Transcript Document
第二章 應用層 (Application Layer) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 1 應用層--簡介 本章主要介紹在應用層所常用的協定 HTTP (section 2.2) FTP (section 2.3) E-mail (section 2.4) DNS (section 2.5) 並介紹用戶端(client)和伺服器端(server) 的關係 Service model Socket programming (section 2.6) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 2 用戶端(client)和伺服器端(server) 用戶端和伺服器端是一種互相依持的關係 (一個用戶端,一個伺服器端)或 (一個用戶端,數個伺服器端)或 (數個用戶端,一個伺服器端)或 (數個用戶端,數個伺服器端) 在執行一般的網路應用程式情況下,一台機器 是用戶端亦是伺服器端 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 3 用戶端(client)和伺服器端(server (cont.) 用戶端 通常為送出要求(request)的一方或 最初建立連線(connection)要求的一方 向伺服器端要求提供服務(service)的一方 例如:使用者端的瀏覽器(browser) 伺服器端 通常為送出回應(reply)的一方 提供服務的一方 例如:網頁伺服器(web server) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 4 Layer OSI 7 Layer Application Layer 7 Application Presentation Layer 6 Presentation Session Layer 5 Session socket Ch.2 Application-Layer Transort Layer 4 TCP/UDP Network Layer 3 IP Data_Link Layer 2 Physical Layer 1 LLC MAC Code Media (C) All rights reserved by Professor WenTsuen Chen 5 用戶端(client)和伺服器端(server (cont.) Request Application Transport Network Data link Physical Clien t Ch.2 Application-Layer Application Reply (C) All rights reserved by Professor WenTsuen Chen Transport Network Data link Physical Serv er 6 應用層(Application Layer) 應用層是位於OSI七層中的最上層 為什麼我們需要應用層呢? 因為應用層提供了一個平台,可以讓許多的網路應用程式在 應用層執行 這一些應用程式都是在對等的應用層做溝通 Application Application Application Transport Network Data link Physical Ho st A Transport Network Data link Physical Ho st B Transport Network Data link Physical Ho st C Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 7 應用程式(applications) 這裡泛指網路應用程式(Network Application) 應用程式分別於使用者的機器上執行 兩個或兩個(multicast application)以上應用 程式透過網路溝通 由於上述的交換動作,所以應用層得以存在 例如: 電子郵件(E-mail) 檔案交換(FTP) 網頁瀏覽(Web browsing) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 8 應用層協定(Application-layer Protocol) 屬於應用程式的一部份 協定(protocol)中定義 使用此應用程式所需要的流程 所交換的訊息格式 訊息所表示的意義 與下層協定溝通的方法 … 例如: 我們瀏覽網頁需要HTTP協定 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 9 應用層協定(Application-layer Protocol) (cont.) Q:網路應用程式跟應用層的協定有什麼關係? 應用層的協定只是網路應用程式的一部份而已 例如:HTTP和網頁應用程式的關係 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 10 應用層協定(Application-layer Protocol) (cont.) 應用程式介面(API, Application Programmer‘s Interface) API就像是進出應用程式的一扇門 應用程式透過API與下層協定溝通 在這裡網路程式所指的API就是常見的Socket Socket在後面有專節介紹 定址(Addressing) IP (ch. 4)或是主機名稱(需搭配DNS) 指定應用程式(Socket port) Socket port就像是門的鑰匙 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 11 應用程式所需要的條件 資料流失(data loss) 網路頻寬(Network Bandwidth) 在資料傳輸的過程難免會有資料流失,我們要注意 應用程式所能夠接受的範圍,並加以改善 我們需要考慮每一個應用程式所需要的頻寬需求 時間的影響(Time delay) 我們需要考慮時間對於應用程式的影響 例如:播放影片或是聲音,就不允許資料延遲過久 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 12 應用程式所需要的條件(cont.) Application Data loss Bandwidth Time Sensitive File transfer No loss elastic No E-mail No loss elastic No Web documents Loss-tolerant elastic No Real-time audio/video Loss-tolerant Audio: 5kb-1Mb Yes, 100’s Video: 10kb-5Mb msec Stored audio/video Loss-tolerant Same as above Yes, few secs Interactive games Loss-tolerant Few Kbps up Yes, 100’s msec Financial apps No loss elastic Yes and no Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 13 網路傳輸層(Transport layer) -- overview 傳輸層屬於OSI第四層 在應用層的下層傳輸層(ch. 3)提供了兩種不同 的服務協定 TCP (Transmission Control Protocol ) UDP (User Datagram Protocol) 在應用層所執行的網路應用程式都是透過這兩 種協定來與網路溝通 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 14 網路傳輸層(Transport layer) – overview (cont.) TCP service 連結導向(connection-oriented) 