network basics (slides)

199
A Very Brief Internet Tutorial (I) Introduction Wang Xiaolin April 30, 2015 [email protected] 1 / 197

Upload: xiaolin-wang

Post on 15-Jul-2015

68 views

Category:

Education


6 download

TRANSCRIPT

Page 1: Network Basics (slides)

A Very Brief Internet Tutorial (I)Introduction

Wang Xiaolin

April 30, 2015

) [email protected]

1 /197

Page 2: Network Basics (slides)

What’s A Computer Network?

2 /197

Page 3: Network Basics (slides)

The History of Internet

1836: Telegraph1858-1866: Transatlantic cable

1876: Telephone1957: USSR launches Sputnik

1962-1968: Packet-switching networks developed1969: Birth of Internet1971: People communicate over a network1972: Computers can connect more freely and

easily1973: Global Networking becomes a reality1974: Packets become mode of transfer1976: Networking comes to many1977: E-mail takes off, Internet becomes a reality1979: News Groups born1981: Things start to come together

3 /197

Page 4: Network Basics (slides)

1982: TCP/IP defines future communication1983: Internet gets bigger1984: Growth of Internet Continues1986: Power of Internet Realised1987: Commercialisation of Internet Born1989: Large growth in Internet1990: Expansion of Internet continues1991: Modernisation Begins1992: Multimedia changes the face of the Internet1993: The WWW Revolution truly begins1994: Commercialisation begins1995: Commercialisation continues apace1996: Microsoft enters

4 /197

Page 5: Network Basics (slides)

What’s The Internet?

What pops up in your mind if I say “Internet”?

For me, the answer is...

and...

TCP/IP

5 /197

Page 6: Network Basics (slides)

What’s The Internet?

What pops up in your mind if I say “Internet”?

For me, the answer is...

and...

TCP/IP

5 /197

Page 7: Network Basics (slides)

What’s The Internet?

What pops up in your mind if I say “Internet”?

For me, the answer is...

and...

TCP/IP

5 /197

Page 8: Network Basics (slides)

What’s The Internet?

▶ The network of networks.▶ Tech view: TCP/IP▶ App view:

6 /197

Page 9: Network Basics (slides)

PhilosophyTen things Google has found to be true

1. Focus on the user and all else will follow.2. It’s best to do one thing really, really well.3. Fast is better than slow.4. Democracy on the web works.5. You don’t need to be at your desk to need an answer.6. You can make money without doing evil.7. There’s always more information out there.8. The need for information crosses all borders.9. You can be serious without a suit.10. Great just isn’t good enough.

7 /197

Page 11: Network Basics (slides)

Products

9 /197

Page 13: Network Basics (slides)

Dangerous

11 /197

Page 14: Network Basics (slides)

Safe Surfing AdviceTake care of your identity and privacy

▶ Use a better browser, and keep it updated▶ Use a spam filter for emailing▶ Always use strong passwords▶ Don’t give away too much personal information on blogsand social networking sites

12 /197

Page 15: Network Basics (slides)

Safe Surfing AdviceProtect Your PC

▶ Get anti-virus software, anti-spyware software and afirewall

▶ Keep your computer up to date▶ Block spam emails▶ Use an up to date web browser▶ Make regular backups▶ Encrypt your wireless network

13 /197

Page 16: Network Basics (slides)

Safe Surfing AdviceAvoid online rip-offs

▶ When you’re shopping online, look for clear signs thatyou’re buying from a reputable company

▶ On an online auction site, learn how it works and learn topick good sellers

▶ Use safe ways to pay, such as PayPal or credit and debitcards

▶ Use your common sense to avoid scams – if it sounds toogood to be true, it probably is

14 /197

Page 17: Network Basics (slides)

Homework

1. get a gmail account2. recommend a good chrome extension to me via gmail3. in google plus, share an interesting post to me4. add your class timetable into google calendar, and thenshare your calendar to me

5. in youtube, find a video you like and share it to me

15 /197

Page 18: Network Basics (slides)

A Very Brief Internet Tutorial (II)How The Internet Works?

Wang Xiaolin

April 30, 2015

) [email protected]

16 /197

Page 19: Network Basics (slides)

Network Classification

▶ connection method: wired, wireless...▶ topology▶ scale▶ network architecture: c/s, p2p...

17 /197

Page 20: Network Basics (slides)

Network Classification

Connection methodWired:

Wireless:

18 /197

Page 21: Network Basics (slides)

Scale

PAN, LAN, CAN, MAN,WAN ...

19 /197

Page 22: Network Basics (slides)

Topology

Ring Mesh Star Fully Connected

BusTreeLine

20 /197

Page 23: Network Basics (slides)

Network Architecture

21 /197

Page 24: Network Basics (slides)

Basic Hardware Components

IP Router:

Link Bridge: Switch:

PHY NIC: Repeater: Hub:

22 /197

Page 25: Network Basics (slides)

TCP/IP----------------------------

| network applications |

| |

|... \ | / .. \ | / ...|

| ----- ----- |

| |TCP| |UDP| |

| ----- ----- |

| \ / |

| -------- |

| | IP | |

| ----- -*------ |

| |ARP| | |

| ----- | |

| \ | |

| ------ |

| |ENET| |

| ---@-- |

----------|-----------------

|

----------------------o---------

Ethernet Cable

23 /197

Page 26: Network Basics (slides)

What’s TCP/IP?A set of protocols designed for the InternetProtocol — a rule, a treaty, an agreement ...

message that is transmitted to, and received by, all students who are not sleeping).You raise your hand (transmitting an implicit message to the teacher). Your teacheracknowledges you with a smile, saying “Yes . . .” (a transmitted message encourag-ing you to ask your question—teachers love to be asked questions), and you then askyour question (that is, transmit your message to your teacher). Your teacher hearsyour question (receives your question message) and answers (transmits a reply toyou). Once again, we see that the transmission and receipt of messages, and a set ofconventional actions taken when these messages are sent and received, are at theheart of this question-and-answer protocol.

Network Protocols

A network protocol is similar to a human protocol, except that the entities exchang-ing messages and taking actions are hardware or software components of somedevice (for example, computer, smartphone, tablet, router, or other network-capable

8 CHAPTER 1 • COMPUTER NETWORKS AND THE INTERNET

GET http://www.awl.com/kurose-ross

TCP connection request

Time Time

TCP connection reply

<file>

Hi

Got the time?

Time Time

Hi

2:00

Figure 1.2 � A human protocol and a computer network protocol

24 /197

Page 27: Network Basics (slides)

TCP/IP Protocol Stack

Every networked computer has it inside+--------------+ +-------------+ +-------------+

| Application | | | | |

+--------------+ | | | |

| Presentation | | Application | | Application |

+--------------+ | | | |

| Session | | | | |

+--------------+ +-------------+ +-------------+

| Transport | | Transport | | Transport |

+--------------+ +-------------+ +-------------+

| Network | | Network | | Network |

+--------------+ +-------------+ +-------------+

| Data Link | | Network | | Data Link |

+--------------+ | Interface | +-------------+

| Physical | | | | Physical |

+--------------+ +-------------+ +-------------+

ISO/OSI RM TCP/IP My Favor

25 /197

Page 28: Network Basics (slides)

Layered Design

30 INTRODUCTION CHAP. 1

software processes, hardware devices, or even human beings. In other words, it is

the peers that communicate by using the protocol to talk to each other.

Layer 5

Layer 4

Layer 3

Layer 2

Layer 1

Host 1

Layer 4/5 interface

Layer 3/4 interface

Layer 2/3 interface

Layer 1/2 interface

Layer 5 protocolLayer 5

Layer 4

Layer 3

Layer 2

Layer 1

Host 2

Layer 4 protocol

Layer 3 protocol

Layer 2 protocol

Layer 1 protocol

Physical medium

Figure 1-13. Layers, protocols, and interfaces.

In reality, no data are directly transferred from layer n on one machine to

layer n on another machine. Instead, each layer passes data and control infor-

mation to the layer immediately below it, until the lowest layer is reached. Below

layer 1 is the physical medium through which actual communication occurs. In

Fig. 1-13, virtual communication is shown by dotted lines and physical communi-

cation by solid lines.

Between each pair of adjacent layers is an interface. The interface defines

which primitive operations and services the lower layer makes available to the

upper one. When network designers decide how many layers to include in a net-

work and what each one should do, one of the most important considerations is

defining clean interfaces between the layers. Doing so, in turn, requires that each

layer perform a specific collection of well-understood functions. In addition to

minimizing the amount of information that must be passed between layers, clear-

cut interfaces also make it simpler to replace one layer with a completely different

protocol or implementation (e.g., replacing all the telephone lines by satellite

channels) because all that is required of the new protocol or implementation is

that it offer exactly the same set of services to its upstairs neighbor as the old one

did. It is common that different hosts use different implementations of the same

protocol (often written by different companies). In fact, the protocol itself can

change in some layer without the layers above and below it even noticing.

26 /197

Page 29: Network Basics (slides)

Services vs. ProtocolsSEC. 1.4 REFERENCE MODELS 41

Layer k

Layer k + 1

Layer k - 1

Protocol

Service provided by layer k

Layer k

Layer k + 1

Layer k - 1

Figure 1-19. The relationship between a service and a protocol.

1.4 REFERENCE MODELS

Now that we have discussed layered networks in the abstract, it is time to look

at some examples. We will discuss two important network architectures: the OSI

reference model and the TCP/IP reference model. Although the protocols associ-

ated with the OSI model are not used any more, the model itself is actually quite

general and still valid, and the features discussed at each layer are still very im-

portant. The TCP/IP model has the opposite properties: the model itself is not of

much use but the protocols are widely used. For this reason we will look at both

of them in detail. Also, sometimes you can learn more from failures than from

successes.

1.4.1 The OSI Reference Model

The OSI model (minus the physical medium) is shown in Fig. 1-20. This

model is based on a proposal developed by the International Standards Organiza-

tion (ISO) as a first step toward international standardization of the protocols used

in the various layers (Day and Zimmermann, 1983). It was revised in 1995 (Day,

1995). The model is called the ISO OSI (Open Systems Interconnection) Ref-

erence Model because it deals with connecting open systems—that is, systems

that are open for communication with other systems. We will just call it the OSI

model for short.

The OSI model has seven layers. The principles that were applied to arrive at

the seven layers can be briefly summarized as follows:

1. A layer should be created where a different abstraction is needed.

2. Each layer should perform a well-defined function.

3. The function of each layer should be chosen with an eye toward

defining internationally standardized protocols.

Services ProtocolsLayer to Layer Peer to Peer

A set of operations A set of rules

(listen, connect,accept, receive,

send, disconnect)

(message format,message meanings)

27 /197

Page 30: Network Basics (slides)

Layered Design ExampleTaking an airplane trip

source host to destination host in the Internet. But this is not quite the analogy weare after. We are looking for some structure in Figure 1.21. Looking at Figure 1.21,we note that there is a ticketing function at each end; there is also a baggage func-tion for already-ticketed passengers, and a gate function for already-ticketed andalready-baggage-checked passengers. For passengers who have made it through thegate (that is, passengers who are already ticketed, baggage-checked, and through thegate), there is a takeoff and landing function, and while in flight, there is an airplane-routing function. This suggests that we can look at the functionality in Figure 1.21in a horizontal manner, as shown in Figure 1.22.

Figure 1.22 has divided the airline functionality into layers, providing a frame-work in which we can discuss airline travel. Note that each layer, combined with the

48 CHAPTER 1 • COMPUTER NETWORKS AND THE INTERNET

Ticket (purchase)

Baggage (check)

Gates (load)

Runway takeoff

Airplane routing Airplane routing Airplane routing

Ticket (complain)

Baggage (claim)

Gates (unload)

Runway landing

Airplane routing

Ticket

Baggage

Gate

Takeoff/Landing

Departure airport Intermediate air-trafficcontrol centers

Figure 1.22 � Horizontal layering of airline functionality

Ticket (purchase)

Baggage (check)

Gates (load)

Runway takeoff

Airplane routing

Ticket (complain)

Baggage (claim)

Gates (unload)

Runway landing

Airplane routing

Airplane routing

Figure 1.21 � Taking an airplane trip: actionsEach layer1. has some functions2. provides services to its upper layer

28 /197

Page 31: Network Basics (slides)

32 INTRODUCTION CHAP. 1

I likerabbits

Location A

3

2

1

3

2

1

Location B

Message Philosopher

Translator

Secretary

Informationfor the remotetranslator

Informationfor the remotesecretary

L: Dutch

Ik vind

konijnen

leuk

Fax #---

L: Dutch

Ik vind

konijnen

leuk

J'aimebien leslapins

L: Dutch

Ik vind

konijnen

leuk

Fax #---

L: Dutch

Ik vind

konijnen

leuk

Figure 1-14. The philosopher-translator-secretary architecture.

units, packets, prepending a layer 3 header to each packet. In this example, M is

split into two parts, M 1 and M 2 , that will be transmitted separately.

