>

Networks and the Internet

Network layering; The physical network connection; Ethernet; Wireless LANs; The reference network;

In this part of the book we'll look at the fastest-growing part of the industry: networks, and in particular the Internet.

The industry has seen many different kinds of network software:

  • Years ago, the CCITT started a group of recommendations for individual protocols. The CCITT is now called the ITU-T, and its data communications recommendations have not been wildly successful The best known is probably recommendation X.25, which still has a large following in some parts of the world. An X.25 package was available for FreeBSD, but it died for lack of love. If you need it, you'll need to invest a lot of work to get it running.
  • IBM introduced their Systems Network Architecture, SNA, decades ago. It's still going strong in IBM shops. FreeBSD has minimal support for it in the Token Ring package being developed in FreeBSD-CURRENT.
  • Early UNIX machines had a primitive kind of networking called UUCP, for UNIX to UNIX Copy. It ran over dialup phone lines or dedicated serial connections. System V still calls this system Basic Networking Utilities, or BNU. Despite its primitiveness, and despite the Internet, there are still some applications where UUCP makes sense, but this book discusses it no further.
  • The Internet Protocols were developed by the US Defense Advanced Research Projects Agency (DARPA) for its ARPANET network. The software was originally developed in the early 80s by BBN and the CSRG at the University of California at Berkeley. The first widespread release was with the 4.2BSD operating systemthe granddaddy of FreeBSD. After the introduction of IP, the ARPANET gradually changed its name to Internet.

The Internet Protocol is usually abbreviated to IP. People often refer to it as TCP/IP, which stands for Transmission Control Protocol/Intemet Protocol. In fact, TCP is just one of many other protocols that run on top of IP. In this book, I refer to the IP protocol, but of course FreeBSD includes TCP and all the other standard protocols. The IP implementation supplied with FreeBSD is the most mature technology you can find anywhere, at any price.

In this part of the book, we'll look only at the Internet Protocols. Thanks to its background, FreeBSD is a particularly powerful contender in this area, and we'll go into a lot of detail about how to set up and operate networks and network services. In the chapters following, we'll look at:

  • How the Internet works, which we'll look at in the rest of this chapter.
  • How to set up local network connections in Chapter 17, Configuring the local network.
  • How to select an Internet Service Provider in Chapter 18, Connecting to the Internet.
  • How to use the hardware in Chapter 19, Serial communications.
  • How to use PPP in Chapter 20, Configuring PPP.
  • How to set up domain name services in Chapter 21, The Domain Name Service.
  • How to protect yourself from intruders in Chapter 22, Fire walls, IP aliasing and proxies. This chapter also describes proxy servers and Network Address Translation.
  • How to solve network problems in Chapter 23, Network debugging.
  • Most network services come in pairs, a client that requests the service, and a server that provides it. In Chapter 24, Basic network access: clients we'll look at the client side of the World Wide Web ("web browser"), command execution over the net, including ssh and telnet, copying files across the network, and mounting remote file systems with NFS.
  • In Chapter 25, Basic network access: servers we'll look at the server end of the same services. In addition, we'll look at Samba, a server for Microsoft's Common Internet File System, or CIFS.
  • Electronic mail is so important that we dedicate two chapters to it, Chapter 26, Electronic mail: clients and Chapter 27, Electronic mail: servers.

The rest of this chapter looks at the theoretical background of the Internet Protocols and Ethernet. You can set up networking without understanding any of it, as long as you and your hardware don't make any mistakes. This is the approach most commercial systems take. It's rather like crossing a lake on a set of stepping stones, blindfolded. In this book, I take a different approach: in the following discussion, you'll be inside with the action, not on the outside looking in through a window. It might seem unusual at first, but once you get used to it, you'll

G. Lehey

find it much less frustrating.

Network layering

One of the problems with networks is that they can be looked at from a number ol different levels. End-users of PCs access the World Wide Web (WWW), and often enough they call it the Internet. That's just plain wrong. At the other end of the scale is the Link Layer, the viewpoint you'll take when you first create a connection to another machine.

Years ago, the International Standards Organization came up with the idea of a seven-layered model of networks, often called the SI reference model Why OSI and not ISO? OSI stands for Open Systems Interconnect. Since its introduction, it has become clear that it doesn't map very well to modem networks. W. Richard Stevens presents a better layering in TCP/IP Illustrated, Volume 1, page 6, shown here in Figure 16-1.

