network architecture and protocols
DESCRIPTION
Network Architecture and Protocols. IT443 – Network Security Administration. Reference Textbooks Computer Networks: A Systems Approach Computer Networking: A Top Down Approach . Outline. Network Layers Internet Protocol (IP) TCP and UDP. Layering: A Modular Approach. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/1.jpg)
1
Network Architecture and Protocols
IT443 – Network Security Administration
Reference TextbooksComputer Networks: A Systems ApproachComputer Networking: A Top Down Approach
![Page 2: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/2.jpg)
2
Outline• Network Layers• Internet Protocol (IP)• TCP and UDP
![Page 3: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/3.jpg)
3
Layering: A Modular Approach• Sub-divide the problem
– Each layer relies on services from layer below – Each layer exports services to layer above
• Interface between layers defines interaction– Hides implementation details– Layers can change without disturbing other layers
LinkNetwork
TransportApplication
Physical
HTTP, FTP, TELNETPOP/IMAP, SSH, SSL, …
TCP, UDP
IP(IPv4, IPv6)Ethernet, DSL WiFi, …
![Page 4: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/4.jpg)
4
Layer Encapsulation
4
Get index.html
Connection ID
Source/Destination
Link Address
User A User B
![Page 5: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/5.jpg)
5
IP Layer• Data traffic divided into packets
– Each packet contains a header (with address)• Packets travel separately through network
– Packet forwarding based on the header– Network nodes may store packets temporarily
• Destination reconstructs the message
![Page 6: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/6.jpg)
6
IP Layer• Packet Switching
– VS. Circuit Switching
• Best-effort delivery– Packets may be lost– Packets may be corrupted– Packets may be delivered out of order
![Page 7: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/7.jpg)
7
What if the Data Doesn’t Fit?Problem: Packet size
Solution: Split the data across multiple packets
• On Ethernet, max IP packet is 1500 bytes (MTU)• Typical Web page is 10 kbytes
GETindex.html
GET index.html
![Page 8: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/8.jpg)
8
What if the Data is Out of Order?
Solution: Add Sequence Numbers
Problem: Out of Order
GETx.htindeml
GET x.htindeml
GET index.html
ml 4 inde 2 x.ht 3 GET 1
![Page 9: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/9.jpg)
9
IP Packet
20-byteheader
4-bitVersion
4-bitHeaderLength
8-bitType of Service(TOS)
16-bit Total Length (Bytes)
16-bit Identification3-bitFlags 13-bit Fragment Offset
8-bit Time to Live (TTL) 8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
Options (if any)
Payload
![Page 10: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/10.jpg)
10
Transport Protocols• Provide logical communication between
application processes running on different hosts
• Datagram messaging service (UDP)– No-frills extension of “best-effort” IP
• Reliable, in-order delivery (TCP)
![Page 11: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/11.jpg)
11
Using Ports to Identify Services
Web server(port 80)
Client host
Server host 128.2.194.242
Echo server(port 7)
Service request for128.2.194.242:80(i.e., the Web server)
Web server(port 80)
Echo server(port 7)
Service request for128.2.194.242:7(i.e., the echo server)
OS
OS
Client
Client
![Page 12: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/12.jpg)
Knowing What Port Number To Use• Popular applications have well-known ports
– E.g., port 80 for Web and port 25 for e-mail– Well-known ports listed at http://www.iana.org
• Well-known vs. ephemeral ports– Server has a well-known port (e.g., port 80)
• Between 0 and 1023– Client picks an unused ephemeral (i.e., temporary) port
• Between 1024 and 65535
• Uniquely identifying the traffic between the hosts– Two IP addresses and two port numbers– Underlying transport protocol (e.g., TCP or UDP)
![Page 13: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/13.jpg)
13
Unreliable Message Delivery Service• User Datagram Protocol (UDP)
– IP plus port numbers – Optional error checking on the packet contents
• Lightweight communication between processes– Avoid overhead and delays of ordered, reliable delivery
• For example: VoIP, video conferencing, gaming
SRC port DST port
checksum
length
DATA
![Page 14: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/14.jpg)
14
Transmission Control Protocol• Communication service (socket)
– Ordered, reliable byte stream– Simultaneous transmission in both directions
• Key mechanisms at end hosts– Retransmit lost and corrupted packets– Discard duplicate packets and put packets in order– Flow control to avoid overloading the receiver buffer– Congestion control to adapt sending rate to network
load
![Page 15: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/15.jpg)
15
An Analogy: Talking on a Cell Phone• Alice and Bob on their cell phones
– Both Alice and Bob are talking• What if Alice couldn’t understand Bob?
