svn commit: r41591 - projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking
Dru Lavigne
dru at FreeBSD.org
Fri May 10 14:00:18 UTC 2013
Author: dru
Date: Fri May 10 14:00:18 2013
New Revision: 41591
URL: http://svnweb.freebsd.org/changeset/doc/41591
Log:
First pass through first 1/2 of a huge chapter. Subsequent patches
to follow. This patch addresses the following:
- &os;, e.g., you
- most acronyms
- grammar fixes and general tightening
- fixes command/app tags which should be entities
Approved by: bcr (mentor)
Modified:
projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
==============================================================================
--- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Fri May 10 12:13:42 2013 (r41590)
+++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Fri May 10 14:00:18 2013 (r41591)
@@ -11,7 +11,7 @@
<sect1 id="advanced-networking-synopsis">
<title>Synopsis</title>
- <para>This chapter will cover a number of advanced networking
+ <para>This chapter covers a number of advanced networking
topics.</para>
<para>After reading this chapter, you will know:</para>
@@ -27,7 +27,7 @@
</listitem>
<listitem>
- <para>How to make FreeBSD act as a bridge.</para>
+ <para>How to make &os; act as a bridge.</para>
</listitem>
<listitem>
@@ -36,8 +36,9 @@
</listitem>
<listitem>
- <para>How to set up network PXE booting with an NFS root file
- system.</para>
+ <para>How to set up network <acronym>PXE</acronym> booting
+ with an
+ <acronym>NFS</acronym> root filesystem.</para>
</listitem>
<listitem>
@@ -45,16 +46,17 @@
</listitem>
<listitem>
- <para>How to set up IPv6 on a FreeBSD machine.</para>
+ <para>How to set up IPv6 on a &os; machine.</para>
</listitem>
<listitem>
- <para>How to configure ATM.</para>
+ <para>How to configure <acronym>ATM</acronym>.</para>
</listitem>
<listitem>
- <para>How to enable and utilize the features of CARP, the
- Common Address Redundancy Protocol in &os;</para>
+ <para>How to enable and utilize the features of the
+ Common Address Redundancy Protocol
+ (<acronym>CARP</acronym>) in &os;.</para>
</listitem>
</itemizedlist>
@@ -71,7 +73,7 @@
</listitem>
<listitem>
- <para>Know how to configure and install a new FreeBSD kernel
+ <para>Know how to configure and install a new &os; kernel
(<xref linkend="kernelconfig"/>).</para>
</listitem>
@@ -105,22 +107,21 @@
one to the other. This is called
<firstterm>routing</firstterm>. A <quote>route</quote> is a
defined pair of addresses: a <quote>destination</quote> and a
- <quote>gateway</quote>. The pair indicates that if you are
+ <quote>gateway</quote>. The pair indicates that when
trying to get to this <emphasis>destination</emphasis>,
communicate through this <emphasis>gateway</emphasis>. There
are three types of destinations: individual hosts, subnets, and
<quote>default</quote>. The <quote>default route</quote> is
- used if none of the other routes apply. We will talk a little
- bit more about default routes later on. There are also three
+ used if none of the other routes apply. There are also three
types of gateways: individual hosts, interfaces (also called
- <quote>links</quote>), and Ethernet hardware addresses (MAC
- addresses).</para>
+ <quote>links</quote>), and Ethernet hardware
+ (<acronym>MAC</acronym>) addresses.</para>
<sect2>
<title>An Example</title>
- <para>To illustrate different aspects of routing, we will use
- the following example from <command>netstat</command>:</para>
+ <para>This example &man.netstat.1; output illustrates several
+ aspects of routing:</para>
<screen>&prompt.user; <userinput>netstat -r</userinput>
Routing tables
@@ -138,9 +139,9 @@ host2.example.com link#1 UC
224 link#1 UC 0 0</screen>
<indexterm><primary>default route</primary></indexterm>
- <para>The first two lines specify the default route (which we
- will cover in the
- <link linkend="network-routing-default">next section</link>)
+ <para>The first two lines specify the default route,
+ described in more detail in
+ <xref linkend="network-routing-default"/>,
and the <hostid>localhost</hostid> route.</para>
<indexterm><primary>loopback device</primary></indexterm>
@@ -149,66 +150,65 @@ host2.example.com link#1 UC
<literal>localhost</literal> is <devicename>lo0</devicename>,
also known as the loopback device. This says to keep all
traffic for this destination internal, rather than sending it
- out over the LAN, since it will only end up back where it
- started.</para>
+ out over the network.</para>
<indexterm>
<primary>Ethernet</primary>
<secondary>MAC address</secondary>
</indexterm>
- <para>The next thing that stands out are the addresses beginning
- with <hostid role="mac">0:e0:</hostid>. These are Ethernet
- hardware addresses, which are also known as MAC addresses.
- FreeBSD will automatically identify any hosts
- (<hostid>test0</hostid> in the example) on the local Ethernet
- and add a route for that host, directly to it over the
- Ethernet interface, <devicename>ed0</devicename>. There is
- also a timeout (<literal>Expire</literal> column) associated
- with this type of route, which is used if we fail to hear from
- the host in a specific amount of time. When this happens, the
+ <para>The addresses beginning
+ with <hostid role="mac">0:e0:</hostid> are Ethernet
+ hardware addresses, also known as <acronym>MAC</acronym>
+ addresses.
