Notes On Computer Networks: Bob Dickerson January 2005
Notes On Computer Networks: Bob Dickerson January 2005
Notes On Computer Networks: Bob Dickerson January 2005
Bob Dickerson
January 2005
Preface
These notes formed the main material for a one semester Computer Science course on networks. The
course was last taught in the academic year 2005–6. The course was primarily about the Internet, the
TCP/IP protocol family. The rest of the preface is part of the original written for the course (or “elective
module” as it was called) and it tries to show how the material in these notes relates to the units that made up
the course, and references to sections or chapters in books that provide better, or alternative, explanations.
1. Douglas E. Comer. Computer Networks and Internets with Internet Applications. Prentice Hall,
fourth edition, 2003. Good introduction, mainly TCP/IP, some stuff on data transmission.
2. James F. Kurose and Keith W. Ross. Computer Networking: A Top-Down Approach Featuring the
Internet. Addison-Wesley, third edition, 2005. Good introduction, has some deeper treatment, no
data transmission stuff.
3. L. L. Peterson and B. S. Davie. Computer networks, a systems approach. Morgan Kaufman, third
edition, 2003. Good introduction, practical implementation examples, mainly TCP/IP, not much on
data transmission stuff.
4. William Stallings. Computer Networking with Internet Protocols. Prentice Hall, first edition, 2004.
Less conventional introduction, more advanced, has special chapters on congestion and quality of
service, no data transmission stuff.
5. A. S. Tanenbaum. Computer networks. Prentice-Hall, fourth edition, 2003. Very good introduction,
wide coverage, some data communications stuff too.
The units
This is a list of the units, links to the related notes and references to chapters or sections in the books. It
is possible to vary the order of presentation of topics. In most books (Comer, Tanenbaum and Peterson)
they are presented “bottom-up”, starting from the lowest level, or (in Kurose and Rose, and Stallings) “top-
down”, starting with high-level application protocols. Even as I type this I cannot decide how to do it this
time . . . , wait while I decide . . . , OK bottom up but with an overview of some general concepts first.
Another choice is whether to include any material on data transmission, this is about how binary data
is actually transmitted by “guided” media (wires or fibre optic) or by “unguided” media (wireless). This
course (module) doesn’t cover the topic. This is a serious, but deliberate omission. There is not space or
time to discuss signal propogation, noise, bandwidth, modulation etc. These topics not required for the
assessment but if you feel unhappy reading about sending data over network connections without knowing
how the bits are actually transmitted you can find some information in the books:
iii
iv Notes on Computer Networks
Peterson & Davie: no chapter on data transmission, but some stuff about bandwith and latency in chapter
1,
Kurose & Ross: no chapters on data transmission but one section on “Physical media” in chapter 1,
There is one chapter in the notes Introduction, layers and protocols (chapter 1). Relevant material in
the textbooks:
Comer: these concepts are explained in chapter 16, “Protocols and Layering”,
Peterson & Davie: no separate chapter but the is a section on “Network architecture” in chapter 1,
Kurose & Ross: two separate sections on protocols and layers in chapter 1,
Tanenbaum: some stuff on layers in chapter 1,
Stallings: idea of protocols and layers in chapter 2.
• network topologies,
• the functions of data-link, simple encoding, framing and error checking,
• how ethernet operates,
• ethernet bridges, hubs and switches,
• some stuff on wireless LANs
The chapter on data-link and ethernet is Data link layer and network topologies (chapter 2). The
chapter on wireless LAN is 802.11 Local Area Wireless Networks (chapter 3).
Relevant material in the textbooks:
Comer: this topic is covered in Comer’s book in chapters 7, 8 and 9. Then chapter 10 deals with
physical connecting ethernets, chapter 11 with bridges, chapter 12 and 13 are about longer
distance networks and are less relevant.
Peterson & Davie: direct data-link networks are dealt with in chapter 2 this is relevant to the module,
chapter 3 is about more complicated networks like ATM, this goes beyond what is required for
the module,
Kurose & Ross: chapter 5 is “The link layer and local area networks”, chapter 6 is about wireless
and mobile networks and contains more material than is dealt with in the module,
Tanenbaum: the treatment of data link is split into chapter 3 called “The data link layer”, and chapter
4 called “The medium access control sublayer” which actually contains most of the material
about ethernet and wireless. These chapters contain more material than is needed by the module
so be guided by the coverage of the notes,
Stallings: data link is covered in Part 6, the first chapter is 13 on “Wide area networks” which is not
really necessary for this module (too “wide”?), chapter 14 “Data link control” about issues in
data link is more useful, and chapter 15 on “Local area networks” is relevant too.
Notes on Computer Networks v
3. Network layer
Climbing up one level above data link layer is the network (or internet) layer. This layer conveys a
packet across different networks to any addressable destination. This is split into two units, the first
about IP, and the second about routing; it is only split to allow more time to cover it. The topics are:
• IP addressing,
• packet format,
• packet forwarding
• addressing on a LAN (ARP).
This is covered in the first part of the Network layer chapter 4.
Relevant material in the textbooks:
Comer: this topic is covered in chapters 18, 19 and 20. There is additional material about IP frag-
mentation in chapter 21, interesting but not essential for this module. Chapter 22 is about the
new version of IP called IPv6.
Peterson & Davie: in chapter 4 on “Internetworking” section 1,
Kurose & Ross: it is in chapter 4, but it is hard to disentangle routing from other aspects of IP.
Perhaps read sections 4.1, 4.2 and 4.4 first,
Tanenbaum: in chapter 5. There is a lot more material than is needed for this module, so maybe just
look at sections 5.5 and 5.6,
Stallings: chapter 8, sections 8.1 and 8.2 are most relevant
4. Routing
This is still at the network layer, it is about how systems discover which connections to use for
forwarding packets—routing. Instead of examining the details of real protocols this looks at two
algorithms used for discovering routes. I hope to add some additional notes about the real problems
of routing on the backbone of the Internet. The topics are:
• static link-state, or Dijkstra’s shortest routes algorithm,
• dynamic distance vector routing,
• something about Internet routing (I hope).
This is covered in the second part of the Network layer chapter in section4.7
Comer: this is covered in two places, he covers the general routing algorithms in chapter 13, and
then deals with IP Internet routing in chapter 27. There is very little about backbone routing,
Peterson & Davie: more of chapter 4, sections 4.2 and 4.3,
Kurose & Ross: chapter 4, sections 4.3, 4.5 and 4.6,
Tanenbaum: chapter 5, section 5.2,
Stallings: chapter 11 and the chapter 12 section 12.1.
5. Transport layer
This layer is responsible for providing reliable, data-streams, from program to program. It builds this
out of the out-of-order unreliable computer to computer datagrams sent by the network layer. Topics:
• end to end messages using port addresses,
• providing streams from packets,
• reliability and retransmission,
• congestion and flow control,
The chapter in my notes is Transport layer chapter6
6. Network programming
This describes the basic facilities used by nearly all network applications. These can be used in Java,
C++ or any other language. It introduces:
• the (almost) universal BSD socket interface used by all network applications
• the asymmetry of client and server programs,
• the Java classes that provide sockets and how to use them
• the concept of a concurrent server,
• threads in Java and how they can be used to create a concurrent server.
Comer: in chapters 28, 29 and 30, but he only provides program examples in C++ not in Java.
Peterson & Davie: a bit in section 1.3 (in C),
Kurose & Ross: section 2.7, it does have some Java stuff,
Tanenbaum: a bit in subsection 6.1.4,
Stallings: in section 4.4
other perhaps the simplest way to get extra information about network programming in Java is to
look at Sun’s Java tutorial and guide:
http://java.sun.com/docs/books/tutorial/networking/index.html
The chapter in the notes is WWW, HTTP, HTML, CGI and PHP (chapter 8).
Comer: in chapters 35, 36 and 37, chapter 35 deals with HTTP, chapter 36 deals with server-side
functionality like CGI, and chapter 37 covers client-side functionality like Javascript, it is not
so important for this module,
Peterson & Davie: in subsection 9.2.2,
Kurose & Ross: in section 2.2,
Tanenbaum: in section 7.3,
Stallings: section 4.1.
Comer: nothing about peer-to-peer protocols but chapter 33 is about a real time problem: Voice over
IP
Peterson & Davie: yes
Kurose & Ross: section 2.6,
Tanenbaum: 2 pages in chapter 1,
Stallings: I can’t find anything.
10. Security
The problems of how systems connected can be attacked and how traffic can be intercepted of spied
on. The notes say a little about cryptography and how it can be used to provide greater security. In
the notes this is in Security (chapter 11).
ix
x CONTENTS
11 Network security 77
11.1 Some cryptographic concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
11.2 System security without networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
11.3 System security with networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
11.4 How can networking be more secure? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
11.5 Firewalls, Proxies, and Masquerading . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
11.6 Position of firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
11.7 Encrypting network connections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
11.8 Encrypting network traffic: IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
11.9 Encrypting network traffic: IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
11.10Application level encryption (SSL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
11.11Using SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
11.12Openssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
11.13Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Chapter 1
Introduction: networks, layers and
protocols
1.1 Networking
Networking supports communication between two or more programs running on physically distant ma-
chines. For example all the following require network support:
• a WWW browser client using a WWW server,
• mail from a user agent program to a remote mail box,
• remote access to a data-base,
• a remote shared file server system,
• downloading an MP3 music file.
1.2 Protocols
To request any service or exchange any information between 2 programs there must be an agreed set of
commands and data formats, this is a protocol. So, for example, the commands and data sent between
a World Wide Web browser and a remote server are a protocol. The browser (probably) uses the GET
command follow by the name of the required file (page), this protocol is recognised and understood by the
web server program which responds appropriately. Similarly the format of packets sent between Ethernet
cards and their drivers are a protocol. The programs exchanging messages are called peers.
physical network
hardware hardware
1
2 CHAPTER 1. INTRODUCTION: NETWORKS, LAYERS AND PROTOCOLS
Another reason is that the separation simplifies the use of alternative layers and protocols so that if the
network level determines that one site is connected via a leased line it can pass a message packet to the
appropriate driver, whereas a message to a different site will be passed to a different data-link level protocol
driver, this is shown in figure 1.2. It also works in reverse: network (IP) packets contain a field in their
1.3. NETWORKING LAYERS 3
header identifying whivh transport level protocol they use and this is used to determine which level to pass
the packet up to (either TCP or UDP).
• In order for the browser to send the HTTP message it must request that the layer below it (the transport
layer) opens a connection to the server on the remote machine.
• The transport layer has to communicate with its peer, (the transport layer software on the remote
machine) to establish the connection to the web server. Peers at the transport layer use the TCP
protocol.
• In order for the transport layer to send its TCP messages it breaks them into “packets” and requests
that the network layer below it sends these packets to the remote machine which will pass them up to
the peer transport layer.
• The network layer uses the IPv4 (and soon IPv6) protocol. It also uses a routing protocol to work out
which machine to send to in order to get the remote end. and it must ask the datalink layer . . .
• You write to your friend, the letter is your message (what you say in the letter and how they respond
is your “protocol”), you put it in an envelope, put the address on the front and pass it down to the next
“layer”—the postal service,
• The local postal service sorts the letters and puts them in bags for different destinations, these are
labelled. The bags are then given to an airline or a railway that uses the labels to deliver them to the
remote postal service,
• The remote postal service unpacks the bags and delivers the letters.
