Computer networks cse 434 fall 2009
Download
1 / 71

Agenda - PowerPoint PPT Presentation


  • 373 Views
  • Updated On :

Computer Networks CSE 434 Fall 2009 Sandeep K. S. Gupta Arizona State University http://impact.asu.edu/cse434fa09.html http://impact.asu.edu Research Experience for Undergraduates (REU) Agenda Quiz 2 Protocol Layering (Cont.) Summary Chapter 1 Application Layer (Intro) IP Addressing

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Agenda' - jaden


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Computer networks cse 434 fall 2009 l.jpg

Computer NetworksCSE 434 Fall 2009

Sandeep K. S. Gupta

Arizona State University

http://impact.asu.edu/cse434fa09.html

http://impact.asu.edu

Research Experience for Undergraduates (REU)


Agenda l.jpg
Agenda

  • Quiz 2

  • Protocol Layering (Cont.)

  • Summary Chapter 1

  • Application Layer (Intro)

  • IP Addressing

  • DHCP – an example of App Layer Protocol

Introduction



Network security is essentially about providing l.jpg
Network Security is Essentially about providing:

Confidentiality: only sender, intended receiver should “understand” message contents

sender encrypts message

receiver decrypts message

Authentication: sender, receiver want to confirm identity of each other

Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

Access and availability: services must be accessible and available to users


Friends and enemies alice bob trudy l.jpg
Friends and enemies: Alice, Bob, Trudy

well-known in network security world

Bob, Alice (lovers!) want to communicate “securely”

Trudy (intruder) may intercept, delete, add messages

Alice

Bob

data, control messages

channel

secure

sender

secure

receiver

data

data

Trudy


Who might bob alice be l.jpg
Who might Bob, Alice be?

… well, real-life Bobs and Alices!

Web browser/server for electronic transactions (e.g., on-line purchases)

on-line banking client/server

DNS servers

routers exchanging routing table updates

other examples?


There are bad guys and girls out there l.jpg
There are bad guys (and girls) out there!

Q: What can a “bad guy” do?

A: a lot!

eavesdrop: intercept messages

actively insert messages into connection

impersonation: can fake (spoof) source address in packet (or any field in packet)

hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place

denial of service: prevent service from being used by others (e.g., by overloading resources)

And much more ….


The language of cryptography l.jpg
The language of cryptography

symmetric key crypto: sender, receiver keys identical

public-key crypto: encryption key public , decryption key secret (private)

K

K

A

B

Alice’s

encryption

key

Bob’s

decryption

key

encryption

algorithm

decryption

algorithm

ciphertext

plaintext

plaintext


Public key cryptography l.jpg
Public key cryptography

+

K (m)

B

-

+

m = K (K (m))

B

B

+

Bob’s public

key

K

B

-

Bob’s private

key

K

B

encryption

algorithm

decryption

algorithm

plaintext

message

plaintext

message, m

ciphertext



Authentication l.jpg
Authentication Example

Goal: Bob wants Alice to “prove” her identity to him

Protocol ap1.0:Alice says “I am Alice”

“I am Alice”

Failure scenario??


Authentication12 l.jpg
Authentication Example

Goal: Bob wants Alice to “prove” her identity to him

Protocol ap1.0:Alice says “I am Alice”

in a network,

Bob can not “see” Alice, so Trudy simply declares

herself to be Alice

“I am Alice”


Authentication another try l.jpg
Authentication: another try Example

Alice’s

IP address

“I am Alice”

Protocol ap2.0:Alice says “I am Alice” in an IP packet

containing her source IP address

Failure scenario??


Authentication another try14 l.jpg
Authentication: another try Example

Alice’s

IP address

“I am Alice”

Protocol ap2.0:Alice says “I am Alice” in an IP packet

containing her source IP address

Trudy can create

a packet “spoofing”

Alice’s address


Authentication another try15 l.jpg
Authentication: another try Example

Alice’s

password

Alice’s

IP addr

“I’m Alice”

Alice’s

IP addr

OK

Protocol ap3.0:Alice says “I am Alice” and sends her

secret password to “prove” it.

Failure scenario??