+ &os; will automatically identify any hosts,
+ <hostid>test0</hostid> in the example, on the local Ethernet
+ and add a route for that host over the
+ Ethernet interface, <devicename>ed0</devicename>. This type
+ of route has a timeout, seen in the <literal>Expire</literal>
+ column, which is used if
+ the host does not respond in a specific amount of time. When
+ this happens, the
route to this host will be automatically deleted. These hosts
- are identified using a mechanism known as RIP (Routing
- Information Protocol), which figures out routes to local hosts
+ are identified using the Routing
+ Information Protocol (<acronym>RIP</acronym>), which
+ calculates routes to local hosts
based upon a shortest path determination.</para>
<indexterm><primary>subnet</primary></indexterm>
- <para>FreeBSD will also add subnet routes for the local subnet
- (<hostid role="ipaddr">10.20.30.255</hostid> is the broadcast
+ <para>&os; will add subnet routes for the local subnet.
+ <hostid role="ipaddr">10.20.30.255</hostid> is the broadcast
address for the subnet
- <hostid role="ipaddr">10.20.30</hostid>, and
+ <hostid role="ipaddr">10.20.30</hostid> and
<hostid role="domainname">example.com</hostid> is the domain
- name associated with that subnet). The designation
+ name associated with that subnet. The designation
<literal>link#1</literal> refers to the first Ethernet card in
- the machine. You will notice no additional interface is
- specified for those.</para>
+ the machine.</para>
- <para>Both of these groups (local network hosts and local
- subnets) have their routes automatically configured by a
- daemon called <application>routed</application>. If this is
- not run, then only routes which are statically defined (i.e.,
- entered explicitly) will exist.</para>
-
- <para>The <literal>host1</literal> line refers to our host,
- which it knows by Ethernet address. Since we are the sending
- host, FreeBSD knows to use the loopback interface
- (<devicename>lo0</devicename>) rather than sending it out over
+ <para>Local network hosts and local
+ subnets have their routes automatically configured by a
+ daemon called &man.routed.8;. If it is
+ not running, only routes which are statically defined
+ by the administrator will exist.</para>
+
+ <para>The <literal>host1</literal> line refers to the host
+ by its Ethernet address. Since it is the sending
+ host, &os; knows to use the loopback interface
+ (<devicename>lo0</devicename>) rather than
the Ethernet interface.</para>
- <para>The two <literal>host2</literal> lines are an example of
- what happens when we use an &man.ifconfig.8; alias (see the
- section on Ethernet for reasons why we would do this). The
+ <para>The two <literal>host2</literal> lines represent aliases
+ which were created using &man.ifconfig.8;. The
<literal>=></literal> symbol after the
- <devicename>lo0</devicename> interface says that not only are
- we using the loopback (since this address also refers to the
- local host), but specifically it is an alias. Such routes
+ <devicename>lo0</devicename> interface says that an alias
+ has been set in addition to the loopback address. Such routes
only show up on the host that supports the alias; all other
- hosts on the local network will simply have a
+ hosts on the local network will have a
<literal>link#1</literal> line for such routes.</para>
<para>The final line (destination subnet
- <hostid role="ipaddr">224</hostid>) deals with multicasting,
- which will be covered in another section.</para>
+ <hostid role="ipaddr">224</hostid>) deals with
+ multicasting.</para>
<para>Finally, various attributes of each route can be seen in
the <literal>Flags</literal> column. Below is a short table
@@ -247,7 +247,7 @@ host2.example.com link#1 UC
<row>
<entry>C</entry>
<entry>Clone: Generates a new route based upon this
- route for machines we connect to. This type of route
+ route for machines to connect to. This type of route
is normally used for local networks.</entry>
</row>
@@ -276,25 +276,24 @@ host2.example.com link#1 UC
<para>When the local system needs to make a connection to a
remote host, it checks the routing table to determine if a
known path exists. If the remote host falls into a subnet
- that we know how to reach (Cloned routes), then the system
- checks to see if it can connect along that interface.</para>
+ that it knows how to reach, the system
+ checks to see if it can connect using that interface.</para>
<para>If all known paths fail, the system has one last option:
the <quote>default</quote> route. This route is a special
type of gateway route (usually the only one present in the
system), and is always marked with a <literal>c</literal> in
the flags field. For hosts on a local area network, this
- gateway is set to whatever machine has a direct connection to
- the outside world (whether via PPP link, DSL, cable modem, T1,
- or another network interface).</para>
+ gateway is set to the system which has a direct connection to
+ the Internet.</para>
- <para>If you are configuring the default route for a machine
+ <para>The default route for a machine
which itself is functioning as the gateway to the outside
- world, then the default route will be the gateway machine at
- your Internet Service Provider's (ISP) site.</para>
+ world, will be the gateway machine at
+ the Internet Service Provider (<acronym>ISP</acronym>).</para>
- <para>Let us look at an example of default routes. This is a
- common configuration:</para>
+ <para>This example is a
+ common configuration for a default route:</para>
<mediaobject>
<imageobject>
@@ -308,13 +307,15 @@ host2.example.com link#1 UC
</mediaobject>
<para>The hosts <hostid>Local1</hostid> and
- <hostid>Local2</hostid> are at your site.