Notice that it is necessary to have a “protocol” that is understood by the lower layer (TCP, or postal service
bag labels) in order for messages from a higher level to be delivered. Notice also that the layer below knows
nothing about the higher level protocol (whether it is HTTP, or the contents of your letter).
A PACKET ’ S JOURNEY
Figure 1.3 shows the path of a packet through the network software layers when a client application sends a
message to its peer (the corresponding server) application. First the application calls on the transport layer
on its machine to convey the message to the right program at the destination, the transport layer will use the
network layer to send the packet to the correct host, the network layer, once it has found the next hop on the
journey to the destination, will call the appropriate data link driver to send the packet.
TCP TCP
application messages
path of IP packet
When the packet arrives at the next machine the data-link layer passes the packet to the network layer,
it examines the packet’s destination address, it finds the next hop and uses the appropriate data-link driver.
This continues until the packet arrives at the destination, then the network layer software will examine the
destination address and find that it is its own machine so, instead of forwarding it, it passes the packet up
to the transport layer software. The transport layer looks at the transport message and determines which
application to give the message to.
application layer
protocol, eg HTTP
application data
TCP flags
16 bit sender port
16 bit dest. port
TCP
IP stuff: TTL, etc application data
32 bit IP src addr. header
32 bit IP dest addr
14 20 20 4
1. Select a packet
2. Select a different
level of nested protocol
3. A different block of
bytes is highlighted
• encoding
• sending, receiving and framing data (all protocols),
• error checking using CRC (cyclic redundancy checks),
• error recovery: acknowledgement and re-transmission (in HDLC but not Ethernet).
In many types of network there is a big variation between how much is done by hardware and how much by
software, for example an ethernet card will include lots of the functions, but software must do most of the
work of driving a dial-up modem line. These notes will examine the logical problems (not electrical issues)
whether the functions are in a software of hardware device driver.
2.2 Topologies
The data-link level software in a computer must send data along different physical networks that its com-
puter is connected to. The topology of a network is its basic architecture, how components are logically
connected. The simplest and oldest (and still widely used) is the point-to-point. A system can be build from
an arbitrary number of dedicated machine to machine links.
Point-to-point connections like simple serial or parallel lines that join a device on one machine to a
device on another, these are commonly used to connect to wide area networks, for example BT leased lines
or simple dial-up telephone links. The technology and speed can vary from simple serial lines like RS232
at 9.6 Kbps. to fibre optic cables at 2.5 Gbps. A protocol used on dialup lines PPP. A protocol used for long
distance backbone connections is SONET.
• some long distance links, dial-up modems, joining 2 parallel ports (laplink), institutional network to
an exchange (our off-site link),
• simple, no addressing needed, if a machine sends on one link it only has one destination,
• Advantages: robust: one lost link only affects that link, no contention: can have all machines com-
municating at the same time, flexible: different technologies can used for different links,
• BUT scales very badly, there are an exponential number of required connections.
The star network, all machines are connected through a dedicated switch:
These are typically used for local area nets and work at about 150 Mbps or more. Actually they may
provide the data-link layer but they share some of the characteristics of the network layer.
7
8 CHAPTER 2. THE DATA-LINK LAYER
• like ATM (there is one at Hatfield, in the middle of lots of ethernets), can be used for local or
metropolitan or wide area nets,
• more scalable, fewer connections,
• the switch might provide some concurrent connections but it is less parallel than point-to-point,
• needs some form of addressing, so virtual circuits can be set up between communicating machines or
packets can be directed to the correct recipient,
Multi-access nets where lots of machines are connected to the same carrier cable (it works a bit like a
computer bus). These are the commonest for local area networks. The different types include token rings
like FDDI or single lines like Ethernet. Their difference lies in the way they compete for and schedule
access to the common carrier between the different machines. There performance is between 10 and 1000m
bps. The performance of some ethernets is over 1Gb, these use a similar protocol but they are not really
shared bus architectures.
• used for local-area networks, the famous ethernet, not used for metropolitan or wide-area nets,
• very simple, very scalable, very cheap
• requires hardware addresses so the receiver can recognise its data,
• lots of contention, only one message between two systems at any time, requires a fast medium
The store-and-forward packet switched network, the switches are high performance purpose built boxes
(by CISCO or 3COM or ..), they link with arbitrary toplogies to other switches OR they have “outside”
links to host computers, or other networks.
• very expensive, used for wide-area networks or metropolitan nets, they form the backbone of large
internets so they need inter-switch connections and ways of connecting to other nets.
• they usually work by switching packets of information, which can be briefly stored and forwarded
when a link is free,
• they must do routing: how to get from a machine or LAN on one side to a LAN or machine on the
other side,
• many store and forward WAN are made out of multiple point-to-point connections,
2.3. DATA TRANSMISSION 9
• ATM networks can be connected to produce a structure that doesn’t look like a star but resembles the
store-and-forward organisation,
• 100Mb ethernets that use hubs (more later) to connect them look like physically like a star but really
do function as a broadcast shared bus toplogy,
• 100Mb ethernets that use switches (more later) to connect them look like physically like a star AND
really do function as a star network NOT a shared bus architecture,
• the data transmission medium: radio signals, copper wires (twisted or not), fibre optic cables etc.,
• the performance of the different media and their properties,
• the problem of “noise” and how much information can be sent. This is a big topic and can involve
quite a lot of mathematical analysis,
• how data are represented: amplitude modulation, one signal strength for a “1” and a different signal
strength for “0”, phase modulation using a sine wave and changing the phase of the oscillation where
the change represents a bit, or frequency modulation using a sine wave and changing the frequency
of oscillation to indicate a bit.
Just ignore this for now, but you must know that the topic of data transmission is a major subject in its
own right and an area of overlap between the concerns of electrical and electronic engineers and computer
scientists. We will only assume that some how ones and zeros can be represented and transmitted.
2.4 Encoding
To send a binary digit along a carrier the sender can vary the voltage or frequency for a fixed period of time,
the receiver must detect this change. To do this they must synchronize clocks so the receiver samples at the
right time and duration.
The clock is probably a transition from one level to another and triggers the sampling of the line. If the
line is at one level to long then the clocks at each end might drift.
There are various forms of encoding:
• NRZ low level for 0, high for 1. But the signal can stay too long in one state.
• NRZI change level for a 1, unchanged signal for 0. Solves problem for 1s but not 0s.
• Manchester encoding which does an XOR of the bit with the clock signal (which changes every
interval). Clearly produces lots of transitions but clearly only provides half the bit rate for any Baud
rate (the maximum number of transitions the line can make in a second).
10 CHAPTER 2. THE DATA-LINK LAYER
Bits 0 0 1 0 1 1 1 1 0 1 0 0 0 0 1 0
NRZ
clock
Manch-
ester
NRZI
• 4B/5B, every 4 bits of data are encoded in 5 bits of signal: 0000 as 11110, 1111 as 11101, 0001 as
01001. The codes are chosen to guarantee that there can be no long sequence of 1s or 0s no matter
what the data is. FDDI uses this.
• Parity, add one extra bit for every byte (or whatever) so there is an even (or odd) number of 1s. Not
very strong.
• Checksum, add up all the bytes in a message and send the sum. Better.
• CRC (cyclic redundancy check), treat n bits of data as being represented by an n − 1 bit polynomial,
divide this by some smaller (carefully chosen) polynomial and use this to check. (I don’t understand
the maths!). This can give quite strong checking of upto 12000 bits with just 32 bits of redundancy.
2.6 Framing
How are bits of data sent? The receiver needs to know how to interpret the sequence. One bit by itself
provides little information, it is necessary to send sequences of bits to represent useful data. The solution
is to send data in frames with a given format. The next problem is to know when the sequence, the frame,
starts and when it ends, there are three main ways:
• always send a fixed size frame, this is used by fast backbone network protocols like SONET where
there is always loads of traffic,
• start with a marker pattern (a special byte) so the receiver will find the start, then be followed by a
byte count, then the data. This is not so often used because it can be hard for the receiver to recover
if there is an error in the count (so it is said). All the bits must be sent as bytes so the counting can
work. One such protocol was DDCMP used by DEC. More commonly:
• send a special marker (a sequence of bits), then the data and terminate the sequence with another (or
the same) special sequence. These protocols can be either byte-oriented or bit-oriented: bits can be
sent as bytes (always multiples of 8 bits), or as an arbitrary sequence of bits representing binary or
character data. So PPP is a byte oriented protocol (always multiples of 8) and uses the special byte
01111110 as both the start and end marker. IBM designed SDLC for medium distance links and it
was later standardised as HDLC, it is bit oriented, it uses the bit sequence 01111110 (like PPP) as
both start and end markers. Figure 2.6 is an HDLC frame.
With any method that uses an end marker there is a problem that if the value of the end marker character or
byte sequence occurs in the data being transmitted then the receiving hardware will believe that the frame
has ended prematurely. To solve the problem with byte oriented protocols a technique called byte stuffing is
2.7. RELIABLE TRANSMISSION 11
8 16 16 8
used: a special escape character (DLE in ASCII) is used. Whenever the end marker value occurs in the data
it is replaced by the escape character followed by a code indicating that the end marker was replaced. When
the receiver detects the escape it removes it and the following character and replaces it with the original
code required. (If the value of the escape occurs in the input then it will be replaced by some other escape
sequence. NB this is just like the use, in C, of the \ escape character, where \n is a newline \\ is \ etc.)
Things are simpler with bit oriented protocols, they use bit stuffing. The sender, to avoid the termination
sequence, for example 01111110, being sent in the data, will if five ones occur (11111) just stick in an extra
0. The receiver will be given the data and will remove any zero that occurs after five ones. It is now OK
because the start and end markers are the only things that will have six ones.
2.8.1 Standards
The IEEE, American Institute of Electrical and Electronic Engineers, has many standards that have become
international standards, (the “Unix” standard called POSIX is an IEEE standard). IEEE have a set of
standards called 802 that cover many aspects of local area networks (and some wider network issues):
802.2 logical link layer, interface to layers above
802.3 CSMA/CD, the ethernet family, many sub-standards
802.3u 100Mbps ethernet
802.3z 1000Mbps ethernet
802.5 token ring network
802.11 wireless LAN
802.11x 802.11a, 802.11b, 802.11g etc. different wireless frequencies
in the 802 family there is an important distinction between:
• the LLC, the logical link control sub-layer, which specifies the interface to the network layer in the
protocol stack. This is independent of the underlying network type and will be the same for all. And
• the MAC, medium access control sub-layer, which specifies the operation of the protocol, data format
and data transmission. This is medium dependent and will be different for different network types.
This distinction is used in the 802.11 wireless protocol, the network layer (usually IP) communicates with
the LLC layer which then passes LLC frames down to the 802.11 MAC layer. However this distinction is
not made by ethernet (802.3) because its design pre-dates the introduction of 802.2. So ethernet packets do
not encapsulate or contain LLC packets, higher levels (like IP) interact directly with 802.3 not with 802.2.
identifying the protocol of the message in the data, ie. IP or something else, so it can be passed to the right
layer above.
8 6 6 2 46−1500 4
1. if the carrier is busy (ie. some other computer is sending) then wait, or,
3. while sending, monitor the carrier to see if any other bits appear, if not then done.
