Chapter 6: Application Layer

Download as pdf or txt
Download as pdf or txt
You are on page 1of 10

CHAPTER 6: APPLICATION LAYER A Web browser usually opens to a starting or "home" page.

The URL of
HTTP: the home page has already been stored in the configuration area of the
Hypertext Transfer Protocol (HTTP) works with the World Wide Web, Web browser and can be changed at any time. From the starting page,
which is the fastest growing and most used part of the Internet. One of click on one of the Web page hyperlinks, or type a URL in the address bar
the main reasons for the extraordinary growth of the Web is the ease of the browser. The Web browser examines the protocol to determine if
with which it allows access to information. A Web browser is a client- it needs to open another program, and then determines the IP address of
server application, which means that it requires both a client and a server the Web server using DNS. Then the transport layer, network layer, data
component in order to function. A Web browser presents data in link layer, and physical layer work together to initiate a session with the
multimedia formats on Web pages that use text, graphics, sound, and Web server. The data that is transferred to the HTTP server contains the
video. The Web pages are created with a format language called folder name of the Web page location. The data can also contain a
Hypertext Markup Language (HTML). HTML directs a Web browser on a specific file name for an HTML page. If no name is given, then the default
particular Web page to produce the appearance of the page in a specific name as specified in the configuration on the server is used.
manner. In addition, HTML specifies locations for the placement of text,
files, and objects that are to be transferred from the Web server to the The server responds to the request by sending to the Web client all of the
Web browser. text, audio, video, and graphic files specified in the HTML instructions.
The client browser reassembles all the files to create a view of the Web
Hyperlinks make the World Wide Web easy to navigate. A hyperlink is an page, and then terminates the session. If another page that is located on
object, word, phrase, or picture, on a Web page. When that hyperlink is the same or a different server is clicked, the whole process begins again.
clicked, it directs the browser to a new Web page. The Web page
contains, often hidden within its HTML description, an address location FTP and TFTP:
known as a Uniform Resource Locator (URL). FTP is a reliable, connection-oriented service that uses TCP to transfer
files between systems that support FTP. The main purpose of FTP is to
In the URL http://www.cisco.com/edu/, the "http://" tells the browser transfer files from one computer to another by copying and moving files
which protocol to use. The second part, "www", is the hostname or name from servers to clients, and from clients to servers. When files are copied
of a specific machine with a specific IP address. The last part, /edu/ from a server, FTP first establishes a control connection between the
identifies the specific folder location on the server that contains the client and the server. Then a second connection is established, which is a
default web page. link between the computers through which the data is transferred. Data
transfer can occur in ASCII mode or in binary mode. These modes
determine the encoding used for data file, which in the OSI model is a
presentation layer task. After the file transfer has ended, the data
connection terminates automatically. When the entire session of copying
and moving files is complete, the command link is closed when the user
logs off and ends the session.
TFTP is a connectionless service that uses User Datagram Protocol (UDP). 4. If someone was planning to be away on business for several weeks and
TFTP is used on the router to transfer configuration files and Cisco IOS wanted all incoming e-mail to be handled by his secretary, this was not
images and to transfer files between systems that support TFTP. TFTP is easy to arrange.
designed to be small and easy to implement. Therefore, it lacks most of 5. The user interface was poorly integrated with the transmission system
the features of FTP. TFTP can read or write files to or from a remote requiring users first to edit a file, then leave the editor and invoke the
server but it cannot list directories and currently has no provisions for file transfer program.
user authentication. It is useful in some LANs because it operates faster 6. It was not possible to create and send messages containing a mixture
than FTP and in a stable environment it works reliably. of text, drawings, facsimile, and voice.

Electronic Mail As experience was gained, more elaborate e-mail systems were
proposed. In 1982, the ARPANET e-mail proposals were published as RFC
E-mail, like most other forms of communication, has its own conventions 821 (transmission protocol) and RFC 822 (message format). In 1984,
and styles. In particular, it is very informal and has a low threshold of use. CCITT drafted its X.400 recommendation. After two decades of
People who would never dream of calling up or even writing a letter to a competition, e-mail systems based on RFC 822 are widely used, whereas
Very Important Person do not hesitate for a second to send a sloppily- those based on X.400 have disappeared. The reason for RFC 822's success
written e-mail. Many people use little ASCII symbols called smileys or is not that it is so good, but that X.400 was so poorly designed and so
emoticons in their e-mail. complex that nobody could implement it well.

