Download 21. Application Layer

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
page
61
page
62
page
63
page
64
page
65
page
66
page
67
page
68
page
69
page
70
page
71
page
72
page
73
page
74
page
75
page
76
page
77
page
78
page
79
page
80
page
81
page
82
page
83
page
84
page
85
page
86
page
87
page
88
page
89
page
90
page
91
page
92
page
93
page
94
page
95
page
96
page
97
page
98
page
99
page
100
page
101
page
102
page
103
page
104
page
105
page
106
page
107
Document related concepts

Network tap wikipedia , lookup

Net bias wikipedia , lookup

Computer network wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

AppleTalk wikipedia , lookup

Airborne Networking wikipedia , lookup

Deep packet inspection wikipedia , lookup

Dynamic Host Configuration Protocol wikipedia , lookup

Distributed firewall wikipedia , lookup

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

Server Message Block wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Lag wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Real-Time Messaging Protocol wikipedia , lookup

Internet protocol suite wikipedia , lookup

Hypertext Transfer Protocol wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
Lecture #21:
Application Layer
Protocols: DNS, TELNET,
e-Mail, FTP, WWW, NNTP,
SNMP, NTP
etc.
TCP/IP Application Layer
Application layer
Presentation layer
Session layer
User application 1
Encryption/
decryption
Session
control
Session
synch.
...
compression/
expansion
Choice of
syntax
Session to transport
mapping
Session
management
Transport layer
Layer and flow
control
Error
recovery
Multiplexing
Network layer
Connection
control
Routing
Addressing
Link layer
Data link
establishment
Error
control
Physical layer
Access to
transm. media
Physical and
electrical interface
Flow
control
Synch
Framing
Activation/
deactivation of con.
OSI layers
Wide used Application protocols: DNS, HTTP, FTP, SMTP,
POP3, IMAP, NNTP, SNMP, NTP, RPC, TELNET, SSH ...
2
DNS - The purpose

To map a hostname to an IP-address and
vice versa.
Example:
www.acad.bg
194.141.0.9
Each hostname may has zero or more corresponding IPaddresses.
Each IP-address may correspond to zero or more
3
hostnames.
DNS - Historical remarks
Host name to address mappings were maintained by the
Network Information Center (NIC) in a single file
(HOSTS.TXT) which was transferred to all hosts using FTP
(about 25 years ago).
Disadvantages:
 Ineffective – Bandwidth consumed in distributing a new version
by this scheme is proportional to the square of the number of
hosts in the network.
 The network population was also changing in character.
 The applications on the Internet were getting more
sophisticated and creating a need for general purpose name
service.
4
DNS design goals
The primary goal is a consistent name space
which will be used for referring to resources.
The database which holds the names must be
distributed.
The costs of implementing such a facility
dictate that it be generally useful, and not
restricted to a single application.
5
DNS design goals (contd.)
Use the same name space with different
protocol families or management.
Name server transactions must be independent
of the communications system that carries
them.
The system should be useful across a wide
spectrum of host capabilities. Both personal
computers and large timeshared hosts
(mainframes) should be able to use the system,
6
though perhaps in different ways.
Elements of the DNS
Three main componets
1. The DOMAIN NAME SPACE and RESOURCE
RECORDS, which are specifications for a tree
structured name space and data associated
with the names.
2. NAME SERVERS are server programs which
hold information about the domain tree's
structure and set information.
3. RESOLVERS are programs that extract
information from name servers in response to
client requests.
7
Elements of the DNS (contd.)
These three components roughly correspond to
the three layers or views of the DNS:
 From the user's point of view, the domain system is
accessed through a simple procedure.
 From the resolver's point of view, the domain system
is composed of an unknown number of name servers.
 From a name server's point of view, the domain
system consists of separate sets of local information
called zones.
8
Name space specifications
and terminology



The domain name space is a tree structure
composed by nodes.
Each node has a label, which is zero to 63
octets in length.
The domain name of a node is the list of the
labels on the path from the node to the root of
the tree.
The name of the root node is empty string
(zero length) – “”.
9
Name space specifications
and terminology (contd.)



