What's inside the cloud?!

What's inside the cloud?!

Initial Arpanet

Initial Arpanet Interface Message Processors - DDP-516 mini-computers - 24 Kbyte of Core memory - Store-and-forward packet switching - Predecessors of present routers

Initial Arpanet Leased Lines - Modems - 50 Kbps

Initial Arpanet Leased Lines - Modems - 50 Kbps PDP-10 IBM System/360 SDS Sigma 7

Initial Arpanet First link operational 21/11/1969 4 nodes connected 5/12/1969

Arpanet grows... December 1969

...and grows... June 1970

... and grows... December 1970

... and grows... September 1971

... and grows... 1971

... and grows... March 1972

... and grows... Sattelite links! September 1973

... and grows! July 1977

Logical Arpanet Map

Internetworking? Many networks being set up: EARN, Bitnet, Janet, Csnet, Eunet,... and coupled to Arpanet Jan. 1, 1982: Arpanet switches to TCP/IP (see RFC 801) 1986: Creation of NSFNet New high speed backbone

NSFNet Grows rapidly: 1986: 56 Kbps backbone 1988: 1.5 Mbps backbone already connects 170 TCP/IP enabled networks 1990: Arpanet dissolves, NSFNet takes over 1991: Commercial use of NSFNet accepted many existing commercial networks connected to NSFNet 1992: 44.736 Mbps backbone (T3)

NSFNet traffic for November 1994 0 bytes 1 TB

Privatising NFSNet NFSNet will migrate to private industry New structure: Network Access Points (NAPs) provide access to high speed links (backbone) commercially operated Initially (1994), 4 155 Mbps NAPs were created by NSF: New York (Sprint) Washington DC (MFS) Chicago (Ameritech) California (Pacific Bell) 30/04/1995: NFSNet dissolves Internet now is interconnection of different commercially operated networks

Internet Service Providers Internet Service Provider (ISP) Provide Internet access to customers Customer connects to ISP Point of Presence (PoP) Different categories or Tiers Three ways to connect ISP network to other ISPs Pay other ISP for access = Transit Interconnect networks for free = Peering Other ISP pays you An internet user should be able to contact every other internet user

Tier-1 Providers Tier 1 providers don't pay for network access There's no more Internet backbone Many Internet backbones, owned by companies Tier 1 Internet Service Providers have large, high-bandwidth, worldwide networks e.g. AT&T, Sprint, Savvis, Qwest, Level 3,...

telegeography.com

Point Of Presence Point-of-Presence (PoP): provides access to provider network you have to provide a connection to the PoP to connect to the Internet through your ISP Note: Private Network Access Point (PNAP) direct private access to provider network <--> PoP, which is shared access point

Tier-1 Providers Tier 1 Providers interconnect their networks this creates an Internet Backbone Tier 1 Providers = Backbone Providers Typically don't charge each other for traffic connecting networks is win-win situation, both providers get faster access to the other one's network and more reliable and possibly faster access to the Internet = Peering

Peering Exchanging network traffic with peers is called peering. physical connection between networkd physically co-locate PoP of both providers and connect them setting in both networks for route exchange agreement on amount and type of traffic Also known as Settlement Free Interconnection ISP has Peering Policy stating conditions for peering (open,

Tier-2 providers Users don't connect directly to a tier-1 provider Tier-2 providers connect their network to one or more tier-1 providers and offer PoP's for their users T2 provider has to pay T1 provider =/= peering!

Internet Food Chain backbone Tier1 PoP Tier2 PoP Tier1 PoP PoP Tier2 Tier1 Tier2 PoP Tier2 PoP PoP PoP Tier2 Tier2

Internet Food Chain But, it isn't that simple... Tier-2 providers will also start connecting their networks --> Peering don't have to pay, win-win situation Less traffic to Tier-1 providers, so less costs for Tier-2 provider Less traffic to Tier-1 providers, so backbone less busy Faster access to systems in peer networks Peering often happens in an Internet Exchange (IX)

Internet Food Chain backbone Tier1 PoP Tier1 PoP PoP Tier2 Tier2 Tier1 Tier2 Tier2 PoP PoP Tier2 Tier2 IX PoP IX PoP PoP Tier3

Internet exchange IX Tier1 Tier1 PoP PoP PoP PoP Tier2 PoP Tier2 Tier2 Tier2 PoP

Internet exchange Internet exchange (IX) Belgium: BNIX (www.bnix.be) Netherlands: AMS-IX (www.ams-ix.net) UK: LINX (www.linx.net)... (www.dix.dk/euro/) Typically upto 10GBit switching Note, IX can provide connections between providers at different Tiers It's just a (number of) datacenter(s)... It's a collection of PoP's of different providers

LINX London INternet exchange is distributed over 6 locations:

Belgian National Internet exchange http://www.bnix.be www.bnix.be/stats.php www.bnix.be/members.php

Who's peering? Have a look at: www.peeringdb.com www.robtex.com

Overview

But who's the boss?

