Linux Network Management

Internet

OSI (Definition of the International Organization for Standardization Network, Open Systems Interconnection) ISO (International Organization for Standardization)

OSI Network Model tiering

Lower level services for the upper layer

7 Application Layer (application): A range of application software

6 presentation layer (PRESENTION): formatted data, encryption, compression, etc.

5 Session Layer: Establish, manage, and terminate sessions

4 Transport Layer (transport): Transmission of data, link, end-to-end transmission

Link: The same network segment accesses each other

End-to-end: cross-network mutual access

3 Network layer: Defines the logical address (IP address), defines the routing function, the process of selecting a path is called routing

2 Data Link layer: Defines the physical address, frame frame has a number of format bit combinations, data detection

1 Physical Layer (physical): binary transmission, bit for transmission unit 0101

Ethernet Frame 2 generation structure (data link layer):

Preamble Information SOF

Target physical address accounted for 6 bytes

Source physical address accounted for 6 bytes

Type refers to the type of upper layer protocol, which accounts for 2 bytes

Packet length 56-1500

FCS accounted for 4 bytes

The minimum value for an Ethernet frame is 46+8+6+6+2+4=72 bytes

The maximum Ethernet frame value is 1526 bytes

MAC address A total of 45 bits, the first two bits if 1 is the broadcast, the second is 1 is the local management address the first 22 bits are assigned by international organizations identifier OUI,48 bit is 1 is broadcast, 48 bits of binary number composition

PDU: Protocol Data Unit (message) Large data splitting packets are called messages

The PDU at the physical layer is a bit bit of data bits

The PDU on the data link layer is the data frame

The PDU on the network layer is the packet packet

The PDU of the transport layer is the data segment segment

Other higher-level PDUs are messages message

How the Switch works

A security that does not send the receiving packet to all computers in the same conflict domain, splits the packet for analysis, and stores the source Mac and destination Mac information in a memory-like location inside the switch facilitates the next two-computer communication to prevent conflict domain collisions, each switch interface belongs to a conflict domain

Vlan

Equivalent to dividing groups, computers within 1 groups can communicate with each other, but computers in other groups cannot communicate with 1 groups of internal computers

Router

Have a routing table, select a good path above the routing table for communication, and have the ability to isolate broadcast domains, set security policies, and connect to WAN

TCP/IP protocol

TCP: Transmission Control Protocol IP: Internet Interconnection Protocol

TCP/IP is a protocol stack, and a protocol collection includes TCP, IP, UDP, ICMP, RIP, TELNET, FTP, SMTP, ARP, and so on

TCP/IP is divided into four tiers.

Application Layer

"Equivalent to the above three layers of the OSI; Common protocols: FTP file Transfer Protocol, TFTP lightweight file Transfer Protocol, NFS, SMTP Simple Mail Transfer Protocol, SNMP, DNS and many other protocols"

Transport Layer

"The equivalent of the OSI Transport layer, the end of the terminal to communicate with each other, it is possible to achieve reliable data transmission, when the need for reliable or unreliable transmission, connection-oriented premise is to ensure that there are interactive and non-oriented connection"

Transport Layer Protocol: TCP: Connection-oriented, reliable connection, sent packets are numbered, with a confirmation mechanism (after receiving the package, will respond to "I hope the next +1" package)

UDP: User Packet Protocol, non-connection-oriented, good performance, high efficiency, but may be unreliable, may drop packets, and received packets in sequence, the order of the packets sent and received packets may be different order, may lead to packet confusion, which may damage the data

Packet headers for TCP

From 0 bits to the first bit to the 32nd bit, one line equals 4 bytes

Source Port (outer layer) destination port (inside) Total 32 bits 4 bytes

Serial numbers (number of different packages)

Confirmation Number (confirm the other sent to their own package, write the value is "package +1", starting from 0 numbered)

The data offset (the length of the TCP packet header, which is determined here because of the uncertain TCP length) retains the tag bit Urg,ack,psh,rst,syn,fin window (packet transmission

Transmission size, the maximum transmission of data per transfer of how much)

Checksum (check the integrity of the packet, the above series together to do a calculation, the other side to do a calculation to see if the same) emergency pointer

Option (variable length, because length is not fixed all data offsets are used to confirm length) padding

