InformIT: Red Hat Linux 7 Unleashed

TCP/IP Basics

Before diving headfirst into the TCP/IP network stack, you may want to read up on some TCP/IP basics. If you're familiar with how TCP/IP works and would like to go straight to the nitty-gritty of configuring your Linux system, you can skip this part and jump straight to the Configuring the Network section of this chapter. Along the way you will find methods for configuring your network settings manually by editing the files and for using the graphical interface tools provided.

IP Addresses

Every network interface in a TCP/IP network is assigned a unique IP address. The IP address is used to identify and differentiate an interface from other interfaces on the network. In the current IPv4 specifications, an IP address is a 32-bit number. Think of this 32-bit number as a sequence of four 8-bit octets. Computers understand base 2 numbers (1s and 0s), whereas humans tend to think in base 10 (0–9); we then convert each octet to decimal and separate the decimal values with periods. This 32-bit, 4-octet sequence of base 2--11000000 10101000 00000001 00000001--can now be represented as 192.168.1.1.

It is important to carefully select and keep track of IPs that are assigned to network interfaces. If the network is directly connected to the Internet, you may only assign IPs that have been set aside for your network by the Internet Assigned Numbers Authority (IANA). If the network isn't connected to the Internet, or is separated from the Internet by a firewall, addresses should be selected from the block of private network addresses discussed in the next section. The network administrator is the person responsible for assigning IP addresses within an organization. You should contact him before assigning an IP address to any device.

Dividing the Network

As its name implies, IP (Internet Protocol) was designed from the ground up for internetworking. This means it was designed for interconnecting networks. Thus, an IP address is divided into two parts: a network part and a host part. The network part distinguishes one network from another, whereas the host part identifies a particular host within that network.

Netmasks and Network Classes

The network mask (or netmask) identifies what part of the IP address represents the network number, and what part represents the host address. The netmask is another 32-bit number that is converted into four 8-bit octets, translated into decimal, and separated by periods (see Figure 20.1). The 1-bits in the netmask designate the network portion of an IP address. The 0-bits in the netmask correlate with the host portion of an IP address. For example, if a network interface were assigned the IP address of 172.17.24.83 (10101100 00010001 00011000 01010011) with a netmask of 255.255.0.0 (11111111 11111111 00000000 00000000), the network part of the IP address would be 172.17, and the unique host address within that network would be 24.83.

Figure 20.1 Netmasks help computers and switching equipment make distinctions between hosts and networks.

Each logical IP network has a network address and a broadcast address. The network address is used to identify the network itself, and is the lowest number (all 0-bits in the host part) in its respective IP network. The broadcast address is a special address that all of the devices in the IP network listen for, and is the highest number (has all 1s in the host part) in its respective IP network. This means that the number of assignable addresses is always two less than the actual range of numbers being used. If you had a network number of 192.168.1.0 and a netmask of 255.255.255.0, your broadcast address would be 192.168.1.255. You would have a maximum of 254 assignable host addresses, even though your actual range of numbers is 0–255.

Historically (due to RFC-796), depending on the first few bits of an IP address, networks were assumed to have default netmasks based on their network class. Class A networks have an 8-bit network part and a 24-bit host part. Class B networks have 16 bits each in the network and host parts. Class C networks have a 24-bit network part and an 8-bit host part. Class D networks are considered multicast addresses. See Table 20.1 for the octet-to-network class definition chart.

Table 20.1. Network Classes According to RFC-796

First Byte of Address	Default Network Class
1127 (Starts with 0)	A
128191 (Starts with 10)	B
192223 (Starts with 110)	C
224239 (Starts with 1110)	D
240254 (Starts with 1111)	Reserved

CIDR (Classless Interdomain Routing)

Although IP classifications are still used in the networking world, this way of thinking has been obsolete since the release of RFCs 1517, 1518, 1519, and 1520. Those RFCs define CIDR (Classless Interdomain Routing). One of the main reasons CIDR came to be was a lack of an appropriate network class size for a mid-sized company. The class C network, with a maximum of 254 host addresses, is too small; class B, which allows up to 65,534 addresses, is too large for an ethernet's limit of 12,000 attachments. The result is inefficient utilization of class B network numbers.

To begin thinking in terms of CIDR notation, here is a visual exercise that shows you how the netmask for a given range of IPs is calculated.

Assume you want to have communication starting with 10.168.0.0 all the way through 10.168.255.255. Understand that the netmask you use lets the computer know which IP networks to listen to, and which ones to mask out. To see this masking in action you would first need to visualize which bits are common between the two ranges. Wherever the bits match, the corresponding bit in the netmask becomes a 1.

