Network Administration

Introduction

Network administration involves designing, implementing, and maintaining network infrastructure to ensure reliable and secure communication. This guide covers essential network administration concepts and practices.

Key Areas:

  • Network design
  • Protocol configuration
  • Security implementation
  • Performance monitoring
  • Troubleshooting
  • Documentation

Network Configuration

Interface Configuration

# Linux network configuration
cat << EOF > /etc/netplan/01-netcfg.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    eth0:
      dhcp4: no
      addresses:
        - 192.168.1.100/24
      gateway4: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
    eth1:
      dhcp4: no
      addresses:
        - 10.0.0.100/24
      routes:
        - to: 10.0.1.0/24
          via: 10.0.0.1
EOF

netplan apply

# Enable IP forwarding
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p

# Configure network bonding
cat << EOF > /etc/netplan/02-bonding.yaml
network:
  version: 2
  bonds:
    bond0:
      interfaces: [eth0, eth1]
      parameters:
        mode: 802.3ad
        lacp-rate: fast
        mii-monitor-interval: 100
EOF

VLAN Configuration

! Configure VLANs
vlan 10
  name DATA
vlan 20
  name VOICE
vlan 30
  name MANAGEMENT

! Configure trunk port
interface GigabitEthernet1/0/1
  switchport mode trunk
  switchport trunk allowed vlan 10,20,30
  spanning-tree portfast trunk

! Configure access port
interface GigabitEthernet1/0/2
  switchport mode access
  switchport access vlan 10
  spanning-tree portfast

! Configure inter-VLAN routing
interface vlan 10
  ip address 192.168.10.1 255.255.255.0
interface vlan 20
  ip address 192.168.20.1 255.255.255.0
interface vlan 30
  ip address 192.168.30.1 255.255.255.0

Routing & Switching

Dynamic Routing

! Configure OSPF
router ospf 1
  router-id 1.1.1.1
  network 192.168.1.0 0.0.0.255 area 0
  network 10.0.0.0 0.0.0.255 area 0
  default-information originate

! Configure BGP
router bgp 65000
  neighbor 192.168.1.2 remote-as 65001
  neighbor 192.168.1.2 update-source loopback0
  address-family ipv4
    network 192.168.0.0 mask 255.255.0.0
    neighbor 192.168.1.2 activate

! Configure route redistribution
router ospf 1
  redistribute bgp 65000 subnets
router bgp 65000
  redistribute ospf 1

Switch Configuration

! Configure spanning tree
spanning-tree mode rapid-pvst
spanning-tree vlan 1-4094 priority 4096

! Configure port security
interface range GigabitEthernet1/0/1-48
  switchport port-security
  switchport port-security maximum 2
  switchport port-security violation restrict
  switchport port-security mac-address sticky

! Configure storm control
interface GigabitEthernet1/0/1
  storm-control broadcast level 20
  storm-control multicast level 30
  storm-control unicast level 40

Firewall Management

IPTables Configuration

# Basic firewall setup
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow SSH
iptables -A INPUT -p tcp --dport 22 -j ACCEPT

# Allow HTTP/HTTPS
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

# Allow DNS
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT

# NAT configuration
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Save rules
iptables-save > /etc/iptables/rules.v4

NFTables Configuration

# Basic nftables setup
nft flush ruleset

nft add table inet filter
nft add chain inet filter input { type filter hook input priority 0 \; }
nft add chain inet filter forward { type filter hook forward priority 0 \; }
nft add chain inet filter output { type filter hook output priority 0 \; }

# Default policies
nft add rule inet filter input ct state established,related accept
nft add rule inet filter input ct state invalid drop

# Allow SSH, HTTP, HTTPS
nft add rule inet filter input tcp dport {22, 80, 443} accept

# Allow DNS
nft add rule inet filter input udp dport 53 accept
nft add rule inet filter input tcp dport 53 accept

# Save rules
nft list ruleset > /etc/nftables.conf

Network Troubleshooting

Diagnostic Tools

# Network connectivity
ping -c 4 8.8.8.8
traceroute google.com
mtr google.com

# DNS resolution
dig google.com
nslookup google.com
host google.com

# Port scanning
nmap -sS -p- 192.168.1.100
netstat -tuln
ss -tuln

# Packet capture
tcpdump -i eth0 -n
tcpdump -i eth0 port 80
tcpdump -i eth0 host 192.168.1.100

# Network statistics
iftop -i eth0
nethogs eth0
iptraf-ng

Performance Analysis

# Bandwidth testing
iperf3 -s                  # Server
iperf3 -c server_ip        # Client

# MTU testing
ping -M do -s 1472 server_ip

# Network load
netstat -s                 # Protocol statistics
netstat -i                 # Interface statistics

# Quality of Service
tc qdisc show
tc -s qdisc show dev eth0

# Interface statistics
ethtool -S eth0
ethtool -g eth0           # Ring buffer
ethtool -k eth0           # Offload parameters

Best Practices

Network Design:

  • Network segmentation
  • Redundancy planning
  • Scalability considerations
  • Security zones
  • Quality of Service
  • Documentation

Security:

  • Access control lists
  • VPN implementation
  • Network monitoring
  • Intrusion detection
  • Regular audits
  • Security policies

Maintenance:

  • Change management
  • Backup configurations
  • Performance monitoring
  • Regular updates
  • Documentation
  • Disaster recovery