Chapter 2: outline

2.1 principles of network 2.6 P2P applications

applications 2.7 socket programming
 app architectures with UDP and TCP
 app requirements
2.2 Web and HTTP
2.3 FTP
2.4 electronic mail
 SMTP, POP3, IMAP
2.5 DNS

Application Layer 2-1

DNS: domain name system
people: many identifiers: Domain Name System:
 SSN, name, passport #  distributed database
Internet hosts, routers: implemented in hierarchy of
 IP address (32 bit) - many name servers
used for addressing  application-layer protocol: hosts,
datagrams name servers communicate to
 “name”, e.g., resolve names (address/name
www.yahoo.com - translation)
used by humans  note: core Internet function,
Q: how to map between IP implemented as application-
layer protocol
address and name, and
vice versa ?  complexity at network’s
“edge”

Application Layer 2-2

DNS: services, structure
DNS services why not centralize DNS?
 hostname to IP address  single point of failure
translation  traffic volume
 host aliasing  distant centralized database
 canonical, alias names  maintenance
 mail server aliasing
 load distribution A: doesn’t scale!
 replicated Web
servers: many IP
addresses correspond
to one name

Application Layer 2-3

DNS: a distributed, hierarchical database
Root DNS Servers

… …

com DNS servers org DNS servers edu DNS servers

pbs.org poly.edu umass.edu

yahoo.com amazon.com
DNS servers DNS serversDNS servers
DNS servers DNS servers

client wants IP for www.amazon.com; 1st approx:

 client queries root server to find com DNS server
 client queries .com DNS server to get amazon.com DNS server
 client queries amazon.com DNS server to get IP address for
www.amazon.com

Application Layer 2-4

 DNS: root name servers
 contacted by local name server that can not resolve name
 root name server:
 contacts authoritative name server if name mapping not known
 gets mapping
 returns mapping to local name server

c. Cogent, Herndon, VA (5 other sites)

d. U Maryland College Park, MD k. RIPE London (17 other sites)
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites ) i. Netnod, Stockholm (37 other
sites)
e. NASA Mt View, CA m. WIDE Tokyo
f. Internet Software C. (5 other sites)
Palo Alto, CA (and 48 other
sites)

a. Verisign, Los Angeles CA

13 root name
(5 other sites) “servers” worldwide
b. USC-ISI Marina del Rey, CA
l. ICANN Los Angeles, CA
(41 other sites)
g. US DoD Columbus,
OH (5 other sites)

Application Layer 2-5

TLD, authoritative servers
top-level domain (TLD) servers:
 responsible for com, org, net, edu, aero, jobs, museums,
and all top-level country domains, e.g.: uk, fr, ca, jp
 Network Solutions maintains servers for .com TLD
 Educause for .edu TLD
authoritative DNS servers:
 organization’s own DNS server(s), providing
authoritative hostname to IP mappings for organization’s
named hosts
 can be maintained by organization or service provider

Application Layer 2-6

Local DNS name server
 does not strictly belong to hierarchy
 each ISP (residential ISP, company, university) has
one
 also called “default name server”
 when host makes DNS query, query is sent to its
local DNS server
 has local cache of recent name-to-address translation
pairs (but may be out of date!)
 acts as proxy, forwards query into hierarchy

Application Layer 2-7

DNS name root DNS server
resolution example
2
 host at cis.poly.edu 3
TLD DNS server
wants IP address for 4
gaia.cs.umass.edu
5

local DNS server

iterated query: dns.poly.edu
 contacted server 7 6
replies with name of 1 8
server to contact
 “I don’t know this authoritative DNS server
dns.cs.umass.edu
name, but ask this requesting host
server” cis.poly.edu

gaia.cs.umass.edu

Application Layer 2-8

DNS name root DNS server
resolution example
2 3
7
recursive query: 6
 puts burden of name TLD DNS
resolution on server
contacted name local DNS server
server dns.poly.edu 5 4
 heavy load at upper 1 8
levels of hierarchy?
authoritative DNS server
dns.cs.umass.edu
requesting host
cis.poly.edu

gaia.cs.umass.edu

Application Layer 2-9

DNS: caching, updating records
 once (any) name server learns mapping, it caches
mapping
 cache entries timeout (disappear) after some time (TTL)
 TLD servers typically cached in local name servers
• thus root name servers not often visited
 cached entries may be out-of-date (best effort
name-to-address translation!)
 if name host changes IP address, may not be known
Internet-wide until all TTLs expire
 update/notify mechanisms proposed IETF standard
 RFC 2136

Application Layer 2-10

DNS records
DNS: distributed db storing resource records (RR)
RR format: (name, value, type, ttl)

type=A type=CNAME
 name is hostname  name is alias name for some
 value is IP address “canonical” (the real) name
 www.ibm.com is really
type=NS servereast.backup2.ibm.com
 name is domain (e.g.,  value is canonical name
foo.com)
 value is hostname of
authoritative name type=MX
server for this domain  value is name of mailserver
associated with name

