521262S Computer Networks 2 (fall 2007) Laboratory exercise #2: Internetworking Name Student ID Signature In this exercise we will connect our LANs made in first exercise with routers and build an internet. We will take a closer look at network layer (layer 3), especially IP addressing, subnetting and routing. This exercise will be done in the groups of one, two or three persons, so that we get a maximum of ten groups. Each student shall mark their name, student ID and signature in this paper which will be left for the assistants when you leave. There are few questions at the end of this document in which you should find answers during the exercise. Please fill in the answers to the questions before leaving the paper. All kind of feedback is also very welcome. Hardware Every group has five LinksysWRT54gl wireless routers which all have OpenWRT linux installed so that they can be used to various different functions. Groups also have 8-16 port hub to play with. Each Linksys device has a sticker in front panel to indicate its function and IP-address. All Linksys devices have a build-in 5-port switch. Internet port of the Linksys devices should not be used until told so. Groups also have color-coded cables to connect the devices. Name IP Function AP 10.x.y.z Connection from Internet to LAN DHCP 10..x.y.2 DHCP-server Switch 10.x.y.3 5-port switch Client dhcp client for testing Gateway 10.x.y.1 gateway to other LANs, also a router We also have two Cisco 2600 series routers, HP Procurve VLAN capable switch and NexGate NSA1086 with OpenBSD OS inside. With these devices we should be able to create fully functional internet. All these devices are installed in a small rack. Network topology
Command glossary Command ssh ping Purpose Take secure remote connection from host to another use ICMP echo request to find out if the other device answers
ifconfig tcpdump control+c arp dig traceroute typical unix-command to show information about network interfaces capture traffic flowing through network interface usually stops running program (for example tcpdump) find out information about mac-addresses resolved by host DNS lookup utility trace a route to host Building up an internet 1. task Connect your devices to make a working LAN. Test LAN with ICMP echo requests. 2. Task Write down the IP addresses of the devices in you LAN: 3. task Connect your gateway to the HP Procurve switch in port dedicated for your group. Group number is same as the third number in your IP addresses in Linksys devices. For example if your gateways address is 10.1.1.1, you should connect to port 1 on a HP switch. Groups 1, 2, 3, 4, 5 are connected to one Cisco router and groups 6, 7, 8, 9, 10 to another Cisco router. When told to connect to neighbor group s host, use the one connected to same router as you are. Use gateways Internet/Wan port when connecting to HP. 4. task What is the IP address in your gateway that is visible to next router? 5. task Try to ping from your gateway your neighbor group s gateway. Does that work? Does ping from your DHCP to neighbor group s gateway work? Explain why it does or does not work. RIP routing protocol From the Wikipedia: Cisco routers and gateways use RIP routing protocol. RIP is a distance-vector routing protocol, which employs the hop count as a routing metric. The maximum number of hops allowed with RIP is 15, and the hold down time is 180 seconds. Originally each RIP router transmits full updates
every 30 seconds by default. Originally, routing tables were small enough that the traffic was not significant. RIP prevents routing loops from continuing indefinitely by implementing a limit on the number of hops allowed in a path from the source to a destination. This hop limit, however, limits the size of networks that RIP can support. RIP is sometimes said to stand for Rest in Pieces in reference to the reputation that RIP has for breaking unexpectedly, rendering a network unable to function. 6. task Wait for assistants to enable RIP in routers. 7. task Try to ping your neighbor group s gateway. Does that work now? Explain why it does or does not work. Does ping to neighbor group s dhcp work? 8. task Check routing tables in your gateway. Use netstat rn command. Try to ping other groups gateways. See what happens to routing tables. You can also try command telnet 127.0.0.1 2601; enable; show ip route to check RIP tables. 9. task Check routing tables in router that you are connected in (east-gw.cn2.local. or westgw.cn2.local.). Use telnet to connect to router, then enable then ip show route. 10. task Use tcpdump to capture traffic in your gateway. Write down a short example of a RIP router message: BGP routing From the Wikipedia: The Border Gateway Protocol (BGP) is the core routing protocol of the Internet. It works by maintaining a table of IP networks or 'prefixes' which designate network reachability among autonomous systems (AS). It is described as a path vector protocol. BGP does not use traditional IGP metrics, but makes routing decisions based on path, network policies and/or rulesets. 11. task