4. otherwise there is a collision, some other device transmitted at the same time; if so stop, put error bits
on the carrier (jamming signal) so all other devices know there is an error and then wait a variable
time before going to step 1. The length of delay is random and increases with repeated collisions, it
is called exponential back-off.
Ethernets are very successful and very widely used but they perform very badly if they get much more
the half their load. This is because the rate of collisions rises exponentially as the load increases, and also
the consequent increase in re-transmissions.
• the sender is at one end of a 2500m cable, and a second sender is at the other end,
• the frame starts to arrive at the other sender at time t+d, where d is the latency (time to reach the other
end), just after the second sender started to transmit,
• now the second sender will detect the collision and jam
• it will require another d micro-seconds for the second sender’s message to arrive at the first sender, at
time t+2*d, the first sender must still be transmitting at this time or it will not detect the collision.
2.8. LOCAL AREA NETWORKS INCLUDING ETHERNET 13
The time, d, taken for a bit to travel 2500m is 25.6 micro-secs, so the first sender must be still be sending
after 2*d, 51.2 micro-seconds, On a 10Mbps ethernet 512 bits are transmitted in 51.2 micro-seconds so in
order to still be sending and detect the collision the minimum packet length must be 512 bits.
This problem still applies for 100Mbps and 1000Mbps ethernets, they have maximum cable and min-
imum packet size limits. They also use additional ways to detect collisions, but the basic problem is the
same. So the 100Mbps system using hubs and switches and running 10 times faster can either have a
minimum frame length of 5120 bits or a maximum length of 250m, it shortened the maximum length.
A B C
1
b1−2
D E F G
So if host A on ethernet 1 sends a packet to host F using F’s address it will be intercepted by the bridge
b1-2 (because it grabs everything), retransmitted unchanged by the bridge on ethernet 2, and finally get to
F.
Most bridges are adaptive learning bridges. Their basic operation is the same but they also record all
the sender addresses of all the packets sent on each ethernet, this way they learn which ethernet each host is
attached to. Then, when the must pass on a packet, they examine the destination address and only forward
it to the network that the destination host is on. So if host C sends to host A it will be intercepted by the
bridge but it will not be forwarded on network 2 because the bridge has learnt that host A is on network 1.
The 100Mbps uses UTP (twisted pair) cables that plug into a a box, either a hub or a switch. The hubs
or switches can be connected together in a hierarchy or using 10Mbps links, see figure 2.11.
this looks like a star network topology, it is physically but not logically. Logically and functionally it is
still a shared bus. When one host sends a packet it goes to all the other hosts.
Notice, in figure 2.12, that the link goes up the twisted pair, into the hub, back down one link in the next
twisted pair and back to the hub again. In other words it works exactly like the shared bus. Hubs can have
between 4 and 64 ports.
14 CHAPTER 2. THE DATA-LINK LAYER
hub
uplink to
another host
hub
1 2 3 4
With a hub there is still contention, while one host is using the hub no other host can. By spending a bit
more money you can get a switch. A switch looks like a hub but internally it is totally different. A switch
still appears the same as any ethernet to the host but it is almost as every host is on its own separate ethernet
with bridging between them, see figure 2.13.
host 1
b1−2
host 2 b1−3
b2−3 b1−4
b2−4
host 3
b3−4
host 4
So if host 1 is sending to host 3 the packets go through a type of internal adaptive bridge b1-3 and be-
cause b1-2 and b1-4 are adaptive they will not forward the packet. This means that host 2 can communicate
with host 4 at the same time without collisions.
Chapter 3
802.11 Local Area Wireless Networks
• the services and behaviour provided to the layer above (to the network layer), hiding the lower details,
this is common to all 802 LAN standards (like ethernet, rings, etc.),
• the MAC (medium access control) protocols, ie. how the connected systems cooperate together to
exchange data. This includes messages to support movement of one station between cells (networks)
and support for authentication and privacy,
Datalink
802.11 MAC protocols 802.3 rings, etc
ethernet
DCF and PCF CSMA/CD
10Base−T
Physical 802.11a 802.11b 802.11g and
others
There are various alternative 802.11 standards: 802.11 upto 2Mbps, 802.11a (using orthogonal fre-
quency division multiplexing) upto 54Mbps, 802.11b (using direct sequence spread spectrum) upto 11Mbps,
and 802.11g upto 54Mbps. They all have similar MAC protocols and only differ in the hardware behaviour.
15
16 CHAPTER 3. 802.11 LOCAL AREA WIRELESS NETWORKS
station 2 station 6
2 to 3 direct Infrastructure
Infrastructure station 4
BSS, Cell B station 11
BSS, Cell A station 3
station 5
6 to 8 via AP
station 1 11 to 12 direct
station 7
AP access AP access station 12
point A point B
station 8
Independent BSS
Ad hoc network
both 802.11 and 802.3 are data link layers. Does it use some form of routing? No, the AP doesn’t look
inside for IP addresses.
The AP works in a way similar to an ethernet bridge. The wireless uses the same type of MAC address
as ethernet. If the destination MAC address is on the other side of the AP the AP passes it on.
There is only one problem: the format is different. The AP must translate the format of the message
from 802.11 to 802.3 and vice versa.
bits: 2 2 4 1 1 1 1 1 1 1 1
protocol type subtype to from more re− pwr more WEP order
DS DS frag try mng data
• the frame format is given by the type field in the frame control field (see figure 3.3):
1. management, these are normally used for communication with the AP (access point, the base
station): there are frames for new stations to associate with the network, and for authentication,
2. control, these are used during data transfers but don’t contain data, these include acknowledge-
ments and the RTS and CTS messages of DCF (see section 3.7)
3. data, this is like the top packet in figure 3.3, however there are some variations for combining
the control functions of PCF with data.
• the duration field “reserves” the carrier for the length of time of the transfer and sometimes subsequent
packets in a transaction, see a later section about NAV,
– For many transfers only two are needed, for example transfers between stations in one cell only
need two addresses, the first address is the receiver of the wireless signal and is also the final
destination, the second is the wireless transmitter and also the sender.
– If a station, STA1, sends to the MAC address of a system, SVR1, on the DS (distribution system)
it must go via the AP see figure 3.4, address 1 is the wireless receiver MAC of the AP, but
it is not the final destination, that MAC address is put in the field address 3, the transmitter
address and the sender STA1 MAC are the same in field address 2 like between stations in the
same cell. When a station receives from an outside system via the AP the use of addresses is
switched: address 1 is the destination and the receiver, address 2, the transmitter is the AP
MAC address, and address 3,
gateway
GATE
– four addresses are needed if a wireless network is used as a “bridge” between two LANs, see
figure 3.5. The wireless nodes are “transparently” passing on packets from LAN1 to LAN2. It
is too long to explain but in the packet sent between STA1 and STA2 the destination and sender
addresses in address fields 3 and 4 are the MAC addresses of the systems HO1 and HO2, the
MAC addresses in fields 1 and 2 are the MAC addresses of the receiver and transmitter, STA1
and STA2.
18 CHAPTER 3. 802.11 LOCAL AREA WIRELESS NETWORKS
LAN1 LAN2
host
HO1
station station
STA1 STA1 STA2 STA1
MAC MAC
SIFS,PIFS,DIFS & EIFS between any two packet transmissions of any type there must be a short delay
called an inter-frame space IFS. There are 4 different IFS times: SIFS, PIFS, DIFS and EIFS. The
reason for having four times is to permit higher priority transmissions to use the carrier. When a
station wants to send a new packet it waits for a DCF IFS (DIFS) time. When a receiver sends an
acknowledgement it waits for a short IFS (SIFS). This guarantees that the acknowledgement will be
sent with no collisions from other packets as the SIFS is shorter than the DIFS. The lengths of the
intervals, in increasing time delay, are:
The PIFS is between the SIFS and DIFS and is used when the base station is coordinating all stations
by polling, it won’t preempt acknowledgements but it will override ordinary transmissions.
In addition to the basic parts of the protocol that allow any stations to send packets there are some extra
parts of the protocol to help reduce collisions or to cope with packet loss. These extra rules are required by
all wireless networks.
virtual sensing, NAV nearly all packet transmissions “reserve” time by including a duration field in the
packet, all other stations detecting a transmission set their network allocation vector, NAV, to this
value. The NAV is basically a timer, once set it counts down to zero. A station will not even try
to do carrier sense if its NAV is non-zero, it is a sort of virtual carrier sense. Why does this help?
Some MAC operations require more than one packet so this stops other stations starting to send in
the middle of a transaction, for example a data packet sets a duration time that is the sum of times for
the packet transfer and the acknowledgement. It is also used for for fragments, see next item and for
RTS-CTS, see next section 3.7,
packet fragmentation Because there is a low probability that a long data frame will be sent successfully
802.11 allows long frames to be broken into fragments and sent and acknowleged separately. Each
fragment will be sent and acknowledged separately so that only a single damaged fragment needs
resending. The sender only pauses for a SIFS interval after the acknowledgement before sending
the next fragment (as always the receiver acknowledges after a SIFS), this way the sender keeps the
channel. In addition each fragment contains a duration covering the time for the following fragment
and acknowledgement, so all other stations will set their NAV and not interfere.
A B C
This can be avoided in the DCF protocol which uses the following messages:
• RTS (request to send), if station A wants to send to B it waits for no traffic then sends RTS to B.
The RTS contains a duration value covering the whole time of the remaining steps of the transaction
(SIFS+CTS time+SIFS+data frame time+SIFS+Ack time) so other stations will set their NAVs. It
then waits,
20 CHAPTER 3. 802.11 LOCAL AREA WIRELESS NETWORKS
• CTS (clear to send), if B accepts the request it sends CTS back to A, it also sends the NAV duration for
the remaining time (same as RTS NAV minus time the CTS takes: SIFS+data frame time+SIFS+Ack
time),
• when A receives the CTS from B it will send the data to B,
• ACK, when the data arrives successfully at B it will send an acknowledgement ACK back to A. The
transfer is complete.
• between each message there is a SIFS delay so no other stations can interrupt.
If any station hears an RTS from another station it will wait for a time long enough to allow the message
to finish before attempting to send. If a station hears a CTS from another station it will wait for a suitable
length of time. This will avoid collisions. If collisions occur when two stations send RTS they will not
know, because they don’t try to detect it, but the intended receiver(s) will fail to receive the RTS because of
the collision so it/they will not send a CTS, consequently the original senders of the RTS will know it failed
and they must retry.
Now consider how this deals with the problems of the “hidden station” above, if A sends RTS to B it
will not be detected by C, but C will detect the CTS that B sends back to A and will therefore set its NAV
and wait until the transfer is over.
Chapter 4
The network layer (IP)
4.2 IP addresses
Every host connected to an internet must have a unique IP address on that network. The address in
IPv4 is a 32 bit number. It is usually represented as 4, 8 bit numbers separated by dots, for example:
147.197.205.211 In order to address different networks on an internet the address is structured into a net-
work part and a host part. So the University of Hertfordshire network address is 147.197 and one host on it
is 205.211. Not all networks have a 16 bit address. The NIC allocates network addresses to organisations
which in turn are responsible for allocating their own host addresses.
type A If the first bit is 0 (the first 8 bit field is less than 127) then that’s the network address and the host
address is 24 bits, there are only just over 100 of these and each can have over 16 million hosts on
their nets,
Type B If the first two bits are “10” then the network address is the next 14 bits that means there are about
16000 of these networks, each with upto 65000 hosts,
Type C For smaller organisations if the first 2 bits are “110” than the network address is the following 22
bits and there is only an 8 bit host number, (work it out!).
