A Sodar-based Investigation of the Atmospheric Boundary Layer
3rd Edition: Chapter 1kth/ns.pdf · Networks and Security 2 Table of Contents Student Contributions...
Transcript of 3rd Edition: Chapter 1kth/ns.pdf · Networks and Security 2 Table of Contents Student Contributions...
-
Networks and Security 1
Literature
Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith RossAddison-Wesley, July 2004.
Sicherheit und Kryptographie im Internet:Von sicherer E-Mail bis zu IP-Verschlüsselung,1. Auflage.Jörg Schwenkvieweg, 2002.
-
Networks and Security 2
Table of Contents
Student Contributions 3Introduction (ch. 1) 4Application Layer (ch. 2) 63Transport Layer (ch. 3) 135Network Layer (ch. 4) 162Wireless Networks 209Multimedia (ch. 6) 226Network Security (ch. 7, Schwenk) 236
-
Networks and Security 3
Student Contributions
Topic Page Duration Date Student1. Switch 47 1L KW442. P2P 131 2L KW453. IPv6 206 1L KW474. Multimedia 234 2L KW505. Firewall 300 2L KW026. IDS & IPS 301 2L KW037. Network Scanner 304 2L KW488. Sniffer 308 2L KW519. PGP 319 2L KW0410. WLAN Router 336 2L KW4911. Social Engineering 338 2L KW05
-
Networks and Security 4
Chapter 1: IntroductionOur goal:
get “feel” and terminologymore depth, detail later in courseapproach:
use Internet as example
Overview:what’s the Internetwhat’s a protocol?network edgenetwork coreaccess net, physical mediaInternet/ISP structureperformance: loss, delayprotocol layers, service modelsnetwork modeling
-
Networks and Security 5
Chapter 1: roadmap
1.1 What is the Internet?1.2 Network edge1.3 Network core1.4 Network access and physical media1.5 Internet structure and ISPs1.6 Delay & loss in packet-switched networks1.7 Protocol layers, service models
-
Networks and Security 6
What’s the Internet: “nuts and bolts” viewmillions of connected computing devices: hosts = end systemsrunning network appscommunication links
fiber, copper, radio, satellitetransmission rate = bandwidth
routers: forward packets (chunks of data)
local ISP
companynetwork
regional ISP
router workstationserver
mobile
-
Networks and Security 7
What’s the Internet: “nuts and bolts” view
protocols control sending, receiving of msgs
e.g., TCP, IP, HTTP, FTP, PPPInternet: “network of networks”
loosely hierarchicalpublic Internet versus private intranet
Internet standardsRFC: Request for commentsIETF: Internet Engineering Task Force
local ISP
companynetwork
regional ISP
router workstationserver
mobile
-
Networks and Security 8
What’s the Internet: a service viewcommunication infrastructure enables distributed applications:
Web, email, games, e-commerce, file sharing
communication services provided to apps:
Connectionless unreliableconnection-oriented reliable
-
Networks and Security 9
What’s a protocol?human protocols:
“what’s the time?”“I have a question”introductions
… specific msgs sent… specific actions taken
when msgs received, or other events
network protocols:machines rather than humansall communication activity in Internet governed by protocols
protocols define format, order of msgs sent and received among network
entities, and actions taken on msg
transmission, receipt
-
Networks and Security 10
What’s a protocol?a human protocol and a computer network protocol:
Q: Other human protocols?
Hi
HiGot thetime?2:00
TCP connectionreq
TCP connectionresponseGet http://www.awl.com/kurose-ross
time
-
Networks and Security 11
Chapter 1: roadmap
1.1 What is the Internet?1.2 Network edge1.3 Network core1.4 Network access and physical media1.5 Internet structure and ISPs1.6 Delay & loss in packet-switched networks1.7 Protocol layers, service models
-
Networks and Security 12
A closer look at network structure:
network edge:applications and hostsnetwork core:
routersnetwork of networks
access networks, physical media:communication links
-
Networks and Security 13
The network edge:end systems (hosts):
run application programse.g. Web, emailat “edge of network”
client/server modelclient host requests, receives service from always-on servere.g. Web browser/server; email client/server
peer-peer model:minimal (or no) use of
dedicated serverse.g. Gnutella, KaZaA
-
Networks and Security 14
Network edge: connection-oriented service
Goal: data transfer between end systemshandshaking: setup (prepare for) data transfer ahead of time
Hello, hello back human protocolset up “state” in two communicating hosts
TCP - Transmission Control Protocol
Internet’s connection-oriented service
TCP service [RFC 793]reliable, in-order byte-stream data transfer
loss: acknowledgements and retransmissions
flow control:sender won’t overwhelm receiver
congestion control:senders “slow down sending rate” when network congested
-
Networks and Security 15
Network edge: connectionless service
Goal: data transfer between end systems
same as before!UDP - User Datagram Protocol [RFC 768]:
connectionless unreliable data transferno flow controlno congestion control
App’s using TCP:HTTP (Web), FTP (file transfer), Telnet (remote login), SMTP (email)
App’s using UDP:streaming media, teleconferencing, DNS, Internet telephony
-
Networks and Security 16
Chapter 1: roadmap
1.1 What is the Internet?1.2 Network edge1.3 Network core1.4 Network access and physical media1.5 Internet structure and ISPs1.6 Delay & loss in packet-switched networks1.7 Protocol layers, service models
-
Networks and Security 17
The Network Core
mesh of interconnected routersthe fundamental question: how is data transferred through net?
circuit switching:dedicated circuit per call: telephone netpacket-switching: data sent thru net in discrete “chunks”
-
Networks and Security 18
Network Core: Circuit Switching
End-end resources reserved for “call”link bandwidth, switch capacitydedicated resources: no sharingcircuit-like (guaranteed) performancecall setup required
-
Networks and Security 19
Network Core: Circuit Switchingnetwork resources
(e.g., bandwidth) divided into “pieces”pieces allocated to callsresource piece idle if not used by owning call (no sharing)
dividing link bandwidth into “pieces”
frequency divisiontime division
-
Networks and Security 20
Network Core: Packet Switchingeach end-end data stream
divided into packetsuser A, B packets sharenetwork resourceseach packet uses full link bandwidth resources used as needed
Bandwidth division into “pieces”Dedicated allocationResource reservation
resource contention:aggregate resource demand can exceed amount availablecongestion: packets queue, wait for link usestore and forward: packets move one hop at a time
Node receives complete packet before forwarding
-
Networks and Security 21
Packet switching versus circuit switching
1 Mb/s linkeach user:
100 kb/s when “active”active 10% of time
circuit-switching: 10 users
packet switching: with 35 users, probability > 10 active less than .0004
Packet switching allows more users to use network!
N users1 Mbps link
-
Networks and Security 22
Packet switching versus circuit switching
Great for bursty dataresource sharingsimpler, no call setup
Excessive congestion: packet delay and lossprotocols needed for reliable data transfer, congestion control
Q: How to provide circuit-like behavior?bandwidth guarantees needed for audio/video appsstill an unsolved problem (chapter 6)
Is packet switching a “slam dunk winner?”
-
Networks and Security 23
Packet-switched networks: forwarding
Goal: move packets through routers from source to destinationdatagram network:
destination address in packet determines next hoproutes may change during sessionanalogy: driving, asking directions
virtual circuit network:each packet carries tag (virtual circuit ID), tag determines next hopfixed path determined at call setup time, remains fixed thru callrouters maintain per-call state
-
Networks and Security 24
Chapter 1: roadmap
1.1 What is the Internet?1.2 Network edge1.3 Network core1.4 Network access and physical media1.5 Internet structure and ISPs1.6 Delay & loss in packet-switched networks1.7 Protocol layers, service models
-
Networks and Security 25
Access networks and physical media
Q: How to connect end systems to edge router?residential access netsinstitutional access networks (school, company)mobile access networks
Keep in mind: bandwidth (bits per second) of access network?shared or dedicated?
