The network management protocol
Download
Report
Transcript The network management protocol
CCM 4300 Lecture 6
Computer Networks: Operation and
Application
Dr E. Ever
School of Computing Science
1
Session Content
I
||| Recap of last session
||| introduction to network management
- motivation
- major components
||| Internet network management framework
- MIB: management information base
- SMI: data definition language
- SNMP: protocol for network management
- security and administration
2
Session Content II
||| Introduction to Electronic-mail system
||| Simple Mail Transport Protocol (SMTP)
- overview
- message formats and representation
||| Mail Access protocols
- overview of POP3 and IMAP
||| Domain Name server
3
Lesson objectives
At the completion of this lesson you should be able to
- define and describe what is Network Management
- understand the functions and protocols of network
management
- FCAPS SNMP
- understand the Internet-mail system
- understand what DNS is
- describe different method of finding
addresses from the Internet directory server
4
What is network management?
||| Network Management as a term has many definitions
dependent on whose operational function is in question
(i.e. fault management, accounting management, etc)
Network management includes the deployment, integration, and
coordination of the hardware, software, and human elements to
monitor, test, poll, configure, analyse, evaluate and control the
network and element resources to meet the real-time, operational
performance, and Quality of Service (QoS) requirements at a
reasonable cost.
Computer Networking: A Top-Down Approach Featuring the Internet 2007
5
What is network management? - cont
Network management is the process of operating, monitoring,
controlling the network to ensure it works as intended and
provides value to its users.
Business Data Communications and Networking 2006
||| In general, network management is a service that employs a variety
of tools, applications, and devices to assist human network
managers in monitoring and maintaining networks.
||| The aim of Network Management is to ensure an almost 100%
availability of the network resources.
6
Why is network management important?
||| autonomous systems: 100s or 1000s of interacting hardware/software
components
||| other complex systems requiring monitoring, control:
- jet airplane
- nuclear power plant
What can network management
be used to ensure 100% service?
Failure of an interface card
Host monitoring
Monitoring traffic to aid in
resource deployment
Monitoring of Service Level
Agreements (SLAs)
Intrusion Detection
7
ISO - FCAPS
||| The International Organization for Standardization (ISO) defined a
conceptual model for describing the key functional areas of network
management as described in the X.700:
||| The OSI system management framework provides:
- an overall management model
- a generic information model
- guidelines for the definition of managed objects and
- a management protocol for the purpose of exchanging
management information between two open system
||| The Management Functions have been classified into Five Management
Functional Areas: Fault Management; Configuration Management;
Accounting Management; Performance Management; Security
Management (FCAPS)
8
ISO – FCAPS - cont
||| Fault Management: provides facilities that allow network managers to
discover faults in managed devices, the network, and network operation, to
determine their cause and to take remedial action (i.e. log, detect and
respond) To enable this, fault management provides mechanisms to:
- report the occurrence of faults
- log reports
- perform diagnostic tests
- correct faults (possibly automatically)
||| Configuration Management: allows a network manager to track which
devices are on the managed network and the hardware and software
configuration of these devices.
9
ISO – FCAPS – cont…..
||| Accounting Management: measures network utilisation of individual users
or groups to:
- Provide billing information
- Regulate users or groups
- Help keep network performance at an acceptable level
||| Performance Management: measures various aspects of network
performance including the gathering and analysis of statistical data about the
system so that it may be maintained at an acceptable level (e.g. throughput).
Performance management provides the ability to:
- obtain the utilisation and error rates of network devices
- provide a consistent level of performance by ensuring that devices
have a sufficient capacity.
||| Security Management: controls access to network resources so that
information can not be obtained without authorisation [e.g. firewall, intrusion
detection system (IDS), etc]
10
Infrastructure for network management
||| Using human analogy as an example to understand the infrastructure
needed for network management
Director of
Company
Branch
Manager
The Branch
Offices
activities
budget
productivity
11
Infrastructure for network management - cont
||| There are three principle components of a network management
architecture:
the managing entity (the boss): locus of activity for network management
- it controls collection, processing, analysis, and/or display of
network management information
the managed device (the branch office): piece of network equipment
(including software) that resides on a managed network
- host, router, printer, etc….
