Chapter 2

Application Layer

Application Layer 2-1

Chapter 2: outline
2.1 principles of network 2.5 P2P applications
applications 2.6 video streaming and
content distribution
2.2 Web and HTTP networks
2.7 socket programming
2.3 electronic mail with UDP and TCP
• SMTP, POP3, IMAP
2.4 DNS

Application Layer 2-2

Some network apps
▪ e-mail ▪ voice over IP (e.g.,
▪ web Skype)
▪ text messaging ▪ real-time video
▪ remote login conferencing
▪ P2P file sharing ▪ social networking
▪ multi-user network ▪ search
games ▪ …
▪ streaming stored video ▪ …
(YouTube, Hulu,
Netflix)

Application Layer 2-3

 Creating a network app application
transport
network Communication for n/w
data link application takes place
physical between end systems at

write programs that: application layer

▪ run on (different) end systems

▪ communicate over network
▪ e.g., web server software
communicates with browser application

software transport
network

▪ App S/w must run on multiple end

data link
physical

systems (C , Java, Python…)

no need to write software for

application
transport
network

network-core devices – data link

physical

switches , routers ….
▪ network-core devices do not run
user applications
▪ applications on end systems allows
for rapid app development, Application Layer 2-4
Network Application Architectures

possible structure of applications chosen by

application developer:

▪ client-server architecture

▪ peer-to-peer (P2P) architecture

Application Layer 2-5

 Client-server architecture
server:
▪ always-on host
▪ permanent IP address
▪ services requests from multiple
clients
▪ data centers for scaling

clients:
▪ communicate with server
client/
server
▪ may be intermittently
connected
▪ may have dynamic IP
addresses
▪ do not communicate directly
with each other
Examples : Web ,Telnet FTP, email… Application Layer 2-6
Data Center Networking

Application Layer 2-7

 P2P architecture
Example: BitTorrent file exchg , Skype

▪ No dedicated server peer-

peer
▪ arbitrary end systems directly
communicate
▪ Peers are not owned by service
providers
▪ peers request service from other
peers, provide service in return to
other peers
• self scalability – new peers
bring new service capacity, as
well as new service demands

Application Layer 2-8

P2P challenges:

•peers are intermittently connected and

change IP addresses

•complex management

•security

•volunteer resources and difficulty in deciding

incentives

Application Layer 2-9

 Processes communicating
process: program running clients, servers
within a host client process: process that
▪ within same host, two initiates communication
processes communicate using
inter-process communication server process: process
(defined by OS) that waits to be contacted

▪ processes in different hosts

communicate by exchanging ▪ aside: applications with P2P
messages architectures have client
processes & server
processes

Application Layer 2-10

 Sockets
▪ process sends/receives messages to/from its software interface -
socket

▪ socket analogous to door

• sending process shoves message out door
• sending process relies on transport infrastructure on other side
of door to deliver message to socket at receiving process

application application
proce socke proce controlled by
ss t ss app developer

transport transport
network network controlled
link
by OS
link Internet
physical physical

Application Layer 2-11

Application Layer 2-12
Addressing processes
▪ to receive messages, process ▪ identifier includes both IP
must have identifier address and port numbers
associated with process on
▪ host device has unique 32-bit host.
IP address ▪ example port numbers:
• HTTP server: 80
• mail server: 25
▪ Q: does IP address of host on
which process runs suffice for ▪ to send HTTP message to
identifying the process? gaia.cs.umass.edu web server:
• IP address: 128.119.245.12
• port number: 80
▪ A: no, many processes
▪ more shortly…
can be running on same
host

Application Layer 2-13

Application Layer 2-14
Application Layer 2-15
App-layer protocol defines
▪ types of messages open protocols:
exchanged, ▪ allows for interoperability
• e.g., request, response ▪ e.g., HTTP, SMTP
▪ message syntax: proprietary protocols:
• what fields in messages ▪ e.g., Skype
& how fields are
delineated
▪ message semantics
• meaning of information
in fields
▪ rules for when and how
processes send & respond
to messages

