CERTguide Solaris 9 Network Admin Study Guide

What is the relationship between a Network and Solaris?

n          A network is a group of two or more computer systems linked together.

n          There are many types of computer networks, including:

u        local-area networks (LANs) : computers are geographically close together

u        wide-area networks (WANs) : computers are farther apart

u        campus-area networks (CANs): computers are withing a limited geographic area

u        metropolitan-area networks MANs): network designed for a town or city

u        home-area networks (HANs): network contained within a user's home

n          Network classifications:

u        topology: geometric arrangement of a computer system

u        protocol: defines a common set of rules and signals that computers use to communicate

u        architecture: broadly classified as using either a peer-to-peer or client/server architecture.

In fact, Solaris is mostly deployed in a client server setup. Solaris is most commonly used for reliable server computing.

What is the NA exam?

You need to complete both SA1 and SA2 first. Afterwards, pass the Network Admin exam and you will be certified by Sun as a Network Administrator.

What does the NA exam cover?

n          Configure the network Interface layer

n          Configure the network (internet and transport layers)

n          Configure and manage network applications (Application layer)

My advice - know the following inside and out:

n          IPV4

n          IPV6

n          ARP and RARP

n          DHCP

n          DNS

n          NTP

No need to worry about NIS.

Does the SunONE Directory service matter?

For the exam, no. However, it is good for you to know what it is, since it is now fully integrated into Solaris.

"The Sun[tm] ONE Directory Server (formerly iPlanet Directory Server) is a software product that provides a central repository for storing and managing identity profiles, access privileges and application and network resource information. Information stored in the Sun ONE Directory Server can be used for the authentication and authorization of users to enable secure access to enterprise and Internet services and applications. The software helps improve security and protection of key corporate information assets by ensuring appropriate access control policies are enforced across all communities, applications, and services on a global basis." http://wwws.sun.com/software/products/directory_srvr/home_directory.html

Network basics

For this objective you need to know the basic network topology and the basics on IP networking. Nothing in-depth. Know IP V4, DNS, ARP, Ethernet and DHCP and you will do fine. In fact, be prepared to see very stupid questions. Refer to the study guides for SA2 for this subject area.

CSMA/CD is an important concept in Ethernet:

“Short for Carrier Sense Multiple Access / Collision Detection, a set of rules determining how network devices respond when two devices attempt to use a data channel simultaneously (called a collision). Standard Ethernet networks use CSMA/CD. This standard enables devices to detect a collision. After detecting a collision, a device waits a random delay time and then attempts to re-transmit the message. If the device detects a collision again, it waits twice as long to try to re-transmit the message. This is known as exponential back off.” http://www.webopedia.com/TERM/C/CSMA_CD.html  

IPv6

The current IP addressing scheme is IPv4. The next big thing is IPv6, also known as IPNG:

n          short for IP version 6

n          originally called IPng

n          a set of standards designed to replace IP version 4

n          addresses in IPv6 are lengthened from 32 bits to 128 bits

n          provides support for an almost unlimited number of networks and systems

n          reduces the number of fields in a header from the IPv4's 13 fields to 7 fields

n          has a priority field to distinguish between real-time traffic, such as video, and lower priority transmissions that can be delayed during peak congestion periods

n          combines anycasting with unicasting and multicasting - takes the place of broadcast addressing.

What is anycasting? According to webopedia.com:

“Communication that takes place over a network between a single sender and the nearest of a group of receivers. Anycast is used in IPv6 as a method of updating routing tables. One host initiates an update of a router table for a group of hosts, sending the data to the nearest host. That host then sends the message on to its nearest router until all the routing tables in that group are updated.” http://www.webopedia.com/TERM/a/anycast.html

How about multicasting? According to webopedia.com:

“To transmit a single message to a select group of recipients. A simple example of multicasting is sending an e-mail message to a mailing list. Teleconferencing and videoconferencing also use multicasting, but require more robust protocols and networks.”

http://www.webopedia.com/TERM/m/multicast.html

Major changes from IPv4 to IPv6 can be classified as below:

n          Expanded routing and addressing capabilities

n          Header format simplification

n          Improved support for options

n          Quality-of-service capabilities

n          Authentication and privacy capabilities

IPv4

How about CIDR? Why do we need it?

