Speaking UNIX: Inside TCP/IP

Learn how UNIX machines connect and communicate over the Internet

The Internet has played a huge role in the advancement of technology, business, and everyday life for huge numbers of the world's people. Configuring a computer to communicate over a network and connecting to the Internet has become an essential task for administrators. This article shows how to configure a server running IBM® AIX® to connect to and use the Internet.

Adam Cormany (acormany@yahoo.com), National Data Center Manager, Scientific Games Corporation

Adam Cormany is currently the manager of the National Data Center, but he has also been a UNIX systems engineer, a UNIX administrator, and operations manager for Scientific Games Corporation. Adam has worked extensively with AIX as well as in Solaris and Red Hat Linux administration for more than 10 years. He is an IBM eServer®-Certified Specialist in pSeries® AIX System Administration. In addition to administration, Adam has extensive knowledge of shell scripting in Bash, CSH, and KSH as well as programming in C, PHP, and Perl. You can reach Adam at acormany@yahoo.com.



22 April 2008

Also available in Chinese

As defined in Wikipedia, the Internet is a worldwide, publicly accessible series of interconnected computer networks that transmit data by packet switching using the standard Internet Protocol (IP). The Internet is, in a sense, the largest network in the world and spans the globe many times over.

The Internet and the Web are not the same thing, although people interchange the terms frequently. The World Wide Web (WWW), or the Web, is a collection of hypertext documents containing images, audio and video clips, and other files interlinked and accessed over the Internet.

A simplistic example of the two is when you connect to your Internet Service Provider (ISP) using a cable modem. Connecting to your ISP using a cable does exactly that: It connects you to your ISP's network and to the Internet, but you are still not using the Web—not until you open a Web browser, such as Mozilla Firefox or Apple Safari, and connect to a Web site.

Configuring TCP/IP and the network adapter

For a server running the AIX operating system to communicate over a network and connect to the Internet, you must configure the network adapter or, depending on the system, edit multiple files to set up TCP/IP. However, IBM has made this task easy with one simple switch inside the System Management Interface Tool (SMIT).

Before beginning to configure the network adapter, first document the following information:

  • IP address to assign to the network adapter
  • Host name of the target server
  • Name of the domain of which the target server is a member
  • Subnet mask
  • Name servers
  • Gateway address

To configure a network adapter on a server running AIX, perform the following steps:

  1. Log in to the system as root or su – to root.
  2. Start the SMIT program, and then choose Communications Applications and Services > TCP/IP > Minimum Configuration & Startup.

    Tip: SMIT has many shortcuts, or fast paths, to allow you to quickly get to the menu or task needed. In this case, simply typing smitty mktcpip bypasses having to navigate through the three previous menus.

  3. Select the network adapter you want to configure from the list shown in Figure 1, and then click Enter. For this example, en2 is used.
    Figure 1. Available network adapters
    Available network adapters

    After you select the desired network adapter, a new window is built that displays all the settings you need to configure the network adapter.

  4. Taking the information you documented earlier, type the host name, IP address, subnet mask, domain name, name server IP address, and default gateway address. If you want the network adapter to start as soon as you've made your changes, change START Now to Yes, as shown in Figure 2.
    Figure 2. Minimum configuration settings for the network adapter
    Minimum configuration settings
  5. Verify the information you typed, and then click Enter.

    AIX makes the changes requested and starts the TCP/IP daemons (if they haven't already been started). In Figure 3, note that the TCP/IP daemons were already running, as en0 and en1 are configured on this AIX system.

    Figure 3. Network adapter changes in progress
    Changes in progress
  6. Exit SMIT by clicking either F10 or Esc + 0 (zero).

DNS

A Domain Name System (DNS) server interprets IP addresses into domain names and locations of other computers or Web sites. Without DNS, you would need to enter the IP address into a Web browser. For example, if you didn't have access to DNS and wanted to view IBM's Web site, you would have to type 129.42.18.103 instead of www.ibm.com. DNS eases the use of Web browsing over the Internet as well as connecting to other servers over a network. It's much easier to remember www.ibm.com than 129.42.18.103!

Another advantage to using DNS is that from time to time, IP addresses change on servers. For instance, a server may need to move from one location to another, or a server may be replaced with new equipment. Performing such moves sometimes requires changing the IP address on the server after it reaches its new home because of a different network scheme at the new location. When this happens, it's much easier on users to remember the name of the server instead of having to remember what the old and new IP address are. If the server move was successful, users will never know the difference.

As mentioned earlier, when setting up the network adapter, you typed the IP address location to a name server. This server is your primary DNS server location. It is wise to have several DNS servers to rely on in case one should fail during an address lookup. If multiple DNS servers are used, when the server is looking up an IP or host name to cross-reference, if the first DNS server doesn't have the information or is unavailable, the lookup request will move to the second DNS server, and so on.

To add other DNS servers, you must modify the /etc/resolv.conf file. Listing 1 provides an example of such a file.

