CCM 4300 Lecture 6 Computer Networks: Operation and Application Dr E. Ever
description
Transcript of CCM 4300 Lecture 6 Computer Networks: Operation and Application Dr E. Ever
1
CCM 4300 Lecture 6Computer Networks: Operation and
Application
Dr E. Ever
School of Computing Science
2
Session Content I||| Recap of last session
||| introduction to network management
- motivation- major components
||| Internet network management framework
- MIB: management information base- SMI: data definition language- SNMP: protocol for network management- security and administration
33
Session Content II||| Introduction to Electronic-mail system
||| Simple Mail Transport Protocol (SMTP)- overview - message formats and representation
||| Mail Access protocols - overview of POP3 and IMAP
||| Domain Name server
3
4
Lesson objectives At the completion of this lesson you should be able to
- define and describe what is Network Management
- understand the functions and protocols of network management
- FCAPS SNMP- understand the Internet-mail system- understand what DNS is- describe different method of finding
addresses from the Internet directory server
555
What is network management?||| Network Management as a term has many definitions
dependent on whose operational function is in question (i.e. fault management, accounting management, etc)
Network management includes the deployment, integration, and coordination of the hardware, software, and human elements to monitor, test, poll, configure, analyse, evaluate and control the network and element resources to meet the real-time, operational performance, and Quality of Service (QoS) requirements at a reasonable cost.
Computer Networking: A Top-Down Approach Featuring the Internet 2007
666
What is network management? - cont
||| In general, network management is a service that employs a variety of tools, applications, and devices to assist human network managers in monitoring and maintaining networks.
||| The aim of Network Management is to ensure an almost 100% availability of the network resources.
Network management is the process of operating, monitoring, controlling the network to ensure it works as intended and provides value to its users.
Business Data Communications and Networking 2006
777
Why is network management important? ||| autonomous systems: 100s or 1000s of interacting hardware/software
components
||| other complex systems requiring monitoring, control:
- jet airplane- nuclear power plant What can network management
be used to ensure 100% service?
Failure of an interface card
Host monitoring
Monitoring traffic to aid in resource deployment
Monitoring of Service Level Agreements (SLAs)
Intrusion Detection
888
ISO - FCAPS||| The International Organization for Standardization (ISO) defined a conceptual model for
describing the key functional areas of network management as described in the X.700:
||| The OSI system management framework provides: - an overall management model- a generic information model - guidelines for the definition of managed objects and - a management protocol for the purpose of exchanging management information
between two open system
||| The Management Functions have been classified into Five Management Functional Areas: Fault Management; Configuration Management; Accounting Management; Performance Management; Security Management (FCAPS)
999
||| Fault Management: provides facilities that allow network managers to discover faults in managed devices, the network, and network operation, to determine their cause and to take remedial action (i.e. log, detect and respond) To enable this, fault management provides mechanisms to:
- report the occurrence of faults
- log reports
- perform diagnostic tests
- correct faults (possibly automatically)
||| Configuration Management: allows a network manager to track which devices are on the managed network and the hardware and software configuration of these devices.
ISO – FCAPS - cont
101010
||| Accounting Management: measures network utilisation of individual users or groups to:
- Provide billing information
- Regulate users or groups
- Help keep network performance at an acceptable level
||| Performance Management: measures various aspects of network performance including the gathering and analysis of statistical data about the system so that it may be maintained at an acceptable level (e.g. throughput). Performance management provides the ability to:
- obtain the utilisation and error rates of network devices
- provide a consistent level of performance by ensuring that devices have a sufficient capacity.
||| Security Management: controls access to network resources so that information can not be obtained without authorisation [e.g. firewall, intrusion detection system (IDS), etc]
ISO – FCAPS – cont…..
111111
Infrastructure for network management||| Using human analogy as an example to understand the infrastructure needed for network management
Director of Company
Branch Manager
The Branch Offices
activities
productivity
budget
121212
Infrastructure for network management - cont||| There are three principle components of a network management architecture:
the managing entity (the boss): locus of activity for network management
- it controls collection, processing, analysis, and/or display of network management information
the managed device (the branch office): piece of network equipment (including software) that resides on a managed network
- host, router, printer, etc….
