The purpose of this document is to give an idea of network opportunities on the Linux Operating System. Moreover, one of the great strengths of Linux is that it is possible to find tons of information on almost all subjects, and the majority of this information mainly concern the way things are implemented. Most new Linux users, particularly those who arrive from a Windows environment, know nothing of Linux networking opportunities.
This document has therefore intended to give an overview of all these possibilities with a small description for each and addresses to fetch more information. The information was gathered from many sources: HowTos, faqs, web pages and projects of my own experience. All authors are cited. Without them, and without their programmes, this document would not have been possible nor necessary.
2. Linux.
2.1 What is Linux?
The principal author of Linux is Linus Torvalds. Since the first version, this system has been improved by an impressive number of people. It is a clone, written from scratch, the UNIX operating system. The most interesting about Linux is that its development takes place simultaneously around the world.
Linux is protected by the GNU License (GPL). The license was written by the Free Software Foundation (FSF), it is made to prevent people from restricting the distribution of software. Basically, it says that although one can ask for money for distribution, the person who received the copy has the right to freely redistribute. It also said that the source code must be available. This is very useful for programmers. Anyone can modify Linux and even distribute its changes, as the code remains in the same copyright.
2.2 What makes Linux is different?
Why work on Linux? Linux is generally less expensive (or at least not more expensive) than other operating systems, and often creates fewer problems than commercial systems. But what is different is that Linux is not the price (after all, why we would like a system - even if it is free - if not properly?), But its astonishing capacity:
* Linux is a true multitasking operating system 32-bit strong and powerful enough to be used until universities in large enterprises.
* It runs on an impressive number of machines, from 386 low-end, massively parallel machines to research centers.
* There are versions available for Intel architecture / Sparc / Alpha, and an experimental support for Power PC and systems such SGI, Ultra Sparc, AP1000 +, Strong ARM, MIPS R3000/R4000 …
* Finally, when it comes to the network, Linux is “the” choice, not only because the network layer is deeply integrated into the system, and that because of the impressive number of applications available, but also through its robustness when the system is very busy, something that can not be accomplished in such a project only after years of debugging and testing.
3. Network protocols
Linux supports many different network protocols:
3.1 TCP / IP
The Internet Protocol (IP) was originally conceived, there are some twenty years for the department of defense the United States (DoD), with the main purpose of power connect computers of different brands. The following TCP / IP enabled, through its layered structure, isolate the applications of network physical layer.
Moreover, this model is more layered turned to the possibilities of interconnections that to the rigidity of functional layers. It is for this reason that TCP / IP has become the international standard international network and not the ISO.
TCP / IP is present in Linux since its inception. Its implementation is part of nothing. It is part implementations of the most robust, fast and reliable and that is a key factor in the success of Linux.
HowTo: http://sunsite.unc.edu/mdw/HOWTO/NET-3-HOWTO.html
3.2 TCP / IP version 6
IPv6, also known as IPng (IP Next Generation) is an update of IPv4 to resolve problems related to the addresses. These problems include: lack of IP addresses, lack of mechanisms to manage traffic priority, lacks a layer of security …
The increase in the number of addresses will be accompanied by an increase in the complexity of addressing tables, which will have a big impact on performance routing. A beta implementation already exists for Linux, and a stable version is expected in the version 2.2.0 of the kernel.
* The HowTo Linux IPv6: http://www.terra.net/ipv6/linux-ipv6.faq.htm
* The start page of IPv6: http://playground.sun.com/pub/ipng/html/ipng-main.html
3.3 IPX / SPX
IPX / SPX (Internet Packet Exchange / Sequenced Packet Exchange) is a proprietary protocol developed by Novell and based on Xerox Nework System (XNS). IPX / SPX was widely used in the early 1980’s as an integral part of Novell NetWare. NetWare is therefore become the standard operating systems network LANs of the first generation. Novell has improved its system with business-oriented applications and utilities connections.