- within managed device, there may be managed objects (e.g. NIC)
- managed objects information stored in Management Information
Base (MIB)
- resident in each managed device is a network management
agent (the branch manager)
The network management protocol (standard reports and one-on-one
dialogues): runs between the managing entity and managed devices
12
Infrastructure for network management - cont
managing entity
managing
entity
agent data
data
network
management
managed devices contain
managed device managed objects whose
data is gathered into a
Management Information
agent data
Base (MIB)
managed device
protocol
agent data
agent data
managed device
managed device
13
Question?
Which of the following are not functions of
network management?
A. Fault Management
B. Control Management
C. Configuration Management,
D. Process Management
E. Performance Management
14
Network Management standards
OSI CMIP (Common
Management Information
Protocol) - defined by the Int.
The Internet SNMP: Simple Network
Management Protocol
||| Internet roots - Simple Gateway
Monitoring Protocol (SGMP) allows
commands to be issued to application
protocol entities to set or retrieve values
(integer or octet string types) for use in
monitoring the gateways on which the
application protocol entities reside
||| started simple
||| deployed, adopted rapidly
||| growth: size, complexity
||| currently: SNMP V3
||| de facto network management
standard
Telecom. Union ITU -T X.700
||| Common Management
Information Protocol
||| designed 1980’s in
competition with SNMP: the
unifying network management
standard
||| too slowly standardised
because of the complexity and
resource requirements of its
agents and management
systems
Both are designed to be independent of vendor-specific products and
networks
15
SNMP overview
||| Simple Network Management Protocol is an
Application layer protocol.
||| Part of the TCP/IP protocol suite.
||| Basic Components of SNMP (i.e. modular by
design):
Manager
Agent
Management Information Base (MIB)
16
SNMP overview - cont
SNMP Management Station
SNMP Agent
MIB
MIB
Management
Application
1
2
3
4
Managed Resources
SNMP Managed
Objects
1
5
2
3
4
SNMP Manager
SNMP Agent
UDP/TCP
UDP/TCP
5
IP
IP
Network dependent protocols
Network dependent protocols
Network
Or Internet
1. GetRequest
2. GetNextRequest
3. SetRequest
4. GetResponse
5. Trap
17
SNMP overview - cont
When describing any framework for network
management need to address:
||| What (from a semantic view point) is being
monitored? And what form of control can be
exercised by the network administrator
||| What is the specific form of the information that will
be reported and/or exchanged
||| What is the communication protocol for exchanging
this information?
18
SNMP overview: 4 key parts
||| Management information base (MIB):
- distributed information store of network management
data (no. of IP datagram discarded, CSMA errors in
an NIC, descriptive info. of software version, etc.)
||| Structure of Management Information (SMI):
- data definition language for MIB objects (i.e. data
types, rules for writing and revising info, etc)
||| SNMP protocol
- convey manager<->managed object info, commands
||| Security, administration capabilities
- major addition in SNMPv3
19
Management Information Base (MIB)
||| Database containing the information about the elements to be managed.
||| MIBs use the notation defined by ASN.1(Abstract Syntax Notation One)
- A standard and flexible notation that describes data structures for
representing, encoding, transmitting, and decoding data [similar to
Extensible Markup Language (XML) ]
Structure of Management Information Version 2 (SMIv2)" RFC 2578
||| Each resource to be managed is referred as an object.
||| Network manager monitors the resource by reading the values of the
objects and controls the objects by modifying these values.
||| Associated with each object in the MIB is an identifier called the
OBJECT IDENTIFIER.
-It is used for naming the object.
-It is a unique identifier for a particular object type and
its value consists of a sequence of numbers.
20
Object Identifiers (OIDs)
||| OID is a numeric string that is used to uniquely identify an object:
- It is created by self-extending a private enterprise
number that an institution has acquired.
||| Typical objects that can be identified using OIDs include attributes
in MIBS for network management and encryption algorithms:
- Example, as the university defines attributes for local
use within directories it will need OID’s to identify these
attributes.
||| OIDs are a managed hierarchy starting with ISO and ITU
(International Telecommunication Union):
- ISO and ITU delegate OID management to organizations
by assigning them OID numbers; these organizations can
then assign OIDs to objects or further delegate to other
organizations.
