Progamming the Internet - School of Computer Science

advertisement
20-755: The Internet
Lecture 6: Programming the Internet
David O’Hallaron
School of Computer Science and
Department of Electrical and Computer Engineering
Carnegie Mellon University
Institute for eCommerce, Summer 1999
Lecture 6, 20-755: The Internet, Summer 1999
1
Today’s lecture
•
•
•
•
Internet architecture (30 min)
Packet filtering (10 min)
Break (10 min)
Client-server programming model (40 min)
– Berkeley sockets interface
– example clients and servers
•
Domain Naming System (DNS) (20 min)
Lecture 6, 20-755: The Internet, Summer 1999
2
Basic Internet components
•
•
•
•
•
An Internet backbone is a collection of
routers (nationwide or worldwide) connected
by high-speed point-to-point networks.
A Network Access Point (NAP) is a router that
connects multiple backbones (sometimes
referred to as peers).
Regional networks are smaller backbones
that cover smaller geographical areas (e.g.,
cities or states)
A point of presence (POP) is a machine that is
connected to the Internet.
Internet Service Providers (ISPs) provide dialup or direct access to POPs.
Lecture 6, 20-755: The Internet, Summer 1999
3
The Internet circa 1993
•
In 1993, the Internet consisted of one
backbone (NSFNET) that connected 13 sites
via 45 Mbs T3 links.
– Merit (Univ of Mich), NCSA (Illinois), Cornell Theory
Center, Pittsburgh Supercomputing Center, San Diego
Supercomputing Center, John von Neumann Center
(Princeton), BARRNet (Palo Alto), MidNet (Lincoln, NE),
WestNet (Salt Lake City), NorthwestNet (Seattle),
SESQUINET (Rice), SURANET (Georgia Tech).
•
Connecting to the Internet involved
connecting one of your routers to a router at
a backbone site, or to a regional network that
was already connected to the backbone.
Lecture 6, 20-755: The Internet, Summer 1999
4
The Internet backbone
(circa 1993)
Lecture 6, 20-755: The Internet, Summer 1999
5
Current NAP-based
Internet Architecture
•
•
•
•
In the early 90’s commercial outfits were building
their own high-speed backbones, connecting to
NSFNET, and selling access to their POPs to
companies, ISPs, and individuals.
In 1995, NSF decommissioned NSFNET, and fostered
creation of a collection of NAPs to connect the
commercial backbones.
Currently in the US there are about 50 commercial
backbones connected by ~12 NAPs (peering points).
Similar architecture worldwide connects national
networks to the Internet.
Lecture 6, 20-755: The Internet, Summer 1999
6
Internet connection hierarchy
NAP
Backbone
POP
NAP
Backbone
POP
POP
NAP
Backbone
POP
Backbone
POP
POP
POP
T3
Regional net
POP
POP
T1
ISP (for individuals)
ISP
POP
POP
T1
Small Business
Lecture 6, 20-755: The Internet, Summer 1999
Big Business
POP
POP
dialup
Pgh employee
POP
dialup
DC employee
7
Network access points (NAPs)
Note: Peers in this context are
commercial backbones..droh
Lecture 6, 20-755: The Internet, Summer 1999
Source: Boardwatch.com
8
Lecture 6, 20-755: The Internet, Summer 1999
Source: Boardwatch.com
9
MCI/WorldCom Global Backbone
Lecture 6, 20-755: The Internet, Summer 1999
Source: Boardwatch.com
10
Lecture 6, 20-755: The Internet, Summer 1999
Source: Boardwatch.com
11
Relative backbone performance
Lecture 6, 20-755: The Internet, Summer 1999
Source: Boardwatch.com
12
Comparison of
T1 average
monthly costs
MCI/WorldCom
Lecture 6, 20-755: The Internet, Summer 1999
Source: Boardwatch.com
13
Cost of Frame Relay connections
56 Kbps frame relay:
Availability: All U.S. backbone cities
Setup: $495
Monthly: $595
Recommended Equipment:
Cisco 2524 router with 5IN1 Card &
Kentrox 56K CSU/DSU: Total $2,395
Lecture 6, 20-755: The Internet, Summer 1999
Source: Boardwatch.com (MCI/Worldcom)
14
Cost of T1 connections
Burstable 1.544 Mbps T-1 service:
Monthly charge based on 95 percent usage level
Availability: All U.S. backbone cities
Average Installation Time: 4-6 weeks
Setup: $5,000
Recommended Equipment: Cisco Integrated T-1
CSU/DSU - $995, Cisco 2524 router - $1,950
Bandwidth
0-128 Kbps
128 Kbps-256 Kbps
256 Kbps-384 Kbps
384 Kbps-512 Kbps
512 Kbps-1.544 Mbps
Monthly
$1,295
$1,895
$2,495
$2,750
$3,000
Lecture 6, 20-755: The Internet, Summer 1999
Source: Boardwatch.com (MCI/Worldcom)
15
Cost of T3 connections
Burstable 45 Mbps T-3 service:
Monthly price based on 95th percentile usage level.