Linux has a very clean implementation of IPX / SPX, to be configured as:
* IPX router
* Bridge IPX
* Client NCP and / or server NCP (to share files)
* Client and print server Novell
And:
* Allowing PPP / IPX: a Linux machine to serve as client / server PPP
* IPX tunnelling through IP, allowing the connection of two networks via a link IPX IP
In addition, Caldera offers commercial support for Novell NetWare on Linux. Caldera sells a complete customer Novell NetWare based on technology purchased from Novell Corporation. This customer provides full access to the file servers Novell 3.x and 4.x and includes tips such as NetWare Directory Services (NDS) and the RSA encryption.
* The IPX HowTo: http://sunsite.unc.edu/mdw/HOWTO/IPX-HOWTO.html
3.4 The AppleTalk protocol
Appletalk is the name of the network stack of Apple. It allows links to posts posts, which provides basic functions such as sharing files or printers. Each machine can act simultaneously as a client and server. The software and hardware are included in every computer Apple.
Linux provides a complete network stack Appletalk. Netatalk, the port Linux AppleTalk, is implemented at the core, and comes from systems derived from BSD. It includes support for the AppleTalk router, share file systems and Unix AFS via AFP (AppleShare), Unix share printers and printers via Appletalk PAP.
Go see section 5.1 for more information.
3.5 Networks WAN: X.25, Frame-relay, etc. …
Some products provide T-1, T-3, X.25 and Frame Relay for Linux. Generally special equipment is necessary for such connections. Those who sell equipment also sell drivers with protocol support.
* Resources for Linux WAN: http://www.secretagent.com/networking/wan.html
3.6 ISDN
The Linux kernel has integrated ISDN capabilities. Isdn4linux control cards ISDN PC and can emulate a modem with commands Hayes (orders “AT”). The possibilities range from the use of a connection type terminal via HDLC (using the devices included) until a full Internet connection with the possibilities PPP / Sons.
* FAQ for isdn4linux: http://tsikora.tiac.net/i4l-faq/eng-i4l-faq.html
3.7 PPP, SLIP, PLIP
The core of Linux has integrated support for PPP (Point-to-Point Protocol), SLIP (Serial Line IP) and PMB (Parallel Line IP). PPP is the most popular way for individual users to connect to their ISPs (Internet Service Providers). PLIP allows for easy connections between two machines. It uses a parallel port and a special cable, reaching speeds of 10kBps to 20kBps.
* The Linux PPP Howto
* The emulator PPP / SLIP
* Further information can be found in The Network Administrator Guide
3.8 Radio Amateur
The core of Linux has integrated support for amateur radio protocols.
An interesting point is the support AX.25. The protocol AX.25 opportunities for operations with or without connections, and is even used by itself for connections from one point to another, or to carry other protocols such as TCP / IP or NetRom.
It is similar to X.25 level 2 on its structure, with some extensions that make it more useful for amateur radio environment.
* Amateur radio how-to
3.9 ATM
The ATM support of Linux is currently pre-alpha. This is an experimental distribution, which bear the raw ATM connections (PVC and SVC), IP via ATM LAN emulation …
* The page of ATM for Linux
4. Supported network equipment
Linux supports a wide variety of network hardware, some even obsolete.
Some interesting documents:
* The Hardware How-To
* The Ethernet How-To
5. Sharing files and printers
The first goal of the majority of local area networks (LAN)-based PC is to provide a service for sharing files and printers to users. Linux as a file server and printers for the company appears to be an excellent solution.
5.1 Apple Environment
As has been emphasized in the preceding sections, Linux supports the family of protocols Appletalk. The netatalk Linux allows a client to see Macintosh Linux systems as other Macintosh on the network, share files, and use printers connected to Linux servers.
The FAQ Netatalk and HowTo:
* Http://thehamptons.com/anders/netatalk/
* Http://www.umich.edu/ ~ rsug / netatalk /
* Http://www.umich.edu/ ~ rsug / netatalk / faq.html
Windows 5.2 Environment
Samba is a suite of software that allows the majority of Unix (particularly Linux) to integrate into a network Microsoft as a client and server. As a server, it allows customers Windows 95, Windows for Workgroups, DOS and Windows NT access to files and printers on the Linux machine. It can completely replace Windows NT for sharing files and printing services, including automatic loading of printer drivers by customers. As a customer, the station Linux is able to mount file systems exported by other machines.
