As a network administrator, we keep our network growing and up all the time. But, some decisions which we have taken early, becomes a mess and creates many issues now. Yes the one of the issues well known for most of the administrators are the IP assigning.
One of the network started with 4 computers, later became 2 servers and 10 stations, later increased and became more than 50. The computers were not fixed in same place, they started moving between departments, a new one started to get added every week, while new laptop users jumped on and off. 3rd party providers came to office and started working for some time and they were, on and off.
The static IPs were split into zones and assigned but later the tracks were not right.. The PC entry log(at the gates) said we have more than 200 visitors every 3 months. Where our sub-net supports only 255 computer!!!!!!
Yes the answer is simple, we need a DHCP.... but we also needed proper network structure.
We need to know the network usage properly. We have wireless users and wired network users.
All wireless users are laptop users, while few laptops connect through the wired network.
The first level of separation is wired users and wireless users. Our internet gateway server has 2 Network cards which connects to internet and wired network, while the wired and network and wireless are mixed through the hubs.
Now a new NIC card is added in the gateway server and that is used to connect to the wireless hub. A DHCP is used to assign range of IPs for wired network (192.168.1.51 - 150). While the gateway server for wireless network is the same gateway server, but it uses different network address range in 192.168.2.x, A DHCP for this zone is enabled and the IP is leased from 192.168.2.51 to 192.168.2.100.
Now the network has few servers where they belong to wired networks... their IPs are added to static range from 192.168.1.2 to 192.168.1.50.
The gateway server now has a firewall / routing rule. Only few mac address of the wireless network are allowed to connect the wired network while the rest can only access internet.
While the wired network can access all the wireless network.
The new installed PCs now work with DHCP never need to care about the IP when new users come in. Security to a level is in place..... but not 100% will discuss more about this in upcoming posts.
Tuesday, March 30, 2010
Friday, February 19, 2010
Basics of Networking - Part 4 (Debugging Basics)
The past posts on the blog were on the basics of networking....
Now we are about to see how can we debug is something is wrong in the setup.
The following posts will help to debug faster.
This approach starts to analyze the problem from the PC where the problem is found.
Remember a blind issue of internet not working is OK to hear from others... but not when we are working in detail.
So here are some FAQs....
This may be due to improper IP assigning. We need to make sure that the IP of the PC and the gateway are in same network. (i.e are they in same subnet...). Theoretically they should be ping able to fix this issue. (Please refer the post assigning IPs)
2. Gateway pings but could not resolve host names.
This is due to improper DNS configuration. Is it possible to ping the DNS servers? If yes we need to be sure, they are really DNS servers ;-). If not ping able, we need to know do the DNS servers IPs are in our range of IPs (Within our subnet) or not. If the IP is within our subnet we may need to verify the DNS server configuration to make it work right. If the IP is out of our network. We may need to ping the DNS server from the gateway PC, i.e sometimes the gateway of the gateway might have network issues not letting us to connect to Internet....
3. I use a proxy. My http connection works but not https and ftp.
The proxy server has different way to support different protocols. Some proxy servers use same port for all kinds of requests. If so the client setting should have same proxy setting for different kind of services. Some proxy servers block may not serve certain protocols, better check the proxy configuration to very the supported protocols.
4. SSH connections are not working after introduction of proxy.
If the client is PuTTy we can configure the proxy settings in the PuTTy. If the client is a linux terminal and we have the problem only for SSH. we need to use http proxy for SSH, tools like corkscrew with ProxyCommand in linux will help. The other workaround is to support NAT in the gateway so both proxy and NAT.
5. I use proxy. DNS name resolving works in the browser but fails in the terminal.
When the browser works with proxy, the name resolving happens in the proxy server while when we try in terminal we have the name resolving based on the DNS server settings in the IP / Network configuration, May be NAT is disabled in the network so we cannot resolve the DNS directly from the current PC.
6. Internet works through browser, but can't ping any IPs / Hosts in the internet.
This is similar to the previous question, enabling NAT will support pinging from any PC in network, The internet works in browser because of the Proxy settings.
The above are not the complete list of problems that might come... they will change according to the network and the usage of network services. The NAT / Proxy has its own advantages and disadvantages where the issues are because of them... Planning the network again falls on what kind of services we use and the debugging procedure remains the same, how big the network is.
