Protocoles internet. Carole Delporte paris- diderot.fr Introduc8on. C. Delporte M2- Internet 1

Transcription

1 Protocoles inter Carole Delporte paris- diderot.fr Introduc8on C. Delporte M2- Inter 1

2 Protocoles et services inter Sommaire (prévision): q Introduction et rappels réseau q Rappels java v Quelques compléments java q Protocoles: couche application v v v v Html-http ftp smtp Dns q Extensions v v Réseaux Pair à pair Grands réseaux et petits mondes q Sécurité v sockets ssl q Serveurs web v Apache, servlet, web services 3 séances de TP + examen M2-Inter 1-2

3 Bibliographie q q q q Java Network Programming, 3rd Edition Elliotte Rusty Harold O'Reilly Media, Inc.. Computer Networking: A Top Down Approach, 6 th edition J.F. Kurose K.W. Ross Addison Weslay. Computer Networks, A.S. Tannenbaum, D.J. Wetherall,Pearson. Certains transparents proviennent de: q Computer Networking: A Top Down Approach, Jim Kurose, Keith Ross Addison-Wesley q Documents sur Didel PSIM2 et sur M2-Inter 1-3

4 Chapitre 1 q Introduction (rappels réseau) v Hôtes, réseaux d accès, liens physiques v Commutation par circuits, par paquets, structure du réseau v Pertes et délais v Protocoles et modèle en couches v Sécurité v Historique M2-Inter 1-4

5 Les composants PC server wireless laptop cellular handheld router points wired links q millions of connected computing devices: hosts = end systems v running work apps q communication links v fiber, copper, radio, satellite v transmission rate = bandwidth q routers: forward packets (chunks of data) Mobile work Global ISP Home work Regional ISP Institutional work M2-Inter 1-5

6 Inter: q protocols control sending, receiving of msgs v e.g., TCP, IP, HTTP, Skype, Ether q Inter: work of works v loosely hierarchical v public Inter versus private intra q Inter standards v RFC: Request for comments v IETF: Inter Engineering Task Force Mobile work Global ISP Home work Regional ISP Institutional work M2-Inter 1-6

7 What s the Inter: a service view q communication infrastructure enables distributed applications: v Web, VoIP, , games, e-commerce, social work, file sharing q communication services provided to apps: v reliable data delivery from source to destination v best effort (unreliable) data delivery mobile work home work institutional work global ISP regional ISP M2-Inter 1-7

8 A closer look at work structure: q work edge: applications and hosts q works, physical media: wired, wireless communication links mobile work home work global ISP regional ISP q work core: v interconnected routers v work of works institutional work M2-Inter 1-8

9 The work edge: q end systems (hosts): v run application programs v e.g. Web, v at edge of work q client/server model peer-peer v client host requests, receives service from always-on server client/server v e.g. Web browser/server; client/server q peer-peer model: v minimal (or no) use of dedicated servers v e.g. Skype, BitTorrent M2-Inter 1-9

10 A closer look at work structure: q work edge: applications and hosts q works, physical media: wired, wireless communication links mobile work home work global ISP regional ISP q work core: v interconnected routers v work of works institutional work M2-Inter 1-10

11 Inter structure: work of works Question: given millions of ISPs, how to connect them together? M2-Inter 1-11

12 Inter structure: work of works Option: connect each ISP to every other ISP? connecting each ISP to each other directly doesn t scale: O(N 2 ) connections. M2-Inter 1-12

13 Inter structure: work of works Option: connect each ISP to a global transit ISP? Customer and provider ISPs have economic agreement. global ISP M2-Inter 1-13

14 Inter structure: work of works But if one global ISP is viable business, there will be competitors. ISP A ISP B ISP C M2-Inter 1-14

15 Inter structure: work of works But if one global ISP is viable business, there will be competitors. which must be interconnected ISP A IXP IXP ISP B ISP C peering link M2-Inter 1-15

16 Inter structure: work of works and regional works may arise to connect s to ISPS ISP A IXP IXP ISP B ISP C regional M2-Inter 1-16

17 Inter structure: work of works and content provider works (e.g., Google, Microsoft, Akamai ) may run their own work, to bring services, content close to end users ISP A ISP B ISP B IXP Content provider work IXP regional Inter exchange point M2-Inter 1-17

18 Google Data Centers q Estimated cost of data center: $600M q Google spent $2.4B in 2007 on new data centers q Each data center uses megawatts of power M2-Inter 18

