TCP/IP

Transmission Control Protocol/Internet Protocol: The

Universal substrate

Background

You’ve got some computers, each running a simulation. How do you get them to talk to each other?

Network

Network Communications

Almost everything these days is done over TCP/IP, a framework for communications between devices

Note that TCP/IP is a software concept, independent of hardware

TCP/IP runs on all sorts of media• Ethernet wire• Wireless• Fiber Optic• Etc…It can do this because it is layered--the higher levels hide

the type of wire used

TCP/IP Protocol Stack

Link

Internet

Transport: UDP Transport: TCP

Application

Hardware: ethernet,radio, fiber optic

Internet Routing

Sockets

DoD M&S NetworkProtocols & lots more

Protocol Protocol

Layering

TCP/IP Sockets

Ad-HocProtocols

DIS HLA Web

Application/Simulation

“Application layer”

Layering

Notice that the hardware (link layer) is isolated from the application at the top. This means you can swap out the link layer every few years as faster media becomes available, and not affect your application at the top

This is a Big Deal. The vast majority of money and programming time are tied up in the application layer, and you can’t throw that away every few years

Things like web browsers or games are written in such a way that they are completely isolated from hardware transport

This allows us to created standards at the application layer that are stable over a period of decades

TCP/IP

TCP/IP gives you the ability to send some bytes from one machine to another. As far as TCP/IP is concerned, it’s all just bytes. This is like a phone call; the phone network transports audio messages, but doesn’t try to make any sense of what’s being said in the audio

The application layer “makes sense” of those bytes. This is like the person listening at the other end of the phone call making sense of the audio

The application layer is where we standardize M&S network protocols. Note that the “application layer” includes both the DoD protocol (DIS, HLA, etc) along with what we think of as the application (OneSAF, etc)

Application Layer

This is where DoD M&S network standards live. There have been several over the years:

• Ad hoc: Created as needed for proprietary systems; elder days to present

• Distributed Interactive Simulation (DIS): 1993-> present

• High Level Architecture (HLA): circa 1998-present

• TENA: Circa 2000-present

• Emerging XML/Javascript Standards: not actually a DoD standard yet (though see Web-LVC)

Protocols are usually embedded in applications like OneSAF, Janus, etc. “Application layer” in network-speak usually refers to the protocols, not the whole application, but this isn’t hard-and-fast

Ad Hoc

In the early years people just went out and did stuff, because it was all new

This meant that the Boeing simulator didn’t talk to the LockMart simulator, and furthermore the LockMart aircraft simulator might not talk to the other LockMart aircraft simulator

The protocols were typically built on top of sockets (UDP and TCP)

But it worked, sort ofThis is still done in the commercial gaming

industry (Why? What relevance does this question have to DoD?)

Distributed Interactive Simulation

The lack of standards led to DIS. Everyone in procurement realized that lack of interoperability was bad, so they got together and agreed upon a standard for M&S

Agreed upon by SISO, ratified as an IEEE standard

This means anyone can read the standard, implement it, and have their simulator be interoperable with another DIS simulator

High Level Architecture

HLA is a follow-on to DIS, intended to address a wider range of simulations and abstract away some of the network details.

DIS was “first person shooter” oriented, while HLA can be used in a wider range of simulations, such as timestep

HLA hides the socket layer, handles things like area of interest. Much more on this later

TENA

Test & Training Enabling Architecture--used in ranges, both in US and abroad

Very similar to CORBA (a distributed object technology, widely standardized since the 90’s)

There is considerable overlap between DIS, HLA, and TENA

Emerging XML

The field is just starting to look at new XML-and Javascript/JSON based approaches. See for example WebLVC, which copies many DIS/HLA concepts but uses JSON as a “wire format”

Communications

TCP/IP is the basic framework for communicating between devices

“Devices” is a broad term. Can include desktops, cell phones, toasters, coke machines, embedded, etc.

TCP/IP

Link

Internet

Transport: UDP Transport: TCP

Application

Hardware: ethernet,radio, fiber optic

Internet Routing

Sockets

DoD M&S NetworkProtocols & lots more

Layers

Link layer: this is the hardware layer (eg, ethernet, 802.11b)

The switch you get at Best Buy is an example of a link layer device, Cat5 ethernet cable, fiber optic cable, wireless, etc

Link Layer

You can easily spend an entire semester studying only the link layer

We will assume it magically works

IP Layer

The next layer up is responsible for routing packets to a destination

When you send “War & Peace”, TCP/IP breaks up the text into packets, routes the packets to the destination, and then reassembles them back to the original text

The IP layer is responsible for getting the individual packets to their destination process

Routers handle IP. Examples include Cisco, Foundry, Vyatta. These are (often) expensive and require major geek support to run

IP is mostly opaque to application programmersWe will assume it magically works

Transport

The “sockets” layer. This is where the developers of application layers mostly live

Sockets are a way to send bytes from one device to another (or from the same device to itself).