21
22 CHAPTER 4. THE NETWORK LAYER (IP)
Type D and E If the first 3 bits are “111” then the remaining bits are used for special broadcast and multi-
cast addressing
This is the original basis of network address allocation but now (2004) type A address ranges are split to
make more network numbers available. This means finding the network part of the address is not quite so
simple, the new way is used by CIDR (classless internet domain routing), which you follow up if you wish.
4.3 IP packets
The IP layer on one machine must send packets to the IP layers on other machines, to do this it uses the
IPv4 (and eventually IPv6) protocol. The format of an IPv4 message is shown in figure 4.1. The important
This is the vital function of IP, getting packets across one physical network to another thereby creating an
internet.
eurydice
131.9.0.11
network: 131.9.0.0
eth1 131.9.0.8
Net no. Gateway Mask Dev
131.9.0.0 0.0.0.0 255.255.0.0 eth1
62.0.0.0 0.0.0.0 255.0.0.0 eth0
cerberos
eth0 62.0.0.1
network: 62.0.0.0
62.0.0.2 62.0.0.3
• The first field of a forwarding table is the destination network. Every IP address has two parts,
network and host. Note that 131.9 is a type B address and 62 is type A,
• The second table field contains the gateway to use, this is the next hop, usually a router, if the system
is directly attached to the network the gateway is 0.0.0.0. In cerberos which is directly connected
to both networks both gateway fields are 0.0.0.0. In orpheus the gateway for network 131.9.0.0
has the address of cerberos,
• The third entry is a network mask. It is used by the forwarding software to find which entry to use.
The destination address of every incoming packet is and-ed with each mask in turn and the result
compared with the first column network number to get a match. Because of the use of subnets in
networks and the splitting of type A addresses it is not possible to use the type A, B, or C bits to
determine the network part, so every network destination has its own mask. In this example it is easy,
131.9.0.0 is a type B address and the mask is 255.255.0.0 (first 16 bits all binary “1”, last 16 bits
all “0”) which means any any address such as 131.9.0.11 and-ed with the mask will leave just the
top 16 bits, 131.9.0.0, for comparison.
• The last field in the forwarding table is the NIC (network interface card) address, in other words it
tells the IP software which datalink to use.
• When the packet arrives at 62.0.0.1 the same procedure is applied, it masks the address 131.9.0.11
and matches on the first line of the table which says there is no gateway, just send it on datalink eth1,
and it arrives at the destination.
a
T U
a b
c
c
V W
e
d
d e
X Y
f f
Z
g
• Delay, even though some links are fast they might be overloaded as the “cost” to be minimized is
delay time,
• The number of links that must be crossed to reach the destination, where the cost of every link is 1,
this is called hop count and is the commonest.
8 11 5
B C 4 D
5 5 7
E F 8 G
6
Figure 4.4: Example network
In figure4.4 node A is connected to node B with a “cost” of 8, (note: cost might be financial, time-delay
or physical distance), this is written as cost(A,B)=8.
If a host has all of the above information it can compute the best next-hop for every node in the network
using Dijkstra’s shortest route algorithm developed in the 1960s for any graph, not just computer networks.
The algorithm keeps a set S of “open” or “unexplored” nodes, an array Dist of distances from the start
to each node, and an array Rt of the next-hop to all nodes. The arrays are indexed by the node names or
numbers. On each cycle of the algorithm the closest “unexplored” node is chosen, it is called u, then each
of the open nodes v adjacent to u are examined to see if there is a shorter route to them via u. After the
closest node u has been examined it is “closed”, ie. removed from the set S.
Initialize set S to contain all nodes except source;
26 CHAPTER 4. THE NETWORK LAYER (IP)
while(! S.empty() ) {
select a node u from S so that Dist[u] is minimum;
if( Dist[u]==infinity ) {
fail: no path to all nodes in S; exit;
}
S.remove(u); // remove u from S
foreach node v such that there is an edge (u,v) {
if( S.member(v) ) {
cost = Dist[u] + cost(u,v);
if(cost < Dist[v]) {
Rt[v] = Rt[u]; Dist[v] = cost;
}
}
}
} // done forwarding table is Rt
6. Choose u = E, no changes . . .
7. Choose u = G, no changes . . .
The algorithm continues until there are no nodes left in S with a value less than ∞.
B
6 7
dest cost goto dest cost goto
A 2 D A 0 A A 0 A
B 6 B B 5 C
3 4 5 C 3 C C 3 C
D ∞ D 7 C
C E E ∞ E 12 C
(a) The network (b) Initial table at A (c) Final state at A
In figure 4.5 a simple network is shown with versions of the forwarding table from one node, A. The
first table shows an initial state based only on knowledge of the hardware connections. The second table
represents the optimal routes, the ones we hope will result from a successful routing algorithm, from A to
all other nodes in the net. Remember that the forwarding table only shows the first node on the best path,
the next hop. Initially The entry for B says the route is cost 6 and go straight to B. If the route is unknown
it is infinity ∞. However after the routing algorithm the entry for B says the route is cost 5 and go to C first.
Notice further that the final state has the routes to all other nodes and the costs. In the forwarding table the
cost from a node to itself, at A to get to , is 0.
A 6 A links
B B 0 B A 6
B’s ft C’s ft C 2 C C 2 B’s ft C’s ft E’s ft
A 6 A 3 D 7 D D 7 A 6 A 3 A ¬
B 0 B 2 6 E ¬ 7 B 0 B 2 B ¬
C 2 C 0 C 2 C 0 C ¬
D 7 D 4 D 7 D 4 D 5
E ¬ E ¬ 2 E ¬ E ¬ E 0
A 0 A links A ¬ links
A B 6 B B 6 A’s ft B’s ft D’s ft D B 7 B B 7
C 3 C C 3 A 0 A 6 A ¬ C 4 C C 4
D
E
¬
¬
3 B 6 B 0 B 7
4 D
E
0
5
D
E
E 5
C 3 C 2 C 4
D ¬ D 7 D 0
E ¬ E ¬ E 5
5
A 3 A links
C B 2 B A 3
C 0 C B 2 D’s ft
D 4 D D 4 A ¬
E ¬
B 7
C 4
D 0
E 5
A ¬ links
E B ¬ D 5
C ¬
D 5 D
E 0 E
• At the “top” of each host is a list of the forwarding tables sent to a node by each of its immediate
neighbours. So that as A only has links to B and C (2 entries in the connections table) it has copies
of their tables, but E only has one neighbour, D, so it has only received one forwarding table. Notice
that initially each system has its neighbours tables but it hasn’t yet used them to update its own table,
see the next section 4.9.2.
if your immediately connected neighbours have routes and distances to a place X and you add
your link cost to each of those distances and select the smallest then your best route will be via
the neighbour whose distance plus the link cost was the least.
An algorithm based on this idea is called a Bellman-Ford algorithm after two of the inventors. But how do
they get the shortest routes? Answer: all the nodes in a network do this minimising, basing their forwarding
table on tables from their neighbours, and in turn sending their forwarding table. This is called distributed
Bellman-Ford or distance vector. Proving that the distributed version is correct is hard but has been done.
The steps of the algorithm. Every node x will:
1. initially set its forwarding table distance to the link cost of the direct connections: to the link cost
from the node x to each neighbour node v, All other entries are set to ∞, infinity.
(c) for each destination on the net y find each neighbour’s cost to y (from the copy of their table)
and add the cost of the link to the neighbour,
(d) select the minimum of all these sums and set x’s forwarding table entry for y to the minimum
distance and set the next hop to the neighbour whose table gave the smallest sum.
Another way of expressing the algorithm. Where d x (y) is the forwarding table distance at node x to
node y; c(x, v) is cost of the direct link from x to neighbour v. Every node x will:
1. initially set d x (v) to c(x, v), All other entries in d not in c are set to ∞.
2. at fixed intervals repeat:
(a) send a copy of d x to all direct neighbours, v,
(b) receive tables d v from all neighbours v,
(c) for each y select the minimum of c(x, v) + d v (y) for all neighbours v. Set d x (y) to the minimum:
A 0 A
B 5 C
C 3 C
D 7 C
E ∞
On host B On host C
A 5 C A 3 A
B 0 B B 2 B
C 2 C C 0 C
D 6 C D 4 D
E 12 D E 9 D
4. A now sends its new table and receives the new tables from B and C.
30 CHAPTER 4. THE NETWORK LAYER (IP)
A 0 A
B 5 C
C 3 C
D 7 C
E 12 C
then after all the systems send their tables, and do their updates once the new state of all the systems is:
On host A On host B On host C On host D On host E
A 0 A A 5 C A 3 A A 7 C A ∞
B 5 C B 0 B B 2 B B 6 C B 12 D
C 3 C C 2 C C 0 C C 4 C C 9 D
D 7 C D 6 C D 4 D D 0 D D 5 D
E ∞ E 12 D E 9 D E 5 D E 0 E
after one cycle quite a lot of information has propogated but A and E still don’t know about each other.
On host A On host B On host C On host D On host E
A 0 A A 5 C A 3 A A 7 C A 12 D
B 5 C B 0 B B 2 B B 6 C B 12 D
C 3 C C 2 C C 0 C C 4 C C 9 D
D 7 C D 6 C D 4 D D 0 D D 5 D
E 12 C E 11 C E 9 D E 5 D E 0 E
the tables have reached a stable state. The normal rule for operation as part of a real routing protocol would
be to periodically send the table to neighbours, or whenever a change occurs.
4.9. DISTANCE VECTOR ROUTING 31
These are a few additional notes about the network layer, IP. There is a loose structure: subnets, subnet
masks, CIDR, and routing on the backbone of the internet.
a) type B IP address
16 bits 16 bits
1 0 0 1 0 0 1 1 1 1 0 0 0 1 0 1 1 1 1 0 1 1 0 0 1 1 1 1 0 0 0 0
147 197 236 240
1 0 0 1 0 0 1 1 1 1 0 0 0 1 0 1 1 1 1 0 1 1 0 0 1 1 1 1 0 0 0 0
147 197 29 1264
(but NEVER written like this!)
c) 21 subnet mask
16 bits 5 bits 11 bits
1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0
255 255 248 0
1 0 0 1 0 0 1 1 1 1 0 0 0 1 0 1 1 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0
147 197 232 0
An example herts.ac.uk address (B type) is given in part (a) of the picture, 147.197.236.240. The
subnet part is shown in part (b), note that this is just a simple 32 bit number, it is only by convention that it
is written as four 8 bit numbers in decimal, therefore we could say this is subnet 29 (the 5 bits), host 1264
(given by the 11 bits), but that would be confusing so it is still written conventionally.
