Book: LPI Linux Certification in a Nutshell
Section: Chapter 19.  Networking Fundamentals (Topic 1.12)


19.2 Objective 3: TCP/IP Troubleshooting and Configuration

Linux distributions offer various automation and startup techniques for networks, but most of the essential commands and concepts are not distribution-dependent. The exam tests fundamental concepts and their relationships to one another as well as to system problems. This Objective covers the configuration of TCP/IP on common network interfaces such as Ethernet.

19.2.1 Network Interfaces

A computer must contain at least one network interface to be considered part of a network. The network interface provides a communications link between the computer and external network hardware. This could mean typical network adapters such as Ethernet or Token Ring, PPP dialup connections, parallel ports, wireless, and other networking forms.

19.2.1.1 Configuration files

The following files contain important information about your system's network configuration:

/etc/hostname (or sometimes /etc/HOSTNAME)

This file contains the local assigned hostname for the system.

/etc/hosts

This file contains simple mappings between IP addresses and names and is used for name resolution. For very small private networks, /etc/hosts may be sufficient for basic name resolution. For example, this file associates the local address 192.168.1.30 with the system smp and also with smp.mydomain.com : 

127.0.0.1       localhost       localhost.localdomain
192.168.1.1     gate
192.168.1.30    smp smp.mydomain.com
/etc/nsswitch.conf

This file controls the sources used by various system library lookup functions, such as name resolution. It allows the administrator to configure the use of traditional local files ( /etc/hosts, /etc/passwd ), an NIS server, or DNS. nsswitch.conf directly affects network configuration (among other things) by controlling how hostnames and other network parameters are resolved. For example, this fragment shows that local files are used for password, shadow password, group, and hostname resolution; for hostnames, DNS is used if a search of local files doesn't yield a result: 

passwd:     files nisplus nis
shadow:     files nisplus nis
group:      files nisplus nis
hosts:      files dns nisplus nis

For more information, view the manpage with man 5 nsswitch. The nsswitch.conf file supersedes host.conf.

/etc/host.conf

This file controls name resolution sources for pre-glibc2 systems. It should contain: 

order hosts,bind
multi on

This configuration has the resolver checking /etc/hosts first for name resolution, then DNS. multi on enables multiple IP addresses for hosts. Newer Linux system libraries use /etc/nsswitch.conf instead of /etc/host.conf.

/etc/resolv.conf

This file controls the client-side portions of the DNS system, which is implemented in system library functions used by all programs to resolve system names. In particular, /etc/resolv.conf specifies the IP addresses of DNS servers. For example: 

nameserver 192.168.1.5
nameserver 192.168.250.2

Additional parameters are also available. For more information, view the manpage with man 5 resolver.

/etc/networks

Like /etc/hosts, this file sets up equivalence between addresses and names, but here the addresses represent entire networks (and thus must be valid network addresses, ending in 0). The result is that you can use a symbolic name to refer to a network just as you would a specific host. This may be convenient (though not required) in NFS or routing configuration, for example, and will be shown in commands such as netstat. For example: 

loopback    127.0.0.0
mylan       192.168.1.0

It's not unusual for /etc/networks to be left blank.

On the Exam

Be familiar with all the files listed in this section; each contains specific information important for network setup. Watch for questions on /etc/host.conf, which is not used in newer glibc2 libraries.

19.2.1.2 Configuration commands

The commands listed in this section are used to establish, monitor, and troubleshoot a network configuration under Linux.

host

Syntax

host [options] host [server]

Description

Look up the system with IP address or name host on the DNS server.

Frequently used options

-l

List the entire domain, dumping all hosts registered on the DNS server (this can be very long).

-v

Set verbose mode to view output.

