Search This Blog

Tuesday, March 30, 2010

Structuring the network services - A simple start

As a network administrator, we keep our network growing and up all the time. But, some decisions which we have taken early, becomes a mess and creates many issues now. Yes the one of the issues well known for most of the administrators are the IP assigning.

One of the network started with 4 computers, later became 2 servers and 10 stations, later increased and became more than 50. The computers were not fixed in same place, they started moving between departments, a new one started to get added every week, while new laptop users jumped on and off. 3rd party providers came to office and started working for some time and they were, on and off.

The static IPs were split into zones and assigned but later the tracks were not right.. The PC entry log(at the gates) said we have more than 200 visitors every 3 months. Where our sub-net supports only 255 computer!!!!!!

Yes the answer is simple, we need a DHCP.... but we also needed proper network structure.
We need to know the network usage properly. We have wireless users and wired network users.
All wireless users are laptop users, while few laptops connect through the wired network.

The first level of separation is wired users and wireless users. Our internet gateway server has 2 Network cards which connects to internet and wired network, while the wired and network and wireless are mixed through the hubs.

Now a new NIC card is added in the gateway server and that is used to connect to the wireless hub. A DHCP is used to assign range of IPs for wired network (192.168.1.51 - 150). While the gateway server for wireless network is the same gateway server, but it uses different network address range in 192.168.2.x, A DHCP for this zone is enabled and the IP is leased from 192.168.2.51 to 192.168.2.100.

Now the network has few servers where they belong to wired networks... their IPs are added to static range from 192.168.1.2 to 192.168.1.50.

The gateway server now has a firewall / routing rule. Only few mac address of the wireless network are allowed to connect the wired network while the rest can only access internet.
While the wired network can access all the wireless network.

The new installed PCs now work with DHCP never need to care about the IP when new users come in. Security to a level is in place..... but not 100% will discuss more about this in upcoming posts.

Friday, February 19, 2010

Basics of Networking - Part 4 (Debugging Basics)

The past posts on the blog were on the basics of networking....
Now we are about to see how can we debug is something is wrong in the setup.

The following posts will help to debug faster.
  1. Basics of Networking - Part 1 - Assigning IPs
  2. Basics of Networking - Part 2 - Connecting Internet
  3. Basics of Networking - Part 3 - Internet through Proxy
The default way to go through the debugging will be the following way.
This approach starts to analyze the problem from the PC where the problem is found.
  1. ping 127.0.0.1
    If fails, check do the network services are started.
  2. ping assigned IP.
    If fails, check the network cable is properly plugged-in
  3. ping gateway
    If fails, check the gateway is on and the IPs are in same subnet.
  4. ping DNS / Name servers. (Only if routed / NAT is available)
    If fails ping the same from gateway.
  5. ping the gateway of the gateway from the gateway computer.
    If fails, check do you have the broadband signals / link is up.
  6. All works but still can't connect?
    try tracepath / traceroute with a google.com or yahoo.com
    Find at which level it fails.....
Most probably the debugging the issues are based on what problems we have...
Remember a blind issue of internet not working is OK to hear from others... but not when we are working in detail.
So here are some FAQs....

  1. Could not ping Gateway but my network wires are properly plugged.
  2. Gateway pings but could not resolve host names.
  3. I use a proxy. My http connection works but not https and ftp.
  4. SSH connections are not working after introduction of proxy.
  5. I use proxy. DNS name resolving works in the browser but fails in the terminal.
  6. Internet works through browser, but can't ping any IPs / Hosts in the internet.
1. Could not ping Gateway but my network wires are properly plugged.
This may be due to improper IP assigning. We need to make sure that the IP of the PC and the gateway are in same network. (i.e are they in same subnet...). Theoretically they should be ping able to fix this issue. (Please refer the post assigning IPs)

2. Gateway pings but could not resolve host names.
This is due to improper DNS configuration. Is it possible to ping the DNS servers? If yes we need to be sure, they are really DNS servers ;-). If not ping able, we need to know do the DNS servers IPs are in our range of IPs (Within our subnet) or not. If the IP is within our subnet we may need to verify the DNS server configuration to make it work right. If the IP is out of our network. We may need to ping the DNS server from the gateway PC, i.e sometimes the gateway of the gateway might have network issues not letting us to connect to Internet....

3. I use a proxy. My http connection works but not https and ftp.
The proxy server has different way to support different protocols. Some proxy servers use same port for all kinds of requests. If so the client setting should have same proxy setting for different kind of services. Some proxy servers block may not serve certain protocols, better check the proxy configuration to very the supported protocols.

4. SSH connections are not working after introduction of proxy.
If the client is PuTTy we can configure the proxy settings in the PuTTy. If the client is a linux terminal and we have the problem only for SSH. we need to use http proxy for SSH, tools like corkscrew with ProxyCommand in linux will help. The other workaround is to support NAT in the gateway so both proxy and NAT.

5. I use proxy. DNS name resolving works in the browser but fails in the terminal.
When the browser works with proxy, the name resolving happens in the proxy server while when we try in terminal we have the name resolving based on the DNS server settings in the IP / Network configuration, May be NAT is disabled in the network so we cannot resolve the DNS directly from the current PC.