- <hostid>Local1</hostid> is connected to an ISP via a dial up
- PPP connection. This PPP server computer is connected through
+ <hostid>Local2</hostid> are on the local network.
+ <hostid>Local1</hostid> is connected to an
+ <acronym>ISP</acronym> using a
+ <acronym>PPP</acronym> connection. This
+ <acronym>PPP</acronym> server is connected through
a local area network to another gateway computer through an
- external interface to the ISPs Internet feed.</para>
+ external interface to the <acronym>ISP</acronym>.</para>
- <para>The default routes for each of your machines will
+ <para>The default routes for each machine will
be:</para>
<informaltable frame="none" pgwide="1">
@@ -343,25 +344,31 @@ host2.example.com link#1 UC
</tgroup>
</informaltable>
- <para>A common question is <quote>Why (or how) would we set
- the <hostid>T1-GW</hostid> to be the default gateway for
- <hostid>Local1</hostid>, rather than the ISP server it is
+ <para>A common question is <quote>Why is
+ <hostid>T1-GW</hostid> configured as the default gateway for
+ <hostid>Local1</hostid>, rather than the
+ <acronym>ISP</acronym> server it is
connected to?</quote>.</para>
- <para>Remember, since the PPP interface is using an address on
- the ISP's local network for your side of the connection,
- routes for any other machines on the ISP's local network will
- be automatically generated. Hence, you will already know how
+ <para>Since the <acronym>PPP</acronym> interface is using an
+ address on
+ the <acronym>ISP</acronym>'s local network for the local side
+ of the connection,
+ routes for any other machines on the <acronym>ISP</acronym>'s
+ local network will
+ be automatically generated. The system already knows how
to reach the <hostid>T1-GW</hostid> machine, so there is no
- need for the intermediate step of sending traffic to the ISP
+ need for the intermediate step of sending traffic to the
+ <acronym>ISP</acronym>'s
server.</para>
<para>It is common to use the address
<hostid role="ipaddr">X.X.X.1</hostid> as the gateway address
- for your local network. So (using the same example), if your
- local class-C address space was
- <hostid role="ipaddr">10.20.30</hostid> and your ISP was using
- <hostid role="ipaddr">10.9.9</hostid> then the default routes
+ for the local network. So, if the
+ local class C address space is
+ <hostid role="ipaddr">10.20.30</hostid> and the
+ <acronym>ISP</acronym> is using
+ <hostid role="ipaddr">10.9.9</hostid>, the default routes
would be:</para>
<informaltable frame="none" pgwide="1">
@@ -387,19 +394,19 @@ host2.example.com link#1 UC
</informaltable>
<para>The default route can be easily defined in
- <filename>/etc/rc.conf</filename>. In our example, on
- the <hostid>Local2</hostid> machine, we added the following
- line in <filename>/etc/rc.conf</filename>:</para>
+ <filename>/etc/rc.conf</filename>. In this example, on
+ <hostid>Local2</hostid>, add the following
+ line to <filename>/etc/rc.conf</filename>:</para>
<programlisting>defaultrouter="10.20.30.1"</programlisting>
- <para>It is also possible to do it directly from the command
- line with the &man.route.8; command:</para>
+ <para>It is also possible to add the route directly using
+ &man.route.8;:</para>
<screen>&prompt.root; <userinput>route add default 10.20.30.1</userinput></screen>
<para>For more information on manual manipulation of network
- routing tables, consult the &man.route.8; manual page.</para>
+ routing tables, refer to &man.route.8;.</para>
</sect2>
<sect2 id="network-dual-homed-hosts">
@@ -407,32 +414,28 @@ host2.example.com link#1 UC
<indexterm><primary>dual homed hosts</primary></indexterm>
- <para>There is one other type of configuration that we should
- cover, and that is a host that sits on two different networks.
