Document Sample
REVIEW NOTES Powered By Docstoc
					                                   REVIEW NOTES



There are two network models:

      1) International Ogranization for Standardization Open Systems Interconnection ISO/OSI
      2) Transmission Control Protocol/Internet Protocol TCP/IP

OSI Model - 7 layers

      1) Application - represents data based on architecture; stipulates transfer syntax
         e.g.Telnet, FTP, SMTP, NFS, SNMP

      2) Presentation - part of the application - independent of architecture
      e.g. XDR - external data representation

      3) Session - allows users to establish sessions between different machines; can provide
          authentication; synchronizes packets
      e.g. RPC

      2) Transport - same in both models; controls flow; defines quality - directional or non-directional
      e.g. UDP or TCP
      ***TP-0 to TP-4 transport medium

      3) Network - kernel involved; ensures data reaches destination via optimal route; conntectionless
         mode/connection mode (CLNS/CONS); routing

      2) Data Link - encapsulates data into datagrams; performs checksums and error checking; bridges
         and switches
         e.g. Supports three protocols:
                Link Access Procedure (LAPB; X.25)
                Eternet V.2 & IEEE 802.3
                Token Bus IEEE 802.4/Token Ring IEEE 802.5

      3) Physical - regulates transmission of bits (speed, signal representation, connection technique)

TCP/IP Model - 5 layers

      1) Application - NFS, NIS, DNS, FTP; "message"; gateways

      2) Transport - TCP or UDP; same layer as OSI; "segments"

      3) Internet - manages data delivery between networks; routing;IP - fragmenting/routing data; ICMP
         - assists with routing/error detection; "datagram"

      4) Network Interface - manages delivery of data across network; packet raming, error detection;

        5) Hardware - voltage, current, repeaters; "singals"


***Public networks are used for WAN transmission X.25, ISDN, Analog telephone, Adobe Typeface

***Every layer has:
      1) limited defined tasks
      2) defind interface to the layers above/below
      3) attaches its own layer specific header

CHAPTER 2:         LANs

LAN definition - a communicating system made up of software and hardware that links computers into a
network and does not run on leased lines.

LAN benefits:
     1) resource sharing
     2) workgroup synergy
     3) data access and intergration
     4) economic resources
     5) management either centralized or decentralized

LAN topology:
       Made up of either coaxial, twisted-pair or fiber-optical cables and uses either:
         1. bus - now obsolete, single backbone wire "tapped" for nodes
         2. star - central hub with cables going to each host/subnet
         3. ring - old - the output of one node connects to the input of the next node. now each node as an
            "input" from a hub and "output" back to the hub intelligent hubs allow star-ring configuration.

LAN components:
     1) backbone - primary connectivity mechanism of a network
     2) segment - or "link", a continuous length of cable joined by other network components
     3) repeater - a device that amplifies and regenerates a data signal bit by bit in order to extend the
        transmission distance on the same network
     4) hub - central device through which all hosts in a twisted pair ethernet are connected
     5) bridge - a device that connects two or more network segments. A single path is shared by all
        ports. It is a link layer device that reads and interprets packet addresses for filtering and
     6) switch - like a bridge, a mulitport device that allows logical dynamic connection and
        disconnection between any two cable segments, multiple paths can be established and used
     7) router - has two or more network interfaces. It examines the destination IP, selects an route and
        forwards to separate networks. Limits broadcasts to subnets.
     8) gateway - interconnects two or more networks that are based on different protocols, e.g. Atm and
     9) concentrator - a device is often can perform multiple functions between networks.

Ethernet components:
      1) controller - hardware that creates or reads ethernet frames
      2) transceiver - active element used to move the data from the cable to the controller
      3) transceiver cable - connects the workstation and transceiver, not needed if transceiver is on board
      4) ***thick ethernet RG8 coaxial - 50 Ohm, heavy gauge cable, connection points are every 2.5
          meters, max length is 500 meters, four max repeaters extending total to 2500 meters
      5) ***thin ethernet RG58 coaxial - 50 Ohm, light gauge cable, 180 meters, 540 max using repeaters
      6) terminator resistors - 50 Ohm, prevents signal reflection
      7) twisted pair cable - four conductors, used with star topologies with hubs, max distance from hub
          to node is 100 meters,
              1. cat 3 voice grade - 2-3 twists per foot 10baseT and 100baseT4
              2. cat 5 data grade - 2-3 twists per inch 10baseT and 100baseTx

Sun Network controllers:
      1) ATM - ba0, 155Mbps UTP5 (glass or copper); 622Mbps fiber
      2) ethernet - le0; qe0-3
      3) fast ethernet - be0; qfe0-3; hme0-3; hme0 PCI or Sbus
      4) FDDI - nf0 (single or double channel) 100Mbps
      5) token ring - tr0, 4/16Mbps
      6) gigabit - vge0 Vector; ge0 GEM

LAN Methodolgies:

       1) Ethernet - 802.3, 85% of LANs, over 200 million nodes

       2) ATM - asynchronous transfer mode, 155 or 622 Mbps, dynamically shares entire bandwidth
          among logical connections, instead of dividing into channels. Steady stream of 53byte cells, each
          cell has an address to identify it with a logical connection. *** A cell relay (router) service
          delivers ATM cells directly, while other services use ATM adaption layers (AAL's - gateway) to
          transfer non-atm traffice into cells

       3) Token Ring - 802.5, developed by IBM, passes token around, star topology, moves a token
          around the network, possession of the token allows the right to transmit data. To transmit data,
          the token is chaned to a data frame and the information is attached and passed along the ring until
          the destination is reached. When used with hubs, the frame is passed directly to the destination

       1) FDDI - Fiber distributed data interface, ISO standard, 100Mbps, token passing, dual ring, fiber,
          similar to token ring, but faster, full duplex
          1. synchronous - using a dedicated portion of the bandwidth e.g. Voice, video
          2. asynchronous - each node is assigned a priority to use the remaining bandwidth

          3. benefits of fiber:
                4. security - no electrical signal emitted that could be monitored
                5. reliable - no electrical interference
                6. speed - faster than copper
                7. interference - no outside EMI (electromagnetic interference)

Ethernet Types:

         naming explanation:
                 e.g. 10BASE-5

                          10 = speed
                          BASE = baseband, indicates only ethernet signals used
                          5 = length, 500 meters for thicknet

      Media               Speed                 Wire                           Comments
10BASE-5           10Mbps                                    Original thick ethernet
10BASE-2           10Mbps               Cat 3,4,5 UTP        Thin ehternet
10BASE-T           10Mbps               Cat 3,5 UTP          1990, most popular, 2 pairs of wires
100BASE-TX         100Mbps              Cat 5 UTP            2 pairs, ANSI TP-PMD
100BASE-T4         100Mbps              CAT 3,4,5 UTP        4 pairs (1 trans, 1 rec, 2 BI)
100BASE-FX         10/100Mbps           fiber                2 strands multimode

review test questions


      1) Developed by DEC, Intel, & Xerox
      2) 802.3 IEEE
      3) Uses layer 1 and layer 2 of TCP/IP model

