Book Review – Networking for Systems Administrators chapter 7

Since it’s been a few weeks since we did one of these, and I’d like to have this book review finished before the end of the year, it’s time for another chapter review of Networking for Systems Administrators.

Chapter 7 is fairly short, and focuses on “Network Testing Basics.”  It doesn’t cover tools so much as mind set.  From a Systems Administrator point of view, when troubleshooting network issues, our goal is to determine what is coming into or going out of the server.  Is the data we believe is leaving the server the data actually leaving the server?  Is the data coming in the data we expect?  There are plenty of tools to determine this at various levels, and in the end what we’re looking for is performance and correctness.  The data should match, and the performance should be within our expected parameters.  Anything outside of the norm should be investigated.

If the issue is at our end, it could be something as simple as a configuration issue with the application, or a bastion host firewall rule that shouldn’t have been turned on.  If it’s not at our end, it could be related to firewall, network access control lists (ACLs,) packet filters, or even proxy services.  Data can be blocked or mangled by some combination of the above, and once you can determine that it’s not the fault of your server or application, you can show the evidence to the network or firewall teams, and engage them for assistance in troubleshooting upstream from your machine.  Don’t blame the firewall first.  Check your own stuff first, gather evidence, then engage.

Book Review – Networking for Systems Administrators chapter 6

Since we aren’t doing “Monday this” and “Friday that” for a while, I thought I should leave off the usual title prefix.  I’m also continuing the chapter by chapter review for today to ease back into the writing.  This won’t be every Monday, but I need to mix these in every now and then to keep from letting it trail off before the reviews are finished.

This chapter focuses on viewing network connections.  This is useful for troubleshooting, diagnostics, and performance data gathering.  The chapter goes into details for displaying live ports, tcp/udp/both, filtering by state such as “established connections,” identifying the ports, and identifying the programs that own those ports.  The netstat command is discussed heavily, but lsof and sockstat make an appearance, as well.

As mentioned by the author, there is no common command for displaying which programs own which ports.  The lsof command is ported to many platforms, but is not always an option.

As an example of how to deal with this in AIX, (not specifically covered by the book,) you need to do this in two commands.  First, run the netstat command with the -A flag to get the socket identifier, then pass the identifier for the specific port to the “rmsock” command using tcbcb as the last parameter.  This will show you the program that owns that socket, even though you aren’t actually removing the socket at all.

Also, on openbsd you can use the fstat command, but this was not covered by the author.

Thanks for reading, and remember to check out the social media links from this site!

Fun-Day Friday – Book Review – Networking for Systems Administrators chapter 5

Last week, we actually did Chapters 3 and 4 together, but I only titled it Chapter 3.  Chapter 3 was the “IPv4” portion, and chapter 4 was the “IPv6” portion.  Today, we go over Chapter 5, for TCP/IP layer 4 Transport.

The Transport layer covers more than just TCP.  It includes TCP, UDP, ICMP, as well as some less commonly known protocols such as SCTP (stream control transmission protocol,) ESP (encapsulating security payload,) and AH (IPSec Authentication Header.)  Lucas mentions that there are dozens more, but these were the opening examples.

He goes into more depth about ICMP, TCP, and UDP, including roles, protocols, and troubleshooting.  After this, we get a bit of information on sockets, and how to configure the common services.

Finally, he covers the TCP connection state and the three way handshake, of SYN, SYN-ACK, and ACK, which is necessary for an ESTABLISHED session.  A little about the protocols file for defined numbers, and he wraps up the chapter.

Next week, we’ll look at Chapter 6, which is “viewing the network.”

Fun-Day Friday – Book Review – Networking for Systems Administrators chapter 3

This chapter is all about “Layer 3” (or the “Network Layer.”) Where Ethernet requires a MAC address to know where to send frames, Layer 3 in TCP/IP systems is the “IP address” layer. Addressing is either going to be IP version 4, or IP version 6. This is either a 32bit or 128bit number. Lucas mentions the Dynamic Host Configuration Protocol (DHCP) often used by workstations, versus statically setting an IP as you would do on a system that is designed to be a server.

He explains the notations used to represent the addresses. The most common notation for IPv4 is the dotted quad, which is four decimal numbers from 0 to 255, separated by a “dot.” He goes into how applying a “subnet mask” allows us to cut a network into smaller “subnet” networks. All addresses on the same subnet are able to talk to each other directly. Any address that wants to talk to an address outside of its subnet MUST go through a router first.

He covers the Classless Inter-Domain Routing notation, which applies the number of bits in the subnet mask to the end of the address to represent the network, rather than giving the IP and subnet addresses separately. There’s a handy chart for this on page 47.

There is a brief discussion about multi-homing, the loopback, and private networks with network address translations (NAT.) He covers a few tools to inspect, configure, and troubleshoot IP, including traceroute, ping, ifconfig, and netstat.

Next, Lucas introduces IPv6, which are often depicted as a colon separated list of alpha-numeric characters. The address is up to eight sets of four hexadecimal numbers. This represents 16 bits per set between the colons. Because this is cumbersome, shorthand notation may be used. Leading zeros from a hex section may be removed from the notation. This means a section of all zeros may be empty, so you get two colons back to back. Multiple sets of zeros may be “squeezed out” to just a single “double colon” set. Because of this special shorthand notation, only do a double colon ONCE per IP address.