The first e-mail systems simply consisted of file transfer protocols, with Well known protocols for email are SMTP, POP3, IMAP etc. Email servers
the convention that the first line of each message (i.e., file) contained the communicate with each other using the Simple Mail Transfer Protocol
recipient's address. As time went on, the limitations of this approach (SMTP) to send and receive mail. The SMTP protocol transports email
became more obvious. messages in ASCII format using TCP.

Some of the complaints were as follows: When a mail server receives a message destined for a local client, it
stores that message and waits for the client to collect the mail. There are
1. Sending a message to a group of people was inconvenient. Managers several ways for mail clients to collect their mail. They can use programs
often need this facility to send memos to all their subordinates. that access the mail server files directly or collect their mail using one of
2. Messages had no internal structure, making computer processing many network protocols. The most popular mail client protocols are POP3
difficult. For example, if a forwarded message was included in the and IMAP4, which both use TCP to transport data. Even though mail
body of another message, extracting the forwarded part from the clients use these special protocols to collect mail, they almost always use
received message was difficult. SMTP to send mail. Since two different protocols, and possibly two
3. The originator (sender) never knew if a message arrived or not. different servers, are used to send and receive mail, it is possible that
mail clients can perform one task and not the other. Therefore, it is
usually a good idea to troubleshoot e-mail sending problems separately
from e-mail receiving problems.

When checking the configuration of a mail client, verify that the SMTP
and POP or IMAP settings are correctly configured. A good way to test if a
mail server is reachable is to Telnet to the SMTP port (25) or to the POP3
port (110). The following command format is used at the Windows
command line to test the ability to reach the SMTP service on the mail
server at IP address 192.168.10.5:

C:\>telnet 192.168.10.5 25

The SMTP protocol does not offer much in the way of security and does
not require any authentication. Administrators often do not allow hosts
that are not part of their network to use their SMTP server to send or
relay mail. This is to prevent unauthorized users from using their servers DNS—The Domain Name System
as mail relays.
Although programs theoretically could refer to hosts, mailboxes, and
other resources by their network (e.g., IP) addresses, these addresses are
hard for people to remember. Also, sending e-mail to
[email protected] means that if Tana's ISP or organization moves the
mail server to a different machine with a different IP address, her e-mail
address has to change. Consequently, ASCII names were introduced to
decouple machine names from machine addresses. In this way, Tana's
address might be something like [email protected]. Nevertheless, the
network itself understands only numerical addresses, so some
mechanism is required to convert the ASCII strings to network addresses.

The essence of DNS is the invention of a hierarchical, domain-based


naming scheme and a distributed database system for implementing this
naming scheme. It is primarily used for mapping host names and e-mail
destinations to IP addresses but can also be used for other purposes.
The DNS Name Space three more specialized top-level domains were introduced at the request
Conceptually, the Internet is divided into over 200 top-level domains, of certain industries. These are aero (aerospace industry), coop (co-
where each domain covers many hosts. Each domain is partitioned into operatives), and museum (museums). Other top-level domains will be
subdomains, and these are further partitioned, and so on. All these added in the future.
domains can be represented by a tree, as shown in Fig.7-1. The leaves of
the tree represent domains that have no subdomains (but do contain In general, getting a second-level domain, such as name-of-
machines, of course). A leaf domain may contain a single host, or it may company.com, is easy. It merely requires going to a registrar for the
represent a company and contain thousands of hosts. corresponding top-level domain (com in this case) to check if the desired
name is available and not somebody else's trademark. If there are no
problems, the requester pays a small annual fee and gets the name. By
now, virtually every common (English) word has been taken in the com
domain. Try household articles, animals, plants, body parts, etc. Nearly all
are taken.

Each domain is named by the path upward from it to the (unnamed) root.
The components are separated by periods (pronounced ''dot''). Thus, the
engineering department at Sun Microsystems might be eng.sun.com,
rather than a UNIX-style name such as /com/sun/eng. Notice that this
hierarchical naming means that eng.sun.com does not conflict with a
Fig.1. A portion of the Internet domain name space. potential use of eng in eng.yale.edu, which might be used by the Yale
English department.