Availability: All U.S. backbone cities
Average Install Time: 8-10 weeks
Setup: $6,000
Bandwidth
up to 6 Mbps
6.01 Mbps-7.5 Mbps
7.51 Mbps-9 Mbps
9.01 Mbps-10.5 Mbps
10.51 Mbps-12 Mbps
12.01 Mbps-13.5 Mbps
3.51 Mbps-15 Mbps
15.01 Mbps-16.5 Mbps
16.51 Mbps-18.01 Mbps
18.01 Mbps-19.5 Mbps
19.51 Mbps-21 Mbps
21.01 Mbps-45 Mbps
Monthly
$12,000
$14,000
$17,000
$19,000
$22,000
$26,000
$29,000
$32,000
$37,000
$43,000
$48,000
$55,500
Recommended Equipment: Cisco 7204 router
Lecture 6, 20-755: The Internet, Summer 1999
Source: Boardwatch.com (MCI/Worldcom)
16
Programming the Internet
•
•
We’ll look at two extreme examples of
manipulating the Internet
Low-level example
– packet filtering
» firewalls
» user-level protocol implementations
» user-level tunneling
» password sniffing!
•
Higher-level example
– client-server computing via the sockets interface
» underlies most Internet services
» relies on DNS to translate domain names to IP
addresses
Lecture 6, 20-755: The Internet, Summer 1999
17
Internet Protocol Stack
Packet Filter Interface
Berkeley Sockets Interface
firewalls, user-level
protocols, tunneling
Applications
UDP
TCP
IP
Berkeley Packet
Filter (BPF)
Network interface
Lecture 6, 20-755: The Internet, Summer 1999
18
Packet filtering
P4
P2
output
packets
application
packet
filter
input
packets
P3
P5
P1
Packet filters allow user
programs to directly read
and write network packets
(e.g., ethernet packets)
network
adapter
packet stream
Network
Lecture 6, 20-755: The Internet, Summer 1999
... P5
P4
P3
P2
P1
19
Unix packet filters
•
•
•
Unix uses files in the /dev
directory as user-level
abstractions for I/O
devices.
To access a device directly
from a user program, open
the appropriate /dev/* file,
read/write to/from it, and
close it.
Four of these files (called
packet filters) provide
direct user-level access to
network adapters:
/
dev
home
jmcc cbs
pf0 pf1 pf2 pf4
– /dev/pf{0,1,2,3}
Lecture 6, 20-755: The Internet, Summer 1999
20
Example of using a Unix packetfilter
/* Find an available input packet filter */
fd = openinpf(interface);
/* read and decode raw ethernet packets */
while (1) {
p = readpacket(fd, &packetsize);
printpacket(p, packetsize);
}
/* Read an ethernet packet from the network */
struct packet *readpacket(int fd, int *packetsize) {
struct packet *p;
p = (struct packet *)malloc(sizeof(struct packet));
*packetsize = read(fd, p, sizeof(struct packet);
return p;
}
Lecture 6, 20-755: The Internet, Summer 1999
21
Packet filtering implications
•
Crucial for important applications
–
–
–
–
•
firewalls
user-level tunneling
protocol research
network monitoring on routers
However, mechanism can be easily abused
– Anybody with a PC can set up a packet filter
– Can be used to sniff passwords
» scan input packets for strings “Login” and
“Password”
•
Should be wary of sending password over the
network in clear text.
