Monday, March 31, 2014

Unix: More networking basics for the beginner

http://www.itworld.com/operating-systems/411332/unix-more-networking-basics-beginner

The ifconfig command doesn't suck; it's just not as cool or sophisticated as ip.

By   1
While the ifconfig command is still available and useful on most if not all Unix/Linux systems today, it is now deprecated on many Linux distributions. That word, which doesn't appear to be popularly used in any context other than in reference to Unix commands, simply means that the command has lost favor and will eventually be phased out -- though not necessarily any time soon. The command that has taken ifconfig's place is ip. While the ip command has numerous options and is considered more powerful than ifconfig, the ip commands you are likely to use are not difficult to learn or remember. There's just a lot more of them.
To see the same type of information that ifconfig will show you, the command to use is ip addr. In this example, the system is using a bonded interface, basically allowing it to aggregate multiple NICs to achieve a higher data rate. The interface to pay attention to is, therefore, the bond0 interface.
$ ip addr
1: lo:  mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast master bond0 qlen 1000
    link/ether 63:2b:da:5f:a9:37 brd ff:ff:ff:ff:ff:ff
3: eth1:  mtu 1500 qdisc pfifo_fast master bond0 qlen 1000
    link/ether 63:2b:da:5f:a9:37 brd ff:ff:ff:ff:ff:ff
4: sit0:  mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
5: bond0:  mtu 1500 qdisc noqueue
    link/ether 63:2b:da:5f:a9:37 brd ff:ff:ff:ff:ff:ff
    inet 10.1.2.155/16 brd 10.1.255.255 scope global bond0
    inet6 fe80::7a2b:daff:fe5f:a937/64 scope link
       valid_lft forever preferred_lft forever
The ifconfig output on this same system would look like this:
$ ifconfig
bond0     Link encap:Ethernet  HWaddr 63:2B:da:5F:A9:37
          inet addr:10.1.2.155  Bcast:10.1.255.255  Mask:255.255.0.0
          inet6 addr: fe80::7a2b:daff:fe5f:a937/64 Scope:Link
          UP BROADCAST RUNNING MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:632524272 errors:0 dropped:133387 overruns:0 frame:0
          TX packets:763888940 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:375990796437 (350.1 GiB)  TX bytes:889653824737 (828.5 GiB)

eth0      Link encap:Ethernet  HWaddr 63:2B:da:5F:A9:37
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:640963722 errors:0 dropped:133387 overruns:0 frame:0
          TX packets:763888940 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:360837640935 (336.0 GiB)  TX bytes:889653824737 (828.5 GiB)
          Interrupt:106 Memory:d2000000-d2012100

eth1      Link encap:Ethernet  HWaddr 63:2B:da:5F:A9:37
          UP BROADCAST RUNNING SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:141560550 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:15141155502 (14.1 GiB)  TX bytes:0 (0.0 b)
          Interrupt:114 Memory:d4000000-d4012100

