Chapter 19 by David G. Messerschmitt Understanding Networked Applications:
advertisement
Understanding Networked Applications: A First Course Chapter 19 by David G. Messerschmitt Understanding Networked Applications: A First Course Protocol architecture by David G. Messerschmitt Summary • Network architecture • Internet protocols • Some network security issues Understanding Networked Applications 3 A First Course Key ideas • Packet encapsulation: one packet can be encapsulated in another • Packet fragmentation: one packet can be split into two or more packets and encapsulated • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked Applications 4 A First Course Original packet New header Packet encapsulated in another packet Original packet (including its header) is payload of new packet Encapsulated again Encapsulated packet Original packet Understanding Networked Applications 5 A First Course Header Payload Original packet Divide into packet fragments New packets Reassembled original packet Understanding Networked Applications 6 A First Course Layer n+1 protocol header Layer n+1 Layer n+1 Peer-to-peer communication Layer n Layer n protocol header Understanding Networked Applications Layer n Encapsulated layer n+1 packet, including header 7 A First Course Layered protocol modularity • Layer n+1 protocol is logically peer-to-peer • Layer n+1 protocol depends on services of layer n • Layer n+1 packets are encapsulated in layer n packets • Layer n+1 never sees layer n packet headers • Layer n ignores layer n+1 packet headers (part of payload) Understanding Networked Applications 8 A First Course Key ideas (again) • Packet encapsulation: one packet can be encapsulated in another • Packet fragmentation: one packet can be split into two or more packets and encapsulated • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked Applications 9 A First Course IETF/OMG Layers Layering Physical Logical Application Application ORB ORB IIOP IIOP TCP or UDP TCP or UDP IP Network 1 IP N2 Network 2 Switch Understanding Networked Applications 10 Host B Host A N1 IP A First Course Internet: logical view Application TCP or UDP Application Peer-to-peer Host A TCP or UDP Host B The constituent networks are not visible to the application; TCP/UDP does not reside in packet switches Understanding Networked Applications 11 A First Course Internet: physical view IP Network 1 Host A IP N1 IP N2 Network 2 Host B Switch IP serves to connect heterogeneous networks into an internetwork Understanding Networked Applications 12 A First Course What IP does do • Allow packets to traverse multiple networks • Deliver packet to specified destination host • Best effort: deliver as reliably and as soon as it can Understanding Networked Applications 13 A First Course What IP Doesn’t Do • Guarantee latency for packets that are delivered • Guarantee delivery, or notify source host if packet is not delivered • Guarantee order of delivery • Guarantee integrity of packet payload • Maintain conversational context (each packet is independent) • Specify what process that should receive the packet at destination host Understanding Networked Applications 14 A First Course IP header Version Priority PayloadLen FlowLabel NextHeader SourceAddress HopLimit DestinationAddress 32 bits Understanding Networked Applications 15 A First Course Transport services: UDP and TCP • Direct packet to a particular process • UDP adds: – Payload integrity for packets delivered • TCP adds: – Reliable delivery of bytestream session Understanding Networked Applications 16 A First Course Comparison of services Host Process IP: host-tohost Host Process-to- TCP process UDP Process IP: Best-effort datagram UDP: best-effort datagram with payload integrity byte byte byte byte byte TCP: reliable bi-directional bytestream Understanding Networked Applications 17 byte A First Course UDP/TCP ports (publish/subscribe) Port Port Process Process IP: host-tohost Host Host SourcePort DestinationPort (rest of UDP or TCP header) Encapsulated in IP packet 32 bits Understanding Networked Applications 18 A First Course HTTP Service • Client can make requests – GET (pull) – POST (push) – (some others) • Server responds – HTTP headers – HTML document • or JPEG, or GIF, or… Understanding Networked Applications 19 A First Course URL Structure • <scheme>://<host>:<port>/<path> • Scheme – HTTP, FTP, GOPHER, MAILTO, ... • Host – An IP address or DNS name • Port – TCP port number – Optional (defaults to 80 for http) Understanding Networked Applications 20 A First Course HTTP example • When a browser fetches http://www.si.umich.edu/~presnick/ – http:// says to use HTTP protocol – Resolve www.si.umich.edu in DNS • 141.211.203.34 – Make TCP connection • 141.211.203.34, port 80 – Send the following text string • GET /~presnick/ Understanding Networked Applications 21 A First Course Server sends back HTTP/1.1 200 OK Date: Mon, 22 Dec 1997 15:12:32 GMT Server: Apache/1.2.4 Last-Modified: Thu, 04 Dec 1997 16:26:10 GMT ETag: "5f2f2-33fd-3486d9a2" Content-Length: 13309 Accept-Ranges: bytes Connection: close Content-Type: text/html <HTML> …. Understanding Networked Applications 22 A First Course HTML <H1> Paul Resnick</H1> <IMG SRC="RESNICK.gif" ALT="[PHOTO]" HSPACE=10 ALIGN=LEFT> <BR>Associate Professor <BR>University of Michigan <BR>School of Information <BR>314 West Hall <BR>550 East University Avenue <BR>Ann Arbor, MI 48109-1092 <BR>presnick@umich.edu Understanding Networked Applications 23 A First Course What Browsers Send to Servers • Your IP address • The browser type • The refer link – What URL you last looked at • Cookies (persistent client state for a URL) – Server response can include a set-cookie header – Browser saves the cookie – Browser resends to server next time Understanding Networked Applications 24 A First Course Understanding Networked Applications: A First Course How TCP works by David G. Messerschmitt Aggregating byte stream Original bytes are aggregated and…. byte byte byte byte byte byte ….encapsulated in TCP packets, with a sequence number included in the TCP header byte byte byte byte byte byte byte byte byte byte The TCP packets are encapsulated in IP packets Understanding Networked Applications 26 A First Course TCP connections • TCP establishes a session with ordered and bidirectional reliable delivery of bytes – Establishment: • Inform receiving port of connection • Initialize packet sequence number • Congestion and flow control state – Disestablishment • By either peer • Free state and resources Understanding Networked Applications 27 A First Course HTTP uses TCP • Often have to request another page – e.g., image • HTTP/1.0 requires a new TCP session for each – Overhead of session establishment • HTTP/1.1 permits reuse of one TCP session for multiple requests Understanding Networked Applications 28 A First Course Reliable packet delivery: acknowledgement and resending Destination ACK IP is used to send TCP packets and return ACK Understanding Networked Applications Source Timeout Source Destination IP loses packets ACK 29 A First Course Source Source Destination Destination Task ACK Concurrent tasks for higher throughput ACK ACK ACK Packets can be reordered using sequence number Understanding Networked Applications 30 ACK A First Course TCP Congestion • If link is congested – Switch queue for that link fills up – Drops packets • Source resends non-ACK’ed packets – Makes congestion worse Understanding Networked Applications 31 A First Course TCP Congestion Control • Voluntary source-imposed policy – Source controls the number of non-ACK’ed packets that have been sent • Controls the number of concurrent sends, and hence packet throughput – Slow start, slowly increase rate – Monitor non-ACK’s and delay of ACK’s to estimate congestion – Quickly decrease if congestion detected Understanding Networked Applications 32 A First Course TCP congestion control flaws • “Fairness criterion” – Maybe “equal division” of resources is not what is wanted • Estimating congestion by retransmission is flawed for wireless links • Depends on accurate implementation -- cheating possible • Application can avoid congestion control by using UDP Understanding Networked Applications 33 A First Course TCP Flow Control • Recall that this is to avoid recipient from being overwhelmed • Recipient must control source • Recipient explicitly requests lower send rate – MaxUnackedPackets is a parameter of ACK’s Understanding Networked Applications 34 A First Course Multicasting • So far, we’ve assumed node A sends to B • Multicasting: node A sends same message to B, C, and D – Could set up A-B, A-C, and A-D connections – But A becomes a bottleneck • Handling ACKS and resends – And it’s inefficient • Some intermediate nodes may receive the message several times • Multicast protocols try to have A send only once – Intermediate nodes do more work B A C D Understanding