Application Layer 2-16

What transport service does an app need?
data integrity throughput
▪ some apps (e.g., file transfer, ▪ some apps (e.g.,
web transactions) require multimedia) require
100% reliable data transfer minimum amount of
▪ other apps (e.g., audio) can throughput to be
tolerate some loss “effective”
▪ other apps (“elastic apps”)
timing make use of whatever
throughput they get
▪ some apps (e.g., Internet
telephony, interactive security
games) require low delay
▪ encryption, data integrity,
to be “effective”
…

Application Layer 2-17

Transport service requirements: common apps

application data loss throughput time sensitive

file transfer no loss elastic no

e-mail no loss elastic no
Web documents no loss elastic no
real-time loss- audio: 5kbps-1Mbps yes, 100’s msec
audio/video tolerant video:10kbps-5Mbps
same as above yes, few secs
stored audio/video loss- few kbps up yes, 100’s msec
interactive games tolerant elastic yes and no
text messaging loss-
tolerant
no loss

Application Layer 2-18

Internet transport protocols services
TCP service: UDP service:
▪ reliable transport between ▪ unreliable data transfer
sending and receiving between sending and
process receiving process
▪ flow control: sender won’t ▪ does not provide:
overwhelm receiver reliability, flow control,
▪ congestion control: throttle congestion control,
sender when network timing, throughput
overloaded guarantee, security, or
▪ does not provide: timing, connection setup,
minimum throughput
guarantee, security Q: why bother? Why is
▪ connection-oriented: setup there a UDP?
required between client and
server processes
Application Layer 2-19
Application Layer 2-20
Application Layer 2-21
Application Layer 2-22
Internet apps: application, transport protocols

application underlying
application layer protocol transport protocol

e-mail SMTP [RFC 2821] TCP

remote terminal Telnet [RFC 854] TCP
access HTTP [RFC 2616] TCP
Web FTP [RFC 959] TCP
file transfer HTTP (e.g., YouTube), TCP or UDP
streaming multimedia RTP [RFC 1889]
SIP, RTP, proprietary
Internet telephony (e.g., Skype) TCP or UDP

Application Layer 2-23

Securing TCP

TCP & UDP SSL is at app layer

▪ no encryption ▪ apps use SSL libraries,
▪ cleartext passwds sent into that “talk” to TCP
socket traverse Internet in SSL socket API
cleartext ▪ cleartext passwords sent
SSL into socket traverse
▪ provides encrypted TCP Internet encrypted
connection ▪ see Chapter 8
▪ data integrity
▪ end-point authentication

Application Layer 2-24

Chapter 2: outline
2.1 principles of network 2.5 P2P applications
applications 2.6 video streaming and
2.2 Web and HTTP content distribution
2.3 electronic mail networks
• SMTP, POP3, IMAP 2.7 socket programming
2.4 DNS with UDP and TCP

Application Layer 2-25

Web and HTTP
First, a review…
▪ web page consists of objects
▪ object can be HTML file, JPEG image, Java
applet, audio file,…
▪ web page consists of base HTML-file which
includes several referenced objects
▪ each object is addressable by a URL, e.g.,
www.someschool.edu/someDept/pic.gif

host name path name

Application Layer 2-26

HTTP overview
HTTP: hypertext transfer
protocol
HT
▪ Web’s application layer TP
req
protocol PC running
HT
u est
TP
▪ client/server model Firefox browser res
pon
s
• client: browser that e
requests, receives, t
(using HTTP protocol) u es
r eq server
and “displays” Web TP
po
n se
HT running
objects res
Apache Web
TP
• server: Web server H T server
sends (using HTTP
protocol) objects in iPhone running
response to requests Safari browser

Application Layer 2-27

HTTP overview (continued)
uses TCP: HTTP is “stateless”
▪ client initiates TCP ▪ server maintains no
connection (creates socket) information about
to server, port 80 past client requests
▪ server accepts TCP
connection from client asid
▪ HTTP messages protocols that maintain e
(application-layer protocol “state” are complex!
messages) exchanged ▪ past history (state) must be
between browser (HTTP maintained
client) and Web server ▪ if server/client crashes, their
(HTTP server) views of “state” may be
▪ TCP connection closed inconsistent, must be
reconciled

