Network Interfaces & ifconfig what is a network interface? - PDF document

Network Interfaces & ifconfig • what is a network interface? • Associated with a hardware device – device fxp0 - Intel EtherExpress Pro Practical Networking • Sometimes not – loopback interface lo0 - pseudo-device • Interfaces are handled by device drivers • In FreeBSD interfaces are named after their device Based on Elisheva Alexander drivers – fxp0, fxp1, fxp2 - handled by fxp(4) driver (eli7@cs.huji.ac.il) – em0 - handled by the em(4) driver tirgul from sysp2001 • User interface: – ioctl(2) to sockets in the PF_LINK domain – ifconfig(8) – may be configured at boot time by BOOTP/DHCP Ifconfig(8) The loopback device • Can display current configuration for the network interface em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 • lo0 is the loopback device inet 132.65.16.100 netmask 0xffff0000 broadcast 132.65.255.255 inet6 fe80::202:b3ff:fe97:8e09%em0 prefixlen 64 scopeid 0x1 • sends the packet back to our own host ether 00:02:b3:97:8e:09 media: Ethernet autoselect (1000baseTX <full-duplex>) • lo0 has IP 127.0.0.1 (aka localhost) status: active • telnet 127.0.0.1 fxp0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 ether 00:b0:d0:b0:70:c3 • useful for debugging! media: Ethernet autoselect (none) status: no carrier • run your server and client locally to assure reliable lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500 connection sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552 faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500 • saves time writing applications. for example: syslog lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 – can send log messages to a remote host inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 – can save log messages locally. inet 127.0.0.1 netmask 0xff000000 – no need to write different code for local and remote messages ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500 Why is ifconfig different between Configuring with ifconfig(8) ethernet and PPP ifconfig <interface> [address[dest_address]] [parameters] • ethernet – unique MAC address (hardware address, ethernet • examples: address) • ifconfig ppp0 up – It's a broadcast network – ifconfig em0 down – IP network part - segment of IPs that can hear us – ifconfig vl0 mtu 1496 – has a netmask to define the host part and network part • Note the configuration differences between ppp – has a broadcast address - to talk to everyone and ethernet devices: • PPP – ifconfig ppp0 192.168.7.1 192.168.7.2 – point to point – ifconfig em0 192.168.0.1 netmask 255.255.255.0 – single destination address - IP that can hear us 1

ARP, Reminder Configuring the ARP table • arp(8) - displays and manipulate the ARP table • Exist when using Ethernet and IP. • But not really a part of either! > arp -a • Not a "layer". router.cs.huji.ac.il (132.65.16.1) at 00:90:92:f8:90:00 on em0 [ethernet] athlon-mp.cs.huji.ac.il (132.65.80.208) at 00:e0:81:20:57:78 on em0 [ethernet] • ARP - Address Resolution Protocol laa.cs.huji.ac.il (132.65.80.248) at 00:b0:d0:d4:c0:3c on em0 [ethernet] – what's the MAC of an IP in my network? foo.cs.huji.ac.il (132.65.80.251) at 00:b0:d0:8b:6e:b3 on em0 [ethernet] – The OS caches the IP to MAC mapping in an ARP table sunhouse.bs.cs.huji.ac.il (132.65.179.17) at (incomplete) on em0 [ethernet] • RARP - Reverse ARP ? (132.65.255.255) at ff:ff:ff:ff:ff:ff on em0 permanent [ethernet] – what's the IP of a MAC? – who am i?? BOOTP, DHCP asking ARP queries ARP Table Manual Manipulation • so we know where to send! • sometimes we would like to add things to this cache table ourselves! • sending out a packet destined to our own – arp -s 10.0.0.1 00:90:27:73:50:7a [temp] network... • if it's MAC is in the ARP cache, send there • or delete things a host has changed it's • otherwise broadcast an ARP request... network card, but forgot to tell us! • if we get an answer - put the answer in the cache – arp -d 10.0.0.1 • otherwise - put an incomplete entry in the cache table answering ARP queries answering ARP queries • Configuring the ARP table so other know where to send! • so other know where to send! • publishing an arp entry • publishing an arp entry – arp -s 10.0.0.1 00:90:27:73:50:7a pub – arp -s 10.0.0.1 00:90:27:73:50:7a pub • if someone broadcasts an ARP request - if we have the • if someone broadcasts an ARP request - if we have the answer in answer in the cache AND it's published - send out the the cache AND it's published - send out the answer answer • sometimes we will want to publish a MAC address but not use it ourselves • %fore "yellow" • sometimes we will want to publish a MAC address but • arp -s 10.0.0.1 00:90:27:73:50:7a pub only not use it ourselves! • %fore "white" – arp -s 10.0.0.1 00:90:27:73:50:7a pub only • why say one thing, but route another? • why say one thing, but route another? • in order to lie • in order to lie • in order to achieve proxy ARP • in order to achieve proxy ARP 2

ICMP, Reminder Diagnostic Tools ping(8) • ICMP - Internet Control Message Protocol • sends ICMP ECHO_REQUEST packets to network hosts • part of the IP implementation! • Not a "layer" • Ping uses the ICMP ECHO_REQUEST • provides some feedback about problems datagram • not to make IP reliable! – elicits an ICMP ECHO_RESPONSE from a • examples of control messages: host or gateway. – destination unreachable – the ICMP ECHO_RESPONSE packet – redirect message returning includes the original packet – echo / echo reply ping(8) fault isolation with ping • what kind of ICMP ECHO_REQUEST • how? packets can ping send? – ping local host first – different sizes – ping hosts and gateways further and further away – different data • what can ping tell us? – different time intervals – packet loss – duplicate packets – different ttl – when might we get many of these, but need not be alarmed? • some of these need root permissions, ping – damaged packets, oy vey! can generate high loads – round trip time – small ping packets can test latency Green Ping Output > ping 132.65.255.255 PING 132.65.255.255 (132.65.255.255): 56 data bytes 64 bytes from 132.65.16.22: icmp_seq=0 ttl=255 time=0.161 ms 64 bytes from 132.65.16.10: icmp_seq=0 ttl=255 time=0.185 ms (DUP!) 64 bytes from 132.65.208.213: icmp_seq=0 ttl=255 time=0.202 ms (DUP!) ^C --- 132.65.255.255 ping statistics --- 1 packets transmitted, 1 packets received, +2 duplicates, 0% packet loss round-trip min/avg/max/stddev = 0.123/1.973/66.576/6.467 ms > ping -c 5 -s 1473 carl.eli7.net PING carl.eli7.net (132.64.15.194): 1473 data bytes ^C --- carl.eli7.net ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss > ping -c 5 -s 1472 carl.eli7.net PING carl.eli7.net (132.64.15.194): 1472 data bytes 1480 bytes from 132.64.15.194: icmp_seq=0 ttl=250 time=220.887 ms 1480 bytes from 132.64.15.194: icmp_seq=1 ttl=250 time=196.905 ms 1480 bytes from 132.64.15.194: icmp_seq=2 ttl=250 time=204.625 ms 1480 bytes from 132.64.15.194: icmp_seq=3 ttl=250 time=193.621 ms 1480 bytes from 132.64.15.194: icmp_seq=4 ttl=250 time=194.895 ms --- carl.eli7.net ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max/stddev = 193.621/202.187/220.887/10.100 ms 3