mirror of
https://github.com/Wojtek242/route0.git
synced 2024-12-22 07:34:40 +01:00
Fixes to IP addresses and subnets lesson
This commit is contained in:
parent
a9787d6932
commit
c4658d3b4f
@ -1,70 +1,76 @@
|
||||
# IP Addresses and Subnets
|
||||
|
||||
This lesson introduces and explains IP addresses, subnets, and routing between
|
||||
directly connected devices.
|
||||
This lesson introduces and explains IP addresses, subnets, and forwarding
|
||||
between directly connected devices. Here, we will manually setup all the
|
||||
interfaces and routes to achieve network connectivity for the `one_rtr`
|
||||
topology. The best way to learn and understand what is going on with addresses
|
||||
and routes is to actually manually setup the network and inspect the effects of
|
||||
the individual pieces on the connectivity of the network.
|
||||
|
||||
This lesson is a continuation of the
|
||||
[introduction](introduction-to-route-0.md). Here, we will manually setup all
|
||||
the interfaces and routes to achieve the network connectivity we had there for
|
||||
the `one_rtr` topology.
|
||||
## Starting the network
|
||||
|
||||
## Assembling the network
|
||||
Start the network as normal using the [`one_rtr` topology](../topology/one_rtr)
|
||||
and the `plain` scenario
|
||||
|
||||
The best way to learn and understand what is going on with addresses and routes
|
||||
is to actually manually setup the network and inspect the effects of the
|
||||
individual pieces on the connectivity of the network.
|
||||
|
||||
Start the network just like in the introductory lesson, but this time with none
|
||||
of the address and route configuration by running the `plain` scenario
|
||||
```
|
||||
sudo python route0.py --topology one_rtr --scenario plain
|
||||
```
|
||||
|
||||
Start by having a look around using the commands you learned in the previous
|
||||
lesson, `ip address` and `ip route`, and notice how none of the addresses or
|
||||
routes are present on any of the nodes. Furthermore, if you try running the
|
||||
pings between any of the nodes, you will find they do not work and fail with a
|
||||
`Network is unreachable` error. In this lesson we will manually reconstruct
|
||||
the `basic` network to illustrate all the different concepts involved.
|
||||
The plain scenario launches the network, but will not set up any addresses or
|
||||
routes.
|
||||
|
||||
### Assigning IP addresses
|
||||
Start by having a look around using the commands, `ip addr` and `ip route`, and
|
||||
notice how no addresses or routes are present on any of the nodes.
|
||||
Furthermore, if you try running the pings between any of the nodes using the
|
||||
addresses specified for the [topology](../topology/one_rtr), you will find they
|
||||
do not work and fail with a `Network is unreachable` error. In this lesson we
|
||||
will manually reconstruct this network to illustrate all the different concepts
|
||||
involved. The end result will behave just like the `basic` scenario for the
|
||||
same topology.
|
||||
|
||||
## Assigning IP addresses
|
||||
|
||||
A good place to start would be to simply assign all the IP addresses as per the
|
||||
[`one_rtr` topology](../topology/one_rtr). The command to assign an IP address
|
||||
to an interface in Linux has the form
|
||||
```
|
||||
ip address add <ip>/<mask-digits> dev <if-name>
|
||||
ip addr add <ip>/<mask-digits> dev <if-name>
|
||||
```
|
||||
|
||||
This command assigns the address `<ip>` associated with the subnet defined by
|
||||
the `<mask-digits>` to the interface `<if-name>`. This should be pretty
|
||||
self-explanatory except for the subnet which may be a new concept for some of
|
||||
you.
|
||||
self-explanatory except for the subnet which may be a new concept.
|
||||
|
||||
An IPv4 address is a 32-bit number. The common representation `x.x.x.x` simply
|
||||
splits this number into four 8-bit numbers making it more readable for a human.
|
||||
This is why none of the four numbers ever exceed 255 as that is the largest
|
||||
number you can represent with 8 bits.