Example 1

$ host oreilly.com
oreilly.com has address 204.148.40.5

Example 2

$ host -v oreilly.com
Trying null domain
rcode = 0 (Success), ancount=1
The following answer is not authoritative:
The following answer is not verified as authentic by the server:
oreilly.com     17397 IN        A       204.148.40.5
For authoritative answers, see:
oreilly.com     168597 IN       NS      AUTH03.NS.UU.NET
oreilly.com     168597 IN       NS      NS.oreilly.com
Additional information:
AUTH03.NS.UU.NET        168838 IN       A       198.6.1.83
NS.oreilly.com  168597 IN       A       204.148.40.4 $

See also the nslookup command in Section 20.5.1.3 in Chapter 20.

hostname, domainname, dnsdomainname

Syntax

hostname [localname]
domainname [nisname]
dnsdomainname

Description

Set or display the current host, domain, or node name of the system. This is a single program with links defining additional names. When called as hostname, the system's hostname is displayed. If localname is provided, the hostname is set. domainname displays or sets the NIS domain name. dnsdomainname displays the current DNS domain name but does not set it. See man 1 hostname for full information.

ifconfig

Syntax

ifconfig interface parameters

Description

Configure network interfaces. ifconfig is used to create and configure interfaces and their parameters, usually at boot time. Without parameters, the interface and its configuration are displayed. If interface is also omitted, a list of all active interfaces and their configurations is displayed.

Frequently used parameters

address

The interface 's IP address.

netmask mask

The interface 's subnet mask.

up

Activate an interface (implied if address is specified).

down

Shut down the driver for the interface.

Example 1

Display all interfaces:

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:A0:24:D3:C7:21
          inet addr:192.168.1.30  Bcast:192.168.1.255  
          Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1521805 errors:37 dropped:0 
          overruns:0 frame:37
          TX packets:715468 errors:0 dropped:0 overruns:0 
          carrier:0
          collisions:1955 txqueuelen:100
          Interrupt:10 Base address:0xef00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:366567 errors:0 dropped:0 overruns:0 
          frame:0
          TX packets:366567 errors:0 dropped:0 overruns:0 
          carrier:0
          collisions:0 txqueuelen:0

Example 2

Shut down eth0:

# ifconfig eth0 down
# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:A0:24:D3:C7:21
          inet addr:192.168.1.30  Bcast:192.168.1.255  
          Mask:255.255.255.0
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:1521901 errors:37 dropped:0 
          overruns:0 frame:37
          TX packets:715476 errors:0 dropped:0 overruns:0 
          carrier:0
          collisions:1955 txqueuelen:100
          Interrupt:10 Base address:0xef00

Note in the emphasized line the lack of the UP indicator, which is present in Example 1. The missing UP indicates that the interface is down.

Example 3

Configure eth0 from scratch:

# ifconfig eth0 192.168.1.100 netmask 255.255.255.0
     broadcast 192.168.1.255
netstat

Syntax

netstat [options]

Description

Depending on options, netstat displays network connections, routing tables, interface statistics, masquerade connections, netlink messages, and multicast memberships. Much of this is beyond the scope of the LPIC Level 1 exams, but you must be aware of the command and its basic use.

Frequently used options

-c

Continuous operation. This option yields a netstat display every second until interrupted with Ctrl-C.

-i

Display a list of interfaces.

-n

Numeric mode. Display addresses instead of host, port, and usernames.

-p

Programs mode. Display the PID and process name.

-r

Routing mode. Display the routing table in the format of the route command.

-v

Verbose mode.

Example

Display the interfaces table and statistics (the example output is truncated): 

# netstat -i
Kernel Interface table
Iface MTU  Met   RX-OK RX-ERR RX-DRP RX-OVR  TX-OK
eth0  1500 0   1518801     37      0      0  713297
lo    3924 0    365816      0      0      0  365816
ping

Syntax

ping [options] destination

Description

Send an ICMP ECHO_REQUEST datagram to destination, expecting an ICMP ECHO_RESPONSE. ping is frequently used to test basic network connectivity.

Frequently used options

-c count

Send and receive count packets.