According to the Meta-FAQ SAMBA:
“Many users have said that compared with other implementations SMB,
Samba is more stable, fast and compatible with more customers. Administrators
large installations say that Samba is the only SMB server available that can be used
several tens of thousands of users without planting. ”
* The project page Samba
* The Samba HowTo
* Printing How-to
Novell Environment 5.3
As has been said in earlier sections, Linux can be configured as a client or server NCP, and therefore, provide access to its files and printers across a network Novell, both for customers and for Novell Unix customers.
* The HowTo IPX
5.4 UNIX environment
The easiest way to share files over a network is to use UNIX NFS. NFS means Network File Sharing, ie, file-sharing network and its protocol was originally developed by Sun Microsystems. It is a simple way to share files between machines as if they were local. A client mount a file system “exported” by an NFS server. The file system mounted appear as if the score was part of the local file system.
It is possible to mount a file system root at startup, thereby enabling customers without boot disk and access to all files on the server. More simply, it is possible to have a fully functional computer while not drive.
Document in connection with NFS:
* Http://sunsite.unc.edu/mdw/HOWTO/mini/NFS-Root.html
* Http://sunsite.unc.edu/mdw/HOWTO/mini/Diskless.html
* Http://sunsite.unc.edu/mdw/HOWTO/mini/NFS-Root-Client.html
* Http://www.redhat.com/support/docs/rhl/NFS-Tips/NFS-Tips.html
* Http://sunsite.unc.edu/mdw/HOWTO/NFS-HOWTO.html
6. Internet / Intranet
Linux is a very good platform to act as a server Internet / Intranet. The term Intranet refers to the application of Internet technologies within a company for the dissemination of information in the company. The Internet and Intranet services offered by Linux include Mail, News, WWW server, and many more which will be detailed in the following sections.
Mail 6.1
Mail Servers
Sendmail is de facto the standard mail server for UNIX platforms. It is robust, scalable, and properly configured with the necessary equipment, can withstand a load of several thousands of users without ciller. Other mail servers (MTA Mail Transport Agents) exist, as smail and qmail which are substitutes for sendmail.
* The Site Sendmail
* The FAQ Smail
* The site Qmail
HowTo Mail:
* Http://sunsite.unc.edu/mdw/HOWTO/Mail-HOWTO.html
* + Http://sunsite.unc.edu/mdw/HOWTO/mini/Qmail MH.html
* + Http://sunsite.unc.edu/mdw/HOWTO/mini/Sendmail UUCP.html
* Http://sunsite.unc.edu/mdw/HOWTO/mini/Mail-Queue.html
Remote access to the mails
In a company or an ISP, users will access their electronic mailbox from their office. Several alternatives exist for Linux, including servers POP (Post Office Protocol) and IMAP (Internet Message Access Protocol). The POP protocol is generally used to transport the mail server to the client. IMAP allows the manipulation of messages on server, creation and deletion distance directory on the server, access to shared files mails, etc..
* A brief comparison of IMAP and POP
HowTo a relationship with e-mail:
* Http://sunsite.unc.edu/mdw/HOWTO/Mail-HOWTO.html
* Http://sunsite.unc.edu/mdw/HOWTO/mini/Cyrus-IMAP.html
Readers Mail
There are many readers of mail on Linux, either graphical or text mode. Most used his pine, elm, mutt and Netscape.
* List of software-related e-mail
* Http://sunsite.unc.edu/mdw/HOWTO/mini/TkRat.html
Software distribution list
There are many management programs mailing lists available for UNIX in general and Linux in particular.
* A good comparison of managers lists can be found at: ftp://ftp.uu.net/usenet/news.answers/mail/list-admin/
* Listserv
* Majordomo
Fetch-mail
One very practical utility for managing e-mail is fetchmail. Fetchmail is a program of recovery and rerouting mail free, robust, comprehensive and very well documented, is to be used with a TCP / IP connection to the demand (as SLIP or PPP connections). It supports all remote mail protocols in force today on the Internet. It even supports IPv6 and IP-SEC.
Fetchmail retrieves messages from remote mail servers and reroute via SMTP, therefore, they may normally be read by standard mail clients such mutt, elm or BSD Mail. It allows all filtering systems, rerouting and aliasing mail servers function as if they were normal mails.