|
||||
An IPv4 address is just a 32-bit number. The common representation `x.x.x.x`
|
||||
simply splits this number into four 8-bit numbers making it more readable for a
|
||||
human. This is why none of the four numbers ever exceed 255 as that is the
|
||||
largest number you can represent with 8 bits.
|
||||
|
||||
A subnet is a subdivision of an IP network and determines all the possible IP
|
||||
addresses that can be connected directly to each other over a local network.
|
||||
All IP addresses that belong to the same subnet are accessible through the same
|
||||
local network. Therefore, having an interface that is part of a particular
|
||||
subnet means that we can communicate with all the other addresses in that
|
||||
subnet by using this interface.
|
||||
A subnet is a subdivision of an IP network and determines a subset of all the
|
||||
possible IP addresses that can be connected directly to each other over this
|
||||
subdivision, a local network. All IP addresses that belong to the same subnet
|
||||
are accessible through the same local network. Having an interface that is
|
||||
part of a particular subnet means that we can communicate with all the other
|
||||
addresses in that subnet by using this interface.
|
||||
|
||||
The subnet of an IP address is determined by its prefix. The length in bits of
|
||||
the prefix is determine by the `mask-digits`. Thus, the IP address
|
||||
`10.11.12.13/24` belongs to a subnet defined by its first 24 bits,
|
||||
`10.11.12.0/24`. The router will now forward all traffic to any IP address on
|
||||
this subnet, such as `10.11.12.1` or `10.11.12.165`, over this interface.
|
||||
this subnet, such as `10.11.12.1` or `10.11.12.165`, over this interface.
|
||||
|
||||
This is how in the example in the previous lesson `R1` was able to forward the
|
||||
packet from `h1_1` to `h1_2`. `R1` received a packet addressed to `10.2.0.1`
|
||||
on its interface with `h1_1`. It quickly determined that `10.2.0.1` belongs to
|
||||
the subnet `10.2.0.0/24` which is connected to its `R1-eth2` interface which
|
||||
had the address `10.2.0.254/24`. Therefore, it was able to forward the packet
|
||||
over this interface.
|
||||
on its interface with `h1_1`. It was able to then determine that `10.2.0.1`
|
||||
belongs to the subnet `10.2.0.0/24` which is connected to its `R1-eth2`
|
||||
interface which had the address `10.2.0.254/24`. Therefore, it was able to
|
||||
forward the packet over this interface.
|
||||
|
||||
Note that a subnet length does not have to match the 8-bit divisions and
|
||||
subnets. `10.11.12.4/30` is also a valid subnet. Such subnets are very
|
||||
practical as it allows an operator to assign a more appropriate number of IP
|
||||
addresses to a particular network than would be otherwise possible. However,
|
||||
we will avoid them in these lessons as they are harder to read.
|
||||
|
||||
Go ahead and assign all the IP addresses to the interfaces in the network.
|
||||
Don't forget to prefix the commands with the name of the node on which you want
|
||||
@ -73,27 +79,23 @@ to run the command.
|
||||
Once all addresses have been assigned try pinging `h1_1` and `h1_2` from the
|
||||
middle node, `R1`, and verify that this works. You should also verify that
|
||||
both `h1_1` and `h1_2` are able to ping the IP address at the other end of
|
||||
their link. However, neither `h1_1` or `h1_2` should be able to ping the
|
||||
interface on the other side of `R1` or each other.
|
||||
their link, `10.1.0.254` and `10.2.0.254`. However, neither `h1_1` or `h1_2`
|
||||
should be able to ping the other interface on `R1` or each other.
|
||||
|
||||
Try also running the `ip route` command on the nodes and notice how they have
|
||||
the routes associated with the interface subnets installed already without any
|
||||
additional intervention.
|
||||
additional intervention. Adding an IP address on a particular subnet on an
|
||||
interface will automatically add a route to the kernel's routing table that
|
||||
resolves that particular subnet to that interface.
