2: application layer 1 chapter 2: application layer r 2.1 principles of network applications r 2.2...
TRANSCRIPT
2: Application Layer 1
Chapter 2: Application layer
2.1 Principles of network applications
2.2 Web and HTTP 2.3 FTP Online gaming 2.4 Electronic Mail
SMTP, POP3, IMAP
2.5 DNS
2.6 P2P file sharing 2.7 VOIP 2.8 Socket
programming with TCP Introduce c sock
program Programming
assignment 2.9 Socket
programming with UDP
2.10 Building a Web server
2: Application Layer 2
Online Gaming Design Requirement Consistency
Every gamer has the exactly same view of the game Security
No cheating, fair play Robustness A failure of one client has no impact on others
Real time Processes are delivered no later than the time
needed for effective control Robustness
The failure of one client does not affect others
Scalable Less bandwidth requirement
Dial-up connection is good to work
2: Application Layer 3
Basic Game Model
Single machine game basic model Basic animation: small time-delay refreshing Interaction: command action in next turn
Multiplayer online game basic model Each machine runs the exact simulation
• How? Random number generator A client’s commands known to all clients A command is executed on all client at the
same time
time
2: Application Layer 4
Consistency : Bucket Synchronization
Bucket interval > transmission delay All calculations are delayed until the end of
each cycle Bucket frequency = rate a human vision
perceives smooth motion What if the network delay is longer?
A
Btime
2: Application Layer 5
Consistency: Pipelining
Commands issued between turn 2 and turn 3 will be executed at turn 6 Suppose transmission delay is < 3 turns
Speed control and “lag” Adaptive turn frequency and delay time for exact
view on all clients• Communication delay, computer simulation speed• One client too slow all clients run slow
1 2 3 4 5 6time
2: Application Layer 6
Solving Inconsistency
• Happens if a command packet is lost or received too late.
Methods All clients pause and wait for lost command Server update states to all clients
• Example: your role player returns back to original position
Others?• Sacrifice one client by forcing this client
synchronizes with the server• Kick out the slowest client• ??
Goal: minimize the inconsistency period
2: Application Layer 7
Transmission Protocol
Usually use UDP for transport protocol Achieve reliable transfer by application
layer Benefit:
• Game program can decide which data should be reliably delivered
– Do: game session update message
– Don’t: too late command message
• Game will not stuck by one not transmitted packet
Disadvantage:• Make programming much more complex
2: Application Layer 8
Security: Game Cheating
Suppress-correct cheat : Host gains advantage by purposefully dropping
update messages Look ahead cheat :
Cheat program makes decision right after receiving updates from participating players
• Example: automatic dodge bullet, automatic aim target Popular in war gaming
• Gamer (human) response is much slower than look ahead response!
Security: Game Cheating
Solutions: Remote client program verification
• Install verification patch– This has been widely used in grid computing
• Client uploading gaming data continuously to verifying server
– Verifying server detects anomaly behaviors– Can use statistical pattern for detection, e.g.,
» Steven Gianvecchio, Zhenyu Wu, Mengjun Xie, and Haining Wang, Battle of Botcraft: Fighting Bots in Online Games with Human Observational Proofs, In ACM CCS 2009, Chicago, IL, November 2009.
Cryptographic method for pure distributed systems
2: Application Layer 9
2: Application Layer 10
Materials on Online Gaming
Chris GauthierDickey “COMP 4705: Networks and Games” "
1500 archers on a 28.8: Network Programming in the Age of Empires and Beyond
"
http://www.3impact.com/3Impact_Engine/hulk7123/multiplayer.htm
Learn Internet Game Programming with Java Talks about how to program java-based web online
game • Not multiplayer, but play through the Internet
2: Application Layer 11
Chapter 2: Application layer
2.1 Principles of network applications
2.2 Web and HTTP 2.3 FTP 2.4 Electronic Mail
SMTP, POP3, IMAP
2.5 DNS
2.6 P2P file sharing 2.7 VOIP 2.8 Socket
programming with TCP 2.9 Socket
programming with UDP
2.10 Building a Web server
2: Application Layer 12
FTP: the file transfer protocol
transfer file to/from remote host client/server model
client: side that initiates transfer (either to/from remote)
server: remote host ftp: RFC 959 ftp server: port 21
file transfer FTPserver
FTPuser
interface
FTPclient
local filesystem
remote filesystem
user at host
2: Application Layer 13
FTP: separate control, data connections
FTP client contacts FTP server at port 21, specifying TCP as transport protocol
Client obtains authorization over control connection
Client browses remote directory by sending commands over control connection.
