Applications! - University of Washington · •Application layer protocols are often part of ^app...
Transcript of Applications! - University of Washington · •Application layer protocols are often part of ^app...
![Page 1: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/1.jpg)
Applications!
![Page 2: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/2.jpg)
Where we are in the Course
• Application layer protocols are often part of “app”• But don’t need a GUI, e.g., DNS
CSE 461 University of Washington 2
Physical
Link
Network
Transport
Application
![Page 3: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/3.jpg)
Recall
• Application layer protocols are often part of “app”• But don’t need a GUI, e.g., DNS
CSE 461 University of Washington 3
TCP
IP
802.11
HTTP
app
OS
User-level
(NIC)
![Page 4: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/4.jpg)
Recall (2)
• Application layer messages are often split over multiple packets
• Or may be aggregated in a packet …
CSE 461 University of Washington 4
802.11 IP TCP HTTP
802.11 IP TCP HTTP
802.11 IP TCP HTTP
HTTP
![Page 5: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/5.jpg)
Application Communication Needs
• Vary widely; must build on Transport services
CSE 461 University of Washington 5
UDP
DNS
TCP
Series of variable length, reliable request/reply
exchanges
Web
UDP
Real-time (unreliable)
stream delivery
Skype
Short, reliable request/reply
exchanges
Message reliability!
![Page 6: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/6.jpg)
OSI Session/Presentation Layers
• Remember this? Two relevant concepts …
CSE 461 University of Washington 6
– Provides functions needed by users
– Converts different representations
– Manages task dialogs
– Provides end-to-end delivery
– Sends packets over multiple links
– Sends frames of information
– Sends bits as signals
But consider
part of the
application,
not strictly
layered!
![Page 7: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/7.jpg)
Session Concept
• A session is a series of related network interactions in support of an application task
• Often informal, not explicit
• Examples:• Web page fetches multiple resources• Skype call involves audio, video, chat
CSE 461 University of Washington 7
![Page 8: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/8.jpg)
Presentation Concept
• Apps need to identify the type of content, and encode it for transfer
• These are Presentation functions
• Examples:• Media (MIME) types, e.g., image/jpeg, identify content type• Transfer encodings, e.g., gzip, identify the encoding of content• Application headers are often simple and readable versus
packed for efficiency
CSE 461 University of Washington 8
![Page 9: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/9.jpg)
Evolution of Internet Applications
• Always changing, and growing …
CSE 461 University of Washington 9
20101970 19901980 2000
Traffic
File Transfer (FTP)Email (SMTP)
News (NTTP)
Secure Shell (ssh)Telnet
Web (HTTP)Web (CDNs)
P2P (BitTorrent)Web (Video)
???
![Page 10: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/10.jpg)
Evolution of Internet Applications (2)
• For a peek at the state of the Internet:• Akamai’s State of the Internet Report (quarterly)• Cisco’s Visual Networking Index• Mary Meeker’s Internet Report
• Robust Internet growth, esp. video, wireless, mobile, cat• Most (70%) traffic is video (expected 80% in 2019)• Mobile traffic overtakes desktop (2016)• 15% of traffic is cats (2013)• Growing attack traffic from China, also U.S. and Russia
CSE 461 University of Washington 10
![Page 11: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/11.jpg)
Evolution of the Web
CSE 461 University of Washington 11
Source: http://www.evolutionoftheweb.com, Vizzuality, Google, and Hyperakt
![Page 12: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/12.jpg)
Evolution of the Web (2)
CSE 461 University of Washington 12
Source: http://www.evolutionoftheweb.com, Vizzuality, Google, and Hyperakt
![Page 13: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/13.jpg)
Domain Name System
![Page 14: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/14.jpg)
DNS
• Human-readable host names, and more
CSE 461 University of Washington 14
www.uw.edu?
Network
128.94.155.135
![Page 15: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/15.jpg)
Names and Addresses
• Names are higher-level identifiers for resources• Addresses are lower-level locators for resources
• Multiple levels, e.g. full name email IP address Ethernet addr• Resolution (or lookup) is mapping a name to an address
CSE 461 University of Washington 15
Name, e.g.“Andy Tanenbaum,”
or “flits.cs.vu.nl”
Address, e.g.“Vrijie Universiteit, Amsterdam”
or IPv4 “130.30.27.38”
Directory
Lookup
![Page 16: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/16.jpg)
Before the DNS – HOSTS.TXT
• Directory was a file HOSTS.TXT regularly retrieved for all hosts from a central machine at the NIC (Network Information Center)
• Names were initially flat, became hierarchical (e.g., lcs.mit.edu) ~85
• Not manageable or efficient as the ARPANET grew …
CSE 461 University of Washington 16
![Page 17: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/17.jpg)
DNS
• A naming service to map between host names and their IP addresses (and more)
• www.uwa.edu.au 130.95.128.140
• Goals:• Easy to manage (esp. with multiple parties)• Efficient (good performance, few resources)
• Approach:• Distributed directory based on a hierarchical namespace• Automated protocol to tie pieces together
CSE 461 University of Washington 17
![Page 18: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/18.jpg)
DNS Namespace
• Hierarchical, starting from “.” (dot, typically omitted)
![Page 19: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/19.jpg)
TLDs (Top-Level Domains)
• Run by ICANN (Internet Corp. for Assigned Names and Numbers)• Starting in ‘98; naming is financial, political, and international
• 700+ generic TLDs• Initially .com, .edu , .gov., .mil, .org, .net• Unrestricted (.com) vs Restricted (.edu)• Added regions (.asia, .kiwi), Brands (.apple), Sponsored (.aero) in 2012
• ~250 country code TLDs• Two letters, e.g., “.au”, plus international characters since 2010• Widely commercialized, e.g., .tv (Tuvalu)• Many domain hacks, e.g., instagr.am (Armenia), kurti.sh (St. Helena)