Elements of ethernet:
      1) cables, connectors, circuitry
      2) ethernet packets/frames
      3) access method
          1. CSMA/CD - carrier sense "all may listern", multiple access "all may speak", collision detect
              "one at a time"
          2. controls packet transmission and flow, ensures only one host transmits at a time and that all
              others listen to receive
              3. listens for systems currently accessing medium
              4. waits for available medium
              5. senses collision
              6. backs off and retries

Switched ethernet:
      1) reduces the number of collisions
      2) central hub replaces backbone
          1. has multiple ports
          2. one node per port
          3. hub switches between ports
          4. common medium arbitration is eliminated
          5. packet buffering and retransmission supported

Ethernet address:
      1) 48 bits long, 12 hex digits (6 groups of 2 digits)
          1. 1st 3 pairs = vendor
          2. last 3 pairs = network
          3. administered by IEEE/assigned in manufacturing
          4. Sun = 8:0:20, 8:0:21, E10K 0:0:be
      2) Sun machines read their ethernet address from the Prom

        3) broadcast address for any vendor ethernet card is all ones (48 1's)

Types of ethernet addresses:
      1) unicast - communicating directly from one host to another
      2) broadcast - one host sends to all hosts - the address is all ones or 6 pairs of f's in hex
      3) multicast - one host sends to many hosts (token ring doesn't support this)
          1. 1st 3 octets = 01:00:5e
          2. last 3 octets = used to assign group identity (last 23 bits of IP address becomes last 23 bits of
              multicast mac address

Ethernet frames:

       Frame Segment                  Length                  Octet Location                Comments
Preamble                    64 bits                                                 Made up of 1s and 0s;
                                                                                    denotes where the frame
                                                                                    begins; used by sender for
Destination Address         48 bits                     1 => 6
Source Address              48 bits                     7 => 12
Type                        16 bits                     13 = > 14                   Type of data encapsulated,
                                                                                    e.g. IP, ICMP, ARP,
Datagram                    16 bits                     15 => 1514                  Actual app. data
Cyclical Redundancy         32 bits                     Last 4                      Used by recipient for error
Check (CRC)                                                                         detection, based on frame

1. The first 8 bytes of an ethernet frame are called the preamble. They are used for buffering to see if there
   has been a collision. 16 consectutive collisions on the same frame cause a drop.
2. The collision rate = collisions/output packets * 100

        Percentage of Errors                      User Impact
               0-2%                       Cost of protocol, unnoticed
               3-5%                             Minimal, noticed
               6-10%                       Minimal, possibly noticed
              11-20%                            Noticed impact
              21-30%                              Constrained
              31-40%                                  Ugly
              x > 41%                               Stopped

Encapsulation: inclusion of one data structure within another so the 1 st is temporarily transparent.

Maximum transfer unit (MTU): maximum amount of data that can be transferred across a physcial network,
this 1500 bytes for ethernet and 8232 bytes for the loopback.

Reasons for purposely dropped packets:
      1) Runts - packets less thand 46 bytes, these are too short, thus discarded
      2) Jabbers - packets greater than 1500 bytes, these are too long and also are dropped
      3) Bad CRC - if a packet fails the CRC, it's dropped.

Network tools:
      1) /usr/sbin/snoop - must be run by root; in summary form only displays data pertaining to the
          highest level protocol, e.g. NFS
          1. -V = summary
          2. -v = details
          3. -O = capture data to file
          4. -i = read the captured data
          5. -d = display frames on a non=primary interface e.g. hme1

       2) /usr/bin/netstat - shows the statistics of the interface(s)
          1. -i = state of interface
          2. -n = numbers only

       2) /usr/sbin/ifconfig - shows the configuration of the interfaces

Read man pages on network tools and experiment.


ARP (Address Resolution Protocol):
     1) the process of building an address link between the Internet Layer and the Network Interface
     2) translates a 32 bit IP address into a 48 bit ethernet address by sending out a broadcast address via
        the Internet layer
     3) is needed because ethernet frames contain all of the necessary data, except the destination
        ethernet address
        1. the source ethernet address is in the kernel from boot up via the NVRAM
        2. the source and destination Ips are read via /etc/inet/hosts (***is linked to /etc/hosts) via
            /etc/nsswitch.conf which tells which naming service to use
        3. if the destination ethernet address is for a host on a different LAN, than multiple ARPs are
            required, one for each router hop

ARP Process:
     1) ARP table - is a memory cache that lasts 5 minutes, if a lookup is needed and the address isn't
        stored in cache, an ARP request is issued
     2) ARP request - a broadcast request to the local LAN with the IP address of the needed host; the
        correct host responds with it's ethernet address
     3) ARP reply - each host on the LAN receives the request
     4) ARP caching - the normal TTL is usally 5 minutes, after a successful response the requestor
        updates its ARP cache and the responder host also updates its cache

Components of ARP table:
     1) device
     2) IP
     3) mask
     4) physical address

       5) flags
          1. SP - saved and published
          2. M - multicast mapped
          3. S - saved, won't time out of cache
          4. U - unresolved, incomplete

ARP options:
     1) - s hostname MAC address = add a permament entry
     2) - d = delete an entry
     3) - f = add from a file
     4) - pub = used when a host answers for another host

RARP (Reverse Address Resolution Protocol)
     1) builds an address link between Network Interface and Internet Layer
     2) starts with an ethernet address and gets an IP address
     3) it's also a broadcast request and won't jump local subnet
     4) used mostly for network boot systems such as diskless and jumpstart clients
     5) in.rarpd - daemon that responds to RARP requests

Trouble-shooting in.rarpd on a client that won't boot
      1) run /etc/init.d/nfs.server start
      2) run snoop on a 3rd system, if there isn't a rarp request, it's a hardware problem
      3) if there is a rarp request, but no reply from the server, then:
          1. check /etc/inet/hosts for the client's hostname and IP
          2. check /etc/ethers for the client's hostname and ethernet
          3. check that in.rarpd is running
          4. start rarpd in debug mode (/usr/sbin/in.rarpd \ad)


History of the Internet - ARPA formalized the Internet in 1978. In January of 1983 was the official
formalization when the Secretary of Defense mandated that TCP/IP be used for all network
interconnectivity. There were 2 networks at the time; ARPANET for research and MILNET for military and
defense. In 1979 there were hundreds of systems, in 1985 about 20,000, and by 1984 there were 3 million.
The IAB was formed in 1983, they managed the RFCs. Also the IETF was formed. In 1992 ARPANET was
retired.INTERNIC now manages most of the Internet.

Internet Protocol (IP) is built into the kernel. It provides two services:
       1) fragmentation and reassembly of fragments
       2) routing function for sending data

Datagrams - basic units that contain source/dest. IP, protocol type, ttl.
ICMP - Internet Control Message Protocol
      1) provides communication mechanism between IP on one machine and IP on another
      2) allows routers to send control or error messages to other routers and hosts. If an error occurs,
          ICMP sends either a redirect or network unreachable error.

