University of Rome “Sapienza” NETWORK INFRASTRUCTURES A.A. 2010 - 2011 PRACTICAL EXCERCISES ON NETKIT Eng. Angelo Coiro ([email protected]) LESSON IV BRIDGING: HOW TO CONFIGURE A NETWORK SWITCH (references: http://wiki.netkit.org/) [ 2 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 1 SUGGESTION • To better understand this part, you can download from the Netkit’s site… http://wiki.netkit.org/index.php/Labs_Official …the lab associated to it, namely: Bridging to practically perform the different steps explained in the next slides. [ 3 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 1 – NETWORK TOPOLOGY • All the MAC addresses are in the form: 00:00:00:00:XX:YY • A B C are the collision domains [ 4 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 2 STEP 2 – STARTING THE LAB • The started lab is made up of • 3 virtual machines that implement the pcs • 2 virtual machines that implement the switches • automatically configured to perform switching • [ 5 | 34 ] all the virtual machines and their network interfaces are automatically configured NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 3 – CONFIGURING NETWORK INTERFACES (1/6) • Real network interfaces have a wired in mac address • • the first three bytes make up the Organizationally Unique Identifier (OUI), a sequence that matches the vendor of the nic the remaining three bytes are the interface serial number • Mac address of an interface card manufactured by Asustek inc.: [ 6 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 3 STEP 3 – CONFIGURING NETWORK INTERFACES (2/6) • Virtual network interfaces are automatically assigned a mac address • [ 7 | 34 ] Depending on the version of netkit in use, the mac address might be derived from the ip address NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 3 – CONFIGURING NETWORK INTERFACES (3/6) • The mac address of a virtual network interface can be forcedly configured in the following way: [ 8 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 4 STEP 3 – CONFIGURING NETWORK INTERFACES (4/6) [ 9 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 3 – CONFIGURING NETWORK INTERFACES (5/6) [ 10 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 5 STEP 3 – CONFIGURING NETWORK INTERFACES (6/6) • The mac address of a virtual network interface can be forcedly configured in the following way: [ 11 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 4 – BRIDGING CAPABILITIES (1/2) • The command brctl allows to check and configure the settings of the bridging capabilities of a virtual machine [ 12 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 6 STEP 4 – BRIDGING CAPABILITIES (2/2) • A virtual machine may enable several bridging processes (on different network interfaces) • Once configured, a bridge is visible as a network interface that must be brought up in order to function properly [ 13 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 5 – INVESTIGATING SOURCE ADDRESS TABLES (1/3) • If the pcs do not generate any traffic, the source address tables only contain information about local ports [ 14 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 7 STEP 5 – INVESTIGATING SOURCE ADDRESS TABLES (2/3) • Depending on the configuration, a machine may generate traffic even broadcast packets) • • if not solicited (e.g., the source address tables of switch1 and switch2 may already contain non-local entries hard to prevent • Ports (=interfaces) are numbered according to the 802.1d standard • the correspondence between kernel interface numbering (ethX) and 802.1d numbering can be obtained by using brctl showstp [ 15 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 5 – INVESTIGATING SOURCE ADDRESS TABLES (3/3) [ 16 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 8 STEP 6 – EVOLUTION OF THE ADDRESS TABLES (1/12) • Start a sniffer on pc3: • Generate traffic between pc2 and pc3: [ 17 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 6 – EVOLUTION OF THE ADDRESS TABLES (2/12) [ 18 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 9 STEP 6 – EVOLUTION OF THE ADDRESS TABLES (3/12) • pc3 sees the traffic exchanged on its collision domain (C) [ 19 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 6 – EVOLUTION OF THE ADDRESS TABLES (4/12) [ 20 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 10 STEP 6 – EVOLUTION OF THE ADDRESS TABLES (5/12) [ 21 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 6 – EVOLUTION OF THE ADDRESS TABLES (6/12) [ 22 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 11 STEP 6 – EVOLUTION OF THE ADDRESS TABLES (7/12) [ 23 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 6 – EVOLUTION OF THE ADDRESS TABLES (8/12) [ 24 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 12 STEP 6 – EVOLUTION OF THE ADDRESS TABLES (9/12) [ 25 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 6 – EVOLUTION OF THE ADDRESS TABLES (10/12) [ 26 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 13 STEP 6 – EVOLUTION OF THE ADDRESS TABLES (11/12) [ 27 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 6 – EVOLUTION OF THE ADDRESS TABLES (12/12) • switch2 knows the positions of pc2 and pc3 since it has seen their traffic • switch1 does not know the position of pc3 since pc3’s traffic has been filtered out by switch2 • The two switches are not aware of pc1 [ 28 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 14 STEP 7 – FILTERING IN ACTION (1/6) • Clear the address tables by setting the lifetime (ageing) of the entries to 10 seconds: • After 10 seconds of “silence” only the local interfaces remain in the source address tables [ 29 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 7 – FILTERING IN ACTION (2/6) • Repeat the ping experiment with a 3 seconds interval and place a sniffer on pc1: [ 30 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 15 STEP 7 – FILTERING IN ACTION (3/6) [ 31 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 7 – FILTERING IN ACTION (4/6) • Since the switches filter traffic, only broadcast packets can reach pc1: [ 32 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 16 STEP 7 – FILTERING IN ACTION (5/6) • Keep the ping active and reduce the lifetime of the entries of the source address table: • In this way, the entries expire after each echo request has been sent (echo requests are sent every 3 seconds) • • every time pc2 generates an echo request: • switch2 does not know about pc3, hence performs flooding • switch1 does not know about pc3, hence performs flooding • as a consequence, pc1 sees the echo request sent by pc2 every time pc3 generates an echo reply: • switch2 knows about pc2 (thanks to the echo request) and filters traffic • as a consequence, neither switch1 nor pc1 see the echo reply • note that echo replies are sent within the 1 second lifetime [ 33 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV STEP 7 – FILTERING IN ACTION (6/6) • pc1 only sees the echo requests: • •The arp reply sent by pc3 to pc2 is filtered because switch2 knows about pc2 (thanks to the arp request) • The first echo request is also filtered because immediately after the arp exchange switch2 still knows about pc3 [ 34 | 34 ] NETWORK INFRASTRUCTURES – Practical exercises on Netkit – Lesson IV 17
© Copyright 2024