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:866191523 errors:0 dropped:0 overruns:0 frame:0
          TX packets:866191523 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:267275935761 (248.9 GiB)  TX bytes:267275935761 (248.9 GiB)
Once you get comfortable with the ip addr command, you might prefer to abbreviate it to ip a. And, if you just want to see only the IPv4 or the IPv6 information, you can add an option and use the command ip -4 a or ip -6 a, limiting command's the output to one or the other. You can also limit the command's response to a particular interface by using a command such as ip a show bond0.
$ ip a show bond0
9: bond0:  mtu 1500 qdisc noqueue
    link/ether 63:2b:da:5f:a9:37 brd ff:ff:ff:ff:ff:ff
    inet 10.1.2.155/16 brd 10.1.255.255 scope global bond0
    inet6 fe80::7a2b:daff:fe5f:a937/64 scope link
       valid_lft forever preferred_lft forever
As you can see, much of the information provided by the ip command is the same as what you'd see with ifconfig -- the IP and MAC addresses, and the "UP" indicator showing that the interfaces are working. The ip link or ip l command shows a briefer display, but does not include the
IP addresses.
$ ip link
1: lo:  mtu 16436 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0:  mtu 1500 qdisc pfifo_fast master bond0 qlen 1000
    link/ether 63:2b:da:5f:a9:37 brd ff:ff:ff:ff:ff:ff
3: eth1:  mtu 1500 qdisc pfifo_fast master bond0 qlen 1000
    link/ether 63:2b:da:5f:a9:37 brd ff:ff:ff:ff:ff:ff
4: sit0:  mtu 1480 qdisc noop
    link/sit 0.0.0.0 brd 0.0.0.0
5: bond0:  mtu 1500 qdisc noqueue
    link/ether 63:2b:da:5f:a9:37 brd ff:ff:ff:ff:ff:ff
You can use the ip route command to display your routing tables, much like you would see using netstat -r.
$ ip route
10.1.0.0/16 dev bond0  proto kernel  scope link  src 10.1.2.155
169.254.0.0/16 dev bond0  scope link
default via 10.1.1.1 dev bond0
$
$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.1.0.0        *               255.255.0.0     U         0 0          0 bond0
169.254.0.0     *               255.255.0.0     U         0 0          0 bond0
default         10.1.1.1        0.0.0.0         UG        0 0          0 bond0
And, as you might have suspected, you can use an abbreivation for the ip route command as well:
$ ip r
10.1.0.0/16 dev bond0  proto kernel  scope link  src 10.1.2.155
169.254.0.0/16 dev bond0  scope link
default via 10.1.1.1 dev bond0
The ip n show command ("n" for "neighbor") displays the kind of network information you would expect to see with a command such as arp -a. In other words, it shows information about other systems that have recently connected to your system. You can also use ip n ls.
$ ip n show
10.1.1.22 dev bond0 lladdr 00:50:56:b1:48:51 STALE
10.1.1.1 dev bond0 lladdr 00:00:0c:07:ac:01 STALE
10.1.4.21 dev bond0 lladdr 00:21:70:bd:30:2e REACHABLE
10.1.1.7 dev bond0 lladdr 08:00:37:bc:a1:6a STALE
10.1.1.8 dev bond0 lladdr 00:50:56:b1:5a:d8 STALE
10.1.4.123 dev bond0 lladdr 00:26:b9:e9:f6:0d STALE
10.1.1.250 dev bond0 lladdr 00:50:56:b1:50:9d DELAY
10.1.1.180 dev bond0 lladdr 00:0b:cd:fe:fd:8d REACHABLE
10.1.2.115 dev bond0 lladdr 08:00:37:da:17:5c REACHABLE
$
$ arp -a
mon-1.mynet.com (10.1.1.11) at 00:50:56:B1:48:51 [ether] on bond0
? (10.1.1.1) at 00:00:0C:07:AC:01 [ether] on bond0
? (10.1.4.23) at 00:21:70:BD:30:2E [ether] on bond0
? (10.1.1.70) at 08:00:37:BC:A1:6A [ether] on bond0
mon-1.mynet.com (10.1.1.5) at 00:50:56:B1:5A:D8 [ether] on bond0
? (10.1.4.113) at 00:26:B9:E9:F6:0D [ether] on bond0
all-log-1 (10.1.1.212) at 00:50:56:C2:50:9A [ether] on bond0
mon-1.mynet.com (10.1.1.123) at 00:0B:CD:FE:FD:8D [ether] on bond0
? (10.1.2.115) at 08:00:37:da:17:5C [ether] on bond0
The state of each neighbor is shown at the end of each line in the ip n show output. The possible states include:
delay -- waiting confirmation
failed -- resolution has failed
incomplete -- in the process of resolution
noarp -- valid, removable when lifetime expires
none -- void
permanent -- can only be removed administratively
probe -- delay timer expired, but no confirmation
reachable -- valid until reachability timeout expires
stale -- valid but maybe already unreachable
Other useful networking commands include a couple netstat favorites. The netstat -i command will show you network statistics by interface:
$ netstat -i
Kernel Interface table