Fetchmail can be used as a gateway POP / IMAP-to-SMTP for a DNS domain-wide, recovering mail from a single mailbox at the FAI, and transferring the while relying on the headers.
A small company can centralize all of its e-mail accounts in one box, and fetchmail program to retrieve all mail leaving, send them on the Internet and retrieve messages arriving in one fell swoop.
* The page Fetch-mail
6.2 Web Servers
The majority of Linux distributions include Apache. According to http://www.netcraft.co.uk/survey/ Apache is the first Web server on the Internet, more than half of Internet sites use Apache, or one of its derivatives. The advantages include Apache its modular design, stability, and its speed. With an appropriate and suitable equipment, it may bear the biggest burden: Yahoo, Altavista, GeoCities, Hotmail are based on custom versions of this server.
An optional SSL support (which allows for encrypted transactions) is also available at:
* Http://www.apache-ssl.org/
* Http://raven.covalent.net/
* Http://www.c2.net/
HowTo a relationship:
* Http://sunsite.unc.edu/mdw/HOWTO/WWW-HOWTO.html
* Http://sunsite.unc.edu/mdw/HOWTO/Virtual-Services-HOWTO.html
* Http://sunsite.unc.edu/mdw/HOWTO/Intranet-Server-HOWTO.html
* Web servers for Linux
6.3 Web Browsers
A good number of WWW browsers are available for Linux platforms. Netscape Navigator is one of choice from the beginning, and Mozilla will have a Linux version. Another browser text mode is popular lynx. It is fast and convenient when no graphical environment is available.
* Browsers for Linux
* Http://sunsite.unc.edu/mdw/HOWTO/mini/Public-Web-Browser.html
6.4 FTP servers and clients
FTP means File Transfer Protocol, file transfer protocol. An FTP server allows customers to connect and retrieve files. There are many customers and FTP servers available for Linux and are most often included in the distributions. There are customers in text mode as well as customers with a graphical user interface. The software in connection with the FTP can be found at: http://sunsite.unc.edu/pub/Linux/system/network/file-transfer/
6.5 Services News
Usenet (also called news) is a huge BBS, which covers all possible subjects and which is organized hierarchically. A network of computers through the Internet (Usenet) exchange articles with the NNTP protocol. Several implementations are available for Linux, whether for a busy site or a small site receiving little groups.
* The page INN
* The software related news
6.6 Domain Names (DNS)
A DNS server is responsible for translating names (understandable by humans) into IP addresses. A DNS server does not know all the IP addresses of the world, but it can ask another server address unknown. The DNS server will return then either IP requested, or will meet it does not find that name in its tables.
The name servers on Unix (and mostly on the Internet) are managed by a program called named. It is part of a package bind the Internet Software Consortium.
* BIND
* The HowTo DNS
6.7 DHCP, bootp
DHCP and bootp are protocols that allow a client to obtain information on the network (as its IP address) from a server. Many companies are starting to use it because it makes it easier to hotel networks, especially in the case of large networks or networks with many mobile users.
Documents related:
* The DHCP HowTo
NIS 6.8
NIS stands for Network Information Service (Network Information Service). It provides a simple consultation service, including databases and processes. Its objective is to provide information to be known throughout the network all the machines there. The information distributed by NIS are:
* Login names, passwords, parents directories (/ etc / passwd);
* Information about the user group (/ etc / group).
For example, if your password is stored in the database NIS, you can stay on any machine on the network that owns the NIS clients.
HowTo a relationship:
* How-to NIS
6.9 Authentication
There are also several methods to authenticate users in a heterogeneous network.
For Linux / Windows NT: http://www.mindware.com.au/ftp/smb-NT-verify.1.1.tar.gz.
WFP (pluggable authentication module) which is a flexible method of authentication UNIX: WFP bookstore.
And finally, LDAP for Linux
7. Running applications remote
One of the wildest features of UNIX (and yet one of the most overlooked for new users) is the superb support for the implementation distributed and remote applications.
