SCORE: A Scalable Architecture for Implementing Resource Management Algorithms in High Speed Network

1
CSCE 790Internet SecurityLecture 2TCP/IP
2
Reading Assignment

• Reading assignments for January 17
• Required
• Oppliger Ch 1. Terminology, Ch 2. TCP/IP
  Networking
• Max. Sec. Part II, Ch 4 A brief primer on
  TCP/IP
• Additional
• Internet Society (ISOC) homepage
  (http//www.isoc.org )
• Some of my slides originated from lecture notes
  of Ion Stoica (http//www.cs.berkeley.edu/istoica
  /cs268/ ) and lecture notes of Charles Severance
  (http//www.netfact.com/crs/school/cps291int/techt
  cp/ ) on networking and TCP/IP
• Reading assignments for January 22
• Required
• Oppliger Ch 3. Attacks

3
Before Internet

• Isolated, local packet-switching networks
• only nodes on the same network could communicate
• Each network is autonomous

• different services
• different interfaces
• different protocols

4
Before Internet (cont)

• ARPANET sponsored by Defense Advanced Research
  Projects
• Agency (DARPA)
• 1969 interconnected 4 hosts
• 1970 host-to-host protocol Network Control
  Protocol (NCP)
• 1972 first application e-mail

Stanford Research Institute (SRI)
Univ. of California at Santa Barbara (UCSB)
Univ. of California at LA (UCLA)
Univ. of Utah
5
Internet

• Connect Existing Networks
• ARPANET, Packet Radio, and Packet Satellite
• NCP not sufficient ?Develop new protocol
• 1970s Transmission Control Protocol (Kahn and
  Vinton)
• Based on packet switching technology
• Good for file transfer and remote terminal access
• Divide TCP into 2 protocols
• Internet Protocol (IP) addressing and forwarding
  of packets
• Transmission Control Protocol (TCP)
  sophisticated services, e.g. flow control,
  recovery
• 1980 TCP/IP adopted as a DoD standard
• 1983 ARPANET protocol officially changed from
  NCP to TCP/IP
• 1985 Existing Internet technology
• 1995 U.S. Federal Networking Council (FNC)
  define the term Internet

6
Goals (Clark88)

• Connect existing networks
• Survivability
• Support multiple types of services
• Must accommodate a variety of networks
• Allow distributed management
• Allow host attachment with a low level of effort
• Be cost effective
• Allow resource accountability

7
Internet Challenge

• Interconnected networks differ (protocols,
  interfaces, services, etc.)
• Solutions
• Reengineer and develop one global packet
  switching network standard not economically
  feasible
• Have every host implement the protocols of any
  network it wants to communicate with too
  complex, very high engineering cost
• Add an extra layer internetworking layer
• Hosts one higher-level protocol
• Network connecting use the same protocol
• Interface between the new protocol and network

8
Layering

• Organize a network system into logically
  distinct entities
• the service provided by one entity is based only
  on the service provided by the lower level entity

9
Without Layering
FTP
HTTP
SMTP
Application
Coaxial cable
Fiber optic
Transmission Media

• Each application has to be implemented for every
  network technology!

10
With Layering

• Intermediate layer provides a unique abstraction
  for various network technologies

FTP
SMTP
Application
Intermediate layer
Coaxial cable
Fiber optic
Transmission Media
11
Layering

• Advantages
• Modularity protocols easier to manage and
  maintain
• Abstract functionality lower layers can be
  changed without affecting the upper layers
• Reuse upper layers can reuse the functionality
  provided by lower layers
• Disadvantages
• Information hiding inefficient implementations

12
ISO OSI Reference Model

• ISO International Standard Organization
• OSI Open System Interconnection
• Goal a general open standard
• allow vendors to enter the market by using their
  own implementation and protocols

13
ISO OSI Reference Model

• Seven layers
• Lower three layers are peer-to-peer
• Next four layers are end-to-end

Application
Application
Presentation
Presentation
Session
Session
Transport
Transport
Network
Network
Network
Datalink
Datalink
Datalink
Physical
Physical
Physical
Physical medium
14
Data Transmission

• A layer can use only the service provided by the
  layer immediate below it
• Each layer may change and add a header to data
  packet

Data
Data
Data
Data
Data
Data
Data
15
OSI Model Concepts

• Service says what a layer does
• Interface says how to access the service
• Protocol says how is the service implemented
• a set of rules and formats that govern the
  communication between two peers

16
Physical Layer (1)

• Service move the information between two systems
  connected by a physical link
• Interface specifies how to send a bit
• Protocol coding scheme used to represent a bit,
  voltage levels, duration of a bit
• Examples coaxial cable, optical fiber links
  transmitters, receivers

17
Datalink Layer (2)

• Service
• framing, i.e., attach frames separator
• send data frames between peers
• others
• arbitrate the access to common physical media
• ensure reliable transmission
• provide flow control
• Interface send a data unit (packet) to a machine
  connected to same physical media
• Protocol layer addresses, implement Medium
  Access Control (MAC) (e.g., CSMA/CD)

18
Network Layer (3)

• Service
• deliver a packet to specified destination
• perform segmentation/reassemble
• others
• packet scheduling
• buffer management
• Interface send a packet to a specified
  destination
• Protocol define global unique addresses
  construct routing tables

19
Transport Layer (4)

• Service
• provide an error-free and flow-controlled
  end-to-end connection
• multiplex multiple transport connections to one
  network connection
• split one transport connection in multiple
  network connections
• Interface send a packet to specify destination
• Protocol implement reliability and flow control
• Examples TCP and UDP

