Configuring Networking in Linux and IPv6
IFN507 Lecture 11
1
Outline
Networking in Linux
IPv4 Static Addressing
IPv4 DHCP Addressing
IPv4 Routing
Samba
IPv6
Delegation and Distribution of Addresses
Current State of IPv4
NAT
IPv6 Features
The IPv6 Transition
2
网络在Linux中
IPv4静态寻址
IPv4 DHCP寻址
IPv4路由
Samba
IPv6
地址的授权和分配
IPv4的当前状态
NAT
IPv6的特性
IPv6过渡
2
Configuring Static IPv4 Addresses
3
Configuring a Network Interface
The lshw –class network command
To view the driver modules and associated aliases for network interfaces
On legacy Linux systems, such as Ubuntu 14,
The 1st wired Ethernet network interface -> eth0
The 2nd wired Ethernet network interface -> eth1
The 1st wireless Ethernet network interface -> wlan0
The 2nd wireless Ethernet network interface -> wlan1执行lshw -class network命令
查询网络接口的驱动模块和别名
在传统的Linux系统上,比如Ubuntu 14,
第一个有线以太网网络接口—> eth0
第二个有线以太网接口-> eth1
第一个无线以太网网络接口-> wlan0
第二无线以太网网络接口-> wlan1
4
4
Configuring a Network Interface continued…
The ifconfig command:
To assign an IP configuration to a network interface, and
To view the configuration of all network interfaces
It has been deprecated and is not by default on most of the new Linux distributions.
ifconfig命令:
为网络接口分配IP配置,并且
查看所有网络接口的配置信息
它已经被弃用了,并且在大多数新的Linux发行版中不是默认的。
5
5
Configuring a Network Interface – cont.
The ip command
A new and recommended alternative for network configuration, e.g.
sudo ip address add 192.168.1.1/24 dev enp0s3
6
6
Configuring a Network Interface continued…
Using Predictable Network Interface Names
Most modern Linux systems that use Systemd provides a more descriptive name – new naming scheme for network interfaces
2 character prefixes based on the type of interface:
en – ethernet
wl — wlan
Names incorporating physical/geographical location of the connector of the hardware (example: enp0s3)
enp0s3: the wired Ethernet network interface on PCI bus 00 slot 03
使用可预测的网络接口名称
大多数使用Systemd的现代Linux系统提供了一个更具描述性的名称——网络接口的新命名方案
基于接口类型的字符前缀:en – Ethernet wl – wlan
enp0s3: PCI总线00插槽03上的有线以太网网络接口
7
7
Configuring a Network Interface continued…
Commands for displaying network interface information:
The lspci command
To display the information about PCI buses
The lshw command, e.g. lshw –class network
To display the network interface aliases
The ethtool command, e.g. ethtool –i enp0s3
To display detailed information for network hardware
显示网络接口信息的命令。
lspci命令
显示PCI总线信息
lshw命令,例如lshw -class network
显示网络接口别名
ethtool命令,例如:ethtool -i enp0s3 . exe
显示网络硬件的详细信息
8
8
Configuring a Network Interface continued…
IP can be configured in a number of ways:
Dynamic IP allocation by a DHCP server
Static configuration manually
Configuring IP addressing temporarily
The ip command
Configuring Static IP addressing permanently (at every boot)
Edit /etc/network/interfaces file (prior to Ubuntu 18.04)
Use netplan command (Ubuntu 18.04 onwards)
9
IP可以通过多种方式配置:
DHCP服务器动态分配IP地址
静态配置手动
临时配置IP地址
ip命令
永久配置静态IP地址(在每次引导时)
编辑/etc/network/interfaces文件(Ubuntu 18.04之前)
使用netplan命令(Ubuntu 18.04以后)
9
Configure network interfaces – the ip command
Description Command
Configure/view IP addressing ip address
Configure/view static routes ip route
Bring the interface down ready for configuring a network interface sudo ip link set enp0s3 down
Assign an IP address to an interface ip address [ add | del ] address dev interface
sudo ip address add 192.168.1.1/24 dev enp0s3
Bring the interface up sudo ip link set enp0s3 up
Verify the configuration result, or check on the IP addressing has been configured ip address [ls|show] enp0s3
10
10
Steps to configure a network interface with ip
To view the interface status by typing:
ip address
To bring down the interface enp0s8 ready for configuration:
sudo ip link set enp0s8 down
To assign an IP address to enp0s8:
sudo ip address add 192.168.1.1/24 dev enp0s8
To view bring up the interface
sudo ip link set enp0s8 up
11
11
Configuring a network interface with netplan
Use the existing default configuration file
/etc/netplan/50-cloud-init.yaml configuration.