要透過TCP溝通需要先建立連線(three way handshake) 提供可靠的傳輸(reliable transport) 提供流量控制(flow control) 提供壅塞控制(congestion control) UDP service 非連結導向(connectionless) 要透過UDP溝通不需要先建立連線 提供盡力的傳送(best effort transport) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 15 TCP—Three way handshake window size window size N i, q e S t, c e n n Co Connect, Seq j, window size M send buffer receiver buffer ACK i+1( i+1以 前全收到 ) ACK j+1 TCP建connection的方法 3 way handshake Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 16 常見的網路應用程式所使用的service 應用程式 應用層協定 傳輸層協定 電子郵件 Smtp[RFC 821] TCP 遠端裝置存取 telnet[RFC 854] TCP 網頁 http[RFC2068] TCP 檔案傳輸 ftp[RFC959] TCP 多媒體串流(stream) Proprietary TCP or UDP 遠端檔案伺服器 NSF TCP or UDP 網路電話 Proprietary Typically UDP Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 17 World Wide Web (WWW) Elements URL: Uniform resource locator HTTP: Hypertext Transfer Protocol HTML: Hypertext Markup Language Java Language Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 18 URL: Uniform Resource Locator RFC編號:1738, 1808. A URL is compact representation of the location and access method for a resource available via the Internet. 一個resource 是一個可以透過網路存取的任何 物件, 包括檔案目錄、檔案、文件聲音和影 像…等 URL的一般表示法 <scheme>:<scheme-specific-part> Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 19 RFC 1738為了下列存取機制所定義之URL formats ftp http gopher mailto news nntp telnet wais file prospero Ch.2 Application-Layer File Transfer Protocol Hypertext Transfer Protocol The Gopher Protocol Electronic mail address USNET news USNET news using NNTP access Reference to interactive sessions Wide-Area Information Servers Host-specific file names Prospero Directory Service (C) All rights reserved by Professor WenTsuen Chen 20 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 21 URI: Universal Resource Identifier (URI) RFC編號1630. 是一種將用在網際網路中的物件的名稱和位址 的表示一致的語法 URL是URI的一種。 Decouple resource的名稱從它所在的位置或 是從它所存取的方法 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 22 HTTP HTTP: Hyper Text Transfer Protocol Web的應用層協定 採用用戶端和伺服器端的服務架構 用戶端:要求、接收並顯示所接收的web pages 伺服器端:接受要求並回應所要求的web pages http request Application Transport Network Data link Physical browser Ch.2 Application-Layer Application http reply Transport Network Data link Physical web server (C) All rights reserved by Professor WenTsuen Chen 23 HTTP Web page所包含的原件有 Objects Base HTML file HTML是用來描述web page的一種語言 URL:是用來表示一個page或是object HTML file, jpeg image, java applet… www.nthu.edu.tw/index-c.html (hostname + path name) 目前HTTP有兩種標準 http 1.0 (RFC 1945) http 1.1 (RFC 2068)—目前所使用 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 24 HTML: Hypertext Markup Language 使一種用來描述網頁的文件要如何定義的語言 Embedding markup commands with each HTML files so that a browser can reformat the files. HTML的標準化 由 WWW組織所制訂 ex: W3C Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 25 HTTP HTTP下層協定使用TCP傳送服務 由用戶端初始化連線(setup TCP connection),使 用socket port 80與伺服器端溝通 伺服器端回應後,兩端開始交換訊息直到結束(TCP connection close) HTTP是一個stateless的協定 Stateless意指伺服器端不需要保有任何有關過去用 戶端的要求訊息(request message) 通常協定要保有過去的state,就會變的很複雜 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 26 Non-persistent和persistent連線的不同 Non-persistent HTTP/1.0 每一個TCP連線都會在 server送完物件後結束 所以每一個連線都只會 有一個request和一個 respond Respond time = 2 RTTs + Ttrans 每一個所傳送的物件, 都會受到slow start影響 Ch.2 Application-Layer Persistent Default for HTTP/1.1 在同一個用戶端會一直 使用同一個TCP連線, 直到time out才關掉 有較少的RTT和slow start 有分成pipeline和nonpipeline (C) All rights reserved by Professor WenTsuen Chen 27 HTTP的訊息格式-- request 訊息是使用ASCII text所寫(易於閱讀) Http的要求訊息格式 request line (GET, POST, HEAD