Network Basics and Network Abstraction in Linux

From docwiki
Revision as of 19:03, 24 March 2020 by Mond (talk | contribs) (IP over Ethernet)
Jump to: navigation, search


Motivation

Before you learn the tools and commands for using the network in Linux you need a basic understanding of how networks work and this unit tries to bring you up to speed quickly.

The ISO-OSI 7 Layer Model

ISO-OSI 7 Layer Model

The 7 Layer Model is used to describe networks. The IP Protocol has not been developed within ISO and thus only roughly fits into the mode. Still it is a good picture to have in you mind when you think about networks.

On Top you have your applications. Like e.g. a Web-Browser. Below you need definitions on the details of how websites are encoded and transported via HTTP. And so on. And at the bottom we need specifications on how data is transmitted at the wire (or wireless): E.g. cable definitions, voltage levels, frequency, etc..

What we are looking at here is the Layer 2: That defines how data is encoded on a certain medium and in later units also layer3 (Routing - how packets are sent between networks).

Layer 2

From the abstraction in the operating system we basically have 2 different kind of physical medium:

broadcast
There is a local network where stations can send to each other and also there is a way to send to all stations on the network. Typically an ethernet network segment or a WiFi network.
point-to-Point
Two stations connected via a link and only those 2 stations can exchange data. Typically a dial-up connection, a network over a serial line or a virtual connection like a VPN tunnel.

The typical broadcast medium is ethernet and most network interfaces are of this type. In ethernet you have a 6 byte address that is used to address each station on the network. This is the so called hardware address or MAC Address. It is usually written in the form of 12 hex digits grouped into bytes by colons. E.g.: b0:35:9f:2a:29:7d. Each network card should have a unique MAC address. The first digits are assigned to a company and the last digits are counted up in the factory. The address mentioned belongs to an intel card.

Network Hub

In the old days the ethernet was built with a coaxial-cable that connected all computers. Today ethernet is usually built with twisted pair cables and RJ45 connectors. The cables run to a central switch or hub that distributes the packages to all stations. A hub would distribute every packet to every station. A switch is more intelligent: It learns the MAC address of each station and only distributes packets to the computer that was address. Of course, broadcasts are always sent to all station on that segment.

Most of the time we want to send TCP/IP packages. Those are encoded as payload within the ethernet frame. Within the TCP/IP there could be e.g. an HTTP request.

Ethernet Encapsulation

With IP we are already moving to layer 3.

Network Abstraction in Linux

If we use a network card of a different vendor we do not want to rewrite all our programs. So the Linux system has drivers for all different network cards and once the right drivers are installed we do not have to care about the particularities of each card. We only see a network interface. For the most part we also do not want to care about the details of sending packets, re-transmitting those that are lost, etc.. - we just want a connection to youtube.com to watch funny hamsters dancing. The Linux kernel provides most of the needed abstraction here:

Network Stack

On the bottom the Linux kernel has drivers for each type of card. Most of the protocol for Ethenet, IP, TCP are all handled in the kernel. The user programs connect via a standardized library (libc) that offers them convenient functions for opening network connections, where they only need to specify the destination IP address.

Of course we also need tools to configure the network. The abstraction from the Linux kernel gives us so called interfaces. Most other hardware in Unix is typically abstracted as a device that has a device file below /dev. E.g. /dev/sda could be your hard-drive, while /dev/ttyUSB0 would be a serial port from a USB device. Network interfaces are different. They do not have device files but only interfaces. You can list the interfaces with: 

$ ifconfig
$ ip link
$ ip addr

The ifconfig tool is actually depreciated because it does not support all the features of the Linux kernel anymore. The tool to use is ip. The ip link shows all your network interfaces and what type they are. ip addr also shows the IP addressed. Here is an output of both ifconfig and ip addr: 

$ ifconfig
...
wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.79.105  netmask 255.255.255.0  broadcast 192.168.79.255
        inet6 fe80::290d:840f:e5a6:e72b  prefixlen 64  scopeid 0x20<link>
        ether b0:35:9f:2a:09:9d  txqueuelen 1000  (Ethernet)
        RX packets 210183  bytes 215596586 (205.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 91984  bytes 20003418 (19.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

$ ip addr
...
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether b0:35:9f:2a:09:9d brd ff:ff:ff:ff:ff:ff
    inet 192.168.9.105/24 brd 192.168.9.255 scope global dynamic noprefixroute wlp3s0
       valid_lft 6556sec preferred_lft 6556sec
    inet6 fe80::290d:840f:e5a6:e72b/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

Your output will have more interfaces but here I only show one interface. wlp3s0 which is actually my WiFi card. You see the MAC address and you see the IP addresses. In the ifconfig you also see that the number of incoming and outgoing packets and the number of bytes. You can see these statistics in ip with the -s option. E.g. ip -s addr

IPv4 vs IPv6

Most of the Internet sill uses IP Version4 (or IPv4 for short) with its 232 addresses written in the well known form of 4 decimal numbers separated by 3 dots. e.g: 192.168.92.113. For a long time Linux also supports IPv6 with its 128 bit addresses: Written as 8 groups of 16 bit numbers written in Hex and seperated by colons. E.g: 2001:0db8:85a3:0000:0000:8a2e:4370:c33a

Since most companies do not want a direct network connection to the outside but use a firewall where they can also run NAT (Network Address Translation), most company networks use private IP address inside and most of their infrastructure still runs on IPv4.

I will also focus on IPv4 here. Most tools in Linux also support IPv6. Either you have to append a 6 to the name of the tool or use the option -6.

IP over Ethernet

We learned that the local communication between computers on an ethernet is via ethernet frames that are addressed with MAC addresses and the TCIP/IP frames are the payload of the ethernet frames. But how does a station now which IP address on a local network and which MAC address belongs to which IP address?

The first part is via configuration. When an interface is set up we tell it which range of IP addresses belong to the local network. For this the CIDR (classless internet domain routing) notation is used: E.g. we say: 192.168.1.0/24 is the network that should be found on a network interface. Which means that all addresses have the leading 24 bits as 192.168.1.xxx and the last 8 bits. (In this case this corresponds with the last number behind the dot) can all be found on the network.

Where the boundary can be on any bit, but /24 is often used. E.g. We could define 10.11.12.128/25 where we would have all IPs from 10.11.12.128 to 10.11.12.255. Or we could have 192.168.99.64/29 where we would have the range 192.168.99.64 to 192.168.99.71, etc. When we have a /24 we call it a class-C, a /16 is a class-B network and a /8 is a class-A network. Everything as is classless</a>.

Retrieved from "https://mond.at/docwiki/index.php?title=Network_Basics_and_Network_Abstraction_in_Linux&oldid=244"