CS162 Operating Systems and Systems Programming Lecture 22 Networking II November 17 2008 Prof John Kubiatowicz http inst eecs berkeley edu cs162 Review Point to point networks Router Internet Switch Point to point network a network in which every physical wire is connected to only two computers Switch a bridge that transforms a shared bus broadcast configuration into a point to point network Hub a multiport device that acts like a repeater broadcasting from each input to every output Router a device that acts as a junction between two networks to transfer data packets among them 11 17 08 Kubiatowicz CS162 UCB Fall 2008 Lec 22 2 Review Address Subnets Subnet A network connecting a set of hosts with related destination addresses With IP all the addresses in subnet are related by a prefix of bits Mask The number of matching prefix bits Expressed as a single value e g 24 or a set of ones in a 32 bit value e g 255 255 255 0 A subnet is identified by 32 bit value with the bits which differ set to zero followed by a slash and a mask Example 128 32 131 0 24 designates a subnet in which all the addresses look like 128 32 131 XX Same subnet 128 32 131 0 255 255 255 0 Difference between subnet and complete network range Subnet is always a subset of address range Once subnet meant single physical broadcast wire now less clear exactly what itFall means virtualized by 11 17 08 Kubiatowicz CS162 UCB 2008 Lec 22 3 switches Goals for Today Networking Routing Naming Protocols Reliable Messaging Note Some slides and or pictures in the following are adapted from slides 2005 Silberschatz Galvin and 11 17 08 Kubiatowicz CS162 UCB Fall 2008 Lec 22 4 Gagne Many slides Gagne generated from my lecture notes Address Ranges in IP IP address space divided into prefix delimited ranges Class A NN 0 0 0 8 NN is 1 126 126 of these networks 16 777 214 IP addresses per network 10 xx yy zz is private 127 xx yy zz is loopback Class B NN MM 0 0 16 NN is 128 191 MM is 0 255 16 384 of these networks 65 534 IP addresses per network 172 16 31 xx yy are private Class C NN MM LL 0 24 NN is 192 223 MM and LL 0 255 2 097 151 of these networks 254 IP addresses per networks 192 168 xx yy are private Address ranges are often owned by organizations Can be further divided into subnets 11 17 08 Kubiatowicz CS162 UCB Fall 2008 Lec 22 5 Hierarchical Networking The Internet How can we build a network with millions of hosts Hierarchy Not every host connected to every other one Use a network of Routers to connect subnets together Other subnets subnet1 Transcontinental Router Link Router subnet2 11 17 08 Other subnets Router subnet3 Kubiatowicz CS162 UCB Fall 2008 Lec 22 6 Routing Routing the process of forwarding packets hop byhop through routers to reach their destination Need more than just a destination address Need a path Post Office Analogy Destination address on each letter is not sufficient to get it to the destination To get a letter from here to Florida must route to local post office sorted and sent on plane to somewhere in Florida be routed to post office sorted and sent with carrier who knows where street and house is Internet routing mechanism routing tables Each router does table lookup to decide which link to use to get packet closer to destination Don t need 4 billion entries in table routing is by subnet Could packets be sent in a loop Yes if tables incorrect Routing table contains Destination address range output link closer to destination Default entryKubiatowicz for subnets without explicit entries 11 17 08 CS162 UCB Fall 2008 Lec 22 7 Setting up Routing Tables How do you set up routing tables Internet has no centralized state No single machine knows entire topology Topology constantly changing faults reconfiguration etc Need dynamic algorithm that acquires routing tables Ideally have one entry per subnet or portion of address Could have default routes that send packets for unknown subnets to a different router that has more information Possible algorithm for acquiring routing table Routing table has cost for each entry Includes number of hops to destination congestion etc Entries for unknown subnets have infinite cost Neighbors periodically exchange routing tables If neighbor knows cheaper route to a subnet replace your entry with neighbors entry 1 for hop to neighbor In reality Internet has networks of many different scales Different algorithms run at different scales Global scale BGP Border Gateway Protocol others Local scale OSPF Open Shortest Path First others 11 17 08 Kubiatowicz CS162 UCB Fall 2008 Lec 22 8 Naming in the Internet Name Address How to map human readable names to IP addresses E g www berkeley edu 128 32 139 48 E g www google com different addresses depending on location and load Why is this necessary IP addresses are hard to remember IP addresses change Say Server 1 crashes gets replaced by Server 2 Or google com handled by different servers 11 17 08 Mechanism Domain System DNS Lec 22 9 Kubiatowicz Naming CS162 UCB Fall 2008 Domain Name System Toplevel edu 169 229 131 81 berkeley e du www MIT berkeley Mit ed u calmail eecs 128 32 61 103 com eecs berkeley e du www 128 32 139 48 DNS is a hierarchical mechanism for naming Name divided in domains right to left www eecs berkeley edu Each domain owned by a particular organization Top level handled by ICANN Internet Corporation for Assigned Numbers and Names Subsequent levels owned by organizations Resolution series of queries to successive servers 11 17 08 Caching queries take time so results cached for periodLec of 22 10 time Kubiatowicz CS162 UCB Fall 2008 How Important is Correct Resolution If attacker manages to give incorrect mapping Can get someone to route to server thinking that they are routing to a different server Get them to log into bank give up username and password Is DNS Secure Definitely a weak link What if response returned from different server than original query Get person to use incorrect IP address Attempt to avoid substitution attacks Query includes random number which must be returned This summer July 2008 hole in DNS security located Dan Kaminsky security researcher discovered an attack that broke DNS globally One person in an ISP convinced to load particular web page then all users of that ISP end up pointing at wrong address High profile highly advertised need for patching DNS Big press release lots of mystery Security researchers told no speculation until patches applied 11 17 08 Kubiatowicz CS162 UCB Fall 2008 Lec 22
View Full Document
Unlocking...