i. It discards the old LSP and keeps the new one. ii. It sends a copy of it out of each interface except the one from which the packetarrived. This guarantees that flooding stops somewhere in the domain (where anode has only one interface). Formation of Shortest Path Tree: Dijkstra’s Algorithm After receiving all LSPs, eachnode will have a copy of the whole topology. However, the topology is not sufficient tofind the shortest path to every other node; a shortest path tree is needed.A tree is a graph of nodes and links; one node is called the root. All other nodescan be reached from the root through only one single route. A shortest path tree is a treein which the path between the root and every other node is the shortest. What we needfor each node is a shortest path tree with that node as the root. The Dijkstra’s algorithm creates a shortest path tree from a graph. The algorithmdivides the nodes into two sets: tentative and permanent. It finds the neighbours of acurrent node, makes them tentative, examines them, and if they pass the criteria,makes them permanent. We can informally define the algorithm by using the flowchartin figure 13.8.Let us apply the algorithm to node A of our sample graph in figure 13.9. To findthe shortest path in each step, we need the cumulative cost from the root to each node,which is shown next to the node. The following shows the steps. At the end of each step, we show the permanent(filled circles) and the tentative (open circles) nodes and lists with the cumulativecosts. Figure 13.8: Dijkstra’s algorithm 201 CU IDOL SELF LEARNING MATERIAL (SLM)
Figure 13.8: Example offormation ofshortest path tree 1. We make node A the root of the tree and move it to the tentative list. Our two lists arePermanent list: empty Tentative list: A (O). 2. Node A has the shortest cumulative cost from all nodes in the tentative list. We move Ato the permanent list and add all neighbours ofA to the tentative list. Our new lists arePermanent list: A (O) Tentative list: B (5), C (2), and D (3). 3. Node C has the shortest cumulative cost from all nodes in the tentative list. We moveC to the permanent list. Node C has three neighbours, but node A is already processed,which makes the unprocessed neighbours just B and E. However, B is alreadyin the tentative list with a cumulative cost of 5. Node A could also reach node Bthrough C with a cumulative cost of 6. Since 5 is less than 6, we keep node B with accumulative cost of 5 in the tentative list and do not replace it. Our new lists arePermanent list: A (O), e (2) Tentative list: B (5), 0(3), E (6). 4. Node D has the shortest cumulative cost of all the nodes in the tentative list. Wemove D to the permanent list. Node D has no unprocessed neighbour to be added tothe tentative list. Our new lists arePermanent list: A (O), C (2), 0(3) tentative list: B (5), E (6). 5. Node B has the shortest cumulative cost of all the nodes in the tentative list. Wemove B to the permanent list. We need to add all unprocessed neighbours of B to thetentative list (this is just node E). However, E (6) is already in the list with a smallercumulative cost. The cumulative cost to node E, as the neighbour of B, is 8. We keepnode E (6) in the tentative list. Our new lists arePermanent list: A (O), B (5), C (2), 0(3) tentativelists: E (6). 202 CU IDOL SELF LEARNING MATERIAL (SLM)
6. Node E has the shortest cumulative cost from all nodes in the tentative list. Wemove E to the permanent list. Node E has no neighbour. Now the tentative list isempty. We stop; our shortest path tree is ready. The final lists arePermanent list: A (O), B (5), C (2), D (3), E (6) Tentative list: empty. 13.3 CONGESTION CONTROL ALGORITHMS Problem - When too many packets are transmitted through a network, congestion occursat very high traffic, performance collapsescompletely, and almost no packets are delivered. Causes - Bursty nature of traffic is the rootcause. When part of the network no longercan cope a sudden increase of traffic, congestionbuilds upon. Other factors, such as lack ofbandwidth, ill-configuration and slow routerscan also bring up congestion. Figure 13.9: Congestion control Solution - Congestion control and two basic approaches i. Open-loop: try to prevent congestion occurring by good design ii. Closed-loop: monitor the system to detect congestion, pass this information to where action canbe taken, and adjust system operation to correct the problem (detectfeedback and correct). Differences between congestion control and flow control: i. Congestion control try to make sure subnet can carry offered traffic, a global issue involving allthe hosts and routers. It can be open-loop based or involving feedback. ii. Flow control is related to point-to-point traffic between given sender and receiverit alwaysinvolves direct feedback from receiver to sender. Open-Loop Congestion Control Prevention: Different policies at various layers can affect congestion, and these are summarised inthe table. e.g. Retransmission policy at data link layeraffects congestion: A 203 CU IDOL SELF LEARNING MATERIAL (SLM)
jumpy sender that timesout quickly and retransmits all the outstandingframes using go back n will put a heavy loadon the system than a leisurely sender that usesselective repeat. Table 13:1: Open-loop congestion control Congestion prevention tries to design thesepolicies carefully to minimise congestion in the first place. Traffic shaping: As burstiness of traffic is a maincause of congestion, it is used to regulate averagerate and burstiness of traffic. E.g. when a virtual circuit is set up, the user and the subnet first agree certain traffic shape forthat circuit. Monitoring traffic flow, called traffic policing, is left to the subset. Agreeing to a traffic shape and policing it afterward are easier with virtual circuit subnets, butthe same ideas can be applied to datagram subnet at transport layer. Congestion Control in Virtual Circuits These are closed-loop based designed for virtual circuits subnets, which are connection oriented during connection set up, something can be done to help congestion control. The basic principle is obvious: When setting up a virtual circuit, make sure that congestion can be avoided. Admission control: Oncecongestion has been signalledno more new virtual circuitscan be set up until the problemhas gone away. This is crudebut simple and easy to do.Select alternative routes to (a) (b)avoid part of the network that is overloaded, i.e. temporarily rebuild your view of network. E.g. normally, when router A sets a connection to B, it would pass through one of the two congested routers, as this would result in aminimum-hop route (4 and 5 hops respectively). To avoid congestion, a temporary subnet is redrawn by eliminating congested routers. Avirtual circuit can then be established to avoid congestion. 204 CU IDOL SELF LEARNING MATERIAL (SLM)
Negotiate quality of connection in advance, so that network provider can reserve buffers andother resources, guaranteed to be there. Figure 13.10Congestion control in virtual circuits Congestion Control for Multicasting Congestion control algorithms discussed so far deal with single-source to single-destination case. In the advent of all kinds of services on the Internet that deal with broadcasting streams of data(voice and video) with a limited bandwidth, managing multicast flows from multiple sources tomultiple destinations becomes critical. Multicast routing uses spanning trees – Hosts 1 and 2 are multicast senders,and hosts 3, 4 and 5 are multicastreceivers(a) Shows network topology, multicasttrees from hosts 1 and 2 are shown in(b) and (c). • Resource reservation protocol: Thebasic idea is that, to avoid congestion, extra information can be broadcasted to the group periodically to tell the routers along the tree to maintain certain data structures in theirmemories. Figure 13.11: Congestion control for multicasting 205 13.4 QUALITY OF SERVICE CU IDOL SELF LEARNING MATERIAL (SLM)
QoS refers to the capability of a network to provide better service to selected network traffic overvarious technologies, including Frame Relay, Asynchronous Transfer Mode (ATM), Ethernet and802.1 networks, SONET, and IP-routed networks that may use any or all of these underlyingtechnologies. Primary goals of QoS include dedicated bandwidth, controlled jitter and latency(required by some real-time and interactive traffic), and improved loss characteristics. QoStechnologies provide the elemental building blocks that will be used for future business applicationsin campus, WAN and service provider networks. This chapter outlines the features and benefits ofthe QoS provided by the Cisco IOS QoS. The Cisco IOS QoS software enables complex networks to control and predictably service a varietyof networked applications and traffic types. Almost any network can take advantage of QoS foroptimum efficiency, whether it is a small corporate network, an Internet service provider, or anenterprise network. The Cisco IOS QoS software provides these benefits. Control overResource You have control over which resources (bandwidth, equipment,wide-area facilitiesand so on) are being used. For example, you can limit the bandwidthconsumed over a backbone link by FTP transfers or give priority to an important database access. More Efficient Use of Network Resources Using Cisco’s network analysis management andaccounting tools, you will know what your network is being used for and that you are servicingthe most important traffic to your business. Tailored Services The control and visibility provided by QoS enables Internet service providersto offer carefully tailored grades of service differentiation to their customers. Coexistence of Mission-Critical Applications Cisco’s QoS technologies make certain that yourWAN is used efficiently by mission-critical applications that are most important to your business;that bandwidth and minimum delays required by time-sensitive multimedia and voiceapplications are available; and that other applications using the link get their fair service withoutinterfering with mission-critical traffic. Foundation for a Fully Integrated Network in the Future Implementing Cisco QoS technologies inyour network now is a good first step toward the fully integrated multimedia network needed inthe near future. Basic QoS Architecture The basic architecture introduces the three fundamental pieces for QoS implementation (see figure 13.13). 206 CU IDOL SELF LEARNING MATERIAL (SLM)
