Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Application Layer and its Services Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de
Internet Protocol Stack Application layer: supports network applications HTTP, FTP, DNS Transport layer: transporting messages between client and server TCP, UDP Network layer: routing and delivering of datagrams IP, routing protocols Link layer: data transfer between neighbouring network nodes Ethernet, PPP Physical layer: Bits on the wire Application layer Transport layer Network layer Link layer Physical layer 2
Application Layer The goal today: Conception and implementation of application protocols Transport layer service model Client-server paradigm Learn about application protocols by studying popular application-level protocols like: HTTP FTP TELNET DNS 3
Application Layer: Application & Protocols Application user space process on end systems Communicating processes : Through inter process communication (IPC) if they are on the same computer Through application protocol if they are on different nodes Application protocols Part of the application Define the exchange of messages between applications Services needed by the application are provided by lower layer protocols 4
An Application Protocol Defines... all the rules, managing communication between nodes: Message types, like request & response messages Syntax (data formats and their encoding into the message frame) Semantic of messages and their fields e.g. their information Protocol timing: when and how processes send and answer to messages Public-domain Protocols: Defined in RFCs Through them interoperability possible Example: HTTP, SMTP Proprietary protocols: Example: KaZaA 5
Client-Server Paradigm A typical network application consists of two parts: Client Starts contact to Server demands services Examples: Email Reader, Web Browser application transport network data link physical request Server Provides services to the client Example: Mail Server delivers emails to the client, a Web Server sends requested web pages reply application transport network data link physical 6
Communicating Processes Process sends and receives protocol messages from its socket Socket layer is an interface between application layer and transport layer (ISO/OSI) Is also called API (Application Programming Interface): Transport protocol can be chosen Parameter of transport protocol can be set like buffer size Controlled by application engineer Controlled by OS Process socket TCP with buffers, variables Internet Process socket TCP with buffers, variables Client Server 7
Process Addressing Address consists of two parts: Name or IP-address of the destination (unique identifier) Process identifier to specify the destination process Allocation of Ports Examples: HTTP server: 80 Mail server: 25 Example: http://www.tu-dresden.de resolves to 141.30.61.152:80 You can use Telnet to use almost every Internet protocol 8
World Wide Web Web page consists of Objects like: HTML file, JPEG image, Java applet, audio file, Web page contains a basic HTML-file, which references other objects Every object is addressed by an URI (Uniform Resource Identifier) : Example URL (Uniform Resource Locator): URL: http://www.whatis.com/bluelaser.htm URI URL URN Address File Service (ftp, etc) = string identifying a resource = URI + description of primary access mechanism = Uniform Resource Name, URI identifying a resource by name in a particular namespace (e.g. ISBN ID) 9
A Short HTTP Overview (I) HTTP: hypertext transfer protocol Application protocol of the Web Client/Server Model client: Browser, which requests, receives and displays Web objects server: Web server, which sends requested objects HTTP 1.0: RFC 1945, 1996 HTTP 1.1: RFC 2068 Client: PC with Explorer Client: Mac with Navigator http request http response http request http response Web-Server 10
A Short HTTP Overview (II) uses TCP (Port 80) Two message types: request and response (sent in ASCII format) Performed operations: Options, Get, Head, Post, Put, Delete, etc. request line (GET, POST, HEAD) header lines GET /somedir/page.html HTTP/1.0 Host: somehost.com User-agent: Mozilla/4.0 Accept: text/html, image/gif,image/jpeg Accept-language:de Carriage return, line feed end of message (extra carriage return, line feed) 11
HTTP Response Status Codes Performed codes: protocol status code data, e.g., requested html file header 1xx (informative sense e.g. request received) 2xx (success) 3xx (redirection, other actions necessary) 4xx (client Error, bad syntax) 5xx (server Error, server failed) HTTP/1.0 200 OK Date: Thu, 06 Aug 1998 12:00:15 GMT Server: Apache/1.3.0 (Unix) Last-Modified: Mon, 22 Jun 1998... Content-Length: 6821 Content-Type: text/html data data data data data... 12