- Technically, any machine functioning as a gateway (in the
- example above, using a PPP connection) counts as a dual-homed
- host. But the term is really only used to refer to a machine
- that sits on two local-area networks.</para>
-
- <para>In one case, the machine has two Ethernet cards, each
- having an address on the separate subnets. Alternately, the
- machine may only have one Ethernet card, and be using
+ <para>A a dual-homed system
+ is a host which resides on two different networks.</para>
+
+ <para>The dual-homed machine might have two Ethernet cards, each
+ having an address on a separate subnet. Alternately, the
+ machine can have one Ethernet card and uses
&man.ifconfig.8; aliasing. The former is used if two
- physically separate Ethernet networks are in use, the latter
+ physically separate Ethernet networks are in use and the
+ latter
if there is one physical network segment, but two logically
separate subnets.</para>
<para>Either way, routing tables are set up so that each subnet
knows that this machine is the defined gateway (inbound route)
to the other subnet. This configuration, with the machine
- acting as a router between the two subnets, is often used when
- we need to implement packet filtering or firewall security in
+ acting as a router between the two subnets, is often used
+ to implement packet filtering or firewall security in
either or both directions.</para>
- <para>If you want this machine to actually forward packets
- between the two interfaces, you need to tell FreeBSD to enable
- this ability. See the next section for more details on how
- to do this.</para>
+ <para>For this machine to forward packets
+ between the two interfaces, &os; must be configured as a
+ router, as demonstrated in the next section.</para>
</sect2>
<sect2 id="network-dedicated-router">
@@ -440,10 +443,10 @@ host2.example.com link#1 UC
<indexterm><primary>router</primary></indexterm>
- <para>A network router is simply a system that forwards packets
+ <para>A network router is a system that forwards packets
from one interface to another. Internet standards and good
- engineering practice prevent the FreeBSD Project from enabling
- this by default in FreeBSD. You can enable this feature by
+ engineering practice prevent the &os; Project from enabling
+ this by default in &os;. This feature can be enabled by
changing the following variable to <literal>YES</literal> in
&man.rc.conf.5;:</para>
@@ -451,23 +454,21 @@ host2.example.com link#1 UC
<para>This option will set the &man.sysctl.8; variable
<varname>net.inet.ip.forwarding</varname> to
- <literal>1</literal>. If you should need to stop routing
- temporarily, you can reset this to <literal>0</literal>
- temporarily.</para>
+ <literal>1</literal>. To stop routing,
+ reset this to <literal>0</literal>.</para>
<indexterm><primary>BGP</primary></indexterm>
<indexterm><primary>RIP</primary></indexterm>
<indexterm><primary>OSPF</primary></indexterm>
- <para>Your new router will need routes to know where to send the
- traffic. If your network is simple enough you can use static
- routes. FreeBSD also comes with the standard BSD routing
- daemon &man.routed.8;, which speaks RIP (both version 1 and
- version 2) and IRDP. Support for BGP v4, OSPF v2, and other
+ <para>The new router will need routes to know where to send the
+ traffic. If the network is simple enough, static
+ routes can be used. &os; comes with the standard BSD routing
+ daemon &man.routed.8;, which speaks <acronym>RIP</acronym>
+ versions 1 and 2, and <acronym>IRDP</acronym>. Support for
+ <acronym>BGP</acronym>v4, <acronym>OSPF</acronym>v2, and other
sophisticated routing protocols is available with the
- <filename role="package">net/zebra</filename> package.
- Commercial products such as <application>&gated;</application>
- are also available for more complex network routing
- solutions.</para>
+ <filename role="package">net/zebra</filename> package or
+ port.</para>
</sect2>
<sect2 id="network-static-routes">
@@ -486,7 +487,7 @@ host2.example.com link#1 UC
<sect3>
<title>Manual Configuration</title>
- <para>Let us assume we have a network as follows:</para>
+ <para>Consider the following network:</para>
<mediaobject>
<imageobject>
@@ -520,21 +521,18 @@ host2.example.com link#1 UC
</textobject>
</mediaobject>
- <para>In this scenario, <hostid>RouterA</hostid> is our &os;
+ <para>In this scenario, <hostid>RouterA</hostid> is a &os;
machine that is acting as a router to the rest of the
Internet. It has a default route set to
<hostid role="ipaddr">10.0.0.1</hostid> which allows it to
- connect with the outside world. We will assume that
- <hostid>RouterB</hostid> is already configured properly and
- knows how to get wherever it needs to go. (This is simple
- in this picture. Just add a default route on
- <hostid>RouterB</hostid> using
+ connect with the outside world. <hostid>RouterB</hostid> is
+ already configured properly as it
+ uses
<hostid role="ipaddr">192.168.1.1</hostid> as the
- gateway.)</para>
+ gateway.</para>
- <para>If we look at the routing table for
- <hostid>RouterA</hostid> we would see something like the
- following:</para>
+ <para>The routing table on
+ <hostid>RouterA</hostid> looks something like this:</para>
<screen>&prompt.user; <userinput>netstat -nr</userinput>
Routing tables
@@ -546,12 +544,12 @@ default 10.0.0.1 UG
10.0.0.0/24 link#1 UC 0 0 xl0
192.168.1.0/24 link#2 UC 0 0 xl1</screen>
- <para>With the current routing table <hostid>RouterA</hostid>
- will not be able to reach our Internal Net 2. It does not
+ <para>With the current routing table, <hostid>RouterA</hostid>
+ cannot reach Internal Net 2 as it does not
have a route for
- <hostid role="ipaddr">192.168.2.0/24</hostid>. One way to
- alleviate this is to manually add the route. The following
- command would add the Internal Net 2 network to
+ <hostid role="ipaddr">192.168.2.0/24</hostid>. The
+ following
+ command adds the Internal Net 2 network to
<hostid>RouterA</hostid>'s routing table using
<hostid role="ipaddr">192.168.1.2</hostid> as the next
hop:</para>
@@ -566,10 +564,10 @@ default 10.0.0.1 UG
<sect3>
<title>Persistent Configuration</title>
- <para>The above example is perfect for configuring a static
- route on a running system. However, one problem is that the
- routing information will not persist if you reboot your &os;
- machine. Additional static routes can be
+ <para>The above example configures a static
+ route on a running system. However, the
+ routing information will not persist if the &os; system
+ reboots. Persistent static routes can be
entered in <filename>/etc/rc.conf</filename>:</para>
<programlisting># Add Internal Net 2 as a static route
@@ -577,28 +575,25 @@ static_routes="internalnet2"
route_internalnet2="-net 192.168.2.0/24 192.168.1.2"</programlisting>
<para>The <literal>static_routes</literal> configuration
- variable is a list of strings separated by a space. Each
- string references to a route name. In our above example we
- only have one string in <literal>static_routes</literal>.