sudo nano /etc/netplan/50-cloud-init.yaml
Apply the configuration to the system
sudo netplan apply
View the change
ip address
More on netplan configuration examples
https://netplan.io/examples/
Obtain the IP address from the DHCP server
If the system cannot find the DHCP server, it will keep processing not halt the system
Note: Beware of mixing spaces and tabs for the indentation can cause errors. Use a consistent indentation for spacing.
Assign the static IP address and netmask
12
12
Configuring a Network Interface continued…
Network utility: used to configure IP on network interfaces
NetworkManager: daemon used to simplify the switching and management of networks
Often used on Linux distributions that have a GUI environment
Systemd-networkd that provides the same functionality
13
13
NetworkManager with nmcli
The nmcli command
A command-line tool for controlling NetworkManager
To control and display network device status
14
14
DHCP Configuration
15
15
DHCP
Dynamic Host Configuration Protocol (DHCP): used for automatically configuring a network interface
DHCP sends a DHCP broadcast on the network
Requesting IP configuration information
DHCP server leases IP addresses to client computers for a period of time
Ensures each client has a unique IP address
16
16
The DHCP Lease Process
Involves 4 stages
Client sends a request to all hosts on network
In reply, a DHCP server sends an offer containing potential IP configuration
Client selects (accepts) offer
DHCP server sends acknowledgement indicating the amount of time client can use IP configuration
Client configures itself with IP configuration
DHCP
Client
DHCP
server
DHCPDISCOVER
DHCPOFFER
DHCPREQUEST
DHCPACK
Request
Request
Selection
Acknowledgment
17
17
DHCP release renewal process
When 50% of the lease time has elapsed, the computer attempts to renew the lease from the same DHCP server that originally responded.
The DHCP client will send another DHCPREQUEST packet to its DHCP server to renew its IP configuration
If no response, the computer waits until the lease reaches 87.5%, a DHCP renewal request is sent again to all hosts on the network
After the lease is up, the DHCP client discards its IP configuration obtained from the DHCP server and automatically configures the network interface with Automatic Private IP Addressing (APIPA), i.e. 169.254.x.x where .x.x is a randomly generated host ID
18
18
Installation of the DHCP daemon
To configure a Linux system as a DHCP server install the DHCP daemon
Available from online software repositories
Most common DHCP daemons
DHCP daemon (dhcpd)
BusyBox DHCP daemon (udhcpd)
To install the dhcpd server
Make sure this virtual machine can access the Internet.
sudo apt install isc-dhcp-server
To configure the DHCP server
Open dhcpd.conf with a text editor
nano /etc/dhcp/dhcpd.conf
19
19
Configure the DHCP server
Most Linux systems, including Ubuntu Server 18, use the dhcpd daemon to provide for DHCP functionality on the network
Apply the changes by running
sudo systemctl restart isc-dhcp-server.service
default-lease-time 600;
max-lease-time 7200;
authoritative
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
option routers 192.168.1.1
}
20
20
Creating Fixed IP addresses
To assign a static address to a machine using the DHCP server,
The MAC address of the machine is required
The IP address must not be in the DHCP range.