Layer 3 decides which of the outgoing lines to use and passes the packets to

layer 2. Layer 2 adds to each piece not only a header but also a trailer, and gives

the resulting unit to layer 1 for physical transmission. At the receiving machine

the message moves upward, from layer to layer, with headers being stripped off as

it progresses. None of the headers for layers below n are passed up to layer n.

The important thing to understand about Fig. 1-15 is the relation between the

virtual and actual communication and the difference between protocols and inter-

faces. The peer processes in layer 4, for example, conceptually think of their

communication as being ‘‘horizontal,’’ using the layer 4 protocol. Each one is

likely to have procedures called something like SendToOtherSide and GetFrom-

OtherSide, even though these procedures actually communicate with lower layers

across the 3/4 interface, and not with the other side.

29 /197

Page 32: Network Basics (slides)

Each protocol is completely independent of theother onesFor example

▶ The translators (L2) can switch from Dutch to Finnishwithout touching L1 or L3

▶ The secretaries (L1) can switch from email to telephonewithout disturbing (or even informing) the other layers

30 /197

Page 33: Network Basics (slides)

TCP/IP OverviewBasic Structure

----------------------------

| network applications |

| |

|... \ | / .. \ | / ...|

| ----- ----- |

| |TCP| |UDP| |

| ----- ----- |

| \ / |

| -------- |

| | IP | |

| ----- -*------ |

| |ARP| | |

| ----- | |

| \ | |

| ------ |

| |ENET| |

| ---@-- |

----------|-----------------

|

----------------------o---------

Ethernet Cable

1. Where will an incoming Ethernetframe go?ARP: 0x0806IP: 0x0800

2. Where will an incoming IPpacket go?TCP: 0x06UDP: 0x11

3. Where will an incomingtransport message (UDPdatagram, TCP segment) go?

HTTP FTP SSH SMTP80 21/20 22 25

31 /197

Page 34: Network Basics (slides)

The Name Of A Unit Of Data

Application MessageTCP SegmentUDP DatagramIP packet

Ethernet frame

+-------------+

| Application |

| message |

+-----------+-------------+

| Transport | Application |

| header | message |

+--------+-------------------------+

| IP | Transport |

| header | message |

+----------+----------------------------------+

| Ethernet | IP |

| header | packet |

+---------------------------------------------+

|<------------ Ethernet frame --------------->|

32 /197

Page 35: Network Basics (slides)

Ethernet

1. Frame format?2. Address format?3. Broadcast address?4. CSMA/CD? (Please explain)

33 /197

Page 36: Network Basics (slides)

Ethernet Frame

0 1 2 3

+--------+--------+--------+--------+

| Dst Address |

+--------+--------+--------+--------+

| Dst Address | Src Address |

+--------+--------+--------+--------+

| Src Address |

+--------+--------+--------+--------+

| Length/Type | MAC Data ... |

+--------+--------+--------+--------+

| MAC Data ... |

| (46 - 1500 bytes) |

+--------+--------+--------+--------+

| FCS |

+--------+--------+--------+--------+

34 /197

Page 37: Network Basics (slides)

Ethernet References

J. Postel and J.K. Reynolds. Standard for thetransmission of IP datagrams over IEEE 802 networks.RFC 1042 (INTERNET STANDARD). Internet EngineeringTask Force, Feb. 1988.Wikipedia. Carrier sense multiple access with collisiondetection — Wikipedia, The Free Encyclopedia.[Online; accessed 11-March-2015]. 2015.Wikipedia. Ethernet frame — Wikipedia, The FreeEncyclopedia. [Online; accessed 25-March-2015].2015.Wikipedia. Ethernet — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.

35 /197

Page 38: Network Basics (slides)

ARP

ARP Looking up the ARP table to find the destinationMAC address.

Example ARP tableIP address Ethernet address223.1.2.1 08-00-39-00-2F-C3223.1.2.3 08-00-5A-21-A7-22223.1.2.4 08-00-10-99-AC-54

36 /197

Page 39: Network Basics (slides)

Where does the ARP table come from?

Example ARP RequestSender IP Address 223.1.2.1Sender Enet Address 08-00-39-00-2F-C3Target IP Address 223.1.2.2Target Enet Address FF-FF-FF-FF-FF-FF

Example ARP ResponseSender IP Address 223.1.2.2Sender Enet Address 08-00-28-00-38-A9Target IP Address 223.1.2.1Target Enet Address 08-00-39-00-2F-C3

37 /197

Page 40: Network Basics (slides)

The updated tableIP address Ethernet address223.1.2.1 08-00-39-00-2F-C3223.1.2.2 08-00-28-00-38-A9223.1.2.3 08-00-5A-21-A7-22223.1.2.4 08-00-10-99-AC-54

38 /197

Page 41: Network Basics (slides)

ARP References

D. Plummer. Ethernet Address Resolution Protocol: OrConverting Network Protocol Addresses to 48.bitEthernet Address for Transmission on EthernetHardware. RFC 826 (INTERNET STANDARD). Updatedby RFCs 5227, 5494. Internet Engineering Task Force,Nov. 1982.Wikipedia. Address Resolution Protocol — Wikipedia,The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.

39 /197

Page 42: Network Basics (slides)

IPRouter

----------------------------

| network applications |

| |

|... \ | / .. \ | / ...|

| ----- ----- |

| |TCP| |UDP| |

| ----- ----- |

| \ / |

| -------- |

| | IP | |

| ----- -*------ |

| |ARP| | |

| ----- | |

| \ | |

| ------ |

| |ENET| |

| ---@-- |

----------|-----------------

|

----------------------o---------

Ethernet Cable

----------------------------

| network applications |

| |

|... \ | / .. \ | / ...|

| ----- ----- |

| |TCP| |UDP| |

| ----- ----- |

| \ / |

| -------- |

| | IP | |

| ----- -*----*- ----- |

| |ARP| | | |ARP| |

| ----- | | ----- |

| \ | | / |

| ------ ------ |

| |ENET| |ENET| |

| ---@-- ---@-- |

----------|-------|---------

| |

| ---o--------------

| Ethernet Cable 2

---------------o---

Ethernet Cable 1

Routing Find a route in the route table.

40 /197

Page 43: Network Basics (slides)

Direct Routing—IP is overhead

A B C

| | |

--o------o------o--

Ethernet 1

IP network "development"

Addresses in an Ethernet frame for an IP packetfrom A to B

address source destinationIP header A BEthernet header A B

41 /197

Page 44: Network Basics (slides)

Indirect Routing

A B C ----D---- E F G

| | | | | | | | |

--o------o------o------o- | -o------o------o------o--

Ethernet 1 | Ethernet 2

IP network "development" | IP network "accounting"

|

|

| H I J

| | | |

--o-----o------o------o--

Ethernet 3

IP network "factory"

----------------------------

| network applications |

| |

|... \ | / .. \ | / ...|

| ----- ----- |

| |TCP| |UDP| |

| ----- ----- |

| \ / |

| -------- |

| | IP | |

| ----- -*----*- ----- |

| |ARP| | | |ARP| |

| ----- | | ----- |

| \ | | / |

| ------ ------ |

| |ENET| |ENET| |

| ---@-- ---@-- |

----------|-------|---------

| |

| ---o--------------

| Ethernet Cable 2

---------------o---

Ethernet Cable 1

42 /197

Page 45: Network Basics (slides)

Addresses in an Ethernet frame for an IP packetfrom A to E (before D)

address source destinationIP header A EEthernet header A D

Addresses in an Ethernet frame for an IP packetfrom A to E (after D)

address source destinationIP header A EEthernet header D E

A B C ----D---- E F G

| | | | | | | | |

--o------o------o------o- | -o------o------o------o--

Ethernet 1 | Ethernet 2

IP network "development" | IP network "accounting"

|

|

| H I J

| | | |

--o-----o------o------o--

Ethernet 3

IP network "factory"

43 /197

Page 46: Network Basics (slides)

IP Module Routing Rules

1. For an outgoing IP packet, entering IP from an upperlayer, IP must decide

▶ whether to send the IP packet directly or indirectly, and▶ IP must choose a lower network interface.

These choices are made by consulting the route table.2. For an incoming IP packet, entering IP from a lowerinterface, IP must decide

▶ whether to forward the IP packet or pass it to an upperlayer.

▶ If the IP packet is being forwarded, it is treated as anoutgoing IP packet.

3. When an incoming IP packet arrives it is never forwardedback out through the same network interface.

----------------------------

| network applications |

| |

|... \ | / .. \ | / ...|

| ----- ----- |

| |TCP| |UDP| |

| ----- ----- |

| \ / |

| -------- |

| | IP | |

| ----- -*----*- ----- |

| |ARP| | | |ARP| |

| ----- | | ----- |

| \ | | / |

| ------ ------ |

| |ENET| |ENET| |

| ---@-- ---@-- |

----------|-------|---------

| |

| ---o--------------

| Ethernet Cable 2

---------------o---

Ethernet Cable 1 44 /197

Page 47: Network Basics (slides)

IP Address

Address classes+-+------------+--------------+--------------+--------------+

A: |0| NET <-7-> | LOCAL ADDRESS <-24-> |

+-+------------+--------------+--------------+--------------+

+---+----------+--------------+--------------+--------------+

B: |1 0| NET <-14-> | LOCAL ADDRESS <-16-> |

+---+----------+--------------+--------------+--------------+

+-----+--------+--------------+--------------+--------------+

C: |1 1 0| NET <-21-> | LOCAL ADDRESS|

+-----+--------+--------------+--------------+--------------+

+-----+--------+--------------+--------------+--------------+

D: |1 1 1| Reserved |

+-----+--------+--------------+--------------+--------------+

45 /197

Page 48: Network Basics (slides)

Special IP Addresses

▶ A value of zero in the network field means this network.(source only)

▶ A value of zero in the host field means network address.▶ 127.x.x.x are loopback address.▶ 255.255.255.255 is boardcast address.▶ Private address:

▶ 10.x.x.x▶ 172.16.x.x∼172.31.x.x▶ 192.168.x.x

▶ CIDR—Classless Inter-Domain Routing—An IP addressingscheme that replaces the older system based on classesA, B and C.

46 /197

Page 49: Network Basics (slides)

Names

People refer to computers by names, not numbers.

/etc/hosts127.0.0.1 localhost202.203.132.245 cs3.swfc.edu.cn cs3

/etc/networkslocalnet 202.203.132.192

47 /197

Page 50: Network Basics (slides)

IP Route Table

Example IP Route Tablewx672@cisd-ftp:~$ route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

localnet * 255.255.255.192 U 0 0 0 eth0

192.168.128.0 * 255.255.252.0 U 0 0 0 eth0

default 202.203.132.254 0.0.0.0 UG 0 0 0 eth0

∼$ man route

48 /197

Page 51: Network Basics (slides)

Direct Routing Details

223.1.2.1 223.1.2.2

--------- ---------

| alpha | | beta |

| 1 | | 1 |

--------- ---------

| |

--------o---------------o-

Ethernet 1

IP network "development"

223.1.2.0

The route table inside alpha (simplified)network flag router interfacedevelopment direct 1

49 /197

Page 52: Network Basics (slides)

Direct Scenario

Alpha is sending an IP packet to beta...Please describe.

