You are on page 1of 14

Network Applications Drive

Network Design
Important to remember that network
applications are the reason we care about
3: Application Protocols: building a network infrastructure
HTTP and DNS Applications range from text based
command line ones popular in the 1980s
(like telnet, ftp, news, chat, etc) to
Last Modified: multimedia applications (Web browsers,
audio and video streaming, real-time video
2/3/2003 8:13:18 PM
conferencing, etc.)

2: Application Layer 1 2: Application Layer 2

Top-down: Internet protocol


What is the Internet used for? CAIDA (1999)



Transport TCP, UDP.

Network IP

Point-to-point links,
LANs, radios, ...
2: Application Layer 3 2: Application Layer 4

Protocol stack Applications and application-layer protocols

Application: communicating, application

user X English user Y distributed processes network
data link
running in network hosts in physical

user space
e-mail client SMTP e-mail server exchange messages to
implement app
e.g., email, file transfer, the

TCP server TCP server Application-layer protocols
one piece of an app (web
browser do more than speak application transport
transport network
IP server IP server network
data link
data link
define messages exchanged physical

by apps and actions taken

ethernet IEEE 802.3 standard ethernet user services provided by

driver/card driver/card lower layer protocols

electric signals 2: Application Layer 5 2: Application Layer 6

Client-server paradigm HTTP
Typical network app has two application
pieces: client and server transport
data link
Client: physical

initiates contact with server

(speaks first)
typically requests service from
for Web, client is implemented reply
in browser; for e-mail, in mail
reader transport
Server: data link

Running first (always?)

provides requested service to
client e.g., Web server sends
requested Web page, mail
2: Application Layer 2: Application Layer
server delivers e-mail 7 8

The Web: the http protocol The http protocol: more

http: hypertext transfer http: TCP transport http is stateless
Webs application layer
service: server maintains no
protocol PC running ues client initiates TCP information about
htt t
client/server model Explorer
p res connection (creates socket) past client requests
client: browser that to server, port 80
requests, receives, aside
server accepts TCP Protocols that maintain
displays Web objects st
ue connection from client state are complex!
server: Web server has req Server
tp nse
access to storage ht s po running http messages (application- past history (state) must
containing a set of Web t p NCSA Web
ht layer protocol messages) be maintained
documents; sends copies in server
exchanged between browser if server/client crashes,
response to requests
(http client) and Web server their views of state may
http1.0: RFC 1945 Mac running (http server) be inconsistent, must be
http1.1: RFC 2616 Navigator
TCP connection closed reconciled
r (e.g. Java applet)

2: Application Layer 9 2: Application Layer 10

Uniform Resource Locator Note: Static vs Dynamic vs

(URL) Active Web Pages
Static: Stored in a file and unchanging
Dynamic: Formed by server on demand in
protocol = http response to a request
authority = server machine Output from a program (e.g. Common Gateway
Interface (CGI) )
port = 80 by default
Often use query data sent with URL
/p/a/th/item_name = specifies a file to be
returned or possibly a program to be executed
to produce the file to be returned Active: Executed at the client!
query = data to be interpreted by server Computer program (not just output) that can
interact with user (e.g. Java applet)
2: Application Layer 11 2: Application Layer 12

http example http example (cont.)
Suppose user enters URL (contains text, 4. http server closes TCP references to 10 connection.
5. http client receives response
jpeg images)
message containing html file,
1a. http client initiates TCP displays html. Parsing html
connection to http server file, finds 10 referenced jpeg
1b. http server at host
(process) at objects waiting Port 80
for TCP connection at port 80. 6. Steps 1-5 repeated for each
is default for http server.
accepts connection, notifying of 10 jpeg objects
client time
2. http client sends http request
message (containing URL) into
TCP connection socket 3. http server receives request
message, forms response
message containing requested
sends message into socket
2: Application Layer 13 2: Application Layer 14

http message format: request http request message: general format

Two types of http messages: request, response

Http request message:
ASCII (human-readable format)

request line
(GET, POST, GET /somedir/page.html HTTP/1.0
HEAD commands) User-agent: Mozilla/4.0
Accept: text/html, image/gif,image/jpeg
header Accept-language:fr

