network basics (slides)
TRANSCRIPT
A Very Brief Internet Tutorial (I)Introduction
Wang Xiaolin
April 30, 2015
1 /197
What’s A Computer Network?
2 /197
The History of Internet
1836: Telegraph1858-1866: Transatlantic cable
1876: Telephone1957: USSR launches Sputnik
1962-1968: Packet-switching networks developed1969: Birth of Internet1971: People communicate over a network1972: Computers can connect more freely and
easily1973: Global Networking becomes a reality1974: Packets become mode of transfer1976: Networking comes to many1977: E-mail takes off, Internet becomes a reality1979: News Groups born1981: Things start to come together
3 /197
1982: TCP/IP defines future communication1983: Internet gets bigger1984: Growth of Internet Continues1986: Power of Internet Realised1987: Commercialisation of Internet Born1989: Large growth in Internet1990: Expansion of Internet continues1991: Modernisation Begins1992: Multimedia changes the face of the Internet1993: The WWW Revolution truly begins1994: Commercialisation begins1995: Commercialisation continues apace1996: Microsoft enters
4 /197
What’s The Internet?
What pops up in your mind if I say “Internet”?
For me, the answer is...
and...
TCP/IP
5 /197
What’s The Internet?
What pops up in your mind if I say “Internet”?
For me, the answer is...
and...
TCP/IP
5 /197
What’s The Internet?
What pops up in your mind if I say “Internet”?
For me, the answer is...
and...
TCP/IP
5 /197
What’s The Internet?
▶ The network of networks.▶ Tech view: TCP/IP▶ App view:
6 /197
PhilosophyTen things Google has found to be true
1. Focus on the user and all else will follow.2. It’s best to do one thing really, really well.3. Fast is better than slow.4. Democracy on the web works.5. You don’t need to be at your desk to need an answer.6. You can make money without doing evil.7. There’s always more information out there.8. The need for information crosses all borders.9. You can be serious without a suit.10. Great just isn’t good enough.
7 /197
PhilosophyMore about...
▶ Software Principles▶ Google User Experience▶ No pop-ups▶ Security
8 /197
Products
9 /197
Choosing The Right Tools
vs.10 /197
Dangerous
11 /197
Safe Surfing AdviceTake care of your identity and privacy
▶ Use a better browser, and keep it updated▶ Use a spam filter for emailing▶ Always use strong passwords▶ Don’t give away too much personal information on blogsand social networking sites
12 /197
Safe Surfing AdviceProtect Your PC
▶ Get anti-virus software, anti-spyware software and afirewall
▶ Keep your computer up to date▶ Block spam emails▶ Use an up to date web browser▶ Make regular backups▶ Encrypt your wireless network
13 /197
Safe Surfing AdviceAvoid online rip-offs
▶ When you’re shopping online, look for clear signs thatyou’re buying from a reputable company
▶ On an online auction site, learn how it works and learn topick good sellers
▶ Use safe ways to pay, such as PayPal or credit and debitcards
▶ Use your common sense to avoid scams – if it sounds toogood to be true, it probably is
14 /197
Homework
1. get a gmail account2. recommend a good chrome extension to me via gmail3. in google plus, share an interesting post to me4. add your class timetable into google calendar, and thenshare your calendar to me
5. in youtube, find a video you like and share it to me
15 /197
A Very Brief Internet Tutorial (II)How The Internet Works?
Wang Xiaolin
April 30, 2015
16 /197
Network Classification
▶ connection method: wired, wireless...▶ topology▶ scale▶ network architecture: c/s, p2p...
17 /197
Network Classification
Connection methodWired:
Wireless:
18 /197
Scale
PAN, LAN, CAN, MAN,WAN ...
19 /197
Topology
Ring Mesh Star Fully Connected
BusTreeLine
20 /197
Network Architecture
21 /197
Basic Hardware Components
IP Router:
Link Bridge: Switch:
PHY NIC: Repeater: Hub:
22 /197
TCP/IP----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*------ |
| |ARP| | |
| ----- | |
| \ | |
| ------ |
| |ENET| |
| ---@-- |
----------|-----------------
|
----------------------o---------
Ethernet Cable
23 /197
What’s TCP/IP?A set of protocols designed for the InternetProtocol — a rule, a treaty, an agreement ...
message that is transmitted to, and received by, all students who are not sleeping).You raise your hand (transmitting an implicit message to the teacher). Your teacheracknowledges you with a smile, saying “Yes . . .” (a transmitted message encourag-ing you to ask your question—teachers love to be asked questions), and you then askyour question (that is, transmit your message to your teacher). Your teacher hearsyour question (receives your question message) and answers (transmits a reply toyou). Once again, we see that the transmission and receipt of messages, and a set ofconventional actions taken when these messages are sent and received, are at theheart of this question-and-answer protocol.
Network Protocols
A network protocol is similar to a human protocol, except that the entities exchang-ing messages and taking actions are hardware or software components of somedevice (for example, computer, smartphone, tablet, router, or other network-capable
8 CHAPTER 1 • COMPUTER NETWORKS AND THE INTERNET
GET http://www.awl.com/kurose-ross
TCP connection request
Time Time
TCP connection reply
<file>
Hi
Got the time?
Time Time
Hi
2:00
Figure 1.2 � A human protocol and a computer network protocol
24 /197
TCP/IP Protocol Stack
Every networked computer has it inside+--------------+ +-------------+ +-------------+
| Application | | | | |
+--------------+ | | | |
| Presentation | | Application | | Application |
+--------------+ | | | |
| Session | | | | |
+--------------+ +-------------+ +-------------+
| Transport | | Transport | | Transport |
+--------------+ +-------------+ +-------------+
| Network | | Network | | Network |
+--------------+ +-------------+ +-------------+
| Data Link | | Network | | Data Link |
+--------------+ | Interface | +-------------+
| Physical | | | | Physical |
+--------------+ +-------------+ +-------------+
ISO/OSI RM TCP/IP My Favor
25 /197
Layered Design
30 INTRODUCTION CHAP. 1
software processes, hardware devices, or even human beings. In other words, it is
the peers that communicate by using the protocol to talk to each other.
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
Host 1
Layer 4/5 interface
Layer 3/4 interface
Layer 2/3 interface
Layer 1/2 interface
Layer 5 protocolLayer 5
Layer 4
Layer 3
Layer 2
Layer 1
Host 2
Layer 4 protocol
Layer 3 protocol
Layer 2 protocol
Layer 1 protocol
Physical medium
Figure 1-13. Layers, protocols, and interfaces.
In reality, no data are directly transferred from layer n on one machine to
layer n on another machine. Instead, each layer passes data and control infor-
mation to the layer immediately below it, until the lowest layer is reached. Below
layer 1 is the physical medium through which actual communication occurs. In
Fig. 1-13, virtual communication is shown by dotted lines and physical communi-
cation by solid lines.
Between each pair of adjacent layers is an interface. The interface defines
which primitive operations and services the lower layer makes available to the
upper one. When network designers decide how many layers to include in a net-
work and what each one should do, one of the most important considerations is
defining clean interfaces between the layers. Doing so, in turn, requires that each
layer perform a specific collection of well-understood functions. In addition to
minimizing the amount of information that must be passed between layers, clear-
cut interfaces also make it simpler to replace one layer with a completely different
protocol or implementation (e.g., replacing all the telephone lines by satellite
channels) because all that is required of the new protocol or implementation is
that it offer exactly the same set of services to its upstairs neighbor as the old one
did. It is common that different hosts use different implementations of the same
protocol (often written by different companies). In fact, the protocol itself can
change in some layer without the layers above and below it even noticing.
26 /197
Services vs. ProtocolsSEC. 1.4 REFERENCE MODELS 41
Layer k
Layer k + 1
Layer k - 1
Protocol
Service provided by layer k
Layer k
Layer k + 1
Layer k - 1
Figure 1-19. The relationship between a service and a protocol.
1.4 REFERENCE MODELS
Now that we have discussed layered networks in the abstract, it is time to look
at some examples. We will discuss two important network architectures: the OSI
reference model and the TCP/IP reference model. Although the protocols associ-
ated with the OSI model are not used any more, the model itself is actually quite
general and still valid, and the features discussed at each layer are still very im-
portant. The TCP/IP model has the opposite properties: the model itself is not of
much use but the protocols are widely used. For this reason we will look at both
of them in detail. Also, sometimes you can learn more from failures than from
successes.
1.4.1 The OSI Reference Model
The OSI model (minus the physical medium) is shown in Fig. 1-20. This
model is based on a proposal developed by the International Standards Organiza-
tion (ISO) as a first step toward international standardization of the protocols used
in the various layers (Day and Zimmermann, 1983). It was revised in 1995 (Day,
1995). The model is called the ISO OSI (Open Systems Interconnection) Ref-
erence Model because it deals with connecting open systems—that is, systems
that are open for communication with other systems. We will just call it the OSI
model for short.
The OSI model has seven layers. The principles that were applied to arrive at
the seven layers can be briefly summarized as follows:
1. A layer should be created where a different abstraction is needed.
2. Each layer should perform a well-defined function.
3. The function of each layer should be chosen with an eye toward
defining internationally standardized protocols.
Services ProtocolsLayer to Layer Peer to Peer
A set of operations A set of rules
(listen, connect,accept, receive,
send, disconnect)
(message format,message meanings)
27 /197
Layered Design ExampleTaking an airplane trip
source host to destination host in the Internet. But this is not quite the analogy weare after. We are looking for some structure in Figure 1.21. Looking at Figure 1.21,we note that there is a ticketing function at each end; there is also a baggage func-tion for already-ticketed passengers, and a gate function for already-ticketed andalready-baggage-checked passengers. For passengers who have made it through thegate (that is, passengers who are already ticketed, baggage-checked, and through thegate), there is a takeoff and landing function, and while in flight, there is an airplane-routing function. This suggests that we can look at the functionality in Figure 1.21in a horizontal manner, as shown in Figure 1.22.
Figure 1.22 has divided the airline functionality into layers, providing a frame-work in which we can discuss airline travel. Note that each layer, combined with the
48 CHAPTER 1 • COMPUTER NETWORKS AND THE INTERNET
Ticket (purchase)
Baggage (check)
Gates (load)
Runway takeoff
Airplane routing Airplane routing Airplane routing
Ticket (complain)
Baggage (claim)
Gates (unload)
Runway landing
Airplane routing
Ticket
Baggage
Gate
Takeoff/Landing
Departure airport Intermediate air-trafficcontrol centers
Figure 1.22 � Horizontal layering of airline functionality
Ticket (purchase)
Baggage (check)
Gates (load)
Runway takeoff
Airplane routing
Ticket (complain)
Baggage (claim)
Gates (unload)
Runway landing
Airplane routing
Airplane routing
Figure 1.21 � Taking an airplane trip: actionsEach layer1. has some functions2. provides services to its upper layer
28 /197
32 INTRODUCTION CHAP. 1
I likerabbits
Location A
3
2
1
3
2
1
Location B
Message Philosopher
Translator
Secretary
Informationfor the remotetranslator
Informationfor the remotesecretary
L: Dutch
Ik vind
konijnen
leuk
Fax #---
L: Dutch
Ik vind
konijnen
leuk
J'aimebien leslapins
L: Dutch
Ik vind
konijnen
leuk
Fax #---
L: Dutch
Ik vind
konijnen
leuk
Figure 1-14. The philosopher-translator-secretary architecture.
units, packets, prepending a layer 3 header to each packet. In this example, M is
split into two parts, M 1 and M 2 , that will be transmitted separately.
