CS162Operating Systems andSystems ProgrammingLecture 22Networking IINovember 18, 2009Prof. John Kubiatowiczhttp://inst.eecs.berkeley.edu/~cs162Lec 22.211/18/09Kubiatowicz CS162 ©UCB Fall 2009Review: Point-to-point networks• Point-to-point network: a network in which every physical wire is connected to only two computers• Switch: a bridge that transforms a shared-bus (broadcast) configuration into a point-to-point network.• Hub: a multiport device that acts like a repeater broadcasting from each input to every output• Router: a device that acts as a junction between two networks to transfer data packets among them.RouterInternetSwitchLec 22.311/18/09Kubiatowicz CS162 ©UCB Fall 2009Review: Address Subnets• Subnet: A network connecting a set of hosts with related destination addresses • With IP, all the addresses in subnet are related by a prefix of bits – Mask: The number of matching prefix bits » Expressed as a single value (e.g., 24) or a set of ones in a 32-bit value (e.g., 255.255.255.0)• A subnet is identified by 32-bit value, with the bits which differ set to zero, followed by a slash and a mask– Example: 128.32.131.0/24 designates a subnet in which all the addresses look like 128.32.131.XX– Same subnet: 128.32.131.0/255.255.255.0• Difference between subnet and complete network range– Subnet is always a subset of address range– Once, subnet meant single physical broadcast wire; now, less clear exactly what it means (virtualized by switches)Lec 22.411/18/09Kubiatowicz CS162 ©UCB Fall 2009Goals for Today• Networking– Routing– DNS– Routing– TCP/IP ProtocolsNote: Some slides and/or pictures in the following areadapted from slides ©2005 Silberschatz, Galvin, and Gagne Note: Some slides and/or pictures in the following areadapted from slides ©2005 Silberschatz, Galvin, and Gagne. Many slides generated from my lecture notes by Kubiatowicz.Lec 22.511/18/09Kubiatowicz CS162 ©UCB Fall 2009Simple Network Terminology• Local-Area Network (LAN) – designed to cover small geographical area– Multi-access bus, ring, or star network– Speed 10 – 1000 Megabits/second– Broadcast is fast and cheap– In small organization, a LAN could consist of a single subnet. In large organizations (like UC Berkeley), a LAN contains many subnets• Wide-Area Network (WAN) – links geographically separated sites– Point-to-point connections over long-haul lines (often leased from a phone company)– Speed 1.544 – 45 Megabits/second– Broadcast usually requires multiple messagesLec 22.611/18/09Kubiatowicz CS162 ©UCB Fall 2009Routing• Routing: the process of forwarding packets hop-by-hop through routers to reach their destination– Need more than just a destination address! » Need a path– Post Office Analogy:» Destination address on each letter is not sufficient to get it to the destination» To get a letter from here to Florida, must route to local post office, sorted and sent on plane to somewhere in Florida, be routed to post office, sorted and sent with carrier who knows where street and house is…• Internet routing mechanism: routing tables– Each router does table lookup to decide which link to use to get packet closer to destination– Don’t need 4 billion entries in table: routing is by subnet– Could packets be sent in a loop? Yes, if tables incorrect• Routing table contains:– Destination address range output link closer to destination– Default entry (for subnets without explicit entries)Lec 22.711/18/09Kubiatowicz CS162 ©UCB Fall 2009Setting up Routing Tables• How do you set up routing tables?– Internet has no centralized state!» No single machine knows entire topology» Topology constantly changing (faults, reconfiguration, etc)– Need dynamic algorithm that acquires routing tables» Ideally, have one entry per subnet or portion of address» Could have “default” routes that send packets for unknown subnets to a different router that has more information• Possible algorithm for acquiring routing table– Routing table has “cost” for each entry» Includes number of hops to destination, congestion, etc.» Entries for unknown subnets have infinite cost– Neighbors periodically exchange routing tables» If neighbor knows cheaper route to a subnet, replace your entry with neighbors entry (+1 for hop to neighbor)• In reality:– Internet has networks of many different scales– Different algorithms run at different scalesLec 22.811/18/09Kubiatowicz CS162 ©UCB Fall 2009Naming in the Internet• How to map human-readable names to IP addresses?– E.g. www.berkeley.edu 128.32.139.48– E.g. www.google.com different addresses depending on location, and load• Why is this necessary?– IP addresses are hard to remember– IP addresses change:» Say, Server 1 crashes gets replaced by Server 2» Or – google.com handled by different servers• Mechanism: Domain Naming System (DNS)Name AddressLec 22.911/18/09Kubiatowicz CS162 ©UCB Fall 2009Domain Name System• DNS is a hierarchical mechanism for naming – Name divided in domains, right to left: www.eecs.berkeley.edu• Each domain owned by a particular organization– Top level handled by ICANN (Internet Corporation for Assigned Numbers and Names)– Subsequent levels owned by organizations• Resolution: series of queries to successive servers• Caching: queries take time, so results cached for period of timeTop-levelcomeduMit.edu169.229.131.81128.32.61.103128.32.139.48berkeley.eduwwwcalmaileecsberkeleyMITeecs.berkeley.eduwwwLec 22.1011/18/09Kubiatowicz CS162 ©UCB Fall 2009How Important is Correct Resolution?• If attacker manages to give incorrect mapping:– Can get someone to route to server, thinking that they are routing to a different server» Get them to log into “bank” – give up username and password• Is DNS Secure?– Definitely a weak link» What if “response” returned from different server than original query?» Get person to use incorrect IP address!– Attempt to avoid substitution attacks:» Query includes random number which must be returned • In July 2008, hole in DNS security located!– Dan Kaminsky (security researcher) discovered an attack that broke DNS globally» One person in an ISP convinced to load particular web page, then all users of that ISP end up pointing at wrong address– High profile, highly advertised need for patching DNS » Big press release, lots of mystery» Security researchers
View Full Document
Unlocking...