Application layer

Transport layer

Network layer

Link layer

. 16.1. Four-layer network model

We'll look at these layers from the bottom up:

  • The Link layer is responsible for the lowest level of communication, between machines that are physically connected. The most common kinds of connection are Ethernet and telephone lines. This is the only layer associated with hardware.
  • The Network layer is responsible for communication between machines that are not physically connected. For this to function, the data must pass

G. Lehey FreeBSD Operating System

through other machines that are not directly interested in the data. This function is called routing. We'll look at how it works in Chapter 17.

  • The Transport Layer is responsible for communication between any two processes, regardless of the machines on which they run.
  • The Application Layer defines the format used by specific applications, such as email or the Web.

The link layer

Data on the Internet is split up into packets, also called datagrams, which can be transmitted independently of each other. The link layer is responsible for getting packets between two systems that are connected to each other. The most trivial case is a point-to-point network, a physical connection where any data sent down the line arrives at the other end. More generally, though, multiple systems are connected to the network, as in an Ethernet. This causes a problem: how does each system know what is intended for it?

IP solves this problem by including a packet header in each IP packet. Consider the header something like the information you write on the outside of a letter envelope: address to send to, return address, delivery instructions. In the case of IP, the addresses are 32-bit digits that are conventionally represented in dotted decimal notation: the value of each byte is converted into decimal The four values are written separated by dots. Thus the hexadecimal address 0xdf932501 would normally be represented as 223.147.37.1.

UNIX uses the notation Ox in a number to represent a hexadecimal number. The usage comes from the C programming language.

As we will see in Chapter 23, it makes debugging much easier if we understand the structure of the datagrams, so I'll show some of the more common ones in this chapter. Figure 16-2 shows the structure of an IP header.

  • 0
  • 31
  • 0
  • 4
  • 8
  • 12
  • 16

Version

IP Header length

Type of service

Total length in bytes

idcntifi cation

ihgs

fragment offset

Time to live

Protocol

Header Checksum

Source IP address

Destination IP address

. 16.2. IP Header

We'll only look at some of these fields; for the rest, see TCP/IP Illustrated, Volume 1.

  • The Version field specifies the current version of IP. This is currently 4. A newer standard is IPv6, Version number 6, which is currently in an early implementation stage. IPv6 headers are very different from those shown here.
  • The time to live field specifies how many times the packet may be passed from one system to another. Each time it is passed to another system, this value is decremented. If it reaches 0, the packet is discarded. This prevents packets from circulating in the net for ever as the result of a routing loop.
  • The protocol specifies the kind of the packet. The most common protocols are TCP and UDP, which we'll look at in the section on the network layer.
  • Finally come the source address, the address of the sender, and the destination address, the address of the recipient.

The network layer

The main purpose of the network layer is to ensure that packets get delivered to the correct recipient when it is not directly connected to the sender. This function is usually called routing.

Imagine routing to be similar to a postal system: if you want to send a letter to somebody you don't see often, you put the letter in a letter box. The people or machines who handle the letter look at the address and either deliver it personally

G. Lehey FreeBSD Operating System

or forward it to somebody else who is closer to the recipient, until finally somebody delivers it.

Have you ever received a letter that has been posted months ago? Did you wonder where they hid it all that time? Chances are it's been sent round in circles a couple of times. That's what can happen in the Internet if the routing information is incorrect, and that's why all packets have a time to live field. If it can't deliver a packet, the Internet Protocol simply drops (forgets about) it. You may find parallels to physical mail here, too.

It's not usually acceptable to lose data. We'll see how we avoid doing so in the next section.

The transport layer

The transport layer is responsible for end-to-end communication. The IP address just identifies the interface to which the data is sent. What happens when it gets there? There could be a large number of processes using the link. The IP header doesn't contain sufficient information to deliver messages to specific users within a system, so two additional protocols have been implemented to handle the details of communications between "end users." These end users connect to the network via ports, or communication end points, within individual machines.

TCP

The Transmission Control Protocol, or TCP, is a so-called reliable protocol: it ensures that data gets to its destination, and if it doesn't, it sends another copy. If it can't get through after a large number of tries (14 tries and nearly 10 minutes), it gives up, but it doesn't pretend the data got through. To perform this service, TCP is also connection oriented: before you can send data with TCP, you must establish a connection, which is conceptually similar to opening a file.