-
Networks and Security 26
Residential access: point to point access
Dialup via modemup to 56Kbps direct access to router (often less)Can’t surf and phone at same time: can’t be “always on”
ADSL: asymmetric digital subscriber lineup to 1 Mbps upstream (today typically < 256 kbps)up to 8 Mbps downstream (today typically < 1 Mbps)FDM: 50 kHz - 1 MHz for downstream
4 kHz - 50 kHz for upstream0 kHz - 4 kHz for ordinary telephone
-
Networks and Security 27
Residential access: cable modems
HFC: hybrid fiber coaxasymmetric: up to 30Mbps downstream, 2 Mbps upstream
network of cable and fiber attaches homes to ISP router
homes share access to router deployment: available via cable TV companies
-
Networks and Security 28
Residential access: cable modems
Diagram: http://www.cabledatacomnews.com/cmic/diagram.html
-
Networks and Security 29
Cable Network Architecture: Overview
home
cable headend
cable distributionnetwork (simplified)
Typically 500 to 5,000 homes
-
Networks and Security 30
Cable Network Architecture: Overview
home
cable headend
cable distributionnetwork (simplified)
-
Networks and Security 31
Cable Network Architecture: Overview
home
cable headend
cable distributionnetwork
server(s)
-
Networks and Security 32
Company access: local area networks
company/univ local area network (LAN) connects end system to edge routerEthernet:
shared or dedicated link connects end system and router10 Mbs, 100Mbps, Gigabit Ethernet
-
Networks and Security 33
Wireless access networksshared wireless access network connects end system to router
via base station aka “access point”
wireless LANs:802.11b (WiFi): 11 Mbps
wider-area wireless accessprovided by telco operator3G ~ 384 kbps
• Will it happen??WAP/GPRS in Europe
basestation
mobilehosts
router
-
Networks and Security 34
Home networksTypical home network components:
ADSL or cable modemrouter/firewall/NATEthernetwireless accesspoint
wirelessaccess point
router/firewall
wirelesslaptops
cablemodem
to/fromcable
headend
Ethernet
-
Networks and Security 35
Physical Media
Bit: propagates betweentransmitter/rcvr pairsphysical link: what lies between transmitter & receiverguided media:
signals propagate in solid media: copper, fiber, coax
unguided media:signals propagate freely, e.g., radio
Twisted Pair (TP)two insulated copper wires
Category 3: traditional phone wires, 10 Mbps EthernetCategory 5: 100Mbps Ethernet
-
Networks and Security 36
Physical Media: coax, fiber
Coaxial cable:two concentric copper conductorsbidirectionalbaseband:
single channel on cablelegacy Ethernet
broadband:multiple channel on cableHFC
Fiber optic cable:glass fiber carrying light pulses, each pulse a bithigh-speed operation:
high-speed point-to-point transmission (e.g., 5 Gps)
low error rate: repeaters spaced far apart ; immune to electromagnetic noise
-
Networks and Security 37
Physical media: radio
signal carried in electromagnetic spectrumno physical “wire”bidirectionalpropagation environment effects:
reflection obstruction by objectsinterference
Radio link types:terrestrial microwave
e.g. up to 45 Mbps channelsLAN (e.g., Wifi)
2Mbps, 11Mbpswide-area (e.g., cellular)
e.g. 3G: hundreds of kbpssatellite
up to 50Mbps channel (or multiple smaller channels)270 msec end-end delaygeosynchronous versus low altitude
-
Networks and Security 38
Chapter 1: roadmap
1.1 What is the Internet?1.2 Network edge1.3 Network core1.4 Network access and physical media1.5 Internet structure and ISPs1.6 Delay & loss in packet-switched networks1.7 Protocol layers, service models
-
Networks and Security 39
Internet structure: network of networks
roughly hierarchicalat center: “tier-1” ISPs (e.g., UUNet, BBN/Genuity, Sprint, AT&T), national/international coverage
treat each other as equals
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
Tier-1 providers interconnect (peer) privately
NAP
Tier-1 providers also interconnect at public network access points (NAPs)
-
Networks and Security 40
Tier-1 ISP: e.g., SprintSprint US backbone network
-
Networks and Security 41
Internet structure: network of networks
“Tier-2” ISPs: smaller (often regional) ISPsConnect to one or more tier-1 ISPs, possibly other tier-2 ISPs
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
NAP
Tier-2 ISPTier-2 ISP
Tier-2 ISP Tier-2 ISP
Tier-2 ISP
Tier-2 ISP pays tier-1 ISP for connectivity to rest of Internet
tier-2 ISP is customer oftier-1 provider
Tier-2 ISPs also peer privately with each other, interconnect at NAP
-
Networks and Security 42
Internet structure: network of networks
“Tier-3” ISPs and local ISPs last hop (“access”) network (closest to end systems)
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
NAP
Tier-2 ISPTier-2 ISP
Tier-2 ISP Tier-2 ISP
Tier-2 ISP
localISPlocalISP
localISP
localISP
localISP Tier 3
ISP
localISP
localISP
localISP
Local and tier-3 ISPs are customers ofhigher tier ISPsconnecting them to rest of Internet
-
Networks and Security 43
Internet structure: network of networks
a packet passes through many networks!
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
NAP
Tier-2 ISPTier-2 ISP
Tier-2 ISP Tier-2 ISP
Tier-2 ISP
localISPlocalISP
localISP
localISP
localISP Tier 3
ISP
localISP
localISP
localISP
-
Networks and Security 44
Swiss Science Network
http://www.switch.ch/network/map/SWITCHlanbb1.gif
-
Networks and Security 45
Global ConnectivitySWITCH is using three different ways to achieve full Internet connectivity:
national peerings at CIXP and TIXGEANT, providing access to the research and educational community worldwide global transit, provided by Global Crossing (Geneva), Level3 (Geneva) and Telia (Zurich)
The list above is given in order of decreasing preference. National peerings give the shortest round trip delays and thus usually the best performance.
http://www.cixp.ch/http://www.telehouse.ch/http://www.switch.ch/network/geant.htmlhttp://www.gblx.net/http://www.level3.com/http://www.telia.net/
-
Networks and Security 46
Swiss Free ISPs
http://www.freedomlist.com/find.php3?country=140
-
Networks and Security 47
Switch
Student ContributionAufgabe:
• what is switch?• what services are provided?• demonstrate services offered!
Unterlagen• www.switch.ch
Umfang• 1 Lektion
-
Networks and Security 48
Chapter 1: roadmap
1.1 What is the Internet?1.2 Network edge1.3 Network core1.4 Network access and physical media1.5 Internet structure and ISPs1.6 Delay & loss in packet-switched networks1.7 Protocol layers, service models
-
Networks and Security 49
How do loss and delay occur?packets queue in router buffers
packet arrival rate to link exceeds output link capacitypackets queue, wait for turn
A
B
packet being transmitted (delay)
packets queueing (delay)free (available) buffers: arriving packets dropped (loss) if no free buffers
-
Networks and Security 50
Nodal delay
dproc = processing delaytypically a few microsecs or less
dqueue = queuing delaydepends on congestion
dtrans = transmission delay= L/R, significant for low-speed links
dprop = propagation delaya few microsecs to hundreds of msecs
proptransqueueprocnodal ddddd +++=
-
Networks and Security 51
“Real” Internet delays and routes
What do “real” Internet delay & loss look like? Traceroute program: provides delay measurement from source to router along end-end Internet path towards destination. For all i:
sends three packets that will reach router i on path towards destinationrouter i will return packets to sendersender times interval between transmission and reply.
3 probes
3 probes
3 probes
-
Networks and Security 52
“Real” Internet delays and routes
1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms 5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms17 * * *18 * * *19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms
traceroute: gaia.cs.umass.edu to www.eurecom.frThree delay measements from gaia.cs.umass.edu to cs-gw.cs.umass.edu
* means no reponse (probe lost, router not replying)
trans-oceaniclink
-
Networks and Security 53
Packet loss
queue (aka buffer) preceding link in buffer has finite capacitywhen packet arrives to full queue, packet is dropped (aka lost)lost packet may be retransmitted by previous node, by source end system, or not retransmitted at all
-
Networks and Security 54
Chapter 1: roadmap
1.1 What is the Internet?1.2 Network edge1.3 Network core1.4 Network access and physical media1.5 Internet structure and ISPs1.6 Delay & loss in packet-switched networks1.7 Protocol layers, service models
-
Networks and Security 55
Protocol “Layers”Networks are complex!
many “pieces”:hostsrouterslinks of various mediaapplicationsprotocolshardware, software
Question:Is there any hope of organizing structure of
network?
Or at least our discussion of networks?
-
Networks and Security 56
Organization of air travel
a series of steps
ticket (purchase)
baggage (check)
gates (load)
runway takeoff
airplane routing
ticket (complain)
baggage (claim)
gates (unload)
runway landing
airplane routing
airplane routing
-
Networks and Security 57
ticket (purchase)
baggage (check)
gates (load)
runway (takeoff)
airplane routing
departureairport
arrivalairport
intermediate air-trafficcontrol centers
airplane routing airplane routing
ticket (complain)
baggage (claim
gates (unload)
runway (land)
airplane routing
ticket
baggage
gate
takeoff/landing
airplane routing
Layering of airline functionality
Layers: each layer implements a servicevia its own internal-layer actionsrelying on services provided by layer below
-
Networks and Security 58
Why layering?Dealing with complex systems:
explicit structure allows identification, relationship of complex system’s pieces
layered reference model for discussionmodularization eases maintenance, updating of system
change of implementation of layer’s service transparent to rest of systeme.g., change in gate procedure doesn’t affect rest of system
layering considered harmful?