Tag bit answer: (!!! For the point! )

URG: Emergency pointer, emergency data, if 1 indicates that the lower-level emergency pointer is valid, and 0 indicates that the emergency pointer is invalid

!!! ACK: Indicates whether the previous confirmation Number field is valid. Ack=1, the expression is valid. The previous confirmation Number field is valid only if ack=1. TCP specifies that, after the connection is established, the ACK must be 1, and the TCP segment with the ACK flag is called the acknowledgment message segment

PSH: When the application sends the data to the NIC, the NIC will see if the packet is the address of its own Mac, receive it, not discard it, then transfer the data to buffer in the kernel, and if PSH is 1, it will be sent to the app immediately, if 0, will be stored in buffer at buffer full to the application

RST: The RST is 1 when the application network communication is abnormal and requires the other party to recreate the connection with the host

!!! SYN: used when establishing a connection to synchronize the sequence number. When syn=1,ack=0, indicates that this is a request to establish a connection message segment, when Syn=1,ack=1, indicating that the other party agreed to establish a connection. Syn=1, indicates that this is a request to establish a connection or consent to establish a connection message. Only the SYN is set to 1 in the first two handshakes, and the TCP segment with the SYN flag is called the synchronization message segment.

!!! FIN: Indicates that the caller is notified that the connection is being closed and that the marked data has been sent. If fin=1, tell the other side: "My data has been sent, you can release the connection", the TCP segment with the FIN flag is called the end segment

TCP Three-time handshake:

1 The client actively sends the request, the server passively accepts the client request, and the state is closed state before the client establishes the connection;

2 The client will send Syn=1,seq=x, and the state will become syn-sent (synchronous sending) state when sent out;

3 Each other listen received the request, will respond immediately syn=1,ack=1,seq=y (server-side serial number), ack=x+1 (Confirm receipt of the packet sent by the client, and want to send the next x+1 package), the status will become SYN-RCVD (synchronous receive status)

4 When the client receives a response from the server, it sends the ack=1,seq=x+1,ack=y+1 immediately, and the status becomes estab-lished (the connection state is established).

TCP Four waves (disconnected)

Both the server and the client can initiate a disconnect request, which describes the client initiating the disconnect request;

1 The client status is estab-lished (connection established), the request packet initiating the disconnection is fin=1,seq=u, and will immediately become fin-wait-1 (terminate wait) status after it is issued

2 when the server receives the request, it responds immediately to the ack=1 (confirming that the fin's mark bit received) seq=v,ack=u+1; it changes from estab-lished to close-wait (shutdown wait) state and continues to transmit client data. The client becomes fin-wait-2 (terminating wait 2) status after it is received

3 when the full data transfer is complete, the server sends the FIN=1,ACK=1,SEQ=W,ACK=U+1, and it changes from the close-wait state to the Last-ack (last confirmed) state after it is issued.

4 after receiving the client will change from Fin-wait2 to time-wait (time wait) status, will wait 2MSL time, continue to wait for the server to send all the data

5 After the client sends Ack=1,seq=u+1,ack=w+1, the server and client become closed state

Netstat-ntuap

NT: protocol that shows TCP

Nut: protocol that shows UDP

A: Show all the Protocols

P: Show application for protocol

Connection status (The following connection states are derived from the tag bits of the TCP header):

CLOSED off state, no State

LISTEN listening status, waiting for a connection request from the TCP port

Syn_sent wait for confirmation after sending a connection request

Syn_received waits for confirmation after receiving and sending a connection request

Established indicates that a connection has been established and both sides have entered data transfer status

Fin_wait1 active shutdown, the host has sent off the connection request, waiting for the other party to confirm

Fin_wait2 active shutdown, the host has received a close acknowledgement from each other, waiting for the other party to send a disconnect request

Time_wait complete two-way transport connection shutdown, waiting for all packets to disappear

Close_wait passive shutdown, received a disconnect request from the other party, and confirmed

Last_ack passive shutdown, wait for the last disconnect connection acknowledgement, and wait for all packets to disappear

CLOSING Both sides to disconnect the transmission connection, waiting for the other party to confirm

Attention:

1 Client in Fin_wait_2 State (semi-closed) if the fin=1 request from the server is delayed, it will become an orphan connection