To implement this protocol, TCP packets include a TCP header after the IP header, as shown in Figure 16-3. This figure ignores the possible options that follow the IP header. The offset of the TCP header, shown here as 20, is really specified by the value of the IP

G. Lehey FreeBSD Operating System

Header length field in the first byte of the packet. This is only a 4 bit field, so it is counted in words of 32 bits: for a 20 byte header, it has the value 5.

31

Version

IP Header length

Type of service

Total length in bytes

identify cation

fags

fragment offset

Time to live

Protocol

Header Checksum

Source IP address

Destination IP address

source port

destination port

sequence number

acknowledgment number

TCP Header length

reserved

fags

window size

TCP checksum

urgent pointer

. 16.3. TCP Header with IP header

A number of fields are of interest when debugging network connections:

  • The sequence number is the byte offset of the last byte that has been sent to the other side.
  • The acknowledgment number is the byte offset of the last byte that has received from the other side.
  • The window size is the number of bytes that can be sent before an acknowledgment is required.

These three values are used to ensure efficient and reliable transmission of data. For each connection, TCP maintains a copy of the highest acknowledgment number received from the other side and a copy of all data that the other side has not acknowledged receiving. It does not send more than window size bytes of data beyond this value. If it does not receive an acknowledgment of transmitted data within a predetermined time, usually one second, it sends all the unacknowledged data again and again at increasingly large intervals. If it can't

G. Lehey FreeBSD Operating System

transmit the data after about ten minutes, it gives up and closes the connection.

UDP

The User Datagram Protocol, or UDP, Is different: it's an unreliable protocol It sends data out and never cares whether it gets to its destination or not. So why do we use it if it's unreliable? Its faster, and thus cheaper. Consider it a junk mail delivery agent: who cares if you get this week's AOL junk CD-ROM or not? There will be another one in next week's mail Since it doesn't need to reply, UDP is connectionless: you can just send a message off with UDP without worrying about establishing a connection first. For example, the rwhod daemon broadcasts summary information about a system on the LAN every few minutes. In the unlikely event that a message gets lost, it's not serious: another one will come soon.

0 31

Version

IP Header length

Type of service

Total length in byles

identifi cation

digs

fragment offset

Time to live

Protocol

Header Checksum

Source IP address

Destination IP address

source port

destination port

sequence number

checksum

. 16.4. UDP Header with IP header

Port assignment and Internet services

A port is simply a 16 bit number assigned to specific processes and which represents the source and destination end points of a specific connection. A process can either request to be connected to a specific port, or the system can assign one that is not in use.

RFC 1700 defines a number of well-known ports that are used to request specific services from a machine. On a UNIX machine, these are provided by daemons that listen on this port number- another words, when a message comes in on this port number, the IP software passes it to them, and they process it. These ports are defined in the file /etc/services. Here's an excerpt:

# Network services, Internet style

#

# WELL KNOWN PORT NUMBERS #File Transfer [Control]

#

ftp 21/tcp

ssh 22/tcp

ssh 22/udp

telnet 23/tcp

smtp 25/tcp mail smtp 25/udp mail domain 53/tcp domain 53/udp

#Secure Shell Login

#Secure Shell Login

#Simple Mail Transfer

#Simple Mail Transfer

#Domain Name Server #DomainName Server

http 80/tcp www www-http #World Wide Web HU P

http 80/udp www www-http #World Wide Web HUP

This file has a relatively simple format: the first column is a service name, and the second column contains the port number and the name of the service (either tcp or udp). Optionally, alternative names for the service may follow. In this example, smtp may also be called mail, and http may also be called www.

When the system starts up, it starts specific daemons. For example, if you're running mail, you may start up sendmail as a daemon. Any mail requests coming in on port 25 (smtp) will then be routed to sendmail for processing.

Network connections

You can identify a TCP connection uniquely by five parameters:

  • The source IP address.
  • The source port number. These two parameters are needed so that the other end of the connection can send replies back.
  • The destination IP address.
  • The destination port number.
  • The protocol (TCP).

