Complete LAN construction manual (Key Words: Lan, reserved IP address, Address Allocation)

Basic LAN knowledge

This article describes how to set up a local area network (LAN) with a Red Hat Linux 6.2 computer ). First, I will explain some basic knowledge, including the overview of TCP/IP (Transmission Control Protocol/Internet Protocol Internet Transmission Control Protocol) and IP Address Allocation in the LAN. Next, we will introduce the LAN hardware and how to use linuxconf to configure the LAN on the Red Hat Linux operating system. Finally, this article will guide you to test and troubleshoot the LAN.

Linux is widely used in computer network communication. Since all source code can be downloaded from various FTP or HTTP sites, obtaining the Linux operating system is relatively simple and inexpensive. Lan is a communication network that can connect multiple devices and provide communication methods for these devices. Generally, the local area network is relatively small and only limited to one building or several adjacent buildings. A modem and a telephone line are not required in a LAN, but are connected through a network cable. The distance between computers must be close enough to ensure that the network cable works properly.

Each computer in the LAN needs a network interface card (NIC) to access the network cable, and a unique host name and IP address need to be allocated (the allocation method will be described later in this article ). Therefore, you must have basic knowledge about the TCP/IP protocol before assigning it.

TCP/IP Introduction
TCP/IP is a group of protocols used by the Internet and most local networks. In TCP/IP, each host connected to the network (computer or other communication devices) has a unique IP address. The IP address consists of four bytes (the value range of each byte is 0 to 255), and the bytes are separated by decimal points. With this IP address, you can differentiate hosts on the LAN. For example, the IP address of a computer whose Host Name Is Morpheus can be 192.168.7.127. In order not to assign the same IP address to multiple hosts, you should avoid using the IP addresses reserved for the LAN. The reserved IP address typically starts with 192.168.

Lan network address
The first three bytes of the IP address of all computers on the LAN must be the same. For example, if there is a LAN with 128 hosts, the IP addresses of these hosts can be allocated from 192.168.1.x, where X represents any number from 1 to 128. A similar method can be used to build an adjacent LAN for the other 128 computers in the same company. Of course, a LAN does not only contain 128 computers. You can also build a larger LAN.

Network IP addresses are divided into several categories, which determine the size of a LAN and the number of IP addresses it can possess. For example, a LAN has more than 16,000,000 IP addresses, and B lan has about 65,000 IP addresses. The size of the LAN depends on the reserved IP address range and subnet mask (detailed explanation is provided later ). (See Table 1)

Table 1. Address range and LAN Scale

Address range subnet mask provides LAN Scale
10.0.0.0-10.255.255.255.255 255.0.0.0 1 class A network 16,777,216
172.16.0.0-172.31.255.255 255.255.255.0.0 16 class B network 65,536
192.168.0.0-192.168.255.255 255.255.255.0 256 Class C network 256

Network Address and broadcast address
When setting up a LAN, you must note that the two border addresses in the IP address range are reserved as the network address and broadcast address of the LAN. Applications can use network addresses to represent the entire local network. The broadcast address can be used to send the same message to all hosts on the network at the same time.

For example, if the IP address range is 192.168.1.0 to 192.168.1.128, the first IP address (192.168.1.0) is retained as the network address, and the last IP address (192.168.1.128) is retained as the broadcast address. Therefore, when assigning an IP address to a computer on the LAN, you can only select the IP address range from 192.168.1.1 to 192.168.1.127:

Network Address: 192.168.1.0

Host address range: 192.168.1.1 to 192.168.1.127

Broadcast address: 192.168.1.128

Subnet Mask
Each host on the LAN has a subnet mask. The subnet mask consists of four bytes. When the value is 255, it indicates the part of the network address in the IP address. If the value is 0, it identifies the part of the IP address that represents the host number. For example, the subnet mask 255.255.255.0 can be used to determine the local area network of the host. The last 0 of the subnet mask determines the host's location in the LAN.