6. Internet works through browser, but can't ping any IPs / Hosts in the internet.
This is similar to the previous question, enabling NAT will support pinging from any PC in network, The internet works in browser because of the Proxy settings.

The above are not the complete list of problems that might come... they will change according to the network and the usage of network services. The NAT / Proxy has its own advantages and disadvantages where the issues are because of them... Planning the network again falls on what kind of services we use and the debugging procedure remains the same, how big the network is.

Will keep you posted on some new network services and setting up a right infrastructure.

Thursday, February 4, 2010

Basics of Networking - Part 3 (Internet through Proxy)

Hurray.... My network is UP........
Hurray.... My Router shares the internet connection.......

Do I need a Proxy?
A good point that makes us to think. Do we need a proxy? When the router shares the internet. Why do we need a proxy?

If the ADSL modem is our router. We need to think about proxy based on our network size. Sharing about hard learning, we felt the router was extremely good to share internet connection acting as a gateway. But when the network size started to grow we faced frequent network connection drops.... Why?

The ADSL Router was not good enough to handle the too many requests from different machines. May be this is not the case for all the routers but our router did this to us (The router is a least version provided by the ISP, not designed for high traffic).

Whats up next?
Let the internet connection be bridged. Let the PC take up the load....
Let the PC take up the Proxy......


Yes. We are to the topic now.......... Let us know about proxies to get internet shared in the network.

What is a Proxy?
To keep it short. It is an application that acts a layer in between our application (browser) and the web server.

Let us understand the network now.
All the PCs are in same sub-net
PC - A - 192.168.1.1
Laptop - 192.168.1.2
PC - C - 192.168.1.3

Gateway for all should be 192.168.1.1 (PC A, should not have a gateway)

The PC A is running on Windows.........
It has two NIC (Network Interface Card). The first one connects to the ADSL router for Internet connection using the bridging option. The second one now connects to the local network with the IP 192.168.1.1

To make the internet connection simple, use AnalogX Proxy.
Download and install it. When we run it... We see it runs on a Port 6588.

Yes it listens on 6588 Port on 192.168.1.1
We need to say this in our browsers and other internet accessing application like GTalk, Skype, Yahoo Chat and more

Click here to know on how to configure your browser.

Do we need to go only with AnalogX?
No not at all.....
We have too many proxy software with very advanced operations.

Are you having a SOHO (Small Office / Home Office) Network?
Wanted more than a normal proxy?
Still wanted the NAT(Network Address Translation) Feature of the ADSL router with a PC as a gateway?
Wanted more features of Proxy, Firewall and Advanced gateway?

The answer would be, try IPCop-Linux........

When the network grows..... Want too many things to do for internet?
Keep watching..... We will see, how to load balance internet connectivity with multiple Internet connections and multiple proxy servers. There are more to come, for now will go with basics in the network.

Saturday, January 30, 2010

Basics of Networking - Part 2 (Connecting Internet)

For a long time network was an unknown thing, while I was using the network services without knowing how it works....

Have I understood it now? Well the answer is "partially". Yes still it is an unknown mystery for me.

But how could I write about something I don't know?
I would say. I write something that I have learned hard.... spent months and years and found a simple solution may I was in wrong direction, I had no right person behind me to teach. All you see in this blog is not learned from a course... but learned when needed, some through other sources, some through practical experience and what ever worked well after the learning is written but they are not always best.... ;-) You find a better way later or you may know it. If so please correct me when they are wrong.

Going to the topic... Let us start inter-networking (I mean, connect to internet).

What are we going to and not going to discuss in this connecting to internet

We are about to see how can we connect the entire network to internet and we are not going to discuss about single PC internet connection as that will be mostly explained by the ISP.

We assume that we are using a broadband connection to share among our network.

Always an broadband internet connection has to go through a router, also called as ADSL modems. These modems take care of two things
  1. Digital signal transmission through the telephone lines.
  2. Acts as a router and becomes our gateway.
The second point looks odd and we are not clear on what it is going to do. Let us make it clear.

Router is usually a device that is usually used to forward information between two networks, basically to connect networks of different subnet.

To access internet we need an IP address that is matching to the network of the provider (ISP). So the Router gets the IP from the ISP and on the other end it also has a local IP of our network.

Do this means it has two IPs?
Yes, it has two IPs, one end for the internet and other for our local network.
It acts as the gateway for the network. (Read - Basics of networking).
So all the internet requests navigate through this gateway and this gateway contacts the ISP to get our requests answered.

What else it can do?
This router also connects in an other mode called bridging. The bridging is a simple way of only acting as a modem and it translates the computer signals through the ISDN wire while the IP of the provider is directly assigned to the computer to which the router is connected. The bridging is possible if only one computer connects to the internet through the router.

The IP will be assigned dynamically or statically. They become active on boot or using PPPoE (Point to Point Protocol over Ethernet) dial-up.

How do we share the internet from the router?
IP Details
  1. Modem/Router - 192.168.1.1
  2. PC A - 192.168.1.2
  3. Laptop B - 192.168.1.3
  4. PC C - 192.168.1.4
All the above has same subnet and same gateway 192.168.1.1 which means the router is the gateway for all IPs.

