Network Host Administration Guide

This document is a brief tutorial on the process of configuring and administering a host connected to the UVa TCP/IP Internet. It is assumed that the host is already physically connected to the network and that the reader is familiar with the general system administration of the target host. This tutorial is written for the novice system administrator but a Table of Contents is provided for more experienced readers.

Preliminary Tasks

Before you can begin to actually configure the software on your host, you must select a name for the machine and receive a network address. The host's name is used by humans and the mail system to access your computer while the IP address provides an analogous function for computer-to-computer communication.

Computer System Names

The University follows the Internet standard Domain Name System (DNS). DNS is a distributed hierarchical scheme which breaks down the full name of a University host into three components. The first part of name is chosen by the host administrator. This name must be unique across all hosts in your department. The second component of the host name is fixed by the name of your department. The third part of the name is the same for all University hosts and specifies that the host is operated by the University of Virginia. For example, the host name juno.acc.Virginia.EDU has the following components:

  • juno - the name of the host.
  • acc - the department that operates the system
  • Virginia.EDU - the host belongs to UVa (Virginia), part of the Education (EDU) domain

The name of the host is chosen by the host administrator. Problems associated with duplicate names are resolved by the department Chairman or administrator. The department designation is taken from the course catalog abbreviation when possible and is otherwise selected by the department on an availability basis. These designations are administered by the office of Information Technology and Communications.

Network Address Administration

For proper operation, the TCP/IP protocol suite requires that each host on a network have a unique IP address. Some portions of this address are specified by the University's network administration while other parts are assigned to the University by the national network administrators.

IP Addresses

An IP address is a four byte number which is usually specified with each byte expressed individually, in decimal, separated by dots. The first two bytes of most IP addresses at UVa were specified by the national network as 128 and 143. The third byte is used to specify which subnet the computer system is attached to. A subnet typically describes the physical ethernet that the host is attached to. The final byte selects an individual host. For example, juno.acc.Virginia.EDU, a primary UVa server machine, has an IP address of 128.143.22.119. The first field (128.143) specifies that juno is a system at the University of Virginia. This is roughly analogous to a telephone area code. The next field (22) explains that the host is connected to a network in Carruthers Hall. The telephone analogy for this portion of the address is the exchange part of the phone number. Finally, the host number for the computer is 119.

Obtaining an IP Address

Due to the shortage of IP address space and the rapidly growing number of hosts connected to UVANet, current ITC policy is that static IP addresses will be assigned only to those machines that must have one in order to operate properly. All other hosts must obtain their IP address from the DHCP server. This means that most PCs, Macintoshes, and machines using the Linux operating system will obtain an IP address from the DHCP server. Software licensing that depends on a static IP address should be avoided, and cannot be supported. If you believe that an IP address obtained from the DHCP server will not serve your needs, send email to hostmaster@virginia.edu explaining why it will not serve your needs.

To obtain a static IP address for your host, you must complete this form: UVa IP Address Request Form

If you have any difficulty with the form, please send electronic mail to hostmaster@Virginia.EDU.

Configuring Your Host

Since the commands used to perform the actual network configuration vary from host to host, this section discusses the configuration process in terms of concepts rather than commands. The network configuration manual from your vendor, coupled with this document, should enable you to properly configure your host.

Address Resolution Protocol

The Address Resolution Protocol (ARP) is used by the host to map ethernet addresses to IP addresses. The vast majority of hosts always have ARP enabled. If your host has a configuration option for ARP, you should enable it.

The Network Mask and Subnetting

The network mask is used by the host to distinguish the subnet part of the IP address from the host number. The network mask on many UVa subnets is 255.255.0.0. This is set automatically with DHCP; when a static address has been assigned the email from hostmaster will contain the correct subnet mask.

On some hosts, you may need to specify this number as a hexidecimal string (for example, 0xFFFFFF00).

Routing, RIP, and the Default Gateway

To communicate with computers attached to different networks at UVa and around the world, your host will need to route its traffic through your local network's gateway. Your host can learn the address of this gateway by either using the RIP routing protocol or with a static configuration.

The recommended procedure is to configure a default route to the gateway address.