How to handle the system:

The number of orphaned connections is defined in the kernel

/proc/sys/net/ipv4/tcp_max_orphans number of orphaned connections in designated nuclear power management

/PROC/SYS/NET/IPV4/TCP_FIN_TIMEOUT specifies the time that orphaned connections survive in the kernel

2 When the client sends a request, the server can not receive the data when the retransmission occurs

/proc/sys/net/ipv4/tcp_retries1 the minimum number of retransmissions, the default value is 3

/proc/sys/net/ipv4/tcp_retries2 the maximum number of retransmissions, the default value is 15

TCP Acknowledgement

Each receipt of a package will be confirmed once, so that although the security has improved, but will affect the efficiency, and the ACK of each acknowledgment is generally +1 and is defined by the window in the TCP header;

TCP Change window, sliding window;

The size of each send packet is indeterminate, the sending outsourcing does not know that the receiver can receive several, will attempt to send multiple package tests, and the receiver will tell the sender window size

UTP Baotou

16-bit Source port 16-bit destination port

16-bit UDP packet length 16-bit UDP check bit

Data

Port number: Represents the type of upper layer protocol, each application has a separate port number, an application can use multiple port numbers, and a port can only be used for one application

The following are common server-side ports

HTTP:TCP 80

HTTPS:TCP 443

DNS:TCP 53, UDP 53

Ftp:tcp 21

Ssh:tcp 22

Telnet:tcp 23

A number of commonly used ports are stored in the/etc/services

and the port number of the client is randomly assigned

0-1023: Only administrators are eligible to use

1024-49151: Normal user can use

49152-65535: Random match to the port number of the client

From the application layer will be added to each layer of the header information, the Transport layer if TCP is to add the TCP header, and then down the network layer header, so that the TCP header becomes the network layer of data continue to add the lower header

Internet tier

(equivalent to the OSI network layer)

Network access Layer (equivalent to the OSI Data Link layer and network layer)

IP protocol

ICMP protocol (ping command)/proc/sys/net/ipv4/icmp_echo_ignore_all (store 0 or 1 is whether to ignore the ping response, 0 is not ignored, 1 is ignored)

Ping-c1 (Ping once)

-W1 (shorten the delay time, 1 seconds ping different in response to the results)

-S 3000 (specifies the packet size to be sent, packet maximum 65507)

-F (regardless of whether the other party responds, continue to send packets, a large number of contracts to consume the other resources)

Type 8 is the request package, type 0 is the response package

The default TTL for Linux is 64

IGMP Protocol (Internet Group Management Protocol): For older Windows systems, sending too many IGMP packets can easily crash

ARP Protocol (Address Resolution Protocol): the IP address is responsible for resolving to MAC address, that is, the use of IP address to find the other side MAC address, working in the LAN

Arp-n (view ARP table)

arp-d "IP address to clear"

Arping-i ["Out of a network card"] "Destination IP address" (to see if there is a conflict in the network)

IP neigh can also view ARP tables

Two host access procedures:

When a host to establish communications with Host B, the first to send SYN synchronization, based on the TCP/IP protocol, and then clear the other IP but do not know the MAC address, so use to the ARP protocol broadcast to obtain the other MAC address, the packet through the physical layer 0101 sent to Host B, B host to view the broadcast so to receive this package, found that the other side is looking for their own IP address corresponding to the Mac so respond, because with the source MAC address, so also a host of IP and Mac added to the ARP table, b host to respond, Target Mac, source mac,arp response packet; After the physical layer 0101 response to a host, a host receives the MAC address of Host B, ARP work is completed, a host will record the MAC address of Host B and IP address to the ARP table, and then a host will complete the packet, including the " Target mac--source mac--source ip--target ip--tcp SYN ", again through the physical layer 010101 sent to Host B, the B host in turn found to be SYN synchronization bit, b host reply ACK1 syn1,a the host again in turn to unpack, a host after parsing, send again ACK1, Three times the handshake is completed, a host sends the data, after each layer to add each layer of the header, after the B host receives the solution encapsulated after the host receives the packet I hope to send X packet next

