Internet - Wallonie en ligne

Download Report

Transcript Internet - Wallonie en ligne

Internet 101
Technology
Policy
Framework
1
Disclaimer!
 This
presentation is oversimplified
 And incomplete for pedagogical reasons
and because of time constraints!
2
How does
Internet work?
3
Internet
 The
Internet is a network of networks
interconnected by means of the Internet
Protocol Suite.
 It is an architecture for a system of computerbased applications.
 Protocols are standard procedures,
conventions and formats for inter-computer
communication.
 The Internet protocols are based on packet
switching concepts.
4
Circuit and Packet Switching
S
Circuit Switching
D
“telephone network”
S
Packet Switching
D
Internet
5
Packet Switching Features
BB
A
Host
AA
B
BB
Multiplexing
Packet
Switch
data from multiple processes
“Store-and-forward”
Automatic
Adaptive
speed adaptation
alternate routing
6
Packet Structure
Header
S
S
D
...
Data
S = Source Address (“From”)
D = Destination Address (“To”)
7
Internet Addressing
 IPv4
- 32 bits (4.3 billion addresses)
 IPv 6 – 128 bits (1038 addresses)
that’s 100 trillion trillion trillion …
8
Internet Packet Formats
“from” address
166.45.18.99
“to” address
Version
number
CONTENTS
204.146.165.100
“4”
“hello”
An Internet Packet
9
Packet Networks
host
Packet
Some
host
switched
use virtual circuits
host
Peer-to-peer
Client/server
Some
are shared media (e.g.,
Ethernet)
10
Internetworking
Routers
Encapsulation
End-to-end
H
Internet
packets
Protocol- IP
R
R
“Routers were once called
Gateways between nets”
H
11
IP:
The “Thin Waist” of the Internet
App
App
App
App
App
Transport
TCP
Network
IP
App
Transport
TCP
Network
IP
Network
IP
Network
IP
Link 1
Link 1
Link 2
Link 2
Link 3
Link 3
Phys 1
Phys 1
Phys 2
Phys 2
Phys 3
Phys 3
Subnet 1
Subnet 2
Subnet 3
Internet: a Network of Connected Sub-Networks
12
The Internet IP Postcard System
From: eop.gov
To: mci.com
An electronic postcard (“packet”)
01101110
11100111
A router
Another router
A bucket of packets
13
Early Internet - “Network of
Networks”
Ethernet 1974
ARPANET 1969-1990
Packet Radio 1975
Packet Satellite
1976
NSFnet 1986-1995
MCI, IBM, Merit, ANS
EBONE 1992
NYSERNET - 1987
BARRNET 1988
PSINET - 1990
GIX
Sprint
Link
CERFNET - 1989
NORDUNET 1991
CIX
UUNET – 1989
(End-user nets not shown)
14
Internet Protocol Architecture
Key Protocols: TCP/IP
MIME
HTTP
FTP
TCP
PGP
Note many protocols not shown
SMTP
Utility/Application
...
SNMP
DNS
UDP
OSPF
EGP/BGP...
Networ
k
IP/ICMP
...
Ethernet
FDDI
HDLC
SONET/SDH
Transport
X.25
WiFi
FR
ATM
Coaxial cable, optical fiber, radio, satellite…
...
link
Physical15
How Does TCP Work?
Like
Sending a Novel on
Postcards
–Page numbering (ordering,
duplicate detection)
–Positive Acknowledgement
–Retransmission on Timeout
–Finite Mailbox
16
Protocol Layering
concept – like floors of a building:
lower floors support upper ones
 Layers form a kind of stair case – users
have access to each layer (floor, step)
 To understand the Internet, you must
look at it from the side to see the layers
– looking down from the top conflates all
functions into one solid mass.
 Key
17
Routing
 Internal
Gateway Protocol (IGP)
– IS-IS, Open Shortest Path First (OSPF), RIP
(primitive). Used within an autonomous system
(AS).
 Exterior
Gateway Protocol (EGP)
– BGP4 – used between autonomous systems
 Routing
protocols help routers track topology
and preferred routing for traffic within and
between autonomous systems.
18
Interconnecting Internet Service
Providers (ISPs)
 Peering
and Transit
– Peers exchange routing information directly or
through Internet Exchanges; and exchange traffic
only between their customers (not their peers)
– Transit: one net purchases full Internet
connectivity from another
 Internet
Exchanges
– London Internet eXchange (LINX)
– MAE-EAST, MAE-WEST, …
– Multiple nets peer at the exchanges
19
Firewalls
 Introduced
between edge networks (e.g.
corporate nets, home networks) and public
Internet
 Filter traffic (in either direction) to control
access to edge network resources
 Vary in complexity and layers of protocol
examined for access control. Some observe
set-up and tear-down of TCP connections for
example.
20
Network Address Translators
(NATS)
 Introduced
between users and edge access
networks (LANS, wireless nets) to allow
sharing of a single IP address by multiple
computers.
 Response to limited number of IP addresses
made available to users by ISPs (maximize
revenue per IP address)
 Detrimental to end/end security methods
 Personal anecdote with cable network
21
Virtual Private Networks (VPNs)
via IPSEC tunnels
 Packets
from private (edge) network are
encapsulated in IP packets flowing
through the public Internet. The payload
of each packet is encrypted to protect it
while in transit (this creates the “tunnel”)
 The edge networks may use private IP
addresses rather than public IP
addresses without penalty.
22
Domain Names and Addresses
 www.isoc.org
is a “domain name”
– “org” is the “non-commercial top level
domain”
 208.234.102.119
is an Internet address
– this is really just a way to represent a 32 bit
number which how Internet Protocol
version 4 represents locations in the
Internet, like telephone numbers in the
telephone network
23
Domain Names
 Latin
characters “A”-”Z”, numbers “0”-”9”
and “-” (encoded in US ASCII)
 They appear in embedded constructs
such as email: [email protected]
 In Uniform Resource Locators:
– http://www.mci.com/cerfsup
 And
in other protocol constructs
24
Top Level Domain Names (TLDs)