Application Layer 2-28

HTTP connections
non-persistent HTTP persistent HTTP
▪ at most one object sent ▪ multiple objects can
over TCP connection be sent over single
• connection then TCP connection
closed between client, server
▪ downloading multiple
objects required
multiple connections

Application Layer 2-29

 Non-persistent HTTP
suppose user enters URL: (contains text,
www.someSchool.edu/someDepartment/home.index references to 10
jpeg images)
1a. HTTP client initiates TCP
connection to HTTP server
(process) at 1b. HTTP server at host
www.someSchool.edu on port 80 www.someSchool.edu waiting
for TCP connection at port 80.
“accepts” connection, notifying
2. HTTP client sends HTTP client
request message (containing
URL) into TCP connection 3. HTTP server receives request
socket. Message indicates that message, forms response
client wants object message containing requested
someDepartment/home.index object, and sends message into
its socket
time
Application Layer 2-30
 Non-persistent HTTP (cont.)
4. HTTP server closes TCP
connection.
5. HTTP client receives response
message containing html file,
displays html. Parsing html file,
finds 10 referenced jpeg objects

time
6. Steps 1-5 repeated for each of
10 jpeg objects

Application Layer 2-31

Non-persistent HTTP: response time
RTT (definition): time for a
small packet to travel from
client to server and back
HTTP response time: initiate TCP
▪ one RTT to initiate TCP connection
connection RTT

▪ one RTT for HTTP request request

file
and first few bytes of HTTP time to
RTT
response to return transmit
file
▪ file transmission time file
▪ non-persistent HTTP receive
d
response time =
2RTT+ file transmission time time
time

Application Layer 2-32

Persistent HTTP

non-persistent HTTP persistent HTTP:

issues: ▪ server leaves connection
▪ requires 2 RTTs per object open after sending
▪ OS overhead for each TCP response
connection ▪ subsequent HTTP
▪ browsers often open messages between same
parallel TCP connections to client/server sent over
fetch referenced objects open connection
▪ client sends requests as
soon as it encounters a
referenced object
▪ as little as one RTT for all
the referenced objects

Application Layer 2-33

 HTTP request message
▪ two types of HTTP messages: request, response
▪ HTTP request message:
• ASCII (human-readable format)
carriage return character
line-feed character
request line
(GET, POST, GET /index.html HTTP/1.1\r\n
HEAD Host: www-net.cs.umass.edu\r\n
commands) User-Agent: Firefox/3.6.10\r\n
Accept: text/html,application/xhtml+xml\r\n
heade Accept-Language: en-us,en;q=0.5\r\n
r Accept-Encoding: gzip,deflate\r\n
carriage return, lines Accept-Charset: ISO-8859-1,utf-8;q=0.7\r\n
line feed at start Keep-Alive: 115\r\n
Connection: keep-alive\r\n
of line indicates \r\n
end of header lines

* Check out the online interactive exercises for more

examples: http://gaia.cs.umass.edu/kurose_ross/interactive/ Application Layer 2-34
HTTP request message: general format

metho sp URL sp versio cr lf reques

n t
d field
header valu cr lf line
name e
heade
~
~ ~
~ r
lines
header field valu cr lf
name e
cr lf

~
~ entity ~
~ bod
body y

Application Layer 2-35

Uploading form input
POST method:
▪ web page often includes
form input
▪ input is uploaded to server
in entity body

URL method:
▪ uses GET method
▪ input is uploaded in URL
field of request line:
www.somesite.com/animalsearch?monkeys&banana

Application Layer 2-36

Method types
HTTP/1.0: HTTP/1.1:
▪ GET ▪ GET, POST, HEAD
▪ POST ▪ PUT
▪ HEAD • uploads file in entity
• asks server to leave body to path specified
requested object out of in URL field
response ▪ DELETE
• deletes file specified in
the URL field

