Lecture 21 Application Layer Protocols DNS TELNET eMail

Lecture #21: Application Layer Protocols: DNS, TELNET, e-Mail, FTP, WWW, NNTP, SNMP, NTP etc.

TCP/IP Application Layer Application layer Presentation layer Session layer User application 1 Encryption/ decryption Session control Session synch. . compression/ expansion Choice of syntax Session to transport mapping Session management Transport layer Layer and flow control Error recovery Multiplexing Network layer Connection control Routing Addressing Link layer Data link establishment Error control Physical layer Access to transm. media Physical and electrical interface Flow control Synch Framing Activation/ deactivation of con. OSI layers Wide used Application protocols: DNS, HTTP, FTP, SMTP, POP 3, IMAP, NNTP, SNMP, NTP, RPC, TELNET, SSH. . . 2

DNS - The purpose l To map a hostname to an IP-address and vice versa. Example: www. acad. bg 194. 141. 0. 9 Each hostname may has zero or more corresponding IPaddresses. Each IP-address may correspond to zero or more 3 hostnames.

DNS - Historical remarks Host name to address mappings were maintained by the Network Information Center (NIC) in a single file (HOSTS. TXT) which was transferred to all hosts using FTP (about 25 years ago). Disadvantages: Ø Ineffective – Bandwidth consumed in distributing a new version by this scheme is proportional to the square of the number of hosts in the network. Ø The network population was also changing in character. Ø The applications on the Internet were getting more sophisticated and creating a need for general purpose name service. 4

DNS design goals ü The primary goal is a consistent name space which will be used for referring to resources. ü The database which holds the names must be distributed. ü The costs of implementing such a facility dictate that it be generally useful, and not restricted to a single application. 5

DNS design goals (contd. ) ü Use the same name space with different protocol families or management. ü Name server transactions must be independent of the communications system that carries them. ü The system should be useful across a wide spectrum of host capabilities. Both personal computers and large timeshared hosts (mainframes) should be able to use the system, 6 though perhaps in different ways.

Elements of the DNS Three main componets 1. The DOMAIN NAME SPACE and RESOURCE RECORDS, which are specifications for a tree structured name space and data associated with the names. 2. NAME SERVERS are server programs which hold information about the domain tree's structure and set information. 3. RESOLVERS are programs that extract information from name servers in response to client requests. 7

Elements of the DNS (contd. ) These three components roughly correspond to the three layers or views of the DNS: ü From the user's point of view, the domain system is accessed through a simple procedure. ü From the resolver's point of view, the domain system is composed of an unknown number of name servers. ü From a name server's point of view, the domain system consists of separate sets of local information called zones. 8

Name space specifications and terminology l l l The domain name space is a tree structure composed by nodes. Each node has a label, which is zero to 63 octets in length. The domain name of a node is the list of the labels on the path from the node to the root of the tree. The name of the root node is empty string (zero length) – “”. 9

Name space specifications and terminology (contd. ) l l l Internally, programs that manipulate domain names should represent them as sequences of labels, where each label is a length octet followed by an octet string. Domain names are case-insensitive using the ASCII codes with high order zero bit. When a user types a domain name, the length of each label is omitted and the labels are separated by dots (". "). Since a complete domain name ends with the root label, this leads to a printed form which ends in a dot. 10

Example Name Space ICANN, IANA (a graphical tree view) One Root domain (“”) com edu bg yahoo ucla acad 2 nd Level Domains physics 3 rd Level Domains Up to 127 levels info see-grid amigo val www mary joe kevin mail eu Delegation Top Level Domains (TLD) test book sigma 11

Top Level Domains ü Generic domains (g. TLD): com, org, net, int (all around the world); edu, gov, mil (located in USA only); aero, biz, coop, info, museum, name, pro (new domains, since 2000). ü Country code domains (cc. TLD): bg, uk, fr, it, . . . ü Special infrastructure domain: arpa ü Loopback domains: localhost, localdomain ü And the domain eu for European Union! 12

Resource Records l l The distributed database which holds the names consists of several Resource Records. Resource record - Set of resource information associated with a particular name. 13