ISOC ISOC = Internet Society (www.isoc.org) The Internet Society (ISOC) is a nonprofit organisation founded in 1992 to provide leadership in Internet related standards, education, and policy. Steers IETF, IAB, ICANN,... Works with governments about policy

ICANN ICANN = Internet Corporation for Assigned Names and Numbers (www.icann.org) Responsible for IP addresses, Top-Level Domains (TLDs), domain names Most of technical work done as IANA

IANA IANA = Internet Assigned Numbers Authority part of ICANN delegates IP allocation Regional Internet Registries (RIRs) www.iana.org DNS Root Zones (cctlds and gtlds) IP Addresses AS Numbers Protocol numbers, eg. port numbers

Regional Internet Registries (RIRs) Manage and allocate IP addresses for IANA RIPE NCC (www.ripe.net) ARIN (www.arin.net) Asia Pacific Network Information Centre LACNIC (www.lacnic.net) American Registry for Internet Numbers APNIC (www.apnic.net) Réseaux IP Européen Network Control Centre Latin America and Carribean Internet Address Registry AfriNIC (www.afrinic.net) African Network Information Centre from www.apnic.net

IP Address Space Originally allocated in classes (A,B,C) Running out of addresses? From www.xkcd.com Now CIDR We'll talk about Ipv6 later

Need IP addresses? >= 2048 addresses? (/21 or larger) Become a member of RIPE NCC IP Addresses are free, but you pay for the services of the RIR... < 2048 addresses Ask a member of the RIR Most often an ISP

Example: KHLeuven KHLeuven has 193.190.138.0/24 IANA allocated 193.0.0.0/8 to RIPE NCC From http://www.iana.org/assignments/ipv4-addressspace/ipv4-address-space.txt whois 193.190.138.0 RIPE NCC allocated 193.190.0.0/15 to Belnet Belnet allocated 193.190.138.0/24 to KHLeuven

Border Gateway Protocol (BGP) BGP = De facto standard for inter-domain routing Autonomous System (AS) = collection of IP networks and the interconnecting routers that present a common routing policy to the Internet (see RFC 1930) identified by AS-number, assigned by IANA Runs on TCP, port 179 number between 1 and 65535 (16 bits) TCP connections between routers are kept alive Defined in RFC 1771

BGP Path Vector algorithm using AS instead of individual routers

BGP Path Vector algorithm using AS instead of individual routers hide network layout of AS routing inside AS organized by some internal gateway protocol BGP has to rely on AS/IGP to prevent internal loops

BGP Peers BGP Peers or Neighbours manual configuration manually add neighbours to the router config On connection establishment: full routing information exchanged After this, only changes are transmitted

BGP: Routing Table Size Active BGP entries in Global Routing Table: http://bgp.potaroo.net

BGP: Routing Table Size Increasing Routing Table Size increases workload and memory demands on routers Countermeasure: Classless Inter-Domain Routing (CIDR) and Route aggregation Instead of advertising 256 Class C address blocks, e.g. 195.100.1.0, 195.100.2.0,..., an ISP can now advertise 195.100.0.0/16 also called supernetting

BGP in action Looking Glass web interfaces available to inspect BGP: http://www.nanog.org/lookingglass.html BGPlay: http://bgplay.routeviews.org/bgplay/

Traceroute Traceroute shows route packets follow Linux/Unix: traceroute Windows: tracert Web based traceroute: many listed at http://www.traceroute.org/ Different GUI's available

Traceroute: example gerben@rg m gedie:/tmp$ traceroute www.mit.edu traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte packets 1 192.168.123.254 (192.168.123.254) 0.311 ms 2 10.75.128.1 (10.75.128.1) 11.435 ms 3 dd5e0fac2.access.telenet.be (213.224.250.194) 10.203 ms 4 IBGENT02 SRP5 0.telenet ops.be (213.224.126.6) 14.855 ms 5 213.224.126.110 (213.224.126.110) 17.105 ms 6 212.3.237.1 (212.3.237.1) 15.795 ms 7 so 5 1 0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms 8 so 3 0 0.mp1.Boston1.Level3.net (209.247.9.125) 101.530 ms 9 ae 22 54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10 4.79.2.2 (4.79.2.2) 92.545 ms 100.322 ms 92.759 ms 11 W92 RTR 1 BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms 12 WWW.MIT.EDU (18.7.22.83) 93.833 ms (simplified output)