Domain Name
A domain name (or network name) consists of a unique name and a standard Internet suffix. These suffixes include. com,. org,. Mil,. net, and so on. As long as your lan has a simple dial-up connection and does not directly provide certain types of services to other hosts, you can name it at will. In this example, the network is considered private because it uses an IP address in the range of 192.168.1.x. Therefore, after performing the preceding operations, you cannot connect to the Host Based on the selected domain name on the Internet. You also need an official domain name to achieve this goal. To obtain a formal domain name, you can register at InterNIC, network solutions, or register.com. The materials section at the end of this article lists some sites to find specific methods for obtaining the official domain name.

Host Name
Another important step in establishing a LAN is to assign host names to all computers on the LAN. To identify hosts in a LAN, the host name must be unique. At the same time, the host name cannot contain spaces or punctuation characters. For example, the five names Morpheus, Trinity, Tank, Oracle, and Dozer are valid host names. You can allocate them to five hosts on the LAN. In addition, there are some tips when selecting a Host Name: for example, a brief host name can reduce the typing volume and easily remember the name to facilitate future communication.

Table 2 summarizes the preceding content. All hosts on the LAN should have the same network address, broadcast address, subnet mask and domain name, because these addresses indicate all the content of a LAN. All computers on the LAN have a host name and IP address as the only identifier for identifying them. If the network address of a LAN is 192.168.1.0 and the broadcast address is 192.168.1.128. The IP addresses of other hosts are between 192.168.1.1 and 192.168.1.127.

Table 2. IP Address Allocation for LAN with less than 127 hosts

IP address example same/different
Network Address 192.168.1.0 all hosts are the same
Domain Name www.yourcompanyname.com all hosts are the same
Broadcast address 192.168.1.128 all hosts are the same
Subnet Mask 255.255.255.0 all hosts are the same
Each host has a unique host name.
Host address 192.168.1.x different for each host

Assign IP Address
There are two ways to assign IP addresses in a LAN. You can manually assign a static IP address to all hosts on the LAN. You can also use a special server to dynamically allocate a static IP address, that is, when a host logs on to the network, the server automatically assigns a dynamic IP address to the host.

Static IP Address Allocation
Static IP Address Allocation means that each computer on the LAN is manually assigned a unique IP address. The first three bytes of IP addresses of all hosts in the same LAN are the same, but the last byte is unique. In addition, each computer must be assigned a unique host name. Each host on the LAN will have the same network address (192.168.1.0), broadcast address (192.168.1.128), subnet mask (255.255.255.0), and domain name (yourcompanyname.com ). It is best to record the host names and IP addresses of all hosts on the local area network at the time of allocation for future network expansion reference.

Dynamic IP Address Allocation
Dynamic IP Address Allocation is done through a server or host called DHCP (Dynamic Host Configuration program). When the computer logs on to the LAN, the DHCP server automatically assigns a unique IP address to it. A program named BOOTP can also provide similar Dynamic Allocation services. The DHCP/BOOTP service can be a program or device, but must run on a host with a unique IP address. A router can be seen as an example of a DHCP device. One end acts as an Ethernet Hub (Ethernet Hub, a communication device that allows multiple hosts to connect to a specified port through an Ethernet plug-in ), the other end can be connected to the Internet. In addition, the DHCP server also needs to allocate network and broadcast addresses. In a network system that dynamically allocates IP addresses, you do not need to manually allocate host names and domain names.

Overview of LAN Internet sharing principles and methods

I. Principles of LAN Internet sharing

In terms of LAN shared Internet access, whether using hardware devices such as routers to access the Internet, using Windows Internet Connection Sharing, or using gateway software and proxy server software, the principles are the same.

The TCP/IP protocol specifies three types of LAN reserved IP addresses, which are 10. x. x. x, 172.16. x. x, 192.168. x. X (X in 0 ~ Between 255, note that the network number cannot be all 0 or all 1 ). These IP addresses can be used inside a LAN, but it is obviously not feasible to directly connect to the Internet with such an intranet address.

