Ubuntu Unleashed 2017 Edition (2017)

Ports

Most servers on your network have perform more than one task. For example, web servers often have to serve both standard and secure pages. You might also be running an FTP server on the same host. For this reason, applications are provided ports to use to make “direct” connections for specific software services. These ports help TCP/IP distinguish services so that data can get to the correct application. If you check the file /etc/services, you see the common ports and their usage. For example, for FTP, HTTP, and POP3 (email retrieval server), you see the following:

Click here to view code image

ftp 21/tcp
http 80/tcp http # WorldWideWeb HTTP
pop3 110/tcp pop-3 # POP version 3

The ports defined in /etc/services in this example are 21 for FTP, 80 for HTTP, and 110 for POP3. Some other common port assignments are 25 for Simple Mail Transport Protocol (SMTP) and 22 for Secure Shell (SSH)remote login. Note that these ports are not set in stone, and you can set up your server to respond to different ports. For example, although port 22 is listed in /etc/services as a common default for SSH, the sshd server can be configured to listen on a different port by editing its configuration file /etc/ssh/sshd_config. The default setting (commented out with a pound sign, #) looks like this:

#Port 22

Edit the entry to use a different port, making sure to select an unused port number, as follows:

Port 2224

Save your changes, and then restart the sshd server with sudo service ssh restart. Remote users must now access the host through port 2224, which can be done using ssh’s -p (port) option, like this:

Click here to view code image

matthew@seymour:~$ ssh -p 2224 remote_host_name_or_IP

IPv6 Basics

Much of what this chapter discusses is valid regardless of whether you are using IPv4 or IPv6. We start here with a short description of each to lay a foundation for further understanding. As IPv6 receives greater acceptance and use, this understanding should be adequate to help you transition between the two, even if specific issues are not addressed in the chapter. If you missed the “Limits of IPv4 Addressing” note in the earlier “TCP/IP Addressing” section, you should go back and read through it to get started.

IPv4 is based on 32-bit numbering and limits the number of available IP addresses to about 4.1 billion. This and how those addresses were assigned has led to the realization that there are not enough IPv4 addresses available for the number of devices that need IP addresses. This is only one of the problems with IPv4 that was noticed back in the 1990s. Others include large routing tables, which are lists of the routes to particular network destinations, and sometimes the network distances and topography associated with those routes. These tables are stored in routers and networked computers.

To deal with these issues, IPv6 uses 128-bit numbering that can theoretically allow well over 340,282,366,920,938,463,463,374,607,431,768,211,456 IP addresses, which is normally expressed in scientific notation as about 3.4*1038 addresses. That’s about 340 trillion, trillion, trillion addresses, meaning we are unlikely to run out again anytime soon. Gives each computer its own globally routable address. You don’t need NAT in IPv6 to translate IP addresses as packets pass through a routing device, as there are an adequate number of addresses available. We can go back to the easier-to-configure peer-to-peer style of Internet networking originally conceived of and used in the 1980s. Creates routing tables that are much smaller because fewer subroutes need to be generated.

Some other useful features of IPv6 include the following:

Address autoconfiguration (RFC2462)

Anycast addresses (“one-out-of many”)

Mandatory multicast addresses

IPsec (IP security)

Simplified header structure

Mobile IP

IPv6-to-IPv4 transition mechanisms

There are different types of IPv6 addresses. Unicast addresses are the well-known addresses; packets sent to these addresses arrive directly at the interface that belongs to the address. Anycast addresses look the same as unicast addresses, but they actually address a group of interfaces; packets sent to an anycast address arrive at the nearest (in the router metric sense) interface. Anycast addresses may only be used by routers. Finally, multicast addresses identify a group of interfaces; packets sent to a multicast address arrive at all interfaces belonging to the multicast group.

