Network


NETWORK CONFIGURATION AT BOOT TIME:



1. /etc/rc.net      

Configures and starts TCP/IP interfaces. Sets hostname, default gateway and static routes.(it is called by cfgmgr)

then during initialization, the file /etc/inittab is called. There are 2 entries:

        ...

        rctcpip:23456789:wait:/etc/rc.tcpip > /dev/console 2>&1 # Start TCP/IP daemons

        rcnfs:23456789:wait:/etc/rc.nfs > /dev/console 2>&1 # Start NFS Daemons

        ...

2. /etc/rc.tcpip      

starts TCP/IP daemons (sendmail, portmap, inetd, etc., and other daemons: syslogd, lpd ...)


3. /etc/inetd.conf    


when inetd started, it reads its configuration from this file

 contains the name of the services that inetd listens for requests and starts as needed




PORTMAP DAEMON:

The portmap daemon converts remote procedure call (RPC) program numbers into Internet port numbers. (like in the case of NFS)



When an RPC server starts up, it registers with the portmap daemon. The portmap daemon knows the location of every registered port on the host and which programs are available on each of these ports. When a client sends an RPC to the server, the portmap daemon answers to the client which port to send the call to. Portmap daemon listens on port number 111.

It is started from /etc/rc.tcpip before inetd and the RPC servers (e.g. nfs). Thus, when the RPC servers start they can register with portmap.





INETD DAEMON:

The /usr/sbin/inetd daemon provides Internet service management for a network. It reduces system load by invoking other daemons. The inetd daemon listens for connections on certain Internet sockets (info in /etc/inetd.conf) and handles those requests.



The inetd daemon is a subsystem that controls the following daemons (subservers): ftpd, fingerd, talkd, telnetd ...



/etc/inetd.conf        inetd configuration file (if changed by an editor, run refresh -s inetd)

smitty inetd           updates automatically the /etc/inetd.conf

lssrc -ls inetd        shows details of subservers started in inetd

stopsrc -s inetd       stops the inetd daemon

stopsrc -t ftp         stops an inetd subserver

------------------------



NAME RESOLUTION:



You can use several methods to ensure that /etc/hosts file is used before any DNS, if the /etc/resolv.conf file exists.

You can include the NSORDER variable in the /etc/environment file, or you can include a specification line in either the /etc/irs.conf file or the /etc/netsvc.conf file.

The settings in the /etc/netsvc.conf configuration file override the settings in the /etc/irs.conf file. The NSORDER environment variable overrides the settings in the /etc/irs.conf and the /etc/netsvc.conf files.



Domain Name Service (DNS):

/etc/resolv.conf        contains name servers, if this file exists then we have a domain network, if not then /etc/hosts file is used

/etc/netsvc.conf        specify the ordering of name resolution (or NSORDER environment variable can contain this)

                        (if both exists NSORDER will override netsvc.conf)

                        bind=DNS, local=/etc/hosts



pl.:

NSORDER=local,bind   
The /etc/netsvc.conf and /etc/irs.conf files are used by the resolver routines as soon as the files exist

/etc/netsvc.conf configuration:
hosts=local,bind


/etc/irs.conf configuration:
hosts local continue
hosts dns


nslookup     responds similarly to the host command, but it only uses DNS (don't NIS and don't /etc/hosts)

Flat Network:
/etc/hosts               contains the hostnames and their address for hosts in the network
host           searches through the /etc/hosts file, and display the ip address of the hostname
host         searches through the /etc/hosts file, and display the hostname
To work properly both should give the same result.

------------------------

ADDRESS RESOLUTION:
Internet-to-physical address (MAC address)

arp -a            shows the ARP table
the manual of arp command can help

------------------------

VERIFYING OPEN PORTS:
To display TCP/IP application ports (which are opened)

netstat -an            lists of opened ports with port numbers (netstat -an -f inet)
netstat -af inet       lists all open UDP and TCP ports with service names (not the port numbers)
server ports are in LISTEN state, client connections to or from any port are in ESTABLISHED state

/etc/services          contains information about known services and their portnumber (if changing this file: refresh -s inetd)

------------------------

ROUTING

lsattr -El inet0
     shows routings in the inet0 (which is a netwotk device in the kernel (config info for inet0 is stored in the odm)
                     (you can check with this as well: odmget -q attribute=route CuAt)
netstat -rn          shows the routing table. (-r: displays routing statistics, -n: displays the network address as an IP address)

In the routing table:
    U - route is up and available
    H - route is to a host
    G - route is to a gateway
    b - route represents a broadcast address
    S - manually added??? (Static route: it will come back after reboot???)
    A - Active Dead Gateway Detection is enabled on the route