Sockets don’t know anything about the content of the messages being sent--to them it’s all just a bunch of bytes. An analogy is to the phone switching network; AT&T doesn’t use the contents of the voice being transmitted; to them it’s just a bunch of bits

Layers

Link

Internet

Transport: UDP Transport: TCP

Application

Sockets

Notice that at the transport layer there are two types of sockets: TCP and UDP. These are intended to handle two different application uses

You can use either or both in a single application

Ie, OneSAF can use both a network protocol based on TCP and one based on UDP at the same time

TCP Sockets

TCP sockets have some important properties:

• Reliable delivery of data• In-order delivery of data• No duplicates of data• Built-in rate controlWhat it attempts to replicate is reading

and writing to a file

TCP Sockets

Reliable: if you send data, there won’t be random dropouts in the data sent

Recall that TCP/IP breaks up big chunks of data into many packets to send across the network. “reliability” means that if the network somehow drops one of those packets, it will be resent

TCP Sockets

In order: When TCP/IP breaks up all the packets for sending, it will ensure that the packets are re-assembled in the same order they were sent on the receiving side

No duplicates: in some obscure situations, the underlying network may duplicate packets. TCP ensures that the duplicate packets are discarded

TCP Sockets

Rate limiting: What if you have a really fast server computer sending to an iPhone? The server has a really fast CPU and is hooked up to a fast network; it doesn’t necessarily know it is sending to a slow CPU across a slow network

Without this feature you can easily overwhelm the receiving machine and network--it’s a sort of denial of service attack

TCP automatically throttles back the sending rate if too many packets are being dropped

TCP

TCP SocketData

TCP sockets replicate writing to a file; data is sent(and received) across a full-duplex connectionWriting to a file: open the file, write data, close the file. TheData appears in the file: reliable, in order, no dupes, rate limitedSame thing with TCP sockets

HostA

HostB

UDP Sockets

UDP is an alternative to TCP sockets that eliminate some of the features of TCP

• Unreliable data delivery--there is no guarantee that the receiving application will get everything you send

• Data may arrive out of order• Duplicate data may arrive• There is no built-in rate limiting• Packet-oriented rather than stream-

oriented

UDP Sockets

Some of these “features” sound counter-intuitive. Why on earth would you use an API that may throw away data?

The issue is that TCP introduces some overhead in latency and to a lesser extent bandwidth

Sometimes we have applications that are fine if most of the data is received

Example: position updates in a game

UDP Sockets

“The player on my computeris controlling a tank, and Iwill send out updates of its position every 1/30th ofa second”

What happens if one out of a hundred updates is dropped?

UDP Sockets

UDP is packet-oriented rather than stream-oriented

TCP is handled much like reading and writing from a file, which is just a long stream of bytes

In UDP you create discrete messages and send them

Sockets

Note that both TCP and UDP are responsible only for sending data. They do not attempt to make any sense of the data itself--that is the responsibility of the next layer up

Files are not responsible for the format or meaning of the data written to them--that’s the responsibility of the applications that read or write the file

The sockets API only gets data to the destination; once there the application has to make sense of the data

IP Numbers

Every host (computer) on a network is assigned a unique IP number, usually written like this:

192.168.1.10This is called the “dotted decimal” format. In reality

the IP is 4 bytes long, and each number can (sort of) be in the range of 0-255.

This uniquely identifies the computer on the network; you can’t talk to something directly unless you have a name to distinguish it, and the IP is the “real” name of the computer in TCP/IP

“I want to connect to the host 131.120.7.15” will connect you to a particular host on the internet

IP Numbers

You can see what IP your computer has by going to Control Panel->Network->TCP/IP->Properties, or “ipconfig /all”, or on OS X Control Panel->Network, or on Linux “/sbin/ifconfig”

How are IPs assigned? If we have unique numbers for hosts we have to have some way to assure that each host is configured with a unique IP

Two basic ways: • Manually• Dynamic Host Configuration Protocol (DHCP)

IP Numbers

Manually: go to each machine, type in the IP number

What’s wrong with this?DHCP: when the host boots, it contacts a server

and asks for an IP. The server assigns an IP to the host from a floating pool of IPs

The host has a “lease” on the IP for a limited time. After the time is expired, the server takes back the IP unless it has been renewed

Why this approach? Why not have the computer “resign” the IP when done?

IPs

DHCP has a weakness: a host may be assigned a different number the next time it boots

This is perfectly OK for desktop clients, but not for servers. Typically people want to contact servers, and if the IP is constantly changing, they don’t know how to address it. Clients, on the other hand, spend their time contacting servers, not being contacted

• Manually assign IPs to servers• Have laptops & desktop clients use DHCP

Domain Name Service

Suppose you want to connect to a web server. It would be bad to force users to memorize “72.21.210.11” rather than “amazon.com”

DNS maps a name to an IP number. This is done by a server sitting on the network. Your host contacts the DNS server and asks “what is the IP for www.nps.edu?” The DNS server responds with the IP

The DNS server is set on your host by DHCP (usually).