Layer 3 decides which of the outgoing lines to use and passes the packets to
layer 2. Layer 2 adds to each piece not only a header but also a trailer, and gives
the resulting unit to layer 1 for physical transmission. At the receiving machine
the message moves upward, from layer to layer, with headers being stripped off as
it progresses. None of the headers for layers below n are passed up to layer n.
The important thing to understand about Fig. 1-15 is the relation between the
virtual and actual communication and the difference between protocols and inter-
faces. The peer processes in layer 4, for example, conceptually think of their
communication as being ‘‘horizontal,’’ using the layer 4 protocol. Each one is
likely to have procedures called something like SendToOtherSide and GetFrom-
OtherSide, even though these procedures actually communicate with lower layers
across the 3/4 interface, and not with the other side.
29 /197
Each protocol is completely independent of theother onesFor example
▶ The translators (L2) can switch from Dutch to Finnishwithout touching L1 or L3
▶ The secretaries (L1) can switch from email to telephonewithout disturbing (or even informing) the other layers
30 /197
TCP/IP OverviewBasic Structure
----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*------ |
| |ARP| | |
| ----- | |
| \ | |
| ------ |
| |ENET| |
| ---@-- |
----------|-----------------
|
----------------------o---------
Ethernet Cable
1. Where will an incoming Ethernetframe go?ARP: 0x0806IP: 0x0800
2. Where will an incoming IPpacket go?TCP: 0x06UDP: 0x11
3. Where will an incomingtransport message (UDPdatagram, TCP segment) go?
HTTP FTP SSH SMTP80 21/20 22 25
31 /197
The Name Of A Unit Of Data
Application MessageTCP SegmentUDP DatagramIP packet
Ethernet frame
+-------------+
| Application |
| message |
+-----------+-------------+
| Transport | Application |
| header | message |
+--------+-------------------------+
| IP | Transport |
| header | message |
+----------+----------------------------------+
| Ethernet | IP |
| header | packet |
+---------------------------------------------+
|<------------ Ethernet frame --------------->|
32 /197
Ethernet
1. Frame format?2. Address format?3. Broadcast address?4. CSMA/CD? (Please explain)
33 /197
Ethernet Frame
0 1 2 3
+--------+--------+--------+--------+
| Dst Address |
+--------+--------+--------+--------+
| Dst Address | Src Address |
+--------+--------+--------+--------+
| Src Address |
+--------+--------+--------+--------+
| Length/Type | MAC Data ... |
+--------+--------+--------+--------+
| MAC Data ... |
| (46 - 1500 bytes) |
+--------+--------+--------+--------+
| FCS |
+--------+--------+--------+--------+
34 /197
Ethernet References
J. Postel and J.K. Reynolds. Standard for thetransmission of IP datagrams over IEEE 802 networks.RFC 1042 (INTERNET STANDARD). Internet EngineeringTask Force, Feb. 1988.Wikipedia. Carrier sense multiple access with collisiondetection — Wikipedia, The Free Encyclopedia.[Online; accessed 11-March-2015]. 2015.Wikipedia. Ethernet frame — Wikipedia, The FreeEncyclopedia. [Online; accessed 25-March-2015].2015.Wikipedia. Ethernet — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.
35 /197
ARP
ARP Looking up the ARP table to find the destinationMAC address.
Example ARP tableIP address Ethernet address223.1.2.1 08-00-39-00-2F-C3223.1.2.3 08-00-5A-21-A7-22223.1.2.4 08-00-10-99-AC-54
36 /197
Where does the ARP table come from?
Example ARP RequestSender IP Address 223.1.2.1Sender Enet Address 08-00-39-00-2F-C3Target IP Address 223.1.2.2Target Enet Address FF-FF-FF-FF-FF-FF
Example ARP ResponseSender IP Address 223.1.2.2Sender Enet Address 08-00-28-00-38-A9Target IP Address 223.1.2.1Target Enet Address 08-00-39-00-2F-C3
37 /197
The updated tableIP address Ethernet address223.1.2.1 08-00-39-00-2F-C3223.1.2.2 08-00-28-00-38-A9223.1.2.3 08-00-5A-21-A7-22223.1.2.4 08-00-10-99-AC-54
38 /197
ARP References
D. Plummer. Ethernet Address Resolution Protocol: OrConverting Network Protocol Addresses to 48.bitEthernet Address for Transmission on EthernetHardware. RFC 826 (INTERNET STANDARD). Updatedby RFCs 5227, 5494. Internet Engineering Task Force,Nov. 1982.Wikipedia. Address Resolution Protocol — Wikipedia,The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.
39 /197
IPRouter
----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*------ |
| |ARP| | |
| ----- | |
| \ | |
| ------ |
| |ENET| |
| ---@-- |
----------|-----------------
|
----------------------o---------
Ethernet Cable
----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*----*- ----- |
| |ARP| | | |ARP| |
| ----- | | ----- |
| \ | | / |
| ------ ------ |
| |ENET| |ENET| |
| ---@-- ---@-- |
----------|-------|---------
| |
| ---o--------------
| Ethernet Cable 2
---------------o---
Ethernet Cable 1
Routing Find a route in the route table.
40 /197
Direct Routing—IP is overhead
A B C
| | |
--o------o------o--
Ethernet 1
IP network "development"
Addresses in an Ethernet frame for an IP packetfrom A to B
address source destinationIP header A BEthernet header A B
41 /197
Indirect Routing
A B C ----D---- E F G
| | | | | | | | |
--o------o------o------o- | -o------o------o------o--
Ethernet 1 | Ethernet 2
IP network "development" | IP network "accounting"
|
|
| H I J
| | | |
--o-----o------o------o--
Ethernet 3
IP network "factory"
----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*----*- ----- |
| |ARP| | | |ARP| |
| ----- | | ----- |
| \ | | / |
| ------ ------ |
| |ENET| |ENET| |
| ---@-- ---@-- |
----------|-------|---------
| |
| ---o--------------
| Ethernet Cable 2
---------------o---
Ethernet Cable 1
42 /197
Addresses in an Ethernet frame for an IP packetfrom A to E (before D)
address source destinationIP header A EEthernet header A D
Addresses in an Ethernet frame for an IP packetfrom A to E (after D)
address source destinationIP header A EEthernet header D E
A B C ----D---- E F G
| | | | | | | | |
--o------o------o------o- | -o------o------o------o--
Ethernet 1 | Ethernet 2
IP network "development" | IP network "accounting"
|
|
| H I J
| | | |
--o-----o------o------o--
Ethernet 3
IP network "factory"
43 /197
IP Module Routing Rules
1. For an outgoing IP packet, entering IP from an upperlayer, IP must decide
▶ whether to send the IP packet directly or indirectly, and▶ IP must choose a lower network interface.
These choices are made by consulting the route table.2. For an incoming IP packet, entering IP from a lowerinterface, IP must decide
▶ whether to forward the IP packet or pass it to an upperlayer.
▶ If the IP packet is being forwarded, it is treated as anoutgoing IP packet.
3. When an incoming IP packet arrives it is never forwardedback out through the same network interface.
----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*----*- ----- |
| |ARP| | | |ARP| |
| ----- | | ----- |
| \ | | / |
| ------ ------ |
| |ENET| |ENET| |
| ---@-- ---@-- |
----------|-------|---------
| |
| ---o--------------
| Ethernet Cable 2
---------------o---
Ethernet Cable 1 44 /197
IP Address
Address classes+-+------------+--------------+--------------+--------------+
A: |0| NET <-7-> | LOCAL ADDRESS <-24-> |
+-+------------+--------------+--------------+--------------+
+---+----------+--------------+--------------+--------------+
B: |1 0| NET <-14-> | LOCAL ADDRESS <-16-> |
+---+----------+--------------+--------------+--------------+
+-----+--------+--------------+--------------+--------------+
C: |1 1 0| NET <-21-> | LOCAL ADDRESS|
+-----+--------+--------------+--------------+--------------+
+-----+--------+--------------+--------------+--------------+
D: |1 1 1| Reserved |
+-----+--------+--------------+--------------+--------------+
45 /197
Special IP Addresses
▶ A value of zero in the network field means this network.(source only)
▶ A value of zero in the host field means network address.▶ 127.x.x.x are loopback address.▶ 255.255.255.255 is boardcast address.▶ Private address:
▶ 10.x.x.x▶ 172.16.x.x∼172.31.x.x▶ 192.168.x.x
▶ CIDR—Classless Inter-Domain Routing—An IP addressingscheme that replaces the older system based on classesA, B and C.
46 /197
Names
People refer to computers by names, not numbers.
/etc/hosts127.0.0.1 localhost202.203.132.245 cs3.swfc.edu.cn cs3
/etc/networkslocalnet 202.203.132.192
47 /197
IP Route Table
Example IP Route Tablewx672@cisd-ftp:~$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
localnet * 255.255.255.192 U 0 0 0 eth0
192.168.128.0 * 255.255.252.0 U 0 0 0 eth0
default 202.203.132.254 0.0.0.0 UG 0 0 0 eth0
∼$ man route
48 /197
Direct Routing Details
223.1.2.1 223.1.2.2
--------- ---------
| alpha | | beta |
| 1 | | 1 |
--------- ---------
| |
--------o---------------o-
Ethernet 1
IP network "development"
223.1.2.0
The route table inside alpha (simplified)network flag router interfacedevelopment direct 1
49 /197
Direct Scenario
Alpha is sending an IP packet to beta...Please describe.
50 /197
Indirect Routing Details223.1.4.1
223.1.3.1
223.1.2.1 223.1.2.4 223.1.3.2
--------- --------- ---------
| alpha | | delta | |epsilon|
| 1 | |1 2 3| | 1 |
--------- --------- ---------
| | | | |
--------o---------------o- | -o----------------o--------
Ethernet 1 | Ethernet 2
IP network "Development" | IP network "accounting"
223.1.2 | 223.1.3
|
| --------
| | iota |
| | 1 | 223.1.4.2
| --------
| |
--o--------o--------
Ethernet 3
IP network "factory"
223.1.4
----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*----*- ----- |
| |ARP| | | |ARP| |
| ----- | | ----- |
| \ | | / |
| ------ ------ |
| |ENET| |ENET| |
| ---@-- ---@-- |
----------|-------|---------
| |
| ---o--------------
| Ethernet Cable 2
---------------o---
Ethernet Cable 1
51 /197
Indirect Routing Details
The route table inside alphanetwork flag router interface223.1.2 direct 1223.1.3 indirect 223.1.2.4 1223.1.4 indirect 223.1.2.4 1
The route table inside deltanetwork flag router interface223.1.2 direct 1223.1.3 direct 3223.1.4 direct 2
52 /197
Indirect Scenario
Alpha is sending an IP packet to epsilon...Please describe.
