Networking 1 / 43. Networking

Transcription

1 and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping 1 / 43

2 and Operating Systems and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping Many different pieces Some pieces are in the kernel; others are in user space Apart from the division, we need appropriate interfaces 2 / 43

3 Kinds of and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping Different protocols; different protocol suites User versus kernel consumption Synchronous versus asynchronous 3 / 43

4 and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping Service Servers Clients Peer-to-peer Which are part of the OS? 4 / 43

5 The Stack and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping Seven layers: physical, link, network, transport, session, presentation, application Well, not really, on the Internet Link layer device drivers Network: IP (Internet Protocol) Transport (and a bit of session): TCP, UDP Presentation, application: applications All but the last are in the kernel 5 / 43

6 Protocol Suites and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping TCP/IP The Internet Subclass: IPv6 OSI Novell IPX Appletalk NetBIOS Many others that have faded from the scene 6 / 43

7 and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping Connection-Oriented or Connectionless? Some protocols are connection-oriented once things are set up, you always talk to a single endpoint Example: TCP Others are connectionless each packet can go to or come from a different place Example: UDP, as used in the DNS 7 / 43

8 Mux/Demux and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping Many layers of multiplex/demultiplex Link layer selects different network layers (and maybe different protocol suites) Network layer selects different transports Transport layer selects different applications User space can read all layers 8 / 43

9 Layers and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping Application Transport Network Link Transport Network 9 / 43

10 Application Access and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping Why do applications have access to all layers? Debugging Implement layer at user level 10 / 43

11 Example: tcpdump at Link Layer and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping # tcpdump -v -v -s 1500 not ip and not arp tcpdump: listening on bge0, link-type EN10MB (Ethernet), capture size 1500 bytes 23:05: :48:54:71:ce:32 > Broadcast null I (s=0,r=0,c) len=42 11 / 43

12 Example: DHCP and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping DHCP is used to assign IP addresses to hosts At the time a host issues a DHCP request, it has no IP address, so it can t speak IP Both the DHCP client and the DHCP server have to listen and speak at link level 12 / 43

13 Example: OSPF and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping The OSPF routing protocol runs directly on top of IP To implement this at user level, the program has to read IP packets 13 / 43

14 Example: ping and Operating Systems Kinds of The Stack Protocol Suites Connection-Oriented or Connectionless? Mux/Demux Layers Application Access Example: tcpdump at Link Layer Example: DHCP Example: OSPF Example: ping ping uses ICMP messages ICMP lives directly on top of IP In other words, ICMP packets have to be available both in the kernel and at user level 14 / 43

15 Network Connections Aren t Files The Socket Interface Sockets and Layers Connectionless Networks Couldn t We Just Open /dev/tcp? Summary What is the interface to the networking stack? Is it file-like? Something special? The answer, of course, is it depends 15 / 43

16 Network Connections Aren t Files Network Connections Aren t Files The Socket Interface Sockets and Layers Connectionless Networks Couldn t We Just Open /dev/tcp? Summary We always do much more than just read or write We often have to pass extra information, such as source or destination address for connectionless protocols But sometimes, we do just read and write / 43

17 The Socket Interface Network Connections Aren t Files The Socket Interface Sockets and Layers Connectionless Networks Couldn t We Just Open /dev/tcp? Summary Due originally to Berkeley, circa 1983 Network access is initiated by the socket() system call On Unix, socket() returns an ordinary file descriptor; you can (eventually) do read()/write()/close() On Windows, it returns a special type of file descriptor; you can only do special socket operations, such as send()/recv() 17 / 43

18 Sockets and Layers Network Connections Aren t Files The Socket Interface Sockets and Layers Connectionless Networks Couldn t We Just Open /dev/tcp? Summary Sockets are used at all layers parameters on the socket() call specify the layer and protocol The semantics of the returned file descriptor are layer-dependent A variety of options can be set with setsockopt() and ioctl() Sockets are also used for configuration control, such as assigning IP addresses to interfaces You control the routing tables by writing to a special socket 18 / 43

19 Connectionless Networks Network Connections Aren t Files The Socket Interface Sockets and Layers Connectionless Networks Couldn t We Just Open /dev/tcp? Summary Every packet written needs a destination address as well as data Every packet read contains a source address as well as data Use sendto()/recvfrom() (Address format will vary, depending on the type of network; some networks even use variable-length addresses 19 / 43

20 Couldn t We Just Open /dev/tcp? Network Connections Aren t Files The Socket Interface Sockets and Layers Connectionless Networks Couldn t We Just Open /dev/tcp? Summary On some systems, such as Solaris, you can! But we still need special operations setsockopt() could just be an ioctl, but accept() returns a new file descriptor Connectionless networks use special data format 20 / 43

21 Summary Network Connections Aren t Files The Socket Interface Sockets and Layers Connectionless Networks Couldn t We Just Open /dev/tcp? Summary Network connections aren t really files Given all the special stuff that has to go on anyway, there s little advantage to using the file system instead of sockets There may be some advantage, though, to getting a normal file descriptor 21 / 43

22 Service Service Dispatchers The Port Mapper The Port Mapper Other? Telnet and SSH Anonymous FTP Service Servers Clients Peer-to-peer 22 / 43

23 Service Service Service Dispatchers The Port Mapper The Port Mapper Other? Telnet and SSH Anonymous FTP Service applications function as an extension of the OS Example: with NFS, the client and server are in the kernel, but other pieces are at user level: mounting and unmount the file system, locking, etc. Example: Routing IP is pretty useless without it 23 / 43