DNSDNS Server“give me the IP for

www.nps.edu”

“the IP is 205.155.4.12”

Name IPwww.nps.edu

205.155.4.12

Beatnik.ern.nps.edu

172.20.18.4

Mail.nps.edu 205.155.4.2

The DNS server maintains a tablematching names to IPs

DNS

The campus admins can enter the IPs for all the server hosts on campus. But what if we want to use a name to refer to a server off campus, like amazon.com? The campus admins have no idea what assignments amazon is making, and what’s more the DNS server can’t realistically have a database with every host name on the internet

To refer to a host name off campus, the local DNS server simply asks amazon’s DNS server to resolve the name on our behalf

Off-Site DNS“give me the IP for Amazon.com”

“the IP is 72.12.18.4”

Campus DNS Server

Amazon.com DNSServer

DNS

The campus DNS server contacts amazon on your behalf, gets the IP number, returns it to you, and caches the result for some period of time so later lookups are faster

Potential problems?>nslookup www.apple.comNon-authoritative answer:Name: apple.comAddress: 17.149.160.49The “non-authoritative” means the local DNS

server got it from cache

DNS

So how does the local DNS server know how to contact the Amazon DNS server?

When a domain like nps.edu or amazon.com is registered, one of the required pieces of information is at least two DNS servers

You can see the information with whois:http://www.networksolutions.com, “whois”

link

Whois

Registrant: contact infoAdmin Contact: the suitsTechnical contact: the t-shirtsDNS Servers: the names of the servers where

the name-to-IP information is enteredYou can set up your own DNS servers or use

someone else’s as a paid or free serviceThis is the standardized way for the info to

get into the system

DNS

The internet maintains 13 “root DNS servers”. These server Ips are hard-coded into a local DNS server’s config file

In reality it is a lot more than 13 servers; each are really clusters that are geographically distributed

These root servers use the data entered during the domain registration process to direct a DNS server that has the information needed

Root DNS

Root

EduCom Org Net XXX Uk

Amazon Apple

DNS

When your local DNS server starts up cold, it has the root DNS servers. The first time it gets a request for amazon.com, it goes there, gets the .com DNS server, and then asks the .com server for amazon’s server

All these answers are cached, so after the TLDs are retrieved it doesn’t need to talk to the root servers

DNS

The net result: you can refer to a host by name rather than IP, and as long as you have a functioning DNS server it will all work

DNS & Info Operations

Obvious question: what happens if the DNS server (either locally or TLD or root) is compromised?

Citizen in country under attack decides to bring up his local newspaper site; instead he is redirected to the attacker’s propaganda site

This is used as part of the “great firewall of China”. PRC uses DNS servers to for example redirect facebook.com to alternative servers

Stupid DNS Tricks

DNS can be used to aid scalability• Round-robin DNS: The DNS server

returns a list of Ips rather than a single IP, and the client just picks one. All the servers have identical content

Now you have N servers to handle the load instead of just one

Stupid DNS Tricks

•Geographically based DNS: There are lists of IP numbers and their approximate location. Based on the IP of the client making the request you can return an IP that’s close to the client

In europe if you go to google.com you’ll get the language and country-specific site that reflects the IP of your computer

Content Distribution Network

The idea of a CDN is to put the content close to the client. This is important for broken things like NMCI

This is done by playing DNS tricks—as with geographic DNS, the request is sent to a server “close” to the client with a full copy of the site content. If the content is not present at the CDN, it’s pulled down from the authoritative server

Vendors: Akamai, Google, many others

Port Numbers

Suppose you have a server named “nps.edu” that runs mail and a web server. You want to contact it, so you refer to it by IP (perhaps after a DNS lookup)

But which program on the host do you talk to? It’s running both mail and web. We need some further way to specify which service on the host we want to talk to: mail, web, DNS, OneSAF, etc

Port Numbers

Each host (IP number) has ports that range in number from 0-64K. There is a separate port range for TCP and UDP, so UDP port 25 is not the same as TCP port 25

By convention, certain programs listen on certain ports. For example, mail servers traditionally listen on TCP port 25, and web servers on TCP port 80

So: to contact a web server at www.nps.edu, you should refer to IP 205.155.7.12 and port 80. If a mail server is also running, you can contact it at 205.155.7.12 and port 25

Port Numbers

How do you decide what port number goes with what service? You need a priori knowledge of this

The IANA/ICANN maintains databases of various arbitrary number assignments for the internet

http://www.iana.org/assignments/port-numbers

Summary

TCP/IP layeringUDP and TCP socketsIP numbersDNSPorts