4. Networking

4.1. Linux networking

  • Overview of network protocols and TCP/IP in Linux.

  • Network configuration in Linux.

  • Netplan on Ubuntu servers.

  • Network settings in Red Hat.

  • Network applications and services.

  • Network calculation with ipcalc


4.2. Computers on the intertnet

  • Network communication allows sending information, transfering files, and managing applications remotely between computers.

  • Networks are organized in a series of layers implemented on each machine.

  • The layers are independent and each layer offers a specific task to the neighboring layers above and below.

  • The communication between the layers is based on defined rules and procedures, called protocols.

  • Data is processed and passed through the layers from above to below, until the bottom layer is reached.

  • At the bottom layer, computers communicate with each other via sending and receiving network datagrams through - cables, switches and routers.


4.3. TCP/IP 5 layer protocol suit

Each layer has its own task:

TCP/IP Protocol Layer

Tasks

5. Application Layer: ssh, ftp, http …

Data segmentation by the application into Message Transfer Unit (MTU) segments. Typical MTU is 1.5 Kbyte

4. Transport Layer: TCP, UDP, ports

Connection management, quality, and ports to the applications

3. Internet Layer: IP addresses, subnets, routing

Addressing: each computer has a unique address on its network or subnet. Routing between networks.

2. Link Layer: Ethernet

Communication on the local network (subnet) through a switch. Media Access Card (MAC) address unique on the subnet. For example, 48:d2:4f:f4:d:fb, should be unique within a subnet. Address Resolution Protocol (ARP) matches the IP address to MAC on the subnet.

1. Physical Layer: NIC, hubs, switches, routers, cabling, wifi APs and cards

Electronic devices to send and receive signals between computers.


4.4. OSI 7 layer Network Stack Model

TCP/IP Protocol Layer

Task

7. Application Layer: ssh, ftp, http …

Data segmentation by the application into Message Transfer Unit (MTU) segments. Typical MTU is 1.5 Kbyte

6. Presentation Layer: SSL, libz, XDR

Data encryption, compression, and encoding/decoding

5. Session Layer: Remote Procedure Call (RPC)

Responsible for opening, using and closing sessions. Remote procedures.


4.5. TCP/IP and Kernel

The Link, Internet and Transport layers are implemented through kernel.


4.6. Packet Encapsulation

Data is processed in form of packet encapsulation and transmitted/received in form of Ethernet frames.


4.7. Hosts communication via TCP/IP


4.8. Wired connection checkup (Exercise)

  • To see whether your desktop is connected to a network switch and at what speed, use command ethtool.

  • On your desktop, install package ethtool:

apt install ethtool
  • See your network interfaces with command ifconfig or ip a:

/sbin/ifconfig -a

or

ip a

The main network interface, connected to the Ethernet, is enp0s3. Run command below:

/sbin/ethtool enp0s3

In the output, among various parameters, it doesn’t show Speed and Duplex because the desktop is a VM in VDI.

  • Speed: Unknown!

  • Duplex: Unknown!

  • Link detected: yes

If the desktop was installed on a bare metal hardware, we would see something like below:

  • Speed: 1000Mb/s,

  • Duplex: Full,

  • Link detected: yes

Which means the cable is connected and the link speed is 1Gb/s speed, full duplex mode.


4.9. Network IP configuration

  • Static configuration

    • IP address, gateway, and Dynamic Name Service (DNS) are configured on the host.

  • Dynamic Host Configuration Protocol (DHCP)

    • The settings are obtained from a DHCP server.