Iface       MTU Met    RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
bond0      1500   0 632684318      0 133387      0 763890286      0      0      0 BMmRU
eth0       1500   0 641044153      0 133387      0 763890286      0      0      0 BMsRU
eth1       1500   0 141640165      0      0      0         0      0      0      0 BMsRU
lo        16436   0 866250551      0      0      0 866250551      0      0      0 LRU
For per protocol statistics, use the netstat -s command ("s" for "statistics"). This command provides very detailed network information -- likely more than you will need to look at very often, but extremely useful for heavy duty troubleshooting.
$ netstat -s
Ip:
    1744690691 total packets received
    2559835 with invalid addresses
    0 forwarded
    0 incoming packets discarded
    1700771884 incoming packets delivered
    1175883101 requests sent out
    7068 reassemblies required
    3524 packets reassembled ok
Icmp:
    279076 ICMP messages received
    1099 input ICMP message failed.
    ICMP input histogram:
        destination unreachable: 4233
        timeout in transit: 108
        echo requests: 272761
        echo replies: 1974
    281380 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
        destination unreachable: 5198
        echo request: 3421
        echo replies: 272761
IcmpMsg:
        InType0: 1974
        InType3: 4233
        InType8: 272761
        InType11: 108
        OutType0: 272761
        OutType3: 5198
        OutType8: 3421
Tcp:
    9713305 active connections openings
    6346380 passive connection openings
    2975552 failed connection attempts
    3438243 connection resets received
    45 connections established
    1630650812 segments received
    1172423736 segments send out
    2826779 segments retransmited
    0 bad segments received.
    3928370 resets sent
Udp:
    69839443 packets received
    919 packets to unknown port received.
    0 packet receive errors
    350238 packets sent
TcpExt:
    120 invalid SYN cookies received
    323 resets received for embryonic SYN_RECV sockets
    32 packets pruned from receive queue because of socket buffer overrun
    33 ICMP packets dropped because they were out-of-window
    4343758 TCP sockets finished time wait in fast timer
    4834 time wait sockets recycled by time stamp
    12 packets rejects in established connections because of timestamp
    16658045 delayed acks sent
    1292 delayed acks further delayed because of locked socket
    Quick ack mode was activated 59694 times
    2059 times the listen queue of a socket overflowed
    2059 SYNs to LISTEN sockets ignored
    705660774 packets directly queued to recvmsg prequeue.
    100560858 packets directly received from backlog
    2061379123 packets directly received from prequeue
    254869153 packets header predicted
    635912715 packets header predicted and directly queued to user
    77257282 acknowledgments not containing data received
    1108616005 predicted acknowledgments
    285936 times recovered from packet loss due to SACK data
    Detected reordering 159 times using FACK
    Detected reordering 46695 times using SACK
    Detected reordering 19 times using time stamp
    19 congestion windows fully recovered
    1473 congestion windows partially recovered using Hoe heuristic
    TCPDSACKUndo: 169
    8426 congestion windows recovered after partial ack
    18907635 TCP data loss events
    TCPLostRetransmit: 1907
    608 timeouts after SACK recovery
    50 timeouts in loss state
    2370237 fast retransmits
    279757 forward retransmits
    26643 retransmits in slow start
    14340 other TCP timeouts
    1858 sack retransmits failed
    3 times receiver scheduled too late for direct processing
    7154 packets collapsed in receive queue due to low socket buffer
    59861 DSACKs sent for old packets
    29977 DSACKs received
    48462 DSACKs for out of order packets received
    463844 connections reset due to unexpected data
    1039018 connections reset due to early user close
    3187 connections aborted due to timeout
IpExt:
    InMcastPkts: 1466685
    OutMcastPkts: 18093
    InBcastPkts: 72565731
    OutBcastPkts: 41363
Wrap up: You'll probably be comfortable with using ip commands long before ifconfig disappears from your servers, but why wait? Even people like me who have been typing ifconfig for decades can learn some new tricks

No comments:

Post a Comment