Cookies: State Information HTTP: stateless protocol (but cookies) Server sends cookie to client as a response message Set-cookie: 1678453 Client sends/uses cookie in following requests cookie: 1678453 Server compares sent cookies with serversided cookies Authentification User actions client usual http request msg usual http response + Set-cookie: # usual http request msg cookie: # usual http response msg usual http request msg cookie: # usual http response msg server cookiespecific action cookiespecific action 13
The Web-Alphabet Soup VRML HTML XML SVG Dynamic HTML SOAP UDDI XMLP XHTML Static HTML TCP/IP HTTP RMI WSDL XSL XML-RPC CSS 14
Web-Development TCP/IP Technology Connectivity FTP, E-mail, Gopher Innovation HTML Presentation XML Programmability no Web Web Pages Web Services Browse Web Web programming 15
Static Web Documents Data, which can be requested HTML (Hyper Text Markup Language) Common description for documents, especially formats Markup: text contains typographic elements first standard: RFC 1866 HTML 2.0, 1995 HTML 3.0 supports tables, RFC 1942, 1996 HTML supports images, RFC 1980, 1996 HTML 4.0: embedding of arbitrary objects and script languages Introduction of CSS (Cascading Style Sheets) Easy formatting; Definition of logical tags like strong (bold), blue etc. at the beginning of a page; easy and fast changing of style formats Increased separation of data and presentation (format) (e.g. search engines) 16
XML and XSL Searching HTML-documents wasteful, whole document has to be processed W3C developed in 1998: extensible Markup Language (XML) for description of Web Content extensible Style Language (XSL) for description of styles independent of content data XML compromise: SGML and HTML Description of data structures and documents Generic, stringent Syntax Also for application-to-application communication e.g. by using of SOAP (Simple Object Access Protocol) XHTML as new HTML 5 Web Standard <img src= bild01.jpeg height= 400 /> 17
Dynamic Web Documents Server-sided dynamic processing CGI (Common Gateway Interface) Common interface / communication between web server and backend programs or scripts Accepting input, answering HTML content in response PHP (Hypertext Pre-processor) In HTML content embedded scripts, executed by server, producing HTML in response JSP (Java Server Pages); similar to PHP ASP (Active Server Pages); Microsoft derivate User Web client HTTP Web server Browser shows HTMLpage CGIscript Database 18
Dynamic Web Documents Client-sided dynamic processing: programs/scripts, embedded in HTML pages, executed on client side: JavaScript Interaction between user and client host Applets Java-programs, executed through JVM-able (Java Virtual Machine) browser ActiveX Microsoft, hardware statements User Browser shows HTMLpage Java script Locale file system Web server 19
Web Services What are web services: Standards for Interfaces between applications and content services in the Internet New: a web service may request another, using its functions, like system intern modules Based on new standards of the W3C: XML (data description), SOAP (data transfer), WDSL (Web Service Description Language), UDDI (Universal Description, Discovery and Integration; central register) Why web services: interaction of application much more easier Changing of client-server to peer-to-peer web application Examples: Authentification: e.g. Microsoft Passport. E-Government (web forms) Online shops 20
Web Service Components Service Requestor: Request central UDDI directory service (Broker) for service needed Receives document in WSDL format, containing address and statement instruction of service Service request to Provider. Service Broker: Provides service (& descriptions). Service Provider: Provides availability of service with help of a registry provides E-Business service Publish (UDDI) Service Broker Service Provider Find (WSDL) Bind (SOAP) Service Requestor Web service model using SOAP 21
FTP File Transfer Protocol user at host FTP user interface FTP client local file system file transfer FTP server remote file system Transfers data from/to destination host Client/Server model: Client requests transfer Server (destination host) ftp: RFC 959 ftp server: port 21 22
FTP File Transfer Protocol Connection for controlling and data control information are transmitted out of band stateful protocol, in opposite to HTTP: Server manages state of connection: actual directory, authentification FTP Client TCP control connection port 21 TCP data connection port 20 FTP Server FTP statements are transmitted over control connection in ASCII: USER username: Identification for server PASS password: Sends Password to server LIST: request Server to send file list of an actual directory RETR filename: (retrieve) get Data STOR filename: (store) put Data 23
