how the internet really works

70
the ‘net

Upload: russ-white

Post on 17-Feb-2017

4.013 views

Category:

Internet


0 download

TRANSCRIPT

Page 1: How the Internet Really Works

the ‘net

Page 2: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 2

The ‘net

What are the business relationships that make the Internet work?

What are the protocols and parts that make the Internet work?

Page 3: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 3

The Big Picture

Page 4: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 5

› Technical Overview– Naming– Routing

› Architectural Overview– Standards– Service Providers– Registries– Clearing Houses

› Operational Case Study

Agenda

Page 5: How the Internet Really Works

Naming

Page 6: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 7

Naming System

Page 7: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 8

› Begin with a user who types the name of a web site into a browser

› How does the host actually find a web site based on a name?

› There are three things the host needs to find

– An address for the server on which the information resides

– How to get to that address– The specific file on the server itself

› DNS provides the first of these three bits of information

The Domain Name System

Page 8: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 9

› The local operating system queries a DNS server

– The address of this local server is either manually configured or learned through auto configuration

› Assume the local server doesn’t know the corresponding address…

› The local server will query the TLD server for the next section of the DNS address

– Ericsson.com’s second section is .com– The local server will send a query to the .com

server asking for the location of ericsson.com

The Domain Name System

DATA

DNS

DNSDNS

LOCAL

AUTHORITATIVE TOP LEVEL

Page 9: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 10

› Top Level Domain (TLD) servers don’t keep information on the addresses for every possible subdomain

› Instead, the TLD server will refer the DNS server to an authoritative server for the correct subdomain

– In this case, the .com server refers the local DNS server to the ericsson.com server

The Domain Name System

DATA

DNS

DNSDNS

LOCAL

AUTHORITATIVE TOP LEVEL

Page 10: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 11

› The local DNS server sends a query to the authoritative server

› This server returns the address of the server on which the web site is stored

The Domain Name System

DATA

DNS

DNSDNS

LOCAL

AUTHORITATIVE TOP LEVEL

Page 11: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 12

› The local DNS server responds with the correct address for this server

› The local DNS server also caches this address for some length of time

– This allows the DNS server to respond to future queries without going through this entire process again

The Domain Name System

DATA

DNS

DNSDNS

LOCAL

AUTHORITATIVE TOP LEVEL

Cache

Page 12: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 13

› Glue records allow the authoritative servers to have a domain name within the domain for which they are authoritative

– Without glue records, you can get trapped in a domain lookup loop

› The glue record puts the name server address into the pointer to ns1.example.com

– So the first query not only returns the server to ask, but the server’s address

Glue Records

Where is example.com?

To find ns1.example.com, I need to find example.com

Ask ns1.example.com

Page 13: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 14

› In-Addr-ARPA– A DNS tree based around

IP addresses, rather than domain names

– Each section of the IP address is treated the same as a “level” of a domain

– The reply is the domain name the IP address reaches

– A “reverse lookup”

› Whois– A separate protocol that

provides registration information about any specific domain name

– Can be used to find out if a domain name is valid, etc.

› DNSSEC– Each section of the

domain name is cryptographically signed

› .com is signed› .example.com is

signed› Etc.

– This prevents attacks against the DNS system

Naming Related Systems

Page 14: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 15

Naming Related Systems

Page 15: How the Internet Really Works

Routing

Page 16: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 17

Routing

Page 17: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 18

› Now we have an address that tells us where to find the web site we’re after…

› And we have a way to bundle of the data that needs to be transferred…

› But how do we get there?› Even if we had a map of the

network – packets can’t drive

Routing

Page 18: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 19

› It’s easy to say “the Internet is a network of networks,” but what does that really mean?