Application Layer 2-37

 HTTP response message
status line
(protocol
status code HTTP/1.1 200 OK\r\n
status Date: Sun, 26 Sep 2010 20:09:20 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n
phrase) Last-Modified: Tue, 30 Oct 2007 17:00:02
GMT\r\n
heade ETag: "17dc6-a5c-bf716880"\r\n
Accept-Ranges: bytes\r\n
r Content-Length: 2652\r\n
lines Keep-Alive: timeout=10, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html; charset=ISO-8859-1\
r\n
data, e.g., \r\n
requested data data data data data ...
HTML file

* Check out the online interactive exercises for more

examples: http://gaia.cs.umass.edu/kurose_ross/interactive/ Application Layer 2-38
HTTP response status codes
▪ status code appears in 1st line in server-to-
client response message.
▪ some sample codes:
200 OK
• request succeeded, requested object later in this msg
301 Moved Permanently
• requested object moved, new location specified later in this msg
(Location:)
400 Bad Request
• request msg not understood by server
404 Not Found
• requested document not found on this server
505 HTTP Version Not Supported

Application Layer 2-39

Trying out HTTP (client side) for yourself
1. Telnet to your favorite Web server:
telnet gaia.cs.umass.edu 80 opens TCP connection to port 80
(default HTTP server port)
at gaia.cs.umass. edu.
anything typed in will be sent
to port 80 at gaia.cs.umass.edu

2. type in a GET HTTP request:

GET /kurose_ross/interactive/index.php HTTP/1.1
Host: gaia.cs.umass.edu by typing this in (hit carriage
return twice), you send
this minimal (but complete)
GET request to HTTP server

3. look at response message sent by HTTP server!

(or use Wireshark to look at captured HTTP request/response)
Application Layer 2-40
User-server state: cookies
example:
many Web sites use cookies ▪ Susan always access
four components: Internet from PC
1) cookie header line of ▪ visits specific e-commerce
HTTP response site for first time
message ▪ when initial HTTP requests
2) cookie header line in arrives at site, site creates:
next HTTP request • unique ID
message • entry in backend database
3) cookie file kept on for ID
user’s host, managed
by user’s browser
4) back-end database at
Web site
Application Layer 2-41
 Cookies: keeping “state” (cont.)
client serve
r
ebay 8734
usual http request msg Amazon server
cookie file creates ID
usual http response
1678 for user create backend
ebay 8734
set-cookie: 1678 entry database
amazon 1678
usual http request msg
cookie: 1678 cookie- access
specific
usual http response msg action

one week later:

access
ebay 8734 usual http request msg
amazon 1678 cookie: 1678 cookie-
specific
usual http response msg action
Application Layer 2-42
Cookies (continued)
asid
what cookies can be used cookies and privacy: e
for:
▪ ▪ cookies permit sites to
authorization
▪ learn a lot about you
shopping carts
▪ recommendations ▪ you may supply name and
▪ user session state (Web e- e-mail to sites
mail)

how to keep “state”:

▪ protocol endpoints: maintain state at
sender/receiver over multiple transactions
▪ cookies: http messages carry state

Application Layer 2-43

Web caches (proxy server)
goal: satisfy client request without involving origin server
▪ user sets browser: Web
accesses via cache
▪ browser sends all HTTP
proxy
requests to cache HT
TP
req serve ue st
req
• object in cache: cache clien HTTP
ues
t r HTT
P
on se
res esp origin
returns object t pon
se HTTP
r
server
t
• else cache requests eq
u es
r e
object from origin T TP p o ns
H r es
server, then returns TTP
H
object to client
clien origin
t server

Application Layer 2-44

More about Web caching
▪ cache acts as both why Web caching?
client and server ▪ reduce response time for
• server for original client request
requesting client
• client to origin server ▪ reduce traffic on an
▪ typically cache is institution’s access link
installed by ISP ▪ Internet dense with
(university, company, caches: enables “poor”
residential ISP) content providers to
effectively deliver
content (so too does P2P
file sharing)