20
Session Layer (5)

• Service
• full-duplex
• access management, e.g., token control
• synchronization, e.g., provide check points for
  long transfers
• Interface depends on service
• Protocols token management insert checkpoints,
  implement roll-back functions

21
Presentation Layer (6)

• Service convert data between various
  representations
• Interface depends on service
• Protocol define data formats, and rules to
  convert from one format to another

22
Application Layer (7)

• Service any service provided to the end user
• Interface depends on the application
• Protocol depends on the application
• Examples FTP, Telnet, WWW browser

23
TCP/IP Networking Model

• TCP/IP has a different layered model

Application Layer
Transport Layer (TCP) Error Correction Reliable
Connection
Internetwork Layer (IP) WAN Connectivity Unreliabl
e Datagram Service
Network Access Layer Physical Connection LAN
Connection
24
Network Access Layer

• Responsible for physical connection
• Shape
• Size
• Voltages
• Responsible for rules of how to put bits on the
  wire
• These are the building blocks for the network
• The goal of the physical layer is to move
  information across one hop

25
Internet Layer

• Transports data from one end-user system to
  another end-user systems by hopping across as
  many physical connections as necessary
• Provides a mechanism to connect many LANs
  together effectively
• Connectionless and unreliable datagram protocol
• Protocols
• Internet Protocol
• Routing Protocol
• Supporting Protocol

26
IP Header
0
4
8
16
19
31
Version
HLen
TOS
Length
Identification
Flags
Fragment offset
20 bytes
TTL
Protocol
Header checksum
Source address
Destination address
Options (variable)

• Comments
• HLen header length only in 32-bit words (5 lt
  HLen lt 15)
• TOS (Type of Service) now split in
• Differentiated Service Field (6 bits)
• remaining two bits used by ECN (Early Congestion
  Notification)
• Length the length of the entire
  datagram/segment header data
• Flags Dont Fragment (DF) and More Fragments
  (MF)
• Fragment offset all fragments excepting last
  one contain multiples of 8 bytes
• Header checksum - uses 1s complement

27
IP Addresses

• IP provides logical address space and a
  corresponding addressing schema
• IP address is a globally unique or private number
  associated with a host network interface
• Every system which will send packets directly out
  across the Internet must have a unique IP address
• IP addresses are based on where station is
  connected
• IP addresses are controlled by a single
  organization - address ranges are assigned
• They are running out of space!

28
Routing Protocols

• Enable routing decisions to be made
• Manage and periodically update routing tables,
  stored at each router
• Autonomous collection of routers
• Under single administration
• Use same routing protocol Interior Gateway
  Protocol (IGP)
• Use Exterior Gateway Protocol (EGP) to
  communicate other systems
• Router which way to send the packet closer.
  (Keep routing table small and allow to handle
  unlimited number of systems.)
• Protocol types
• Reachability
• Distance vector

29
Supporting Protocols

• Handle specific tasks
• Address Resolution Protocol (ARP)
• Reverse Address Resolution Protocol (RARP)
• Internet Control Message Protocol (ICMP)
• Internet Group Management Protocol (IGMP)

30
The Domain Name System

• Each system connected to the Internet also has
  one or more logical addresses.
• Unlike IP addresses, the domain address have no
  routing information - they are organized based on
  administrative units
• There are no limitations on the mapping from
  domain addresses to IP addresses

31
Domain Name Resolution

• Domain Name Resolution looking up a logical
  name and finding a physical IP address
• There is a hierarchy of domain name servers
• Each client system uses one domain name server
  which in turn queries up and down the hierarchy
  to find the address
• If your server does not know the address, it goes
  up the hierarchy possibly to the top and works
  its way back down

32
Transport Layer (TCP)

• Present a reliable end-to-end pipe to the
  application
• Data either arrives in the proper order or the
  connection is closed
• Keeps buffers in the sending and destination
  system to keep data which has arrived out of
  order or to retransmit if necessary
• Provides individual connections between
  applications

33
TCP Header
0
4
10
16
31
Destination port
Source port
Sequence number
Acknowledgement
Advertised window
Flags
HdrLen
Checksum
Urgent pointer
Options (variable)

• Sequence number, acknowledgement, and advertised
  window used by sliding-window based flow
  control
• Flags
• SYN, FIN establishing/terminating a TCP
  connection
• ACK set when Acknowledgement field is valid
• URG urgent data Urgent Pointer says where
  non-urgent data starts
• PUSH dont wait to fill segment
• RESET abort connection

34
TCP Header (Cont)

• Checksum 1s complement and is computed over
• TCP header
• TCP data
• Pseudo-header (from IP header)
• Note breaks the layering!

Source address
Destination address
TCP Segment length
0
Protocol (TCP)
35
TCP Connection Establishment

• Three-way handshake
• Goal agree on a set of parameters the start
  sequence number for each side

Server
Client (initiator)
36
Application Layer

• Uses the reliable TCP connections to accomplish
  useful work over the network
• client-server applications
• standard applications
• telnet (port 23)
• mail (port 25)
• finger (port 79)
• ftp (port 21)
• Each application uses a port and a protocol
• Each port can have many connections

37
OSI vs. TCP/IP

• OSI conceptually define service, interface,
  protocol
• Internet provide a successful implementation

Application
Application
Telnet
FTP
DNS
Presentation
Session
TCP
UDP
Transport
Transport
IP
Network
Internet
Datalink
Host-to- network
Packet radio
LAN
Physical