› Another way to view the Internet is as a virtual topology

› Policy is the key to understanding the AS level (overlay network)

– BGP is distributed policy– Different types of providers follow different

sets of policies to maximize revenue and minimize cost

Routing

Page 19: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 21

› Understanding these policies requires understanding peering models

› Provider/Customer› Transit› Settlement Free

Peering Connections

Transit

Provider

Customer

Provider

Customer

Transit

Settlement Free

Settlement Free

Page 20: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 23

› Attract as much traffic as possible– Increasing peering to reduce the AS Path

length to reach any particular destination› Carry as little traffic as possible

– Really carrying packets for the shortest distance you can

– “Hot potato routing”

Transit Provider

Hot potato routing Attract traffic against competitors

Page 21: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 24

› Be the preferred path for connected customers

– Even if they’re connected to someone else

› Carry traffic across the shortest possible path

– Or for the least amount of time possible– “Hot potato routing”

Edge Provider

Hot potato routing Attract traffic against competitors

Page 22: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 25

› Push content as close to the actual “eyeballs” as possible– Peer as widely as possible– Use content distribution mechanisms to push content to every corner/edge of the network

› Carry traffic on internal links where possible– To exert the greatest level of control over the user’s experience on your services– “Cold potato routing”

› Create a “walled garden” if possible– Use applications on end devices to keep users in your network– Make your applications perform “better” than “the competitor”

Content Provider

Page 23: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 26

› Keep users within your network for content– In this respect, mobility providers act like content providers– Push content as close to the user as possible– Create a “walled garden”

› Keep users on your network as much as possible when they can be billed– Use minutes to charge for more– Capture users into devices that prefer your network over other networks

› Move traffic destined outside the walled garden quickly off your network– Hot potato content provided by a competitor

Mobility Provider

Page 24: How the Internet Really Works

Standards Bodies

Page 25: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 28

Standards Bodies

Page 26: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 29

› DNS, transport, and routing protocols are only a small sample of the protocols that make the Internet “go”

– Voice over IP, HTTP, FTP, telnet, rsynch, IPsec, SSH, SSL, and many other protocols must be developed, extended, and managed

– HTML, JavaScript, image formats, and many other information formats must be developed, extended, and managed

› Where do all of these standards come from?

Standards Bodies

Page 27: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 30

Standards BodiesAll layer 3 transport and routing protocols, including IP, TCP, UDP, HTTP, DNS, routing protocols, telnet, rsync, IPsec, and network management protocolsAll layer 1 and layer 2 transport and control plane protocols, including Ethernet, spanning tree, wand ireless networkingMarkup languages (languages which describe how to display or render content), including HTML and XMLAny international standard, including numbering, encryption schemes, and routing protocols (such as IS-IS)

Page 28: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 31

Standards Bodies• Individual, voluntary membership and participation• Members mostly vendors, providers, researchers• Standardization through rough consensus• Corporate membership and participation• Members mostly vendors• Standardization through formal voting• Voluntary membership and participation• Members mostly vendors, providers, researchers• Standardization through rough consensus• Governmental and corporate (NGO) membership and

participation• Members mostly government and vendor representatives• Standardization through formal voting

Page 29: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 32

› What happens when two standards bodies start standardizing to solve the same problem?– IS-IS is standardized by both the ISO and the IETF– ISO and the IETF have overlapping interest in Multiprotocol Label Switching (MPLS)– The IEEE and the IETF are both working on next generation control planes for switching

› Generally these overlaps are handled through various liaison committees– The committee meets and maps out different areas or how to use each other’s standards in ongoing work

› Ultimately, the market decides– If two different standards solve the same problem, vendors and end users decide which they will use– Over time, one standard will become inactive, while others will continue to be used– BETA verses VHS

Standards Bodies

Page 30: How the Internet Really Works

Service Providers

Page 31: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 34

Service Providers

Page 32: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 35

› Content providers fall into two categories

– Media creation and distribution– Connecting buyers and sellers

(ecommerce)› Create something of value to sell to

individual end users– Entertainment: movies, books, music, etc.– Information: news, job searches, people

searches, etc.– A connection to a product or producer

Content ProvidersEcommerce, entertainment, information

Search, services, software (ecommerce), entertainment

Search, services, entertainment

Entertainment

Services, information, ecommerce

Software, information, services

Ecommerce, information

Information, ecommerce

Page 33: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 36

› Income Sources› Sell services, entertainment, or connect buyers to sellers for a fee