Internally, programs that manipulate domain
names should represent them as sequences of
labels, where each label is a length octet
followed by an octet string.
Domain names are case-insensitive using the
ASCII codes with high order zero bit.
When a user types a domain name, the length
of each label is omitted and the labels are
separated by dots ("."). Since a complete
domain name ends with the root label, this
leads to a printed form which ends in a dot.
10
Example Name Space
ICANN, IANA
(a graphical tree view)
One Root domain (“”)
com
edu
bg
yahoo
ucla
acad
2nd Level Domains
physics
3rd Level Domains
Up to 127 levels
info
see-grid
amigo val www
mary joe kevin
mail
eu
Delegation
Top Level Domains
(TLD)
test book
sigma
11
Top Level Domains
 Generic domains (gTLD):
com, org, net, int (all around the world);
edu, gov, mil (located in USA only);
aero, biz, coop, info, museum, name, pro
(new domains, since 2000).
 Country code domains (ccTLD):
bg, uk, fr, it, ...
 Special infrastructure domain:
arpa
 Loopback domains:
localhost, localdomain
 And the domain eu for European Union!
12
Resource Records


The distributed database which holds the
names consists of several Resource Records.
Resource record - Set of resource information
associated with a particular name.
13
DNS server
A computer with software which:
1. Holds and maintains specified part of the distributed
database of resource records.
2. Responds to the name queries.
3. Exchanges the zone information with other DNS
servers.
These tasks are described in the DNS protocol (RFC 1035) located
on the Application Layer of the “TCP/IP reference model”.
14
The root DNS servers
At the heart of the DNS are 13 special computers,
called root servers. They are coordinated by ICANN
and are distributed around the world.
A.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.
198.41.0.4
192.228.79.201
192.33.4.12
128.8.10.90
192.203.230.10
192.5.5.241
192.112.36.4
128.63.2.53
192.36.148.17
192.58.128.30
193.0.14.129
199.7.83.42
202.12.27.33
15
K.ROOT-SERVERS.NET
(operated by RIPE NCC)
Source: http://k.root-servers.org
16
DNS servers (contd.)
Delegation:
 ICANN organization delegates root DNS servers.
 The root servers delegate TLD DNS servers.
 A TLD DNS server delegates Second Level DNS server.
etc.
Primary DNS server for a given domain – holds resource records for
the zone. The zone configuration is written by the system
administrator.
Secondary DNS server for a given domain – it exists for the case
when the Primary DNS server is failed or overloaded. The Secondary
server downloads the zone information from the Primary
periodically or by notification.
17
DNS servers (contd.)
 Every domain must have one Primary DNS server
and at least one Secondary.
The Primary and Secondary DNS servers are also
called authoritative for their domain and nonauthoritative for the rest of domains in the world. E.g.
the authoritative servers always hold up to date zone
information for the domain.
 Caching only DNS servers – they cache DNS queries
and answers for speed-up the service. These servers are
not authoritative for any domain.
Most of the authoritative DNS servers are caching too.
18
DNS query flow
1. A DNS client forms the query and sends it according the OS
configuration.
2. The local resolver opens a special file called hosts and looks in case
the answer is already written here. If not then next:
3. The client calls one of the OS configured DNS servers.
4. If the DNS server knows (or already cached) the answer, then
returns it.
5. If the DNS server doesn’t know the answer, it sends a recursive
query through the DNS hierarchy, starting from the root domain.
The recursive query consists of several sub-queries to the
corresponding DNS servers.
6. The DNS servers returns the result – the answer or error message.
19
Reverse DNS query


The reverse query uses the special
infrastructure domain in-addr.arpa
The IP is written before this special domain in
reverse order of numbers separated with dots.
– Example: 194.141.0.0 corresponds to 0.0.141.194.in-addr.arpa

The reverse query starts from a root DNS
server and follows the delegation path.
– Example in Unix/Linux:
dig 0.0.141.194.in-addr.arpa +trace
(It traces and shows the delegation path from the
root name servers down to SOA DNS server)
20
DNS protocol details
The protocol uses two transport protocols from the
lower layer:
UDP on port 53 and
TCP on port 53.
The queries and answers are transferred using the
unreliable protocol UDP for speed. But it is preferred
because the OS configured DNS servers are near,
usually in the same LAN.
The zone transfers between the DNS servers are
performed through TCP, because it must be reliable.
21
DNS protocol details (contd.)
Resource Records described
Each resource record consists of the following
data fields
( in text readable format! ):
owner type class
TTL RDATA
22
Resource Records
The data fields
owner - A string which is the domain name
where the RR is found.
type - which is an encoded 16 bit value that
specifies the type of the resource in this
resource record. Types refer to abstract
resources. Each abstract resource has memo
name:
A - a host address
CNAME - identifies the canonical name of an alias
MX - identifies a mail exchange for the domain
PTR - a pointer to another part of the domain name space
etc.
23
DNS protocol details (contd.)
Resource Records
The data fields

class - which is an encoded 16 bit value which
identifies a protocol family or instance of a protocol.
This memo uses the following classes:
IN - the Internet system or CH - the Chaos system