50 /197

Page 53: Network Basics (slides)

Indirect Routing Details223.1.4.1

223.1.3.1

223.1.2.1 223.1.2.4 223.1.3.2

--------- --------- ---------

| alpha | | delta | |epsilon|

| 1 | |1 2 3| | 1 |

--------- --------- ---------

| | | | |

--------o---------------o- | -o----------------o--------

Ethernet 1 | Ethernet 2

IP network "Development" | IP network "accounting"

223.1.2 | 223.1.3

|

| --------

| | iota |

| | 1 | 223.1.4.2

| --------

| |

--o--------o--------

Ethernet 3

IP network "factory"

223.1.4

----------------------------

| network applications |

| |

|... \ | / .. \ | / ...|

| ----- ----- |

| |TCP| |UDP| |

| ----- ----- |

| \ / |

| -------- |

| | IP | |

| ----- -*----*- ----- |

| |ARP| | | |ARP| |

| ----- | | ----- |

| \ | | / |

| ------ ------ |

| |ENET| |ENET| |

| ---@-- ---@-- |

----------|-------|---------

| |

| ---o--------------

| Ethernet Cable 2

---------------o---

Ethernet Cable 1

51 /197

Page 54: Network Basics (slides)

Indirect Routing Details

The route table inside alphanetwork flag router interface223.1.2 direct 1223.1.3 indirect 223.1.2.4 1223.1.4 indirect 223.1.2.4 1

The route table inside deltanetwork flag router interface223.1.2 direct 1223.1.3 direct 3223.1.4 direct 2

52 /197

Page 55: Network Basics (slides)

Indirect Scenario

Alpha is sending an IP packet to epsilon...Please describe.

223.1.4.1

223.1.3.1

223.1.2.1 223.1.2.4 223.1.3.2

--------- --------- ---------

| alpha | | delta | |epsilon|

| 1 | |1 2 3| | 1 |

--------- --------- ---------

| | | | |

--------o---------------o- | -o----------------o--------

Ethernet 1 | Ethernet 2

IP network "Development" | IP network "accounting"

223.1.2 | 223.1.3

|

| --------

| | iota |

| | 1 | 223.1.4.2

| --------

| |

--o--------o--------

Ethernet 3

IP network "factory"

223.1.4

----------------------------

| network applications |

| |

|... \ | / .. \ | / ...|

| ----- ----- |

| |TCP| |UDP| |

| ----- ----- |

| \ / |

| -------- |

| | IP | |

| ----- -*----*- ----- |

| |ARP| | | |ARP| |

| ----- | | ----- |

| \ | | / |

| ------ ------ |

| |ENET| |ENET| |

| ---@-- ---@-- |

----------|-------|---------

| |

| ---o--------------

| Ethernet Cable 2

---------------o---

Ethernet Cable 1

53 /197

Page 56: Network Basics (slides)

Managing The Routes

▶ Manually maintained by administrator▶ ICMP can report some routing problems▶ For larger networks, routing protocols are used.

54 /197

Page 57: Network Basics (slides)

IP Packet

0 1 2 3

|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|

|Version| IHL |Type of Service| Total Length |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Identification |Flags| Fragment Offset |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Time to Live | Protocol | Header Checksum |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Source Address |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Destination Address |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Options (variable) | Padding |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

55 /197

Page 58: Network Basics (slides)

IP References

J. Postel. Internet Protocol. RFC 791 (INTERNETSTANDARD). Updated by RFCs 1349, 2474, 6864.Internet Engineering Task Force, Sept. 1981.Wikipedia. Internet Protocol — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.Wikipedia. IP address — Wikipedia, The FreeEncyclopedia. [Online; accessed 13-March-2015].2015.Wikipedia. IPv4 header checksum — Wikipedia, TheFree Encyclopedia. [Online; accessed 20-March-2015].2015.

56 /197

Page 59: Network Basics (slides)

Subnetting

57 /197

Page 60: Network Basics (slides)

Why Subnetting?

▶ use of different physical media (such as Ethernet, FDDI,WAN, etc.)

▶ preservation of address space▶ security▶ The most common reason is to control network traffic

▶ In an Ethernet, there are collisions and the resultingretransmissions.

58 /197

Page 61: Network Basics (slides)

+-----------------------+----------------------+

| Network Prefix | Host Number |

+-----------------------+----------------------+

+--------------------------------+-------------+

| Network Prefix | Subnet | Host Number |

+--------------------------------+-------------+

Subnet mask is a bitmask used to identify the network andnode parts of the address.

Default Subnet MasksClass A 255.0.0.0 11111111.0.0.0Class B 255.255.0.0 11111111.11111111.0.0Class C 255.255.255.0 11111111.11111111.11111111.0

59 /197

Page 62: Network Basics (slides)

2n − 2

Example

IP address:11001010.11001011.10000100.11110001 202.203.132.241

Subnet mask:11111111.11111111.11111111.11000000 255.255.255.192

▶ There are 22 − 2 = 2 subnets▶ Each subnet has 26 − 2 = 62 nodes▶ Subtract 2? All “0”s and all “1”s. (this is the old story)

60 /197

Page 63: Network Basics (slides)

Subnet Calculator

subnetcalc — a free IP subnet calculatorTry:

∼$ subnetcalc 202.203.132.244/26

61 /197

Page 64: Network Basics (slides)

Subnetting ReferencesT. Pummill and B. Manning. Variable Length SubnetTable For IPv4. RFC 1878 (Historic). InternetEngineering Task Force, Dec. 1995.Y. Rekhter et al. Address Allocation for PrivateInternets. RFC 1918 (Best Current Practice). Updatedby RFC 6761. Internet Engineering Task Force, Feb.1996.Wikipedia. IPv4 subnetting reference — Wikipedia, TheFree Encyclopedia. [Online; accessed 25-March-2015].2015.Wikipedia. Private network — Wikipedia, The FreeEncyclopedia. [Online; accessed 25-March-2015].2015.Wikipedia. Subnetwork — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.

62 /197

Page 65: Network Basics (slides)

CIDR

63 /197

Page 66: Network Basics (slides)

CIDR—Classless Inter-Domain Routing

CIDR An IP addressing scheme that replaces the oldersystem based on classes A, B and C.

64 /197

Page 67: Network Basics (slides)

Why CIDR?

With a new network being connected to the Internet every 30minutes the Internet was faced with two critical problems:

▶ Running out of IP addresses▶ Running out of capacity in the global routing tables

65 /197

Page 68: Network Basics (slides)

Running out of IP addressesUsing the old addressing scheme, the Internet could support:

▶ 126 Class A networks that could include up to16,777,214 hosts each

▶ Plus 65,000 Class B networks that could include up to65,534 hosts each

▶ Plus over 2 million Class C networks that could includeup to 254 hosts each

only 3% of the assigned addresses were actually being used.

66 /197

Page 69: Network Basics (slides)

Global Routing Tables At Capacity▶ As the number of networks on the Internet increased, sodid the number of routes.

▶ A few years back it was forecasted that the globalbackbone Internet routers were fast approaching theirlimit on the number of routes they could support.

▶ Even using the latest router technology, the maximumtheoretical routing table size is approximately 60,000routing table entries.

▶ If nothing was done the global routing tables would havereached capacity by mid-1994 and all Internet growthwould be halted.

67 /197

Page 70: Network Basics (slides)

How Were These Problems Solved?Two solutions were developed and adopted by the globalInternet community:

▶ Restructuring IP address assignments to increaseefficiency

▶ Hierarchical routing aggregation to minimize route tableentries

68 /197

Page 71: Network Basics (slides)

Restructuring IP Address AssignmentsInstead of being limited to network identifiers (or ”prefixes”)of 8, 16 or 24 bits, CIDR currently uses prefixes anywherefrom 13 to 27 bits.

/27 1/8 of a Class C 32 hosts/26 1/4 of a Class C 64 hosts/25 1/2 of a Class C 128 hosts/24 1 Class C 256 hosts/16 256 Class C 65,536 hosts

(= 1 Class B)/13 2,408 Class C 524,288 hosts

69 /197

Page 72: Network Basics (slides)

Hierarchical Routing Aggregation To MinimizeRouting Table EntriesRoute Aggregation a single high-level route entry can

represent many lower-level routes in the globalrouting tables. Similar to the telephone network.

70 /197

Page 73: Network Basics (slides)

User Impacts▶ The Internet is currently a mixture of both ”CIDR-ized”addresses and old Class A, B and C addresses.

▶ Almost all new routers support CIDR and the Internetauthorities strongly encourage all users to implementthe CIDR addressing scheme.

71 /197

Page 74: Network Basics (slides)

CIDR References

V. Fuller and T. Li. Classless Inter-domain Routing(CIDR): The Internet Address Assignment andAggregation Plan. RFC 4632 (Best Current Practice).Internet Engineering Task Force, Aug. 2006.Wikipedia. Classless Inter-Domain Routing —Wikipedia, The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.

72 /197

Page 75: Network Basics (slides)

IPv6

73 /197

Page 76: Network Basics (slides)

Why IPv6?

No enough addresses!Kidding? We have:

▶ 232 address space▶ NAT▶ CIDR

No kidding. All gone.▶ IANA: 31 January 2011▶ Asia-Pacific: 15 April 2011▶ Europe: 14 September 2012▶ Latin America: 10 June 2014

So, we need a larger address space (2128)

0

20

40

60

80

100

120

140

160

1996 1998 2000 2002 2004 2006 2008 2010 2012 2014

/8

Date

Free /8

IANARIR pool + IANA

74 /197

Page 77: Network Basics (slides)

Why such a high number of bits?For a larger address space

▶ Think about mobile phones, cars (inside devices),toasters, refrigerators, light switches, and so on…

Why not higher?▶ More bits à bigger header à more overhead▶ max MTU on Ethernet is 1500 octets

min MTU header length overhead(octets) (octets)

IPv4 576 20-60 3.4%IPv6 1280 40 3.8%

75 /197

Page 78: Network Basics (slides)

Why not IPv5?4: is already used for IPv45: is reserved for the Stream Protocol (STP, RFC 1819 /Internet Stream Protocol Version 2) (which never reallymade it to the public)

6: The next free number. Hence IPv6 was born!

76 /197

Page 79: Network Basics (slides)

More than a larger address space (2128)▶ Simplified header makes routing faster▶ End-to-end connectivity▶ Auto-configuration▶ No broadcast▶ Anycast▶ Mobility — same IP address everywhere▶ Network-layer security▶ Extensibility▶ and more ...

77 /197

Page 80: Network Basics (slides)

IPv6 Header0 1 2 3

|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|

|Version| Traffic Class | Flow Label |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Payload Length | Next Header | Hop Limit |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| |

+ +

| |

+ Source Address +

| |

+ +

| |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| |

+ +

| |

+ Destination Address +

| |

+ +

| |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

78 /197

Page 81: Network Basics (slides)

IPv6 Extension Header+---------------+------------------------

| IPv6 header |

| | TCP header + data

| Next Header = |

| TCP |

+---------------+------------------------

+---------------+----------------+------------------------

| IPv6 header | Routing header |

| | | TCP header + data

| Next Header = | Next Header = |

| Routing | TCP |

+---------------+----------------+------------------------

+---------------+----------------+-----------------+-----------------

| IPv6 header | Routing header | Fragment header |

| | | | fragment of TCP

| Next Header = | Next Header = | Next Header = | header + data

| Routing | Fragment | TCP |

+---------------+----------------+-----------------+-----------------

79 /197

Page 82: Network Basics (slides)

IPv6 Addresses

A real life address3ffe:ffff:0100:f101:0210:a4ff:fee3:9566

à 3ffe:ffff:100:f101:210:a4ff:fee3:9566

More simplifications3ffe:ffff:100:f101:0:0:0:1

à 3ffe:ffff:100:f101::1

The biggest simplificationIPv6 localhost address

0000:0000:0000:0000:0000:0000:0000:0001 à ::1

80 /197

Page 83: Network Basics (slides)

Address typesGlobal unicast addresses begin with [23]xxx

e.g. 2001:db8:85a3::8a2e:370:7334

Unique local addresses begin with fc00::/7e.g. fdf8:f53b:82e4::53

▶ similiar to private IPs in IPv4Link local addresses begin with fe80::/64

e.g. fe80::62d8:19ff:fece:44f6/64▶ similiar to 169.254.0.0/16

Localhost address ::1▶ Similiar to IPv4 with its “127.0.0.1”

Multicast addresses begin with ffxy::/8e.g. ff01::2

Unspecified address ::▶ Like “any” or “0.0.0.0” in IPv4

Link local

Uniquelocal

Globalunicast

81 /197

Page 84: Network Basics (slides)

Anycast addresses

Unicast Multicast Broadcast Anycast1-to-1 1-to-n 1-to-all 1-to- 1n

Anycast▶ is assigned to more than one interface▶ a packet sent to an anycast address is routed to the”nearest” interface having that address

▶ is allocated from the unicast address space

82 /197

Page 85: Network Basics (slides)

IPv6 ReferencesS. Deering and R. Hinden. Internet Protocol, Version 6(IPv6) Specification. RFC 2460 (Draft Standard).Updated by RFCs 5095, 5722, 5871, 6437, 6564, 6935,6946, 7045, 7112. Internet Engineering Task Force,Dec. 1998.R. Hinden and S. Deering. IP Version 6 AddressingArchitecture. RFC 4291 (Draft Standard). Updated byRFCs 5952, 6052, 7136, 7346, 7371. InternetEngineering Task Force, Feb. 2006.Wikipedia. IPv6 address — Wikipedia, The FreeEncyclopedia. [Online; accessed 13-March-2015].2015.Wikipedia. IPv6 packet — Wikipedia, The FreeEncyclopedia. [Online; accessed 15-March-2015].2015.Wikipedia. IPv6 — Wikipedia, The Free Encyclopedia.[Online; accessed 21-February-2015]. 2015.

