Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download 3rd Edition: Chapter 1
Document related concepts
Computer security wikipedia , lookup
Distributed firewall wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Computer network wikipedia , lookup
Network tap wikipedia , lookup
Wireless security wikipedia , lookup
TV Everywhere wikipedia , lookup
Net neutrality wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Deep packet inspection wikipedia , lookup
Transcript
Unix Servers Used in This Class Two Unix servers set up in CS department will be used for some programming projects Machine name: • eustis.eecs.ucf.edu • eustis2.eecs.ucf.edu You can connect to them only in campus network • If outside, set up VPN to campus network first • Read the following webpage to learn how to setup VPN • http://www.cst.ucf.edu/about/telecommunications/ne twork-services/vpn/ Introduction 1-1 Need to use SSH to remote login SSH free software (many many others): • Command shell client: PuTTY http://www.putty.org/ • File transfer: WinSCP (for windows) http://winscp.net/eng/index.php Student can log in using default password Pyymmdd (birth year, month and day). For any login problems, please email [email protected] Introduction 1-2 Basic Usage of Unix You only need to remember a few basic commands for using the Eustis machine for this class Editor: pico (or edit on your computer and upload the code to eustis) Command: • cd, mkdir, rmdir, chdir, • cp, rm, ls, man, There are many tutorials online http://www.ee.surrey.ac.uk/Teaching/Unix/ http://freeengineer.org/learnUNIXin10minutes.html Command line reference: Introduction http://www.pixelbeat.org/cmdline.html 1-3 Basic Usage of Linux You can use PuTTY to open many independent shells For the program project 1, you can run client code on one eustis machine, and the server code in another eustis machine. Introduction 1-4 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge end systems, access networks, links 1.3 Network core circuit switching, packet switching, network structure 1.4 Delay, loss and throughput in packet-switched networks 1.5 Protocol layers, service models 1.6 Networks under attack: security 1.7 History Introduction 1-5 The Network Core mesh of interconnected routers the fundamental question: how is data transferred through net? circuit switching: dedicated circuit per call: telephone net packet-switching: data sent thru net in discrete “chunks” Introduction 1-6 Alternative core: circuit switching end-end resources allocated to, reserved for “call” between source & dest: In diagram, each link has four circuits. call gets 2nd circuit in top link and 1st circuit in right link. dedicated resources: no sharing circuit-like (guaranteed) performance circuit segment idle if not used by call (no sharing) Commonly used in traditional telephone networks Introduction 1-7 Network Core: Circuit Switching network resources (e.g., bandwidth) divided into “pieces” pieces allocated to calls resource piece idle if dividing link bandwidth into “pieces” frequency division time division not used by owning call (no sharing) Introduction 1-8 Circuit Switching: FDM and TDM Example: FDM 4 users frequency TDM (GSM uses this) time frequency time TDMA: Time Division Multiplexing Access Introduction 1-9 Numerical example How long does it take to send a file of 640,000 bits from host A to host B over a circuit-switched network? All links are 1.536 Mbps Each link uses TDM with 24 slots/sec 500 msec to establish end-to-end circuit Let’s work it out! Introduction 1-10 Network Core: Packet Switching each end-end data stream divided into packets user A, B packets share network resources each packet uses full link bandwidth resources used as needed Bandwidth division into “pieces” Dedicated allocation Resource reservation C A B D Introduction 1-11 Network Core: Packet Switching resource contention: aggregate resource demand can exceed amount available congestion: packets queue, wait for link use store and forward: packets move one hop at a time Node receives complete packet before forwarding C A B D Introduction 1-12 Packet-switching: store-and-forward L bits per packet source 3 2 1 R bps takes L/R seconds to transmit (push out) L-bit packet into link at R bps store and forward: entire packet must arrive at router before it can be transmitted on next link end-end delay = 2L/R (assuming zero propagation delay) R bps destination one-hop numerical example: L = 7.5 Mbits R = 1.5 Mbps one-hop transmission delay = 5 sec more on delay shortly … Introduction 1-13 Packet Switching: Statistical Multiplexing 10 Mb/s Ethernet A B statistical multiplexing C 1.5 Mb/s queue of packets waiting for output