7.1 Telnet
Telnet is a program that allows a person to use a remote computer as if it were on the spot. Telnet is one of the most powerful tools for UNIX, allowing a real hotel at a distance. It is also an interesting program at the user level, because it allows a user remote access to all files and programs it uses from anywhere on the Internet. Combined with an X server, there is no difference (from the delay) between being on the spot or across the world. Customers and telnet daemons are available with all distributions of Linux.
The shells are available via secure SSH to secure a hotel.
* Software in connection with Telnet
7.2 Orders executed distance
Under Unix, and Linux in particular, there are orders that can interact with other computers from the command line. For example: rlogin, which allows you to stay on a remote machine in a manner equivalent to telnet or rcp, and can make transfers between machines, etc.. And of course the command rsh (remote shell) can execute commands on a remote machine without them shelter.
7.3 X-Window
The X-Window system was developed at MIT in the late 80’s and he quickly became graphical interface industry standard for graphics work stations UNIX. Everything is freely available, is very versatile, and is ported to a wide variety of platforms. While X-Window system consists of two parts, the X server, and one or more customers X. It is important to distinguish between the server and client. The server controls the display directly, and manages the entries and exits via the keyboard, mouse or display. The customer, on the other hand, fails on the screen directly, it communicates with the server, which manages the entrances and exits. It is the customer who does all the “real” work, execution of application or whatever. The client communicates with the server, asking the server to open one or more windows, and manage the entrances and exits to the customer.
To summarize, the X-Window system allows a user to access another machine, run a program (for example, a WWW browser) and exits have posted on its own machine. Because this process is actually implemented on the server, very little CPU power is needed on the client. In fact, it is possible to have computers whose primary function is to be X-Window servers and they are called terminals X.
A free port of X-Window system exists for Linux and can be found at: Xfree It is normally included in most Linux distributions.
HowTo a relationship:
* Implementation X distance
7.4 VNC
VNC means Virtual Network Computing ie, virtual network of computers. It is a display system that allows distance to see a desktop computer not only from the machine where it works but also from any machine on the Internet, and on various architectural styles. Clients and servers are available for Linux and other platforms. For example, it is possible to run MS-Word from a machine running Windows NT or 95 and have the results displayed on any other machine, a Linux machine, for example. The opposite is also possible, of course, as well as run an application on a Linux machine and have the display on another Linux machine or a Windows machine … A Java client is also allowing the display in a Web browser. Finally, a port using the Linux graphics library allows SVGAlib to 386 with 4 megabytes of RAM become true terminals X.
* The site VNC
8. Interconnection networks
The network layer of Linux is full of features. A computer running Linux can be configured to act as a router, bridge, etc. … Some of the options available are described below.
8.1 Router
The Linux kernel supports routing functions. A computer running Linux can also work as a router IP or IPX for a much lower cost than commercial router. Recent kernels include options for special machines acting as routers:
* Multicasting: allows the machine running Linux as a router for IP packets which have several addresses of destination. This is necessary on the MBONE, a network high-bandwidth, which broadcasts sound and video.
* IP routing policy: Normally, a router decides what to do when he receives a package relying mainly on the address of the final package, but it may also take into account the address of origin and the place where the package arrives.
There are some projects that are designed to walk a Linux router with just a floppy: Under Linux router
8.2 Bridge
The Linux kernel knows act as a bridge Ethernet, which means that the various segments Ethernets which it is connected to appear as a single Ethernet to the participants. Several bridges can work together to create even more extensive Ethernet networks using the algorithm tree (spanning tree) IEEE802.1. As is standard, bridges Linux will work with other kinds of bridges. Other packages allow filtering based on IP, IPX or MAC.
HowTo a relationship:
* Bridge + Firewall
* Bridge
8.3 IP-Masquerading
IP Masquerade is a function of network development for Linux. If a Linux machine is connected to the Internet with IP Masquerade activated, computers connecting them (either on the same network, either by connecting modems) can access the Internet without problems, even if they have no real IP assigned to. This reduces costs, since a lot of people will have access to the Internet using a simple modem connection. It also allows us to reduce security risks because in some ways, the machine acts as a firewall, since the unofficial addresses can not be accessed from outside the network.