Application Layer 2-45

Caching example:
assumptions:
▪ avg object size: 100K bits origin
▪ avg request rate from browsers to servers
origin servers:15/sec public
▪ avg data rate to browsers: 1.50 Mbps Internet
▪ RTT from institutional router to any
origin server: 2 sec
▪ access link rate: 1.54 Mbps
1.54 Mbps
consequences: access link
▪ LAN utilization: 15% problem institutiona
▪ access link utilization = 99% ! l
1 Gbps LAN
network
▪ total delay = Internet delay + access
delay + LAN delay
= 2 sec + minutes + usecs

Application Layer 2-46

Caching example: fatter access link
assumptions:
▪ avg object size: 100K bits origin
▪ avg request rate from browsers to servers
origin servers:15/sec public
▪ avg data rate to browsers: 1.50 Mbps Internet
▪ RTT from institutional router to any
origin server: 2 sec
▪ access link rate: 1.54 Mbps
154 1.54 Mbps
154 Mbps
consequences: Mbps access link
▪ LAN utilization: 15% institutiona
▪ access link utilization = 99% l
9.9 1 Gbps LAN
▪ total delay = Internet delay + access network
delay + LAN delay %
= 2 sec + minutes + usecs
msecs

Cost: increased access link speed (not cheap!)

Application Layer 2-47
Caching example: install local cache
assumptions:
▪ avg object size: 100K bits origin
▪ avg request rate from browsers to servers
origin servers:15/sec public
▪ avg data rate to browsers: 1.50 Mbps Internet
▪ RTT from institutional router to any
origin server: 2 sec
▪ access link rate: 1.54 Mbps
1.54 Mbps
consequences: access link
▪ LAN utilization: 15% institutiona
▪ access link utilization = 100% l
? 1 Gbps LAN
▪ total delay = Internet delay + access network
delay + LAN delay
?
local web
= 2 secHow to compute
+ minutes + usecs cache
link
utilization, delay?
Cost: web cache (cheap!)
Application Layer 2-48
Caching example: install local cache
Calculating access link
utilization, delay with
origin
cache: servers
▪ suppose cache hit rate is 0.4 public
• 40% requests satisfied at cache, Internet
60% requests satisfied at origin
▪ access link utilization:
▪ 60% of requests use access link
▪ data rate to browsers over access link 1.54 Mbps
access link
= 0.6*1.50 Mbps = .9 Mbps
▪ utilization = 0.9/1.54 = .58 institutiona
l
1 Gbps LAN
▪ total delay network
▪ = 0.6 * (delay from origin servers) +0.4 local web
* (delay when satisfied at cache) cache
▪ = 0.6 (2.01) + 0.4 (~msecs) = ~ 1.2 secs
▪ less than with 154 Mbps link (and
cheaper too!)
Application Layer 2-49
Conditional GET
client serve
▪ Goal: don’t send object if r
cache has up-to-date
cached version HTTP request msg
object
If-modified-since: <date>
• no object transmission not
delay modified
• lower link utilization HTTP response
before
HTTP/1.0
▪ cache: specify date of 304 Not Modified <date>
cached copy in HTTP
request
If-modified-since:
<date> HTTP request msg
▪ server: response contains If-modified-since: <date> object
no object if cached copy modified
HTTP response after
is up-to-date:
HTTP/1.0 200 OK <date>
HTTP/1.0 304 Not
Modified <data>
Application Layer 2-50
Chapter 2: outline
2.1 principles of network 2.5 P2P applications
applications 2.6 video streaming and
2.2 Web and HTTP content distribution
2.3 electronic mail networks
• SMTP, POP3, IMAP 2.7 socket programming
2.4 DNS with UDP and TCP

