Speaking UNIX: Inside TCP/IP

The Internet has played a huge role in the advancement of technology, business, and everyday life for huge numbers of the world's people. Configuring a computer to communicate over a network and connecting to the Internet has become an essential task for administrators. This article shows how to configure a server running IBM® AIX® to connect to and use the Internet.       As defined in Wikipedia, the Internet is a worldwide, publicly accessible series of interconnected computer networks that transmit data by packet switching using the standard Internet Protocol (IP). The Internet is, in a sense, the largest network in the world and spans the globe many times over. The Internet and the Web are not the same thing, although people interchange the terms frequently. The World Wide Web (WWW), or the Web, is a collection of hypertext documents containing images, audio and video clips, and other files interlinked and accessed over the Internet. A simplistic example of the two is when you connect to your Internet Service Provider (ISP) using a cable modem. Connecting to your ISP using a cable does exactly that: It connects you to your ISP's network and to the Internet, but you are still not using the Web—not until you open a Web browser, such as Mozilla Firefox or Apple Safari, and connect to a Web site. Configuring TCP/IP and the network adapter For a server running the AIX operating system to communicate over a network and connect to the Internet, you must configure the network adapter or, depending on the system, edit multiple files to set up TCP/IP. However, IBM has made this task easy with one simple switch inside the System Management Interface Tool (SMIT). Before beginning to configure the network adapter, first document the following information: IP address to assign to the network adapter Host name of the target server Name of the domain of which the target server is a member Subnet mask Name servers Gateway address To configure a network adapter on a server running AIX, perform the following steps: Log in to the system as root or su – to root. Start the SMIT program, and then choose Communications Applications and Services > TCP/IP > Minimum Configuration & Startup. Tip: SMIT has many shortcuts, or fast paths, to allow you to quickly get to the menu or task needed. In this case, simply typing smitty mktcpip bypasses having to navigate through the three previous menus. Select the network adapter you want to configure from the list shown in Figure 1, and then click Enter. For this example, en2 is used. Figure 1. Available network adapters   After you select the desired network adapter, a new window is built that displays all the settings you need to configure the network adapter. Taking the information you documented earlier, type the host name, IP address, subnet mask, domain name, name server IP address, and default gateway address. If you want the network adapter to start as soon as you've made your changes, change START Now to Yes, as shown in Figure 2. Figure 2. Minimum configuration settings for the network adapter   Verify the information you typed, and then click Enter. AIX makes the changes requested and starts the TCP/IP daemons (if they haven't already been started). In Figure 3, note that the TCP/IP daemons were already running, as en0 and en1 are configured on this AIX system. Figure 3. Network adapter changes in progress   Exit SMIT by clicking either F10 or Esc + 0 (zero).   DNS A Domain Name System (DNS) server interprets IP addresses into domain names and locations of other computers or Web sites. Without DNS, you would need to enter the IP address into a Web browser. For example, if you didn't have access to DNS and wanted to view IBM's Web site, you would have to type 129.42.18.103 instead of www.ibm.com. DNS eases the use of Web browsing over the Internet as well as connecting to other servers over a network. It's much easier to remember www.ibm.com than 129.42.18.103! Another advantage to using DNS is that from time to time, IP addresses change on servers. For instance, a server may need to move from one location to another, or a server may be replaced with new equipment. Performing such moves sometimes requires changing the IP address on the server after it reaches its new home because of a different network scheme at the new location. When this happens, it's much easier on users to remember the name of the server instead of having to remember what the old and new IP address are. If the server move was successful, users will never know the difference. As mentioned earlier, when