|
||||
|
||||
If you try pinging an IP address that doesn't exist in the network but belongs
|
||||
to a subnet connected to a local interface, such as `10.1.0.5` from `h1_1`, the
|
||||
ping won't fail immediately like before. Instead it will look like it's stuck.
|
||||
This is because it tries to send the request since it has a routing entry for
|
||||
the particular subnet, but it isn't getting any replies.
|
||||
|
||||
## Address Resolution Protocol (ARP)
|
||||
|
||||
In the previous section we said that packets for any address on a given subnet
|
||||
are forwarded through the interface that belongs to that subnet. What if the
|
||||
destination IP address is not connected to that subnet? In our `one_rtr`
|
||||
example we only have `10.1.0.1` and `10.1.0.254` on the network on the subnet
|
||||
`10.1.0.0/24` which is effectively a local network of one point-to-point link.
|
||||
|
||||
Try pinging `10.100.0.5` and `10.1.0.5` from `h1_1`. Notice how both fail, but
|
||||
only the first one returns the `Network is unreachable` error. Why does the
|
||||
second one appear to be stuck? Since `10.1.0.5` belongs to the same subnet as
|
||||
`h1_1-eth1` the host tries to send the ping over this interface, but as the
|
||||
other end does not exist, the response never arrives.
|
||||
|
||||
Let's investigate this using Wireshark. Set up `h1_1` to ping the nonexistent
|
||||
`10.1.0.5` and open Wireshark on its interface from a different terminal window
|
||||
by running
|
||||
@ -106,10 +108,10 @@ The first thing you will notice is how `h1_1` keeps sending ARP protocol
|
||||
messages. ARP stands for the Address Resolution Protocol and is the mechanism
|
||||
by which a node finds the MAC address of the interface associated with the
|
||||
particular IP address. In order to send a packet over a link it must be
|
||||
addressed to the right MAC address as otherwise no interface on the local
|
||||
network will pick up the packet. In this case we see packets constantly asking
|
||||
"Who has 10.1.0.5? Tell 10.1.0.1", but nobody owns that IP address so nobody
|
||||
responds.
|
||||
addressed to the right MAC address. Otherwise no interface on the local network
|
||||
will pick up the packet as they will determine the packet is not addressed for
|
||||
them. In this case we see packets constantly asking "Who has 10.1.0.5? Tell
|
||||
10.1.0.1", but nobody owns that IP address so nobody responds.
|
||||
|
||||
Let's now look at what happens when the IP address exists on the network. Set
|
||||
`h1_1` to ping the other end of its link `10.1.0.254` (you don't have to close
|
||||
@ -117,54 +119,65 @@ Wireshark). Most of the packets sent and received will be the already known
|
||||
ping packets, but every now and then an ARP request is sent. However, this
|
||||
time `h1_1` receives a response telling it the MAC address of the interface.
|
||||
If you inspect the ping packets that originate at `h1_1` you will notice that
|
||||
they do use that MAC address as the destination in the Ethernet header.
|
||||
they will use that MAC address as the destination in the Ethernet header.
|
||||
|
||||
You may wonder why do the nodes need to do this? After all the IP address
|
||||
already uniquely identifies the interface. This is because the IP protocol
|
||||
doesn't actually know how to communicate over a local network using a physical
|
||||
interface, it needs another protocol to do it instead. In this case it's the
|
||||
Ethernet protocol, but it could be something entirely different such as Wi-Fi
|
||||
or some older protocol. The ARP protocol is a tool for the IP protocol to find
|
||||
out what address to give to the Ethernet protocol so that it can send its
|
||||
packet to the next node.
|
||||
interface, it needs another protocol to do it instead. The physical
|
||||
implementation of the local network may be different for different networks
|
||||
such as Wi-Fi or Ethernet, but IP is able to run over any of them. However, in
|
||||
order to be able to use the physical network protocol it needs to be able to
|
||||
give it an address that protocol understands and it doesn't understand IP
|
||||
addresses. ARP is a tool for IP to find out the physical address to give to
|
||||
the underlying physical protocol, in this case Ethernet, so that it can send
|
||||
its packet to the next node.
