CS 3640: Introduction to Networks and Their Applications

Transcription

1 CS 3640: Introduction to Networks and Their Applications Fall 2018, Lecture 18: The Application Layer II (Credit: Christo NEU) Instructor: Rishab Nithyanand Teaching Assistant: Md. Kowsar Hossain 1

2 You should Be working on Assignment 3: Network layer addressing and BGP Due tomorrow at 11:59 pm! Get ready for the mid-term In class on Tuesday, October 23 rd. Know and understand: The three Internet design principles and components of the Internet. Circuit- vs. packet- switched networks. Components of end-to-end delay. The link layer: error detection, MAC, local addressing/routing. The network layer: addressing, fragmentation, IPv4 vs. IPv6, Ases, Interdomain and Intradomain routing. The transport layer: core functionality, TCP vs. UDP, flow control vs. congestion control, TCP fast retransmit and recovery. 2

3 This week in class 1. Intro to Distributed Systems Network Address Translation Domain Name System 3

4 The IPv4 address shortage Problem: consumer ISPs typically only give one IP address perhousehold Additional IPs cost extra More IPs may not be available Today s households have more networked devices than ever Laptops and desktops TV, blu-ray players, game consoles Tablets, smartphones, ereaders Discuss: How to get all these devices online? How should we give them IP addresses? 4

5 Working around the IPv4 address shortage Idea: create a range of private IPs that are separate from the rest of the network Use the private IPs for internal routing Use a special router to bridge the LAN and the WAN Properties of private IPs Not globally unique Usually taken from non-routable IP ranges Typical private IP ranges

6 Working around the IPv4 address shortage Private Network Private Network NAT Internet NAT

7 Network Address Translation (NAT) NAT allows hosts on a private network to communicate with the Internet Special router at the boundary of a private network Replaces internal IPs with external IP by modifying packet headers This is Network Address Translation May also replace TCP/UDP port numbers Maintains a table of active flows Outgoing packets initialize a table entry Incoming packets are rewritten based on the table 7

8 Basic NAT operation Private Network Source: :2345 Dest: :80 Internet Source: :2345 Dest: :80 Private Address Public Address : : Source: :80 Dest: :2345 Source: :80 Dest: :2345 8

9 Discuss: Advantages of NAT Allow multiple hosts to share a single public IP Allow migration between ISPs Even if the public IP address changes, you don t need to reconfigure the machines on the LAN Load balancing Forward traffic from a single public IP to multiple private hosts 9

10 Discuss: Problems with NAT Performance/scalability issues Per flow state! Modifying IP and Port numbers means NAT must recompute IP and TCP checksums Breaks the layered network abstraction Breaks end-to-end Internet connectivity *.* addresses are private Cannot be routed to on the Internet Problem is worse when both hosts are behind NATs What about IPs embedded in data payloads? 10

11 Enabling outside connectivity through NATs Discuss: How do 2 hosts behind a NAT communicate? NAT 1 NAT

12 Enabling outside connectivity through NATs The TURN (Traversal Using Relays around NAT) protocol NAT 1 NAT Please connect to me on : : : TURN Server 12

13 This week in class 1. Intro to Distributed Systems Network Address Translation Domain Name System 13

14 The Internet is for humans If you want to Call someone, you need to ask for their phone number You can t just dial R O B Y N Mail someone, you need to get their address first Discuss: What about the Internet? If you need to reach Google, you need their IP Does anyone know Google s IP? Problem: People can t remember IP addresses Need human readable names that map to IPs 14

15 DNS makes the Internet suitable for humans Addresses, e.g Computer usable labels for machines Conform to structure of the network Names, e.g. Human usable labels for machines Conform to organizational structure How do you map from one to the other? Domain Name System (DNS) 15

16 Once upon a time Before DNS, all mappings were in hosts.txt /etc/hosts on Linux C:\Windows\System32\drivers\etc\hosts on Windows Centralized, manual system Changes were submitted to SRI via Machines periodically FTP new copies of hosts.txt Administrators could pick names at their discretion my_server_will_pwn_joo_lol_kthxbye Discuss: Why did this system fall apart? Not scalable Hard to enforce uniqueness of name and resolve collisions Machines often ended up with out-of-date hosts.txt files 16

17 DNS at a high-level DNS: Domain Name System Distributed database No centralization. Work of mapping IPs domains shared by many servers. Simple client/server architecture UDP port 53, some implementations also use TCP Hierarchical namespace As opposed to original, flat namespace.com google.com mail.google.com 17

18 Domain naming hierarchy Root net edu com gov mil org uk fr etc. uiowa mit cs ece physics www login mail Top Level Domains (TLDs) are at the top Each Domain Name is a subtree.edu uiowa.edu cs.uiowa.edu Maximum tree depth: 128 Name collisions are avoided uiowa.com vs. uiowa.edu 18