IPv6 addresses are created using eight sets of numbers, like this:

Click here to view code image

F734:0000:0000:0000:3458:79B2:D07B:4620

Each of the eight sections is made of a four-digit number in hexadecimal, which means that each digit can from 0 to 9 or A to F (A=10, B=11, and so on). Hexadecimal is a denser format than binary. In binary, there are only two options, 0 or 1. This means that in hexadecimal, 4 digits can be used to represent 16 binary digits, like this:

Bin 0000000000000000 = Hex 0000 (or just 0)

Bin 1111111111111111 = Hex FFFF

Bin 1101010011011011 = Hex D4DB

So, a 128-bit address written in binary would be very long indeed. This 128-bit address written in binary and separated by dots

Click here to view code image

1111111111111111.1111111111111111.1111111111111111.1111111111111111.111111111111
1111.1111111111111111.1111111111111111.1111

is the same as this 128-bit address, written in hexadecimal and separated by colons:

Click here to view code image

FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

So, understandably, we use the latter hexidecimal format for IPv6 (and the binary format is not used, just in case you were wondering).

Often an address has long substrings of all zeros; the longest and first run of all zero sections is abbreviated as a double colon (“::”). Because :: is variable in length, it can only be used once per address. Leading 0s are also omitted, up to three per section. When this is done, the result is called the canonical form. For example, fe80::1 is the canonical form of fe80:0000:0000:0000:0000:0000:0000:0001 and 2001:db8:b:23c1:49:4592:efe:9982 is the canonical form of 2001:0db8:000b:23c1:0049:4592:0efe:9982.

It is also possible to write the last 32 bits of an IPv6 address using the well-known IPv4 format. For example, 2002::10.0.0.1 corresponds to the long form 2002:0000:0000:0000:0000:0000:0a00:0001, which then can be compressed to the canonical form 2002::a00:1.

As in IPv4, an IPv6 address has sections for the network and for the device. However, an IPv6 address has a dedicated section for subnetting. The following examples use 1s to show the section of the address being described (in binary because that is easier for us humans) and 0s for the rest of the address.

In IPv6, the first 48 bits are for Internet routing (network addressing):

Click here to view code image

1111111111111111.1111111111111111.1111111111111111.0000000000000000. 00000000000
00000.0000000000000000.0000000000000000.0000000000000000

The 16 bits from the 49th to the 54th are for defining subnets:

Click here to view code image

0000000000000000.0000000000000000.0000000000000000.1111111111111111. 00000000000
00000.0000000000000000.0000000000000000.0000000000000000

The last 64 bits are for device (interface) IDs:

Click here to view code image

0000000000000000.0000000000000000.0000000000000000.0000000000000000. 11111111111
11111.1111111111111111.1111111111111111.1111111111111111

It is easier for humans to conceive of these using binary, but to actually use this information you have to convert numbers from binary to hexadecimal. Fortunately, this is easily accomplished on the Web using a quick Google search for “binary to hex” conversion.

Let’s say you want to break your corporate network into 64 subnets. The binary mask just for the subnetting range would be 1111110000000000, which translates to a hex value of FC00. Some IPv6 masking tools work with just this one hex word; otherwise a full 128-bit hex mask would be FFFF:FFFF:FFFF:FC00:0:0:0:0.

Here are some special-use, reserved IPv6 addresses:

::1/128 is the loopback address.

::/128 is the unspecified address.

::IPv4-address/96 are the IPv4-compatible addresses.

The 2001:db8::/32 are the documentation addresses. They are used for documentation purposes such as user manuals, RFCs, and so on.

::/0 is the default unicast route address.

ff00::/8 are multicast addresses.

This section of the book is certain to grow as time passes and IPv6 becomes more commonly used. For now, this introduction is probably all you are likely to need, especially since IPv4 is not going away. This transition is a process of adding IPv6 into existing worldwide networking schemes and system abilities and is neither intended nor likely to completely replace IPv4.

Network Organization

Properly organizing your network addressing process grows more difficult as the size of your network grows. Setting up network addressing for a Class C network with fewer than 254 devices is simple. Setting up addressing for a large, worldwide company with a Class A network and many different users can be extremely complex. If your company has fewer than 254 hosts (meaning any device that requires an IP address, including computers, printers, routers, switches, and other devices) and all your workgroups can share information, a single Class C network is sufficient.

