DNS – pair-à-pair début

DNS: Domain Name System People: many identifiers: SSN, name, passport # Internet hosts, routers: IP address (32 bit) - used for addressing datagrams “name”, e.g., ww.yahoo.com - used by humans Q: map between IP addresses and name ? Domain Name System: distributed database implemented in hierarchy of many name servers application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation) note: core Internet function, implemented as application-layer protocol complexity at network’s “edge” H. Fauconnier M2-Internet

DNS Why not centralize DNS? DNS services single point of failure traffic volume distant centralized database maintenance doesn’t scale! DNS services hostname to IP address translation host aliasing Canonical, alias names mail server aliasing load distribution replicated Web servers: set of IP addresses for one canonical name H. Fauconnier M2-Internet

Distributed, Hierarchical Database Root DNS Servers com DNS servers org DNS servers edu DNS servers poly.edu DNS servers umass.edu yahoo.com amazon.com pbs.org Client wants IP for www.amazon.com; 1st approx: client queries a root server to find com DNS server client queries com DNS server to get amazon.com DNS server client queries amazon.com DNS server to get IP address for www.amazon.com H. Fauconnier M2-Internet

DNS: Root name servers contacted by local name server that can not resolve name root name server: contacts authoritative name server if name mapping not known gets mapping returns mapping to local name server a Verisign, Dulles, VA c Cogent, Herndon, VA (also LA) d U Maryland College Park, MD g US DoD Vienna, VA h ARL Aberdeen, MD j Verisign, ( 21 locations) k RIPE London (also 16 other locations) i Autonomica, Stockholm (plus 28 other locations) e NASA Mt View, CA f Internet Software C. Palo Alto, CA (and 36 other locations) m WIDE Tokyo (also Seoul, Paris, SF) 13 root name servers worldwide b USC-ISI Marina del Rey, CA l ICANN Los Angeles, CA H. Fauconnier M2-Internet

TLD and Authoritative Servers Top-level domain (TLD) servers: responsible for com, org, net, edu, etc, and all top-level country domains uk, fr, ca, jp. Network Solutions maintains servers for com TLD Educause for edu TLD Authoritative DNS servers: organization’s DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web, mail). can be maintained by organization or service provider H. Fauconnier M2-Internet

Anycast Technique d’adressage permettant de router vers la plus « proche » des destinations BGP permet en général l’anycast. Les serveurs racines de DNS sont des clusters qui utilisent anycast Permet de lutter contre de déni de service (par répartition de la charge) H. Fauconnier M2-Internet

Icann Internet corporation for assigned names and numbers Attribution de noms de domaine et des adresses IP Lié au dns (qui fait l’association des noms aux adresses IP) Sous tutelle du gouvernement US… Icann + DNS -> contrôle de l’internet Des projets alternatifs existent H. Fauconnier M2-Internet

Megaupload Serveurs à Hong Kong Décision juridique Etats-Unis : empêcher l’accès aux serveurs Les DNS top level ne délivrent plus les adresses IP des serveurs Les serveurs deviennent inaccessibles (par le nom) nslookup www.megaupload.com Non-authoritative answer: Name: www.megaupload.com Address: 107.21.243.42 H. Fauconnier M2-Internet

Local Name Server does not strictly belong to hierarchy each ISP (residential ISP, company, university) has one. also called “default name server” when host makes DNS query, query is sent to its local DNS server acts as proxy, forwards query into hierarchy H. Fauconnier M2-Internet

DNS name resolution example root DNS server 2 Host at cis.poly.edu wants IP address for gaia.cs.umass.edu 3 TLD DNS server 4 5 iterated query: contacted server replies with name of server to contact “I don’t know this name, but ask this server” local DNS server dns.poly.edu 7 6 1 8 authoritative DNS server dns.cs.umass.edu requesting host cis.poly.edu gaia.cs.umass.edu H. Fauconnier M2-Internet

DNS name resolution example requesting host cis.poly.edu gaia.cs.umass.edu root DNS server local DNS server dns.poly.edu 1 2 4 5 6 authoritative DNS server dns.cs.umass.edu 7 8 TLD DNS server 3 recursive query: puts burden of name resolution on contacted name server heavy load? H. Fauconnier M2-Internet

DNS: caching and updating records once (any) name server learns mapping, it caches mapping cache entries timeout (disappear) after some time TLD servers typically cached in local name servers Thus root name servers not often visited update/notify mechanisms under design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-charter.html H. Fauconnier M2-Internet

RR format: (name, value, type, ttl) DNS records DNS: distributed db storing resource records (RR) RR format: (name, value, type, ttl) Type=A name is hostname value is IP address Type=CNAME name is alias name for some “canonical” (the real) name www.ibm.com is really servereast.backup2.ibm.com value is canonical name Type=NS name is domain (e.g. foo.com) value is hostname of authoritative name server for this domain Type=MX value is name of mailserver associated with name H. Fauconnier M2-Internet

(compléments) AAAA record: nom vers IPV6 PTR record: adresse IP vers nom de domaine SOA record: (start of authority record) informations sur la zone serveur, courrier, durée de vie, expiration… H. Fauconnier M2-Internet