Listing 1. An /etc/resolv.conf file
domain		ATC-DOMAIN.com

nameserver      10.20.30.23
nameserver      10.20.30.24
nameserver	10.20.30.25

search  atc-domain2.com, atc-domain3.com, atc-domain4.com

options debug

The sections that follow provide descriptions of each parameter used in Listing 1.

domain

The domain parameter instructs the resolving function to append <domain name> to the end of the string to lookup if the string does not end with a . (period). For example, if the string entered for lookup is ibm, the actual string that will be used is ibm.ATC-DOMAIN.com.

If no domain is included in the domain parameter (that is, using ATC-AIX1 rather than ATC-AIX.ATC-DOMAIN.com), the current server's root domain is assumed.

Note: Only one domain entry can be used in the /etc/resolv.conf file.

nameserver

The nameserver parameter tells the server which DNS server to resolve IP addresses and host names against. The resolver queries each name server in the order provided in /etc/resolv.conf until the IP address has been properly resolved.

Note: Only three name server entries can be used in the /etc/resolv.conf file.

search

The search parameter provides a list of domains to the resolver to use when resolving an IP address or host name. Only the one domain or search entry can be used. If domain is used, search will be the value of domain.

Note: Although you can add several domain names to the search option, there is a limit of 1,024 characters.

Options

The options parameter provides an extra means of debugging and adjusts the lookup function to your liking:

  • debug: This option turns on debugging for the resolving function
  • ndots:<N>: If a domain with <N> or more periods is found, DNS attempts to resolve the string first without appending the search domain list.

    For more information on DNS, see Resources.


Testing the Internet connection

Now that you've configured the network adapter and modified /etc/resolv.conf to your liking, you can test your Internet connection. There are many ways to test your connection, so I cover only a couple of the basic, but useful, troubleshooting tools.

The ping command

One of the easiest ways to verify that you've configured your network adapter correctly and can communicate with the Internet is to ping an IP address. The ping command is a tool for testing whether the target is reachable by your server and its network. Basically, ping sends Internet Control Message Protocol (ICMP) packets from your server to the destination server, and then receives a response from the destination server. If the response is received, you have connectivity to the destination server. Using ping is a simple and quick way to determine if there is a problem, how fast data is being sent between servers, and if you have connectivity at all.

The following example confirms that I have connectivity to Google.com's IP address, 64.233.167.99:

ping 64.233.167.99
PING 64.233.167.99: (64.233.167.99): 56 data bytes
64 bytes from 64.233.167.99: icmp_seq=0 ttl=240 time=40 ms
64 bytes from 64.233.167.99: icmp_seq=1 ttl=240 time=41 ms
64 bytes from 64.233.167.99: icmp_seq=2 ttl=240 time=48 ms
64 bytes from 64.233.167.99: icmp_seq=3 ttl=240 time=40 ms
^C
----64.233.167.99 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 40/42/48 ms

Sometimes, however, ping can't be the only tool used to confirm connectivity to a server, because a server may have ICMP requests blocked by firewalls. The following example shows ICMP being blocked and simulating no connectivity to IBM.com's IP address, 129.42.18.103:

ping 129.42.18.103
PING 129.42.18.103: (129.42.18.103): 56 data bytes
^C
----129.42.18.103 PING Statistics----
6 packets transmitted, 0 packets received, 100% packet loss

So far, I've only attempted to ping IP addresses. After you've confirmed this first troubleshooting step, it's also a good test to attempt to ping the actual host name that is resolved in DNS:

ping google.com
PING google.com: (64.233.167.99): 56 data bytes
64 bytes from 64.233.167.99: icmp_seq=0 ttl=240 time=40 ms
64 bytes from 64.233.167.99: icmp_seq=1 ttl=240 time=43 ms
^C
----google.com PING Statistics----
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 40/41/43 ms

The traceroute command

Although ping may have failed on one attempt, this doesn't necessarily mean that you don't have connectivity to the Internet. The following example shows that ping failed when trying to communicate with ATC-AIX2:

ping ATC-AIX2
PING ATC-AIX2: (10.20.90.41): 56 data bytes
^C
----10.20.90.41 PING Statistics----
6 packets transmitted, 0 packets received, 100% packet loss

Here's the same test using the traceroute command:

traceroute ATC-AIX2

traceroute to ATC-AIX2.ATC-DOMAIN.com (10.20.90.41) from ATC-AIX1.ATC-DOMAIN.com 
    (10.20.30.40), 30 hops max
outgoing MTU = 1500
 1  10.20.30.254 (10.20.30.254)  8 ms  3 ms  3 ms
 2  10.20.30.252 (10.20.30.252)  4 ms  4 ms  3 ms
 3  19.16.15.240 (19.16.15.240)  5 ms  5 ms  5 ms
 4  17.30.11.23 (17.30.11.23)  4 ms  5 ms  4 ms
 5  10.20.90.252 (10.20.90.252)  4 ms  5 ms  4 ms
 6  10.20.90.252 (10.20.90.254)  8 ms  5 ms  4 ms
 7  10.20.90.41 (10.20.90.41) 8 ms  6 ms  5 ms

The traceroute command can be a helpful troubleshooting tool. If your traceroute results in failure, the output can lead you in the right direction—namely, which server or network equipment may be blocking your access.