QoS within a single network element (for example, queuing, scheduling, and traffic shapingtools). QoS signalling techniques for coordinating QoS from end to end between network elements. QoS policy, management, and accounting functions to control and administer end-to- end trafficacross a network. Figure 13.12: A basic QoS implementation has three main components. 13.4.1 End-to-End QoS Levels Service levels refer to the actual end-to-end QoS capabilities, meaning the ability of a network todeliver service needed by specific network traffic from end to end or edge to edge. The services differin their level of “QoS strictness,” which describes how tightly the service can be bound by specificbandwidth, delay, jitter, and loss characteristics. Three basic levels of end-to-end QoS can be provided across a heterogeneous network, as shown in figure 13.14. 207 CU IDOL SELF LEARNING MATERIAL (SLM)
Figure 13.13: The three levels of end-to-end QoS are best-effort service, differentiatedservice, and guaranteed service. Best-effort service - Also known as lack of QoS, best-effort service is basic connectivity with noguarantees. Differentiated service (also called soft QoS)—some traffic is treated better than the rest (fasterhandling, more bandwidth on average, lower loss rate on average). This is a statistical preference,not a hard and fast guarantee. Guaranteed service (also called hard QoS)—an absolute reservation of network resources forspecific traffic.Deciding which type of service is appropriate to deploy in the network depends on several factors. The application or problem the customer is trying to solve. Each of the three types of service is appropriate for certain applications. This does not imply that a customer must migrate todifferentiated and then to guaranteed service (although many probably eventually will). Adifferentiated service—or even best-effort service—may be appropriate depending on thecustomer application requirements. The rate at which customers can realistically upgrade their infrastructures. There is a naturalupgrade path from the technology needed to provide differentiated services to that needed toprovide guaranteed services, which is a superset of that needed for differentiated services. The cost of implementing and deploying guaranteed service is likely to be more than that for adifferentiated service. 208 CU IDOL SELF LEARNING MATERIAL (SLM)
13.5 INTERNETWORKING The physical and data link layers of a network operate locally. These two layers arejointly responsible for data delivery on the network from one node to the next, as shownin figure 13.15.This internetwork is made of five networks: four LANs and one WAN. If host Aneeds to send a data packet to host D, the packet needs to go first from A to Rl (a switchor router), then from Rl to R3, and finally from R3 to host D. We say that the data packetpasses through three links. In each link, two physical and two data link layers are involved.However, there is a big problem here. When data arrive at interface fl of Rl, howdoes RI know that interface f3 is the outgoing interface? There is no provision in thedata link (or physical) layer to help Rl make the right decision. The frame does notcarry any routing information either. The frame contains the MAC address ofA as thesource and the MAC address of Rl as the destination. For a LAN or a WAN, deliverymeans carrying the frame through one link, and not beyond. Figure 13.14: Links between two hosts Need for Network Layer To solve the problem of delivery through several links, the network layer (or the internetworklayer, as it is sometimes called) was designed. The network layer is responsiblefor host-to-host delivery and for routing the packets through the routers or switches.Figure 13.16 shows the same internetwork with a network layer added. 209 CU IDOL SELF LEARNING MATERIAL (SLM)
Figure 13.15: Network layer in an internetwork Figure 13.17 shows the general idea of the functionality of the network layer at asource, at a router, and at the destination. The network layer at the source is responsiblefor creating a packet from the data coming from another protocol (such as a transportlayer protocol or a routing protocol). The header of the packet contains, among otherinformation, the logical addresses of the source and destination. The network layer isresponsible for checking its routing table to find the routing information (such as theoutgoing interface of the packet or the physical address of the next node). If the packetis too large, the packet is fragmented. 210 CU IDOL SELF LEARNING MATERIAL (SLM)
Figure 13.16: Network layer at the source, router, and destination The network layer at the switch or router is responsible for routing the packet.When a packet arrives, the router or switch consults its routing table and finds the interfacefrom which the packet must be sent. The packet, after some changes in the header,with the routing information is passed to the data link layer again. The network layer at the destination is responsible for address verification; it makessure that the destination address on the packet is the same as the address of the host. Ifthe packet is a fragment, the network layer waits until all fragments have arrived, andthen reassembles them and delivers the reassembled packet to the transport layer. 13.6 NETWORK-LAYER IN THE INTERNET The Internet, at the network layer, is a packet-switched network. We said that, in general, switching can be divided into three broad categories circuit switching, packet switching, and message switching. Packet switching useseither the virtual circuit approach or the datagram approach.The Internet has chosen the datagram approach to switching in the network layer. 211 CU IDOL SELF LEARNING MATERIAL (SLM)
It uses the universal addresses defined in the network layer to route packets from thesource to the destination. Internet as a Connectionless Network Delivery of a packet can be accomplished by using either a connection-oriented or aconnectionless network service. In a connection-oriented service, the source firstmakes a connection with the destination before sending a packet. When the connectionis established, a sequence of packets from the same source to the same destination canbe sent one after another. In this case, there is a relationship between packets. They aresent on the same path in sequential order. A packet is logically connected to the packettraveling before it and to the packet traveling after it. When all packets of a messagehave been delivered, the connection is terminated.In a connection-oriented protocol, the decision about the route of a sequence ofpackets with the same source and destination addresses can be made only once, whenthe connection is established. Switches do not recalculate the route for each individualpacket. This type of service is used in a virtual-circuit approach to packet switchingsuch as in Frame Relay and ATM. In connectionless service, the network layer protocol treats each packet independently,with each packet having no relationship to any other packet. The packets in amessage mayor may not travel the same path to their destination. This type of serviceis used in the datagram approach to packet switching. The Internet has chosen this typeof service at the network layer.The reason for this decision is that the Internet is made of so many heterogeneousnetworks that it is almost impossible to create a connection from the source to thedestination without knowing the nature of the networks in advance. 13.7 SUMMARY The tables need to be updated as soon as there is a change in the internet. For instance, they need to be updated when a router is down, and they need to be updated whenever a better route has been found. Routing protocols have been created in response to the demand for dynamic routing tables. A routing protocol is a combination of rules and a procedure that lets routers in the internet inform each other of changes. The cost of passing through a network is the same; it is one hop count. So if a packet passes through 10 networks to reach the destination, the total cost is 10 hop counts. Other protocols, such as Open Shortest Path First (OSPF), allow the administrator to assign a cost for passing through a network based on the type of service required. A route through a network can have different costs (metrics). For example, if maximum throughput is the desired type of service, a satellite link has a lower metric than a fibre-optic line. On the other hand, if minimum delay is the desired type of service, a fibre-optic line has a lower metric than a satellite link. 212 CU IDOL SELF LEARNING MATERIAL (SLM)
In distance vector routing, the least-cost route between any two nodes is the route with minimum distance. In this protocol, as the name implies, each node maintains a vector (table) of minimum distances to every node. The table at each node also guides the packets to the desired node by showing the next stop in the route (next-hop routing). We can think of nodes as the cities in an area and the lines as the roads connecting them. There are several points we need to emphasize here. First, as we know from mathematics, when we add any number to infinity, the result is still infinity. Second, the modified table shows how to reach A from A via C. If A needs to reach itself via C, it needs to go to C and come back, a distance of 4. Third, the only benefit from this updating of node A is the last entry, how to reach E. The network layer at the switch or router is responsible for routing the packet. When a packet arrives, the router or switch consults its routing table and finds the interface from which the packet must be sent. The packet, after some changes in the header, with the routing information is passed to the data link layer again. The network layer at the destination is responsible for address verification; it makes sure that the destination address on the packet is the same as the address of the host. If the packet is a fragment, the network layer waits until all fragments have arrived, and then reassembles them and delivers the reassembled packet to the transport layer. In a connection-oriented service, the source first makes a connection with the destination before sending a packet. When the connection is established, a sequence of packets from the same source to the same destination can be sent one after another. In this case, there is a relationship between packets. They are sent on the same path in sequential order. A packet is logically connected to the packet traveling before it and to the packet traveling after it. When all packets of a message have been delivered, the connection is terminated. Link state routing has a different philosophy from that of distance vector routing. In link state routing, if each node in the domain has the entire topology of the domain the list of nodes and links, how they are connected including the type, cost (metric), and condition of the links (up or down)-the node can use Dijkstra's algorithm to build a routing table. 13.8 KEYWORDS Hierarchical Routing - A routing technique in which the entire address space is divided into levels based on specific criteria.Hierarchical routing is a method of routing in networks that is based on hierarchical addressing. 213 CU IDOL SELF LEARNING MATERIAL (SLM)