Authentication another try16 l.jpg
Authentication: another try Example

Alice’s

password

Alice’s

IP addr

“I’m Alice”

Alice’s

IP addr

OK

Protocol ap3.0:Alice says “I am Alice” and sends her

secret password to “prove” it.

Alice’s

password

Alice’s

IP addr

“I’m Alice”

playback attack: Trudy records Alice’s packet

and later

plays it back to Bob


Authentication yet another try l.jpg
Authentication: yet another try Example

encrypted

password

Alice’s

IP addr

“I’m Alice”

Alice’s

IP addr

OK

Protocol ap3.1:Alice says “I am Alice” and sends her

encryptedsecret password to “prove” it.

Failure scenario??


Authentication another try18 l.jpg
Authentication: another try Example

encrypted

password

Alice’s

IP addr

“I’m Alice”

Alice’s

IP addr

OK

Protocol ap3.1:Alice says “I am Alice” and sends her

encrypted secret password to “prove” it.

encrypted

password

Alice’s

IP addr

“I’m Alice”

record

and

playback

still works!


Authentication yet another try19 l.jpg
Authentication: yet another try Example

K (R)

A-B

Goal:avoid playback attack

Nonce:number (R) used only once –in-a-lifetime

ap4.0:to prove Alice “live”, Bob sends Alice nonce, R. Alice

must return R, encrypted with shared secret key

“I am Alice”

R

Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!

Failures, drawbacks?


Authentication ap5 0 l.jpg
Authentication: ap5.0 Example

ap4.0 requires shared symmetric key

can we authenticate using public key techniques?

ap5.0: use nonce, public key cryptography

-

K (R)

A

+

+

K

K

A

A

-

-

+

(K (R)) = R

K

(K (R)) = R

A

A

A

“I am Alice”

Bob computes

R

and knows only Alice could have the private key, that encrypted R such that

“send me your public key”


Ap5 0 security hole l.jpg
ap5.0: security hole Example

Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)

-

-

K (R)

K (R)

A

T

+

+

K

K

A

T

-

-

+

+

m = K (K (m))

m = K (K (m))

+

+

A

T

A

T

K (m)

K (m)

A

T

I am Alice

I am Alice

R

R

Send me your public key

Send me your public key

Trudy gets

sends m to Alice encrypted with Alice’s public key


Ap5 0 security hole22 l.jpg
ap5.0: security hole Example

Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)

  • Difficult to detect:

  • Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation)

  • problem is that Trudy receives all messages as well!




Protocol stack l.jpg
Protocol stack Example

A set of protocol layers

Each layer uses the layer below and provides a service to the layer above

Key idea

once we define a service provided by a layer, we need know nothing more about the details of how the layer actually implements the service

information hiding

decouples changes


The importance of layering l.jpg
The importance of layering Example

Breaks up a complex problem into smaller manageable pieces

can compose simple service to provide complex ones

for example, WWW (HTTP) is Java layered over TCP over IP (and uses DNS, ARP, DHCP, RIP, OSPF, BGP, PPP, ICMP)

Abstraction of implementation details

separation of implementation and specification

can change implementation as long as service interface is maintained

Can reuse functionality

upper layers can share lower layer functionality

example: WinSock on Microsoft Windows


Problems with layering l.jpg
Problems with layering Example

Layering hides information

if it didn’t then changes to one layer could require changes everywhere

layering violation

But sometimes hidden information can be used to improve performance

for example, flow control protocol (at transport layer) may think packet loss is always because of network congestion

if it is, instead, due to a lossy link, the flow control breaks

this is because we hid information about reason of packet loss from flow control protocol


Internet protocol stack l.jpg
Internet protocol stack Example

application: supporting network applications

FTP, SMTP, HTTP

transport: process-process data transfer

TCP, UDP

network: routing of datagrams from source to destination

IP, routing protocols

link: data transfer between neighboring network elements

PPP, Ethernet

physical: bits “on the wire”

application

transport

network

link

physical

Introduction

1-28


Iso osi reference model adds two more layers l.jpg
ISO/OSI reference model adds two more layers Example

presentation: allow applications to interpret meaning of data, e.g., encryption, compression, machine-specific conventions

session: synchronization, checkpointing, recovery of data exchange

Internet stack “missing” these layers!

