• No results found

What's inside the cloud?!

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "What's inside the cloud?!"

Copied!
63
0
0

Loading.... (view fulltext now)

Download now ( 63 Page )

Full text

(1)

What's inside the cloud ?!

(2)

Initial Arpanet

(3)

Initial Arpanet

Interface Message Processors

- DDP-516 mini-computers - 24 Kbyte of Core memory

- Store-and-forward packet switching - Predecessors of present routers

(4)

Initial Arpanet

Leased Lines

- Modems - 50 Kbps

(5)

Initial Arpanet

Leased Lines

- Modems - 50 Kbps

IBM System/360

SDS Sigma 7 PDP-10

(6)

Initial Arpanet

First link operational

21/11/1969

4 nodes connected

5/12/1969

(7)

Arpanet grows...

December 1969

(8)

...and grows...

June 1970

(9)

... and grows ...

December 1970

(10)

... and grows ...

September 1971

(11)

... and grows ...

1971

(12)

... and grows ...

March 1972

(13)

... and grows ...

September 1973

Sattelite links !

(14)

... and grows!

July 1977

(15)

Logical Arpanet Map

(16)

Internetworking?

Many networks being set up:

EARN, Bitnet, Janet, Csnet, Eunet, ...

and coupled to Arpanet

Jan. 1, 1982: Arpanet switches to TCP/IP

(see RFC 801)

1986: Creation of NSFNet

New high speed backbone

(17)
(18)

NSFNet

Grows rapidly:

1986: 56 Kbps backbone

1988: 1.5 Mbps backbone

already connects 170 TCP/IP enabled networks

1990: Arpanet dissolves, NSFNet takes over

1991: Commercial use of NSFNet accepted

many existing commercial networks connected to NSFNet

1992: 44.736 Mbps backbone (T3)

(19)

NSFNet traffic for November 1994

0 bytes 1 TB

(20)

Privatising NFSNet

NFSNet will migrate to private industry

New structure: Network Access Points (NAPs)

provide access to high speed links (backbone)

commercially operated

Initially (1994), 4 155 Mbps NAPs were created by NSF:

New York (Sprint)

Washington DC (MFS)

Chicago (Ameritech)

California (Pacific Bell)

30/04/1995: NFSNet dissolves

Internet now is interconnection of different commercially

operated networks

(21)

Internet Service Providers

Internet Service Provider (ISP)

Provide Internet access to customers

Customer connects to ISP Point of Presence (PoP)

Different categories or “Tiers”

Three ways to connect ISP network to other ISPs

Pay other ISP for access = Transit

Interconnect networks for free = Peering

Other ISP pays you

An internet user should be able to contact every

other internet user

(22)

Tier-1 Providers

Tier 1 providers don't pay for network access

There's no more Internet backbone

Many Internet backbones, owned by companies

Tier 1 Internet Service Providers

have large, high-bandwidth, worldwide networks

e.g. AT&T, Sprint, Savvis, Qwest, Level 3, ...

(23)
(24)

telegeography.com

(25)

Point Of Presence

Point-of-Presence (PoP):

provides access to provider network

you have to provide a connection to the PoP to

connect to the Internet through your ISP

Note: Private Network Access Point (PNAP)

direct private access to provider network

<--> PoP, which is shared access point

(26)

Tier-1 Providers

Tier 1 Providers interconnect their networks

this creates an Internet Backbone

Tier 1 Providers = Backbone Providers

Typically don't charge each other for traffic

connecting networks is win-win situation, both providers get

faster access to the other one's network and more reliable

and possibly faster access to the Internet

= Peering

(27)

Peering

Exchanging network traffic with peers is called

peering.

physical connection between networkd

physically co-locate PoP of both providers and connect them

setting in both networks for route exchange

agreement on amount and type of traffic

Also known as Settlement Free Interconnection

ISP has Peering Policy stating conditions for

peering (open,

(28)

Tier-2 providers

Users don't connect directly to a tier-1 provider

Tier-2 providers connect their network to one or

more tier-1 providers and offer PoP's for their

users

T2 provider has to pay T1 provider

=/= peering !

(29)

Internet Food Chain

Tier1 Tier1 Tier1

Tier2 Tier2 Tier2 Tier2 Tier2 Tier2

backbone

PoP PoP PoP PoP PoP

PoP PoP PoP

(30)

Internet Food Chain

But, it isn't that simple...