24 Service Dispatchers Service Service Dispatchers The Port Mapper The Port Mapper Other? Telnet and SSH Anonymous FTP Certain applications exist just to run other applications ineted Runs most TCP and UDP applications (Original idea was to keep the process table small, to improve performance. Now, it permits (some) servers to just use stdin/stdout) Example: portmapper dispatches inbound RPC requests 24 / 43

25 The Port Mapper Service Service Dispatchers The Port Mapper The Port Mapper Other? Telnet and SSH Anonymous FTP Subprocedures or rather, their stubs register with the portmapper The caller s stubs contact the port mapper to find out the actual port number for the subprocedure This is not quite invisible to the application programmer; at the least, the registration has to be set up 25 / 43

26 The Port Mapper Service Service Dispatchers The Port Mapper The Port Mapper Other? Telnet and SSH Anonymous FTP $ rpcinfo -p cluster.cs.columbia.edu program vers proto port service tcp 111 portmapper tcp 111 portmapper tcp mountd udp 2049 nfs and many more besides 26 / 43

27 Other? Service Service Dispatchers The Port Mapper The Port Mapper Other? Telnet and SSH Anonymous FTP Most applications have nothing to do with the OS A Web server could run, almost unchanged, just as well on Windows as on Unix (Minor differences in a few system calls) But some do authentication 27 / 43

28 Telnet and SSH Service Service Dispatchers The Port Mapper The Port Mapper Other? Telnet and SSH Anonymous FTP Telnet and SSH permit remote logins They have to authenticate users, using OS-specific mechanisms Telnet can invoke login; SSH, which can do its own authentication, cannot 28 / 43

29 Anonymous FTP Service Service Dispatchers The Port Mapper The Port Mapper Other? Telnet and SSH Anonymous FTP Ordinary FTP has to authenticate users; see above Anonymous FTP has a different problem: confining the remote user Must use OS-specific sandbox mechanism 29 / 43

30 Goals of Types of CORBA Publish-Subscribe Common middle layer between applications and the stack I.e., common middle ground between applications and the OS Arguably as much a part of the OS as the C runtime library 30 / 43

31 Goals of Goals of Types of CORBA Publish-Subscribe Common interface Naming Replication Access 31 / 43

32 Types of Goals of Types of CORBA Publish-Subscribe Document-based: the Web File-based: distributed file system Object-based: CORBA Publish-subscribe More / 43

33 CORBA Goals of Types of CORBA Publish-Subscribe CORBA: Common Object Request Broker Architecture RPC extended procedure calls to the net CORBA extends objected-oriented programming to the net Instead of referencing files or web pages, you invoke methods The CORBA Object Broker handles naming, location, access method, etc. 33 / 43

34 Publish-Subscribe Goals of Types of CORBA Publish-Subscribe Processes that have information publish it On a LAN, implemented as a broadcast Information router forwards such broadcasts to other interested LANs If a process subscribes to a topic, its local information broker tells other LANs it wants such data 34 / 43

35 It s a Distributed OS Actually, There Are Many Grids Scenarios Security Issues Sandboxing Storage Space Accounting Other Essential Components Share computing resources around the world (The original goal of the ARPANET!) Built on high performance computers and high performance networks 35 / 43

36 It s a Distributed OS It s a Distributed OS Actually, There Are Many Grids Scenarios Security Issues Sandboxing Storage Space Accounting Other Essential Components The Grid functions like a large-scale distributed operating system It has to solve all the distributed OS problems we talked about These include security, scheduling, locking, communications, and more 36 / 43

37 Actually, There Are Many Grids It s a Distributed OS Actually, There Are Many Grids Scenarios Security Issues Sandboxing Storage Space Accounting Other Essential Components The Grid is a concept and a set of protocols, not a single Internet-wide virtual machine You and your friends can pool your own machines Each Grid sets up its own access control policy 37 / 43

38 Scenarios It s a Distributed OS Actually, There Are Many Grids Scenarios Security Issues Sandboxing Storage Space Accounting Other Essential Components Specific computer; local I/O only simply have to authenticate to host computer Specific computer; remote I/O must delegate security credentials to host OS to allow file retrieval and update Run on best computer must talk to scheduler and delegate credentials; scheduler must verify acceptability of credentials on each candidate machine Multiprocessing each remote job needs credentials to talk to other pieces 38 / 43

39 Security Issues It s a Distributed OS Actually, There Are Many Grids Scenarios Security Issues Sandboxing Storage Space Accounting Other Essential Components User authentication straight-forward Must protect grid computers from remote users standard operating system problem Must have large-scale, secure, distributed file system Users want to protect their data from the remote OS hard! 39 / 43

40 Sandboxing It s a Distributed OS Actually, There Are Many Grids Scenarios Security Issues Sandboxing Storage Space Accounting Other Essential Components If untrusted users are running jobs on your machine, you may want to sandbox them But each user needs different resources; you need a flexible sandbox You want to isolate each remote user from every other, and (if possible) from your local users 40 / 43

41 Storage Space It s a Distributed OS Actually, There Are Many Grids Scenarios Security Issues Sandboxing Storage Space Accounting Other Essential Components The Grid is for big problems; these take a lot of storage space How do we manage allocation? How do we transfer that much over the net? How do we encrypt that much data during storage? 41 / 43

42 Accounting It s a Distributed OS Actually, There Are Many Grids Scenarios Security Issues Sandboxing Storage Space Accounting Other Essential Components Someone has to pay for resources used The Grid includes accounting standards record CPU, disk, and RAM usage (and perhaps bandwidth) 42 / 43

43 Other Essential Components It s a Distributed OS Actually, There Are Many Grids Scenarios Security Issues Sandboxing Storage Space Accounting Other Essential Components Name space File I/O and format conversion File replication and cache engine Brokers, which talk to schedulers These are middleware 43 / 43