setting up the network adapter, you typed the IP address location to a name server. This server is your primary DNS server location. It is wise to have several DNS servers to rely on in case one should fail during an address lookup. If multiple DNS servers are used, when the server is looking up an IP or host name to cross-reference, if the first DNS server doesn't have the information or is unavailable, the lookup request will move to the second DNS server, and so on. To add other DNS servers, you must modify the /etc/resolv.conf file. Listing 1 provides an example of such a file. Listing 1. An /etc/resolv.conf file   domain ATC-DOMAIN.com nameserver 10.20.30.23 nameserver 10.20.30.24 nameserver 10.20.30.25 search atc-domain2.com, atc-domain3.com, atc-domain4.com options debug   The sections that follow provide descriptions of each parameter used in Listing 1. domain The domain parameter instructs the resolving function to append <domain name> to the end of the string to lookup if the string does not end with a . (period). For example, if the string entered for lookup is ibm, the actual string that will be used is ibm.ATC-DOMAIN.com. If no domain is included in the domain parameter (that is, using ATC-AIX1 rather than ATC-AIX.ATC-DOMAIN.com), the current server's root domain is assumed. Note: Only one domain entry can be used in the /etc/resolv.conf file. nameserver The nameserver parameter tells the server which DNS server to resolve IP addresses and host names against. The resolver queries each name server in the order provided in /etc/resolv.conf until the IP address has been properly resolved. Note: Only three name server entries can be used in the /etc/resolv.conf file. search The search parameter provides a list of domains to the resolver to use when resolving an IP address or host name. Only the one domain or search entry can be used. If domain is used, search will be the value of domain. Note: Although you can add several domain names to the search option, there is a limit of 1,024 characters. Options The options parameter provides an extra means of debugging and adjusts the lookup function to your liking: debug: This option turns on debugging for the resolving function ndots:<N>: If a domain with <N> or more periods is found, DNS attempts to resolve the string first without appending the search domain list. For more information on DNS, see Resources.   Testing the Internet connection Now that you've configured the network adapter and modified /etc/resolv.conf to your liking, you can test your Internet connection. There are many ways to test your connection, so I cover only a couple of the basic, but useful, troubleshooting tools. The ping command One of the easiest ways to verify that you've configured your network adapter correctly and can communicate with the Internet is to ping an IP address. The ping command is a tool for testing whether the target is reachable by your server and its network. Basically, ping sends Internet Control Message Protocol (ICMP) packets from your server to the destination server, and then receives a response from the destination server. If the response is received, you have connectivity to the destination server. Using ping is a simple and quick way to determine if there is a problem, how fast data is being sent between servers, and if you have connectivity at all. The following example confirms that I have connectivity to Google.com's IP address, 64.233.167.99: ping 64.233.167.99 PING 64.233.167.99: (64.233.167.99): 56 data bytes 64 bytes from 64.233.167.99: icmp_seq=0 ttl=240 time=40 ms 64 bytes from 64.233.167.99: icmp_seq=1 ttl=240 time=41 ms 64 bytes from 64.233.167.99: icmp_seq=2 ttl=240 time=48 ms 64 bytes from 64.233.167.99: icmp_seq=3 ttl=240 time=40 ms ^C ----64.233.167.99 PING Statistics---- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 40/42/48 ms   Sometimes, however, ping can't be the only tool used to confirm connectivity to a server, because a server may have ICMP requests blocked by firewalls. The following example shows ICMP being blocked and simulating no connectivity to IBM.com's IP address, 129.42.18.103: ping 129.42.18.103 PING 129.42.18.103: (129.42.18.103): 56 data bytes ^C ----129.42.18.103 PING Statistics---- 6 packets transmitted, 0 packets received, 100% packet loss   So far, I've only attempted to ping IP addresses. After you've confirmed this first troubleshooting step, it's also a good test to attempt to ping the actual host name that is resolved in DNS: ping google.com PING google.com: (64.233.167.99): 56 data bytes 64 bytes from 64.233.167.99: icmp_seq=0 