Fragmentation - fragments are units of data broken into smaller units, their size is determined by the MTU
of the network interface and hardware layers.

IP addressing - an IP is made up of 32 bits (4 eight bit fields), each field can be 0-255. The address defines
the network and the host. You always lose 2 host IP's, 1 to the network and 1 to broadcast.

                                        4 Classes of IP addresses:

                           Class A                 Class B                Class C                Class D
Network              st       st             st             st
                    1 bit of 1 octet is 0; 1 2 bits of 1 octet 1 3 bits of 1 octet 1 4 bits of 1st octet
                                                                   st              st    st

                    next 7 bits are network are 10; next 14 bits are 110; next 21 bits are 1110;remaining
                                                are network           are network      28 bits are multicast
                                                                                             group ID
Host                 Reamaining 24 bits      Remaining 16 bits     Remaining 8 bits                N/a
# of Networks             127 (0-127)               16,384               2,097,152              224-239
                                             (128-191, 0-255)     192-223 (0-255, 0-          (0-255, 0-255)
# of Hosts                16 million                65000                   254                    N/a
Default netmask        
                            ff.0.0.0               ff.ff.0.0              ff.ff.ff.0
Comments           ***127 net is loopback                                      reserved
                                                                                            for NIS+

Special IP's
         127.x.x.x = loopback
         Network # followed by all 0s = old style broadcast
         Network # followed by all 1s = current style broadcast
          0000= special network boot systems that don't know their IP yet = generic broadcast

Netmasks - identifies network vs host so routers can get to networks.

Computing a network number based on IP and subnet mask:
          subnet mask= = 11111111.11111111| .00000000.00000000
          IP          = = 10101011.00111111|.00001110.00000011
                  apply logical AND
                             176.0.0 = 10101011.00111111.00000000.00000000

       1)   Convert IP to binary
       2)   Convert netmask to binary
       3)   Apply AND operator
       4)   Convert the result to decimal.

      1) allows a broadcast address
      2) never adds hosts
      3) creates more manageable units at the expense of hosts
      4) isolates network traffic
      5) secures or limits access to a subnet
      6) enables localization of network protocols to a subnet

You normally have a two level hierarcy in an IP address: the network number and the host number. Internet
routes only use the network number to route.

***Subnetting creates a three level hierarchy: the network number, subnet number and the host number.
This is called an extended network number. Routers within a subnet use this extended network number for

To compute the extended network number using a BYTE BOUNDED subnet mask:
        1) convert IP to binary
        2) convert subnet mask to binary
        3) apply AND
        4) convert result to decimal
        5) drop the octets after the subnet mask boundary
        6) the host number is the result after the netmask
e.g. IP          10000001.10010011.00011001|.00000011
subnet mask             11111111.11111111.11111111|.00000000
                            AND                                            |
                                ^                                          |
                                ^ drop the host number after the subnet mask boundary

To compute the extended network number using a NON-BYTE BOUNDED subnet mask:
      1) convert IP to binary
      2) convert subnet mask to binary
      3) apply AND
      4) drop octets after subnet mask

       5) convert to decimal
       6) host number is result after the netmask
e.g. IP           10000000.00110010.01100011.101|11010
subnet mask 11111111.11111111.11111111.101|00000
                          AND                                               |
extended 10000000.00110010.01100011.10100000
                                             host number is after the netmask, 26 in this case.
                                             Number of possible hosts per subnet is all host bits
                           on minus 1 (30 in this case)

***Broadcast address - to determine a broadcast address for an IP, apply subnet mask to the IP and to figure
out where the host bits are. Turn on all the host bits on the original IP and add up.
e.g. IP =                 11000101.00001000.00101010.1101|1101
subnet mask =        11111111.11111111.11111111.1111|0000
                                                                   turn host bits on: |1111
                                   add to existing subnet bits: .1101|1111
                                             broadcast is:                  197.8.43. 223

Variable length subnet masks (VLSM) - RFC 950 says it is ok to have more than one subnet mask per
network, but reccommends contiguous subnet masks.
Advantages to doing this:
      1) more subnet masks allow more efficient use of IP addresses
      2) multiple masks permit route aggregaton, which reduces route information on the backbone
Protocols for VLSM:
      1) Open Shortest Path First (OSPF), used for TCP/IP but Solaris doesn't support
      2) Intra Domain Intermediate System (IS-IS), used for OSI/ISO

Permanent subnet masks:
      1) are put in /etc/inet/netmasks which are loaded during reboot
      2) contents include network number and netmask

To figure out number of hosts per subnet, must know subnet mask.
       1) convert subnet mask to binary
       2) turn host bits on
       3) add up and subtract 1

To figure out number of subnets:
       1) convert mask to binary
       2) add the bits that go past the "normal" mask
       3) add 1                                               turn these on, subtract 1 = 4094
                                                  |       |1111.11111111
e.g.          11111111.11111111|.1111| 0000.00000000
                                 normal mask | add |
                                                      =16 subnets

Configuring a subnet:
      1) router setup
          1. edit /etc/inet/hosts add IP and hosname for 2nd ethernet address
          2. edit /etc/inet/netmasks

           3. optional edit /etc/inet/networks
           4. ifconfig plumb, ndd set ipforwarding, in.routed-s, etc...

       2) host setup - change netmask value in /etc/inet/netmasks - either NIS, NIS+ or no centralized file
          1. NIS
             2. edit /etc/hosts - add IP and names of 2nd router address
             3. edit /etc/netmasks
             4. cd /var/yp make
             5. reboot NIS master, then slaves/clients
       2) NIS+
          1. use admintool to change hosts table
          2. change /etc/netmasks
          3. optional change /etc/inet/networks
          4. reboot NIS+ master, workstations
       3) No name service
          1. edit /etc/inet/hosts
          2. edit /etc/inet/netmasks
          3. optional /etc/inet/networks
          4. reboot

To manually temporarily change subnet use ifconfig

Network interface configuration:
      1) part of boot process, via init process
      2) /platform/sunw,x/kernel/unix (kernel)
      3) /sbin/init reads /etc/inittab which runs /sbin/rcS
      4) /sbin/rcS starts /etc/rcS.d/ which
      5) configures loopback and invokes /sbin/ifconfig which
      6) checks /etc/hostname.hme0, etc/inet/hosts etc...

        1) used by /etc/rcS.d/
        2) used later in boot process by /etc/rc2.d/S72inetsvc for NIS or NIS+
        3) use plumb first, then give options
        4) misc
           1. -no trailers - a trailer is not included at the end of ethernet frames. Trailers are used by BSD -
               puts header info at end of packet - not supported in Solaris
           2. + at end of ifconfig statement calculates the broadcast
           3. virtual intrefaces - are never plumbed, they are defined off of "real" interfaces e.g. Ifconfig
           4. 256 virtual interfaces per real interface by default, use ndd set /dev/ip_addrs_per_if 900
               raises the limit


Routing is associated with the Internet Layer and is the mechanism to forward packets from one network to

A stealthy router will forward packets but won't advertise itself as a router.