Generic TLDs: .edu, .com, .org, .net, .mil, .gov, .int, .biz,
.aero, .coop, .museum, .name, .pro, .info
and country code TLDs: .US, .UK, .FR, .DE, .JP, .ZA, .AU,
…
But note: .tv, .md, .to, .cc… are operated like generics
Infrastructure TLD: .arpa (inverse IP address lookup and
also e164 telephone number entries)
The system is hierarchical and each name is unique:
www.cnri.reston.va.us
The Internet Assigned Numbers Authority (IANA)
delegates responsibility for each TLD to an appropriate
entity.
25
DNS Components and
Mechanics
 Domain
Name Servers
– Associate domain names with IP
addresses (among other things) or point to
lower level servers with more information
– “Root” = “.”
– TLD = .biz (for instance)
– Second Level Domain = alpha.biz (e.g.)
– Third Level Domain = www.alpha.biz (e.g.)
26
DNS Components and
Mechanics (cont.)
 Domain
Name Resolvers
– Queries (a sequence of) Domain Name Servers to
find the IP address of a given domain name.
– If not known by the Resolver already, Resolver
may query a Root Server to find a TLD DNS
server which will point to a server for second level
names, etc.
– Resolver returns the results to the party originally
asking “what is the address of this domain name?”
– The answer may be: “there is no such domain
name in the DNS system”.
27
Root Servers in the DNS





There are 13 Root Servers in the DNS
Each of them has a complete table of the addresses of all
TLD servers. This table is sometimes called the “Root
Zone File.”
There can be many copies of each Root Server (using the
“anycast” feature of the Internet routing system) and these
copies can be anywhere in the Internet.
Each root server system is operated on a volunteer basis
by an independent entity.
Changes to the Root Zone File must be approved by the
US Department of Commerce (National
Telecommunications and Information Agency) after
approval by IANA.
28
Internationalized Domain Names



IETF has developed standards for incorporating
UNICODE strings into domain names. They are
mapped into ASCII code strings of the form “xn-<ASCII sequence>
Current practices does not (yet) support “multilingual” Top Level Domains. Registration restriction
tables may be needed for specific languages sets.
Introduction of multi-lingual domain names is proving
to be complex. Higher level applications potentially
mix up character codings (recent example from email
exchange: German umlauts converted to Cyrillic
characters!)
29
Domain Name Registration