"The Internet has grown so rapidly that users are running out of network addresses to support it. In response to this problem, Classless Inter-Domain Routing (CIDR) was developed. IP addresses had been separated into class A, B, and C for large, medium, and small networks. As the class B IP addresses were depleted, the CIDR design came into use. CIDR was based on the idea that an organization should get the exact number of class C IP addresses it needs, rather than be assigned one class B network, consisting of 65,536 addresses." http://docs.sun.com/db?q=cidr&p=/doc/802-5753/6i9g71m68&a=view

Addressing

n          Class A Network -- binary address start with 0, decimal number can be anywhere from 1 to 126. The first 8 bits (the first octet) identify the network

n          Class B Network -- binary addresses start with 10, decimal number can be anywhere from 128 to 191. The number 127 is reserved.

n          The first 16 bits (the first two octets) identify the network.

n          Class C Network -- binary addresses start with 110, decimal number can be anywhere from 192 to 223. The first 24 bits (the first three octets) identify the network.

n          Class D Network -- binary addresses start with 1110, decimal number can be anywhere from 224 to 239. Support multicasting.

n          Class E Network -- binary addresses start with 1111, therefore the decimal number can be anywhere from 240 to 255. For experimentation use.

n          In short:

u        Class A - supports 16 million hosts on each of 127 networks

u        Class B - supports 65,000 hosts on each of 16,000 networks

u        Class C - supports 254 hosts on each of 2 million networks

CIDR

n          an important concept in IPv4:

n          short for Classless Inter-Domain Routing

n          replaces the older system based on classes A, B, and C

n          a single IP address can be used to designate many unique IP addresses

Class C network numbers allocated following the CIDR strategy:

n          not random

n          contiguous

n          share the same prefixes

n          blocks of IP addresses are allocated to individual ISPs

n          addresses not allocated to individual requestors

DNS

According to Sun:

"The Domain Name System (DNS) is an application-layer protocol that is part of the standard TCP/IP protocol suite. This protocol implements the DNS naming service, which is the naming service used on the Internet."

3 types of DNS name servers:

n          Master server

n          Slave server

n          Stub server

n          Note that each domain must have one master server and should have at least one slave server to provide backup

Administrative domain:

 

n          a group of machines which are administered as a unit

n          information about this domain is maintained by at least two name servers that are "authoritative" for the domain

n          DNS domain - logical grouping of machines

Common DNS record types:

Type	Description
SOA	Start of authority
NS	Name server
A	IPv4 Internet address (name to address)
AAAA	IPv6 Internet address (name to address)
PTR	Pointer (address to name)
CNAME	Canonical name (nickname)
TXT	Text information
MX	Mail exchanger

DNS configuration files:

Important Filenames	Purpose of the File
/etc/named.conf	specifies the type of server it is running on and the zones that it serves as a 'Master', 'Slave', or 'Stub'.
/etc/resolv.conf	resides on every DNS client
named.ca	establishes the names of root servers and lists their addresses.
Generic: hosts	contains all the data about the machines in the local zone that the server serves.
Generic: hosts.rev	specifies a zone in the in-addr.arpa. domain
named.local	specifies the address for the local loopback interface, or localhost
$INCLUDE files	file identified by an $INCLUDE() statement in a data file.