|
||||
|
||||
## Default routes
|
||||
|
||||
At this point `h1_1` and `h1_2` still cannot ping each other. If you try to
|
||||
ping `10.2.0.1` from `h1_1` you will be told that the network is unreachable.
|
||||
If you look at the output of `ip route` on the host this error makes sense.
|
||||
The routing table doesn't know how to reach any subnet other than
|
||||
`10.1.0.0/24`. We could just add a route for the `10.2.0.0/24` subnet to go
|
||||
via `R1` which would work for `h1_2`, but would fail as soon as any new host is
|
||||
added to `R1`.
|
||||
The routing table doesn't know how to reach any destination other than
|
||||
`10.1.0.0/24`. The obvious solution is to just add a route for the
|
||||
`10.2.0.0/24` subnet to go via `R1`. This would work for `h1_2` on this small
|
||||
one router network, but would fail as soon as any new host is added to `R1`.
|
||||
|
||||
Instead we will add a default route to our host. A default route is the route
|
||||
used for IP addresses that do not match any other more specific route. To add
|
||||
a default route we simply run
|
||||
used for IP addresses that do not match any other more specific route. A host
|
||||
only has one interface so creating a default route is a pretty straightforward
|
||||
affair. To add a default route we simply run
|
||||
|
||||
```
|
||||
ip route add 0.0.0.0/0 via 10.1.0.254
|
||||
```
|
||||
|
||||
which tells `h1_1` to send all packets via `10.1.0.254` which is the IP address
|
||||
of the interface on `R1`. `h1_1` knows how to route to this address, because
|
||||
it's on the same subnet as its own interface.
|
||||
of the interface on `R1` that is connected to `h1_1`. `h1_1` knows how to
|
||||
route to this address, because it's connected to the same subnet with
|
||||
`h1_1-eth1`.
|
||||
|
||||
Why do we not just install a route to go via the interface directly instead of
|
||||
specifying an IP address? In our topology we only have one node connected to
|
||||
the local network, but in principle we could have more. In that case,
|
||||
specifying an interface would not uniquely identify the next hop.
|
||||
specifying an IP address? In our topology we only have one node on the other
|
||||
side of the local network, `R1`, but in principle we could have more. In that
|
||||
case, specifying an interface would not uniquely identify the next hop which.
|
||||
|
||||
Try pinging `10.2.0.1` from `h1_1` now. You will notice that it no longer
|
||||
fails with a `Network is unreachable` error, but it still doesn't work. Let's
|
||||
investigate using Wireshark. If you inspect the traffic at `h1_1` you will
|
||||
notice that the requests are being sent, but no responses are received. Let's
|
||||
check if `R1` is forwarding the packets. If you launch Wireshark on `R1` you
|
||||
will notice that the packets are received on one interface and are forwarded to
|
||||
the other so that's not it. If you also inspect `h1_2` you will find that the
|
||||
request packets do manage to make their way to the destination, but still no
|
||||
response is sent.
|
||||
notice that the requests are being sent, but no responses are received. The
|
||||
situation is different than when we tried pinging an nonexistent interface,
|
||||
because we are actually seeing requests being sent.
|
||||
|
||||
Can you figure out what's going on? What happens if you try pinging `h1_1`'s
|
||||
interface from `h1_2`?
|
||||
Let's then check if `R1` is forwarding the packets. If you launch Wireshark on
|
||||
`R1` you will notice that the packets are received on one interface and are
|
||||
forwarded to the other so that can't be it. If you also inspect `h1_2` you
|
||||
will find that the request packets do manage to make their way to the
|
||||
destination, but still no response is sent.
|
||||
|
||||
Can you figure out what's going on?
|
||||
|
||||
What happens if you try pinging `h1_1`'s interface from `h1_2`?
|
||||
|
||||
The problem is that `h1_2` doesn't have a default route itself. It receives
|
||||
the ping packets and it tries to send a response back to the source IP address,
|
||||
|
Loading…
Reference in New Issue
Block a user