Transcript Document
Departamento de
Tecnología Electrónica
Some of these slides are
copyrighted by:
Chapter 2
Network Services
Network services
Computer Networking:
A Top Down Approach
5th edition.
Jim Kurose, Keith Ross
Addison-Wesley, April
2009.
1
Chapter 2: Network Services
Chapter goals:
understand most common data services in
networks:
File transfer services
e-mail services
Domain Name Servers (DNS)
Network services
2
Chapter 2: Network Services
1.1 Introduction
1.2 File transfer
services
TFTP
FTP
1.3 e-mail services
SMTP
POP3
1.4 Domain Name
Server (DNS)
Network services
3
Chapter 2: Network Services
1.1 Introduction
1.2 File transfer
services
TFTP
FTP
1.3 e-mail services
SMTP
POP3
1.4 Domain Name
Server (DNS)
Network services
4
Introduction
Network Services -> key in companies and
organizations
Work based in shared network resources &
distributed services
Great diversity of services
Network services
5
Types of Network Services
Configuration and management
Management of hosts.
e.g. DHCP.
Remote Access
Remote hosts are allowed to access to a network.
e.g. SSH
File management
File transfer, storage and management
e.g. FTP.
Print services
Printer share.
Information
Information sharing and querying
e.g. WWW, video sharing, IPTV
Communication
User communication by means of text, audio and/or video messages
e.g. e-mail, chat, videoconference, IP telephony, games online.
Network services
6
Architecture of Network Services
Approaches
Client-server
Peer-to-peer (P2P)
Hybrid of client-server and P2P
Network services
7
Client/Server architecture
server:
always-on host
permanent IP address
server farms for
scaling
clients:
client/server
communicate with server
may be intermittently
connected
may have dynamic IP
addresses
do not communicate
directly with each other
Network services
8
P2P architecture
no always-on server
arbitrary end systems
directly communicate peer-peer
peers are intermittently
connected and change IP
addresses
Highly scalable but
difficult to manage
Network services
9
Hybrid of client-server and P2P
Skype
voice-over-IP P2P application
centralized server: finding address of remote
party:
client-client connection: direct (not through
server)
Instant messaging
chatting between two users is P2P
centralized service: client presence
detection/location
• user registers its IP address with central
server when it comes online
• user contacts central server to find IP
addresses of buddies
Network services
10
Chapter 2: Network Services
1.1 Introduction
1.2 File transfer
services
TFTP
FTP
1.3 e-mail services
SMTP
POP3
1.4 Domain Name
Server (DNS)
Network services
11
File Transfer Services
File transfer between remote hosts
Aims:
Remote hosts may share files
Client & server file systems are independent
Efficient data transfer
Two main protocols
FTP (File Transfer Protocol): uses TCP -> reliable
• RFC 959
TFTP (Trivial File Transfer Protocol): uses UDP -> more
simple
• RFC 1350
Network services
12
TFTP
Trivial File Transfer Protocol
File transfer
Very simple protocol
Non reliable -> UDP (port 69)
No folders; no encryptation
For transfering small files
Network services
13
TFTP
TFTP messages
Opcode
(2 bytes)
Opcode: type of message
•
•
•
•
•
Variable length
data
01: RRQ (Read Request)
02: WRQ (Write Request)
03: DATA
04: ACK
05: Error message
Variable length data: depend on the opcode
Network services
14
TFTP
TFTP messages -> RRQ & WRQ
Opcode
= 01
File
name
00
Transmission
mode
00
Option
N
00
Value
N
00
N options
RRQ is the first msg the client sends to server’s port
69 when getting a file
After RRQ -> DATA or Error
Transmission mode: ‘netascii’ or ‘octet’ (binary files)
N possible options with N values (one for each option)
WRQ message format is the same as RRQ -> but
opcode value = 02
After WRQ -> ACK (server must give permission) or
Error
Network services
15
TFTP
TFTP messages -> DATA & ACK
Opcode
= 03
# block
(2 bytes)
Data block
of the transmitted file
0-512 bytes
# block -> 1-65535 (guarantees order of data -> UDP
can’t!)