commands) header lines Carriage return, line feed indicates end of message Ch.2 Application-Layer GET /somedir/page.html HTTP/1.0 User-agent: Mozilla/4.0 Accept: text/html, image/gif,image/jpeg Accept-language:fr (extra carriage return, line feed) (C) All rights reserved by Professor WenTsuen Chen 28 HTTP的要求訊息格式-- 一般式 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 29 HTTP的訊息格式-- response status line (protocol status code status phrase) header lines data, e.g., requested html file Ch.2 Application-Layer HTTP/1.0 200 OK Date: Thu, 06 Aug 1998 12:00:15 GMT Server: Apache/1.3.0 (Unix) Last-Modified: Mon, 22 Jun 1998 …... Content-Length: 6821 Content-Type: text/html data data data data data ... (C) All rights reserved by Professor WenTsuen Chen 30 常見的回應訊息 200 OK 要求成功, 所要求的物件會夾帶在接下來的訊息 301 Moved Permanently 所要求的物件已經一到別處,新的位置將會出現在下一個訊 息中 (Location:) 400 Bad Request 所要求的訊息,伺服器無法判讀 404 Not Found 所要求的物件並不存在伺服器裡 505 HTTP Version Not Supported 所要求使用的協定,伺服器端並不支援 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 31 Java Language (爪窪語言) 在1995年,由昇揚公司(Sun Microsystems Inc.)所制訂 For waiting interactive web pages. A small Java program, called an applet, is associated with a web page and downloaded to the client machine to interpret the web page. Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 32 Java Language (cont.) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 33 認證(Authentication) server 目的:為了要控制存取 client 伺服器資料的權力 usual http request msg 401: authorization req. 因為是stateless所以用 WWW authenticate: 戶端每一次request都要 認證一次 usual http request msg 認證通常使用name和 + Authorization:line password usual http response msg 為避免需要重覆輸入認 證資料,瀏覽器會自行 usual http request msg 讀取catch的資料 + Authorization:line time 認證步驟如右 usual http response msg Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 34 cookies server 設定cookie是為了方便 client 在下一次存取網站時, usual http request msg 可以不需要再輸入一些 usual http response + Set-cookie: # 重複性的資料 Cookie是由伺服器端要 usual http request msg 求用戶端建立,並且存 cookiecookie: # 在用戶端的機器上 spectific usual http response msg action Cookie大多用來 認證 使用者的訊息 建立步驟如右 Ch.2 Application-Layer usual http request msg cookie: # usual http response msg (C) All rights reserved by Professor WenTsuen Chen cookiespectific action 35 Web快取(proxy伺服器) 目的:為了可以使用戶端 送出的request不用直接 到原來的伺服器,如此一 來便可以加速網頁的取得 及瀏覽 所以大部分的用戶端都會 透過proxy server來存取 網路資源,而proxy server會保有一些web的 快取資料,以利存取 如果現在的網頁資料不是最 新的,則proxy會去原始的 網站去更新目前保有的資料 Ch.2 Application-Layer origin server client client (C) All rights reserved by Professor WenTsuen Chen Proxy server origin server 36 為什麼使用web catching 因為proxy一般會離用戶 端較近,會使的存取的 速度較快 可以減少一些較長距離 的traffic 同一筆資料可以統一由 proxy來維持更新 右圖為示意圖 origin servers public Internet 1.5 Mbps access link institutional network 10 Mbps LAN 1.5 Mbps access link是一 個bottleneck Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 37 FTP: File Transfer Protocol user at host FTP FTP user client interface file transfer local file system FTP server remote file system FTP是現在較普遍也較常用的一個檔案傳輸的 協定 採用用戶端與伺服器端模式溝通 RFC編號:959 所使用的port:21 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 38 FTP: File Transfer Protocol (cont.) TCP control connection port 21 FTP client TCP data connection port 20 FTP server FTP使用TCP作為傳輸層所使用的協定 在FTP的連結中有分為兩種 Control:在client和server之間交換commands和response,屬 於”out of band control” Data:在client和server之間的data交換 FTP和HTTP不同,他會maintain state 目前所在目錄 登錄所做的認證 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 39 FTP: File Transfer Protocol (cont.) 