Host-Specific Routing - A routing method in which the full IP address of a host is given in the routing table.Host specific routing determines the packet forward route based on the exact matching of a packet's IP address with the routing table entry that records the route towards the host. Most of the existing routers can support a small number of host specific routes in their routing tables. Hypertext - Information containing text that is linked to other documents through pointers.Hypertext is text displayed on a computer display or other electronic devices with references to other text that the reader can immediately access. Hypertext documents are interconnected by hyperlinks, which are typically activated by a mouse click, key press set, or screen touch. Hub - A central device in a star topology that provides a common connection among the nodes.An Ethernet hub, active hub, network hub, repeater hub, multiport repeater, or simply hub is a network hardware device for connecting multiple Ethernet devices together and making them act as a single network segment. Network Address Translation (NAT) - A technology that allows a private network to use a set of private addresses for internal communication and a set of global Internet addresses for external communication.Network address translation is a method of mapping an IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. Network Address - An address that identifies a network to the rest of the Internet; it is the first address in a block.A network address is an identifier for a node or host on a telecommunications network. ... Network addresses can be flat addresses which contain no information about the node's location in the network (such as a MAC address), or may contain structure or hierarchical information for the routing (such as an IP address). Network Interface Card (NIC) - An electronic device, internal or external to a station, which contains circuitry to enable the station to be connected to the network.A network interface card (NIC) is a hardware component without which a computer cannot be connected over a network. Network Layer - The third layer in the Internet model, responsible for the delivery of a packet to the final destination.In the seven-layer OSI model of computer networking, the network layer is layer 3. The network layer is responsible for packet forwarding including routing through intermediate routers. 13.9 LEARNING ACTIVITY 1. Analyse the routing algorithm used in your PCs and list its features. 214 CU IDOL SELF LEARNING MATERIAL (SLM)
___________________________________________________________________________ ___________________________________________________________________________ 2. Identify the end-to-end QoS levels applied in the college network. ___________________________________________________________________________ ___________________________________________________________________________ 13.10 UNIT END QUESTIONS A.Descriptive Questions Short Questions: 1. What is initialization? 2. What is two node loop instability? 3. Define LSP. 4. What is an open loop congestion control? 5. Define internetworking. Long Questions: 1. Explain routing algorithm in detail. 2. Explain congestion control algorithm. 3. Explain quality of service. 4. Describe the different network layers in the internet. 5. Explain distance vector routing. B. Multiple Choice Questions 1. Which algorithm is not used for congestion control? a. Traffic aware routing b. Admission control c. Load shedding d. Routing information protocol 2. Where do we try to create an appropriate environment for the traffic? 215 a. Congestion control b. Quality of service c. Error control CU IDOL SELF LEARNING MATERIAL (SLM)
d. All of these 3. Where do we try to avoid traffic congestion? a. Congestion control b. Quality of service c. Error control d. None of these 4. Which is the flow characteristic that application can tolerate in different degrees? a. Reliability b. Delay c. Jitter d. Bandwidth 5. Why does congestion in a network or inter network occur? a. Because routers and switches have tables b. Because routers and switches have queues c. Because routers and switches have cross points d. None of these Answers 1-d, 2-b, 3-a, 4-b, 5-b 13.11 REFERENCES References Zitsen, W. (1990) ‗Metropolitan Area Networks: Taking LANs into the Public, Network, ‘Telecommunications. Black, U. (1989), Data Networks: Concepts, Theory, and Practice. NJ. Prentice Hall, Englewood Cliffs. Gitlin, R. D. Hayes, J. F & Weinstein, S. B. (1992). Data Communication Principles, Plenum, New York, NY. Textbooks Hughes, L. (1992) Data Communications, McGraw-Hill, NY. Kessler, G. and Train, D. (1992) Metropolitan Area Networks: Concepts. 216 CU IDOL SELF LEARNING MATERIAL (SLM)
Standards, and Service, McGraw-Hill, NY. Websites https://whatis.techtarget.com/definition/Open-Data-Link-Interface-ODI https://ecomputernotes.com/computernetworkingnotes/multiple-access/what-is-wired- transmission-type-of-wired-transmission https://www.techopedia.com/definition/30527/switched-line 217 CU IDOL SELF LEARNING MATERIAL (SLM)
UNIT – 14: APPLICATION LAYER PART 1 STRUCTURE 14.0 Learning Objectives 14.1 Introduction 14.2 DNS 14.2.1 Zones 14.2.2 DNS Servers 14.3 E-Mail 14.4 World Wide Web 14.5 HTTP 14.6 Multimedia 14.7 Summary 14.8 Keywords 14.9 Learning Activity 14.10 Unit End Questions 14.11 References 14.0 LEARNING OBJECTIVES After studying this unit, you will be able to: Explain the different DNS server. Describe the concept of domain name system. Illustrate the usage of e-mail. Explain different DNS zones. 14.1 INTRODUCTION The World Wide Web (WWW) is a repository of information linked together from points all over the world. The WWW has a unique combination of flexibility, portability, and user- friendly features that distinguish it from other services provided by the Internet. The WWW project was initiated by CERN (European Laboratory for Particle Physics) to create a system to handle distributed resources necessary for scientific research. In this chapter we first 218 CU IDOL SELF LEARNING MATERIAL (SLM)
discuss issues related to the web. We then discuss a protocol, HTTP that is used to retrieve information from the web. There are several applications in the application layer of the Internet model that followthe client/server paradigm. The client/server programs can be divided into two categories:those that can be directly used by the user, such as e-mail, and those that support otherapplication programs. The Domain Name System (DNS) is a supporting program thatis used by other programs such as e-mail. Figure 14.1 shows an example of how a DNS client/server program can support ane-mail program to find the IP address of an e-mail recipient. A user of an e-mail programmay know the e-mail address of the recipient; however, the IP protocol needs theIP address. The DNS client program sends a request to a DNS server to map the e-mailaddress to the corresponding IP address. Figure 14.1: Example of using the DNS service To identify an entity, TCPIIP protocols use the IP address, which uniquely identifiesthe connection of a host to the Internet. However, people prefer to use namesinstead of numeric addresses. Therefore, we need a system that can map a name to anaddress or an address to a name.When the Internet was small, mapping was done by using a host file. The host filehad only two columns: name and address. Every host could store the host file on itsdisk and update it periodically from a master host file. When a program or a userwanted to map a name to an address, the host consulted the host file and found themapping.Today, however, it is impossible to have one single host file to relate every addresswith a name and vice versa. The host file would be too large to store in every host. Inaddition, it would be impossible to update all the host files every time there was achange.One solution would be to store the entire host file in a single computer and allowaccess to this centralized information to every computer that needs mapping. But weknow that this would create a huge amount of traffic on the Internet. 219 CU IDOL SELF LEARNING MATERIAL (SLM)
14.2 DNS Another solution, the one used today, is to divide this huge amount of informationinto smaller parts and store each part on a different computer. In this method, the hostthat needs mapping can contact the closest computer holding the needed information.This method is used by the Domain Name System (DNS). In this chapter, we firstdiscuss the concepts and ideas behind the DNS. We then describe the DNS protocolitself. Name Space To be unambiguous, the names assigned to machines must be carefully selected from aname space with complete control over the binding between the names and IP addresses.In other words, the names must be unique because the addresses are unique. A namespace that maps each address to a unique name can be organized in two ways: fiat orhierarchical. Flat Name Space In a flat name space, a name is assigned to an address. A name in this space is asequence of characters without structure. The names may or may not have a commonsection; if they do, it has no meaning. The main disadvantage of a fiat name space isthat it cannot be used in a large system such as the Internet because it must be centrallycontrolled to avoid ambiguity and duplication. Hierarchical Name Space In a hierarchical name space, each name is made of several parts. The first part candefine the nature of the organization, the second part can define the name of an organization,and the third part can define departments in the organization, and so on. In this case, theauthority to assign and control the name spaces can be decentralized. A central authoritycan assign the part of the name that defines the nature of the organization and the nameof the organization. The responsibility of the rest of the name can be given to the organizationitself. The organization can add suffixes (or prefixes) to the name to define its hostor resources. The management of the organization need not worry that the prefix chosenfor a host is taken by another organization because, even if part of an address is the same, the whole address is different. For example, assume two colleges and a companycall one of their computers “challenger”.The first college is given a name by the centralauthority such as jhda.edu, the second college is given the name “berkeley.edu” and thecompany is given the name “smart. Com”. When these organizations add the name “challenger” to the name they have already been given, the end result is three distinguishablenames: challenger.jhda.edu, challenger.berkeley.edu, and challenger.smart.com. The namesare unique without the need for assignment by a central authority. The central authoritycontrols only part of the name, not the whole. 220 CU IDOL SELF LEARNING MATERIAL (SLM)