Domain names can be either absolute or relative. An absolute domain


name always ends with a period (e.g., eng.sun.com.), whereas a relative
The top-level domains come in two flavors: generic and countries. The
one does not. Relative names have to be interpreted in some context to
original generic domains were com (commercial), edu (educational
uniquely determine their true meaning. In both cases, a named domain
institutions), gov (the U.S. Federal Government), int (certain international
refers to a specific node in the tree and all the nodes under it. Domain
organizations), mil (the U.S. armed forces), net (network providers), and
names are case insensitive, so edu, Edu, and EDU mean the same thing.
org (nonprofit organizations). The country domains include one entry for
Component names can be up to 63 characters long, and full path names
every country, as defined in ISO 3166.
must not exceed 255 characters.
In November 2000, ICANN approved four new, general-purpose, top-level
In principle, domains can be inserted into the tree in two different ways.
domains, namely, biz (businesses), info (information), name (people's
For example, cs.yale.edu could equally well be listed under the ‘us’
names), and pro (professions, such as doctors and lawyers). In addition,
country domain as cs.yale.ct.us. In practice, however, most organizations Resource Records
in the United States are under a generic domain, and most outside the Every domain, whether it is a single host or a top-level domain, can have
United States are under the domain of their country. There is no rule a set of resource records associated with it. For a single host, the most
against registering under two top-level domains, but few organizations common resource record is just its IP address, but many other kinds of
except multinationals do it (e.g., sony.com and sony.nl). resource records also exist. When a resolver gives a domain name to DNS,
what it gets back are the resource records associated with that name.
Each domain controls how it allocates the domains under it. For example, Thus, the primary function of DNS is to map domain names onto resource
Japan has domains ac.jp and co.jp that mirror edu and com. The records.
Netherlands does not make this distinction and puts all organizations
directly under nl. Thus, all three of the following are university computer A resource record is a five-tuple. Although they are encoded in binary for
science departments: efficiency, in most expositions, resource records are presented as ASCII
text, one line per resource record. The format we will use is as follows:
1. cs.yale.edu (Yale University, in the United States)
2. cs.vu.nl (Vrije Universiteit, in The Netherlands) Domain_name Time_to_live Class Type Value
3. cs.keio.ac.jp (Keio University, in Japan)
The Domain_name tells the domain to which this record applies.
To create a new domain, permission is required of the domain in which it Normally, many records exist for each domain and each copy of the
will be included. For example, if a VLSI group is started at Yale and wants database holds information about multiple domains. This field is thus the
to be known as vlsi.cs.yale.edu, it has to get permission from whoever primary search key used to satisfy queries. The order of the records in the
manages cs.yale.edu. Similarly, if a new university is chartered, say, the database is not significant. The Time_to_live field gives an indication of
University of Northern South Dakota, it must ask the manager of the edu how stable the record is. Information that is highly stable is assigned a
domain to assign it unsd.edu. In this way, name conflicts are avoided and large value, such as 86400 (the number of seconds in 1 day). Information
each domain can keep track of all its subdomains. Once a new domain that is highly volatile is assigned a small value, such as 60 (1 minute). The
has been created and registered, it can create subdomains, such as third field of every resource record is the Class. For Internet information,
cs.unsd.edu, without getting permission from anybody higher up the tree. it is always IN. For non-Internet information, other codes can be used, but
in practice, these are rarely seen. The Type field tells what kind of record
Naming follows organizational boundaries, not physical networks. For this is. The most important types are listed in Fig.2.
example, if the computer science and electrical engineering departments
are located in the same building and share the same LAN, they can
nevertheless have distinct domains. Similarly, even if computer science is
split over Babbage Hall and Turing Hall, the hosts in both buildings will
normally belong to the same domain.
The first noncomment line of Fig.3 gives some basic information about
the domain, which will not concern us further. The next two lines give
textual information about where the domain is located. Then come two
entries giving the first and second places to try to deliver e-mail sent to
[email protected]. The zephyr (a specific machine) should be tried first. If
that fails, the top should be tried as the next choice.