In general, the gateway address will be 128.143.xxx.1, where xxx is the quartet representing the subnet your machine is on. The gateway address is set automatically with DHCP. When a static address is assigned, the email from hostmaster will contain the appropriate gateway address.

Nameservers and Host Tables

Most networking software is capable of accessing the Domain Name System (DNS), the Internet's distributed host name database. If you are not familiar with the details of the DNS, you should configure your host to use only a resolver. This is typically done on UNIX systems by placing the IP addresses of UVa domain name servers in the file /etc/resolv.conf. Other operating systems usually provide a similar mechanism to enter the server addresses. The following addresses, shown in the format of an /etc/resolv.conf file should be used in the order listed below:

  1. nameserver 128.143.2.7
  2. nameserver 128.143.22.119
  3. nameserver 128.143.3.7

The first two of these servers are located directly on the primary network backbone and thus have high availability. Some UVa departments operate name servers for their subdomains. If your department operates such a server, the hostmaster will provide you with the necessary information to access it.

Unfortunately, some implementations of the TCP/IP protocol suite do not provide access to the DNS. If you have such an implementation, the first thing to do is to complain to the vendor and demand that they provide functional networking software. If all of your attempts to get better software from the vendor fail, you should contact hostmaster@virginia.edu for instructions on the best way to access host tables. Full UVa and partial internet host tables are available for anonymous ftp from ftp.Virginia.EDU.

Because of the potential for abuse, DNS nameservers at UVa should not provide recursive query service to clients from outside the UVa network. If your machine is running a caching name server, you should restrict it to answering queries only from itself and whatever networks you need to provide service to.

This can be accomplished within ISC BIND (versions 8 and 9) with the following statements in the named.conf file:

acl "dorms" { 199.111.160/19; 199.111.192/18; };
  acl "uva" { localhost; 128.143/16; 137.54/16; 172.16/12; };
options
  allow-query { "uva"; "dorms"; };
  };

A caching server that is needed only by the box it is running on should be restricted further:

options {
  allow-query { localhost; };
  };

Time Servers

Many hosts support time-of-day synchronization over their TCP/IP networks. Uva provides four public servers which are kept synchronized to within less than one second of the correct time. These servers are:

  • ntp1.Virginia.EDU
  • ntp2.Virginia.EDU
  • ntp3.Virginia.EDU
  • ntp4.Virginia.EDU

These hosts support the Network Time Protocol (NTP) for precise synchronization along with answering the standard UDP time-of-day request on port 37. The hostmaster can direct you to unix software which will access these servers with either protocol. Users may also telnet to port 13 on either of these hosts to receive a human readable version of the time.

White Pages Service

UVa maintains a whois server and an LDAP service.

Security

The general topics of network and computer security are beyond the scope of this guide. This section simply discusses a few factors to keep in mind when adding a host to the network. A local website has more complete information on network security. Monitor that site for updates periodically.

Make sure that all accounts on your system have passwords. Once your system is added to the UVa network, it can be accessed from many thousands of computers around the world. Passworded accounts are a reasonable precaution against unauthorized access.

Disable the Trivial File Transfer Protocol (TFTP). Many TFTP implementations leave your system vulnerable to both accidental and deliberate abuse. If you must use it and your system supports a security mode limiting information access use that configuration.

Electronic Mail

The university has a Central Mail System (CMS) that can be used by any member of the UVa community. Virus protection mechanisms are implemented on that system, and are updated daily. Due to issues of both security and reliability, use of this centralized resort is recommended rather than configuration of a local server as an email host.

USENET News

Usenet news was retired from service on December 19, 2007. Information about alternative ways to access newsgroup content, including a UVa want ads site now on UVaCollab, is available online.

Anonymous FTP

The University-wide anonymous FTP server, ftp.Virginia.EDU, was retired from service on October 30, 2007. For UVa users, alternative storage space and FTP functionality options include the Home Directory Service (HDS), UVaCollab (a free service that may be used to share files both within the University (local) and with non-University community members (remote)), SharePoint (part of the Exchange for-fee service), and personal Web space (www.people.virginia.edu).

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.