Experiment 3: IP Sub-networks and Router Configuration

Objectives

  1. Setup simple routing for a sub-network. Determine network parameters for hosts in sub-network.
  2. Configure a host and a router to reach a web server within the sub-network.
  3. Observe the traffic generated by the tracert program to determine the route to a host.

References

Background

Before performing this experiment, review the following topics from class notes: Internet layers, IP addressing, IP routing, rudimentary Ethernet network concepts, ICMP protocols.

The network topology is shown below. Virtual LAN network ID and host IP in virtual LAN in the figure are just illustrative values: actual values for the experiment to be assigned by lab instructor. Note that the router has two IP addresses, one for each LAN.

Network topology diagram

Laboratory LAN network ID: 192.168.108.0/24

Procedure

  1. Ask the lab instructor to be assigned a group number (n), a virtual LAN network ID and the host IP in virtual LAN.

  2. Launch the remote desktop client. Log-in to the virtual network server (at5030-eng2453server.lakeheadu.ca). The account name is : group<n>, where <n> is the number assigned by the lab instructor. Only one student in the group should log-in.

  3. At the server prompt run startrouter to bring the router virtual machine up:

    group2@at5030-eng2543server:~$ startrouter
    mkdir: cannot create directory `workspace': File exists
    0+0 records in
    0+0 records out
    0 bytes (0 B) copied, 1.1313e-05 s, 0.0 kB/s
    Setting up swapspace version 1, size = 524284 KiB
    no label, UUID=9761b76d-aad6-4885-99f1-7918b29427c9
    Core dump limits :
     soft - 0
     hard - NONE
    Checking that ptrace can change system call numbers...OK
    Checking syscall emulation patch for ptrace...OK
    Checking advanced syscall emulation patch for ptrace...OK
    <more output suppressed>
    

    After the router is up, you should see the router login screen:

    Debian GNU/Linux 9 router tty0
    
    router login:
    

    Log-in as ‘root’, password is ‘default’. You have full administrator privileges on the virtual router. The router has three network interfaces:

    • ‘lo’ is the loopback network interface, configured to 127.0.0.1/8. This is a special address that always points to the localhost (the router in this case).
    • ‘eth0’ connected to the laboratory LAN
    • ‘eth1’ connected to the private LAN.
  4. The ip command is used to configure the network interfaces. We’ll use the -f inet option to list addresses configured for the IPv4 protocol (can be abbreviated -4). Run ip -f inet addr show (or abbreviated ip -4 a show) to see configured interfaces:

    root@router:~# ip -4 a show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
    

    Only the loopback interface is currently configured. There is no active connection to other computers in the network.

  5. Configure the interface connected to the lab LAN: the university administers the IP addresses in the lab LAN using the Dynamic Host Configuration Protocol (DHCP) protocol. We’ll request an IP address, network mask and other network parameters to the DHCP server. To that end we’ll use a DHCP client program (dhclient). Invoke the program as follows:

    root@router:~# dhclient -v
    Internet Systems Consortium DHCP Client 4.3.5
    Copyright 2004-2016 Internet Systems Consortium.
    All rights reserved.
    For info, please visit https://www.isc.org/software/dhcp/
    
    Listening on LPF/eth1/02:6c:50:ea:ee:45
    Sending on   LPF/eth1/02:6c:50:ea:ee:45
    Listening on LPF/eth0/c2:51:e2:46:c8:8f
    Sending on   LPF/eth0/c2:51:e2:46:c8:8f
    Sending on   Socket/fallback
    DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 5
    DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 7
    DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 12
    DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
    DHCPREQUEST of 192.168.108.168 on eth0 to 255.255.255.255 port 67
    DHCPOFFER of 192.168.108.168 from 192.168.108.3
    DHCPACK of 192.168.108.168 from 192.168.108.3
    bound to 192.168.108.168 -- renewal in 1532 seconds.
    

    Also run ip -4 a show to see all details of the interface configuration:

    root@router:~# ip -4 a show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
        inet 192.168.108.168/24 brd 192.168.108.255 scope global eth0
           valid_lft forever preferred_lft forever
    

    Now you have connection to the outside world. Verify pinging some address (‘-c 3’ is to send 3 packets only):

    root@router:~# ping -c 3 google.com
    PING google.com (172.217.2.110) 56(84) bytes of data.
    64 bytes from yyz10s05-in-f14.1e100.net (172.217.2.110): icmp_seq=1 ttl=55 time=17.1 ms
    64 bytes from yyz10s05-in-f14.1e100.net (172.217.2.110): icmp_seq=2 ttl=55 time=23.9 ms
    64 bytes from yyz10s05-in-f14.1e100.net (172.217.2.110): icmp_seq=3 ttl=55 time=19.9 ms
    ...
    

    Note: this configuration will last until the next reboot. For a permanent configuration, an entry with auto eth0 must be added in /etc/network/interfaces. We will not pursue this approach for this experiment. Please note that in any case, this particular router disk image will be erased after shutdown, so even permanent configuration changes will be lost.

  6. Configure eth1: we will use a static configuration for eth1 since there is no DHCP server running on our private network. Normally the router for a network is assigned the first host address for the network. For example, if your group was assigned 10.10.200.0/24 for the network ID, you should configure your router at 10.10.200.1. We will assign the IP address and add the route to the table directly from the command line using ip command. This is a good approach to change the network configuration on the fly, but keep in mind that the configuration is lost after a reboot. The first command configures the interface (eth1) using the default broadcast address but keeps it disabled, the second command enables the interface:

    ip addr add <address/bits> broadcast + dev <interface>
    ip link set <interface> up
    

    Note: this configuration will last until the next reboot. For a permanent configuration, an entry with auto eth1 (plus corresponding network parameters) must be added in /etc/network/interfaces. We will not pursue this approach for this experiment.