83 /197

Page 86: Network Basics (slides)

NAT & Packet Filtering

84 /197

Page 87: Network Basics (slides)

Network Address Translation (NAT)

40.30.20.10

192.168.1.1

192.168.1.4

192.168.1.3

192.168.1.2

Internet12.13.14.15

Src IP Src Port NAT Router IP Port192.168.1.2 3456 12.13.14.15 1192.168.1.3 6789 12.13.14.15 2192.168.1.3 8910 12.13.14.15 3192.168.1.4 3750 12.13.14.15 4

85 /197

Page 88: Network Basics (slides)

What’s A Packet Filter?

A packet filter is a piece of software which looks at the headerof packets as they pass through, and decides thefate of the entire packet. It might decide to

▶ DROP the packet (i.e., discard the packet as ifit had never received it),

▶ ACCEPT the packet (i.e., let the packet gothrough), or

▶ something more complicated.

86 /197

Page 89: Network Basics (slides)

Packet Filter Under Linux

iptables talks to the kernel and tells it what packets tofilter.

The iptables tool inserts/deletes rules from the kernel’spacket filtering table.

87 /197

Page 90: Network Basics (slides)

Quick Start

Debian/Ubuntu users can do:stud@debian:~$ sudo apt-get install iptables

stud@debian:~$

stud@debian:~$ sudo iptables -A INPUT -s 147.8.212.123 -p all -j DROP

stud@debian:~$

stud@debian:~$ sudo iptables -D INPUT -s 147.8.212.123 -p all -j DROP

stud@debian:~$

stud@debian:~$ man iptables

stud@debian:~$

stud@debian:~$ google-chrome http://www.netfilter.org/documentation/

stud@debian:~$

88 /197

Page 91: Network Basics (slides)

Terminology

Filter table is in the kernel, contains chains.Chains a.k.a. firewall chains, are lists of filtering rules.

The three kernel built-in chains are called INPUT,OUTPUT, and FORWARD.

Rules Each rule says:if the packet header looks like this

then here’s what to do with the packet

89 /197

Page 92: Network Basics (slides)

How Chains Work?

FORWARDRoutingDecision

INPUT

Local Process

OUTPUT

Local Process

Incoming Outgoing

90 /197

Page 93: Network Basics (slides)

Using iptablesTo manage whole chains:1. Create a new chain (-N).2. Delete an empty chain (-X).3. Change the policy for a built-in chain. (-P).4. List the rules in a chain (-L).5. Flush the rules out of a chain (-F).6. Zero the packet and byte counters on all rules in a chain(-Z).

To manipulate rules inside a chain:1. Append a new rule to a chain (-A).2. Insert a new rule at some position in a chain (-I).3. Replace a rule at some position in a chain (-R).4. Delete a rule at some position in a chain, or the first thatmatches (-D).

91 /197

Page 94: Network Basics (slides)

Examples

stud@debian:~$ ping -c 1 127.0.0.1stud@debian:~$stud@debian:~$ sudo iptables -A INPUT -s 127.0.0.1 -p icmp -j DROPstud@debian:~$stud@debian:~$ ping -c 1 127.0.0.1stud@debian:~$stud@debian:~$ sudo iptables -D INPUT -s 127.0.0.1 -p icmp -j DROPstud@debian:~$stud@debian:~$ sudo iptables -A INPUT -s ! 127.0.0.1 -p all -j DROPstud@debian:~$stud@debian:~$ sudo iptables -A INPUT -s 192.168.1.0/24 -p all -j DROPstud@debian:~$

92 /197

Page 95: Network Basics (slides)

More Examples

~$ # Syn-flood protection:~$ sudo iptables -A FORWARD -p tcp --syn -m limit --limit 1/s -j ACCEPT~$~$ # Furtive port scanner:~$ sudo iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT~$~$ # Ping of death:~$ sudo iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT~$

93 /197

Page 96: Network Basics (slides)

Networking Devices

94 /197

Page 97: Network Basics (slides)

+-------------+

| |

| |

| Application |

| |

| |

+-------------+

| Transport |

+-------------+

| Network | Routers

+-------------+

| Data Link | Bridges/Switches

+-------------+

| Physical | Repeaters/Hubs

+-------------+

95 /197

Page 98: Network Basics (slides)

Repeater, Hub

Repeater connects network segments at the physicallayer.

Hub a multi-port repeater

▶ simple, cheap▶ Repeaters/Hubs do NOT isolate collision domains.▶ 100m maximum

96 /197

Page 99: Network Basics (slides)

Bridge, Switch

Bridge connects multiple network segments at the datalink layer (layer 2)

Switch a multi-port bridge

Transparent bridgingUses a forwarding database to send frames across networksegments

▶ Learning▶ Flooding▶ Forwarding▶ Filtering▶ Aging

97 /197

Page 100: Network Basics (slides)

Redundancy Eliminating the single point of failure

A

CB

Seg

men

t A

Segment B

Segment C

98 /197

Page 101: Network Basics (slides)

Broadcast storm Resulting in potentially severe networkcongestion

A

CB

Seg

men

t A

Segment B

Segment CNode B

Node A

99 /197

Page 102: Network Basics (slides)

Spanning Tree Protocol (STP) is a network protocol thatensures a loop-free topology for any bridgedEthernet local area network.

100 /197

Page 103: Network Basics (slides)

Router

Router connects two or more logicalsubnets at the network layer(layer 3)

Routing is to find a route in the routetable

----------------------------

| network applications |

| |

|... \ | / .. \ | / ...|

| ----- ----- |

| |TCP| |UDP| |

| ----- ----- |

| \ / |

| -------- |

| | IP | |

| ----- -*----*- ----- |

| |ARP| | | |ARP| |

| ----- | | ----- |

| \ | | / |

| ------ ------ |

| |ENET| |ENET| |

| ---@-- ---@-- |

----------|-------|---------

| |

| ---o--------------

| Ethernet Cable 2

---------------o---

Ethernet Cable 1

101 /197

Page 104: Network Basics (slides)

Bridging vs. RoutingBridging Routing

L2 L3MAC addr.(local) IP addr.(global)

intranet internetForwarding DB Routing table

relearn, flooding more efficient

▶ to put multiple segments into one bridged network, or▶ to divide it into different networks interconnected byrouters

102 /197

Page 105: Network Basics (slides)

More About Networking Devices

Wikipedia. LAN switching — Wikipedia, The FreeEncyclopedia. [Online; accessed 23-March-2015].2015.Wikipedia. Network switch — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.Wikipedia. Router (computing) — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.Wikipedia. Routing table — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.

103 /197

Page 106: Network Basics (slides)

Transport ProtocolsTCP & UDP

Wang Xiaolin

April 30, 2015

) [email protected]

104 /197

Page 107: Network Basics (slides)

% vs. )Circuit switching© guaranteedperformance

© fast transfers (oncecircuit is established)

§ wastes bandwidth iftraffic is “bursty”

§ connection setup addsdelay

§ recovery from failure isslow

Packet switching§ no guaranteedperformance

§ header overhead perpacket

§ queues and queuingdelay

© efficient use ofbandwidth

© no connection setup© can “route aroundtrouble”

105 /197

Page 108: Network Basics (slides)

IP: host àà hostTCP/UDP: process àà process

IP provides unreliable serviceBest-effort delivery service doesn’t guarantee? segment delivery? orderly delivery of segments? the integrity of the data in the segments

TCP provides reliable data transferReliable means correctly and orderly.

4 correctness — acknowledgement, checksum4 order — sequence numbers4 packet lost — timers4 flow control — sliding window4 congestion control

106 /197

Page 109: Network Basics (slides)

A TCP Connection

wx672@cs3:~$ netstat -at | grep http | grep ESTAB

tcp 0 0 cs3.swfu.edu.cn:http 220.163.96.3:47179 ESTABLISHEDaddress port address port

socket socket

a pair of sockets form a TCP connection

Port numbersport range 0 ∼ 65535well-known ports 0 ∼ 1023

FTP 20/21 SSH 22 Telnet 23SMTP 25 DNS 53 DHCP 67/68HTTP 80 POP3 110 HTTPS 443IMAP4 143

107 /197

Page 110: Network Basics (slides)

TCP Header

0 1 2 3

|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|-+-+-+-+-+-+-+-|

| Source Port | Destination Port |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Sequence Number |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Acknowledgment Number |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Data | | | |N|C|E|U|A|P|R|S|F| |

| Offset|0|0|0| |W|C|R|C|S|S|Y|I| Window |

| | | | |S|R|E|G|K|H|T|N|N| |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Checksum | Urgent Pointer |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

| Options | Padding |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

108 /197

Page 111: Network Basics (slides)

Establishing a TCP ConnectionSEC. 6.5 THE INTERNET TRANSPORT PROTOCOLS: TCP 561

Tim

e

Host 1 Host 2

SYN (SEQ = y, ACK = x + 1)

SYN (SEQ = x)

(SEQ = x + 1, ACK = y + 1)

Host 1 Host 2

SYN (SEQ = y, ACK = x + 1)

SYN (SEQ = x)

SYN (SEQ = y)

SYN (SEQ = x , ACK = y + 1)

(a) (b)

Figure 6-37. (a) TCP connection establishment in the normal case. (b) Simul-

taneous connection establishment on both sides.

In the event that two hosts simultaneously attempt to establish a connection

between the same two sockets, the sequence of events is as illustrated in Fig. 6-

37(b). The result of these events is that just one connection is established, not

two, because connections are identified by their end points. If the first setup re-

sults in a connection identified by (x, y) and the second one does too, only one

table entry is made, namely, for (x, y).

Recall that the initial sequence number chosen by each host should cycle

slowly, rather than be a constant such as 0. This rule is to protect against delayed

duplicate packets, as we discussed in Sec 6.2.2. Originally this was accomplished

with a clock-based scheme in which the clock ticked every 4 µsec.

However, a vulnerability with implementing the three-way handshake is that

the listening process must remember its sequence number as soon it responds with

its own SYN segment. This means that a malicious sender can tie up resources on

a host by sending a stream of SYN segments and never following through to com-

plete the connection. This attack is called a SYN flood, and it crippled many

Web servers in the 1990s.

One way to defend against this attack is to use SYN cookies. Instead of

remembering the sequence number, a host chooses a cryptographically generated

sequence number, puts it on the outgoing segment, and forgets it. If the three-way

handshake completes, this sequence number (plus 1) will be returned to the host.

It can then regenerate the correct sequence number by running the same crypto-

graphic function, as long as the inputs to that function are known, for example, the

other host’s IP address and port, and a local secret. This procedure allows the host

to check that an acknowledged sequence number is correct without having to

109 /197

Page 112: Network Basics (slides)

Closing a TCP Connection

110 /197

Page 113: Network Basics (slides)

tcpdump output∼$ tcpdump -S -i lo12:47:09.106903 IP localhost.37831 > localhost.3333:

Flags [S], seq 2485057335, win 32792, ..., length 0

12:47:09.106923 IP localhost.3333 > localhost.37831:

Flags [S.], seq 2476477986, ack 2485057336, win 32768, ..., length 0

12:47:09.106936 IP localhost.37831 > localhost.3333:

Flags [.], ack 2476477987, win 257, ..., length 0

12:47:26.963149 IP localhost.37831 > localhost.3333:

Flags [F.], seq 2485057336, ack 2476477987, win 257, ..., length 0

12:47:26.963244 IP localhost.3333 > localhost.37831:

Flags [F.], seq 2476477987, ack 2485057337, win 256, ..., length 0

12:47:26.963264 IP localhost.37831 > localhost.3333:

Flags [.], ack 2476477988, win 257, ..., length 0

111 /197

Page 114: Network Basics (slides)

State Transition DiagramCLOSED

LISTEN

SYN_RCVD SYN_SENT

ESTABLISHED

FIN_WAIT_1

CLOSE_WAIT

FIN_WAIT_2

CLOSING

TIME_WAIT

LAST_ACK

data transfer state

starting point

2MSL timeout

passive open

active open

simultaneous close

appl: passive open

send: <nothing> appl: active open

send: SYN

appl: send data

send: SYNrecv

: SYN;

send: S

YN, ACK

recv: R

ST

timeoutsend: RST

recv: SYN

send: SYN, ACKsimultaneous open

recv

: SYN

, ACK

send: A

CK

appl: closesend: FIN

recv: ACKsend: <nothing>

recv: FIN

send: ACK

recv: ACKsend: <nothing>

recv: FIN, A

CK

send: ACK

recv: ACK

send: <nothing>

appl:

close

send: F

IN

recv: FIN

send: ACK

recv: FIN

send: ACK

appl: closesend: FIN

appl: close

or timeout

recv: ACK

send: <nothing>

active close

passive close

normal transitions for clientnormal transitions for server

appl: state transitions taken when application issues operationrecv: state transitions taken when segment receivedsend: what is sent for this transition

TCP state transition diagram.

