580 likes | 868 Views
Internet 101. Technology Policy Framework. Disclaimer!. This presentation is oversimplified And incomplete for pedagogical reasons and because of time constraints!. How does Internet work?. Internet.
E N D
Internet 101 • Technology • Policy Framework
Disclaimer! • This presentation is oversimplified • And incomplete for pedagogical reasons and because of time constraints!
Internet • The Internet is a network of networks interconnected by means of the Internet Protocol Suite. • It is an architecture for a system of computer-based applications. • Protocols are standard procedures, conventions and formats for inter-computer communication. • The Internet protocols are based on packet switching concepts.
S D S D Circuit and Packet Switching Circuit Switching “telephone network” Internet Packet Switching
BB AA AA Packet Switch BB BB Packet Switching Features A Host B • Multiplexing data from multiple processes • “Store-and-forward” • Automatic speed adaptation • Adaptive alternate routing
S = Source Address (“From”) D = Destination Address (“To”) Packet Structure Header ... S D Data S
Internet Addressing • IPv4 - 32 bits (4.3 billion addresses) • IPv 6 – 128 bits (1038 addresses) that’s 100 trillion trillion trillion …
Internet Packet Formats Version number “from” address “to” address CONTENTS 166.45.18.99 204.146.165.100 “4” “hello” An Internet Packet
Packet Networks host host • Packet switched • Some use virtual circuits • Peer-to-peer • Client/server • Some are shared media (e.g., Ethernet) host
Internetworking • Routers • Encapsulation • End-to-end packets • Internet Protocol- IP H R R “Routers were once called Gateways between nets” H
IP: The “Thin Waist” of the Internet App App App App App App Transport TCP Transport TCP Network IP Network IP Network IP Network IP Link 3 Link 1 Link 1 Link 2 Link 2 Link 3 Phys 3 Phys 1 Phys 2 Phys 1 Phys 3 Phys 2 Subnet 1 Subnet 2 Subnet 3 Internet: a Network of Connected Sub-Networks
From: eop.gov To: mci.com 01101110 11100111 The Internet IP Postcard System An electronic postcard (“packet”) Another router A router A bucket of packets
Ethernet 1974 ARPANET 1969-1990 Packet Radio 1975 Packet Satellite 1976 NSFnet 1986-1995 MCI, IBM, Merit, ANS NYSERNET - 1987 GIX Sprint Link CERFNET - 1989 PSINET - 1990 NORDUNET 1991 CIX Early Internet - “Network of Networks” EBONE 1992 BARRNET 1988 UUNET – 1989 (End-user nets not shown)
MIME PGP HTTP FTP SMTP Utility/Application . . . SNMP DNS Transport TCP UDP OSPF EGP/BGP... Network I P / I C M P . . . . . . Ethernet HDLC X.25 FR link FDDI SONET/SDH WiFi ATM Internet Protocol ArchitectureKey Protocols: TCP/IP Note many protocols not shown Physical Coaxial cable, optical fiber, radio, satellite…
How Does TCP Work? • Like Sending a Novel on Postcards • Page numbering (ordering, duplicate detection) • Positive Acknowledgement • Retransmission on Timeout • Finite Mailbox
Protocol Layering • Key concept – like floors of a building: lower floors support upper ones • Layers form a kind of stair case – users have access to each layer (floor, step) • To understand the Internet, you must look at it from the side to see the layers – looking down from the top conflates all functions into one solid mass.
Routing • Internal Gateway Protocol (IGP) • IS-IS, Open Shortest Path First (OSPF), RIP (primitive). Used within an autonomous system (AS). • Exterior Gateway Protocol (EGP) • BGP4 – used between autonomous systems • Routing protocols help routers track topology and preferred routing for traffic within and between autonomous systems.
Interconnecting Internet Service Providers (ISPs) • Peering and Transit • Peers exchange routing information directly or through Internet Exchanges; and exchange traffic only between their customers (not their peers) • Transit: one net purchases full Internet connectivity from another • Internet Exchanges • London Internet eXchange (LINX) • MAE-EAST, MAE-WEST, … • Multiple nets peer at the exchanges
Firewalls • Introduced between edge networks (e.g. corporate nets, home networks) and public Internet • Filter traffic (in either direction) to control access to edge network resources • Vary in complexity and layers of protocol examined for access control. Some observe set-up and tear-down of TCP connections for example.