- within managed device, there may be managed objects (e.g. NIC)
- managed objects information stored in Management Information Base (MIB)
- resident in each managed device is a network management agent (the branch manager)
The network management protocol (standard reports and one-on-one dialogues): runs between the managing entity and managed devices
131313
agent data
agent data
agent data
agent data
managed device
managed device
managed device
managed device
managingentity data
networkmanagement
protocol
managed devices containmanaged objects whose data is gathered into a
Management InformationBase (MIB)
managing entity
Infrastructure for network management - cont
141414
Question?
Which of the following are not functions of network management?
A. Fault Management
B. Control Management
C. Configuration Management,
D. Process Management
E. Performance Management
151515
OSI CMIP (Common Management Information Protocol) - defined by the Int. Telecom. Union ITU -T X.700 ||| Common Management Information Protocol||| designed 1980’s in competition with SNMP: the unifying network management standard||| too slowly standardised because of the complexity and resource requirements of its agents and management systems
The Internet SNMP: Simple Network Management Protocol||| Internet roots - Simple Gateway Monitoring Protocol (SGMP) allows commands to be issued to application protocol entities to set or retrieve values (integer or octet string types) for use in monitoring the gateways on which the application protocol entities reside ||| started simple||| deployed, adopted rapidly||| growth: size, complexity||| currently: SNMP V3||| de facto network management standard
Network Management standards
Both are designed to be independent of vendor-specific products and networks
161616
||| Simple Network Management Protocol is an Application layer protocol.
||| Part of the TCP/IP protocol suite.
||| Basic Components of SNMP (i.e. modular by design):
Manager Agent Management Information Base (MIB)
SNMP overview
171717
SNMP overview - cont SNMP Management Station SNMP Agent
1 2 3 4 5 SNMP Manager UDP/TCP IP Network dependent protocols
Management Application
1 2 3 4 5 SNMP Agent UDP/TCP IP Network dependent protocols
Managed Resources
SNMP Managed Objects
Network Or Internet
1. GetRequest 2. GetNextRequest 3. SetRequest 4. GetResponse 5. Trap
MIBMIB
181818
When describing any framework for network management need to address:
||| What (from a semantic view point) is being monitored? And what form of control can be exercised by the network administrator
||| What is the specific form of the information that will be reported and/or exchanged
||| What is the communication protocol for exchanging this information?
SNMP overview - cont
191919
||| Management information base (MIB):- distributed information store of network management
data (no. of IP datagram discarded, CSMA errors in an NIC, descriptive info. of software version, etc.)
||| Structure of Management Information (SMI):- data definition language for MIB objects (i.e. data
types, rules for writing and revising info, etc)
||| SNMP protocol- convey manager<->managed object info, commands
||| Security, administration capabilities- major addition in SNMPv3
SNMP overview: 4 key parts
202020
||| Database containing the information about the elements to be managed.||| MIBs use the notation defined by ASN.1(Abstract Syntax Notation One)
- A standard and flexible notation that describes data structures for representing, encoding, transmitting, and decoding data [similar to Extensible Markup Language (XML) ]
Structure of Management Information Version 2 (SMIv2)" RFC 2578
||| Each resource to be managed is referred as an object.
||| Network manager monitors the resource by reading the values of the objects and controls the objects by modifying these values.
||| Associated with each object in the MIB is an identifier called the OBJECT IDENTIFIER.
-It is used for naming the object.
-It is a unique identifier for a particular object type and its value consists of a sequence of numbers.
Management Information Base (MIB)
2121
||| OID is a numeric string that is used to uniquely identify an object:- It is created by self-extending a private enterprise
number that an institution has acquired. ||| Typical objects that can be identified using OIDs include attributes in MIBS for network management and encryption algorithms:
- Example, as the university defines attributes for local use within directories it will need OID’s to identify these attributes.
||| OIDs are a managed hierarchy starting with ISO and ITU (International Telecommunication Union):
- ISO and ITU delegate OID management to organizations by assigning them OID numbers; these organizations can then assign OIDs to objects or further delegate to other organizations.