223.1.4.1
223.1.3.1
223.1.2.1 223.1.2.4 223.1.3.2
--------- --------- ---------
| alpha | | delta | |epsilon|
| 1 | |1 2 3| | 1 |
--------- --------- ---------
| | | | |
--------o---------------o- | -o----------------o--------
Ethernet 1 | Ethernet 2
IP network "Development" | IP network "accounting"
223.1.2 | 223.1.3
|
| --------
| | iota |
| | 1 | 223.1.4.2
| --------
| |
--o--------o--------
Ethernet 3
IP network "factory"
223.1.4
----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*----*- ----- |
| |ARP| | | |ARP| |
| ----- | | ----- |
| \ | | / |
| ------ ------ |
| |ENET| |ENET| |
| ---@-- ---@-- |
----------|-------|---------
| |
| ---o--------------
| Ethernet Cable 2
---------------o---
Ethernet Cable 1
53 /197
Managing The Routes
▶ Manually maintained by administrator▶ ICMP can report some routing problems▶ For larger networks, routing protocols are used.
54 /197
IP Packet
0 1 2 3
|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|
|Version| IHL |Type of Service| Total Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Identification |Flags| Fragment Offset |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Time to Live | Protocol | Header Checksum |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Destination Address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options (variable) | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
55 /197
IP References
J. Postel. Internet Protocol. RFC 791 (INTERNETSTANDARD). Updated by RFCs 1349, 2474, 6864.Internet Engineering Task Force, Sept. 1981.Wikipedia. Internet Protocol — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.Wikipedia. IP address — Wikipedia, The FreeEncyclopedia. [Online; accessed 13-March-2015].2015.Wikipedia. IPv4 header checksum — Wikipedia, TheFree Encyclopedia. [Online; accessed 20-March-2015].2015.
56 /197
Subnetting
57 /197
Why Subnetting?
▶ use of different physical media (such as Ethernet, FDDI,WAN, etc.)
▶ preservation of address space▶ security▶ The most common reason is to control network traffic
▶ In an Ethernet, there are collisions and the resultingretransmissions.
58 /197
+-----------------------+----------------------+
| Network Prefix | Host Number |
+-----------------------+----------------------+
+--------------------------------+-------------+
| Network Prefix | Subnet | Host Number |
+--------------------------------+-------------+
Subnet mask is a bitmask used to identify the network andnode parts of the address.
Default Subnet MasksClass A 255.0.0.0 11111111.0.0.0Class B 255.255.0.0 11111111.11111111.0.0Class C 255.255.255.0 11111111.11111111.11111111.0
59 /197
2n − 2
Example
IP address:11001010.11001011.10000100.11110001 202.203.132.241
Subnet mask:11111111.11111111.11111111.11000000 255.255.255.192
▶ There are 22 − 2 = 2 subnets▶ Each subnet has 26 − 2 = 62 nodes▶ Subtract 2? All “0”s and all “1”s. (this is the old story)
60 /197
Subnet Calculator
subnetcalc — a free IP subnet calculatorTry:
∼$ subnetcalc 202.203.132.244/26
61 /197
Subnetting ReferencesT. Pummill and B. Manning. Variable Length SubnetTable For IPv4. RFC 1878 (Historic). InternetEngineering Task Force, Dec. 1995.Y. Rekhter et al. Address Allocation for PrivateInternets. RFC 1918 (Best Current Practice). Updatedby RFC 6761. Internet Engineering Task Force, Feb.1996.Wikipedia. IPv4 subnetting reference — Wikipedia, TheFree Encyclopedia. [Online; accessed 25-March-2015].2015.Wikipedia. Private network — Wikipedia, The FreeEncyclopedia. [Online; accessed 25-March-2015].2015.Wikipedia. Subnetwork — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.
62 /197
CIDR
63 /197
CIDR—Classless Inter-Domain Routing
CIDR An IP addressing scheme that replaces the oldersystem based on classes A, B and C.
64 /197
Why CIDR?
With a new network being connected to the Internet every 30minutes the Internet was faced with two critical problems:
▶ Running out of IP addresses▶ Running out of capacity in the global routing tables
65 /197
Running out of IP addressesUsing the old addressing scheme, the Internet could support:
▶ 126 Class A networks that could include up to16,777,214 hosts each
▶ Plus 65,000 Class B networks that could include up to65,534 hosts each
▶ Plus over 2 million Class C networks that could includeup to 254 hosts each
only 3% of the assigned addresses were actually being used.
66 /197
Global Routing Tables At Capacity▶ As the number of networks on the Internet increased, sodid the number of routes.
▶ A few years back it was forecasted that the globalbackbone Internet routers were fast approaching theirlimit on the number of routes they could support.
▶ Even using the latest router technology, the maximumtheoretical routing table size is approximately 60,000routing table entries.
▶ If nothing was done the global routing tables would havereached capacity by mid-1994 and all Internet growthwould be halted.
67 /197
How Were These Problems Solved?Two solutions were developed and adopted by the globalInternet community:
▶ Restructuring IP address assignments to increaseefficiency
▶ Hierarchical routing aggregation to minimize route tableentries
68 /197
Restructuring IP Address AssignmentsInstead of being limited to network identifiers (or ”prefixes”)of 8, 16 or 24 bits, CIDR currently uses prefixes anywherefrom 13 to 27 bits.
/27 1/8 of a Class C 32 hosts/26 1/4 of a Class C 64 hosts/25 1/2 of a Class C 128 hosts/24 1 Class C 256 hosts/16 256 Class C 65,536 hosts
(= 1 Class B)/13 2,408 Class C 524,288 hosts
69 /197
Hierarchical Routing Aggregation To MinimizeRouting Table EntriesRoute Aggregation a single high-level route entry can
represent many lower-level routes in the globalrouting tables. Similar to the telephone network.
70 /197
User Impacts▶ The Internet is currently a mixture of both ”CIDR-ized”addresses and old Class A, B and C addresses.
▶ Almost all new routers support CIDR and the Internetauthorities strongly encourage all users to implementthe CIDR addressing scheme.
71 /197
CIDR References
V. Fuller and T. Li. Classless Inter-domain Routing(CIDR): The Internet Address Assignment andAggregation Plan. RFC 4632 (Best Current Practice).Internet Engineering Task Force, Aug. 2006.Wikipedia. Classless Inter-Domain Routing —Wikipedia, The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.
72 /197
IPv6
73 /197
Why IPv6?
No enough addresses!Kidding? We have:
▶ 232 address space▶ NAT▶ CIDR
No kidding. All gone.▶ IANA: 31 January 2011▶ Asia-Pacific: 15 April 2011▶ Europe: 14 September 2012▶ Latin America: 10 June 2014
So, we need a larger address space (2128)
0
20
40
60
80
100
120
140
160
1996 1998 2000 2002 2004 2006 2008 2010 2012 2014
/8
Date
Free /8
IANARIR pool + IANA
74 /197
Why such a high number of bits?For a larger address space
▶ Think about mobile phones, cars (inside devices),toasters, refrigerators, light switches, and so on…
Why not higher?▶ More bits à bigger header à more overhead▶ max MTU on Ethernet is 1500 octets
min MTU header length overhead(octets) (octets)
IPv4 576 20-60 3.4%IPv6 1280 40 3.8%
75 /197
Why not IPv5?4: is already used for IPv45: is reserved for the Stream Protocol (STP, RFC 1819 /Internet Stream Protocol Version 2) (which never reallymade it to the public)
6: The next free number. Hence IPv6 was born!
76 /197
More than a larger address space (2128)▶ Simplified header makes routing faster▶ End-to-end connectivity▶ Auto-configuration▶ No broadcast▶ Anycast▶ Mobility — same IP address everywhere▶ Network-layer security▶ Extensibility▶ and more ...
77 /197
IPv6 Header0 1 2 3
|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|
|Version| Traffic Class | Flow Label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Payload Length | Next Header | Hop Limit |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Source Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| |
+ +
| |
+ Destination Address +
| |
+ +
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
78 /197
IPv6 Extension Header+---------------+------------------------
| IPv6 header |
| | TCP header + data
| Next Header = |
| TCP |
+---------------+------------------------
+---------------+----------------+------------------------
| IPv6 header | Routing header |
| | | TCP header + data
| Next Header = | Next Header = |
| Routing | TCP |
+---------------+----------------+------------------------
+---------------+----------------+-----------------+-----------------
| IPv6 header | Routing header | Fragment header |
| | | | fragment of TCP
| Next Header = | Next Header = | Next Header = | header + data
| Routing | Fragment | TCP |
+---------------+----------------+-----------------+-----------------
79 /197
IPv6 Addresses
A real life address3ffe:ffff:0100:f101:0210:a4ff:fee3:9566
à 3ffe:ffff:100:f101:210:a4ff:fee3:9566
More simplifications3ffe:ffff:100:f101:0:0:0:1
à 3ffe:ffff:100:f101::1
The biggest simplificationIPv6 localhost address
0000:0000:0000:0000:0000:0000:0000:0001 à ::1
80 /197
Address typesGlobal unicast addresses begin with [23]xxx
e.g. 2001:db8:85a3::8a2e:370:7334
Unique local addresses begin with fc00::/7e.g. fdf8:f53b:82e4::53
▶ similiar to private IPs in IPv4Link local addresses begin with fe80::/64
e.g. fe80::62d8:19ff:fece:44f6/64▶ similiar to 169.254.0.0/16
Localhost address ::1▶ Similiar to IPv4 with its “127.0.0.1”
Multicast addresses begin with ffxy::/8e.g. ff01::2
Unspecified address ::▶ Like “any” or “0.0.0.0” in IPv4
Link local
Uniquelocal
Globalunicast
81 /197
Anycast addresses
Unicast Multicast Broadcast Anycast1-to-1 1-to-n 1-to-all 1-to- 1n
Anycast▶ is assigned to more than one interface▶ a packet sent to an anycast address is routed to the”nearest” interface having that address
▶ is allocated from the unicast address space
82 /197
IPv6 ReferencesS. Deering and R. Hinden. Internet Protocol, Version 6(IPv6) Specification. RFC 2460 (Draft Standard).Updated by RFCs 5095, 5722, 5871, 6437, 6564, 6935,6946, 7045, 7112. Internet Engineering Task Force,Dec. 1998.R. Hinden and S. Deering. IP Version 6 AddressingArchitecture. RFC 4291 (Draft Standard). Updated byRFCs 5952, 6052, 7136, 7346, 7371. InternetEngineering Task Force, Feb. 2006.Wikipedia. IPv6 address — Wikipedia, The FreeEncyclopedia. [Online; accessed 13-March-2015].2015.Wikipedia. IPv6 packet — Wikipedia, The FreeEncyclopedia. [Online; accessed 15-March-2015].2015.Wikipedia. IPv6 — Wikipedia, The Free Encyclopedia.[Online; accessed 21-February-2015]. 2015.
83 /197
NAT & Packet Filtering
84 /197
Network Address Translation (NAT)
40.30.20.10
192.168.1.1
192.168.1.4
192.168.1.3
192.168.1.2
Internet12.13.14.15
Src IP Src Port NAT Router IP Port192.168.1.2 3456 12.13.14.15 1192.168.1.3 6789 12.13.14.15 2192.168.1.3 8910 12.13.14.15 3192.168.1.4 3750 12.13.14.15 4
85 /197
What’s A Packet Filter?