-q

Quiet output. Display only summary lines when ping starts and finishes.

route

Syntax

route [options]
route add [options and keywords] target
route del [options and keywords] target

Description

In the first form, display the IP routing table. In the second and third forms, respectively add or delete routes to target from the table. target can be a numeric IP address, a resolvable name, or the keyword default. The route program is typically used to establish static routes to specific networks or hosts (such as the default gateway) after an interface is configured. On systems acting as routers, a potentially complex routing scheme can be established initially, but this is beyond the scope of the LPIC Level 1 exams.

Frequently used options and keywords

-v

Verbose output.

-h

Display a usage message.

-n

Numeric mode; don't resolve hostnames.

-net

Specify that target is a network. Mutually exclusive with -host.

-host

Specify that target is a single host. Mutually exclusive with -net.

-F

Display the kernel routing table (the default behavior without add or delete keywords).

-C

Display the kernel routing cache.

netmask mask

Specify the mask of the route to be added. Often, the netmask is not required because it can be determined to be class A, B, or C, depending on the target address.

gw gateway

IP packets for target are routed through gateway, which must be reachable, probably through a static route to gateway, which is already established.

When used to display routes, the following routing table columns are printed:

Destination

The destination network or host.

Gateway

The gateway address. If no gateway is set for the route, an asterisk (*) is displayed by default.

Genmask

The netmask for the destination. 255.255.255.255 is used for a host and 0.0.0.0 is used for the default route.

Route status flags
U

Route is up.

H

Target is a host.

G

Use gateway.

R

Reinstate route for dynamic routing.

D

Dynamically installed by daemon or redirect.

M

Modified from routing daemon or redirect.

!

Reject route.

Metric

The distance in hops to the target.

Ref

Number of references to this route. This is displayed for compatibility with other route commands but is not used in the Linux kernel.

Use

A count of lookups for the route. Depending on the use of -F and -C, the Use is either route cache misses (-F) or hits (-C).

Iface

The interface to which packets for this route are sent.

Example 1

Display the current routing table for a workstation:

# route
Kernel IP routing table
Destination  Gateway Genmask         Flags Met Ref Use Iface
192.168.1.30 *       255.255.255.255 UH    0   0     0 eth0
192.168.1.0  *       255.255.255.0   U     0   0     0 eth0
10.0.0.0     -       255.0.0.0       !     0   -     0 -
127.0.0.0    *       255.0.0.0       U     0   0     0 lo
default      gate    0.0.0.0         UG    0   0     0 eth0

In this example, the route to the local host 192.168.1.30 uses interface eth0. Note the mask 255.255.255.255 is used for host routes. The route to the local subnet 192.168.1.0 (with corresponding class C mask 255.255.255.0) is also through eth0. The route to 10.0.0.0 is rejected as indicated by the ! flag. The class A loopback network route uses device lo. The last route shows the default gateway route, which is used when no others match. This default uses eth0 to send data to router gate. The mask 0.0.0.0 is used for the default route.

Example 2

Display the current routing cache; the Metric (M) and Reference (R) columns are abbreviated here: 

# route -C
Kernel IP routing cache
Source        Destination    Gateway      Flg M R Use Iface
smp           192.168.1.255 192.168.1.255 bl  0 0   1 eth0
192.168.1.102 192.168.1.255 192.168.1.255 ibl 0 0   0 lo
192.168.1.102 smp           smp           il  0 0   1 lo
192.168.1.50  smp           smp           il  0 0 224 lo
smp           192.168.1.102 192.168.1.102     0 1   0 eth0
smp           ns1.mynet.com gate              0 0   2 eth0
smp           192.168.1.50  192.168.1.50      0 1   0 eth0
localhost     localhost     localhost     l   0 0  15 lo
ns1.mynet.com smp           smp           l   0 0   6 lo
smp           ns1.mynet.com gate              0 0   6 eth0

Example 3

Add the default gateway 192.168.1.1 via eth0: 