33
34 CHAPTER 5. MORE ABOUT THE NETWORK LAYER
If this machine 149.197.236.240 sends to 149.197.239.69 then the forwarding table will mask the desti-
nation address with the subnet mask 255.255.248.0 giving 147.197.232.0 which will be sent out directly
(no gateway). If, however, the destination is 147.197.200.44 the mask will produce 147.197.200.0, this
won’t match the first network destination so the last line will be used instead and the packet will be for-
warded to the gateway 147.197.232.1. Note that this treats the problem of routing to other subnets and to
other networks in the same way, in both cases the packets go to the gateway and it must decide to forward
to another subnet or go out to the Internet.
full-network-address/number-of-bits-of-network-part
for example the address of the subnet my machine uses is: 147.197.232.0/21 which gives the length of
the network+subnet part. It gives two things: the subnet mask (length 21), ie. 255.255.248.0, and it gives
the value of the 21 bits—the network number.
stub this is an autonomous system, usually of only one network, with only one router connection to the
rest of the internet, a network like Hatfield, or an ISP that just supports direct customer lines,
transit this is an autonomous system, usually made of many networks, that has many connections to other
ASs and its primary job is to carry through traffic (usually for profit),
there are some autonomous systems that are hybrid, called multi-homed, they have more than one connec-
tion to the rest of the internet but they don’t permit through traffic.
Figure 5.2 shows an internet with stub and transit ASs. It tries to show that the transit ASs on the
backbone of the internet have complicated internal structure consisting of many networks each with its own
internal structure. In addition the geography is not localised, some long haul telecomms companies have
autonomous systems that span continents. Also notice that each autonomous system has a unique 16 bit
network number, an ASN, only transit AS need numbers, they are not assigned to stub ASs. Another thing
to note about the picture is that within backbone networks only some routers are connected to neighbouring
networks, others are purely internal.
5.2. THE BACKBONE OF THE INTERNET 35
211.4.6.0/24 222.112.112.0/24
147.197.0.0/16
AS2 AS7 172.111.0.0/16
16.0.0.0/8
AS3
AS6
AS5
AS1
211.199.44.0/24
133.77.0.0/16
AS4 131.411.0.0/16
81.101.128.0/18 99.0.0.0/8
235.11.8.0/24 235.11.9.0/24
• to manage the complexity, any router that handles inter-AS routing needs a forwarding table of all the
possible network destinations, currently (2004) about 150,000, to make thousands of routers handle
this and exchange the information would be impossible, so restricting it to a few makes it more
manageable,
• because each AS is managed by a different organisation and therefore runs its own internal networks
differently, the routing algorithms within adjacent ASs might be incompatible consequently the sep-
aration is necessary, and
• because interior protocols within one organisation just find the best route but exterior routing needs
protocols that can implement policies, for example: “don’t use AS9999 because it hasn’t paid us for
six months”, or “don’t send US government traffic through an AS in Iran”.
The interior routing protocols can be whatever the operator of the autonomous system wants, but OPSF is
the most widely used, it is powerful enough to cope with routing between and within the separate networks
that might make up one autonomous system. The current (2004) exterior routing protocol used on the
internet is called BGP-4 (the Border Gateway Protocol). It is sometimes called a path vector protocol it has
some similarities with distance vector like exchanging table changes with its neighbours but it exchanges
the full paths to destinations not just the next-hops.
PREFIX: 147.197.0.0/16
FROM: 168.209.255.2 AS3741
ASPATH: 3741 702 786
NEXT_HOP: 168.209.255.2
...
PREFIX: 147.198.0.0/16
FROM: 64.211.147.146 AS3549
ASPATH: 3549 209 568 721 1505
NEXT_HOP: 64.211.147.146
...
There are no metrics or costs (or in other words the metric is always 1), this is because they are meaningless,
each “hop” means crossing a whole AS which could be using any interior routing protocol that attached
totally different meaning to its metrics from any other AS.
Each AS has at least one BGP speaker that exchanges information with BGP speakers in other au-
tonomous systems; there may be many more BGP routers in an AS but not all will exchange information
with neighbouring ASs. Each BGP speaker establishes semi-permanent TCP connections to its neighbour
AS BGP speakers to exchange information. If changes occur to a table it will pass the changes to its neigh-
bours, they will update their tables to find alternative routes that satisfy their policies. Note that a whole
AS becomes just one point in an AS route, so from a routing point of view figure 5.3 is equivalent to the
previous picture: As an example of route propogation:
147.197.0.0 222.112.112.0
211.4.6.0
133.77.0.0
AS3
16.0.0.0/8 AS7
AS2 172.111.0.0
AS6
211.199.44.0
AS1 AS5
81.101.128.0
99.0.0.0
AS4
131.411.0.0
235.11.8.0 235.11.9.0
• AS6 will tell its neighbours, AS3 and AS5 that it has a network 172.111.0.0,
• now AS1 has a choice of routes: [AS5, AS6] or [AS4, AS3, AS6] and it will choose one depending
on its site’s policy.
Also notice that the sending of full paths makes the protocol quite stable, if an AS receives a route that
contains its own number it will discard the route.
The figure 5.4 shows the paths from AS786 (Janet) to other transit ASs, notice the average AS path
length is only 3 or 4.
5.3. ADDRESS SPACE EXHAUSTION 37
5.3.1 CIDR
BGP-4 doesn’t use the address classes to select network addresses, all destination networks are written in the
subnet format: network-number/length-of-address. When the forwarding table is searched for a destination
address every entry has an implied mask which is used to mask the incoming address and see if it matches
the table entry. Longer masks are always tested first to ensure that small networks are not missed. This
means that a fragment of a type A address can be allocated as a new network and will be found in the
routing table.
One reason for the exhaustion of addresses was the wasteful allocation of type A and B network ad-
dresses (7 and 14 bits respectively) to organisations that would never fully use them. CIDR has allowed
some of these to be sold off and broken into smaller network ranges, for example here are some real network
numbers taken from part of one type A address space:
12.0.17.0/24
12.0.19.0/24
12.0.28.0/24
38 CHAPTER 5. MORE ABOUT THE NETWORK LAYER
12.0.48.0/20
12.0.153.0/24
12.0.252.0/23
12.1.83.0/24
...
This works well but it does have the consequence that BGP routers have a very very difficult job to match
an address, the incoming address must be masked with masks generated from each (or many) entries and
the result compared with the table entry. It is no longer possible to select a network number by looking at
the first bit or the first two bits. Many BGP routers have special hardware to help them search their tables.
It also means that tables get longer as type A networks are fragmented. However using CIDR can in
some cases shorten the tables, consider the previous sample network picture, in the AS4 there are two close
type C addresses: 235.11.8.0/24 and 235.11.9.0/24. These have the same network prefix if the a 23 bit
mask is used, they are both: 235.11.8.0/23. This is called aggregation, all other ASs’ routers need only
one entry in their tables:
235.11.8.0/23: ..., AS4
because it will match both network addresses and forward them towards AS4, when the destination is
reached AS4 can use a 24 bit mask to find the correct one.
connection
to internet
81.101.163.108 192.168.10.1 192.168.10.3
192.168.10.4
The gateway machine translates the sender address of every packet sent from the private net to the
internet. It changes the private network address to its own IP address and records this in a network address
translation table. When reply packets arrive back it looks up the table and reverses the translation, changing
the destination from its own IP address to the correct private network address.
Chapter 6
The transport layer (TCP & UDP)
39
40 CHAPTER 6. THE TRANSPORT LAYER (TCP & UDP)
SEQUENCE NUMBER
ACKNOWLEDGEMENT NUMBER
DATA
...
application application
ab k l
Transport layer c Transport layer j
6.4.1 Problems
There can be problems: (i) the packets can go out of sequence, (ii) packets might get lost and never arrive,
(iii) they might arrive but be corrupt, and (iv) packets might arrive faster than the receiver can deal with
them. All of these are problems that must be solved by the transport (TCP) level software. The solution is
to require acknowledgement of receipt of the packets and to retransmit them if they are not acknowledged.
send 1
get 1
send ack 1
get ack 1
send 2
get 2
send ack 2
get ack 2
6.6. PACKET “WINDOWS”, THE CONCEPT 41
Whenever a packet is sent a timer is started, if a timeout occurs before an acknowledgement is received
(which suggests a lost packet) the sender must re-transmit the last packet.
However this is very slow and wasteful, there might be several packets to send but they cannot be sent
until the ACK is returned, that means waiting for the full RTT (round trip time) for the packet to reach the
receiver and the ACK to get back.
sender receiver
send 1
send 2
send 3 get 1. send ack 1
get 2, send ack 2
get ack 1, send 4 get 3, send ack 3
The additional overheads of this are that the sender must keep all the packets sent but not yet acknowledged.
Packet windows also cope with out of sequence packets. This requires that the receiver will save packets
got ahead of the sequence number it expects and further that it doesn’t acknowledge until it has got all the
ones up to the current sequence number.
sender receiver
send 1
send 2
send 3 get 1. send ack 1
get 3 out of seq
get ack 1, send 4 get 2, send ack 3
time
host 1 host 2
seq=2
send 2000−2499 000
seq=2
send 2500−3499 500
seq=3 ACK 2500
send 3500−3999 500
wait... 2 500 ACK 3500
ACK
get ACK 2500 so 0
K 350 ACK 4000
send 4000−4499 AC
4000
ACK
In the above picture the sequence at the start is 2000. The window size is 2000 bytes, sent in 3 packets:
500 bytes, 1000 bytes and 500 bytes, then the sender had to wait until the acknowledgement of the bytes
2000–2499 (they were acknowledged by sending the number of the next byte expected: 2500). When the
ACK was received the sender could send upto 500 more bytes.
send SYN s
eq=x
SYN
=y get SYN
1 SY N seq send SYN
ACK x+ and ACK
get SYN ACK y
and ACK +1
send ACK
get ACK
• each participant must select a random starting number for its sequence number (reduces risk of acci-
dental capture of old packets from previous connections),
• the 3 messages ensure both sides know the connection is established, a lost SYN or ACK will cause
retransmission.
time
initiator responder
close FIN se
q=x
from app
get FIN
x+1 send ACK
ACK
ay
get ACK ther w tell app
n stil l go o
data ca
this side
eq=y closes
FIN s
wait..
ACK y
+1
• the intermediate ACK, from responder, even though it is not ready to send a FIN is to prevent the
initiator resending the FIN.
44 CHAPTER 6. THE TRANSPORT LAYER (TCP & UDP)
Chapter 7
Java Network programming with sockets
The “socket” interface to TCP/IP dates from the early BSD Unix systems that first implemented TCP/IP
about 1980. It is the primary interface between application programs and the transport layer. The transport
layer is usually in the kernel of operating systems whereas higher level protocols are implemented by
programs so the socket interface is usually a set of system calls (although on some systems like Sun Solaris
or Windows Winsock it is a library with slightly different transport layer system calls below). In Java the
socket library provides a slightly higher level view of sockets but is still quite close to the underlying system
calls.
7.1 Addressing
A server must offer a service on a port address, and a client must connect to the servers host address and
port.
147.197.205.101
all TCP/IP socket connections only use the IP number, there are no host names in TCP/IP (they are provided
for users by a higher level application protocol). However under certain circumstances Java allows names
or numbers to be used.
TCP a bi-directional stream connection. The stream is “reliable” which means the underlying network
level requires acknowledgement of each packet sent in the stream, if any are lost then they are re-
transmitted transparently to the process using the stream.
UDP a connectionless single message, or datagram. There is no guarantee of delivery of a UDP datagram
(although in practice nearly all packets get through).