The nslookup and dig commands

With the ping and traceroute commands, notice that host names were primarily used. Using host names is helpful for users, because they don't need to memorize difficult IP addresses. One method to determine whether DNS is in fact working is to use the name server lookup, or nslookup, command. Using nslookup can provide host name information as well as IP addresses associated with the host name. This command is useful if users report an issue when they try to connect to a server but don't get a response. In such a situation, it could be that their DNS information isn't updated and old addresses are being used, which you can use nslookup to verify quickly.

The following code displays the IP addresses associated with IBM.com:

nslookup ibm.com
Server:  ATC-AIX1.ATC-DOMAIN.com
Address:  10.20.30.40

Non-authoritative answer:
Name:    ibm.com
Addresses:  129.42.17.103, 129.42.18.103, 129.42.16.103

A newer program similar to nslookup is dig. The dig command provides the same information as nslookup but with a fuller view of how DNS is set up for the target:

dig ibm.com

; <<>> DiG 9.2.0 <<>> ibm.com
;; global options:  printcmd
;; Got answer:
;; -<<HEADER<<- opcode: QUERY, status: NOERROR, id: 16463
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;ibm.com.                       IN      A

;; ANSWER SECTION:
ibm.com.                14740   IN      A       129.42.16.103
ibm.com.                14740   IN      A       129.42.17.103
ibm.com.                14740   IN      A       129.42.18.103

;; AUTHORITY SECTION:
.                       24402   IN      NS      I.ROOT-SERVERS.NET.
.                       24402   IN      NS      G.ROOT-SERVERS.NET.
.                       24402   IN      NS      C.ROOT-SERVERS.NET.
.                       24402   IN      NS      F.ROOT-SERVERS.NET.
.                       24402   IN      NS      M.ROOT-SERVERS.NET.
.                       24402   IN      NS      E.ROOT-SERVERS.NET.
.                       24402   IN      NS      L.ROOT-SERVERS.NET.
.                       24402   IN      NS      D.ROOT-SERVERS.NET.
.                       24402   IN      NS      J.ROOT-SERVERS.NET.
.                       24402   IN      NS      H.ROOT-SERVERS.NET.
.                       24402   IN      NS      A.ROOT-SERVERS.NET.
.                       24402   IN      NS      B.ROOT-SERVERS.NET.
.                       24402   IN      NS      K.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
I.ROOT-SERVERS.NET.     31808   IN      A       192.36.148.17
G.ROOT-SERVERS.NET.     2961    IN      A       192.112.36.4
C.ROOT-SERVERS.NET.     36288   IN      A       192.33.4.12
F.ROOT-SERVERS.NET.     40867   IN      A       192.5.5.241
M.ROOT-SERVERS.NET.     15357   IN      A       202.12.27.33
E.ROOT-SERVERS.NET.     26901   IN      A       192.203.230.10
L.ROOT-SERVERS.NET.     21568   IN      A       199.7.83.42
D.ROOT-SERVERS.NET.     9464    IN      A       128.8.10.90
J.ROOT-SERVERS.NET.     35190   IN      A       192.58.128.30
H.ROOT-SERVERS.NET.     7936    IN      A       128.63.2.53
A.ROOT-SERVERS.NET.     35190   IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     29770   IN      A       192.228.79.201
K.ROOT-SERVERS.NET.     16473   IN      A       193.0.14.129

;; Query time: 3 msec
;; SERVER: 10.20.30.40#53(10.20.30.40)
;; WHEN: Wed Mar 12 17:02:32 2008
;; MSG SIZE  rcvd: 492

Connect to the Web

After successfully testing the Internet connection and verifying that DNS is set up correctly by using the ping, traceroute, and nslookup commands, you're ready to get on the Web. Simply open your preferred Web browser, type the Uniform Resource Locator (URL) you want to view (see Figure 4), and viola! Congratulations: You're on the Internet and viewing the Web!

Figure 4. Connecting to the Web
Connecting to the Web

Conclusion

Connecting to the Internet and viewing Web sites is easy in AIX. IBM has made configuration of AIX and network adapters easy. Simply configure your network adapter, direct DNS to a valid DNS server, and you'll be surfing the Web in no time! Enjoy!

Resources

Learn

Get products and technologies

  • IBM trial software: Build your next development project with software for download directly from developerWorks.

Discuss

Comments

developerWorks: Sign in

Required fields are indicated with an asterisk (*).


Need an IBM ID?
Forgot your IBM ID?


Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.

 


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name



The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.

 


All information submitted is secure.

Dig deeper into AIX and Unix on developerWorks


static.content.url=http://www.ibm.com/developerworks/js/artrating/
SITE_ID=1
Zone=AIX and UNIX
ArticleID=302396
ArticleTitle=Speaking UNIX: Inside TCP/IP
publish-date=04222008