Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Data Networking Overview Presented by Scott M. Ballew Copyright of Scott M. Ballew and Purdue University, July 19, 2007 Agenda Network Models Network Technologies • Layer 1 • Layer 2 • Etc. Network Security Network Usability • The Domain Name System • Host Configuration • Remote Access 2 Network Models Network models use layers to describe networks Each layer describes the services provided to the layer above it and those required from the layer below it It also describes the format of exchanges between peer layers on different network hosts Because the layers “stack” on top of one another, we often refer to network protocol “stacks” when we talk about the implementation Layer N+1 Layer N+1 Provides Exchanges Layer N Layer N Requires Layer N-1 Layer N-1 3 Network Models The most well-known network model is the OSI (Open Systems Interconnect) Reference Model defined and maintained by the Organization for International Standardization (ISO) It consists of seven layers, numbered from the bottom (closest the network) to the top (closest the user) Layer 7 – Application Layer 6 – Presentation Layer 5 – Session Layer 4 – Transport Layer 3 – Network Layer 2 – Data Link Layer 1 – Physical 4 OSI Reference Model Layer 1 – The Physical Layer • Defines the type of media to be used • Defines representation of data on the medium » Is a ‘0’ “high” or “low”, “on” or “off”? » What order are bits transmitted (if serial)? Layer 1 – Physical 5 OSI Reference Model Layer 2 – The Data Link Layer • Defines “right to transmit” rules • Provides directlyconnected host-to-host data transfer • Defines higher-level structure of data (frames) • Defines “physical” address structure for hosts Layer 2 – Data Link Layer 1 – Physical 6 OSI Reference Model Layer 3 – The Network Layer • Provides end-host-toend-host data transfer across (potentially) multiple data links • Defines higher-level structure of data (packets) • Defines “abstract” address structure for hosts Layer 3 – Network Layer 2 – Data Link Layer 1 – Physical 7 OSI Reference Model Layer 4 – The Transport Layer • Provides process-toprocess data transfer • May provide for reliable data transfer • Defines higher-level structure for data (datagrams, streams, etc.) • Defines “port” addresses for services (processes) Layer 4 – Transport Layer 3 – Network Layer 2 – Data Link Layer 1 – Physical 8 OSI Reference Model Layer 5 – The Session Layer • Provides a logically persistent connection between processes • May involve user or host authentication (login), transaction encapsulation (for database access), etc. Layer 5 – Session Layer 4 – Transport Layer 3 – Network Layer 2 – Data Link Layer 1 – Physical 9 OSI Reference Model Layer 6 – The Presentation Layer • Defines the network representation of data • Converts between the network and host representations of data (ASCII/EBCDIC, byte order, encryption, compression, etc.) Layer 6 – Presentation Layer 5 – Session Layer 4 – Transport Layer 3 – Network Layer 2 – Data Link Layer 1 – Physical 10 OSI Reference Model Layer 7 – The Application Layer • Provides a portal for the application to access the network • Describes the dialog between two applications communicating across the network. Layer 7 – Application Layer 6 – Presentation Layer 5 – Session Layer 4 – Transport Layer 3 – Network Layer 2 – Data Link Layer 1 – Physical 11 TCP/IP Network When TCP/IP was defined in the early days of the Internet, the OSI Reference Model had not been defined, so a different layering model was used It consists of 4 or 5 layers, and maps closely to the OSI Reference Model Layer 5 – Application Layer 4 – Transport Layer 3 – Internetwork Layer 2 – Link Layer 1 – Physical 12 TCP/IP Network Layers 1 & 2 – The Physical and Link Layers • Provide physical communications between hosts within a network. Sometimes combined into a single “Link” layer. • Correspond to OSI layers 1 and 2 Layer 2 – Link Layer 1 – Physical 13 TCP/IP Network Layer 3 – The Internetwork Layer • Provides all necessary components to move data between networks, including addressing, routing, etc. • Corresponds to OSI layer 3 Layer 3 – Internetwork Layer 2 – Link Layer 1 – Physical 14 TCP/IP Network Layer 4 – The Transport Layer • Provides everything necessary to move data between applications • Corresponds to OSI layer 4 Layer 4 – Transport Layer 3 – Internetwork Layer 2 – Link Layer 1 – Physical 15 TCP/IP Network Layer 5 – The Application Layer • Provides everything specific to an application or a session • Corresponds to OSI layers 5 through 7 Layer 5 – Application Layer 4 – Transport Layer 3 – Internetwork Layer 2 – Link Layer 1 – Physical 16 Agenda Network Models Network Technologies • Layer 1 • Layer 2 • Etc. Network Security Network Usability • The Domain Name System • Host Configuration • Remote Access 17 Network Technologies – L1 Layer 1 – The Physical Layer • Copper Cable » Coax – bulky, heavy, but relatively immune to noise » Twisted pair – thinner, lighter, cheaper, and okay about noise • Fiber Optic Cable » Multi-mode – good for relatively short distances (a couple of km) and moderate speeds (< 10 Gbps) » Single-mode – good for short and long distances (100+ km) and virtually any speed • Radio, Microwaves, Satellite, others None are inherently secure! 