A packet filter is a piece of software which looks at the headerof packets as they pass through, and decides thefate of the entire packet. It might decide to
▶ DROP the packet (i.e., discard the packet as ifit had never received it),
▶ ACCEPT the packet (i.e., let the packet gothrough), or
▶ something more complicated.
86 /197
Packet Filter Under Linux
iptables talks to the kernel and tells it what packets tofilter.
The iptables tool inserts/deletes rules from the kernel’spacket filtering table.
87 /197
Quick Start
Debian/Ubuntu users can do:stud@debian:~$ sudo apt-get install iptables
stud@debian:~$
stud@debian:~$ sudo iptables -A INPUT -s 147.8.212.123 -p all -j DROP
stud@debian:~$
stud@debian:~$ sudo iptables -D INPUT -s 147.8.212.123 -p all -j DROP
stud@debian:~$
stud@debian:~$ man iptables
stud@debian:~$
stud@debian:~$ google-chrome http://www.netfilter.org/documentation/
stud@debian:~$
88 /197
Terminology
Filter table is in the kernel, contains chains.Chains a.k.a. firewall chains, are lists of filtering rules.
The three kernel built-in chains are called INPUT,OUTPUT, and FORWARD.
Rules Each rule says:if the packet header looks like this
then here’s what to do with the packet
89 /197
How Chains Work?
FORWARDRoutingDecision
INPUT
Local Process
OUTPUT
Local Process
Incoming Outgoing
90 /197
Using iptablesTo manage whole chains:1. Create a new chain (-N).2. Delete an empty chain (-X).3. Change the policy for a built-in chain. (-P).4. List the rules in a chain (-L).5. Flush the rules out of a chain (-F).6. Zero the packet and byte counters on all rules in a chain(-Z).
To manipulate rules inside a chain:1. Append a new rule to a chain (-A).2. Insert a new rule at some position in a chain (-I).3. Replace a rule at some position in a chain (-R).4. Delete a rule at some position in a chain, or the first thatmatches (-D).
91 /197
Examples
stud@debian:~$ ping -c 1 127.0.0.1stud@debian:~$stud@debian:~$ sudo iptables -A INPUT -s 127.0.0.1 -p icmp -j DROPstud@debian:~$stud@debian:~$ ping -c 1 127.0.0.1stud@debian:~$stud@debian:~$ sudo iptables -D INPUT -s 127.0.0.1 -p icmp -j DROPstud@debian:~$stud@debian:~$ sudo iptables -A INPUT -s ! 127.0.0.1 -p all -j DROPstud@debian:~$stud@debian:~$ sudo iptables -A INPUT -s 192.168.1.0/24 -p all -j DROPstud@debian:~$
92 /197
More Examples
~$ # Syn-flood protection:~$ sudo iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT~$~$ # Furtive port scanner:~$ sudo iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT~$~$ # Ping of death:~$ sudo iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT~$
93 /197
Networking Devices
94 /197
+-------------+
| |
| |
| Application |
| |
| |
+-------------+
| Transport |
+-------------+
| Network | Routers
+-------------+
| Data Link | Bridges/Switches
+-------------+
| Physical | Repeaters/Hubs
+-------------+
95 /197
Repeater, Hub
Repeater connects network segments at the physicallayer.
Hub a multi-port repeater
▶ simple, cheap▶ Repeaters/Hubs do NOT isolate collision domains.▶ 100m maximum
96 /197
Bridge, Switch
Bridge connects multiple network segments at the datalink layer (layer 2)
Switch a multi-port bridge
Transparent bridgingUses a forwarding database to send frames across networksegments
▶ Learning▶ Flooding▶ Forwarding▶ Filtering▶ Aging
97 /197
Redundancy Eliminating the single point of failure
A
CB
Seg
men
t A
Segment B
Segment C
98 /197
Broadcast storm Resulting in potentially severe networkcongestion
A
CB
Seg
men
t A
Segment B
Segment CNode B
Node A
99 /197
Spanning Tree Protocol (STP) is a network protocol thatensures a loop-free topology for any bridgedEthernet local area network.
100 /197
Router
Router connects two or more logicalsubnets at the network layer(layer 3)
Routing is to find a route in the routetable
----------------------------
| network applications |
| |
|... \ | / .. \ | / ...|
| ----- ----- |
| |TCP| |UDP| |
| ----- ----- |
| \ / |
| -------- |
| | IP | |
| ----- -*----*- ----- |
| |ARP| | | |ARP| |
| ----- | | ----- |
| \ | | / |
| ------ ------ |
| |ENET| |ENET| |
| ---@-- ---@-- |
----------|-------|---------
| |
| ---o--------------
| Ethernet Cable 2
---------------o---
Ethernet Cable 1
101 /197
Bridging vs. RoutingBridging Routing
L2 L3MAC addr.(local) IP addr.(global)
intranet internetForwarding DB Routing table
relearn, flooding more efficient
▶ to put multiple segments into one bridged network, or▶ to divide it into different networks interconnected byrouters
102 /197
More About Networking Devices
Wikipedia. LAN switching — Wikipedia, The FreeEncyclopedia. [Online; accessed 23-March-2015].2015.Wikipedia. Network switch — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.Wikipedia. Router (computing) — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.Wikipedia. Routing table — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.
103 /197
% vs. )Circuit switching© guaranteedperformance
© fast transfers (oncecircuit is established)
§ wastes bandwidth iftraffic is “bursty”
§ connection setup addsdelay
§ recovery from failure isslow
Packet switching§ no guaranteedperformance
§ header overhead perpacket
§ queues and queuingdelay
© efficient use ofbandwidth
© no connection setup© can “route aroundtrouble”
105 /197
IP: host àà hostTCP/UDP: process àà process
IP provides unreliable serviceBest-effort delivery service doesn’t guarantee? segment delivery? orderly delivery of segments? the integrity of the data in the segments
TCP provides reliable data transferReliable means correctly and orderly.
4 correctness — acknowledgement, checksum4 order — sequence numbers4 packet lost — timers4 flow control — sliding window4 congestion control
106 /197
A TCP Connection
wx672@cs3:~$ netstat -at | grep http | grep ESTAB
tcp 0 0 cs3.swfu.edu.cn:http 220.163.96.3:47179 ESTABLISHEDaddress port address port
socket socket
a pair of sockets form a TCP connection
Port numbersport range 0 ∼ 65535well-known ports 0 ∼ 1023
FTP 20/21 SSH 22 Telnet 23SMTP 25 DNS 53 DHCP 67/68HTTP 80 POP3 110 HTTPS 443IMAP4 143
107 /197
TCP Header
0 1 2 3
|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|
| Source Port | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | | | |N|C|E|U|A|P|R|S|F| |
| Offset|0|0|0| |W|C|R|C|S|S|Y|I| Window |
| | | | |S|R|E|G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
108 /197
Establishing a TCP ConnectionSEC. 6.5 THE INTERNET TRANSPORT PROTOCOLS: TCP 561
Tim
e
Host 1 Host 2
SYN (SEQ = y, ACK = x + 1)
SYN (SEQ = x)
(SEQ = x + 1, ACK = y + 1)
Host 1 Host 2
SYN (SEQ = y, ACK = x + 1)
SYN (SEQ = x)
SYN (SEQ = y)
SYN (SEQ = x , ACK = y + 1)
(a) (b)
Figure 6-37. (a) TCP connection establishment in the normal case. (b) Simul-
taneous connection establishment on both sides.
In the event that two hosts simultaneously attempt to establish a connection
between the same two sockets, the sequence of events is as illustrated in Fig. 6-
37(b). The result of these events is that just one connection is established, not
two, because connections are identified by their end points. If the first setup re-
sults in a connection identified by (x, y) and the second one does too, only one
table entry is made, namely, for (x, y).
Recall that the initial sequence number chosen by each host should cycle
slowly, rather than be a constant such as 0. This rule is to protect against delayed
duplicate packets, as we discussed in Sec 6.2.2. Originally this was accomplished
with a clock-based scheme in which the clock ticked every 4 µsec.
However, a vulnerability with implementing the three-way handshake is that
the listening process must remember its sequence number as soon it responds with
its own SYN segment. This means that a malicious sender can tie up resources on
a host by sending a stream of SYN segments and never following through to com-
plete the connection. This attack is called a SYN flood, and it crippled many
Web servers in the 1990s.
One way to defend against this attack is to use SYN cookies. Instead of
remembering the sequence number, a host chooses a cryptographically generated
sequence number, puts it on the outgoing segment, and forgets it. If the three-way
handshake completes, this sequence number (plus 1) will be returned to the host.
It can then regenerate the correct sequence number by running the same crypto-
graphic function, as long as the inputs to that function are known, for example, the
other host’s IP address and port, and a local secret. This procedure allows the host
to check that an acknowledged sequence number is correct without having to
109 /197
Closing a TCP Connection
110 /197
tcpdump output∼$ tcpdump -S -i lo12:47:09.106903 IP localhost.37831 > localhost.3333:
Flags [S], seq 2485057335, win 32792, ..., length 0
12:47:09.106923 IP localhost.3333 > localhost.37831:
Flags [S.], seq 2476477986, ack 2485057336, win 32768, ..., length 0
12:47:09.106936 IP localhost.37831 > localhost.3333:
Flags [.], ack 2476477987, win 257, ..., length 0
12:47:26.963149 IP localhost.37831 > localhost.3333:
Flags [F.], seq 2485057336, ack 2476477987, win 257, ..., length 0
12:47:26.963244 IP localhost.3333 > localhost.37831:
Flags [F.], seq 2476477987, ack 2485057337, win 256, ..., length 0
12:47:26.963264 IP localhost.37831 > localhost.3333:
Flags [.], ack 2476477988, win 257, ..., length 0
111 /197
State Transition DiagramCLOSED
LISTEN
SYN_RCVD SYN_SENT
ESTABLISHED
FIN_WAIT_1
CLOSE_WAIT
FIN_WAIT_2
CLOSING
TIME_WAIT
LAST_ACK
data transfer state
starting point
2MSL timeout
passive open
active open
simultaneous close
appl: passive open
send: <nothing> appl: active open
send: SYN
appl: send data
send: SYNrecv
: SYN;
send: S
YN, ACK
recv: R
ST
timeoutsend: RST
recv: SYN
send: SYN, ACKsimultaneous open
recv
: SYN
, ACK
send: A
CK
appl: closesend: FIN
recv: ACKsend: <nothing>
recv: FIN
send: ACK
recv: ACKsend: <nothing>
recv: FIN, A
CK
send: ACK
recv: ACK
send: <nothing>
appl:
close
send: F
IN
recv: FIN
send: ACK
recv: FIN
send: ACK
appl: closesend: FIN
appl: close
or timeout
recv: ACK
send: <nothing>
active close
passive close
normal transitions for clientnormal transitions for server
appl: state transitions taken when application issues operationrecv: state transitions taken when segment receivedsend: what is sent for this transition
TCP state transition diagram.
