Managed network services ppt

Network Services and Applications and network security services and mechanisms ppt
Dr.GriffinWood Profile Pic
Dr.GriffinWood,United Kingdom,Teacher
Published Date:23-07-2017
Your Website URL(Optional)
Comment
Network Services and Applications EECS 489 Computer Networks http://www.eecs.umich.edu/courses/eecs489/w07 Z. Morley Mao Monday Jan 22, 2007 1 Mao W07 Acknowledgement: Some slides taken from Kurose&Ross and Katz&Stoicaƒƒƒ Adminstrivia Homework 1 is due tomorrow – 1/23 PA1 will be available tomorrow as well - A simplified Web server - You need to find a project partner for this assignment Reading assignment for this week - Chapter 3 of the book - You should have read Chapter 1 and 2. 2 Mao W07ƒƒƒƒƒ Recap from last lecture Nagle’s algorithm - By default it is on: combines small packets into larger ones before sending to reduce header overhead - TCP_NODELAY socket option disables it Internet routing is - policy driven, not load-sensitive, generally not QoS- based Email is not secure by default - Using HTTPS Web-based interface only provides one hop security from mail client to the mail server, not end- to-end security Port knocking allows a server to hide its port - Reduces overhead in rejecting illegitimate requests Akamai is a commercial company providing Web caching service - Using DNS-based redirection 3 Mao W07ƒƒƒƒ Nodal delay d=d+d+d+d nodal proc queue trans prop d = processing delay proc - typically a few microsecs or less d = queuing delay queue - depends on congestion d = transmission delay trans - = L/R, significant for low-speed links d = propagation delay prop - a few microsecs to hundreds of msecs 4 Mao W07ƒƒƒ ƒƒƒ Queueing delay (revisited) R=link bandwidth (bps) L=packet length (bits) a=average packet arrival rate traffic intensity = La/R La/R 0: average queueing delay small La/R - 1: delays become large La/R 1: more “work” arriving than can be serviced, average delay infinite 5 Mao W07ƒƒ “Real” Internet delays and routes What do “real” Internet delay & loss look like? Traceroute program: provides delay measurement from source to router along end- end Internet path towards destination. For all i: - sends three packets that will reach router i on path towards destination - router i will return packets to sender - sender times interval between transmission and reply. 3 probes 3 probes 3 probes 6 Mao W07ƒƒ Traceroute: Measuring the Forwarding Path Time-To-Live field in IP packet header - Source sends a packet with a TTL of n - Each router along the path decrements the TTL - “TTL exceeded” sent when TTL reaches 0 Traceroute tool exploits this TTL behavior Time exceeded TTL=1 destination source TTL=2 Send packets with TTL=1, 2, 3, … and record source of “time exceeded” message 7 Mao W07“Real” Internet delays and routes traceroute: gaia.cs.umass.edu to www.eurecom.fr Three delay measements from gaia.cs.umass.edu to cs-gw.cs.umass.edu 1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms 2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms 3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms 4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms 5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms 7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms trans-oceanic 8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms link 9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms 10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms 11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms 12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms 13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms 14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms 15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms 16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms 17 means no reponse (probe lost, router not replying) 18 19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms 8 Mao W07ƒƒƒ Packet loss queue (aka buffer) preceding link in buffer has finite capacity when packet arrives to full queue, packet is dropped (aka lost) lost packet may be retransmitted by previous node, by source end system, or not retransmitted at all 9 Mao W07ƒ Protocol “Layers” Networks are complex many “pieces”: -hosts Question: -routers Is there any hope of organizing structure of - links of various network? media - applications Or at least our discussion -protocols of networks? - hardware, software 10 Mao W07ƒ Organization of air travel ticket (complain) ticket (purchase) baggage (claim) baggage (check) gates (unload) gates (load) runway landing runway takeoff airplane routing airplane routing airplane routing a series of steps 11 Mao W07Layering of airline functionality ticket (purchase) ticket (complain) ticket baggage (check) baggage (claim baggage gate gates (load) gates (unload) takeoff/landing runway (takeoff) runway (land) airplane routing airplane routing airplane routing airplane routing airplane routing departure intermediate air-traffic arrival airport control centers airport Layers: each layer implements a service - via its own internal-layer actions - relying on services provided by layer below 12 Mao W07ƒƒƒ Why layering? Dealing with complex systems: explicit structure allows identification, relationship of complex system’s pieces - layered reference model for discussion modularization eases maintenance, updating of system - change of implementation of layer’s service transparent to rest of system - e.g., change in gate procedure doesn’t affect rest of system layering considered harmful? 13 Mao W07ƒƒƒƒƒ Internet protocol stack application: supporting network applications application - FTP, SMTP, STTP transport: host-host data transfer transport - TCP, UDP network: routing of datagrams from network source to destination - IP, routing protocols link link: data transfer between neighboring network elements physical - PPP, Ethernet physical: bits “on the wire” 14 Mao W07source message M application Encapsulation segment H M transport t datagram H H M network n t H H H frame M link l n t physical H H H M link H H H M l n t l n t physical switch destination H H M H H network M n t n t H H H M H H H link M M l n t l n t application physical H M transport t H H M network n t router H H H M link l n t physical 15 Mao W07IP Packet Structure usually 20 bytes usually IPv4 4-bit 8-bit 4-bit 16-bit Total Length (Bytes) Header Type of Service Version Length (TOS) 3-bit 16-bit Identification 13-bit Fragment Offset Flags 20-byte 8-bit Time to 20-byte fragments 8-bit Protocol 16-bit Header Checksum Header Header Live (TTL) 32-bit Source IP Address 32-bit Destination IP Address Options (if any) error check Payload header 16 Mao W07Layering in the IP Protocols Telnet HTTP FTP DNS RTP Transmission Control User Datagram Protocol (TCP) Protocol (UDP) Internet Protocol Ethernet SONET ATM 17 Mao W07ƒƒ Application-Layer Protocols Messages exchanged between applications - Syntax and semantics of the messages between hosts - Tailored to the specific application (e.g., Web, e-mail) - Messages transferred over transport connection (e.g., TCP) Popular application-layer protocols - Telnet, FTP, SMTP, NNTP, HTTP, … GET /index.html HTTP/1.1 Client Server HTTP/1.1 200 OK 18 Mao W07Example: Many Steps in Web Download st Browser DNS TCP 1 byte Last byte cache resolution open response response Sources of variability of delay • Browser cache hit/miss, need for cache revalidation • DNS cache hit/miss, multiple DNS servers, errors • Packet loss, high RTT, server accept queue • RTT, busy server, CPU overhead (e.g., CGI script) • Response size, receive buffer size, congestion • … downloading embedded image(s) on the page 19 Mao W07ƒƒƒ Domain Name System (DNS) Properties of DNS - Hierarchical name space divided into zones - Translation of names to/from IP addresses - Distributed over a collection of DNS servers Client application - Extract server name (e.g., from the URL) - Invoke system call to trigger DNS resolver code - E.g., gethostbyname() on “www.foo.com” Server application - Extract client IP address from socket - Optionally invoke system call to translate into name - E.g., gethostbyaddr() on “12.34.158.5” 20 Mao W07