To send ARP broadcasts over the WAN

Request Host: A

Target Host: B

When a host wants to communicate with the Host B, the IP address of the B host is clear, but the ARP broadcast is not support the interval broadcast, so a host will send broadcast on the LAN, then a host interface Router Gateway will respond, a host of ARP table will be added Target Mac is a host, Packets The data to the router, and the router then forwards the packets sent by the a host to the host B,b host's ARP table, the target Mac is the gateway to the router interface of the B host connection.

reverse ARP: Resolves a MAC address to an IP address

IP PDU Header

0-3-bit: Store version number (mainstream IPv4, promotion in IPv6)

4-8 bits: The first length determines how long the header is, because the length of a piece below is changeable

8-16-bit: Differentiated services, use in specific situations

16-31 bits: Total length is all packets plus header plus total data length

0-8-bit: Time to Live, TTL defaults to 64

8-16-bit: protocol that shows the type of upper layer protocol

0-23-bit: Optional field (variable length)

24-31-bit: header checksum

0-16-bit: identifies which package the data comes from and identifies the same packet from the same package

16-19-bit: Flag, indicates whether the package is a shard package, only the last two bits make sense, DF, the middle one, only when the df=0 to allow the Shard, do not allow the Shard on the data is from a package; MF, highest, mf=1 means the rear and the Shard, Mf=0 is the last Shard

19-31-bit: The slice offset is used to indicate the number of slices in a large package

0-31 bits: Storage source address, destination address, 32-bit binary number

The protocol type for TCP is 6,UDP bit 17, which can be viewed in/etc/protocols

MTU: Maximum transmit data unit

IP Address:

Can be specified manually, with management

The IP address consists of two parts:

Network ID:

172.18.X.Y (172.18 is the network ID, which is identified in which network segment)

Host ID:

Identify a single host (x.y represents a single host in the network)

Ipv4:32 bit = Front bit is the bit host ID bit for network + behind

Network ID=IP and subnet masks

IP Address Classification

Class A

0 The first 8 bits are the host ID of the host id,24 bit for the network id.x.y.z, and the highest level is 0

0-127.X.Y.Z begins with the network ID, and the available network ID is 1-126 or 126

1-126.x.y.z is a Class A address

Number of hosts in a network segment =2^ host ID bit-2 (remove full bit 0 and full bit 1) 16777214

NET segment number =2^ variable network ID bit 7 bit

Subnet Mask: 255.0.0.0

Class B:

Number of hosts in a Class B network segment =2^16-2 65534

Class B network segment number =2^14 16384

10 first 16 bits for network id.y.z (102-bit immutable)

128-191.x.y.z is a class B address

255.255.0.0

Class C:

Number of hosts in a Class C network segment =2^8-2 254

Class C Network segment number =2^21

110 The first 24 bits are network id.x.y.z

192-223.X.Y.Z represents a Class C address

255.255.255.0

#D类: Indicates a multicast address

CIDR: No-class inter-domain routing, network ID not in accordance with the entire 8-bit division, according to requirements

CIDR notation: ip/Network ID bits

Subnet Mask: 32-bit binary number, the front bit is 1, the following bit is 0,1 the bit corresponds to the network bit, 0 corresponding bit represents the host ID bit 30 bit network ID, the host number is 2^2-2=2

Network ID bit and host ID bit require subnet mask to be judged

1=2^0=1

10=2^1=2

100=2^2=4

1000=8

10000=16

100000=32

1000000=64

10000000=2^7=128

00000000 0

10000000 128

11000000 192

11100000 224

11110000 240

11111000 248

11111100 252

11111110 254

11111111 255

Public IP address (used on the Internet, requires application, after assignment is complete and is world only)

Private IP address (not allocated on the Internet, permanently reserved, internal LAN use)

Class A: 10.0.0.1 to 10.255.255.254

Class B: 172.16.0.1 to 172.31.255.255

Class C: 192.168.0.0 to 192.168.255.255

Special Address

0.0.0.0: All unclear hosts and target networks

255.255.255.255: Broadcast Address

127.0.0.1-127.255.255.254: Local loopback address

224.0.0.0-239.255.255.255: Multicast address

169.254.x.x (Windows): If a DHCP server does not exist on the network, then the obtained 169.254.x.x is randomly assigned, and can be accessed after acquisition