CSE 461 University of Washington 19
![Page 20: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/20.jpg)
DNS Zones
• A zone is a contiguous portion of the namespace
A zoneDelegation
![Page 21: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/21.jpg)
DNS Zones (2)
• Zones are the basis for distribution• EDU Registrar administers .edu• UW administers washington.edu• CSE administers cs.washington.edu
• Each zone has a nameserver to contact for information about it
• Zone must include contacts for delegations, e.g., .eduknows nameserver for washington.edu
CSE 461 University of Washington 21
![Page 22: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/22.jpg)
DNS Resource Records
• A zone is comprised of DNS resource records that give information for its domain names
CSE 461 University of Washington 22
Type Meaning
SOA Start of authority, has key zone parameters
A IPv4 address of a host
AAAA (“quad A”) IPv6 address of a host
CNAME Canonical name for an alias
MX Mail exchanger for the domain
NS Nameserver of domain or delegated subdomain
![Page 23: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/23.jpg)
DNS Resource Records (2)
CSE 461 University of Washington 23
IP addresses of computers
Name server
Mail gateways
![Page 24: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/24.jpg)
DNS Resolution
• DNS protocol lets a host resolve any host name (domain) to IP address
• If unknown, can start with the root nameserver and work down zones
• Let’s see an example first …
CSE 461 University of Washington 24
![Page 25: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/25.jpg)
DNS Resolution (2)
• flits.cs.vu.nl resolves robot.cs.washington.edu
![Page 26: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/26.jpg)
Iterative vs. Recursive Queries
• Recursive query• Nameserver resolves and returns final answer• E.g., flits local nameserver
• Iterative (Authoritative) query• Nameserver returns answer or who to contact for answer• E.g., local nameserver all others
CSE 461 University of Washington 26
![Page 27: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/27.jpg)
Iterative vs. Recursive Queries (2)
• Recursive query• Lets server offload client burden (simple resolver) for
manageability• Lets server cache over a pool of clients for better
performance
• Iterative query• Lets server “file and forget”• Easy to build high load servers
CSE 461 University of Washington 27
![Page 28: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/28.jpg)
Caching
• Resolution latency should be low• Adds delay to web browsing
• Cache query/responses to answer future queries immediately
• Including partial (iterative) answers• Responses carry a TTL for caching
CSE 461 University of Washington 28
Nameserver
query out
responseCache
![Page 29: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/29.jpg)
Caching (2)
• flits.cs.vu.nl now resolves eng.washington.edu• And previous resolutions cut out most of the process
CSE 461 University of Washington 29
1: query 2: query
UW nameserver(for washington.edu)
3: eng.washington.edu4: eng.washington.edu
Local nameserver(for cs.vu.nl)
I know the server for washington.edu!
Cache
![Page 30: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/30.jpg)
Local Nameservers
• Local nameservers often run by IT (enterprise, ISP)• But may be your host or AP• Or alternatives e.g., Google public DNS
• Clients need to be able to contact local nameservers• Typically configured via DHCP
CSE 461 University of Washington 30
![Page 31: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/31.jpg)
Root Nameservers
• Root (dot) is served by 13 server names• a.root-servers.net to m.root-servers.net• All nameservers need root IP addresses• Handled via configuration file (named.ca)
• There are >250 distributed server instances• Highly reachable, reliable service• Most servers are reached by IP anycast (Multiple locations
advertise same IP! Routes take client to the closest one.)• Servers are IPv4 and IPv6 reachable
CSE 461 University of Washington 31
![Page 32: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/32.jpg)
Root Server Deployment
CSE 461 University of Washington 32
Source: http://www.root-servers.org. Snapshot on 27.02.12. Does not represent current deployment.
![Page 33: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/33.jpg)
DNS Protocol
• Query and response messages• Built on UDP messages, port 53• ARQ for reliability; server is stateless!• Messages linked by a 16-bit ID field
Query
Response
Time
Client Server
ID=0x1234
ID=0x1234
![Page 34: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/34.jpg)
DNS Protocol (2)
• Service reliability via replicas• Run multiple nameservers for domain
• Return the list; clients use one answer
• Helps distribute load too
CSE 461 University of Washington 34
NS for uw.edu?
A
B
C
Use A, B or C
![Page 35: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/35.jpg)
DNS Protocol (3)
• Security is a major issue• Compromise redirects to wrong site!• Not part of initial protocols ..
• DNSSEC (DNS Security Extensions)• Mostly deployed
CSE 461 University of Washington 35
Um, security??
![Page 36: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/36.jpg)
Goal and Threat Model
• Naming is a crucial Internet service• Binds host name to IP address• Wrong binding can be disastrous …
Introduction to Computer Networks 36
Internet
bank.com? 11.22.33.4499.88.77.66
![Page 37: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/37.jpg)
Goal and Threat Model (2)
• Goal is to secure the DNS so that the returned binding is correct
• Integrity/authenticity vs confidentiality
• Attacker can tamper with messages on the network
Introduction to Computer Networks 37
bank.com? 11.22.33.44
Network
![Page 38: Applications! - University of Washington · •Application layer protocols are often part of ^app •ut dont need a GUI, e.g., DNS ... –Sends packets over multiple links –Sends](https://reader034.fdocuments.net/reader034/viewer/2022052101/603ba4e1876ee14774320caf/html5/thumbnails/38.jpg)
DNS Spoofing
• Hang on – how can attacker corrupt the DNS?
• Can trick nameserver into caching the wrong binding• By using the DNS protocol itself • This is called DNS spoofing
Introduction to Computer Networks 38