Object Identifiers (OIDs)
2222
Object Identifiers (OIDs) - continued
||| OIDs are associated with objects in protocols and data structures defined using ASN.1:
- OIDs that define data structures and protocol elements are generated and processed by client and server
software.||| OIDs are intended to be globally unique:
- They are formed by taking a unique numeric string (e.g. 1.3.5.7.9.24.68) and adding additional digits in a unique fashion
> e.g. 1.3.5.7.9.24.68.1, 1.3.5.7.9.24.68.2, 1.3.5.7.9.24.68.1.3, etc.)
||| An institution will acquire an arc (e.g. 1.3.5.7.9.24.68) and then extend the arc (called subarcs) as indicated above to create additional OID’s and arcs. There is no limit to the length of an OID, and virtually no computational burden to having a long OID
2323
Manager requires Agent's System Name and prepares a GET message for the appropriate OID. It then passes the message to the UDP layer. The UDP layer adds a data block that identifies the manager port to which the response packet should be sent and the port on which it expects the SNMP agent to be listening for messages. Packet is then passed to the IP layer, where a data block with IP and MAC addresses of the manager and the agent is added before assembled packet passes to the Data Link layer. The Data Link layer verifies media access and availability and places the packet on the media for transmission
SNMP Manager SNMP Agent
Application Layer (SNMP)
Transport Layer (UDP)
Network Layer (IP)
Data Link Layer (10BaseT)
Application Layer (SNMP)
Transport Layer (UDP)
Network Layer (IP)
Data Link Layer (10BaseT)
Transmission Medium
Example of Request-Response Message
2424
Packet arrives at the agent. Passes through the same four layers in exactly the opposite order to the SNMP manager. It is extracted from the media. After confirming the packet is intact and valid, the Data Link layer passes it to IP layer. IP layer verifies MAC and IP address, passes it on to UDP layer where the target port is checked for connected applications. If an application is listening at the target port, the packet is passed to the Application layer. If the listening application is the SNMP agent, the GET request is processed. The agent response then follows the identical path in reverse to reach the manager.
Example of Request-Response Message
SNMP Manager SNMP Agent
Application Layer (SNMP)
Transport Layer (UDP)
Network Layer (IP)
Data Link Layer (10BaseT)
Application Layer (SNMP)
Transport Layer (UDP)
Network Layer (IP)
Data Link Layer (10BaseT)
Transport Medium
2525
Object ID (OID)
Name Position of OID in MIB
Comments
1.3.6.1.2.1.7.1 UDPInDatagrams Counter32 # total datagrams
delivered at this node
1.3.6.1.2.1.7.2 UDPNoPorts Counter32 # underliverable datagrams
1.3.6.1.2.1.7.3 UDInErrors Counter32 # undeliverable datagrams; all other reasons
1.3.6.1.2.1.7.4 UDPOutDatagrams
Counter32 # datagrams sent
1.3.6.1.2.1.7.5 udpTable SEQUENCE of IDPEntry
# one entry for each port in use
by app; gives port and IP addresses
MIB example: UDP module
262626
question: how to name every possible standard object (protocol, data, more..) in every possible network standard??
answer: ISO Object Identifier tree: hierarchical naming of all objects: they are,
basically, strings of numbers allocated in a hierarchical manner
each branch point has name, number
1.3.6.1.2.1.7.1ISO
ISO-ident. Org.US DoDInternet
udpInDatagramsUDPMIB2management
SNMP Naming
27
OSI Object Identifier (OID) Tree
Arcs of OID tree1 - ISO assigned OIDs1.3 - ISO Identified Organization1.3.6 - US Department of Defence1.3.6.1 - OID assignments from Internet1.3.6.1.2 - IETF (Internet Engineering Task Force) Management1.3.6.1.2.1 - SNMP MIB21.3.6.1.2.1.7 - udp 1.3.6.1.2.1.7.1 – udpInDatagrams (Total number of UDP datagrams delivered to UDP users
udpInDatagrams (1)udpInDatagrams (1)
udpNoPorts (2)udpNoPorts (2)
udpInErrors(3)udpInErrors(3)
udpOutDatagrams (4)udpOutDatagrams (4)
udpTable(5)udpTable(5)
282828
Two ways to convey MIB info, commands:
SNMP protocol
•The trap message is sent by the management agent to the managing entity (and requires no response from the managing entity).
•A request-response message is sent by the managing entity, with the response coming back from the management.