如何連結上FTP server? >>ftp xxx.xxx.xxx.xxx port >>get file.xxx (取得檔案) >>put file.xxx (上傳檔案) 回應訊息 Commands Open:連接FTP server User: 使用者帳號 Pass: 密碼 RETR filename: 取得檔案 STOR filename: 上傳檔案 Bye: 結束連線 Ch.2 Application-Layer 331 帳號 OK,需要密碼 125 data connection 已經開啟; 傳送開始 425 無法開啟 data connection 452 檔案寫入錯誤 (C) All rights reserved by Professor WenTsuen Chen 40 Electronic-mail (E-mail, 電子郵件) 包含三個部分 使用者代理人 (user agent) 郵件伺服器 (mail server) SMTP協定 user agent user mailbox mail server SMTP SMTP mail server user agent Ch.2 Application-Layer outgoing message queue SMTP user agent mail server user agent user agent user agent (C) All rights reserved by Professor WenTsuen Chen 41 E-mail– user agent 有時亦稱為郵件讀取者(mail reader) 它可以讓user讀取、回復、轉發、儲存和建構 訊息(message, mail…) 使用者需要讀取信息時,user agent會去跟郵 件伺服器溝通,取回信息,或是送出信息 User agent常見的有: Microsoft Outlook or Outlook Express Netscape Messenger Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 42 E-mail– Mail server 每一個user都會有一個信箱(mail box)來存放 尚未讀取的信件 尚未傳送出去的信件會暫時存在message queue SMTP扮演了兩種角色 Client:當作傳送信件的server Server:當作接收信件的server Client和server這兩種服務都會執行在每一台 郵件伺服器上 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 43 E-mail– SMTP SMTP: Simple Mail Transfer Protocol 使用TCP作為下層溝通的協定 Port: 25 傳送三部曲 RFC編號: 821 Handshaking Transfer of messages closure 所有信息資訊必須是7-bit ASCII Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 44 SMTP和HTTP的比較 相同處 使用TCP為傳輸層協定 Client and server model 使用persistent connections 不同處 http是pull protocol而SMTP是push protocol SMTP的message限定在7 bit ASCII 文件組成方式不同 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 45 SMTP溝通範例 S: C: S: C: S: C: S: C: S: C: C: C: S: C: S: 220 cs.nthu.edu.tw HELO oz.nthu.edu.tw 250 Hello oz.nthu.edu.tw, pleased to meet you MAIL FROM: <[email protected] > 250 [email protected]... Sender ok RCPT TO: <[email protected] > 250 [email protected] ... Recipient ok DATA 354 Enter mail, end with "." on a line by itself Do you like ketchup? How about pickles? . 250 Message accepted for delivery QUIT 221 cs.nthu.edu.tw closing connection Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 46 信息格式 RFC 822為text message exchange 標準 Header lines To: From: Subject: header blank line body Body The message, ASCII character only Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 47 信息格式 (cont.) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 48 信息格式 (cont.) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 49 MIME extension for Non-ASCII data MIME: multimedia mail extension RFC 2045, 2056 目的:為了要能夠支援非ASCII的data 在標頭檔定義MIME的格式 MIME version(版本) 壓縮資料的方法 (encode data) 多媒體資料的種類 及副檔名(type, subtype) 壓縮的資料 (encoded data) Ch.2 Application-Layer From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg base64 encoded data ..... ......................... ......base64 encoded data (C) All rights reserved by Professor WenTsuen Chen 50 MIME (cont.) RFC 822 MIME所增加的標頭檔(headers) Header Meaning MIME-version 定義MIME的版本 Content-Description 描述信息內容 Content-ID 唯一的識別碼 Content-Transfer-Encoding 在傳送所壓縮的方法 Content-Type 信息的種類 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 51 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 52 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 53 MIME 的種類(types) Content-Type: 種類/副檔名; 參數 (type/subtype; parameters) 文字(Text) 例如:副檔名為 plain, html 圖片(Image) 例如:副檔名為 jpeg, gif 聲音(Audio) 例如:副檔名為 mpeg, quicktime 應用程式(Application) 例如:副檔名為 basic (8bit mu-law encoded), 32kadpcm (32 kbps coding) Ch.2 Application-Layer 影像(Video) other data that must be processed by reader before “viewable” 例如:副檔名為 msword, octet-stream (C) All rights reserved by Professor