19 - people.eecs.berkeley.edumesser/netappc/slides/19c.pdf · • protocol layering: one service...
TRANSCRIPT
![Page 1: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/1.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
1
Understanding Networked Applications:A First Course
Chapter 19
by
David G. Messerschmitt
Understanding Networked Applications:A First Course
Protocol architecture
by
David G. Messerschmitt
![Page 2: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/2.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
2
Understanding Networked Applications A First Course3
Summary
• Network architecture
• Internet protocols
• Some network security issues
Understanding Networked Applications A First Course4
Key ideas
• Packet encapsulation: one packet can beencapsulated in another
• Packet fragmentation: one packet can besplit into two or more packets andencapsulated
• Protocol layering: one service can belayered on another by fragmentation andencapsulation
![Page 3: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/3.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
3
Understanding Networked Applications A First Course5
Original packet
Packet encapsulated in another packet
Encapsulated again
Encapsulated packet
Original packet
Newheader
Original packet(including its header)is payload of new packet
Understanding Networked Applications A First Course6
Original packet
Divide into packet fragments
New packets
Reassembled original packet
Header Payload
![Page 4: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/4.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
4
Understanding Networked Applications A First Course7
Layer n+1 Layer n+1
Layer n Layer n
Layer n+1 protocol header
Layer nprotocol header
Encapsulated layer n+1packet, including header
Peer-to-peer communication
Understanding Networked Applications A First Course8
Layered protocol modularity
• Layer n+1 protocol is logically peer-to-peer
• Layer n+1 protocol depends on services of layer n
• Layer n+1 packets are encapsulated in layer npackets
• Layer n+1 never sees layer n packet headers
• Layer n ignores layer n+1 packet headers (part ofpayload)
![Page 5: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/5.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
5
Understanding Networked Applications A First Course9
Key ideas (again)
• Packet encapsulation: one packet can beencapsulated in another
• Packet fragmentation: one packet can besplit into two or more packets andencapsulated
• Protocol layering: one service can belayered on another by fragmentation andencapsulation
Understanding Networked Applications A First Course10
IP IP IP
Network 1 Network 2
TCP or UDP TCP or UDP
Host A Host B
ORB ORB
Application Application
Switch
N 2N 1
IIOP IIOP
LogicalPhysical
Lay
erin
g
IETF/OMG Layers
![Page 6: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/6.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
6
Understanding Networked Applications A First Course11
TCP or UDP TCP or UDP
Host A Host B
Application Application
Internet: logical view
The constituent networks are not visible to theapplication; TCP/UDP does not reside in packetswitches
Peer-to-peer
Understanding Networked Applications A First Course12
IP IP IP
Network 1 Network 2
Host A Host BSwitch
N 2N 1
Internet: physical view
IP serves to connect heterogeneousnetworks into an internetwork
![Page 7: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/7.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
7
Understanding Networked Applications A First Course13
What IP does do
• Allow packets to traverse multiple networks
• Deliver packet to specified destination host
• Best effort: deliver as reliably and as soonas it can
Understanding Networked Applications A First Course14
What IP Doesn’t Do
• Guarantee latency for packets that are delivered
• Guarantee delivery, or notify source host if packet is notdelivered
• Guarantee order of delivery
• Guarantee integrity of packet payload
• Maintain conversational context (each packet isindependent)
• Specify what process that should receive the packet atdestination host
![Page 8: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/8.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
8
Understanding Networked Applications A First Course15
Version Priority FlowLabelPayloadLen NextHeader HopLimit
SourceAddress
DestinationAddress
32 bits
IP header
Understanding Networked Applications A First Course16
Transport services: UDP andTCP
• Direct packet to a particular process
• UDP adds:– Payload integrity for packets delivered
• TCP adds:– Reliable delivery of bytestream session
![Page 9: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/9.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
9
Understanding Networked Applications A First Course17
Process
Host
Process
HostIP: host-to-host
TCP
UDP
Process-to-
process
IP: Best-effort datagram
UDP: best-effort datagram with payload integrity
byte byte byte byte byte byte• • • • • •
TCP: reliable bi-directional bytestream
Comparison of services
Understanding Networked Applications A First Course18
PortProcess
Host
PortProcess
HostIP: host-to-host
SourcePort DestinationPort
(rest of UDP or TCP header)
32 bits
Encapsulatedin IP packet
UDP/TCP ports(publish/subscribe)
![Page 10: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/10.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
10
Understanding Networked Applications A First Course19
HTTP Service
• Client can make requests– GET (pull)
– POST (push)
– (some others)
• Server responds– HTTP headers
– HTML document• or JPEG, or GIF, or…
Understanding Networked Applications A First Course20
URL Structure
• <scheme>://<host>:<port>/<path>
• Scheme– HTTP, FTP, GOPHER, MAILTO, ...