these services, if needed, must be implemented in application

needed?

application

presentation

session

transport

network

link

physical

Introduction

1-29


Why seven layers and why iso osi failed l.jpg
Why seven layers? And Why ISO-OSI failed? Example

Need a top and a bottom -- 2

Need to hide physical link, so need datalink -- 3

Need both end-to-end and hop-by-hop actions; so need at least the network and transport layers -- 5

Session and presentation layers are not so important, and are often ignored

So, we need at least 5, and 7 seems to be excessive

ISO-OSI failed – designed by committee before actual implementation experience.


Layering implementation issue l.jpg
Layering: Implementation Issue Example

There is a tension between information-hiding (abstraction) and achieving good performance

Art of protocol design is to leak enough information to allow good performance

but not so much that small changes in one layer need changes to other layers


Layering summary l.jpg
Layering: Summary Example

Breaks a complex problem into smaller, simpler pieces

Provides the application with sophisticated services

Each layer provides a clean abstraction to the layer above


Summary chapter 1 l.jpg
Summary – Chapter 1 Example

Networks are pervasive!

Various Types: PAN, LAN, WAN, MAN, ..

Various Networking Technologies/Standards IEEE802.11, Ethernet, WiMax

Internet

Networks of Networks

Consists of various components: end-systems (hosts), routers, switches, links of various types (wireless, optical, satellite ..)

Core of Internet versus Edge of Internet

Layered Architecture – based on principle “What happens in Vegas stays in Vegas” ()

Performance – Bandwidth, Latency, Reliability

E2E B/W constrained by bottleneck link b/w

E2E latency is sum of node, propagation, transmission, and queuing delay

Various causes of errors: link errors (bit errors), packet losses (drops) in congested buffers.

Security is important, cross-layer issues.



Slide35 l.jpg

Song: On the Net by Sarah E. Miller (Based on “over there” by G. Cohan)(http://www.poppyfields.net/filks/00176.html) (Youtube: Over There" (George M. Cohan) sung by Ann Gibson)

On the Net

(to Over There)

by Sarah Elizabeth Miller

On the net,On the net,Hacking onAll night longOn the net.All the network systems,We're gonna list 'emAnd snarf anything that we can get.On the net,On the net,Hacking here,Hacking thereOn the net.We'll find a modemAnd then uncode'em.Then we'll log into every system on the net.


Slide36 l.jpg

You Can’t Rush the Net by Ellio TT Schiff (Based on You Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

I need Netscape...To surf the webI need to find, find...Some software on lineThe F-A-Q said

You can't rush the net...No, you just have to waitIt said GIFS don't come quickly...Even with 56KYou can't rush the net...No you just have to waitIt takes a lot of time...To download from Ohio State

But how many searches...Must I doTo get the software...that I can useBut every single time...That I try to callI get a busy sign...Coming from the phoneBut the F-A-Q siad

You can't rush the net...No you just have to waitIt said GIFS don't come quickly...even with 56KHow long must I wait...How much RAM will this takeBefore a core dump...will cause my-yDisk to break.

No, I don't know...What is going wrongIt's a world wide wait...And it takes so longBut when the download...Is almost doneThat A-O-L...Keeps on hangin' up

You can't rush the net...No, you just have to waitIt said GIFS don't come quickly...Even with 56KYou can't rush the net...No you just have to waitIt takes a lot of time...To download from Ohio State

Four-oh-four...Site is not foundBut I keep on booing...And keep on hissingAt the programmer...To relink the siteFor the suport team...To set it all right

I keep on pointing...I keep on clickingBut it keeps stalling...It keeps stallingBut the F-A-Q said

You can't rush the net...No you just have to waitIt takes a lot of time...To download from Ohio StateYou can't rush the net...No, you just have to waitIt said GIFS don't come quickly...Even with 56K


Application layer l.jpg
Application Layer? Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

Where Network Applications and Application Layer protocols reside.

