Setting up network interfaces and routes

or "how do you create a network?"

Meaningfully choosing and accurately setting network routes and interface addresses is tantamount to creating the network itself. Therefore it's an indispensable skill.

Here is the class vpn:

Let's look at the commands that were used to set this up. Then, to make sure you grasp how to do it, you'll compose a similar set of commands to set up a slightly different network.

The fundamental linux commands are "ifconfig" and "route." ifconfig is the command for placing an IP address (e.g., 192.168.1.2) on an interface (e.g., eth0) within some machine, while route is the command for adding or deleting entries from its routing table.

The usage essentials for ifconfig are:

View interface status
 ifconfig -a

Set interface characteristics
 ifconfig eth0 192.168.4.1

The usage essentials for route are:

Add route to a machine (host route):
  route add –host 192.168.4.2 eth0 
Add route to a group of machines (network route - local) 
  route add –net 192.168.4.0 netmask 255.255.255.0 eth0 
Add route to a group of machines (network route - gatewayed) 
  route add –net 192.168.5.0 netmask 255.255.255.0 gw 192.168.4.1 
Add route to “any and all” (default route) 
  route add default gw 192.168.4.1

In order to set up the above network, I had to directly or indirectly issue the following set of commands.

One kind of connectivity problem useful to analyze in situations like this is the "reach" of packets sent from a particular host (in Unix-speak, "host" is a synonym for "computer"). For example, ping packets if we suppose machine A tried to ping machine E. In response to the ping utility's request, machine A's IP (network layer) software would compose a packet bearing source address 192.168.1.2 and destination address 192.168.2.2:

How far would our packet get? That depends altogether on the routing table on machine A, plus the tables on any other machines to which the packet might travel. A journey of a thousand miles begins with a single step. Similarly, the problem of whether and how the ping request packet can go from A to E, and the related problem whether a ping reply packet can make the reverse journey (they are independent problems), is not solved as a whole. Rather, it is solved by decomposing it into a series of constituent, single-step subproblems. So first of all, where if anywhere does a ping packet go from A? That's the initial constituent problem.

The answer is given by A's routing table. That table tells A where to put packets destined to any address that starts with 192.168.1, but there's no corresponding instruction for those like ours that start with 192.168.2. Since there's a "default" route it takes over for this otherwise-unrecognized address. The default route says to send such packets over to 192.168.1.1 (machine B). Then forget about them. It'll be B's problem.

The second subproblem is then on machine B. What happens to the packet there? B checks his routing table (this is what always happens, like a fundamental law of nature) for 192.168.2.2. There are network routes for addresses starting with 192.168.1 and with 100 but for 192.168.2.2, nothing. No host route, no network route. But there is a default route on this machine. So it takes over. It says to pass packets bearing unrecognized destination addresses like this on to 100.1.1.254 (machine C) out the other interface, and let him worry about them. Thus it happens that our packet arrives at machine C.

Determining events at C becomes our third subproblem. C's routing table knows what to do with addresses starting with 100 or those starting with 200.2.2. But that's all. There's no default route here. So any non-100-and-non-200.2.2 packets get discarded, and here our packet's journey ends.

Now it's your turn.

Assignment:

Answer the following. Please use this , which you can print out (2 pages). Write the answers on the printout, turn in on paper.

1) Compose a route command on machine C that would enable the A-originated ping packet to go all the way through to E. (Hint: if only C could put the packet through to D in particular, the packet would make it from D to E-- D's routing table is set up for that.)

2) Will this suffice for A's ping to experience apparent "success" by getting the "Reply from..." messages on its screen? That is, now that A's ping request will make it to E, will the ping reply packets composed in response by E get back to A? Why or why not? (Hint 1: draw the reply packet and write down its source and destination addresses. Hint 2: Decompose. Look at E. Is E set up so the reply packet will get to D? If so, look at D. Once there, can it get to C? If so, look at C....)

3) Compose a set of commands you would execute on each of the five machines to create the following, re-addressed network and give its machines a set of routing tables parallel to those of the machines in the above class vpn.

where the new address assignments are to be:

machine A in subnet alpha - 206.190.10.1
machine B in subnet alpha - 206.190.10.2

machine B in subnet beta - 195.0.0.11
machine C in subnet beta - 195.0.0.99

machine C in subnet gamma - 250.0.0.99
machine D in subnet gamma - 250.0.0.12

machine D in subnet delta - 216.185.80.1
machine E in subnet delta - 216.185.80.2

(Hint: mimic the commands above; all netmasks that will appear in your commands will be 255.255.255.0)