-
Networks and Security 59
Internet protocol stackapplication: supporting network applications
FTP, SMTP, HTTPtransport: host-host data transfer
TCP, UDPnetwork: routing of datagrams from source to destination
IP, routing protocolslink: data transfer between neighboring network elements
PPP, Ethernetphysical: bits “on the wire”
application
transport
network
link
physical
-
Networks and Security 60
messagesegment
datagramframe
sourceapplicationtransportnetwork
linkphysical
HtHnHl MHtHn M
Ht MM
destinationapplicationtransportnetwork
linkphysical
HtHnHl MHtHn M
Ht MM
networklink
physical
linkphysical
HtHnHl MHtHn M
HtHnHl MHtHn M
HtHnHl M HtHnHl M
router
switch
Encapsulation
-
Networks and Security 61
Introduction: Summary
Covered a “ton” of material!Internet overviewwhat’s a protocol?network edge, core, access network
packet-switching versus circuit-switching
Internet/ISP structureperformance: loss, delaylayering and service models
You now have:context, overview, “feel” of networkingmore depth, detail to follow!
-
Networks and Security 62
Chapter 2: Application layer
2.1 Principles of network applications2.2 Web and HTTP2.3 FTP 2.4 Electronic Mail
SMTP, POP3, IMAP2.5 DNS
2.6 P2P file sharing
-
Networks and Security 63
Chapter 2: Application LayerOur goals:
conceptual, implementation aspects of network application protocols
transport-layer service modelsclient-server paradigmpeer-to-peer paradigm
learn about protocols by examining popular application-level protocols
HTTPFTPSMTP / POP3 / IMAPDNS
-
Networks and Security 64
Some network apps
E-mailWebInstant messagingRemote loginP2P file sharingMulti-user network gamesStreaming stored video clips
Internet telephoneReal-time video conferenceMassive parallel computing
-
Networks and Security 65
Creating a network appWrite programs that
run on different end systems andcommunicate over a network.e.g., Web: Web server software communicates with browser software
No software written for devices in network core
Network core devices do not function at app layerThis design allows for rapid app development
applicationtransportnetworkdata linkphysical
applicationtransportnetworkdata linkphysical
applicationtransportnetworkdata linkphysical
-
Networks and Security 66
Chapter 2: Application layer
2.1 Principles of network applications2.2 Web and HTTP2.3 FTP 2.4 Electronic Mail
SMTP, POP3, IMAP2.5 DNS
2.6 P2P file sharing
-
Networks and Security 67
Application architectures
Client-serverPeer-to-peer (P2P)Hybrid of client-server and P2P
-
Networks and Security 68
Client-server architectureserver:
always-on hostpermanent IP addressserver farms for scaling
clients:communicate with
servermay be intermittently connectedmay have dynamic IP addressesdo not communicate directly with each other
-
Networks and Security 69
Pure P2P architecture
no always on serverarbitrary end systems directly communicatepeers are intermittently connected and change IP addressesexample: Gnutella
Highly scalable
But difficult to manage
-
Networks and Security 70
Hybrid of client-server and P2P
NapsterFile transfer P2PFile search centralized:
• Peers register content at central server• Peers query same central server to locate content
Instant messagingChatting between two users is P2PPresence detection/location centralized:
• User registers its IP address with central server when it comes online
• User contacts central server to find IP addresses of buddies
-
Networks and Security 71
Processes communicating
Process: program running within a host.within same host, two processes communicate using inter-process communication (defined by OS).processes in different hosts communicate by exchanging messages
Client process: process that initiates communication
Server process: process that waits to be contacted
Note: applications with P2P architectures have client processes & server processes
-
Networks and Security 72
Sockets
process sends/receives messages to/from its socketsocket analogous to door
sending process shoves message out doorsending process relies on transport infrastructure on other side of door which brings message to socket at receiving process
process
TCP withbuffers,variables
socket
host orserver
process
TCP withbuffers,variables
socket
host orserver
Internet
controlledby OS
controlled byapp developer
API: (1) choice of transport protocol; (2) ability to fix a few parameters
-
Networks and Security 73
Addressing processesFor a process to receive messages, it must have an identifierA host has a unique32-bit IP addressQ: does the IP address of the host on which the process runs suffice for identifying the process?Answer: No, many processes can be running on same host
Identifier includes both the IP address and port numbersassociated with the process on the host.Example port numbers:
HTTP server: 80Mail server: 25
More on this later
-
Networks and Security 74
App-layer protocol defines
Types of messages exchanged, eg, request & response messagesSyntax of message types: what fields in messages & how fields are delineatedSemantics of the fields, ie, meaning of information in fieldsRules for when and how processes send & respond to messages
Public-domain protocols:defined in RFCsallows for interoperabilityeg, HTTP, SMTP
Proprietary protocols:eg, KaZaA
-
Networks and Security 75
What transport service does an app need?
Data losssome apps (e.g., audio) can tolerate some lossother apps (e.g., file transfer, telnet) require 100% reliable data transfer
Timingsome apps (e.g., Internet telephony, interactive games) require low delay to be “effective”
Bandwidthsome apps (e.g., multimedia) require minimum amount of bandwidth to be “effective”other apps (“elastic apps”) make use of whatever bandwidth they get
-
Networks and Security 76
Transport service requirements of common apps
Application
file transfere-mail
Web documents
Data loss
no lossno lossno lossloss-tolerant
loss-tolerantloss-tolerantno loss
Bandwidth
elasticelasticelasticaudio: 5kbps-1Mbpsvideo:10kbps-5Mbpssame as above few kbps upelastic
Time Sensitive
nononoyes, 100’s msec
yes, few secsyes, 100’s msecyes and no
real-time audio/video
stored audio/videointeractive gamesinstant messaging
-
Networks and Security 77
Internet transport protocols services
TCP service:connection-oriented: setup required between client and server processesreliable transport between sending and receiving processflow control: sender won’t overwhelm receiver congestion control: throttle sender when network overloadeddoes not provide: timing, minimum bandwidth guarantees
UDP service:unreliable data transfer between sending and receiving processdoes not provide: connection setup, reliability, flow control, congestion control, timing, or bandwidth guarantee
Q: why bother? Why is there a UDP?
-
Networks and Security 78
Internet apps: application, transport protocols
Application
e-mailremote terminal access
Web file transfer
streaming multimedia
Internet telephony
Applicationlayer protocol
SMTP [RFC 2821]Telnet [RFC 854]HTTP [RFC 2616]FTP [RFC 959]proprietary(e.g. RealNetworks)proprietary(e.g., Dialpad)
Underlyingtransport protocol
TCPTCPTCPTCPTCP or UDP
typically UDP
-
Networks and Security 79
Chapter 2: Application layer
2.1 Principles of network applications
app architecturesapp requirements
2.2 Web and HTTP2.4 Electronic Mail
SMTP, POP3, IMAP2.5 DNS
2.6 P2P file sharing
-
Networks and Security 80
Web and HTTP
First some jargonWeb page consists of objectsObject can be HTML file, JPEG image, Java applet, audio file,…Web page consists of base HTML-file which includes several referenced objectsEach object is addressable by a URLExample URL:www.someschool.edu/someDept/pic.gif
host name path name
-
Networks and Security 81
HTTP overview
HTTP: hypertext transfer protocolWeb’s application layer protocolclient/server model
client: browser that requests, receives, “displays” Web objectsserver: Web server sends objects in response to requests
HTTP 1.0: RFC 1945HTTP 1.1: RFC 2068
PC runningExplorer
Server running
Apache Webserver
Mac runningNavigator
HTTP request
HTTP re
quest
HTTP response
HTTP re
sponse
-
Networks and Security 82
HTTP overview (continued)
Uses TCP:client initiates TCP connection (creates socket) to server, port 80server accepts TCP connection from clientHTTP messages (application-layer protocol messages) exchanged between browser (HTTP client) and Web server (HTTP server)TCP connection closed
HTTP is “stateless”server maintains no information about past client requests
Protocols that maintain “state” are complex!past history (state) must be maintainedif server/client crashes, their views of “state” may be inconsistent, must be reconciled
aside
-
Networks and Security 83
HTTP connections
Nonpersistent HTTPAt most one object is sent over a TCP connection.HTTP/1.0 uses nonpersistent HTTP
Persistent HTTPMultiple objects can be sent over single TCP connection between client and server.HTTP/1.1 uses persistent connections in default mode
-
Networks and Security 84
HTTP request message
two types of HTTP messages: request, responseHTTP request message:
ASCII (human-readable format)
GET /somedir/page.html HTTP/1.1Host: www.someschool.eduUser-agent: Mozilla/4.0Connection: close Accept-language:fr
(extra carriage return, line feed)
request line(GET, POST,
HEAD commands)
headerlines
Carriage return, line feed
indicates end of message
-
Networks and Security 85
HTTP request message: general format
-
Networks and Security 86
Uploading form input
Post method:Web page often includes form inputInput is uploaded to server in entity body
URL method:Uses GET methodInput is uploaded in URL field of request line:
www.somesite.com/animalsearch?monkeys&banana
-
Networks and Security 87
Method types
HTTP/1.0GETPOSTHEAD
asks server to leave requested object out of response
HTTP/1.1GET, POST, HEADPUT
uploads file in entity body to path specified in URL field
DELETEdeletes file specified in the URL field
-
Networks and Security 88
HTTP response message
HTTP/1.1 200 OK Connection closeDate: Thu, 06 Aug 1998 12:00:15 GMT Server: Apache/1.3.0 (Unix) Last-Modified: Mon, 22 Jun 1998 …... Content-Length: 6821 Content-Type: text/html
data data data data data ...