Last block is recognised as its size < 512 bytes (what
happens if total file lenght is a multiple of 512 bytes?)
Problem: long files -> a lost msg means a complete retx.
ACK message format is the same as DATA -> but
opcode value = 04 & there are no data blocks
Network services
16
TFTP
TFTP messages -> Error
Opcode
= 05
Error
code
Error
description
00
Error code: cause of the error.
Examples
•
•
•
•
…
•
0 -> Not defined. See error description
1 -> File not found
2 -> Access violation
3 -> Disk full
6 -> File already exists
Network services
17
FTP: the file transfer protocol
user
at host
file transfer
FTP
FTP
user
client
interface
local file
system
FTP
server
remote file
system
transfer file to/from remote host
client/server model
client: side that initiates transfer (either to/from
remote)
server: remote host
ftp: RFC 959
Uses TCP: ports 20, 21 -> reliable transfer
Network services
18
FTP
Two TCP connections
Data: transferred data (port 20)
Control: allows the user moving through the
directory structure and downloading & uploading
files (port 21)
FTP Client
Data
transfer
FTP Server
Control
dialogue
Control
dialogue
Data
transfer
TCP
protocol
Network services
19
FTP Client/Server model
FTP Client initiates connection (server’s port 21)
Connection parameters are negotiated in handshake
Data port
Connection mode: active/pasive
Transfer mode: ASCII/binary
FTP Client
Data
transfer
FTP Server
Control
dialogue
Control
dialogue
Data
transfer
TCP
protocol
Network services
20
Active connection mode
Standard mode
2 TCP connections
Control: Client’s
random port (>1024)
to server’s port 21
Data: when server
ACK -> from server’s
port 20 to client’s
port (indicated in
first control
command)
FTP Client
FTP Server
Control
port (e.g.
1033)
Data port
(e.g. 1034)
Control
port (21)
Data port
(20)
Command
PORT 1034
Command
ACK
DATA
Comando
ACK
Data connection is
initiated from the
server
Network services
21
Pasive connection mode
2 TCP connections
Control: Client’s
random port (>1024)
to server’s port 21 ->
PASV command.
Server indicates a
random port for data
connection (>1024)
Data: client
establishes
connection
FTP Client
FTP Server
Control
port (e.g.
1033)
Data port
(e.g. 1034)
Control
port (21)
Data port
(e.g. 1820)
Data port
(20)
PASV
command
Connection
establishment
PORT 1820
command
ACK
command
Network services
22
FTP Servers
Configuration parameters
Control port (default: port 21)
Max # of connections to server & max # of connections per
IP
Connection timeout
Welcome & goodbye msgs
Passive mode port numbers
Users & groups
Authenticated users: have login & passwd -> registered in
server
Anonymous users
Groups: share the same properties in FTP server
Network services
23
FTP Servers
Permissions
Read, write, execution (rwx)
Permissions for the owner, for groups & for the rest of
users
Bandwidth limit
Server may limit transfer rate for the users
Logs
Register data or any other info about user connections &
errors
Network services
24
FTP Clients
ftp <ip_addr>
Commands
cd
get
put
mkdir
exit
…
Do not mistake FTP
commands typed by client
for FTP control commands
Network services
25
FTP commands, responses
Sample control
commands:
sent as ASCII text over
control channel
USER username
PASS password
LIST return list of file in
Sample return codes
status code and phrase (as
current directory
RETR filename retrieves
STOR filename stores
(gets) file
(puts) file onto remote
host
in HTTP)
331 Username OK,
password required
125 data connection
already open;
transfer starting
425 Can’t open data
connection
452 Error writing
file
Network services
26
Chapter 2: Network Services
1.1 Introduction
1.2 File transfer
services