link D E Sequence of A & B packets does not have fixed pattern, shared on demand statistical multiplexing. Introduction 1-14 Two key network-core functions routing: determines source- destination route taken by packets routing algorithms forwarding: move packets from router’s input to appropriate router output routing algorithm local forwarding table header value 0100 0101 0111 1001 output link 1 3 2 2 1 3 2 dest address in arriving packet’s header Network Layer 4-15 Packet switching versus circuit switching packet switching allows more users to use network! example: 1 Mb/s link each user: • • 100 kb/s when “active” active 10% of time 1 Mbps link circuit-switching: N users 10 users packet switching: with 35 users, probability > 10 active at same time is less than .0004 * Q: how did we get value 0.0004? Q: what happens if > 35 users ? * Check out the online interactive exercises for more examples Introduction 1-16 Packet switching versus circuit switching Is packet switching a “slam dunk winner?” Great for bursty data resource sharing simpler, no call setup Excessive congestion: packet delay and loss protocols needed for reliable data transfer, congestion control Q: How to provide circuit-like behavior? bandwidth guarantees needed for audio/video apps QoS – Quality of Service still an unsolved problem (chapter 7) Introduction 1-17 Internet structure: network of networks End systems connect to Internet via access ISPs (Internet Service Providers) Residential, company and university ISPs Access ISPs in turn must be interconnected. So that any two hosts can send packets to each other Resulting network of networks is very complex Evolution was driven by economics and national policies Let’s take a stepwise approach to describe current Internet structure Internet structure: network of networks Question: given millions of access ISPs, how to connect them together? access net access net access net access net access net access net access net access net access net access net access net access net access net access net access net access net Internet structure: network of networks Option: connect each access ISP to every other access ISP? access net access net access net access net access net access net access net connecting each access ISP to each other directly doesn’t scale: O(N2) connections. access net access net access net access net access net access net access net access net access net Internet structure: network of networks Option: connect each access ISP to a global transit ISP? Customer and provider ISPs have economic agreement. access net access net access net access net access net access net access net global ISP access net access net access net access net access net access net access net access net access net Internet structure: network of networks But if one global ISP is viable business, there will be competitors …. access net access net access net access net access net access net access net ISP A access net access net access net ISP B ISP C access net access net access net access net access net access net Internet structure: network of networks But if one global ISP is viable business, there will be competitors …. which must be interconnected Internet exchange point access net access net access net access net access net IXP access net ISP A IXP access net access net access net access net ISP B ISP C access net peering link access net access net access net access net access net Internet structure: network of networks … and regional networks may arise to connect access nets to ISPs access net access net access net access net access net IXP access net ISP A IXP access net access net access net access net ISP B ISP C access net access net regional net access net access net access net access net Internet structure: network of networks … and content provider networks (e.g., Google, Microsoft, Akamai ) may run their own network, to bring services, content close to end users access net access net access net access net access net IXP access net ISP A access net Content provider network IXP access net access net access net ISP B ISP B access net access net regional net access net access net access net access net Internet structure: network of networks Tier 1 ISP Tier 1 ISP IXP IXP Regional ISP access ISP access ISP Google access ISP access ISP IXP Regional ISP access ISP access ISP access ISP access ISP at center: small # of well-connected large networks “tier-1” commercial ISPs (e.g., Level 3, Sprint, AT&T, NTT), national & international coverage content provider network (e.g, Google): private network that connects its data centers to Internet, often bypassing tier-1, regional ISPs Introduction 1-26 Tier-1 