21
Object Identifiers (OIDs) - continued
||| OIDs are associated with objects in protocols and data
structures defined using ASN.1:
- OIDs that define data structures and protocol elements
are generated and processed by client and server
software.
||| OIDs are intended to be globally unique:
- They are formed by taking a unique numeric string
(e.g. 1.3.5.7.9.24.68) and adding additional digits in a
unique fashion
> e.g. 1.3.5.7.9.24.68.1, 1.3.5.7.9.24.68.2,
1.3.5.7.9.24.68.1.3, etc.)
||| An institution will acquire an arc (e.g. 1.3.5.7.9.24.68) and then
extend the arc (called subarcs) as indicated above to create
additional OID’s and arcs. There is no limit to the length of an
OID, and virtually no computational burden to having a long OID
22
Example of Request-Response Message
SNMP Manager
SNMP Agent
Application Layer (SNMP)
Application Layer (SNMP)
Transport Layer (UDP)
Transport Layer (UDP)
Network Layer (IP)
Network Layer (IP)
Data Link Layer (10BaseT)
Data Link Layer (10BaseT)
Transmission Medium
Manager requires Agent's System Name and prepares a GET message for the
appropriate OID. It then passes the message to the UDP layer. The UDP layer
adds a data block that identifies the manager port to which the response packet
should be sent and the port on which it expects the SNMP agent to be listening
for messages. Packet is then passed to the IP layer, where a data block with IP
and MAC addresses of the manager and the agent is added before assembled
packet passes to the Data Link layer. The Data Link layer verifies media access
and availability and places the packet on the media for transmission
23
Example of Request-Response Message
SNMP Manager
SNMP Agent
Application Layer (SNMP)
Application Layer (SNMP)
Transport Layer (UDP)
Transport Layer (UDP)
Network Layer (IP)
Network Layer (IP)
Data Link Layer (10BaseT)
Data Link Layer (10BaseT)
Transport Medium
Packet arrives at the agent. Passes through the same four layers in exactly the
opposite order to the SNMP manager. It is extracted from the media. After
confirming the packet is intact and valid, the Data Link layer passes it to IP
layer. IP layer verifies MAC and IP address, passes it on to UDP layer where
the target port is checked for connected applications. If an application is
listening at the target port, the packet is passed to the Application layer. If the
listening application is the SNMP agent, the GET request is processed. The
agent response then follows the identical path in reverse to reach the manager.
24
MIB example: UDP module
Object ID
(OID)
Name
Position of OID
in MIB
Comments
1.3.6.1.2.1.7.1
UDPInDatagrams
Counter32
# total datagrams
delivered at this
node
1.3.6.1.2.1.7.2
UDPNoPorts
Counter32
# underliverable
datagrams
1.3.6.1.2.1.7.3
UDInErrors
Counter32
# undeliverable
datagrams; all
other reasons
1.3.6.1.2.1.7.4
UDPOutDatagrams
Counter32
# datagrams sent
1.3.6.1.2.1.7.5
udpTable
SEQUENCE of
IDPEntry
# one entry for
each port in use
by app; gives port
and IP addresses
25
SNMP Naming
question: how to name every possible standard object
(protocol, data, more..) in every possible network
standard??
answer: ISO Object Identifier tree:
hierarchical naming of all objects: they are,
basically, strings of numbers allocated in a
hierarchical manner
each branch point has name, number
1.3.6.1.2.1.7.1
ISO
ISO-ident. Org.
US DoD
Internet
udpInDatagrams
UDP
MIB2
management
26
OSI Object Identifier (OID) Tree
Arcs of OID tree
1 - ISO assigned OIDs
1.3 - ISO Identified Organization
1.3.6 - US Department of Defence
1.3.6.1 - OID assignments from
Internet
1.3.6.1.2 - IETF (Internet
Engineering Task Force)
Management
1.3.6.1.2.1 - SNMP MIB2
1.3.6.1.2.1.7 - udp
1.3.6.1.2.1.7.1 – udpInDatagrams
(Total number of UDP datagrams
delivered to UDP users
udpInErrors(3)
udpTable(5)
udpInDatagrams (1)
udpNoPorts (2)
udpOutDatagrams (4)
27
SNMP protocol
Two ways to convey MIB info, commands:
•The trap message is sent by the management
agent to the managing entity (and requires no
response from the managing entity).
•A request-response message is sent by the
managing entity, with the response coming back
from the management.
