the internet and its architecture
TRANSCRIPT
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 1/49
The Internet and its Architecture
Daniel Zappala
CS 360 Internet ProgrammingBrigham Young University
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 2/49
The Internet Internet Architecture The Layers Putting it Together Security
The Internet
Internet Mapping Project, Bill Cheswick
2/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 3/49
The Internet Internet Architecture The Layers Putting it Together Security
Internet Map
Interactive Tool
3/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 4/49
The Beginning
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 5/49
The Internet Internet Architecture The Layers Putting it Together Security
Arpanet Maps
December 1969
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 6/49
The Internet Internet Architecture The Layers Putting it Together Security
Arpanet Maps
June 1970
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 7/49
The Internet Internet Architecture The Layers Putting it Together Security
Arpanet Maps
December 1970
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
Th I I A hi Th L P i i T h S i
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 8/49
The Internet Internet Architecture The Layers Putting it Together Security
Arpanet Maps
September 1971
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
Th I t t I t t A hit t Th L P tti it T th S it
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 9/49
The Internet Internet Architecture The Layers Putting it Together Security
Arpanet Maps
March 1972
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 10/49
The Internet Internet Architecture The Layers Putting it Together Security
Arpanet Maps
August 1972
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 11/49
The Internet Internet Architecture The Layers Putting it Together Security
Arpanet Maps
September 1973
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 12/49
The Internet Internet Architecture The Layers Putting it Together Security
Arpanet Maps
June 1974
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 13/49
The Internet Internet Architecture The Layers Putting it Together Security
Arpanet Maps
July 1975
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 14/49
y g g y
Arpanet Maps
July 1976
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 15/49
y g g y
Arpanet Maps
July 1977
Heart, McKenzie, McQuillian, and Walden, ARPANET Completion Report, BBN, 1978
5/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 16/49
Today
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 17/49
A Network of Networks
•
roughly hierarchical• Tier-1 ISPs provide
national, internationalcoverage
• Tier-2 ISPs provideregional coverage
• Tier-3 and lower levelsprovide local coverage
• any tier may sell tobusiness and residential
customers• any ISP may have a link
to any other ISP (notstrictly hierarchical)
7/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 18/49
Level 3 Tier-1 Map
Interactive Map
8/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 19/49
Submarine Cable Map
9/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 20/49
Additional Complexity
• PoP (Point of Presence)• router(s) in the provider’s network where customer ISPs can
connect
• multi-homing• customer ISPs may connect to more than one provider, for
fault tolerance• peering
• connect directly to another ISP at the same level, instead of going through a provider, usually without any cost
• IXP
• third-party location where ISPs can peer with each other• content provider networks
• large content providers (e.g. Google) have large networks,connect directly to lower-level ISPs and IXPs
10/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 21/49
Internet Structure
11/39
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 22/49
Many Different Internet Service Providers
• Each network is independent
• Interoperability requires
using Internet standards: IP,TCP• the Internet is global and
must run these standards• your private intranet can
do whatever you want itto do
12/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 23/49
The Key to Making it all
Work
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 24/49
Standardization
• standards are essential to interoperability on the Internet
• Internet Engineering Task Force www.ietf.org
• standardizes Internet protocols: IP, TCP, HTTP, etc• open to all to participate, free of charge
• relies on working code and rough consensus• W3C www.w3c.org
• standardizes web protocols and formats• industry-oriented consortium• requires approved and paid membership ($6,350 - $63,500 per
year)• many standards do not require Internet-wide deployment
14/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 25/49
Internet Architecture
The Internet Internet Architecture The Layers Putting it Together Security
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 26/49
Internet Architecture
• an architectural model thatseparates communication protocolsinto layers
• defines the functionality of eachcomponent and the interfaces
between components• layering helps to build complex
systems, like using modules tobuild large programs
• a particular implementation is free
to combine layers or create newlayers to create a more efficient orflexible system
16/39
The Internet Internet Architecture The Layers Putting it Together Security
Th I H l
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 27/49
The Internet Hourglass
17/39
The Internet Internet Architecture The Layers Putting it Together Security
Th HTTP H l
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 28/49
The HTTP Hourglass
18/39
The Internet Internet Architecture The Layers Putting it Together Security
P t l
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 29/49
Protocols
• a formal definition of how two or more entities communicate
• includes• format of messages• actions taken when a message is sent or received• actions taken when an event occurs
19/39
The Internet Internet Architecture The Layers Putting it Together Security
P t l E l
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 30/49
Protocol Example
• HTTP Request message format• sent in ASCII format• request line : method, URL, version• header lines : additional method parameters• ends with a carriage return and line feed
• actions: what happens when a server gets a request?