Pages and documents relating to the IP Masquerade:
* ~ Http://www.tor.shaw.wave.ca/ Ambrose /
* Http://www.indyramp.com/masq/links.pfhtml
* Http://sunsite.unc.edu/mdw/HOWTO/mini/IP-Masquerade.html
8.4 IP-Accounting
This option allows the Linux kernel to keep track of any IP traffic, record IP packets and produce a few statistics. A series of rules can be set so that, when some packages have certain characteristics, a counter is incremented, the package is accepted or rejected, etc. …
8.5 IP-Aliasing
This feature of the Linux Kernel provides the possibility to assign different addresses to the same network interface (ex: two IP addresses on an Ethernet card). Typically, to be used for services that behave differently depending on the address by which they are called (ex: “multihosting” or “virtual areas” or “virtual hosting service”).
HowTo a relationship:
* IP Aliasing How-to
8.6 Traffic Shaping
The traffic shaper is a virtual interface which allows to limit the amount of traffic to another network interface. This is especially useful when one wants to limit / control the bandwidth used by a client. Another alternative (for the web only) would be to use an Apache module which restricts the number of connections per customer, or the bandwidth used.
Firewall 8.7
A firewall is an interface that protects a network deprives the rest of the Internet. It is designed to control the flow of packets based on source, destination, the port and the package type contained in each package.
There are different tools for Linux firewalls, and a support integrated into the kernel. Other firewalls are TIX and SOCKS. These kits are very comprehensive firewall, and combined with other tools, can block / redirect all types of traffic and protocols. Different rules may be implemented through configuration files or through programs graphics.
* The page TIS
* SOCKS
* Firewall-How to
8.8 Re-routing of ports
A growing number of WWW sites become interactive with cgi-bins or Java applets that access to databases and other services. Since these access may pose safety problems, the machine containing the database should not be connected directly to the Internet.
The rerouting of ports can provide an almost ideal solution to the problem of access. With a firewall, IP packets arriving on a specific port can be rewritten and sent to internal server providing the service. The package that was received from the internal server is rewritten to make it appear as coming from the firewall.
Information on the rerouting of ports can be found here
8.9 Distribution charge
When a Web server, which uses a database, is very busy, it would be useful to have several identical servers and redirect queries to the server least responsible. This can be done with technology network address translation (NAT: Network Address Translation) whose IP-Masquerading is a subset. Network administrators can replace a single server providing Web services - or anything else - by a group of servers sharing the same IP address. The connections entrants are redirected to one of the servers using an algorithm load balancing. Le serveur virtuel réécrit les paquets entrants et sortants pour que les clients aient un accès transparent au serveur, comme s’il était unique.
Des informations sur Linux IP-NAT peuvent être trouvées là
8.10 EQL
EQL est intégré au noyau de Linux. Si deux connections séries existent vers un autre ordinateur (cela demande deux modems et deux lignes de téléphone) et si SLIP ou PPP (un protocole pour envoyer un trafic internet à travers une ligne de téléphone) sont utilisés dessus, il est possible de les faire se comporter comme une seule connection ayant une vitesse double en utilisant ce driver. Naturellement, EQL doit être supporté de l’autre côté aussi.
* Le EQL How-to
8.11 Serveur Proxy
Le terme proxy signifie “faire quelque chose pour quelqu’un d’autre”. En termes de réseau, un serveur proxy est un ordinateur qui agit pour plusieurs clients. Un proxy HTTP est une machine qui reçoit des requêtes à des pages Web d’autres machines (machine A). Le proxy récupère la page en question et retourne le résultat à la machine A. Le proxy peut avoir un cache contenant les pages déjà demandées, de façon à ce que , si une autre machine demande la même page, la copie du cache soit retournée à la place. Ceci permet de réduire la bande passante utilisée, et d’avoir un temps de réponse plus court. Comme effet de bord, les machines clientes n’accèdent pas directement au monde extérieur et cela peut rendre un réseau plus sûr. Un proxy bien configuré peut être aussi efficace qu’un firewall.
Plusieurs serveurs proxy existent pour Linux. La solution la plus populaire est le module proxy d’Apache. Il ya aussi SQUID qui est une implémentation plus complète et plus robuste de proxy HTTP.