Therefore, when an internal machine is connected to an external machine, you must first convert the Intranet IP address to a valid Internet IP address through a host with a valid Internet address, this is Network Address Translation (NAT.

NAT technology allows one or more valid IP addresses to access the Internet, thus saving the legitimate IP addresses on the Internet. On the other hand, through address translation, you can hide the real IP addresses of hosts on the Intranet, this improves network security.

For example, a computer or device connected to the internet obtains a valid IP address through fixed or dynamic retrieval, for example, 219.254.38.180. It also needs an internal IP address, for example, 192.168.0.1, serves as a gateway for other computers. If the IP address of a computer inside the LAN is 192.168.0.2: 4000 (4000 is its port number) and you want to access a host on the Internet, the request of 192.168.0.2: 4000 is first sent to the host 192.168.0.1, the host converts the IP address to 219.254.38.180: 9000. Then, the IP address with the port number 9000 sends a request to the host on the Internet, and the data stream of the response is sent back to the host 219.254.38.180: 9000. After the host receives the data, it will find the internal IP address associated with the port number 9000. When it finds that it is 192.168.0.2: 4000, it will pass the data to 192.168.0.2: 4000. In this way, the IP address is converted.

From the above process, we can see that if a computer acts as a gateway, the Intranet and Internet addresses need two NICs, respectively connecting the Intranet and the Internet. But in fact, when the computer is connected to the Internet through a vswitch or router, it is not necessarily a dual network card, but a single network card can also implement a gateway. This requires a single Nic function (such as Sygate) of the gateway software, which virtualizes a NIC for intranet connection and acts as a gateway. However, the actual data flow still passes through a network card, and the network card load is large.

Ii. Overview of Internet sharing

1. differentiate from implementation approaches

Hardware: shared Internet access is achieved through routers, broadband routers, and ADSL modem with built-in routing functions. Hardware can be shared, but the configuration is a little complicated. This method works well, but the investment is slightly higher.

Software: mainly through proxy server and gateway software. Commonly used include WinRoute, Wingate, Sygate, CCProxy, usergate, spoonproxy, homeshare, WinProxy, superproxy, sinfornat, and ICS in windows. Some of these software are free of charge. Although they are not as convenient as hardware, they can effectively manage and control networks.