When you set up a connection, you specify the destination IP address and port number, and implicitly also the protocol Your system supplies the source IP address; that's obvious enough. But where does the source port number come from? The system literally picks one out of a hat; it chooses an unused port number somewhere above the "magic" value 102 4. You can look at this information with netstat: $ netstat

Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 presto.smtp 203.130.236.50.1825 ESTABLISHED

tcp4 0 0 presto.3312 andante.ssh ESTABLISHED

tcp4 0 0 presto.2593 hub.freebsd.org.ssh ESTABLISHED

tcp4 0 0 presto.smtp www.auug.org.au.3691 ESTABLISHED

As you can see, this is the view on a system called presto. We'll see presto again in our sample network below. Normally you'll see a lot more connections here. For each connection, the protocol is tcp4 (TCP on IPv4). The first line shows a connection to the port smtp on presto from port 182 5 on a machine with the IP address 203.130.236.50.

netstat shows the IP address in this case because the machine in question does not have reverse DNS mapping. This machine is sending a mail message to presto. The second and third lines show outgoing connections from presto to port s sh on the systems andante and hub.freebsd.org. The last is another incoming mail message from : http://www.auug.org.au. Graphically, you could display the connection between presto and : http://www.auug.org.au like this:

. 16.5.

Note that the port number for smtp is 25.

For various reasons, it's not always possible to connect directly in this manner:

  • The Internet standards define a number of IP address blocks as non-routable. In these cases, we'll have to translate at least the IP addresses to establish connection. This technique is accordingly called Network Address Translation or NAT, and we'll look at it in Chapter 22, on page 393.
  • For security reasons, it may not be advisable to make direct connections to servers via the Internet. Instead, the only access may be via an encrypted session on a different port. This technique is called tunneling, and we'll look at it in Chapter 24, on page 424.

The physical network connection

The most obvious thing about your network connection is what it looks like. It usually involves some kind of cable going out of your computer^, but there the similarity ends. FreeBSD supports most modern network interfaces:

  • The most popular choice for Local Area Networks is Ethernet, which transfers data between a number of computers at speeds of 10 Mb/s, 100 Mb/s or 1000 Mb/s (1 Gb/s). We'll look at it in the following section.
  • An increasingly popular alternative to Ethernet is wireless networking, specifically local networks based on the IEEE 802.11 standard. We'll look at them on page 291.
  • FDDI stands for Fiber Distributed Data Interface, and was originally run over glass fibres. In contrast to Ethernet, it ran at 100 Mb/s instead of 10 Mb/s. Nowadays Ethernet runs at 100 Mb/s as well, and FDDI runs over copper wire, so the biggest difference is the protocol FreeBSD does support FDDI, but we won't look at it here.
  • Token Ring is yet another variety of LAN, introduced by IBM. It has never been very popular in the UNIX world. FreeBSD does have some support for it, but it's a little patchy, and we won't look at it in this book.
  • Probably the most common connection to a Wide-Area Network is via a telephone with a modem or with DSL. Modems have the advantage that you can also use them for non-IP connections such as UUCP and direct dial up (see page 338), but they're much slower than DSL. If you use a modem to connect to the Internet, you'll almost certainly use the Point to Point Protocol PPP, which we look at on page 339. In some obscure cases you may need to use the Serial Line Internet Protocol, SLIP, but it's really obsolete.
  • An alternative to ADSL or modem lines is cable networking, which uses TV

G. Lehey FreeBSD Operating System

cable services to supply Internet connectivity. In many ways, it looks like Ethernet.

  • In some areas, Integrated Services Digital Networks (ISDNs) are an attractive alternative to modems. They are much faster than modems, both in call setup time and in data transmission capability, and they are also much more reliable. FreeBSD includes the isdn4bsd package, which was developed in Germany and allows the direct connection of low-cost German ISDN boards to FreeBSD. In other parts of the world, ISDN is not cost effective, and it's also much slower than ADSL and cable.
  • In some parts of the world, satellite links are of interest. In most cases, they are unidirectional: they transfer data from the Internet to your system (the down link) and require some other connection to get data back to the Internet (the uplink).
  • If you have a large Internet requirement, you may find it suitable to connect to the Internet via a Leased Line, a telephone line that is permanently connected. This is a relatively expensive option, of course, and we won't discuss it here, particularly as the options vary gready from country to country and from region to region.

The decision on which WAN connection you use depends primarily on the system you are connecting to, in many cases an Internet Service Provider or ISP. We'll look at ISPs in Chapter 18.