19 Inter structure: work of works Tier 1 ISP Tier 1 ISP Google IXP Regional ISP IXP Regional ISP IXP ISP ISP ISP ISP ISP ISP ISP ISP v at center: small # of well-connected large works tier-1 commercial ISPs (e.g., Level 3, Sprint, AT&T, NTT), national & international coverage content provider work (e.g, Google): private work that connects it data centers to Inter, often bypassing tier-1, regional ISPs 1-19 M2-Inter

20 Tier-1 ISP: e.g., Sprint POP: point-of-presence to/from backbone peering. to/from customers M2-Inter 1-2

21 Inter structure: work of works q Tier-2 ISPs: smaller (often regional) ISPs v Connect to one or more tier-1 ISPs, possibly other tier-2 ISPs Tier-2 ISP pays tier-1 ISP for connectivity to rest of Inter q tier-2 ISP is customer of tier-1 provider Tier-2 ISP Tier-2 ISP Tier 1 ISP Tier 1 ISP Tier 1 ISP Tier-2 ISPs also peer privately with each other. Tier-2 ISP Tier-2 ISP Tier-2 ISP M2-Inter 1-21

22 Inter structure: work of works q Tier-3 ISPs and local ISPs v last hop ( ) work (closest to end systems) Local and tier- 3 ISPs are customers of higher tier ISPs connecting them to rest of Inter local ISP local ISP Tier 3 ISP Tier-2 ISP Tier 1 ISP Tier-2 ISP local ISP local ISP Tier 1 ISP local ISP Tier-2 ISP Tier 1 ISP Tier-2 ISP local ISP local ISP Tier-2 ISP local ISP M2-Inter 1-2

23 Inter structure: work of works q a packet passes through many works! local ISP Tier 3 ISP Tier-2 ISP local ISP local ISP Tier-2 ISP local ISP Tier 1 ISP Tier 1 ISP Tier 1 ISP Tier-2 ISP local ISP Tier-2 ISP local ISP Tier-2 ISP local ISP local ISP M2-Inter 1-2

24 Protocoles, modèle en couches M2-Inter 1-2

25 Protocoles, modèle en couches Networks are complex! q many pieces : v hosts v routers v links of various media v applications v protocols v hardware, software Question: Is there any hope of organizing structure of work? Or at least our discussion of works? M2-Inter 1-2

26 What s a protocol? human protocols: q what s the time? q I have a question q introductions specific msgs sent specific actions taken when msgs received, or other events work protocols: q machines rather than humans q all communication activity in Inter governed by protocols protocols define format, order of msgs sent and received among work entities, and actions taken on msg transmission, receipt M2-Inter 1-2

27 What s a protocol? a human protocol and a computer work protocol: Hi Hi Got the time? 2:00 time TCP connection request TCP connection response Get <file> Q: Other human protocols? M2-Inter 1-2

28 Why layering? dealing with complex systems: v explicit structure allows identification, relationship of complex system s pieces layered reference model for discussion v modularization eases maintenance, updating of system change of implementation of layer s service transparent to rest of system e.g., change in gate procedure doesn t affect rest of system v layering considered harmful? M2-Inter 1-28

29 Inter protocol stack v application: supporting work applications FTP, SMTP, HTTP v transport: process-process data transfer TCP, UDP v work: routing of datagrams from source to destination IP, routing protocols v link: data transfer between neighboring work elements Ether, (WiFi), PPP v physical: bits on the wire application transport work link physical M2-Inter 1-29

30 ISO/OSI reference model v presentation: allow applications to interpret meaning of data, e.g., encryption, compression, machine-specific conventions v session: synchronization, checkpointing, recovery of data exchange v Inter stack missing these layers! these services, if needed, must be implemented in application needed? application presentation session transport work link physical M2-Inter 1-30

31 segment datagram frame message H l H t H n H t H n H t M M M M source application transport work link physical Encapsulation link physical switch H l H n H n H t H t H t M M M M destination application transport work link physical H l H n H n H t H t M M work link physical H n H t M router M2-Inter 1-31

32 Network Security q The field of work security is about: v how bad guys can attack computer works v how we can defend works against attacks v how to design architectures that are immune to attacks q Inter not originally designed with (much) security in mind v original vision: a group of mutually trusting users attached to a transparent work J v Security considerations in all layers! M2-Inter 1-3

33 Bad guys can put malware into hosts via Inter q Malware can get in host from a virus, worm, or trojan horse. q Spyware malware can record keystrokes, web sites visited, upload info to collection site. q Infected host can be enrolled in a bot, used for spam and DDoS attacks. q Malware is often self-replicating: from an infected host, seeks entry into other hosts M2-Inter 1-3