Subnetting

Within Class A and B networks, there can be separate networks called subnets. Subnets are considered part of the host portion of an address for network class definitions. For example, in the 128. Class B network, you can have one computer with an address of 128.10.10.10 and another with an address of 128.10.200.20; these computers are on the same network (128.10.), but they have different subnets (128.10.10. and 128.10.200.). Because of this, communication between the two computers requires either a router or a switch. Subnets can be helpful for separating workgroups within your company.

Often subnets can be used to separate workgroups that have no real need to interact with or to shield from other groups’ information passing among members of a specific workgroup. For example, if your company is large enough to have its own HR department and payroll section, you could put those departments’ hosts on their own subnet and use your router configuration to limit the hosts that can connect to this subnet. This configuration prevents networked workers who are not members of the designated departments from being able to view some of the confidential information the HR and payroll personnel work with.

Subnet use also enables your network to grow beyond 254 hosts and share IP addresses. With proper routing configuration, users might not even know they are on a different subnet from their co-workers. Another common use for subnetting is with networks that cover a wide geographic area. It is not practical for a company with offices in Chicago and London to have both offices on the same subnet, so using a separate subnet for each office is the best solution.

Subnet Masks

Subnet masks are used by TCP/IP to show which part of an IP address is the network portion and which part is the host. Subnet masks are usually referred to as netmasks. For a pure Class A network, the netmask is 255.0.0.0; for a Class B network, the netmask is 255.255.0.0; and for a Class C network, the netmask is 255.255.255.0. You can also use netmasks to deviate from the standard classes.

By using customized netmasks, you can subnet your network to fit your needs. For example, your network has a single Class C address. You have a need to subnet your network. Although this is not possible with a normal Class C subnet mask, you can change the mask to break your network into subnets. By changing the last octet to a number greater than zero, you can break the network into as many subnets as you need.

For more information on how to create customized subnet masks, see Day 6, “The Art of Subnet Masking,” in Sams Teach Yourself TCP/IP Network Administration in 21 Days. That chapter goes into great detail on how to create custom netmasks and explains how to create an addressing cheat sheet for hosts on each subnet. The Linux Network Administrator’s Guide also has good information about how to create subnets at www.tldp.org/LDP/nag2/index.html.

Broadcast, Unicast, and Multicast Addressing

Information can get to systems through three types of addresses: unicast, multicast, and broadcast. Each type of address is used according to the purpose of the information being sent, as explained here:

Unicast—Sends information to one specific host. Unicast addresses are used for Telnet, FTP, SSH, or any other information that needs to be shared in a one-to-one exchange of information. Although it is possible that any host on the subnet/network can see the information being passed, only one host is the intended recipient and will take action on the information being received.

Multicasting—Broadcasts information to groups of computers sharing an application, such as a video conferencing client or online gaming application. All the machines participating in the conference or game require the same information at precisely the same time to be effective.

Broadcasting—Transmits information to all the hosts on a network or subnet. Dynamic Host Configuration Protocol (DHCP) uses broadcast messages when the DHCP client looks for a DHCP server to get its network settings, and Reverse Address Resolution Protocol (RARP) uses broadcast messages for hardware address to IP address resolution. Broadcast messages use .255 in all the host octets of the network IP address. (10.2.255.255 broadcasts to every host in your Class B network.)

Hardware Devices for Networking

As stated at the beginning of this chapter, networking is one of the strong points of the Linux operating system. This section covers the classes of devices used for basic networking. Note that this section talks about hardware devices, and not Linux networking devices, which are discussed in the section “Using Network Configuration Tools.”

Network Interface Cards

A computer must have a network interface card (NIC) to connect to a network. Currently, there are several topologies (ways of connecting computers) for network connections. These topologies range from the old and mostly outdated 10BASE-2 to the much newer and popular wireless WiFi or 802.11 networking.

Each NIC has a unique address (the hardware address, known as Media Access Control [MAC]), which identifies that NIC. This address is six pairs of hexadecimal bits separated by colons (:). A MAC address looks similar to this: 00:60:08:8F:5A:D9. The hardware address is used by DHCP (see the section “Dynamic Host Configuration Protocol,” later in this chapter) to identify a specific host. It is also used by the Address Resolution Protocol (ARP) and Reverse Address Resolution Protocol (RARP) to map hosts to IP addresses.