292929
Two ways to convey MIB info, commands:
agent data
Managed device
managingentity
response
request
request/response mode
agent data
Managed device
managingentity
trap msg
trap mode
SNMP protocol
Overhead?
Lost Messages?
Response time?
303030
SNMPv2 protocol: message types
GetRequestGetNextRequestGetBulkRequest
Mgr-to-agent: “get me data”(instance,next in list, block)
Message type (PDUProtocol data unit )
Function
InformRequest Mgr-to-Mgr: here’s MIB value
SetRequest Mgr-to-agent: set MIB value
Response Agent-to-mgr: value, response to Request
Trap Agent-to-mgr: inform managerof exceptional event
31
SNMP security and administration
||| SNMP v1 and v2 implementations employ plaintext passwords, known as “community strings,” to enable authentication services
Use of plaintext is inherently insecure. It allows an eavesdropper to run a sniffer, learn the SNMP community string and “become” an administrator. In turn, the eavesdropper can perform any action permitted by SNMP, including the manipulation of network devices.
||| SNMPv3 adds security to the protocol -- not as a replacement for earlier versions of SNMP, but as an added feature set.
||| SNMPv3's security header implements the User Security Model (USM), which provides confidentiality, integrity, authentication and access control for network management communications.
32
||| Confidentiality is provided through the use of Data Encryption Standard (DES) which is quite an advantage over plaintext.
||| Integrity service is provided through the use of the Hashed Message Authentication Code algorithm in conjunction with one of two secure hash functions:
MD5 [a 128-bit message digest from data input (which may be a message of any length) that is as unique to that specific data as a fingerprint is to the specific individual] or the Secure Hash Algorithm (SHA-1). Hash algorithms compute a fixed-length digital representation (known as a message digest) of an input data sequence (the message) of any length. e.g., the domain is "flattened" and "chopped" into "words" which are then "mixed" with one another using carefully chosen mathematical functions. Use of the hashes ensures that the SNMP devices know the communication wasn't altered while in transit (either accidentally or maliciously).
SNMP security and administration-continued
33
||| SNMPv3's User Security Model (USM) also allows for user-based authentication and access control.
||| Administrators can create specific accounts for each SNMP user and grant privileges through those user accounts:
For example, you might grant an operator the ability to monitor device status, but reserve modification privileges for network engineers. This has a significant impact on the security of the system by increasing accountability for user actions. It also facilitates the exclusion of a user from the system without requiring the reconfiguration of all SNMP devices
SNMP security and administration-continued
34
Have a 10 min break
3535
Email: an introduction||| Electronic mail (or e-mail) was one of the earliest applications on the Internet and is still among the most heavily used today
||| From a general perspective, e-mail refers to the concept of creating, sending, and storing messages or documents electronically.
||| Why is e-mail more popular then your regular “snail mail”?
1. Fast delivery compared to regular post and can include HTML formatted text, images, sound and even video
2. Cost – e-mail cost virtually nothing compared to regular post or telephone call charge
3. E-mail can substitute for the telephone – avoiding the process of repeatedly exchanging voice mail messages
4. Effective for people working in different time zones.
?