DNS server A computer with software which: 1. Holds and maintains specified part of the distributed database of resource records. 2. Responds to the name queries. 3. Exchanges the zone information with other DNS servers. These tasks are described in the DNS protocol (RFC 1035) located on the Application Layer of the “TCP/IP reference model”. 14

The root DNS servers At the heart of the DNS are 13 special computers, called root servers. They are coordinated by ICANN and are distributed around the world. A. ROOT-SERVERS. NET. B. ROOT-SERVERS. NET. C. ROOT-SERVERS. NET. D. ROOT-SERVERS. NET. E. ROOT-SERVERS. NET. F. ROOT-SERVERS. NET. G. ROOT-SERVERS. NET. H. ROOT-SERVERS. NET. I. ROOT-SERVERS. NET. J. ROOT-SERVERS. NET. K. ROOT-SERVERS. NET. L. ROOT-SERVERS. NET. M. ROOT-SERVERS. NET. 198. 41. 0. 4 192. 228. 79. 201 192. 33. 4. 12 128. 8. 10. 90 192. 203. 230. 10 192. 5. 5. 241 192. 112. 36. 4 128. 63. 2. 53 192. 36. 148. 17 192. 58. 128. 30 193. 0. 14. 129 199. 7. 83. 42 202. 12. 27. 33 15

K. ROOT-SERVERS. NET (operated by RIPE NCC) Source: http: //k. root-servers. org 16

DNS servers (contd. ) Delegation: Ø ICANN organization delegates root DNS servers. Ø The root servers delegate TLD DNS servers. Ø A TLD DNS server delegates Second Level DNS server. etc. Primary DNS server for a given domain – holds resource records for the zone. The zone configuration is written by the system administrator. Secondary DNS server for a given domain – it exists for the case when the Primary DNS server is failed or overloaded. The Secondary server downloads the zone information from the Primary periodically or by notification. 17

DNS servers (contd. ) Ø Every domain must have one Primary DNS server and at least one Secondary. The Primary and Secondary DNS servers are also called authoritative for their domain and nonauthoritative for the rest of domains in the world. E. g. the authoritative servers always hold up to date zone information for the domain. Ø Caching only DNS servers – they cache DNS queries and answers for speed-up the service. These servers are not authoritative for any domain. Most of the authoritative DNS servers are caching too. 18

DNS query flow 1. A DNS client forms the query and sends it according the OS configuration. 2. The local resolver opens a special file called hosts and looks in case the answer is already written here. If not then next: 3. The client calls one of the OS configured DNS servers. 4. If the DNS server knows (or already cached) the answer, then returns it. 5. If the DNS server doesn’t know the answer, it sends a recursive query through the DNS hierarchy, starting from the root domain. The recursive query consists of several sub-queries to the corresponding DNS servers. 6. The DNS servers returns the result – the answer or error message. 19

Reverse DNS query l l The reverse query uses the special infrastructure domain in-addr. arpa The IP is written before this special domain in reverse order of numbers separated with dots. – Example: 194. 141. 0. 0 corresponds to 0. 0. 141. 194. in-addr. arpa l The reverse query starts from a root DNS server and follows the delegation path. – Example in Unix/Linux: dig 0. 0. 141. 194. in-addr. arpa +trace (It traces and shows the delegation path from the root name servers down to SOA DNS server) 20

DNS protocol details The protocol uses two transport protocols from the lower layer: UDP on port 53 and TCP on port 53. The queries and answers are transferred using the unreliable protocol UDP for speed. But it is preferred because the OS configured DNS servers are near, usually in the same LAN. The zone transfers between the DNS servers are performed through TCP, because it must be reliable. 21

DNS protocol details (contd. ) Resource Records described Each resource record consists of the following data fields ( in text readable format! ): owner type class TTL RDATA 22

Resource Records The data fields owner - A string which is the domain name where the RR is found. type - which is an encoded 16 bit value that specifies the type of the resource in this resource record. Types refer to abstract resources. Each abstract resource has memo name: A - a host address CNAME - identifies the canonical name of an alias MX - identifies a mail exchange for the domain PTR - a pointer to another part of the domain name space etc. 23