Terms and definitions of IP addresses
Lan ip address Overview
Enterprises have planned a LAN construction scheme, purchased routers, firewalls, switches, and other network equipment, and cabled the IDC and office location (Building, it also adds servers and clients (workstation and PC). Now we need to set up an enterprise's lan. It is also important to plan the IP address of the LAN, it consists of public IP addresses (Internet IP addresses, generally IPv4 addresses of A, B, and C) and private IP addresses. Next we will discuss with you the planning of enterprise IP addresses.
I. IP address planning
1. Basic concepts of IP addresses
The IP address is a 32-bit binary value used to mark the address of each computer in TCP/IP communication protocol. We usually use the dot decimal representation, such as 192.168.1.6. That is to say, an IP address has two representation formats: Binary and dot decimal. The binary format of a 32-bit IP address is composed of four eight-bit fields. That is, 11000000 10101000 00000001 00000110 (192.168.1.6 ).
Each IP address can be divided into two parts. That is, the Network part and host part: the network number indicates the network segment number to which it belongs, and the host number indicates the address number of the host in the network segment. According to the size of the network, IP addresses can be divided into five categories: A, B, C, D, and E. Class A, B, and C are the three main types of IP addresses, class D is the multi-object address used for multi-object transmission, and Class E is used to expand the standby address. The valid ranges of IP addresses A, B, and C are as follows:
CATEGORY network number/Occupied number host number/Occupied number usage
A 1 ~ 126/8 0 ~ 255, 1 ~ 254/24 National
B 128.0 ~ 191.255/16 0 ~ 255, 1 ~ 254/26 cross-organizational unit
C 192.0.0 ~ 223.0000255/24 1 ~ 254/8 enterprise organizations
Class a ip Address
A Class a ip address consists of a 1-byte network address and a 3-byte host address. The maximum network address must be "0" and the address range is from 1.0.0.0 to 126.0.0.0. There are 126 available class A networks, each of which can accommodate more than 0.1 billion hosts. Note that the network number cannot be 127 because it is reserved for loop and diagnosis.
Class B IP Address
A Class B IP address consists of two bytes of network address and two bytes of host address. The highest bit of network address must be "10" and the address range is from 128.0.0.0 to 191.20.255. There are 16382 available class B networks, each of which can accommodate more than 60 thousand hosts.
Class c ip Address
A Class c ip address consists of a 3-byte network address and a 1-byte host address. The maximum network address must be 110 ". The range is from 192.0.0.0 to 223.20.255. A Class C network can contain more than 2.09 million hosts, and each network can accommodate 254 hosts.
Class D address used for Multi-Point broadcast (Multicast)
The first byte of A Class d ip address starts with "lll0". It is a reserved address. It does not point to a specific network. Currently, this type of address is used in multi-point broadcast (Multicast. A multicast address is used to address a group of computers at a time. It identifies a group of computers that share the same protocol.
Class e ip Address
Starting from "llll0" and reserved for future use, all zero ("0.0.0.0") addresses correspond to the current host; all "1" IP addresses ("255.255.255.255 ") is the broadcast address of the current subnet.
Iana (Internet Assigned Numbers Authority) retains part of class A, B, and C addresses as a dedicated (private) ip address space, it is specially used for the use of various vpcs (such as Enterprise Networks, campus networks, and administrative networks.
When a LAN is connected to a WAN through a routing device, the routing device automatically isolates the signal of the address segment from the LAN, do not worry that the protected IP address conflicts with the reserved IP addresses of the same IP address segment used in other local networks (that is, the IP addresses are identical ). Therefore, you can select an appropriate VPC address Segment Based on your needs (mainly considering the number of networks required and the number of computers in the Network) and set the IP addresses in the local LAN.
The vro or gateway automatically blocks these IP addresses in the local area network and does not route them to the public network. Therefore, even if the two local networks use the same private IP address segment, there is no conflict between them. Today, when IP Address resources are very tight, this technology is increasingly widely used in various types of networks. Of course, computers using the internal P address can also access the Internet through the LAN, but the proxy server is required.
When the enterprise network has fewer or even only one public IP address (ISP usually only provides one IP address for the enterprise), private IP addresses must be used inside the Enterprise, use address ing or proxy servers to share Internet connections and port ing to publish servers in the network to the Internet.
3. IP address information
Generally, a complete IP address information includes four parts: IP address, subnet mask, default gateway, and DNS. Only when they perform their respective duties and work together can we access the internet, and accessed by computers on the Internet. Note that when using a static IP address to access the Internet, the ISP should provide you with all the IP address information.
IP address
The valid IP address used by the enterprise network is allocated by the Internet access provider (ISP), and the private IP address is freely allocated by the network administrator. Note that the IP addresses of all computers in the network cannot be the same. Otherwise, IP addresses may conflict, leading to network communication failure.