# route add default gw 192.168.1.1 eth0
traceroute

Syntax

traceroute [options] destination

Description

Display the route that packets take to reach destination, showing intermediate gateways (routers). There isn't a direct method to use to make this determination, so traceroute uses a trick to obtain as much information as it can. By using the time-to-live field in the IP header, traceroute stimulates error responses from gateways. The time-to-live field specifies the maximum number of gateway hops until the packet should expire. That number is decremented at each gateway hop, with the result that all packets will die at some point and not roam the Internet. To get the first gateway in the route, traceroute sets the time-to-live parameter to 1. The first gateway in the route to destination decrements the counter, and finding a result, reports an ICMP TIME_EXCEEDED message back to the sending host. The second gateway is identified by setting the initial time-to-live value to 2 and so on. This continues until a PORT_UNREACHABLE message is returned, indicating that the host has been contacted. To account for the potential for multiple gateways at any one hop count, each probe is sent three times.

The display consists of lines showing each gateway, numbered for the initial time-to-live value. If no response is seen from a particular gateway, an asterisk is printed. This happens for gateways that don't return "time exceeded" messages, or do return them but set a very low time-to-live on the response. Transit times for each probe are also printed.

Frequently used options

-f ttl

Set the initial probe's time-to-live value to ttl, instead of 1.

-n

Display numeric addresses instead of names.

-v

Use verbose mode.

-w secs

Set the timeout on returned ICMP packets to secs, instead of 5.

Example

# traceroute www.lpi.org
traceroute to www.lpi.org (209.167.177.93), 
  30 hops max, 40 byte packets
 1  gate (192.168.1.1)  
       3.181 ms  1.200 ms  1.104 ms
 2  209.125.145.1 (209.125.135.1)
       16.041 ms  15.149 ms  14.747 ms
 3  a1-9-1-0-1.a01.phl1.us.io.net (137.94.47.1)
       84.132 ms  133.937 ms  77.865 ms
 4  ge-6-0.r01.phlapa01.us.io.net (126.250.29.17)
       22.450 ms  16.114 ms  16.051 ms
 5  p4-6-0-0.r01.nycmny01.us.bb.verio.net (129.250.3.126)
       18.043 ms  18.485 ms  18.175 ms
 6  nyc1.uunet.verio.net (129.250.9.62)
       19.735 ms  21.135 ms  19.212 ms
 7  105.ATM3-0.XR1.NYC1.ALTER.NET (146.188.177.154)
       20.237 ms  18.515 ms  18.712 ms
 8  295.ATM6-0.XR1.NYC4.ALTER.NET (146.188.178.90)
       26.855 ms  29.540 ms  35.908 ms
 9  189.ATM8-0-0.GW5.NYC4.ALTER.NET (146.188.179.225)
       36.541 ms  36.127 ms  30.849 ms
10  224.ATM1-0-0.BB1.TOR2.UUNET.CA.ALTER.NET (137.39.75.26)
       58.823 ms  68.675 ms  62.522 ms
11  f0-0-0.bb2.tor2.uunet.ca (205.150.242.110)
       336.310 ms  174.557 ms  394.909 ms
12  209.167.167.118 (209.167.167.118)
       56.027 ms  58.555 ms  56.289 ms
13  209.167.177.90 (209.167.177.90)
       59.349 ms  57.409 ms  57.993 ms
14  new.lpi.org (209.167.177.93)
       57.021 ms  56.162 ms  58.809 ms

In this example, there are 13 hops to www.lpi.org, reached with a time-to-live value of 14. All three probes of all time-to-live counts are successful.

Most of these commands will appear in system scripts used at boot and shutdown times. Such scripts differ among various Linux distributions but are usually found somewhere under /etc, such as /etc/rc.d/init.d or /etc/sysconfig. You should review the networking scripts on a working Linux system to gain a perspective on how the various configuration commands are used together.

On the Exam

While the creation of complete network management scripts from scratch is beyond the LPIC Level 1 exams, you must be familiar with these commands individually, their functions, how they are used, as well as why they are used. For example, you must be familiar with route and its use in establishing routes to the loopback device, the localhost, the gateway machine, and the creation of the default gateway route. A general understanding of the routing table display is also required. Questions may ask you to determine the cause of a network problem based on the routing configuration (such as a missing default route).