- This string is <replaceable>internalnet2</replaceable>. We
- then add a configuration variable called
+ variable is a list of strings separated by a space, where
+ each
+ string references a route name. This example
+ only has one string in <literal>static_routes</literal>,
+ <replaceable>internalnet2</replaceable>. The variable
<literal>route_<replaceable>internalnet2</replaceable></literal>
- where we put all of the configuration parameters we would
- give to the &man.route.8; command. For our example above we
- would have used the command:</para>
+ contains all of the configuration parameters
+ to &man.route.8;. This example is equivalent
+ to the command:</para>
<screen>&prompt.root; <userinput>route add -net 192.168.2.0/24 192.168.1.2</userinput></screen>
- <para>so we need <literal>"-net 192.168.2.0/24
- 192.168.1.2"</literal>.</para>
-
- <para>As said above, we can have more than one string in
- <literal>static_routes</literal>. This allows us to create
- multiple static routes. The following lines shows an
+ <para>Using more than one string in
+ <literal>static_routes</literal> creates
+ multiple static routes. The following shows an
example of adding static routes for the
<hostid role="ipaddr">192.168.0.0/24</hostid> and
- <hostid role="ipaddr">192.168.1.0/24</hostid> networks on an
- imaginary router:</para>
+ <hostid role="ipaddr">192.168.1.0/24</hostid>
+ networks:</para>
<programlisting>static_routes="net1 net2"
route_net1="-net 192.168.0.0/24 192.168.0.1"
@@ -609,36 +604,26 @@ route_net2="-net 192.168.1.0/24 192.168.
<sect2 id="network-routing-propagation">
<title>Routing Propagation</title>
- <indexterm><primary>routing propagation</primary></indexterm>
- <para>We have already talked about how we define our routes to
- the outside world, but not about how the outside world finds
- us.</para>
-
- <para>We already know that routing tables can be set up so that
- all traffic for a particular address space (in our examples, a
- class-C subnet) can be sent to a particular host on that
- network, which will forward the packets inbound.</para>
-
- <para>When you get an address space assigned to your site, your
- service provider will set up their routing tables so that all
- traffic for your subnet will be sent down your PPP link to
- your site. But how do sites across the country know to send
- to your ISP?</para>
+ <para>When an address space is assigned to a network, the
+ service provider configures their routing tables so that all
+ traffic for the network will be sent to the link for the
+ site. But how do external sites know to send their packets
+ to the network's <acronym>ISP</acronym>?</para>
- <para>There is a system (much like the distributed DNS
- information) that keeps track of all assigned address-spaces,
+ <para>There is a system
+ that keeps track of all assigned address spaces
and defines their point of connection to the Internet
- Backbone. The <quote>Backbone</quote> are the main trunk
- lines that carry Internet traffic across the country, and
+ backbone, or the main trunk
+ lines that carry Internet traffic across the country and
around the world. Each backbone machine has a copy of a
master set of tables, which direct traffic for a particular
network to a specific backbone carrier, and from there down
the chain of service providers until it reaches your
network.</para>
- <para>It is the task of your service provider to advertise to
- the backbone sites that they are the point of connection (and
- thus the path inward) for your site. This is known as route
+ <para>It is the task of the service provider to advertise to
+ the backbone sites that they are the point of connection, and
+ thus the path inward, for a site. This is known as route
propagation.</para>
</sect2>
@@ -646,23 +631,22 @@ route_net2="-net 192.168.1.0/24 192.168.
<title>Troubleshooting</title>
<indexterm>
- <primary><command>traceroute</command></primary>
+ <primary>&man.traceroute.8;</primary>
</indexterm>
- <para>Sometimes, there is a problem with routing propagation,
- and some sites are unable to connect to you. Perhaps the most
+ <para>Sometimes, there is a problem with routing propagation
+ and some sites are unable to connect. Perhaps the most
useful command for trying to figure out where routing is
- breaking down is the &man.traceroute.8; command. It is
- equally useful if you cannot seem to make a connection to a
- remote machine (i.e., &man.ping.8; fails).</para>
+ breaking down is &man.traceroute.8;. It is
+ useful when &man.ping.8; fails.</para>
- <para>The &man.traceroute.8; command is run with the name of the
- remote host you are trying to connect to. It will show the
+ <para>When using &man.traceroute.8;, include the name of the
+ remote host to connect to. The output will show the
gateway hosts along the path of the attempt, eventually either
reaching the target host, or terminating because of a lack of
connection.</para>
- <para>For more information, see the manual page for
+ <para>For more information, refer to
&man.traceroute.8;.</para>
</sect2>
@@ -676,19 +660,20 @@ route_net2="-net 192.168.1.0/24 192.168.