Carriage return, (extra carriage return, line feed)

line feed
indicates end
of message
2: Application Layer 15 2: Application Layer 16

http message format: response http response status codes

status line In first line in server->client response message.
(protocol A few sample codes:
status code HTTP/1.0 200 OK
status phrase) Date: Thu, 06 Aug 1998 12:00:15 GMT 200 OK
Server: Apache/1.3.0 (Unix)
request succeeded, requested object later in this message
Last-Modified: Mon, 22 Jun 1998 ...
Content-Length: 6821 301 Moved Permanently
Content-Type: text/html requested object moved, new location specified later in
this message (Location:)
data data data data data ...
data, e.g., 400 Bad Request
requested request message not understood by server
html file 404 Not Found
requested document not found on this server
505 HTTP Version Not Supported
2: Application Layer 17 2: Application Layer 18

Conditional GET Authentication (and statelessness)
Authentication goal: control
Goal: dont send object if client server access to server documents client server
client has up-to-date stored stateless: client must present
usual http request msg
(cached) version http request msg authorization in each request
If-modified-since: object authorization: typically name, 401: authorization req.
client: specify date of <date>
not WWW authenticate:
cached copy in http request http response modified authorization: header
If-modified-since: HTTP/1.0
304 Not Modified
line in request usual http request msg
if no authorization + Authorization:line
server: response contains presented, server refuses
no object if cached copy up- usual http response msg
access, sends
to-date: http request msg WWW authenticate:
HTTP/1.0 304 Not
object header line in response usual http request msg
Modified modified Authorization will go with + Authorization:line
http response
HTTP/1.0 200 OK each request to server usual http response msg time

<data> Browser caches name & password so
2: Application Layer 19 that user does not have to repeatedly enter it. 2: Application Layer 20

HTTP 1.1 : Persistent connections

Cookies (and statelessness ?)
Non-persistent Persistent
server HTTP/1.0 default for HTTP/1.1
server sends cookie to client
client in response mst server parses request, on same TCP
usual http request msg
responds, and closes connection: server,
usual http response +
client presents cookie in parses request,
later requests
Set-cookie: # TCP connection responds, parses new
cookie: Each object transfer request,..
server matches usual http request msg suffers from TCP
cookie- Client sends requests
presented-cookie with cookie: #
server-stored info spectific connection setup for all referenced
usual http response msg objects as soon as it
action overhead
remembering user 2 RTTs to fetch each receives base HTML.
preferences, previous usual http request msg
cookie- object Fewer RTTs
choices cookie: #
Get client to remember usual http response msg But most 1.0 browsers use
state so server can be parallel TCP connections. Do
2: Application Layer
1.1 browsers do this? 2: Application Layer
21 22

Other Features in HTTP 1.1 Web Caches (proxy server)

Goal: satisfy client request without involving origin server
Hostname Identification
Allows one physical web server to serve content for user sets browser: origin
multiple logical servers Web accesses via web server
Content Negotiation client sends all http Proxy
htt st
Allows client to request a specific version of a resource requests to web cache p req server reque
client http
t tp nse
if object at web res ht po
Chunked Transfers
cache, web cache se ht
For dynamic content, server neednt specify all immediately returns st
ue htt
characteristics like size ahead of time object in http req nse
tp po htt est
response ht s pr
Byte Ranges else requests object ht
t p esp
Clients can ask for small pieces of documents from origin server,
then returns http client
Support for Proxies and Caches response to client origin

2: Application Layer 23 2: Application Layer 24

Why Web Caching? Why not web caching?
Assume: cache is close to servers
It adds time to a requests that miss in the
client (e.g., in same network) public
smaller response time: cache Internet cache
closer to client Servers dont see accurate number of hits
decrease traffic to distant to their content
servers 1.5 Mbps
access link To collect information on who is requesting
link out of institutional/local
what, extract fees, etc.