Reprinted from TCP/IP Illustrated, Volume 2: The Implementationby Gary R. Wright and W. Richard Stevens,
Copyright © 1995 by Addison-Wesley Publishing Company, Inc.
netstat
∼$ netstat -nta∼$ netstat -ntap∼$ netstat -ntape∼$ netstat -ntap | grep
ESTAB
∼$ netstat -nlp | grep :80∼$ netstat -nr∼$ netstat -ie∼$ man netstat
113 /197
Sliding Window
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
Send first 8 segments
Receive first 3 acknowledgements
Send next 3 segments
The sliding window serves several purposes:▶ it guarantees the reliable delivery of data▶ it ensures that the data is delivered in order▶ it enforces flow control between the sender and thereceiver.
114 /197
SEC. 6.5 THE INTERNET TRANSPORT PROTOCOLS: TCP 565
client’s acknowledgement shows up, the server releases the connection and
deletes the connection record.
6.5.8 TCP Sliding Window
As mentioned earlier, window management in TCP decouples the issues of
acknowledgement of the correct receipt of segments and receiver buffer alloca-
tion. For example, suppose the receiver has a 4096-byte buffer, as shown in
Fig. 6-40. If the sender transmits a 2048-byte segment that is correctly received,
the receiver will acknowledge the segment. However, since it now has only 2048
bytes of buffer space (until the application removes some data from the buffer), it
will advertise a window of 2048 starting at the next byte expected.
Applicationdoes a 2-KBwrite
Applicationdoes a 2-KBwrite
Applicationreads 2 KB
Sender isblocked
Sender maysend up to 2-KB
Receiver’sbuffer
0 4 KB
2 KB
2 KB
Empty
Full
2 KB SEQ = 0
2 KB SEQ = 2048
1 KB SEQ = 4096
ACK = 2048 WIN = 2048
ACK = 4096 WIN = 0
ACK = 4096 WIN = 2048
2 KB1 KB
Sender Receiver
Figure 6-40. Window management in TCP.
Now the sender transmits another 2048 bytes, which are acknowledged, but
the advertised window is of size 0. The sender must stop until the application
115 /197
116 /197
Packet Lost?Go-Back-N
these unnecessary retransmissions. Imagine, in our message-dictation scenario, thatif every time a word was garbled, the surrounding 1,000 words (for example, a win-dow size of 1,000 words) had to be repeated. The dictation would be slowed by allof the reiterated words.
As the name suggests, selective-repeat protocols avoid unnecessary retransmis-sions by having the sender retransmit only those packets that it suspects werereceived in error (that is, were lost or corrupted) at the receiver. This individual, as-needed, retransmission will require that the receiver individually acknowledge cor-rectly received packets. A window size of N will again be used to limit the number
224 CHAPTER 3 • TRANSPORT LAYER
Sender Receiver
send pkt0
send pkt1
send pkt2
send pkt3
(wait)
rcv ACK0
send pkt4
rcv ACK1
send pkt5
send pkt2
send pkt3
send pkt4
send pkt5
pkt2 timeout
rcv pkt0
send ACK0
rcv pkt1
send ACK1
rcv pkt3, discard
send ACK1
rcv pkt4, discard
send ACK1
rcv pkt5, discard
send ACK1
rcv pkt2, deliver
send ACK2
rcv pkt3, deliver
send ACK3
X(loss)
Figure 3.22 � Go-Back-N in operation
117 /197
ACK lost?
244 CHAPTER 3 • TRANSPORT LAYER
then the ACK is acknowledging one or more previously unacknowledged segments.Thus the sender updates its SendBase variable; it also restarts the timer if there cur-rently are any not-yet-acknowledged segments.
A Few Interesting Scenarios
We have just described a highly simplified version of how TCP provides reliabledata transfer. But even this highly simplified version has many subtleties. To get agood feeling for how this protocol works, let’s now walk through a few simplescenarios. Figure 3.34 depicts the first scenario, in which Host A sends one seg-ment to Host B. Suppose that this segment has sequence number 92 and contains 8bytes of data. After sending this segment, Host A waits for a segment from B withacknowledgment number 100. Although the segment from A is received at B, theacknowledgment from B to A gets lost. In this case, the timeout event occurs, andHost A retransmits the same segment. Of course, when Host B receives theretransmission, it observes from the sequence number that the segment containsdata that has already been received. Thus, TCP in Host B will discard the bytes inthe retransmitted segment.
Time Time
Host A Host B
Timeout
Seq=92, 8 bytes data
Seq=92, 8 bytes data
ACK=100
ACK=100
X(loss)
Figure 3.34 � Retransmission due to a lost acknowledgment
118 /197
246 CHAPTER 3 • TRANSPORT LAYER
Doubling the Timeout Interval
We now discuss a few modifications that most TCP implementations employ. Thefirst concerns the length of the timeout interval after a timer expiration. In this mod-ification, whenever the timeout event occurs, TCP retransmits the not-yet-acknowledged segment with the smallest sequence number, as described above. Buteach time TCP retransmits, it sets the next timeout interval to twice the previousvalue, rather than deriving it from the last EstimatedRTT and DevRTT (asdescribed in Section 3.5.3). For example, suppose TimeoutInterval associatedwith the oldest not yet acknowledged segment is .75 sec when the timer first expires.TCP will then retransmit this segment and set the new expiration time to 1.5 sec. Ifthe timer expires again 1.5 sec later, TCP will again retransmit this segment, nowsetting the expiration time to 3.0 sec. Thus the intervals grow exponentially aftereach retransmission. However, whenever the timer is started after either of the twoother events (that is, data received from application above, and ACK received), the
Time Time
Host A Host B
Seq=92 timeout interval
Seq=92, 8 bytes data
Seq=100, 20 bytes data
ACK=100
ACK=120
X(loss)
Figure 3.36 � A cumulative acknowledgment avoids retransmission of thefirst segment
Selective-repeat
of outstanding, unacknowledged packets in the pipeline. However, unlike GBN, thesender will have already received ACKs for some of the packets in the window.Figure 3.23 shows the SR sender’s view of the sequence number space. Figure 3.24details the various actions taken by the SR sender.
The SR receiver will acknowledge a correctly received packet whether or not itis in order. Out-of-order packets are buffered until any missing packets (that is,packets with lower sequence numbers) are received, at which point a batch of pack-ets can be delivered in order to the upper layer. Figure 3.25 itemizes the variousactions taken by the SR receiver. Figure 3.26 shows an example of SR operation inthe presence of lost packets. Note that in Figure 3.26, the receiver initially bufferspackets 3, 4, and 5, and delivers them together with packet 2 to the upper layer whenpacket 2 is finally received.
It is important to note that in Step 2 in Figure 3.25, the receiver reacknowledges(rather than ignores) already received packets with certain sequence numbers belowthe current window base. You should convince yourself that this reacknowledgmentis indeed needed. Given the sender and receiver sequence number spaces in Figure3.23, for example, if there is no ACK for packet send_base propagating from thereceiver to the sender, the sender will eventually retransmit packet send_base,even though it is clear (to us, not the sender!) that the receiver has already received
3.4 • PRINCIPLES OF RELIABLE DATA TRANSFER 225
send_base nextseqnum
Window sizeN
Key:
Key:
AlreadyACK’d
Sent, notyet ACK’d
Usable,not yet sent
Not usable
Out of order(buffered) butalready ACK’d
Expected, notyet received
Acceptable(withinwindow)
Not usable
a. Sender view of sequence numbers
b. Receiver view of sequence numbers
rcv_base
Window sizeN
Figure 3.23 � Selective-repeat (SR) sender and receiver views ofsequence-number space
120 /197
The lack of synchronization between sender and receiver windows has impor-tant consequences when we are faced with the reality of a finite range of sequencenumbers. Consider what could happen, for example, with a finite range of four packetsequence numbers, 0, 1, 2, 3, and a window size of three. Suppose packets 0 through2 are transmitted and correctly received and acknowledged at the receiver. At thispoint, the receiver’s window is over the fourth, fifth, and sixth packets, which havesequence numbers 3, 0, and 1, respectively. Now consider two scenarios. In the firstscenario, shown in Figure 3.27(a), the ACKs for the first three packets are lost and
pkt0 rcvd, delivered, ACK0 sent
0 1 2 3 4 5 6 7 8 9
pkt1 rcvd, delivered, ACK1 sent
0 1 2 3 4 5 6 7 8 9
pkt3 rcvd, buffered, ACK3 sent
0 1 2 3 4 5 6 7 8 9
pkt4 rcvd, buffered, ACK4 sent
0 1 2 3 4 5 6 7 8 9
pkt5 rcvd; buffered, ACK5 sent
0 1 2 3 4 5 6 7 8 9
pkt2 rcvd, pkt2,pkt3,pkt4,pkt5delivered, ACK2 sent
0 1 2 3 4 5 6 7 8 9
pkt0 sent
0 1 2 3 4 5 6 7 8 9
pkt1 sent
0 1 2 3 4 5 6 7 8 9
pkt2 sent
0 1 2 3 4 5 6 7 8 9
pkt3 sent, window full
0 1 2 3 4 5 6 7 8 9
ACK0 rcvd, pkt4 sent
0 1 2 3 4 5 6 7 8 9
ACK1 rcvd, pkt5 sent
0 1 2 3 4 5 6 7 8 9
pkt2 TIMEOUT, pkt2resent
0 1 2 3 4 5 6 7 8 9
ACK3 rcvd, nothing sent
0 1 2 3 4 5 6 7 8 9
X(loss)
Sender Receiver
Figure 3.26 � SR operation
3.4 • PRINCIPLES OF RELIABLE DATA TRANSFER 227
UDP Datagram
0 7 8 15 16 23 24 31+--------+--------+--------+--------+| Source | Destination || Port | Port |+--------+--------+--------+--------+| | || Length | Checksum |+--------+--------+--------+--------+|| data octets ...+---------------- ...
122 /197
TCP/UDP ReferencesJ. Postel. Transmission Control Protocol. RFC 793(INTERNET STANDARD). Updated by RFCs 1122, 3168,6093, 6528. Internet Engineering Task Force, Sept.1981.J. Postel. User Datagram Protocol. RFC 768 (INTERNETSTANDARD). Internet Engineering Task Force, Aug.1980.Wikipedia. Checksum — Wikipedia, The FreeEncyclopedia. [Online; accessed 24-February-2015].2015.Wikipedia. Transmission Control Protocol — Wikipedia,The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.Wikipedia. User Datagram Protocol — Wikipedia, TheFree Encyclopedia. [Online; accessed21-February-2015]. 2015.