This section covers some of the different types of NIC used to connect to your network.

Token Ring

Token Ring networking was developed by IBM. As the name implies, the network is set up in a ring. A single “token” is passed from host to host, indicating the receiving host’s permission to transmit data.

Token Ring has a maximum transfer rate of 16Mbps (16 million bits per second). Unlike 10BASE-2 and 10BASE-5, Token Ring uses what is called unshielded twisted pair (UTP) cable. This cable looks a lot like the cable that connects your phone to the wall. Almost all Token Ring NICs are recognized by Linux.

10BASE-T

10BASE-T was the standard for a long time. A large number of networks still use it. 10BASE-T also uses UTP cable. Instead of being configured in a ring, 10BASE-T mostly uses a star architecture. In this architecture, the hosts all connect to a central location (usually a hub, which you learn about later in the “Hubs and Switches” section). All the data is sent to all hosts, but only the destination host takes action on individual packets. 10BASE-T has a transfer rate of 10Mbps.

10BASE-T has a maximum segment length of 100 meters (about 325 feet). There are many manufacturers of 10BASE-T NICs, and most are recognized by Ubuntu.

100BASE-T

100BASE-T was popular around the turn of the millennium, keeping the same ease of administration as 10BASE-T while increasing the speed by a factor of 10. For most networks, the step from 10BASE-T to 100BASE-T is as simple as replacing NICs and hubs. Most 100BASE-T NICs and hubs can also handle 10BASE-T and can automatically detect which is in use. This allows for a gradual network upgrade and usually does not require rewiring your whole network. Nearly every known 100BASE-T NIC and most generic NICs are compatible with Linux. 100BASE-T requires Category 5 UTP cabling.

1000BASE-T

1000BASE-T—usually referred to as Gigabit Ethernet—is the accepted standard in enterprise networking, with most NICs being detected and configured correctly by Ubuntu. Like 100BASE-T NICs, gigabit NICs automatically downgrade if they are plugged in to a slower network. Also like 100BASE-T, gigabit NICs require Category 5 UTP cabling; however, many institutions are now deploying Category 6 cables because they have much longer range and so are often worth the extra cost. You will find that most newer computers are sold with gigabit NICs.

Fiber Optic and Gigabit Ethernet

Fiber optic is more commonly used in newer and high-end installations because the cost of upgrading can be prohibitive for older sites.

Fiber optics were originally used on fiber distributed data interface (FDDI) networks, similar to token ring in structure except that there are two rings (one primary, the other secondary). The primary ring is used exclusively, and the secondary sits idle until there is a break in the primary ring. That is when the secondary ring takes over, keeping the network alive. FDDI has a speed of 100Mbps and has a maximum ring length of 100 kilometers (62 miles). FDDI uses several tokens at the same time that, along with the faster speed of fiber optics, account for the drastic increase in network speed.

As stated, switching to a fiber-optic network can be very costly. To make the upgrade, the whole network has to be rewired, and all NICs must be replaced at the same time. Most FDDI NICs are recognized by Linux.

Fiber-related gigabit that uses fiber-optics is termed 1000BASE-X, whereas 1000BASE-T Gigabit Ethernet uses twisted-pair cabling (see the “Unshielded Twisted Pair” section, later in this chapter).

Wireless Network Interfaces

Wireless networking, as the name states, works without network cables and is an extremely popular option. Upgrading is as easy as replacing network cards and equipment, such as routers and switches. Wireless networking equipment can also work along with the traditional wired networking using existing equipment.

Wireless networking is still generally slower than a traditional wired network. However, this situation is changing with wider adoption of newer protocols.

Network Cable

Currently, three types of network cable are available: coaxial, UTP, and fiber. Coaxial cable looks a lot like the coaxial cable used to connect your television to the cable jack or antenna. UTP looks a lot like the cable that runs from your phone to the wall jack (the jacks are a bit wider). Fiber cable looks sort of like the RCA cables used on your stereo or like the cable used on your electrical appliances in your house (two separate segments connected together). The following sections discuss UTP and fiber network cable in more detail.