* Apache
* Squid
8.12 Connection à la demande
Le but des connections à la demande est de faire croire aux utilisateurs qu’ils ont une connection permanente d’un point à un autre. D’habitude, il ya un daemon qui surveille le trafic de paquets, qui établit la connection quand elle est nécessaire, puis après une période d’inactivité, clot la connection.
* Le Diald How-to
8.13 Tunnelling, IP mobile et réseaux privés virtuels
Le noyau de Linux permet le tunnelling (encapsulation) de protocoles. Il peut faire du tunnelling IPX via IP, permettant la connection de deux réseaux IPX via une simple liaison IP. Il peut aussi faire du tunnelling IP-IP, qui est majoritairement utilisé pour le support des IP mobiles, le support du multicast, et la radio amateur. (voir http://sunsite.unc.edu/mdw/HOWTO/NET-3-HOWTO-6.html#ss6.13)
Les IP mobiles sont une amélioration qui permet un routage transparent de datagrammes IP vers des noeuds IP sur Internet. Chaque noeud est toujours identifié par son adresse d’origine, quelque soit son point de rattachement à Internet. Quand il est éloigné de son point d’origine, un noeud mobile est aussi associé avec une adresse d’hébergement, ce qui fournit des informations sur son point de rattachement actuel sur Internet. Le protocole permet d’enregistrer l’adresse de l’hébergeur avec un programme spécifique. Ce programme envoie les datagrammes destinés au noeud mobile via le tunnel de l’adresse de l’hébergeur. Après être arrivé, chaque datagramme est alors délivré au noeud mobile.
Le Point-to-Point Tunneling Protocol (PPTP) est une technologie réseau qui permet d’utiliser Internet en tant que réseau privé virtuel (VPN : virtual private network). PPTP est intégré dans le serveur de services d’accès à distance (RAS : Remote Access Services) de Windows NT server. Avec PPTP, les utilisateurs peuvent se connecter à leur FAI local, ou se connecter directement à Internet, et utiliser leur réseau comme s’ils étaient devant leur bureau. PPTP est un protocole bien défini, et sa sécurité a récemment été compromise. Il est fortement conseillé d’utiliser l’une des alternatives proposées par Linux, car elles s’appuient sur des standards qui ont été examinés et testés très minutieusement.
* Un client PPTP pour Linux est disponible ici
IP mobile :
* http://www-uk.hpl.hp.com/people/jt/mip.html
* http://anchor.cs.binghamton.edu/~mobileip/
Document parlant des réseaux privés virtuels :
* http://sunsite.unc.edu/mdw/HOWTO/mini/VPN.html
* http://sites.inka.de/sites/bigred/devel/cipe.html
9. Administration Réseau
9.1 Programmes d’administration réseau
Il ya une liste impressionnante d’outils qui sont dédiés à l’administration réseau et à l’administration à distance. Quelques projets intéressants sont linuxconf et webmin :
* Webmin
* Linuxconf
D’autres outils incluent des outils d’analyse de trafic réseau, de sécurité réseau, de surveillance, de configuration, etc. Une archive de tous ces outils peut être trouvée à Sunsite
9.2 SNMP
Le Simple Network Management Protocol (protocole d’administration réseau simple) est un protocole dédié à l’administration des services réseaux. Il permet l’administration et la surveillance à distance de routeurs, passerelles, cartes réseaux, switches, etc… Il ya un grand nombre de librairies, clients, daemons et programmes de surveillances SNMP disponibles pour Linux. Une bonne page pour démarrer est : http://linas.org/linux/NMS.html
10. Réseaux d’entreprises sous Linux
Dans certaines situations, il est nécessaire d’avoir une infrastructure réseau comprenant des mécanismes lui permettant d’être disponible quasiment 100% du temps. Certaines de ces techniques sont décrites plus loin. La majorité des documents suivants peuvent être trouvés sur l’excellent site web de Linas : http://linas.org/linux/index.html et dans le HowTo Linux High-Availability
10.1 Haute disponibilité
La redondance est utilisée pour éviter qu’Internet dans sa globalité ait un point faible. Un serveur avec une seule carte réseau ou un seul disque SCSI a deux points faibles. L’objectif est de cacher aux utilisateurs les problèmes imprévus de façon à ce qu’ils puissent continuer à travailler rapidement. Les logiciels de haute disponibilité sont un groupe de scripts et d’outils qui surveillent et détectent les problèmes, suivent une méthode appropriée pour restaurer l’état normal et préviennent les administrateurs systèmes.