Top Layer in the Internet Stack

Only on the Edge of the Network


Creating a network app l.jpg
Creating a network app Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

write programs that

run on (different) end systems

communicate over network

e.g., web server software communicates with browser software

No need to write software for network-core devices

Network-core devices do not run user applications

applications on end systems allows for rapid app development, propagation

application

transport

network

data link

physical

application

transport

network

data link

physical

application

transport

network

data link

physical

2: Application Layer

38


Kr chapter 2 application layer l.jpg
KR Chapter 2: Application Layer Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

Our goals:

conceptual, implementation aspects of network application protocols

transport-layer service models

client-server paradigm

peer-to-peer paradigm

learn about protocols by examining popular application-level protocols

HTTP

FTP

SMTP / POP3 / IMAP

DNS

programming network applications

socket API

2: Application Layer

39


Addtionally l.jpg
Addtionally Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

KR Ch4 DHCP

Addressing Issues


Some network apps l.jpg
Some network apps Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

e-mail

web

instant messaging

remote login

P2P file sharing

multi-user network games

streaming stored video clips

voice over IP

real-time video conferencing

grid computing

2: Application Layer

41


Application architectures l.jpg
Application architectures Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

Client-server

Peer-to-peer (P2P)

Hybrid of client-server and P2P

2: Application Layer

42


Client server architecture l.jpg
Client-server architecture Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

server:

always-on host

permanent IP address

server farms for scaling

clients:

communicate with server

may be intermittently connected

may have dynamic IP addresses

do not communicate directly with each other

client/server

2: Application Layer

43


Pure p2p architecture l.jpg
Pure P2P architecture Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

no always-on server

arbitrary end systems directly communicate

peers are intermittently connected and change IP addresses

Highly scalable but difficult to manage

peer-peer

2: Application Layer

44


Hybrid of client server and p2p l.jpg
Hybrid of client-server and P2P Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

Skype

voice-over-IP P2P application

centralized server: finding address of remote party:

client-client connection: direct (not through server)

Instant messaging

chatting between two users is P2P

centralized service: client presence detection/location

user registers its IP address with central server when it comes online

user contacts central server to find IP addresses of buddies

2: Application Layer

45


Example of app layer protocol dhcp l.jpg

Example of App Layer Protocol: DHCP Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html


Ip addressing rkch4 l.jpg
IP Addressing [RKCh4] Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

IP address: 32-bit identifier for host, router interface

interface: connection between host/router and physical link

router’s typically have multiple interfaces

host typically has one interface

IP addresses associated with each interface

223.1.1.2

223.1.3.27

223.1.3.1

223.1.3.2

223.1.2.2

223.1.2.1

223.1.1.1

223.1.2.9

223.1.1.4

223.1.1.3

223.1.1.1 = 11011111 00000001 00000001 00000001

223

1

1

1


Ip addresses how to get one l.jpg
IP addresses: how to get one? Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

Q: How does a host get IP address?

hard-coded by system admin in a file

Windows: control-panel->network->configuration->tcp/ip->properties

UNIX: /etc/rc.config

DHCP:Dynamic Host Configuration Protocol: dynamically get address from as server

“plug-and-play”

More ways - later


Dhcp rfc2131 l.jpg
DHCP [RFC2131] Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

“In computer networking, the Dynamic Host Configuration Protocol (DHCP) is a network application protocol used by devices (DHCP clients) to obtain configuration information for operation in an Internet Protocol network. This protocol reduces system administration workload, allowing networks to add devices with little or no manual intervention.” http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol


A note on request for comments rfcs l.jpg
A Note on Request for Comments (RFCs) Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

RFC Editor of Internet Society – oversees the RFCs – http://www.rfc-editor.org. Allows search by name, title, author, number.

Note Internet RFCs can be updated or obsoleted by later RFCs

See The Tao of IETF: A Novice's Guide to the Internet Engineering Task Force (http://www.ietf.org/tao.html) section 8.1:“Getting an RFC published” for

how Internet-Draft (ID) becomes an IETF standard and is published as an RFC by RFC editor.

Various types of RFCs (proposed standard, draft standard, full standard, best current practices, informational documents, experimental protocol, historic documentents).


What s next l.jpg
What’s Next? Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

Next Class: Chapter 2 cont. – DHCP, DNS …

Wiseshark assignment for Monday –check the class website.