Remote terminal TELNET and telnet TELNET is an application protocol, using TCP (port 23) Data und control information use one channel In-band signalling - Byte 0xff means the following is a statement - If symbol 0xff needs to be sent, it must be sent twice telnet is a client/server application using TELNET: Interchange of connection contexts first (e.g. terminal type, transmission speed etc.) Client sends one to one via TCP Socket, displays information received by socket For testing of various TCP server (ASCII-based protocols) Example: telnet <server_name> 25 220 reply from server (ok) Statement: HELLO, MAIL FROM, RCPT TO, DATA, QUIT (Sending an Email without using an Email Reader) 24
Remote Terminal telnet and SSH Username and password have to be added to a request Username and password have to be valid on this server Username and password are transmitted in plaintext (not encrypted) (telnet, ftp, rsh, etc). telnet: insufficient security: Using SSH: authentification and encrypted transmission when using insecure connections Secure Shell (SSH): login to a destination host to execute statements, transfer data etc. SSH as a replacement for: telnet, rlogin, rsh und ftp 25
DNS Domain Name Service IP-addresses are used by router and end systems, addressing of datagrams Assignment of names to addresses: -> more intuitive (IPv6 address) DNS-parts: Distributed databases, Hierarchic order of lots of DNS-server Application protocol End user, router and name server use DNS protocol for name resolution and vice versa DNS uses UDP as transport protocol http://www.ietf.org/rfc/rfc1034.txt http://www.ietf.org/rfc/rfc1035.txt 26
DNS Domain Name Service Hierarchic structure of DNS www.cse.ogi.edu root org net edu com uk de gwu ucb ogi bu mit cse ece www 27
DNS Domain Name Service A DNS server never manages all name- address- allocations -> authoritative NS manages only a part of that database, called zone Zones = neighboured name spaces Zones emerge by the deputation of sub domains Every zone has a primary (manual update) und secondary NS ( automatic update) Root NS knows name server of its sub domains DNS hierarchic address resolution Every host has a reference to locale NS Every locale NS knows Root Name Server Root NS (Zone 1) references sub-level Name Server (Zone 2), Sub-level NS references lower sub-level NS (Zone 3),, till NS found, responsible for unknown address 28
TLD and Authoritative Servers Top-level domain (TLD) servers: responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp. Network solutions maintains servers for com TLD Educause for edu TLD Authoritative DNS servers: organization s DNS servers, providing authoritative hostname to IP mappings for organization s servers (e.g., Web and mail). Can be maintained by organization or service provider 29
DNS: Root Name Server 13 Root Name Server worldwide 1 NSI Herndon, VA 2 PSInet Herndon, VA 3 U Maryland College Park, MD 4 DISA Vienna, VA 5 ARL Aberdeen, MD 6 NSI (TBD) Herndon, VA 7 RIPE London 8 NORDUnet Stockholm 9 WIDE Tokyo 10 NASA Mt View, CA 11 Internet Software C. Palo Alto, CA 12 USC-ISI Marina del Rey, CA 13 ICANN Marina del Rey, CA 30
DNS Domain Name Service Root NS: Has not to know authoritative NS But knows intermediate name server: who has to be contacted for resolving the address? Fault-tolerance: several Root NS Example: surf.eurecom.fr requests connection to gaia.cs.umass.edu Contact locale DNS Server locale DNS contacts root NS Root contacts authoritative NS (or NS of higher level) local NS dns.eurecom.fr 1 2 8 3 Request surf.eurecom.fr 4 7 root NS intermediate NS dns.umass.edu 5 6 authoritative NS dns.cs.umass.edu gaia.cs.umass.edu 31
DNS: caching and updating records once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after some time TLD servers typically cached in local name servers Thus root name servers not often visited update/notify mechanisms under design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html 32
DNS Name Server Data Base DB contains four-tuples called Resource Records (RR) RR format: (name, value, type, ttl) RR types: type=a Name the hostname Value its IP address type=ns Name Domain name (e.g. foo.com) Value IP address of authoritative NS of that domain type=cname Name an alias for the original name Value the original name type=mx Value name of mail server for given name 33
DNS Critics DNS is very important, therefore also a good target for a attacker. Cache Poisoning Uses UDP for requests (RFC 2136: UDP and TCP) because of smaller overhead -> faster Trustiness TCP Has only one validation field: 16bit ID-field Very easy Spoofing RRs are not protected in zone files 34
DNSsec (RFC 2535) Easy Conceptions: Publik key encryption based Every DNS-Zone has a pair of cryptographic keys (private/public) DNS server sends information signed with the private key of its zone. DNSsec-services: Verificated source of data Trusted distribution of public keys Requests and transmissions are authenticated New RR Entries: KEY: public key SIG: Signature for RR entry 35
Summary First insight in network applications Client-Server paradigm Specific protocols: HTTP, FTP, TELNET, DNS Complexity at the network edge! Security is a major issue with traditional services and protocols Coming next: Content Distribution and P2P networks 36