00001010 10101000 00000000 00000000 (10.168.0.0) Start of Range

00001010 10101000 11111111 11111111 (10.168.255.255) End of Range

================================================================

11111111 11111111 00000000 00000000 (255.255.0.0) Netmask

Instead of representing this network by its network number (lowest IP address of an IP network) and its netmask, in CIDR notation you simply count up all of the on bits (1s) in the netmask and represent this network as 10.168.0.0/16. This network is now said to be a 16-bit network. The traditional class C network is another example of a 16-bit network.

Subnetting

The act of dividing an IP network into smaller subnetworks is called subnetting. It is usually done when an organization has a block of addresses that it needs to share between two or more physically separate sites. For example, an organization may request a 24-bit block of addresses for use on the Internet, and then need to share those addresses between two offices. Instead of wasting two full 24-bit networks, you can cut the 24-bit network into two different networks by extending your netmask one more bit. This changes your netmask from 255.255.255.0 (24 1s, a.k.a. /24) to 255.255.255.128 (25 1s, a.k.a. /25). This netmask is applied to both of the newly created networks. Where you once had a network of 192.168.1.0/24, you now have two networks of 192.168.1.0/25 and 192.168.1.128/25. The 192.168.1.0/25 network has a host range of 0–127, where 192.168.1.0 is the network number and 192.168.1.127 is the broadcast. The second network has a host range of 128–255, where 192.168.1.128 is the network number and 192.168.1.255 is the broadcast.

To see why this works, try the visualization test shown before on the second network created:

11000000 10101000 00000001 10000000 (192.168.1.128)

11000000 10101000 00000001 11111111 (192.168.1.255)

====================================================

11111111 11111111 11111111 10000000 (255.255.255.128 or 25-bit)

Supernetting

As you saw in the subnetting section, you simply added one bit to the network mask to split the network in half. To double the size of a network, you simply take away one bit from the network mask. To continue with the visualization tests, say you are working with the networks of 192.168.126.0/24 and 192.168.127.0/24. Now say you want to be able to have all of the IPs from both 24-bit networks communicate in their own expanded, or super, logical IP network. This would define the range of 192.168.126.0–192.168.127.255, which looks like this written out:

11000000 10101000 01111110 00000000 (192.168.126.0)

11000000 10101000 01111111 11111111 (192.168.127.255)

======================================================

11111111 11111111 11111110 00000000 (255.255.254.0 or 23-bit)

The resulting netmask has 23 on (1) bits, so the new supernet is represented as 192.168.126.0/23. It has a network number of 192.168.126.0 and a broadcast of 192.168.127.255. There are now 510 assignable IPs in this logical IP network.

This prefix/bit-count notation does not work when joining just any ranges of numbers. For example, look at the range of 192.168.10.0–192.168.13.255:

11000000 10101000 00001010 00000000 (192.168.10.0)

11000000 10101000 00001011 00000000 (192.168.11.0)

11000000 10101000 00001100 00000000 (192.168.12.0)

11000000 10101000 00001101 11111111 (192.168.13.255)

====================================================

11111111 11111111 111111?0 00000000

It is illegal to represent this range as 192.168.10.0/22 because it points to a different address range than expected. This can be very confusing to humans, and is bound to lead to error. If you applied the bit count to the address, you're referencing the same network as 192.168.8.0/22. To correctly write out this particular range, you must specify two networks: 192.168.10.0/23 and 192.168.12.0/23. Here's the general rule that lets you know whether the continuous base addresses may be grouped together: For the number X of continuous base addresses to have a common prefix (network number), X must be a power of two, and the last octet containing the network number must be evenly divisible by X.

With that rule in mind, revisit the 192.168.8.0/22 network. To apply the bit count (netmask) against the network prefix (network number), you can write out their binary values and visualize which ranges fall into the mask.

11000000 10101000 00001000 00000000 (192.168.8.0)

11111111 11111111 11111100 00000000 (255.255.252.0 or 22-bits)

===============================================================

11000000 10101000 00000111 00000000 (192.168.7.0 is masked out)

11000000 10101000 00001000 00000000 (192.168.8.0 obviously is in)

11000000 10101000 00001001 00000000 (192.168.9.0 is in)

11000000 10101000 00001010 00000000 (192.168.10.0 is in)

11000000 10101000 00001011 00000000 (192.168.11.0 is in)

11000000 10101000 00001100 00000000 (192.168.12.0 is masked out)

In this example, X=4, because we're combining four continuous base addresses--4 is a power of two, and 8 (the last octet of the base address) is evenly divisible by 4.

Reserved Network Numbers

There is also a standard reserved block of addresses, defined in RFC-1918, for use in private networks. These are networks that will never be connected directly to any public network (specifically the Internet). The private-network addressing standard is shown in Table 20.2.