ISP: e.g., Sprint POP: point-of-presence to/from backbone peering … … … … … to/from customers Introduction 1-27 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge end systems, access networks, links 1.3 Network core circuit switching, packet switching, network structure 1.4 Delay, loss and throughput in packet-switched networks 1.5 Protocol layers, service models 1.6 Networks under attack: security 1.7 History Introduction 1-28 How do loss and delay occur? packets queue in router buffers packet arrival rate to link exceeds output link capacity packets queue, wait for turn packet being transmitted (delay) A B packets queueing (delay) free (available) buffers: arriving packets dropped (loss) if no free buffers Introduction 1-29 Four sources of packet delay 1. nodal processing: check bit errors determine output link 2. queueing time waiting at output link for transmission depends on congestion level of router transmission A propagation B nodal processing queueing Introduction 1-30 Delay in packet-switched networks 3. Transmission delay: R=link bandwidth (bps) L=packet length (bits) time to send bits into link = L/R transmission A 4. Propagation delay: d = length of physical link s = propagation speed in medium (~2-3x108 m/sec) propagation delay = d/s Note: s and R are very different quantities! propagation B nodal processing queueing Introduction 1-31 Nodal delay d nodal d proc d queue d trans d prop dproc = processing delay typically a few microsecs or less dqueue = queuing delay depends on congestion dtrans = transmission delay = L/R, significant for low-speed links dprop = propagation delay a few microsecs to hundreds of msecs Introduction 1-32 R: link bandwidth (bps) L: packet length (bits) a: average packet arrival rate average queueing delay Queueing delay (revisited) traffic intensity = La/R La/R ~ 0: avg. queueing delay small La/R 1: avg. queueing delay large La/R > 1: more “work” arriving than can be serviced, average delay infinite! * Check out the Java applet for an interactive animation on queuing and loss La/R ~ 0 La/R 1 Introduction 1-33 “Real” Internet delays and routes What do “real” Internet delay & loss look like? Traceroute program: provides delay measurement from source to router along end-end Internet path towards destination. For all i: sends three packets that will reach router i on path towards destination router i will return packets to sender sender times interval between transmission and reply. 3 probes 3 probes 3 probes Introduction 1-34 “Real” Internet delays and routes traceroute: gaia.cs.umass.edu to www.eurecom.fr Three delay measurements from gaia.cs.umass.edu to cs-gw.cs.umass.edu 1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms 2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms 3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms 4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms 5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms 7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms trans-oceanic 8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms link 9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms 10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms 11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms 12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms 13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms 14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms 15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms 16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms 17 * * * * means no response (probe lost, router not replying) 18 * * * 19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms Under Windows is “tracert” Introduction 1-35 Traceroute from My Home Computer (last year) Introduction 1-36 Traceroute from My Home Computer (another time) Introduction 1-37 Introduction 1-38 Online Traceroute Tools Because UCF campus network blocks all ICMP packets, you need an outside machine to try it. Try on http://tools.pingdom.com/ping/ Try from different countries from www.traceroute.org Check traceroute virtual path at: • http://traceroute.monitis.com/ and • http://www.yougetsignal.com/tools/visual-tracert/ Introduction 1-39 Packet loss queue (aka buffer) preceding link in buffer has finite capacity when packet arrives to full queue, packet is dropped (aka lost) lost packet may be retransmitted by previous node, by source end system, or not retransmitted at all (UDP) buffer (waiting area) A B packet being transmitted packet arriving to full buffer is lost Introduction 1-40 Throughput throughput: rate (bits/time unit) at which bits transferred between sender/receiver instantaneous: rate at given