DNS protocol details (contd. ) Resource Records The data fields l class - which is an encoded 16 bit value which identifies a protocol family or instance of a protocol. This memo uses the following classes: IN - the Internet system or CH - the Chaos system l TTL - which is the time to live of the RR. This field is a l RDATA - which is the type and sometimes class 32 bit integer in units of seconds, an is primarily used by resolvers when they cache RRs. The TTL describes how long a RR can be cached before it should be discarded. dependent data which describes the resource. 24

Resource Records Example (in text readable format!) acad. bg. IN IN localhost poseidon backbone iris amigo unicom bis-21++ 3. . . IN IN NS NS IN IN A 194. 141. 0. 9 MX 10 mx-a. acad. bg. MX 20 mx-b. acad. bg. amigo. acad. bg. unicom. acad. bg. A 127. 0. 0. 1 A 194. 141. 252. 2 A 194. 141. 0. 2 AAAA 2001: 4 b 58: acad: : 3 AAAA 2001: 4 b 58: acad: : 9 CNAME unicom. acad. bg. PTR amigo. acad. bg. 25

DNS protocol details (contd. ) The DNS message in binary format (RR means Resource Record) 26

DNS protocol details (contd. ) The DNS message data fields l l The IDENTIFICATION field is set by the client and returned by the server. The 16 -bit PARAMETER consists of: – 0 -th bit field: 0 means the message is a query, 1 means it's a response. – 1 -4 bit fields - OPCODE: • 0000 - is a normal value (Standard query). • 0001 - an inverse query. • 0010 - the server status request. – 5 -th bit field - Authoritative answer. The name server is authoritative for the domain in the question section. – 6 -th bit field is set if message truncated. With UDP this means that the total size of the reply exceeded 512 bytes, and only the first 512 bytes the of the reply were returned. – 7 -th bit field - Recursion Desired. This bit can be set in a query and is then returned in the response. – 8 -th bit field - Recursion Available. – 9 -11 -th bits field has to be 0. – 12 -15 -th bits field - Return Code. 0 - no error, 3 - name error. 27

DNS protocol details (contd. ) The DNS message data fields l l l The fields labeled NUMBER OF. . . give each a count of entries in the corresponding sections in the message. The QUESTION SECTION contains queries for which answers are desired. The client fills in only the question section; the server returns the question and answers with its response. Each question has Query Domain Name followed by Query Type and Query Class fields (as depicted in the next slides) ANSWER, AUTHORITY, ADDITIONAL INFORMATION sections consist of a set of resource records that describe domain names and mappings. Each resource record describes one name (as depicted in the next slides) 28

DNS protocol details (contd. ) The QUESTION section format in the DNS message The DOMAIN NAME has variable length. Clients fill in the questions; servers return them along with the answers. 29

DNS protocol details (contd. ) The RESOURCE RECORD binary format returned by the DNS servers 30

DNS Further reading l Inter. NIC organization - provides the public l ICANN - responsible for the global coordination of the l RFC 1034, RFC 1035, STD 0013 - http: //www. rfc-editor. org l l information regarding Internet Domain Name registration services. - http: //www. internic. net Internet's system of unique identifiers http: //www. icann. org/ BIND (Berkeley Internet Name Domain) – the most popular implementation of the DNS software http: //www. isc. org/index. pl? /sw/bind/ Paul Albitz, Cricket Liu, “DNS and BIND”, 4 th edition, O’REILLY 31

TELNET protocol l TELNET (TELecommunication NETwork) was developed in 1969 beginning with RFC 15 and standardized as IETF STD 8, one of the first Internet standards. TELNET clients have been available on most Unix systems for many years and are available for virtually all platforms. Most network equipment and OSs with a TCP/IP stack support some kind of TELNET service server for their remote configuration (including ones based on MS Windows NT and later). Because of security issues with TELNET, it use has waned as it is replaced by the use of SSH for remote access. 32