ttl=240 time=40 ms 64 bytes from 64.233.167.99: icmp_seq=1 ttl=240 time=43 ms ^C ----google.com PING Statistics---- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 40/41/43 ms   The traceroute command Although ping may have failed on one attempt, this doesn't necessarily mean that you don't have connectivity to the Internet. The following example shows that ping failed when trying to communicate with ATC-AIX2: ping ATC-AIX2 PING ATC-AIX2: (10.20.90.41): 56 data bytes ^C ----10.20.90.41 PING Statistics---- 6 packets transmitted, 0 packets received, 100% packet loss   Here's the same test using the traceroute command: traceroute ATC-AIX2 traceroute to ATC-AIX2.ATC-DOMAIN.com (10.20.90.41) from ATC-AIX1.ATC-DOMAIN.com (10.20.30.40), 30 hops max outgoing MTU = 1500 1 10.20.30.254 (10.20.30.254) 8 ms 3 ms 3 ms 2 10.20.30.252 (10.20.30.252) 4 ms 4 ms 3 ms 3 19.16.15.240 (19.16.15.240) 5 ms 5 ms 5 ms 4 17.30.11.23 (17.30.11.23) 4 ms 5 ms 4 ms 5 10.20.90.252 (10.20.90.252) 4 ms 5 ms 4 ms 6 10.20.90.252 (10.20.90.254) 8 ms 5 ms 4 ms 7 10.20.90.41 (10.20.90.41) 8 ms 6 ms 5 ms   The traceroute command can be a helpful troubleshooting tool. If your traceroute results in failure, the output can lead you in the right direction—namely, which server or network equipment may be blocking your access. The nslookup and dig commands With the ping and traceroute commands, notice that host names were primarily used. Using host names is helpful for users, because they don't need to memorize difficult IP addresses. One method to determine whether DNS is in fact working is to use the name server lookup, or nslookup, command. Using nslookup can provide host name information as well as IP addresses associated with the host name. This command is useful if users report an issue when they try to connect to a server but don't get a response. In such a situation, it could be that their DNS information isn't updated and old addresses are being used, which you can use nslookup to verify quickly. The following code displays the IP addresses associated with IBM.com: nslookup ibm.com Server: ATC-AIX1.ATC-DOMAIN.com Address: 10.20.30.40 Non-authoritative answer: Name: ibm.com Addresses: 129.42.17.103, 129.42.18.103, 129.42.16.103   A newer program similar to nslookup is dig. The dig command provides the same information as nslookup but with a fuller view of how DNS is set up for the target: dig ibm.com ; <<>> DiG 9.2.0 <<>> ibm.com ;; global options: printcmd ;; Got answer: ;; -<<HEADER<<- opcode: QUERY, status: NOERROR, id: 16463 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 13 ;; QUESTION SECTION: ;ibm.com. IN A ;; ANSWER SECTION: ibm.com. 14740 IN A 129.42.16.103 ibm.com. 14740 IN A 129.42.17.103 ibm.com. 14740 IN A 129.42.18.103 ;; AUTHORITY SECTION: . 24402 IN NS I.ROOT-SERVERS.NET. . 24402 IN NS G.ROOT-SERVERS.NET. . 24402 IN NS C.ROOT-SERVERS.NET. . 24402 IN NS F.ROOT-SERVERS.NET. . 24402 IN NS M.ROOT-SERVERS.NET. . 24402 IN NS E.ROOT-SERVERS.NET. . 24402 IN NS L.ROOT-SERVERS.NET. . 24402 IN NS D.ROOT-SERVERS.NET. . 24402 IN NS J.ROOT-SERVERS.NET. . 24402 IN NS H.ROOT-SERVERS.NET. . 24402 IN NS A.ROOT-SERVERS.NET. . 24402 IN NS B.ROOT-SERVERS.NET. . 24402 IN NS K.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: I.ROOT-SERVERS.NET. 31808 IN A 192.36.148.17 G.ROOT-SERVERS.NET. 2961 IN A 192.112.36.4 C.ROOT-SERVERS.NET. 36288 IN A 192.33.4.12 F.ROOT-SERVERS.NET. 40867 IN A 192.5.5.241 M.ROOT-SERVERS.NET. 15357 IN A 202.12.27.33 E.ROOT-SERVERS.NET. 26901 IN A 192.203.230.10 L.ROOT-SERVERS.NET. 21568 IN A 199.7.83.42 D.ROOT-SERVERS.NET. 9464 IN A 128.8.10.90 J.ROOT-SERVERS.NET. 35190 IN A 192.58.128.30 H.ROOT-SERVERS.NET. 7936 IN A 128.63.2.53 A.ROOT-SERVERS.NET. 35190 IN A 198.41.0.4 B.ROOT-SERVERS.NET. 29770 IN A 192.228.79.201 K.ROOT-SERVERS.NET. 16473 IN A 193.0.14.129 ;; Query time: 3 msec ;; SERVER: 10.20.30.40#53(10.20.30.40) ;; WHEN: Wed Mar 12 17:02:32 2008 ;; MSG SIZE rcvd: 492   Connect to the Web After successfully testing the Internet connection and verifying that DNS is set up correctly by using the ping, traceroute, and nslookup commands, you're ready to get on the Web. Simply open your preferred Web browser, type the Uniform Resource Locator (URL) you want to view (see Figure 4), and viola! Congratulations: You're on the Internet and viewing the Web! Figure 4. Connecting to the Web   Conclusion Connecting to the Internet and viewing Web sites is easy in AIX. IBM has made configuration of AIX and network adapters easy. Simply configure your network adapter, direct DNS to a valid DNS server, and you'll be surfing the Web in no time! Enjoy!