Connect to NSA and use netstat rn to find out in which interface does your LAN belong to and write it down: 12. task Connect to the NSA and use tcpdump to capture traffic in correct network interface. Write down an example of BGP router message: 13. task Use netstat rn command to see the routing details in NSA. Write down routers default route: 14. task Use traceroute command from dhcp to NSA. How many hops there are? Network Address Translation All the routers are connected together and they are using the BGP routing protocol. The NSA is also connected to the Internet. Connection to Internet goes through NAT (Network Address Translation) which translates IP addresses to a one address visible to outside. NAT is mostly used to translate private IP addresses (such as 10.0.0.0/8) to one public address so that many hosts can connect to the Internet with single public IP address. For example: Host 1 in a LAN has a IP of 10.0.0.2. Host 2 has a IP of 10.0.0.3. Both are connected to the gateway/nat which has two NICs. Other NIC has a IP 10.0.0.1 in which other hosts are connected. Other NIC has a public IP address. When host 1 connects to Internet, traffic goes through NAT and outgoing packets get a public IP address. From the Internet, only the public IP address (gateway) can be seen or connected. NAT is mostly used because of shortage in IPv4 addresses. 15. Task Try to ping www.panoulu.net from a host in your LAN. Does it succeed? 16. Task Try telnet connection to www.panoulu.net port 80 (telnet www.panoulu.net 80). Leave telnet connection open. On another terminal ssh to NSA. Use pfctl s state command to show the NAT states. Write down a line showing your telnet connection and NAT:
17. Task Would it be possible to connect from the Internet to your DHCP? How? Unicast/multicast/broadcast Packets send in an IP networks are divided in unicasts, multicasts and broadcasts. Unicast packet is send over a network straight to receiving hosts which is stored in packet header field. So communication involves only sending host, receiving host and a network between them. Multicast packet is send from the sending host to multiple receivers that have joined same group. Broadcast packets are sent to all devices in same network. 18. Task Your LAN is a network of 10.1.x.0/24 or 10.2.x.0/24. What is the broadcast address of your network? Try sending ICMP echo requests to broadcast address from one host and tcpdump ICMP packets in other devices. Domain name service Domain name service or DNS is used to translate numerical IP addresses to more human-readable names. DNS works by exchanging name/ip information between DNS servers so that if one server doesn t know the name/ip, it asks from another server and so on. We have configured a DNS server for our internet. Every device should now have a DNS name like dhcpn.east.cn2.local. with IP address of 10.2.N.2. 19. Task Try using DNS names in your network. Use ping, ssh, arp, dig. What is IP address of westgw.cn2.local.? IP of east-gw.cn2.local.?
Questions 1. List the main functions of the network layer: 2. Briefly explain the difference between IPv4 and IPv6 IP addressing: 3. What is a purpose of ICMP? 4. What is the difference between router and switch? 5. Network has an IP address space of 10.1.1.0/24. What is a first IP allowed in network? And the last IP? What is the subnet mask? 6. How many hosts can be in a network with a subnet of 255.255.255.240? 7. What is a difference between unicast/multicast/broadcast? 8. Describe briefly differences between RIP and BGP routing protocols: 9. Gateway has an interface eth0 with IP address of 10.1.1.1 and another interface eth1 with IP address of 192.168.1.1. Gateway uses NAT on eth1 to translate 10.1.1.0/24 addresses to 192.168.1.1 address. Host A has an IP of 10.1.1.22 and Host B has an IP of 192.168.1.35. Host A is connected to interface eth0 in gateway and host B to eth1. If host A tries to ICMP echo request host B does it succeed? What is the IP that host B sees if ping succeeds? Can host A answer to host B s ICMP echo request? 10. Find out what is the IP address of www.panoulu.net: 11. Why would anyone want to use DNS?
12. LAN 1 has 2 hosts, DHCP and gateway, LAN 2 has gateway with DHCP and NAT and one client. LANs are connected together with router. Draw a picture of a network and assign private IP addresses to devices in LANs. 13. Any feedback: