SYRACUSE UNIVERSITY INTERNET DEPARTMENTAL ADMINISTRATOR'S GUIDE John M. Wobus Communications & Development Computing & Network Services Syracuse University May 7, 1991 Document Number: DADMIN-2 (c) Syracuse University Computing & Network Services 1991 No warranty is expressed or implied. Permission to copy and use is extended to all. Permission to redistribute is granted under the following conditions: it is not sold for profit; this copy- right notice remains intact; the same permissions extend to the recipient; and if any changes are made, a notice is added so stating. Abstract This guide tells you what you need to know to administer a local area network, a domain, or a gateway on the Syracuse Uni- versity Internet. It does not cover Apple Macintosh networks which are joined to the Internet in a different way than other networks. This guide is intended for technical people responsi- ble for departmental networks and/or a group of departmental com- puters. This guide does not replace the instructions for installing a network or gateway. It merely fills in gaps with data and procedures specific to Syracuse University. Abstract ii Preface Most of the people at Syracuse University who carry out the procedures described in this guide have already learned how to do so without benefit of written procedures. University departments now using the Internet have all ready been through the exercise of setting up a LAN, a gateway, and a domain. This guide will still be of use as a tutorial for additional departments which decide to use the Internet, for new technical personnel in departments currently using the Internet and as a reference for all such technical people. This guide is one of a set of four documents which explain what University departments need to know to participate in the Syracuse University Internet. The other documents are [6] which is a very concise description of everything that makes the Syra- cuse University Internet different than other internet networks, [4] which gives information specific to Syracuse University nec- essary to add your computer or workstation to the Syracuse Uni- versity Internet, and [5] which is a primer on internet concepts and terminology. Syracuse University Internet Departmental Administrator's Guidiii Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . ii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Syracuse University Internet Departmental Administrator's Guide . . . . . . . . . . . . . . . . . . . . . . . . . . 1 What does the Departmental Administrator do? . . . . . . . . 2 Three Tasks . . . . . . . . . . . . . . . . . . . . . . . 3 Why the Department? . . . . . . . . . . . . . . . . . . . 3 Step-by-Step Descriptions of Tasks . . . . . . . . . . . . . 4 Administering a Department's LAN . . . . . . . . . . . . 4 Getting Started . . . . . . . . . . . . . . . . . . . 4 Continuing Work . . . . . . . . . . . . . . . . . . . 5 Administering a Department's Domain . . . . . . . . . . . 6 Getting Started . . . . . . . . . . . . . . . . . . . 6 Continuing Work . . . . . . . . . . . . . . . . . . . 6 Administering an Internet Gateway . . . . . . . . . . . . 7 Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . 9 Appendix A: Contacts . . . . . . . . . . . . . . . . . . . . 10 Syracuse University Internet Administrator: . . . . . . . 10 Appendix B: Future Administration Tasks . . . . . . . . . . 11 Appendix C: Choosing a LAN . . . . . . . . . . . . . . . . . 12 Appendix D: Choosing a Gateway . . . . . . . . . . . . . . . 13 Contents iv Syracuse University Internet Departmental Administrator's Guide The Internet is a world-wide cooperative network made up of many interconnected smaller networks. The Syracuse University Internet is a portion of the Internet that is located at Syra- cuse University. It is made up of several LANs (Local Area Net- works), each of which serves a portion of the University. A sin- gle LAN might serve a building, a hallway, or a single room. All the LANs are connected together by a campus-wide network which is connected, in turn, to a network which serves our region (NYSER- Net, the New York State Educational and Research Network) which is connected via national networks (such as NSFnet) to other regional networks, and through them to other campuses and their LANs. Not all LANs at Syracuse University are part of the Internet. Network programs can only communicate with others of the same "family"(1) so the various University LANs are intended to sup- port programs of one or another particular "family". These include the "internet family" (or the TCP/IP "family") as well as "families" specific to various individual computer and network vendors. Internet networking software has the advantage of tying your computer with virtually all types of computers, and through the Internet, to other Universities and research institutions throughout the world. This guide covers the administrative tasks which fall to Uni- versity departments. It is in two parts: 1. An overview of the work of the Syracuse University Internet Departmental Administrator. This overview does not assume that the reader is familiar with internet networking con- cepts or terminology. 2. Step-by-step descriptions of each of the administrative tasks. These descriptions assume the reader is familiar with internet networking concepts and terminology; an assumption which helps keep the descriptions brief. The concepts and terminology are covered in [5]. Unfortunately, this guide does not cover the administration of Localtalk or PhoneNET networks of Apple Macintosh computers nor the gateways that join them to the Internet. These LANs are joined to the Internet in a way quite different from other LANS. The analogous procedures will be covered by a separate guide or a future version of this guide. ---------------------- (1) Family is not a standard data-communications term. In stan- dard terminology: There are different, incompatible data- communications protocols that any particular piece of network software may support. Syracuse University Internet Departmental Administrator's Guide 1 What does the Departmental Administrator do? The Internet is made up of many smaller networks including numerous building-sized and room-sized networks at Syracuse Uni- versity.(2) Computers served by the Internet are attached to such networks, which are, in turn, tied to each other with special-purpose computers called internet gateways(3) that do nothing but move data between networks, making sure the data con- tinues on the path to its ultimate destination. The Internet is a literal maze of gateways and networks, so the work of the gate- way is not trivial. Making all this work means each computer and each gateway must be configured to know how to direct data through this maze, requiring cooperation among the software sys- tems running the computers and gateways. Any computer or network added to the Internet must be configured to correctly direct data throughout the Internet and must be kept up-to-date to accommo- date the Internet's continual growth and change. Also, informa- tion about such a network or computer must be incorporated in the rest of the Internet so that data can be directed to it.(4) Lastly, computers and/or networks added to the Internet must be added in such a way as not to impair other computers' and net- works' ability to use the Internet. This requires a degree of cooperation between users of the Internet, which is handled through a hierarchy of administration: A single organization, SRI International provides the "top level" coordination for the entire Internet. SRI has delegated the authority to handle some administrative tasks to NYSERNet, giving NYSERNet both the inde- pendence and responsibility to serve its member institutions. Syracuse University has similarly been delegated some responsi- bilities (handled by Computing & Network Services) and further delegates some to University departments. ---------------------- (2) A network that serves a single building or room is known as a LAN or Local Area Network; A larger network, like NSFnet which spans the country is often called a WAN or Wide Area Network. (3) Also called internet routers. (4) At first glance, it may seem useful to withhold such informa- tion for the security of your computer or network in this day and age of viruses and worms: the idea being that you could reach other computers but they could not reach yours. This is not the case: any use of the Internet requires data transmission in both directions. When you sign on to a dis- tant computer through the network, you receive output from the distant computer which the Internet must deliver to your local computer. Even the delivery of electronic mail requires the sending of data in both directions: the two computers continually signal each other that everything is working correctly--standard practice on any network as com- plex as the Internet. Syracuse University Internet Departmental Administrator's Guide 2 Three Tasks There are three main administrative tasks which are delegated to departments: * Administering the department's network(s): the primary task is assigning an internet-style address to each computer or workstation on the network, making sure the addresses func- tion and are safe. * Administering the department's computer- and workstation- names: each computer or workstation associated with the department must have a functional and safe name. A depart- ment may acquire a set of names and administer it themselves though the recommendation is that it leave this task to Com- puting & Network Services. * Administering any internet gateway operated by the depart- ment: internet gateways must be installed properly to cor- rectly direct all data they receive. Not all departments will have all three tasks: name administra- tion is likely to be the first task a department will encounter. There is no reason for the same person to