Table 20.2. Private Network Addresses According to RFC-1918

Address Range	Network Class
10.0.0.0–10.255.255.255	A (1 class A network)
172.16.0.0–172.31.255.255	B (16 class B networks)
192.168.0.0–192.168.255.255	C (256 class C networks)

There is another reserved class A network, with addresses in the range of 127.0.0.0–127.255.255.255. This is known as the loopback network. It is a virtual network that points to the same host where the packet originates. The usual loopback address in any system is 127.0.0.1. If you want a program to connect to the localhost (the same system) it's running on, you can open a connection to 127.0.0.1. This is useful, for example, when running networking software in a system that isn't connected to a network, or for testing daemons on the local system.

Routing

Networks are connected by means of routers. A router is a device that has connections to two or more networks and takes care of moving packets between them. When a host sends out a packet whose destination lies in the same network, it sends it directly to the destination host. However, if the packet's destination lies in a different network, it sends the packet to a router so that the router will send it to the correct network. This is why it's so important to set a host's netmask correctly--it's the parameter that tells the host whether to send the packet directly to the destination host or to the router (see Figure 20.2).

Figure 20.2 Routers connect networks.

A network usually has a default router, which connects it to other networks. In such a setup, all traffic whose destination is outside the local network gets sent to the default router. There may be several routers in a network; for example, one to the Internet and another one to other internal networks. In this case, it may be necessary to use a static route to tell the host to send packets destined for specific subnets to a specific router, or use dynamic routing by means of a routing daemon (such as igrpd or routed). These daemons are discussed in the Network Daemons section later in this chapter.

The TCP/IP Protocol Suite

TCP/IP is actually not just one protocol, but a protocol suite. At the low level, it's composed of the following protocols:

IP is the lowest common denominator of TCP/IP. Every protocol at a higher level must eventually be translated into IP packets. An IP packet is self-contained in the sense that it contains within itself the addresses of its source and destination. However, it may be part of a larger conversation.

TCP is a connection-based or stream-oriented protocol on top of IP. This means that an application that communicates with another using TCP sends and receives data as a stream of bytes, and the TCP/IP stack takes care of splitting the data into packets and putting the packets back together again in the receiving end. It also ensures that the packets arrive in order and requests retransmission of missing and corrupt packets.

On the other hand, the UDP protocol is a datagram-based or packet-oriented protocol. It is a connectionless protocol. This protocol does not have built-in checking to ensure that the packets arrive in order, or to check for missing packets. However, due to this missing protocol overhead, UDP can be quite efficient for use with applications that send small amounts of information, or on a network that is fast and reliable, such as Ethernet on a private LAN.

Application-specific protocols work on top of TCP and UDP. Some of these follow:

SMTP (Simple Mail Transfer Protocol)
HTTP (Hypertext Transfer Protocol)
FTP (File Transfer Protocol)
SNMP (Simple Network Management Protocol)
NFS (Network Filesystem)

Each has different characteristics, depending on its intended use. Figure 20.3 shows the layers of the TCP/IP suite and the corresponding layers in the OSI reference model. The OSI model was never widely adopted. It consisted of seven layers: application, presentation, session, transport, network, (data) link, and physical.

Figure 20.3 TCP/IP is a protocol suite composed of several layers.

Ports

A single computer may host several services. To distinguish one service from the next, something more is needed than just the host's IP address. You use different ports on the computer to respond to specified services (see Figure 20.4). Ports are analogous to the jacks in an old-fashioned manual switchboard.

Figure 20.4 A single computer may host different services in different ports.

A server daemon can be configured to listen on any port. However, things would be very complicated if this decision were entirely arbitrary, because there would be no easy way of finding out what port a given service was listening on. To help, some well-known ports have been defined in RFC-1700. Some of these well-known ports are listed in Table 20.3.

Table 20.3. Some Well-Known Port Numbers

Port/Protocol	Name	Use
7/tcp	echo	Echoes everything it receives
13/tcp	daytime	Sends back the current date and time
22/tcp	ssh	Secure Shell
23/tcp	telnet	Remote terminal emulation
25/tcp	smtp	Email transfer
53/udp	domain	Domain Name System
80/tcp	www	World Wide Web traffic
110/tcp	pop3	Post Office Protocol, version 3
443/tcp	https	Secure Web traffic

Sockets

In network parlance, a socket is a network connection between two processes, which may be running on the same or different computers. Technically, an open socket has four parts: source host, source port, destination host, destination port. A closed socket has only the source port and source host.

Note that a socket has ports on both sides of the connection. When a client tries to connect to a server, it first asks the system for a free port (one that isn't being used by any other program). It then asks the system to connect to a destination host and port using that source port. That is why there can be several programs connected between the same two hosts; for example, a browser can have two or more windows open to the same host. The system keeps track of both the source and the destination port, and has different sockets for each connection.

Configuring the Network | Next Section

Previous Section