– Bob asks Alice to repeat what she said• What if Bob hasn’t heard Alice for a while?
– Is Alice just being quiet?– Or, have Bob and Alice lost reception?– How long should Bob just keep on talking?– Maybe Alice should periodically say “uh huh”– … or Bob should ask “Can you hear me now?”
• Retransmission, ACK/NACK, timeout
![Page 16: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/16.jpg)
16
TCP Support for Reliable Delivery• Checksum
– Used to detect corrupted data at the receiver– …leading the receiver to drop the packet
• Sequence numbers– Used to detect missing data– ... and for putting the data back in order
• Retransmission– Sender retransmits lost or corrupted data– Timeout based on estimates of round-trip time
![Page 17: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/17.jpg)
17
Establishing a TCP Connection
• Three-way handshake to establish connection– Host A sends a SYN (open) to the host B– Host B returns a SYN acknowledgment (SYN ACK)– Host A sends an ACK to acknowledge the SYN ACK
SYN
SYN ACK
ACKDataData
Each host tells its ISN to the other host.
![Page 18: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/18.jpg)
18
TCP Header
Source port Destination port
Sequence number
Acknowledgment
Advertised windowHdrLen Flags0
Checksum Urgent pointer
Options (variable)
Data
Flags: SYNFINRSTPSHURGACK
![Page 19: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/19.jpg)
19
Identifiers• Transport Layer: port number• IP Layer: IP address• Link Layer: MAC address
![Page 20: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/20.jpg)
20
IP Suite: End Hosts vs. Routers
HTTP
TCP
IP
Ethernetinterface
HTTP
TCP
IP
Ethernetinterface
IP IP
Ethernetinterface
Ethernetinterface
SONETinterface
SONETinterface
host host
router router
HTTP message
TCP segment
IP packet IP packetIP packet
![Page 21: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/21.jpg)
21
Outline• Addressing and Naming
– IP prefix, DNS, ARP
![Page 22: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/22.jpg)
22
Grouping Related Hosts• The Internet is an “inter-network”
– Used to connect networks together, not hosts– Needs a way to address a network (i.e., group of
hosts)
host host host
LAN 1
... host host host
LAN 2
...
router router routerWAN WAN
LAN = Local Area NetworkWAN = Wide Area Network
![Page 23: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/23.jpg)
23
Scalability Challenge• Suppose hosts had arbitrary addresses
– Then every router would need a lot of information– …to know how to direct packets toward the host
host host host
LAN 1
... host host host
LAN 2
...
router router routerWAN WAN
1.2.3.4 5.6.7.8 2.4.6.8 1.2.3.5 5.6.7.9 2.4.6.9
1.2.3.41.2.3.5
forwarding table
![Page 24: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/24.jpg)
24
IP Prefix• Divided into network & host portions (left and right) • 12.34.158.0/24 is a 24-bit prefix with 28 addresses
00001100 00100010 10011110 00000101
Network (24 bits) Host (8 bits)
12 34 158 5
![Page 25: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/25.jpg)
25
IP Address and Subnet Mask
00001100 00100010 10011110 00000101
12 34 158 5
11111111 11111111 11111111 00000000
255 255 255 0
Address
Mask
![Page 26: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/26.jpg)
26
Scalability Improved• Number related hosts from a common subnet
– 1.2.3.0/24 on the left LAN– 5.6.7.0/24 on the right LAN
host host host
LAN 1
... host host host
LAN 2
...
router router routerWAN WAN
1.2.3.4 1.2.3.7 1.2.3.156 5.6.7.8 5.6.7.9 5.6.7.212
1.2.3.0/24
5.6.7.0/24
forwarding table
![Page 27: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/27.jpg)
27
Easy to Add New Hosts• No need to update the routers
– E.g., adding a new host 5.6.7.213 on the right– Doesn’t require adding a new forwarding entry
host host host
LAN 1
... host host host
LAN 2
...