Ethernet

In the early 1970s, the Xerox Company chartered a group of researchers at its Palo Alto Research Center (PARC ) to brainstorm the Office of the Future. This innovative group created the mouse, the window interface metaphor and an integrated, object-oriented programming environment called Smalltalk. In addition, a young MIT engineer in the group named Bob Metcalfe came up with the concept that is the basis of modem local area networking, the Ethernet. The Ethernet protocol is a low-level broadcast packet-delivery system that employed the revolutionary idea that it was easier to resend packets that didn't arrive than it was to make sure all packets arrived. There are other network hardware systems out there, IBM's Token Ring architecture and Fiber Channel, for example, but by far the most popular is the Ethernet system in its various hardware incarnations. Ethernet is by far the most common local area network medium. There are three types:

  • 1. Originally, Ethernet ran at 10 Mb/s over a single thick coaxial cable, usually bright yellow in colour. This kind of Ethernet is often referred to as thick Ethernet, also called 10B5, and the line interface is called .AUI You may also hear the term yellow string (for tying computers together), though this term is not limited to thick Ethernet. Thick Ethernet is now obsolete: it is expensive, difficult to lay, and relatively unreliable. It requires 50 ohm resistors at each end of the cable to transmit signals correcdy. If you leave these out, you won't get degraded performance: the network Will Not Work at al
  • 2. As the name suggests, thin Ethernet is thin coaxial cable, and otherwise quite like thick Ethernet. It is significantiy cheaper (thus the term Cheapernet), and the only disadvantage over thick Ethernet is that the cables can't be quite as long. The cable is called RG58, and the cable connectors are called BNC. Both terms are frequently used to refer to this kind of connection, as is 10 Base 2. You'll still see thin Ethernet around, but since it's effectively obsolete. Performance is poor, and it's no cheaper than 100 Mb/s Ethernet. Like thick Ethernet, all machines are connected by a single cable with terminators at each end.
  • 3. Modem Ethernets run at up to 1000 Mb/s over multi-pair cables called UTP, for Unshielded Twisted Pair. Twisted pair means that each pair ol wires are twisted to minimize external electrical influenceafter all, the frequencies on a 1000 Mb/s Ethernet are way up in the UHF range. Unlike coaxial connections, where all machines are connected to a single cable, UTP connects individual machines to a hub or a switch, a box that distributes the signals. We'll discuss the difference between a hub and a switch on page 288. You'll also hear the terms lOBaseTP, lOOBaseTP and lOOOBaseTP

Compared to coaxial Ethernet, UTP cables are much cheaper, and they are more reliable. If you damage or disconnect a coaxial cable, the whole network goes down. If you damage a UTP cable, you only lose the one machine connected to it. On the down side, UTP requires switches or hubs, which cost money, though the price has decreased to the point where it's cheaper to buy a cheap switch and UTP cables rather than the RG58 cable alone. UTP systems employ a star architecture rather than the string ol coaxial stations with terminators. You can connect many switches together simply by reversing the connections at one end of a switch-to-switch link. In addition, UTP is the only medium currently available that supports 100 Mb/s Ethernet.

G. Lehey FreeBSD Operating System

How Ethernet works

A large number of systems can be connected to a single Ethernet. Each system has a 48 bit address, the so-called Ethernet address. Ethernet addresses are usually written in bytes separated by colons (:), for example 0:aO:2 4:3 7:Od: 2b. All data sent over the Ethernet contains two addresses: the Ethernet address of the sender and the Ethernet address of the receiver. Normally, each system responds only to messages sent to it or to a special broadcast address.

You'll also frequently hear the term MAC address. MAC stands for Media Access Control and thus means the address used to access the network link layer. For Ethernets I prefer to use the more exact term Ethernet address.

The fact that multiple machines are on the same network gives rise to a problem: obviously only one system can transmit at anyone time, or the data will be garbled. But how do you synchronize the systems? In traditional Ethernets, the answer is simple, but possibly surprising: trial and error. Before any interface transmits, it checks that the network is idlen. In the Ethernet specification, this is called Carrier Sense. Unfortunately, this isn't enough: two systems might start sending at the same time. To solve this problem, while it sends, each system checks that it can still recognize what it is sending. If it can't, it assumes that another system has started sending at the same time this is called a collision. When a collision occurs, both systems stop sending, wait a random amount of time, and try again. You'H see this method referred to as CSMA/CD (Carrier Sense Multiple Access/Collision Detect).

There are a number of problems with this approach:

  • The interface needs to listen while sending, so it can't receive anything while it's sending: it's running in half-duplex mode. If it could send and receive at the same time (full-duplex mode), the network throughput could be doubled.
  • The more active the network, the more likely collisions will be. This slows things down too, sometimes to a point where the network hardly transmits any traffic.
  • The more systems on the network, the less bandwidth is available for each system.