ISP network often bottleneck network
100 Mbps LAN
Other reasons? Anonymity?
Translation for low feature
clients (ex. PDAs)

2: Application Layer 25 2: Application Layer 26

Trying out http (client side) for yourself HTTP 1.0 vs 1.1

1. Telnet to your favorite Web server: 1. HTTP 1.0 telnet 80

GET / HTTP/1.0
telnet 80 Opens TCP connection to port 80
(default http server port) at <send data >
Anything typed in sent Connection closed by foreign host.
to port 80 at
2. HTTP 1.1 telnet 80
2. Type in a GET http request: GET / HTTP/1.1

GET / HTTP/1.0 By typing this in (hit carriage <send data>

return twice), you send GET / HTTP/1.1
this minimal (but complete)
GET request to http server <send data>
GET / HTTP/1.0
3. Look at response message sent by http server!
<send data >
Connection closed by foreign host.
2: Application Layer 27 2: Application Layer 28

Experiment yourself For the record: HTTP vs HTML

1. Try some headers telnet 80 HTML format is highly specified but is just
considered the data or body of an HTTP
GET / HTTP/1.1
HTML is not part of the HTTP protocol
2. Try a real query (look at syntax of URL when you use Example of layering: each layer speaks to a
google) peer layer in an agreed upon language or
3. Try a chunked transfer protocol
4. . In this case, both are processed by the
web browser. The web browser is both an
HTTP client and an HTML parser.
2: Application Layer 29 2: Application Layer 30

DNS Names and IP addresses

People: many identifiers:

SSN, name, Passport #
Internet hosts, routers: many identifiers too
IP address (32 bit) - used for addressing datagrams
name, e.g., - used by humans
Q: map between IP addresses and name ?
DNS does

..but before we talk about DNS lets talk more about

names and addresses!

2: Application Layer 31 2: Application Layer 32

Names and addresses:

Mapping Not 1 to 1
why both?
Name: One name may map to more than one IP
IP address:
IP addresses are per network interface
(Also Ethernet or other link-layer addresses.)
Multihomed machines have more than one
IP addresses are fixed-size numbers. network interface - each with its own IP
32 bits. = address
11011000.11101111.111001.1100101 Example: routers must be like this
Names are memorizable, flexible: One IP address may map to more than one
Variable-length name
Many names for a single IP address. One server machine may be the web server
Change address doesnt imply change name. (,com), mail server (
iPv6 addresses are 128 bit even harder to memorize!
2: Application Layer 33 2: Application Layer 34

How to get names and

How to get a machine name?
Acquistion of Names and numbers are both First, get a domain name then you are free
regulated to assign sub names in that domain
Why? How to get a domain name coming up
Before you ask for a domain name though
Should understand domain name structure
Should also know that you are responsible for
providing authoritative DNS server (actually a
primary and one or more secondary DNS
servers) for that domain and registration
information through whois

2: Application Layer 35 2: Application Layer 36

Domain name structure Top-level Domains (TLDs)
Generic Top Level Domains (gTLDs)
root (unnamed) .com - commercial organizations
.org - not-for-profit organizations
com edu gov mil net org ... fr gr us uk ...
.edu - educational organizations
gTLDs ccTLDs .mil - military organizations
.gov - governmental organizations
google ustreas second level (sub-)domains
.net - network service providers
New: .biz, .info, .name,

gTLDs= Generic Top Level Domains Country code Top Level Domains (ccTLDs)
ccTLDs = Country Code Top Level Domains One for each country