<primary>kernel options</primary>
<secondary>MROUTING</secondary>
</indexterm>
- <para>FreeBSD supports both multicast applications and multicast
- routing natively. Multicast applications do not require any
- special configuration of FreeBSD; applications will generally
+ <para>&os; natively supports both multicast applications and
+ multicast
+ routing. Multicast applications do not require any
+ special configuration of &os;; as applications will generally
run out of the box. Multicast routing
- requires that support be compiled into the kernel:</para>
+ requires that support be compiled into a custom kernel:</para>
<programlisting>options MROUTING</programlisting>
- <para>In addition, the multicast routing daemon, &man.mrouted.8;
+ <para>The multicast routing daemon, &man.mrouted.8;,
must be configured to set up tunnels and
<acronym>DVMRP</acronym> via
<filename>/etc/mrouted.conf</filename>. More details on
- multicast configuration may be found in the manual page for
+ multicast configuration may be found in
&man.mrouted.8;.</para>
<note>
@@ -735,38 +720,46 @@ route_net2="-net 192.168.1.0/24 192.168.
<para>Most wireless networks are based on the &ieee; 802.11
standards. A basic wireless network consists of multiple
stations communicating with radios that broadcast in either
- the 2.4GHz or 5GHz band (though this varies according to the
+ the 2.4GHz or 5GHz band, though this varies according to the
locale and is also changing to enable communication in the
- 2.3GHz and 4.9GHz ranges).</para>
+ 2.3GHz and 4.9GHz ranges.</para>
- <para>802.11 networks are organized in two ways: in
- <emphasis>infrastructure mode</emphasis> one station acts as a
- master with all the other stations associating to it; the
- network is known as a BSS and the master station is termed an
- access point (AP). In a BSS all communication passes through
- the AP; even when one station wants to communicate with
- another wireless station messages must go through the AP. In
- the second form of network there is no master and stations
- communicate directly. This form of network is termed an IBSS
+ <para>802.11 networks are organized in two ways. In
+ <emphasis>infrastructure mode</emphasis>, one station acts as
+ a
+ master with all the other stations associating to it, the
+ network is known as a <acronym>BSS</acronym>, and the master
+ station is termed an
+ access point (<acronym>AP</acronym>). In a
+ <acronym>BSS</acronym>, all communication passes through
+ the <acronym>AP</acronym>; even when one station wants to
+ communicate with
+ another wireless station, messages must go through the
+ <acronym>AP</acronym>. In
+ the second form of network, there is no master and stations
+ communicate directly. This form of network is termed an
+ <acronym>IBSS</acronym>
and is commonly known as an
<emphasis>ad-hoc network</emphasis>.</para>
<para>802.11 networks were first deployed in the 2.4GHz band
using protocols defined by the &ieee; 802.11 and 802.11b
standard. These specifications include the operating
- frequencies, MAC layer characteristics including framing and
- transmission rates (communication can be done at various
- rates). Later the 802.11a standard defined operation in the
- 5GHz band, including different signalling mechanisms and
- higher transmission rates. Still later the 802.11g standard
- was defined to enable use of 802.11a signalling and
+ frequencies and the <acronym>MAC</acronym> layer
+ characteristics, including framing and
+ transmission rates, as communication can occur at various
+ rates. Later, the 802.11a standard defined operation in the
+ 5GHz band, including different signaling mechanisms and
+ higher transmission rates. Still later, the 802.11g standard
+ defined the use of 802.11a signaling and
transmission mechanisms in the 2.4GHz band in such a way as to
be backwards compatible with 802.11b networks.</para>
- <para>Separate from the underlying transmission techniques
+ <para>Separate from the underlying transmission techniques,
802.11 networks have a variety of security mechanisms. The
original 802.11 specifications defined a simple security
- protocol called WEP. This protocol uses a fixed pre-shared key
+ protocol called <acronym>WEP</acronym>. This protocol uses a
+ fixed pre-shared key
and the RC4 cryptographic cipher to encode data transmitted on
a network. Stations must all agree on the fixed key in order
to communicate. This scheme was shown to be easily broken and
@@ -774,43 +767,57 @@ route_net2="-net 192.168.1.0/24 192.168.
joining networks. Current security practice is given by the
&ieee; 802.11i specification that defines new cryptographic
ciphers and an additional protocol to authenticate stations to
- an access point and exchange keys for doing data
- communication. Further, cryptographic keys are periodically
- refreshed and there are mechanisms for detecting intrusion
- attempts (and for countering intrusion attempts). Another
+ an access point and exchange keys for data
+ communication. Cryptographic keys are periodically
+ refreshed and there are mechanisms for detecting
+ and countering intrusion attempts. Another
security protocol specification commonly used in wireless
- networks is termed WPA. This was a precursor to 802.11i
- defined by an industry group as an interim measure while
- waiting for 802.11i to be ratified. WPA specifies a subset of
+ networks is termed <acronym>WPA</acronym>, which was a
+ precursor to 802.11i. <acronym>WPA</acronym>
+ specifies a subset of
the requirements found in 802.11i and is designed for
- implementation on legacy hardware. Specifically WPA requires
- only the TKIP cipher that is derived from the original WEP
- cipher. 802.11i permits use of TKIP but also requires support
- for a stronger cipher, AES-CCM, for encrypting data. (The AES
- cipher was not required in WPA because it was deemed too
+ implementation on legacy hardware. Specifically,
+ <acronym>WPA</acronym> requires
+ only the <acronym>TKIP</acronym> cipher that is derived from
+ the original <acronym>WEP</acronym>
+ cipher. 802.11i permits use of <acronym>TKIP</acronym> but
+ also requires support
+ for a stronger cipher, AES-CCM, for encrypting data. The
+ <acronym>AES</acronym>
+ cipher was not required in <acronym>WPA</acronym> because it
+ was deemed too
computationally costly to be implemented on legacy
- hardware.)</para>
+ hardware.</para>
- <para>Other than the above protocol standards the other
- important standard to be aware of is 802.11e. This defines
- protocols for deploying multi-media applications such as
- streaming video and voice over IP (VoIP) in an 802.11 network.