363636
||| Nearly every computer system has a program that servers as an interface for e-mail service called user agents (sometimes referred to as e-mail reader)
- compose, read, save, forward, etc
||| In addition, a local system’s e-mail service also supports background process
- how incoming and outgoing e-mail messages are stored
- how users are presented with incoming e-mail
- how often delivery of out going messages is attempted
||| The only activity that is not performed by the local user agent is message delivery across a network, which is defined by a mail application protocol
||| Three commonly used standard for message delivery are SMTP (Simple Mail Transfer Protocol), X.400 and Common Messaging Calls (CMC)
Email Introduction - cont
373737
Internet–mail system||| Three major components: user
agent, mail servers, and the SMTP
mai ls e r ve r
us e rage nt
us e rage nt
us e rage nt
mai ls e r ve r
us e rage nt
us e rage nt
mai ls e r ve r
us e rage nt
S M T P
S M T P
S M T P
mai ls e r ve r
mai ls e r ve r
us e rage ntus e r
age ntus e r
age nt
us e rage ntus e r
age ntus e r
age nt
us e rage ntus e r
age ntus e r
age ntmai l
s e r ve rmai l
s e r ve rmai l
s e r ve r
us e rage ntus e r
age ntus e r
age ntus e r
age ntus e r
age ntus e r
age nt
mai ls e r ve r
mai ls e r ve r
mai ls e r ve r
us e rage ntus e r
age ntus e r
age nt
S M T PS M T P
S M T PS M T P
S M T PS M T P
Outgoing message queueUser mailbox
Mail Servers
||| mailbox contains incoming messages (yet to be read) for user
||| message queue of outgoing (to be sent) mail messages
||| smtp protocol between mail servers to send email messages (i.e. two sides a client side and server side)
- client: sending mail server- “server”: receiving mail
server
383838
Electronic Mail - user agent
Remember: Three major components:
user agents mail servers simple mail transfer
protocol: SMTP
User Agent (UA) also called “mail reader”
composing, editing, reading mail messages; e.g., Eudora (e-mail client used on MS Windows and Apple Mac operating systems), Outlook, elm (e-mail client used on Unix), Netscape Messenger
outgoing, incoming messages stored on server
user mailbox
outgoing message queue
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
393939
Electronic Mail: mail servers Mail Servers
mailbox contains incoming messages for user
message queue of outgoing (to be sent) mail messages
SMTP protocol between mail servers to send email messages
client: sending mail server
“server”: receiving mail server
mailserver
useragent
useragent
useragent
mailserver
useragent
useragent
mailserver
useragent
SMTP
SMTP
SMTP
404040
Electronic Mail: SMTP [RFC 2821]||| Uses to reliably transfer e-mail message from client to server, port
25||| Direct transfer: sending server to receiving server
(i.e. does not normally use intermediate mail servers) ||| Three phases of transfer
- handshaking (greeting)- transfer of messages- Closure
||| Command/response interaction- commands: ASCII text- response: status code (HTTP response)
and phrase (a three-digit number) ||| Messages must be in TEXT, TEXT DOS or 7-bit ASCII
(American Standard Code for Information Interchange) - meaning it uses patterns of seven binary digits (a range of 0 to 127 decimal) to represent each character -
- 1 extra bit for parity digit or check bit
TCP
mailservermail
servermail
servermail
servermail
servermail
serverInternet
SMTP
414141
Internet
Basic Operation of SMTP
Alice invokes her user agent for e-mail, provides e-mail address (e.g. bart@ mdx.ac.uk) compose and then sends the message via user agent
Alice’s user agent sends message to her email server - placed in a message queue
The client side of SMTP opens a TCP connection to an SMTP server
After some initial SMTP handshaking, the SMTP client sends Alice’s message into the TCP connection
At Bart’s mail server host, the server side of SMTP receives the message - places the message in Bart’s mailbox
Bart invokes his user agent to read the message at his convenience
mailserver
mailserver
Alice’s mail server
SMTP
mailserver
mailserverBart’s mail
server
424242
Sample SMTP Interaction
S: 220 tim.mdx.ac.uk C: HELO laa.ly S: 250 Hello laa.ly, pleased to meet you C: MAIL FROM: <[email protected]> S: 250 [email protected]... Sender ok C: RCPT TO: < tim @mdx.ac.uk> S: 250 [email protected] ... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line C: Do you like ketchup? C: How about pickles? C: . S: 250 Message accepted for delivery C: QUIT S: 221 [email protected] closing connection
||| Example transcript between client (C) {[email protected]} and server (S) {[email protected]} as soon as the TCP connection is established
||| Commands issued by client:
HELO – identifies SMTP sender to SMTP receiver
MAIL FROM – begins mail exchange by identifying originator
RCPT TO – identifies mail recipient
DATA – signifies message follows
QUIT – Ends current session
||| Reply codes issued by server:
220- Service ready
221- Closing transmission
250 – Requested action ok
354 – end with <crlf>.<crlf>
434343
Scenario 2: Alice sends message to Bob