Tier-2 providers will also start connecting their

networks --> Peering

don't have to pay, win-win situation

Less traffic to Tier-1 providers, so less costs for Tier-2 provider

Less traffic to Tier-1 providers, so backbone less busy

Faster access to systems in peer networks

Peering often happens in an Internet Exchange (IX)

(31)

Internet Food Chain

Tier1 Tier1 Tier1

Tier2 Tier2 Tier2 Tier2 Tier2 Tier2

backbone

PoP PoP PoP PoP PoP

PoP PoP PoP

IX IX

Tier3

(32)

Internet eXchange

Tier1 Tier1

Tier2

Tier2 Tier2

Tier2

PoP PoP

PoP PoP

PoP PoP

IX

(33)

Internet eXchange

Internet eXchange (IX)

Belgium: BNIX (www.bnix.be)

Netherlands: AMS-IX (www.ams-ix.net)

UK: LINX (www.linx.net)

... (www.dix.dk/euro/)

Typically upto 10GBit switching

Note, IX can provide connections between

providers at different Tiers

It's just a (number of) datacenter(s) ...

It's a collection of PoP's of different providers

(34)

LINX

London INternet eXchange is distributed over 6

locations:

(35)

Belgian National Internet eXchange

http://www.bnix.be

www.bnix.be/stats.php

www.bnix.be/members.php

(36)

Who's peering?

Have a look at:

www.peeringdb.com

www.robtex.com

(37)

Overview

(38)

But who's the boss?

(39)

ISOC

ISOC = Internet Society (www.isoc.org)

The Internet Society (ISOC) is a nonprofit

organisation founded in 1992 to provide

leadership in Internet related standards,

education, and policy.

Steers IETF, IAB, ICANN, ...

Works with governments about policy

(40)

ICANN

ICANN = Internet Corporation for Assigned

Names and Numbers (www.icann.org)

Responsible for IP addresses, Top-Level Domains

(TLDs), domain names

Most of technical work done as IANA

(41)

IANA

IANA = Internet Assigned Numbers Authority

part of ICANN

delegates IP allocation Regional Internet Registries

(RIRs)

www.iana.org

DNS Root Zones (ccTLDs and gTLDs)

IP Addresses

AS Numbers

Protocol numbers, eg. port numbers

(42)

Regional Internet Registries (RIRs)

Manage and allocate IP addresses for IANA

RIPE NCC (www.ripe.net)

Réseaux IP Européen Network Control Centre

ARIN (www.arin.net)

American Registry for Internet Numbers

APNIC (www.apnic.net)

Asia Pacific Network Information Centre

LACNIC (www.lacnic.net)

Latin America and Carribean Internet Address Registry

AfriNIC (www.afrinic.net)

African Network Information Centre

from www.apnic.net

(43)

IP Address Space

Originally allocated in

classes (A,B,C)

Now CIDR

Running out of

addresses?

We'll talk about Ipv6

later

From www.xkcd.com

(44)

Need IP addresses?

>= 2048 addresses? (/21 or larger)

Become a member of RIPE NCC

IP Addresses are free, but you pay for the services of the

RIR...

< 2048 addresses

Ask a member of the RIR

Most often an ISP

(45)

Example: KHLeuven

KHLeuven has 193.190.138.0/24

IANA allocated 193.0.0.0/8 to RIPE NCC

From http://www.iana.org/assignments/ipv4-address-

space/ipv4-address-space.txt

whois 193.190.138.0

RIPE NCC allocated 193.190.0.0/15 to Belnet

Belnet allocated 193.190.138.0/24 to KHLeuven

(46)

Border Gateway Protocol (BGP)

BGP = De facto standard for inter-domain routing

Autonomous System (AS) = collection of IP networks

and the interconnecting routers that present a

common routing policy to the Internet (see RFC 1930)

identified by AS-number, assigned by IANA

number between 1 and 65535 (16 bits)

Runs on TCP, port 179

TCP connections between routers are kept alive

Defined in RFC 1771

(47)

BGP

Path Vector algorithm using AS instead of

individual routers

(48)

BGP

Path Vector algorithm using AS instead of

individual routers

hide network layout of AS

routing inside AS organized by some internal gateway

protocol

BGP has to rely on AS/IGP to prevent internal loops

(49)

BGP Peers

BGP Peers or Neighbours

manual configuration

manually add neighbours to the router config

On connection establishment: full routing information

exchanged

After this, only changes are transmitted

(50)

BGP: Routing Table Size

Active BGP entries in Global Routing Table:

http://bgp.potaroo.net

(51)

BGP: Routing Table Size

Increasing Routing Table Size increases workload

and memory demands on routers

Countermeasure:

Classless Inter-Domain Routing (CIDR)

and Route aggregation

Instead of advertising 256 Class C address blocks, e.g.