45
46 CHAPTER 7. JAVA NETWORK PROGRAMMING WITH SOCKETS
bind(fd,struct sockaddr *ptr,len) associates a port number with a socket. It is used by a process
to inform the operating system it will deal with any connections to a port and provide the service.
listen(fd,conn_q) used by a process to indicate that it is prepared to receive connections, that it is a
server. It doesn’t wait, accept does that . . .
fd2=accept(fd1,struct sockaddr *sender,len) this causes a process to wait for a connection. When
if arrives the connecting process’s address is returned in the sockaddr address structure. Also a new
file descriptor is created that can be used to talk to the remote process,
connect(fd,struct sockaddr,len) this is used by a process to make a connection on a socket to an
address contained in the sockaddr structure.
Once the connection is established characters can be written to and read from it using the read() and write
and other system calls.
Notice that the asymmetry of the client server communication is reflected in which system calls are
used. This is is illustrated in the picture 7.1.
Server
socket()
bind()
listen()
accept() Client
write()
read()
make reuest
process request
lots of reads & writes
lots of reads & writes
write()
read()
which waits for an incoming connection. When one arrives it returns an ordinary Socket connected
to the remote program.
• Socket a connected socket, a bi-directional communication stream between two possibly remote
programs. There are 2 ways to create a connected Socket:
– get one back from a ServerSocket accept,
– to create one and attempt to connect to a remote system:
Socket sock;
sock = new Socket(hostname,port);
which will attempt to establish a connection to the remote system hostname on their port.
• whichever way a connected socket is produced there are methods to get an InputStream and an
OutputStream from it using getInputStream and an getOutputStream respectively. These streams
are exactly the same as the streams returned when you open files, and they can be used in the same
way with read and write. Except reading and writeing these streams will receive and send data to
the other program to which the socket is connected.
if( args.length == 0 ) {
System.out.println(
"Usage: HTTPGet2 server file [port]");
System.exit(1);
} else if( args.length == 3 ) {
port = Integer.parseInt(args[2]);
} else {
port = 80;
}
try {
socket = new Socket(args[0], port);
toServer = socket.getOutputStream();
fromServer = socket.getInputStream();
request = "GET " + args[1] + " HTTP/1.1\r\n"
+ "Host: " + args[0] + "\r\n"
+ "Connection: Close\r\n\r\n";
toServer.write(request.getBytes());
rc = fromServer.read(buffer,0,BUFSIZ);
while (rc > 0) {
System.out.write(buffer,0,rc);
rc = fromServer.read(buffer,0,BUFSIZ);
}
toServer.close();
fromServer.close();
socket.close();
48 CHAPTER 7. JAVA NETWORK PROGRAMMING WITH SOCKETS
} catch (UnknownHostException e) {
System.err.println("Can’t find: " + args[0]);
System.exit(1);
} catch (IOException e) {
System.err.println("IO error");
System.exit(1);
}
}
}
The program is in the file HTTPGet2.java. This program will act as a dumb client. It will send a request
to a remote http server. To compile and run the program:
sally(373)$ javac HTTPGet2.java
sally(374)$ java HTTPGet2 slink.feis.herts.ac.uk /tiny.html
HTTP/1.1 200 OK
Date: Sun, 16 Mar 2003 23:32:10 GMT
Server: Apache/1.3.26 (Unix) Debian GNU/Linux
Last-Modified: Wed, 08 May 2002 23:45:10 GMT
Accept-Ranges: bytes
Content-Length: 492
Content-Type: text/html; charset=iso-8859-1
Connection: close
toServer.write(request.getBytes());
rc = fromServer.read(buffer,0,8192);
while (rc > 0) {
System.out.write(buffer,0,rc);
rc = fromServer.read(buffer,0,8192);
}
toServer.close();
fromServer.close();
socket.close();
}
}
if( args.length != 1 ) {
System.out.println("Usage: EchoServer port");
System.exit(1);
} else {
echoPort = Integer.parseInt(args[0]);
50 CHAPTER 7. JAVA NETWORK PROGRAMMING WITH SOCKETS
}
try {
serverSock = new ServerSocket(echoPort, 10);
while(true) {
connSock = serverSock.accept();
System.out.println("Got connection from "
+ connSock.getInetAddress().getHostName());
out = new PrintWriter(
connSock.getOutputStream(), true);
in = new BufferedReader(new InputStreamReader(
connSock.getInputStream()));
fromUser = in.readLine();
while (fromUser != null) {
out.println(fromUser);
fromUser = in.readLine();
}
out.close();
in.close();
connSock.close();
}
} catch (IOException e) {
System.err.println("EchoServer: error opening,"
+ " accepting or reading socket");
System.exit(1);
}
}
}
String userInput;
userInput = stdIn.readLine();
while (userInput != null) {
out.println(userInput);
System.out.println("echo: " + in.readLine());
userInput = stdIn.readLine();
}
out.close();
in.close();
stdIn.close();
echoSocket.close();
}
}
The program is in the file EchoClient0.java. This is very similar to HTTPGet.java except, of course, it
reads from a user, writes to the server, reads the response and displays it. To test the client server programs:
compile them both, run the server with an arbitrary port number:
tink(257)$ java EchoServer 3333
Got connection from 147.197.236.188
the line “hello” is read from the user, sent to the server returned by it, read from the socket by the client
and then printed “echo: hello”. Unlike the server the client only deals with one session, it only has one
loop to read and echo, when the user finishes (by typing control-d “^d” on Unix) the loop finishes and the
program finishes.
7.9 Threads
A thread enables one part of a program to be executed logically in parallel with another part. If we create
a new thread and start it then it will share CPU time with the main program (also a thread) and any other
threads. There are two ways to write Java threads (i) to implement the Runnable interface, or (ii) to inherit
from the Thread class. We will show the second because it is slightly simpler.
In order to write a thread it is necessary to provide (i) a constructor to set any attributes, and (ii) a single
function: public void run() which will be the separately scheduled code. Here is a very simple example
that declares one thread class, then creates and starts two thread objects:
import java.net.*;
import java.io.*;
Loopy(String mess) {
message = mess;
}
public void run() {
while(true) {
System.out.println(message);
}
}
}
public class Threads0 {
public static void main(String[] args) {
Thread thread1 = new Loopy("One ");
Thread thread2 = new Loopy(" Two");
thread1.start();
thread2.start();
}
}
52 CHAPTER 7. JAVA NETWORK PROGRAMMING WITH SOCKETS
The program is in the file Threads0.java. When the threads are started they execute their run routine
for ever repeatedly printing out their message. If this is compiled and run it can produce almost any output
sequences deoending on how the threads are scheduled, which means how they are allocated a share of the
CPU time. Here is part of one sequence:
Two
Two
Two
Two
One
Two
One
Two
One
public ServiceThread(Socket c) {
super("EchoServer service thread");
conn = c;
}
public void run() {
String fromUser;
PrintWriter out = null;
BufferedReader in = null;
try {
System.out.println("Got connection from "
+ conn.getInetAddress().getHostName());
out = new PrintWriter(conn.getOutputStream(), true);
in = new BufferedReader(
new InputStreamReader(conn.getInputStream()));
fromUser = in.readLine();
while (fromUser != null) {
out.println(fromUser);
fromUser = in.readLine();
}
out.close();
in.close();
conn.close();
} catch (IOException e) {
System.err.println("EchoServer: socket error");
System.exit(1);
}
}
}
public class EchoServerConc0 {
public static void main(String[] args)throws Exception{
while(true) {
7.10. A CONCURRENT SERVER 53
connSock = serverSock.accept();
serve = new ServiceThread(connSock);
serve.start();
}
}
}
These notes are an introduction to how the World-wide-web works. The treatment of topics is not uniform,
the notes are meant to survey nearly all aspects of the Web and in addition a more detailed treatment of CGI
programs work. The material is organised as follows:
• Something on HTTP,
• Quite a lot about CGI, the way in which programs are executed on a web server.
file.html
Example Page
This is an example page.
Figure 8.1 shows a client program requesting a file, tiny.html from a server system. The file is a text
file on the server’s disc, it contains source HTML. The client has sent an HTTP protocol request to the
55
56 CHAPTER 8. WWW, HTTP, HTML, CGI AND PHP
server, the server sent the file to the client, and the client program (netscape) has interpreted the HTML
and displayed the result on the client computer’s screen. The file tiny.html contains an HREF, a hyper-link:
<A HREF="http://www.xy.net/file.html"> a link</A>
that if selected will cause the browser to retrieve a file from www.xy.net.
8.2 HTML
Any type of file can be retrieved by a browser from a server: images, sound files, text files, or PDF; the
action taken depends on settings in the browser and its capabilities. For example most browsers can interpret
JPEG files themselves but with an MPEG movie they will execute a separate viewer program.
However, by far the commonest content of web files is HTML. HTML is a mark-up language, which
means it describes the layout of pages that can be interpreted to produce a readable image. Other examples
of mark-up language are TEX, LATEX, SGML (which is a meta markup language) and XML. Nearly all
web browsers can interpret and display HTML, though there are some text-oriented browsers like lynx that
interpret HTML but only display the results in a non-bitmapped display form.
HTML is a simple language:
• ordinary text is interpreted as itself and rendered in the current font and size,
• anything surrounded by <..> brackets is a formatting instruction.
Many formatting instructions “bracket” the text they apply to. For example:
<H1> This is a Heading </H1>
Will cause the text This is a Heading to be set as a “level one heading”, meaning bold and large. Notice
that the formatting is introduced by <H1> and ended by the same directive with “/” in front: </H1>.
The above picture used the URI http://localhost/example.html to retrieve the file from the server on my
own machine but http://blink.feis.herts.ac.uk/example.html should get a very similar file. Now the source
of the file:
<body bgcolor="#FFFFFF" >
</body>
Notes:
1. The language is not case-sensitive, <H1> means the same as <h1>.
2. The file contents are surrounded by <body> .. </body>; the opening declaration is followed by an
option that sets the background colour: <body bgcolor="#FFFFFF">. Other options can be set.
3. The <h1> surrounds text that will be set large and bold, <h2> is slightly less large, etc. Like the body
declaration it can be followed by an option, in this case to centre the heading.
4. The <p> starts a new paragraph, it is one of the few directives that doesn’t need a matching “slash”
terminator.
5. Images can be included using the <img ..> directive. Once again there is no terminator.
6. The <ul>..</ul> is a “bullet” list. Each item of the list is introduced by </li>.
7. The <a..>..</a> is a link. The HREF selects the destination of the link, the rest of the text between
<a ..> and </a> is displayed underlined so:
<a href="http://freshmeat.net/"> freshmeat</A>
will display: freshmeat on the screen, which will, if clicked, retrieve the index file from fresh-
meat.net.
8.4 HTTP
HTTP is the protocol used to communicate between a client and a server. HTTP defines what characters
can be sent along the socket stream connection.
The basic protocol is request and response. The server accepts a connection and the client sends a
request command line, various optional MIME lines and then a blank. The server must then send a response
line giving a success or failure code, followed by additional optional lines, then the blank line and finally,
if a file was successfully requested, the file contents (whether HTML, GIF or whatever).
That’s it. Except to look at a request and a response...
Using a “dumb server” it is possible to capture and print the HTTP sent by clients. The program binds
a high numbered port, say 8080, and accepts connections. It then just reads all the data from the socket and
prints it on the standard output. Then it just closes the socket and causes the client to report an error.
This is the HTTP request and options sent from netscape when it was given a URI like:
http://localhost:8080/abc.html
The other lines are optional. Some are very important and useful but are not obligatory.