28
SNMP protocol
Two ways to convey MIBOverhead?
info, commands:
managing
entity
request
response
managing
entity
Lost Messages?
trap msg
Response time?
agent data
Managed device
request/response mode
agent data
Managed device
trap mode
29
SNMPv2 protocol: message types
Message type (PDU
Protocol data unit )
GetRequest
GetNextRequest
GetBulkRequest
InformRequest
SetRequest
Response
Trap
Function
Mgr-to-agent: “get me data”
(instance,next in list, block)
Mgr-to-Mgr: here’s MIB value
Mgr-to-agent: set MIB value
Agent-to-mgr: value, response to
Request
Agent-to-mgr: inform manager
of exceptional event
30
SNMP security and administration
||| SNMP v1 and v2 implementations employ plaintext passwords,
known as “community strings,” to enable authentication services
Use of plaintext is inherently insecure. It allows an
eavesdropper to run a sniffer, learn the SNMP community
string and “become” an administrator. In turn, the
eavesdropper can perform any action permitted by SNMP,
including the manipulation of network devices.
||| SNMPv3 adds security to the protocol -- not as a replacement
for earlier versions of SNMP, but as an added feature set.
||| SNMPv3's security header implements the User Security Model
(USM), which provides confidentiality, integrity, authentication
and access control for network management communications.
31
SNMP security and administrationcontinued
||| Confidentiality is provided through the use of Data Encryption Standard
(DES) which is quite an advantage over plaintext.
||| Integrity service is provided through the use of the Hashed Message
Authentication Code algorithm in conjunction with one of two secure hash
functions:
MD5 [a 128-bit message digest from data input (which may be a
message of any length) that is as unique to that specific data as a
fingerprint is to the specific individual] or
the Secure Hash Algorithm (SHA-1). Hash algorithms compute a
fixed-length digital representation (known as a message digest) of an
input data sequence (the message) of any length. e.g., the domain is
"flattened" and "chopped" into "words" which are then "mixed" with one
another using carefully chosen mathematical functions.
Use of the hashes ensures that the SNMP devices know the
communication wasn't altered while in transit (either accidentally or
maliciously).
32
SNMP security and administrationcontinued
||| SNMPv3's User Security Model (USM) also allows for user-based
authentication and access control.
||| Administrators can create specific accounts for each SNMP user
and grant privileges through those user accounts:
For example, you might grant an operator the ability to monitor
device status, but reserve modification privileges for network
engineers. This has a significant impact on the security of the
system by increasing accountability for user actions. It also
facilitates the exclusion of a user from the system without
requiring the reconfiguration of all SNMP devices
33
Have a 10 min break
34
Email: an introduction
||| Electronic mail (or e-mail) was one of the earliest applications on the
Internet and is still among the most heavily used today
||| From a general perspective, e-mail refers to the concept of creating,
sending, and storing messages or documents electronically.
||| Why is e-mail more popular then your regular “snail mail”?
?
1. Fast delivery compared to regular post and can include HTML
formatted text, images, sound and even video
2. Cost – e-mail cost virtually nothing compared to regular post or
telephone call charge
3. E-mail can substitute for the telephone – avoiding the process
of repeatedly exchanging voice mail messages
4. Effective for people working in different time zones.
35
Email Introduction - cont
||| Nearly every computer system has a program that servers as an
interface for e-mail service called user agents (sometimes referred to as
e-mail reader)
- compose, read, save, forward, etc
||| In addition, a local system’s e-mail service also supports background
process
- how incoming and outgoing e-mail messages are stored
- how users are presented with incoming e-mail
- how often delivery of out going messages is attempted
||| The only activity that is not performed by the local user agent is
message delivery across a network, which is defined by a mail
application protocol
||| Three commonly used standard for message delivery are SMTP (Simple
Mail Transfer Protocol), X.400 and Common Messaging Calls (CMC)
36
Internet–mail system
||| Three major components: user
agent, mail servers, and the
SMTP
Mail Servers