WenTsuen Chen 54 郵件存取協定(mail access protocol) SMTP負責接收端server的傳送及儲存信息 Mail access protocol:從server取回信件 POP: Post Office Protocol IMAP RFC 1939 提供認證及下載服務 RFC 2060 可以遠端操作信件,不需下載信件至機器上 HTTP (web mail) Hot mail, mail2000, yahoo… Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 55 POP3協定 authorization phase client commands: user: declare username pass: password server responses +OK -ERR transaction phase, client: list: list message numbers retr: retrieve message by number dele: delete quit Ch.2 Application-Layer S: C: S: C: S: +OK POP3 server ready user alice +OK pass hungry +OK user successfully logged C: S: S: S: C: S: S: C: C: S: S: C: C: S: list 1 498 2 912 . retr 1 <message 1 contents> . dele 1 retr 2 <message 1 contents> . dele 2 quit +OK POP3 server signing off (C) All rights reserved by Professor WenTsuen Chen 56 on Email Security (電子郵件的安全性) PGP: Pretty Good Privacy, by Phil Zimmermaun in 1995. Support text compression, secrecy and digital signatures. Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 57 PGP message format(訊息格式) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 58 PEM: Privacy Enhanced Mail An official Internet standard described in RFC 1421-1424. Support privacy and authentication for RFC 822 based email systems. The message together with its message digest is encrypted using DES with a one-time key that is enclosed along with the message. The key can be protected with RSA and certified by certification authorities. Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 59 PGP和PEM的比較 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 60 DNS (Domain Name System) -- Overview 名稱我們可以拿來做什麼? 確認、識別一個物件(object) 幫助我們放置(allocate)一個物件 定義在一個團體中的關係 明確定義一個角色(role) 傳送一個機密訊息 Name space(名稱空間) 定義一組可用的名稱 由一組名稱與數值的配對所組成 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 61 DNS (Domain Name System) (cont.) 為什麼我們要使用DNS? DNS是一個分散式的資料庫 可以幫助我們對應IP位址和主機名字(hostname) 無須記憶IP位址,只需記憶名字 將許多name servers變成階層式架構 DNS是屬於應用層的協定 Host, routers, name server透過溝通來達成解析名 稱的目的(address/name translation) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 62 DNS (Domain Name System) (cont.) Hierarchy edu princeton … mit cs com gov cisco… yahoo nasa …nsf mil org arpa …navy acm …ieee net uk fr ee physics ux01 ux04 Name chinstrap.cs.princeton.edu Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 63 DNS (Domain Name System) -- Example Hosts cheltenham.cs.princeton.edu 192.12.69.17 192.12.69.17 80:23:A8:33:5B:9F Files /usr/llp/tmp/foo (server, fileid) Users Larry Peterson Ch.2 Application-Layer [email protected] (C) All rights reserved by Professor WenTsuen Chen 64 DNS (Domain Name System) -- Example (cont.) Mailboxes 2 cs.princeton.edu Name server User 1 user @ cs.princeton.edu Mail program 192.12.69.5 3 192.12.69.5 4 192.12.69.5 5 TCP IP Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 65 DNS name server 為什麼我們不採取集中式DNS? 如果單一DNS server壞了,會影響很大 Traffic volume (一台server不可能處理全部的位址 解析) Server所放置的位置過遠 維護不易 DNS server可分為 當地名稱伺服器(Local name server) 根名稱伺服器(Root name server) 認證名稱伺服器(Authoritative name server) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 66 DNS name server Local name server Root name server 負責當地(local)名稱解析,如解析不成,往上詢問 root server 負責解析當地DNS無法解析之name Authoritative name server Host都會來此主機註冊 當root server亦無法解析名稱時,就會詢問 authoritative name server Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 67 FQDN (Fully Qualify Domain Name) 一個將名稱與位址對應的機制 為的避免名稱重複 做流量控制 一個DNS name = 一個FQDN 一個FQDN名稱可以對應到多個IP 名稱解析的流程:Interactive Query 以下為範例: Search www.microsoft.com Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 68 DNS Root 名稱解析範例 2 DNS .org DNS .com DNS .edu DNS .tw 3 DNS .microsoft DNS .ibm DNS .nthu 4 DNS .cs www 5 DNS .web Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 1 DNS .mis ZONE ZONE 69 名稱解析範例(cont.) Step1:web.