34 Bad guys can put malware into hosts via Inter q Trojan horse v Hidden part of some otherwise useful software v Today often on a Web page (Active-X, plugin) q Virus v infection by receiving object (e.g., attachment), actively executing v self-replicating: propagate itself to other hosts, users q Worm: v infection by passively receiving object that gets itself executed v self- replicating: propagates to other hosts, users M2-Inter 1-3

35 Bad guys can attack servers and work infrastructure q Denial of service (DoS): attackers make resources (server, bandwidth) unavailable to legitimate traffic by overwhelming resource with bogus traffic 1. select target 2. break into hosts around the work (see bot) 3. send packets toward target from compromised hosts target M2-Inter 1-3

36 The bad guys can sniff packets Packet sniffing: v broadcast media (shared Ether, wireless) v promiscuous work interface reads/records all packets (e.g., including passwords!) passing by A C src:b dest:a payload B v Wireshark software used for end-of-chapter labs is a (free) packet-sniffer M2-Inter 1-3

37 The bad guys can use false source addresses q IP spoofing: send packet with false source address A C src:b dest:a payload B M2-Inter 1-3

38 The bad guys can record and playback q record-and-playback: sniff sensitive info (e.g., password), and use later v password holder is that user from system point of view A C src:b dest:a user: B; password: foo B M2-Inter 1-3

39 Historique M2-Inter 1-3

40 Inter History : Early packet-switching principles q 1961: Kleinrock - queueing theory shows effectiveness of packetswitching q 1964: Baran - packetswitching in military s q 1967: ARPA conceived by Advanced Research Projects Agency q 1969: first ARPA node operational q 1972: v ARPA public demonstration v NCP (Network Control Protocol) first host-host protocol v first program v ARPA has 15 nodes M2-Inter 1-4

41 Inter History : Interworking, new and proprietary s q 1970: ALOHA satellite work in Hawaii q 1974: Cerf and Kahn - architecture for interconnecting works q 1976: Ether at Xerox PARC q ate70 s: proprietary architectures: DEC, SNA, XNA q late 70 s: switching fixed length packets (ATM precursor) q 1979: ARPA has 200 nodes Cerf and Kahn s interworking principles: v minimalism, autonomy - no internal changes required to interconnect works v best effort service model v stateless routers v decentralized control define today s Inter architecture M2-Inter 1-41

42 Inter History : new protocols, a proliferation of works q 1983: deployment of TCP/IP q 1982: smtp protocol defined q 1983: DNS defined for name-to-ip-address translation q 1985: ftp protocol defined q 1988: TCP congestion control q new national works: Cs, BIT, NSF, Minitel q 100,000 hosts connected to confederation of works M2-Inter 1-4

43 Inter History 1990, 2000 s: commercialization, the Web, new apps q Early 1990 s: ARPA decommissioned q 1991: NSF lifts restrictions on commercial use of NSF (decommissioned, 1995) q early 1990s: Web v hypertext [Bush 1945, Nelson 1960 s] v HTML, HTTP: Berners-Lee v 1994: Mosaic, later Netscape v late 1990 s: commercialization of the Web Late 1990 s 2000 s: q killer apps: , web, instant messaging, P2P file sharing q work security to forefront q est. 50 million host, 100 million+ users q backbone links running at Gbps M2-Inter 1-4

44 Inter history 2005-present q ~750 million hosts v Smartphones and tablets q Aggressive deployment of broadband q Increasing ubiquity of high-speed wireless q Emergence of online social works: v Facebook: soon one billion users q Service providers (Google, Microsoft) create their own works v Bypass Inter, providing instantaneous to search, , etc. q E-commerce, universities, enterprises running their services in cloud (eg, Amazon EC2) M2-Inter 1-44

45 Les standard inter q Inter Engineering Task Force (IETF) (ouvert) q W3C (industriels fermé) q RFC IETF: v v v v v Experimental Proposed standard Draft standard Standard Informational Historic q Niveau de recommandation v v v v v Not recommended Limited use Elective Recommended required M2-Inter 45

46 Inter 2013 M2-Inter 1-46

47 statistiques M2-Inter 1-4

48 Inter 2013 M2-Inter 1-48

49 Inter 2013 M2-Inter 1-4

50 Facebook M2-Inter 1-5

51 Facebook M2-Inter 1-51

52 Facebook M2-Inter 1-52

53 M2-Inter 1-5