– The ability to convert interest into a sell by learning customer preferences and trends is the primary basis of this model

› Sell user attention and information to companies (advertising)– Click throughs are transferring interest from the content provider to the seller– Conversion rate is the number of people who actually buy based on advertising

Content Providers

Page 34: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 37

› Networking Costs› Physical infrastructure

– Routers, switches, DNS servers, etc.› Operational costs

– People, processes, and facilities› Connection costs

– Must generally pay access providers for access to end users– Must generally pay service (transit) providers for connections to access providers

Content Providers

Page 35: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 38

› Vendors and Operations› Largely data center/cloud oriented

– Data centers on the order of one million+ VMs– Focused on known units of processing and processing requirements

› Maximize white box– Minimize reliance on a single vendor– Dumb boxes/smart software

Content Providers

Page 36: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 40

› Provide individual users, businesses, and organizations with Internet connections

– Includes traditional last mile providers such as telephone and cable providers

– Includes disruptive providers, such as wireless, satellite, and other carriers

› Are often involved in the creation and distribution of content, as well

– Local sports, shows, and other events

Access Providers

Wireless/mobility services, business Internet access

High speed Internet access

Satellite based Internet access

Page 37: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 41

› Income Sources› Individual subscriber fees

– Normally based on fixed traffic limits and/or the link type and speed provided to the customer› Managed equipment and services› Local production and distribution

– This includes “app store” sales and servers from consumers “locked in” to the provider’s network

– Some of these services directly compete with content service providers– This is particularly visible in the Apple & Google verses provider space right now

Access Providers

Page 38: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 42

› Network Costs› Physical infrastructure

– Routers, switches, DNS servers– Physical cable, satellite systems, towers

› Operational costs– People, processes, and facilities

› Connection costs– Must generally pay service (transit) providers for connections to the global internet

Access Providers

Page 39: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 43

› Business Model› Provide the largest set of integrated services available

– Generally contained within one geographic area, but this isn’t necessarily true– Tackle vertical markets within the existing base to expand services offered and subscriber fees

› Reduce content and transit costs– Reduce the cost of connecting individual users to transit and content providers– Generate and sell locally generated content

› Bottom line– Minimize network and content generation costs– Minimize connection costs– Maximize revenue from subscribers

Access Providers

Page 40: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 44

› Vendors and Operations› Operations are often a legacy of many combined businesses

– The telecom merger craze created a lot of messes– Many have regional and functional operations that don’t often work together– Verizon, for instance, runs three networks

› Tend to be “vendor neutral”– Mostly the big vendors you all know about– Cisco, Juniper, Arista, Extreme– Will buy things just to “even out the network,” to prevent vendor lock-in

› Appear to be increasingly moving towards the content provider operation model– White box, etc.

Access Providers

Page 41: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 45

› Provide interconnection between content and access service providers

– Many transit service providers also sell other services, including content and access

Transit Providers

Page 42: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 46

› Income Sources– Peering Contracts

› Called “settlement”› Normally charged based on traffic levels, rather than link type

– Managed equipment and services› Network Costs

– Physical infrastructure› Routers, switches, DNS servers› Physical cable, satellite systems, towers

– Operational costs› People, processes, and facilities

Transit Providers

Page 43: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 47

› Business Model› Provide the widest connectivity reach

– Interconnect with as many larger organizations as possible– Reduce transit time for customers to the minimum possible– Provide the lowest latency (fastest) service to the most desirable locations

› Assumes 80% of all traffic is destined to 20% of all possible destinations› Reduce peering cost

– Transit providers want to be sources of traffic, not sinks– Manage traffic flows to reduce peering cost while providing the highest quality service

available

Transit Providers

Page 44: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 48

› Vendors and Operations› Much like the access providers, transit networks are often amalgamations of other networks

– Most of them are currently working to bring their networks together into “one network”› Multivendor by default

– Generally will buy from multiple vendors to prevent vendor lock in– Often seen as a matter of discipline to focus on open standards and interoperability