Application Layer 2-51

Electronic mail outgoing
message queue
user mailbox
Three major components: user
agent
▪ user agents
▪ mail servers mail user
server
▪ simple mail transfer agent

protocol: SMTP SMTP mail user

server agent
User Agent SMTP
▪ a.k.a. “mail reader”
SMTP user
▪ composing, editing, mail
agent
reading mail messages server
user
▪ e.g., Outlook, Thunderbird, agent
iPhone mail client user
▪ outgoing, incoming agent
messages stored on server
Application Layer 2-52
Electronic mail: mail servers
mail servers: user
agent
▪ mailbox contains incoming
messages for user mail user
server
▪ message queue of outgoing agent
(to be sent) mail messages SMTP mail user
▪ SMTP protocol between server agent
mail servers to send email SMTP
messages
• client: sending mail SMTP user
agent
mail
server server
• “server”: receiving mail user
agent
server
user
agent

Application Layer 2-53

Electronic Mail: SMTP [RFC 2821]
▪ uses TCP to reliably transfer email message from
client to server, port 25
▪ direct transfer: sending server to receiving server
▪ three phases of transfer
• handshaking (greeting)
• transfer of messages
• closure
▪ command/response interaction (like HTTP)
• commands: ASCII text
• response: status code and phrase
▪ messages must be in 7-bit ASCI

Application Layer 2-54

Scenario: Alice sends message to Bob
1) Alice uses UA to compose 4) SMTP client sends Alice’s
message “to” message over the TCP
[email protected] connection
2) Alice’s UA sends message to 5) Bob’s mail server places the
her mail server; message message in Bob’s mailbox
placed in message queue 6) Bob invokes his user agent to
3) client side of SMTP opens read message
TCP connection with Bob’s
mail server

1user mail user

mail agent
agent server server
2 3 6
4
5
Alice’s mail server Bob’s mail server
Application Layer 2-55
Sample SMTP interaction
S: 220 hamburger.edu
C: HELO crepes.fr
S: 250 Hello crepes.fr, pleased to meet you
C: MAIL FROM: <[email protected]>
S: 250 [email protected]... Sender ok
C: RCPT TO: <[email protected]>
S: 250 [email protected] ... Recipient ok
C: DATA
S: 354 Enter mail, end with "." on a line by itself
C: Do you like ketchup?
C: How about pickles?
C: .
S: 250 Message accepted for delivery
C: QUIT
S: 221 hamburger.edu closing connection

Application Layer 2-56

Try SMTP interaction for yourself:
▪ telnet servername 25
▪ see 220 reply from server
▪ enter HELO, MAIL FROM, RCPT TO, DATA, QUIT
commands

above lets you send email without using email client (reader)

Application Layer 2-57

SMTP: final words
▪ SMTP uses persistent comparison with HTTP:
connections ▪ HTTP: pull
▪ SMTP requires message
▪ SMTP: push
(header & body) to be in
7-bit ASCII ▪ both have ASCII
▪ SMTP server uses command/response
CRLF.CRLF to determine interaction, status codes
end of message
▪ HTTP: each object
encapsulated in its own
response message
▪ SMTP: multiple objects
sent in multipart message

Application Layer 2-58

Mail message format
SMTP: protocol for
exchanging email messages header
blan
RFC 822: standard for text k
message format: line
▪ header lines, e.g.,
• To: body
• From:
• Subject:
different from SMTP MAIL
FROM, RCPT TO:
commands!
▪ Body: the “message”
• ASCII characters only

Application Layer 2-59

Mail access protocols
user
mail user
SMTP SMTP access
agent agent
protocol
(e.g., POP,
IMAP)

sender’s mail receiver’s mail

server server

▪ SMTP: delivery/storage to receiver’s server

▪ mail access protocol: retrieval from server
• POP: Post Office Protocol [RFC 1939]: authorization,
download
• IMAP: Internet Mail Access Protocol [RFC 1730]: more
features, including manipulation of stored messages on
server
• HTTP: gmail, Hotmail, Yahoo! Mail, etc.