Application Layer 2-11

DNS protocol, messages
 query and reply messages, both with same message
format 2 bytes 2 bytes

msg header identification flags

 identification: 16 bit # for query, # questions # answer RRs
reply to query uses same #
 flags: # authority RRs # additional RRs
 query or reply
 recursion desired questions (variable # of questions)
 recursion available
 reply is authoritative
answers (variable # of RRs)

authority (variable # of RRs)

additional info (variable # of RRs)

Application Layer 2-12

DNS protocol, messages

2 bytes 2 bytes

identification flags

# questions # answer RRs

# authority RRs # additional RRs

name, type fields

questions (variable # of questions)
for a query

RRs in response answers (variable # of RRs)

to query
records for authority (variable # of RRs)
authoritative servers

additional “helpful” additional info (variable # of RRs)

info that may be used
Application Layer 2-13
Attacking DNS
DDoS attacks Redirect attacks
 Bombard root servers  Man-in-middle
with traffic  Intercept queries
 Not successful to date  DNS poisoning
 Traffic Filtering  Send bogus relies to
 Local DNS servers DNS server, which
cache IPs of TLD caches
servers, allowing root Exploit DNS for DDoS
server bypass
 Send queries with
 Bombard TLD servers
spoofed source
 Potentially more
dangerous address: target IP
 Requires amplification
Application Layer 2-14
Chapter 3
Transport Layer

Computer
Networking: A Top
Down Approach
6th edition
Jim Kurose, Keith Ross
Addison-Wesley
March 2012

Transport Layer 3-15

Chapter 3: Transport Layer
our goals:
 understand  learn about Internet
principles behind transport layer protocols:
transport layer  UDP: connectionless
services: transport
 multiplexing,  TCP: connection-oriented
demultiplexing reliable transport
 reliable data transfer  TCP congestion control
 flow control
 congestion control

Transport Layer 3-16

Chapter 3 outline
3.1 transport-layer 3.5 connection-oriented
services transport: TCP
3.2 multiplexing and  segment structure
demultiplexing  reliable data transfer
3.3 connectionless  flow control
transport: UDP  connection management
3.4 principles of reliable 3.6 principles of congestion
data transfer control
3.7 TCP congestion control

Transport Layer 3-17

Transport services and protocols
application
transport
 provide logical communication network
data link
between app processes physical

running on different hosts

 transport protocols run in
end systems
 send side: breaks app
messages into segments,
passes to network layer
 rcv side: reassembles application
segments into messages, transport
network
passes to app layer data link
physical

 more than one transport

protocol available to apps
 Internet: TCP and UDP
Transport Layer 3-18
Transport vs. network layer
 network layer: logical household analogy:
communication
between hosts 12 kids in Alice’s house sending
letters to 12 kids in Bob’s
 transport layer: house:
logical  hosts = houses
communication  processes = kids
between processes  app messages = letters in
envelopes
 relies on, enhances,  transport protocol = Alice
network layer and Bob who demux to in-
services house siblings
 network-layer protocol =
postal service

Transport Layer 3-19

Internet transport-layer protocols
application
 reliable, in-order transport
network

delivery (TCP) data link

physical
network

 congestion control network

data link
data link
physical
physical
 flow control network
data link
physical
 connection setup
network

 unreliable, unordered data link

physical

delivery: UDP network

data link
physical
 no-frills extension of network
data link application
“best-effort” IP physical
network
data link
transport
network
physical data link
 services not available: physical

 delay guarantees
 bandwidth guarantees

Transport Layer 3-20

Chapter 3 outline
3.1 transport-layer 3.5 connection-oriented
services transport: TCP
3.2 multiplexing and  segment structure
demultiplexing  reliable data transfer
3.3 connectionless  flow control
transport: UDP  connection management
3.4 principles of reliable 3.6 principles of congestion
data transfer control
3.7 TCP congestion control

Transport Layer 3-21

Multiplexing/demultiplexing
multiplexing at sender:
handle data from multiple
sockets, add transport header
(later used for demultiplexing)
demultiplexing at receiver:
use header info to deliver
received segments to correct
socket

application

application P1 P2 application
socket
P3 transport P4
process
transport network transport
network link network
link physical link
physical physical

Transport Layer 3-22

How demultiplexing works
 host receives IP datagrams 32 bits
 each datagram has source IP source port # dest port #
address, destination IP
address
other header fields
 each datagram carries one
transport-layer segment
 each segment has source, application
destination port number data
 host uses IP addresses & (payload)
port numbers to direct
segment to appropriate
TCP/UDP segment format
socket