Similarly it is possible to examine the responses from servers by using a “dumb client” that sends a
request to a server and prints out the complete response. This will show the HTTP response line with the
status code, various optional lines, a blank line then the retrieved file if any. It is not possible to see the
reponse from servers using a normal browser because they process the response lines and don’t show them.
The example apache responded to:
GET /tiny.html HTTP/1.0
8.5. CLIENT AND SERVER ADDITIONAL SERVICES 59
By sending back:
HTTP/1.1 200 OK
Date: Wed, 19 Jan 2000 01:43:00 GMT
Server: Apache/1.3.9 (Unix)
Last-Modified: Sun, 09 Jan 2000 23:41:23 GMT
ETag: "d112-1ec-38791ca3"
Accept-Ranges: bytes
Content-Length: 492
Connection: close
Content-Type: text/html
initial request
</FORM>
name: Jo Smith
request to execute
CGI with
form data
CGI program GET /cgi ..name="jo Smith"
executes
response from
CGI program
Thank you Jo
Smith
1000000 pounds
has been
taken from your
account
time
the above form is the sort of thing sent to the browser first. This produces a simple screen like:
8.7. SERVER SIDE: CGI PROGRAMS 61
If data is entered and the “Send” button is pressed the browser will generate a GET request and send name
and address values to localhost. The requested URI will normally be for an “executable”, CGI or PHP,
which will run, get the arguments (see later for how it gets them), and send back so response to the client.
http://blink.cs.herts.ac.uk/cgi-bin/printenv
would result in running the program printenv (if there is one on blink). Normally this server directory
is protected from users.
• Some servers enable ordinary users to have cgi-bin sub-directories in their public_html directories.
This is not always permitted on some safety conscious systems because CGI programs are regarded
as potential security risks. So if allowed:
http://blink.cs.herts.ac.uk/~fred/cgi-bin/hello
http://www.cs.herts.ac.uk/~bill/test.cgi
8.7.2 “scripts”
On Unix systems there are lots of types of file that can be executed in addition to binary machine code
“a.out” files. When a file is “exec-ed” the kernel examines the first line of the file to find the name of a
language interpreter, if there is one it is run and given the file to interpret. The format of the first line is !#
followed by the full path to the interpreter, so:
#!/bin/bash
..
will cause the shell bash to be executed and given the file of shell commands to interpret.
Very often such programs in interpreted languages are called scripts, it is because such “scripts” are
often used for CGI that the programs are sometimes called “cgi-bin scripts”. There are loads of interpreted
languages used on Unix: Unix shell (or bash) command files, PERL, TCL, Awk, Python, and many more.
62 CHAPTER 8. WWW, HTTP, HTML, CGI AND PHP
#!/bin/bash
echo "Content-type: text/html"
echo
echo "<H1> Hello </H1>"
echo "<H3> from $SERVER_NAME </h3>"
echo "<p>"
echo "the date and time are: ‘date‘"
Notes:
• For now ignore Content-type:, that will be discussed soon.
• The echo command just writes its arguments to standard output; the server must put the connected
client socket on the standard output (using dup or dup2) for the script before it is executed (using
exec) so that all the standard output will go down the connection to the client.
• Unix shells have variables (and environment variables, more later) their value can be accessed by
preceding them with a dollar, so
$SERVER_NAME
is replaced by the value of SERVER_NAME which is set by the server to the hostname.
• In a Unix shell script ‘prog-name‘ is replaced by the standard output that results from executing the
command named: prog-name. Amazing! (Well I think so). The command:
echo "the date and time are: ‘date‘"
• for a shell script to be run by the server it must have execute permissions set for all:
chmod a+x hello.cgi
If, to test your script, you run it directly from your home directory, the output will be:
rabbit(2133)$ public_html/hello.cgi
Content-type: text/html
Notice that there was no value for SERVER_NAME because it was not executed by a web server. If you invoke
it via a browser it might look like:
Alternatively you can use binary executable files instead of shell scripts. The following C++ program,
cpp-hello.cc, will produce output almost identical to the hello script.
8.7. SERVER SIDE: CGI PROGRAMS 63
#include <iostream.h>
#include <stdlib.h>
int main(int argc, char *argv[]) {
cout << "Content-type: text/html\n";
cout << "\n";
cout << "<H1> C++ Hello </H1>\n";
cout << "<H3> from " << getenv("SERVER_NAME") << "</h3>\n";
cout << "<p>\n";
cout << "the date and time are: "; cout.flush();
system("date");
cout << "\n";
}
Note:
• If users’ home directories are networked and NFS mounted by different types of machine there can
be problems with binary executable files. If you compile the C++ program on a Sun computer but
test it by calling a web server on an Intel system it will fail! Wrong binary machine instructions. So
make sure that both the system you compile on and the system the server runs on are the same.
• The system library routine system(..) causes the named shell command to be executed (by a hidden
sub-shell) and the results sent to the standard output.
• The system function getenv() returns the string value (actually it’s char *) of the named environ-
ment variable. (more on environment variables next).
will prefix the bin directory in your home directory to the current value of PATH and then re-assign to
PATH. Environment variables are automatically “inherited” from the parent process whenever a new process
is started. So environment variables usually only need to be set once during login, they are then passed
automatically to every program run thereafter. Users normally use the file .bash_profile or .profile to
set their environment. However if necessary a program can add or change environment variables after fork
but before exec using the system library routine putenv so that the environment of the new process will be
different, or to pass extra information to it.
Web servers must set certain environment variables for CGI programs. Here is a little CGI program that
prints out some of the environment variables set by the server:
#!/bin/sh
echo Content-type: text/plain
echo
echo CGI/1.0 part of the environment:
echo
echo SERVER_SOFTWARE = $SERVER_SOFTWARE
echo SERVER_NAME = $SERVER_NAME
echo SERVER_PROTOCOL = $SERVER_PROTOCOL
echo SERVER_PORT = $SERVER_PORT
echo REQUEST_METHOD = $REQUEST_METHOD
echo SCRIPT_NAME = "$SCRIPT_NAME"
echo QUERY_STRING = "$QUERY_STRING"
echo REMOTE_HOST = $REMOTE_HOST
echo REMOTE_ADDR = $REMOTE_ADDR
64 CHAPTER 8. WWW, HTTP, HTML, CGI AND PHP
Notice that this program doesn’t send HTML and therefore was considerate enough to tell the browser by
sending Content-type: text/plain and not text/html.
• Check what sort of HTTP request it is. It might be the GET or the POST method (for the CS2
coursework assume it can only be GET, say “not implemented” otherwise).
• Send the correct HTTP response down the new socket to the client. Eg:
HTTP/1.0 200 OK
Date: Wed, 19 Jan 2000 13:13:44 GMT
Server: MyServer version 0.1
NB it is the job of the server to send the response line and maybe a couple of MIME lines. But it
doesn’t send the vital Content-type: and blank line, it can’t, it doesn’t know what content will be
generated by the CGI program. These lines must be sent by the CGI program immediately it starts,
that’s why all the scripts start with:
echo "Content-type: text/html"
echo
• “re-plumb” the input and output for the CGI program. This will involve closing and duplicating file
descriptors. At the very least put the new socket on the standard output, dup2(newsock,1).
• The actual path sent in the GET request will not have the hostname etc., it is just:
cgi-bin/query?pg=q&what=web&q=j+s+bach
8.8. SERVER SIDE: PHP 65
• The query consists of name value pairs: pg=q, what=web and q=j+s+bach, The pairs are separated
by “&”.
• Spaces have been replaced by “+”.
The query string is split from the program file name by the server and given to the program via an envi-
ronment variable: QUERY_STRING. There are numerous packages and library functions available for CGI
programs to carry out the separation of all the name value pairs and the re-replacement of “+” by spaces.
this is the same form as used in section 8.6. If data is entered and the “Send” button is pressed the browser
will generate the following URI query string:
/~bob/cpp-print.cgi/?name=Jo+Bloggs&address=11+The+Avenue
everything else is the same but the METHOD attribute has been changed to POST. If this is filled in and then
sent by a browser the HTTP request might look like this:
POST /cpp-print.cgi HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 Gecko/20030624 Netscape/7.1
Accept: text/xml,application/xml,...
...
Connection: keep-alive
Referer: http://localhost/~bob/fp.html
Content-Type: application/x-www-form-urlencoded
Content-Length: 41
name=Tony+Blair&address=10+Downing+Street
the CGI, PHP or JSP program must know how the data is sent, or check the method used.
<?php
$pot = 1;
while($pot < 10000) {
print(" $pot <br>\n");
$pot = $pot * 2;
}
?>
</body>
</html>
Note that:
• a PHP file is basically HTML with bits of code in the middle,
• PHP code is surrounded by:
<?php
...
?>
• variable names are preceded by $, and they don’t need to be declared,
• the output of the print statement goes down the connection to the client with the surrounding HTML.
Here is another example, this one examines an element in a pre-defined array. When PHP programs are
executed many special values are set, this one is the type of the HTTP request, either GET or POST. Further
note that PHP arrays can be indexed by numbers or by strings (this type of array is sometimes called an
associative array).
<html>
<head> <title>PHP Test</title> </head>
<body>
<h2> Which method was used </h2>
<p>
<?php
$rm = $_SERVER["REQUEST_METHOD"];
if( $rm ) {
print("Request method was: $rm <br>\n" );
} else {
print("REQUEST_METHOD not set <br>\n" );
}
?>
</body>
</html>
8.9. CLIENT SIDE (BROWSER) SERVICES 67
The PHP interpreter can be run outside the web server. It can be a good way to debug programs. Also,
in this case, it shows the HTML being sent to the standard output which will normally be the browser
connection, but here is the console.
sally(309)$ php4 method-check.php
X-Powered-By: PHP/4.1.2
Content-type: text/html
<html>
<head> <title>PHP Test</title> </head>
<body>
<h2> Which method was used </h2>
<p>
REQUEST_METHOD not set <br>
</body>
</html>
sally(310)$
Javascript which is a language that can be embedded in HTML code between <script> and </script>.
Javascript source code is interpreted by the browser. The language has no existence outside HTML. It
is usually used to add checking or animation to an HTML file. All attributes of the currently displayed
HTML: links, images, colours etc., are accessible from Javascript making it a very powerful tool for
manipulating pages.
browser plugins these vary from movie players that are run when a video is downloaded, to complicated
interpreters for animations like flash that are integrated into the display. In fact Java is implemented
using a Java byte code interpreter plugin.
Java Java is a complete programming language, it exists outside browsers and HTML. However most
browser have a built-in interpreter for the byte-code form of Java. Java is less closely integrated into
HTML and the browser however it is musch more general purpose language than Javascript making
it better for more complicated applications.
function checkage() {
var a;
a = parseInt(document.okform.age.value);
68 CHAPTER 8. WWW, HTTP, HTML, CGI AND PHP
if (a<=2 || a>=110) {
window.alert("age between 3 and 109 please");
document.okform.name.value = "";
document.okform.age.value = "";
return false;
} else {
return true;
}
}
</SCRIPT>
</HEAD>
<BODY>
<H1 ALIGN="CENTER">Silly form</H1>
This is the output if the form is loaded into a browser, given unsuitable input and then the “send” button is
pressed:
Chapter 9
packages uk www
ic herts ucl
www
• allocating names and numbers to systems that belong in the zone, or pointing (delegating) to the name
servers in sub-zones,
• maintaining two or more name servers to translate name requests to addresses of systems or of name
servers for sub-zones.