Registry: entity that maintains a database of second
level domain name registrations and associated
servers
Registrar: entity that accepts registrations from users
on behalf of registries.
Registrars forward relevant information to Registries
using standard protocols
Some TLD operators perform registrar and registry
functions (e.g. many ccTLD operators)
Life of a Domain Name (unregistered, registered,
registry hold, in redemption/grace period, expired…)
30
WHOIS
 Information
about registrants (owner,
administrative and technical contact) is kept
in the WHOIS database along with many
other kinds of information.
 There is much controversy over how much of
this information should be publicly accessible
and what should be protected (there are
privacy, law enforcement and intellectual
property protection issues involved.)
31
EMAIL
 One of the oldest Internet applications
 <user mailbox ID>@<mailserver domain name>
 Example: [email protected]
 Mail clients retrieve email via IMAP or POP3
protocols. Some use WWW browsers, e.g. hotmail
 Multimedia Internet Mail Extensions (MIME) allow for
multiple attachments containing arbitrary content
(including sound, video, imagery, programs,
documents, …). Messages and attachments can be
encrypted and sent this way for privacy.
32
EMAIL
 EMAIL
is sent from the email client to an
email relay using the Simple Mail Transport
Protocol (SMTP).
 A feature of DNS allows one relay to server
as a proxy for another through a DNS “MX”
entry:
 XYZ.COM MX ABC.COM means ABC.COM
serves as proxy for XYZ.COM
33
SPAM
 SPAM
is unsolicited commercial email
and is sometimes consider the scourge
of the Internet.
 Many efforts are underway to limit the
influx of spam, including legislation,
technical measures to resist mail relay
“hijacking” but the spammers find many
ways to circumvent them.
34
World Wide Web
 Layered
atop TCP/IP, WWW uses hypertext
transport protocol (http) to carry objects
encoded in Hypertext Markup Language
(HTML) or Extensible Markup Language
(XML) between browsers (clients) and
servers.
 Web Proxies can be configured to intervene
between clients and servers acting as filters
or as aggregators of web traffic, caching web
pages for efficiency.
35
WWW (cont.)
 The
WWW system uses hyperlinks that are
embedded in HTML or XML pages to allow
users to “point and click” to move to new
places in the web.
 Embedded hyperlinks are expressed as
Universal Resource Names, Identifiers or
Locators:
http://www.isoc.org/internet/history/doc.html
36
WWW (cont.)
 Secure
Socket Layer (SSL)
– This allows client/server communication to
be encrypted for privacy using Public Key
Cryptography infrastructure (PKI) to
transport symmetric cryptographic keys
between the parties.
– This is an important enabler of ecommerce
37
Streaming Audio/Video
 Usually
uses UDP streams (ie. Not
guaranteed to be delivered or in order)
 Some use Real Time Protocol (RTP)
 Some use multicasting capability of the router
systems
 Some use special distribution services such
as those of Akamai and Real Networks.
 Quality of Service issues sometimes arise
with respect to ISP service level agreements.
38
Voice over Internet (or IP)
 Sometime
use private IP networks
 Sound is encoded, compressed,
packetized and sent
 Bandwidth requirements may be
reduced (no packets when no one is
speaking)
 Session Initiation Protocol (SIP) a key
element in call processing
39
VOIP