Unshielded Twisted Pair

UTP uses color-coded pairs of thin copper wire to transmit data. The six categories of UTP each serve a different purpose:

Category 1 (Cat1)—Used for voice transmissions such as your phone. Only one pair is used per line (one wire to transmit and one to receive). An RJ-11 plug is used to connect the cable to your phone and the wall.

Category 2 (Cat2)—Used in early Token Ring networks. Has a transmission rate of 4Mbps and has the slowest data transfer rate. An RJ-11 plug is also used for cable connections.

Category 3 (Cat3)—Used for 10BASE-T networks. It has a transmission rate of 10Mbps. Three pairs of cables are used to send and receive signals. RJ-11 or RJ-45 plugs can be used for Cat3 cables, usually deferring to the smaller RJ-11. RJ-45 plugs are similar in design to RJ-11, but are larger to handle up to four pairs of wire and are used more commonly on Cat5 cables.

Category 4 (Cat4)—Used in modern Token Ring networks. It has a transmission rate of 16Mbps and is less and less common because companies are switching to better alternatives. RJ-45 plugs are used for cable connections.

Category 5 (Cat5)—The fastest of the UTP categories with a transmission rate of up to 1000Mbps. It is used in both 100BASE-T and 1000BASE-T networks and uses four pairs of wire. Cat5 cable came out just as 10BASE-T networks were becoming popular and isn’t much more expensive than Cat3 cable. As a result, most 10BASE-T networks use Cat5 UTP rather than Cat3. Cat5 cable uses RJ-45 plugs. Cat 5e (which stands for Category 5, enhanced) cable is similar to basic Cat 5, except that it fulfills higher standards of data transmission. While Cat 5 is common in existing cabling systems, Category 5e has almost entirely replaced it in newinstallations. Cat 5e can handle data transfer at 1000 Mbps, is suitable for Gigabit Ethernet, and experiences much lower levels of near-end crosstalk (NEXT) than Cat 5.

Category 6 (Cat6)—Also rated at 1000Mbps, this cable is available in two forms: stranded for short runs (25-meter runs, about 80 feet) and solid for up to 100-meter runs (about 325 feet), but which should not be flexed.

Fiber-Optic Cable

Fiber-optic cable (fiber) is usually orange or red in color. The transmission rate is 100Mbps and has a maximum length of 100 kilometers (62 miles). Fiber uses a two-pronged plug to connect to devices. Fiber provides a couple of advantages because it uses light rather than electricity to transmit its signal: It is free from the possibility of electromagnetic interference, and it is also more difficult to tap into and eavesdrop.

Hubs and Switches

Hubs and switches are used to connect several hosts together on a star architecture network. They can have any number of connections; the common sizes are 4, 8, 16, 24, and 48 connections (ports); each port has a light that comes on when a network connection is made (link light). Their use enables you to expand your network easily; you can just add new hubs or switches when you need to add new connections. Each unit can connect to the other hubs or switches on the network, typically, through a port on the hub or switch called an uplink port. This enables two hubs or switches, connected by their uplink ports, to act as one hub or switch. Having a central location where all the hosts on your network can connect allows for easier troubleshooting of problems. If one host goes down, none of the other hosts are affected (depending on the purpose of the downed host). Because hubs and switches are not directly involved with the Linux operating system, compatibility is not an issue.

If you are constructing a small to midsize network, it is important to consider whether you intend to use either hubs or switches. Hubs and switches are visually the same in that they have rows of network ports. However, under the hood, the difference is quite important. Data is sent as packets of information across the network; with a hub the data is transmitted simultaneously to all the network ports, irrespective of which port the destination computer is attached to.

Switches, however, are more intelligent because they can direct packets of information to the correct network port that leads to the destination computer. They do this by “learning” the MAC addresses of each computer that is attached to them. In short, using switches minimizes excess packets being sent across the network, thus increasing network bandwidth available. In a small network with a handful of computers, the use of hubs might be perfectly acceptable, and you will find that hubs are generally cheaper than switches. However, for larger networks of 15 computers or more, you should consider implementing a switched network.