【Dry goods】A collection of common network commands necessary for network engineers, vomiting blood and sorting!

Ping command

Ping is a very frequently used utility used primarily to determine network connectivity. This is useful for determining whether the network is properly connected and the condition of the network connection. Simply put, ping is a test program, if ping runs correctly, it can generally eliminate the network access layer, network card, modem input and output lines, cables, routers, etc., so as to narrow the scope of the problem.

Ping shows the amount of time in milliseconds between sending a request and returning a reply. If the response time is short, it means that the datagram does not have to go through too many routers or networks, and the connection speed is relatively fast. Ping also displays a TTL (Time To Live) value, which can be used to calculate how many routers a packet passes through.

1. Command format

ping the host name

Ping the domain name

Ping the IP address

As shown in the figure, use the ping command to check the connectivity of the computer with IP address 210.43.16.17, in this case the connection is normal. A total of four test packets were sent and four packets were received correctly.

2. Basic application of ping command

In general, users can use a series of ping commands to find out what the problem is, or to verify how the network is working. The following is a typical detection sequence and corresponding possible faults:

① ping 127.0.0.1

If the test is successful, the network card, TCP/IP protocol installation, IP address, and subnet mask settings are normal. If the test is unsuccessful, there is a problem with the TCP/IP installation or setup.

(2) Ping the local IP address

If the test is unsuccessful, there is a problem with the local configuration or installation, and network devices and communication media should be tested, checked and eliminated.

(3) Ping other IPs in the LAN

If the test is successful, the NICs and carriers in the local network are running correctly. However, if 0 loopback replies are received, it means that the subnet mask is incorrect or the NIC is misconfigured, or there is a problem with the cable system.

(4) ping the gateway IP

If this command is answered correctly, it means that the gateway router in the LAN is running and can answer.

(5) Ping the remote IP

If you receive a correct answer, you have successfully used the default gateway. For dial-up Internet users, it means that they can successfully access the Internet (but it is not ruled out that the ISP's DNS will be problematic).

⑥ ping localhost

Local host is the system's network reserved name, which is an alias for 127.0.0.1, and every computer should be able to convert that name to that address. Otherwise, there is a problem in the hosts file (/Windows/host).

(7) ping www.yahoo.com (a famous website domain)

To ping this domain name, the computer must first translate the domain name into an IP address, usually through a DNS server. If there is a failure here, it means that the IP address of the native DNS server is not configured correctly, or the DNS server it is accessing is faulty.

If all of the ping commands listed above work correctly, then the computer will have basically no problem communicating locally and remotely. However, the success of these commands does not mean that all of your network configurations are fine-tuned, for example, some subnet mask errors may not be detected by these methods.

3. Common parameter options for ping commands

ping IP -t: Continuously ping the IP address until it is interrupted by the user in Ctrl C.

ping IP -l 2000: Specifies a specific data length in the ping command (here 2000 bytes) instead of the default 32 bytes.

ping IP -n 20: Pings a specific number of times (in this case, 20).

ipconfig command

The ipconfig utility can be used to display the setting values for the current TCP/IP configuration. This information is typically used to verify that the manually configured TCP/IP settings are correct.

Moreover, if the computer and the local area network use Dynamic Host Configuration Protocol DHCP, use the ipconfig command to know whether your computer has successfully leased an IP address, and if so, you can know what address it has so far, including network configuration information such as IP address, subnet mask and default gateway.

The most commonly used options are given below:

1、ipconfig

When using the ipconfig command without any parameter option, the IP address, subnet mask, and default gateway values of each configured interface are displayed.

2、ipconfig /all

When using the all option, ipconfig can display additional information that it has configured and all used for DNS and WINS servers, and can display the physical address (MAC) built into the local NIC. If the IP address is leased from a DHCP server, ipconfig will display the IP address assigned by the DHCP server and the date the leased address is expected to expire. The picture shows the result window of running the ipconfig /all command.

3、ipconfig /release和ipconfig /renew

These two additional options can only be used on computers that lease an IP address from a DHCP server. If you enter ipconfig /release, the leased IP addresses of all interfaces are redelivered to the DHCP server (return IP addresses). If the user enters ipconfig /renew, the local computer tries to get in touch with the DHCP server and rent an IP address. In most cases, the NIC will be reassigned the same IP address as it was previously given.

ARP command (Address Translation Protocol)

ARP is an important protocol in the TCP/IP protocol family, which is used to determine the physical address of the network card corresponding to the IP address.