TTL - which is the time to live of the RR. This field is a

RDATA - which is the type and sometimes class
32 bit integer in units of seconds, an is primarily used
by resolvers when they cache RRs. The TTL describes
how long a RR can be cached before it should be
discarded.
dependent data which describes the resource.
24
Resource Records
Example
(in text readable format!)
acad.bg.
acad.bg.
IN
IN
localhost
poseidon
backbone
iris
amigo
unicom
bis-21++
3
...
IN
IN
IN
IN
NS
NS
IN
IN
IN
IN
IN
IN
IN
A
194.141.0.9
MX
10 mx-a.acad.bg.
MX
20 mx-b.acad.bg.
amigo.acad.bg.
unicom.acad.bg.
A
127.0.0.1
A
194.141.0.1
A
194.141.252.2
A
194.141.0.2
AAAA
2001:4b58:acad::3
AAAA
2001:4b58:acad::9
CNAME
unicom.acad.bg.
PTR
amigo.acad.bg.
25
DNS protocol details (contd.)
The DNS message in binary format
(RR means Resource Record)
26
DNS protocol details (contd.)
The DNS message data fields


The IDENTIFICATION field is set by the client and returned by the server.
The 16-bit PARAMETER consists of:
– 0-th bit field: 0 means the message is a query,1 means it's a response.
– 1-4 bit fields - OPCODE:
• 0000 - is a normal value (Standard query).
• 0001 - an inverse query.
• 0010 - the server status request.
– 5-th bit field - Authoritative answer. The name server is authoritative for
the domain in the question section.
– 6-th bit field is set if message truncated. With UDP this means that the
total size of the reply exceeded 512 bytes, and only the first 512 bytes
the of the reply were returned.
– 7-th bit field - Recursion Desired. This bit can be set in a query and is
then returned in the response.
– 8-th bit field - Recursion Available.
– 9-11 -th bits field has to be 0.
– 12-15 -th bits field - Return Code. 0- no error, 3- name error.
27
DNS protocol details (contd.)
The DNS message data fields



The fields labeled NUMBER OF ... give each a count of entries
in the corresponding sections in the message.
The QUESTION SECTION contains queries for which answers
are desired. The client fills in only the question section; the
server returns the question and answers with its response.
Each question has Query Domain Name followed by Query Type
and Query Class fields (as depicted in the next slides)
ANSWER,AUTHORITY,ADDITIONAL INFORMATION sections
consist of a set of resource records that describe domain names
and mappings. Each resource record describes one name (as
depicted in the next slides)
28
DNS protocol details
(contd.)
The QUESTION section format in the DNS message
The DOMAIN NAME has variable length.
Clients fill in the questions; servers return them along with the answers.
29
DNS protocol details
(contd.)
The RESOURCE RECORD binary format returned
by the DNS servers
30
DNS
Further reading

InterNIC organization - provides the public

ICANN - responsible for the global coordination of the

RFC1034, RFC1035, STD0013 - http://www.rfc-editor.org


information regarding Internet Domain Name
registration services. - http://www.internic.net
Internet's system of unique identifiers http://www.icann.org/
BIND (Berkeley Internet Name Domain) – the most popular
implementation of the DNS software http://www.isc.org/index.pl?/sw/bind/
Paul Albitz, Cricket Liu, “DNS and BIND”, 4th edition, O’REILLY
31
TELNET protocol



TELNET (TELecommunication NETwork) was developed in
1969 beginning with RFC 15 and standardized as IETF STD 8,
one of the first Internet standards.
TELNET clients have been available on most Unix systems for
many years and are available for virtually all platforms. Most
network equipment and OSs with a TCP/IP stack support some
kind of TELNET service server for their remote configuration
(including ones based on MS Windows NT and later).
Because of security issues with TELNET, it use has waned as it
is replaced by the use of SSH for remote access.
32
TELNET protocol (2)



Most often, a user will be telneting to a Unix-like
server system or a simple network device such as a
switch. Once the connection is established, he would
then log in with his account information and execute
operating system commands remotely on that
computer, such as ls or cd etc.
For testing and debugging purposes: On many
systems, the client may also be used to make
interactive raw-TCP sessions, even when that option
is not available. The sessions are equivalent to raw
TCP as long as byte 255 never appears in the data.
TELNET works on the well known TCP port 23.
33
Electronic mail


Before 1990, it was mostly used in academic area - universities and
research centers.
During the 1990s, it became known to the public at large and grew
exponentially.