TFTP
FTP
1.3 e-mail services
SMTP
POP3
1.4 Domain Name
Server (DNS)
Network services
27
E-mail services
Main features:
One of the most important services on the
Internet
Allows users to exchange mails in an easy, fast
and cheap way
Multiple receivers
Client-server scheme
Types of client apps
Graphic interfaces (Microsoft Outlook, Mozilla
Thunderbird, Apple Mail)
Text (pine, elm, mail)
Web (Gmail, Hotmail, SquirrelMail)
Network services
28
E-mail services
Related concepts:
Mail account
Associated to user name & passwd
[email protected]
Mailbox
Mail alias
Mail list
Network services
29
E-mail services
Standards:
SMTP (Simple Mail Transfer Protocol)
IMF (Internet Mail Format)
MIME (Multipurpose Internet Mail Extensions)
POP (Post Office Protocol)
IMAP (Internet Message Access Protocol)
Network services
30
E-mail services
Components:
SMTP
Mail User Agent (MUA)
Mail Transfer Agent (MTA)
MTA
Mail Delivery Agent (MDA)
POP
IMAP
SMTP
Mail User Agents (MUA)
MUA
MUA
MTA
MUA
Mail client
Compose, edit, read mail
messages
Use two mail servers:
Outgoing mail server (SMTP)
Incoming mail server (POP or
IMAP)
MTA
SMTP
MUA
MUA
Network services
MUA
Outgoing
mail queue
User mailbox
31
E-mail services
Mail Agent Transfer
(MTA)
Mail server
SMTP
MTA
Stores sender’s mails for
Mail Delivery Agent (MDA)
POP
IMAP
SMTP
delivery (outgoing queue)
Stores incoming mails for
their users
MTA
MUA
SMTP
MUA
MTA
MUA
MUA
In charge of copying incoming
messages to user mailbox
MUA
MUA
Network services
Outgoing
mail queue
User mailbox
32
Scenario: Alice sends message to Bob
4) SMTP client sends Alice’s
message over the TCP
connection
5) Bob’s mail server places the
message in Bob’s mailbox
6) Bob invokes his user agent
to read message
1) Alice uses UA to compose
message and “to”
[email protected]
2) Alice’s UA sends message
to her mail server; message
placed in message queue
3) Client side of SMTP opens
TCP connection with Bob’s
mail server
1
user
agent
2
mail
server
3
mail
server
4
6
user
agent
5
Network services
33
Message format
IMF (RFC 5322)
Headers
To:
From:
Subject:
Date:
Body
Headers
Blank
line
Body
Simple text messages (no
extended ASCII ) up to
998 characters(no CRLF)
Network services
34
Message format
MIME extensions:
Add funcionality
Attached files
Extended ASCII
New headers
Mime-Version:
Content-Type:
Default -> text/plain
Attachments ->
Multipart
Types de encoding
7 bits
8 bits & binary
quoted-printable &
base64.
Example quoted-printable
F3 = ó & F1 = ñ
Transmisión de ñ
Transmisi=F3n de =F1
Content-Description:
Content-TransferEncoding:
Network services
35
SMTP [RFC 5321]
Features:
Simple functioning: client – server
Used in communication between MUA –> MTA & MTA ->
MTA
Uses TCP connection -> port 25
Three phases
handshaking
Message transfer (may be several ones)
Connection closure
Messages encoded in 7-bit ASCII
Binary -> ASCII (delivery)
ASCII -> Binary (reception)
Network services
36
SMTP [RFC 5321]
Features:
command/response
response: free text & state code (3
figures):
First figure shows command
success/fail
4xx -> Temporary error
5xx -> Permanent error
commands: ASCII text
HELO: handshake after TCP
connection
MAIL FROM: identifes
sender
RCPT TO: identifies receiver
DATA: message init
End of line message -> ‘.’
QUIT: Closes SMTP session
Network services
37
Sample SMTP interaction
S:
C:
S:
C:
S:
C:
S:
C:
S:
C:
C:
C:
S:
C:
S:
220 hamburger.edu
HELO crepes.fr
250 Hello crepes.fr, pleased to meet you
MAIL FROM: <[email protected]>
250 [email protected]... Sender ok
RCPT TO: <[email protected]>
250 [email protected] ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Do you like ketchup?
How about pickles?
.