Lecture 6, 20-755: The Internet, Summer 1999
22
Break time!
Lecture 6, 20-755: The Internet, Summer 1999
23
Today’s lecture
•
•
•
•
Internet architecture (30 min)
Packet filtering (10 min)
Break (10 min)
Client-server programming model (40 min)
– Berkeley sockets interface
– example clients and servers
•
Domain Naming System (DNS) (20 min)
Lecture 6, 20-755: The Internet, Summer 1999
24
Client-server
programming model
•
•
•
•
Client + server =
distributed computing
Client & server are both
processes
Server manages a resource
Client makes a request for
a service
client
request
server
process
request
client
server
– request may involve a
conversation according to some
server protocol
•
Server provides service by
manipulating the resource
on behalf of client and then
returning a response
Lecture 6, 20-755: The Internet, Summer 1999
client
response
server
25
Internet Servers
•
Servers are long-running processes (daemons).
– Created at boot-time by the init process
– Run continuously until the machine is turned off.
•
Each server waits for either TCP connection
requests or UDP datagrams to arrive on a wellknown port associated with a particular service.
– port 7: echo server
– port 25: mail server
– port 80: http server
•
A machine that runs a server process is also
often referred to as a “server”.
Lecture 6, 20-755: The Internet, Summer 1999
26
Server examples
•
Web server (port 80)
– resource: files/compute cycles (CGI programs)
– service: retrieves files and runs CGI programs on behalf
of the client
•
FTP server (20, 21)
– resource: files
– service: stores and retrieve files
•
Telnet server (23)
– resource: terminal
– service: proxies a terminal on the server machine
•
Mail server (25)
– resource: email “spool” file
– service: stores mail messages in spool file
Lecture 6, 20-755: The Internet, Summer 1999
27
Server examples (cont)
•
DNS name server (53)
– resource: distributed name database
– service: distributed database lookup
•
Whois server (430
– resource: second level domain name database (e.g.
cmu.edu)
– service: database lookup
•
Daytime (13)
– resource: system clock
– service: retrieves value of system clock
•
DHCP server (67)
– resource: IP addresses
– service: assigns IP addresses to clients
Lecture 6, 20-755: The Internet, Summer 1999
28
Server examples (cont)
•
X server (177)
– resource: display screen and keyboard
– service: paints screen and accepts keyboard input on
behalf of a client
•
AFS file server (7000)
– resource: subset of files in a distributed filesystem (e.g.,
AFS, NFS)
– service: retrieves and stores files
•
Kerberos authentication server (750)
– resource: “tickets”
– service: authenticates client and returns tickets
•
/etc/services file gives a comprehensive list
for Linux machines.
Lecture 6, 20-755: The Internet, Summer 1999
29
Berkeley Sockets Interface
•
•
•
•
•
Created in the early 80’s as part of the original
Berkeley distribution of Unix that contained
the TCP/IP protocol stack.
Often referred to as the “sockets interface”
Modified somewhat by Microsoft in early 90’s
(Winsock interface).
The sockets interface is powerful but
somewhat complicated.
More convenient abstractions provided by
Perl and Java and various C libraries.
Lecture 6, 20-755: The Internet, Summer 1999
30
Client-side socket interface to TCP
• socket() : creates a socket on the local host and
returns a file descriptor for that socket.
– int sockfd = socket(INET, STREAM, 0);
• connect(): connects to a remote socket specified as
an IP address and a port at that address.
– connect(sockfd, &servaddr, sizeof(servaddr));
– servaddr is a structure that contains the IP address and the port
• read() : reads bytes from a connected socket.
– n = read(sockfd, inbuf, MAXLINELEN);
• write() : writes bytes to a connected socket.
– n = write(sockfd, outbuf, MAXLINELEN);
• close(): closes a socket and its associated connection
– close(sockfd);
Lecture 6, 20-755: The Internet, Summer 1999
31
Server-side socket interface to TCP
• socket():
creates a “listening socket” on the local
machine and returns a file descriptor for that socket.
– listenfd = socket(INET, STREAM, 0);
• bind(): binds a socket to fixed port on local machine.