Domain Name Space To have a hierarchical name space, a domain name space was designed. In this designthe names are defined in an inverted-tree structure with the root at the top. The tree can have only 128 levels: level 0 (root) to level 127 (see Figure 14.2). Figure 14.2: Domain name space Label Each node in the tree has a label, which is a string with a maximum of 63 characters.The root label is a null string (empty string). DNS requires that children of a node(nodes that branchfrom the same node) have different labels, which guarantees theuniqueness of the domain names. Domain Name Each node in the tree has a domain name. A full domain name is a sequence of labelsseparated by dots (.). The domain names are always read from the node up to the root.The last label is the label of the root (null). This means that a full domain name alwaysends in a null label, which means the last character is a dot because the null string isnothing. Figure 14.3 shows some domain names. 221 CU IDOL SELF LEARNING MATERIAL (SLM)
Figure 14.3: Domain names and labels Fully Qualified Domain Name If a label is terminated by a null string, it is called a fully qualified domain name(FQDN). An FQDN is a domain name that contains the full name of a host. It containsall labels, from the most specific to the most general, that uniquely define the name ofthe host. For example, the domain name“challenger.ate.tbda.edu.” is the FQDN of a computer named challenger installed at the Advanced TechnologyCenter (ATC) at De Anza College. A DNS server can only match an FQDN to anaddress. Note that the name must end with a null label, but because null means nothing,the label ends with a dot (.). Partially Qualified Domain Name If a label is not terminated by a null string, it is called a partially qualified domainname (PQDN). A PQDN starts from a node, but it does not reach the root. It is usedwhen the name to be resolved belongs to the same site as the client. Here the resolvercan supply the missing part, called the suffix, to create an FQDN. For exampleif a userat the “jhda.edu’ site wants to get the IP address of the challenger computer, he or shecan define the partial namechallengerThe DNS client adds the suffix atc.jhda.edu. before passing the address to the DNSserver.The DNS client normally holds a list of suffixes. The following can be the list ofsuffixes at De Anza College. The null suffix defines nothing. This suffix is added whenthe user defines an FQDN.Figure 14.4 shows some FQDNs and PQDNs 222 CU IDOL SELF LEARNING MATERIAL (SLM)
Figure 14.4: FQDN and PQDN 14.2.1 Zones Since the complete domain name hierarchy cannot be stored on a single server, it isdivided among many servers. What a server is responsible for or has authority over iscalled a zone. We can define a zone as a contiguous part of the entire tree. If a serveraccepts responsibility for a domain and does not divide the domain into smallerdomains, the domain and the zone refer to the same thing. The server makes a databasecalled a zone file and keeps all the information for every node under that domain. However if a server divides its domain into subdomains and delegates part of its authority toother servers, domain and zone refer to different things. The information about thenodes in the subdomains is stored in the servers at the lower levels, with the originalserver keeping some sort of reference to these lower-level servers. Of course the originalserver does not free itself from responsibility totally: It still has a zone, but thedetailed information is kept by the lower-level servers (see figure 14.5).A server can also divide part of its domain and delegate responsibility but still keeppart of the domain for itself. In this case, its zone is made of detailed information for thepart of the domain that is not delegated and references to those parts that are delegated. Figure 14.5: Zones and domains 223 CU IDOL SELF LEARNING MATERIAL (SLM)
14.2.2 DNS Servers Root Server A root server is a server whose zone consists of the whole tree. A root server usuallydoes not store any information about domains but delegates its authority to other servers,keeping references to those servers. There are several root servers, each covering thewhole domain name space. The servers are distributed all around the world. Primary and Secondary Servers DNS defines two types of servers: primary and secondary. A primary server is a serverthat stores a file about the zone for which it is an authority. It is responsible for creating,maintaining, and updating the zone file. It stores the zone file on a local diska secondary server is a server that transfers the complete information about azone from another server (primary or secondary) and stores the file on its local disk. Thesecondary server neither creates nor updates the zone files. If updating is required, itmust be done by the primary server, which sends the updated version to the secondary.The primary and secondary servers are both authoritative for the zones they serve.The idea is not to put the secondary server at a lower level of authority but to createredundancy for the data so that if one server fails, the other can continue serving clients.Note also that a server can be a primary server for a specific zone and a secondary serverfor another zone. Therefore, when we refer to a server as a primary or secondary server,we should be careful to which zone we refer. 14.3 E-MAIL One of the most popular Internet services is electronic mail (e-mail). The designers ofthe Internet probably never imagined the popularity of this application program. Itsarchitecture consists of several components that we discuss in this chapter.At the beginning of the Internet era, the messages sent by electronic mail were shortand consisted of text only; they let people exchange quick memos. Today, electronicmail is much more complex. It allows a message to include text, audio, and video. It alsoallows one message to be sent to one or more recipients.In this chapter, we first study the general architecture of an e-mail system includingthe three main components: user agent, message transfer agent, and message accessagent. We then describe the protocols that implement these components. Architecture To explain the architecture of e-mail, we give four scenarios. We begin with the simplestsituation and add complexity as we proceed. The fourth scenario is the most common inthe exchange of email. First Scenario In the first scenario, the sender and the receiver of the e-mail are users (or applicationprograms) on the same system; they are directly connected to a shared system. 224 CU IDOL SELF LEARNING MATERIAL (SLM)
Theadministrator has created one mailbox for each user where the received messages arestored. A mailbox is part of a local hard drive, a special file with permission restrictions.Only the owner of the mailbox has access to it. When Alice, a user, needs to send amessage to Bob, another user, Alice runs a user agent (VA) program to prepare themessage and store it in Bob's mailbox. The message has the sender and recipient mailboxaddresses (names of files). Bob can retrieve and read the contents of his mailbox athis convenience, using a user agent. Figure 14.6 shows the concept.This is similar to the traditional memo exchange between employees in an office.There is a mailroom where each employee has a mailbox with his or her name on it. Figure 14.6: First scenario in electronic mail When Alice needs to send a memo to Bob, she writes the memo and inserts it intoBob's mailbox. When Bob checks his mailbox, he finds Alice's memo and reads it. Second Scenario In the second scenario, the sender and the receiver of the e-mail are users (or applicationprograms) on two different systems.The message needs to be sent over the Internet. Here weneed user agents (VAs) and message transfer agents (MTAs), as shown in Figure 14.7. Figure 14.7: Second scenario in electronic mail 225 CU IDOL SELF LEARNING MATERIAL (SLM)
Alice needs to use a user agent program to send her message to the system at herown site. The system (sometimes called the mail server) at her site uses a queue to storemessages waiting to be sent. Bob also needs a user agent program to retrieve messagesstored in the mailbox of the system at his site. The message, however, needs to be sentthrough the Internet from Alice's site to Bob's site. Here two message transfer agentsare needed: one 'client and one server. Like most client/server programs on the Internet,the server needs to run all the time because it does not know when a client will ask for a connection. The client, on the other hand, can be alerted by the system when there is amessage in the queue to be sent. Third Scenario In the third scenario, Bob, as in the second scenario, is directly connected to his system.Alice, however, is separated from her system. Either Alice is connected to the system via point-to- point WAN, such as a dial-up modem, a DSL, or a cable modem; or she is connectedto a LAN in an organization that uses one mail server for handling e-mails-allusers need to send their messages to this mail server. Figure 14.8 shows the situation. Figure 14.8: Third scenario in electronic mail Alice still needs a user agent to prepare her message. She then needs to send themessage through the LAN or WAN. This can be done through a pair of message transferagents (client and server). Whenever Alice has a message to send, she calls the useragent which, in tum, 226 CU IDOL SELF LEARNING MATERIAL (SLM)