Name Servers
Fig.7-2. . The principal DNS resource record types for IPv4. In theory at least, a single name server could contain the entire DNS
database and respond to all queries about it. In practice, this server
Finally, we have the Value field. This field can be a number, a domain would be so overloaded as to be useless. Furthermore, if it ever went
name, or an ASCII string. The semantics depend on the record type. A down, the entire Internet would be crippled.
short description of the Value fields for each of the principal record types
is given in Fig.2. To avoid the problems associated with having only a single source of
information, the DNS name space is divided into nonoverlapping zones.
For an example of the kind of information one might find in the DNS One possible way to divide the name space of Fig.1 is shown in Fig.4. Each
database of a domain, see Fig.3. This figure depicts part of a zone contains some part of the tree and also contains name servers
(semihypothetical) database for the cs.vu.nl domain shown in Fig.1. The holding the information about that zone. Normally, a zone will have one
database contains seven types of resource records. primary name server, which gets its information from a file on its disk,
and one or more secondary name servers, which get their information
from the primary name server. To improve reliability, some servers for a
zone can be located outside the zone.

Fig.3. A portion of a possible DNS database for cs.vu.nl


Fig.4. Part of the DNS name space showing the division into zones.
Let us suppose the local name server has never had a query for this
Where the zone boundaries are placed within a zone is up to that zone's domain before and knows nothing about it. It may ask a few other nearby
administrator. This decision is made in large part based on how many name servers, but if none of them know, it sends a UDP packet to the
name servers are desired, and where. For example, in Fig.4, Yale has a server for edu given in its database (see Fig.5), edu-server.net. It is
server for yale.edu that handles eng.yale.edu but not cs.yale.edu, which is unlikely that this server knows the address of linda.cs.yale.edu, and
a separate zone with its own name servers. Such a decision might be probably does not know cs.yale.edu either, but it must know all of its own
made when a department such as English does not wish to run its own children, so it forwards the request to the name server for yale.edu (step
name server, but a department such as computer science does. 3). In turn, this one forwards the request to cs.yale.edu (step 4), which
Consequently, cs.yale.edu is a separate zone but eng.yale.edu is not. must have the authoritative resource records. Since each request is from
a client to a server, the resource record requested works its way back in
When a resolver has a query about a domain name, it passes the query to steps 5 through 8.
one of the local name servers. If the domain being sought falls under the
jurisdiction of the name server, such as ai.cs.yale.edu falling under Once these records get back to the cs.vu.nl name server, they will be
cs.yale.edu, it returns the authoritative resource records. An authoritative entered into a cache there, in case they are needed later. However, this
record is one that comes from the authority that manages the record and information is not authoritative, since changes made at cs.yale.edu will
is thus always correct. Authoritative records are in contrast to cached not be propagated to all the caches in the world that may know about it.
records, which may be out of date. For this reason, cache entries should not live too long. This is the reason
that the Time-to-live field is included in each resource record. It tells
If, however, the domain is remote and no information about the remote name servers how long to cache records. If a certain machine has
requested domain is available locally, the name server sends a query had the same IP address for years, it may be safe to cache that
message to the top-level name server for the domain requested. To make information for 1 day. For more volatile information, it might be safer to
this process clearer, consider the example of Fig.5. Here, a resolver on purge the records after a few seconds or a minute.
flits.cs.vu.nl wants to know the IP address of the host linda.cs.yale.edu. In
step 1, it sends a query to the local name server, cs.vu.nl. This query While DNS is extremely important to the correct functioning of the
contains the domain name sought, the type (A) and the class (IN). Internet, all it really does is map symbolic names for machines onto their
IP addresses. It does not help locate people, resources, services, or
objects in general. For locating these things, another directory service has
been defined, called LDAP (Lightweight Directory Access Protocol).

Fig.5. How a resolver looks up a remote name in eight steps.


SNMP information and make this information available to NMSs using
The Simple Network Management Protocol (SNMP) is an application layer SNMP. Managed devices, sometimes called network elements,
protocol that facilitates the exchange of management information can be routers, access servers, switches, and bridges, hubs,
between network devices. SNMP enables network administrators to computer hosts, or printers.
manage network performance, find and solve network problems, and
plan for network growth. SNMP uses UDP as its transport layer protocol.  Agents – Agents are network-management software modules
that reside in managed devices. An agent has local knowledge of
An SNMP managed network consists of the following three key management information and translates that information into a
components: form compatible with SNMP.SNMP describes the exact
information that agent has to maintain and format it has to
supply.