IPv6 has an “autoconfiguration” facility, which allows clients to learn their IP address, as well as the router’s IP address. This facility works for a /64 network, and the protocol is “router discovery.” It doesn’t allow for assigning DNS servers, so DHCPv6 may still be necessary.

The “localhost” address in IPv6 has a special notation. The “::1” shorthand represents this loopback address.

Another special case in IPv6 is the “link-local” address. This is an auto-configured network address that begins with “fe8.” Each interface gets its own link-local, and they can be the same IP, so the OS attaches the interface name to the address. All IPv6 hosts on the same ethernet network can find each other through link-local communications. A link-local address usually appears with a “%” (percent sign) and the interface name or number at the end of the address.

The rest of the chapter includes the same troubleshooting, inspection, and configuration tools as the IPv4 sections, as well as some discussion on IPv6 tunneling (usually used to test IPv6 when your ISP doesn’t offer it yet,) as well as some discussion on how some operating systems decide which addressing to use by default, and when, where, and why you might choose to use IPv4 or IPv6 in your environment.

The next chapter will cover the TCP/IP “transport” layer (Layer 4.)

Fun-Day Friday – Book Review – Networking for Systems Administrators chapter 2

Chapter 2 focuses specifically on how Ethernet works.

From defining broadcast domains to dealing with ethernet frame MAC addressing, he begins with the foundational basics.  He talks about duplex and speed for negotiating the connection, which both sides of the link need to agree upon.

He explains MTU (maximum transmission unit) and why mucking with reducing it below the default is almost certainly going to be problematic.  He also suggests ways to deal with situations where you can’t help but do so.

Lucas follows up with a quick explanation about the differences in category numbering for the wires that handle the transmissions.  The higher the number, the better, but higher costs can be prohibitive.  Work with what you can, but plan for higher when you can.

He moves into a quick explanation for using several troubleshooting tools, such as ping, arp, and “neighborhood discovery” (ND.)

Finally, he covers Virtual LANs (VLANs) to add a tag to an Ethernet Frame.  This allows traffic for multiple networks to flow over a single cable, without confusing where the packet should go.

He sprinkles in some more troubleshooting tools such as netstat, as well as tools to configure the ethernet layer (ifconfig and ethtool,) before closing the chapter out.

This chapter is important for the fundamentals of the “Data Link” layer (and to some extent the Physical Layer.)  Next week’s chapter covers “Layer 3” (Network Layer.)  This is mostly the “IP” layer in “TCP/IP” terms.

Thanks for reading!

Fun-Day Friday – Book Review – Networking for Systems Administrators chapter 1

Continuing our review of “Networking for Systems Administrators” by Michael W. Lucas, we’ll roll right into Chapter 1.

This chapter focuses on thinking in layers.  There are different network layer models, including the 7 layer OSI model, but Lucas says you really only need 5 layers to represent the network.  There’s the 4 layers of the TCP/IP model, but he splits the lowest layer into the Physical and DataLink layers.  This matches the OSI model’s way of presenting those layers.

The OSI Session, Presentation, and Application layers are all lumped under the TCP/IP “Application Layer.”  Lucas calls this the “your stuff” layer, and it’s true.  The Network Admins won’t really care much beyond the Transport Layer when troubleshooting.

Speaking of troubleshooting, identifying the lowest layer that is broken is crucial for this.  Fix that layer first, and most (if not all) of the other layers will likely start working again.  And those that don’t, go with the next lowest layer, and work your way up.

The rest of the chapter covers specific troubleshooting techniques for each of the lower layers, with a promise for more in depth troubleshooting discussion later in the book.

This chapter is short, but critical for laying the ground work.  Understanding these layers is one of the most important things to know for network troubleshooting.

Fun-Day Friday – Book Review – Networking for Systems Administrators chapter 0

The lack of votes has been heard, tallied, and respected.  The winner is “book reviews” each Friday for a while.  I decided to do a chapter by chapter review, though I may include multiple chapters in any given review as we move along.

Our first book will be “Netowrking for Systems Administrators” by (surprise) Michael W. Lucas.

Since this book has a “Chapter 0,” we’ll just cover it, today.

This chapter is an introduction chapter, which addresses whom the book is for (systems administrators, DBAs, web administrators, developers, and other computing professionals.)  It also includes a note to network administrators to explain what will and will not be covered, since the size of the book is limited.

After the niceties are covered, he defines what he means by “server” versus “network device.”  The distinctions are important for the argumentative people that look for ways to nitpick.

Next, he covers a slew of basic network troubleshooting and analysis tools that are common across multiple operating systems to ensure that the reader can go ahead and get comfortable with looking for and trying out these tools if they aren’t already somewhat familiar with them.

Tools that range from basic “host,” “nslookup,” and “netstat” commands to advanced “tcpdump,” and “wireshark” commands are listed for the user to learn.

Finally, he does his best to give a very brief overview of how the remaining chapters break down.  There are two groups of chapters mentioned.  Chapters 1 through 6 cover technologies that systems administrators really should know.  Chapters 7 through 12 cover inspecting network information passively as well as actively probing the network for troubleshooting and analysis.

Lucas’ calculated humor is definitely present, and my initial take on the book (I’ve read the whole thing, just reviewing on chapter today) is that every IT professional should own a copy of this book.