calls the MTA client. The MTA client establishes a connectionwith the MTA server on the system, which is running all the time. The system at Alice'ssite queues all messages received. It then uses an MTA client to send the messages tothe system at Bob's site; the system receives the message and stores it in Bob's mailbox.At his convenience, Bob uses his user agent to retrieve the message and reads it. Notethat we need two pairs of MTA client/server programs. Fourth Scenario In the fourth and most common scenario, Bob is also connected to his mail server by aWAN or a LAN. After the message has arrived at Bob's mail server, Bob needs to retrieveit. Here, we need another set of client/server agents, which we call message accessagents (MAAs). Bob uses an MAA client to retrieve his messages. The client sends arequest to the MAA server, which is running all the time, and requests the transfer of themessages. The situation is shown in Figure 14.9. Figure 14.9: Fourth scenario in electronic mail There are two important points here. First, Bob cannot bypass the mail server anduse the MTA server directly. To use MTA server directly, Bob would need to run theMTA server all the time because he does not know when a message will arrive. Thisimplies that Bob must keep his computer on all the time if he is connected to his systemthrough a LAN. If he is 227 CU IDOL SELF LEARNING MATERIAL (SLM)
connected through a-WAN, he must keep the connection up allthe time. Neither of these situations is feasible today.Second, note that Bob needs another pair of client/server programs: messageaccess programs. This is so because an MTA client/server program is a push program the client pushes the message to the server. Bob needs a pull program. The client needsto pull the message from the server. Figure 14.10 shows the difference. Figure 14.10: Push versus pull in electronic email 14.4 WORLD WIDE WEB The World Wide Web (WWW) is a repository of information linked together from points all over the world. TheWWW has a unique combination of flexibility, portability, and user- friendly features that distinguish it from other services provided by the Internet. The WWW project was initiated by CERN (European Laboratory for Particle Physics) to create a system to handle distributed resources necessary for scientific research. In this chapter we first discuss issues related to the Web. We then discuss a protocol, HTTP that is used to retrieve information from the Web. Architecture The www today is a distributed client-server service, in which a client using a browser can access a service using a server. However, the service provided is distributed over many locations called sites, as shown in figure 14.11. 228 CU IDOL SELF LEARNING MATERIAL (SLM)
Figure 14.11: Architecture of WWW Each site holds one or more documents, referred to as Web pages. Each Web page can contain a link to other pages in the same site or at other sites. The pages can be retrieved and viewed by using browsers. Let us go through the scenario shown in figure 14.11. The client needs to see some information that it knows belongs to site A. It sends a request through its browser, a program that is designed to fetch Web documents. The request, among other information, includes the address of the site and the Web page, called the URL, which we will discuss shortly. The server at site A finds the document and sends it to the client. When the user views the document, she finds some references to other documents, including a Web page at site B. The reference has the URL for the new site. The user is also interested in seeing this document. The client sends another request to the new site, and the new page is retrieved. Client (Browser) A variety of vendors offer commercial browsers that interpret and display a Web document, and all use nearly the same architecture. Each browser usually consists of three parts: a controller, client protocol, and interpreters. The controller receives input from the keyboard or the mouse and uses the client programs to access the document. After the document has been accessed, the controller uses one of the interpreters to display the document on the screen. The client protocol can be one of the protocols described previously such as FfP or HTIP (described later in the chapter). The interpreter can be HTML, Java, or JavaScript, depending on the type of document.(see figure 14.12). 229 CU IDOL SELF LEARNING MATERIAL (SLM)
Figure 14.12: Browser Server The Web page is stored at the server. Each time a client request arrives, the corresponding document is sent to the client. To improve efficiency, servers normally store requested files in a cache in memory; memory is faster to access than disk. A server can also become more efficient through multithreading or multiprocessing. In this case, a server can answer more than one request at a time. Uniform Resource Locator A client that wants to access a Web page needs the address. To facilitate the access of documents distributed throughout the world, HTTP uses locators. The uniform resource locator (URL) is a standard for specifying any kind of information on the Internet. The URL defines four things: protocol, host computer, port, and path (see figure 14.13). Figure 14.13: URL The protocol is the client/server program used to retrieve the document. Manydifferent protocols can retrieve a document; among them is FTP or HTTP. The mostcommon today is HTTP.The host is the computer on which the information is located, although the name ofthe computer can be an alias. Web pages are usually stored in computers, and computersare given 230 CU IDOL SELF LEARNING MATERIAL (SLM)
alias names that usually begin with the characters \"www\". This is not mandatory,however, as the host can be any name given to the computer that hosts the Web page.The URL can optionally contain the port number of the server. If the port isincluded, it is inserted between the host and the path, and it is separated from the hostby a colon.Path is the pathname of the file where the information is located. Note that the pathcan itself contain slashes that, in the UNIX operating system, separate the directoriesfrom the subdirectories and files. Cookies The World Wide Web was originally designed as a stateless entity. A client sends arequest; a server responds. Their relationship is over. The original design of WWW,retrieving publicly available documents, exactly fits this purpose. Today the Web hasother functions; some are listed here. 1. Some websites need to allow access to registered clients only. 2. Websites are being used as electronic stores that allow users to browse through thestore, select wanted items, put them in an electronic cart, and pay at the end with acredit card. 3. Some websites are used as portals: the user selects the Web pages he wants to see. 4. Some websites are just advertising. For these purposes, the cookie mechanism was devised.We now discuss their use in Web pages. Creation and Storage of Cookies The creation and storage of cookies depend on the implementation; however, the principle is the same. 1. When a server receives a request from a client, it stores information about the client in a file or a string. The information may include the domain name of the client, the contents of the cookie (information the server has gathered about the client such as name, registration number, and so on), a timestamp, and other information depending on the implementation. 2. The server includes the cookie in the response that it sends to the client. 3. When the client receives the response, the browser stores the cookie in the cookie directory, which is sorted by the domain server name. Using Cookies When a client sends a request to a server, the browser looks in the cookie directory to see if it can find a cookie sent by that server. If foundthe cookie is included in the request. When the server receives the request, it knows that this is an old client, not a new one. Note that the contents of the cookie are never read by the browser or disclosed to the user. It is a cookie 231 CU IDOL SELF LEARNING MATERIAL (SLM)
made by the server and eaten by the server. Now let us see how a cookie is used for the four previously mentioned purposes. 1. The site that restricts access to registered clients only sends a cookie to the client when the client registers for the first time. For any repeated access, only those clients that send the appropriate cookie are allowed. 2. An electronic store (e-commerce) can use a cookie for its client shoppers. When a client selects an item and inserts it into a cart, a cookie that contains information about the item, such as its number and unit price, is sent to the browser. If the client selects a second item, the cookie is updated with the new selection information. And so on. When the client finishes shopping and wants to check out, the last cookie is retrieved and the total charge is calculated. 3. A Web portal uses the cookie in a similar way. When a user selects her favourite pages, a cookie is made and sent. If the site is accessed again, the cookie is sent to the server to show what the client is looking for. 4. A cookie is also used by advertising agencies. An advertising agency can place banner ads on some main website that is often visited by users. The advertising agency supplies only a URL that gives the banner address instead of the banner itself. When a user visits the main website and clicks on the icon of an advertised corporation, a request is sent to the advertising agency. The advertising agency sends the banner, a GIF file, for example, but it also includes a cookie with the ill of the user. Any future use of the banners adds to the database that profiles the Web behaviour of the user. The advertising agency has compiled the interests of the user and can sell this information to other parties. This use of cookies has made them very controversial. Hopefully, some new regulations will be devised to preserve the privacy of users. Web Documents The documents in the WWWcan be grouped into three broad categories: static, dynamic, and active. The category is based on the time at which the contents of the document are determined. Static Documents Static documents are fixed-content documents that are created and stored in a server. The client can get only a copy of the document. In other words, the contents of the file are determined when the file is created, not when it is used. Of course, the contents in the server can be changed, but the user cannot change them. When a client accesses the document, a copy of the document is sent. The user can then use a browsing program to display the document (see figure 14.14). 232 CU IDOL SELF LEARNING MATERIAL (SLM)