The first e-mail systems simply consisted of text file transfer protocols. As
time went on, the limitations of this approach became more obvious.

Some of the complaints were as follows:
– Sending a message to a group of people was inconvenient.
– Messages had no defined internal structure.
– The sender never knew if a message arrived or not.
– Lack of "I'm temporary away" management.
– Poor user interface.
– It was not possible to create and send messages containing a mixture of text
and binary data: drawings, photos, facsimile, and voice.
34
E-mail: Architectures and services

Typically, e-mail systems support five basic functions:
– Composition refers to the process of creating messages
and answers.
– Transfer refers to moving messages from the originator
to the recipient. The e-mail system should do this
automatically, without bothering the user.
– Reporting has to do with telling the originator what
happened to the message.
– Displaying incoming messages is needed so people can
read their e-mail. Sometimes conversion is required or a
special viewer must be invoked.
– Disposition is the final step and concerns what the
recipient does with the message after receiving it.
(Delete, Replay, Forward, Save ...)
35
Electronic Mail
The User Agent
Paper mail
e-mail
36
Reading E-mail
An example of mailbox
37
Message Formats – RFC 822
38
MIME – Multipurpose Internet Mail
Extensions
The original e-mail was designed
to transfer 7-bit text (ASCII) characters only, so ...


Problems with international languages:
Languages with accents
(French, German).

Languages in non-Latin alphabets
(Hebrew, Cyrillic ...).

Languages without alphabets
(Chinese, Japanese).

Messages not containing text at all
(audio or images).
39
MIME
40
MIME – a multipart message example
41
Message Transfer example
using SMTP
Transferring a message from
[email protected] to
[email protected].
42
Final e-mail delivery
(a) Sending and reading mail when the receiver has a
permanent Internet connection and the user agent runs on
the same machine as the message transfer agent.
(b) Reading e-mail when the receiver has a dial-up connection
to an ISP.
43
Post Office Protocol (POP3)
Using POP3 to fetch three messages.
44
Internet Message Access Protocol
(IMAP. TCP port 143)
A comparison of POP3 and IMAP.
The current version of IMAP is 4 revision 1 – RFC 3501
45
File Transfer Protocol (FTP)
• File Transfer Protocol (FTP) is the standard
mechanism provided by TCP/IP for copying of any kind
of files from one host to another.
• Defined in RFC 959 (1985).
• FTP uses the services of TCP. It needs two TCP
connections.
• The well-known TCP port 21 is used for the control
connection and the well-known port 20 for the data
connection.
46
FTP operation
File transfer
47
FTP – the file transfer proccess
48
FTP – an example session
49
FTP - access commands
50
FTP – file management commands
51
FTP – data formatting commands
Port definition commands
52
FTP – file transfer commands
53
FTP – Miscellaneous commands
54
FTP – Some responses
55
Trivial FTP (TFTP)
A very simple file transfer protocol, with the functionality of a very
basic form of FTP. Defined in 1980.
TFTP uses UDP port 69 (not TCP!)
An example of TFTP usage for remote boot through BOOTP
protocol in a LAN:
56
FTP pros and cons

Advantages:
– Simple implementation
– Universal application
– Wide used and standartized

Disadvantages:
– Clear text passwords, unencrypted data.
– Multiple TCP/IP connections are used = > Firewalls problems.
– Hard to filter active mode FTP traffic on the client side by using a
firewall.
– It is possible to abuse the protocol's built-in proxy features to tell
a server to send data to an arbitrary port of a third computer; see
FXP.
– High latency.
– No integrity check on the receiver side.
57
– No date/timestamp attribute transfer.
World Wide Web
Architectural Overview
The parts of the Web model.
58
The Client Side
(a) A browser plug-in.
(b) A helper application.
59
The Server Side
A multithreaded Web server with a front end and
processing modules.
60
The Server Side (2)
A server farm.
61
The Server Side (3)
(a) Normal request-reply message sequence.
(b) Sequence when TCP handoff is used.
62
The World Wide Web - HTTP