TELNET protocol (2) l l l Most often, a user will be telneting to a Unix-like server system or a simple network device such as a switch. Once the connection is established, he would then log in with his account information and execute operating system commands remotely on that computer, such as ls or cd etc. For testing and debugging purposes: On many systems, the client may also be used to make interactive raw-TCP sessions, even when that option is not available. The sessions are equivalent to raw TCP as long as byte 255 never appears in the data. TELNET works on the well known TCP port 23. 33

l l Electronic mail Before 1990, it was mostly used in academic area - universities and research centers. During the 1990 s, it became known to the public at large and grew exponentially. The first e-mail systems simply consisted of text file transfer protocols. As time went on, the limitations of this approach became more obvious. Some of the complaints were as follows: – Sending a message to a group of people was inconvenient. – Messages had no defined internal structure. – The sender never knew if a message arrived or not. – Lack of "I'm temporary away" management. – Poor user interface. – It was not possible to create and send messages containing a mixture of text and 34 binary data: drawings, photos, facsimile, and voice.

E-mail: Architectures and services l Typically, e-mail systems support five basic functions: – Composition refers to the process of creating messages and answers. – Transfer refers to moving messages from the originator to the recipient. The e-mail system should do this automatically, without bothering the user. – Reporting has to do with telling the originator what happened to the message. – Displaying incoming messages is needed so people can read their e-mail. Sometimes conversion is required or a special viewer must be invoked. – Disposition is the final step and concerns what the recipient does with the message after receiving it. 35 (Delete, Replay, Forward, Save. . . )

Electronic Mail The User Agent Paper mail e-mail 36

Reading E-mail An example of mailbox 37

Message Formats – RFC 822 38

MIME – Multipurpose Internet Mail Extensions The original e-mail was designed to transfer 7 -bit text (ASCII) characters only, so. . . l Problems with international languages: Languages with accents l Languages in non-Latin alphabets l Languages without alphabets l Messages not containing text at all l (French, German). (Hebrew, Cyrillic. . . ). (Chinese, Japanese). (audio or images). 39

MIME 40

MIME – a multipart message example 41

Message Transfer example using SMTP Transferring a message from elinore@abc. com to carolyn@xyz. com. 42

Final e-mail delivery (a) Sending and reading mail when the receiver has a permanent Internet connection and the user agent runs on the same machine as the message transfer agent. (b) Reading e-mail when the receiver has a dial-up connection to an ISP. 43

Post Office Protocol (POP 3) Using POP 3 to fetch three messages. 44

Internet Message Access Protocol (IMAP. TCP port 143) A comparison of POP 3 and IMAP. The current version of IMAP is 4 revision 1 – RFC 3501 45

File Transfer Protocol (FTP) • File Transfer Protocol (FTP) is the standard mechanism provided by TCP/IP for copying of any kind of files from one host to another. • Defined in RFC 959 (1985). • FTP uses the services of TCP. It needs two TCP connections. • The well-known TCP port 21 is used for the control connection and the well-known port 20 for the data connection. 46

FTP operation File transfer 47

FTP – the file transfer proccess 48

FTP – an example session 49

FTP - access commands 50

FTP – file management commands 51

FTP – data formatting commands Port definition commands 52

FTP – file transfer commands 53

FTP – Miscellaneous commands 54

FTP – Some responses 55

Trivial FTP (TFTP) A very simple file transfer protocol, with the functionality of a very basic form of FTP. Defined in 1980. TFTP uses UDP port 69 (not TCP!) An example of TFTP usage for remote boot through BOOTP protocol in a LAN: 56

FTP pros and cons l Advantages: – – – l Simplementation Universal application Wide used and standartized Disadvantages: – – – – Clear text passwords, unencrypted data. Multiple TCP/IP connections are used = > Firewalls problems. Hard to filter active mode FTP traffic on the client side by using a firewall. It is possible to abuse the protocol's built-in proxy features to tell a server to send data to an arbitrary port of a third computer; see FXP. High latency. No integrity check on the receiver side. 57 No date/timestamp attribute transfer.