Creating /etc/notrouter will ensure a machine will not be a router.

Types of Routing:
      1) Table driven - each workstation maintains a kernel routing table that identifies the host or device
          it can forward packets to.

      2) Static routing - routes that remain unless you remove them manually. Rebooting removes the
         entries. Your interface is your router to your wire. /etc/defaultrouter has Ips only, in priority
         order. If this file exists, no dynamic routing.

      3) Dynamic routing - used to identify other networks not directly attached connected, but are
         reachable through routers. The theory is that routers will broadcast the networks they know
         about, and other hosts will update their tables. Dynamic routing is implemented by two daemons
         during run level 2 by /etc/rc2.d/S69inet:
         1. RIP - in.route.d, UDP based, 3 minute updates
         2. RDISC - in.rdisc, multi-cast, 30 minute updates

      1) ICMP (Internet Control Messaging Protocol Redirects) - handles control and error messages.
         ICMP sends reports to the original source. Most commonly used when a host is using default
         routing and there is a better route to the destination. Can lead to a large routing table because
         there is a separate entry in the route table for each redirect. Ping uses this protocol.

      2) Default Routing - a default route is a table entry that allows a host to use if no other specific route
         is available. Defined in /etc/defaultrouter, prevents in.routed and in.rdisc from starting at reboot.

Routing Algorithm in Solaris:
      1) check LAN for destination hosts - destination network number is computed based on destination
         IP, and compared with local interfaces, if one is found, the packets are forwarded

      2) check routing table for matching IP host address - if no local interface network number matches
         the destination network number, kernel searches the routing table for matching host IP address

      3) check routing table for matching network number - if no host IP matches the destination IP,
         kernel looks for matching network number. If found, the destination ethernet address is set to that
         of the router found in the table and that router goes through the same algorithm.

      4) Check for a default entry in routing table - if no matching network number, kernel looks for
         default entry, if found kernel sets destination ethernet address to that of the default router

      5) If there is now route to the host, generates ICMP error message -

Autonomous System (AS) - A collection of networks and routers under a single administrative control. An
AS is assigned a unique 16 bit address by the Internic.
       1) Exterior Gateway Protocols (EGP) are used for communicating between AS's
           1. Exterior Gateway Protocol - not supported by Cisco nor Solaris
           2. Border Gatweay Protocol - is supported - based on path vector
              3. the routing table includes complete paths from source to destination
              4. updates other routers

      1) Interior Gateway Protocols (IGP) are used for communicating within the AS
         1. Open Shortest Path First (OSPF) - link state protocol, not based on distance, but keeps a
            topology map
         2. ***Intra Domain Intermediate System to Intermediate System (IS-IS) - link state
            protocol similar to OSPF and is desingedfor OSI networks.
         3. Routing Information Protocol (RIP) - distance vector protocol - 15 max. hops
            4. Disadvantages:
                5. least cost path - just looks at amount of hops
                6. doesn't load balance
                7. generates lots of traffic

                  8. no support for multiple metrics
              9. Advantages:
                  10. stable and easy to implement
                  11. 30 second updates
                  12. routing tables are dynamically updated
              13. Stability features:
                  14. hop count limit of 15
                  15. hold down state - used to prevent regular update messages from inappropriately
                      reinstating a route that has gone bad
                  16. split horizons - never send information about a route back in the direction from which
                      it came
                  17. triggered updates with poison reverse - removes routes and place in hold down state
          18. in.routed Process - /usr/sbin/in.routed implements RIP and causes a host to
                  broadcast its own routing information, if more than one ethernet interface          exists. A
              router will broadcast to all of the networks it is directly attached to every 30 seconds. All
              hosts receive the broadcast, but only those          running in.routed will process the
              information. Routers run in.routed - s, non-routers run in.routed - q.
                  1) in.routed is started at boot by /etc/init.d/inetinit
                  2) use - q to run in quiet mode, the host still listens
                  3) use - v /var/adm/routelog to log
                  4) use - g - t to log to the screen
       5) Network Router Discovery (RDISC) - a protocol that can send and receive router advertisement
          messages. RDISC is implemented through the in.rdisc process. Must run jointly with some other
          protocol, so why not just run RIP, which does both functions?
                  5) Routers run in.rdisc - r to advertise using multicast address every 10 minutes
                  6) non-routers run - s process
                  7) advantages
                      1. routing protocol independent
                      2. uses multicast address
                      3. may result in a smaller table
                      4. provides redundancy through multiple default route entries
                  1) disadvantages
                      1. 10 minute default can result in "black hole"
                      2. routers must also run a routing procotol like RIP to learn about other networks.
                          RDISC doesn't provide paths to other routers
                      3. ICMP redirects can occur if more than one default router is available to a host.

Multihomed Host - a host with more than two network interfaces that does not run routing protocols or
forward IP packets. These are the types of machines that can be configured as multihomed hosts:
      1) NFS servers
      2) Database servers
      3) Firewall gateways

Routing Initialization Process
      1) at boot time the startup script /etc/init.d/inetinit looks for /etc/defaultrouter
      2) if it exists, the static routes are entered and no route processes are started
      3) if no /etc/defaultrouter, then looks for /etc/notrouter
      4) if /etc/notrouter exits, neither in.routed nor in.rdisc is started and IP forwarding is turned off
      5) if no /etc/notrouter, but more than two inet entries, start in.routed or in.rdisc (depending on what
          you have commented out in inetinit), and tuirn on IP forwarding.

/usr/bin/netstat - r - displays routing table informatin
        1) destination = /etc/networks or /etc/inet/hosts
        2) gateway = host that delivers or forwards the packet
        3) flags = status of the route

           1.   U = interface is up
           2.   H = destination is a host, not a network
           3.   G = the delivery host is another host (an indirect path)
           4.   D = the path is an ICMP redirect entry
           5.   Ref = the number of routes that share the same ethernet address
           6.   Use = number of packets sent using this route, for localhost the number of packets received
           7.   Interface = the interface uised to go to the destination

/etc/inet/networks - associates a network number to a network name.

Manually manipulating the Routing table
     1) route add net skunk 1 - adds a route to a network called skunk
     2) route - f = flushes the routing table
     3) ***route add `uname - n` 0 - add multicast path for
     4) if flushing or deleting entries, you must restart the routing protocol

/etc/gateways - optional - in.routed reads it upon initialization - it is a way to add a permanent route that is
not a default route. It is for network entries only

Router Configuration
      1) create a /etc/hostname.interface file
      2) edit the /etc/inet/hosts to add router name/IP
      3) ifconfig hme1 plumb??
      4) perfrom a reconfigure boot - touch /reconfigure, init 5, add card
      5) verify new interface parameters

Router Configuration without reboot
      1) edit /etc/hostname.hme1
      2) edit /etc/inet/hosts
      3) edit /etc/inet/netmasks
      4) ifconfig hme1 plumb
      5) ifconfig hme1 inet {IP} netmask {} broadcast + up
      6) ndd - set /dev/ip ip_forwarding 1
      7) pkill in.routed
      8) inrouted - s

Troubleshooting Router Configuration
        1) ptrconf|grep - v not to see if the machine recognizes the card
        2) ifconfig - a to see if the card is set
        3) check /etc/hostname.interface
        4) check /etc/inet/hosts
Configure a Multihomed host:
        1) create /etc/hostname.interface for each interface
        2) edit /etc/hosts
        3) create /etc/notrouter
        4) touch /reconfigure, init 5
        5) ifconfig - a to check
ps - |grep in.r to see the in.ridsc - s processCHAPTER 7        TRANSPORT LAYER

The Transport layer moves data to and from the correct application. It uses a transport header which has a
destination port number and a source port number. (Port numbers define the application.) This layer also
handles error detection and recovery problems.