Reading:

Continue reading Chapter 2 (Ross Kurose (R&K))

RFC for DHCP


Dhcp dynamic host configuration protocol l.jpg
DHCP: Dynamic Host Configuration Protocol Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

Goal: allow host to dynamically obtain its IP address from network server when it joins network

Can renew its lease on address in use

Allows reuse of addresses (only hold address while connected an “on”)

Support for mobile users who want to join network (more shortly)

DHCP overview:

host broadcasts “DHCP discover” msg [optional]

DHCP server responds with “DHCP offer” msg [optional]

host requests IP address: “DHCP request” msg

DHCP server sends address: “DHCP ack” msg


Dhcp client server scenario l.jpg
DHCP client-server scenario Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

E

B

A

223.1.2.1

DHCP

223.1.1.1

server

223.1.1.2

223.1.2.9

223.1.1.4

223.1.2.2

arriving DHCP

client needs

address in this

network

223.1.1.3

223.1.3.27

223.1.3.2

223.1.3.1


Dhcp client server scenario54 l.jpg
DHCP client-server scenario Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

DHCP discover

src : 0.0.0.0, 68

dest.: 255.255.255.255,67

yiaddr: 0.0.0.0

transaction ID: 654

arriving

client

DHCP server: 223.1.2.5

DHCP offer

src: 223.1.2.5, 67

dest: 255.255.255.255, 68

yiaddrr: 223.1.2.4

transaction ID: 654

Lifetime: 3600 secs

DHCP request

src: 0.0.0.0, 68

dest:: 255.255.255.255, 67

yiaddrr: 223.1.2.4

transaction ID: 655

Lifetime: 3600 secs

time

DHCP ACK

src: 223.1.2.5, 67

dest: 255.255.255.255, 68

yiaddrr: 223.1.2.4

transaction ID: 655

Lifetime: 3600 secs


Dhcp more than ip address l.jpg
DHCP: more than IP address Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

DHCP can return more than just allocated IP address on subnet:

address of first-hop router for client

name and IP address of DNS sever

network mask (indicating network versus host portion of address)


Dhcp example l.jpg
DHCP: example Can’t Hurry Love by D. ross and the Supremes -Youtube) http://www.poppyfields.net/filks/00271.html

connecting laptop needs its IP address, addr of first-hop router, addr of DNS server: use DHCP

DHCP

UDP

IP

Eth

Phy

DHCP

UDP

IP

Eth

Phy

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP

  • DHCP request encapsulated in UDP, encapsulated in IP, encapsulated in 802.1 Ethernet

168.1.1.1

  • Ethernet frame broadcast (dest: FFFFFFFFFFFF) on LAN, received at router running DHCP server

router

(runs DHCP)

  • Ethernet demux’ed to IP demux’ed, UDP demux’ed to DHCP


Dhcp example57 l.jpg

DCP server formulates DHCP ACK containing client’s IP address, IP address of first-hop router for client, name & IP address of DNS server

DHCP: example

DHCP

UDP

IP

Eth

Phy

DHCP

UDP

IP

Eth

Phy

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP

  • encapsulation of DHCP server, frame forwarded to client, demux’ing up to DHCP at client

  • client now knows its IP address, name and IP address of DSN server, IP address of its first-hop router

router

(runs DHCP)


Dhcp wireshark output home lan l.jpg
DHCP: wireshark output address, IP address of first-hop router for client, name & IP address of DNS server(home LAN)

reply

Message type: Boot Reply (2)

Hardware type: Ethernet

Hardware address length: 6

Hops: 0

Transaction ID: 0x6b3a11b7

Seconds elapsed: 0

Bootp flags: 0x0000 (Unicast)

Client IP address: 192.168.1.101 (192.168.1.101)

Your (client) IP address: 0.0.0.0 (0.0.0.0)

Next server IP address: 192.168.1.1 (192.168.1.1)

Relay agent IP address: 0.0.0.0 (0.0.0.0)

Client MAC address: Wistron_23:68:8a (00:16:d3:23:68:8a)

Server host name not given

Boot file name not given

Magic cookie: (OK)

Option: (t=53,l=1) DHCP Message Type = DHCP ACK

Option: (t=54,l=4) Server Identifier = 192.168.1.1

Option: (t=1,l=4) Subnet Mask = 255.255.255.0

Option: (t=3,l=4) Router = 192.168.1.1

Option: (6) Domain Name Server

Length: 12; Value: 445747E2445749F244574092;

IP Address: 68.87.71.226;

IP Address: 68.87.73.242;

IP Address: 68.87.64.146

Option: (t=15,l=20) Domain Name = "hsd1.ma.comcast.net."

