GENERAL NETWORKING
Many of the Internet networking protocols widely used today were originally developed on BSD systems. The celebrated "Berkeley tapes", originally sent out from the University of California at Berkeley, dramatically advanced the state of the art for computer to computer communications. Even without this historical background, BSD system administrators are often looked upon as some of the most knowledgeable networking professionals in their organizations.
The BSDP candidate must be well versed in all aspects of IP networking, must be able to rapidly configure multiple computer systems to communicate using IP based protocols, and troubleshoot various problems when communication fails.
3.7.1. Configure networking with PPP or PPPoE.
Importance: 2.9, Frequency: 1.5, Bloom: K,C,A
Concept:
Point to Point Protocol (PPP) allows dialup modems to access the Internet over telephone lines. PPP over Ethernet (PPPoE) is used by some DSL modems to access the Internet.
BSDP candidates should be able to configure their BSD system of choice for either outbound or incoming PPP or outbound PPPoE. They should also understand general concepts such as PAP and CHAP authentication and PPPoE service tags.
Practical:
ppp(4) or (8)
FreeBSD: pppctl(8), pppoed(8)
NetBSD: pppd(8), pppoectl(8), ifconfig(8)
OpenBSD: pppd(8), pppoe(4) and (8)
Estimated Time:
20 minutes to configure a BSD system to use PPP or PPPoE according to a specification.
3.7.2. Configure BSD system to be a router.
Importance: 4.1, Frequency: 2.0, Bloom: K,C,A
Concept:
BSD systems containing multiple interfaces are capable of forwarding packets between interfaces. This capability is turned off by default as required by RFC 1122.
BSDP candidates should be able to configure a system to perform packet forwarding and configure routing table routes to individual hosts or networks using the utilities provided with the BSD system.
Practical:
sysctl(8), sysctl.conf(5), route(8), netstat(1)
Estimated Time:
15 minutes to configure the system for packet forwarding and to configure routes according to a specification.
3.7.3. Configure BSD system to act as a traffic shaper.
Importance: 3.7, Frequency: 1.9, Bloom: K,C,A
Concept:
Traffic shaping is the control of computer network traffic by enforcing different scheduling and queue management policies that apply bandwidth and queue size limitations.
BSDP candidates should be able to configure a traffic shaper on their BSD of choice.
Practical:
altq(4) or (9), pf(4) pf.conf(5), pfctl(8)
FreeBSD and DragonFly BSD: dummynet(4), ipfw(8)
Estimated Time:
20 minutes to configure a BSD system as a traffic shaper according to a specification.
3.7.4. Configure BSD system to act as a bridge.
Importance: 3.4, Frequency: 1.7, Bloom: K,C,A
Concept:
BSD systems have the capability to bridge network interfaces together in order to combine multiple segments using the bridge(4) capability.
BSDP candidates should be able to create a bridge interface, add and delete other interfaces to the bridge, and configure the bridge interface for bridge and port control. Familiarity with the Spanning Tree Protocol (STP) is recommended.
Practical:
bridge(4), ifconfig(8)
NetBSD, OpenBSD: brconfig(8)
Estimated Time:
15 minutes to create and configure the bridge device and to add, delete, or configure additional interfaces according to a specification.
150. Install and configure an H.323 gateway.
Importance: 2.3, Frequency: 1.3, Bloom:
Concept: BSDCG Note: This objective was removed at the 15/5/10 SME session.
Practical:
Estimated Time:
151. Configure BSD system to act as a Wireless Access Point.
Importance: 3.1, Frequency: 1.5, Bloom:
Concept: BSDCG Note: This objective was removed at the 15/5/10 SME session. It should be revisited in 2 years.
Practical:
Estimated Time:
3.7.5. Determine which IP address is abusing the network.
Importance: 4.5, Frequency: 3.1, Bloom: K,C,A
Concept:
Detrimental network activity can take many forms such as packet overloading, SYN flooding, bruteforce login attempts, deliberate packet corruption (fuzzing), Ethernet address duplication, and other abusive activity.
BSDP candidates should be able to identify that detrimental network activity is occurring and identify the IP address or MAC address causing the problem.
Practical:
software of choice from packages/pkgsrc
sysctl(8), dmesg(8), netstat(1), tcpdump(1)
Estimated Time:
10 minutes to identify detrimental network activity and determine the address(es) responsible.
3.7.6. Partition an IP address space for new subnets.
Importance: 4.1, Frequency: 2.3, Bloom: K,C,A
Concept:
Configuring multiple IP subnets within an address space is a key skill for a network or system administrator.
BSDP candidates should be able to create multiple IP address ranges either manually or using their application of choice, according to a specification.
Practical:
software of choice from packages/pkgsrc
Estimated Time:
10 minutes for allocating network subnets within a larger IP address space according to a specification.
3.7.7. Enable network interface IP aliases.
Importance: 4.2, Frequency: 2.5, Bloom: K,A
Concept:
An IP alias is used to associate multiple IP addresses to one network interface. This allows the administrator to configure each IP address to be associated with a different service or purpose.
BSDP candidates should be able to configure two or more IP addresses on a single interface and should be able to identify IP aliases given output from the ifconfig(8) command..
Practical:
ifconfig(8)
Estimated Time:
5 minutes to configure one or more IP aliases on a network interface according to a specification.