Traceroute: example gerben@rg m gedie:/tmp$ traceroute www.mit.edu traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte packets 1 192.168.123.254 (192.168.123.254) 0.311 ms 2 10.75.128.1 (10.75.128.1) 11.435 ms 3 dd5e0fac2.access.telenet.be (213.224.250.194) 10.203 ms 4 IBGENT02 SRP5 0.telenet ops.be (213.224.126.6) 14.855 ms 5 213.224.126.110 (213.224.126.110) 17.105 ms 6 212.3.237.1 (212.3.237.1) 15.795 ms 7 so 5 1 0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms 8 so 3 0 0.mp1.Boston1.Level3.net (209.247.9.125) 101.530 ms 9 ae 22 54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10 4.79.2.2 (4.79.2.2) 92.545 ms 100.322 ms 92.759 ms 11 W92 RTR 1 BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms 12 WWW.MIT.EDU (18.7.22.83) 93.833 ms 12 Hops on route (simplified output)

Traceroute: example gerben@rg m gedie:/tmp$ traceroute www.mit.edu traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte packets 1 192.168.123.254 (192.168.123.254) 0.311 ms 2 10.75.128.1 (10.75.128.1) 11.435 ms 3 dd5e0fac2.access.telenet.be (213.224.250.194) 10.203 ms 4 IBGENT02 SRP5 0.telenet ops.be (213.224.126.6) 14.855 ms 5 213.224.126.110 (213.224.126.110) 17.105 ms 6 212.3.237.1 (212.3.237.1) 15.795 ms 7 so 5 1 0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms 8 so 3 0 0.mp1.Boston1.Level3.net (209.247.9.125) 101.530 ms 9 ae 22 54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10 4.79.2.2 (4.79.2.2) 92.545 ms 100.322 ms 92.759 ms 11 W92 RTR 1 BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms 12 WWW.MIT.EDU (18.7.22.83) 93.833 ms One line for each router on the route (Would normally contain results for 3 packets) (simplified output)

Traceroute: example gerben@rg m gedie:/tmp$ traceroute www.mit.edu traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte packets 1 192.168.123.254 (192.168.123.254) 0.311 ms 2 10.75.128.1 (10.75.128.1) 11.435 ms 3 dd5e0fac2.access.telenet.be (213.224.250.194) 10.203 ms 4 IBGENT02 SRP5 0.telenet ops.be (213.224.126.6) 14.855 ms 5 213.224.126.110 (213.224.126.110) 17.105 ms 6 212.3.237.1 (212.3.237.1) 15.795 ms 7 so 5 1 0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms 8 so 3 0 0.mp1.Boston1.Level3.net (209.247.9.125) 101.530 ms 9 ae 22 54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10 4.79.2.2 (4.79.2.2) 92.545 ms 100.322 ms 92.759 ms 11 W92 RTR 1 BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms 12 WWW.MIT.EDU (18.7.22.83) 93.833 ms Host name and IP for router (if reverse lookup possible) (simplified output)

Traceroute: example gerben@rg m gedie:/tmp$ traceroute www.mit.edu traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte packets 1 192.168.123.254 (192.168.123.254) 0.311 ms 2 10.75.128.1 (10.75.128.1) 11.435 ms 3 dd5e0fac2.access.telenet.be (213.224.250.194) 10.203 ms 4 IBGENT02 SRP5 0.telenet ops.be (213.224.126.6) 14.855 ms 5 213.224.126.110 (213.224.126.110) 17.105 ms 6 212.3.237.1 (212.3.237.1) 15.795 ms 7 so 5 1 0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms 8 so 3 0 0.mp1.Boston1.Level3.net (209.247.9.125) 101.530 ms 9 ae 22 54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10 4.79.2.2 (4.79.2.2) 92.545 ms 100.322 ms 92.759 ms 11 W92 RTR 1 BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms 12 WWW.MIT.EDU (18.7.22.83) 93.833 ms Round Trip Time between local system and this router in milliseconds (normally 3 different RTTs) (simplified output)

Traceroute: use What can we learn from a traceroute? Detect problems: locate route interruption bad router configuration inefficient routing high latency hops Provide information about network structure

Traceroute: implementation How does traceroute report the route? Let's see what happens by capturing the packets use ethereal Wireshark or tcpdump or...

Traceroute: implementation What do we see: DNS query and response for www.mit.edu UDP packet from local to www.mit.edu Source port = 61538 en Dest port = 33435 Doesn't provide any information on route... But Time To Live (TTL) value in IP header = 1 First router decreases TTL, and discards packet Sends ICMP TTL Exceeded message Local system now knows IP address of first router (source address of ICMP packet) DNS reverse lookup for first router UDP packet from local to www.mit.edu TTL = 2

Traceroute: implementation Traceroute algorithm: Send UDP packet to high port number on target system with TTL = 1, 2, 3,... Receive ICMP TTL exceeded message from 1st, 2nd, 3rd,... router When target host reached (TTL = route length): selected UDP port not in use: receive ICMP port unreachable message selected UDP port in use: no answer...

Traceroute: GUI examples xtraceroute VisualRoute