123 /197
Socket Programming
124 /197
UDPClient.py I1 from socket import *2 serverName = 'hostname'3 serverPort = 120004 clientSocket = socket(AF_INET, SOCK_DGRAM)5 message = raw_input('Input lowercase sentence:')6 clientSocket.sendto(message,(serverName, serverPort))7 modifiedMessage, serverAddress = clientSocket.recvfrom(2048)8 print modifiedMessage9 clientSocket.close()
socket(AF_INET, SOCK_DGRAM)▶ AF_INET: using IPv4▶ SOCK_DGRAM: UDP socket▶ clientPort will be generated automatically
125 /197
UDPClient.py IIclientSocket.sendto(message,(serverName,serverPort))1. attaches both the destination address (serverName,
serverPort) and the source address (clientIP,clientPort) to the message
2. send the message
modifiedMessage, serverAddress =clientSocket.recvfrom(2048)1. puts the received message data into modifiedMessage2. puts the source address (IP, Port) into serverAddress
▶ 2048: buffer size
126 /197
UDPServer.py
1 from socket import *2 serverPort = 120003 serverSocket = socket(AF_INET, SOCK_DGRAM)4 serverSocket.bind(('', serverPort))5 print "The server is ready to receive"6 while 1:7 message, clientAddress = serverSocket.recvfrom(2048)8 modifiedMessage = message.upper()9 serverSocket.sendto(modifiedMessage, clientAddress)
serverSocket.bind(('', serverPort))▶ explicitly assigns 12000 to the server’s socket
127 /197
TCP SocketsTwo Sockets at the Server
into but also receives bytes from its socket; similarly, the server process not onlyreceives bytes from but also sends bytes into its connection socket.
We use the same simple client-server application to demonstrate socket program-ming with TCP: The client sends one line of data to the server, the server capitalizesthe line and sends it back to the client. Figure 2.30 highlights the main socket-relatedactivity of the client and server that communicate over the TCP transport service.
TCPClient.py
Here is the code for the client side of the application:
164 CHAPTER 2 • APPLICATION LAYER
Client process Server process
Clientsocket
Welcomingsocket
Three-way handshake
Connectionsocket
bytesbytes
Figure 2.29 � The TCPServer process has two sockets
from socket import *serverName = ’servername’serverPort = 12000clientSocket = socket(AF_INET, SOCK_STREAM)clientSocket.connect((serverName,serverPort))sentence = raw_input(‘Input lowercase sentence:’)clientSocket.send(sentence)modifiedSentence = clientSocket.recv(1024)print ‘From Server:’, modifiedSentenceclientSocket.close()
128 /197
TCPClient.py
1 from socket import *2 serverName = 'servername'3 serverPort = 120004 clientSocket = socket(AF_INET, SOCK_STREAM)5 clientSocket.connect((serverName,serverPort))6 sentence = raw_input('Input lowercase sentence:')7 clientSocket.send(sentence)8 modifiedSentence = clientSocket.recv(1024)9 print 'From Server:', modifiedSentence
10 clientSocket.close()
▶ SOCK_STREAM: TCP socket▶ connect(): initiate the TCP connection (3-way handshake)▶ send(): send out sentence through the client’s socket. Nodestination address needs to be specified
129 /197
TCPServer.py1 from socket import *2 serverPort = 120003 serverSocket = socket(AF_INET,SOCK_STREAM)4 serverSocket.bind(('',serverPort))5 serverSocket.listen(1)6 print 'The server is ready to receive'7 while 1:8 connectionSocket, addr = serverSocket.accept()9 sentence = connectionSocket.recv(1024)
10 capitalizedSentence = sentence.upper()11 connectionSocket.send(capitalizedSentence)12 connectionSocket.close()
▶ serverSocket: the welcoming socket▶ connectionSocket: a socket dedicated to this particularclient
▶ listen(backlog): the server listens for connectionrequests.
▶ backlog: how many non-accept()-ed connections areallowed to be queueing
▶ accept(): whenever a connection request coming,creates a new connectionSocket (handshaking is donehere)
130 /197
Socket References
B. Hall. Beej’s Guide to Network Programming: UsingInternet Sockets. 2012.Wikipedia. Network socket — Wikipedia, The FreeEncyclopedia. [Online; accessed 23-February-2015].2015.
131 /197
HTTP
133 /197
Apache HTTP Server
HTTP Request(URL + Verb)
HTTP Response(Status code + Message body)
134 /197
HTTP RequestURL
http://en.wikipedia.org/w/index.php?title=Hello&oldid=636846770
protocol
host
resource path
query
~$ curl -v cs2.swfu.edu.cn/index.html
* Connected to cs2.swfu.edu.cn (202.203.132.242) port 80
> GET /index.html HTTP/1.1
> User-Agent: curl/7.38.0
> Host: cs2.swfu.edu.cn
> Accept: */*
>
Request line
Empty line
}Header lines
VerbsGET POST PUT PATCHHEAD OPTIONS DELETE TRACE CONNECT
135 /197
HTTP Response< HTTP/1.1 200 OK
< Date: Thu, 15 Jan 2015 08:18:50 GMT
< Server: Apache/2.4.10 (Debian)
< Last-Modified: Tue, 02 Sep 2014 03:49:24 GMT
< ETag: "1fd-5020d015e5e4a"
< Accept-Ranges: bytes
< Content-Length: 509
< Vary: Accept-Encoding
< Content-Type: text/html
<
<html>
<head>
<title>Hello, world!</title>
</head>
<body>
<h1>Hello, world!</h1>
</body>
</html>
* Connection #0 to host cs2.swfu.edu.cn left intact
Status line
Header lines
Empty line
Data
136 /197
Status Codes
1xx Informational Messagese.g. 104 Connection Reset by Peer
2xx Successfule.g. 200 OK
3xx Redirectione.g. 301 Moved Permanently
4xx Client Errore.g. 404 Not Found
5xx Server Errore.g. 500 Internal Server Error
137 /197
HTTP Transaction
Non-persistent — separate TCP connection
DNS Lookup Connect Send Wait Load
DNS Server Web Server
DNSquery
IPaddress
SYN
SYN,ACK
ACK
HTTP
request HTTP
response
1 st
segment2 n
dsegment
PSH
ACK
3 rd
segmentHTTP_Continue
FIN
138 /197
Persistent — same TCP connection
DNS Lookup Connect Send Wait Load Send Wait Load
DNS Server Web Server
Request I Request II
DNSquery
IPaddress
SYN
SYN,ACK
ACK
HTTP
request HTTP
response
139 /197
Stateless Protocol
A HTTP server maintains no information about the clients.
Advantages▶ Simplifies server design▶ Save server resources (RAM...)▶ Serve more users
Disadvantages▶ Missing information
140 /197
Keeping User State With Cookies
eBay, since Susan has visited that site in the past. As Susan continues to browse theAmazon site, each time she requests a Web page, her browser consults her cookiefile, extracts her identification number for this site, and puts a cookie header linethat includes the identification number in the HTTP request. Specifically, each ofher HTTP requests to the Amazon server includes the header line:
Cookie: 1678
2.2 • THE WEB AND HTTP 109
Client host Server host
usual http request msg
usual http
response
Set-cookie
: 1678
usual http request msg
cookie: 1678
usual http
response
msg
usual http request msg
cookie: 1678
usual http
response
msg
Time
One week later
ebay: 8734
Server createsID 1678 for user
Time
Cookie file
Key:
amazon: 1678ebay: 8734
amazon: 1678ebay: 8734
Cookie-specificaction
access
access
entry in backenddatabase
Cookie-specificaction
Figure 2.10 � Keeping user state with cookies 141 /197
HTTP/2
Quoted from http://http2.github.io/faq/▶ is binary, instead of textual▶ is fully multiplexed, instead of ordered and blocking▶ can therefore use one connection for parallelism▶ uses header compression to reduce overhead▶ allows servers to “push”responses proactively into clientcaches
Feb 2015 (Planned) Publish HTTP/2 as an RFCTry it: chrome://flags/#enable-spdy4
142 /197
HTML
1 <html>2 <head>3 <title>Hello, world!</title>4 </head>5 <body>6 <H1>Hello, world!</H1>7 </body>8 </html>
143 /197
144 /197
HTTP References I
R. Fielding, Y. Lafon, and J. Reschke. Hypertext TransferProtocol (HTTP/1.1): Range Requests. RFC 7233(Proposed Standard). Internet Engineering Task Force,June 2014.R. Fielding, M. Nottingham, and J. Reschke. HypertextTransfer Protocol (HTTP/1.1): Caching. RFC 7234(Proposed Standard). Internet Engineering Task Force,June 2014.R. Fielding and J. Reschke. Hypertext Transfer Protocol(HTTP/1.1): Authentication. RFC 7235 (ProposedStandard). Internet Engineering Task Force, June 2014.R. Fielding and J. Reschke. Hypertext Transfer Protocol(HTTP/1.1): Conditional Requests. RFC 7232 (ProposedStandard). Internet Engineering Task Force, June 2014.
145 /197
HTTP References II
R. Fielding and J. Reschke. Hypertext Transfer Protocol(HTTP/1.1): Message Syntax and Routing. RFC 7230(Proposed Standard). Internet Engineering Task Force,June 2014.R. Fielding and J. Reschke. Hypertext Transfer Protocol(HTTP/1.1): Semantics and Content. RFC 7231(Proposed Standard). Internet Engineering Task Force,June 2014.R. Fielding et al. Hypertext Transfer Protocol –HTTP/1.1. RFC 2616 (Draft Standard). Obsoleted byRFCs 7230, 7231, 7232, 7233, 7234, 7235, updated byRFCs 2817, 5785, 6266, 6585. Internet EngineeringTask Force, June 1999.Wikipedia. HTML — Wikipedia, The Free Encyclopedia.[Online; accessed 21-February-2015]. 2015.
146 /197
HTTP References III
Wikipedia. HTTP cookie — Wikipedia, The FreeEncyclopedia. [Online; accessed 22-February-2015].2015.Wikipedia. HTTP/2 — Wikipedia, The Free Encyclopedia.[Online; accessed 21-February-2015]. 2015.Wikipedia. Hypertext Transfer Protocol — Wikipedia,The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.Wikipedia. LAMP (software bundle) — Wikipedia, TheFree Encyclopedia. [Online; accessed21-February-2015]. 2015.Wikipedia. Stateless protocol — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.
147 /197
Domain Name System
148 /197
Names and Addresses
RFC 791, page 7:A name indicates what we seek.
An address indicates where it is.A route indicates how to get there.
▶ A name (hostname) can be assigned to any device thathas an IP address.
▶ The network software doesn’t require names, but they domake it easier for humans to use the network.
149 /197
$ ssh [email protected]
SSH
TCP
resolver
cs3.swfu.edu.cn
establish connectionwith IP address
cs3.swfu.edu.cn
202.203.132.245
▶ Resolver is normally part of the application▶ The TCP/IP protocols within the kernel know nothingabout the DNS
150 /197
Typical Configuration
Local Host | Foreign
|
+---------+ +----------+ | +--------+
| | user queries | |queries | | |
| User |-------------->| |---------|->|Foreign |
| Program | | Resolver | | | Name |
| |<--------------| |<--------|--| Server |
| | user responses| |responses| | |
+---------+ +----------+ | +--------+
| A |
cache additions | | references |
V | |
+----------+ |
| cache | |
+----------+ |
151 /197
The DNS Name Space Is Hierarchical
The domain hierarchy is similar to the UNIXfilesystem
in t mil n e t com e d u gov org u s u k cn jp d e .. .
google yale mit w h i t e h o u s e wikipedia com gov e d u n e t org .. .
mail calendar m a p s docs r e a d e r plus ocw swfc y n u k m u s t pku t s inghua .. .
lib jwc cs2 cs3 .. .
▶ Organizational: com, edu, gov, mil, net, org, int▶ Geographic: cn, us, uk, jp, de, etc.