status line(protocol
status codestatus phrase)
headerlines
data, e.g., requestedHTML file
-
Networks and Security 89
HTTP response status codes
200 OKrequest succeeded, requested object later in this message
301 Moved Permanentlyrequested object moved, new location specified later in this message (Location:)
400 Bad Requestrequest message not understood by server
404 Not Foundrequested document not found on this server
505 HTTP Version Not Supported
In first line in server->client response message.A few sample codes:
-
Networks and Security 90
Exercise
1. Telnet to your favorite Web server:Opens TCP connection to port 80(default HTTP server port) at cis.poly.edu.Anything typed in sent to port 80 at cis.poly.edu
telnet cis.poly.edu 80
2. Type in a GET HTTP request:By typing this in (hit carriagereturn twice), you sendthis minimal (but complete) GET request to HTTP server
GET /~ross/ HTTP/1.1Host: cis.poly.edu
3. Look at response message sent by HTTP server!4. Try out the other http commands!
-
Networks and Security 91
User-server state: cookies
Many major Web sites use cookies
Four components:1) cookie header line in
the HTTP response message
2) cookie header line in HTTP request message
3) cookie file kept on user’s host and managed by user’s browser
4) back-end database at Web site
Example:Susan access Internet always from same PCShe visits a specific e-commerce site for first timeWhen initial HTTP requests arrives at site, site creates a unique ID and creates an entry in backend database for ID
-
Networks and Security 92
Cookies: keeping “state” (cont.)
client serverusual http request msgusual http response +Set-cookie: 1678
usual http request msgcookie: 1678
usual http response msg
usual http request msgcookie: 1678
usual http response msg
cookie-specificaction
cookie-spectific
action
servercreates ID
1678 for user
entry in backend
database
access
access
Cookie file
amazon: 1678ebay: 8734
Cookie file
ebay: 8734
Cookie file
amazon: 1678ebay: 8734
one week later:
-
Networks and Security 93
Cookies (continued)What cookies can bring:
authorizationshopping cartsrecommendationsuser session state (Web e-mail)
Cookies and privacy:cookies permit sites to learn a lot about youyou may supply name and e-mail to sitessearch engines use redirection & cookies to learn yet moreadvertising companies obtain info across sites
aside
-
Networks and Security 94
Chapter 2: Application layer
2.1 Principles of network applications2.2 Web and HTTP2.3 FTP2.4 Electronic Mail
SMTP, POP3, IMAP2.5 DNS
2.6 P2P file sharing
-
Networks and Security 95
FTP: the file transfer protocol
transfer file to/from remote hostclient/server model
client: side that initiates transfer (either to/from remote)server: remote host
ftp: RFC 959ftp server: port 21
file transfer FTPserver
FTPuser
interface
FTPclient
local filesystem
remote filesystem
user at host
-
Networks and Security 96
FTP: separate control, data connections
FTP client contacts FTP server at port 21, specifying TCP as transport protocolClient obtains authorization over control connectionClient browses remote directory by sending commands over control connection.When server receives a command for a file transfer, the server opens a TCP data connection to clientAfter transferring one file, server closes connection.
FTPclient
FTPserver
TCP control connectionport 21
TCP data connectionport 20
Server opens a second TCP data connection to transfer another file.Control connection: “out of band”FTP server maintains “state”: current directory, earlier authentication
-
Networks and Security 97
FTP commands, responses
Sample commands:sent as ASCII text over control channelUSER usernamePASS password
LIST return list of file in current directoryRETR filename retrieves (gets) fileSTOR filename stores (puts) file onto remote host
Sample return codesstatus code and phrase (as in HTTP)331 Username OK, password required125 data connection already open; transfer starting425 Can’t open data connection452 Error writing file
-
Networks and Security 98
Exercise
use ftp in a command windowconnect to dskw2106.zhwin.ch
user: studentpwd: zwi
try out the commands from previous pagesave file on serverload file from serverdelete file on server
-
Networks and Security 99
Chapter 2: Application layer
2.1 Principles of network applications2.2 Web and HTTP2.3 FTP 2.4 Electronic Mail
SMTP, POP3, IMAP2.5 DNS
2.6 P2P file sharing
-
Networks and Security 100
Electronic Mail
Three major components:user agents mail servers simple mail transfer protocol: SMTP
User Agenta.k.a. “mail reader”composing, editing, reading mail messagese.g., Eudora, Outlook, elm, Netscape Messengeroutgoing, incoming messages stored on server
user mailbox
outgoing message queue
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
-
Networks and Security 101
Electronic Mail: mail servers
Mail Serversmailbox contains incoming messages for usermessage queue of outgoing (to be sent) mail messagesSMTP protocol between mail servers to send email messages
client: sending mail server“server”: receiving mail server
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
-
Networks and Security 102
Electronic Mail: SMTP [RFC 2821]
uses TCP to reliably transfer email message from client to server, port 25direct transfer: sending server to receiving serverthree phases of transfer
handshaking (greeting)transfer of messagesclosure
command/response interactioncommands: ASCII textresponse: status code and phrase
messages must be in 7-bit ASCII
-
Networks and Security 103
Scenario: Alice sends message to Bob1) Alice uses UA to compose
message and “to” [email protected]
2) Alice’s UA sends message to her mail server; message placed in message queue
3) Client side of SMTP opens TCP connection with Bob’s mail server
4) SMTP client sends Alice’s message over the TCP connection
5) Bob’s mail server places the message in Bob’s mailbox
6) Bob invokes his user agent to read message
useragent
mailserver
mailserver user
agent
1
2 3 4 56
-
Networks and Security 104
Sample SMTP interactionS: 220 hamburger.eduC: HELO crepes.frS: 250 Hello crepes.fr, pleased to meet you C: MAIL FROM: S: 250 [email protected]... Sender ok C: RCPT TO: S: 250 [email protected] ... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line by itself C: Do you like ketchup? C: How about pickles? C: . S: 250 Message accepted for delivery C: QUIT S: 221 hamburger.edu closing connection
-
Networks and Security 105
Exercise
telnet servername 25see 220 reply from serverenter HELO, MAIL FROM, RCPT TO, DATA, QUIT commands
above lets you send email without using email client (reader)
-
Networks and Security 106
SMTP: final words
SMTP uses persistent connectionsSMTP requires message (header & body) to be in 7-bit ASCIISMTP server uses CRLF.CRLF to determine end of message
Comparison with HTTP:HTTP: pullSMTP: push
both have ASCII command/response interaction, status codes
HTTP: each object encapsulated in its own response msgSMTP: multiple objects sent in multipart msg
-
Networks and Security 107
Mail message format
SMTP: protocol for exchanging email msgs
RFC 822: standard for text message format:header lines, e.g.,
To:From:Subject:
different from SMTP commands!
bodythe “message”, ASCII characters only
header
body
blankline
-
Networks and Security 108
Message format: multimedia extensions
MIME: multipurpose internet mail extension, RFC 2045, 2056additional lines in msg header declare MIME content type
From: [email protected]: [email protected]: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg
base64 encoded data ..... ......................... ......base64 encoded data
multimedia datatype, subtype,
parameter declaration
encoded data
method usedto encode data
MIME version
-
Networks and Security 109
Mail access protocols
SMTP: delivery/storage to receiver’s serverMail access protocol: retrieval from server
POP: Post Office Protocol [RFC 1939]• authorization (agent server) and download
IMAP: Internet Mail Access Protocol [RFC 1730]• more features (more complex)• manipulation of stored msgs on server
HTTP: Hotmail , Yahoo! Mail, etc.
useragent
sender’s mail server
useragent
SMTP SMTP accessprotocol
receiver’s mail server
-
Networks and Security 110
POP3 protocol
authorization phaseclient commands:
user: declare usernamepass: password
server responses+OK
-ERR
transaction phase, client:list: list message numbersretr: retrieve message by numberdele: deletequit
C: list S: 1 498 S: 2 912 S: . C: retr 1 S: S: . C: dele 1 C: retr 2 S: S: . C: dele 2 C: quit S: +OK POP3 server signing off
S: +OK POP3 server ready C: user bob S: +OK C: pass hungry S: +OK user successfully logged on
-
Networks and Security 111
Exercise
use telnet to your e-mail providertry to download e-mails from your accountuse the previous page as a template
-
Networks and Security 112
POP3 (more) and IMAPMore about POP3
Previous example uses “download and delete” mode.Bob cannot re-read e-mail if he changes client“Download-and-keep”: copies of messages on different clientsPOP3 is stateless across sessions
IMAPKeep all messages in one place: the serverAllows user to organize messages in foldersIMAP keeps user state across sessions:
names of folders and mappings between message IDs and folder name
-
Networks and Security 113
Chapter 2: Application layer
2.1 Principles of network applications2.2 Web and HTTP2.3 FTP 2.4 Electronic Mail
SMTP, POP3, IMAP2.5 DNS
2.6 P2P file sharing
-
Networks and Security 114
DNS: Domain Name System
People: many identifiers:SSN, name, passport #
Internet hosts, routers:IP address (32 bit) -used for addressing datagrams“name”, e.g., ww.yahoo.com - used by humans
Q: map between IP addresses and name ?