do all three of these tasks though up to now, that has been the case: where a depart- ment already has a professional person to manage its computers, all these tasks are often assigned to that person. Why the Department? Could Computing & Network Services handle these tasks on behalf of the department? In many cases, yes. There are two reasons why these responsibilities are sometimes delegated to departments: * Some University departments want a degree of independent con- trol over their own part of the Internet. * Some University departments own internet networking equipment which also serves non-internet functions which a department would like to administer. The primary example of the second case is department-owned internet gateways. Departmental computers often also serve as internet gateways. Computing & Network Services does not operate departmental computers.(5) Thus, upon request, Computing & Net- work Services will administer networks and names on behalf of a University department, but not a department-owned internet gate- way without special agreement. ---------------------- (5) Not as a general rule. In specific instances, special agree- ments may have been worked out. Syracuse University Internet Departmental Administrator's Guide 3 Step-by-Step Descriptions of Tasks As stated, these descriptions assume some knowledge of inter- net networking concepts and terminology. You may need to read or refer to a primer on internet networking such as [5]. Administering a Department's LAN This description assumes the LAN is an Ethernet, the commonly- used type of LAN used at Syracuse University for hosts that run Unix or VMS. Getting Started Much of the LAN administrator's job may be characterized as coordinating the efforts of the administrators of the hosts on the LAN. To understand their task, you should read [4]. The following instructions assume your LAN has been installed and is attached to at least one internet gateway to reach the rest of the Syracuse University Internet. 1. Contact the Syracuse University Internet Administrator to get a subnet number for your LAN. Subnet "numbers" on the Syracuse University Internet are in the form 128.230.xxx where xxx is a decimal number between 1 and 254 inclusive. Examples of subnet numbers: 128.230.1, 128.230.2, 128.230.123. 2. Assign addresses to each gateway that will serve the LAN. See the comments below on assigning addresses for hosts (under "Continuing Tasks"). A LAN will very often have one gateway, for example, you could give a gateway serving LAN 128.230.55 the address 128.230.55.1. 3. Figure out the broadcast address for the LAN. Standard broadcast addresses on the Syracuse University Internet consist of something like a host address on the subnet, but with 255 in place of the host portion of the address. For example, for subnet 128.230.33, the broadcast address is 128.230.33.255.(6) 4. Figure out a suitable default gateway for the LAN. ---------------------- (6) Some older subnets on the Syracuse University Internet may be using an older style broadcast address with a zero instead of a 255, e.g. 128.230.33.0. Syracuse University Internet Departmental Administrator's Guide 4 If there is only one gateway, then that will be the default gate- way to the LAN and its address will be the default gateway address for the LAN. If there is more than one gateway on the LAN, then you should choose a gateway which attaches your LAN to the major portion of the Syracuse University Internet. 5. Decide whether the LAN will support Proxy ARP. Some hosts have old internet software with no explicit support for subnets. If a LAN supports Proxy ARP, then it can serve such hosts even without their explicit support. On the other hand, every internet gateway ever placed on a Proxy ARP LAN must have an extra feature called Proxy ARP Service, i.e. extra gateway function compensates for lack of function in the hosts. This restricts future expansion as well as makes extra work for the gateways. 6. Give all this information to the LAN's gateways' adminis- trators. 7. Establish a name server on the LAN (optional). Some hosts depend upon name servers to allow their users to refer to other hosts by name. If your LAN has such hosts, then a name server on your LAN would be helpful. It would allow any of your LAN's hosts that depend on name service to function as expected even if your LAN is disconnected from the rest of the Syracuse University Internet (e.g. hardware problems or scheduled mainte- nance). It would also reduce gateway traffic and improve response time for host functions that use name service. Continuing Work 1. Keep track of which of the LAN's internet addresses are in use. 2. When a host is added to the LAN, give the host administra- tor the information he/she needs to configure the host: * An internet address on the LAN unique to the new host. You form an internet address by appending a number between 1 and 127 to your LAN's internet number. For example, if your LAN has internet number 128.230.55, then you can assign the numbers 128.230.55.1, 128.230.55.2, etc. to the hosts and gateways on your LAN.