4.10. Environment for IP configuration on Ubuntu and RedHat

ifupdown scripts

Network Manager service

Netplan networkd service Meaning

Old Debian/Ubuntu:

Ubuntu desktop, Debian:

Ubuntu server:

File: /etc/network/interfaces

Commands: nmtui, nmcli

File:/etc/netplan/00-installer-config.yaml

RedHat:

RedHat:

Command: netplan apply

File: /etc/sysconfig/network-scripts/ifcfg-ens3

File: /etc/sysconfig/network-scripts/ifcfg-ens3

Command:ifup ens3

Command: ifup ens3


4.11. Deploy a new VM for exercises

Shutdown kvm1 VM, and clone it into netplan VM:

virsh shutdown kvm1
virt-clone  -o kvm1 -n netplan -f /home/hostadm/KVM/netplan.qcow2

Start netplan. Login to console of netplan:

virsh console netplan

Fix the hostname in file /etc/hostname.

Reset the machine ID by running the following script on netplan:

./vm_id_reset.sh

Execute command reboot on netplan:

reboot

4.12. Configuring network settings on Ubuntu server with Netplan (Exercises)

On netplan VM check the IP address settings by running command below:

ip addr

Assign IP address 192.168.122.222 by modifying the content of /etc/netplan/00-installer-config.yaml as follows:


network: 
  version: 2
  renderer: networkd
  ethernets:
   enp1s0:
     dhcp4: no
     addresses: [192.168.122.222/24]
     gateway4: 192.168.122.1
     nameservers:
       addresses: [192.168.122.1]
   

Have the settings applied:

netplan apply

Check the IP address again:

ip addr

It should show 192.168.122.222 for ens3 interface now.

See the gateway settings by running command

ip route show

It should show the “default via 192.168.122.1”


4.13. Clone rocky8 VM (Exercises)

Make sure rocky8 is down:

virsh list
virsh stop rocky8

Clone rocky8 into new VM rocky:

virt-clone -o rocky8 -n rocky -f /home/hostadm/KVM/rocky.qcow2

Start the VM:

virsh start rocky

Connect to the cnsole:

virsh console rocky

Login to the system, and change the hostname in file /etc/hostname.

Reset the machine ID:

rm -f /etc/machine-id
rm /var/lib/dbus/machine-id
dbus-uuidgen --ensure=/etc/machine-id
dbus-uuidgen --ensure

Reboot the VM.


4.14. Network configurations on a Red Hat server (Exercises)

Start rocky VMs:

virsh start rocky

Login to console of rocky:

virsh console rocky

Execute command ip address show to read the IP address:

ip addr show ens3

Try pinging netplan by its IP address, for example:

ping -c 3 192.168.122.222

Become root on rocky VM

sudo -s

Install the network scripts:

dnf install network-scripts

Static IP configuration on rocky VMs.

On rocky, edit file /etc/sysconfig/network-scripts/ifcfg-ens3 and put the following settings for the static IP configuration there:

DEVICE=ens3
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.122.126
NETMASK=255.255.255.0
GATEWAY=192.168.122.1

Apply the network settings:

ifdown ens3
ifup ens3

Ping netplan by the IP address:

ping -c 3 192.168.122.222

Restore the interface settings to DHCP on rocky VMs. On rocky, edit file /etc/sysconfig/network-scripts/ifcfg-ens3 and put the following settings for DHCP configuration:

NETWORKING=yes 
DEVICE=ens3 
TYPE=Ethernet 
ONBOOT=yes 
BOOTPROTO=dhcp

Reset the network settings:

ifdown ens3
ifup ens3

Verify the network settings:

ifconfig ens3

The interface should acquire some IP address on 192.168.122.0 network.


4.15. Internet Control Message Protocol (ICMP) protocol (Exercises)

Implemented on hosts and gateways (routers) for:

Reporting the status of datagram processing. Diagnostics of connection and routing. Reporting errors in the processing of a datagram.

Example: ping

Exercise: command ping.

ping -c 5 capone.rutgers.edu
ping -c 5 engsoft.rutgers.edu
ping -c 5 google.com

If the systems respond, it means they are reachable on the network. Notice how varies the round-trip time and Time to Live (ttl) for packets between the hosts.