152 /197
Translating Names Into Addresses
Two common ways:Host table The old way. /etc/hosts
DNS A distributed database system — Domain NameService (DNS)
153 /197
The Host Table
/etc/hosts127.0.0.1 localhost202.203.132.245 cs3.swfu.edu.cn cs3202.203.132.242 cs2.swfu.edu.cn cs2
It’s still widely used, because:▶ The important hosts on the local network
▶ In case DNS is not running▶ NIS host database▶ Local intranet
154 /197
All hosts connected to the Internet should useDNS
The old host table system is inadequate for theglobal Internet for two reasons:1. inability to scale2. lack of an automated update process.
Old storyPrior to adopting DNS, the Network Information Center (NIC)maintained a large table of Internet hosts called the NIC hosttable. Hosts included in the table were called registeredhosts, and the NIC placed hostnames and addresses into thisfile for all sites on the Internet.
155 /197
Domain Name System
▶ Scales well▶ Doesn’t rely on a single large table▶ Distributed database system that doesn’t bog down as thedatabase grows
DNS currently provides information on approximately16,000,000 hosts, while less than 10,000 are listed in thehost table.
▶ Guarantees that new host information will bedisseminated to the rest of the network as it is needed
156 /197
DNS softwares
DNSresolver
DNSserver
DNS query
DNS response
The resolver asks the questions.The name server answers the questions.
157 /197
With DNS, information is automaticallydisseminated, and only to those who areinterested.
▶ If a DNS server receives a request for information abouta host for which it has no information, it passes on therequest to an authoritative server.An authoritative server is any server responsible for
maintaining accurate information about thedomain being queried.
▶ When the authoritative server answers, the local serversaves (caches) the answer for future use.
▶ The next time the local server receives a request for thisinformation, it answers the request itself.
158 /197
Resource Records
What’s associated with a domain name?Type Meaning ValueA IP address of a host 32-bit integerNS Name Server Name of a server for this
domainMX Mail eXchange Priority, domain willing to
accept emailHINFO Host INFOrmation CPU and OS in ASCIICNAME Canonical NAME Domain namePTR PoinTeR Alias for an IP address
When a resolver gives a domain name to DNS, what it getsback are the resource records associated with that name.
159 /197
Resource Records Examplewx672@cs2:~$ host -a mirrors.ustc.edu.cn
Trying "mirrors.ustc.edu.cn"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4421
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 4
;; QUESTION SECTION:
;mirrors.ustc.edu.cn. IN ANY
;; ANSWER SECTION:
mirrors.ustc.edu.cn. 600 IN AAAA 2001:da8:d800:95::110
mirrors.ustc.edu.cn. 600 IN A 202.38.95.110
mirrors.ustc.edu.cn. 594 IN NS f1g1ns2.dnspod.net.
mirrors.ustc.edu.cn. 594 IN NS f1g1ns1.dnspod.net.
;; AUTHORITY SECTION:
mirrors.ustc.edu.cn. 594 IN NS f1g1ns1.dnspod.net.
mirrors.ustc.edu.cn. 594 IN NS f1g1ns2.dnspod.net.
;; ADDITIONAL SECTION:
f1g1ns1.dnspod.net. 33536 IN A 111.30.132.180
f1g1ns1.dnspod.net. 33536 IN A 113.108.80.138
f1g1ns2.dnspod.net. 33536 IN A 101.226.30.224
f1g1ns2.dnspod.net. 33536 IN A 112.90.82.194
Received 323 bytes from 202.203.132.100#53 in 6598 ms
160 /197
Recursive Query
flits.cs.vu.nl wants to know the IP address oflinda.cs.yale.edu
OriginatorVU CS
name serverYale
name serverYale CS
name serverEdu
name server
cs.vu.nl edu-server.net yale.edu cs.yale.eduflits.cs.vu.nl
1
8
2
7
3
6
4
5
Fig. 7-5. How a resolver looks up a remote name in eight steps.
161 /197
Non-recursive Query
The remote server tells the local server who to asknext
LocalDNS server
(dns.swfu.edu.cn)almond.nuts.com
Root DNS server(dns.edu.cn)
pack.plant.nuts.com
sale.plant.nuts.com
plant.nuts.com NS pack.plant.nuts.com
sale.plant.nuts.
com
nuts.comNS almond.n
uts.com
sale.plant.nuts.comsale.plant.nuts.com A 172.16.6.4
162 /197
DNS Message Format
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ DNS
| ID | message
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+
|QR| Opcode |AA|TC|RD|RA| Z | RCODE | | Header |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+
| QDCOUNT | | Question |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+
| ANCOUNT | | Answer |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+
| NSCOUNT | | Authority |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+
| ARCOUNT | | Additional |
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+
163 /197
wx672@debian:~$ host -a cs2.swfu.edu.cn
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22237
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cs2.swfu.edu.cn. IN ANY
;; ANSWER SECTION:
cs2.swfu.edu.cn. 3600 IN A 202.203.132.242
Received 49 bytes from 127.0.0.1#53 in 1161 ms
Flagsqr: Query-Response
0: query1: response
rd: Recursion Desiredra: Recursion Available
164 /197
tcpdump
wx672@debian:~$ host -a cs2.swfu.edu.cn
wx672@debian:~$ sudo tcpdump -i wlan0 -n port 53
09:30:29.860901 IP 192.168.1.109.34075 > 114.114.115.115.53:
34035+ ANY? cs2.swfu.edu.cn. (33)
09:30:29.979390 IP 114.114.115.115.53 > 192.168.1.109.34075:
34035 1/0/0 A 202.203.132.242 (49)
34035 – id+ – rd=1
ANY? – query type33/49 – UDP payload length1/0/0 – 1 answer RR; 0 authority RR; 0 additional RR.
A – IPv4 address
165 /197
Name Servers
The three main categories of name servers are:Primary server: gets its information from a disk file
▶ It has complete information about its domainand its response is always accurate.
Secondary server: obtains all the information from theprimary
▶ It’s a backup serverCaching-only server: it just remembers the answers to
previous lookups in case the same lookup isperformed again.
166 /197
DNS References
P.V. Mockapetris. Domain names - concepts andfacilities. RFC 1034 (INTERNET STANDARD). Updatedby RFCs 1101, 1183, 1348, 1876, 1982, 2065, 2181,2308, 2535, 4033, 4034, 4035, 4343, 4035, 4592,5936. Internet Engineering Task Force, Nov. 1987.P.V. Mockapetris. Domain names - implementation andspecification. RFC 1035 (INTERNET STANDARD).Updated by RFCs 1101, 1183, 1348, 1876, 1982, 1995,1996, 2065, 2136, 2181, 2137, 2308, 2535, 2673,2845, 3425, 3658, 4033, 4034, 4035, 4343, 5936,5966, 6604. Internet Engineering Task Force, Nov.1987.Wikipedia. Domain Name System — Wikipedia, TheFree Encyclopedia. [Online; accessed 23-April-2015].2015.
167 /197
Mail Services
168 /197
E-mail Protocols
Proprietary protocols:Microsoft: Outlook client ⇐⇒ Exchange server
IBM: Notes client ⇐⇒ Domino server
Open standards:SMTP: Simple Mail Transfer Protocol, RFC2821POP3: Post Office Protocol, RFC1939MIME: Multipurpose Internet Mail Extensions, RFC2045,
RFC2046, RFC2047, RFC2048, RFC2049IMAP4: Interactive Mail Access Protocol, RFC3501
169 /197
SMTP Transports A Mail Object
A Mail Object
a mailobject
a mailenve lope
mailc o n t e n t
an orig_addr
rcpt_addrs
.. .
h eade r s
body
orig-date
from
t o
.. .
170 /197
A Physical Mail
Immanuel Kant (Dr.)Konigsberg, PrussiaGerman
March 1, 2015
Dr. WhoeverDepartment of Unknown,University of Whatever,London, SE18 3ABUK
Dear Dr. Whoever,
As any dedicated reader can clearly see, the Ideal of practical reason is a rep-resentation of, as far as I know, the things in themselves; as I have shown else-where, the phenomena should only be used as a canon for our understanding.The paralogisms of practical reason are what first give rise to the architectonicof practical reason. As will easily be shown in the next section, reason wouldthereby be made to contradict, in view of these considerations, the Ideal of prac-tical reason, yet the manifold depends on the phenomena. Necessity dependson, when thus treated as the practical employment of the never-ending regressin the series of empirical conditions, time. Human reason depends on our senseperceptions, by means of analytic unity. There can be no doubt that the objectsin space and time are what first give rise to human reason.
Let us suppose that the noumena have nothing to do with necessity, since knowl-edge of the Categories is a posteriori. Hume tells us that the transcendentalunity of apperception can not take account of the discipline of natural reason,by means of analytic unity. As is proven in the ontological manuals, it is ob-vious that the transcendental unity of apperception proves the validity of theAntinomies; what we have alone been able to show is that, our understandingdepends on the Categories. It remains a mystery why the Ideal stands in needof reason. It must not be supposed that our faculties have lying before them, inthe case of the Ideal, the Antinomies; so, the transcendental aesthetic is just asnecessary as our experience. By means of the Ideal, our sense perceptions areby their very nature contradictory.
Yours sincerely,
Immanuel Kant
171 /197
The SMTP Basic Structure+------+ +------+ +------+
| User |<-->| | SMTP | |
+------+ | SMTP |Commands/Replies| SMTP |
+------+ |Client|<-------------->|Server| +------+
| File |<-->| | and Mail | |<-->| File |
|System| | | | | |System|
+------+ +------+ +------+ +------+
▶ TCP, port 25
172 /197
Unix File SystemROOT
bin boot dev etc home var
grub passwd staff stud mail
wx672 101152001
dir
file
101152001
173 /197
SMTP Commandswx672@cs3:~$ nc localhost 25
220 cs3.swfu.edu.cn ESMTP Exim 4.72 Sun, 16 Oct 2011 22:29:29 +0800
help
214-Commands supported:
214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
▶ More commands can be available, depending on yourSMTP server configuration.
174 /197
A Simple ProtocolA SMTP Session
wx672@debian:~$ nc cs3.swfc.edu.cn smtp
220 cs3.swfu.edu.cn ESMTP Exim 4.72
Sun, 16 Oct 2011 22:18:22 +0800
helo debian
250 cs3.swfc.edu.cn Hello debian [192.168.128.5]
mail from:<wx672@debian>
250 OK
rcpt to:<[email protected]>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
Hello, there!
.
250 OK id=1DMJra-0007IR-01
quit
221 cs3.swfc.edu.cn closing connection
wx672@debian:~$
175 /197
Post Office Protocol v3
POP2 port 109POP3 port 110
The POP protocols verify the user’slogin name and password, and movethe user’s mail from the server to theuser’s local mail reader.
A POP3 Session$ nc cs3 110
+OK Dovecot ready.
user wx672
+OK
pass topsecrete
+OK Logged in.
stat
+OK 3 459
retr 1
+OK 146 octets
The full text of message 1
dele 1
+OK message # 1 deleted
retr 2
+OK 155 octets
The full text of message 2
dele 2
+OK message # 2 deleted
retr 3
+OK 158 octets
The full text of message 3
dele 3
+OK message # 3 deleted
quit
+OK Logging out.