Reprinted from TCP/IP Illustrated, Volume 2: The Implementationby Gary R. Wright and W. Richard Stevens,

Copyright © 1995 by Addison-Wesley Publishing Company, Inc.

Page 115: Network Basics (slides)

netstat

∼$ netstat -nta∼$ netstat -ntap∼$ netstat -ntape∼$ netstat -ntap | grep

ESTAB

∼$ netstat -nlp | grep :80∼$ netstat -nr∼$ netstat -ie∼$ man netstat

113 /197

Page 116: Network Basics (slides)

Sliding Window

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

Send first 8 segments

Receive first 3 acknowledgements

Send next 3 segments

The sliding window serves several purposes:▶ it guarantees the reliable delivery of data▶ it ensures that the data is delivered in order▶ it enforces flow control between the sender and thereceiver.

114 /197

Page 117: Network Basics (slides)

SEC. 6.5 THE INTERNET TRANSPORT PROTOCOLS: TCP 565

client’s acknowledgement shows up, the server releases the connection and

deletes the connection record.

6.5.8 TCP Sliding Window

As mentioned earlier, window management in TCP decouples the issues of

acknowledgement of the correct receipt of segments and receiver buffer alloca-

tion. For example, suppose the receiver has a 4096-byte buffer, as shown in

Fig. 6-40. If the sender transmits a 2048-byte segment that is correctly received,

the receiver will acknowledge the segment. However, since it now has only 2048

bytes of buffer space (until the application removes some data from the buffer), it

will advertise a window of 2048 starting at the next byte expected.

Applicationdoes a 2-KBwrite

Applicationdoes a 2-KBwrite

Applicationreads 2 KB

Sender isblocked

Sender maysend up to 2-KB

Receiver’sbuffer

0 4 KB

2 KB

2 KB

Empty

Full

2 KB SEQ = 0

2 KB SEQ = 2048

1 KB SEQ = 4096

ACK = 2048 WIN = 2048

ACK = 4096 WIN = 0

ACK = 4096 WIN = 2048

2 KB1 KB

Sender Receiver

Figure 6-40. Window management in TCP.

Now the sender transmits another 2048 bytes, which are acknowledged, but

the advertised window is of size 0. The sender must stop until the application

115 /197

Page 118: Network Basics (slides)

116 /197

Page 119: Network Basics (slides)

Packet Lost?Go-Back-N

these unnecessary retransmissions. Imagine, in our message-dictation scenario, thatif every time a word was garbled, the surrounding 1,000 words (for example, a win-dow size of 1,000 words) had to be repeated. The dictation would be slowed by allof the reiterated words.

As the name suggests, selective-repeat protocols avoid unnecessary retransmis-sions by having the sender retransmit only those packets that it suspects werereceived in error (that is, were lost or corrupted) at the receiver. This individual, as-needed, retransmission will require that the receiver individually acknowledge cor-rectly received packets. A window size of N will again be used to limit the number

224 CHAPTER 3 • TRANSPORT LAYER

Sender Receiver

send pkt0

send pkt1

send pkt2

send pkt3

(wait)

rcv ACK0

send pkt4

rcv ACK1

send pkt5

send pkt2

send pkt3

send pkt4

send pkt5

pkt2 timeout

rcv pkt0

send ACK0

rcv pkt1

send ACK1

rcv pkt3, discard

send ACK1

rcv pkt4, discard

send ACK1

rcv pkt5, discard

send ACK1

rcv pkt2, deliver

send ACK2

rcv pkt3, deliver

send ACK3

X(loss)

Figure 3.22 � Go-Back-N in operation

117 /197

Page 120: Network Basics (slides)

ACK lost?

244 CHAPTER 3 • TRANSPORT LAYER

then the ACK is acknowledging one or more previously unacknowledged segments.Thus the sender updates its SendBase variable; it also restarts the timer if there cur-rently are any not-yet-acknowledged segments.

A Few Interesting Scenarios

We have just described a highly simplified version of how TCP provides reliabledata transfer. But even this highly simplified version has many subtleties. To get agood feeling for how this protocol works, let’s now walk through a few simplescenarios. Figure 3.34 depicts the first scenario, in which Host A sends one seg-ment to Host B. Suppose that this segment has sequence number 92 and contains 8bytes of data. After sending this segment, Host A waits for a segment from B withacknowledgment number 100. Although the segment from A is received at B, theacknowledgment from B to A gets lost. In this case, the timeout event occurs, andHost A retransmits the same segment. Of course, when Host B receives theretransmission, it observes from the sequence number that the segment containsdata that has already been received. Thus, TCP in Host B will discard the bytes inthe retransmitted segment.

Time Time

Host A Host B

Timeout

Seq=92, 8 bytes data

Seq=92, 8 bytes data

ACK=100

ACK=100

X(loss)

Figure 3.34 � Retransmission due to a lost acknowledgment

118 /197

Page 121: Network Basics (slides)

246 CHAPTER 3 • TRANSPORT LAYER

Doubling the Timeout Interval

We now discuss a few modifications that most TCP implementations employ. Thefirst concerns the length of the timeout interval after a timer expiration. In this mod-ification, whenever the timeout event occurs, TCP retransmits the not-yet-acknowledged segment with the smallest sequence number, as described above. Buteach time TCP retransmits, it sets the next timeout interval to twice the previousvalue, rather than deriving it from the last EstimatedRTT and DevRTT (asdescribed in Section 3.5.3). For example, suppose TimeoutInterval associatedwith the oldest not yet acknowledged segment is .75 sec when the timer first expires.TCP will then retransmit this segment and set the new expiration time to 1.5 sec. Ifthe timer expires again 1.5 sec later, TCP will again retransmit this segment, nowsetting the expiration time to 3.0 sec. Thus the intervals grow exponentially aftereach retransmission. However, whenever the timer is started after either of the twoother events (that is, data received from application above, and ACK received), the

Time Time

Host A Host B

Seq=92 timeout interval

Seq=92, 8 bytes data

Seq=100, 20 bytes data

ACK=100

ACK=120

X(loss)

Figure 3.36 � A cumulative acknowledgment avoids retransmission of thefirst segment

Page 122: Network Basics (slides)

Selective-repeat

of outstanding, unacknowledged packets in the pipeline. However, unlike GBN, thesender will have already received ACKs for some of the packets in the window.Figure 3.23 shows the SR sender’s view of the sequence number space. Figure 3.24details the various actions taken by the SR sender.

The SR receiver will acknowledge a correctly received packet whether or not itis in order. Out-of-order packets are buffered until any missing packets (that is,packets with lower sequence numbers) are received, at which point a batch of pack-ets can be delivered in order to the upper layer. Figure 3.25 itemizes the variousactions taken by the SR receiver. Figure 3.26 shows an example of SR operation inthe presence of lost packets. Note that in Figure 3.26, the receiver initially bufferspackets 3, 4, and 5, and delivers them together with packet 2 to the upper layer whenpacket 2 is finally received.

It is important to note that in Step 2 in Figure 3.25, the receiver reacknowledges(rather than ignores) already received packets with certain sequence numbers belowthe current window base. You should convince yourself that this reacknowledgmentis indeed needed. Given the sender and receiver sequence number spaces in Figure3.23, for example, if there is no ACK for packet send_base propagating from thereceiver to the sender, the sender will eventually retransmit packet send_base,even though it is clear (to us, not the sender!) that the receiver has already received

3.4 • PRINCIPLES OF RELIABLE DATA TRANSFER 225

send_base nextseqnum

Window sizeN

Key:

Key:

AlreadyACK’d

Sent, notyet ACK’d

Usable,not yet sent

Not usable

Out of order(buffered) butalready ACK’d

Expected, notyet received

Acceptable(withinwindow)

Not usable

a. Sender view of sequence numbers

b. Receiver view of sequence numbers

rcv_base

Window sizeN

Figure 3.23 � Selective-repeat (SR) sender and receiver views ofsequence-number space

120 /197

Page 123: Network Basics (slides)

The lack of synchronization between sender and receiver windows has impor-tant consequences when we are faced with the reality of a finite range of sequencenumbers. Consider what could happen, for example, with a finite range of four packetsequence numbers, 0, 1, 2, 3, and a window size of three. Suppose packets 0 through2 are transmitted and correctly received and acknowledged at the receiver. At thispoint, the receiver’s window is over the fourth, fifth, and sixth packets, which havesequence numbers 3, 0, and 1, respectively. Now consider two scenarios. In the firstscenario, shown in Figure 3.27(a), the ACKs for the first three packets are lost and

pkt0 rcvd, delivered, ACK0 sent

0 1 2 3 4 5 6 7 8 9

pkt1 rcvd, delivered, ACK1 sent

0 1 2 3 4 5 6 7 8 9

pkt3 rcvd, buffered, ACK3 sent

0 1 2 3 4 5 6 7 8 9

pkt4 rcvd, buffered, ACK4 sent

0 1 2 3 4 5 6 7 8 9

pkt5 rcvd; buffered, ACK5 sent

0 1 2 3 4 5 6 7 8 9

pkt2 rcvd, pkt2,pkt3,pkt4,pkt5delivered, ACK2 sent

0 1 2 3 4 5 6 7 8 9

pkt0 sent

0 1 2 3 4 5 6 7 8 9

pkt1 sent

0 1 2 3 4 5 6 7 8 9

pkt2 sent

0 1 2 3 4 5 6 7 8 9

pkt3 sent, window full

0 1 2 3 4 5 6 7 8 9

ACK0 rcvd, pkt4 sent

0 1 2 3 4 5 6 7 8 9

ACK1 rcvd, pkt5 sent

0 1 2 3 4 5 6 7 8 9

pkt2 TIMEOUT, pkt2resent

0 1 2 3 4 5 6 7 8 9

ACK3 rcvd, nothing sent

0 1 2 3 4 5 6 7 8 9

X(loss)

Sender Receiver

Figure 3.26 � SR operation

3.4 • PRINCIPLES OF RELIABLE DATA TRANSFER 227

Page 124: Network Basics (slides)

UDP Datagram

0 7 8 15 16 23 24 31+--------+--------+--------+--------+| Source | Destination || Port | Port |+--------+--------+--------+--------+| | || Length | Checksum |+--------+--------+--------+--------+|| data octets ...+---------------- ...

122 /197

Page 125: Network Basics (slides)

TCP/UDP ReferencesJ. Postel. Transmission Control Protocol. RFC 793(INTERNET STANDARD). Updated by RFCs 1122, 3168,6093, 6528. Internet Engineering Task Force, Sept.1981.J. Postel. User Datagram Protocol. RFC 768 (INTERNETSTANDARD). Internet Engineering Task Force, Aug.1980.Wikipedia. Checksum — Wikipedia, The FreeEncyclopedia. [Online; accessed 24-February-2015].2015.Wikipedia. Transmission Control Protocol — Wikipedia,The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.Wikipedia. User Datagram Protocol — Wikipedia, TheFree Encyclopedia. [Online; accessed21-February-2015]. 2015.