• Host– An IP address or DNS name
• Port– TCP port number
– Optional (defaults to 80 for http)
![Page 11: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/11.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
11
Understanding Networked Applications A First Course21
HTTP example
• When a browser fetcheshttp://www.si.umich.edu/~presnick/– http:// says to use HTTP protocol
– Resolve www.si.umich.edu in DNS• 141.211.203.34
– Make TCP connection• 141.211.203.34, port 80
– Send the following text string• GET /~presnick/
Understanding Networked Applications A First Course22
Server sends back
HTTP/1.1 200 OK
Date: Mon, 22 Dec 1997 15:12:32 GMT
Server: Apache/1.2.4
Last-Modified: Thu, 04 Dec 1997 16:26:10 GMT
ETag: "5f2f2-33fd-3486d9a2"
Content-Length: 13309
Accept-Ranges: bytes
Connection: close
Content-Type: text/html
<HTML> ….
![Page 12: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/12.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
12
Understanding Networked Applications A First Course23
HTML<H1>Paul Resnick</H1><IMG SRC="RESNICK.gif" ALT="[PHOTO]" HSPACE=10 ALIGN=LEFT><BR>Associate Professor<BR>University of Michigan<BR>School of Information<BR>314 West Hall<BR>550 East University Avenue<BR>Ann Arbor, MI 48109-1092<BR>[email protected]
Understanding Networked Applications A First Course24
What Browsers Send to Servers
• Your IP address
• The browser type
• The refer link– What URL you last looked at
• Cookies (persistent client state for a URL)– Server response can include a set-cookie header
– Browser saves the cookie
– Browser resends to server next time
![Page 13: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/13.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
13
Understanding Networked Applications:A First Course
How TCP works
by
David G. Messerschmitt
Understanding Networked Applications A First Course26
Aggregating byte stream
byte byte byte byte byte byte• • • • • •
byte byte bytebyte byte • • •• • •
Original bytes are aggregated and….
….encapsulated in TCP packets, witha sequence number included in the TCP header
byte byte bytebyte byte
The TCP packets are encapsulated in IP packets
![Page 14: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/14.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
14
Understanding Networked Applications A First Course27
TCP connections• TCP establishes a session with ordered and
bidirectional reliable delivery of bytes– Establishment:
• Inform receiving port of connection
• Initialize packet sequence number
• Congestion and flow control state
– Disestablishment• By either peer
• Free state and resources
Understanding Networked Applications A First Course28
HTTP uses TCP
• Often have to request another page– e.g., image
• HTTP/1.0 requires a new TCP session foreach– Overhead of session establishment
• HTTP/1.1 permits reuse of one TCP sessionfor multiple requests
![Page 15: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/15.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
15
Understanding Networked Applications A First Course29
Source DestinationSource Destination
✖
Tim
eout
ACK
ACK
Reliable packet delivery:acknowledgement and resending
IP is used tosend TCPpackets andreturn ACK
IP loses packets
Understanding Networked Applications A First Course30
DestinationSource DestinationSource
ACK
ACK
ACK
ACK
ACK
TaskConcurrenttasks forhigherthroughput
Packets canbe reorderedusing sequencenumber
![Page 16: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/16.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
16
Understanding Networked Applications A First Course31
TCP Congestion
• If link is congested– Switch queue for that link fills up
– Drops packets
• Source resends non-ACK’ed packets– Makes congestion worse
Understanding Networked Applications A First Course32
TCP Congestion Control
• Voluntary source-imposed policy– Source controls the number of non-ACK’ed
packets that have been sent• Controls the number of concurrent sends, and hence
packet throughput
– Slow start, slowly increase rate
– Monitor non-ACK’s and delay of ACK’s toestimate congestion
– Quickly decrease if congestion detected
![Page 17: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/17.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
17
Understanding Networked Applications A First Course33
TCP congestion control flaws
• “Fairness criterion”– Maybe “equal division” of resources is not what is
wanted
• Estimating congestion by retransmission is flawedfor wireless links
• Depends on accurate implementation -- cheatingpossible
• Application can avoid congestion control by usingUDP
Understanding Networked Applications A First Course34
TCP Flow Control
• Recall that this is to avoid recipient frombeing overwhelmed
• Recipient must control source
• Recipient explicitly requests lower send rate– MaxUnackedPackets is a parameter of ACK’s
![Page 18: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/18.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
18
Understanding Networked Applications A First Course35
AB
C
D
Multicasting• So far, we’ve assumed node A sends to B
• Multicasting: node A sends same message to B, C, and D– Could set up A-B, A-C, and A-D connections
– But A becomes a bottleneck• Handling ACKS and resends
– And it’s inefficient• Some intermediate nodes may receive the message several times
• Multicast protocols try to have A send only once– Intermediate nodes do more work
Understanding Networked Applications:A First Course
Domain Name System
by
David G. Messerschmitt