19.2.1.3 Common manual network interface tasks

Network interfaces are established in the kernel at boot time through the probing of Ethernet hardware. As a result, these interfaces always exist unless the hardware or kernel module is removed. Other types of interfaces, such as PPP, are created by user programs. These interfaces are transient and exist only when they are in use.

To list interface parameters, use ifconfig with the interface name: 

# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:A0:24:D3:C7:21
          inet addr:192.168.1.30  Bcast:192.168.1.255  
          Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:1857128 errors:46 dropped:0 
          overruns:0 frame:46
          TX packets:871709 errors:0 dropped:0 
          overruns:0 carrier:0
          collisions:2557 txqueuelen:100
          Interrupt:10 Base address:0xef00

If you run ifconfig without any parameters, it displays all active interfaces, including the loopback interface lo and perhaps a PPP interface if a modem is dialed into a service provider.

To shut down a network interface that is currently running, simply use ifconfig with the down keyword: 

# ifconfig eth0 down

When the interface goes down, any routes associated with it are removed from the routing table. For a typical system with a single Ethernet interface, this means that the routes to both the interface and the default gateway will be lost. Therefore, to start a previously configured network interface, ifconfig is used with up followed by the necessary route commands. For example: 

# ifconfig eth0 up
# route add -host 192.168.1.30 eth0
# route add default gw 192.168.1.1 eth0

To reconfigure interface parameters, follow those same procedures and include the changes. For example, to change to a different IP address, the address is specified when bringing up the interface and adding the interface route: 

# ifconfig eth0 down
# ifconfig eth0 192.168.1.60 up
# route add -host 192.168.1.60 eth0
# route add default gw 192.168.1.1 eth0

Your distribution probably supplies scripts to handle some of these chores. For example, Red Hat systems come with scripts like ifup, which handle all the details necessary to get an interface and its routes up and running.

On the Exam

Be prepared to answer questions on the use of ifconfig and route for basic interface manipulation. Also remember that scripts that use these commands, both manually and automatically, are usually available at boot time.

19.2.2 DHCP

The Dynamic Host Configuration Protocol (DHCP)[6] is a protocol extension of the BOOTP protocol, which provides automated IP address assignment (among other things) to client systems on a network. It handles IP address allocation in one of two ways:[7]

[6] DHCP is a vendor-neutral protocol.

[7] If you read RFC 1531, you'll note that a third type of allocation, called Automatic, is mentioned. For the purposes of this discussion, consider Automatic and Manual to be equivalent methods.

Dynamic allocation

In this scheme, a DHCP server maintains a preset list of IP addresses designated by the system administrator. IP addresses are assigned as clients request an address from the available addresses in the pool. The address can be used, or leased, for a limited period of time. The client must continually renegotiate the lease with the server to maintain use of the address beyond the allotted period. When the lease expires, the IP address is placed back into the pool for use by other requesting clients and a new IP address is assigned.

Manual allocation

The system administrator may wish to designate specific IP addresses to specific network interfaces (for example, to an Ethernet MAC address) while still using DHCP to deliver the address to the client. This allows the convenience of automated address setup and assures the same address each time.

DHCP can be configured to assign not only the IP address to the client but also such things as name servers, gateways, and architecture-specific parameters. Here's an overview of how it works:

  1. A DHCP client sends a broadcast message to the network in order to discover a DHCP server.

  2. One or more DHCP servers respond to the request via their own broadcast messages, offering an IP address to the client.

  3. The client chooses one of the servers and broadcasts an acknowledgment, requesting the chosen server's identity.

  4. The selected server logs the connection with the client and responds with an acknowledgement and possibly additional information. All of the other servers do nothing because the client declined their offer.

19.2.2.1 Subnets and relays

Since DHCP communications are initiated using broadcasts, they are normally confined to a single subnet. To accommodate DHCP clients and servers separated by one or more routers, a DHCP relay system can be established on subnets without DHCP servers. A relay system listens for DHCP client broadcasts, forwards them to a DHCP server on another subnet, and returns DHCP traffic back to the client. This configuration can centralize DHCP management in a large routed environment.