point in time average: rate over long(er) period of time link capacity that can carry server, with server sends bits pipe Rs bits/sec fluid at rate file of F bits (fluid) into pipe Rs bits/sec) to send to client link that capacity pipe can carry Rfluid c bits/sec at rate Rc bits/sec) Introduction 1-41 Throughput (more) Rs < Rc What is average end-end throughput? Rs bits/sec Rc bits/sec Rs > Rc What is average end-end throughput? Rs bits/sec Rc bits/sec bottleneck link link on end-end path that constrains end-end throughput Introduction 1-42 Throughput: Internet scenario per-connection end-end throughput: min(Rc,Rs,R/10) in practice: Rc or Rs is often bottleneck Rs Rs Rs R Rc Rc Rc 10 connections (fairly) share backbone bottleneck link R bits/sec Introduction 1-43 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge end systems, access networks, links 1.3 Network core circuit switching, packet switching, network structure 1.4 Delay, loss and throughput in packet-switched networks 1.5 Protocol layers, service models 1.6 Networks under attack: security 1.7 History Introduction 1-44 Protocol “Layers” Networks are complex! many “pieces”: hosts routers links of various media applications protocols hardware, software Question: Is there any hope of organizing structure of network? Or at least our discussion of networks? Introduction 1-45 Organization of air travel ticket (purchase) ticket (complain) baggage (check) baggage (claim) gates (load) gates (unload) runway takeoff runway landing airplane routing airplane routing airplane routing a series of steps Introduction 1-46 Layering of airline functionality ticket (purchase) ticket (complain) ticket baggage (check) baggage (claim baggage gates (load) gates (unload) gate runway (takeoff) runway (land) takeoff/landing airplane routing airplane routing airplane routing departure airport airplane routing airplane routing intermediate air-traffic control centers arrival airport Layers: each layer implements a service via its own internal-layer actions relying on services provided by layer below Introduction 1-47 Why layering? Dealing with complex systems: explicit structure allows identification, relationship of complex system’s pieces layered reference model for discussion modularization eases maintenance, updating of system change of implementation of layer’s service transparent to rest of system e.g., change in gate procedure doesn’t affect rest of system layering considered harmful? Duplicate functions Introduction 1-48 Internet protocol stack application: supporting network applications FTP, SMTP, STTP application transport: host-host data transfer TCP, UDP transport network: routing of datagrams from network source to destination IP, routing protocols link: data transfer between neighboring network elements link physical PPP, Ethernet physical: bits “on the wire” Introduction 1-49 ISO/OSI reference model presentation: allow applications to interpret meaning of data, e.g., encryption, compression, machinespecific conventions session: synchronization, checkpointing, recovery of data exchange Internet stack “missing” these layers! these services, if needed, must be implemented in application needed? application presentation session transport network link physical Introduction 1-50 source message segment Ht datagram Hn Ht frame Hl Hn Ht M M M M Encapsulation application transport network link physical Hl Hn Ht M link physical Hl Hn Ht M switch destination M Ht M Hn Ht Hl Hn Ht M M application transport network link physical Hn Ht Hl Hn Ht M M network link physical Hn Ht Hl Hn Ht M M router Introduction 1-51 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge end systems, access networks, links 1.3 Network core circuit switching, packet switching, network structure 1.4 Delay, loss and throughput in packet-switched networks 1.5 Protocol layers, service models 1.6 Networks under attack: security 1.7 History Introduction 1-52 Network Security attacks on Internet infrastructure: infecting/attacking hosts: malware, spyware, worms, unauthorized access (data stealing, user accounts) denial of service: deny access to resources (servers, link bandwidth) Internet not originally designed with (much) security in mind original vision: “a group of mutually trusting users attached to a transparent network” Internet protocol designers playing “catch-up” Security considerations in all layers! Introduction 1-53 What can bad guys do: malware? Spyware: Worm: infection by downloading infection by passively web page with spyware receiving object that gets itself executed records keystrokes, web sites visited, upload info self- replicating: propagates to collection site to other