World Wide Web Architectural Overview The parts of the Web model. 58

The Client Side (a) A browser plug-in. (b) A helper application. 59

The Server Side A multithreaded Web server with a front end and processing modules. 60

The Server Side (2) A server farm. 61

The Server Side (3) (a) Normal request-reply message sequence. (b) Sequence when TCP handoff is used. 62

The World Wide Web - HTTP l l l Hypertext Transfer Protocol (HTTP) is a communications protocol used to transfer or convey information on intranets and the World Wide Web. Its original purpose was to provide a way to publish and retrieve hypertext pages, mainly scientific paper. Created in CERN, Geneva. Development of HTTP was coordinated by the W 3 C (World Wide Web Consortium) and the IETF (Internet Engineering Task Force), culminating in the publication of a series of RFCs, most notably RFC 2616 (June 1999), which defines HTTP/1. 1, the current version. HTTP is a request/response protocol between a client and a server. It works on the well known TCP port 80. 63

HTTP - methods HTTP - responses 64

HTTP - Some Message Headers 65

Example HTTP usage in a TELNET session: telnet www. ietf. org 80 >test. log GET /rfc. html Connection closed by foreign host. test. log partial content Trying 2610: a 0: c 779: b: : d 1 ad: 35 b 4. . . Connected to www. ietf. org. Escape character is '^]'. <HTML> <head> <TITLE>IETF RFC Page</TITLE> <SCRIPT LANGUAGE="Java. Script"> function url() { var x = document. form 1. number. value if (x. length == 1) {x = "000" + x } if (x. length == 2) {x = "00" + x } if (x. length == 3) {x = "0" + x } document. form 1. action = "http: //www. ietf. org/rfc" + x + ". txt" document. form 1. submit } </SCRIPT> </head> <!-- begin new headers and page layout --> <body text="#000000" bgcolor="#ffffff" > <center>. . . 66

HTTP - Caching Hierarchical caching with 3 proxies. 67

URLs – Uniform Resource Locaters Some common URLs. 68

Statelessness and Cookies Some examples: 69

HTML – Hyper. Text Markup Language l In 1980, physicist Tim Berners-Lee, who was an independent contractor at CERN, proposed and prototyped ENQUIRE, a hypertext system for CERN researchers to use to share documents. In 1989, Berners-Lee and CERN data systems engineer Robert Cailliau each submitted separate proposals for an Internetbased hypertext system providing similar functionality. In 1990, they collaborated on a joint proposal, the World Wide Web (W 3) project, which was accepted by CERN. 70

HTML (2) l l l l July, 1993: a draft by IETF (that is: not a standard – yet). November, 1995: HTML 2. 0 published as IETF RFC 1866, supplemented by RFC 1867 RFC 1942 (tables) in May 1996, RFC 1980 (client-side image maps) in August 1996, and RFC 2070 (internationalization) in January 1997; An HTML 3. 0 standard was proposed in April 1995. January 14, 1997: HTML 3. 2, published as a W 3 C Recommendation. l l l HTML 3. 2 was never submitted to the IETF December 18, 1997: HTML 4. 0, published as a W 3 C Recommendation. It offers three "flavors": – Strict, in which deprecated elements are forbidden, – Transitional, in which deprecated elements are allowed, – Frameset, in which mostly only frame related elements are allowed; April 24, 1998: HTML 4. 0 was reissued with minor edits without incrementing the version number. December 24, 1999: HTML 4. 01, published as a W 3 C Recommendation. It offers the same three flavors as HTML 4. 0, and its last errata was published May 12, 2001. HTML 4. 01 and ISO/IEC 15445: 2000 are the most recent and final versions of HTML. May 15, 2000: ISO/IEC 15445: 2000 ("ISO HTML", based on HTML 4. 01 Strict), published as an ISO/IEC international standard. l HTML 5 is still an Editor’s Draft, and not endorsed by W 3 C yet. 71

HTML (3) (a) The HTML for a sample page. (b) The formatted page. (b) 72

HTML (3) A selection of common HTML tags. some can have additional parameters (attributes). 73

HTML Tables (a) An HTML table. (b) A possible rendition of this table. 74

HTML Forms (a) The HTML for an order form. (b) The formatted page. 75

HTML Forms (2) A possible response from the browser to the server with information filled in by the user. 76