176 /197
IMAP — Internet Message Access Protocol
▶ port 143
Advantages over POP3▶ Both connected and disconnected modes of operation▶ Multiple clients can simultaneously connect to the samemailbox
▶ Access to MIME parts of messages and partial fetch▶ Message state information kept on the server▶ Multiple mailboxes on the server▶ Server-side searches▶ A built-in extension mechanism
177 /197
An IMAP session$ nc cs3 143
* OK Dovecot ready.
a001 login wx672 topsecrete
a001 OK Logged in.
a002 select inbox
* FLAGS (/Answered /Flagged /Deleted /Seen /Draft)
* OK [PERMANENTFLAGS (/Answered /Flagged /Deleted /Seen /Draft /*)] Flags permitted.
* 15 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1174505444] UIDs valid
* OK [UIDNEXT 184] Predicted next UID
a002 OK [READ-WRITE] Select completed.
a004 fetch 1 full
* 1 FETCH (FLAGS (/Seen) INTERNALDATE "16-Oct-2011 22:40:55 +0800" RFC822.SIZE 629 ENVELOPE ("Sun, 16 Oct 2011 22:40:19 +0800" NIL ((NIL NIL "stud" "debian")) ((NIL NIL "stud" "debian")) ((NIL NIL "stud" "debian")) NIL NIL NIL NIL "<[email protected]>") BODY ("text" "plain" ("charset" "us-ascii") NIL NIL "7bit" 55 4))
a004 OK Fetch completed.
a006 fetch 1 body[text]
* 1 FETCH (BODY[TEXT] 55
hello ,there!
)
a006 OK Fetch completed.
a007 logout
* BYE Logging out
a007 OK Logout completed.
178 /197
Disadvantages of IMAP▶ IMAP is a very heavy and complicated protocol▶ IMAP generally results in higher server loads than POP3▶ Server-side searches can potentially use lots of serverresources when searching massive mailboxes
179 /197
Multipurpose Internet Mail Extensions
▶ SMTP supports only 7-bit ASCII characters.▶ MIME standard defines mechanisms for emailing otherkinds of information, e.g.
▶ text in languages other than English,▶ files containing images, sounds, movies,▶ computer programs
▶ HTTP/MIME
180 /197
A Typical Mail HeaderReceived: from 20030704041 by cs2.swfc.edu.cn with local (Exim 4.50)
id 1GSusu-0001D0-NT
for [email protected]; Thu, 28 Sep 2006 20:21:00 +0800
Date: Thu, 28 Sep 2006 20:21:00 +0800
To: WANG Xiaolin <[email protected]>
Subject: ipv6
Message-ID: <[email protected]>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
User-Agent: Mutt/1.5.9i
From: [email protected]
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Rcpt-To: [email protected]
X-SA-Exim-Mail-From: [email protected]
X-SA-Exim-Scanned: No (on cs2.swfc.edu.cn); SAEximRunCond expanded to false
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on cs2.swfc.edu.cn
X-Spam-Level: *
X-Spam-Status: No, score=1.0 required=5.0 tests=ALL_TRUSTED,AWL,FROM_ALL_NUMS,
FROM_ENDS_IN_NUMS,FROM_STARTS_WITH_NUMS,NO_REAL_NAME autolearn=no
version=3.0.3
Status: RO
Content-Length: 240
Lines: 3
X-UID: 351
X-Keywords:
181 /197
Spam
Spam: ▶ Any kind of un-wanted email messages.▶ The action of sending such kinds ofmessages to usenet newsgroups, mailinglists, or any other individuals.
▶ by year 2000, 7% of Internet mails were spam;▶ by year 2004, 60% were spam.▶ Bill Gates receives nearly 4 million emails a day – most ofwhich are spam.
182 /197
How Spam Works?
1. Collecting Email Addresses (Sniffing, Web Registration,Mailing List and Newsgroup, etc.)
2. Open Relay — an SMTP server configured in such a waythat it allows anyone on the Internet to relay (i.e. send)email through it.
3. Open Proxy — a proxy which is misconfigured to allowaccess to anyone on the internet.
183 /197
Relayed Mail Scenariowx672@cs2:~$ nc wx672.3322.org smtp
220 wx672.3322.org ESMTP Exim 4.50
Tue, 03 Oct 2006 10:13:04 +0800
ehlo cs2.swfc.edu.cn
250-wx672.3322.org Hello cs2.swfc.edu.cn
[202.203.132.242]
250-SIZE 52428800
250-PIPELINING
250 HELP
mail from:<[email protected]>
250 OK
rcpt to:<@wx672.3322.org:[email protected]>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
Hello, this is a message to [email protected]
relayed by the smtp server at wx672.3322.org
.
250 OK id=1DSQRt-0000jC-T0
quit
221 wx672.3322.org closing connection
184 /197
Common Technologies Of Anti-Spams
▶ DNSBL — DNS-based Blackhole List▶ Bayesian Filtering:
P(spam|words) = P(words|spam)P(spam)
P(words)
▶ Greylisting — ”normal” MTAs should attempt retries ifgiven an appropriate temporary failure code for adelivery attempt.
185 /197
Mail References I
M. Crispin. INTERNET MESSAGE ACCESS PROTOCOL -VERSION 4rev1. RFC 3501 (Proposed Standard).Updated by RFCs 4466, 4469, 4551, 5032, 5182, 5738,6186, 6858. Internet Engineering Task Force, Mar.2003.N. Freed and N. Borenstein. Multipurpose Internet MailExtensions (MIME) Part One: Format of InternetMessage Bodies. RFC 2045 (Draft Standard). Updatedby RFCs 2184, 2231, 5335, 6532. Internet EngineeringTask Force, Nov. 1996.J. Klensin. Simple Mail Transfer Protocol. RFC 2821(Proposed Standard). Obsoleted by RFC 5321, updatedby RFC 5336. Internet Engineering Task Force, Apr.2001.
186 /197
Mail References IIJ. Myers and M. Rose. Post Office Protocol - Version 3.RFC 1939 (INTERNET STANDARD). Updated by RFCs1957, 2449, 6186. Internet Engineering Task Force,May 1996.Wikipedia. Internet Message Access Protocol —Wikipedia, The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.Wikipedia. MIME — Wikipedia, The Free Encyclopedia.[Online; accessed 21-February-2015]. 2015.Wikipedia. Post Office Protocol — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.Wikipedia. Simple Mail Transfer Protocol — Wikipedia,The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.
187 /197
FTP
188 /197
+-----------+
|+---------+|
|| User || +------+
||Interface|<--->| User |
|+----^----+| +------+
+--------+ | | |
|+------+| FTP Commands |+----V----+|
||Server|<---------------->| User ||
|| PI || FTP Replies || PI ||
|+--^---+| |+----^----+|
| | | | | |
+------+ |+--V---+| Data |+----V----+| +------+
| File |<--->|Server|<---------------->| User |<--->| File |
|System| || DTP || Connection || DTP || |System|
+------+ |+------+| |+---------+| +------+
+--------+ +-----------+
Server-FTP USER-FTP
189 /197
An Active FTP Session
Control sessionwx672@cs3:~$ nc cs2 ftp
220 (vsFTPd 2.0.5)
user wx672
331 Please specify the password.
pass secret
230 Login successful.
port 202,203,132,244,100,0
200 PORT command successful. Consider using PASV.
nlst
150 Here comes the directory listing.
226 Directory send OK.
quit
221 Goodbye.
To see FTP data session:▶ wx672@cs3:∼$ nc -l 25600
100× 256 + 0 = 25600
190 /197
A Passive FTP SessionControl session
wx672@cs3:~$ nc cs2 ftp
220 (vsFTPd 2.0.5)
user wx672
331 Please specify the password.
pass secret
230 Login successful.
pasv
227 Entering Passive Mode (202,203,132,242,36,5)
list
150 Here comes the directory listing.
quit
221 Goodbye.
To see FTP data session:▶ wx672@cs3:∼$ nc cs2 9221
36× 256 + 5 = 9221
191 /197
Active FTP vs. Passive FTP
In active mode: Server initiates data connection to client’sdata port.
In passive mode: Client initiates data connection to randomport specified by server.
192 /197
Why Passive Mode?
Active mode doesn’t work with firewall
192.168.1.340.30.20.10
FTP Commandport 192,168,1,3,100,0
Internet
12.13.14.15192.168.1.1
NAT Table Sourrc NAT Router IP:Port IP:Port192.168.1.3:8910 12.13.14.15:7
FTP
Ethernet
IP
TCP
Ethernet
IP
FTP
Ethernet
IP
TCPFTP Command
port 192,168,1,3,100,0IP Header
Src IP:192.168.1.3
FTP Commandport 192,168,1,3,100,0
IP HeaderSrc IP:12.13.14.15
FTP Command SYN 192,168,1,3,100,0
IP HeaderDst IP:192.168.1.3
FTP Active Mode
193 /197
FTP References
S. Bellovin. Firewall-Friendly FTP. RFC 1579(Informational). Internet Engineering Task Force, Feb.1994.J. Postel and J. Reynolds. File Transfer Protocol. RFC959 (INTERNET STANDARD). Updated by RFCs 2228,2640, 2773, 3659, 5797, 7151. Internet EngineeringTask Force, Oct. 1985.Wikipedia. File Transfer Protocol — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.
194 /197
Peer-to-Peer Applications
195 /197
BitTorrent
To determine which requests she responds to, BitTorrent uses a clever tradingalgorithm. The basic idea is that Alice gives priority to the neighbors that are cur-rently supplying her data at the highest rate. Specifically, for each of her neighbors,Alice continually measures the rate at which she receives bits and determines the fourpeers that are feeding her bits at the highest rate. She then reciprocates by sendingchunks to these same four peers. Every 10 seconds, she recalculates the rates and pos-sibly modifies the set of four peers. In BitTorrent lingo, these four peers are said tobe unchoked. Importantly, every 30 seconds, she also picks one additional neighborat random and sends it chunks. Let’s call the randomly chosen peer Bob. In BitTor-rent lingo, Bob is said to be optimistically unchoked. Because Alice is sending datato Bob, she may become one of Bob’s top four uploaders, in which case Bob wouldstart to send data to Alice. If the rate at which Bob sends data to Alice is high enough,Bob could then, in turn, become one of Alice’s top four uploaders. In other words,every 30 seconds, Alice will randomly choose a new trading partner and initiate trad-ing with that partner. If the two peers are satisfied with the trading, they will put eachother in their top four lists and continue trading with each other until one of the peersfinds a better partner. The effect is that peers capable of uploading at compatible ratestend to find each other. The random neighbor selection also allows new peers to get
150 CHAPTER 2 • APPLICATION LAYER
Tracker
Trading chunks
Peer
Obtainlist ofpeers
Alice
Figure 2.26 � File distribution with BitTorrent196 /197
P2P References
Bram Cohen. The BitTorrent Protocol Specification,Version 11031. Jan. 10, 2008.Wikipedia. BitTorrent — Wikipedia, The FreeEncyclopedia. [Online; accessed 22-February-2015].2015.
197 /197