When server receives a command for a file transfer, the server initiates a TCP data connection to client
After transferring one file, server closes connection.
FTPclient
FTPserver
TCP control connection
port 21
TCP data connectionport 20
Server initiates a second TCP data connection to transfer another file.
Control connection: “out of band”
FTP server maintains “state”: current directory, earlier authentication
2: Application Layer 14
Chapter 2: Application layer
2.1 Principles of network applications
2.2 Web and HTTP 2.3 FTP 2.4 Electronic Mail
SMTP, POP3, IMAP
2.5 DNS
2.6 P2P file sharing 2.7 VOIP 2.8 Socket
programming with TCP 2.9 Socket
programming with UDP
2.10 Building a Web server
2: Application Layer 15
Electronic Mail
Three major components: user agents mail servers simple mail transfer
protocol: SMTP
User Agent a.k.a. “mail reader” composing, editing, reading
mail messages e.g., Eudora, Outlook, elm,
Netscape Messenger outgoing, incoming
messages stored on server
user mailbox
outgoing message queue
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
2: Application Layer 16
Electronic Mail: mail servers
Mail Servers mailbox contains
incoming messages for user
message queue of outgoing (to be sent) mail messages
SMTP protocol between mail servers to send email messages client: sending mail
server “server”: receiving
mail server
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
2: Application Layer 17
Electronic Mail: SMTP [RFC 2821]
uses TCP to reliably transfer email message from client to server, port 25
direct transfer: sending server to receiving server three phases of transfer
handshaking (greeting) transfer of messages closure
command/response interaction commands: ASCII text response: status code and phrase
messages must be in 7-bit ASCII The reason why an email with an attached file
sent out is bigger than original attached file
2: Application Layer 18
Scenario: Alice sends message to Bob1) Alice uses UA to compose
message and “to” [email protected]
2) Alice’s UA sends message to her mail server; message placed in message queue (SMTP protocol)
3) Client side of SMTP opens TCP connection with Bob’s mail server
4) SMTP client sends Alice’s message over the TCP connection
5) Bob’s mail server places the message in Bob’s mailbox
6) Bob invokes his user agent to read message
useragent
mailserver
mailserver user
agent
1
2 3 4 56
2: Application Layer 19
Sample fake email sending S: 220 longwood.cs.ucf.edu C: HELO fake.domain S: 250 Hello crepes.fr, pleased to meet you C: MAIL FROM: <[email protected]> S: 250 [email protected]... Sender ok C: RCPT TO: <[email protected]> S: 250 [email protected] ... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line by itself C: from: “fake man” <[email protected]> C: to: “dr. who” <who@who> C: subject: who am I? C: Do you like ketchup? C: How about pickles? C: . S: 250 Message accepted for delivery C: QUIT S: 221 longwood.cs.ucf.edu closing connection
2: Application Layer 20
Try SMTP interaction for yourself:
telnet servername 25 see 220 reply from server enter HELO, MAIL FROM, RCPT TO, DATA, QUIT
commands “mail from” the domain may need to be
existed “rcpt to” the user needs to be existed A mail server may or may not support “relay”
• CS email server supports relay in campus
above lets you send email without using email client (reader)
2: Application Layer 21
SMTP: final words
SMTP uses persistent connections
SMTP requires message (header & body) to be in 7-bit ASCII
SMTP server uses CRLF.CRLF to determine end of message
Comparison with HTTP: HTTP: pull SMTP: push
both have ASCII command/response interaction, status codes
HTTP: each object encapsulated in its own response msg
SMTP: multiple objects sent in one msg
Problem: Only support ASCII content
2: Application Layer 22
Message format: multimedia extensions
MIME (Multi-purpose Internet Mail Extensions) multimedia mail extension, RFC 2045, 2056
additional lines in msg header declare MIME content type
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg
base64 encoded data ..... ......................... ......base64 encoded data
multimedia datatype, subtype,
parameter declaration
method usedto encode data
encoded data
MIME version
2: Application Layer 23
Mail access protocols
SMTP: deliver to receiver’s server Mail access protocol: retrieval from server
POP: Post Office Protocol [RFC 1939]• authorization (agent <-->server) and download • Port: 110
IMAP: Internet Mail Access Protocol [RFC 1730]• more features (more complex)• manipulation of stored msgs on server
HTTP: Hotmail , Yahoo! Mail, etc.