||| mailbox contains incoming
messages (yet to be read) for user
||| message queue of outgoing (to be
sent) mail messages
||| smtp protocol between mail
servers to send email messages
(i.e. two sides a client side and
server side)
- client: sending mail server
- “server”: receiving mail
server
user
agent
mail
server
SMTP
SMTP
mail
server
user
agent
SMTP
user
agent
mail
server
user
agent
user
agent
user
agent
Outgoing message queue
37
User mailbox
Electronic Mail - user agent
Remember: Three major
components:
user agents
mail servers
simple mail transfer protocol:
SMTP
User Agent (UA)
also called “mail reader”
composing, editing, reading mail
messages;
e.g., Eudora (e-mail client used on MS
Windows and Apple Mac operating
systems), Outlook, elm (e-mail client
used on Unix), Netscape Messenger
outgoing, incoming messages stored
on server
user
agent
outgoing
message queue
user mailbox
mail
server
SMTP
SMTP
mail
server
user
agent
SMTP
user
agent
mail
server
user
agent
user
agent
user
agent
38
Electronic Mail: mail servers
user
agent
Mail Servers
mailbox contains incoming
messages for user
message queue of
outgoing (to be sent) mail
messages
SMTP protocol between
mail servers to send email
messages
client: sending mail
server
“server”: receiving
mail server
mail
server
SMTP
SMTP
mail
server
user
agent
SMTP
user
agent
mail
server
user
agent
user
agent
user
agent
39
Electronic Mail: SMTP [RFC 2821]
||| Uses TCP to reliably transfer e-mail message from client to server, port
|||
|||
|||
|||
25
Direct transfer: sending server to receiving server
(i.e. does not normally use intermediate mail servers)
Three phases of transfer
SMTP
- handshaking (greeting)
- transfer of messages
Closure
mail
mail
server
server
Internet
Command/response interaction
- commands: ASCII text
- response: status code (HTTP response)
and phrase (a three-digit number)
Messages must be in TEXT, TEXT DOS or 7-bit ASCII
(American Standard Code for Information Interchange) - meaning it uses
patterns of seven binary digits (a range of 0 to 127 decimal) to represent
each character - 1 extra bit for parity digit or check bit
40
Basic Operation of SMTP
SMTP
mail
Alice’s mail
server
server
mail
Internet
Bart’s mail
server
server
Alice
invokes her user agent for e-mail, provides e-mail address (e.g. bart@
mdx.ac.uk) compose and then sends the message via user agent
Alice’s
user agent sends message to her email server - placed in a message queue
The client side of SMTP opens a TCP connection to an SMTP server
After
some initial SMTP handshaking, the SMTP client sends Alice’s message into
the TCP connection
At
Bart’s mail server host, the server side of SMTP receives the message - places
the message in Bart’s mailbox
Bart invokes his user agent to read the message at his convenience
41
Sample SMTP Interaction
||| Example transcript between client (C) {[email protected]} and server (S)
{[email protected]} as soon as the TCP connection is established
S: 220 tim.mdx.ac.uk
C: HELO laa.ly
S: 250 Hello laa.ly, pleased to meet you
C: MAIL FROM: <[email protected]>
S: 250 [email protected]... Sender ok
C: RCPT TO: < tim @mdx.ac.uk>
S: 250 [email protected] ... Recipient ok
C: DATA
S: 354 Enter mail, end with "." on a line
C: Do you like ketchup?
C: How about pickles?
C: .
S: 250 Message accepted for delivery
C: QUIT
S: 221 [email protected] closing connection
||| Commands issued by client:
HELO – identifies SMTP sender to SMTP
receiver
MAIL FROM – begins mail exchange by
identifying originator
RCPT TO – identifies mail recipient
DATA – signifies message follows
QUIT – Ends current session
||| Reply codes issued by server:
220- Service ready
221- Closing transmission
250 – Requested action ok
354 – end with <crlf>.<crlf>
42
Scenario 2: Alice sends message to Bob
1) Alice uses UA to compose
message “to”
[email protected]
4) SMTP client sends Alice’s
message over the TCP
connection
5) Bob’s mail server places the
message in Bob’s mailbox
6) Bob invokes his user agent to
read message
2) Alice’s UA sends message to
her mail server; message
placed in message queue
3) Client side of SMTP opens
TCP connection with Bob’s
mail server
1
user
agent
2
mail
server
3
mail
server
4
5
6
user
agent
43
Sample SMTP interaction
S:
C:
S:
C:
S:
C:
S:
C:
S:
C:
C:
C:
S:
C:
S:
220 mdx.ac.uk
HELO clubs.ly
250 Hello clubs.ly, pleased to meet you
MAIL FROM: <[email protected] >
250 [email protected]... Sender ok
RCPT TO: <[email protected] >
250 [email protected] ... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Hi, my name is …..
how about if we meet in ….
.