+ <para>The other
+ standard to be aware of is 802.11e. It defines
+ protocols for deploying multimedia applications, such as
+ streaming video and voice over IP (<acronym>VoIP</acronym>),
+ in
+ an 802.11 network.
Like 802.11i, 802.11e also has a precursor specification
- termed WME (later renamed WMM) that has been defined by an
+ termed <acronym>WME</acronym> (later renamed
+ <acronym>WMM</acronym>) that has been defined by an
industry group as a subset of 802.11e that can be deployed now
- to enable multi-media applications while waiting for the final
+ to enable multimedia applications while waiting for the final
ratification of 802.11e. The most important thing to know
- about 802.11e and WME/WMM is that it enables prioritized
- traffic use of a wireless network through Quality of Service
- (QoS) protocols and enhanced media access protocols. Proper
- implementation of these protocols enable high speed bursting
+ about 802.11e and
+ <acronym>WME</acronym>/<acronym>WMM</acronym> is that it
+ enables prioritized
+ traffic over a wireless network through Quality of Service
+ (<acronym>QoS</acronym>) protocols and enhanced media access
+ protocols. Proper
+ implementation of these protocols enables high speed bursting
of data and prioritized traffic flow.</para>
<para>&os; supports networks that operate
- using 802.11a, 802.11b, and 802.11g. The WPA and 802.11i
+ using 802.11a, 802.11b, and 802.11g. The
+ <acronym>WPA</acronym> and 802.11i
security protocols are likewise supported (in conjunction with
- any of 11a, 11b, and 11g) and QoS and traffic prioritization
- required by the WME/WMM protocols are supported for a limited
+ any of 11a, 11b, and 11g) and <acronym>QoS</acronym> and
+ traffic prioritization
+ required by the <acronym>WME</acronym>/<acronym>WMM</acronym>
+ protocols are supported for a limited
set of wireless devices.</para>
</sect2>
@@ -820,63 +827,66 @@ route_net2="-net 192.168.1.0/24 192.168.
<sect3>
<title>Kernel Configuration</title>
- <para>To use wireless networking, you need a wireless
- networking card and to configure the kernel with the
- appropriate wireless networking support. The latter is
- separated into multiple modules so that you only need to
- configure the software you are actually going to use.</para>
-
- <para>The first thing you need is a wireless device. The most
- commonly used devices are those that use parts made by
- Atheros. These devices are supported by the &man.ath.4;
- driver and require the following line to be added to
+ <para>To use wireless networking, a wireless
+ networking card is needed and the kernel needs to be
+ configured with the
+ appropriate wireless networking support. The kernel is
+ separated into multiple modules so that only the required
+ support needs to be
+ configured.</para>
+
+ <para>The most
+ commonly used wireless devices are those that use parts made
+ by
+ Atheros. These devices are supported by &man.ath.4;
+ and require the following line to be added to
<filename>/boot/loader.conf</filename>:</para>
<programlisting>if_ath_load="YES"</programlisting>
<para>The Atheros driver is split up into three separate
- pieces: the proper driver (&man.ath.4;), the hardware
+ pieces: the driver (&man.ath.4;), the hardware
support layer that handles chip-specific functions
- (&man.ath.hal.4;), and an algorithm for selecting which of
- several possible rates for transmitting frames
- (ath_rate_sample here). When this support is loaded as
- kernel modules, these dependencies are automatically handled
- for you. If, instead of an Atheros device, you had another
- device you would select the module for that device;
- e.g.:</para>
+ (&man.ath.hal.4;), and an algorithm for selecting the
+ rate for transmitting frames.
+ When this support is loaded as
+ kernel modules, any dependencies are automatically handled.
