuration programs

Your distribution probably has a network setup program or programs which make this much easier, and will cover probably 95% of the configurations you will have to do (if it doesn't, then presumably you are sufficiently expert not to need such a program!).

RedHat Fedora Core

For example, Redhat Fedora Core 4 has four network configuration programs:

  • /usr/bin/system-config-network-druid (requires X-windows)
  • /usr/bin/system-config-network (requires X-windows)
  • /usr/bin/system-config-network-cmd (This is probably best for scripting network configurations)
  • /usr/sbin/netconfig (best for command line editing - uses VT-100 style graphics)

See also