20/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 31/49
The Layers
The Internet Internet Architecture The Layers Putting it Together Security
Application Layer
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 32/49
Application Layer
• the focus of this class: client-server, peer-to-peer, web apps
• important topics• design• concurrency• performance evaluation• security
• use socket API to access transport protocols
22/39
The Internet Internet Architecture The Layers Putting it Together Security
Application Layer Services
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 33/49
Application Layer Services
• query-response: basic services• DHCP• DNS
• client-server communication: a server provides a service toclients
•
web• video and audio streaming• email• file transfer
• peer-to-peer communication: host collaborate to share
content, acting as both clients and servers• Gnutella (and variants): file searching and sharing among peers• BitTorrent: file distribution from a well-known source• Coral: peer-to-peer web caching
23/39
The Internet Internet Architecture The Layers Putting it Together Security
Transport Layer
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 34/49
Transport Layer
• delivers data between hosts on the Internet
• treats the Internet as a service that provides a virtual, butunreliable link between two computers
24/39
The Internet Internet Architecture The Layers Putting it Together Security
Transport Layer Services: TCP
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 35/49
Transport Layer Services: TCP
• connection-oriented: requires state setup at sender andreceiver
• provides a reliable, ordered byte stream• reliable: retransmits any segments that are lost•
ordered: buffers and re-orders segments before delivery toapplication• byte stream: transfers bytes, not messages
• provides flow control: avoid overflowing the receiver’s buffer
• provides congestion control: avoid persistently overflowing
network buffers• applications: web, file transfer, remote login, email
25/39
The Internet Internet Architecture The Layers Putting it Together Security
Queues and Congestion Control
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 36/49
Queues and Congestion Control
• delay is primarily caused by queueing
• loss is caused by queue overflow
• both are signs of congestion• packets are arriving faster than they can be serviced
• delay and loss are signals to TCP congestion control algorithm– slow down
• the Internet needs congestion control to avoid persistent
queue overflow• fundamental control problem
26/39
The Internet Internet Architecture The Layers Putting it Together Security
Transport Layer Services: UDP
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 37/49
Transport Layer Services: UDP
• connectionless: no state setup
• unreliable: lost packets are not re-sent
•
no flow control• no congestion control
• applications: query-response (DNS, DHCP), streaming media(voice, video), some peer-to-peer protocols
27/39
The Internet Internet Architecture The Layers Putting it Together Security
Network Layer
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 38/49
Network Layer
• forwards packets between computers and routers on the
Internet
28/39
The Internet Internet Architecture The Layers Putting it Together Security
Network Layer Services: IP
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 39/49
Network Layer Services: IP
• common protocol needed to interoperate with othercomputers on the Internet
• data from transport layer is divided into packets (about 1.5KB) and sent individually
• implements a best-effort service model - routers make theirbest effort to deliver all packets, but packets may be
• delayed (long queues in the network)• dropped (queue overflow)• duplicated (mistaken retransmission by TCP)
• re-ordered (packets may take different paths)• reliability and ordering are the responsibility of TCP
29/39
The Internet Internet Architecture The Layers Putting it Together Security
Host Names and Internet Addresses
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 40/49
Host Names and Internet Addresses
• hosts can have one or more names
• each name can be associated with one or more addresses
• 32 bits, written in dotted decimal form
• byu.edu: 128.187.16.167
• google.com: 74.125.127.99, 74.125.127.103, 74.125.127.104,74.125.127.105, 74.125.127.106, 74.125.127.147
• the Domain Name System DNS maps names to addresses
• a network is a group of hosts with the same prefix• 128.187.16.167 with a netmask of 128.187.16.167• 128.187.0.0• 128.187/16
30/39
The Internet Internet Architecture The Layers Putting it Together Security
Network Layer Services: Routing
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 41/49
Net ork Layer Ser ices Routing
• routing protocols decide which path to use when sending
packets to a given destination• organized hierarchically: BGP in the backbone, anything you
want (OSPF, IGRP, RIP) in your own network• choose the best path for each destination and tell the router to
use this path
• primary goals• stability: paths must not change too often• scalability: must handle every possible destination on the
Internet• policy: allow network adminstration to choose paths based on
economic agreements between providers• security: prevent unauthorized re-routing and other attacks
• scalable routing is currently a major concern for the
Internet
31/39
The Internet Internet Architecture The Layers Putting it Together Security
Link and Physical Layers
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 42/49
y y
• link layer: sends a frame on one link
• physical layer: sends bits on one link
32/39
The Internet Internet Architecture The Layers Putting it Together Security
Types of Links
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 43/49
yp
• key features• bandwidth - number of bits that can be transmitted per
second, measured in bps, Kbps, Mbps or Gbps• latency - the time it takes to propagate a bit down a link• shared vs dedicated resources
• examples• modem: < 56 Kbps• DSL: 256 Kbps up / 1 Mbps down (example)• Cable Internet: 2 Mbps up / 10 Mbps down, shared (example)• Ethernet: 10 - 1000 Mbps, shared or dedicated• wireless: wide range of bandwidths (54 Mbps for 802.11g),
shared or dedicated with directional antenna
33/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 44/49
Putting it Together
The Internet Internet Architecture The Layers Putting it Together Security
The Internet at each Hop
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 45/49
p
35/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 46/49
Security
The Internet Internet Architecture The Layers Putting it Together Security
Why is the Internet so Vulnerable to Attacks?
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 47/49
•
The Design Philosophy of the DARPA Internet Protocols,Clark, 1988
• fundamental goal• develop an internetwork for existing networks
• second-level goals
1 survivability2 multiple types of service (delay vs bandwidth, reliable vs
datagram)3 variety of networks4 distributed management
5 cost effective6 host attachment with low effort7 accountable resources
37/39
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 48/49
Security Was Not
Considered
The Internet Internet Architecture The Layers Putting it Together Security
Cat And Mouse
8/11/2019 The Internet and Its Architecture
http://slidepdf.com/reader/full/the-internet-and-its-architecture 49/49
• security is a bandaid for the Internet
• constant game of cat and mouse
• numerous attacks• malware (e.g. viruses, worms) to create botnets• denial-of-service attacks (DoS, DDoS)
• exploit vulnerabilities
• bandwidth flooding
• connection flooding
• packet sniffing•
IP spoofing• ...and many more
39/39