router router routerWAN WAN
1.2.3.4 1.2.3.7 1.2.3.156 5.6.7.8 5.6.7.9 5.6.7.212
1.2.3.0/24
5.6.7.0/24
forwarding table
host
5.6.7.213
![Page 28: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/28.jpg)
28
Classful Addressing• In the olden days, only fixed allocation sizes
– Class A: • Very large /8 blocks (e.g., MIT has 18.0.0.0/8)
– Class B: • Large /16 blocks (e.g,. Princeton has 128.112.0.0/16)
– Class C: • Small /24 blocks (e.g., AT&T Labs has 192.20.225.0/24)
![Page 29: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/29.jpg)
29
Classless Inter-Domain Routing (CIDR)
IP Address : 12.4.0.0 IP Mask: 255.254.0.0
00001100 00000100 00000000 00000000
11111111 11111110 00000000 00000000Mask
for hosts Network Prefix
Use two 32-bit numbers to represent a network. Network number = IP address + Mask
Written as 12.4.0.0/15
![Page 30: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/30.jpg)
30
Private Networks• Not globally delegated
– 10.0.0.0/8 (255.0.0.0)– 172.16.0.0/12 (255.240.0.0)– 192.168.0.0/16 (255.255.0.0)
![Page 31: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/31.jpg)
31
Growth History• BGP (Broader Gateway Protocol) Table Size
– Autonomous systems (routing prefixes)– http://bgp.potaroo.net/as1221/bgp-active.html
![Page 32: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/32.jpg)
32
Are 32-bit Addresses Enough?• Not all that many unique addresses
– 232 = 4,294,967,296 (just over four billion)– Plus, some are reserved for special purposes– And, addresses are allocated in larger blocks
• And, many devices need IP addresses– Computers, PDAs, routers, smartphones, toasters, …
• Long-term solution: a larger address space– IPv6 has 128-bit addresses (2128 = 3.403 × 1038)
• Short-term solutions: limping along with IPv4– Private addresses– Network address translation (NAT)– Dynamically-assigned addresses (DHCP)
![Page 33: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/33.jpg)
33
Naming: Domain Name System (DNS)• Properties of DNS
– Hierarchical name space divided into zones– Translation of names to/from IP addresses– Distributed over a collection of DNS servers
![Page 34: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/34.jpg)
34
• 13 root servers (see http://www.root-servers.org/)• Labeled A through M
DNS Root Servers
B USC-ISI Marina del Rey, CAL ICANN Los Angeles, CA
E NASA Mt View, CAF Internet Software C. Palo Alto, CA (and 17 other locations)
I Autonomica, Stockholm (plus 3 other locations)
m WIDE Tokyo
A Verisign, Dulles, VAC Cogent, Herndon, VA (also Los Angeles)D U Maryland College Park, MDG US DoD Vienna, VAH ARL Aberdeen, MDJ Verisign, ( 11 locations)
K RIPE London (also Amsterdam, Frankfurt)
![Page 35: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/35.jpg)
35
Domain Name System
com edu org ac uk zw arpa
unnamed root
bar
west east
foo my
ac
cam
usr
in-addr
12
34
56
generic domains country domains
my.east.bar.edu usr.cam.ac.uk
12.34.56.0/24
![Page 36: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/36.jpg)
36
DNS Resolver and Local DNS Server
Application
DNS resolver
Local DNSserver
1 10
DNS cache
DNS query2
DNS response 9
Root server
3
4
Top-leveldomain server
5
6
Second-leveldomain server
7
8
Caching based on a time-to-live (TTL) assigned by the DNS server responsible for the host name to reduce latency in DNS translation.
![Page 37: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/37.jpg)
37
Recursive and Iterative• Recursive query
– Ask server to get answer for you– E.g., request 2 and response 9
• Iterative query– Ask server who to ask next– E.g., all other request-response pairs
![Page 38: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/38.jpg)
38
DNS Caching• Performing all these queries take time
– And all this before the actual communication takes place– E.g., 1-second latency before starting Web download
• Caching can substantially reduce overhead– The top-level servers very rarely change– Popular sites (e.g., www.cnn.com) visited often– Local DNS server often has the information cached
• How DNS caching works– DNS servers cache responses to queries– Responses include a “time to live” (TTL) field– Server deletes the cached entry after TTL expires
![Page 39: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/39.jpg)
39
Negative Caching• Remember things that don’t work
– Misspellings like www.cnn.comm and www.cnnn.com
– These can take a long time to fail the first time– Good to remember that they don’t work– … so the failure takes less time the next time
around
![Page 40: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/40.jpg)
40
Address Translation • MAC (or LAN or physical or Ethernet) address:
– function: get frame from one interface to another physically-connected interface (same network)
– 48 bit MAC address (for most LANs)• burned in NIC ROM, also sometimes software settable
• Analogy:– MAC address: like Social Security Number– IP address: like postal address
![Page 41: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/41.jpg)
41
ARP: Address Resolution Protocol• Each IP node (host, router) on LAN has ARP table• ARP table: IP/MAC address mappings for some LAN
nodes < IP address; MAC address; TTL>
– TTL (Time To Live): time after which address mapping will be forgotten (typically 20 min)
• First time (A→B): A broadcasts an ARP query packet, containing B's IP address – destination MAC address = FF-FF-FF-FF-FF-FF– all machines on LAN receive ARP query
![Page 42: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/42.jpg)
Data Link Layer
Addressing: routing to another LANwalkthrough: send datagram from A to B via R.