useragent
sender’s mail server
useragent
SMTP SMTP accessprotocol
receiver’s mail server
2: Application Layer 24
POP3 protocol (tcp: 110)
authorization phase client commands:
user: declare username pass: password
server responses +OK -ERR
transaction phase, client: list: list message numbers retr: retrieve message by
number dele: delete quit
C: list S: 1 498 S: 2 912 S: . C: retr 1 S: <message 1 contents> S: . C: dele 1 C: retr 2 S: <message 1 contents> S: . C: dele 2 C: quit S: +OK POP3 server signing off
S: +OK POP3 server ready C: user bob S: +OK C: pass hungrypass hungry S: +OK user successfully logged on
Length(bytes)
Telnet example (also check MIME)
2: Application Layer 25
POP3 (more) and IMAPMore about POP3 Read a message will
get a copy of it into client machine User can delete the
message on server by choice
One Message as a unit Cannot read a message
without downloading all of it attachments
Trouble for low-bandwidth users
IMAP Keep all messages in
one place: the server Allows user to
organize messages in folders Create/delete folders
on email server
Can retrieve any parts of a message Header only Header + text content
More popular than POP3
Both have encrypted protocols
2: Application Layer 26
Web-based Email
Hotmail, Yahoo mail, AOL, … Convenient:
only need Internet Browser User can access any where
Unified interface: Same interface, email folders, any where Similar to IMAP on message organizing
Combination with other Web services Hotmail+MSN messenger, AOL, new mail
reminder Free!
2: Application Layer 27
Chapter 2: Application layer
2.1 Principles of network applications
2.2 Web and HTTP 2.3 FTP 2.4 Electronic Mail
SMTP, POP3, IMAP
2.5 DNS
2.6 P2P file sharing 2.7 VOIP 2.8 Socket
programming with TCP 2.9 Socket
programming with UDP
2.10 Building a Web server
2: Application Layer 28
DNS: Domain Name System
People: many identifiers: SSN, name, passport #
Internet hosts, routers: IP address (32 bit) –
128.119.40.12 unique ID “name”, e.g.,
www.yahoo.com - used by humans
Q: map between IP addresses and name ?
Domain Name System: distributed database
implemented in hierarchy of many name servers
application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation) note: core Internet
function, implemented as application-layer protocol
complexity at network’s “edge” philosophy
2: Application Layer 29
DNS
Why not centralize DNS? single point of failure traffic volume distant centralized
database maintenance
doesn’t scale!
DNS services Hostname to IP
address translation Host aliasing
Canonical and alias names
Many names for a single host
Mail server aliasing Load distribution
Replicated Web servers: set of IP addresses for one canonical name
2: Application Layer 30
Root DNS Servers
com DNS servers org DNS servers edu DNS servers
ucf.eduDNS servers
umass.eduDNS servers
yahoo.comDNS servers
amazon.comDNS servers
pbs.orgDNS servers
Distributed, Hierarchical Database
Client wants IP for www.amazon.com; 1st approx: Client queries a root server to find com DNS
server Client queries “com” DNS server to get
amazon.com DNS server Client queries amazon.com DNS server to get
IP address for www.amazon.com
2: Application Layer 31
DNS: Root name servers
b USC-ISI Marina del Rey, CAl ICANN Los Angeles, CA
e NASA Mt View, CAf Internet Software C. Palo Alto, CA (and 17 other locations)
i Autonomica, Stockholm (plus 3 other locations)
k RIPE London (also Amsterdam, Frankfurt)
m WIDE Tokyo
a Verisign, Dulles, VAc Cogent, Herndon, VA (also Los Angeles)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MDj Verisign, ( 11 locations)
13 root name servers worldwide
2: Application Layer 32
TLD and Authoritative Servers Top-level domain (TLD) servers:
responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp. Network solutions maintains servers for com
TLD Educause for edu TLD
Authoritative DNS servers: organization’s DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web and mail). Can be maintained by organization or service
provider (paid by the organization)
2: Application Layer 33
Local Name Server
Does not strictly belong to hierarchy Each ISP (residential ISP, company,
university) has one Also called “default name server”
When a host makes a DNS query, query is sent to its local DNS server Acts as a proxy (cache), forwards query into
hierarchy
2: Application Layer 34
requesting hostcis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS serverdns.poly.edu
1
23
4
5
6
authoritative DNS serverdns.cs.umass.edu
78
TLD DNS server
Example
Host at cis.poly.edu wants IP address for gaia.cs.umass.edu
2: Application Layer 35
requesting hostcis.poly.edu
gaia.cs.umass.edu
root DNS server
local DNS serverdns.poly.edu
1
2
45
6
authoritative DNS serverdns.cs.umass.edu
7
8
TLD DNS server
3
Recursive queries
recursive query: puts burden of
name resolution on contacted name server
heavy load?