Example: traceroute

Time to leave (TTL) decrement. The TTL value of an IP packet represents the maximum number of IP routers that the packet can go through before being thrown away. You can expect each router in the Internet to decrement the TTL field by exactly one. The default TTL for traceroute on Linux is 30. It can be increased up to 255 maximum by using the -m command option.

Exercise: command traceroute.

sudo apt install traceroute
sudo /usr/sbin/traceroute -I capone.rutgers.edu
sudo /usr/sbin/traceroute -I engsoft.rutgers.edu
sudo /usr/sbin/traceroute -I google.com

This shows you all the gateways between the subnets your packet travels towards the destination. Notice the difference in the number of gateways between your desktop and the three remote hosts as well as the round trip times.


4.16. Network services (Exercises)

Make sure virtual machine netplan is running

virsh list

Figure out the IP address of netplan:

virsh domifaddr netplan

Place the IP address and netplan host name into file /etc/hosts on your desktop. netplan IP is 192.168.122.222

nano /etc/hosts

Make entry in the file: 192.168.122.222   netplan

ssh to netplan as user hostadm:

ssh hostadm@netplan

Configure SSH for private/public key authentication. For SSH authentication, you can use either RSA or DSA public/private keys besides password. We’ll be using RSA in the exercises below. To generate an RSA key pair, type the following command at a shell prompt on your desktop:

ssh-keygen -t rsa

Accept the default file location of ~/.ssh/id_rsa. Enter a passphrase different from your account password and confirm it by entering it again. The public key is written to ~/.ssh/id_rsa.pub. The private key is written to ~/.ssh/id_rsa. Never distribute your private key to anyone. The contents of ~/.ssh/id_rsa.pub needs to be delivered onto the remote machine to which you want to connect, specifically netplan, into file ~/.ssh/authorized_keys To accomplish the transfer task, here you can use sftp service that comes with ssh.

sftp  netplan
Name (netplan:hostadm): hostadm
sftp> cd .ssh
sftp> lcd .ssh
sftp> put id_rsa.pub authorized_keys
sftp>  quit

Command cd in the sftp> shell above is for stepping into the directory, .ssh, on the remote host, netplan. Command lcd is for stepping into the directory, .ssh, on the local desktop.

Now try to ssh to netplan. You should be prompted to enter your passphrase.

The ssh-agent can be used to store your passphrase so that you do not have to enter it each time you make a ssh or scp connection. At a shell prompt on the desktop, type the following command:

exec /usr/bin/ssh-agent $SHELL

Then type the command:

ssh-add

and enter your passphrase(s). If you have more than one key pair configured, you will be prompted for each one. When you log out, your passphrase(s) will be forgotten. You must execute these two commands each time you log in to a virtual console or open a terminal window.

Run a remote command over ssh, for example:

ssh netplan "uname -a"

Copy files from your desktop to netplan and vise versa using scp command:

scp netplan:/etc/hosts .
touch somef.txt
scp somef.txt netplan:/home/$USER

Syncronizing directories between remote hosts by using rsync. This tool lets you copy files and directories between a local host and a remote host. Install rsync on both your desktop and netplan:

apt-get install rsync

Creat a directory tree and copy it over to netplan with rsync command.

mkdir -p dir1/dir2/dir3
rsync  -avz dir1 netplan:/home/$USER

Option a stands for archive (preserve links and timestamps); v is for verbose and z is for data compression when sending-receiving.


4.17. Send/receive data with netcat (Exercises)

Netcat is a very useful tool to connect to any TCP and UDP port on a remote host, and send/receive data.

Start both, netplan and rocky VMs:

virsh start netplan
virsh start rocky

Login to console of netplan:

virsh console netplan

Bring up another command prompt on the desktop and login to rocky

virsh console rocky

On each VM, execute command ip addr show to read the IP address:

ip addr show ens3

Become root on both the VMs

sudo -s

Step

On Ubuntu (server)

On rocky

1.

Install netcat: apt-get install netcat

dnf install nmap-ncat

2.