host webserver {
hardware ethernet 00:0c:29:c0:a0:19;
fixed-address 192.168.1.200;
}
21
21
IPv4 Routing
22
22
Software-based Routing
Route table: a list of IP networks stored in system memory
The route command: displays the route table
Multihomed hosts: computers with multiple network interfaces
IP forwarding: forwarding packets from one interface to another
Also called routing
23
23
Enable IP forwarding with sysctl
Description Command
view the current status of IP forwarding sysctl net.ipv4.ip_forward
Enable ip forwarding sudo sysctl net.ipv4.ip_forward=1
Enable ip forwarding at every boot edit /etc/sysctl.conf
net.ipv4.ip_forward=1
24
24
Configure routing
Description Command
View routes ip route show
Add a default route ip route add default via 192.168.1.1 or
ip route add 0.0.0.0/0 via 192.168.1.1
Add a route via the next hop ip route add 192.168.0.0/24 via 192.168.1.1
Add a route via its exit interface ip route add 192.168.0.0/24 dev enp0s3
Delete a route
ip route delete 192.168.0.0/24 via 192.168.1.1
25
25
Samba
26
26
File-sharing services
There are many file sharing services available on Linux systems
Each is tailored for a specific purpose and has a different configuration method
The most common include:
Samba (SMB)
Network file system (NFS)
FTP
27
27
Samba
Server Message Blocks (SMB) protocol
A network file sharing protocol
Samba daemon: emulates SMB protocol
Share information with Windows client computers
NetBIOS name daemon: to create and advertise NetBIOS name for Windows computers to connect to Linux server
28
28
Installing Samba
To install Samba
sudo apt update
sudo apt install samba
To check if the installation was successful
whereis samba
29
29
Configuring Samba
To create a directory for sharing
mkdir /home/sambashare/
To configure the main configuration file
sudo nano /etc/samba/smb.conf
at the bottom of the file, add
To restart samba for it to take effect:
sudo service smbd restart
[sambashare]
comment = samba on ubuntu
path = /home/username/sambashare
read only = no
browsable = yes
30
30
Configuring Samba
Create a local Linux user for each Windows user
useradd
passwd
Create a samba password using the smbpasswd command:
smbpasswd –a
Don’t forget to replace
31
31
Connecting to Samba
Connecting to sambashare
On samba client (GUI): open up the default file manager and click to server:
32
32
Connecting to Samba from a Linux client
Run the smbclient –L
smbclient –L cab440-server-1/sambashare
33
33
IPv6
34
Distribution of Addresses
35
35
Addressing
The Internet Assigned Numbers Authority (IANA)
IANA delegates 5 regional Internet registries (RIRs)
RIRs allocate address blocks to Local Internet Registries / National Internet registry
Source from Wikipedia
36
36
Five RIRs
African Network Information Centre (AfriNIC) Africa
American Registry for Internet Numbers (ARIN) US, Canada, several parts of the Caribbean region, and Antarctica
Asia-Pacific Network Information Centre (APNIC) Asia, Australia, New Zealand, and neighboring countries
Latin America and Caribbean Network Information Centre (LACNIC) Latin America and parts of the Caribbean region
Réseaux IP Européens Network Coordination Centre (RIPE NCC) Europe, Russia, the Middle East, and Central Asia
37
37
Hierarchy of addressing Scheme
Internet Assigned Numbers Authority (IANA)
Regional Internet Registry (RIR)
Local Internet Registry (LIR)
38
38
The Current State of IPv4
39
39
The Current State of IPv4 Allocation
IANA has no more IPv4 addresses left
The last /8 block was used in January 2011
All RIRs have exhausted supply too
APNIC – April 2011
LACNIC – June 2014
ARIN – September 2015
AfriNIC – April 2017
RIPE – November 2019
RIRs still allocate recovered addresses
ISPs have pools of addresses and can recycle addresses that are no longer required by customers
40
40
Causes of Address Depletion
Mobile Devices
Always-on connections
Proliferation of Internet Access
Wasteful address practices
41
The necessity of a new version of IP
IPv4 address space – 32 bits
4.3 billion IP addresses
nearly two addresses per person
The last five /8s were handed out from IANA to the RIRs on February 3, 2011
No address space, the Internet growth is limited!
2
32
42
42
Stopgap Arrangements
Private addressing
NAT
Reclamation of addresses
Restrictions and controls
Virtual hosting
43
NAT
Network Address Translation
44
44
NAT
NAT enables private IP networks that use private IP addresses to connect to the Internet.
Private IP addresses (i.e. non-routable addresses)
Class A: 10.0.0.0—10.255.255.255
Class B: 172.16.0.0—172.31.255.255
Class C: 192.168.0.0—192.168.255.255
NAT operates on a router, usually connecting two networks, and translates the private addresses from the internal network addresses into public addresses, before packets are forwarded to the external network.