There are two protocols associated with this layer:

        TCP (Transmisison Control Protocol)                             UDP (User Datagram Protocol)
Connection oriented - a connection with another host Connectionless
must be established before data can be passed
Very reliable                                              Unreliable
Relatively slow                                            Relatively fast
Statefull - includes info about the state of the client    Stateless
Requires acknowledgement (or retransmit/timeout            No acknowledgement system used
Unstructured stream orientation - TCP breaks            Receives data from an application and divides it into
incoming data into efficient pieces to send to Internet datagrams.
Layer - packets are passed to receiver in the same
                                                        Application is responsible for reliability and flow
sequence the application sent them
                                                        control. Packets can be lost or delivered out of order.
Virtual circuit connection - the connection must be        Used for small transmissions
established before you can talk.
Buffered transfer - controls data flow through
input/output buffers.
Full duplex connection - concurrent transfers in both
directions "piggybacking"
Instructional stream - ???

TCP flow control uses the Sliding Window Principle - the receiving host informs the sending host of how
much data it is prepared to receive. This standard window size is 16bit (64KB), RFC 1323 allows larger
sizes 1GB.

Congestion - adjusts the size of sliding window according to the number of lost packets. When packets are
lost, the congestion window is reduced by half, and the retransmission timer is backed off exponetially.
When congestion is better, a "slow start" process begins, whereby the congestion window is increased by
one segment each time an acknowledgement is received.CHAPTER 8 CLIENT-SERVER MODEL

Applications relate to the Application Layer, which is the relationship between client processes and server
Applications use port numbers. An IP + port number = socket. There are 65,536 sockets available.
For an application to be able to execute, it must be listed in either /etc/services or /etc/rpc.
For an application to execute, it must be in the process table or be in /etc/inetd.conf.

ONC+ - Open Network Computing - this is Sun's open systems distributed computing environment. It is
made up of a service available to developers to make distributed applications.

                                                    RPC Apps
                                 TI-RPC                                       XDR
                                   TCI                                       Sockets
                                              TCP or UDP Port #s

TI-RPC - Transport Independent Remote Procedure Call, allows applications to be binary compatible so
they can use any transport without a recompile.

XDR - RPC data is transported using External Data Representation. It is an architecture independent
specification for representating data. It resolves the differences in data byte ordering, data type size in
different hardware.

TLI - Transport Interface API between the OSI Transport and Session Layers.

Sockets - These are the Berkely interfaces to network protocols. They are the endpoint of communication to
which a name can be bound. They are made up of a type and an associated process and are used for
interprocess communcation.

RPC applications - NFS, NIS+, etc.

Port numbers - every network service uses a port number, which represents an address space that is reserved
by the kernel for that service. A client exits via an arbitrary port, but communicates with a server via a
dedicated known port.

/etc/inet/services is used to register reserved port numbers, services and protocols for Internet services.
They are also registered with the NIC. The first 1024 ports are reserved for root owned processes.

Server processes are started either during booting at run level 2 or 3, or they are started on demand, e.g.
Ftp, rlogin, when a client requests them.

Inetd is started at run level 2 from /etc/init.d/inetsvc. It listens for processes that are not started at boot
time, and starts them when requested.

/etc/inetd/inetd.conf - lists the services and processes that inet will start. You must send a HUP signal to
inetd if you change the configuration file.

RPC solves the problem of having many services that would need to have designated port numbers and thus
be listed in /etc/inet/services.

Rpcbind (started during run level 2 via /etc/init.d/rpc on port 111) is the process that listens for all RPC
based services. Clients don't need to know the port number, the server returns an arbitrary port number that
is defined during boot.

Status commands
         rpcinfo - p host = lists all RPC services
         netstat - a = ports that are reserved, established connections
CHAPTER 9          DHCP (Dynamic Host Configuration Protocol)

       1)   must use non-overlapping IP's
       2)   automates and centralizes assignments of IP's
       3)   reduces cost of managing networks
       4)   provides solution for depletion of IP's

CIDR (Classless Interdomain Routing) - result of depletion of IP's, based on the idea that organizations
should be given a more exact number of IP's instead of entire huge networks. They are from class C
networks and use contiguous numbers. The blocks are allocated to ISP's not individuals.

How DHCP uses Bootp:
          DHCP is an extension of bootp, which allows automatic download of IP            information to
clients, but DHCP adds the ability to have reusable IP's by     implementing a lease on the IP. Bootp
clients are supported under DHCP. The        allocation is based on:
            1. physical connection to a subnet

          2. the hardware address of the ethernet card
          3. a client's identification string assigned by a network manager

DHCP features:
     1) automatic management of IP's without duplication
     2) bootp clients supported
     3) lease times (3 day default)
     4) ability to set limits of which MAC addresses are served
     5) define the pool of addresses
     6) can associate two or more pools on a separate network (or subnet)
     e.g. Will allow a router to act as a bootp relay for an interface that has more than one IP network

DHCP clients have two functions:
     1) establish an endpoint for network communcaiton
     2) provide system and application level software parameters

DHCP server:
      1) need SUNWdhcsu, SUNWdhscr
      2) manages IP's
      3) secondary servers or bootp relay agents must be set up for the server to control other networks
      4) primary server - controls a set of IP's (another primary can be on the same nework but must
          control a different block of IP's
      5) secondary server - confirms existing configurations of a primary, when the primary is unable to
          respond (each primary also acts as a secondary)
      1) this is a utility for the initial DHCP setup
      2) it creates /var/dhcptab which contains info about the client configuration by macros and symbols
          and is changed via dhtadm
      3) it also creates /var/dhcp_network which maps a client's identifier to an IP address, the default file
          name is the network number with underscores (128_9_1_0) and is changed via pntadm
          1. can be put in either NIS+ (/etc/default/dhcp) or as text files

Lease time policy:
       1) this is defined in the dhcp_network file
       2) it is defined by the leasetim symbol which uses relative time for an IP e.g. 2 days, and adds that
          time to the current time to determine expiration time
       3) leasneg determines if a client can renegotiate a lease
          1. lease flags are
               2. 0 = dynamic, a regular DHCP IP with an expiration time
               3. 1 = permanent lease, the IP can't be changed
               4. 2 = manual, IP is assigned to a specific host and can only be changed by an administrator
               5. 4 = unusable IP