195.100.1.0, 195.100.2.0, ..., an ISP can now advertise

195.100.0.0/16

also called supernetting

(52)

BGP in action

Looking Glass web interfaces available to inspect

BGP: http://www.nanog.org/lookingglass.html

BGPlay: http://bgplay.routeviews.org/bgplay/

(53)

Traceroute

Traceroute shows route packets follow

Linux/Unix: traceroute

Windows: tracert

Web based traceroute:

many listed at http://www.traceroute.org/

Different GUI's available

(54)

Traceroute: example

gerben@rg­m­gedie:/tmp$ traceroute www.mit.edu

traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte  packets

 1  192.168.123.254 (192.168.123.254)  0.311 ms

 2  10.75.128.1 (10.75.128.1) 11.435 ms

 3  dD5E0FAC2.access.telenet.be (213.224.250.194) 10.203 ms  4  IBGENT02­SRP5­0.telenet­ops.be (213.224.126.6) 14.855 ms  5  213.224.126.110 (213.224.126.110) 17.105 ms

 6  212.3.237.1 (212.3.237.1) 15.795 ms

 7  so­5­1­0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms  8  so­3­0­0.mp1.Boston1.Level3.net (209.247.9.125)  101.530 ms  9  ae­22­54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10  4.79.2.2 (4.79.2.2)  92.545 ms  100.322 ms 92.759 ms 11  W92­RTR­1­BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms

12  WWW.MIT.EDU (18.7.22.83) 93.833 ms

(simplified output)

(55)

Traceroute: example

gerben@rg­m­gedie:/tmp$ traceroute www.mit.edu

traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte  packets

 1  192.168.123.254 (192.168.123.254)  0.311 ms

 2  10.75.128.1 (10.75.128.1) 11.435 ms

 3  dD5E0FAC2.access.telenet.be (213.224.250.194) 10.203 ms  4  IBGENT02­SRP5­0.telenet­ops.be (213.224.126.6) 14.855 ms  5  213.224.126.110 (213.224.126.110) 17.105 ms

 6  212.3.237.1 (212.3.237.1) 15.795 ms

 7  so­5­1­0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms  8  so­3­0­0.mp1.Boston1.Level3.net (209.247.9.125)  101.530 ms  9  ae­22­54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10  4.79.2.2 (4.79.2.2)  92.545 ms  100.322 ms 92.759 ms 11  W92­RTR­1­BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms

12  WWW.MIT.EDU (18.7.22.83) 93.833 ms

(simplified output) 12 Hops on route

(56)

Traceroute: example

gerben@rg­m­gedie:/tmp$ traceroute www.mit.edu

traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte  packets

 1  192.168.123.254 (192.168.123.254)  0.311 ms

 2  10.75.128.1 (10.75.128.1) 11.435 ms

 3  dD5E0FAC2.access.telenet.be (213.224.250.194) 10.203 ms  4  IBGENT02­SRP5­0.telenet­ops.be (213.224.126.6) 14.855 ms  5  213.224.126.110 (213.224.126.110) 17.105 ms

 6  212.3.237.1 (212.3.237.1) 15.795 ms

 7  so­5­1­0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms  8  so­3­0­0.mp1.Boston1.Level3.net (209.247.9.125)  101.530 ms  9  ae­22­54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10  4.79.2.2 (4.79.2.2)  92.545 ms  100.322 ms 92.759 ms 11  W92­RTR­1­BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms

12  WWW.MIT.EDU (18.7.22.83) 93.833 ms

(simplified output) One line for each router on the route

(Would normally contain results for 3 packets)

(57)

Traceroute: example

gerben@rg­m­gedie:/tmp$ traceroute www.mit.edu

traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte  packets

 1  192.168.123.254 (192.168.123.254)  0.311 ms

 2  10.75.128.1 (10.75.128.1) 11.435 ms

 3  dD5E0FAC2.access.telenet.be (213.224.250.194) 10.203 ms  4  IBGENT02­SRP5­0.telenet­ops.be (213.224.126.6) 14.855 ms  5  213.224.126.110 (213.224.126.110) 17.105 ms