Message type: Boot Request (1)

Hardware type: Ethernet

Hardware address length: 6

Hops: 0

Transaction ID: 0x6b3a11b7

Seconds elapsed: 0

Bootp flags: 0x0000 (Unicast)

Client IP address: 0.0.0.0 (0.0.0.0)

Your (client) IP address: 0.0.0.0 (0.0.0.0)

Next server IP address: 0.0.0.0 (0.0.0.0)

Relay agent IP address: 0.0.0.0 (0.0.0.0)

Client MAC address: Wistron_23:68:8a (00:16:d3:23:68:8a)

Server host name not given

Boot file name not given

Magic cookie: (OK)

Option: (t=53,l=1) DHCP Message Type = DHCP Request

Option: (61) Client identifier

Length: 7; Value: 010016D323688A;

Hardware type: Ethernet

Client MAC address: Wistron_23:68:8a (00:16:d3:23:68:8a)

Option: (t=50,l=4) Requested IP Address = 192.168.1.101

Option: (t=12,l=5) Host Name = "nomad"

Option: (55) Parameter Request List

Length: 11; Value: 010F03062C2E2F1F21F92B

1 = Subnet Mask; 15 = Domain Name

3 = Router; 6 = Domain Name Server

44 = NetBIOS over TCP/IP Name Server

……

request


Dns domain name system l.jpg
DNS: Domain Name System address, IP address of first-hop router for client, name & IP address of DNS server

People: many identifiers:

SSN, name, passport #

Internet hosts, routers:

IP address (32 bit) - used for addressing datagrams

“name”, e.g., ww.yahoo.com - used by humans

Q: map between IP addresses and name ?

Domain Name System:

distributed database implemented in hierarchy of many name servers

application-layer protocol host, routers, name servers to communicate to resolvenames (address/name translation)

note: core Internet function, implemented as application-layer protocol

complexity at network’s “edge”

2: Application Layer

59


Slide60 l.jpg
DNS address, IP address of first-hop router for client, name & IP address of DNS server

Why not centralize DNS?

single point of failure

traffic volume

distant centralized database

maintenance

doesn’t scale!

DNS services

hostname to IP address translation

host aliasing

Canonical, alias names

mail server aliasing

load distribution

replicated Web servers: set of IP addresses for one canonical name

2: Application Layer

60


Distributed hierarchical database l.jpg
Distributed, Hierarchical Database address, IP address of first-hop router for client, name & IP address of DNS server

Client wants IP for www.amazon.com; 1st approx:

client queries a root server to find com DNS server

client queries com DNS server to get amazon.com DNS server

client queries amazon.com DNS server to get IP address for www.amazon.com

Root DNS Servers

org DNS servers

edu DNS servers

com DNS servers

poly.edu

DNS servers

umass.edu

DNS servers

pbs.org

DNS servers

yahoo.com

DNS servers

amazon.com

DNS servers

2: Application Layer

61


Dns root name servers l.jpg
DNS: Root name servers address, IP address of first-hop router for client, name & IP address of DNS server

contacted by local name server that can not resolve name

root name server:

contacts authoritative name server if name mapping not known

gets mapping

returns mapping to local name server

a Verisign, Dulles, VA

c Cogent, Herndon, VA (also LA)

d U Maryland College Park, MD

g US DoD Vienna, VA

h ARL Aberdeen, MD

j Verisign, ( 21 locations)

k RIPE London (also 16 other locations)

i Autonomica, Stockholm (plus 28 other locations)

m WIDE Tokyo (also Seoul, Paris, SF)

e NASA Mt View, CA

f Internet Software C. Palo Alto, CA (and 36 other locations)

13 root name servers worldwide

b USC-ISI Marina del Rey, CA

l ICANN Los Angeles, CA

2: Application Layer

62


Tld and authoritative servers l.jpg
TLD and Authoritative Servers address, IP address of first-hop router for client, name & IP address of DNS server

Top-level domain (TLD) servers:

responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp.