– bind(listenfd, &servaddr, sizeof(servaddr));
– here servaddr identifies the port number (e.g., 13 for timeofday)
• listen(): puts socket in “listening mode” to listen for
connection requests from any client.
– listen(listenfd, LISTENQ);
Lecture 6, 20-755: The Internet, Summer 1999
32
Server-side socket interface to TCP
• accept(): waits for a connection request to
arrive at a listening socket, and returns a file
descriptor for a “connected socket” that the
server can read and write from.
– connfd = accept(listenfd, NULL, NULL);
• read() : reads bytes from a connected socket.
– n = read(connfd, inbuf, MAXLINELEN);
• write() : writes bytes to a connected socket.
– n = write(connfd, outbuf, MAXLINELEN);
• close(): closes socket and its associated
connection.
– close(connfd);
Lecture 6, 20-755: The Internet, Summer 1999
33
TCP sockets client-server interaction
Client
Server
Create a socket::
socket()
Create a master socket which is
ready to accept connection requests on port p
from a client:
socket(), bind(), listen()
Create a connection between client
and server socket. The server socket
is identified by an address/ port pair.
connect()
Wait for a connection request to arrive on
the master socket and create a “slave
socket” once a request has arrived.
accept()
Read and write to/from socket.
read() and write()
Read and write to/from slave socket .
read() and write()
Close the client socket: close()
Close the slave socket: close()
Lecture 6, 20-755: The Internet, Summer 1999
34
Example C client code:
daytime(13)
This client gets the time from another machine and prints it
char recvline[MAXLINELEN+1];
/* allocate an internet (INET) stream (STREAM) socket */
int sockfd = socket(INET, STREAM, 0)
/* connect to the remote server
servaddr is a structure containing both the server IP
address and a port at that address (13 for time) */
connect(sockfd, &servaddr, sizeof(servaddr))
/* read the time from the remote server and print */
int n = read(sockfd, recvline, MAXLINELEN);
recvline[n] = 0;
/* null terminate the line */
printf(recvline); /* print the line */
/* take down the connection */
close(sockfd);
Lecture 6, 20-755: The Internet, Summer 1999
35
Example C server code:
daytime(13)
/* create a socket */
listenfd = socket(INET, STREAM, 0);
/* bind it to a local port.
Here servaddr specifies the local port number 13. */
bind(listenfd, &servaddr, sizeof(servaddr));
/* put socket into “listening” mode to receive request for
connection from anyone */
listen(listenfd, LISTENQ);
while (1) {
/* wait and accept next connection from a client
this creates a new “slave socket” connfd */
connfd = accept(listenfd, NULL, NULL);
ticks = time(NULL);
/* get the time of day */
sprintf(buff, “%s\n”, ctime(&ticks)); /* print as a string */
write(connfd, buff, strlen(buff));
/* write to client */
close(connfd);
/* close connection */
}
Lecture 6, 20-755: The Internet, Summer 1999
36
Example Perl5 client code:
#!/usr/local/bin/perl5 -w
use IO::Socket;
# daytime client
$port = “8000”;
$host = "euro.ecom";
# send TCP connection request
$sockfd = IO::Socket::INET->new(
Proto => "tcp",
# use tcp
PeerAddr => $host, # server name
PeerPort => $port) # and port number
or die "Couldn't connect to port $port on $host: $@\n";
# wait for the response from the server and print to stdout
$time = <$sockfd>;
print $time;
close $sockfd;
Lecture 6, 20-755: The Internet, Summer 1999
37
Example Perl5 server code
#!/usr/local/bin/perl5 -w
use IO::Socket;
# daytime server
$port = 8000;
# create a TCP listening socket file descriptor
$listenfd = IO::Socket::INET->new(
LocalPort => $port,
# port to listen on
Type => SOCK_STREAM, # use TCP
Reuse => 1,
# reuse addr right away
Listen => 10)
# buffer at most 10 requests
or die "Couldn't listen on port $port: $@\n";
# loop forever, waiting for client requests
while(1) {
$connfd = $listenfd->accept(); # wait for client request
$time = "The time is ".`date`; # compose message
$connfd->print($time);
# send to client
close $connfd;
# close socket
}
Lecture 6, 20-755: The Internet, Summer 1999
38
Client-server debugging hints
•
Debug on the local machine
– Client and server can both be running on the same
machine.