3.7.8. Troubleshoot network traffic issues using a sniffer program.
Importance: 4.4, Frequency: 3.2, Bloom: K,C,A
Concept:
Beyond identifying deliberate network abuse, system administrators should be able to identify other network problems such as duplicate IP addresses, DNS resolution issues, routing issues, or MTU packet loss.
BSDP candidates should be able to identify and resolve network traffic issues according to a specification .
Practical:
software of choice from packages/pkgsrc
tcpdump(1), netstat(1), dmesg(8)
Estimated Time:
10 minutes to be able to identify network traffic issues.
3.7.9. View network protocol statistics.
Importance: 4.2, Frequency: 3.2, Bloom: K,C,A
Concept:
Gathering network statistics within a specified time frame can provide important information that can be used in troubleshooting. Commonly gathered statistics include the number of packets inbound and outbound, packet TTL values, TCP vs UDP packet usage, and ICMP packet utilization.
BSDP candidates should be able to use the utilities present on a BSD system to view network protocol statistics.
Practical:
netstat(1), systat(1)
Estimated Time:
10 minutes to gather network statistics according to a specification.
3.7.10. Change network parameters such as TTL and MTU.
Importance: 3.6, Frequency: 1.9, Bloom: K,C,A
Concept:
Certain network parameters, such as the packet Time To Live (TTL) and the Maximum Transmission Unit (MTU), are adjustable on BSD systems. Adjusting network parameters is generally done only when needed, but is essential in certain circumstances.
BSDP candidates should be familiar with the network parameters that are tunable on their BSD system. Candidates should be aware of the implications of tuning network stack parameters and should be able to configure network parameters as needed.
Practical:
sysctl(7) or (8), ifconfig(8)
Estimated Time:
10 minutes to adjust and test network parameters according to a specification.
3.7.11. Configure interface for special options or media types.
Importance: 3.4, Frequency: 1.8, Bloom: K,C,A
Concept:
Physical network interfaces often have special modes or options that can be set for specific operations. Examples include full duplex mode to enable simultaneous use of transmit and receive channels, transmission speed and media types, and other specialized options.
BSDP candidates should know how to configure interfaces for various modes of operation and should also know how to determine the full range of options available.
Practical:
ifconfig(8)
Estimated Time:
10 minutes to find mode and option information and to configure the interface according to a specification.
3.7.12. Join the system to an IPv6 network.
Importance: 3.3, Frequency: 1.8, Bloom: K,C,A
Concept:
IP version 6 (IPv6) is designed as the successor to IP version 4 (IPv4), as explained in RFC 2460. IPv6 uses several addressing modes and an IP addressing format that consists of a 128 bit address with a flexible notation syntax. See RFC 3513 for a complete description and examples.
BSDP candidates should understand the basics of IPv6 addressing and should be able to configure an IPv6 address on a network interface. Candidates should also be able to use IPv6-enabled programs to test network communications on a local network.
Practical:
ip6(4), inet6(4), ifconfig(8), ping6 or (8), telnet(1), ssh(1), rc.conf(8), ndp(8)
Estimated Time:
15 minutes to configure and test an interface to use an IPv6 address according to a specification.
3.7.13. Configure network interface for multiple VLANs
Importance: 3.7, Frequency: 2.1, Bloom: K,C,A
Concept:
Virtual LANs (VLANs, defined by IEEE 802.1Q) are used to separate packet traffic on an interface into separate streams based on a tagging scheme. BSD systems have the capability to create, interpret, and operate on VLAN tags.
BSDP candidates should be able to create a VLAN interface, and use VLAN tags to separate network traffic.
Practical:
vlan(4), ifconfig(8)
Estimated Time:
10 minutes to set up a VLAN interface and configure it for one or more VLANs according to a specification.
3.7.14. Configure the system to restrict ICMP types.
Importance: 3.3, Frequency: 1.8, Bloom: K,C,A
Concept:
ICMP uses several message types and codes to relay messages between networked systems. Many security policies specify the restriction of certain ICMP message types.
BSDP candidates should be familiar with ICMP and which message types are necessary for successful network communication and which can be restricted for security reasons. Candidates should be able to restrict the use of ICMP on their BSD system of choice.
Practical:
http://www.iana.org/assignments/icmp-parameters
sysctl(8), pf(4), pfctl(8), pf.conf(5)
DragonFly BSD,FreeBSD: blackhole(4)
Estimated Time:
15 minutes to configure a BSD system to restrict ICMP messages types and codes according to a specification.
3.7.15. Configure access to data hosted on Microsoft systems.
Importance: 3.2, Frequency: 1.9, Bloom: K,C,A
Concept:
Accessing file and print services using Common Internet File Services (CIFS), and authenticating to Windows standalone or Active Directory environments, are important capabilities for many enterprises.
BSDP candidates should have a basic understanding of Windows networking capabilities, be able to use compatible protocols to connect to Microsoft systems, authenticate to either standalone servers or servers within a domain environment, and map a Unix directory onto a Windows folder for read-only or read/write access.
Practical:
software of choice from packages/pkgsrc
Estimated Time:
30 minutes to install, test, and configure software on a BSD system to perform read/write file opera-tions on a Microsoft server according to a specification.