XML and XSL e. Xtensible Markup Language A simple Web page in XML. 77

XML and XSL e. Xtensible Stylesheet Language A style sheet in XSL. 78

Dynamic Web Documents Steps in processing the information from an HTML form. 79

Dynamic Web Documents (2) A sample HTML page with embedded PHP script. 80

“Web Services” l l The W 3 C defines a Web Service as “A software system designed to support interoperable Machine to Machine interaction over a network. “ Web services are frequently just Web APIs that can be accessed over a network, such as the Internet, and executed on a remote system hosting the requested services. The W 3 C Web Service definition encompasses many different systems, but in common usage the term refers to clients and servers that communicate using XML messages that follow the SOAP (Simple Object Access Protocol) standard. Common in both the field and the terminology is the assumption that there is also a machine readable description of the operations supported by the server written in the Web Services Description Language (WSDL). The latter is not a requirement of a SOAP endpoint, but it is a prerequisite for automated client-side code generation in the 81 mainstream Java, . NET SOAP etc. frameworks.

Network News Transfer Protocol (NNTP) l l An Internet application protocol used primarily for reading and posting Usenet articles (aka netnews or simply: news), as well as transferring news among news servers. Created by Brian Kantor of the University of California, San Diego. Phil Lapsley of the University of California, Berkeley completed RFC 977 (1986). Originally designed around the UUCP (Unix to Unix Co. Py) network, with most article transfers taking place over direct computer-to-computer 82 telephone links.

NNTP (2) l l Because networked Internet-compatible filesystems were not yet widely available, it was decided to develop a new text protocol that resembled SMTP, but was tailored for reading newsgroups. The well-known TCP port 119 is reserved for NNTP. TCP port 563 is used for connectiong through SSL (a. k. a. NNTPS). IETF released RFC 3977 in Oct 2006, which updates the NNTP protocol. The IMAP protocol can also be used for reading newsgroups. 83

An e-mail client as a News reader 84 Public News servers: http: //www. dmoz. org/Computers/Usenet/Public_News_Servers

Simple Network Management Protocol (SNMP) l l l Application layer protocol within the OSI model. It uses UDP as transport. “The protocol that specifies how a network management station communicates with agent software in remote devices such as routers. SNMP defines the format of messages and their meaning. ” - Computer Networks and Internets by Douglas E. Comer. 85

SNMP – some history l l Size and number of networks required a standard protocol in order to communicate with devices on the network. 1970’s - SNMPv 1, the first network management protocol. – Originally designed as a “quick-fix”. l 1988 - SNMPv 2 standard designed. l 2004 – SNMPv 3, the current version – RFC 3411 – RFC 3418 (also known as STD 0062). 86

SNMP Technology l l Exchanges network information through PDU’s. Part of the Internet Network Management Architecture NMS l Internet Management Model – – – – – Network elements Agents Managed objects MIB’s (Management Information Bases) Syntax notation SMI (Structure of Management Info) NMS (Network-management systems) Parties Management protocols User Interface Network Management Application SNMP Agent MIB MIB Managed Device 87

SNMP Operations l SNMP is a simple “request/response” protocol which uses six operations: – – – Get. Next Get. Bulk Set Trap Inform 88

SNMP v 1 Packet Format l SNMP v 1 packets contain two parts: – First part contains version and community name. – Second part contains PDU. Version Community SNMP PDU Type Request ID Error Status Error Index Object 1, Value 1 Object 2, Value 2 Object X, Value X. . . 89

SNMP v 2 Packet Format l Like SNMP v 1, SNMP v 2 contain two parts: – First part is called a wrapper which contains authentication, privacy information and a context. – Second contains a PDU with similarities to SNMP v 1. Wrapper SNMP PDU Type Request ID Error Status OR Error Index OR Object 1, Value 1 Object X, Value X. . . 90

SNMP v 1 and v 2 Advantages and Disadvantages l Advantages – – Simple design. Easy implementation Wide spread usage. Expandability. l Disadvantages – Security holes. – Old technology. 91

