Networking Basics
This section introduces the basics of networking in OpenBSD and some tools you need to be able to work well with it. Some parts are common to all sorts of TCP/ IP networks, such as IP addresses. Others are specific to BSD-based operating systems, such as mbufs. The power offered by OpenBSD requires more understanding than that needed to run a point-and-click operating system.
Mbufs
OpenBSD optimizes networking by using mbufs. An mbuf is a discrete chunk of kernel memory set aside for networking. A packet starts off life as a mbuf. Rather than copying the contents of a packet to the next network layer, each layer passes around a pointer to the mbuf. Copying the data consumes far more time and resources than simply handing off responsibility for the data while leaving the data itself in the same spot.
Mbufs are carefully designed to not require dramatic changes. When the logical protocol creates an mbuf, it leaves space at the front and back for physical protocol headers, which further minimizes the amount of copying required. A packet becomes a frame within the same mbuf.
Those of you who are C programmers should recognize a pointer here. The pointer to the mbuf is handed around, while the mbuf itself remains constant. The rest of us just need to have a basic idea of what an mbuf is. You'll keep tripping across mentions of mbufs throughout documentation on the OpenBSD network stack, so it's important to at least have a vague awareness of them.
How Many Mbufs?
Each kernel allocates a certain number of mbufs. When you run out of mbufs, you can't push more data. This raises the obvious questions: How many mbufs do you have, and how can you get more?
The netstat(1) command is a general interface into the network stack. It has many functions that are wildly different. While this is definitely a deviation from the UNIX philosophy of "small tools that each do one thing well," netstat has been this way for so long that nobody's really inclined to change it. The "-m" flag to netstat gives some basic mbuf information.
# netstat -m 1 18 mbufs in use: 2 1 mbuf allocated to packet headers 17 mbufs allocated to socket names and addresses 0/12 mapped pages in use 36 Kbytes allocated to network 3 (12% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines #
Here, we see 1 how many mbufs have been used and 2 what part of the network they're being used for. We also can see 3 how much of the kernel memory reserved for network operations is in use. This particular system has lots of kernel memory left and is using very few mbufs.
The number of mbufs a system has is controlled by the NMBCLUSTERS kernel option. Changing this requires patching your kernel. Take a look at Chapter 11 for some discussion of what this implies. Generally speaking, your system will complain if it starts running out of mbufs; you will see "mclpool limit reached" messages on the console and in /var/log/messages.
Bits
As a systems administrator, you're going to start seeing terms like 32-bit and 48-bit more and more frequently. Too many sysadmins just nod and smile when they see these terms, but don't really understand what they mean. If you're running OpenBSD, that means you have an interest in security, and there is no security without understanding, so we're going to briefly discuss bits here.
You probably already know that a computer treats all data as zeros and ones, and that a single one or zero is a bit. When a protocol specifies a number of bits, it's talking about the number as soon by the computer. A 32-bit number has 32 digits, all of which are either one or zero. You were probably introduced to binary math, or base 2, back in elementary school and remembered it just long enough to pass the test. Binary math is simply a different way to work with the same numbers we see every day.
In decimal math (or base 10), the math we typically use every day to balance our checkbook or figure out how much over the speed limit we're driving, digits run from 0 to 9. When you want to go above the highest digit you have, you add a digit on the left and set your current digit to 0. (This is the whole "carry the one" thing you learned many years ago, and now probably do without conscious thought.) Binary math is exactly the same, except that digits run from 0 to 1. When you want to go above the highest digit you have, you add a digit on the left and set your current digit to 0. It's the same thing, just with fewer digits.
Here are the first few decimal numbers converted into binary as an example.
| Decimal | Binary |
|---|---|
| 0 | 0 |
| 1 | 1 |
| 2 | 10 |
| 3 | 11 |
| 4 | 100 |
| 5 | 101 |
| 6 | 110 |
| 7 | 111 |
| 8 | 1000 |
When you have a 32-bit number, such as an IP address, you have a string of 32 ones and zeros. Ethernet MAC addresses are 48-bit numbers. Got that? Good.
Just to make things difficult, UNIX also uses hexadecimal numbers in some cases (such as MAC addresses and netmasks). Hexadecimal numbers are 4 bits long; each digit goes up to 16. This is accomplished by using the numbers 0 through 9, plus the letters A through F. When you reach the last digit, you reset the current digit to zero and add a digit to the left of the number. For example, to count to sixteen in hexadecimal you go "1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E, F, 10."