19.2.2.2 Leases

As already mentioned, when a client receives a dynamically assigned IP address from a DHCP server, the address is said to be leased for a finite duration. The length of a DHCP lease is configurable by the system administrator and typically lasts for one or more days. Shorter leases allow for faster turnover of addresses and are useful when the number of available addresses is small or when many transient systems (such as laptops) are being served. Longer leases reduce DHCP activity, thus reducing broadcast traffic on the network.

When a lease expires without being renegotiated by the client, it as assumed that the client system is unavailable, and the address is put back into the free pool of addresses. A lease may also be terminated by a client that no longer needs the IP address, in which case it is released. When this occurs, the DHCP server immediately places the IP address back in the free pool.

19.2.2.3 dhcpd

The DHCP server process is called dhcpd. It is typically started at boot time and listens for incoming DHCP request broadcasts. dhcpd can serve multiple subnets via multiple interfaces, serving a different pool of IP addresses to each.

dhcpd is configured using the text configuration file /etc/dhcpd.conf, which contains one or more subnet declarations. These are text lines of the following form: 

subnet network-address netmask subnet-mask {
  parameter...
  parameter...
  ...
}

Each subnet declaration encloses parameters for each subnet between curly braces. Parameters include one or more ranges of IP addresses to serve, lease times, and optional items such as gateways (routers), DNS servers, and so forth. Each parameter line is terminated with a semicolon. For example: 

subnet 192.168.1.0 netmask 255.255.255.0 {
  range 192.168.1.200 192.168.1.204;
  default-lease-time 600;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.1.255;
  option routers 192.168.1.1;
  option domain-name-servers 192.168.1.25;
}

In this example, the private class C network 192.168.1.0 is served five IP addresses, 200 through 204. The default DHCP lease is 600 seconds (10 minutes). Options are also set for the subnet mask, broadcast address, router (or gateway), and DNS server. For full information on dhcp.conf, see its manpage.

The preceding option lines are not required to create a minimal DHCP setup that simply serves IP addresses. Details on the daemon follow.

dhcpd

Syntax

dhcpd [options]

Description

Launch the DHCP server daemon. dhcpd requires that both its configuration file /etc/dhcpd.conf and its lease log file /var/state/dhcp/dhcpd.leases (or similar) exist. The daemon puts itself in the background and returns control to the calling shell.

Frequently used options

-cf config-file

Use config-file instead of the default /etc/dhcpd.conf.

-lf lease-file

Use lease-file instead of the default to store lease information.

-q

Use quiet mode. This option suppresses the default copyright message, keeping log files a little cleaner.

A full and detailed description of the configuration file syntax can be found in the dhcpd.conf manpage. When dhcpd runs, it sends output -- including information on each transaction -- to syslog. For example, this series of four log entries in /var/log/messages shows a successful exchange between dhcpd and a requesting DHCP client: 

Apr 24 02:27:00 rh62 dhcpd: DHCPDISCOVER 
   from 00:60:97:93:f6:8a via eth0
Apr 24 02:27:00 rh62 dhcpd: DHCPOFFER 
   on 192.168.1.200 to 00:60:97:93:f6:8a via eth0
Apr 24 02:27:01 rh62 dhcpd: DHCPREQUEST 
   for 192.168.1.200 from 00:60:97:93:f6:8a via eth0
Apr 24 02:27:01 rh62 dhcpd: DHCPACK 
on 192.168.1.200 to 00:60:97:93:f6:8a via eth0

On the Exam

You must be able to configure a basic DHCP server. You should understand the basic syntax of the dhcpd.conf file and understand the sequence of events in a DHCP negotiation. You may be asked to locate a DHCP configuration problem given a particular scenario.

The use of DHCP relay systems and the detailed configuration of dhcpd are beyond the scope of Exam 102.