The new SNMP v 3 l Structure, components and architecture similar to v 1 and v 2. l New features include: – – – – l Authentication and privacy. Authorization and access control. Naming of entities. People and policies. Usernames and key management. Notification destinations. Remotely configurable via SNMP operations. http: //www. ietf. org/html. charters/snmpv 3 -charter. html 92

SNMP Conclusion l l The goals: Integrated network management, Interoperability, Standards. Network management applications based on SNMP rely on the standards based TCP/IP protocol to effectively oversee large heterogeneous networks. SNMP sits on the application layer and uses UDP protocol to communicate with each network device. SNMP is essential in order to effectively maintain today’s large networks. 93

NTP - Introduction l l Network Time Protocol (NTP) synchronizes clocks of hosts and routers in the Internet. NTP provides nominal accuracies of low tens of milliseconds on WANs, submilliseconds on LANs, and submicroseconds using a precision time source such as a cesium oscillator or GPS receiver. NTP software has been ported to almost every workstation and server platform available today - from PCs to Crays - Unix, Windows, VMS and embedded systems, even home routers and battery backup systems. The NTP architecture, protocol and algorithms have been evolved over the last two decades to the latest NTP Version 4 software distributions. 94

Needs for precision time l l l l Distributed database transaction journalling and logging Stock market buy and sell orders Secure document timestamps (with cryptographic certification) Aviation traffic control and position reporting Radio and TV programming launch and monitoring Intruder detection, location and reporting Multimedia synchronization for real-time teleconferencing Interactive simulation event synchronization and ordering Network monitoring, measurement and control Early detection of failing network infrastructure devices and air conditioning equipment Differentiated services traffic engineering Distributed network gaming and training 95. . . and Grid computing

NTP summary l l l Primary (stratum 1) servers synchronize to national time standards via radio, satellite and modem. Secondary (stratum 2, . . . ) servers and clients synchronize to primary servers via hierarchical subnet. Clients and servers operate in master/slave, symmetric and multicast modes with or without cryptographic authentication. Reliability assured by redundant servers and diverse network paths. Engineered algorithms reduce jitter, mitigate multiple sources and avoid improperly operating servers. The system clock is disciplined in time and frequency using an adaptive algorithm responsive to network time jitter 96 and clock oscillator frequency wander.

NTP architecture overview Peer 1 Clock Discipline Algorithm Filter 1 Peer 2 Filter 2 Peer 3 Filter 3 Selection and Clustering Algorithms Combining Algorithm P/F-Lock Loop Timestamps NTP Messages l l l Loop Filter VFO Multiple servers/peers provide redundancy and diversity. Clock filters select best from a window of eight time offset samples. Intersection and clustering algorithms pick best truechimers and discard falsetickers. Combining algorithm computes weighted average of time offsets. Loop filter and variable frequency oscillator (VFO) implement hybrid phase/frequency-lock (P/F) feedback loop to minimize jitter and wander. 97

NTP subnet configurations S 3 S 3 S 2 S 4 S 2 S 3 Workstation (a) S 1 * S 1 S 2 Clients (c) l l l * S 2 S 3 * Clients (b) S 1 S 2 S 1 * S 1 S 2 * * to buddy (S 2) (a) Workstations use multicast mode with multiple department servers. (b) Department servers use client/server modes with multiple campus servers and symmetric modes with each other. (c) Campus servers use client/server modes with up to six different external primary servers and symmetric modes with 98 each other and external secondary (buddy) servers.

NTP - Goals and non-goals l Goals – Provide the best accuracy under prevailing network and server conditions. – Resist many and varied kinds of failures, including two-face, fail-stop, malicious attacks and implementation bugs. – Maximize utilization of Internet diversity and redundancy. – Automatically organize subnet topology for best accuracy and reliability. – Self contained cryptographic authentication based on both symmetric key and public key infrastructures and independent of external services. l Non-goals – – – Local time – this is provided by the operating system. Access control - this is provided by firewalls and address filtering. Privacy - all protocol values, including time values, are public. Non-repudiation - this can be provided by a layered protocol if necessary. Conversion of NTP timestamps to and from other time representations and formats. 99