69
70 CHAPTER 9. THE DOMAIN NAME SERVICE DNS
This organisation can cope with the dynamic distributed nature of the network structure, the responsibility
for translating names is passed down to the groups who allocate names and numbers to systems.
In order to enable end user zones to be found various network organisations provide intermediate zones,
at the “top” there are about 20 name servers that know about how to find the next level name servers, .com,
.uk etc. A zone doesn’t always correspond to one domain name level. It is possible for one zone to have
two or more levels of name hierarchy supported by its name servers. In picture 9.2 there is one zone to
packages uk www
ic herts ucl
www
• local applications in that zone that need to begin resolve a local or remote name, the name server
must, if necessary, contact other name servers on their behalf, or
• other name servers that need to find out about the names in the name servers domain.
• if it is a local name in this system’s zone, lookup the table and return the number,
• search the cache to see if it has been recently requested and saved,
• contact a “top-level” server (all DNS programs know these numbers), and ask for the name,
• the top-level server will probably not know the full answer but it will know somebody who does
know, in other words it will match the rightmost part of the domain name and provide the address of
the name server for the next zone,
• the original name server then sends the same query to this next name server, and either get the answer
or another name server address,
• Some system on the internet has an application that asks its local name server for the address of
slink.feis.herts.ac.uk.
9.3. RESOLVING A NAME 71
client
response
request
request
client server
response
response
request
client
With the peer-to-peer architecture any system can initiate requests or act as a server and receive requests:
request
servent servent
B C
response
response
request
servent
A
in the above picture each participant is called a servent1 , and servent B is acting as a server for servent C,
receiving a request and sending a response, but also behaving as a client and sending a request to servent A.
The definition concerns the way the parts of a network application interact, the nature of their protocol, it
is not necessarily about how the user perceives the system. It is possible to have a person-to-person system
such as a network message exchange where each participant seems both to send and receive messages,
however the program implementation could involve a central server that routes the messages, the client
programs initiate the connections to the central server, they don’t receive incoming requests.
In addition the difference between client-server and peer-to-peer is not anything to do with the under-
lying network operation or topology below the application layer where all systems can be considered to to
uniformly connected and all can open or receive connections.
73
74 CHAPTER 10. PEER TO PEER NETWORKS
programs go through special purpose central servers but will support direct client to client connections for
file transfers or video links.
client client
A C
p−2−p
for file server
transfer
interactive messages
client A−B and B−A via
B the server
10.4 Gnutella
Gnutella is an application network sitting on the internet, it has a continually changing topology as systems
are turned on and join or are disconnected, in addition it seems to generate a lot of traffic. Each active node
(servent, client or wahtever it is called) tries to maintain a small number of open TCP connections to other
nodes, usually between 3 and 10, this produces the network structure, if connections break (systems turned
off) a node establish new connections. There is no central server, and at the moment, no login procedure.
– record the unique message number in a table with the address from which it was received,
– decrement the TTL count, and if it is not zero. . .
– pass the request on to all their neighbours (except on the link they received it on),
Note that if the same search request is received on another connection, which is highly likely because
of the tangled, arbitrary structure of the net, it can easily be discarded because the search request’s
unique number has been recorded in the table.
• each node that receives the search request also performs the search on its files, and forms a search
response with a variable length list of files satisfying the search. The response will include the search
request’s unique identifier and also the address of node forming the reply. The response will be sent
back only on the connection from which it was received,
• any intermediate node will, in addition to forming its own search response, receive responses from
other systems it propogated the original search to. It will then forward these responses back to the
originator by using the unique number to look up its table to see which connection it got the original
request on.
• When the responses arrive back at the initiator they will be shown to the user who will select which
one to fetch. The file transfer uses the HTTP protocol’s GET request; each node program contains its
own code to act as a little HTTP server and client to deal with the file transfers. The HTTP connection
will be a single new direct connection to the selected file’s node–no viral propogation this time; this
is possible because the necessary IP address was included in the search response.
• is propogated like a search request, every node recording its incoming connection and number it the
table,
The use is that recipients respond to it with “PONG” replies. A PONG reply contains:
• the number, and total size of offered files on the replying system
These PONG messages get returned to the iniiator just like search replies. When PONGs get back the system
that started the PING it will have loads of IP addresses, it can then use these to try to open connections using
“GNUTELLA CONNECT”.
Additionally PINGs can be sent out later to get more IP addresses if nodes that are used for connections
are turned off.
76 CHAPTER 10. PEER TO PEER NETWORKS
where M is the “plain-text” message, K is the key, E is the encrypted message, and encrypt is the secret key
encryption algorithm, for example DES. The only way the message can be decrypted is with the same key
K, Bob has the key aswell so he does:
M = decrypt(K, E)
and can read the message. Nobody else can read it, unless they know the secret key. Features of secret key:
• quite efficient and fast, can encode streams of data,
• has the problem of key distribution, how do you pass secret keys around safely?
The 2 can be put together. Alice will encrypt with her private key and then encrypt the result with Bob’s
public key:
77
78 CHAPTER 11. NETWORK SECURITY
• quite inefficient and slow, can only encode small amounts of data,
• there still remains the problem of knowing that the person who claims to own a public key really does
own it.
Now Bob wants to download the program F and be confident nobody has altered it or added a virus, so he
dowmloads F and ED. He first computes the D of F using the same algorithm MD, then decrypts ED using
Alice’s public key, and finally compares them.
If they are the same he knows nobody has tampered with F since Alice calculate D, and nobody but Alice
could have done it.
11.1.4 Certificates
There is a remaining problem: how to you know that a public key belongs to the person who presents it?
The solution is to use a “well known authority” to verify that a public key belongs to a specific person. It
uses a certificate. If Bob wants a certificate he:
• goes to a well known authority (there are many, including companies like Verisign)
• pays some money, and receives a certificate consisting of his public key and a statement of his identity
(name, email, address etc.) all hashed and signed with the private key of the authenticating company
(the “well known authority”).
Then Alice (or anybody else) can verify his public key belongs to him, they compute the hash key, and
compare it with the “signature” decoded with the public key of the authenticator.
11.1.5 SSL
There are many protocols and applications of encryption, PEM and PGP can be used to encrypt e-mail,
IPSec encrypts IP network connections, Kerberos deals with user authentication, and many others. One of
the best known protocols is SSL (and its newer standardised version TLS), it is used for authenticating and
encrypting program to program (transport) connections. It is nearly always used by Web servers that require
a credit card number to be submitted.
The server system (being run by Bob) has its own certificate (yes computers can have certificates).
Alice wants to buy a Linux palm computer from his site so she will initiate an HTTPS connection (one
using SSL):
11.2. SYSTEM SECURITY WITHOUT NETWORKING 79
• the client sends initial request and suggests some encryption preferences, also a random number Rc ,
the random number is used later,
• server responds with a choice from encryption preferences, and its random number Rs
• server sends certificate which is checked by the client, if the server wants the client to authenticate
itself using its certificate it asks for it now, the process will be similar, otherwise it says “done” so
they can move on to the next step,
• client sends a value to be used as a secret key (stage 1) for encrypting the whole session after the
handshake is complete. This is encrypted with the server’s public key.
• now both ends can compute the final secret session key based on the random numbers exchanged
earlier and the stage 1 session key sent by the client,
• all the transaction messages encrypted using the symmetric secret key just generated.
• Use of stolen or unprotected user accounts via telnet and similar programs,
• At the data-link layer, for example Ethernet, packets can be observed and examined by any system
attached to the Ethernet. These are called packet sniffers. Passwords, credit card numbers or confi-
dential data are stolen.
• At the network layer people can install false routing systems to intercept and even change packets.
This can be done by masquerading as DNS servers.
• Systems can be flooded with traffic at the application or the transport layer causing services to fail.
These are “denial of service attacks”.
• Here is a simple ISDN, cable modem or phone line linking a small network to the internet.
• I’ve got one at home,
_________ __________
_/\__/\_ | Router | | | ____________
| | | or | (DMZ) | Firewall | (LAN) | |
/ Internet \--|Cable Mdm|-(HUB)-| System |-(HUB)-|Workstations|
\_ _ _ _/ |_________| | |__________| |____________|
11.7. ENCRYPTING NETWORK CONNECTIONS 81
\/ \/ \/ |
(Outside)
(Server)
• application level authentication and encryption of connections, such as SSL between WWW servers
and browsers. The data is encrypted by the network applications.
– it is used by secure servers and browsers for passing credit card numbers.
• network level authentication and encryption, called IPSec (also called: Virtual Private Networks
VPNs). All traffic leaving a site to one or more remote sites is encrypted.
– IPSec must be arranged between sites so it cannot be used for arbitrary connections to single
remote server programs,
– traffic emerging from the firewall is vulnerable to attack inside the local network before it
reaches the application
• all IP packets to or from given destinations are encrypted and decrypted at a gateway or firewall
system. Applications making connections to systems and programs on the remote destination site
will have all their packets made secure as they leave the site.
• this only works between sites or dialup systems that have made prior arrangements, for example:
different sites of a company of salesmen contacting their home site.
• It supports traffic encryption and authentication of the remote sites to establish the secure link. Key
exchange and management is vital for links to be established safely.
• systems often change the public key used to encrypt the connection to reduce the risk of cracking.
82 CHAPTER 11. NETWORK SECURITY
site A site B
• Here sites A and B and the remote host C share a secure private network.
• no other systems on the network can spy on their traffic as it crosses the internet,
• any computer on site A contacting a computer on site B will have its traffic encrypted,
• connections can be made from computers on sites A or B to systems elsewhere on the internet but
their traffic won’t then be encrypted.
• another example is OpenSSH (and the original SSH) that provides secure encrypted login sessions, it
is a secure replacement for telnet,
• it uses secret key encryption for traffic and provides routines to support authentication using public
key encryption,
• with WWW servers there are usually two main goals: encrypted traffic and authenication of the
server, so you don’t give your credit card number to the wrong system. The validation and authen-
tication of the server is done using certificates recognised by browsers and issued by well known
authorities. This is support by SSL but is really part of the application.
11.11. USING SSL 83
client server
using using
SSL SSL
site A site B
other site
network
11.12 Openssh
• openssh is an end to end secure replacement for telnet, rlogin and rsh,
• it authenticates the human client and the remote server,
• it encrypts all the network traffic transmitted between the client and the server,
• openssh is an open source derivative of ssh that has become a commercial product,
• it supports 1024 bit user RSA public/private keys for authentication
• it has a choice of conventional cyphers for encrypting, currently 3DES and Blowfish,
• it is implemented on top of openssl the open source Secure socket layer, it is SSL that encrypts the
data that is transmitted.
• (unfortunately it doesn’t seem very easy to set up!).
11.13 Structure
There are two main programs:
• sshd the daemon that must be running on the server that receives connections. It must be run privi-
leged (as root). This program is responsible for:
– accepting connections
– authenticating itself to clients
– authenticating clients,
– establishing the session: starting a shell etc.
• ssh the client program that makes the connection. It is not privileged. It does:
– authenticating the remote server computer,
– depending on various local files and the users configuration it selects and tries different user
authentication methods on behalf of the user,
– it requests other secure channels from the server, if required, for X display etc.