Will keep you posted on some new network services and setting up a right infrastructure.
Now we are about to see how can we debug is something is wrong in the setup.
The following posts will help to debug faster.
- Basics of Networking - Part 1 - Assigning IPs
- Basics of Networking - Part 2 - Connecting Internet
- Basics of Networking - Part 3 - Internet through Proxy
This approach starts to analyze the problem from the PC where the problem is found.
- ping 127.0.0.1
If fails, check do the network services are started. - ping assigned IP.
If fails, check the network cable is properly plugged-in - ping gateway
If fails, check the gateway is on and the IPs are in same subnet. - ping DNS / Name servers. (Only if routed / NAT is available)
If fails ping the same from gateway. - ping the gateway of the gateway from the gateway computer.
If fails, check do you have the broadband signals / link is up. - All works but still can't connect?
try tracepath / traceroute with a google.com or yahoo.com
Find at which level it fails.....
Remember a blind issue of internet not working is OK to hear from others... but not when we are working in detail.
So here are some FAQs....
- Could not ping Gateway but my network wires are properly plugged.
- Gateway pings but could not resolve host names.
- I use a proxy. My http connection works but not https and ftp.
- SSH connections are not working after introduction of proxy.
- I use proxy. DNS name resolving works in the browser but fails in the terminal.
- Internet works through browser, but can't ping any IPs / Hosts in the internet.
This may be due to improper IP assigning. We need to make sure that the IP of the PC and the gateway are in same network. (i.e are they in same subnet...). Theoretically they should be ping able to fix this issue. (Please refer the post assigning IPs)
2. Gateway pings but could not resolve host names.
This is due to improper DNS configuration. Is it possible to ping the DNS servers? If yes we need to be sure, they are really DNS servers ;-). If not ping able, we need to know do the DNS servers IPs are in our range of IPs (Within our subnet) or not. If the IP is within our subnet we may need to verify the DNS server configuration to make it work right. If the IP is out of our network. We may need to ping the DNS server from the gateway PC, i.e sometimes the gateway of the gateway might have network issues not letting us to connect to Internet....
3. I use a proxy. My http connection works but not https and ftp.
The proxy server has different way to support different protocols. Some proxy servers use same port for all kinds of requests. If so the client setting should have same proxy setting for different kind of services. Some proxy servers block may not serve certain protocols, better check the proxy configuration to very the supported protocols.
4. SSH connections are not working after introduction of proxy.
If the client is PuTTy we can configure the proxy settings in the PuTTy. If the client is a linux terminal and we have the problem only for SSH. we need to use http proxy for SSH, tools like corkscrew with ProxyCommand in linux will help. The other workaround is to support NAT in the gateway so both proxy and NAT.
5. I use proxy. DNS name resolving works in the browser but fails in the terminal.
When the browser works with proxy, the name resolving happens in the proxy server while when we try in terminal we have the name resolving based on the DNS server settings in the IP / Network configuration, May be NAT is disabled in the network so we cannot resolve the DNS directly from the current PC.
6. Internet works through browser, but can't ping any IPs / Hosts in the internet.
This is similar to the previous question, enabling NAT will support pinging from any PC in network, The internet works in browser because of the Proxy settings.
The above are not the complete list of problems that might come... they will change according to the network and the usage of network services. The NAT / Proxy has its own advantages and disadvantages where the issues are because of them... Planning the network again falls on what kind of services we use and the debugging procedure remains the same, how big the network is.
Will keep you posted on some new network services and setting up a right infrastructure.
Thursday, February 04, 2010
Basics of Networking - Part 3 (Internet through Proxy)
Hurray.... My network is UP........
Hurray.... My Router shares the internet connection.......
Do I need a Proxy?
A good point that makes us to think. Do we need a proxy? When the router shares the internet. Why do we need a proxy?
If the ADSL modem is our router. We need to think about proxy based on our network size. Sharing about hard learning, we felt the router was extremely good to share internet connection acting as a gateway. But when the network size started to grow we faced frequent network connection drops.... Why?
The ADSL Router was not good enough to handle the too many requests from different machines. May be this is not the case for all the routers but our router did this to us (The router is a least version provided by the ISP, not designed for high traffic).