Figure 14.14: Static document HTML Hypertext Mark-up Language (HTML) is a language for creating Web pages. The term mark- up language comes from the book publishing industry. Before a book is typeset and printed, a copy editor reads the manuscript and puts marks on it. These marks tell the compositor how to format the text. For example, if the copy editor wants part of a line to be printed in boldface, he or she draws a wavy line under that part. In the same way, data for a Web page are formatted for interpretation by a browser. Let us clarify the idea with an example. To make part of a text displayed in boldface with HTML, we put beginning and ending boldface tags (marks) in the text, as shown in figure 14.15. The two tags <B> and </B> are instructions for the browser. When the browser sees these two marks, it knows that the text must be boldfaced (see Figure 14.16). A mark-up language such as HTML allows us to embed formatting instructions in the file itself. The instructions are included with the text. In this way, any browser can read the instructions and format the text according to the specific workstation. One might Figure 14.15: Effect ofboldface tags Ask why we do not use the formatting capabilities of word processors to create and save formatted text. The answer is that different word processors use different techniques or procedures for formatting text. For example, imagine that a user creates formatted text on a Macintosh computer and stores it in a Web page. Another user who is on an IBM computer 233 CU IDOL SELF LEARNING MATERIAL (SLM)
would not be able to receive the Web page because the two computers use different formatting procedures. HTML lets us use only ASCII characters for both the main text and formatting instructions. In this way, every computer can receive the whole document as an ASCII document. The main text is the data, and the formatting instructions can be used by thebrowser to format the data. A Web page is made up of two parts: the head and the body. The head is the first part of a Web page. The head contains the title of the page and other parameters that the browser will use. The actual contents of a page are in the body, which includes the text and the tags. Whereas the text is the actual information contained in a page, the tags define the appearance of the document. Every HTML tag is a name followed by an optional list of attributes, all enclosed between less-than and greater-than symbols « and >). An attribute, if present, is followed by an equal sign and the value of the attribute. Some tags can be used alone; others must be used in pairs. Those that are used in pairs are called beginning and ending tags. The beginning tag can have attributes and values and starts with the name of the tag. The ending tag cannot have attributes or values but must have a slash before the name of the tag. The browser makes a decision about the structure of the text based on the tags, which are embedded into the text. Figure 14.17 shows the format of a tag. Figure 14.16: Beginning and ending tags One commonly used tag category is the text formatting tags such as <B> and <! B>, which make the text bold; <1> and <II>, which make the text italic; and <U> and <IV>, which underline the text. Another interesting tag category is the image tag. Non-textual information such as digitized photos or graphic images is not a physical part of an HTML document. But we can use an image tag to point to the file of a photo or image. The image tag defines the address (URL) of the image to be retrieved. It also specifies how the image can be inserted after retrieval. We can choose from several attributes. The most common are SRC (source), which defines the source (address), and ALIGN, which defines the alignment of the image. The SRC attribute is required. Most browsers accept images in the GIF or IPEG formats. For example, the following tag can retrieve an image stored as imagel.gif in the directory /bin/images: A third interesting category is the hyperlink tag, which is needed to link documents together. Any item (word, phrase, paragraph, or image) can refer to another document through a mechanism 234 CU IDOL SELF LEARNING MATERIAL (SLM)
called an anchor. The anchor is defined by <A ... > and <! A> tags, and the anchored item uses the URL to refer to another document. When the document is displayed, the anchored item is underlined, blinking, or boldfaced. The user can click on the anchored item to go to another document, whichmay not be stored on the same server as the original document. The reference phrase is embedded between the beginning and ending tags. The beginning tag can have several attributes, but the one required is HREF (hyperlink reference), which defines the address (URL) of the linked document. For example, the link to the author of a book can be what appears in the text is the word Author, on which the user can click to go to the author's web page. 14.5 HTTP The Hypertext Transfer Protocol (HTTP) is a protocol used mainly to access data on the World Wide Web. HTTP functions as a combination of FTP and SMTP. It is similar to FfP because it transfers files and uses the services of TCP. However, it is much simpler than FfP because it uses only one TCP connection. There is no separate control connection; only data are transferred between the client and the server. HTTP is like SMTP because the data transferred between the client and the server look like SMTP messages. In addition, the format of the messages is controlled by MIME-like headers. Unlike SMTP, the HTTP messages are not destined to be read by humans; they are read and interpreted by the HTTP server and HTTP client (browser). SMTP messages are stored and forwarded, but HTTP messages are delivered immediately. The commands from the client to the server are embedded in a request message. The contents of the requested file or other information are embedded in a response message. HTTP uses the services of TCP on well-known port 80. HTTP Transaction Figure 14.18 illustrates the HTTP transaction between the client and server. Although HTTP uses the services of TCP, HTTP itself is a stateless protocol. The client initializes the transaction by sending a request message. The server replies by sending a response. Figure 14.17: HTTP transaction 235 CU IDOL SELF LEARNING MATERIAL (SLM)
Messages The formats of the request and response messages are similar; both are shown in figure 14.19. A request message consists of a request line, a header, and sometimes a body. A response message consists of a status line, a header, and sometimes a body. Figure 14.18: Request and response messages Request and Status Lines The first line in a request message is called a request line;the first line in the response message is called the status line. There is one commonfield, as shown in figure 14.20. Figure 14.19: Request and status lines Request Type This field is used in the request message. In version 1.1 of HTTP, several request types are defined. The request type is categorized into methods as defined in table 14.1. 236 CU IDOL SELF LEARNING MATERIAL (SLM)
Table 14.1: Methods Version. The most current version of HTTP is 1.1. Status code. This field is used in the response message. The status code field is similar to those in the FTP and the SMTP protocols. It consists of three digits. Whereas the codes in the 100 range are only informational, the codes in the 200 range indicate a successful request. The codes in the 300 range redirect the client to another URL, and the codes in the 400 range indicate an error at the client site. Finally, the codes in the 500 range indicate an error at the server site. We list the most common codes in table 14.2. Status phrase. This field is used in the response message. It explains the status code in text form table 14.2 also gives the status phrase. 237 CU IDOL SELF LEARNING MATERIAL (SLM)
Table 14.2: Status codes Header The header exchanges additional information between the client and the server. For example, the client can request that the document be sent in a special format, or the server can send extra information about the document. The header can consist of one or more header lines. Each header line has a header name, a colon, a space, and a header value (see figure 14.21). We will show some header lines in the examples at the end of this chapter. A header line belongs to one of four categories: general header, request header, response header, and entity header. A request message can contain only general, request, and entity headers. A response message, on the other hand, can contain only general, response, and entity headers. Figure 14.20: Header format 14.6 MULTI MEDIA 238 CU IDOL SELF LEARNING MATERIAL (SLM)
Recent advances in technology have changed our use of audio and video. In the past, we listened to an audio broadcast through a radio and watched a video program broadcast through a TV. We used the telephone network to interactively communicate with another party. But times have changed. People want to use the Internet not only for text and image communications, but also for audio and video services. In this chapter, we concentrate on applications that use the Internet for audio and video services. We can divide audio and video services into three broad categories: streaming stored audio/video, streaming live audio/video, and interactive audio/video, as shown in figure 14.22. Streaming means a user can listen to (or watch) the file after the downloading has started. Figure 14.21: Internet audio/video In the first category, streaming stored audio/video, the files are compressed and stored on a server. A client downloads the files through the Internet. This is sometimes referred to as on- demand audio/video. Examples of stored audio files are songs, symphonies, books on tape, and famous lectures. Examples of stored video files are movies, TV shows, and music video clips. In the second category, streaming live audio/video, a user listens to broadcast audio and video through the Internet. A good example of this type of application is the Internet radio. Some radio stations broadcast their programs only on the Internet; many broadcast them both on the Internet and on the air. Internet TV is not popular yet, but many people believe that TV stations will broadcast their programs on the Internet in the future. In the third category, interactive audio/video, people use the Internet to interactively communicate with one another. A good example of this application is Internet telephony and Internet teleconferencing. Streaming live audio/video refers to the broadcasting of radio and TV programs through the Internet. Interactive audio/video refers to the use of the Internet for interactive audio/video applications. 14.7 SUMMARY The World Wide Web (WWW) is a repository of information linked together from points all over the world. Hypertexts are documents linked to one another through the concept of pointers. Browsers interpret and display a Web document. 239 CU IDOL SELF LEARNING MATERIAL (SLM)