With the arp command, it is possible to view the current contents in the ARP cache of the local computer or another computer. In addition, static NIC physical address/IP address pairs can be manually set using the arp command, which can be used to make local static configuration for common hosts such as default gateways and local servers, which helps reduce the amount of information on the network.

By default, an item in the ARP cache is dynamic, and ARP automatically adds the item whenever data is sent to a specified location and the current item does not exist in the cache.

Common command options:

(1) arp –a: Used to view all items in the cache.

(2) arp -a IP: If there are multiple network cards, then use arp -a plus the IP address of the interface to display only the ARP cache items related to the interface.

(3) arp -s IP physical address: manually enter a static item into the ARP cache. The item remains valid during computer boot, or the manually configured physical address automatically updates the item in the event of an error.

(4) arp -d IP: Use this command to manually delete a static project.

traceroute command

Master the skill of measuring routing using the traceroute command, which is used to display the path that a packet takes to reach the destination host.

The basic usage of the traceroute command is to type "tracert host_name" or "tracert ip_address" after the command prompt, where tracert is the name of traceroute on the Windows operating system.

The output has 5 columns:

• The first column is the numeric value of the nth hop that describes the path, that is, the router sequence number along the path;
• The second column is the first round-trip delay;
• The third column is the second round-trip delay;
• The fourth column is the third round-trip delay;
• The fifth column is the name of the router and the IP address of its input port.

If the source receives fewer than 3 packets from any given router (due to packet loss in the network), traceroute places an asterisk after that router number and reports less than 3 round-trip times to that router.

In addition, the tracert command can be used to see the steps or route taken by the network when connecting to the site, and if the network fails, it can be used to see where the problem occurred.

Ponder:

【Test routing for large networks】

(1) Try the "ping www.sina.com.cn" operation several times to compare the IP address of Sina.com. If the IP addresses obtained by the two pings are different, try to consider the reason (such as load balancing). Then, for these different IP addresses, execute the "tracert ip_address" command to observe whether there is a difference in the output of the analysis.

(2) Trace route test for a site in a large network and record the test results. Observe whether the delay of the nth hop is less than that of the nth-1 hop. Try to analyze the reasons (hint: consider the role of each component of delay in the total delay separately).

(3) Test the route from the fixed host to the remote fixed IP address host several times with the traceroute program at different times of the day. Try analyzing and comparing the measurement data to see if the route changes? If so, is it frequent?

route command

Most hosts typically reside on network segments that connect only one router. Since there is only one router, there is no question of choosing which router to use to send packets to a remote computer, and the IP address of that router can be used as the default gateway for all computers on that network segment.

However, when you have two or more routers on your network, you don't necessarily want to rely on the default gateway. You may actually want some remote IP addresses to pass through a particular router and other remote IPs to pass through another router. In this case, the user needs the corresponding routing information, which is stored in the routing table, and each host and each router is equipped with its own unique routing table. Most routers use specialized routing protocols to exchange and dynamically update routing tables between routers.

However, in some cases, items must be manually added to the routing tables on routers and hosts. The route command is used to display, manually add, and modify route table items. The command has the following options:

1、route print

This command is used to display the current items in the routing table, and the output result on a single router CIDR block is shown in the figure.

2、route add

Using this command, you can add a route entry to a route table.

For example, if you want to set a route to the destination network 209.99.32.33, which must pass through 5 router segments, first pass through a router on the local network with a router IP address of 202.96.123.5 and a subnet mask of 255.255.255.224, then the user should enter the following command:

route add 209.99.32.33 mask 255.255.255.224 202.96.123.5 metric 5

3、route change

You can use this command to modify the transmission route of data, but you cannot use this command to change the destination of data. The following example changes the route in the above example to a path containing three network segments:

route add 209.99.32.33 mask 255.255.255.224 202.96.123.250 metric 3

4、route delete

Use this command to delete a route from a routing table.

For example: route delete 209.99.32.33

nslookup command

The function of the command nslookup is to query the IP address of any machine and its corresponding domain name. It usually requires a name server to provide the domain name. If the user has set up the domain name server, you can use this command to view the domain names corresponding to the IP addresses of different hosts.

(1) Use the nslookup command on the local machine to view the IP address and domain name server address of the local machine.

Type the command directly, the system returns the server name (full name with domain name) and IP address of the machine, and enters the operation command line state with ">" as the prompt; Type "? "You can query detailed command parameters; To exit, type exit.