– By default, the local machine can be referenced by:
» domain name: localhost
» IP address: 127.0.0.1
•
Develop and debug the server first
– Use telnet as the universal client
– e.g., to debug a web server:
» % telnet localhost 80
•
Use print statements liberally to track the
server’s state and progress.
Lecture 6, 20-755: The Internet, Summer 1999
39
Hierarchical domain name space
•
•
•
•
unnamed root
Until 198x, domain name/IP
address mapping maintained
in HOSTS.TXT file at SRI.
Each new host manually
entered and copied to
backbone routers.
Explosive growth rendered
HOSTS.TXT approach
impractical.
Replaced by Domain Name
System in 198x.
Lecture 6, 20-755: The Internet, Summer 1999
com
edu
mit
cmu
gsia
cs
gov
berkeley
ece
cmcl
lb
sahara
www
128.2.185.40
mil
128.2.209.79
40
DNS
•
•
•
Worldwide distributed system for mapping
names to addresses (and vice versa).
Implemented as a collection of cooperating
servers called name servers.
name servers are accessed by DNS clients
– user programs
– nslookup
» stand-alone client with command line interface
Lecture 6, 20-755: The Internet, Summer 1999
41
Zones
•
•
Domains are partitioned
into zones.
Each zone has multiple
name servers that store
info about about names in
that zone.
unnamed root
com
edu
mit
cmu
gsia
cs
gov
mil
berkeley
– CS Zone has 4 servers
•
One server is authoritative
– the others get copies of the
authoritative server’s data
CS Zone in red
LB Zone in blue
Lecture 6, 20-755: The Internet, Summer 1999
cmcl
other cmcl sahara
names 128.2.185.40
ece
lb
other cs
names
other lb
128.2.209.79 names
42
www
Zone databases
•
•
Each name server keeps a database with
information about each name in its zone.
Examples of info (Type:Description)
–
–
–
–
–
–
A: IP address
NS: name servers for zone
SOA: “start of authority” indicates authoritative server
WKS: well known services running on that host
HINFO: host info (OS and machine type)
PTR: domain name ptr (if this subdomain has its own
server)
Lecture 6, 20-755: The Internet, Summer 1999
43
Zone transfers
•
Copying the contents of a zone database is
called a zone transfer.
– all info of a particular type or types (A, NS, etc) for the
entire zone.
Example: zone transfer of cs.cmu.edu (Types A & PTR)
(note: this is the default for nslookup)
...
SAHARA.CMCL
…
LB
LB
…
POSTOFFICE
...
128.2.185.40
server = ALMOND.SRV.CS.CMU.EDU
server = PECAN.SRV.CS.CMU.EDU
128.2.181.62
Lecture 6, 20-755: The Internet, Summer 1999
44
Zone transfers (cont)
Example: zone transfer of cs.cmu.edu (Type HINFO)
...
SAHARA.CMCL
…
AMEFS.SRV
...
DEC-600-5/333 UNIX
INTEL-486 UNIX
Note: no HINFO for POSTOFFICE or LB
Lecture 6, 20-755: The Internet, Summer 1999
45
Hierarchical DNS name
resolution
2. R
root name server
3. PTR to edu name server (ns)
1. sahara.cmcl.cs.cmu.edu (R)
client
4. R
name
server
edu name server
5. PTR to cmu.edu ns
6. R
10. 128.2.185.40
7. PTR to cs.cmu.edu ns
cmu.edu name server
8. R
9. 128.2.185.40
cs. cmu.edu name server
Lecture 6, 20-755: The Internet, Summer 1999
46
DNS Caching
•
•
•
Servers cache (keep a copy of) of information
they receive from other servers as part of the
name resolution process.
This greatly reduces the number of queries.
E.g. In our previous example, the next query
for sahara.cmcl can be answered immediately
because the server kept a copy of the
address.
1. sahara.cmcl.cs.cmu.edu (R)
client
name
server
10. 128.2.185.40
Lecture 6, 20-755: The Internet, Summer 1999
47
Download