Whats up next?
Let the internet connection be bridged. Let the PC take up the load....
Let the PC take up the Proxy......
Yes. We are to the topic now.......... Let us know about proxies to get internet shared in the network.
What is a Proxy?
To keep it short. It is an application that acts a layer in between our application (browser) and the web server.
Let us understand the network now.
All the PCs are in same sub-net
PC - A - 192.168.1.1
Laptop - 192.168.1.2
PC - C - 192.168.1.3
Gateway for all should be 192.168.1.1 (PC A, should not have a gateway)
The PC A is running on Windows.........
It has two NIC (Network Interface Card). The first one connects to the ADSL router for Internet connection using the bridging option. The second one now connects to the local network with the IP 192.168.1.1
To make the internet connection simple, use AnalogX Proxy.
Download and install it. When we run it... We see it runs on a Port 6588.
Yes it listens on 6588 Port on 192.168.1.1
We need to say this in our browsers and other internet accessing application like GTalk, Skype, Yahoo Chat and more
Click here to know on how to configure your browser.
Do we need to go only with AnalogX?
No not at all.....
We have too many proxy software with very advanced operations.
Are you having a SOHO (Small Office / Home Office) Network?
Wanted more than a normal proxy?
Still wanted the NAT(Network Address Translation) Feature of the ADSL router with a PC as a gateway?
Wanted more features of Proxy, Firewall and Advanced gateway?
The answer would be, try IPCop-Linux........
When the network grows..... Want too many things to do for internet?
Keep watching..... We will see, how to load balance internet connectivity with multiple Internet connections and multiple proxy servers. There are more to come, for now will go with basics in the network.
Hurray.... My Router shares the internet connection.......
Do I need a Proxy?
A good point that makes us to think. Do we need a proxy? When the router shares the internet. Why do we need a proxy?
If the ADSL modem is our router. We need to think about proxy based on our network size. Sharing about hard learning, we felt the router was extremely good to share internet connection acting as a gateway. But when the network size started to grow we faced frequent network connection drops.... Why?
The ADSL Router was not good enough to handle the too many requests from different machines. May be this is not the case for all the routers but our router did this to us (The router is a least version provided by the ISP, not designed for high traffic).
Whats up next?
Let the internet connection be bridged. Let the PC take up the load....
Let the PC take up the Proxy......
Yes. We are to the topic now.......... Let us know about proxies to get internet shared in the network.
What is a Proxy?
To keep it short. It is an application that acts a layer in between our application (browser) and the web server.
Let us understand the network now.
All the PCs are in same sub-net
PC - A - 192.168.1.1
Laptop - 192.168.1.2
PC - C - 192.168.1.3
Gateway for all should be 192.168.1.1 (PC A, should not have a gateway)
The PC A is running on Windows.........
It has two NIC (Network Interface Card). The first one connects to the ADSL router for Internet connection using the bridging option. The second one now connects to the local network with the IP 192.168.1.1
To make the internet connection simple, use AnalogX Proxy.
Download and install it. When we run it... We see it runs on a Port 6588.
Yes it listens on 6588 Port on 192.168.1.1
We need to say this in our browsers and other internet accessing application like GTalk, Skype, Yahoo Chat and more
Click here to know on how to configure your browser.
Do we need to go only with AnalogX?
No not at all.....
We have too many proxy software with very advanced operations.
Are you having a SOHO (Small Office / Home Office) Network?
Wanted more than a normal proxy?
Still wanted the NAT(Network Address Translation) Feature of the ADSL router with a PC as a gateway?
Wanted more features of Proxy, Firewall and Advanced gateway?
The answer would be, try IPCop-Linux........
When the network grows..... Want too many things to do for internet?
Keep watching..... We will see, how to load balance internet connectivity with multiple Internet connections and multiple proxy servers. There are more to come, for now will go with basics in the network.
Saturday, January 30, 2010
Basics of Networking - Part 2 (Connecting Internet)
For a long time network was an unknown thing, while I was using the network services without knowing how it works....
Have I understood it now? Well the answer is "partially". Yes still it is an unknown mystery for me.
But how could I write about something I don't know?