In the subnet mask, part of the network is located at 1, and part of the network is located at 0. Therefore, when the factory address and subnet mask are "and", the non-zero part is the network number, and the zero part is the master machine number.
Since the subnet mask can determine which part of the IP address is the network number, and the subnet mask can be set manually, you can modify the subnet mask to change the network and host numbers specified in the original address category.
That is to say, based on actual needs, you can use the subnet mask of Class B or Class C addresses (255.255.0.0 or 255.255.255.0 ), change the network number of the original Class A address from one byte to two or three bytes, or use the subnet mask (255.255.255.0) of the class C address ), change the network number of the original Class B address from two bytes to three bytes, thus increasing the number of networks and reducing the host capacity in each network; you can also use the subnet mask of Class B addresses (namely, 255.255.0.0) to change the subnet mask of class C addresses from three bytes to two bytes, thus increasing the host capacity in each network, reduce the number of networks.
Variable-length Subnet Mask
Since the part in the subnet mask is 1 can be defined as the network number, you can change the maximum part of the mask originally 0 to 1 by extending the subnet mask, in this way, the part that should belong to the host number is changed to the network number to divide the subnet.
It can be seen that the more digits the subnet mask has, the more subnets are obtained, but the less hosts each subnet contains, and the more IP resources are lost. This is because each subnet retains all 0 addresses as network numbers and all 1 addresses as broadcast addresses.
Default Gateway
The default gateway means that if a host cannot find an available gateway, it sends data packets to the default gateway, which processes data packets. A gateway sends messages from one network to another.
Therefore, only after the gateway IP address is set, the TCP/IP protocol can implement mutual communication between different networks. So what is the IP address of an enterprise network? If a valid Factory Address is used, the gateway is provided by the ISP. If a private IP address is used, the gateway is the IP address of the proxy server or the internal port of the router.
DNS
DNS is used to convert users' domain name requests to IP addresses. If the enterprise network does not provide DNS services, the IP address of the DNS server should be the DNS server of the ISP. If the enterprise network provides its own DNS service, the IP address of the DNS server is the IP address of the internal DNS server.
Ii. Precautions for planning local network IP addresses
With the increasing shortage of public IP addresses, small and medium-sized enterprises can only get one or several real class c ip addresses. Therefore, only private IP segments can be used in an enterprise's internal network. Note the following when selecting a private IP Address:
1. assign a class c ip address segment to each CIDR block. We recommend that you use the IP address range 192.168.2.0 -- 192.168.254.0.
Because some network devices (such as broadband routers or wireless routers) or applications (such as ICS) have the automatic IP Address allocation function, and the default IP address pool is usually located in the 192.168.0.0 and 192.168.1.0 segments, when this IP address segment is used, it is often prone to IP address conflicts or other faults. Therefore, unless necessary, avoid using the above two class c cidr blocks.
2. You can use the subnet mask of the class C address. If necessary, you can use a variable-length subnet mask.
Generally, do not use a large Subnet Mask. The number of computers in each CIDR block must not exceed 250. The larger the number of computers in the same network segment, the larger the number of broadcast packets, the more the Effective Bandwidth will be lost, and the lower the network transmission efficiency.
3. Even if the IP address range 10.0.0.1 -- 10.20.255.254 or 172.16.0.1 -- 172.32.255.254 is selected, we recommend that you use 255.255.255.255.0 as the subnet mask to obtain more IP network segments, the number of computers in each subnet is small. If necessary, you can use a variable-length subnet mask to increase the number of computers that can be accommodated.
4. assign an independent IP address segment to the management VLAN of the network device to avoid address conflicts with the management IP address of the network device, thus affecting the implementation of remote management. For the same reason, all servers must be divided into an independent network segment.
Note that you can improve network transmission efficiency by assigning different IP addresses to computers on the same network. In fact, computers in the same network are still in the same broadcast domain, and the number of broadcast packets does not decrease due to different IP addresses. Therefore, you only need to specify different network segments for the computer, it cannot achieve the purpose of dividing broadcast domains. To reduce the number of broadcast domains, the most fundamental solution is to divide VLANs and specify different IP network segments for each VLAN.
Subnet Mask
Subnet Mask is a technology used in combination with IP addresses. It has two main functions: one is to determine the network number and host number in the factory address, and the other is to divide a large IP network into several small subnetworks. Limitations of dividing subnets and IP addresses