Hypertext Transfer Protocol (HTTP) is a
communications protocol used to transfer or convey
information on intranets and the World Wide Web. Its
original purpose was to provide a way to publish and
retrieve hypertext pages, mainly scientific paper.
Created in CERN, Geneva.
Development of HTTP was coordinated by the W3C
(World Wide Web Consortium) and the IETF (Internet
Engineering Task Force), culminating in the publication
of a series of RFCs, most notably
RFC 2616 (June 1999), which defines HTTP/1.1, the
current version.
HTTP is a request/response protocol between a
client and a server. It works on the well known TCP
port 80.
63
HTTP - methods
HTTP - responses
64
HTTP - Some Message Headers
65
test.log partial
Example HTTP usage in a
content
Trying 2610:a0:c779:b::d1ad:35b4...
TELNET session:
Connected to www.ietf.org.
telnet www.ietf.org 80 >test.log
GET /rfc.html
Connection closed by foreign host.
Escape character is '^]'.
<HTML>
<head>
<TITLE>IETF RFC Page</TITLE>
<SCRIPT LANGUAGE="JavaScript">
function url() {
var x = document.form1.number.value
if (x.length == 1) {x = "000" + x }
if (x.length == 2) {x = "00" + x }
if (x.length == 3) {x = "0" + x }
document.form1.action =
"http://www.ietf.org/rfc/rfc" + x +
".txt"
document.form1.submit
}
</SCRIPT>
</head>
<!-- begin new headers and page
layout -->
<body text="#000000"
bgcolor="#ffffff" >
<center>
...
66
HTTP - Caching
Hierarchical caching with 3 proxies.
67
URLs – Uniform Resource Locaters
Some common URLs.
68
Statelessness and Cookies
Some examples:
69
HTML – HyperText Markup
Language

In 1980, physicist Tim Berners-Lee, who was
an independent contractor at CERN, proposed
and prototyped ENQUIRE, a hypertext system
for CERN researchers to use to share
documents. In 1989, Berners-Lee and CERN
data systems engineer Robert Cailliau each
submitted separate proposals for an Internetbased hypertext system providing similar
functionality. In 1990, they collaborated on a
joint proposal, the World Wide Web (W3)
project, which was accepted by CERN.
70
HTML (2)







July, 1993: a draft by IETF (that is: not a standard – yet).
November, 1995: HTML 2.0 published as IETF RFC 1866, supplemented by RFC 1867
RFC 1942 (tables) in May 1996,
RFC 1980 (client-side image maps) in August 1996, and
RFC 2070 (internationalization) in January 1997;
An HTML 3.0 standard was proposed in April 1995.
January 14, 1997: HTML 3.2, published as a W3C Recommendation.


HTML 3.2 was never submitted to the IETF
December 18, 1997: HTML 4.0, published as a W3C Recommendation. It offers three "flavors":
– Strict, in which deprecated elements are forbidden,
– Transitional, in which deprecated elements are allowed,
– Frameset, in which mostly only frame related elements are allowed;

April 24, 1998: HTML 4.0 was reissued with minor edits without incrementing the version number.

December 24, 1999: HTML 4.01, published as a W3C Recommendation. It offers the same three flavors as
HTML 4.0, and its last errata was published May 12, 2001.

HTML 4.01 and ISO/IEC 15445:2000 are the most recent and final versions of HTML.

May 15, 2000: ISO/IEC 15445:2000 ("ISO HTML", based on HTML 4.01 Strict), published as an ISO/IEC
international standard.

HTML 5 is still an Editor’s Draft, and not endorsed by W3C yet.
71
HTML (3)
(a) The HTML for a sample page. (b) The formatted page.
(b)
72
HTML (3)
A selection of common HTML tags. some can
have additional parameters (attributes).
73
HTML Tables
(a) An HTML table.
(b) A possible rendition
of this table.
74
HTML Forms
(a) The HTML for an order form.
(b) The formatted page.
75
HTML Forms (2)
A possible response from the browser to the
server with information filled in by the user.
76
XML and XSL
eXtensible Markup Language
A simple Web page in XML.
77
XML and XSL
eXtensible Stylesheet Language
A style sheet in XSL.
78
Dynamic Web Documents
Steps in processing the information from an HTML form.
79
Dynamic Web Documents (2)
A sample HTML page with embedded PHP script.
80
“Web Services”