(2) View the IP of the www.haut.edu.cn. Enter the IP address or domain name to be queried after the prompt and press Enter.

nbtstat command

Use the nbtstat command to view some information about the network configuration on your computer. Using this command, you can also find out some private information on someone else's computer. If you want to view the network information on your computer, you can run nbtstat -n, you can get your workgroup, computer name, network card address, etc.; If you want to see what other computers on the network are doing, run nbtstat -a *.*.*.*.*, where *.*.*.* is replaced by an IP address to return some information on that host.

netstat command

Learn to use the netstat command to understand the current state of the network.

The netstat command displays active TCP connections, ports on which the computer listens, Ethernet statistics, IP routing tables, IPv4 statistics (for IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for IPv6, ICMPv6, TCP over IPv6, and UDP protocols). When used without parameters, netstat displays active TCP connections.

Here are some common options for netstat:

(1) The netstat –a:-a option displays a list of all valid connections, both established and those that listen for connection requests.

(2) netstat –n: Lists IP addresses in dotted decimal form, not symbolic hostnames and network names.

(3) The netstat -e:-e option is used to display statistics about Ethernet. It lists items such as the total number of bytes of packets sent, the number of errors, the number of drops, the number of packets, and the number of broadcasts. These statistics include both the number of packets sent and the number of packets received. Use this option to count some basic network traffic.

(4) The netstat -r:-r option can display information about the routing table, similar to what you see when the route print command. In addition to displaying valid routes, the currently valid connections are also displayed.

The above figure shows a route table, where: Network destination represents the destination network, and 0.0.0.0 represents the unknown network, which is automatically generated by the system after setting the default gateway; 127.0.0.0 indicates the local network address, which is used for testing; 224.0.0.0 indicates the multicast address; 255.255.255.255 restricts broadcast addresses; Netmask represents the netmask, Gateway represents the gateway, Interface represents the interface address, and Metric represents the number of route hops.

(5) The netstat -s:-s option displays its statistics separately for each protocol. This allows you to see what connections the computer currently has on the network, details of how packets are sent and received, and so on. If your application, such as a web browser, is running slowly, or if you cannot display data such as Web pages, you can use this option to view the information displayed. Look closely at the rows of the statistics to find the keywords that went wrong and determine what the problem is.

Wanwen analyzes the principle of flow table forwarding in OpenVswitch

2023-04-11 17:33·Operation and maintenance farah order

Over the past 10 years, virtualization has changed the way applications, data, and services are deployed. According to a 2016 report by Gartner[1], 80% of x86 workloads are already virtualized, most of which are virtual machines, but the proportion of containers is growing at a rapid rate.

The virtualization of servers has brought fundamental changes to data center networks. On top of the traditional data center network architecture, a new access layer has emerged, located within the physical servers. This new access layer contains devices that are vSwitches running on x86 servers that connect multiple workloads (including containers and VMs) within a server.

An early representative of vSwitch was Linuxbridge, which was designed to provide basic network connectivity, so it simply simulated the behavior of the ToR switch and plugged itself into the existing physical network. The advantage of this implementation is that the theory and protocols of existing physical networks can be applied directly without the need for repeated design. The disadvantage is that as an extension of the physical network, the virtual workload network is tightly coupled with the physical network, which affects the advantages brought by virtualization itself, such as flexible and fast onboarding.

With the advent of network virtualization, another possibility is available for networks that connect virtual workloads. The physical network is still managed by the physical network device, and the network of virtual workers is managed separately by vSwitch, and a separate overlay network (e.g. VxLAN) is defined on top of the existing physical network (underlay). This overlay network is not controlled by physical network devices, but is completely controlled by vSwitch.

OpenVSwitch is based on this design idea. OpenVSwitch is a multi-layered, open-source virtual switch. However, so far, LinuxBridge also supports VxLAN, and OpenVSwitch can also support VLANs corresponding to physical networks, FLAT networks.

OpenFlow

In addition to the idea of overlay-based networking, another major feature of OpenVSwitch is that it is based on OpenFlow.

Traditional switches, whether hardware or software, have functions that are pre-built-in, and when you need to use a function, you can configure it accordingly. OpenVSwitch implements the programmability of the switch through OpenFlow. OpenFlow can define the processing flow of network packets in the switch, so the functions of OpenFlow-enabled switches are no longer fixed, and OpenFlow can be used to define the functions of OpenVSwitch by software.

OpenFlow processes network packets in the way that multiple tables work serially, as shown in the following diagram.

OpenFlow flexibility is an essential part of implementing SDN, but in some real-world scenarios, the corresponding OpenFlow pipeline can become very long because of the many and complex functions involved. Intuitively, the longer the pipeline, the longer it takes to process a network packet. This is a problem for OpenFlow from theory to practice, and OpenVSwitch has tried many optimizations for this.