Domain Name System:distributed databaseimplemented in hierarchy of many name serversapplication-layer protocolhost, routers, name servers to communicate to resolve names (address/name translation)
note: core Internet function, implemented as application-layer protocolcomplexity at network’s “edge”
-
Networks and Security 115
DNS Why not centralize DNS?
single point of failuretraffic volumedistant centralized databasemaintenance
doesn’t scale!
DNS servicesHostname to IP address translationHost aliasing
Canonical and alias names
Mail server aliasingLoad distribution
Replicated Web servers: set of IP addresses for one canonical name
-
Networks and Security 116
Root DNS Servers
com DNS servers org DNS servers edu DNS servers
poly.eduDNS servers
umass.eduDNS serversyahoo.comDNS servers
amazon.comDNS servers
pbs.orgDNS servers
Distributed, Hierarchical Database
Client wants IP for www.amazon.com; 1st approx:Client queries a root server to find com DNS serverClient queries com DNS server to get amazon.comDNS serverClient queries amazon.com DNS server to get IP address for www.amazon.com
-
Networks and Security 117
DNS: Root name serverscontacted by local name server that can not resolve nameroot name server:
contacts authoritative name server if name mapping not knowngets mappingreturns mapping to local name server
13 root name servers worldwide
b USC-ISI Marina del Rey, CAl ICANN Los Angeles, CA
e NASA Mt View, CAf Internet Software C. Palo Alto, CA (and 17 other locations)
i Autonomica, Stockholm (plus 3 other locations)
k RIPE London (also Amsterdam, Frankfurt)
m WIDE Tokyo
a Verisign, Dulles, VAc Cogent, Herndon, VA (also Los Angeles)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MDj Verisign, ( 11 locations)
-
Networks and Security 118
TLD and Authoritative Servers
Top-level domain (TLD) servers: responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp.
Network solutions maintains servers for com TLDEducause for edu TLD
Authoritative DNS servers: organization’s DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web and mail).
Can be maintained by organization or service provider
-
Networks and Security 119
Local Name Server
Does not strictly belong to hierarchyEach ISP (residential ISP, company, university) has one.
Also called “default name server”When a host makes a DNS query, query is sent to its local DNS server
Acts as a proxy, forwards query into hierarchy.
-
Networks and Security 120
requesting hostcis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS serverdns.poly.edu
23
4
5
61
authoritative DNS serverdns.cs.umass.edu
78
TLD DNS server
Example
Host at cis.poly.eduwants IP address for gaia.cs.umass.edu
-
Networks and Security 121
requesting hostcis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS serverdns.poly.edu
1
2
45
6
authoritative DNS serverdns.cs.umass.edu
7
8
TLD DNS serve
3
Recursive queriesrecursive query:
puts burden of name resolution on contacted name serverheavy load?
iterated query:contacted server replies with name of server to contact“I don’t know this name, but ask this server”
-
Networks and Security 122
Exercise
use nslookup to find out your local name serverquery your local name server
IP-address -> domain nameDomain name -> IP-address
what other information can be obtained from the DNS?
-
Networks and Security 123
Chapter 2: Application layer
2.1 Principles of network applications
app architecturesapp requirements
2.2 Web and HTTP2.4 Electronic Mail
SMTP, POP3, IMAP2.5 DNS
2.6 P2P file sharing
-
Networks and Security 124
P2P file sharing
ExampleAlice runs P2P client application on her notebook computerIntermittently connects to Internet; gets new IP address for each connectionAsks for “Hey Jude”Application displays other peers that have copy of Hey Jude.
Alice chooses one of the peers, Bob.File is copied from Bob’s PC to Alice’s notebook: HTTPWhile Alice downloads, other users uploading from Alice.Alice’s peer is both a Web client and a transient Web server.
All peers are servers = highly scalable!
-
Networks and Security 125
P2P: centralized directory
original “Napster” design1) when peer connects, it
informs central server:IP addresscontent
2) Alice queries for “Hey Jude”
3) Alice requests file from Bob
centralizeddirectory server
peers
Alice
Bob
1
1
1
12
3
-
Networks and Security 126
P2P: problems with centralized directory
Single point of failurePerformance bottleneckCopyright infringement
file transfer is decentralized, but locating content is highly decentralized
-
Networks and Security 127
Query flooding: Gnutella
fully distributedno central server
public domain protocolmany Gnutella clients implementing protocol
overlay network: graphedge between peer X and Y if there’s a TCP connectionall active peers and edges is overlay netEdge is not a physical linkGiven peer will typically be connected with < 10 overlay neighbors
-
Networks and Security 128
Gnutella: protocol
Query
QueryHit
Query
Query
QueryHit
Query
Query
Query
Hit
File transfer:HTTPQuery message
sent over existing TCPconnections
peers forwardQuery message
QueryHit sent over reversepath
Scalability:limited scopeflooding
-
Networks and Security 129
Gnutella: Peer joining
1. Joining peer X must find some other peer in Gnutella network: use list of candidate peers
2. X sequentially attempts to make TCP with peers on list until connection setup with Y
3. X sends Ping message to Y; Y forwards Ping message.
4. All peers receiving Ping message respond with Pong message
5. X receives many Pong messages. It can then setup additional TCP connections
Peer leaving: see homework problem!
-
Networks and Security 130
Exploiting heterogeneity: KaZaA
Each peer is either a group leader or assigned to a group leader.
TCP connection between peer and its group leader.TCP connections between some pairs of group leaders.
Group leader tracks the content in all its children.
ordinary peer
group-leader peer
neighoring relationshipsin overlay network
-
Networks and Security 131
P2P Demonstration
Student ContributionAufgabe:
• choose a p2p software• show installation• identify risks• show usage
Unterlagen• z.B. www.gnutella.com
Umfang• 2 Lektionen
-
Networks and Security 132
Chapter 2: Summary
Application architecturesclient-serverP2Phybrid
application service requirements:
reliability, bandwidth, delay
Internet transport service model
connection-oriented, reliable: TCPunreliable, datagrams: UDP
specific protocols:HTTPFTPSMTP, POP, IMAPDNS
Our study of network apps now complete!