    Check the interfaces are configured by typing ifconfig again (the following is a generic example only, include actual output in your report):

    root@router:~# ip -4 a show
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    5: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
        inet 192.168.108.168/24 brd 192.168.108.255 scope global eth0
           valid_lft forever preferred_lft forever
    6: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
        inet 10.10.10.1/24 brd 10.10.10.255 scope global eth1
    valid_lft forever preferred_lft forever
    

    You should be able to ping the web server in the private network (the host address was given by the lab instructor):

    root@router:~# ping -c 3 10.10.10.5
    PING 10.10.10.5 (10.10.10.5) 56(84) bytes of data.
    64 bytes from 10.10.10.5: icmp_seq=1 ttl=64 time=0.107 ms
    64 bytes from 10.10.10.5: icmp_seq=2 ttl=64 time=0.279 ms
    64 bytes from 10.10.10.5: icmp_seq=3 ttl=64 time=0.432 ms
    
    --- 10.10.10.5 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2094ms
    rtt min/avg/max/mdev = 0.107/0.272/0.432/0.134 ms
    

    You can also connect to the webserver using a text-mode web browser (w3m):

    root@router:~# w3m 3 10.10.10.5
    

    Verify that the information given by the webserver is correct and quit the browser by pressing q.

    Type ‘route’ to print the routing table (include in report):

    root@router:~# ip -4 route show
    default via 192.168.108.1 dev eth0
    10.10.10.0/24 dev eth1 proto kernel scope link src 10.10.10.1
    192.168.108.0/24 dev eth0 proto kernel scope link src 192.168.108.168
    

    It now appears that the router is ready.

  7. Configure your windows workstation to route packets to your private network (open a cmd.exe window). Basically packets for 10.10.200.0/24 should be forwarded to your router (the host with IP address 192.168.108.153 in this example) for further routing. For this, add an entry in your routing table as follows (include in report):

    C:\>route add 10.10.10.0 mask 255.255.255.0 192.168.108.168
     OK!
    

    The first part specifies the network ID and the last address is the router address, referred as the gateway address. Use route print to see the routing table:

    C:\>route print
    ===========================================================================
    Interface List
     11...00 1d 60 1c cc 7c ......NVIDIA nForce Networking Controller
      1...........................Software Loopback Interface 1
     13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
     14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
    ===========================================================================
    
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0    192.168.108.1   192.168.108.108     20
           10.10.10.0    255.255.255.0  192.168.108.168   192.168.108.108     21
            127.0.0.0        255.0.0.0          On-link         127.0.0.1    306
    ...
    

    Try pinging the webserver in the private network. It will not work.

  8. The problem is that the router is refusing to forward packets across interfaces. That is the most common configuration setup for regular linux workstations:

    root@router:/proc/sys/net# sysctl net.ipv4.ip_forward
    net.ipv4.ip_forward = 0
    

    This kernel variable must be set to 1 to enable passing packets from one network interface to another. To enable IP packet forwarding set ip_forward to 1 as follows:

    root@router:/proc/sys/net# sysctl -w net.ipv4.ip_forward=1
    net.ipv4.ip_forward = 1
    

    NOTE: this configuration will only last until the next reboot. For a permanent change of this variable, the /etc/sysctl.conf configuration file must be edited. Also, this routing configuration is usually not secure because it forwards any packet. A more secure setup should also use IP packet filter rules to forward only valid packets and drop or reject the invalid ones. (see man iptables for more information).

  9. Now try again pinging the host in the private network from your windows workstation (it should work, include output in your report). Open wireshark on windows, start capturing the network traffic and run the traceroute command as follows (on windows it is tracert):

    C:\>tracert 10.10.10.5
    
    Tracing route to 10.10.10.5 over a maximum of 30 hops
    
      1    <1 ms    <1 ms    <1 ms  dhcp-192-168-108-168.lakeheadu.ca [192.168.108.168]
      2    <1 ms    <1 ms    <1 ms  10.10.10.5
    
    Trace complete.
    

    Stop capturing the interface and locate the packets generated by this program. Include wireshark capture in report.

  10. To verify that you are connecting to the right network, try connecting to the web server in the private network: use the address given by the lab instructor (in this example, http://10.10.10.5/). The web server should display that IP address if the configuration is right.

  11. After the experiment is finished, stop the router:

    root@router:~# shutdown -h now
    

    When the router is down you will see the server prompt. Close all programs and logout from the remote session before leaving.

Report preparation and questions

  1. Prepare a formal report summarizing this experiment in pdf format and submit it to the lab instructor. Report writing rules:

    • One report per group
    • All students are responsible for the contents of the report, but one student in the group must coordinate, write and submit the report for the experiment. Each student in a group must prepare at least one of the five reports in the term.
    • Clearly state in the report cover the name of all students in the group and indicate who prepared the report
  • Include in your report a diagram of the network topology used in the experiment. Show network ID for each segment, IP address for each interface and routing table in each host.
  • Summarize results from experiment. Include outputs indicated in steps 6, 7 and 9. Also include the page served by the web server of your group’s network.
  • Use the packets captured with wireshark to explain how the tracert program determines the route to a host.
  • Write comments conclusions about this experiment.