The W3C defines a Web Service as
“A software system designed to support
interoperable Machine to Machine interaction over a
network.“
Web services are frequently just Web APIs that can be
accessed over a network, such as the Internet, and executed
on a remote system hosting the requested services.
The W3C Web Service definition encompasses many
different systems, but in common usage the term refers to
clients and servers that communicate using XML messages
that follow the SOAP (Simple Object Access Protocol)
standard. Common in both the field and the terminology is
the assumption that there is also a machine readable
description of the operations supported by the server
written in the Web Services Description Language (WSDL).
The latter is not a requirement of a SOAP endpoint, but it is
a prerequisite for automated client-side code generation in 81
the mainstream Java, .NET SOAP etc. frameworks.
Network News Transfer Protocol
(NNTP)




An Internet application protocol used primarily
for reading and posting Usenet articles (aka
netnews or simply: news), as well as
transferring news among news servers.
Created by Brian Kantor of the University of
California, San Diego.
Phil Lapsley of the University of California,
Berkeley completed RFC 977 (1986).
Originally designed around the UUCP (Unix to
Unix CoPy) network, with most article transfers
taking place over direct computer-to-computer
82
telephone links.
NNTP (2)




Because networked Internet-compatible
filesystems were not yet widely available, it was
decided to develop a new text protocol that
resembled SMTP, but was tailored for reading
newsgroups.
The well-known TCP port 119 is reserved for
NNTP. TCP port 563 is used for connectiong
through SSL (a.k.a. NNTPS).
IETF released RFC 3977 in Oct 2006, which
updates the NNTP protocol.
The IMAP protocol can also be used for
reading newsgroups.
83
An e-mail client as a News reader
84
Public News servers: http://www.dmoz.org/Computers/Usenet/Public_News_Servers
Simple Network Management Protocol
(SNMP)



Application layer protocol within the OSI model.
It uses UDP as transport.
“The protocol that specifies how a network
management station communicates with agent
software in remote devices such as routers.
SNMP defines the format of messages and their
meaning.”
- Computer Networks and Internets by
Douglas E. Comer.
85
SNMP – some history


Size and number of networks required a
standard protocol in order to communicate with
devices on the network.
1970’s - SNMPv1, the first network
management protocol.
– Originally designed as a “quick-fix” .

1988 - SNMPv2 standard designed.

2004 – SNMPv3, the current version
– RFC 3411 – RFC 3418 (also known as STD0062).
86
SNMP Technology


Exchanges network information through PDU’s.
Part of the Internet Network Management Architecture
NMS

Internet Management Model
–
–
–
–
–
–
–
–
–
Network elements
Agents
Managed objects
MIB’s (Management Information Bases)
Syntax notation
SMI (Structure of Management Info)
NMS (Network-management systems)
Parties
Management protocols
User
Interface
Network
Management
Application
SNMP
SNMP
SNMP
Agent
Agent
Agent
MIB
MIB
MIB
Managed Device
Managed Device
Managed Device
87
SNMP Operations

SNMP is a simple “request/response” protocol
which uses six operations:
–
–
–
–
–
–
Get
GetNext
GetBulk
Set
Trap
Inform
88
SNMP v1 Packet Format

SNMP v1 packets contain two parts:
– First part contains version and community name.
– Second part contains PDU.
Version
Community
SNMP PDU
PDU
Type
Request
ID
Error
Status
Error
Index
Object 1,
Value 1
Object 2,
Value 2
Object X,
Value X ...
89
SNMP v2 Packet Format

Like SNMP v1, SNMP v2 contain two parts:
– First part is called a wrapper which contains authentication,
privacy information and a context.
– Second contains a PDU with similarities to SNMP v1.
Wrapper
SNMP PDU
PDU
Type
Request
ID
Error
Status
OR
Error
Index
OR
Object 1,
Value 1
Object X,
Value X ...
90
SNMP v1 and v2
Advantages and Disadvantages

Advantages
–
–
–
–
Simple design.
Easy implementation
Wide spread usage.
Expandability.

Disadvantages
– Security holes.
– Old technology.
91
The new SNMP v3

Structure, components and architecture similar to v1 and v2.