Other important components of managed networks are: Management


Information Base (MIB) and management protocol (SNMP). SNMP
protocol allows the management stations to query the state of agent’s
local variables (also call objects). Collection of all possible variables in a
network is given in Management Information Base.

SNMP Protocol
The agent is a software function embedded in most networked devices,
Network Management System/Stations (NMS) – NMS executes such as routers, switches, managed hubs, printers, and servers. It is
applications that monitor and control managed devices. The bulk of responsible for processing SNMP requests from the manager. It is also
the processing and memory resources required for network responsible for the execution of routines that maintain variables as
management are provided by NMS. One or more NMSs must exist on defined in the various supported MIBs.
any managed network. Management stations communicate with
SNMP agents issuing commands and getting response. Management Interaction between the manager and the agent is facilitated by the
stations have a graphical interface to allow the network manager to SNMP. The term simple comes from the restricted number of message
inspect the status of network and take necessary action when types that are part of the initial protocol specification. The strategy was
required. designed to make it easier for developers to build management
capabilities into network devices. The initial protocol specification is
 Managed devices/nodes – Managed devices are network nodes referred to as SNMPv1 (version 1). There are three types of SNMP
that contain an SNMP agent and that reside on a managed messages issued on behalf of an NMS. They are GetRequest,
network. Managed devices collect and store management GetNextRequest and SetRequest. All three messages are acknowledged
by the agent in the form of a GetResponse message. An agent may issue a logged for later analysis, displayed using a graphing utility, or compared
Trap message in response to an event that affects the MIB and the with preconfigured values to test if a particular condition has been met.
underlying resources. Not all manager functions are based on data retrieval. There is also the
ability to issue changes of a value in the managed device. This feature
The development of SNMPv2c addressed limitations in SNMPv1. The enables an administrator to configure a managed device using SNMP.
most noticeable enhancements were the introduction of the
GetBulkRequest message type and the addition of 64-bit counters to the The interaction between the manager and the managed device does
MIB. Retrieving information with GetRequest and GetNextRequest was an introduce traffic to the network. Caution should be taken when
inefficient method of collecting information. Only one variable at a time introducing managers on to the network. Aggressive monitoring
could be solicited with SNMPv1. The GetBulkRequest addresses this strategies can negatively affect network performance. Bandwidth
weakness by receiving more information with a single request. Secondly, utilizations will go up, which may be an issue for WAN environments.
the 64-bit counters addressed the issue of counters rolling over too Also, monitoring has a performance impact on the devices being
quickly, especially with higher speed links like Gigabit Ethernet. monitored, since they are required to process the manager requests. This
processing should not take precedence over production services.

A general rule is that a minimum amount of information should be polled


as infrequently as possible. Determine which devices and links are most
critical and what type of data is required.
SNMP uses user datagram protocol (UDP) as a transport protocol. Since
UDP is connectionless and unreliable, it is possible for SNMP to lose
messages. SNMP itself has no provision for guarantee of delivery, so it is
up to the application using SNMP to cope with lost messages.

Each SNMP message contains a clear text string, called a community


string. The community string is used like a password to restrict access to
managed devices. SNMPv3 has addressed the security concerns raised by
transmitting the community string in clear text.
Fig. SNMP protocol messages The fact that the community string is clear text is no surprise to anyone
who has studied the Internet Protocol (IP) protocol suite. All fields
The management entity is also referred to as the manager or NMS. It is specified in the protocol suite are clear text, except for security
responsible for soliciting information from the agent. The solicitations are authentication and encryption specifications. The community string was
based on very specific requests. The manager processes the retrieved essentially a security placeholder until the SNMPv2 working group could
information in a number of ways. The retrieved information can be ratify security mechanisms. The efforts were referred to the SNMPv3
working group. All SNMP-based management applications need to be
configured to use the appropriate community strings. Some organizations
frequently change the community string values to reduce the risk of
malicious activity from the unauthorized use of the SNMP service.

You might also like