45
45
NAT continued…
All traffic leaving the LAN appears as originating from a public IP address
All traffic coming into this LAN uses this global IP address
Hosts behind NAT can use private IP addresses
Internet
NAT Router
LAN
192.168.1.1
220.66.254.1
192.168.1.5
Destination 220.66.254.1
46
46
NAT continued…
When a user on a private LAN sends a packet to the rest of the Internet via a NAT, the NAT creates a binding in its cache table.
When the response comes back from the Internet, NAT looks up the binding from its cache table
If found, it switches the addresses,
else (not found), the received packet is dropped!
Normally, the connection initiated from the outside of the private network would not work, as there is no binding to any host
A static binding can be created to map to a particular host, so that the connection initiated from the outside of the private LAN can work.
47
47
Connection: Home network ISP
ISP
192.168.1.1
192.168.1.10
192.168.1.11
192.168.1.12
Internet
ISP
ISP
NAT
Large Scale NAT
(LSN)
48
48
Problems with NAT
NAT breaks end-to-end communications
Binding timeout
A NAT devices creates a binding associated with a timer
A NAT aware application that wishes to keep the binding open must periodically send outbound packets , keep-alive
NAT cannot be used with IPsec in transport mode
NAT is not a firewall solution
A firewall is a security solution for enforcing the security policy of an organisation
49
49
Does NAT resolve IPv4 depletion?
Network address Translation (NAT)
Ease IPv4 address depletion
an interim strategy, not a long term solution
An Large Scale NAT (LSN) implemented by ISPs
support 3000 – 5000 users per public IPv4 address
Single points of failure
Potential address pool depletion attacks
Performance and scalability
Security challenges, e.g. IPSec
break the end-to-end communications
In the end, IPv6 is a real solution to IPv4 exhaustion
50
50
IPv6 Features
51
IPv4 header
IPv6 header
52
52
Simplified IP header
Broadcast is replaced with multicast
IPv6 header 40 bytes without extension headers
Length of the header is fixed
QoS support
Intermediate routers do not perform fragmentation
Build-in support for IPSec
More efficient routing
Routers do not calculate header checksum
IPv4 vs. IPv6
IPv4 header 20 bytes without options
Length of the header is variable – 20~60 bytes
No build-in security features
53
53
Network Performance Improvements
More efficient IP header, fewer fields
Routers perform neither fragmentation, nor header checksum computation.
IPv6 addresses are allocated to regional Internet registries (RIRs) with a big block, so addresses can be aggregated to reduces the size of routing tables.
This makes core routing much more efficient.
QoS support
Broadcast is replaced by multicast.
54
54
New Key Features of IPv6
Abundant address space for end-to-end connective integrity
Auto-configuration
Quality of Service
Built-in Security
Mobility support
55
55
1. Abundant Address Space
IPv6 addresses are 128 bits
More than 20 orders of magnitude larger than IPv4’s address space
3.4×10^38 addresses per person
IPv6 address space provides hierarchy for future growth
Eliminate network address translation
end-to-end connective integrity
2
128
56
56
Address Format and Notation
IPv4 addresses are 32 bits long
uses decimal notation
Uses group of four 8-bit numbers expressed as decimals separated by dots
01111101.00010111.00000000.00000001
125.23.0.1
IPv6 addresses are 128 bits long
uses hexadecimal notation
uses groups of four 16-bit numbers separated by a colon
1111111011011100 : 1011101001000101 : 0001001000110100 : 0011001001000101 1110010101001110 : 1010000100000001 : 0001001000110100 : 1010101111001101
FEDC:BA45:1234:3245:E54E:A101:1234:ABCD
57
57
Compact form of IPv6 notation
1090:0000:0000:0000:0009:0900:210D:325F
1090::9:900:210D:325F
(::) for one or more groups of contiguous 16-bit groups of zeros and
can be used only once in any address
Trailing zeroes from the representation of a single 16-bit group cannot be omitted
“:A:”
“:000A:”
“:00A0:”
“:A000:”
58
58
Network and Host Address Portions
Use “/ decimal number” after an address
The decimal number after the slash indicates the number of bits for the network portion
1090::9:900:210D:325F/60
1018:FD0C:0:9:90:900:10BB:A/24
The following describes just the subnet portion of the above addresses
1090::/60
1018:FD0C/24
59
59
Address allocation
/12 RIR
/32 ISP
/48 End site
ISPs and End sites can get larger allocation if justified
End users
3 bits 9bits 20 bits 16bits 64 bits
001 IANA to RIR RIR to ISP ISP to End Site Interface ID
001 IANA to RIR RIR to End Site Interface ID
/642
64
60
60
2. Auto-configuration
DHCPv4 automatically provides and assigns IP addresses when hosts join the network.