Application Layer 2-60

POP3 protocol
S: +OK POP3 server ready
C: user bob
authorization phase S: +OK
C: pass hungry
▪ client commands:
S: +OK user successfully logged
• user: declare username on
• pass: password C: list
▪ server responses S: 1 498
• +OK S: 2 912
S: .
• -ERR
C: retr 1
transaction phase, client: S: <message 1 contents>
▪ list: list message numbers S: .
▪ retr: retrieve message by C: dele 1
number C: retr 2
S: <message 1 contents>
▪ dele: delete
S: .
▪ quit C: dele 2
C: quit
S: +OK POP3 server signing off
Application Layer 2-61
POP3 (more) and IMAP
more about POP3 IMAP
▪ previous example uses ▪ keeps all messages in one
POP3 “download and place: at server
delete” mode ▪ allows user to organize
• Bob cannot re-read e- messages in folders
mail if he changes ▪ keeps user state across
client sessions:
▪ POP3 “download-and- • names of folders and
keep”: copies of messages mappings between
on different clients message IDs and folder
▪ POP3 is stateless across name
sessions

Application Layer 2-62

Chapter 2: outline
2.1 principles of network 2.5 P2P applications
applications 2.6 video streaming and
2.2 Web and HTTP content distribution
2.3 electronic mail networks
• SMTP, POP3, IMAP 2.7 socket programming
2.4 DNS with UDP and TCP

Application Layer 2-63

DNS: domain name system
people: many identifiers: Domain Name System:
• SSN, name, passport # ▪ distributed database
Internet hosts, routers: implemented in hierarchy of
• IP address (32 bit) - many name servers
used for addressing ▪ application-layer protocol:
datagrams hosts, name servers
• “name”, e.g., communicate to resolve
www.yahoo.com - used names (address/name
by humans translation)
Q: how to map between IP • note: core Internet function,
address and name, and implemented as application-
vice versa ? layer protocol
• complexity at network’s
“edge”

Application Layer 2-64

DNS: services, structure
DNS services why not centralize DNS?
▪ hostname to IP address ▪ single point of failure
translation ▪ traffic volume
▪ host aliasing ▪ distant centralized database
• canonical, alias names ▪ maintenance
▪ mail server aliasing
▪ load distribution A: doesn‘t scale!
• replicated Web servers:
many IP addresses
correspond to one
name

Application Layer 2-65

DNS: a distributed, hierarchical database
Root DNS Servers

… …

com DNS servers org DNS servers edu DNS servers

pbs.org poly.edu umass.edu

yahoo.com amazon.com
DNS servers DNS serversDNS servers
DNS servers DNS servers

client wants IP for www.amazon.com; 1st approximation:

▪ client queries root server to find com DNS server
▪ client queries .com DNS server to get amazon.com DNS server
▪ client queries amazon.com DNS server to get IP address for
www.amazon.com

Application Layer 2-66

 DNS: root name servers
▪ contacted by local name server that can not resolve name
▪ root name server:
• contacts authoritative name server if name mapping not known
• gets mapping
• returns mapping to local name server

c. Cogent, Herndon, VA (5 other sites)

d. U Maryland College Park, MD k. RIPE London (17 other sites)
h. ARL Aberdeen, MD
j. Verisign, Dulles VA (69 other sites ) i. Netnod, Stockholm (37 other sites)

e. NASA Mt View, CA m. WIDE Tokyo

f. Internet Software C. (5 other sites)
Palo Alto, CA (and 48 other
sites)

a. Verisign, Los Angeles CA

13 logical root name
(5 other sites)
b. USC-ISI Marina del Rey, CA
“servers” worldwide
l. ICANN Los Angeles, CA •each “server” replicated
(41 other sites)
g. US DoD Columbus, many times
OH (5 other sites)

Application Layer 2-67

TLD, authoritative servers
top-level domain (TLD) servers:
• responsible for com, org, net, edu, aero, jobs, museums,
and all top-level country domains, e.g.: uk, fr, ca, jp
• Network Solutions maintains servers for .com TLD
• Educause for .edu TLD
authoritative DNS servers:
• organization’s own DNS server(s), providing authoritative
hostname to IP mappings for organization’s named hosts
• can be maintained by organization or service provider