SIP Proxies can locate Internet VOIP terminations
and route traffic to them.
SIP destination identifiers may look like email
addresses:
SIP: [email protected]
Media gateways convert to/from packet mode and
serial digitized voice in the public switched telephone
network. They also convert SIP signaling into
conventional SS#7 for example.
Free Internet “telephony” from SKYPE, Free World
Dialup, or reduced price services including access to
PSTN from Vonage, among a number of others.
40
ENUM
 ENUM:
maps e164 international
telephone numbers into DNS:
 +1 703 886 1690 becomes
 0.9.6.1.6.8.8.3.0.7.1.e164.arpa
 And the lookup produces a SIP address
or other Internet destination (web page,
email address) or fax or telephone
number, etc.
41
Search Engines
 Google,
YAHOO!, Alta-Vista, etc.
 Systems scan billions of web pages, index
them according to text content, rank order
them (e.g. by number of hyperlinks pointing to
the page) and respond to search queries.
 Enormous experimentation with advertising
mechanisms – Google instant auctions, etc.
42
Portals
 AOL,
YAHOO!, MSN, Corporate ebusiness
portals, directory services
 These are web sites intended to guide users
to resources, to perform services for them.
 FEDEX, UPS, DHL package tracking
systems; Airline flight status information
 Travel and shopping services
 Business to Business and Business to
Consumer services
43
GRID Computing
 Open
Grid Standard Architecture
(OGSA)
 Virtualize computing, networking and
storage resources; allow computer
services to register and be “discovered”
in directories.
 Potential to create network-based
supercomputing capability at low cost
44
Security
 Many
layers of vulnerability and security
responses
 Denial of Service Attacks (DOS)
– Direct attack against routers, DNS servers,
hosts
– Many avenues: IP, TCP, HTTP, operating
system holes…)
– Ordinary overload sometimes not
distinguishable from DOS attack
45
Security (cont.)
 Distributed
Denial of Service (DDOS)
– Compromise of many hosts
– Remote control to launch attacks
– Always-on DSL and Cable Modem services
expose user computers to co-opting
– self propagating software
 Viruses – piggy back on email, eg.
 Trojan Horses – code embedded into
operating system or application software
 Worms
46
Security (cont.)
 Mitigation
– Firewalls including personal firewalls (but
not sufficient)
– ISP DOS detection and mitigation
– Virus filters in email relays
– “BOT” detectors (system scanning
software)
– Cyber-hygiene (periodically)
47
Wireless Access
 WiFi
(IEEE 802.11a,b,g,i, etc.)
 WiMax (IEEE 802.16)
 3G (mobiles)
 GPRS (mobiles)
 VSATS (satellite)
 Hotspots, SIP/WiFi telephones
48
Evolution of Low Level Services
 Quality
of Service (QOS)
 IPv6
 Domain
Name System Security
(DNSSEC) – many technical questions
 Secure Routing (SBGP) – many
technical questions
 Intrusion Detection and Mitigation
Services
49
GRAND Collaboration
 Hardware
and software makers
 Internet Service Providers, Corporate
and institutional Internets
 Broadband and Wireless Access
Providers (mobiles, hotspots,…)
 Domain Name Registries, Registrars,
Resellers
50
Grand Collaboration
 Root
Server Operators
 Regional Internet Registries (ARIN,
LACNIC, RIPE-NCC, APNIC,
[AFRINIC]) and the Number Resources
Organization (NRO)
 Web Application Service providers
 Hosting service centers
51
Grand Collaboration
 ICANN
– Generic Domain Name Support Org (GNSO)
– Country Code Domain Name SO (ccNSO)
– Address Support Organization (ASO/NRO)
– Gov’t Advisory Committee (GAC)
– Security+Stability Advisory Comm (SSAC)
– Root Server System Advisory Comm (RSSAC)
– At Large Advisory Comm (ALAC) + Regional At Large
Organizations (RALO)
– Standing Committees (audit, finance, governance,
nominations…)
52
Grand Collaboration
 Internet
Society (ISOC)
 Internet Architecture Board (IAB)
 Internet Engineering Task Force (IETF)
 Internet Engineering Steering Group
(IESG)
 Internet Research Task Force (IRTF)
53
Grand Collaboration
 International
Telecommunications Union
– ITU-T, ITU-D
 United
Nations
– UN Development Program, Food and
Agriculture Organization (!), UN
Information and Communications
Technology Task Force, UNESCO,
ECOSOC, …
54
Grand Collaboration
 Professional
Societies
– IEEE, ACM, IEE, …
 International
Chamber of Commerce
 World Intellectual Property Organization
 And many more!
55
Internet Policy


Many layers – see papers by Lawrence Solum, Larry
Lessig and Richard Whitt
Extremely Broad
–
–
–
–
–
–
–
–
–
Technical Policy (address alloc, DNS integrity, …)
Intellectual property protection
Consumer protection (fraud, libel…)
Abuse (child pornography, drugs…)
Dispute Resolution (business, consumer…)
Privacy
Censorship
Freedom of speech
…
56
Recommendation
 Identify
Issues and concerns FIRST
 Develop a Taxonomy of issues
 THEN consider venues in which issues
and policy concerns can be address
 Humbly but strongly urge that the policy
issues be viewed IN LAYERED form to
understand constituent responsibilities
57
Last Note
 Governance
does not mean
government
 It INCLUDES government where this is
appropriate but it is a distributed, multilayer responsibility involving private,
public sectors and civil society in a wide
variety of ways.
58