Networked Applications 35 A First Course Understanding Networked Applications: A First Course Domain Name System by David G. Messerschmitt Hosts NS NS “root” eecs.berkeley.edu NS NS sims.berkeley.edu berkeley.edu Understanding Networked Applications 37 A First Course Delegate name search to local name server tj.watson.ibm.com “root” NS info.sims.berkeley.edu berkeley.edu NS watson.ibm.com sims.berkeley.edu Local server caches recent search results NS sims.berkeley.edu NS berkeley.edu Understanding Networked Applications 38 A First Course Understanding Networked Applications: A First Course Supplements by David G. Messerschmitt Understanding Networked Applications: A First Course Network security by David G. Messerschmitt Network security • Some things to worry about: – Sniffing – Spoofing – Security flaws in public servers Understanding Networked Applications 41 A First Course Improving security • Security tools covered earlier • Firewalls: a place where security policies can be enforced – – – – – Who gains access What servers (ports) can be accessed What hosts can be accessed What protocols can pass Other security policies can be enforced Understanding Networked Applications 42 A First Course Public hosts Global Internet Firewall Bastion hosts Second firewall Internal hosts Protected enclave Understanding Networked Applications 43 A First Course Problems with firewalls • “Benign internal users” assumption is naïve • Obstacle to deployment of innovative applications and services • Increasingly organizations want to extend extranet to suppliers and customers • Solution: resource-based rather than enclave-based security – Analogy: border patrol not enough, need secure buildings and vehicles, guards, police, etc. Understanding Networked Applications 44 A First Course Where to use encryption • • • • • Per link (wireless) Firewall-to-firewall (extranet) Host-to-host (IPsec) Process-to-process (TCP-SSL) Application Understanding Networked Applications 45 What are some strengths and weaknesses in these approaches? A First Course Packet structure Header: Payload: Data for application Information for switches Ignored by network and protocol Serves as protocol message (Qualification: may also be encapsulated packet) Packet length limited by network policy Understanding Networked Applications 46 A First Course Protocol endpoints Internetworking layer focuses on getting datagrams from one host to another Host Process IP: host-tohost Host Process-to- TCP process UDP Process Transport layer focuses on process-to-process communication services Understanding Networked Applications 47 A First Course Addresses vs. names Address specifies topological location of host to the network 128 bits (Network,host) info.sims.berkeley.edu Understanding Networked Applications Name is easy to remember or construct and reflects administrative boundaries 48 A First Course Issues in congestion control • Social issue: how do we divide limited network resources among users/applications? • Approaches: – Voluntary (e.g. UDP) • “Bad citizen” is rewarded – Policy driven (e.g. TCP) – Incentivized (e.g. pricing) Understanding Networked Applications 49 A First Course Advantages of pricing-based congestion control • Policies can never take into account the “importance” of traffic • Users and applications are forced to consider the common resource implications of their actions • Users and applications can choose the most “important” traffic for periods of congestion – Shift other traffic to off-peak times • Source of revenue to expand capacity Understanding Networked Applications 50 A First Course Technical approaches to congestion control • Source-driven throttle algorithm – Voluntary, policy, or incentive driven • Network-driven – Must use fairness criteria – Network-to-source flow control – Network access enforcement (policing) • Traffic priorities allow source to control what traffic is discarded Understanding Networked Applications 51 A First Course Undesirability of fixed pricing per unit of capacity Willingness to pay for one more unit of capacity In reducing capacity from c to c’ Revenue gained Revenue lost D(c) p c’ c Understanding Networked Applications Capacity cmax 52 A First Course Downsides of pricing • Infrastructure for – – – – Usage monitoring Congestion monitoring QoS configuration Billing • Operational costs • How do costs compare to the benefits? Understanding Networked Applications 53 A First Course