hosts, users Virus infection by receiving object (e.g., e-mail attachment), actively executing self-replicating: propagate itself to other hosts, users Sapphire Worm: aggregate scans/sec in first 5 minutes of outbreak (CAIDA, UWisc data) Introduction 1-54 Denial of service attacks attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resource with bogus traffic 1. select target 2. break into hosts around the network (see malware) 3. send packets toward target from compromised hosts target Introduction 1-55 Sniff, modify, delete your packets Packet sniffing: broadcast media (shared Ethernet, wireless) promiscuous network interface reads/records all packets (e.g., including passwords!) passing by C A src:B dest:A payload B Ethereal software used for end-of-chapter labs is a (free) packet-sniffer more on modification, deletion later Introduction 1-56 Masquerade as you IP spoofing: send packet with false source address C A src:B dest:A payload B Introduction 1-57 Masquerade as you IP spoofing: send packet with false source address record-and-playback: sniff sensitive info (e.g., password), and use later password holder is that user from system point of view A C src:B dest:A user: B; password: foo B Introduction 1-58 Masquerade as you IP spoofing: send packet with false source address record-and-playback: sniff sensitive info (e.g., password), and use later password holder is that user from system point of view later ….. C A src:B dest:A user: B; password: foo B Introduction 1-59 Network Security more throughout this course chapter 8: focus on security cryptographic techniques Introduction 1-60 Chapter 1: roadmap 1.1 What is the Internet? 1.2 Network edge end systems, access networks, links 1.3 Network core circuit switching, packet switching, network structure 1.4 Delay, loss and throughput in packet-switched networks 1.5 Protocol layers, service models 1.6 Networks under attack: security 1.7 History Introduction 1-61 Internet history 1961-1972: Early packet-switching principles 1961: Kleinrock - queueing theory shows effectiveness of packetswitching 1964: Baran - packetswitching in military nets 1967: ARPAnet conceived by Advanced Research Projects Agency 1969: first ARPAnet node operational 1972: ARPAnet public demo NCP (Network Control Protocol) first host-host protocol first e-mail program ARPAnet has 15 nodes Introduction 1-62 Internet history 1972-1980: Internetworking, new and proprietary nets 1970: ALOHAnet satellite network in Hawaii 1974: Cerf and Kahn architecture for interconnecting networks 1976: Ethernet at Xerox PARC late70’s: proprietary architectures: DECnet, SNA, XNA late 70’s: switching fixed length packets (ATM precursor) 1979: ARPAnet has 200 nodes Cerf and Kahn’s internetworking principles: minimalism, autonomy - no internal changes required to interconnect networks best effort service model stateless routers decentralized control define today’s Internet architecture Introduction 1-63 Internet history 1980-1990: new protocols, a proliferation of networks 1983: deployment of TCP/IP 1982: smtp e-mail protocol defined 1983: DNS defined for name-to-IPaddress translation 1985: ftp protocol defined 1988: TCP congestion control new national networks: Csnet, BITnet, NSFnet, Minitel 100,000 hosts connected to confederation of networks Introduction 1-64 Internet history 1990, 2000’s: commercialization, the Web, new apps early 1990’s: ARPAnet decommissioned 1991: NSF lifts restrictions on commercial use of NSFnet (decommissioned, 1995) early 1990s: Web hypertext [Bush 1945, Nelson 1960’s] HTML, HTTP: Berners-Lee 1994: Mosaic, later Netscape late 1990’s: commercialization late 1990’s – 2000’s: more killer apps: instant messaging, P2P file sharing network security to forefront est. 50 million host, 100 million+ users backbone links running at Gbps of the Web Introduction 1-65 Internet history 2005-present ~750 million hosts Smartphones and tablets Aggressive deployment of broadband access Increasing ubiquity of high-speed wireless access Emergence of online social networks: Facebook: soon one billion users Service providers (Google, Microsoft) create their own networks Bypass Internet, providing “instantaneous” access to search, emai, etc. E-commerce, universities, enterprises running their services in “cloud” (eg, Amazon EC2) Introduction 1-66 Introduction: Summary Covered a lot of material! Internet overview what’s a protocol? network edge, core, access network packet-switching versus circuit-switching Internet structure performance: loss, delay, throughput layering, service models security history You now have: context, overview, “feel” of networking more depth, detail to follow! Introduction 1-67
