Monthly Archives: June 2017

Practical Networking for Linux Admins: IPv4 and IPv6 LAN Addressing | Linux.com


We’re cruising now. We know important basics about TCP/IP and IPv6. Today we’re learning about private and link-local addressing. Yes, I know, I promised routing. That comes next.

Private Address Spaces

IPv4 and IPv6 both have private address spaces. These are not meant to leave your private network, and you may use them without requesting assignments from an official authority, like your Internet service provider. Or, if you’re a bigwig, a direct allocation from a regional Internet registry.

IPv4 Private Addresses

You’re probably familiar with IPv4 private addressing, as we’ve all been using it since forever. There are four different private address spaces:

  • 10.0.0.0/8 (10.0.0.0 to 10.255.255.255), 16,777,216 addresses
  • 172.16.0.0/12 (172.16.0.0 to 172.31.255.255), 1,048,576 addresses
  • 192.168.0.0/16 (192.168.0.0 to 192.168.255.255), 65,536 addresses
  • 169.254.0.0/16 (169.254.0.0 to 169.254.255.255), 65,536 addresses

Let’s talk about the last one first, 169.254.0.0/16, because I find it annoying. I never warmed up to it because it just gets in my way. That is the link-local auto-configuration block, also called Avahi Zeroconf. Microsoft Windows and some Linux distributions use these, so even when you don’t assign an IP address to a network interface, or it does not receive one via DHCP, it will get a 169.254.0.0/16 address. What’s the point? Supposedly easy ad hoc networking, and enabling communication with a host when other means of address assignment fail. Link-local addresses are accessible only within their own broadcast domains and are not routable. I’ve been disabling it since forever without missing it. If you find it useful, perhaps you could share a comment on how you use it.

The other three address spaces are routable, even outside your LAN. That is why most firewall tutorials include rules to stop these from leaving your network. Most ISPs block them as well.

The four hexadecimal octets in IPv4 addresses are conversions from binary. This is a fun topic for another day; you might investigate it because IPv4 addressing makes more sense in binary. For everyday use, this is what you need to know:

Each octet is 8 bits, and the total is 32 bits.

10.0.0.0/8 means the subnet mask is 8 bits, 255.0.0.0. You cannot change the first octet, 10, which is the network ID. The remaining three octets are the host ID, 24 bits, and you can change them however you like. Each octet has possible values ranging from 0-255. 10.0.0.0 and 10.255.255.255 are reserved and you cannot use them for host addresses, so your usable addresses are 10.0.0.1 to 10.255.255.254.

172.16.0.0/12 has a 12-bit subnet mask, 255.240.0.0, which does not divide up neatly into hexadecimal octets. 172.16.0.0 and 172.31.255.255 are reserved and you cannot use them, so your usable addresses are 172.16.0.1 to 172.31.255.254.

192.168.0.0/16 has a 16-bit subnet mask, 255.255.0.0. Again, the first and last addresses are reserved, so your usable addresses are 192.168.0.1 to 192.168.255.254.

So, you ask, just what are the first and last addresses reserved for? The first address identifies your subnets, for example 192.168.1.0. The last address is the broadcast address. Suppose your subnet is 192.168.1.0/24, then 192.168.1.255 is the broadcast address. These broadcasts go to every host on the network segment, hence the term “broadcast domain”. This is how DHCP and routing tables are advertised.

IPv6 Private Addresses

IPv6 private link-local addresses, for whatever reason, are not pebbles in my shoes the way IPv4 link-local addresses are. Maybe because they’re so alien they bounce off my brain. And I have no choice, as the IPv6 protocol requires these. You can view yours with either the ip or ifconfig command:

$ ifconfig 
ifconfig wlan0
    wlan0 Link encap:Ethernet  HWaddr 9c:ef:d5:fe:8f:20  
          inet addr:192.168.0.135  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::b07:5c7e:2e69:9d41/64 Scope:Link

These fall into the fe80::/10 range. You can ping your computer:

$ ping6 -I wlan0 fe80::b07:5c7e:2e69:9d41
PING fe80::b07:5c7e:2e69:9d41(fe80::b07:5c7e:2e69:9d41) 
from fe80::b07:5c7e:2e69:9d41 wlan0: 56 data bytes
64 bytes from fe80::b07:5c7e:2e69:9d41: 
icmp_seq=1 ttl=64 time=0.032 ms

With ping6, you must always specify your interface name, even if it is the only one. You can discover your LAN neighbors:

$ ping6 -c4 -I wlan0 ff02::1
PING ff02::1(ff02::1) from fe80::b07:5c7e:2e69:9d41 
wlan0: 56 data bytes
64 bytes from fe80::b07:5c7e:2e69:9d41: 
icmp_seq=1 ttl=64 time=0.078 ms
64 bytes from fe80::4066:50ff:fee7:3ac4: 
icmp_seq=1 ttl=64 time=20.7 ms (DUP!)
64 bytes from fe80::9eef:d5ff:fefe:17c: 
icmp_seq=1 ttl=64 time=27.7 ms (DUP!)

Cool, I have two neighbors. ff02::1 is a special link-local multicast address for discovering all link-local hosts. man ping tells us that DUP! means “ping will report duplicate and damaged packets. Duplicate packets should never occur, and seem to be caused by inappropriate link-level retransmissions.” In this context, it’s nothing to worry about, so I ping my neighbors:

$ ping6 -c4 -I wlan0 fe80::4066:50ff:fee7:3ac4
64 bytes from fe80::4066:50ff:fee7:3ac4: 
icmp_seq=1 ttl=64 time=4.72 ms

How is it that we can ping our LAN neighbors on their link-local addresses, when we couldn’t ping the 2001:0DB8::/32 addresses we created in last week’s installment? Because the routing is automatic. You won’t see IPv6 routes with the good ol’ route command, but must use the ip command:

$ ip -6 route show
fe80::/64 dev wlan0  proto kernel  metric 256  pref medium

Pretty slick. Come back next week, and we will really do some routing.