DHCP Server configuration:
     1) collect information about the network (IP's, topology, subnets, etc.)
     2) decide to use NIS+ or files
     3) run dhcpconfig
        1. configure DHCP server
        2. configure bootp relay agent
        3. unconfigure DHCP or relay service
        4. exit

DHCP Client configuration:

       1) by default client side DHCP service is disabled
       2) create a /etc/dhcp.le0 file for each interface

Trouble-shooting DHCP:
      1) snoop
      2) dhcp - d (debug mode)
      3) reboot client
      4) stop/start the daemon (/etc/init.d/dhcp stop/start)


The ISO definition of network management:
      1) configuration management - monitor/maintain the state of the network
      2) fault management - detecting and isolating problems
      3) performance management
      4) accounting management - determine appropriate billing
      5) security management

The minmal components include:
      1) a GUI nework management application and disk to log events
      2) a device to be managed that has an agent process on it

SNMP - Simple Network Management Protocol - is IP based and uses UDP. It's based on the idea that if
network traffic is degraded, UDP packets will still flow. There are three basic functions:
      1) get - retrieving information from a device agent
      2) set - changing data on a device
      3) trap - sending unsolicited messages to the management station

Structure of Management Information (SMI):
       1) based on RFC 1165
       2) describes host managed objects in the MIB (management information database) are defined

Object Identifier (OID) - the global tree of how to access devices via a sequence of intergers. e.g. might equal

Abstract Syntax Notation One (ASN.1) - describes managed objects in the MIB

Solaris SNMP management products:
       1) Site Manager - up to 100 nodes, SunNet Manager is now part of this
       2) Domain Manager - multi-site networks
       3) Enterprise Manager - mission critical businesses
       4) Enterprise Agents - allows multiple agents to run on a system with a master agent that does
          scheduling and is the main interface to the managing application

CHAPTER 11                  DOMAIN NAME SYSTEM (DNS)

DNS is needed so datagrams can plug in the destination IP address.

Brief history: all hosts on the Internet used to be listed in one file (hosts.txt) and maintained by the NIC, but
there were serveral problems with this:
       1) name uniqueness - running out of names
       2) file maintenance
       3) server/network load due to the downloading of hosts.txt

The solution was DNS:

       1) create domains of names where you can have name uniqueness within a domain
       2) use a distributed database where many servers are used for resolution
       3) use caching to reduce traffic

     1)    collection of names
     2)    specifies keys for lookups
     3)    inverted tree structure
     4)    can be broken into subdomains

Top level domains are controlled by the NIC (.com, .edu etc) and can be broken into two main categories;
organizational and geographical.

     1)    Fully Qualified Domain Name (FQDN) - all branches plus a trailing dot
     2)    Relative Domain Name (RDN) - a shortened version without a trailing dot
     3)    255 character limit per FQDN
     4)    63 character limit per domain
     5)    only alpha/numeric/dashes Domain - takes an IP address and converts it to a domain name (reverse lookup).

Zones of authority (ZOA) - A portion of a name space which a server is authoritative over. A server can be
authoritative for more than one domain.

DNS servers:
     1) Root servers
         1. maintained by the NIC
         2. only 13 total
         3. name scheme is,, etc.
     1) Primary
         1. usually one per domain
         2. authoritative for their domain
         3. they synchronize their secondaries
     1) Secondary
         1. each domain has one or more secondary
         2. they are authoritative for their domain
         3. they get updates from their primary
         4. they share the load and add to redundancy
     1) Cache only
         1. not authoritative for any domain
         2. they keep a local cache of looked up names
         3. they reduce the overhead associated with secondary servers performaning zone transfers
     1) Forwarding servers
         1. focal point for all off-site DNS requests
         2. reduces the number of off-site requests
         3. no special setup needed
         4. if it fails, the local server can still respond to remote requests

DNS answers
     1) authoritative - based on a disk based file
     2) non-authoritative - based on a cache

DNS resolution process: starts with a client resolver (built into the OS) that is activated by a reference to

DNS in nsswitch.conf.
      1) consults /etc/nsswitch.conf to see if files or nisplus is used and what order
      2) consults /etc/inet/hosts for an entry, if none found then
      3) sends query to nisplus server
      4) consults /etc/resolv.conf for local DNS IP
      5) sends a query to local DNS server for the IP
      6) local DNS server checks it's cache, if there it returns a non-authoritative answer, if it isn't there,
      7) local DNS server contacts the appropriate DNS server for a root server or the IP
      8) root server returns names/addresses of all .net servers
      9) local DNS server contacts one of the .net servers
      10) the .net server returns names/addresses of servers
      11) local DNS server contacts one of the servers
      12) the server returns the names/addresses of the servers
      13) local DNS server returns the requested IP to the client

BIND (Berkeley Internet Name Domain) - most common DNS implementation, solaris uses 8.1.2

DNS Primary server configuration:
     1) the process is in.named which is started by /etc/init.d/inetsvc or   /usr/sbin/in.named??
     2) /etc/named.conf
        1. establishes server as primary, secondary or cache type
        2. specifies zones of authority
        3. defines which other files to consult
        4. resource record types:
            5. A - IP to hostname entry
            6. CNAME - an alias for a machine
            7. MX - defines a mail server
            8. NS - name server
            9. SOA - start of authority
            10. PTR - used in reverse file
     1) /var/named/named.root - provides hints to identity of ROOT servers by name to IP
     2) /var/named/domain-info - maps names to IP's for all systems in the domain
     3) /var/named/inverse-domain-info - maps IP to hostname
     4) /var/named/loopback-domain-info - used for inverse loopback domain address

Misc. files to edit:
       1) /etc/nsswitch.conf - add DNS to the "hosts" entry
       2) /etc/resolv.conf - list domain, nameservers and Ips

Secondary DNS server setup:
      1) create /etc/named.conf
      2) create /var/named/domain-info

Debug tools:
      1) nslookup - comes with DNS and is used to debug domains by specifying a DNS server
      2) BIND debug tools - dump the memory cache to /var/named/named_dump.db in ACSI
      3) pkill - USR1 - will increase the debug level by one for in.named
      4) pkill - USR2 - will return the in.named daemon to debug level 0
      5) dig - tool available off the web

DNS sercurity:
     1) /etc/named.conf allows query statements to restrict access to the nameserver by IP or zone
     2) allow-transfer statements restrict zone transfers
     3) default is any host

h2n - is a Perl script that helps automate setup and maintenance of DNS zones.

See page 11-63 for setup process.

Routing of email is done at the Application Layer via mail relays. Routing of datagrams is done at the
Internet Layer via routers.

Main components of an email system:
      1) mail user agent - the user application in Solaris: mail, mailx, mailtool, dtmail
      2) mail transport agent (MTA) - sendmail
         1. routes email
         2. resolves email addresses
         3. selects delivery agent
         4. receives incoming mail from other transfer agents
      1) mail delivery agent (MDA) - mail.local
         1. gets mail to a local user's mailbox file

Delivery process:
        /bin/mailx ==> /usr/lib/sendmail ==> /usr/lib/mail.local ==> /bin/mailx
        sends message routes message       delivers message reads message

Mail routing concepts:
        You must have a sender and a recipient. A recipient could be a user, alias, file (/),      or
program (|).

