Data Networking/Fall 2015/Prathamesh Salim Shefalee
Motivation
editLinux is an Open Source & free operating system widely used in almost each and every networking application. It is a key skill-set to possess for being a successful network engineer. Hence by doing so we are learning and getting hands-on experience of creating a network on Linux operating system.
Understanding the Protocol
edit1) Domain Name System (DNS)
Domain Name System (DNS) is a naming system for hosts that translates domain names into IP address. Every time a domain name is requested, the DNS translates it to the corresponding IP address. For e.g. when a request is made for "www.google.com" on the browser, the query is sent to the local DNS searching for the corresponding IP address. The local DNS forwards the query to the DNS server hierarchy. Then it will contact the root server which returns the IP address of the TLD (Top Level Domain) servers for top level domain com. Next the client contacts the TLD server which returns the IP address of the authoritative servers for google.com, which returns the IP address for the hostname www.google.com. The different types of DNS server records are A, CNAME, MX, PTR, AAAA etc. Each DNS reply message carries one or more resource records. In this project we have used Bind9 DNS server with caching. The benefit of caching is, whenever a request is made, it is first searched in the cache. If it was already requested earlier, then the time of response is reduced by 1000ms.
2) Dynamic Host Configuration Protocol (DHCP)
DHCP is a network protocol that enables a server to dynamically allocate the internet protocol(IP) to the requesting computer systems from the defined range of IP addresses configured. A requesting host is assigned a temporary IP address each time it connects to the network. Whenever a host enters into the network, it will find a DHCP server. It will send a broadcast request called Discover, looking for DHCP server to answer. The server determines an appropriate address for the client, temporarily reserves it and sends back to the client an offer packet. Further the client sends request packets, letting the server know the intention of using the address. In response the server sends an ACK letting the client know that it has been given a lease on the address for server specified period of time. The port numbers used for DHCP server and client are 67 and 68 respectively.
Type of IP allocation to the host by DHCP are:
• Static allocation: Static IP addresses are allocated to those hosts who have their MAC addresses listed in the IP translation tables on the router.
• Dynamic allocation: Dynamic address allocation occurs from a pool of IP addresses for a certain lease period.
• Automatic allocation: The same IP is assigned to the client automatically, when it comes on the network.
3) Web Server
Web servers are the programs which uses Hyper Text Transfer protocol (HTTP) to deliver the file that forms web pages, to users in response to their requests. Every Web server has an IP address and a domain name. It involves HTTP and HTTPS protocols for listning on ports. Port numbers used are 80 for HTTP and 443 for HTTPS. Overloading can be avoided by using firewall and caching techniques. We have implemented Apache web server. It is the most used web server software.
4) Backup Web Server
We have created a backup server for keeping a backup of the existing web server in case failure occurs. For that we have synced our data with another server which the backup of contents in the directory. So whenever any data is modified, the backup server is updated by copying files to the backup server. We have used Remote Sync (Rsync) for backup server in Ubuntu.
5) Firewall
Firewall is a network security system designed for preventing unauthorized access to or from a computer network. It can be a hardware or a software. It filter outs all the incoming and outgoing packets. Common techniques used for securing are packet filtering, application gateways, circuit-level gateways and proxy servers. Most firewalls use combination of these techniques. It acts as the first line of defense.
The Requirements
edit• Linux Based OS (We have used Ubuntu 14.04.1)
• Bind9 server to configure DNS.
• Isc-dhcp-server to configure DHCP.
• Apache2 to configure our web server.
• RSync tool for web backup server.
Testing
edit1. DNS test We tested the DNS server with the following commands: Dig: The Domain information groper is used to perform the DNS lookup and return the name server. Our test worked successfully and the server returned the nameserver. Nslookup: Nslookp is performed to check the mapping of IP address to domain name and vice-versa.
2. DHCP test When the client is connected to the DHCP server over Ethernet, Ip address is assigned to the client specified by the DHCP server.
3. Web server We tested the Web server by hitting the browser and looking up the webpage either with the domain name: tele5330.com or with the IP 192.168.100.4.
4. Backup server We tested the backup by hosting it on another machine which is updated every 10 minutes from the web server. It is also looked up either with its domain name or IP which is 192.168.100.12.
5. Firewall test We tested the firewall by sending packets using file transfer protocol and blocking the ftp ports. Whereas the http port is open which allows the client to request the webpage.
6. Mail server test We created two users to communicate by exchanging mails and we checked the working of the server by sending a mail from one to another.
7. NFS test We tested the Network file sharing by mounting the shared folder directory on client, keeping the client and server on the same network. And created new files using touch command and shared those files with the remote clients.
8. VPN test We tested VPN by using the following command Netstat –alpa | grep
9. Network time protocol (NTP) We tested NTP by executing the below command. The ntpstat command will report the synchronisation state of the NTP daemon running on the local machine. If the local system is found to be synchronized to a reference time source, ntpstat will report the approximate time accuracy. ntpstat - show network time synchronization status
Future Prospects
edit1) Relay agents can be used to assign IP address for different subnets.
2) Network security can be increased by adding digital signatures, symmetric key encryption and authentication.
3) DNS security can be increased by using DNSSEC which uses model of public key-cryptography.
Citations
editReferences Websites:
2) https://help.ubuntu.com/community/BIND9ServerHowto
3) https://help.ubuntu.com/community/isc-dhcp-server
4) https://help.ubuntu.com/community/rsync
6) https://help.ubuntu.com/community
7) http://www.broexperts.com/2012/06/how-to-backup-files-and-directories-inlinux-using-tar-cron-jobs
8) http://www.yolinux.com/TUTORIALS/Rsync.html
9) https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
10) http://tecadmin.net/crontab-in-linux-with-20-examples-of-cron-schedule
11) https://help.ubuntu.com/community/SettingUpNFSHowTo
12) http://packages.ubuntu.com/lucid/apache2
13) https://help.ubuntu.com/community/UFW
14) https://help.ubuntu.com/community/PPTPServer
Books:
1) Computer Networking- A Top-Down Approach (Fifth Edition)- By James F. Kurose & Keith W. Ross