→ nthu. Step2:nthu. → Root(所以Root需要很多台) (→ Q:com.的IP)(← com. DNS的IP) Step3:nthu. → com. (→ Q:microsoft.com.的IP)(← microsoft.com. DNS的 IP) Step4:nthu. → microsoft. (→ Q:www.microsoft.com.的IP)(← www.microsoft.com. DNS的IP) 取得名稱解析的IP,此IP會存放在nthu的catch中,存放 TTL的時間 Step5:nthu. → web. Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 70 ZONE ZONE:是一個特殊單位。一個ZONE一定要有一個 DNS來管,但是一個DNS可以管理許多的ZONE, 而每一個ZONE都有一個ZONE File ZONE File SOA (Start-of-Authority) 1. Version Number(判斷新舊,但clock要相同) Refresh timer(一個ZONE有兩個DNS Server, Secondary Server每隔一段時間去跟Master Server複製) Entry timer Expire time TTL(問到機器的IP後可存放在catch中的時間。if TTL=0, 多用於Proxy, DHCP) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 71 ZONE (cont.) Administrator mail Domain name NS(Name Server) MX(Mail Exchange Server) A(Host):ZONE有多少台機器,需要Dynamic update CN(alias):多IP對應一台主機 PTR(Pointer): 2. 3. 4. 5. 6. 有IP查名稱(逆向查詢) 正向查詢:---.ZONE 逆向查詢:97.25.163.in-addr.arpa Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 72 Recursive Query 我們為了Load balance還有一種Recursive Query, 使用Forward方式進行(以DNS為單位,對象不一定 為上游) 執行順序: Interactive Query Recursive Query If 要直接則使用Forward 如下圖為Recursive Query動作流程 在圖中的Catch DNS為Slave only,它不用經過流程1.(詢 問Root)直接問Catch DNS Forward的DNS,如果DNS也不 知道的話,就會使用Interactive Query查詢。 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 73 Recursive Query (cont.) Interactive Interactive DNS Recursive catch Forward Catch DNS Catch DNS Catch DNS Catch DNS Client Ch.2 Application-Layer catch catch (C) All rights reserved by Professor WenTsuen Chen 74 DNS的種類 Interactive Query和Recursive Query的分別: Interactive Query:已經找到全部的名稱 Recursive Query:為了Load balance的目的 DNS的種類區分 Primary DNS:自己ZONE Secondary DNS:有從別人那一邊copy的ZONE (只要有就算) Master DNS:自己的ZONE被別人Copy Catch DNS:每一台DNS Server都算是 Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 75 DNS的種類 (cont.) Master DNS Primary DNS Secondary DNS COPY Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 76 DNS的紀錄檔 DNS: distributed db storing resource records (RR) RR format: (name, Type=A value, type,ttl) name is hostname value is IP address Type=CNAME Type=NS name is domain (e.g. foo.com) value is IP address of authoritative name server for this domain Ch.2 Application-Layer name is an alias name for some “cannonical” (the real) name value is cannonical name Type=MX value is hostname of mailserver associated with name (C) All rights reserved by Professor WenTsuen Chen 77 DNS的紀錄檔 (cont.) Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 78 DNS協定的訊息格式 DNS的query和reply訊息格式是一樣的 訊息標頭欄位 Identification:一個16 bit的代號,query和reply都使 用同一個代號 Flags: query或reply Recursion desired Recursion available Reply is authoritative Ch.2 Application-Layer (C) All rights reserved by Professor WenTsuen Chen 79 DNS協定的訊息格式(cont.) Name, type of fields for a query RRs in response to query records for authoritative servers additional helpful info that may be used Ch.2 Application-Layer identification flags number of question number of answer RRs number of authority RRs number of additional RRs 12 bytes question (variable number of question) answers (variable number of resource records) authority (variable number of resource records) additional imformation (variable number of resource records) (C) All rights reserved by Professor WenTsuen Chen 80