-
Networks and Security 133
Chapter 2: Summary
typical request/reply message exchange:
client requests info or serviceserver responds with data, status code
message formats:headers: fields giving info about datadata: info being communicated
Most importantly: learned about protocols
control vs. data msgsin-band, out-of-band
centralized vs. decentralized stateless vs. statefulreliable vs. unreliable msgtransfer “complexity at network edge”
-
Networks and Security 134
Chapter 3: Transport LayerOur goals:
understand principles behind transport layer services:
multiplexing/demultiplexingreliable data transferflow controlcongestion control
learn about transport layer protocols in the Internet:
UDP: connectionless transportTCP: connection-oriented transportTCP congestion control
-
Networks and Security 135
Chapter 3 outline
3.1 Transport-layer services3.2 Multiplexing and demultiplexing3.3 Connectionless transport: UDP
3.5 Connection-oriented transport: TCP
segment structurereliable data transferflow controlconnection management
-
Networks and Security 136
Transport services and protocolsprovide logical communicationbetween app processes running on different hoststransport protocols run in end systems
send side: breaks app messages into segments, passes to network layerrcv side: reassembles segments into messages, passes to app layer
more than one transport protocol available to apps
Internet: TCP and UDP
applicationtransportnetworkdata linkphysical
applicationtransportnetworkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysicalnetwork
data linkphysical
logical end-end transport
-
Networks and Security 137
Transport vs. network layer
network layer: logical communication between hoststransport layer: logical communication between processes
relies on, enhances, network layer services
Household analogy:12 kids sending letters
to 12 kidsprocesses = kidsapp messages = letters in envelopeshosts = housestransport protocol = Ann and Billnetwork-layer protocol = postal service
-
Networks and Security 138
Internet transport-layer protocols
reliable, in-order delivery (TCP)
congestion control flow controlconnection setup
unreliable, unordered delivery: UDP
no-frills extension of “best-effort” IP
services not available: delay guaranteesbandwidth guarantees
applicationtransportnetworkdata linkphysical
applicationtransportnetworkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysicalnetwork
data linkphysical
logical end-end transport
-
Networks and Security 139
Chapter 3 outline
3.1 Transport-layer services3.2 Multiplexing and demultiplexing3.3 Connectionless transport: UDP
3.5 Connection-oriented transport: TCP
segment structurereliable data transferflow controlconnection management
-
Networks and Security 140
Multiplexing/demultiplexing
application
transport
network
link
physical
P1 application
transport
network
link
physical
application
transport
network
link
physical
P2P3 P4P1
host 1 host 2 host 3
= process= socket
delivering received segmentsto correct socket
Demultiplexing at rcv host:gathering data from multiplesockets, enveloping data with header (later used for demultiplexing)
Multiplexing at send host:
-
Networks and Security 141
How demultiplexing workshost receives IP datagrams
each datagram has source IP address, destination IP addresseach datagram carries 1 transport-layer segmenteach segment has source, destination port number (recall: well-known port numbers for specific applications)
host uses IP addresses & port numbers to direct segment to appropriate socket
source port # dest port #
32 bits
applicationdata
(message)
other header fields
TCP/UDP segment format
-
Networks and Security 142
Chapter 3 outline
3.1 Transport-layer services3.2 Multiplexing and demultiplexing3.3 Connectionless transport: UDP
3.5 Connection-oriented transport: TCP
segment structurereliable data transferflow controlconnection management
-
Networks and Security 143
UDP: User Datagram Protocol [RFC 768]“no frills,” “bare bones” Internet transport protocol“best effort” service, UDP segments may be:
lostdelivered out of order to app
connectionless:no handshaking between UDP sender, receivereach UDP segment handled independently of others
Why is there a UDP?no connection establishment (which can add delay)simple: no connection state at sender, receiversmall segment headerno congestion control: UDP can blast away as fast as desired
-
Networks and Security 144
UDP: moreoften used for streaming multimedia apps
loss tolerantrate sensitive
other UDP usesDNSSNMP
reliable transfer over UDP: add reliability at application layer
application-specific error recovery!
source port # dest port #
32 bits
Applicationdata
(message)
UDP segment format
length checksumLength, in
bytes of UDPsegment,including
header
-
Networks and Security 145
Chapter 3 outline
3.1 Transport-layer services3.2 Multiplexing and demultiplexing3.3 Connectionless transport: UDP
3.5 Connection-oriented transport: TCP
segment structurereliable data transferflow controlconnection management
-
Networks and Security 146
TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581
full duplex data:bi-directional data flow in same connectionMSS: maximum segment size
connection-oriented:handshaking (exchange of control msgs) init’ssender, receiver state before data exchange
flow controlled:sender will not overwhelm receiver
point-to-point:one sender, one receiver
reliable, in-order byte steam:
no “message boundaries”pipelined:
TCP congestion and flow control set window size
send & receive buffers
socketdoor
TCPsend buffer
TCPreceive buffer
socketdoor
segment
applicationwrites data
applicationreads data
-
Networks and Security 147
TCP segment structure
source port # dest port #
32 bits
applicationdata
(variable length)
sequence numberacknowledgement number
Receive windowUrg data pnterchecksum
FSRPAUheadlennot
used
Options (variable length)
URG: urgent data (generally not used)
ACK: ACK #valid
PSH: push data now(generally not used)
RST, SYN, FIN:connection estab(setup, teardown
commands)
# bytes rcvr willingto accept
Internetchecksum
(as in UDP)
countingby bytes of data(not segments!)
-
Networks and Security 148
TCP seq. #’s and ACKsSeq. #’s:
byte stream “number” of first byte in segment’s data
ACKs:seq # of next byte expected from other sidecumulative ACK
Q: how receiver handles out-of-order segments
A: TCP spec doesn’t say, - up to implementor
Host A Host B
Seq=42, ACK=79, data = ‘C’
Seq=79, ACK
=43, data = ‘
C’
Seq=43, ACK=80
Usertypes
‘C’
host ACKsreceipt
of echoed‘C’
host ACKsreceipt of‘C’, echoes
back ‘C’
timesimple telnet scenario
-
Networks and Security 149
Chapter 3 outline
3.1 Transport-layer services3.2 Multiplexing and demultiplexing3.3 Connectionless transport: UDP
3.5 Connection-oriented transport: TCP
segment structurereliable data transferflow controlconnection management
-
Networks and Security 150
TCP: retransmission scenariosHost A
Seq=100, 20 bytes data
ACK=1
00
timepremature timeout
Host B
Seq=92, 8 bytes data
ACK=120
Seq=92, 8 bytes data
Seq=
92 t
imeo
ut
ACK=120
Host A
Seq=92, 8 bytes data
ACK=100
loss
tim
eout
lost ACK scenario
Host B
X
Seq=92, 8 bytes data
ACK=100
time
Seq=
92 t
imeo
utSendBase
= 100
SendBase= 120
SendBase= 120
Sendbase= 100
-
Networks and Security 151
TCP retransmission scenarios (more)Host A
Seq=92, 8 bytes data
ACK=100
loss
tim
eout
Cumulative ACK scenario
Host B
X
Seq=100, 20 bytes data
ACK=120
time
SendBase= 120
-
Networks and Security 152
Chapter 3 outline
3.1 Transport-layer services3.2 Multiplexing and demultiplexing3.3 Connectionless transport: UDP
3.5 Connection-oriented transport: TCP
segment structurereliable data transferflow controlconnection management
-
Networks and Security 153
TCP Flow Control
receive side of TCP connection has a receive buffer:
speed-matching service: matching the send rate to the receiving app’s drain rate
app process may be slow at reading from buffer
sender won’t overflowreceiver’s buffer by
transmitting too much,too fast
flow control
-
Networks and Security 154
TCP Flow control: how it works
(Suppose TCP receiver discards out-of-order segments)spare room in buffer
= RcvWindow= RcvBuffer-[LastByteRcvd -
LastByteRead]
Rcvr advertises spare room by including value of RcvWindow in segmentsSender limits unACKeddata to RcvWindow
guarantees receive buffer doesn’t overflow
-
Networks and Security 155
Chapter 3 outline
3.1 Transport-layer services3.2 Multiplexing and demultiplexing3.3 Connectionless transport: UDP
3.5 Connection-oriented transport: TCP
segment structurereliable data transferflow controlconnection management
-
Networks and Security 156
TCP Connection ManagementRecall: TCP sender, receiver
establish “connection” before exchanging data segmentsinitialize TCP variables:
seq. #sbuffers, flow control info (e.g. RcvWindow)
client: connection initiatorSocket clientSocket = new Socket("hostname","port
number");
server: contacted by clientSocket connectionSocket = welcomeSocket.accept();
Three way handshake:Step 1: client host sends TCP
SYN segment to serverspecifies initial seq #no data
Step 2: server host receives SYN, replies with SYNACK segment
server allocates buffersspecifies server initial seq. #
Step 3: client receives SYNACK, replies with ACK segment, which may contain data
-
Networks and Security 157
TCP Connection Management (cont.)
Closing a connection:
client closes socket:clientSocket.close();
Step 1: client end system sends TCP FIN control segment to server
Step 2: server receives FIN, replies with ACK. Closes connection, sends FIN.
client
FIN
server
ACK
ACK
FIN
close
close
closed
tim
ed w
ait
-
Networks and Security 158
TCP Connection Management (cont.)
Step 3: client receives FIN, replies with ACK.
Enters “timed wait” -will respond with ACK to received FINs
Step 4: server, receives ACK. Connection closed.
Note: with small modification, can handle simultaneous FINs.
client
FIN
server
ACK
ACK
FIN
closing
closing
closed
tim
ed w
ait
closed
-
Networks and Security 159
TCP Connection Management (cont)
TCP clientlifecycle
TCP serverlifecycle
-
Networks and Security 160
Chapter 3: Summaryprinciples behind transport layer services:
multiplexing, demultiplexingreliable data transferflow controlcongestion control
instantiation and implementation in the Internet
UDPTCP
Next:leaving the network “edge” (application, transport layers)into the network “core”
-
Networks and Security 161
Chapter 4: Network Layer
Chapter goals:understand principles behind network layer services:
routing (path selection)dealing with scalehow a router worksadvanced topics: IPv6, mobility
instantiation and implementation in the Internet
-
Networks and Security 162
Chapter 4: Network Layer
4. 1 Introduction4.2 Virtual circuit and datagram networks4.3 What’s inside a router4.4 IP: Internet Protocol
Datagram formatIPv4 addressingICMPIPv6
-
Networks and Security 163
Network layertransport segment from sending to receiving host on sending side encapsulates segments into datagramson rcving side, delivers segments to transport layernetwork layer protocols in every host, routerRouter examines header fields in all IP datagrams passing through it
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
networkdata linkphysical
applicationtransportnetworkdata linkphysical
applicationtransportnetworkdata linkphysical
-
Networks and Security 164
Key Network-Layer Functions
forwarding: move packets from router’s input to appropriate router output
routing: determine route taken by packets from source to dest.