123 /197

Page 126: Network Basics (slides)

Socket Programming

124 /197

Page 127: Network Basics (slides)

UDPClient.py I1 from socket import *2 serverName = 'hostname'3 serverPort = 120004 clientSocket = socket(AF_INET, SOCK_DGRAM)5 message = raw_input('Input lowercase sentence:')6 clientSocket.sendto(message,(serverName, serverPort))7 modifiedMessage, serverAddress = clientSocket.recvfrom(2048)8 print modifiedMessage9 clientSocket.close()

socket(AF_INET, SOCK_DGRAM)▶ AF_INET: using IPv4▶ SOCK_DGRAM: UDP socket▶ clientPort will be generated automatically

125 /197

Page 128: Network Basics (slides)

UDPClient.py IIclientSocket.sendto(message,(serverName,serverPort))1. attaches both the destination address (serverName,

serverPort) and the source address (clientIP,clientPort) to the message

2. send the message

modifiedMessage, serverAddress =clientSocket.recvfrom(2048)1. puts the received message data into modifiedMessage2. puts the source address (IP, Port) into serverAddress

▶ 2048: buffer size

126 /197

Page 129: Network Basics (slides)

UDPServer.py

1 from socket import *2 serverPort = 120003 serverSocket = socket(AF_INET, SOCK_DGRAM)4 serverSocket.bind(('', serverPort))5 print "The server is ready to receive"6 while 1:7 message, clientAddress = serverSocket.recvfrom(2048)8 modifiedMessage = message.upper()9 serverSocket.sendto(modifiedMessage, clientAddress)

serverSocket.bind(('', serverPort))▶ explicitly assigns 12000 to the server’s socket

127 /197

Page 130: Network Basics (slides)

TCP SocketsTwo Sockets at the Server

into but also receives bytes from its socket; similarly, the server process not onlyreceives bytes from but also sends bytes into its connection socket.

We use the same simple client-server application to demonstrate socket program-ming with TCP: The client sends one line of data to the server, the server capitalizesthe line and sends it back to the client. Figure 2.30 highlights the main socket-relatedactivity of the client and server that communicate over the TCP transport service.

TCPClient.py

Here is the code for the client side of the application:

164 CHAPTER 2 • APPLICATION LAYER

Client process Server process

Clientsocket

Welcomingsocket

Three-way handshake

Connectionsocket

bytesbytes

Figure 2.29 � The TCPServer process has two sockets

from socket import *serverName = ’servername’serverPort = 12000clientSocket = socket(AF_INET, SOCK_STREAM)clientSocket.connect((serverName,serverPort))sentence = raw_input(‘Input lowercase sentence:’)clientSocket.send(sentence)modifiedSentence = clientSocket.recv(1024)print ‘From Server:’, modifiedSentenceclientSocket.close()

128 /197

Page 131: Network Basics (slides)

TCPClient.py

1 from socket import *2 serverName = 'servername'3 serverPort = 120004 clientSocket = socket(AF_INET, SOCK_STREAM)5 clientSocket.connect((serverName,serverPort))6 sentence = raw_input('Input lowercase sentence:')7 clientSocket.send(sentence)8 modifiedSentence = clientSocket.recv(1024)9 print 'From Server:', modifiedSentence

10 clientSocket.close()

▶ SOCK_STREAM: TCP socket▶ connect(): initiate the TCP connection (3-way handshake)▶ send(): send out sentence through the client’s socket. Nodestination address needs to be specified

129 /197

Page 132: Network Basics (slides)

TCPServer.py1 from socket import *2 serverPort = 120003 serverSocket = socket(AF_INET,SOCK_STREAM)4 serverSocket.bind(('',serverPort))5 serverSocket.listen(1)6 print 'The server is ready to receive'7 while 1:8 connectionSocket, addr = serverSocket.accept()9 sentence = connectionSocket.recv(1024)

10 capitalizedSentence = sentence.upper()11 connectionSocket.send(capitalizedSentence)12 connectionSocket.close()

▶ serverSocket: the welcoming socket▶ connectionSocket: a socket dedicated to this particularclient

▶ listen(backlog): the server listens for connectionrequests.

▶ backlog: how many non-accept()-ed connections areallowed to be queueing

▶ accept(): whenever a connection request coming,creates a new connectionSocket (handshaking is donehere)

130 /197

Page 133: Network Basics (slides)

Socket References

B. Hall. Beej’s Guide to Network Programming: UsingInternet Sockets. 2012.Wikipedia. Network socket — Wikipedia, The FreeEncyclopedia. [Online; accessed 23-February-2015].2015.

131 /197

Page 134: Network Basics (slides)

Application Layer Protocols

Wang Xiaolin

April 30, 2015

) [email protected]

132 /197

Page 135: Network Basics (slides)

HTTP

133 /197

Page 136: Network Basics (slides)

Apache HTTP Server

HTTP Request(URL + Verb)

HTTP Response(Status code + Message body)

134 /197

Page 137: Network Basics (slides)

HTTP RequestURL

http://en.wikipedia.org/w/index.php?title=Hello&oldid=636846770

protocol

host

resource path

query

~$ curl -v cs2.swfu.edu.cn/index.html

* Connected to cs2.swfu.edu.cn (202.203.132.242) port 80

> GET /index.html HTTP/1.1

> User-Agent: curl/7.38.0

> Host: cs2.swfu.edu.cn

> Accept: */*

>

Request line

Empty line

}Header lines

VerbsGET POST PUT PATCHHEAD OPTIONS DELETE TRACE CONNECT

135 /197

Page 138: Network Basics (slides)

HTTP Response< HTTP/1.1 200 OK

< Date: Thu, 15 Jan 2015 08:18:50 GMT

< Server: Apache/2.4.10 (Debian)

< Last-Modified: Tue, 02 Sep 2014 03:49:24 GMT

< ETag: "1fd-5020d015e5e4a"

< Accept-Ranges: bytes

< Content-Length: 509

< Vary: Accept-Encoding

< Content-Type: text/html

<

<html>

<head>

<title>Hello, world!</title>

</head>

<body>

<h1>Hello, world!</h1>

</body>

</html>

* Connection #0 to host cs2.swfu.edu.cn left intact

Status line

Header lines

Empty line

Data

136 /197

Page 139: Network Basics (slides)

Status Codes

1xx Informational Messagese.g. 104 Connection Reset by Peer

2xx Successfule.g. 200 OK

3xx Redirectione.g. 301 Moved Permanently

4xx Client Errore.g. 404 Not Found

5xx Server Errore.g. 500 Internal Server Error

137 /197

Page 140: Network Basics (slides)

HTTP Transaction

Non-persistent — separate TCP connection

DNS Lookup Connect Send Wait Load

DNS Server Web Server

DNSquery

IPaddress

SYN

SYN,ACK

ACK

HTTP

request HTTP

response

1 st

segment2 n

dsegment

PSH

ACK

3 rd

segmentHTTP_Continue

FIN

138 /197

Page 141: Network Basics (slides)

Persistent — same TCP connection

DNS Lookup Connect Send Wait Load Send Wait Load

DNS Server Web Server

Request I Request II

DNSquery

IPaddress

SYN

SYN,ACK

ACK

HTTP

request HTTP

response

139 /197

Page 142: Network Basics (slides)

Stateless Protocol

A HTTP server maintains no information about the clients.

Advantages▶ Simplifies server design▶ Save server resources (RAM...)▶ Serve more users

Disadvantages▶ Missing information

140 /197

Page 143: Network Basics (slides)

Keeping User State With Cookies

eBay, since Susan has visited that site in the past. As Susan continues to browse theAmazon site, each time she requests a Web page, her browser consults her cookiefile, extracts her identification number for this site, and puts a cookie header linethat includes the identification number in the HTTP request. Specifically, each ofher HTTP requests to the Amazon server includes the header line:

Cookie: 1678

2.2 • THE WEB AND HTTP 109

Client host Server host

usual http request msg

usual http

response

Set-cookie

: 1678

usual http request msg

cookie: 1678

usual http

response

msg

usual http request msg

cookie: 1678

usual http

response

msg

Time

One week later

ebay: 8734

Server createsID 1678 for user

Time

Cookie file

Key:

amazon: 1678ebay: 8734

amazon: 1678ebay: 8734

Cookie-specificaction

access

access

entry in backenddatabase

Cookie-specificaction

Figure 2.10 � Keeping user state with cookies 141 /197

Page 144: Network Basics (slides)

HTTP/2

Quoted from http://http2.github.io/faq/▶ is binary, instead of textual▶ is fully multiplexed, instead of ordered and blocking▶ can therefore use one connection for parallelism▶ uses header compression to reduce overhead▶ allows servers to “push”responses proactively into clientcaches

Feb 2015 (Planned) Publish HTTP/2 as an RFCTry it: chrome://flags/#enable-spdy4

142 /197

Page 145: Network Basics (slides)

HTML

1 <html>2 <head>3 <title>Hello, world!</title>4 </head>5 <body>6 <H1>Hello, world!</H1>7 </body>8 </html>

143 /197

Page 146: Network Basics (slides)

144 /197

Page 147: Network Basics (slides)

HTTP References I

R. Fielding, Y. Lafon, and J. Reschke. Hypertext TransferProtocol (HTTP/1.1): Range Requests. RFC 7233(Proposed Standard). Internet Engineering Task Force,June 2014.R. Fielding, M. Nottingham, and J. Reschke. HypertextTransfer Protocol (HTTP/1.1): Caching. RFC 7234(Proposed Standard). Internet Engineering Task Force,June 2014.R. Fielding and J. Reschke. Hypertext Transfer Protocol(HTTP/1.1): Authentication. RFC 7235 (ProposedStandard). Internet Engineering Task Force, June 2014.R. Fielding and J. Reschke. Hypertext Transfer Protocol(HTTP/1.1): Conditional Requests. RFC 7232 (ProposedStandard). Internet Engineering Task Force, June 2014.

145 /197

Page 148: Network Basics (slides)

HTTP References II

R. Fielding and J. Reschke. Hypertext Transfer Protocol(HTTP/1.1): Message Syntax and Routing. RFC 7230(Proposed Standard). Internet Engineering Task Force,June 2014.R. Fielding and J. Reschke. Hypertext Transfer Protocol(HTTP/1.1): Semantics and Content. RFC 7231(Proposed Standard). Internet Engineering Task Force,June 2014.R. Fielding et al. Hypertext Transfer Protocol –HTTP/1.1. RFC 2616 (Draft Standard). Obsoleted byRFCs 7230, 7231, 7232, 7233, 7234, 7235, updated byRFCs 2817, 5785, 6266, 6585. Internet EngineeringTask Force, June 1999.Wikipedia. HTML — Wikipedia, The Free Encyclopedia.[Online; accessed 21-February-2015]. 2015.

146 /197

Page 149: Network Basics (slides)

HTTP References III

Wikipedia. HTTP cookie — Wikipedia, The FreeEncyclopedia. [Online; accessed 22-February-2015].2015.Wikipedia. HTTP/2 — Wikipedia, The Free Encyclopedia.[Online; accessed 21-February-2015]. 2015.Wikipedia. Hypertext Transfer Protocol — Wikipedia,The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.Wikipedia. LAMP (software bundle) — Wikipedia, TheFree Encyclopedia. [Online; accessed21-February-2015]. 2015.Wikipedia. Stateless protocol — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.

147 /197

Page 150: Network Basics (slides)

Domain Name System

148 /197

Page 151: Network Basics (slides)

Names and Addresses

RFC 791, page 7:A name indicates what we seek.

An address indicates where it is.A route indicates how to get there.

▶ A name (hostname) can be assigned to any device thathas an IP address.

▶ The network software doesn’t require names, but they domake it easier for humans to use the network.

149 /197

Page 152: Network Basics (slides)

$ ssh [email protected]

SSH

TCP

resolver

cs3.swfu.edu.cn

establish connectionwith IP address

cs3.swfu.edu.cn

202.203.132.245

▶ Resolver is normally part of the application▶ The TCP/IP protocols within the kernel know nothingabout the DNS

150 /197

Page 153: Network Basics (slides)

Typical Configuration

Local Host | Foreign

|

+---------+ +----------+ | +--------+

| | user queries | |queries | | |

| User |-------------->| |---------|->|Foreign |

| Program | | Resolver | | | Name |

| |<--------------| |<--------|--| Server |

| | user responses| |responses| | |

+---------+ +----------+ | +--------+

| A |

cache additions | | references |

V | |

+----------+ |

| cache | |

+----------+ |

151 /197

Page 154: Network Basics (slides)

The DNS Name Space Is Hierarchical

The domain hierarchy is similar to the UNIXfilesystem

in t mil n e t com e d u gov org u s u k cn jp d e .. .

google yale mit w h i t e h o u s e wikipedia com gov e d u n e t org .. .

mail calendar m a p s docs r e a d e r plus ocw swfc y n u k m u s t pku t s inghua .. .

lib jwc cs2 cs3 .. .