![Page 19: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/19.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
19
Understanding Networked Applications A First Course37
NS
Hosts
sims.berkeley.eduNS
eecs.berkeley.edu
berkeley.edu
NSNS
“root”
Understanding Networked Applications A First Course38
NS
NS
berkeley.edu
NS
“root”
sims.berkeley.edu
NS
watson.ibm.com
info.sims.berkeley.edu
tj.watson.ibm.com
Delegate name search to localname server
Local server cachesrecent search results
berkeley.edu
sims.berkeley.edu
![Page 20: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/20.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
20
Understanding Networked Applications:A First Course
Supplements
by
David G. Messerschmitt
Understanding Networked Applications:A First Course
Network security
by
David G. Messerschmitt
![Page 21: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/21.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
21
Understanding Networked Applications A First Course41
Network security
• Some things to worry about:– Sniffing
– Spoofing
– Security flaws in public servers
Understanding Networked Applications A First Course42
Improving security
• Security tools covered earlier
• Firewalls: a place where security policiescan be enforced– Who gains access
– What servers (ports) can be accessed
– What hosts can be accessed
– What protocols can pass
– Other security policies can be enforced
![Page 22: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/22.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
22
Understanding Networked Applications A First Course43
Firewall
Bastionhosts
Internalhosts
Global Internet
Secondfirewall
Public hosts
Protected enclave
Understanding Networked Applications A First Course44
Problems with firewalls
• “Benign internal users” assumption is naïve
• Obstacle to deployment of innovative applicationsand services
• Increasingly organizations want to extend extranetto suppliers and customers
• Solution: resource-based rather than enclave-basedsecurity– Analogy: border patrol not enough, need secure
buildings and vehicles, guards, police, etc.
![Page 23: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/23.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
23
Understanding Networked Applications A First Course45
Where to use encryption
• Per link (wireless)
• Firewall-to-firewall (extranet)
• Host-to-host (IPsec)
• Process-to-process (TCP-SSL)
• Application What are somestrengths andweaknesses inthese approaches?
Understanding Networked Applications A First Course46
Packet structure
Header:
Information for switches
Serves as protocol message
Payload:
Data for application
Ignored by network andprotocol
(Qualification: may alsobe encapsulated packet)
Packet length limited bynetwork policy
![Page 24: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/24.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
24
Understanding Networked Applications A First Course47
Process
Host
Process
HostIP: host-to-host
TCP
UDP
Process-to-
process
Protocol endpointsInternetworking layer focuseson getting datagrams from onehost to another
Transport layer focuses on process-to-processcommunication services
Understanding Networked Applications A First Course48
Addresses vs. names
128 bits (Network,host)
info.sims.berkeley.edu
Address specifiestopological location ofhost to the network
Name is easy to rememberor construct and reflectsadministrative boundaries
![Page 25: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/25.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
25
Understanding Networked Applications A First Course49
Issues in congestion control
• Social issue: how do we divide limitednetwork resources amongusers/applications?
• Approaches:– Voluntary (e.g. UDP)
• “Bad citizen” is rewarded
– Policy driven (e.g. TCP)
– Incentivized (e.g. pricing)
Understanding Networked Applications A First Course50
Advantages of pricing-basedcongestion control
• Policies can never take into account the“importance” of traffic
• Users and applications are forced to consider thecommon resource implications of their actions
• Users and applications can choose the most“important” traffic for periods of congestion– Shift other traffic to off-peak times
• Source of revenue to expand capacity
![Page 26: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/26.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
26
Understanding Networked Applications A First Course51
Technical approaches tocongestion control
• Source-driven throttle algorithm– Voluntary, policy, or incentive driven
• Network-driven– Must use fairness criteria
– Network-to-source flow control
– Network access enforcement (policing)• Traffic priorities allow source to control what traffic
is discarded
Understanding Networked Applications A First Course52
Capacity
Willingness to pay forone more unit of capacity
c’
p
c
In reducing capacity from c to c’Revenue gainedRevenue lost
D(c)
cmax
Undesirability of fixed pricingper unit of capacity
![Page 27: 19 - people.eecs.berkeley.edumesser/netappc/Slides/19c.pdf · • Protocol layering: one service can be layered on another by fragmentation and encapsulation Understanding Networked](https://reader033.vdocuments.us/reader033/viewer/2022042220/5ec65d2d8fdc5d104a35baac/html5/thumbnails/27.jpg)
Copyright 1998, David G. Messerschmitt. All rights reserved. 4-Aug-99
27
Understanding Networked Applications A First Course53
Downsides of pricing
• Infrastructure for– Usage monitoring
– Congestion monitoring
– QoS configuration
– Billing
• Operational costs
• How do costs compare to the benefits?