I would say. I write something that I have learned hard.... spent months and years and found a simple solution may I was in wrong direction, I had no right person behind me to teach. All you see in this blog is not learned from a course... but learned when needed, some through other sources, some through practical experience and what ever worked well after the learning is written but they are not always best.... ;-) You find a better way later or you may know it. If so please correct me when they are wrong.
Going to the topic... Let us start inter-networking (I mean, connect to internet).
What are we going to and not going to discuss in this connecting to internet
We are about to see how can we connect the entire network to internet and we are not going to discuss about single PC internet connection as that will be mostly explained by the ISP.
We assume that we are using a broadband connection to share among our network.
Always an broadband internet connection has to go through a router, also called as ADSL modems. These modems take care of two things
Router is usually a device that is usually used to forward information between two networks, basically to connect networks of different subnet.
To access internet we need an IP address that is matching to the network of the provider (ISP). So the Router gets the IP from the ISP and on the other end it also has a local IP of our network.
Do this means it has two IPs?
Yes, it has two IPs, one end for the internet and other for our local network.
It acts as the gateway for the network. (Read - Basics of networking).
So all the internet requests navigate through this gateway and this gateway contacts the ISP to get our requests answered.
What else it can do?
This router also connects in an other mode called bridging. The bridging is a simple way of only acting as a modem and it translates the computer signals through the ISDN wire while the IP of the provider is directly assigned to the computer to which the router is connected. The bridging is possible if only one computer connects to the internet through the router.
The IP will be assigned dynamically or statically. They become active on boot or using PPPoE (Point to Point Protocol over Ethernet) dial-up.
How do we share the internet from the router?
IP Details
All the PC needs DNS Server IP to identify the websites out of its network. The DNS IPs will be provided by the ISP or we can use Google's Public DNS.
Thus the ADSL router makes internet available for all the computers in the network.
While we will discuss on sharing the internet using a proxy in upcoming posts.
Have I understood it now? Well the answer is "partially". Yes still it is an unknown mystery for me.
But how could I write about something I don't know?
I would say. I write something that I have learned hard.... spent months and years and found a simple solution may I was in wrong direction, I had no right person behind me to teach. All you see in this blog is not learned from a course... but learned when needed, some through other sources, some through practical experience and what ever worked well after the learning is written but they are not always best.... ;-) You find a better way later or you may know it. If so please correct me when they are wrong.
Going to the topic... Let us start inter-networking (I mean, connect to internet).
What are we going to and not going to discuss in this connecting to internet
We are about to see how can we connect the entire network to internet and we are not going to discuss about single PC internet connection as that will be mostly explained by the ISP.
We assume that we are using a broadband connection to share among our network.
Always an broadband internet connection has to go through a router, also called as ADSL modems. These modems take care of two things
- Digital signal transmission through the telephone lines.
- Acts as a router and becomes our gateway.
Router is usually a device that is usually used to forward information between two networks, basically to connect networks of different subnet.
To access internet we need an IP address that is matching to the network of the provider (ISP). So the Router gets the IP from the ISP and on the other end it also has a local IP of our network.
Do this means it has two IPs?
Yes, it has two IPs, one end for the internet and other for our local network.
It acts as the gateway for the network. (Read - Basics of networking).
So all the internet requests navigate through this gateway and this gateway contacts the ISP to get our requests answered.
What else it can do?
This router also connects in an other mode called bridging. The bridging is a simple way of only acting as a modem and it translates the computer signals through the ISDN wire while the IP of the provider is directly assigned to the computer to which the router is connected. The bridging is possible if only one computer connects to the internet through the router.
The IP will be assigned dynamically or statically. They become active on boot or using PPPoE (Point to Point Protocol over Ethernet) dial-up.
How do we share the internet from the router?
IP Details- Modem/Router - 192.168.1.1
- PC A - 192.168.1.2
- Laptop B - 192.168.1.3
- PC C - 192.168.1.4
All the PC needs DNS Server IP to identify the websites out of its network. The DNS IPs will be provided by the ISP or we can use Google's Public DNS.
Thus the ADSL router makes internet available for all the computers in the network.
While we will discuss on sharing the internet using a proxy in upcoming posts.
Subscribe to:
Posts (Atom)