Numbers in hexadecimal are usually marked with a leading "0x." The number 0x11 is a hexadecimal number equal to the decimal number 17, while the number 11 is plain old decimal 11. (If a hex number is not marked by a leading 0x, it's usually in a place where the output is always in hex numbers.)
When you're working with hexadecimal, decimal, and binary numbers, the simplest thing to do is to break out a scientific calculator. All modern medium-end or better calculators have functions to convert between the three systems. Even the Microsoft Windows calculator has that function. If you want to stick with OpenBSD, you can install /usr/ports/math/hexcalc (see Chapter 13).
IP Addresses and Netmasks
An IP address is a unique 32-bit number assigned to a particular network node. Some IP addresses are more or less permanent, such as those assigned to servers. Others change as required by the network, such as those used by dial-up clients. Individual machines on a shared network get adjoining IP addresses; we'll explore what this means a little later.
Rather than expressing that 32-bit number as a single number, IP addresses are broken up into four 8-bit numbers. (We'll see why in a little bit.) These numbers are expressed as decimal numbers. While 192.168.1.1 is the same as the four binary numbers 11000000.10101000.00000001.00000001, or 11000000101010000000000100000001, or even the hexadecimal c0.a8.1.1 or 0x30052000401, the four decimal numbers are easiest to work with. [3]
If your company is hooking up to the Internet, your ISP will issue you a block of IP addresses. Frequently this is a small block, say, 16 or 32 IP addresses. If your system is colocated on a server farm, you might only get a few IP addresses. It all depends upon your needs. The size of your IP block determines your netmask — or, the size of your netmask determines how many IP addresses you have.
If you've done networking for any length of time, you've seen the netmask 255.255.255.0. You might even know that the wrong netmask will keep your system from working. In today's world, that simple netmask is becoming less and less common. To understand why this is, you need to understand something about the history of IP addressing.
Many years ago, IP addresses were issued in blocks of three sizes: class A, class B, and class C. (There were also a few chunks of class D and class E space, but those really aren't relevant to the discussion.) This terminology has been obsolete for quite some time, but we'll use it as a starting point.
Class A was very simple: The first of the four numbers in an IP address were fixed. The InterNIC might issue you a class A like "10.0.0.0." You could assign any of the last three numbers in any manner you liked, but all your IP addresses began with 10. For example, you could delegate 10.1.0.0 through 10.1.1.255 to your data center, 10.1.2.0 through 10.1.7.255 to your Detroit office, and so on. Only very large companies, such as Ford and Xerox, as well as influential academic computing institutions such as MIT, received class A blocks.
In a class B block, the first two of the four numbers in the IP address were fixed. Your class B block would look something like 192.168.0.0. Every IP address you used internally began with the first two numbers 192.168, but you could assign the last two numbers as you wanted. Many midsized companies got class B blocks.
Similarly, a class C block had the first three numbers fixed. This was the standard for small companies. The ISP would issue a block like 209.69.178.0 and let you assign the last number as you wanted.
This scheme wasted a lot of IP numbers. Many small companies don't need 256 IP addresses. Many medium-sized companies need more than 256, but fewer than the 65,000 in a class B block. And almost nobody needs the full 16 million addresses in a class A block. Still, those were the choices. Before the Internet boomed, they were good enough. Remember, back in the 1980s the thought that private individuals would hook up to the Net from home, for entertainment, was laughable.
Today, IP addresses are issued by prefix length, commonly called a slash. You will see IP blocks such as 192.168.1.128/25. While this looks confusing, it's merely a way of using classes with much greater granularity. You know that each number in an IP address is 8 bits long. By using a class, what you're saying is that a certain number of bits are "fixed" — you cannot change them on your network. A class A address has 8 fixed bits, a class B has 16, and a class C has 24.
This isn't a class in binary math, so I won't make you draw it out and do the conversion. But think about an IP address as a string of binary numbers. On your network you can change the bits on the far right, but not the ones on the far left.
There's no reason that the boundary between the two must be on one of those convenient 8-bit lines that separate the decimal versions of the numbers. A prefix length is simply the number of fixed bits you are stuck with. A /25 means that you have 25 fixed bits, or one more fixed bit than what used to be called a class C. You can play with 7 bits. In the following sample, your fixed bits are all ones, and the bits you can change are zeros.