DNS protocol, messages DNS protocol : query and reply messages, both with same message format msg header identification: 16 bit # for query, reply to query uses same # flags: query or reply recursion desired recursion available reply is authoritative H. Fauconnier M2-Internet

DNS protocol, messages Name, type fields for a query RRs in response to query records for authoritative servers additional “helpful” info that may be used H. Fauconnier M2-Internet

Inserting records into DNS example: new startup “Network Utopia” register name networkuptopia.com at DNS registrar (e.g., Network Solutions) provide names, IP addresses of authoritative name server (primary and secondary) registrar inserts two RRs into com TLD server: (networkutopia.com, dns1.networkutopia.com, NS) (dns1.networkutopia.com, 212.212.212.1, A) create authoritative server Type A record for www.networkuptopia.com; Type MX record for networkutopia.com How do people get IP address of your Web site? H. Fauconnier M2-Internet

Attacking DNS DDoS attacks Bombard root servers with traffic Not successful to date Traffic Filtering Local DNS servers cache IPs of TLD servers, allowing root server bypass Bombard TLD servers Potentially more dangerous Redirect attacks Man-in-middle Intercept queries DNS poisoning Send bogus relies to DNS server, which caches Exploit DNS for DDoS Send queries with spoofed source address: target IP Requires amplification Application Layer

Exemples Cache poisoing: Spoofing: . Alice envoie beaucoup de requêtes vers A pour obtenir IP de www.un.fr Elle envoie aussi des réponses avec IP w.x.y.z en se faisant passer pour un serveur B avec des identifiants aléatoires. -> probabilité non nulle qu’un de ces identifiants corresponde à celui d’une des requêtes de A Bob demande www.un.fr et obtient w.x.y.z . H. Fauconnier M2-Internet

Exemples A partir du contrôle d’un serveur de nom remplir le cache: Alice demande au serveur A: « empoisonnement-dns.com » A contacte le serveur du domaine empoisonnement-dns.com Serveur du domaine empoisonnement-dns.com répond avec des fausses infos. H. Fauconnier M2-Internet

Couche Application 2.6 P2P applications H. Fauconnier M2-Internet

P2P file sharing Alice chooses one of the peers, Bob. File is copied from Bob’s PC to Alice’s notebook: HTTP While Alice downloads, other users uploading from Alice. Alice’s peer is both a Web client and a transient Web server. All peers are servers = highly scalable! Example Alice runs P2P client application on her notebook computer Intermittently connects to Internet; gets new IP address for each connection Asks for “Hey Jude” Application displays other peers that have copy of Hey Jude. H. Fauconnier M2-Internet

Pair à pair quelques principes applications les nœuds offrent des fonctionnalités identiques (pair) volatilité importante (apparition/disparition) grande échelle et dispersion géographique dynamicité importante applications partage de fichiers messagerie téléphone (Skype) … différent du client-serveur H. Fauconnier M2-Internet

Partage de fichiers Communication basée sur deux types de protocoles différents découverte et localisation des fichiers recherche des données mettre en contact deux (ou plusieurs) utilisateurs parmi des millions téléchargement des fichiers H. Fauconnier M2-Internet

Découverte-localisation Base publication des fichiers partagés avec des méta-données découverte des fichiers disponibles localisation des sources à télécharger (En plus identification des doublons détection des fichiers corrompus forums) H. Fauconnier M2-Internet

Architecture du réseau Centralisée: un serveur ou un cluster sur lequel les clients se connectent (Napster) Décentralisée: il n'y a que des clients (Gnutella) Faiblement centralisée: des clients et des serveurs (Edonkey) Hybride: les clients peuvent devenir des serveurs H. Fauconnier M2-Internet

P2P: problems with centralized directory Single point of failure Performance bottleneck Copyright infringement file transfer is decentralized, but locating content is highly centralized H. Fauconnier M2-Internet

Pure P2P architecture no always-on server arbitrary end systems directly communicate peers are intermittently connected and change IP addresses Three topics: File distribution Searching for information Case Study: Skype peer-peer H. Fauconnier M2-Internet

File Distribution: Server-Client vs P2P Question : How much time to distribute file from one server to N peers? us: server upload bandwidth Server ui: peer i upload bandwidth u1 d1 u2 d2 us di: peer i download bandwidth File, size F dN Network (with abundant bandwidth) uN H. Fauconnier M2-Internet

File distribution time: server-client server sequentially sends N copies: NF/us time client i takes F/di time to download F u2 u1 d1 d2 us Network (with abundant bandwidth) dN uN = dcs = max { NF/us, F/min(di) } i Time to distribute F to N clients using client/server approach increases linearly in N (for large N) H. Fauconnier M2-Internet

File distribution time: P2P Server server must send one copy: F/us time client i takes F/di time to download NF bits must be downloaded (aggregate) F u2 u1 d1 d2 us Network (with abundant bandwidth) dN uN fastest possible upload rate: us + Sui dP2P = max { F/us, F/min(di) , NF/(us + Sui) } i H. Fauconnier M2-Internet

Server-client vs. P2P: example Client upload rate = u, F/u = 1 hour, us = 10u, dmin ≥ us H. Fauconnier M2-Internet