DHCP

n          enables host systems in a TCP/IP network to be configured automatically for the network as they boot

n          uses a client/server mechanism

n          Servers store and manage configuration information for clients and provide that information upon a client's request.

n          evolved from BOOTP

n          primary benefit - manage IP address assignments through leasing allows IP addresses to be reclaimed when not in use and reassigned to other clients - enables a site to use a smaller pool of IP address

n          advantages:

u        IP address management

u        Centralized network client configuration

u        Support of BOOTP clients

u        Support of local and remote clients

u        Network booting

u        Large network support

dhcptab is the file Solaris relies on for DHCP:

"The dhcptab table contains all the information that clients can obtain from the DHCP server. The DHCP server scans the dhcptab each time it starts. The file name of the dhcptab varies according to the data store used. For example, the dhcptab created by the NIS+ data store SUNWnisplus is SUNWnisplus1_dhcptab”

http://docs.sun.com/db?q=jumpstart&p=/doc/806-4075/6jd69oa7u&a=view

DHCP Standard Options (extracted from Sun’s document site)
Code	Label	Description
1	Subnet	Subnet mask IP address
3	Router	IP address for router
6	DNSserv	IP address for DNS server
12	Hostname	Text string for client host name
15	DNSdmain	DNS domain name

 

DHCP Command-Line Utilities
Command	Description and Purpose
in.dhcpd	The DHCP service daemon.
dhcpconfig	Configure and unconfigure a DHCP server.
dhtadm	Add, delete, and modify configuration options and macros for DHCP clients.
pntadm	Manage the DHCP network tables.

Always remember, security for the dhcpconfig, dhtadm, and pntadm commands is determined by role-based access control (RBAC) settings.

BOOTP Relay Agents

n          useful in multiple networks

n          clients on one network cannot broadcast DHCP or BOOTP requests to servers on other networks

n          needs a BOOTP relay agent to direct the initial requests through the gateway to the server and then return the replies from the server to the clients

n          some routers have a built-in BOOTP relay agent

n          OR you can install BOOTP relay agents on networks to allow clients to access DHCP servers from a network not running a DHCP server.

NTP

n          short for Network Time Protocol

n          originally a public domain software from the University of Delaware

n          now included in the Solaris software

n          xntpd is a complete implementation of the version 3 standard, as defined by RFC 1305.

n          xntpd daemon reads the /etc/inet/ntp.conf file at system startup

NTP Files
File Name	Function
/etc/inet/ntp.conf	Lists configuration options for NTP.
/etc/inet/ntp.client	Sample configuration file for NTP clients.
/etc/inet/ntp.server	Sample configuration file for NTP servers.
/etc/inet/ntp.drift	Sets the initial frequency offset on NTP servers.
/etc/inet/ntp.keys	Sample configuration file for NTP servers.
/etc/init.d/xntpd	NTP startup script run when a host is booted.
/usr/lib/inet/xntpd	NTP daemon.
/usr/sbin/ntpdate	Utility to set the local date and time based on NTP.
/usr/sbin/ntpq	NTP query program.
/usr/sbin/ntptrace	Program to trace NTP hosts back to the master NTP server.
/usr/sbin/xntpdc	NTP query program for the xntpd daemon.
/var/ntp/ntpstats	Directory for holding NTP statistics.

Reference Books

DNS and BIND (4th Edition)

by Paul Albitz, Cricket Liu (Paperback - April 2001)

 

The Concise Guide to DNS and BIND

by Nicolai Langfeldt (Paperback)

 

DHCP: A Guide to Dynamic TCP/IP Network Configuration

by Berry Kercheval (Hardcover)

 

The DHCP Handbook: Understanding, Deploying, and Managing Automated Configuration Services

by Ralph Droms, Ted Lemon (Hardcover)

 

IP Addressing and Subnetting, Including IPv6

by J. D. Wegner, et al (Paperback)

 

Implementing IPV6: Supporting the Next Generation Internet Protocols

by P. E. Miller, Mark A. Miller (Paperback)

 

This study guide is developed by Michael Yu Chak Tin. He can be reached at Michael@examreview.net.