2: Application Layer 37 2: Application Layer 38

How to get a domain name? Want to be a registrar?
In 1998, non-profit corporation, Internet
Corporation for Assigned Names and Numbers tion.htm
(ICANN), was formed to assume responsibility Application + $2500 application fee
from the US Government Sign agreement
ICANN authorizes other companies to register Demonstrate $70,000 in working capital
domains in com, org and net and new gTLDs Yearly fee - $4000 for first TLD + $500
Network Solutions is one of the largest and in for each additional
transitional period between US Govt and ICANN had
sole authority to register domains in com, org and net

2: Application Layer 39 2: Application Layer 40

How to get an IP Address? Internet Registries

If you want a block of IP addresses, go to an
Internet Registry
Answer 1: Normally, answer is get an IP RIPE NCC (Riseaux IP Europiens Network Coordination
address from your upstream provider Centre) for Europe, Middle-East, Africa
APNIC (Asia Pacific Network Information Centre )for Asia
This is essential to maintain efficient routing! and Pacific
Answer 2: If you need lots of IP addresses ARIN (American Registry for Internet Numbers) for North
America, the Caribbean, sub-equatorial Africa
then you can acquire your own block of LACNIC Latin American and Caribbean Registry (new
them. 10/2002)
Note: Once again regional distribution is important for
Get them from a regional Internet registry efficient routing!
Can also get Autonomous System Numbers (ASNs
from these registries
2: Application Layer 41 2: Application Layer 42

Obtaining a Block of IP
Price (ARIN,Jan 2003) Now you know both how to get a machine
name and how to get an IP address
$2500/year for /20 ; $20000/year for a /14
/20 = 20 of the 32 bits in IP address are specified, 12
Now back to DNS how to map from one to
bits free, ~212= 4096 possible hosts the other!
See why a /14 would be more expensive than a /20?

Cant just pay and not use them

IP address space is a scarce resource
You must prove you have fully utilized a small block
before can ask for a larger one!

2: Application Layer 43 2: Application Layer 44

Mapping from name to IP Address? DNS: Domain Name System

How could we provide this service?
In the beginning, file containing mapping for all hosts copied
Domain Name System:
to each new host distributed database implemented in hierarchy of
Size of file? many name servers
Propagation of changes?
application-layer protocol host, routers, name

Centralized DNS server?
single point of failure servers to communicate to resolve names
traffic volume (address/name translation)
distant centralized database
note: core Internet function implemented as

application-layer protocol

doesnt scale! complexity at networks edge

no server has all name-to-IP address mappings

2: Application Layer 45 2: Application Layer 46

Mapping Name Servers to

Name Server Zone Structure
root root

com gov edu mil net org fr gr us uk com gov edu ... Root NS

Structure based on
lucent ustreas lucent ustreas cornell
administrative issues. Lucent NS Ustreas NS

Zone: subtree with common customs

irs irs
administration authority. IRS NS
www www
2: Application Layer 47 2: Application Layer 48

Kinds of Name Servers Local Name Servers
Name server: process running on a host that processes
DNS requests Each host knows the IP address of a local
local name servers: NS.
each ISP, company has local (default) name server
host DNS query first goes to local name server
Each local NS knows the IP addresses of
authoritative name server: all root NSs.
can perform name/address translation for a specific domain or
root name server:
Knows the authoritative server for each domain
intermediate name server:
Authoritative servers for a large domain may hand off queries
to lower level name servers that are responsible for a portion
of the domain

2: Application Layer 49 2: Application Layer 50

Authoritative Name Servers Root Name Servers

Authoritative name servers for a given How do local name servers find the
domain do not cache the translation authoritative NS for a given domain?
instead they are the official source for Local name servers contact root name
translating all machine names in that servers for the address of the
domain authoritative name server for a domain
For each domain, there must be an
authoritative name server
In fact, must be at least two- a primary and

2: Application Layer 51 2: Application Layer 52

Root name servers Putting it together root name server

~10 root name servers in

the Internet host
2 4
A. ROOT-SERVERS.NET wants IP address of 3 5
1. Contacts its local DNS