250 Message accepted for delivery
QUIT
221 hamburger.edu closing connection
Network services
38
POP [RFC 1939]
Features:
Very simple
Allows the access to the incoming messages in mailbox
Default -> Delete accessed msgs, but allows saving them
Uses TCP connection -> port 110
Requires user authentication
Three phases
authorization
transaction
Update
Network services
39
POP [RFC 1939]
authorization phase
client commands:
user: declare username
pass: password
server responses
+OK
-ERR
transaction phase, client:
list: list message numbers
retr: retrieve message by
number
dele: delete
quit
S:
C:
S:
C:
S:
+OK POP3 server ready
user bob
+OK
pass hungry
+OK user successfully logged
C:
S:
S:
S:
C:
S:
S:
C:
C:
S:
S:
C:
C:
S:
list
1 498
2 912
.
retr 1
<message 1 contents>
.
dele 1
retr 2
<message 1 contents>
.
dele 2
quit
+OK POP3 server signing off
Network services
40
on
IMAP [RFC 3501]
Features
More complex than POP
Allows the access to the incoming messages in mailbox
Allows msg organization in folders in the server
When receiving a new mail ->INBOX folder in user
mailbox
Allows the access to single components of a msg
Keeps information about the state between IMAP
sessions
Network services
41
Web access
Features:
A browser is used instead of a mail client
MUA is integrated in a web page
Host uses HTTP to communicate with web server
Web server habitually uses IMPA for the access to the
incoming msgs in the mail server
Network services
42
Problems
Main problems:
Unencrypted msgs are transmitted
Use mechanisms of security (PGP, PEM, s/MIME)
Bad uses
SPAM
Network services
43
SPAM
Contact with many -> low cost
Non-requested massive mail
Types
Commercial
Nigerian (fraud)
Phishing
Others
Origin
Personal Computer
Bad configured mail servers
Bad configured proxy servers
Network services
44
SPAM
How are destination e-mail addresses obtained?
guessing
web page
infected PC
Mail headers falsification (FROM)
How to stop them
stop/make difficult to obtain mail addresses
Identify them efficiently
Measures
Do not disclose our mail address
When publishing our mail address -> protected data
use alternative addresses
Care about our PC security
Network services
45
Chapter 2: Network Services
1.1 Introduction
1.2 File transfer
services
TFTP
FTP
1.3 e-mail services
SMTP
POP3
1.4 Domain Name
Server (DNS)
Network services
46
DNS: Domain Name System
Problem:
Web browsing
Resource
holder’s host
Internet
User’s host
Network services
47
DNS: Domain Name System
Approach:
From the user’s point of view
o Identifies resource holder by means of an address
(www.dte.us.es)
Network services
48
DNS: Domain Name System
Approach:
May www.dte.us.es be used as an identifier of the queried
resource?
www.dte.us.es
Internet
User’s host
Resource
holder’s host
Network services
49
DNS: Domain Name System
Approach:
From the network’s point of view
o IP addresses are used (routing & addressing)
IP
Internet
User’s host
Resource
holder’s host
Network services
50
DNS: Domain Name System
Approach:
A mechanism to translate names into IP addresses is
necessary
www.dte.us.es
DNS
IP
Internet
User’s host
Resource
holder’s host
Network services
51
DNS: Domain Name System
Hosts, routers:
IP address (32 bits) – used to address datagrama
“name”, e.g.: www.google.es – used by human beings
How is the name generated?
Resource
holder’s host
130.213.40.3
Myserver.dte.us.es
Network services
52
DNS: Domain Name System
Name systems:
Plain
o Non-hierarchic
o No location info
o E.g: ID card
Hierarchic
o Structured
o Location info
o E.g: ZIP code
Network services
53
DNS: Domain Name System
Name Systems:
Plain: simple -> centralized management
Hierarchic -> distributed management (easier) - DNS
PLAIN
Hierarchic
Company X
Company Y
Company X
Company Y
pc1
pc1
pc1
pc1
Network services
54
DNS: Domain Name System
Name space:
Inverted tree structure
Every node is labelled with a name (max 63 characters)
Start of the tree -> root (empty label)
Variable depth (max 127 levels)
Structure is similar to OS directories.