1) Alice uses UA to compose message “to” [email protected]
2) Alice’s UA sends message to her mail server; message placed in message queue
3) Client side of SMTP opens TCP connection with Bob’s mail server
4) SMTP client sends Alice’s message over the TCP connection
5) Bob’s mail server places the message in Bob’s mailbox
6) Bob invokes his user agent to read message
useragent
mailserver
mailserver user
agent
1
2 3 4 56
444444
Sample SMTP interaction
S: 220 mdx.ac.uk C: HELO clubs.ly S: 250 Hello clubs.ly, pleased to meet you C: MAIL FROM: <[email protected] > S: 250 [email protected]... Sender ok C: RCPT TO: <[email protected] > S: 250 [email protected] ... Recipient ok C: DATA S: 354 Enter mail, end with "." on a line by itself C: Hi, my name is ….. C: how about if we meet in …. C: . S: 250 Message accepted for delivery C: QUIT S: 221 mdx.ac.uk closing connection
454545
SMTP: Recap SMTP uses persistent
connections – i.e., using the same TCP connection to send and receive multiple HTTP requests/responses, as opposed to opening a new connection for every single request/response pair
SMTP requires message (header & body) to be in 7-bit ASCII
SMTP server uses CRLF.CRLF(Carriage Return and Line Feed) to determine end of message because the dialogue is character based
Comparison with HTTP: HTTP: pull while SMTP: push
both have ASCII command/response interaction, status codes
HTTP: each object encapsulated in its own response msg
SMTP: multiple objects sent in multipart msg
464646
Mail message format
SMTP: protocol for exchanging email msgs
RFC 822: standard for text message format:
header lines, e.g., To: From: Subject:different from SMTP
commands!body
the “message”, ASCII characters only
header
body
blankline
474747
Message format: multimedia extensions MIME: Multimedia Mail Extension, RFC 2045, 2056 additional lines in msg header declare MIME content type
From: [email protected]: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Type: image/jpeg
base64 encoded data ..... ......................... ......base64 encoded data
multimedia datatype, subtype,
parameter declaration
method usedto encode data
MIME version
encoded data
MIME: Multipurpose Internet Mail Extensions
484848
||| Text
- textual information
||| Image
- image data ||| Audio
- audio data
||| Video
- video data
||| Application- any application-specific data that doesn't fall into the previous categories
||| Multipart
- an encoding that allows multiple items, potentially of different types, to be concatenated together (this is how mail messages with attachments are sent)
||| Message
- an e-mail message, mostly used with the RFC822 subtype
||| The Content-Type field is used to specify the nature of the data in the body of a MIME entity, by giving the media type and subtype names.
||| Currently there are 7 top-level types defined:
MIME(Multipurpose Internet Mail Extensions)Types
49
||| Text- example subtypes: plain, html
||| Image- example subtypes: jpeg, gif
||| Audio - requires an audio output
device to render the contents
- example subtypes: basic (8-bit mu-law encoded), 32kadpcm (32 kbps coding)
||| Video
- example subtypes: mpeg, quicktime
||| Application- other data that must be
processed by reader before “viewable”
- example subtypes: msword. mspowerpoint, etc
||| For each of the 7 types, there is a list of associated subtypes, such as text/html, text/xml and text/plain that are dependent on the top type. Five of these types is as follows:
MIME(Multipurpose Internet Mail Extensions)Types - continued
505050
Multipart Type||| Just as a web page, an e-mail message can contain many objects too
||| Internet e-mail, places all the objects (or “parts”) in the same message
||| When multimedia message contains more than one object (e.g. images, ASCII text and some images), the message typically has Content-type: multipart/mixed
||| This content type header line indicates to the receiving agent that the message contains multiple objects
||| Receiving agent needs a means to determine
- where each object begins
- how each non ASCII was transfer-encoded
- the content type of each message
||| This is done by placing boundary characters between each object and preceding each object in the message with Content-type and Content-Transfer-Encoding: header lines
515151
From: [email protected] To: [email protected] Subject: Picture of yummy crepe. MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=StartofNextPart -- StartofNextPart Content-Transfer-Encoding: quoted-printableContent-Type: text/plain
Dear Bob, Please find a picture of a crepe.-- StartofNextPart Content-Transfer-Encoding: base64Content-Type: image/jpeg
base64 encoded data ..... ......base64 encoded data -- StartofNextPart Let me know if you would like the recipe .
Multipart Type - cont||| Example showing some ASCII text, followed by JPEG image, and more ASCII text
525252
Mail access protocols
SMTP: delivery/storage to receiver’s server
Mail access protocol: retrieval from server
Application-layer Internet standard protocol used by local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.