Routing algorithms
analogy:
routing: process of planning trip from source to dest
forwarding: process of getting through single interchange
-
Networks and Security 165
1
23
0111
value in arrivingpacket’s header
routing algorithm
local forwarding tableheader value output link
0100010101111001
3221
Interplay between routing and forwarding
-
Networks and Security 166
Chapter 4: Network Layer
4. 1 Introduction4.2 Virtual circuit and datagram networks4.3 What’s inside a router4.4 IP: Internet Protocol
Datagram formatIPv4 addressingICMPIPv6
-
Networks and Security 167
Network layer connection and connection-less service
Datagram network provides network-layer connectionless serviceVC network provides network-layer connection serviceAnalogous to the transport-layer services, but:
Service: host-to-hostNo choice: network provides one or the otherImplementation: in the core
-
Networks and Security 168
Virtual circuits
call setup, teardown for each call before data can floweach packet carries VC identifier (not destination host address)every router on source-dest path maintains “state” for each passing connectionlink, router resources (bandwidth, buffers) may be allocated to VC
“source-to-dest path behaves much like telephone circuit”
performance-wisenetwork actions along source-to-dest path
-
Networks and Security 169
VC implementation
A VC consists of:1. Path from source to destination2. VC numbers, one number for each link along
path3. Entries in forwarding tables in routers along
pathPacket belonging to VC carries a VC number.VC number must be changed on each link.
New VC number comes from forwarding table
-
Networks and Security 170
Forwarding table12 22 32
1 23
VC number
interfacenumber
Incoming interface Incoming VC # Outgoing interface Outgoing VC #
1 12 2 222 63 1 18 3 7 2 171 97 3 87… … … …
Forwarding table innorthwest router:
Routers maintain connection state information!
-
Networks and Security 171
Datagram networksno call setup at network layerrouters: no state about end-to-end connections
no network-level concept of “connection”packets forwarded using destination host address
packets between same source-dest pair may take different paths
applicationtransportnetworkdata linkphysical
applicationtransportnetworkdata linkphysical
1. Send data 2. Receive data
-
Networks and Security 172
Forwarding table
Destination Address Range Link Interface
11001000 00010111 00010000 00000000through 0
11001000 00010111 00010111 11111111
11001000 00010111 00011000 00000000through 1
11001000 00010111 00011000 11111111
11001000 00010111 00011001 00000000through 2
11001000 00010111 00011111 11111111
otherwise 3
4 billion possible entries
-
Networks and Security 173
Longest prefix matching
Prefix Match Link Interface11001000 00010111 00010 0 11001000 00010111 00011000 111001000 00010111 00011 2
otherwise 3
DA: 11001000 00010111 00011000 10101010
Examples
DA: 11001000 00010111 00010110 10100001 Which interface?
Which interface?
-
Networks and Security 174
Datagram or VC network: why?
Internetdata exchange among computers
“elastic” service, no strict timing req.
“smart” end systems (computers)
can adapt, perform control, error recoverysimple inside network, complexity at “edge”
many link types different characteristicsuniform service difficult
ATMevolved from telephonyhuman conversation:
strict timing, reliability requirementsneed for guaranteed service
“dumb” end systemstelephonescomplexity inside network
-
Networks and Security 175
Chapter 4: Network Layer
4. 1 Introduction4.2 Virtual circuit and datagram networks4.3 What’s inside a router4.4 IP: Internet Protocol
Datagram formatIPv4 addressingICMPIPv6
-
Networks and Security 176
Router Architecture Overview
Two key router functions:run routing algorithms/protocol (RIP, OSPF, BGP)forwarding datagrams from incoming to outgoing link
-
Networks and Security 177
Input Port Functions
Decentralized switching:given datagram dest., lookup output port using forwarding table in input port memorygoal: complete input port processing at ‘line speed’queuing: if datagrams arrive faster than forwarding rate into switch fabric
Physical layer:bit-level reception
Data link layer:e.g., Ethernet
-
Networks and Security 178
Output Ports
Buffering required when datagrams arrive from fabric faster than the transmission rateScheduling discipline chooses among queued datagrams for transmission
-
Networks and Security 179
Output port queueing
buffering when arrival rate via switch exceeds output line speedqueueing (delay) and loss due to output port buffer overflow!
-
Networks and Security 180
Input Port Queuing
Fabric slower than input ports combined -> queueing may occur at input queues Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forwardqueueing delay and loss due to input buffer overflow!
-
Networks and Security 181
Chapter 4: Network Layer
4. 1 Introduction4.2 Virtual circuit and datagram networks4.3 What’s inside a router4.4 IP: Internet Protocol
Datagram formatIPv4 addressingICMPIPv6
-
Networks and Security 182
The Internet Network layer
forwardingtable
Host, router network layer functions:
Routing protocols•path selection•RIP, OSPF, BGP
IP protocol•addressing conventions•datagram format•packet handling conventions
ICMP protocol•error reporting•router “signaling”
Transport layer: TCP, UDP
Link layer
physical layer
Networklayer
-
Networks and Security 183
Chapter 4: Network Layer
4. 1 Introduction4.2 Virtual circuit and datagram networks4.3 What’s inside a router4.4 IP: Internet Protocol
Datagram formatIPv4 addressingICMPIPv6
-
Networks and Security 184
IP datagram format
ver length
32 bits
data (variable length,typically a TCP
or UDP segment)
16-bit identifierInternetchecksum
time tolive
32 bit source IP address
IP protocol versionnumber
header length(bytes)
max numberremaining hops
(decremented at each router)
forfragmentation/reassembly
total datagramlength (bytes)
upper layer protocolto deliver payload to
head.len
type ofservice
“type” of data flgs fragmentoffsetupperlayer
32 bit destination IP address
Options (if any) E.g. timestamp,record routetaken, specifylist of routers to visit.
how much overhead with TCP?20 bytes of TCP20 bytes of IP= 40 bytes + app layer overhead
-
Networks and Security 185
IP Fragmentation & Reassemblynetwork links have MTU (max.transfer size) - largest possible link-level frame.
different link types, different MTUs
large IP datagram divided (“fragmented”) within net
one datagram becomes several datagrams“reassembled” only at final destinationIP header bits used to identify, order related fragments
fragmentation: in: one large datagramout: 3 smaller datagrams
reassembly
-
Networks and Security 186
IP Fragmentation and ReassemblyID=x
offset=0
fragflag=0
length=4000
ID=x
offset=0
fragflag=1
length=1500
ID=x
offset=185
fragflag=1
length=1500
ID=x
offset=370
fragflag=0
length=1040
One large datagram becomesseveral smaller datagrams
Example4000 byte datagramMTU = 1500 bytes
1480 bytes in data field
offset =1480/8
-
Networks and Security 187
Chapter 4: Network Layer
4. 1 Introduction4.2 Virtual circuit and datagram networks4.3 What’s inside a router4.4 IP: Internet Protocol
Datagram formatIPv4 addressingICMPIPv6
-
Networks and Security 188
IP Addressing: introductionIP address: 32-bit identifier for host, router interfaceinterface: connection between host/router and physical link
router’s typically have multiple interfaceshost may have multiple interfacesIP addresses associated with each interface
223.1.1.1
223.1.1.2
223.1.1.3
223.1.1.4 223.1.2.9
223.1.2.2
223.1.2.1
223.1.3.2223.1.3.1
223.1.3.27
223.1.1.1 = 11011111 00000001 00000001 00000001
223 1 11
-
Networks and Security 189
SubnetsIP address:
subnet part (high order bits)host part (low order bits)
What’s a subnet ?device interfaces with same subnet part of IP addresscan physically reach each other without intervening router
223.1.1.1
223.1.1.2
223.1.1.3
223.1.1.4 223.1.2.9
223.1.2.2
223.1.2.1
223.1.3.2223.1.3.1
223.1.3.27
LAN
network consisting of 3 subnets
-
Networks and Security 190
Subnets 223.1.1.0/24 223.1.2.0/24
223.1.3.0/24
RecipeTo determine the subnets, detach each interface from its host or router, creating islands of isolated networks. Each isolated network is called a subnet.
Subnet mask: /24
-
Networks and Security 191
SubnetsHow many? 223.1.1.1
223.1.1.3
223.1.1.4
223.1.2.2223.1.2.1
223.1.2.6
223.1.3.2223.1.3.1
223.1.3.27
223.1.1.2
223.1.7.0
223.1.7.1223.1.8.0223.1.8.1
223.1.9.1
223.1.9.2
-
Networks and Security 192
IP addresses: how to get one?