New features include:
–
–
–
–
–
–
–

Authentication and privacy.
Authorization and access control.
Naming of entities.
People and policies.
Usernames and key management.
Notification destinations.
Remotely configurable via SNMP operations.
http://www.ietf.org/html.charters/snmpv3-charter.html
92
SNMP Conclusion




The goals: Integrated network management,
Interoperability, Standards.
Network management applications based on SNMP
rely on the standards based TCP/IP protocol to
effectively oversee large heterogeneous networks.
SNMP sits on the application layer and uses UDP
protocol to communicate with each network device.
SNMP is essential in order to effectively
maintain today’s large networks.
93
NTP - Introduction




Network Time Protocol (NTP) synchronizes clocks of hosts
and routers in the Internet.
NTP provides nominal accuracies of low tens of milliseconds on
WANs, submilliseconds on LANs, and submicroseconds using a
precision time source such as a cesium oscillator or GPS
receiver.
NTP software has been ported to almost every workstation and
server platform available today - from PCs to Crays - Unix,
Windows, VMS and embedded systems, even home routers and
battery backup systems.
The NTP architecture, protocol and algorithms have been
evolved over the last two decades to the latest NTP Version 4
software distributions.
94
Needs for precision time













Distributed database transaction journalling and logging
Stock market buy and sell orders
Secure document timestamps (with cryptographic certification)
Aviation traffic control and position reporting
Radio and TV programming launch and monitoring
Intruder detection, location and reporting
Multimedia synchronization for real-time teleconferencing
Interactive simulation event synchronization and ordering
Network monitoring, measurement and control
Early detection of failing network infrastructure devices and air
conditioning equipment
Differentiated services traffic engineering
Distributed network gaming and training
95
... and Grid computing
NTP summary






Primary (stratum 1) servers synchronize to national time
standards via radio, satellite and modem.
Secondary (stratum 2, ...) servers and clients synchronize
to primary servers via hierarchical subnet.
Clients and servers operate in master/slave, symmetric
and multicast modes with or without cryptographic
authentication.
Reliability assured by redundant servers and diverse
network paths.
Engineered algorithms reduce jitter, mitigate multiple
sources and avoid improperly operating servers.
The system clock is disciplined in time and frequency using
an adaptive algorithm responsive to network time jitter
96
and clock oscillator frequency wander.
NTP architecture overview
Peer 1
Clock Discipline
Algorithm
Filter 1
Peer 2
Filter 2
Peer 3
Filter 3
Selection
and
Clustering
Algorithms
Combining
Algorithm
P/F-Lock Loop
Timestamps
NTP Messages





Loop Filter
VFO
Multiple servers/peers provide redundancy and diversity.
Clock filters select best from a window of eight time offset
samples.
Intersection and clustering algorithms pick best truechimers and
discard falsetickers.
Combining algorithm computes weighted average of time offsets.
Loop filter and variable frequency oscillator (VFO) implement
hybrid phase/frequency-lock (P/F) feedback loop to minimize jitter
97
and wander.
NTP subnet configurations
S3
S3
S3
S2
S2
S2
S2
*
S4
Workstation
(a)
S1
S1
S1
*


S1
S1
*
S2
Clients
(c)

S3
Clients
(b)
S1
S2
*
S3
*
S2
* to buddy (S2)
(a) Workstations use multicast mode with multiple department
servers.
(b) Department servers use client/server modes with multiple
campus servers and symmetric modes with each other.
(c) Campus servers use client/server modes with up to six
different external primary servers and symmetric modes with 98
each other and external secondary (buddy) servers.
NTP - Goals and non-goals

Goals
– Provide the best accuracy under prevailing network and server
conditions.
– Resist many and varied kinds of failures, including two-face, fail-stop,
malicious attacks and implementation bugs.
– Maximize utilization of Internet diversity and redundancy.
– Automatically organize subnet topology for best accuracy and reliability.
– Self contained cryptographic authentication based on both symmetric
key and public key infrastructures and independent of external services.

Non-goals
–
–
–
–
–
Local time – this is provided by the operating system.
Access control - this is provided by firewalls and address filtering.
Privacy - all protocol values, including time values, are public.
Non-repudiation - this can be provided by a layered protocol if necessary.
Conversion of NTP timestamps to and from other time representations
and formats.
99
NTP Version 4



Current NTP v3 has been in use since 1992, with nominal
accuracy in the low milliseconds.
Modern workstations and networks are much faster today, with
attainable accuracy in the low microseconds.
NTP v4 architecture, protocol and algorithms have been
evolved to achieve this degree of accuracy.
– Improved clock models which accurately predict the time and frequency
adjustment for each synchronization source and network path.
– Engineered algorithms reduce the impact of network jitter and oscillator
wander while speeding up initial convergence.
– Redesigned clock discipline algorithm operates in frequency-lock, phaselock and hybrid modes.