Most in US, 1 in Japan, 2 2. contacts local name server authorititive name server
in Europe root name server, if necessary
1 6
thost/rootns/ 3. root name server contacts
ftp://rs, authoritative name server,
n/named.cache, if
necessary requesting host
RFC 2870: Root Name
Server Operational
Requirements What is wrong with this picture?
2: Application Layer 53 2: Application Layer 54

DNS: iterated queries root name server Intermediate Name Servers
recursive query: iterated query
2 What about big domains? Couldnt the
Contacted server 3
completes translation recursive authoritative name servers for a big domain get
itself query overloaded like the root? Or maybe it is
Puts burden on 7 inconvenient administratively for two sub domains
contacted server
local name server intermediate name server to share the same DNS server?
iterated query:
We dont want the root to have to remember
contacted server 5 6
different servers for sub domains.
1 8
replies with name of
server to contact Give the root the name of an intermediate name
authoritative name server
I dont know this server
name, but ask this requesting host They arent really the authority for each sub domain but
they can point you to the authority!
Takes burden off
contacted servers

Root servers disable recursive queries! 2: Application Layer 55 2: Application Layer 56

Intermediate Name Server DNS Point of Failure

root name server

2 6
How often are failures a result of DNS
Root name server 7 3
may not know the
real authoritative Make notes of IP addresses of common
name server machines you use
local name server intermediate name server
may know If cant access, try instead accessing by IP
intermediate 4 5 address
1 8
name server: who If you can -> DNS failure somewhere
to contact to find authoritative name server
authoritative requesting host

name server

2: Application Layer 57 2: Application Layer 58

DNS records: More than Name to

IP Address
DNS designed for fairly slow/infrequent change DNS: distributed db storing resource records (RR)
to these mappings
RR format: (name, value, type,ttl)
Changes made via external edits to a zone's Master
Faster more automatic update/notify mechanisms Type=A
under design by IETF One weve been discussing
Proposed Standard: RFC 2136
Maps name to IP address

Example: home machines that get a new IP name is hostname

address all the time can update the translation value is IP address
of human readable name to that new IP address;
DHCP in general Other common ones? NS, MX, CNAME, PTR
Once a non-authoritative name server learns a Lots more: SOA, HINFO, MB, MR, MG, WKS, RB
mapping, it caches the mapping
cache entries timeout (disappear) after some time
What it change faster than cache entries time out?
2: Application Layer 59 2: Application Layer 60

DNS records: More than Name to
PTR Records
IP Address
Type=CNAME Do reverse mapping from IP address to
name is an alias name
name is domain (e.g. for some cannonical
value is IP address of (the real) name Why is that hard? Which name server is
authoritative name server value is cannonical
for this domain (why not responsible for that mapping? How do you
name?) name
find them?
Answer: special root domain, arpa, for
Type=MX Type=PTR
name is IP address (in
reverse lookups
value is hostname of
mailserver associated with special format)
name value is name
Reverse of type A

2: Application Layer 61 2: Application Layer 62

Arpa top level domain Why is it backwards?

Want to know machine name for
Issue a PTR request for Notice that is written
root in order of increasing scope of authority
just like
arpa com gov edu mil net org fr gr us uk From largest scope of authority, gov, up to
single machine
ietf From largest scope of activity, arpa, up to
single machine (or
nslookup query=any
30 33 1 ??
2: Application Layer 63 2: Application Layer 64 domain DNS protocol, messages

DNS protocol : query and repy messages, both with same
When an organization acquires a domain message format
name, they receive authority over the
corresponding part of the domain name msg header
identification: 16 bit # for
space. query, repy to query uses
When an organization acquires a block of same #
IP address space, they receive authority
query or reply
over the corresponding part of the in- recursion desired space. recursion available

Example: Acquire domain and reply is authoritative

reply was truncated
acquire a class B IP Network ID 128.143
Sample query and response?
2: Application Layer 65 2: Application Layer 66