Dividing subnets
To improve the efficiency of IP address usage, you can divide a network into subnets: by taking the bits, you can change from the maximum bit of the host to the New subnet bit, the remaining part is still the master location. This divides the IP address structure into three parts: Network bit, subnet bit, and host bit.
After the concept of subnet is introduced, the network bit and subnet bit can uniquely identify a network. All the network bits are identified by 1, and the host bits are identified by 0, and the subnet mask is obtained. As shown in, the subnet mask is converted to decimal, and then is: Too Many Subnet Mask
Subnet addressing makes the IP address have a certain internal hierarchy, which facilitates IP Address Allocation and Management.
The key to using it is to select an appropriate hierarchy-how to adapt to the physical network scale and make full use of the IP address space (that is: where to separate the subnet number and host number ).
Tips -- subnet computing
It is always a headache to calculate the subnet and mask when planning IP addresses. Now I will give you a tip to solve this problem smoothly. First, let's take a look at a common problem: the IP address of a host is 202.112.14.133, And the mask is too large. Therefore, the network address and broadcast address of the host must be calculated.
The general method is to convert the host address and subnet mask into binary numbers. The network address can be obtained after the logic and calculation of the two. As a matter of fact, you only need to think about it and you can get another method: The Mask of zookeeper contains 256-224 = 32 IP addresses (including network addresses and broadcast addresses ), the network address with this mask must be a multiple of 32. The network address is the beginning of the subnet IP address, and the broadcast address is the end. The available host address is within this range. Therefore, it is slightly smaller than 137, and only 128 is the multiple of 32, therefore, the network address is 202.112.14.128. The broadcast address is the network address of the next network minus 1. The next 32 is a multiple of 160. Therefore, the broadcast address is 202.112.14.159.
In practice, you must plan and calculate the subnet mask based on the number of hosts on each network. This can also be calculated based on the above principles. For example, if a subnet has 10 hosts, 10 + 1 + 1 + 1 = 13 IP addresses are required for this subnet. (Note that the first one is the gateway address required for the network connection, and the second two are the network address and broadcast address respectively .) 13 is less than 16 (16 is equal to the Power 4 of 2), so the host bit is 4 bits. And 256-16 = 240, so the subnet mask is 255.255.255.255.255.240. If a subnet has 14 hosts, a common error is that a subnet with 16 address spaces is still allocated, and the gateway is not assigned an address. This is an error. Because 14 + 1 + 1 + 1 = 17 and greater than 16, we can only allocate subnets with 32 addresses (32 equal to the power of 2. In this case, the subnet mask is too large.
Limitations of IP addresses
At first, Internet designers did not expect that the network would develop so quickly. Therefore, all the problems faced by the network can be traced back to the early decision-making of the development of the Internet. The allocation of IP addresses can better reflect this.
The currently used IPv4 address uses a 32-bit address, that is, 232 (4,294,967,296, about 4.3 billion) addresses are available in the IPv4 address space. In the early days of the internet, such an address space was almost infinite, so the IP address was assigned to an organization or company by category based on the application, however, we seldom consider whether we really need so many address spaces, not considering that IPv4 address spaces will eventually be exhausted. Therefore, IPv4 addresses are classified according to the network size (the number of IP addresses used), and their addressing scheme uses the concept of "class. The definitions of IP addresses A, B, and C are easy to understand and divide. However, in actual network planning, they are not conducive to effectively allocating limited address space. For Class A and Class B addresses, few companies can use such a large scale, and the number of hosts for Class C addresses is relatively small. Therefore, a type of IP address is not conducive to effectively allocating limited address space, and is not applicable to network planning.
In this case, people began to work on the next generation Internet protocol-IPv6. Because the IPv6 protocol is not complete and mature, it requires long-term test and verification. Therefore, the full transition from IPv4 to IPv6 is a long process, during the transition period, we still need to Interconnect Networks on IPv4. In the early 1990s S, a variable-length Subnet Mask (vlsm) and classless Inter-Domain Routing (CIDR) were introduced, as a short-term solution to improve the efficiency of IPv4 address space usage in the current transitional period