Network Overview - Purdue University

Download Report

Transcript Network Overview - Purdue University

Data Networking Overview
Presented by Scott M. Ballew
Copyright of Scott M. Ballew and Purdue University, July 19, 2007
Agenda
 Network Models
 Network Technologies
• Layer 1
• Layer 2
• Etc.
 Network Security
 Network Usability
• The Domain Name System
• Host Configuration
• Remote Access
2
Network Models
 Network models use layers to
describe networks
 Each layer describes the
services provided to the layer
above it and those required
from the layer below it
 It also describes the format of
exchanges between peer
layers on different network
hosts
 Because the layers “stack” on
top of one another, we often
refer to network protocol
“stacks” when we talk about
the implementation
Layer N+1
Layer N+1
Provides
Exchanges
Layer N
Layer N
Requires
Layer N-1
Layer N-1
3
Network Models
 The most well-known
network model is the OSI
(Open Systems Interconnect)
Reference Model defined and
maintained by the
Organization for
International Standardization
(ISO)
 It consists of seven layers,
numbered from the bottom
(closest the network) to the
top (closest the user)
Layer 7 – Application
Layer 6 – Presentation
Layer 5 – Session
Layer 4 – Transport
Layer 3 – Network
Layer 2 – Data Link
Layer 1 – Physical
4
OSI Reference Model
 Layer 1 – The Physical
Layer
• Defines the type of
media to be used
• Defines representation
of data on the medium
» Is a ‘0’ “high” or
“low”, “on” or “off”?
» What order are bits
transmitted (if
serial)?
Layer 1 – Physical
5
OSI Reference Model
 Layer 2 – The Data
Link Layer
• Defines “right to
transmit” rules
• Provides directlyconnected host-to-host
data transfer
• Defines higher-level
structure of data
(frames)
• Defines “physical”
address structure for
hosts
Layer 2 – Data Link
Layer 1 – Physical
6
OSI Reference Model
 Layer 3 – The
Network Layer
• Provides end-host-toend-host data transfer
across (potentially)
multiple data links
• Defines higher-level
structure of data
(packets)
• Defines “abstract”
address structure for
hosts
Layer 3 – Network
Layer 2 – Data Link
Layer 1 – Physical
7
OSI Reference Model
 Layer 4 – The
Transport Layer
• Provides process-toprocess data transfer
• May provide for
reliable data transfer
• Defines higher-level
structure for data
(datagrams, streams,
etc.)
• Defines “port”
addresses for services
(processes)
Layer 4 – Transport
Layer 3 – Network
Layer 2 – Data Link
Layer 1 – Physical
8
OSI Reference Model
 Layer 5 – The Session
Layer
• Provides a logically
persistent connection
between processes
• May involve user or
host authentication
(login), transaction
encapsulation (for
database access), etc.
Layer 5 – Session
Layer 4 – Transport
Layer 3 – Network
Layer 2 – Data Link
Layer 1 – Physical
9
OSI Reference Model
 Layer 6 – The
Presentation Layer
• Defines the network
representation of data
• Converts between the
network and host
representations of
data (ASCII/EBCDIC,
byte order, encryption,
compression, etc.)
Layer 6 – Presentation
Layer 5 – Session
Layer 4 – Transport
Layer 3 – Network
Layer 2 – Data Link
Layer 1 – Physical
10
OSI Reference Model
 Layer 7 – The
Application Layer
• Provides a portal for
the application to
access the network
• Describes the dialog
between two
applications
communicating across
the network.
Layer 7 – Application
Layer 6 – Presentation
Layer 5 – Session
Layer 4 – Transport
Layer 3 – Network
Layer 2 – Data Link
Layer 1 – Physical
11
TCP/IP Network
 When TCP/IP was
defined in the early days
of the Internet, the OSI
Reference Model had
not been defined, so a
different layering model
was used
 It consists of 4 or 5
layers, and maps closely
to the OSI Reference
Model
Layer 5 – Application
Layer 4 – Transport
Layer 3 – Internetwork
Layer 2 – Link
Layer 1 – Physical
12
TCP/IP Network
 Layers 1 & 2 – The
Physical and Link
Layers
• Provide physical
communications
between hosts within a
network. Sometimes
combined into a single
“Link” layer.
• Correspond to OSI
layers 1 and 2
Layer 2 – Link
Layer 1 – Physical
13
TCP/IP Network
 Layer 3 – The
Internetwork Layer
• Provides all necessary
components to move
data between
networks, including
addressing, routing,
etc.
• Corresponds to OSI
layer 3
Layer 3 – Internetwork
Layer 2 – Link
Layer 1 – Physical
14
TCP/IP Network
 Layer 4 – The
Transport Layer
• Provides everything
necessary to move
data between
applications
• Corresponds to OSI
layer 4
Layer 4 – Transport
Layer 3 – Internetwork
Layer 2 – Link
Layer 1 – Physical
15
TCP/IP Network
 Layer 5 – The
Application Layer
• Provides everything
specific to an
application or a
session
• Corresponds to OSI
layers 5 through 7
Layer 5 – Application
Layer 4 – Transport
Layer 3 – Internetwork
Layer 2 – Link
Layer 1 – Physical
16
Agenda
 Network Models
 Network Technologies
• Layer 1
• Layer 2
• Etc.