With the point-to-point connections on a UTP-based network, you would think it would be possible to change some of this. After all, the connections look pretty much like the same wire that joins two modems to get her, and modems don't have collisions, and they do run in full-duplex mode. The problem is the hub: if you send a packet out to a hub, it doesn't know which connector to send it down, so it sends it down all of them, thus imitating the old Ethernet. To send it just to the destination, it would need to analyze the Ethernet address in every packet and know where to send it.

This is what a switch does: it learns the Ethernet addresses of each interface on the network and uses this information to send packets to only the line to which that interface is connected. There could be more than one if switches are cascaded. This also means that the line can run in full-duplex mode.

Nowadays the price differential between switches and hubs is very small; go into a computer market and you'll see that the prices overlap. If at all possible, buy a switch.

Transmitting Internet data across an Ethernet has another problem. Ethernet evolved independently of the Internet standards. As a result, Ethernets can cany different kinds of traffic. In particular, Microsoft uses a protocol called NetBIOS, and Novell uses a protocol called ZPX. In addition, Internet addresses are only 32 bits, and it would be impossible to map them to Ethernet addresses even if they were the same length. The result? You guessed it, another header. Figure 16-6 shows an Ethernet packet canying an IP datagram.

Finding Ethernet addresses

So we send messages to Ethernet interfaces by setting the correct Ethernet address in the header. But how do we find the Ethernet address? AH our IP packets use IP addresses. And it's not a good solution to just statically assign Ethernet addresses to IP addresses: first, there would be problems if an interface board or an IP address was changed, and secondly multiple boards can have the same IP address.

Upper destination address

Rest of destination address

Upper source address

Rest of source address

Frame type

Version

IP Header length

Type of sen'ice

Total length in bytes

identili cation

ftgs

fragment offset

Time to live

Protocol

Header Checksum

Source IP address

Destination IP address

source port

destination port

sequence number

acknowledgment number

TCP Header length

reserved

ftgs

window size

TCP checksum

urgent pointer

Data

. 16.6. Ethernet frame with TCP datagram

The chosen solution is the Address Resolution Protocol, usually called ARP. ARP sends out a message on the Ethernet broadcast address saying effectively "Who has IP address 223.147.37.1? Tell me your Ethernet address." The message is sent on the broadcast address, so each system on the net receives it. In each machine, the ARP protocol checks the specified IP address with the IP address ol the interface that received the packet. If they match, the machine replies with the message 'I am IP 223.147.37.1, my Ethernet address is 00:aO:24:37:Od:2b"

G. Lehey

What systems are on that Ethernet?

Multiple systems can be accessed via an Ethernet, so there must be some means for a system to determine which other systems are present on the network. There might be a lot of them, several hundred for example. You could keep a list, but the system has to determine the interface for every single packet, and a list that long would slow things down. The preferred method is to specify a range of IP addresses that can be reached via a specific interface. The computer works in binary, so one of the easiest functions to perform is a logical and. As a result, you specify the range by a network mask: the system considers all addresses in which a specific set of bits have a particular value to be reachable via the interface. The specific set of bits is called the interface address.

For example, let's look forward to the reference network on page 294 and consider the local network, which has the network address 223.147.37.0 and the netmask 255.255.255.0. The value 2 55 means that every bit in the byte is set. The logical and function says "if a specific bit is set in both operands, set the result bit to 1; otherwise set it to 0." Figure 16-7 shows how the system creates a network address from the IP address 223.147.37.5 and the net mask 255.255.255.0.

1-1J

11111

EE

1

EE

lolloll()lllol1l

|o|o[o[o|o|o|o|o|

|o|o[o|o|o|o|o[o|

IP address

Net mask

Nel address

. 16.7. Netmask

The result is the same as the IP address for the first three bytes, but the last byte is 0:223.147.37.0.

This may seem unnecessarily complicated. An easier way to look at it is to say that the 1 bits of the net mask describe which part of the address is the network part, and the 0 bits describe which part represents hosts on the network.

Theoretically you could choose your network mask bits at random. In practice, it's clear that it makes more sense to make network masks a sequence of binary 1

G. Lehey FreeBSD Operating System

bits followed by a sequence of binary 0 bits. It has become typical to abbreviate the network mask to the number of 1 bits. Thus the network mask 255.255.255.0, with 24 bits set and 8 bits not set, is abbreviated to /24 .The / character is always part of the abbreviation.