250 Message accepted for delivery
QUIT
221 mdx.ac.uk closing connection
44
SMTP: Recap
SMTP uses persistent
connections – i.e., using the
Comparison with HTTP:
same TCP connection to send
and receive multiple HTTP
requests/responses, as opposed
to opening a new connection for
every single request/response
pair
HTTP: pull while SMTP: push
both have ASCII
command/response
interaction, status codes
HTTP: each object encapsulated
in its own response msg
SMTP: multiple objects sent in
multipart msg
SMTP requires message
(header & body) to be in 7bit ASCII
SMTP server uses
CRLF.CRLF(Carriage Return
and Line Feed) to determine
end of message because the
dialogue is character based
45
Mail message format
SMTP: protocol for exchanging
email msgs
RFC 822: standard for text
message format:
header lines, e.g.,
To:
From:
Subject:
header
blank
line
body
different from SMTP
commands!
body
the “message”, ASCII
characters only
46
Message format: multimedia extensions
MIME: Multimedia Mail Extension, RFC 2045, 2056
additional lines in msg header declare MIME content type
MIME version
method used
to encode data
multimedia data
type, subtype,
parameter declaration
encoded data
From: [email protected]
To: [email protected]
Subject: Picture of yummy crepe.
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Type: image/jpeg
base64 encoded data .....
.........................
......base64 encoded data
MIME: Multipurpose Internet Mail Extensions
47
MIME(Multipurpose Internet Mail
Extensions)Types
||| The Content-Type field is used to specify the nature of the data in the
body of a MIME entity, by giving the media type and subtype names.
||| Currently there are 7 top-level types defined:
||| Application
||| Text
- textual information
||| Image
- image data
||| Audio
- audio data
||| Video
- video data
- any application-specific data
that doesn't fall into the previous
categories
||| Multipart
- an encoding that allows
multiple items, potentially of
different types, to be
concatenated together (this is
how mail messages with
attachments are sent)
||| Message
- an e-mail message, mostly
used with the RFC822 subtype
48
MIME(Multipurpose Internet Mail
Extensions)Types - continued
||| For each of the 7 types, there is a list of associated subtypes, such as text/html,
text/xml and text/plain that are dependent on the top type. Five of these types is as
follows:
||| Text
- example subtypes: plain,
html
||| Image
- example subtypes: jpeg,
gif
||| Audio
- requires an audio output
device to render the contents
- example subtypes: basic (8bit mu-law encoded), 32kadpcm
(32 kbps coding)
||| Video
- example subtypes: mpeg,
quicktime
||| Application
- other data that must be
processed by reader before
“viewable”
- example subtypes:
msword. mspowerpoint, etc
49
Multipart Type
||| Just as a web page, an e-mail message can contain many objects too
||| Internet e-mail, places all the objects (or “parts”) in the same message
||| When multimedia message contains more than one object (e.g.
images, ASCII text and some images), the message typically has
Content-type: multipart/mixed
||| This content type header line indicates to the receiving agent that the
message contains multiple objects
||| Receiving agent needs a means to determine
- where each object begins
- how each non ASCII was transfer-encoded
- the content type of each message
||| This is done by placing boundary characters between each object and
preceding each object in the message with Content-type and ContentTransfer-Encoding: header lines
50
Multipart Type - cont
||| Example showing some ASCII text, followed by JPEG image, and more ASCII text
From: [email protected]
To: [email protected]
Subject: Picture of yummy crepe.
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary=StartofNextPart
-- StartofNextPart
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
Dear Bob,
Please find a picture of a crepe.
-- StartofNextPart
Content-Transfer-Encoding: base64
Content-Type: image/jpeg
base64 encoded data .....
......base64 encoded data
-- StartofNextPart
Let me know if you would like the recipe .
51
Mail access protocols
user
agent
SMTP
SMTP
sender’s mail
server
access
protocol
user
agent
receiver’s mail
server
SMTP: delivery/storage to receiver’s server
Mail access protocol: retrieval from server
Application-layer Internet standard protocol used by local e-mail
clients to retrieve e-mail from a remote server over a TCP/IP
connection.
POP: Post Office Protocol [RFC 1939]
authorisation (agent <-->server) and download
IMAP: Internet Mail Access Protocol [RFC 1730]
more features (more complex)
manipulation of stored msgs on server
HTTP: Hotmail , Yahoo! Mail, etc.