+ To load support for a different type of wireless device,
+ specify the module for that device. This example is for
+ devices based on the Intersil Prism parts (&man.wi.4;)
+ driver:</para>
<programlisting>if_wi_load="YES"</programlisting>
- <para>for devices based on the Intersil Prism parts
- (&man.wi.4; driver).</para>
-
<note>
- <para>In the rest of this document, we will use an
- &man.ath.4; device, the device name in the examples must
- be changed according to your configuration. A list of
+ <para>The examples in this section use an
+ &man.ath.4; device and the device name in the examples
+ must
+ be changed according to the configuration. A list of
available wireless drivers and supported adapters can be
- found in the &os; Hardware Notes. Copies of these notes
- for various releases and architectures are available on
+ found in the &os; Hardware Notes, available on
the <ulink
url="http://www.FreeBSD.org/releases/index.html">Release
- Information</ulink> page of the &os; Web site. If a
- native &os; driver for your wireless device does not
- exist, it may be possible to directly use the &windows;
+ Information</ulink> page of the &os; website. If a
+ native &os; driver for the wireless device does not
+ exist, it may be possible to use the &windows;
driver with the help of the
<link linkend="config-network-ndis">NDIS</link> driver
wrapper.</para>
</note>
- <para>With that, you will need the modules that implement
- cryptographic support for the security protocols you intend
- to use. These are intended to be dynamically loaded on
- demand by the &man.wlan.4; module but for now they must be
+ <para>In addition, the modules that implement
+ cryptographic support for the security protocols
+ to use must be loaded. These are intended to be dynamically
+ loaded on
+ demand by the &man.wlan.4; module, but for now they must be
manually configured. The following modules are available:
- &man.wlan.wep.4;, &man.wlan.ccmp.4; and &man.wlan.tkip.4;.
- Both &man.wlan.ccmp.4; and &man.wlan.tkip.4; drivers are
- only needed if you intend to use the WPA and/or 802.11i
- security protocols. If your network does not use
- encryption, you will not need &man.wlan.wep.4; support. To
+ &man.wlan.wep.4;, &man.wlan.ccmp.4;, and &man.wlan.tkip.4;.
+ The &man.wlan.ccmp.4; and &man.wlan.tkip.4; drivers are
+ only needed when using the <acronym>WPA</acronym> or
+ 802.11i
+ security protocols. If the network does not use
+ encryption, &man.wlan.wep.4; support is not needed. To
load these modules at boot time, add the following lines to
<filename>/boot/loader.conf</filename>:</para>
@@ -884,17 +894,18 @@ route_net2="-net 192.168.1.0/24 192.168.
wlan_ccmp_load="YES"
wlan_tkip_load="YES"</programlisting>
- <para>With this information in the system bootstrap
- configuration file (i.e.,
- <filename>/boot/loader.conf</filename>), you have to reboot
- your &os; box. If you do not want to reboot your machine
- for the moment, you can load the modules by hand using
+ <para>Once this information has been added to
+ <filename>/boot/loader.conf</filename>, reboot
+ the &os; box. Alternately,
+ load the modules by hand using
&man.kldload.8;.</para>
<note>
- <para>If you do not want to use modules, it is possible to
+ <para>For users who do not want to use modules, it is
+ possible to
compile these drivers into the kernel by adding the
- following lines to your kernel configuration file:</para>
+ following lines to a custom kernel configuration
+ file:</para>
<programlisting>device wlan # 802.11 support
device wlan_wep # 802.11 WEP support
@@ -907,12 +918,13 @@ options AH_SUPPORT_AR5416 # enable AR541
device ath_rate_sample # SampleRate tx rate control for ath</programlisting>
<para>With this information in the kernel configuration
- file, recompile the kernel and reboot your &os;
+ file, recompile the kernel and reboot the &os;
machine.</para>
</note>
- <para>When the system is up, we could find some information
- about the wireless device in the boot messages, like
+ <para>Information
+ about the wireless device should appear in the boot
+ messages, like
this:</para>
<screen>ath0: <Atheros 5212> mem 0x88000000-0x8800ffff irq 11 at device 0.0 on cardbus1
@@ -924,11 +936,12 @@ ath0: AR2413 mac 7.9 RF2413 phy 4.5</scr
<sect2>
<title>Infrastructure Mode</title>
- <para>The infrastructure mode or BSS mode is the mode that is
+ <para>Infrastructure (<acronym>BSS</acronym>) mode is the
+ mode that is
typically used. In this mode, a number of wireless access
points are connected to a wired network. Each wireless
- network has its own name, this name is called the SSID of the
- network. Wireless clients connect to the wireless access
+ network has its own name, called the <acronym>SSID</acronym>.
+ Wireless clients connect to the wireless access
points.</para>
<sect3>
@@ -937,12 +950,12 @@ ath0: AR2413 mac 7.9 RF2413 phy 4.5</scr
<sect4>
<title>How to Find Access Points</title>
- <para>To scan for networks, use the
- <command>ifconfig</command> command. This request may
- take a few moments to complete as it requires that the
- system switches to each available wireless frequency and
- probes for available access points. Only the super-user
- can initiate such a scan:</para>
+ <para>To scan for available networks, use
+ &man.ifconfig.8;. This request may
+ take a few moments to complete as it requires the
+ system to switch to each available wireless frequency and
+ probe for available access points. Only the superuser
+ can initiate a scan:</para>
<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>ath0</replaceable></userinput>
&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> up scan</userinput>
@@ -951,15 +964,17 @@ dlinkap 00:13:46:49:41:76 11
freebsdap 00:11:95:c3:0d:ac 1 54M -83:96 100 EPS WPA</screen>
<note>
- <para>You must mark the interface <option>up</option>
- before you can scan. Subsequent scan requests do not
- require you to mark the interface up again.</para>
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-projects
mailing list