Network Address Translators (NATS) • Introduced between users and edge access networks (LANS, wireless nets) to allow sharing of a single IP address by multiple computers. • Response to limited number of IP addresses made available to users by ISPs (maximize revenue per IP address) • Detrimental to end/end security methods • Personal anecdote with cable network
Virtual Private Networks (VPNs) via IPSEC tunnels • Packets from private (edge) network are encapsulated in IP packets flowing through the public Internet. The payload of each packet is encrypted to protect it while in transit (this creates the “tunnel”) • The edge networks may use private IP addresses rather than public IP addresses without penalty.
Domain Names and Addresses • www.isoc.org is a “domain name” • “org” is the “non-commercial top level domain” • 208.234.102.119 is an Internet address • this is really just a way to represent a 32 bit number which how Internet Protocol version 4 represents locations in the Internet, like telephone numbers in the telephone network
Domain Names • Latin characters “A”-”Z”, numbers “0”-”9” and “-” (encoded in US ASCII) • They appear in embedded constructs such as email: vcerf@mci.net • In Uniform Resource Locators: • http://www.mci.com/cerfsup • And in other protocol constructs
Top Level Domain Names (TLDs) • Generic TLDs: .edu, .com, .org, .net, .mil, .gov, .int, .biz, .aero, .coop, .museum, .name, .pro, .info • and country code TLDs: .US, .UK, .FR, .DE, .JP, .ZA, .AU, … • But note: .tv, .md, .to, .cc… are operated like generics • Infrastructure TLD: .arpa (inverse IP address lookup and also e164 telephone number entries) • The system is hierarchical and each name is unique: www.cnri.reston.va.us • The Internet Assigned Numbers Authority (IANA) delegates responsibility for each TLD to an appropriate entity.
DNS Components and Mechanics • Domain Name Servers • Associate domain names with IP addresses (among other things) or point to lower level servers with more information • “Root” = “.” • TLD = .biz (for instance) • Second Level Domain = alpha.biz (e.g.) • Third Level Domain = www.alpha.biz (e.g.)
DNS Components and Mechanics (cont.) • Domain Name Resolvers • Queries (a sequence of) Domain Name Servers to find the IP address of a given domain name. • If not known by the Resolver already, Resolver may query a Root Server to find a TLD DNS server which will point to a server for second level names, etc. • Resolver returns the results to the party originally asking “what is the address of this domain name?” • The answer may be: “there is no such domain name in the DNS system”.
Root Servers in the DNS • There are 13 Root Servers in the DNS • Each of them has a complete table of the addresses of all TLD servers. This table is sometimes called the “Root Zone File.” • There can be many copies of each Root Server (using the “anycast” feature of the Internet routing system) and these copies can be anywhere in the Internet. • Each root server system is operated on a volunteer basis by an independent entity. • Changes to the Root Zone File must be approved by the US Department of Commerce (National Telecommunications and Information Agency) after approval by IANA.
Internationalized Domain Names • IETF has developed standards for incorporating UNICODE strings into domain names. They are mapped into ASCII code strings of the form “xn--<ASCII sequence> • Current practices does not (yet) support “multi-lingual” Top Level Domains. Registration restriction tables may be needed for specific languages sets. • Introduction of multi-lingual domain names is proving to be complex. Higher level applications potentially mix up character codings (recent example from email exchange: German umlauts converted to Cyrillic characters!)
Domain Name Registration • Registry: entity that maintains a database of second level domain name registrations and associated servers • Registrar: entity that accepts registrations from users on behalf of registries. • Registrars forward relevant information to Registries using standard protocols • Some TLD operators perform registrar and registry functions (e.g. many ccTLD operators) • Life of a Domain Name (unregistered, registered, registry hold, in redemption/grace period, expired…)
WHOIS • Information about registrants (owner, administrative and technical contact) is kept in the WHOIS database along with many other kinds of information. • There is much controversy over how much of this information should be publicly accessible and what should be protected (there are privacy, law enforcement and intellectual property protection issues involved.)
EMAIL • One of the oldest Internet applications • <user mailbox ID>@<mailserver domain name> • Example: henry_james@english-dept.ucla.edu • Mail clients retrieve email via IMAP or POP3 protocols. Some use WWW browsers, e.g. hotmail • Multimedia Internet Mail Extensions (MIME) allow for multiple attachments containing arbitrary content (including sound, video, imagery, programs, documents, …). Messages and attachments can be encrypted and sent this way for privacy.
EMAIL • EMAIL is sent from the email client to an email relay using the Simple Mail Transport Protocol (SMTP). • A feature of DNS allows one relay to server as a proxy for another through a DNS “MX” entry: • XYZ.COM MX ABC.COM means ABC.COM serves as proxy for XYZ.COM
SPAM • SPAM is unsolicited commercial email and is sometimes consider the scourge of the Internet. • Many efforts are underway to limit the influx of spam, including legislation, technical measures to resist mail relay “hijacking” but the spammers find many ways to circumvent them.