52
POP3 protocol
authorisation phase
client commands:
user: declare
username
pass: password
server responses
+OK
-ERR
transaction phase, client:
list: list message numbers
retr: retrieve message by
number
dele: delete
quit
S:
C:
S:
C:
S:
C:
S:
S:
S:
C:
S:
S:
C:
C:
S:
S:
C:
C:
S:
+OK POP3 server ready
user bob
+OK
pass hungry
+OK user successfully logged
list
1 498
2 912
.
retr 1
<message 1 contents>
.
dele 1
retr 2
<message 1 contents>
.
dele 2
quit
+OK POP3 server signing off
53
on
POP3 (more) and IMAP
More about POP3
Previous example uses
“download and delete”
mode.
Bob cannot re-read email if he changes client
“Download-and-keep”:
copies of messages on
different clients
POP3 is stateless across
sessions
IMAP
Keep all messages in one
place: the server
Allows user to organise
messages in folders
IMAP keeps user state
across sessions:
names of folders and
mappings between
message IDs and folder
name
54
Secure e-mail
• Alice wants to send secret e-mail message, m, to Bob.
KS
m
KS
.
KS( )
+( )
KB
.
K+B
KS(m )
KS(m )
+
KB+(KS )
Internet
KB+(KS )
.
KS( )
m
KS
K- ( )
K-B
B
.
• generates random symmetric private key, KS.
• encrypts message with KS
• also encrypts KS with Bob’s public key.
• sends both KS(m) and eB(KS) to Bob.
55
Secure e-mail (continued)
• Alice wants to provide sender authentication message
integrity.
+
-
KA
m
H(.)
-
.
KA( )
-
-
KA(H(m))
KA(H(m))
+
Internet
m
KA
+
.
KA( )
m
H(m )
compare
.
H( )
H(m )
• Alice digitally signs message.
• sends both message (in the clear) and digital signature.
56
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication,
message integrity.
-
KA
m
.
H( )
-
.
KA( )
-
KA(H(m))
+
KS
.
KS( )
+
m
KS
+
.
K B( )
+
Internet
+
KB(KS )
KB
Note: Alice uses both her private key, Bob’s public key.
57
Have a 5 min break
58
DNS: Domain Name System
People: many identifiers:
SSN, name, passport #
Internet hosts, routers:
IP address (32 bit) used for addressing
datagrams
“name”, e.g.,
ww.yahoo.com - used
by humans
Q: map between IP
addresses and name ?
Domain Name System:
distributed database
implemented in hierarchy of
many name servers
application-layer protocol
host, routers, name servers
to communicate to resolve
names (address/name
translation)
note: core Internet
function, implemented
as application-layer
protocol
complexity at network’s
“edge”
59
DNS
DNS services
Hostname to IP address
translation
Host aliasing
Canonical and alias
names
Mail server aliasing
Load distribution
Replicated Web
servers: set of IP
addresses for one
canonical name
Why not centralise DNS?
single point of failure
traffic volume
distant centralised database
maintenance
doesn’t scale!
60
Distributed, Hierarchical Database
Root DNS Servers
com DNS servers
yahoo.com
amazon.com
DNS servers DNS servers
org DNS servers
pbs.org
DNS servers
edu DNS servers
ucl.ac.uk
ucla.edu
DNS serversDNS servers
Client wants IP for www.amazon.com; 1st approx:
Client queries a root server to find com DNS server
Client queries com DNS server to get amazon.com DNS
server
Client queries amazon.com DNS server to get IP
address for www.amazon.com
61
DNS: Root name servers
contacted by local name server that can not resolve name root name server:
There are currently 13 root name servers specified, with names in the form
letter.root-servers.net
contacts authoritative name server if name mapping not known
gets mapping
returns mapping to local name server
a Verisign, Dulles, VA
c Cogent, Herndon, VA (also Los Angeles)
k RIPE London (also Amsterdam,
d U Maryland College Park, MD
Frankfurt)
g US DoD Vienna, VA
i Autonomica, Stockholm (plus 3
h ARL Aberdeen, MD
other locations)
j Verisign, ( 11 locations)
m WIDE Tokyo
e NASA Mt View, CA
f Internet Software C. Palo Alto,
CA (and 17 other locations)
13 root name
servers worldwide
b USC-ISI Marina del Rey, CA
l ICANN Los Angeles, CA
62
TLD and Authoritative Servers
Top-level domain (TLD) servers: responsible for
com, org, net, edu, gov, int, etc, and all top-level
country domains uk, fr, ca, jp, ly.