Address classes

When the Internet Protocols were first introduced, they included the concept of a default netmask. These categories of address were called address classes. The following classes are defined in RFC 1375:

16.1. Address classes

Class

Address range

Network mask

Network address bits

Host address bits

Number of systems

A

0-127

255.0.0.0

/8

24

16777216

128-191

255.255.0.0

/16

16

65536

C

192-207

255.255.255.0

/24

8

256

F

208-215

255.255.255.240

/28

4

16

G

216-219

(reserved)

H

220-221

255.255.255.248

/29

3

8

222-223

255.255.255.254

/31

1

2

D

224-239

(multicast)

E

240-255

(reserved)

This method is no longer used for specifying net masks, though the software still defaults to these values, but it is used for allocating networks. In addition you will frequently hear the term Class C network to refer to a network with 25 6 addresses in the range 192-22 3. This usage goes back to before RFC 1375.

Unroutable addresses

On occasion you may want to have addresses which are not visible on the global Internet, either for security reasons or because you want to run Network Address Translation (see page 393). RFC 1918 provides for three address ranges that

G. Lehey FreeBSD Operating System

should not be routed: 10.0.0.0/8 (with last address 10.255.255.255), 172.16.0.0/12 (with last address 172.31.255.255), and 192.168.0.0/16 (with last address 192.168.255.255).

Wireless LANs

An obvious problem with Ethernet is that you need a cable. As more and more machines are installed, the cabling can become a nightmare. It's particularly inconvenient for laptops: the network cable restricts where you can use the machine.

Wireless network cards have been around for some time, but in the last few years they have become particularly popular. Modem cards are built around the IEEE 802.11 series of standards.

The 802 series of standards cover almost all networking devices; don't let the number 802 suggest wireless networking. Ethernet is 802.3, for example.

They are usually PCMCIA (PC Card) cards, though some PCI cards are also available. Currendy you're liable to come across the following kinds of cards:

  • 802.11 FHSS (Frequency Hopping Spread Spectrum)cards, which run at up to 2 Mb/s. These are now obsolete, but FreeBSD still supports the WebGear Aviator card with the ray driver.
  • 802.11 DSSS (Discrete Sequence Spread Spectrum)cards, which also run at up to 2 Mb/s. These are also obsolete.
  • 802.11b DSSS cards, which run at up to 11 Mb/s. They can interoperate with the slower 802.11 DSSS cards, but not with FHSS cards.
  • 802.11a cards, which run at 54 Mb/s. They use a modulation called Orthogonal Frequency Division Multiplexing or OFDM, and run in the 5 GHz band. They are not compatible with older cards. At the time of writing, they have not achieved significant market penetration. FreeBSD does not support them yet, though that may have changed by the time you read this.
  • 802.11g cards are the newest. Like 802.11a, they which run at 54 Mb/s, and they're not supported. Again, that may have changed by the time you read this. Like 802.11b, they run in the 2.4 GHz band.

Most current cards are 802.11b and run at up to 11 Mb/s. We'll concentrate on them in the rest of this section. They operate in the 2.4 GHz band, which is shared with a number of other services, including some portable telephones and microwave ovens. This kind of portable telephone can completely disrupt a wireless network. Interference and range are serious issues: wireless networks are generally not as reliable as wired networks.

Wireless cards can operate in up to three different modes:

Normally, they interoperate with an access point, also called a base station. The base station is normally connected to an external network, so it also doubles as a gateway. Unlike Ethernets, however, all traffic in the network goes via the base station. This arrangement is called a Basic Service Set or BSS.

Networks can have multiple base stations which are usually interconnected via a wired Ethernet. If the machine with the wireless card moves around, the base stations negotiate with the machine to decide which base station handles the card. In this manner, the machines can cover large distances without losing network connection. This arrangement is called an Extended Basic Service Set or EBSS.

This mode of operation, with or without an EBSS, is called managed mode, infrastructure mode or BSS mode.

  • In smaller networks, the cards can interact directiy. This mode of operation is called peer-to-peer mode, ad-hoc mode or IBSS mode (for Independent Basic Service Set).
  • Finally, some cards support a method called Lucent demo ad-hoc mode, which some BSD implementations used to call ad-hoc mode. But it's not the same as the previous method, and though the principle is the same, they can't interoperate. This mode is not standardized, and there are significant interoperability issues with it, so even if it's available you should use IBSS mode.