10.2 RAID
RAID est l’abréviation de Redundant Array of Inexpensive Disks, c’est à dire Grappe redondante de disques, c’est une méthode grâce à laquelle les informations sont réparties sur plusieurs disques, utilisant des techniques telles que la mise bout à bout des disques (RAID niveau 0), la mise en miroirs (RAID niveau 1) pour obtenir la redondance, des temps d’attente plus faibles et/ou une plus grande bande passante pour la lecture et/ou l’écriture, et la récupération après un crash disque. 6 niveaux RAID différents ont été définis. Il y à 3 solutions RAID possibles pour les utilisateurs de Linux : RAID logiciel, boîtiers DASD externes, et contrôleurs de disques RAID.
* RAID Logiciel : Implémentation RAID purement logicielle, permet l’utilisation des différents niveaux RAID dans le code de gestion des disques du noyau (les bloc devices)
* Boîtiers DASD externes : les DASD (Direct Access Storage Device, cad périphérique de stockage à accès direct) sont des boîtiers séparés ayant leur propre alimentation électrique, fournissent un châssis pour ranger les disques, et sont considérés par Linux comme un périphérique SCSI comme un autre. D’une façon générale, c’est la solution RAID la plus fiable.
* Contrôleurs de disques RAID : Les contrôleurs de disques sont des cartes qui se mettent dans les bus ISA/EISA/PCI. Un câble les rattache aux disques, comme pour les contrôleurs normaux. Mais contrairement aux contrôleurs normaux, les contrôleurs RAID implémentent le RAID sur la carte elle-même, avec tout ce qu’il faut pour fournir les différents niveaux RAID.
HowTo en relation :
* http://sunsite.unc.edu/mdw/HOWTO/mini/DPT-Hardware-RAID.html
* http://sunsite.unc.edu/mdw/HOWTO/Root-RAID-HOWTO.html
* http://sunsite.unc.edu/mdw/HOWTO/mini/Software-RAID.html
Le RAID à linas.org:
* http://linas.org/linux/raid.html
10.3 Redondance réseau
Le takeover d’adresse IP (IPAT) :
Quand une interface réseau tombe en panne, son adresse IP devrait être prise par une carte en état de marche sur le même noeud du réseau, ou sur un autre noeud.
Le takeover d’adresse MAC :
Quand un takeover d’adresses IP survient, il faut s’assurer que tous les noeuds du réseau mettent à jour les caches de leurs tables ARP (les correspondances entre adresses IP et les adresses MAC).
Pour plus de détails, référez vous au : HowTo High-Availability
11. Sources d’informations
Où trouver de plus amples informations :
* Linux : http://www.linux.org
* Le Linux Documentation Project : http://sunsite.unc.edu/mdw/linux.html (Allez lire le Linux Network Administrator Guide)
* Freshmeat : Les dernières nouveautés des logiciels Linux. http://www.freshmeat.net
* Liens sur Linux : http://www.linuxlinks.com/Networking/
12. Remerciements et mise en garde
Ce document est basé sur le travail de beaucoup d’autres personnes qui ont fait leur possible pour que Linux devienne ce qu’il est maintenant : un des meilleurs systèmes d’exploitation basé réseau. Tous les crédits leurs reviennent. Beaucoup de travail a été fait pour que ce document soit clair, ainsi qu’exact et complet, mais sans être excessivement long. Néanmoins, l’auteur décline toute responsabilité en cas de mauvaise utilisation des informations contenues dans ce document. N’hésitez pas à m’envoyer vos suggestions, corrections, ou commentaires généraux pour que je puisse l’améliorer. Ce HowTo grandira certainement avec le temps, par exemple avec radius, les outils pour dupliquer un web/ftp grâce à wget, des analyseurs de trafic, CORBA… Et tout ce qui me sera suggéré et qui me paraîtra intéressant. Vous pouvez me joindre ici (et là pour la traduction française)
Leave a Comment