Q: How does host get IP address?
hard-coded by system admin in a fileWintel: control-panel->network->configuration->tcp/ip->propertiesUNIX: /etc/rc.config
DHCP: Dynamic Host Configuration Protocol: dynamically get address from as server
“plug-and-play”
-
Networks and Security 193
IP addresses: how to get one?Q: How does network get subnet part of IP
addr?A: gets allocated portion of its provider ISP’s
address space
ISP's block 11001000 00010111 00010000 00000000 200.23.16.0/20
Organization 0 11001000 00010111 00010000 00000000 200.23.16.0/23 Organization 1 11001000 00010111 00010010 00000000 200.23.18.0/23 Organization 2 11001000 00010111 00010100 00000000 200.23.20.0/23
... ….. …. ….Organization 7 11001000 00010111 00011110 00000000 200.23.30.0/23
-
Networks and Security 194
Hierarchical addressing: route aggregation
“Send me anythingwith addresses beginning 200.23.16.0/20”
200.23.16.0/23
200.23.18.0/23
200.23.30.0/23
Fly-By-Night-ISP
Organization 0
Organization 7Internet
Organization 1
ISPs-R-Us “Send me anythingwith addresses beginning 199.31.0.0/16”
200.23.20.0/23Organization 2
...
...
Hierarchical addressing allows efficient advertisement of routing information:
-
Networks and Security 195
Hierarchical addressing: more specific routes
ISPs-R-Us has a more specific route to Organization 1
“Send me anythingwith addresses beginning 200.23.16.0/20”
200.23.16.0/23
200.23.18.0/23
200.23.30.0/23
Fly-By-Night-ISP
Organization 0
Organization 7Internet
Organization 1
ISPs-R-Us “Send me anythingwith addresses beginning 199.31.0.0/16or 200.23.18.0/23”
200.23.20.0/23Organization 2
...
...
-
Networks and Security 196
IP addressing: the last word...
Q: How does an ISP get block of addresses?A: ICANN: Internet Corporation for Assigned
Names and Numbersallocates addressesmanages DNSassigns domain names, resolves disputes
-
Networks and Security 197
NAT: Network Address Translation
10.0.0.1
10.0.0.2
10.0.0.3
10.0.0.4
138.76.29.7
local network(e.g., home network)
10.0.0/24
rest ofInternet
Datagrams with source or destination in this networkhave 10.0.0/24 address for source, destination (as usual)
All datagrams leaving localnetwork have same single source
NAT IP address: 138.76.29.7,different source port numbers
-
Networks and Security 198
NAT: Network Address Translation
Motivation: local network uses just one IP address as far as outside word is concerned:
no need to be allocated range of addresses from ISP: - just one IP address is used for all devicescan change addresses of devices in local network without notifying outside worldcan change ISP without changing addresses of devices in local networkdevices inside local net not explicitly addressable, visible by outside world (a security plus).
-
Networks and Security 199
NAT: Network Address TranslationImplementation: NAT router must:
outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #). . . remote clients/servers will respond using (NAT
IP address, new port #) as destination addr.
remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair
incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table
-
Networks and Security 200
NAT: Network Address Translation
10.0.0.1
10.0.0.2
10.0.0.3
S: 10.0.0.1, 3345D: 128.119.40.186, 80
110.0.0.4
138.76.29.7
1: host 10.0.0.1 sends datagram to 128.119.40, 80
NAT translation tableWAN side addr LAN side addr138.76.29.7, 5001 10.0.0.1, 3345…… ……
S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4
S: 138.76.29.7, 5001D: 128.119.40.186, 802
2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table
S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3
3: Reply arrivesdest. address:138.76.29.7, 5001
4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345
-
Networks and Security 201
NAT: Network Address Translation
16-bit port-number field: 60,000 simultaneous connections with a single LAN-side address!
NAT is controversial:routers should only process up to layer 3violates end-to-end argument
• NAT possibility must be taken into account by app designers, eg, P2P applications
address shortage should instead be solved by IPv6
-
Networks and Security 202
Chapter 4: Network Layer
4. 1 Introduction4.2 Virtual circuit and datagram networks4.3 What’s inside a router4.4 IP: Internet Protocol
Datagram formatIPv4 addressingICMPIPv6
-
Networks and Security 203
ICMP: Internet Control Message Protocol
used by hosts & routers to communicate network-level information
error reporting: unreachable host, network, port, protocolecho request/reply (used by ping)
network-layer “above” IP:ICMP msgs carried in IP datagrams
ICMP message: type, code plus first 8 bytes of IP datagram causing error
Type Code description0 0 echo reply (ping)3 0 dest. network unreachable3 1 dest host unreachable3 2 dest protocol unreachable3 3 dest port unreachable3 6 dest network unknown3 7 dest host unknown4 0 source quench (congestion
control - not used)8 0 echo request (ping)9 0 route advertisement10 0 router discovery11 0 TTL expired12 0 bad IP header
-
Networks and Security 204
Traceroute and ICMP
Source sends series of UDP segments to dest
First has TTL =1Second has TTL=2, etc.Unlikely port number
When nth datagram arrives to nth router:
Router discards datagramAnd sends to source an ICMP message (type 11, code 0)Message includes name of router& IP address
When ICMP message arrives, source calculates RTTTraceroute does this 3 times
Stopping criterionUDP segment eventually arrives at destination hostDestination returns ICMP “host unreachable” packet (type 3, code 3)When source gets this ICMP, stops.
-
Networks and Security 205
Chapter 4: Network Layer
4. 1 Introduction4.2 Virtual circuit and datagram networks4.3 What’s inside a router4.4 IP: Internet Protocol
Datagram formatIPv4 addressingICMPIPv6
-
Networks and Security 206
IPv6Student Contribution
Aufgabe:• Erklären Sie die Neuerungen und Änderungen, welche
IPv6 gegenüber IPv4 aufweist.• Erklären Sie, wie IPv4 auf IPv6 migriert wird und wie ein
gemischter Betrieb aussieht.Unterlagen:
• Buch• Internet
Umfang:• 1 Lektion
-
Networks and Security 207
Network Layer: summaryWhat we’ve covered:
network layer servicesrouting principles: link state and distance vectorhierarchical routingIPInternet routing protocols RIP, OSPF, BGPwhat’s inside a router?IPv6
-
Networks and Security 208
Chapter 6: Wireless NetworksBackground:
# wireless (mobile) phone subscribers now exceeds # wired phone subscribers!computer nets: laptops, palmtops, PDAs, Internet-enabled phone promise anytime untethered Internet accesstwo important (but different) challenges
communication over wireless linkhandling mobile user who changes point of attachment to network
-
Networks and Security 209
Chapter 6 outline
6.1 Introduction
Wireless6.2 Wireless links, characteristics
CDMA6.3 IEEE 802.11 wireless LANs (“wi-fi”)
-
Networks and Security 210
Elements of a wireless network
network infrastructure
wireless hostslaptop, PDA, IP phonerun applicationsmay be stationary (non-mobile) or mobile
wireless does notalways mean mobility
-
Networks and Security 211
Elements of a wireless network
network infrastructure
base stationtypically connected to wired networkrelay - responsible for sending packets between wired network and wireless host(s) in its “area”
e.g., cell towers 802.11 access points
-
Networks and Security 212
Elements of a wireless network
network infrastructure
wireless linktypically used to connect mobile(s) to base stationalso used as backbone link multiple access protocol coordinates link access various data rates, transmission distance
-
Networks and Security 213
Characteristics of selected wireless link standards
384 Kbps
56 Kbps
54 Mbps
5-11 Mbps
1 Mbps802.15
802.11b802.11{a,g}
IS-95 CDMA, GSM
UMTS/WCDMA, CDMA2000
.11 p-to-p link
2G
3G
Indoor
10 – 30m
Outdoor
50 – 200m
Mid rangeoutdoor
200m – 4Km
Long rangeoutdoor
5Km – 20Km
-
Networks and Security 214
Elements of a wireless network
network infrastructure
infrastructure modebase station connects mobiles into wired networkhandoff: mobile changes base station providing connection into wired network
-
Networks and Security 215
Elements of a wireless networkAd hoc mode
no base stationsnodes can only transmit to other nodes within link coveragenodes organize themselves into a network: route among themselves
-
Networks and Security 216
Wireless Link CharacteristicsDifferences from wired link ….
decreased signal strength: radio signal attenuates as it propagates through matter (path loss)interference from other sources: standardized wireless network frequencies (e.g., 2.4 GHz) shared by other devices (e.g., phone); devices (motors) interfere as wellmultipath propagation: radio signal reflects off objects ground, arriving ad destination at slightly different times
…. make communication across (even a point to point) wireless link much more “difficult”
-
Networks and Security 217
Wireless network characteristicsMultiple wireless senders and receivers create
additional problems (beyond multiple access):
AB
C
Hidden terminal problemB, A hear each otherB, C hear each otherA, C can not hear each other
means A, C unaware of their interference at B
A B C
A’s signalstrength
space
C