NTP Version 4 l l l Current NTP v 3 has been in use since 1992, with nominal accuracy in the low milliseconds. Modern workstations and networks are much faster today, with attainable accuracy in the low microseconds. NTP v 4 architecture, protocol and algorithms have been evolved to achieve this degree of accuracy. – Improved clock models which accurately predict the time and frequency adjustment for each synchronization source and network path. – Engineered algorithms reduce the impact of network jitter and oscillator wander while speeding up initial convergence. – Redesigned clock discipline algorithm operates in frequency-lock, phaselock and hybrid modes. l The improvements, confirmed by simulation, improve accuracy by about a factor of ten, while allowing operation at much longer poll intervals without significant reduction in accuracy. 100

NTP v 4 Autonomous System model l Fire-and-forget software – Single software distribution can be compiled and installed automatically on most host architectures and operating systems. – Run-time configuration can be automatically determined and maintained in response to changing network topology and server availability. l Optional autonomous configuration (Autoconfigure) – Multicast survey nearby network environment to construct a list of suitable servers. – Select best servers from among the list using a defined metric. – Reconfigure the subnet for best accuracy with overhead constraints. – Periodically refresh the list in order to adapt to changing topology. l Optional autonomous authentication (Autokey) – For each new server found, fetch and verify its cryptographic credentials. – Authenticate each message received using engineered protocol. 101 – Regenerate keys in a timely manner to resist compromise.

An example of a busy NTP server l l l NTP primary (stratum 1) server rackety is a server supporting 734 clients all over the world. This machine supports NFS, NTP, RIP, IGMP and a mess of printers, radio clocks and an 8 -port serial multiplexor The mean input packet rate is 6. 4 packets/sec, which corresponds to a mean poll interval of 157 seconds for each client Each input packet generates an average of 0. 64 output packets and requires a total of 2. 4 ms of CPU time for the input/output transaction In total, the NTP service requires 1. 54% of the available CPU time and generates 10. 5, 608 -bit packets per second, or 0. 41% of a T 1 line The conclusion is that even a slow machine can support substantial numbers of clients with no significant degradation on other network services. 102

Precision timekeeping equipment (prior to 2000) Austron 2200 A GPS Receiver Austron 2000 LORAN-C Receiver Spectracom 8170 WWVB Reciver Hewlett Packard 5061 A Cesium Beam Frequency Standard NTP primary time server rackety 103

Squeezing the nanoseconds l l This shows the residual error measured between the Austron 2201 GPS receiver and the HP 5061 A cesium clock The GPS receiver is stabilized using the LORAN-C receiver, which improves its accuracy to about 50 ns, in spite of the intentional degradation introduced in the GPS signal available to 104 the public

NTP resources l l l NTP home: http: //www. ntp. org NTP v 3 Specification RFC 1305 Simple NTP (SNTP) v 4 specification RFC 2030 – Applicable to IPv 4, IPv 6 and ISO CNLS l List of public NTP time servers (as of Dec 2007) – 177 active primary (stratum 1) servers – 278 active stratum 2 servers l pool. ntp. org – A a big virtual cluster of timeservers striving to provide reliable easy to use NTP service for millions ofclients 105 without putting a strain on the big popular timeservers.

Miscellaneous Application Protocols l l l Remote Procedure Call (RPC) is a technology that allows a computer program to cause a subroutine or procedure to execute in another address space (commonly on another computer on a shared network) without the programmer explicitly coding the details for this remote interaction. RPC may be referred to as remote invocation or remote method invocation (RMI). Strictly said: RPC is a part of the OSI Session layer. Many different (!) implementations of RPC: ONC RPC, DCE/RPC, MSRPC etc. 106

l l Miscellaneous Application Protocols (2) Network File System (NFS) – a protocol for sharing files and directories for access over a network. It is based on RPC. Developed by Sun Microsystems, 1984. The current version is 4 (RFC 3530) Common features: – Several security mechanisms – the COMPOUND procedure – Filesystem Replication and Migration – File OPEN and CLOSE (net)operations – File locking – Client Caching and Delegation 107