–focus on addressing - at both IP (datagram) and MAC layer (frame)
5-42
R
1A-23-F9-CD-06-9B222.222.222.220
111.111.111.110E6-E9-00-17-BB-4BCC-49-DE-D0-AB-7D
111.111.111.112
111.111.111.11174-29-9C-E8-FF-55
A
222.222.222.22249-BD-D2-C7-56-2A
222.222.222.22188-B2-2F-54-1A-0F
B
![Page 43: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/43.jpg)
Data Link Layer5-43
R
1A-23-F9-CD-06-9B222.222.222.220
111.111.111.110E6-E9-00-17-BB-4BCC-49-DE-D0-AB-7D
111.111.111.112
111.111.111.11174-29-9C-E8-FF-55
A
IPEthPhy
IP src: 111.111.111.111 IP dest: 222.222.222.222
A creates IP datagram with IP source A, destination B A creates link-layer frame with R's MAC address as dest, frame
contains A-to-B IP datagramMAC src: 74-29-9C-E8-FF-55 MAC dest: E6-E9-00-17-BB-4B
222.222.222.22249-BD-D2-C7-56-2A
222.222.222.22188-B2-2F-54-1A-0F
B
![Page 44: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/44.jpg)
Data Link Layer5-44
R
1A-23-F9-CD-06-9B222.222.222.220
111.111.111.110E6-E9-00-17-BB-4BCC-49-DE-D0-AB-7D
111.111.111.112
111.111.111.11174-29-9C-E8-FF-55
A
IPEthPhy
frame sent from A to R
IP src: 111.111.111.111 IP dest: 222.222.222.222
MAC src: 74-29-9C-E8-FF-55 MAC dest: E6-E9-00-17-BB-4B
IPEthPhy
frame received at R, datagram removed, passed up to IP
222.222.222.22249-BD-D2-C7-56-2A
222.222.222.22188-B2-2F-54-1A-0F
B
![Page 45: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/45.jpg)
Data Link Layer5-45
R
1A-23-F9-CD-06-9B222.222.222.220
111.111.111.110E6-E9-00-17-BB-4BCC-49-DE-D0-AB-7D
111.111.111.112
111.111.111.11174-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.22188-B2-2F-54-1A-0F
BA
IP src: 111.111.111.111 IP dest: 222.222.222.222
R forwards datagram with IP source A, destination B R creates link-layer frame with B's MAC address as dest, frame
contains A-to-B IP datagram
MAC src: 1A-23-F9-CD-06-9B MAC dest: 49-BD-D2-C7-56-2A
IPEthPhy
IPEthPhy
![Page 46: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/46.jpg)
Data Link Layer5-46
R
1A-23-F9-CD-06-9B222.222.222.220
111.111.111.110E6-E9-00-17-BB-4BCC-49-DE-D0-AB-7D
111.111.111.112
111.111.111.11174-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.22188-B2-2F-54-1A-0F
BA
R forwards datagram with IP source A, destination B R creates link-layer frame with B's MAC address as dest, frame
contains A-to-B IP datagram
IP src: 111.111.111.111 IP dest: 222.222.222.222
MAC src: 1A-23-F9-CD-06-9B MAC dest: 49-BD-D2-C7-56-2A
IPEthPhy
IPEthPhy
![Page 47: Network Architecture and Protocols](https://reader035.vdocuments.site/reader035/viewer/2022062305/56816387550346895dd473fa/html5/thumbnails/47.jpg)
Data Link Layer5-47
R
1A-23-F9-CD-06-9B222.222.222.220
111.111.111.110E6-E9-00-17-BB-4BCC-49-DE-D0-AB-7D
111.111.111.112
111.111.111.11174-29-9C-E8-FF-55 222.222.222.222
49-BD-D2-C7-56-2A
222.222.222.22188-B2-2F-54-1A-0F
BA
R forwards datagram with IP source A, destination B R creates link-layer frame with B's MAC address as dest, frame
contains A-to-B IP datagram
IP src: 111.111.111.111 IP dest: 222.222.222.222
MAC src: 1A-23-F9-CD-06-9B MAC dest: 49-BD-D2-C7-56-2A
IPEthPhy