11111111.11111111.11111111.10000000
It's very simple — if you think in binary. You won't have to work with this every day, but if you don't understand the underlying binary concepts, the decimal conversion looks like total gibberish. With practice, you'll learn to recognize some bits of decimal gibberish as legitimate binary conversions.
So, that's the theory. What does this mean in practice?
First of all, blocks of IP addresses are issued in multiples of 2. If you have 4 bits to play with, you have 16 IP addresses (2*2*2*2=16). If you have 8 bits to play with, you have (2^8) 256 IP addresses. If someone says you have 13 IP addresses, you're either sharing an Ethernet with other people or they're wrong.
A netmask is simply another way of specifying how many bits are fixed. In the computing world, an 8-bit number runs from 0 to 255. If you have 24 fixed bits, also known as a /24, and formerly known as a class C, your netmask is 24 ones followed by eight zeros: 11111111.11111111.11111111.00000000, or 255.255.255.0. If you've been around a few networks, that should look familiar. If you have a /25, however, you have 25 fixed bits. This comes to 11111111.11111111.11111111.10000000, or 255.255.255.128.
It's not uncommon to see a host's IP address with its netmask attached, e.g. 192.168.3.4/26. This gives you everything you need to know to get the host on the network. (Finding the default gateway would be another issue, mind you!)
Computing Netmasks in Decimal
You probably don't want to repeatedly convert from decimal to binary and back. Here's a trick to calculate your netmask while staying in decimal land.
First, learn how many actual IP addresses you have. This will be a multiple of 2. You'll almost certainly be issued a network smaller than a /24. Subtract the number of IP addresses you have from 256. This is the last number of your netmask.
For example, if you have a /26, or 64 IP addresses, the last part of your netmask is (256-64=)192. Your netmask would be 255.255.255.192.
You still need to use a bit of logic to avoid binary conversions. Figuring out legitimate addresses on your network can be a bit of a pain. If your IP address is 192.168.1.100/26, you'll need to know that a /26 is 26 fixed bits, or 64 IP addresses. Look at the last number of your IP address, 100. It certainly isn't between 0 and 63, but it is between 64 and 127. The other hosts on your IP block have IP addresses ranging from 192.168.1.64 to 192.168.1.127.
At this point, I should mention that netmasks are frequently shown in hex numbers. You might feel like throwing up your hands and giving up the whole thing. To simplify your life, I'm including a table of netmasks, IP information, and general goodness for /24 and smaller networks.
| Prefix | Binary Mask | Decimal Mask | Hex Mask | Available IPs |
|---|---|---|---|---|
| /24 | 00000000 | 0 | 0x00 | 256 |
| /25 | 10000000 | 128 | 0x80 | 128 |
| /26 | 11000000 | 192 | 0xc0 | 64 |
| /27 | 11100000 | 224 | 0xe0 | 32 |
| /28 | 11110000 | 240 | 0xf0 | 16 |
| /29 | 11111000 | 248 | 0xf8 | 8 |
| /30 | 11111100 | 252 | 0xfc | 4 |
| /31 | 11111110 | 254 | 0xfe | 2 |
| /32 | 11111111 | 255 | 0xff | 1 |
Unusable IP Addresses
You now understand how slashes, netmasks, and IP address assignments work together and how, for example, a /28 has 16 IP addresses. Unfortunately, you cannot use all of the IP addresses in a block. The first IP address in any block is the network number. It's used for internal bookkeeping.
Similarly, the last number in any block of IP addresses is the broadcast address. According to the IP specifications, every machine on a network is supposed to respond to a request to this address. This allows you to ping the broadcast address and quickly determine which IP addresses are in use. For example, on a typical /24 network, the broadcast address is x.y.z.255. In the late 1990s, however, this feature was turned into an attack technique. It's now disabled by default on most operating systems, including OpenBSD.
In any case, the point is that you cannot assign either the first or last IP address in a network to an interface without causing some problems on the network. Some systems will fail gracefully; others will not. Go ahead, try it sometime — preferably after hours, when the network is not in use. [4]
[3]Yes, you could say that the decimal numbers are easiest to work with in all cases. But that would just show that you aren't a real computer person and possibly get you burned at the stake.
[4]Or during peak usage hours, if you want a good story to tell at your next job.
EAN: 2147483647
Pages: 298