› Many are moving towards a more service oriented model– Dumb Box/Smart Software model (see NFV as an instance)– Becoming more data center/cloud/service oriented

› To capture some of the revenue passing through the network› To provide services to content providers more cheaply than content providers can build out their

networks

Transit Providers

Page 45: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 49

› Often the “forgotten man” in the Internet world

› IXPs provide local interconnections for access and content providers

– Can be commercial or non-profit› Used by providers within a region

– Avoids the use of out of region transit providers

– Reduces latency within the region– Replaces traffic based settlement costs

with fixed membership fees

Internet Exchange Providers

CONTENT PROVIDER

TRANSIT PROVIDER

ACCESS PROVIDERIXP

Page 46: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 50

› Income Sources– Fixed membership or usage fees

› Not based on traffic levels› Network Costs

– Physical infrastructure› Routers, switches, DNS servers› Physical cable, satellite systems, towers

– Operational costs› People, processes, and facilities

Internet Exchange Providers

Page 47: How the Internet Really Works

Registries

Page 48: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 52

Registries

Page 49: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 53

› ICANN and IANA coordinate the assignment of the numbers and names that make the Internet work

– These organizations don’t “control the Internet”

– They only set the rules under which other organizations may obtain and sell these resources

– These rules are based on fairness and operational requirements

Naming Authorities

Page 50: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 55

› Regional Internet Registries (RIRs) manage IP address block assignments for a region

– Or a set of economies– They are set up by a consortium of government and

provider organizations within a region› RIRs also…

– Participate in research and standardization efforts– Provide services for the “common good” of their members,

such as whois– Hold regular meetings for the education of their members

and information exchange– Produce best common practice documents and

recommendations

Regional Registries

Page 51: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 56

› IANA provides blocks of IP addresses to each RIR– This is primarily based on need– IANA wants to ensure an RIR doesn’t ask for address

space when a low percentage of the RIR’s currently available space is used, for instance

› Each regional registry then provides address blocks to their members

– The members can then advertise this space in the global routing table, use them in DNS entries, or even use them just for their internal networks

– Many large organizations purchase address blocks which are never advertised on the global Internet

Regional Registries

Page 52: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 57

› Income Sources– Member fees– Fees for the registration/usage of IP address space– Fees for other services offered

› Network Costs– Physical infrastructure

› Routers, switches, DNS servers– Operational costs

› People, processes, and facilities– Connection costs

› Must generally pay service (transit) providers for connections to the global internet

Regional Registries

Page 53: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 58

› Domain Name Registries manage Top Level Domains (TLDs)

– ICANN assigns the management of these TLDs to these registries

– These registries, in turn, sell domain names to second level registries

› All second tier registries must be treated the same by the TLD

– These operate on a fixed cost per domain per domain name› Many registries also support standards bodies and the

community at large– Research, whois, and publicly available tools

Top Level Registries

Page 54: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 59

› Income Sources– Fees for the registration/usage of domains within a TLD– Fees for other services offered

› Network Costs– Physical infrastructure

› Routers, switches, DNS servers– Operational costs

› People, processes, and facilities– Connection costs

› Must generally pay service (transit) providers for connections to the global internet

Top Level Registries

Page 55: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 60

› Current Business Environment› The money is draining out of the TLD business

– The cost to provide DNS TLD service is declining rapidly– Governments are cutting down on the amount of money a TLD provider can charge, and

asking a larger slice of the profits› Many TLD providers are moving into other services to build alternate revenue

streams– DDoS protection (Verisign)– Filtering and analytics (OpenDNS)

› Moving towards a cloud services model, in essence

Top Level Registries

Page 56: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 61

› Vendors and Operations› Generally very clean network designs

– Often built from the ground up with DNS services in mind– Since DNS can be considered a cloud based service, these networks tend to be adaptable to other

cloud services easily› Generally stick with two or three vendors

– Try to avoid vendor lock-in› Data centers are already often dumb box/smart software operations

– Homogenized processing– Not often multi-tenant (or multi-tenant in a very controlled way)– Little reason for complex route/switch

Top Level Registries

Page 57: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 62

› Domain resellers– Second tier registries– Buy domains at a fixed rate from a TLD registry– Resell domains based on popularity, bundled into other

services, etc.› Income sources

– Services, domain registration fees› Costs

– Hardware/software to provide services– People to manage services– Advertising– Connection to tier 1/tier 2 upstreams

Second Tier Registries

Page 58: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 63

› Business Environment– Mostly moving towards cloud services (provisioned hosting, etc.)