 Network Security
 Network Usability
• The Domain Name System
• Host Configuration
• Remote Access
17
Network Technologies –
L1
 Layer 1 – The Physical Layer
• Copper Cable
» Coax – bulky, heavy, but relatively immune to noise
» Twisted pair – thinner, lighter, cheaper, and okay about
noise
• Fiber Optic Cable
» Multi-mode – good for relatively short distances (a
couple of km) and moderate speeds (< 10 Gbps)
» Single-mode – good for short and long distances (100+
km) and virtually any speed
• Radio, Microwaves, Satellite, others
 None are inherently secure!
18
Network Technologies –
L2
 Layer 2 – The Data Link Layer
•
•
•
•
•
•
•
•
Ethernet
Token Ring
FDDI
ATM
SLIP/PPP
Frame Relay
SONET
Waxed String
19
Network Technologies –
L2
Ethernet

•
Ethernet has a very simple
transmission control protocol
1.
2.
3.
4.
Listen to the network
If someone is talking, wait your turn
If no one is talking, send your data
If someone starts talking while you
are talking, stop talking and scream at
them! 
20
Network Technologies –
L2
 Ethernet transmissions occur in “frames” of 64 to 1518
octets in length
 The frame contains a header, data, and a checksum
 The header contains source and destination addresses
and the frame type
6 octets
6 octets
2
Dst Address
Src Address
Type
4 octets
14 octets
Header
Data
F
C
S
64 – 1518 octets
21
Network Technologies –
L2
 Early Ethernet devices had fairly
basic functions
• Transceivers physically connect hosts
to the Ethernet coax cable
• Repeaters amplify and repeat frames
from one coax cable to another
• Bridges selectively amplify and repeat
frames from one coax cable to another
22
Network Technologies –
L2
 Hubs provide a combination of
convenience and flexibility
• Coax hubs were a way to share a transceiver
among multiple systems to avoid having to
install so many. They used the same cable
between a system and the hub as was used
between a system and a transceiver
• Twisted pair Ethernet hubs made it practical to
provide network connections in office spaces
 Hub == Repeater!
23
Network Technologies –
L2
 Switches provide for improved
performance
• Recall that bridges selectively forward
frames from one network segment to
another, while repeaters (hubs) always
forward frames from one network
segment to another
• Switches are simply multi-port bridges
implemented in hardware
24
Network Technologies –
L2
 Finally, Wireless Access Points removed
the need for cables between the network
and the system
• An access point is sort of a hub/switch
hybrid
» Individual systems have to share available
bandwidth (radio waves)
» Frames are selectively transmitted between
network segments (wired/wireless)
» Wireless systems may or may not be able to
“hear” each other’s transmissions
25
Network Technologies –
L3
 Layer 3 – The Network Layer
• Layer 3 is where we connect layer 2
networks together
• The layer 2 networks can be the same
or different technologies
• They can be the same or different
speeds
• Many of the concepts are the same as
layer 2, only different
26
Network Technologies –
L3
 IPv4 is the most successful layer 3
protocol ever developed
• Hundreds of millions of systems
• Every time zone
• Every continent (yes, even Antarctica!)
 The basic protocol is unchanged
since its inception in the early 80’s
27
Network Technologies –
L3
 IP Packets
» Addresses
» Protocol
» Control
information
• Payload (data)
VER IHL
TOS
Identification
TTL
Total Length
Flags
• Header
32 bits
Offset
Protocol
Header Checksum
Header
Source Address
Destination Address
Options
Padding
Payload
28
Network Technologies –
L3
 IP Addresses
172
.
24
.
57
.
18
10101100 00011000 00111001 00010010
29
Network Technologies –
L3
 All systems on a single layer 2 network
must have IP addresses with the same
prefix
 This prefix is the network portion of the
IP address – the remainder is the host
portion
 IP addresses are arbitrarily split into a
network portion and a host portion –
local network administrators decide
where the split between the network and
host portions is rather than the protocol
30
Network Technologies –
L3
 Network Masks
• Network masks specify where the split
between network and host portions is
• A mask is a 32-bit quantity, just like an IP
address, and can be represented the same
way as a dotted “quad”
11111111 11111111 11111111 00000000
255
.
255
.
255
.
0
31
Network Technologies –
L3
 Network Masks (cont)
172.24.57.18
255.255.255.0
10101100 00011000 00111001 00010010
11111111 11111111 11111111 00000000
172.24.57.0
10101100 00011000 00111001 00000000
172.24.57.18
255.255.255.240
10101100 00011000 00111001 00010010
11111111 11111111 11111111 11110000
172.24.57.16
10101100 00011000 00111001 00010000
32
Network Technologies –
L3
 Network Masks (cont.)
• Knowing the network mask is important
to understanding the structure of any IP
address.
• But writing “172.24.57.18 with mask
255.255.255.0” is cumbersome.
• We could shorten it to
“172.24.57.18/255.255.255.0”, but
even that is longer than we need.