Check both places: netstat -nr and lsattr -El inet0 (odmget -q "attribute = route" CuAt)


Commands:

chdev            smitty route     route           

ADD/REMOVE with chdev: (permanent)
(when default route is added it can be network route, dest. addres is 0.0.0.0 and network mask can be 0.0.0.0)
(we can add interface name as well, if omitted system will add 1)


add:
chdev -l inet0 -a route=net,-hopcount,0,,0,100.200.200.65
chdev -l inet0 -a route=0,       
remove:

first check lsattr -El inet0, and copy a line exactly from the output into " ...":

chdev -l inet0 -a delroute="net,-hopcount,0,-netmask,255.255.0.0,-if,en4,,,,50.20.0.0,50.50.80.3"
chdev -l inet0 -a delroute="net,-hopcount,0,,0,100.200.200.65"
chdev -l inet0 -a delroute="net,-hopcount,0,-netmask,255.255.255.240,,,,,-static,50.20.100.80,10.10.3.1"

------------------------

ADD/REMOVE with route: (temporary)

add:
route add 0 9.19.99.11                                    route add -net 100.100.243.0 -netmask 255.255.255.0 100.100.200.209    route add -net 9.19.99/22 9.19.98.11                      route add -host 50.200.100.31 50.200.100.20               route add 10.200.40.28 10.200.40.1 -active_dgd   
remove:
route delete 50.20/22 50.50.80.3                           route delete 0 9.19.99.11                                 
route -f                clear the routing table (except those created implicitly)

mkdev -l inet0         it will recreate the routes which exist in the ODm (inet0) (it can help, if it was deleted manually)

The route command distinguishes between routes to hosts and routes to networks by interpreting the network address of the destination address. The optional keywords -net and -host force the destination to be interpreted as given.

If there are more routes (duplicate routes) on host A, you can have some packet loss, when you ping host A from host B. On host A if you issue many times: route -n get , you will see interface names (enX) will change, this is due to bad routing)


For Static routes a solution would be:
(instead of using chdev and ODM checking)

1. add the routes with route command

2. Put the routes into /etc/rc.net file (with the same route command)

Look for "Part II - Traditional Configuration," and you will see an area in which you can add routes
This way, you have a flat file that is easily modified, contains the route information in a straightforward way, and doesn't manipulate the ODM.

To remove all the routes:
(routing table + ODM)
/etc/route -n -f and odmdelete -o CuAt -q "name=inet0 and attribute=route"


------------------------
chdev                  - changes are effective immediately and across boots
ifconfig, route        - changes are active immediately and are effective until reboot
------------------------


DIFFERENT INTERNET SERVICES:

            ARPANET                  BERKLEY                  SECURE SHELL
            secure (not powerful)    powerful (not secure)    secure and powerful


Remote login:     telnet               rlogin/rsh                 ssh
Remote execue:    rexec                rsh                        ssh
File Transfer:    ftp                  rcp                        sftp/scp

------------------------


OTHER COMMANDS:
smitty inet            configuring interfaces
smitty tcpip           configuring TCP/IP
smitty mktcpip         on 1 page you can set: hostname, default gateway, netmask...

smitty hostname        sets the hostname (chdev -l inet0 -a hostname=)

lsdev -Cc adapter      lists adapters
lsdev -Cc if           lists interfaces
lsattr -EHl en0        lists attributes (ez is müxik: lsattr -EHl ent0)
lscfg -vpl     shows vital product data (e.g. lscfg -vpl ent0)

ifconfig               configure and modify properties of network interfaces
ifconfig -a            displays information about all interfaces (should be UP and RUNNING)
ifconfig en0           shows attributes of a specific interface (lo0:loopback, en0:ethernet...)
ifconfig en0 up        activates network interface (... down: deactivates it)


ifconfig en1 50.20.100.47 netmask 255.255.255.192        configure ip (or ifconfig en0 x.x.x.x netmask y.y.y.y up)
ifconfig en3 10.200.30.106 netmask 255.255.255.0 alias   configure alias (ifconfig makes changes only until reboot)
ifconfig en3 10.200.30.106 netmask 255.255.255.0 delete  deletes ip from interface en3

chdev -l en8 -a netaddr=50.20.80.4                       changes the ip on en8
chdev -l en1 -a netaddr=12.10.10.2 -a netmask=255.255.255.0 -a state=up
chdev -l en3 -a alias4=10.10.6.26,255.255.255.0          adds alias to en3 (last after reboot as well)
chdev -l en9 -a delalias4=10.200.200.136,255.255.255.224 removes an alias (this works as well: ifconfig en1 delete 9.37.207.29)

no -a                  lists network tuning parameters

ping -c 1    sends only 1 packet
ping -f      floods out packets (it is good for testing the network for handling a lot of traffic)
ping -s specifies the number of bytes to be sent

rpcinfo -d        deletes registration of a service (clears up the port?)