How wireless networks coexist

Wireless networks have a number of issues that don't affect Ethernets. In

G. Lehey FreeBSD Operating System

particular, multiple networks can share the same geographical space. In most large cities you'll find that practically the entire area is shared by multiple networks. This raises a number of issues:

Theres only so much bandwidth available. As the number of networks increase, the throughput drops.

There's no complete solution to this problem, but it's made a little easier by the availability of multiple operating frequencies. Depending on the country, 802.11b cards can have between 11 and 14 frequency channels. Il your area has a lot of traffic on the frequency you're using, you may be able to solve the problem by moving to another frequency. That doesn't mean that this many networks can coexist in the same space: as the name spread spectrum indicates, the signal wanders off to either side of the base frequency, and in practice you can use only three or four distinct channels.

  • Cards on a given network need to have a way to identify each other. 802.11 solves this issue by requiring a network identification, called a Service Set Identifier or SSID. All networks have an SSID, though frequently base stations will accept connections from cards that supply a blank SSID. SSIDs don't offer any improvement in security: their only purpose is identifying the network.
  • Cards on a given network need to protect themselves against snooping by people who don't belong to the network. The 802.11 standard offers a partial solution to this issue by optionally encrypting the packets. We'll look at this issue below.

Encryption

As mentioned above, security is a big issue in wireless networks. The encryption provided is called Wired Equivalent Privacy or WEP, and it's not very good. Everybody connecting to the network needs to know the WEP key, so if anybody loses permission to access the network (for example, when changing jobs), the WEP keys need to be changed, which is a serious administrative problem In some cases it's completely impractical: if you want to access a wireless network in an airport or a coffee shop (where they're becoming more and more common), it's not practical to use a WEP key. In fact, nearly all such public access networks don't use encryption at all

G. Lehey FreeBSD Operating System

As if that weren't bad enough, the WEP algorithm is flawed. Depending on the circumstances, it can take less than 10 minutes to crack it. Don't trust it.

So how do you protect yourself? The best solution is, of course, don't use wireless networks for confidential work. If you have to use a wireless network, make sure that anything confidential is encrypted end-to-end, for example with an ssh tunnel, which we'H look at on page 424.

The reference network

One of the problems in talking about networks is that there are so many different kinds of network connection. To simplify things, this book bases on one of the most frequent environments: a number of computers connected together by an Ethernet LAN with a single gate way to the Internet. Figure 16-8 shows the layout of the network to which we will refer in the rest of this book.

802,11 b wireless net

Reference network

. 16.8. Reference network

This figure contains a lot of information, which we will examine in detail in the course of the text:

  • The boxes in the top row represent the systems in the local network example.org: freebie, presto, bumble, and wait.
  • The line underneath is the local Ethernet. The network has the address 223.147.37.0. It has a frill 256 addresses ("Class C"), so the network mask is255.255.255.0.
  • The machines on this Ethernet belong to the domain example. org.

G. Lehey FreeBSD Operating System

Thus, the full name of bumble is bumble.example.org. We'll look at these names in Chapter 21.

  • The connections from the systems to the Ethernet are identified by two values: on the left is the interface name, and on the right the address associated with the interface name.
  • Further down the diagram is the router, gw. It has two interfaces: dcO interfaces to the Ethernet, and tunO interfaces to the PPP line to the ISP. Each interface has a different addresses.
  • The lower half of the diagram shows part of the ISP's network. It also has an Ethernet, and its router looks very much like our own. On the other hand, it interfaces to a third network via the machine igw. To judge by the name of the interface, it is a FDDI connectionsee page 285 for more details.
  • The ISP runs a name server on the machine ns, address 139.130.237.3.
  • The ends of the Ethernets are thickened. This represents the terminators required at the end of a coaxial Ethernet. We talked about them on page 287. In fact this network is a 100 Mb/s switched network, but they are still conventionally represented in this form You can think of the Ethernets as the switches that control each network.
  • presto has a wireless access point connected to it. The diagram shows one laptop, andante, connected via a NAT interface.

In practice, these end users are processes

2) Maybe it won't. For example, you might use wireless Ethernet, which broadcasts in the microwave radio spectrum.

G. Lehey FreeBSD Operating System

 
       >