 6  212.3.237.1 (212.3.237.1) 15.795 ms

 7  so­5­1­0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms  8  so­3­0­0.mp1.Boston1.Level3.net (209.247.9.125)  101.530 ms  9  ae­22­54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10  4.79.2.2 (4.79.2.2)  92.545 ms  100.322 ms 92.759 ms 11  W92­RTR­1­BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms

12  WWW.MIT.EDU (18.7.22.83) 93.833 ms

(simplified output) Host name and IP for router

(if reverse lookup possible)

(58)

Traceroute: example

gerben@rg­m­gedie:/tmp$ traceroute www.mit.edu

traceroute to www.mit.edu (18.7.22.83), 30 hops max, 38 byte  packets

 1  192.168.123.254 (192.168.123.254)  0.311 ms

 2  10.75.128.1 (10.75.128.1) 11.435 ms

 3  dD5E0FAC2.access.telenet.be (213.224.250.194) 10.203 ms  4  IBGENT02­SRP5­0.telenet­ops.be (213.224.126.6) 14.855 ms  5  213.224.126.110 (213.224.126.110) 17.105 ms

 6  212.3.237.1 (212.3.237.1) 15.795 ms

 7  so­5­1­0.mp2.Brussels1.Level3.net (4.68.113.209) 13.524 ms  8  so­3­0­0.mp1.Boston1.Level3.net (209.247.9.125)  101.530 ms  9  ae­22­54.car2.Boston1.Level3.net (4.68.100.99) 94.844 ms 10  4.79.2.2 (4.79.2.2)  92.545 ms  100.322 ms 92.759 ms 11  W92­RTR­1­BACKBONE.MIT.EDU (18.168.0.25) 97.502 ms

12  WWW.MIT.EDU (18.7.22.83) 93.833 ms

(simplified output) Round Trip Time between local system and this router in milliseconds

(normally 3 different RTTs)

(59)

Traceroute: use

What can we learn from a traceroute?

Detect problems:

locate route interruption

bad router configuration

inefficient routing

high latency hops

Provide information about network structure

(60)

Traceroute: implementation

How does traceroute report the route?

Let's see what happens by capturing the packets

use ethereal Wireshark or tcpdump or ...

(61)

Traceroute: implementation

What do we see:

DNS query and response for www.mit.edu

UDP packet from local to www.mit.edu

Source port = 61538 en Dest port = 33435

Doesn't provide any information on route...

But Time To Live (TTL) value in IP header = 1

First router decreases TTL, and discards packet

Sends ICMP TTL Exceeded message

Local system now knows IP address of first router (source address of ICMP packet)

DNS reverse lookup for first router

UDP packet from local to www.mit.edu

TTL = 2

(62)

Traceroute: implementation

Traceroute algorithm:

Send UDP packet to high port number on target

system with TTL = 1, 2, 3, ...

Receive ICMP TTL exceeded message from 1st, 2nd,

3rd, ... router

When target host reached (TTL = route length):

selected UDP port not in use: receive ICMP port

unreachable message

selected UDP port in use: no answer...

(63)

Traceroute: GUI examples

xtraceroute VisualRoute

References

Download now ( PDF - 63 Page - 3.68 MB )

Related documents

Extremum Seeking for Dead-Zone Compensation

We choose extremum seeking control to cancel dead-zone because extremum seeking control is simple in theoretical mathematics (by Taylor expansion), simple in implementation (which

Vulnerability in the context of risk: effortful control and maternal depression

concurrent symptoms of child anxiety. Likewise, children’s depression symptoms at 5 year were positively correlated with concurrent child anxiety. Moreover, children’s

linc00673 (ERRLR01) is a prognostic indicator of overall survival in breast cancer

gene expression profiles from all patients within the Affymetrix dataset and performed Spearman-Rank analysis to determine which genes were most correlated with

Playing the Assessment Game in Early Childhood Education: Mediating professional habitus with the conditions of the field.

This thesis is concerned with assessment practice in the field of Early Childhood Education (ECE), and provides an insight into the experiences of five Early Childhood

Exposure to Violence as a Moderator of the Relation between Coping Strategies and Outcomes in Low Income Urban Youth

The current study is the first to assess exposure to violence as it may serve as a potential moderator of the relation between active, behavioral avoidance and cognitive

On Managed Services Lanes and their Use in Home Networks

Guaranteed-quality connections in triple play Today, many broadband customers buy triple-play bundles which combine fast Internet, managed VoIP telephony and TV services in a

Chapter 1 Faster Access to the Internet

This checkbox should be selected if you want MidPoint to automatically connect to the Internet using the secondary line in the event that the primary connection has failed and cannot