To build a name : (root -> leave)
com.google.www
·
Reading: www.google.com
org
es
com
arpa
fake
rediris
rediris
google
mail
www
www
cont
info
www
my_pc
www
my_pc
serv1
Network services
www
smtp
55
DNS: Domain Name System
Name Space:
Important
Root is not labelled
Each domain is a subtree
Domains organized in levels
Top-level domains (TLD)
The same label may be assigned to two different hosts unless they are brothers (in
the tree)
·
org
es
com
arpa
fake
rediris
rediris
google
mail
www
www
cont
info
www
my_pc
www
my_pc
serv1
Network services
www
smtp
56
DNS: Domain Name System
Name space:
my-pc.cont.fake.es.
Host
name
domain
Network services
57
DNS: Domain Name System
Space name:
my-pc.cont.fake.es.
Host
name
domain
FQDN
Network services
58
DNS: Domain Name System
IP Address
4 bytes in decimal format (69.146.202.8)
Hierarchical structure -> precise information about host
location
Name
No host location information except maybe the country
Q: map between IP addresses and name ?
Network services
59
DNS: Domain Name System
Domain Name System:
distributed database
application-layer protocol
implemented in hierarchy of
many name servers
DNS services
hostname to IP
address translation
host aliasing
Canonical, alias names
host, routers, name servers to
communicate to resolve names mail server aliasing
(address/name translation)
load distribution
DNS uses UDP services
replicated Web
servers: set of IP
addresses for one
canonical name
Network services
60
DNS: Domain Name System
Basic foundations
1.
2.
3.
4.
5.
Why not centralize DNS?
single point of failure
traffic volume
distant centralized
database
maintenance
App needs to know a remote
IP address associated to a
name
App requests IP address to
DNS client
DNS client sends a request to
the network
doesn’t
DNS client rcvs a reply
including IP addr
DNS client gives IP address to
app
scale!
Network services
61
Distributed, Hierarchical Database
Big number of DNS servers hierarchically
organised and distributed all around the
world
Database is also distributed by those servers
Three types of servers:
o Root name servers
o Top-Level Domain (TLD) servers
o Authoritative servers
Network services
62
Distributed, Hierarchical Database
·
org
es
com
arpa
fake
rediris
rediris
google
mail
www
www
cont
info
www
my_pc
www
my_pc
serv1
www
smtp
Client wants IP for www.google.com; 1st approx:
client queries a root server to find com DNS server
client queries com DNS server to get google.com
DNS server
client queries google.com DNS server to get IP
address for www.google.com
Network services
63
DNS: Root name servers
contacted by local name server that can not resolve name
root name server:
contacts authoritative name server if name mapping not known
gets mapping
returns mapping to local name server
a Verisign, Dulles, VA
c Cogent, Herndon, VA (also LA)
d U Maryland College Park, MD
g US DoD Vienna, VA
h ARL Aberdeen, MD
j Verisign, ( 21 locations)
e NASA Mt View, CA
f Internet Software C. Palo Alto,
k RIPE London (also 16 other locations)
i Autonomica, Stockholm (plus
28 other locations)
m WIDE Tokyo (also Seoul,
Paris, SF)
CA (and 36 other locations)
13 root name servers
worldwide
b USC-ISI Marina del Rey, CA
l ICANN Los Angeles, CA
Network services
64
TLD and Authoritative Servers
Top-level domain (TLD) servers:
responsible for com, org, net, edu, etc, and all
top-level country domains uk, fr, es, jp.