Network solutions maintains servers for com TLD
Educause for edu TLD
Authoritative DNS servers: organisation’s DNS
servers, providing authoritative hostname to IP
mappings for organisation’s servers (e.g., Web and
mail).
Can be maintained by organisation or service
provider
63
Local Name Server
Does not strictly belong to hierarchy
Each ISP (residential ISP, company, university)
has one.
Also called “default name server”
When a host makes a DNS query, query is sent
to its local DNS server
Acts as a proxy, forwards query into hierarchy.
64
Types of queries
root DNS server
recursive query:
puts burden of name
resolution on contacted
name server
heavy load?
iterative query:
contacted server replies
with name of server to
contact
“I don’t know this name,
but ask this server”
2
3
7
6
TLD DNS server
local DNS server
dns.cs.mdx.ac.uk
1
5
4
8
authoritative DNS server
dns.cs.ucl.ac.uk
requesting host
cs.mdx.ac.uk
gaia.cs.umass.edu
65
Example
root DNS server
Host at cs.mdx.ac.uk
wants IP address for
bob.cs.ucl.ac.uk
2
3
TLD DNS server
4
5
local DNS server
dns.mdx.ac.uk
1
8
7
6
authoritative DNS server
dns.cs.ucl.ac.uk
requesting host
cs.mdx.ac.uk
bob.cs.ucl.ac.uk
66
DNS: caching and updating records
once (any) name server learns mapping, it caches mapping
cache entries timeout (disappear) after some
time
TLD servers typically cached in local name
servers
Thus root name servers not often visited
update/notify mechanisms under design by IETF
RFC 2136
http://www.ietf.org/html.charters/dnsind-charter.html
67
DNS protocol, messages
DNS protocol: query and reply messages, both with
same message format
msg header
identification: 16 bit # for query,
reply to query uses same #
flags:
query or reply
recursion desired
recursion available
reply is authoritative
Resource Records (RR)
68
DNS protocol, messages
Name, type fields
for a query
RRs in reponse
to query
records for
authoritative servers
additional “helpful”
info that may be used
69
Inserting records into DNS
Example: just created startup “Network Consultancy firm”
Register name networkconsultancyfirm.co.uk at a registrar (e.g.,
Network Solutions)
Need to provide registrar with names and IP addresses of your
authoritative name server (primary and secondary)
Registrar inserts two RRs into the co.uk TLD server:
(networconsultancyfirm.co.uk,
dns1.networconsultancyfirm.co.uk, NS)
(dns1. networconsultancyfirm.co.uk, 212.212.212.1, A)
Put in authoritative server Type A record for www.
networkconsultancyfirm.co.uk.com and Type MX record for
networkconsultancyfirm.co.uk
How do people get the IP address of your Web site?
70
How do people get the IP address of your
Web site?
Finding an IP can be as easy as looking at the full headers of
email that they've sent you, or monitoring network connections for
certain types of instant messaging and chat applications. Web sites
routinely get IP address information for all visitors. The very nature
of how the internet works dictates that when two computers talk to
each other, they know each other's IP addresses.
But once an IP address is received, what can you tell about it?
Some IP's are easy - they're static, and have a DNS name
associated with them. For example, in a Windows XP
Command Shell, enter the following command:
ping -a 17.254.3.183
The “-a” switch tells ping to do a “reverse DNS lookup”,
and print the first domain name it finds associated with the
IP address you've specified.
71
How do people get the IP address of your
Web site? - continued
If the ping doesn't return a domain name, we then go to ARIN (American
Registry for Internet Numbers) and use their IP “whois” tool:
If an IP address, e.g., 206.124.145.17 is entered, we'll find that it's part of a
block of addresses assigned to an ISP. To determine who actually uses that
IP address the ISP is contacted, otherwise, the physical location of a
machine at a specific IP address is not easy to determine.
(CIDR? VLSM?)
An IP address may, or may not, identify a specific computer. In many
cases, such as large corporations, it identifies a gateway that acts as a
router or proxy for any number of computers:
Behind the gateway, the computers can all see each other, but from
the Internet the individual machines are indistinguishable from each
other ... they all look like they come from the same IP address.
Same is true when using a router at home. You might have any
number of computers behind it, but from the internet, it appears as if you
have only one IP address. Your individual computers are not directly
accessible by default.
72