Variable-length subnet mask

Host ID bit more known as the Large network, the host ID bit less known as Xiao Wang

Subnetting: Cutting a large network into multiple small networks, network ID bit to host ID borrow, network ID bit increased, host ID less

Number of subnets divided =2^ network ID to host ID borrow number of digits

Routing table:

Cross-network communication: Routing

Routing classifications:

Host routing: Shows the path to an IP host

Network routing: corresponds to a path that reaches a network segment

Default route: The default route, default route, 0.0.0.0, usually the default route is the boundary location of the Internet, when there are too many segments in the target location or no records in the routing table

Priority: The higher the accuracy, the higher the priority level

Routing Table composition

1 Network ID netmask: The network segment where the target host resides

2 Interface interface: Sending packets to the egress of the destination segment

3 Gateway Gateways: When you reach a non-direct-attached network, send the packet to the next router near my interface's IP

Dynamic Host Configuration Protocol DHCP: Enables the client to obtain an IP address automatically;

The client sends the discover message by means of broadcast;

The DHCP server will unicast in response to client offer;

When the client receives an offer, it sends a request again via the broadcast;

The DHCP service side will send details to the client ACK, end the exchange process;

The DHCP server is using UDP port 67;

The DHCP client uses UDP port 68;

Basic Network Configuration

To connect a Linux host to a network, you need to configure the network

Generally include the following:

Host Name

Ip/netmask

Routing: Default gateway

DNS server: Domain name resolution

Can add multiple DNS addresses

The correspondence between the IP address and the hostname is stored in the/etc/hosts

Centos 6 Network card name

Ethernet: eth[0,1,2,...]

ppp:ppp[0,1,2,....]

Defines how the network interface is named:/etc/udev/rules.d/70-persistent-net.rules, which can modify the NIC name in this file and will not take effect immediately after the modification, using the following methods

Ethtool-i "NIC name" (see what driver the NIC corresponds to)

Modprobe-r e1000 (first uninstall NIC driver)

Modprobe e1000 (load NIC driver)

Once the above operation is complete, the NIC name can be updated.

NetworkManager Disable retry when there is no way to restart the NIC service on the graphical interface

Network configuration mode:

Ifconfig command:

(ifconfig) (IP a) (IP link): The default is used to display the network card information, display the information of the active network card, when the network card status down is not visible, add-a option can see all;

Ifconfig "NIC name" down to completely down the NIC

Ifconfig "NIC name" Up boot NIC

Ifconfig "Network card name" "Ip/netmask": Temporarily add IP address on the network card, network card down and then start the IP will not be

Ifconfig "NIC Name: Digital" "ip/netmask": to alias the network card, at the same time to configure the device IP address, equivalent to a device configured with multiple IP addresses, is also a temporary

Ifconfig-s "NIC name" to view the data packet communication on the network card statistics, (MTU: size; Rx-ok: Receiving success; Rx-err: Receive error)

When using the Ifdown and IFUP commands, the NIC must have a configuration file

Ip{a,link,route}

Setup blue background Character interface configuration

Enable promiscuous mode (equivalent to grabbing packets, receiving all packets, parsing packets, eavesdropping using): [-]promisc

Route command, but it is now recommended to use IP route

Routing Management Commands

View: Route-n

Add: Route add

Host route Add method: Route add-host "Destination host IP Address" GW "gateway" Dev "interface"

Network route Add method: Route add-net "target segment/subnet mask" GW "gateway" Dev "interface"

Default route Add method: Route add-net 0.0.0.0/0 GW "Gateway"

Delete: Route del

Remove host route method: Route del-host "Destination host IP Address"

Remove Network route method: Route del-net "target segment/subnet mask"

Remove the default route method: Route del-net 0.0.0.0/0

Routing of a direct-attached network exists by default in the routing table

Netstat command

The default display includes a series of network-related files, node numbers, types; Dgram on behalf of the UDP protocol; Stream represents the TCP protocol

Netstat-nltup This collocation is more commonly used, to see the current server side of the application being used;

Netstat-ntu shows the host that is currently establishing the connection state

-N: Digital display of IP and ports

-L: Shows which ports the current host listens on

-T: Show TCP protocol

-U: Show UDP protocol

-P: Show app Name

-A: all States

-E: Extended information

Linux Network Management