A browser consists of a controller, client programs, and interpreters. A Web document can be classified as static, dynamic, or active. A static document is one in which the contents are fixed and stored in a server. The client can make no changes in the server document. Hypertext Mark-up Language (HTML) is a language used to create static Web pages. Any browser can read formatting instructions (tags) embedded in an HTML document. Tags provide structure to a document, define titles and headers, format text, control the data flow, insert figures, link different documents together, and define executable code. A structure for organizing the name space in which the names are defined in an inverted-tree structure with the root at the top. The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. A dynamic Web document is created by a server only at a browser request. The Common Gateway Interface (CGI) is a standard for creating and handling dynamic Web documents. A CGI program with its embedded CGI interface tags can be written in a language such as C, C++, Shell Script, or Perl. An active document is a copy of a program retrieved by the client and run at the client site. Java is a combination of a high-level programming language, a run-time environment, and a class library that allows a programmer to write an active document and a browser to run it. Java is used to create applets (small application programs). A structure for organizing the name space in which the names are defined in an inverted-tree structure with the root at the top. The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. The Hypertext Transfer Protocol (HTTP) is the main protocol used to access data on the World Wide Web (WWW). HTTP uses a TCP connection to transfer files. An HTTP message is similar in form to an SMTP message. The HTTP request line consists of a request type, a URL, and the HTTP version number. The uniform resource locator (URL) consists of a method, host computer, optional port number, and path name to locate information on the WWW. The HTTP request type or method is the actual command or request issued by the client to the server. The status line consists of the HTTP version number, a status code, and a status phrase. The HTTP status code relays general information, information related to a successful request, redirection information, or error 240 CU IDOL SELF LEARNING MATERIAL (SLM)
information. The HTTP header relays additional information between the client and server. An HTTP header consists of a header name and a header value. An HTTP general header gives general information about the request or response message. An HTTP request header specifies a client's configuration and preferred document format. An HTTP response header specifies a server's configuration and special information about the request. An HTTP entity header provides information about the body of a document. HTTP, version 1.1, specifies a persistent connection. A proxy server keeps copies of responses to recent requests. 14.8 KEYWORDS HypertextMark-up Language (HTML)- The computer language for specifying the contents and format of a web document. It allows additional text to include codes that define fonts, layouts, embedded graphics, and hypertext links. Hypertext Transfer Protocol (HTTP)- An application service for retrieving a web document.The Hypertext Transfer Protocol is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. DNS Server - A computer that holds information about the name space.A name server refers to the server component of the Domain Name System, one of the two principal namespaces of the Internet. Domain Name System (DNS) - A TCP/IP application service that converts user- friendly names to IP addresses.The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Domain Name Space - A structure for organizing the name space in which the names are defined in an inverted-tree structure with the root at the top.The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Domain Name - In the DNS, a sequence of labels separated by dots.A domain name is an identification string that defines a realm of administrative autonomy, authority or control within the Internet. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. File Transfer Protocol (FTP) - In TCPIIP, an application layer protocol that transfers files between two sites.The File Transfer Protocol is a standard communication protocol used for the transfer of computer files from a server to a 241 CU IDOL SELF LEARNING MATERIAL (SLM)
client on a computer network. FTP is built on a client–server model architecture using separate control and data connections between the client and the server. 14.9 LEARNING ACTIVITY 1. Create a survey of e-mail servers required for different organizations. ___________________________________________________________________________ ___________________________________________________________________________ 2. Create a survey of DNS for an IT company. ___________________________________________________________________________ ___________________________________________________________________________ 14.10 UNIT END QUESTIONS A. Descriptive Questions Short Questions: 1. Define DNS. 2. Explain DNS zones. 3. Explain the characteristics of e-mail. 4. What is HTTP? 5. What is the full form of HTTP? Long Questions: 1. Explain in detail DNS servers. 2. Explain file transfer in detail. 3. What is mean by the term world wide web? 4. Define multimedia. 5. Explain email architecture. B. Multiple Choice Questions 242 1. How does DNS get maintained? a. Distributed data base system b. A single server c. A single computer d. None of these CU IDOL SELF LEARNING MATERIAL (SLM)
2. How many characters are there for the entire host name? a. 255 b. 127 c. 63 d. 13 3. What is name of a DNS client? a. DNS updater b. DNS resolver c. DNS handler d. None of these 4. How do servers handle a request for other domains? a. Directly b. By contacting remote DNS server c. It is not possible d. None of these 5. Which allows client to update their DNS entry as per IP address change? a. Dynamic DNS b. Mail transfer agent c. Authoritative name server d. None of these Answers 1-a, 2-a, 3-b, 4- b, 5-a 14.11 REFERENCES References Stone, H. (1982). Microcomputer Interfacing, Addison-Wesley, Reading, MA. Tanenbaum, A. (1989), Computer Networks, Second Edition, NJ. Prentice Hall, Englewood Cliffs. Viniotis Y. and Onvural R. (editors) (1993) Asynchronous Transfer Mode, Networks, Plenum, New York, NY. 243 CU IDOL SELF LEARNING MATERIAL (SLM)
Textbooks Van, Duuren, J. Schoute, F & Kastelein, P. (1992) Telecommunication. Networks and Services, Addison-Wesley, Reading, MA. White, G. (1992) Internetworking and Addressing, McGraw-Hill, NY. Websites https://ecomputernotes.com/computernetworkingnotes/multiple-access/what-is-wired- transmission-type-of-wired-transmission https://www.techopedia.com/definition/30527/switched-line https://www.c-sharpcorner.com/uploadfile/abhikumarvatsa/basics-of-data- communication-part-1/ 244 CU IDOL SELF LEARNING MATERIAL (SLM)
UNIT – 15: APPLICATION LAYER PART 2 STRUCTURE 15.0 Learning Objectives 15.1 Introduction 15.2 Network Security 15.2.1 Data Security 15.2.2 Security Timeline 15.3 Basic Concepts 15.4 Summary 15.5 Keywords 15.6 Learning Activity 15.7 Unit End Questions 15.8 References 15.0 LEARNING OBJECTIVES After studying this unit, you will be able to: Describe the network security. Explain data security. Explain the concepts of security time lines. Explain the different cyber-attacks. 15.1 INTRODUCTION Network security has become more important to personal computer users, organizations, and the military. With the advent of the internet, security became a major concern and the history of security allows a better understanding of the emergence of security technology. The internet structure itself allowed for many security threats to occur. The architecture of the internet, when modified can reduce the possible attacks that can be sent acrossthe network. Knowing the attack methods, allows for the appropriate security to emerge. Many businesses secure themselves from the internet by means of firewalls and encryption mechanisms. The businesses create an “intranet” to remain connected to the internet but secured from possible threats. The entire field of network security is vast and in an evolutionary stage. The range of study encompasses a brief history dating back to internet’s 245 CU IDOL SELF LEARNING MATERIAL (SLM)
beginnings and the current development in network security. In order to understand theresearch being performed today, background knowledge of the internet, its vulnerabilities, attack methods through the internet, and security technology is important and therefore they are reviewed. The world is becoming more interconnected with the advent of the Internet and new networking technology. There is a large amount of personal, commercial, military, and government information on networking infrastructures worldwide. Network security is becoming of great importance because of intellectual property that can be easily acquired through the internet. There are currently two fundamentally different networks, data networks and synchronous network comprised of switches. The internet is considered adata network. Since the current data network consists of computer‐based routers, informationcan be obtained by special programs, such as “Trojan horses,” planted in the routers. Thesynchronous network that consists of switches does not buffer data and therefore are notthreatened by attackers. That is why security is emphasized in data networks, such as the internet, and other networks that link to the internet. The vast topic of network security is analysed by researching the following. 1. History of security in networks. 2. Internet architecture and vulnerable security aspects of the Internet. 3. Types of internet attacks and security methods. 4. Security for networks with internet access. 5. Current development in network security hardware and software. Based on this research, the future of network security is forecasted. New trends that areemerging will also be considered to understand where network security is heading. 15.2 NETWORK SECURITY System and network technology is a key technologyfor a wide variety of applications. Security is crucial tonetworks and applications. Although, network security is a critical requirement in emerging networks, there is a significant lack of security methods that can be easily implemented. There exists a “communication gap” between the developers of security technology and developers of networks. Network design is a well‐developed process that is based on the Open Systems Interface (OSI) model. The OSI model has several advantages when designing networks. It offers modularity, flexibility, ease‐of‐use, and standardization of protocols. The protocols of different layers can be easily combined to create stacks which allow modular development. The implementation of individual layers can be changed later without making other adjustments, allowing flexibility in development. In contrast to network design, secure network design is not a well-developed process. There isn’t a methodology to manage the complexity of security requirements. 246 CU IDOL SELF LEARNING MATERIAL (SLM)