(7) ---------------------- (7) Technically, the subnet mask for the Syracuse University Internet allows you to also use numbers 128 to 254 (both 0 and 255 are reserved for use as broadcast addresses). By avoiding this range, we will have the flexibility in the future to use these numbers to handle additional LANs. Any- one who has a need to place more than 126 hosts on a single Syracuse University Internet Departmental Administrator's Guide 5 * The broadcast address of the LAN. * The internet address of the default gateway for the LAN. * The internet address of any name server on the LAN. * Whether this LAN supports proxy ARP. Other information needed by the host administrator is cov- ered by the [4]. It may be useful to make sure the host administrator has a copy. It may also be useful to keep track of the Ethernet address of each host. You don't normally need them, but knowing which is which can be helpful when fixing network problems. Administering a Department's Domain The official Internet name of each host owned & operated by Syracuse University belongs to a domain called syr.edu. Normal- ly, Computing & Network Services issues names of the form hhhh.syr.edu where hhhh is the "short" name of the computer. Optionally, a department may acquire a set of names of the form hhhh.dddd.syr.edu where dddd is a qualifier issued to the depart- ment. The administration task described here is only for this second option which departments may avoid by foregoing the use of an extra qualifier designating the department. Getting Started Before your department attaches its first host to the Inter- net, contact the Syracuse University Internet Administrator and negotiate a qualifier to designate your department's domain. A domain of names associated with a Syracuse University department has a name of the form dddd.syr.edu where dddd is a qualifier, presumably chosen so that the people who must use the names will associate it with the department. For example, Com- puting & Information Sciences administers a domain called cis.syr.edu and Belfer Lab, called belfer.syr.edu. The depart- ment's qualifier may be no longer than eight characters. Continuing Work ---------------------- LAN should contact the Syracuse University Internet Adminis- trator for advice. Syracuse University Internet Departmental Administrator's Guide 6 1. Assign a unique Internet name within your department's domain to each of your department's hosts as it is attached to the Internet. Names are formed by choosing a name unique to your department, then appending the three qualifiers that designate your depart- ment's domain. If your department's domain were abc.syr.edu, then you could name a host mycomputer.abc.syr.edu, assuming your department had not already used the name for a different host. Some example names are sunrise.acs.syr.edu and cmx.npac.syr.edu. You can administer subdomains within your department. For exam- ple, if your department (abc) has groups within it which you wish to incorporate in the names, you might choose a qualifier (e.g. gamma) and administer your own subdomain gamma.abc.syr.edu (with host-names like mycomputer.gamma.abc.syr.edu, etc.). This is not necessary and we recommend departments avoid it for simplicity's sake. 2. Report assigned names to the Syracuse University Internet Administrator. Indicate the names of any "major" hosts, i.e. multi-user computers that will be receiving electronic mail. The Syracuse University Internet Administrator will do the fol- lowing: * Place the host name in lists host-names which are dis- tributed throughout Syracuse University. * Place the host name in the domain-name system, specifi- cally, in the name server which is authoritative for the syr.edu domain. * Only if it is a major host: Submit the name to the administrators of the Internet-wide list of host-names and addresses. The Internet-wide list of hosts is restricted to save disk and network capacity since it is widely distributed and stored throughout the Internet: if it had all host names it would be at least ten times larger, taking ten times as much space (which would now be at least six megabytes) on each of thousands of hosts across the Internet and would use ten times as much network capacity to distribute it to all those hosts. Administering an Internet Gateway Gateways must follow all the rules of hosts (see [4]) with a few additions: 1. A gateway (by definition) resides on at least two networks. It must follow the rules of both. Syracuse University Internet Departmental Administrator's Guide 7 2. The gateway will have just one default route, which should be "towards" Machinery Hall. Usually the gateway attaches a department's LAN to a LAN provided by Computing & Network Services to connect it to the rest of the Internet. The gateway uses only one of the LANs' default routes: one "towards" the main portion of the Internet. 