33
Network Technologies –
L3
 Slash Notation
255.255.255.0
11111111 11111111 11111111 00000000
24 bits
255.255.255.240
11111111 11111111 11111111 11110000
28 bits
172.24.57.18/255.255.255.0
172.24.57.18/24
172.24.57.18/255.255.255.240
172.24.57.18/28
34
Network Technologies –
L3
 Routers are the primary Layer 3
device
 Routers perform two distinct
functions:
• Switch packets between networks
• Maintain network topology information
35
Network Technologies –
L3
 “Layer-3 switches” is a newer term
• It may just be another term for “router”
(i.e. a marketing term)
• May be a “hybrid” L2/L3 device
» Grew “up” from L2
» Grew “down” from L3
36
Network Technologies –
L3
 Basic IP Routing (Switching) Algorithm
• Look at the destination IP address
» If it is one of my addresses, deliver it to the
local system
» Else if it is on one of my attached networks,
deliver it directly using link-specific
mechanisms
» Else find the longest match (address/mask) in
a local table and send the packet to the next
hop address from that entry
» Else inform the sender of failure
37
Network Technologies –
L3
 Routing Tables
• Mandatory Information
» Destination IP Address
» Netmask
» Next Hop Router Address
• Optional Information
» Layer 2 information (address)
» Interface index
» Flags
38
Network Technologies –
L3
 Routing Table Maintenance
• Static Configuration
» Works well for small tables with little need for
change
• Dynamic Routing Protocols
» Allows routers (and sometimes hosts) to
inform each other about current network
topology
» Work well for large tables or highly dynamic
networks, but are often overkill for hosts
39
Network Technologies –
L3
 Routing Protocols
• Many variations
• Some designed for use within a site
network (Interior Gateway Protocols)
• Some designed for use between sites
(Exterior Gateway Protocols)
• All have the same goal – a consistent
view of the network topology!
40
Network Technologies –
L3
 Other Network Protocols
• AppleTalk
• IPX (Novell Netware)
• DECNet
41
Network Technologies –
L4
 Layer 4 – The Transport Layer
• Allow multiple processes/programs to
use the IP network on same host
• Additionally, layer 4 may provide for
reliable communications between these
processes
• The IP protocol suite defines two major
layer 4 protocols – UDP and TCP
42
Network Technologies –
L4
 UDP – The User Datagram Protocol
•
•
•
•
Connectionless
Datagram based
Unreliable
“Quick & Dirty”
 Common uses:
• Domain Name System (DNS)
• Simple Network Management Protocol (SNMP)
• Older Network File System (NFS)
43
Network Technologies –
L4
 TCP – The Transmission Control Protocol
• Connection-oriented
• Stream based
• Reliable
» In order
» Once and only once
• “Heavy weight”
» 3-way handshake
 Common uses:
• Remote login (Telnet, RSH/Rlogin, SSH)
• File Transfer (FTP, SCP, HTTP)
• Newer NFS
44
Network Technologies –
L4
 There are other Layer 4 protocols in
the IP family
 Most try to combine features of UDP
and TCP
• Example: A reliable datagram protocol
45
Network Technologies –
L5+
 Layer 5+ - The Session, Presentation, and
Application Layers
Telnet – Remote Login
File Transfer Protocol (FTP) – File Transfer
Simple Mail Transfer Protocol (SMTP) – Email
RSH/Rlogin – Remote Login
HyperText Transfer Protocol (HTTP) – World
Wide Web
• SSH/SCP – Secure Remote Login/File Transfer
• Many others!
•
•
•
•
•
46
Agenda
 Network Models
 Network Technologies
• Layer 1
• Layer 2
• Etc.
 Network Security
 Network Usability
• The Domain Name System
• Host Configuration
• Remote Access
47
Network Security
 Security Devices
• Firewalls
» Packet Filters
» Stateless or Stateful
» Network or Host-based
• Intrusion Detection/Prevention Systems
(IDS/IPS)
» Network or Host-based
48
Network Security
 Security Protocols
•
•
•
•
Ident
SSH – Secure Shell
SSL – Secure Sockets Layer
IPSec
49
Agenda
 Network Models
 Network Technologies
• Layer 1
• Layer 2
• Etc.
 Network Security
 Network Usability
• The Domain Name System
• Host Configuration
• Remote Access
50
Network Usability
 The Domain Name System (DNS)
• Provides Name-to-Address mapping
• Also provides Address-to-Name
mapping
• Implemented as a distributed database
of trusting systems
• DO NOT trust the DNS blindly!
» Subject to attacks
» Not all DNS servers are controlled by
“good” people
51
Network Usability
 Host Configuration
• Need 4 critical items
»
»
»
»
Own IP address
Network mask
Routing Table
DNS Servers’ IP addresses
• Dynamic Host Configuration Protocol
(DHCP)
52
Network Usability
 Remote Access
• Modems
• Virtual Private Networks (VPN)
» Point-to-Point Tunneling Protocol (PPTP)
» IPSec
» SSL
53
Television is an invention which allows people to
entertain you in your living room that you would never
allow in your house.
-David Frost
The Internet is an invention which allows people to
access your computer that you would never allow in
your house.
54