18 Network Technologies – L2 Layer 2 – The Data Link Layer • • • • • • • • Ethernet Token Ring FDDI ATM SLIP/PPP Frame Relay SONET Waxed String 19 Network Technologies – L2 Ethernet • Ethernet has a very simple transmission control protocol 1. 2. 3. 4. Listen to the network If someone is talking, wait your turn If no one is talking, send your data If someone starts talking while you are talking, stop talking and scream at them! 20 Network Technologies – L2 Ethernet transmissions occur in “frames” of 64 to 1518 octets in length The frame contains a header, data, and a checksum The header contains source and destination addresses and the frame type 6 octets 6 octets 2 Dst Address Src Address Type 4 octets 14 octets Header Data F C S 64 – 1518 octets 21 Network Technologies – L2 Early Ethernet devices had fairly basic functions • Transceivers physically connect hosts to the Ethernet coax cable • Repeaters amplify and repeat frames from one coax cable to another • Bridges selectively amplify and repeat frames from one coax cable to another 22 Network Technologies – L2 Hubs provide a combination of convenience and flexibility • Coax hubs were a way to share a transceiver among multiple systems to avoid having to install so many. They used the same cable between a system and the hub as was used between a system and a transceiver • Twisted pair Ethernet hubs made it practical to provide network connections in office spaces Hub == Repeater! 23 Network Technologies – L2 Switches provide for improved performance • Recall that bridges selectively forward frames from one network segment to another, while repeaters (hubs) always forward frames from one network segment to another • Switches are simply multi-port bridges implemented in hardware 24 Network Technologies – L2 Finally, Wireless Access Points removed the need for cables between the network and the system • An access point is sort of a hub/switch hybrid » Individual systems have to share available bandwidth (radio waves) » Frames are selectively transmitted between network segments (wired/wireless) » Wireless systems may or may not be able to “hear” each other’s transmissions 25 Network Technologies – L3 Layer 3 – The Network Layer • Layer 3 is where we connect layer 2 networks together • The layer 2 networks can be the same or different technologies • They can be the same or different speeds • Many of the concepts are the same as layer 2, only different 26 Network Technologies – L3 IPv4 is the most successful layer 3 protocol ever developed • Hundreds of millions of systems • Every time zone • Every continent (yes, even Antarctica!) The basic protocol is unchanged since its inception in the early 80’s 27 Network Technologies – L3 IP Packets » Addresses » Protocol » Control information • Payload (data) VER IHL TOS Identification TTL Total Length Flags • Header 32 bits Offset Protocol Header Checksum Header Source Address Destination Address Options Padding Payload 28 Network Technologies – L3 IP Addresses 172 . 24 . 57 . 18 10101100 00011000 00111001 00010010 29 Network Technologies – L3 All systems on a single layer 2 network must have IP addresses with the same prefix This prefix is the network portion of the IP address – the remainder is the host portion IP addresses are arbitrarily split into a network portion and a host portion – local network administrators decide where the split between the network and host portions is rather than the protocol 30 Network Technologies – L3 Network Masks • Network masks specify where the split between network and host portions is • A mask is a 32-bit quantity, just like an IP address, and can be represented the same way as a dotted “quad” 11111111 11111111 11111111 00000000 255 . 255 . 255 . 