spray -c 100 -l 50 -d 1 sends a specified number of packets to a host (performance statistics)
                       it uses RPC which is higher level then ICMP (higher layer than ping)
                       sprayd must be run in host to get respond (inetd.conf)
        -c             number of packets to send
        -l             the size of a packet
        -d             delay time (in microseconds) between sending the packets
        -i             sends ICMP package not RPC

netstat -rn            shows the routing table
netstat -in            shows the MAC addresses (and IP addresses) of all interfaces
netstat -v             shows device driver information
netstat -v ent2        shows statistical information (it uses entstat, e.g. it is similar to entstat -d ent2)
netstat -v |grep Media    shows running speed (100Mbs..., Full duplex) (netstat -v | egrep "ETH|Media|Speed|Link")
netstat -p udp         display UDP transport statistics (dropped, socket buffer overflow)
netstat -p tcp         display TCP transport statistic (retransmitted: it means cannot ACK before timeout, duplicate packets)
netstat -I en0 2       shows traffic across that interface in 2 seconds intervals
netstat -an            display the status of connections to host

route get              shows info which interface, gateway ... is used to reach the ip
traceroute             shows each router the packets travel through to reach the target host
                       +with the min., average, max. response time taken to get to that router (* means probe to the next router timed out)
traceroute packet size can be added as well (once this was successful:traceroute 100.200.140.55 1456, but with 1457 it wasn't)
arp -an                shows the routing table without name resolution

------------------------

tcpdump -i en0 icmp               it will only watch the icmp (ping) traffic on the given interface
tcpdump -i en1 host 50.50.30.8    displays the traffic of en1 which is coming from or going to the given host
tcpdump -n -i en1 host 50.50.30.8 it is the same as above, just without name resolution (more simplified)
tcpdump -i en2 dst host     show only data being sent to a specific host
tcpdump -i en2 src host     show only packets coming from a specific host
tcpdump -i en2 host port 22     show packet destined for or sent by a specific host on a specific port
   
tcpdump -w test.pcap -i en4 host 10.120.0.13    shows network traffic (if -w omitted it displays the results on the screen)
        -w         writes details to file test.pcap (it is not a text file, wireshark can understand it)
        -i         checks traffic only on specified interface
        host       only the communication from the given host will be watched



------------------------

iptrace            same as tcpdump (tcpdump better)

iptrace usage:
1. iptrace -a -i en1 -s clientip -b -d serverip -p 80 trace.out    this will capture both directions on port 80 traffic to file trace.out
2. generate a test, then run: ps -ef | grep iptrace --> kill -15
3. ipreport trace.out>trace.fmt    (after this trace.fmt can be read by wireshark)


uname -n            display the hostname (-x: displays operating system realease number...)
no -o ipforwarding  shows if the host fowards IP datagrams or not (0=not, 1=yes; to change it: no -o ipforwarding=)
                    Hosts should not forward IP datagrams unless specifically configured as a router
------------------------
Hostname setting:

hostname     changes the hostname until next reboot
chdev -l inet0 -a hostname= permanent change

------------------------

Who is using my port?

1. netstat -Aan | grep      is being used.
                                The hex number in the first column is the address of protocol control block (PCB)
    $ netstat -Aan | grep 30542
    f10000f303321b58 tcp4 0 0 *.30542 *.* LISTEN



2. rmsock tcpcb                                           
    $ rmsock f10000f303321b58 tcpcb
    The socket 0x3321800 is being held by proccess 692476 (db2sysc).

Note that rmsock, unlike what its name implies, does not remove the socket, if the socket is being used by any process.
It just reports the process holding the socket. The second argument of rmsock is the protocol. (tcpcb in the example indicates TCP.)

------------------------

If ping does not work and arp -a shows incomplete entry:

server.domain.com (111.111.222.222) at (incomplete)


There is an IFIX (IV13759s01) for this issue, but manually can be fixed by removing this entry from arp table and adding a new one with MAC address.


1. on destination server: check mac address of the network interface (111.111.222.222)
    # netstat -i
    Name  Mtu   Network     Address
    en1   1500  link#2      1e.2f.ed.3c.e4.c                en1   1500  111.111.222 server.domain

2. on the server with wrong arp table:
    arp -d server.domain.com                                arp -s ether server.domain.com 1e:2f:ed:3c:e4:c    
After that arp -a will show correct entry and ping should work.



Comments

Popular posts from this blog

How to Install and Configure Kubernetes Cluster and Docker on CentOS8/RHEL8

How to install Ansible Tower on Red Hat / CentOS

How to install Ansible on RHEL8 / CentOS8