▶ Organizational: com, edu, gov, mil, net, org, int▶ Geographic: cn, us, uk, jp, de, etc.

152 /197

Page 155: Network Basics (slides)

Translating Names Into Addresses

Two common ways:Host table The old way. /etc/hosts

DNS A distributed database system — Domain NameService (DNS)

153 /197

Page 156: Network Basics (slides)

The Host Table

/etc/hosts127.0.0.1 localhost202.203.132.245 cs3.swfu.edu.cn cs3202.203.132.242 cs2.swfu.edu.cn cs2

It’s still widely used, because:▶ The important hosts on the local network

▶ In case DNS is not running▶ NIS host database▶ Local intranet

154 /197

Page 157: Network Basics (slides)

All hosts connected to the Internet should useDNS

The old host table system is inadequate for theglobal Internet for two reasons:1. inability to scale2. lack of an automated update process.

Old storyPrior to adopting DNS, the Network Information Center (NIC)maintained a large table of Internet hosts called the NIC hosttable. Hosts included in the table were called registeredhosts, and the NIC placed hostnames and addresses into thisfile for all sites on the Internet.

155 /197

Page 158: Network Basics (slides)

Domain Name System

▶ Scales well▶ Doesn’t rely on a single large table▶ Distributed database system that doesn’t bog down as thedatabase grows

DNS currently provides information on approximately16,000,000 hosts, while less than 10,000 are listed in thehost table.

▶ Guarantees that new host information will bedisseminated to the rest of the network as it is needed

156 /197

Page 159: Network Basics (slides)

DNS softwares

DNSresolver

DNSserver

DNS query

DNS response

The resolver asks the questions.The name server answers the questions.

157 /197

Page 160: Network Basics (slides)

With DNS, information is automaticallydisseminated, and only to those who areinterested.

▶ If a DNS server receives a request for information abouta host for which it has no information, it passes on therequest to an authoritative server.An authoritative server is any server responsible for

maintaining accurate information about thedomain being queried.

▶ When the authoritative server answers, the local serversaves (caches) the answer for future use.

▶ The next time the local server receives a request for thisinformation, it answers the request itself.

158 /197

Page 161: Network Basics (slides)

Resource Records

What’s associated with a domain name?Type Meaning ValueA IP address of a host 32-bit integerNS Name Server Name of a server for this

domainMX Mail eXchange Priority, domain willing to

accept emailHINFO Host INFOrmation CPU and OS in ASCIICNAME Canonical NAME Domain namePTR PoinTeR Alias for an IP address

When a resolver gives a domain name to DNS, what it getsback are the resource records associated with that name.

159 /197

Page 162: Network Basics (slides)

Resource Records Examplewx672@cs2:~$ host -a mirrors.ustc.edu.cn

Trying "mirrors.ustc.edu.cn"

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4421

;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:

;mirrors.ustc.edu.cn. IN ANY

;; ANSWER SECTION:

mirrors.ustc.edu.cn. 600 IN AAAA 2001:da8:d800:95::110

mirrors.ustc.edu.cn. 600 IN A 202.38.95.110

mirrors.ustc.edu.cn. 594 IN NS f1g1ns2.dnspod.net.

mirrors.ustc.edu.cn. 594 IN NS f1g1ns1.dnspod.net.

;; AUTHORITY SECTION:

mirrors.ustc.edu.cn. 594 IN NS f1g1ns1.dnspod.net.

mirrors.ustc.edu.cn. 594 IN NS f1g1ns2.dnspod.net.

;; ADDITIONAL SECTION:

f1g1ns1.dnspod.net. 33536 IN A 111.30.132.180

f1g1ns1.dnspod.net. 33536 IN A 113.108.80.138

f1g1ns2.dnspod.net. 33536 IN A 101.226.30.224

f1g1ns2.dnspod.net. 33536 IN A 112.90.82.194

Received 323 bytes from 202.203.132.100#53 in 6598 ms

160 /197

Page 163: Network Basics (slides)

Recursive Query

flits.cs.vu.nl wants to know the IP address oflinda.cs.yale.edu

OriginatorVU CS

name serverYale

name serverYale CS

name serverEdu

name server

cs.vu.nl edu-server.net yale.edu cs.yale.eduflits.cs.vu.nl

1

8

2

7

3

6

4

5

Fig. 7-5. How a resolver looks up a remote name in eight steps.

161 /197

Page 164: Network Basics (slides)

Non-recursive Query

The remote server tells the local server who to asknext

LocalDNS server

(dns.swfu.edu.cn)almond.nuts.com

Root DNS server(dns.edu.cn)

pack.plant.nuts.com

sale.plant.nuts.com

plant.nuts.com NS pack.plant.nuts.com

sale.plant.nuts.

com

nuts.comNS almond.n

uts.com

sale.plant.nuts.comsale.plant.nuts.com A 172.16.6.4

162 /197

Page 165: Network Basics (slides)

DNS Message Format

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5

+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ DNS

| ID | message

+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+

|QR| Opcode |AA|TC|RD|RA| Z | RCODE | | Header |

+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+

| QDCOUNT | | Question |

+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+

| ANCOUNT | | Answer |

+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+

| NSCOUNT | | Authority |

+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+

| ARCOUNT | | Additional |

+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ +------------+

163 /197

Page 166: Network Basics (slides)

wx672@debian:~$ host -a cs2.swfu.edu.cn

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22237

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;cs2.swfu.edu.cn. IN ANY

;; ANSWER SECTION:

cs2.swfu.edu.cn. 3600 IN A 202.203.132.242

Received 49 bytes from 127.0.0.1#53 in 1161 ms

Flagsqr: Query-Response

0: query1: response

rd: Recursion Desiredra: Recursion Available

164 /197

Page 167: Network Basics (slides)

tcpdump

wx672@debian:~$ host -a cs2.swfu.edu.cn

wx672@debian:~$ sudo tcpdump -i wlan0 -n port 53

09:30:29.860901 IP 192.168.1.109.34075 > 114.114.115.115.53:

34035+ ANY? cs2.swfu.edu.cn. (33)

09:30:29.979390 IP 114.114.115.115.53 > 192.168.1.109.34075:

34035 1/0/0 A 202.203.132.242 (49)

34035 – id+ – rd=1

ANY? – query type33/49 – UDP payload length1/0/0 – 1 answer RR; 0 authority RR; 0 additional RR.

A – IPv4 address

165 /197

Page 168: Network Basics (slides)

Name Servers

The three main categories of name servers are:Primary server: gets its information from a disk file

▶ It has complete information about its domainand its response is always accurate.

Secondary server: obtains all the information from theprimary

▶ It’s a backup serverCaching-only server: it just remembers the answers to

previous lookups in case the same lookup isperformed again.

166 /197

Page 169: Network Basics (slides)

DNS References

P.V. Mockapetris. Domain names - concepts andfacilities. RFC 1034 (INTERNET STANDARD). Updatedby RFCs 1101, 1183, 1348, 1876, 1982, 2065, 2181,2308, 2535, 4033, 4034, 4035, 4343, 4035, 4592,5936. Internet Engineering Task Force, Nov. 1987.P.V. Mockapetris. Domain names - implementation andspecification. RFC 1035 (INTERNET STANDARD).Updated by RFCs 1101, 1183, 1348, 1876, 1982, 1995,1996, 2065, 2136, 2181, 2137, 2308, 2535, 2673,2845, 3425, 3658, 4033, 4034, 4035, 4343, 5936,5966, 6604. Internet Engineering Task Force, Nov.1987.Wikipedia. Domain Name System — Wikipedia, TheFree Encyclopedia. [Online; accessed 23-April-2015].2015.

167 /197

Page 170: Network Basics (slides)

Mail Services

168 /197

Page 171: Network Basics (slides)

E-mail Protocols

Proprietary protocols:Microsoft: Outlook client ⇐⇒ Exchange server

IBM: Notes client ⇐⇒ Domino server

Open standards:SMTP: Simple Mail Transfer Protocol, RFC2821POP3: Post Office Protocol, RFC1939MIME: Multipurpose Internet Mail Extensions, RFC2045,

RFC2046, RFC2047, RFC2048, RFC2049IMAP4: Interactive Mail Access Protocol, RFC3501

169 /197

Page 172: Network Basics (slides)

SMTP Transports A Mail Object

A Mail Object

a mailobject

a mailenve lope

mailc o n t e n t

an orig_addr

rcpt_addrs

.. .

h eade r s

body

orig-date

from

t o

.. .

170 /197

Page 173: Network Basics (slides)

A Physical Mail

Immanuel Kant (Dr.)Konigsberg, PrussiaGerman

March 1, 2015

Dr. WhoeverDepartment of Unknown,University of Whatever,London, SE18 3ABUK

Dear Dr. Whoever,

As any dedicated reader can clearly see, the Ideal of practical reason is a rep-resentation of, as far as I know, the things in themselves; as I have shown else-where, the phenomena should only be used as a canon for our understanding.The paralogisms of practical reason are what first give rise to the architectonicof practical reason. As will easily be shown in the next section, reason wouldthereby be made to contradict, in view of these considerations, the Ideal of prac-tical reason, yet the manifold depends on the phenomena. Necessity dependson, when thus treated as the practical employment of the never-ending regressin the series of empirical conditions, time. Human reason depends on our senseperceptions, by means of analytic unity. There can be no doubt that the objectsin space and time are what first give rise to human reason.

Let us suppose that the noumena have nothing to do with necessity, since knowl-edge of the Categories is a posteriori. Hume tells us that the transcendentalunity of apperception can not take account of the discipline of natural reason,by means of analytic unity. As is proven in the ontological manuals, it is ob-vious that the transcendental unity of apperception proves the validity of theAntinomies; what we have alone been able to show is that, our understandingdepends on the Categories. It remains a mystery why the Ideal stands in needof reason. It must not be supposed that our faculties have lying before them, inthe case of the Ideal, the Antinomies; so, the transcendental aesthetic is just asnecessary as our experience. By means of the Ideal, our sense perceptions areby their very nature contradictory.

Yours sincerely,

Immanuel Kant

171 /197

Page 174: Network Basics (slides)

The SMTP Basic Structure+------+ +------+ +------+

| User |<-->| | SMTP | |

+------+ | SMTP |Commands/Replies| SMTP |

+------+ |Client|<-------------->|Server| +------+

| File |<-->| | and Mail | |<-->| File |

|System| | | | | |System|

+------+ +------+ +------+ +------+

▶ TCP, port 25

172 /197

Page 175: Network Basics (slides)

Unix File SystemROOT

bin boot dev etc home var

grub passwd staff stud mail

wx672 101152001

dir

file

101152001

173 /197

Page 176: Network Basics (slides)

SMTP Commandswx672@cs3:~$ nc localhost 25

220 cs3.swfu.edu.cn ESMTP Exim 4.72 Sun, 16 Oct 2011 22:29:29 +0800

help

214-Commands supported:

214 AUTH HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP

▶ More commands can be available, depending on yourSMTP server configuration.

174 /197

Page 177: Network Basics (slides)

A Simple ProtocolA SMTP Session

wx672@debian:~$ nc cs3.swfc.edu.cn smtp

220 cs3.swfu.edu.cn ESMTP Exim 4.72

Sun, 16 Oct 2011 22:18:22 +0800

helo debian

250 cs3.swfc.edu.cn Hello debian [192.168.128.5]

mail from:<wx672@debian>

250 OK

rcpt to:<[email protected]>

250 Accepted

data

354 Enter message, ending with "." on a line by itself

Hello, there!

.

250 OK id=1DMJra-0007IR-01

quit

221 cs3.swfc.edu.cn closing connection

wx672@debian:~$

175 /197

Page 178: Network Basics (slides)

Post Office Protocol v3

POP2 port 109POP3 port 110

The POP protocols verify the user’slogin name and password, and movethe user’s mail from the server to theuser’s local mail reader.

A POP3 Session$ nc cs3 110

+OK Dovecot ready.

user wx672

+OK

pass topsecrete

+OK Logged in.

stat

+OK 3 459

retr 1

+OK 146 octets

The full text of message 1

dele 1

+OK message # 1 deleted

retr 2

+OK 155 octets

The full text of message 2

dele 2

+OK message # 2 deleted

retr 3

+OK 158 octets

The full text of message 3

dele 3

+OK message # 3 deleted

quit

+OK Logging out.