Network Solutions maintains servers for com TLD

Educause for edu TLD

Authoritative DNS servers:

organization’s DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web, mail).

can be maintained by organization or service provider

2: Application Layer

63


Local name server l.jpg
Local Name Server address, IP address of first-hop router for client, name & IP address of DNS server

does not strictly belong to hierarchy

each ISP (residential ISP, company, university) has one.

also called “default name server”

when host makes DNS query, query is sent to its local DNS server

acts as proxy, forwards query into hierarchy

2: Application Layer

64


Dns name resolution example l.jpg
DNS name address, IP address of first-hop router for client, name & IP address of DNS serverresolution example

Host at cis.poly.edu wants IP address for gaia.cs.umass.edu

local DNS server

dns.poly.edu

root DNS server

2

3

TLD DNS server

4

5

iterated query:

  • contacted server replies with name of server to contact

  • “I don’t know this name, but ask this server”

6

7

1

8

authoritative DNS server

dns.cs.umass.edu

requesting host

cis.poly.edu

gaia.cs.umass.edu

2: Application Layer

65


Dns name resolution example66 l.jpg
DNS name address, IP address of first-hop router for client, name & IP address of DNS serverresolution example

root DNS server

2

3

6

7

TLD DNS server

4

local DNS server

dns.poly.edu

5

1

8

authoritative DNS server

dns.cs.umass.edu

requesting host

cis.poly.edu

gaia.cs.umass.edu

recursive query:

  • puts burden of name resolution on contacted name server

  • heavy load?

2: Application Layer

66


Dns caching and updating records l.jpg
DNS: caching and updating records address, IP address of first-hop router for client, name & IP address of DNS server

once (any) name server learns mapping, it caches mapping

cache entries timeout (disappear) after some time

TLD servers typically cached in local name servers

Thus root name servers not often visited

update/notify mechanisms under design by IETF

RFC 2136

http://www.ietf.org/html.charters/dnsind-charter.html

2: Application Layer

67


Dns records l.jpg
DNS records address, IP address of first-hop router for client, name & IP address of DNS server

DNS: distributed db storing resource records (RR)

Type=NS

name is domain (e.g. foo.com)

value is hostname of authoritative name server for this domain

RR format: (name, value, type, ttl)

  • Type=A

    • name is hostname

    • value is IP address

  • Type=CNAME

    • name is alias name for some “canonical” (the real) name

      www.ibm.com is really

      servereast.backup2.ibm.com

    • value is canonical name

  • Type=MX

    • value is name of mailserver associated with name

2: Application Layer

68


Dns protocol messages l.jpg
DNS protocol, messages address, IP address of first-hop router for client, name & IP address of DNS server

DNS protocol :queryand reply messages, both with same message format

msg header

  • identification: 16 bit # for query, reply to query uses same #

  • flags:

    • query or reply

    • recursion desired

    • recursion available

    • reply is authoritative

2: Application Layer

69


Dns protocol messages70 l.jpg
DNS protocol, messages address, IP address of first-hop router for client, name & IP address of DNS server

Name, type fields

for a query

RRs in response

to query

records for

authoritative servers

additional “helpful”

info that may be used

2: Application Layer

70


Inserting records into dns l.jpg
Inserting records into DNS address, IP address of first-hop router for client, name & IP address of DNS server

example: new startup “Network Utopia”

register name networkuptopia.com at DNS registrar (e.g., Network Solutions)

provide names, IP addresses of authoritative name server (primary and secondary)

registrar inserts two RRs into com TLD server:

(networkutopia.com, dns1.networkutopia.com, NS)

(dns1.networkutopia.com, 212.212.212.1, A)

create authoritative server Type A record for www.networkuptopia.com; Type MX record for networkutopia.com

How do people get IP address of your Web site?

2: Application Layer

71


ad