iterated query: contacted server
replies with name of server to contact
“I don’t know this name, but ask this server”
2: Application Layer 36
DNS: caching and updating records once (any) name server learns mapping, it
caches mapping cache entries timeout (disappear) after
some time (keep fresh copy) TLD servers typically cached in local name
servers• Thus root name servers not often visited
2: Application Layer 37
DNS records
DNS: distributed db storing Resource Records (RR)
Type=NS name is domain (e.g.
foo.com) value is IP address of
authoritative DNS server for this domain
RR format: (name, value, type, ttl)
Type=A name is hostname value is IP address
Type=CNAME name is alias name for some
“canonical” (the real) name www.ibm.com is really servereast.backup2.ibm.com value is canonical name
Type=MX value is name of
mailserver associated with name
2: Application Layer 38
DNS protocol, messagesDNS protocol : query and reply messages, both with same message format
msg header identification: 16 bit #
for query, reply to query uses same #
flags: query or reply recursion desired recursion available reply is authoritative
2: Application Layer 39
DNS protocol, messages (UDP 53)
Name, type fields for a query
RRs in responseto query
records forauthoritative servers
additional “helpful”info that may be used
Let’s check a web example using Wireshark!(MX record: nslookup –type=MX cs.ucf.edu or
dig mx cs.ucf.edu)
2: Application Layer 40
Inserting records into DNS
Example: just created startup “Network Utopia” Register name networkuptopia.com at a registrar (e.g.,
Network Solutions) Need to provide registrar with names and IP addresses of
your authoritative name server (primary and secondary) Registrar inserts two RRs into the com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)(dns1.networkutopia.com, 212.212.212.1, A)
Put in authoritative server dns1.networkutopia.com Type A record for www.networkuptopia.com
• Type CName for networkuptopia.com (alias) Type MX record for networkutopia.com (email)
• Type A record for the email server How do people get the IP address of your Web site?
2: Application Layer 41
Chapter 2: Application layer
2.1 Principles of network applications app architectures app requirements
2.2 Web and HTTP Internet gaming 2.4 Electronic Mail
SMTP, POP3, IMAP
2.5 DNS
2.6 P2P file sharing VOIP 2.7 Socket
programming with TCP 2.8 Socket
programming with UDP
2: Application Layer 42
P2P: Exampleoriginal “Napster” design1) when peer connects, it
informs central server: IP address content
2) Alice queries Central for “Hey Jude”
3) Central tells Alice that Bob has it and Bob’s IP
4) Alice downloads file from Bob (via HTTP, why?)
5) While Alice downloads, others download files from Alice’s computer, too
centralizeddirectory server
peers
Alice
Bob
1
1
1
12
3
4
2: Application Layer 43
P2P Example: BitTorrent
Online Introduction http://en.wikipedia.org/wiki/Bittorrent
Designed by Bram Cohen in 2001 BitTorrent Features
Remove centralized management server• Use individual file-centered server
Better design on• Load balancing and robustness• File sharing enforcement
2: Application Layer 44
BitTorrent: Individual File-Centered P2P Design
Tracker
peer
User A provides a BitTorrent “torrent” Metadata: Tracker IP, port, file name
• Tracker provided by user A or a hosting Publish torrent in well-know website
User A also provides a peer with full file (“seed”) once peer has entire file, it may
(selfishly) leave or (altruistically) remain (“seed”)
Other users download seed first Connect to tracker to get management
information Download file from peers
Robustness feature File broken into many piece
(256KB/chunk) Rarest-first download
• Make sure every piece has equal number of copies in P2P network
2: Application Layer 452: Application Layer 45
BitTorrent (2)
Pulling Chunks at any given time,
different peers have different subsets of file chunks
periodically, a peer (Alice) asks each neighbor for list of chunks that they have.