The improvements, confirmed by simulation, improve accuracy
by about a factor of ten, while allowing operation at much
longer poll intervals without significant reduction in accuracy. 100
NTP v4 Autonomous System model

Fire-and-forget software
– Single software distribution can be compiled and installed automatically
on most host architectures and operating systems.
– Run-time configuration can be automatically determined and maintained
in response to changing network topology and server availability.

Optional autonomous configuration (Autoconfigure)
– Multicast survey nearby network environment to construct a list of
suitable servers.
– Select best servers from among the list using a defined metric.
– Reconfigure the subnet for best accuracy with overhead constraints.
– Periodically refresh the list in order to adapt to changing topology.

Optional autonomous authentication (Autokey)
– For each new server found, fetch and verify its cryptographic credentials.
– Authenticate each message received using engineered protocol.
101
– Regenerate keys in a timely manner to resist compromise.
An example of a busy NTP server






NTP primary (stratum 1) server rackety is a server supporting
734 clients all over the world.
This machine supports NFS, NTP, RIP, IGMP and a mess of
printers, radio clocks and an 8-port serial multiplexor
The mean input packet rate is 6.4 packets/sec, which
corresponds to a mean poll interval of 157 seconds for each
client
Each input packet generates an average of 0.64 output
packets and requires a total of 2.4 ms of CPU time for the
input/output transaction
In total, the NTP service requires 1.54% of the available CPU
time and generates 10.5, 608-bit packets per second, or 0.41%
of a T1 line
The conclusion is that even a slow machine can support
substantial numbers of clients with no significant degradation
on other network services.
102
Precision timekeeping equipment
(prior to 2000)
Austron 2200A GPS Receiver
Austron 2000 LORAN-C Receiver
Spectracom 8170 WWVB Reciver
Hewlett Packard 5061A Cesium Beam
Frequency Standard
NTP primary time server rackety
103
Squeezing the nanoseconds


This shows the residual error measured between the Austron
2201 GPS receiver and the HP 5061A cesium clock
The GPS receiver is stabilized using the LORAN-C receiver,
which improves its accuracy to about 50 ns, in spite of the
intentional degradation introduced in the GPS signal available to
104
the public
NTP resources



NTP home: http://www.ntp.org
NTP v3 Specification RFC 1305
Simple NTP (SNTP) v4 specification RFC 2030
– Applicable to IPv4, IPv6 and ISO CNLS

List of public NTP time servers (as of Dec 2007)
– 177 active primary (stratum 1) servers
– 278 active stratum 2 servers

pool.ntp.org – A a big virtual cluster of timeservers striving to
provide reliable easy to use NTP service for millions ofclients
105
without putting a strain on the big popular timeservers.
Miscellaneous Application Protocols



Remote Procedure Call (RPC) is a technology that
allows a computer program to cause a subroutine or
procedure to execute in another address space
(commonly on another computer on a shared
network) without the programmer explicitly coding the
details for this remote interaction. RPC may be
referred to as remote invocation or remote method
invocation (RMI).
Strictly said: RPC is a part of the OSI Session layer.
Many different (!) implementations of RPC: ONC RPC,
DCE/RPC, MSRPC etc.
106


Miscellaneous Application Protocols (2)
Network File System (NFS) – a protocol for
sharing files and directories for access over a
network. It is based on RPC. Developed by Sun
Microsystems, 1984. The current version is 4
(RFC 3530)
Common features:
– Several security mechanisms
– the COMPOUND procedure
– Filesystem Replication and Migration
– File OPEN and CLOSE (net)operations
– File locking
– Client Caching and Delegation
107
Related documents
presentation
presentation
Chapter 5 : The Internet: Addressing & Services
Chapter 5 : The Internet: Addressing & Services
Application Layer
Application Layer
The Internet and the World Wide Web Basics
The Internet and the World Wide Web Basics
No Slide Title
No Slide Title
Slide 1
Slide 1
Chapter 23 - William Stallings, Data and Computer
Chapter 23 - William Stallings, Data and Computer
Midterm Review - UTK-EECS
Midterm Review - UTK-EECS
DNS
DNS
Application Layer - Teknik Elektro UGM
Application Layer - Teknik Elektro UGM