› Vendor & Operations Environment– Rarely single vendor, mostly dual vendor– Avoid vendor lock in– Generally very clean unified network designs– Data center focused– Moving towards dumb box/smart software model, if they’re not already there

Second Tier Registries

Page 59: How the Internet Really Works

Other Associations

Page 60: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 65

Clearing Houses

Page 61: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 66

› Internet Routing Registries (IRRs) are cooperative databases– Often run through volunteer efforts, by registries, and by research organizations

› RIPE, APNIC, ARIN, EasyNet, Level3, and others all run IRR mirrors– Data is held in a common policy language standardized by the IETF, RPSL– IRRs mirror the data in the databases of other IRRs

› What is this information used for?– A large number of service providers won’t accept route advertisements (through BGP)

unless there is an existing entry in an IRR they recognize as authoritative– Service providers built route filters based on the information in the IRR databases

Internet Route Registries

Page 62: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 67

› The policy information contained in the IRR can include– The origin AS– The prefix length, longest prefix length, and covered prefixes– Filtering policies implemented by a particular AS– Whether or not a peering AS is transit or not

› This information is stored in Routing Policy Specification Language (RPSL)– RPSL is defined in RFC2622

Internet Route Registries

Page 63: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 68

› Each time a peering arrangement is made, the receiving SP is going to check several places to make certain the route is valid…

– IRRs– in-addr.arpa– whois– Local contacts (through NOGs, etc.)

Internet Route Registries

IRR

whois

DNS

Transit Provider

Content Provider

In-addr.arpa

Page 64: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 69

› Many service providers also build inbound route filters based on the IRR database

– This allows automated changes in filtering based on allocations and other policies

– This filtering tends to be loose (rather than strict), because of the voluntary nature of the IRR data set

Internet Route Registries

IRR

whois

DNS

Transit Provider

Content Provider

In-addr.arpa

Page 65: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 70

› When setting up routing, you also want to filter out invalid routes where possible– This is partly just to be a “good netizen”– This is partly a matter of self-defense– Many invalid routes are sources of spam and various attacks, so filtering them out will help

prevent failures in this new service– There are tool kits available that build route filters from the IRR data set

Internet Routing Registries

Page 66: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 71

› If the new web site still isn’t reachable…– Route views allow looking into the routing table at various places on the Internet– If the routes aren’t correct, it becomes a matter of…

› Finding out where the routes are being blocked- The IRR database might provide positive information about what is being filtered

where› Finding the right contact information for the AS that is filtering the routes

- NOGs are very useful here› Contacting the AS’ and asking them to change their filters

Internet Route Registries

Page 67: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 72

› Network Operator’s Groups (NOGs) act as clearing houses for information about network operations

– These are generally volunteer organizations– Often run in close connection with regional

registries, research organizations, vendors, and other regional organizations

Network Operators Groups

Page 68: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 73

› Run mailing lists– Provides a common place to find operators of other networks in the region– Provides a place to discuss standards, political situations, network conditions, equipment,

and anything else related to network operations› Manage regional network operators conferences

– Often these are held in conjunction with regional registries– Provide training and contact opportunities for local network operators

Network Operators Groups

Page 69: How the Internet Really Works

Ericsson Internal | 2013-11-03 | Page 74

› The Internet Society engages in a wide spectrum of Internet issues, including policy, governance, technology, and development. We establish and promote principles that are intended to persuade governments to make decisions that are right for their citizens and each nation’s future. Everything we do is based on ensuring that a healthy, sustainable Internet is available to everyone – today and for the next billion users.

The internet Society

Page 70: How the Internet Really Works