Secure network design does not contain the same advantages as network design. When considering network security, it must be emphasized that the whole network is secure. Network security does not only concern the security in the computers at each end of the communication chain. When transmitting data the communication channel should not be vulnerable to attack. A possible hacker could target the communication channel, obtain the data, and decrypt it and re‐insert a false message. Securing the network is just as important as securing the computers and encrypting the message. When developing a secure network, the following need to be considered. 1. Access – authorized users are provided the means to communicate to and from a particular network 2. Confidentiality – Information in the network remains private 3. Authentication – Ensure the users of the network are who they say they are 4. Integrity – Ensure the message has not been modified in transit 5. Non‐repudiation – Ensure the user does not refute that he used the network An effective network security plan is developed with the understanding of security issues, potential attackers, needed level of security, and factors that make a network vulnerable to attack. The steps involved in understanding the composition of a secure network, internet or otherwise, is followed throughout this research endeavour. To lessen the vulnerability of the computer to the network there are many products available. These tools are encryption, authentication mechanisms, intrusion‐detection, security management and firewalls. Businesses throughout the world are using a combination of some of these tools. “Intranets” are both connected to the internet and reasonably protected from it. The internet architecture itself leads to vulnerabilities in the network. Understanding the security issues of the internet greatly assists in developing new security technologies and approaches for networks with internet access and internet security itself. The types of attacks through the internet need to also be studied to be able to detect and guard against them. Intrusion detection systems are established based on the types of attacks most commonly used. Network intrusions consist of packets that are introduced to cause problems for the following reasons: To consume resources uselessly To interfere with any system resource’s intended function To gain system knowledge that can be exploited in later attacks The last reason for a network intrusion is most commonly guarded against and considered by most as the only intrusion motive. The other reasons mentioned need to be thwarted as well. Typical security currently exists on the computers connected to the network. Security protocols sometimes usually appear as part of a single layer of the OSI network reference model. Current work is being performed in using a layered approach to secure network 247 CU IDOL SELF LEARNING MATERIAL (SLM)
design. The layers of the security model correspond to the OSI model layers. This security approach leads to an effective and efficient design which circumvents some of the common security problems. 15.2.1 Data Security Data security is the aspect of security that allows aclient’s data to be transformed into unintelligibledata for transmission. Even if this unintelligibledata is intercepted, a key is needed to decode themessage. This method of security is effective to acertain degree. Strong cryptography in the past canbe easily broken today. Cryptographic methodshave to continue to advance due to theadvancement of the hackers as well. When transferring ciphertext over a network, it ishelpful to have a secure network. This will allow forthe ciphertext to be protected, so that it is lesslikely for many people to even attempt to breakthe code. A secure network will also preventsomeone from inserting unauthorized messagesinto the network. Therefore, hard ciphers areneeded as well as attack‐hard networks. Figure 15.1 Based on the OSI model, data security and network Security has a different security function The relationship of network security and datasecurity to the OSI model is shown in figure 15.1. Itcan be seen that the cryptography occurs at theapplication layer; therefore the application writersare aware of its existence. The user can possiblychoose different methods of data security.Network security is mostly contained within thephysical layer. Layers above the physical layer arealso used to accomplish the network securityrequired. Authentication is performed on alayer above the physical layer. Network security inthe physical layer requires failure detection, attackdetection mechanisms, and intelligent countermeasure strategies. 15.2.2 Security Timeline 248 CU IDOL SELF LEARNING MATERIAL (SLM)
Several key events contributed to the birth and evolution of computer and network security. The timeline can be started as far back as the 1930s. Polish cryptographers created an enigma machine in 1918 that converted plain messages to encrypted text. In 1930, Alan Turing, a brilliant mathematician broke the code for the Enigma. Securing communications was essential in World War II. In the 1960s, the term “hacker” is coined by a couple of Massachusetts Institute of Technology (MIT) students. The Department of Defence beganthe Arpanetwhich gains popularity as a conduit for the electronic exchange of data andinformation. This paves the way for the creation of the carrier network known today as the Internet. During the 1970s, the Telnet protocol was developed. This opened the door for public use of data networks that were originally restricted to government contractors and academic researchers. During the 1980s, the hackers and crimes relatingto computers were beginning to emerge. The 414 gang are raided by authorities after a nine‐day cracking spree where they break into top‐secretsystems. The Computer Fraud and Abuse Act of 1986 were created because of Ian Murphy’s crime ofstealing information from military computers. Agraduate student, Robert Morris, was convicted forunleashing the Morris Worm to over 6,000vulnerable computers connected to the Internet.Based on concerns that the Morris Worm ordealcould be replicated, the Computer EmergencyResponse Team (CERT) was created to alertcomputer users of network security issues.In the 1990s, Internet became public and thesecurity concerns increased tremendously.Approximately 950 million people use the internettoday worldwide. On any day, there areapproximately 225 major incidences of a security breach. These security breaches could also result in monetary losses of a large degree. Investment in proper security should be a priority for large organizations as well as common users. 15.3 Basic Concepts Common Internet Attack Methods Common internet attacks methods are broken down into categories. Some attacks gain system knowledge or personal information, such as eavesdropping and phishing. Attacks can also interfere with the system’s intended function, such as viruses, worms and Trojans. The other form of attack is when the system’s resources are consumes uselessly, these can be caused by denial of service (DoS) attack. Other forms of network intrusions also exist, such as land attacks, smurf attacks, and teardrop attacks. These attacks are also well known as DoS attacks, but they are used in some form or another even if they aren’t mentioned by name. Eavesdropping Interception of communications by an unauthorized party is called eavesdropping. Passive eavesdropping is when the person only secretly listens to the networked messages. On the other hand, active eavesdropping is when the intruder listens and inserts something into the communication stream. This can lead to the messages being distorted. Sensitive information can be stolen this way. 249 CU IDOL SELF LEARNING MATERIAL (SLM)
Viruses Viruses are self‐replication programs that use files to infect and propagate. Once a file is opened, the virus will activate within the system. Worms A worm is similar to a virus because they both are self‐replicating, but the worm does not require a file to allow it to propagate. There are two main types of worms, mass‐mailing worms and network aware worms. Mass mailing worms use email as a means to infect other computers. Network‐aware worms are a major problem for the Internet. A network‐aware worm selects a target and once the worm accesses the target host, it can infect it by means of a Trojan or otherwise. Trojans Trojans appear to be benign programs to the user, but will actually have some malicious purpose. Trojans usually carry some payload such as a virus. Phishing Phishing is an attempt to obtain confidential information from an individual, group, or organization. Phishers trick users into disclosing 15.4 SUMMARY Network security is an important field that is increasingly gaining attention as the internetexpands. The security threats and internet protocol were analysed to determine the necessary security technology. The security technology is mostlysoftware based, but many common hardware devices are used. The current development innetwork security is not very impressive. Originally it was assumed that with the importanceof the network security field, new approaches to security, both hardware and software, would be actively researched. It was a surprise to see most of the development taking place in the same technologies being currently used. The embedded security of the new internet protocol IPv6 may provide many benefits to internet users. Although some security issues were observed, the IPv6 internet protocol seems to evade many of the current popular attacks. Combined use of IPv6 and security tools such as firewalls, intrusion detection, and authentication mechanisms will prove effective in guarding intellectual property for the nearfuture. The network security field may have to evolve more rapidly to deal with the threats further in the future.A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. A computer worm is a 250 CU IDOL SELF LEARNING MATERIAL (SLM)
Search
Read the Text Version
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