World Wide Web • Layered atop TCP/IP, WWW uses hypertext transport protocol (http) to carry objects encoded in Hypertext Markup Language (HTML) or Extensible Markup Language (XML) between browsers (clients) and servers. • Web Proxies can be configured to intervene between clients and servers acting as filters or as aggregators of web traffic, caching web pages for efficiency.
WWW (cont.) • The WWW system uses hyperlinks that are embedded in HTML or XML pages to allow users to “point and click” to move to new places in the web. • Embedded hyperlinks are expressed as Universal Resource Names, Identifiers or Locators: http://www.isoc.org/internet/history/doc.html
WWW (cont.) • Secure Socket Layer (SSL) • This allows client/server communication to be encrypted for privacy using Public Key Cryptography infrastructure (PKI) to transport symmetric cryptographic keys between the parties. • This is an important enabler of ecommerce
Streaming Audio/Video • Usually uses UDP streams (ie. Not guaranteed to be delivered or in order) • Some use Real Time Protocol (RTP) • Some use multicasting capability of the router systems • Some use special distribution services such as those of Akamai and Real Networks. • Quality of Service issues sometimes arise with respect to ISP service level agreements.
Voice over Internet (or IP) • Sometime use private IP networks • Sound is encoded, compressed, packetized and sent • Bandwidth requirements may be reduced (no packets when no one is speaking) • Session Initiation Protocol (SIP) a key element in call processing
VOIP • SIP Proxies can locate Internet VOIP terminations and route traffic to them. • SIP destination identifiers may look like email addresses: • SIP: vinton.g.cerf@sip.mci.com • Media gateways convert to/from packet mode and serial digitized voice in the public switched telephone network. They also convert SIP signaling into conventional SS#7 for example. • Free Internet “telephony” from SKYPE, Free World Dialup, or reduced price services including access to PSTN from Vonage, among a number of others.
ENUM • ENUM: maps e164 international telephone numbers into DNS: • +1 703 886 1690 becomes • 0.9.6.1.6.8.8.3.0.7.1.e164.arpa • And the lookup produces a SIP address or other Internet destination (web page, email address) or fax or telephone number, etc.
Search Engines • Google, YAHOO!, Alta-Vista, etc. • Systems scan billions of web pages, index them according to text content, rank order them (e.g. by number of hyperlinks pointing to the page) and respond to search queries. • Enormous experimentation with advertising mechanisms – Google instant auctions, etc.
Portals • AOL, YAHOO!, MSN, Corporate ebusiness portals, directory services • These are web sites intended to guide users to resources, to perform services for them. • FEDEX, UPS, DHL package tracking systems; Airline flight status information • Travel and shopping services • Business to Business and Business to Consumer services
GRID Computing • Open Grid Standard Architecture (OGSA) • Virtualize computing, networking and storage resources; allow computer services to register and be “discovered” in directories. • Potential to create network-based supercomputing capability at low cost
Security • Many layers of vulnerability and security responses • Denial of Service Attacks (DOS) • Direct attack against routers, DNS servers, hosts • Many avenues: IP, TCP, HTTP, operating system holes…) • Ordinary overload sometimes not distinguishable from DOS attack
Security (cont.) • Distributed Denial of Service (DDOS) • Compromise of many hosts • Remote control to launch attacks • Always-on DSL and Cable Modem services expose user computers to co-opting • Worms – self propagating software • Viruses – piggy back on email, eg. • Trojan Horses – code embedded into operating system or application software
Security (cont.) • Mitigation • Firewalls including personal firewalls (but not sufficient) • ISP DOS detection and mitigation • Virus filters in email relays • “BOT” detectors (system scanning software) • Cyber-hygiene (periodically)
Wireless Access • WiFi (IEEE 802.11a,b,g,i, etc.) • WiMax (IEEE 802.16) • 3G (mobiles) • GPRS (mobiles) • VSATS (satellite) • Hotspots, SIP/WiFi telephones
Evolution of Low Level Services • Quality of Service (QOS) • IPv6 • Domain Name System Security (DNSSEC) – many technical questions • Secure Routing (SBGP) – many technical questions • Intrusion Detection and Mitigation Services
GRAND Collaboration • Hardware and software makers • Internet Service Providers, Corporate and institutional Internets • Broadband and Wireless Access Providers (mobiles, hotspots,…) • Domain Name Registries, Registrars, Resellers