Application Layer 2-68

Local DNS name server
▪ does not strictly belong to hierarchy
▪ each ISP (residential ISP, company, university) has
one
• also called “default name server”
▪ when host makes DNS query, query is sent to its
local DNS server
• has local cache of recent name-to-address translation
pairs (but may be out of date!)
• acts as proxy, forwards query into hierarchy

Application Layer 2-69

DNS name root DNS server
resolution example
2
▪ host at cis.poly.edu 3
TLD DNS server
wants IP address for 4
gaia.cs.umass.edu
5

local DNS server

iterated query: dns.poly.edu
▪ contacted server replies 7 6
1 8
with name of server to
contact
authoritative DNS server
▪ “I don’t know this dns.cs.umass.edu
name, but ask this requesting host
server” cis.poly.edu

gaia.cs.umass.edu

Application Layer 2-70

DNS name root DNS server
resolution example
2 3
7
recursive query: 6
▪ puts burden of name TLD DNS
server
resolution on
contacted name local DNS server
server dns.poly.edu 5 4

▪ heavy load at upper 1 8

levels of hierarchy?
authoritative DNS server
dns.cs.umass.edu
requesting host
cis.poly.edu

gaia.cs.umass.edu

Application Layer 2-71

DNS: caching, updating records
▪ once (any) name server learns mapping, it caches
mapping
• cache entries timeout (disappear) after some time (TTL)
• TLD servers typically cached in local name servers
• thus root name servers not often visited
▪ cached entries may be out-of-date (best effort
name-to-address translation!)
• if name host changes IP address, may not be known
Internet-wide until all TTLs expire
▪ update/notify mechanisms proposed IETF standard
• RFC 2136

Application Layer 2-72

DNS records
DNS: distributed database storing resource records (RR)
RR format: (name, value, type, ttl)

type=A type=CNAME
▪ name is hostname ▪ name is alias name for some
▪ value is IP address “canonical” (the real) name
▪ www.ibm.com is really
type=NS
• name is domain (e.g., servereast.backup2.ibm.com
foo.com) ▪ value is canonical name
• value is hostname of
authoritative name type=MX
server for this domain
▪ value is name of mailserver
associated with name

Application Layer 2-73

DNS protocol, messages
▪ query and reply messages, both with same message
format 2 2
b b
yt yt
message header identificatio
e flags
e
n s s
▪ identification: 16 bit # for # questions # answer RRs
query, reply to query uses
# authority RRs # additional
same # RRs
▪ flags: questions (variable # of questions)
▪ query or reply
▪ recursion desired answers (variable # of RRs)
▪ recursion available
▪ reply is authoritative authority (variable # of RRs)

additional info (variable # of RRs)

Application Layer 2-74

DNS protocol, messages

2 2
b b
yt yt
identificatio
e flags
e
n s s
# questions # answer RRs

# authority RRs # additional

name, type RRs
fields questions (variable # of questions)
for a query
RRs in response answers (variable # of RRs)
to query
records for authority (variable # of RRs)
authoritative servers
additional “helpful” additional info (variable # of RRs)
info that may be used
Application Layer 2-75
Inserting records into DNS
▪ example: new startup “Network Utopia”
▪ register name networkuptopia.com at DNS registrar
(e.g., Network Solutions)
• provide names, IP addresses of authoritative name server
(primary and secondary)
• registrar inserts two RRs into .com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)
▪ create authoritative server type A record for
www.networkuptopia.com; type MX record for
networkutopia.com

Application Layer 2-76

Attacking DNS
DDoS attacks redirect attacks
▪ bombard root servers ▪ man-in-middle
with traffic • Intercept queries
• not successful to date ▪ DNS poisoning
• traffic filtering ▪ Send bogus relies to
• local DNS servers cache DNS server, which
IPs of TLD servers, caches
allowing root server exploit DNS for DDoS
bypass
▪ send queries with
▪ bombard TLD servers
spoofed source
• potentially more
dangerous address: target IP
▪ requires amplification
Application Layer 2-77