In IPv6, a host can configure itself with an IP address without a need for having a DHCP server
Eliminating manual IP configuration
Dynamic renumbering (e.g. changing ISPs)
Obtaining its host portion of the IPv6 address
Automatically generated from the interface’s MAC address using the modified EUI-64 format.
That is by inserting the hex number FFFE in the middle of the MAC address and flipping the 7th bit
61
61
3. Quality of Service (QoS)
The growing demand for real-time services
QoS protocols can provide different data streams with priorities and guaranteeing qualities
Two fields in IPv6 header can be used for QoS
The Traffic Class
The Flow Label
62
62
4. Built-in support for IP Security
IPv4 has no security build-in function
IPv6 uses extension headers for security provisioning, i.e. IP Security (IPSec)
Authentication Header (AH)
Authentication and integrity
Encapsulating Security Payload (ESP)
Integrity and confidentiality
63
63
5. Mobility Support
An IP address is bound tightly to the network where the device is located
When the mobile node travels away from its home network, the system of routing based on IP address “breaks”
64
64
5. Mobility Support – cont.
Mobile IP (MIP) supports seamless and continuous Internet connectivity
A mobile node can continue to communicate with other nodes after changing its network location
To allows a mobile node to have 2 addresses simultaneously
A primary IP address from its home network
A secondary IP address within the foreign network
Applications
Emergency services
Aviation
65
65
5. Mobility Support continued…
MIP operations (simplified)
By setting up a system where data is sent to the mobile node’s home location
Then the data is forwarded to wherever the mobile node may be located
66
66
IPv6 Transitioning
67
67
Coexistence of IPv4 and IPv6
68
68
Dual-Stack
Tunneling
Translation
Dual-Stack
The most preferred approach
A network is configured as dual stack, each device on the network is configured with both an IPv4 address and an IPv6 address
All modern operating systems, routers and appliances support the dual-stack [IPv4|IPv6]
Dual-stack does not ease the IPv4 address depletion issue
it still consumes IPv4 addresses
It increases the complexity of administrating the dual-stacked environment
69
69
Tunneling
Tunneling provides a way to use an existing IPv4 routing infrastructure to carry IPv6 traffic.
70
70
Tunneling
An IPv6 datagram is encapsulated within an IPv4 datagram then traverse across the IPv4 network infrastructure
Tunneling
IPv4 network
v4
v6
Tunneling
IPv6 network
v6
v4
An IPv4 datagram is encapsulated within an IPv6 datagram then traverse across the IPv6 network infrastructure
71
71
Translation
The least preferred technique
A translation process maps an IPv4 address to an IPv6 address (or vice versa)
Negates most of the compelling reasons for transitioning to IPv6
hierarchical routing
expanded address space
streamlined IP header
Different layers of translation mechanisms
Network layer translation
Transport layer translation
Application layer translation
72
72
IPv6 Deployment Barriers
Cost
Hardware/firmware/application legacy
Required training
Need confidence in technology
Need clear business benefits
73
73
IPv6 Adoption
Australia – 28.18%
https://www.google.com/intl/en/ipv6/statistics.html#tab=per-country-ipv6-adoption
74
74
References
Jason W. Eckert, Linux+ and LPIC-1 Guide to Linux Certification, 5th Edition, Cengage
Chapter 12: Network Configuration
Configuring a Network Interface
Routing
Chapter 13: Configuration network services and cloud technologies
Infrastructure Services: DHCP
IPv4 Address Exhaustion (Wikipedia) https://en.wikipedia.org/wiki/IPv4_address_exhaustion
75
IANA
AfriNIC
RIR
ISP/LIR
APNIC
RIR
ISP/LIR
LACNIC
RIR
ISP/LIR
ARIN
RIR
ISP/LIR
RIPE
RIR
ISP/LIR
End userEnd userEnd userEnd userEnd user
/docProps/thumbnail.jpeg