Start netcat as a server, listening on port UDP/8080:

Connect to UDP/8080 port on netplan, 192.168.122.222:

netcat -l -u 8080

ncat 192.168.122.222 -u 8080

3.

When the session is over, type Ctrl-C to stop the netcat server.

Start typing text. Hit ENTER key. The text should appear on the both terminals. Press Ctrl+D to close the UDP connection.

4.

Start the server on TCP/8080 to write into a file, outputfile.txt

Send file /etc/hosts to TCP/8080 on netplan VM via netcat

netcat -l 8080 > outputfile.txt

ncat 192.168.122.222  8080 < /etc/hosts

5.

After the file is received, the connection closes itself. Check the content of the file:

less outputfile.txt


4.18. Subnets and routing

Example: Host A can communicate with both the hosts - B and C. Hosts B and C can’t communicate with each other. What is the problem?
Answer: the routing (gateway) is not defined on Host B.

4.19. Network calculation, gateway and routing

  • Computers connected to the same switch are on the same network/subnet and communicate with each other directly through the switch.

  • For computers located on the different networks/subnets, gateway/router is needed.

  • To define the local subnet, netmask is used.

  • Subnet mask defines the network and the host parts of the IP address

Network address = Host address (logical AND) Netmask:

Address

Decimal/Hexadecimal

Binary

IP address

192.168.5.10

11000000 10010100 00000101 00001010

Netmask

255.255.255.0

11111111 11111111 11111111 00000000

Network address

192.168.5.0

11000000 10010100 00000101 00000000

  • The network address is the smallest address on the network:

11000000 10010100 00000101 00000000 = 192.168.5.0

  • The broadcast address is the largest address on the network:

11000000 10010100 00000101 11111111 = 192.168.5.255

  • Max number of hosts on the subnet: 254 = 256 - 2 The gateway address should be on the same subnet with the host


4.20. IP calculator exercises

Network IP calculations with ipcalc On the desktop, install ipcalc by using APT:

apt-get install ipcalc

Run ipcalc for network address 192.168.5.0 with subnet mask 255.255.255.0.

ipcalc 192.168.5.0/255.255.255.0

See the output for Address, Netmask, Network, HostMin, HostMax, Broadcast, Hosts/Net. Notice the same results for the same network and the different representation of the netmask:

ipcalc 192.168.5.0/24
ipcalc 192.168.5.0/11111111.11111111.11111111.00000000

Notice the same results for Netmask, Network, HostMin, HostMax, Broadcast, Hosts/Net if using the different IP addresses within the same network in ipcalc, for example:

ipcalc 192.168.5.15/24
ipcalc 192.168.5.34/24

Run ipcalc for subnets (networks) 192.168.5.0/25 and 192.168.5.128/25:

ipcalc 192.168.5.0/25
ipcalc 192.168.5.128/25

Notice the values for HostMin and HostMax in both the cases. By looking at the ranges [HostMin, HostMax], you can see, for example, that IP address 192.168.5.5 belongs to the first subnet and 192.168.5.250 to the second. You can verify that by running ipcalc on the IP addresses above and then comparing the Network values:

ipcalc 192.168.5.5/25
ipcalc 192.168.5.250/25

4.21. tcpdump command to see the traffic on NIC (Exercises)

When you need to see all the network traffic on a network card, you can run the command for the network interface. It helps to identify the subnet your system is connected to, and see all the active traffic.

On netplan VM, install tcpdump:

apt install tcpdump

Run command tcpdump on the ethernet interface:

tcpdump -v -n -i enp1s0

On rocky VM, start pingin the IP address of netplan VM:

ping 192.168.122.222

See the output in tcpdump on netplan VM. It should show some traffic related to echo request and reply from rocky VM:

    192.168.122.126 > 192.168.122.222: ICMP echo request ...
    192.168.122.222 > 192.168.122.126: ICMP echo reply ...