DNS protocol, messages UDP or TCP
DNS usually uses UDP
Name, type fields
for a query Doesnt DNS need error control? Why is UDP
usually ok?
Each object small enough to go in one datagram no need
RRs in reponse
for reorder
to query
Retransmission? Just instrument client to resend request
if doesnt get a response
records for
authoritative servers When does DNS use TCP?
Truncation bit; if reply too long, set truncate bit as
additional helpful signal to request using TCP
info that may be used Also for zone transfers from primary to secondary
servers (RFC still says try UDP first)
BIND can be configured to only respond to a TCP
request if a corresponding UDP request was made
2: Application Layer 67 first 2: Application Layer 68

Why not always TCP? HTTP vs DNS

TCP has higher overhead Why is HTTP human readable and DNS
2 Round Trips per query rather than 1 not?
Many apps that use UDP implement only the Saves space is the limited size of the
subset of TCP functionality they really need query/response packet
Also UDP requires less state on server HTTP used by an application focused on end
users; DNS used by an application focused on
With TCP, each connection requires significant
network management?
Better answer??
More prone to overload (denial of service

2: Application Layer 69 2: Application Layer 70

nslookup Summary
Use to query DNS servers (not telnet like with We looked at two application level
http why?)
protocols: HTTP and DNS
Interactive and Non-interactive modes
nslookup HTTP runs on TCP
Many IP addresses why?
nslookup query=mx DNS usually runs on UDP (sometimes on
nslookup TCP)
Enter interactive shell
Type a host name; get its IP address info
ls d <> (rarely supported)
HTTP is human readable; DNS not
set debug, set recurse, set norecurse,

2: Application Layer 71 2: Application Layer 72

Outtakes Other
DNS forwarding
Way to say if dont find it here look here
I used to be authoritative for this now Im not look
Also useful for reverse lookups when organizations
dont have a full class A/B/C address say where else
to look for possible reverse name lookup
Internal DNS server behind firewall and has full
translations within domain; External has publicly
visible like web and mail servers; Internal is
firewalled off so forwards request for outside world
to external that queries the root servers etc

2: Application Layer 73 2: Application Layer 74

Other DNS Notify

Need to use TCP for DNS through Used by a master server to inform the
firewalls? slave servers that they should ask for an
Common DDOS attack on DNS is to send update. Zone Transfers are typically
TCP requests to a large array of servers limited to only allow the slave servers to
around the world for some zone that they receive that zone. For that reason, using
are not authoritative for. In turn,all the "ls" feature in nslookup almost never
those servers then go and make a large works.
number of TCP requests to that zone's
authoritative server at once.

2: Application Layer 75 2: Application Layer 76

How do clients and servers

HTML overview communicate?
Markup language give general layout API: application Q: how does a process
guidelines - not exact placement or format- programming interface identify the other
defines interface process with which it
so browsers may display the same
between application wants to communicate?
document differently IP address of host
and transport layer
Free form (i.e. Spaces dont matter) socket: Internet API
running other process
port number - allows
Embedded tags give guidelines

two processes receiving host to
communicate by sending determine to which
Tags often appear in pairs data into socket, local process the
beginning <TAGNAME> reading data out of message should be
socket delivered
ending </TAGNAME>
more on this later.
2: Application Layer 77 2: Application Layer 78

Sockets Specify Transport
Sockets define the interfaces between an TCP service: UDP service:
application and the transport layer connection-oriented: setup unreliable data transfer
required between client, between sending and
Applications choose the type of transport server receiving process
layer by choosing the type of socket reliable transport between does not provide:
sending and receiving process
UDP Sockets called DatagramSocket in Java, flow control: sender wont
connection setup,
SOCK_DGRAM in C reliability, flow control,
overwhelm receiver
congestion control, timing,
TCP Sockets called Socket/ServerSocket in congestion control: throttle or bandwidth guarantee
Java, SOCK_STREAM in C sender when nework
Client and server agree on the type of does not providing: timing,
socket, the server port number and the minimum bandwidth
protocol guarantees

2: Application Layer 79 2: Application Layer 80