All the PC needs DNS Server IP to identify the websites out of its network. The DNS IPs will be provided by the ISP or we can use Google's Public DNS.

Thus the ADSL router makes internet available for all the computers in the network.

While we will discuss on sharing the internet using a proxy in upcoming posts.

Basics of networking - Part 1 (Assiging IPs)

Let us start networking.... ;-) Not social networking

Since the start of the blog, we have been to the topic and this time too we are to the topic.

We are about to connect more than two computers to form a network. This involves various process to make it happen. As this blog is more about configuration management, we expect the readers to know more than basics in the computers. To start with they should know to change IP addresses in the OS.

I assume we are not about to discuss about hardware issues here and the following are correct.

  1. The network cables are properly crimped and they work.

  2. The network switch or hub used to connect is working good.

  3. The NIC (Network Interface Card) is installed properly and is working good.

  4. The OS has necessary drivers and supports TCP / IP (IPv4)

  5. The user has enough rights to change and play with Network Setting in his environment

When most of us know “what is an IP Address” and “how it is useful”. We forget to understand how it really connects to more computers than what we have near us.

Hmmmmmmmmmm.................. What are we going to learn about IP Address now?

Though most of us know what an IP Address is, am adding some simple explanations to go further.

IP Address is like a name to a computer, Which we use to identify the computer, but these are not names with alphabets but with numbers. They are 4 numbers each number separated by a “.” . Each number has a range from 0 – 255 (8 bit). Eg: 192.168.1.1

To make a machine work in network it needs an IP Address to identify in the crowd and this should be unique within the network.


As we decided to connect more than two computers in a network. We are going with the following example.

The IP Address are differentiated into classes A,B, C. Since we are more into action, I would recommend to read about it more detailed. We are having a sample IP Address 192.168.1.1, Let us use this for our network. Before using we need to ensure that they are connected to each other as in the above diagram.

  1. A – 192.168.1.1

  2. B – 192.168.1.2

  3. C – 192.168.1.3

OK. Is this IP address enough to communicate? No we need to say a subnet to make this work.

Subnet............ What is it?

Subnet is a notatation or a number used to say how many computers do this IP Address can connect and what is the starting IP of this range and ending IP of this range. The subnets are also similar to IP but they have few calculations. I would recommend to try the application in http://www.subnet-calculator.com/ where it explains the change in subnets and the change in ranges for that.

So we choose subnet 255.255.255.248 as it has range of 192.168.1.1 – 192.168.1.6 (6 computers in the network)


What happens when an IP is out of this range? How can we access it?
Here comes a gateway for the network. Which always has the door(gate) to access the other network IP. The gate way will be always the first IP in the subnet range, this is not a rule but this is a best practice to identify the gateway in any network. 192.168.1.1 is the gateway here. Setting this up in all the machines(A, B and C) should make the network accessible within the A, B and C.

So, we should be able to ping 192.168.1.2 from Machine A and C and the rest of IPs from other machines(A,B and C). This confirms the network setup.


Thursday, December 10, 2009

Lets Make this blog interesting

This post is something related to the first post in this blog.

The blog for the five months have been random and was rolling across different topics, not consistent on any topic and now its time to make it organized and more interesting for reader, by bringing a series of topics closely related to each other, helps to learn from it and implement on a run.

Q:Whats gonna be in the series?
A:To be short the series will be for system / server / network administrators.

Q: Whats is the upcoming series?
A: Steps in setting up a small / medium office network.

Q: .....?
A: Hope your further questions will be answered in upcoming posts ;-)

Will make a reliable network with basic services...... Till then keep watching the blog

Monday, November 30, 2009

Adding our own Linux startup scripts

Do we need to start something when Linux system starts?
Its not a service.... But I need to run this command when system starts....

Yes here is a small part which astonished me as I have not learnt this for years and missed it when I need....

Let us take a sample case: We might need to start a SVN daemon on the system.
#svnserve -d /srv/repositories

We need to run the above command on every start-up autiomatically. So we don't need to start this daemon manually.

Simple way is add this along with other startup scripts. Find which runlevel the system runs normally.

[root@sf03 ~]# runlevel
N 3
[root@sf03 ~]#

Our server runs in run-level 3 so lets take that as an example.
The server runs on Fedora Linux 10

The startup scripts for run-level 3 resides in the directory /etc/rc.d/rc3.d/
The scripts for run-level 5 will be at /etc/rc.d/5.d/

The directory contains shell scripts that runs on the ascending order on by one.

The last script that runs is S99local

Which has the content similar to this.
[root@sf03 ~]# cat /etc/rc.d/rc3.d/S99local
#!/bin/sh

#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
[root@sf03 ~]#


Use the vi editor and add the startup command we need to add to this.

Example:

[root@sf03 ~]# cat /etc/rc.d/rc3.d/S99local
#!/bin/sh

#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.


touch /var/lock/subsys/local

# Start SVN Server at startup


svnserve -d /srv/repositories


[root@sf03 ~]#

Restart the server and check the script.