19 Domain naming hierarchy Verisign Root ICANN UIowa net edu com gov mil org uk fr etc. uiowa mit cs www login mail Tree is divided into zones Each zone has an administrator Responsible for the part of the hierarchy Example: CS controls *.cs.uiowa.edu UIowa controls *.uiowa.edu Verisign controls *.edu ICANN controls.* 19

20 DNS servers Functions of each DNS server: Authority over a portion of the hierarchy No need to store all DNS names Store all the records for hosts/domains in its zone May be replicated for robustness Know the addresses of the root servers Resolve queries for unknown names Root servers know about all TLDs The buck stops at the root servers 20

21 DNS servers: Local nameservers and authoritative nameservers Where is Local nameserver Local nameserver handles queries on behalf of clients Authoritative nameservers know the zone mappings for a subset of the hierarchy toutatis.cs.uiowa.edu Root nameserver Root ns1.google.com com Authority for *google.com Authority for *.com 21

22 Basic domain name resolution Every host knows a local DNS server Sends all queries to the local DNS server If the local DNS can answer the query, then you re done Local server is also the authoritative server for that name Local server has cached the record for that name Otherwise, go down the hierarchy and search for the authoritative name server Every local DNS server knows the root servers Use cache to skip steps if possible e.g. skip the root and go directly to.edu if the root file is cached 22

23 DNS packets DNS is a UDP-based protocol on port 53 No TCP means no connections TxIDs are needed to correlate requests and responses Serves as authentication for responses ID number used to match requests and responses Query/response? Authoritative/non-authoritative response? Success/failure? TxID Flags Question Count Answer Count Authority Count Additional Record Count Question and answer data (Resource Records, variable length) How many records are there of each type in the response payload? 23

24 Iterative DNS Query Example Where is TxID: TxID: Q: 1 A: 0 Auth: 0 Addl: 0 Q: Where is asgard.ccs.neu.edu ns1.google.com Q: 1 A: 1 Auth: 0 Addl: 0 Q: Where is A TxID: Q: 1 A: 0 Auth: 1 Addl: 1 Q: Where is Auth: NS a.gtld-server.com Addl: A a.gtld-server.com Root a.gtld-server.com TxID: Q: 1 A: 0 Auth: 1 Addl: 1 Q: Where is Auth: NS ns1.google.com Addl: A ns1.google.com

25 ~] dig google.com Header info from the response The original question Answers(s) Authority information ; <<>> DiG ubuntu0.1-Ubuntu <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ;; flags: qr rd ra; QUERY: 1, ANSWER: 16, AUTHORITY: 4, ADDITIONAL: 5 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 161 IN A google.com. 161 IN A google.com. 161 IN A google.com. 161 IN A google.com. 161 IN A google.com. 161 IN A ;; AUTHORITY SECTION: google.com IN NS ns2.google.com. google.com IN NS ns1.google.com. ;; ADDITIONAL SECTION: ns2.google.com IN A ns1.google.com IN A

26 DNS Queries and Resource Records DNS queries have two fields: name and type Resource record is the response to a query Four fields: (name, value, type, TTL) There may be multiple records returned for one query What are do the name and value mean? Depends on the type of query and response 26

27 Resp. Query Resp. Query DNS Types Type = A / AAAA Name = domain name Value = IP address A is IPv4, AAAA is IPv6 Name: Type: A Name: Value: Type = NS Name = partial domain Value = name of DNS server for this domain Go send your query to this other server Name: ccs.neu.edu Type: NS Name: ccs.neu.edu Value:

28 Resp. Query Resp. Query DNS Types Type = CNAME Name = hostname Value = canonical hostname Useful for aliasing CDNs use this Type = MX Name = domain in address Value = canonical name of mail server Name: foo.mysite.com Type: CNAME Name: foo.mysite.com Value: bar.mysite.com Name: ccs.neu.edu Type: MX Name: ccs.neu.edu Value: amber.ccs.neu.edu 28

29 DNS as an indirection service Discuss: DNS gives us very powerful capabilities. What are they? Not only easier for humans to reference machines! Changing the IPs of machines becomes trivial e.g. you want to move your web server to a new host Just change the DNS record! Censorship is easier to implement. 29

30 Aliasing and load balancing One machine can have many aliases christo.blogspot.com sandi.blogspot.com *.blogspot.com One domain can map to multiple machines 30

31 DNS and Content Delivery Networks (CDNs) DNS responses may vary based on geography, ISP, etc

32 DNS delays How many of you have purchased a domain name? Did you notice that it took ~72 hours for your name to become accessible? This delay is called DNS Propagation Discuss: Why would this process fail for a new website? Root com asgard.ccs.neu.edu ns.godaddy.com 32

33 DNS caching (efficiency) vs. freshness (correctness) DNS Propagation delay is caused by caching Where is That name does not exist. asgard.ccs.neu.edu Cached Root Zone File Cached.com Zone File Cached.net Zone File Etc. Zone files may be cached for 1-72 hours Root com ns.godaddy.com 33