176 /197

Page 179: Network Basics (slides)

IMAP — Internet Message Access Protocol

▶ port 143

Advantages over POP3▶ Both connected and disconnected modes of operation▶ Multiple clients can simultaneously connect to the samemailbox

▶ Access to MIME parts of messages and partial fetch▶ Message state information kept on the server▶ Multiple mailboxes on the server▶ Server-side searches▶ A built-in extension mechanism

177 /197

Page 180: Network Basics (slides)

An IMAP session$ nc cs3 143

* OK Dovecot ready.

a001 login wx672 topsecrete

a001 OK Logged in.

a002 select inbox

* FLAGS (/Answered /Flagged /Deleted /Seen /Draft)

* OK [PERMANENTFLAGS (/Answered /Flagged /Deleted /Seen /Draft /*)] Flags permitted.

* 15 EXISTS

* 0 RECENT

* OK [UIDVALIDITY 1174505444] UIDs valid

* OK [UIDNEXT 184] Predicted next UID

a002 OK [READ-WRITE] Select completed.

a004 fetch 1 full

* 1 FETCH (FLAGS (/Seen) INTERNALDATE "16-Oct-2011 22:40:55 +0800" RFC822.SIZE 629 ENVELOPE ("Sun, 16 Oct 2011 22:40:19 +0800" NIL ((NIL NIL "stud" "debian")) ((NIL NIL "stud" "debian")) ((NIL NIL "stud" "debian")) NIL NIL NIL NIL "<[email protected]>") BODY ("text" "plain" ("charset" "us-ascii") NIL NIL "7bit" 55 4))

a004 OK Fetch completed.

a006 fetch 1 body[text]

* 1 FETCH (BODY[TEXT] 55

hello ,there!

)

a006 OK Fetch completed.

a007 logout

* BYE Logging out

a007 OK Logout completed.

178 /197

Page 181: Network Basics (slides)

Disadvantages of IMAP▶ IMAP is a very heavy and complicated protocol▶ IMAP generally results in higher server loads than POP3▶ Server-side searches can potentially use lots of serverresources when searching massive mailboxes

179 /197

Page 182: Network Basics (slides)

Multipurpose Internet Mail Extensions

▶ SMTP supports only 7-bit ASCII characters.▶ MIME standard defines mechanisms for emailing otherkinds of information, e.g.

▶ text in languages other than English,▶ files containing images, sounds, movies,▶ computer programs

▶ HTTP/MIME

180 /197

Page 183: Network Basics (slides)

A Typical Mail HeaderReceived: from 20030704041 by cs2.swfc.edu.cn with local (Exim 4.50)

id 1GSusu-0001D0-NT

for [email protected]; Thu, 28 Sep 2006 20:21:00 +0800

Date: Thu, 28 Sep 2006 20:21:00 +0800

To: WANG Xiaolin <[email protected]>

Subject: ipv6

Message-ID: <[email protected]>

Mime-Version: 1.0

Content-Type: text/plain; charset=utf-8

Content-Disposition: inline

Content-Transfer-Encoding: 8bit

User-Agent: Mutt/1.5.9i

From: [email protected]

X-SA-Exim-Connect-IP: <locally generated>

X-SA-Exim-Rcpt-To: [email protected]

X-SA-Exim-Mail-From: [email protected]

X-SA-Exim-Scanned: No (on cs2.swfc.edu.cn); SAEximRunCond expanded to false

X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on cs2.swfc.edu.cn

X-Spam-Level: *

X-Spam-Status: No, score=1.0 required=5.0 tests=ALL_TRUSTED,AWL,FROM_ALL_NUMS,

FROM_ENDS_IN_NUMS,FROM_STARTS_WITH_NUMS,NO_REAL_NAME autolearn=no

version=3.0.3

Status: RO

Content-Length: 240

Lines: 3

X-UID: 351

X-Keywords:

181 /197

Page 184: Network Basics (slides)

Spam

Spam: ▶ Any kind of un-wanted email messages.▶ The action of sending such kinds ofmessages to usenet newsgroups, mailinglists, or any other individuals.

▶ by year 2000, 7% of Internet mails were spam;▶ by year 2004, 60% were spam.▶ Bill Gates receives nearly 4 million emails a day – most ofwhich are spam.

182 /197

Page 185: Network Basics (slides)

How Spam Works?

1. Collecting Email Addresses (Sniffing, Web Registration,Mailing List and Newsgroup, etc.)

2. Open Relay — an SMTP server configured in such a waythat it allows anyone on the Internet to relay (i.e. send)email through it.

3. Open Proxy — a proxy which is misconfigured to allowaccess to anyone on the internet.

183 /197

Page 186: Network Basics (slides)

Relayed Mail Scenariowx672@cs2:~$ nc wx672.3322.org smtp

220 wx672.3322.org ESMTP Exim 4.50

Tue, 03 Oct 2006 10:13:04 +0800

ehlo cs2.swfc.edu.cn

250-wx672.3322.org Hello cs2.swfc.edu.cn

[202.203.132.242]

250-SIZE 52428800

250-PIPELINING

250 HELP

mail from:<[email protected]>

250 OK

rcpt to:<@wx672.3322.org:[email protected]>

250 Accepted

data

354 Enter message, ending with "." on a line by itself

Hello, this is a message to [email protected]

relayed by the smtp server at wx672.3322.org

.

250 OK id=1DSQRt-0000jC-T0

quit

221 wx672.3322.org closing connection

184 /197

Page 187: Network Basics (slides)

Common Technologies Of Anti-Spams

▶ DNSBL — DNS-based Blackhole List▶ Bayesian Filtering:

P(spam|words) = P(words|spam)P(spam)

P(words)

▶ Greylisting — ”normal” MTAs should attempt retries ifgiven an appropriate temporary failure code for adelivery attempt.

185 /197

Page 188: Network Basics (slides)

Mail References I

M. Crispin. INTERNET MESSAGE ACCESS PROTOCOL -VERSION 4rev1. RFC 3501 (Proposed Standard).Updated by RFCs 4466, 4469, 4551, 5032, 5182, 5738,6186, 6858. Internet Engineering Task Force, Mar.2003.N. Freed and N. Borenstein. Multipurpose Internet MailExtensions (MIME) Part One: Format of InternetMessage Bodies. RFC 2045 (Draft Standard). Updatedby RFCs 2184, 2231, 5335, 6532. Internet EngineeringTask Force, Nov. 1996.J. Klensin. Simple Mail Transfer Protocol. RFC 2821(Proposed Standard). Obsoleted by RFC 5321, updatedby RFC 5336. Internet Engineering Task Force, Apr.2001.

186 /197

Page 189: Network Basics (slides)

Mail References IIJ. Myers and M. Rose. Post Office Protocol - Version 3.RFC 1939 (INTERNET STANDARD). Updated by RFCs1957, 2449, 6186. Internet Engineering Task Force,May 1996.Wikipedia. Internet Message Access Protocol —Wikipedia, The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.Wikipedia. MIME — Wikipedia, The Free Encyclopedia.[Online; accessed 21-February-2015]. 2015.Wikipedia. Post Office Protocol — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.Wikipedia. Simple Mail Transfer Protocol — Wikipedia,The Free Encyclopedia. [Online; accessed21-February-2015]. 2015.

187 /197

Page 190: Network Basics (slides)

FTP

188 /197

Page 191: Network Basics (slides)

+-----------+

|+---------+|

|| User || +------+

||Interface|<--->| User |

|+----^----+| +------+

+--------+ | | |

|+------+| FTP Commands |+----V----+|

||Server|<---------------->| User ||

|| PI || FTP Replies || PI ||

|+--^---+| |+----^----+|

| | | | | |

+------+ |+--V---+| Data |+----V----+| +------+

| File |<--->|Server|<---------------->| User |<--->| File |

|System| || DTP || Connection || DTP || |System|

+------+ |+------+| |+---------+| +------+

+--------+ +-----------+

Server-FTP USER-FTP

189 /197

Page 192: Network Basics (slides)

An Active FTP Session

Control sessionwx672@cs3:~$ nc cs2 ftp

220 (vsFTPd 2.0.5)

user wx672

331 Please specify the password.

pass secret

230 Login successful.

port 202,203,132,244,100,0

200 PORT command successful. Consider using PASV.

nlst

150 Here comes the directory listing.

226 Directory send OK.

quit

221 Goodbye.

To see FTP data session:▶ wx672@cs3:∼$ nc -l 25600

100× 256 + 0 = 25600

190 /197

Page 193: Network Basics (slides)

A Passive FTP SessionControl session

wx672@cs3:~$ nc cs2 ftp

220 (vsFTPd 2.0.5)

user wx672

331 Please specify the password.

pass secret

230 Login successful.

pasv

227 Entering Passive Mode (202,203,132,242,36,5)

list

150 Here comes the directory listing.

quit

221 Goodbye.

To see FTP data session:▶ wx672@cs3:∼$ nc cs2 9221

36× 256 + 5 = 9221

191 /197

Page 194: Network Basics (slides)

Active FTP vs. Passive FTP

In active mode: Server initiates data connection to client’sdata port.

In passive mode: Client initiates data connection to randomport specified by server.

192 /197

Page 195: Network Basics (slides)

Why Passive Mode?

Active mode doesn’t work with firewall

192.168.1.340.30.20.10

FTP Commandport 192,168,1,3,100,0

Internet

12.13.14.15192.168.1.1

NAT Table Sourrc NAT Router IP:Port IP:Port192.168.1.3:8910 12.13.14.15:7

FTP

Ethernet

IP

TCP

Ethernet

IP

FTP

Ethernet

IP

TCPFTP Command

port 192,168,1,3,100,0IP Header

Src IP:192.168.1.3

FTP Commandport 192,168,1,3,100,0

IP HeaderSrc IP:12.13.14.15

FTP Command SYN 192,168,1,3,100,0

IP HeaderDst IP:192.168.1.3

FTP Active Mode

193 /197

Page 196: Network Basics (slides)

FTP References

S. Bellovin. Firewall-Friendly FTP. RFC 1579(Informational). Internet Engineering Task Force, Feb.1994.J. Postel and J. Reynolds. File Transfer Protocol. RFC959 (INTERNET STANDARD). Updated by RFCs 2228,2640, 2773, 3659, 5797, 7151. Internet EngineeringTask Force, Oct. 1985.Wikipedia. File Transfer Protocol — Wikipedia, The FreeEncyclopedia. [Online; accessed 21-February-2015].2015.

194 /197

Page 197: Network Basics (slides)

Peer-to-Peer Applications

195 /197

Page 198: Network Basics (slides)

BitTorrent

To determine which requests she responds to, BitTorrent uses a clever tradingalgorithm. The basic idea is that Alice gives priority to the neighbors that are cur-rently supplying her data at the highest rate. Specifically, for each of her neighbors,Alice continually measures the rate at which she receives bits and determines the fourpeers that are feeding her bits at the highest rate. She then reciprocates by sendingchunks to these same four peers. Every 10 seconds, she recalculates the rates and pos-sibly modifies the set of four peers. In BitTorrent lingo, these four peers are said tobe unchoked. Importantly, every 30 seconds, she also picks one additional neighborat random and sends it chunks. Let’s call the randomly chosen peer Bob. In BitTor-rent lingo, Bob is said to be optimistically unchoked. Because Alice is sending datato Bob, she may become one of Bob’s top four uploaders, in which case Bob wouldstart to send data to Alice. If the rate at which Bob sends data to Alice is high enough,Bob could then, in turn, become one of Alice’s top four uploaders. In other words,every 30 seconds, Alice will randomly choose a new trading partner and initiate trad-ing with that partner. If the two peers are satisfied with the trading, they will put eachother in their top four lists and continue trading with each other until one of the peersfinds a better partner. The effect is that peers capable of uploading at compatible ratestend to find each other. The random neighbor selection also allows new peers to get

150 CHAPTER 2 • APPLICATION LAYER

Tracker

Trading chunks

Peer

Obtainlist ofpeers

Alice

Figure 2.26 � File distribution with BitTorrent196 /197

Page 199: Network Basics (slides)

P2P References

Bram Cohen. The BitTorrent Protocol Specification,Version 11031. Jan. 10, 2008.Wikipedia. BitTorrent — Wikipedia, The FreeEncyclopedia. [Online; accessed 22-February-2015].2015.

197 /197