3. The gateway must receive and send RIP on any LANs that have other gateways (RIP subnets) unless special arrangements have been made with the Syracuse University Internet Admin- istrator. 4. If the gateway receives and sends RIP on the LAN "towards" Machinery Hall, then that LAN must be a RIP subnet. Check with the Syracuse University Internet Administrator to make certain this is the case. 5. The gateway must provide Proxy ARP on any Proxy ARP LANs to which it is attached. Naming gateways is a bit peculiar: a lot of internet software associates a name with the interface between a node and a LAN (thus with an IP address) rather than with the node itself. Since a gateway has two or more interfaces, it is often useful to give it a separate name for each interface. It is useful to choose an "official" gateway name and use it on one interface and use variants of this name for the other interfaces. For example, the gateway isrgate.syr.edu interconnects two networks, thus it has an additional name: isrgate-17.cns.syr.edu (on subnet 128.230.17). Syracuse University Internet Departmental Administrator's Guide 8 Bibliography 1. Braden & Postel Requirements for Internet Gateways. Inter- net RFC 1009. 2. Hedrick, Charles Introduction to Administration of an Internet-based Local Network. Center for Computers and Information Services, Rutgers University. 3. Hedrick, Charles Introduction to Internet Protocols. Center for Computers and Information Services, Rutgers University. 4. Wobus, John M. Syracuse University Internet Host Adminis- trator's Guide. Computing & Network Services, Syracuse Uni- versity. 5. Wobus, John M. Introduction to Internet Networking. Com- puting & Network Services, Syracuse University. 6. Wobus, John M. Syracuse University Internet Standards. Computing & Network Services, Syracuse University. Syracuse University Internet Departmental Administrator's Guide 9 Appendix A Contacts Syracuse University Internet Administrator: +---------------------------------------------------------------+ | John Wobus Phone: 443-4324 | | Internet address: jmwobus@suvm.acs.syr.edu | +---------------------------------------------------------------+ Since one person might be on vacation, as a backup, contact: +---------------------------------------------------------------+ | Phil Green Phone: 443-5775 | | Internet address: pmgreen@suvm.acs.syr.edu | +---------------------------------------------------------------+ Contacts 10 Appendix B Future Administration Tasks There will be changes to the way networks, hosts, and gateways are administered in the future. Below is a list of some that we know about. These changes will solve various problems with Internet administration and performance. We have not adopted them yet because we are waiting for host and gateway software that will accommodate them. * Name service will become more important. More software will use it and eventually it will be the only way host names are distributed throughout the Internet. Syracuse University Internet will have several name servers serving the campus, backing each other up to make the service more reliable than it is now. * Proxy ARP service will be discontinued on all Computing & Network Services gateways. * Future host software will support lists of gateway addresses rather than a single default gateway address. With this, there will be no reason for hosts to listen to RIP or any RIP replacement. * RIP will be replaced by something better. Syracuse University Internet Departmental Administrator's Guide11 Appendix C Choosing a LAN We support Ethernet LANs and suggest that departments use them wherever possible (with one exception). Most computers and gate- ways can support Ethernet, which has become a defacto-standard for the Internet. Other types of LANs may be used, but require much more careful planning to make sure the equipment will be compatible. The exception mentioned above is Farallon's PhoneNET which we recommend for use with Apple Macintosh computers. Choosing a LAN 12 Appendix D Choosing a Gateway Most department-operated internet gateways also serve as com- puters or "file servers". The issues in choosing such a thing will surely be driven by "computer requirements": CPU, memory, and disk capacity as well as software. However, any gateway, whether it also serves as a computer or not, must correctly implement the "internet gateway" function. The best available description of this function is [1]. Ideally, your vendor, on your request, would state in the purchase agreement that their product conforms to [1] and that they agree to make it conform if events prove otherwise. Since few vendors implement it complete- ly, you would do well if you can get them to enumerate which parts they do not implement and/or get a commitment from them to support it (or its successor) in the future. Syracuse University Internet Departmental Administrator's Guide13