Network Solutions maintains servers for com TLD
Educause for edu TLD
Types
Generic (gTLD)
≥ 3 characters
Sponsored
Unsponsored
Network services
65
TLD and Authoritative Servers
(Top-level domain, TLD) :
o
Types
o Geographic
2 characters
Represent countries (managed by the country
authorities)
ICANN -> IANA
o .arpa
o Reserved
.test -> DNS tests
.example -> documents
.invalid -> installation & DNS tests for new servers
.localhost -> loopback
Network services
66
TLD and Authoritative Servers
Authoritative DNS servers:
organization’s DNS servers, providing
authoritative hostname to IP mappings for
organization’s servers (e.g., Web, mail).
can be maintained by organization or service
provider
Network services
67
Local Name Server
does not strictly belong to hierarchy
each ISP (residential ISP, company,
university) has one.
also called “default name server”
when host makes DNS query, query is sent
to its local DNS server
acts as proxy, forwards query into hierarchy
Network services
68
DNS Zone vs. DNS Domain
DNS Domain: includes all the hosts and subdomains in the
domain.
DNS Zone: only includes the hosts in the domain.
·
org
es
com
arpa
fake
rediris
rediris
google
mail
www
DNS Zone
www
cont
info
www
my_pc
www
my_pc
serv1
www
smtp
DNS Domain
Network services
69
DNS name
resolution example
root DNS server
Host at cis.poly.edu
wants IP address for
gaia.cs.umass.edu
TLD DNS server
iterated query:
contacted server replies
with name of server to
contact
“I don’t know this name,
but ask this server”
recursive query:
puts burden of name
resolution on contacted
name server
local DNS server
dns.poly.edu
authoritative DNS server
dns.cs.umass.edu
requesting host
cis.poly.edu
gaia.cs.umass.edu
Network services
70
DNS name resolution example
iterative query
recursive query
root DNS
server
root DNS server
2
3
2
4
3
6
7
5 TLD DNS server
TLD DNS
server
6
1
8
local DNS server
7
dns.poly.edu
authoritative DNS server
dns.cs.umass.edu
1
5 4
8
requesting host
authoritative DNS server
dns.cs.umass.edu
cis.poly.edu
requesting host
cis.poly.edu
gaia.cs.umass.edu
gaia.cs.umass.edu
Network services
71
DNS: caching and updating records
once (any) name server learns mapping, it
caches
mapping
cache entries timeout (disappear) after some
time
TLD servers typically cached in local name
servers
• Thus root name servers not often visited
update/notify mechanisms under design by IETF
RFC 2136
http://www.ietf.org/html.charters/dnsind-charter.html
Network services
72
DNS records
DNS: distributed db storing resource records (RR)
RR format: (name,
Type=A
name is hostname
value is IP address
Type=NS
name is domain (e.g.
foo.com)
value is hostname of
authoritative name
server for this domain
value, type, ttl)
Type=CNAME
name is alias name for some
“canonical” (the real) name
www.ibm.com is really
servereast.backup2.ibm.com
value is canonical name
Type=MX
value is name of mailserver
associated with name
Network services
73
DNS protocol, messages
Name, type fields
for a query
RRs in response
to query
records for
authoritative servers
additional “helpful”
info that may be used
Network services
74
DNS protocol, messages
Header, 6 fields, 2 bytes each
Network services
75
Inserting records into DNS
example: new startup “Network Utopia”
register name networkuptopia.com at DNS
(e.g., Network Solutions)
registrar
provide names, IP addresses of authoritative name server
(primary and secondary)
registrar inserts two RRs into com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)
create authoritative server Type A record for
www.networkuptopia.com; Type MX record for
networkutopia.com
How do people get IP address of your Web site?
Network services
76
Inverse DNS
Given an IP addr -> Domain name
Special domain .arpa
o
Subdomain .in-addr.arpa -> Translates IPv4 addr
o
Subdomain ip6.arpa -> Translates IPv6 addr
Domain in-addr.arpa
o
4 label -> addr digits… backwards!
Example: 196.141.214.150.in-addr.arpa obtains the
domain corresponding to 150.214.141.196
An inverse DNS query causes a PTR type RR
Nslookup tool
Network services
77
Primary and secondary DNS
servers
Primary server
o
Main server (master).
o
Original data from the DNS Zone
o
The administrator manages admissions and unsuscriptions
in it.
Secondary server
o
They are a copy of the DNS zone, gerally obtained from
the primary server.
o
They act as backups of the primary servers.
Network services
78