POP: Post Office Protocol [RFC 1939] authorisation (agent <-->server) and download
IMAP: Internet Mail Access Protocol [RFC 1730] more features (more complex) manipulation of stored msgs on server
HTTP: Hotmail , Yahoo! Mail, etc.
useragent
sender’s mail server
useragent
SMTP SMTP accessprotocol
receiver’s mail server
535353
POP3 protocolauthorisation phaseclient commands:
user: declare username
pass: passwordserver responses
+OK -ERR
transaction phase, client:list: list message numbersretr: retrieve message by
numberdele: deletequit
C: list S: 1 498 S: 2 912 S: . C: retr 1 S: <message 1 contents> S: . C: dele 1 C: retr 2 S: <message 1 contents> S: . C: dele 2 C: quit S: +OK POP3 server signing off
S: +OK POP3 server ready C: user bob S: +OK C: pass hungry S: +OK user successfully logged on
545454
POP3 (more) and IMAPMore about POP3Previous example uses “download and delete” mode.Bob cannot re-read e-mail if he changes client“Download-and-keep”: copies of messages on different clientsPOP3 is stateless across sessions
IMAPKeep all messages in one place: the serverAllows user to organise messages in foldersIMAP keeps user state across sessions:
names of folders and mappings between message IDs and folder name
555555
Secure e-mail
• generates random symmetric private key, KS.• encrypts message with KS
• also encrypts KS with Bob’s public key.• sends both KS(m) and eB(KS) to Bob.
• Alice wants to send secret e-mail message, m, to Bob.
KS( ).
KB( ).++ -
KS(m )
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m )
KB(KS )+
565656
Secure e-mail (continued)• Alice wants to provide sender authentication message integrity.
• Alice digitally signs message.• sends both message (in the clear) and digital signature.
H( ). KA( ).-
+ -
H(m )KA(H(m))-
m
KA-
Internet
m
KA( ).+
KA+
KA(H(m))-
mH( ). H(m )
compare
575757
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication, message integrity.
Note: Alice uses both her private key, Bob’s public key.
H( ). KA( ).-
+
KA(H(m))-
m
KA-
m
KS( ).
KB( ).+
+
KB(KS )+
KS
KB+
Internet
KS
58
Have a 5 min break
595959
DNS: Domain Name System
People: many identifiers: SSN, name, passport
#Internet hosts, routers:
IP address (32 bit) - used for addressing datagrams
“name”, e.g., ww.yahoo.com - used by humans
Q: map between IP addresses and name ?
Domain Name System: distributed database
implemented in hierarchy of many name servers
application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation)
note: core Internet function, implemented as application-layer protocol
complexity at network’s “edge”
606060
DNS
Why not centralise DNS?single point of failuretraffic volumedistant centralised databasemaintenance
doesn’t scale!
DNS servicesHostname to IP address translationHost aliasing
Canonical and alias names
Mail server aliasingLoad distribution
Replicated Web servers: set of IP addresses for one canonical name
616161
Root DNS Servers
com DNS servers org DNS servers edu DNS servers
ucl.ac.ukDNS servers
ucla.eduDNS servers
yahoo.comDNS servers
amazon.comDNS servers
pbs.orgDNS servers
Distributed, Hierarchical Database
Client wants IP for www.amazon.com; 1st approx: Client queries a root server to find com DNS server Client queries com DNS server to get amazon.com DNS
server Client queries amazon.com DNS server to get IP
address for www.amazon.com
626262
DNS: Root name serverscontacted by local name server that can not resolve name root name server:There are currently 13 root name servers specified, with names in the form letter.root-servers.net
contacts authoritative name server if name mapping not known gets mapping returns mapping to local name server
13 root name servers worldwide
b USC-ISI Marina del Rey, CAl ICANN Los Angeles, CA
e NASA Mt View, CAf Internet Software C. Palo Alto, CA (and 17 other locations)
i Autonomica, Stockholm (plus 3 other locations)
k RIPE London (also Amsterdam, Frankfurt)
m WIDE Tokyo
a Verisign, Dulles, VAc Cogent, Herndon, VA (also Los Angeles)d U Maryland College Park, MDg US DoD Vienna, VAh ARL Aberdeen, MDj Verisign, ( 11 locations)
636363
TLD and Authoritative Servers
Top-level domain (TLD) servers: responsible for com, org, net, edu, gov, int, etc, and all top-level country domains uk, fr, ca, jp, ly. Network solutions maintains servers for com
TLD Educause for edu TLD
Authoritative DNS servers: organisation’s DNS servers, providing authoritative hostname to IP mappings for organisation’s servers (e.g., Web and mail). Can be maintained by organisation or service
provider
646464
Local Name Server Does not strictly belong to hierarchy Each ISP (residential ISP, company, university) has
one. Also called “default name server”
When a host makes a DNS query, query is sent to its local DNS server Acts as a proxy, forwards query into
hierarchy.