Learn more about Linux through the free “Introduction to Linux” course from The Linux Foundation and edX.

Debian 9 Stretches its Wings » Linux Magazine


The latest release of Debian, codenamed Stretch, has been released after 26 months of development. Debian 9 will be supported for the next five years, making it one of the longest supported community based distributions. Ubuntu LTS is supported for three years on desktop and five years on severs, CentOS is supported for 10 years.

Debian has done some reshuffling with default software, MariaDB has replaced MySQL as the default database. Since the Mozilla and Debian communities and have sorted out their trademark dispute, you can now use vanilla Firefox and Thunderbird instead of rebranded Iceweasel and Icedove.

Debian is primarily a leading server operating system, but it’s well revered among the desktop users who need reliable and stable systems. Debian is a Gnome distribution and Stretch comes with a generation older Gnome Shell 3.22. That’s the only flip side of using Debian on desktop, you are often stuck with very old packages.

Looking at the continuous disclosure of security bugs in Linux, Debian is maintaining a very tight grip on security.

“Thanks to the Reproducible Builds project, over 90% of the source packages included in Debian 9 will build bit-for-bit identical binary packages. This is an important verification feature which protects users from malicious attempts to tamper with compilers and build networks. Future Debian releases will include tools and metadata so that end-users can validate the provenance of packages within the archive,” said the release announcement.

The X display server no longer needs ‘root’ privileges, which has been a major criticism and security risk.

This is also the first release of Debian that features the modern branch of GnuPG in the gnupg package. “This brings with it elliptic curve cryptography, better defaults, a more modular architecture, and improved smartcard support. We will continue to supply the classic branch of GnuPG as gnupg1 for people who need it, but it is now deprecated,” said the release announcement.

This release has also improved the UEFI support which now also supports installing on 32-bit UEFI firmware with a 64-bit kernel. The Debian live images now include support for UEFI booting as a new feature, too.

Debian is known for wide support for architecture, this release supports ten architectures, including 64-bit PC / Intel EM64T / x86-64 (amd64), 32-bit PC / Intel IA-32 (i386), 64-bit little-endian Motorola/IBM PowerPC (ppc64el), 64-bit IBM S/390 (s390x), for ARM, armel and armhf for older and more recent 32-bit hardware, plus arm64 for the 64-bit AArch64 architecture, and for MIPS, in addition to the two 32-bit mips (big-endian) and mipsel(little-endian) and a new mips64el architecture for 64-bit little-endian hardware.

Debian 9 is available for free download.



Source link

Linus Torvalds Talks About His Motivation » Linux Magazine


The Linux Foundation took LinuxCon, one of the biggest open source events to one of the biggest economies, China. One of the biggest highlights of the event was a discussion between Linus Torvalds and VMware Head of Open Source, Dirk Hohndel, who also happen to be Torvalds’ closest friend and fellow scuba diver.

One of the things that Torvalds said continues to impress him is that things continue to improve. “There are things we haven’t touched for many years, then someone comes along and improves them or makes bug reports in something I thought no one used,” he said. It allows Linux to continue to support very old and basic things that people still care about and use.

Talking about his motivations, Torvalds said that he really likes his job. “I like waking up and having a job that is technically interesting and challenging without being too stressful so I can do it for long stretches; something where I feel I am making a real difference and doing something meaningful not just for me.”

It also seems that despite doing Linux since 1991, he is not bored and has not burned out. He said that once in a while, Torvalds does take a break but every time he takes longer breaks he gets bored and looks forward to going back to doing what he does best – Linux kernel.

When asked about the future of Linux leadership, Torvalds said that the process they have in place has been working fine for the last 25 years. He agreed that even if they don’t have enough maintainers, the group that they do have is very strong and it continues to grow at a steady pace. “… as these maintainers get older and fatter, we have new people coming in. It takes years to go from a new developer to a top maintainer, so I don’t feel that we should necessarily worry about the process and Linux for the next 20 years,” said Torvalds.



Source link

Software Defined Networking (SDN) – Architecture and role of Openflow | Linux.com


In our previous article, we had a good overview of SDN as a technology, why it’s needed, and how IT industry is adopting it. Now, let’s get a layer deeper, and understand SDN’s architecture and the role of the Openflow protocol in the implementation of the technology.

SDN broadly consists of three layers:

  1. Application layer
  2. Control layer
  3. Infrastructure layer

Let us try and understand these layers in bottom-to-up approach.

Infrastructure layer is composed of various networking equipment which forms underlying network to forward network traffic. It could be a set of network switches and routers in the data centre. This layer would be the physical one over which network virtualization would be laid down through the control layer (where SDN controllers would sit and manage underlying physical network).

Read more at HowtoForge

Click Here!

How to Determine and Fix Boot Issues in Linux | Linux.com


The Linux system boots so fast that most of the output scrolls by too quickly to read the text (showing services being started) sent to the console. Therefore observing boot issues/errors becomes a little of a challenge for us.

In this article, we will briefly explain the different stages in a Linux system boot process, then learn how to establish and get to the bottom of boot issues: in terms files to look into or commands to view system boot messages.

Summary Of Linux Boot Process

In summary, once we press the Power On button, the BIOS (Basic Input Output System) a program integrated in a motherboard performs a POST (Power on Self Test) – where hardware such as disks, RAM (Random Access Memory), keyboard, etc are scanned. In case of an error (missing/malfunctioning hardware), it is reported on the screen.

Read more at Tecmint

Click Here!