Alice sends requests for her missing chunks rarest first
Sending Chunks: tit-for-tat Alice sends chunks to
four neighbors currently sending her chunks at the highest rate re-evaluate top 4
every 10 secs every 30 secs: randomly
select another peer, starts sending chunks newly chosen peer
may join top 4 “optimistically
unchoke”
2: Application Layer 462: Application Layer 46
BitTorrent: Tit-for-tat(1) Alice “optimistically unchokes” Bob
(2) Alice becomes one of Bob’s top-four providers; Bob reciprocates(3) Bob becomes one of Alice’s top-four providers
With higher upload rate, can find better trading partners & get file faster!
2: Application Layer 47
BitTorrent Security Issues Common security problems in P2P
network Malicious sharing files
Control-based vulnerability Tracker provided by ordinary users
• No authentication or authority Tracker-controlled P2P network
• Tracker provides:– Peer’s IP, connection port, peer’s obtained file pieces
BitTorrent Security Issues
Malicious tracker can
• Divert P2P peers to connect to a victim on an arbitrary port
• See our paper on bitTorrent attack
48
Jerome Harrington, Corey Kuwanoe, Cliff C. Zou. "A BitTorrent-Driven Distributed Denial-of-Service Attack", 3rd International Conference on Security and Privacy in Communication Networks (SecureComm), Nice, France, Sept. 17-20, 2007.
2: Application Layer 49
Distributed Hash Table (DHT)
DHT = distributed P2P database Database has (key, value) pairs;
key: ss number; value: human name key: content type; value: IP address
Peers query DB with key DB returns values that match the key
Peers can also insert (key, value) peers
2: Application Layer 50
DHT Identifiers
Assign integer identifier to each peer in range [0,2n-1]. Each identifier can be represented by n bits.
Require each key to be an integer in same range.
To get integer keys, hash original key. eg, key = h(“transformer trailer”) This is why they call it a distributed “hash” table
2: Application Layer 51
How to assign keys to peers?
Central issue: Assigning (key, value) pairs to peers.
Rule: assign key to the peer that has the closest ID.
Convention in lecture: closest is the immediate successor of the key.
Ex: n=4; peers: 1,3,4,5,8,10,12,14; key = 13, then successor peer = 14 key = 15, then successor peer = 1
2: Application Layer 52
1
3
4
5
810
12
15
Circular DHT (1)
Each peer only aware of immediate successor and predecessor.
“Overlay network” (n=4 for this example)
2: Application Layer 53
Circle DHT (2)
0001
0011
0100
0101
10001010
1100
1111
Who’s resp
for key 1110 ?I am
O(N) messageson avg to resolvequery, when thereare N peers
1110
1110
1110
1110
1110
1110
Define closestas closestsuccessor
2: Application Layer 54
Circular DHT with Shortcuts
Each peer keeps track of IP addresses of predecessor, successor, short cuts.
Reduced from 6 to 2 messages. Possible to design shortcuts so O(log N) neighbors,
O(log N) messages in query
1
3
4
5
810
12
15
Who’s resp for key 1110?
2: Application Layer 55
Peer Churn
Peer 5 abruptly leaves Peer 4 detects; makes 8 its immediate successor;
asks 8 who its immediate successor is; makes 8’s immediate successor its second successor.
What if peer 13 wants to join?
1
3
4
5
810
12
15
•To handle peer churn, require each peer to know the IP address of its two successors. • Each peer periodically pings its two successors to see if they are still alive.
2: Application Layer 562: Application Layer 56
P2P Case study: Skype
inherently P2P: pairs of users communicate.
proprietary application-layer protocol (inferred via reverse engineering)
hierarchical overlay with SNs
Index maps usernames to IP addresses; distributed over SNs
Skype clients (SC)
Supernode (SN)
Skype login server
2: Application Layer 572: Application Layer 57
Peers as relays
Problem when both Alice and Bob are behind “NATs”. NAT prevents an
outside peer from initiating a call to insider peer
Solution: Using Alice’s and Bob’s
SNs, Relay is chosen Each peer initiates
session with relay. Peers can now
communicate through NATs via relay
2: Application Layer 58
Why using P2P?
Resource bottleneck in server Take advantage of CPU, disk storage,
bandwidth of millions of computers Grid computing: distributed computation (CPU) File sharing: (storage, bandwidth) Video streaming: (storage, bandwidth)
Direct communication (less delay) Internet gaming, video/audio meeting
Copyright avoidance Movie/music/software Piracy