       1) mail host - reroutes within a domain, determines if deliverable
       2) relay host - delivers mail between mail domains
          1. not needed if your mail doesn't leave immediate domain
          2. a router should be configured to do this if you need one
       1) gateway - delivers mail between domains with different protocols
       2) mailbox server - must have at least one, stores /var/mail
       3) mail client - receives mail from server via either nfs, pop, imap

Types of addresses:
      1) unqualified - username or alias - used when the recipient is known by the host and has a mailbox
      2) qualified - username@machine - used when the recipient is known within the domain
      3) fully qualified - username@subdomain2.subdomain.1.topleveldomain
      4) UUCP - machinex!machiney!username - where x is the closest machine to the sender
      5) hybrid address - machinex!username@domain used for sending to different message transfer

Elements of an address:
      1) recipient
      2) delimeter - e.g. ., :, %, @, !, ^, =, []
      3) destination - where the recipient's mailbox lives

Alias resolution:
       1) sendmail accesses /etc/mail/aliases, NIS+ aliases or NIS depending on /etc/nsswitch.conf
       2) additional files consulted are:
           1. $HOME/.mailrc
               2. used for private aliases
               3. dtmail, mailtool, and mailx consult before going to sendmail

          4. /etc/mail/aliases - located on the local system
             5. sendmail looks at it when the address is local
             6. any user can use these aliases
             7. run newaliases after updating
          8. NIS+ aliases table
          9. $HOME/.forward
             10. must be writable only by owner
             11. always consulted on the recipient's machine

Elements of a mail system:
      1) config file
      2) alias files
      3) mailbox for each user
      4) postmaster alias for the administor

Elements for local mail only:
      1) one mail host, 2 or more workstations
      2) /etc/mail/ on each client
      3) designated servers
      4) add "mailhost domainname" to /etc/hosts
      5) add the mail host IP to /etc/hosts on each client
      6) have enough space in /var/mail on each client

Elements for local mail in remote mode:
      1) on each client
      2) desginate server
      3) add "mailhost domainname" to /etc/hosts on the server
      4) add mailhost IP to /etc/hosts on each client
      5) edit /etc/vfstab on clients to mount /var/mail
      6) have enough disk space

Elements for multiple mail servers:
      1) verify /var/mail is exported ("share")
      2) if not, add "share \F nfs \o rw /var/mail" to /etc/dfs/dfstab
      3) shareall

Mail clients:
       1) ping the server, if unknown, add to hosts or NIS
       2) dfshare servername
       3) verify /var/mail exists
       4) edit /etc/vfstab to add /var/mail
       5) add client to proper alias db

Internet Message Access Protocol (IMAP) this is a MTA and supports three types of access:
       1) offline access - email is downloaded from the server and removed
       2) online access - messages occur on the server as you manipulate them
       3) disconnected - remote users download messages (not removed) to be cached, where they can then
          be manipulated and then uploaded.

CHAPTER 13                 SENDMAIL

Brief history of sendmail - written at Berkeley, v8.7 and later writen in conjuction with IETF.

       1) collects messages from clients

       2) edits header
       3) calls appropriate mailers to deliver
       4) can use TCP/IP or UUCP

       1)   supports sysem V mail, Unix version 7 mail, Internet mail
       2)   reliable
       3)   uses existing software for delivery whenever possible
       4)   supports multiple protocols
       5)   groups can maintain their own lists
       6)   doesn't include binary, but dtmail does

***Main functions of sendmail processing:
     1) argument processing and address parsing
         1. collects recipient names and creates two files
            2. one is a list of recipients
            3. other contains header/body of message
     1) message collection of the envelope, message header and message body
     2) message delivery - each recipient gets a customized header, sendmail then calls the appropriate
         mailer to deliver
     3) error handling - if mailer can't deliver, an error message is retruned
     4) queueing for retransmission - will retry every 15 minutes for 3 days
     5) return to sender - if errors occur, a message is returned to the sender or written in dead.letter of
         sender's home directory

Main parts of sendmail messages:
      1) message format
          1. envelope - sender address, recipient's address, routing info. Not seen by users
          2. message header - exact header format, 1st space means end of header section
          3. message body - everything that follows the header

Simple Mail Transfer Protocol (SMTP)
      1) defines how two MTA's can communicate across a TCP connection
      2) RFC 822
      3) contains 14 commands
      4) uses port 25

Changes to sendmail in Solaris 7 - uses version 8.9.1
      1) now has it's own packages
          1. ***SUNWsndmr - installs config files is /etc/ and var/spool
          2. ***SUNWsndmu - install binaries
      1) more security features on directories and .forward files
      2) strong anti-spam support

Directory structure of sendmail:
       1) /usr/lib/mail - contains files that are processed by m4 to build .cf files
       2) /etc/mail - contains aliases, mail.rc, and other config files

Main sendmail files: in order to customize your sendmail environment, you must edit and
compile it with m4 to produce the actual config files.

       1) /etc/mail/ - read every time sendmail daemon is started
          1. is not directly edited
          2. defines sendmail environment
          3. rewrite rules for addresses

            4. how mail will be routed
            5. how addresses are implemented
       1)   /etc/mail/
            1. is a template used by the mail host, relay host and gateway
       1)   /etc/mail/
            1. is a template used on a machine that is not a mail host, relay host or gateway
       1)   /usr/lib/mail/cf/
            1. file that you edit to make changes to your sendmail environment
            2. contains macros
            3. must run make after editing
       1)   m4 preprepocessor
            1. /usr/ccs/bin/m4
            2. builds by using .mc file as input

How to build a new configuration file:
      1) cd /usr/lib/mail/cf
      2) cp
      3) edit
      4) edit the make file in this directory to include at the end of the line starting with
      5) run /usr/ccs/bin/make to compile
      6) cp /etc/mail/

Stopping and starting sendmail:
      1) normally started at boot via /etc/init.d/sendmail
      2) if changes are made to configuration, use /etc/init.d/sendmail start/stop
      3) bd opitons tell sendmail to listen on the SMTP port (25)
      4) q15 says to deliver mail to /var/spool every 15 minutes
      5) pkill sendmail will also stop process

Mail exchange records:
       1) used when a site has a central mailhub
       2) makes sure mail addressed to remote sites is relayed through correct gateway
       3) provides backup if the destination host is down
       4) is configured in DNS with a priority ranking number for multiple mailhosts
       5) can have multiple MX records for a given name

CHAPTER 14                  COMMON MAIL TASKS

debugging sendmail:

     mailx -v - causes sendmail to show the delivery attempt verbosely.
     same with sendmail -v

     use smtp commands

            mconnect talks to sendmail daemon directly without
            other layers involved.
            telnet localhost 25

            the sendmail daemon listens for connection requests on
            TCP port 25, as defined in /etc/services, and if forks
            an SMTP server when it recieves a request.

          jasonw@satori:~/86>mconnect connecting to host
          localhost (, port 25 connection open 220
          satori.West.Sun.COM ESMTP Sendmail 8.9.3+Sun/8.9.1;
          Sat, 29 Apr 2000 14:31:09 -0700 (PDT)

          more /etc/mail/sendmail.hf will show the available
          commands to use, or type help.

     simple mail transfer protocol - RFC821
         is used to send/receive messages
         is a simple command set
         follows a handshacking process

          extensions to smtp is called esmtp (sol7 uses this)

Testing Sendmail

     after any changes to the config files:
           1) reboot the system or stop/start the sendmail daemo
           2) send test messages using mailx -v
           3) do these tests
                a) send mail to yourself
                b) if using ethernet, send mail to others
                c) send to another domain
                d) if using ucp, test hosts that use it
                e) send mail to postmasters on other systems
           4) use mailstats to check on the server stats
                a) touch /etc/mail/ first

VRFY - used with mconnect, allows you test if a user is valid, is
considered a security risk.