656565
requesting hostcs.mdx.ac.uk
gaia.cs.umass.edu
root DNS server
local DNS serverdns.cs.mdx.ac.uk
1
2
45
6
authoritative DNS serverdns.cs.ucl.ac.uk
7
8
TLD DNS server
3
Types of queriesrecursive query:puts burden of name resolution on contacted name server
heavy load?
iterative query:contacted server replies with name of server to contact
“I don’t know this name, but ask this server”
666666
requesting hostcs.mdx.ac.uk
bob.cs.ucl.ac.uk
root DNS server
local DNS serverdns.mdx.ac.uk
1
23
4
5
6
authoritative DNS serverdns.cs.ucl.ac.uk
78
TLD DNS server
ExampleHost at cs.mdx.ac.uk wants IP address for bob.cs.ucl.ac.uk
676767
DNS: caching and updating records
once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after
some time TLD servers typically cached in local
name servers Thus root name servers not often visited
update/notify mechanisms under design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html
686868
DNS protocol, messagesDNS protocol: query and reply messages, both with same message format
msg headeridentification: 16 bit # for query, reply to query uses same #
flags: query or reply recursion desired recursion available reply is
authoritative
Resource Records (RR)
696969
DNS protocol, messages
Name, type fields for a query
RRs in reponseto query
records forauthoritative servers
additional “helpful”info that may be used
707070
Inserting records into DNSExample: just created startup “Network Consultancy firm”Register name networkconsultancyfirm.co.uk at a registrar (e.g.,
Network Solutions)
Need to provide registrar with names and IP addresses of your authoritative name server (primary and secondary)
Registrar inserts two RRs into the co.uk TLD server:
(networconsultancyfirm.co.uk, dns1.networconsultancyfirm.co.uk, NS)
(dns1. networconsultancyfirm.co.uk, 212.212.212.1, A)
Put in authoritative server Type A record for www. networkconsultancyfirm.co.uk.com and Type MX record for networkconsultancyfirm.co.uk
How do people get the IP address of your Web site?
7171
Finding an IP can be as easy as looking at the full headers of email that they've sent you, or monitoring network connections for certain types of instant messaging and chat applications. Web sites routinely get IP address information for all visitors. The very nature of how the internet works dictates that when two computers talk to each other, they know each other's IP addresses. But once an IP address is received, what can you tell about it?
Some IP's are easy - they're static, and have a DNS name associated with them. For example, in a Windows XP Command Shell, enter the following command:
ping -a 17.254.3.183 The “-a” switch tells ping to do a “reverse DNS lookup”,
and print the first domain name it finds associated with the IP address you've specified.
How do people get the IP address of your Web site?
72
How do people get the IP address of your Web site? - continued If the ping doesn't return a domain name, we then go to ARIN (American Registry for Internet Numbers) and use their IP “whois” tool: If an IP address, e.g., 206.124.145.17 is entered, we'll find that it's part of a block of addresses assigned to an ISP. To determine who actually uses that IP address the ISP is contacted, otherwise, the physical location of a machine at a specific IP address is not easy to determine. (CIDR? VLSM?) An IP address may, or may not, identify a specific computer. In many cases, such as large corporations, it identifies a gateway that acts as a router or proxy for any number of computers:
Behind the gateway, the computers can all see each other, but from the Internet the individual machines are indistinguishable from each other ... they all look like they come from the same IP address. Same is true when using a router at home. You might have any number of computers behind it, but from the internet, it appears as if you have only one IP address. Your individual computers are not directly accessible by default.