Transport Layer 3-23

Connectionless demultiplexing
 recall: created socket has
host-local port #:
DatagramSocket mySocket1
= new DatagramSocket(12534);
 when host receives UDP
segment:
 checks destination port #
in segment
 directs UDP segment to
socket with that port #
 recall: when creating
datagram to send into
UDP socket, must specify
 destination IP address
 destination port #
IP datagrams with same
dest. port #, but different
source IP addresses
and/or source port
numbers will be directed
to same socket at dest
Transport Layer 3-24
Connectionless demux: example
DatagramSocket
DatagramSocket serverSocket = new
DatagramSocket DatagramSocket
mySocket2 = new mySocket1 = new
DatagramSocket (6428); DatagramSocket
(9157); application
(5775);
application application
P1
P3 P4
transport
transport transport
network
network link network
link physical link
physical physical

source port: 6428 source port: ?

dest port: 9157 dest port: ?

source port: 9157 source port: ?

dest port: 6428 dest port: ?

Transport Layer 3-25

Connection-oriented demux
 TCP socket identified  server host may support
by 4-tuple: many simultaneous TCP
 source IP address sockets:
 source port number  each socket identified by
 dest IP address its own 4-tuple
 dest port number  web servers have
 demux: receiver uses different sockets for
all four values to direct each connecting client
segment to appropriate  non-persistent HTTP will
socket have different socket for
each request

Transport Layer 3-26

 Connection-oriented demux: example

application
application P4 P5 P6 application
P3 P2 P3
transport
transport transport
network
network link network
link physical link
physical server: IP physical
address B

host: IP source IP,port: B,80 host: IP

address A dest IP,port: A,9157 source IP,port: C,5775 address C
dest IP,port: B,80
source IP,port: A,9157
dest IP, port: B,80
source IP,port: C,9157
dest IP,port: B,80
three segments, all destined to IP address: B,
dest port: 80 are demultiplexed to different sockets Transport Layer 3-27
 Connection-oriented demux: example
threaded server
application
application application
P4
P3 P2 P3
transport
transport transport
network
network link network
link physical link
physical server: IP physical
address B

host: IP source IP,port: B,80 host: IP

address A dest IP,port: A,9157 source IP,port: C,5775 address C
dest IP,port: B,80
source IP,port: A,9157
dest IP, port: B,80
source IP,port: C,9157
dest IP,port: B,80

Transport Layer 3-28

Chapter 3 outline
3.1 transport-layer 3.5 connection-oriented
services transport: TCP
3.2 multiplexing and  segment structure
demultiplexing  reliable data transfer
3.3 connectionless  flow control
transport: UDP  connection management
3.4 principles of reliable 3.6 principles of congestion
data transfer control
3.7 TCP congestion control

Transport Layer 3-29

UDP: User Datagram Protocol [RFC 768]
 “no frills,” “bare bones”  UDP use:
Internet transport  streaming multimedia
protocol apps (loss tolerant, rate
 “best effort” service, sensitive)
UDP segments may be:  DNS
 lost  SNMP
 delivered out-of-order  reliable transfer over
to app
UDP:
 connectionless:
 add reliability at
 no handshaking application layer
between UDP sender,
receiver  application-specific error
recovery!
 each UDP segment
handled independently
of others
Transport Layer 3-30
UDP: segment header
length, in bytes of
32 bits UDP segment,
source port # dest port # including header

length checksum
why is there a UDP?
 no connection
application establishment (which can
data add delay)
(payload)
 simple: no connection
state at sender, receiver
 small header size
UDP segment format  no congestion control:
UDP can blast away as
fast as desired

Transport Layer 3-31

UDP checksum
Goal: detect “errors” (e.g., flipped bits) in transmitted
segment
sender: receiver:
 treat segment contents,  compute checksum of
including header fields, received segment
as sequence of 16-bit  check if computed
integers
checksum equals checksum
 checksum: addition field value:
(one’s complement
sum) of segment  NO - error detected
contents  YES - no error detected.
 sender puts checksum But maybe errors
value into UDP nonetheless? More later
checksum field ….
Transport Layer 3-32
Internet checksum: example
example: add two 16-bit integers
1 1 1 1 0 0 1 1 0 0 1 1 0 0 1 1 0
1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1

wraparound 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0 1 1

sum 1 1 0 1 1 1 0 1 1 1 0 1 1 1 1 0 0
checksum 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 1 1

Note: when adding numbers, a carryout from the most

significant bit needs to be added to the result

Transport Layer 3-33

Chapter 3 outline
3.1 transport-layer 3.5 connection-oriented
services transport: TCP
3.2 multiplexing and  segment structure
demultiplexing  reliable data transfer
3.3 connectionless  flow control
transport: UDP  connection management
3.4 principles of reliable 3.6 principles of congestion
data transfer control
3.7 TCP congestion control

Transport Layer 3-34

Application Layer 2-35