0 31 Network Technologies – L3 Network Masks (cont) 172.24.57.18 255.255.255.0 10101100 00011000 00111001 00010010 11111111 11111111 11111111 00000000 172.24.57.0 10101100 00011000 00111001 00000000 172.24.57.18 255.255.255.240 10101100 00011000 00111001 00010010 11111111 11111111 11111111 11110000 172.24.57.16 10101100 00011000 00111001 00010000 32 Network Technologies – L3 Network Masks (cont.) • Knowing the network mask is important to understanding the structure of any IP address. • But writing “172.24.57.18 with mask 255.255.255.0” is cumbersome. • We could shorten it to “172.24.57.18/255.255.255.0”, but even that is longer than we need. 33 Network Technologies – L3 Slash Notation 255.255.255.0 11111111 11111111 11111111 00000000 24 bits 255.255.255.240 11111111 11111111 11111111 11110000 28 bits 172.24.57.18/255.255.255.0 172.24.57.18/24 172.24.57.18/255.255.255.240 172.24.57.18/28 34 Network Technologies – L3 Routers are the primary Layer 3 device Routers perform two distinct functions: • Switch packets between networks • Maintain network topology information 35 Network Technologies – L3 “Layer-3 switches” is a newer term • It may just be another term for “router” (i.e. a marketing term) • May be a “hybrid” L2/L3 device » Grew “up” from L2 » Grew “down” from L3 36 Network Technologies – L3 Basic IP Routing (Switching) Algorithm • Look at the destination IP address » If it is one of my addresses, deliver it to the local system » Else if it is on one of my attached networks, deliver it directly using link-specific mechanisms » Else find the longest match (address/mask) in a local table and send the packet to the next hop address from that entry » Else inform the sender of failure 37 Network Technologies – L3 Routing Tables • Mandatory Information » Destination IP Address » Netmask » Next Hop Router Address • Optional Information » Layer 2 information (address) » Interface index » Flags 38 Network Technologies – L3 Routing Table Maintenance • Static Configuration » Works well for small tables with little need for change • Dynamic Routing Protocols » Allows routers (and sometimes hosts) to inform each other about current network topology » Work well for large tables or highly dynamic networks, but are often overkill for hosts 39 Network Technologies – L3 Routing Protocols • Many variations • Some designed for use within a site network (Interior Gateway Protocols) • Some designed for use between sites (Exterior Gateway Protocols) • All have the same goal – a consistent view of the network topology! 40 Network Technologies – L3 Other Network Protocols • AppleTalk • IPX (Novell Netware) • DECNet 41 Network Technologies – L4 Layer 4 – The Transport Layer • Allow multiple processes/programs to use the IP network on same host • Additionally, layer 4 may provide for reliable communications between these processes • The IP protocol suite defines two major layer 4 protocols – UDP and TCP 42 Network Technologies – L4 UDP – The User Datagram Protocol • • • • Connectionless Datagram based Unreliable “Quick & Dirty” Common uses: • Domain Name System (DNS) • Simple Network Management Protocol (SNMP) • Older Network File System (NFS) 43 Network Technologies – L4 TCP – The Transmission Control Protocol • Connection-oriented • Stream based • Reliable » In order » Once and only once • “Heavy weight” » 3-way handshake Common uses: • Remote login (Telnet, RSH/Rlogin, SSH) • File Transfer (FTP, SCP, HTTP) • Newer NFS 44 Network Technologies – L4 There are other Layer 4 protocols in the IP family Most try to combine features of UDP and TCP • Example: A reliable datagram protocol 45 Network Technologies – L5+ Layer 5+ - The Session, Presentation, and Application Layers Telnet – Remote Login File Transfer Protocol (FTP) – File Transfer Simple Mail Transfer Protocol (SMTP) – Email RSH/Rlogin – Remote Login HyperText Transfer Protocol (HTTP) – World Wide Web • SSH/SCP – Secure Remote Login/File Transfer • Many others! • • • • • 46 Agenda Network Models Network Technologies • Layer 1 • Layer 2 • Etc. Network Security Network Usability • The Domain Name System • Host Configuration • Remote Access 47 Network Security Security Devices • Firewalls » Packet Filters » Stateless or Stateful » Network or Host-based • Intrusion Detection/Prevention Systems (IDS/IPS) » Network or Host-based 48 Network Security Security Protocols • • • • Ident SSH – Secure Shell SSL – Secure Sockets Layer IPSec 49 Agenda Network Models Network Technologies • Layer 1 • Layer 2 • Etc. Network Security Network Usability • The Domain Name System • Host Configuration • Remote Access 50 Network Usability The Domain Name System (DNS) • Provides Name-to-Address mapping • Also provides Address-to-Name mapping • Implemented as a distributed database of trusting systems • DO NOT trust the DNS blindly! » Subject to attacks » Not all DNS servers are controlled by “good” people 51 Network Usability Host Configuration • Need 4 critical items » » » » Own IP address Network mask Routing Table DNS Servers’ IP addresses • Dynamic Host Configuration Protocol (DHCP) 52 Network Usability Remote Access • Modems • Virtual Private Networks (VPN) » Point-to-Point Tunneling Protocol (PPTP) » IPSec » SSL 53 Television is an invention which allows people to entertain you in your living room that you would never allow in your house. -David Frost The Internet is an invention which allows people to access your computer that you would never allow in your house. 54