For a Linux system, it can be divided into user space and kernel space, and network devices are connected to kernel space. If data needs to be transferred to the user program, it needs to be sent up to the user space through the kernel space, and if the data needs to be forwarded between network devices, it can be done directly in the kernel space.

As a software switch running on an x86 server, intuitively, forwarding should be implemented in kernel space. Therefore, OpenVSwitch implemented all OpenFlow processing in the Linux kernel module in the earliest days. At that time, the OpenVSwitch kernel module received network packets, matched them step by step according to OpenFlow rules, and modified network packets according to Action, and finally sent them from a network device.

But this approach was soon deemed unrealistic. First, while the kernel implementation can shorten the path of network packets to the operating system, it is more difficult to develop and update the program in the kernel, and at the speed of OpenVSwitch updates, it will become impractical to implement it entirely in the kernel. Secondly, processing network packets completely according to OpenFlow pipeline is bound to consume a lot of CPU, which will reduce network performance.

Therefore, the latest version of OpenVSwitch (version 2.x) takes a very different approach to avoiding these problems.

OpenVSwitch architecture

Now OpenVSwitch consists of three main parts:

• ovsdb-server: OpenFlow itself is designed as a process of network packets, it does not take into account the configuration of software switches, such as configuring QoS, associating SDN controllers, etc. ovsdb-server complements OpenVSwitch's OpenFlow implementation by serving as the configuration database for OpenVSwitch and holding persistent data for OpenVSwitch.
• ovs-vswitchd: A forwarding program that runs in user space and receives OpenFlow rules issued by the SDN controller. It also informs the OVS kernel module how to handle network packets.
• OVS kernel module: A forwarder that runs in kernel space and processes network packets according to the instructions of ovs-vswitchd

OpenVSwitch has a fast path and a slow path. where ovs-vswitchd represents the slow path, and the OVS kernel module represents the fast path. OpenFlow is now stored in the slow path, but for fast forwarding, network packets should be forwarded in the fast path as much as possible. Therefore, OpenVSwitch completes the forwarding according to the following logic.

When the first network packet (first packet) of a network connection is sent, the OVS kernel module receives the packet first. But the kernel module doesn't know what to do with this package yet, because all OpenFlow have ovs-vswitchd, so its default behavior is to send this package to ovs-vswitchd. ovs-vswitchd processes network packets through the OpenFlow pipeline and sends them back to the OVS kernel module, while ovs-vswitchd generates a string of datapath actions similar to OpenFlow Action, but simpler. This string of datapath actions is sent together to the OVS kernel module. Because all network packet characteristics (IP, MAC, port number) of the same network connection are the same, when the OVS kernel module receives other network packets, it can directly apply datapath actions. Therefore, the OVS kernel module is decoupled from the OpenFlow protocol here, and small changes to OpenFlow do not affect the kernel module.

In this way, the previous problem was successfully solved. First of all, the kernel module does not care about OpenFlow changes and does not need to consider OpenVSwitch code updates, which is done in ovs-vswitchd. Secondly, in the entire network connection, only the first packet needs to be processed by the OpenFlow pipeline, and the rest of the packets match the characteristics of the network packet in the kernel module and directly apply the datapath action to complete forwarding.

The OVS kernel module keeps a record of datapath actions by caching. Slightly earlier kernel modules implemented a cache called microflow, which is a hash map, and the key is the hash value corresponding to all OpenFlow possible matching values, including network layer 2-4 header data and some other metadata such as in_port, value is the datapath action. The hash map can realize the lookup time of O(1), which can achieve efficient lookup forwarding in the OVS kernel module.

It may seem like a perfect solution, but there are some problems when it comes to practical applications.

So how can this problem be solved? Let's take a closer look!

OpenVSwitch, whether it is the ovs-vswitchd in user space or the kernel datapath in kernel space, the core is to implement a lookup algorithm. For ovs-vswitchd, you need to find OpenFlow rules from one OpenFlow Table to another according to the characteristics of network packets (layer 2-4 packet headers, metadata). For kernel datapaths, it is also necessary to find datapath actions from the cache based on the characteristics of network packets. OpenVSwitch implements a unified lookup algorithm: TSS (Tuple Space Search), which is essentially a hash lookup algorithm.

Send a private message to the editor, send a "data package", and receive the network engineer entry package

For more networkers to improve dry goods, please pay attention to the public number: Operation and Maintenance Fara