EXPN - used with mconnect, allows you to expand a mailing list, alias,
or user mail path, is considered a security risk also.

Setting up Postmaster alias:
     1) create one in each local /etc/mail/aliases file
     2) change root to the mail address of the person who will read
       postmaster mail.
     3) create a separate account for the user that will act as
       postmaster (use * for password)
     4) type mail -f postmaster

Mail queue - located in /var/spool/mqueue - a directory that contains
data and control files for messages that sendmail delivers. This queue
is used when the system is under a high load and can't deliver mail

Types of queue files:

     d - data file, the message body
     l - lock file, the job is being processes

     n - a file that is created when an ID is created, ensures no
         mail can be destroyed because of a race condition,
         shouldn't exist formore than a few milliseconds.
     q - queue control file
     t - temporary file
     x - transcript file that shows what happened during a session

The queue is run at the interval specified in the file (15
min default). To print the queue, sendmaill -bp|more or mailq|more

If a queue gets too large, and you want to process it later, kill
sendmail, mv the /var/spool/mqueue to another name, create a new empty
mqueue, and start a new sendmail process.

To process the old queue, /usr/lib/sendmail -oQ/var/spool/oldqueuename
-q The -oQ says to use an alternate directory, and -q says to process
every job in the queue. Then remove the queue when finished.

Mail will send errors to syslogd program, which will record errors to
/var/log/syslog. You can edit /etc/syslog.conf to add mail related
entrys to force syslogd to report on additional mail errors. e.g.

     ***mail.alert -message about conditions that should be fixed now
       mail.crit - critical messages
       mail.warning - warnings
       mail.notice - not errors, might need attention - informational messages
       mail.debug - debugging messages

Administering .forward files
   You can disable the use of .forwards by copying
   /usr/lib/mail/domain/solaris-generic.m4 to myhost.domain.m4 and adding
   the following line:

     the '' is what disables it. Then build and install the configuration.

SPAM - most spam attacks involve someone using another site as a
relay. The most useful information in the header is the Received:
line, it can determine the sender and the origin of the message.

Tools used:
    traceroute, nslookup, dig, whois

Disabling spam:
    1) copy /usr/lib/mail/cf/ to
    2) edit to add: FEATURE(access_db)
    3) this tells sendmail which sites to reject/forward mail to
    4) create the /etc/mail/access file to define restrictions.
    5) create the access database file: makemap dbm access < access
    6) stop/start the sendmail process

You can configure sendmail to masquerade your host names as some other name by making a file

and adding a masquerade_as line.

CHAPTER 15                   LAN PLANNING

get the tcp/ip and data communications sun p/n 802-5753-10

LAN Planning Considerations:
     1) Review the relationship of the LAN to the organization's goals
        1. e.g. Services, information sharing, etc
     1) Identify generic functions required
        1. email, printer sharing, license sharing, machine sharing
     1) Follow industry standards whenver possible
     2) Gather data for desing specs
        1. diagram work flows, survey users, etc.
     1) Analyze the data
        1. how much bandwidth is needed? Capacity plannin, types of apps, etc.
     1) Determine any mission critical requirements
        1. HA, security, backup concerns

Define the LAN Standards:
       1) heterogeneous or homogeneous network?
       2) Single network media, single manufacturer for all components
       3) set up policies for adding to the network
       4) assign a nework person or team

LAN Topology:
     1) determine media type
     2) keep in mind cost, performance, flexibility, reliability and security
     3) two tiered hierarchy for redundancy and easy growth?

Blueprinting the LAN:
      1) details of cabling, routers, bridges, etc. in relation to the physical building
      2) include cable requirement worksheets


General Troubleshooting
    1) define the problem in your own words
    2) backup the system
    3) test/retest - be able to replicate the problem
    4) document steps/results
    5) make permanent changes

    ping (packet internet groper)
         - s - no ouput is produced until and ICMP response is
         received from the target host

          -s <broadcast address> - will send a ping to every
          host on the net to see who responds

     ifconfig (2 versions)

          /sbin/ifconfig called by /etc/rc2.d/ -
          this version is not affected by /etc/nsswitch.conf

          /usr/sbin/ifconfig - called by /etc/rc2.d/S69inet and
          /etc/rc2.d/S72inetsvc and is affected by /etc/nsswitch.conf

          use plumb switch for manually added interfaces

     arp - for debugging duplicate IPs
           1) determine the MAC address for the target host
           2) from another host ping the target host by name
           3) then use arp to see if target host is correct

     snoop - for looking at packets
         -i to look at the snoop file
         -v for looking at each packet verbosely
         use snoop on the file in terse mode first to find a
         set of packets you are interested in, then use -p to
         view those packets e.g. snoop -p2,2 -v -i snoopfile

     ndd - be very careful
          ndd /dev/hme \? to determine which parameters a
          network supports

          ndd /dev/ip ip_forwarding to determine if the system
          forwards IP or not, a value of 1 means it does

          ndd /dev/hme link_speed tells if the hme interface is
          running at 10 or 100 Mbps, a value of 1 means 100mbps

          ndd /dev/hme link_mode tells is the interface is in
          half or full duplex, 1 means full-duplex

     netstat used to display the routing tables
          -n will use IPs, eliminates host name services issues
          -v gives MTU and additional info

     traceroute - uses IP TTL and forces:
          ICMP TIME_EXCEEDED and PORT_UNREACHABLE responses from
          all gateways and routers

          -I forces ICMP ECHO

          -n uses IPs only

Troubleshooting Techniques:
    One methodology is to think in terms of TCP/IP layers.
         1) App layer - can another system use the app? Could
         use snoop to determine if the app is sending/receivingdata.

          2) Transport/Internet layer - look for ICMP messages,
          check routers/switches, hostname/IP translations,
          netmask/broadcast numbers, etc.

          3) Network interface - are packets actually being

     passed? use snoop/arp to test

     4) Physcial layer - is the LED light on? it will be
     lit even if the transmit line is damaged

Or you can think in terms of functionality


Shared By:
jianghongl jianghongl http://