DOCSLIB.ORG

Server Transac2on Hardware Organiza2on of a Network Host

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Server Transac2on Hardware Organiza2on of a Network Host Carnegie Mellon Carnegie Mellon A Client-Server Transac8on 1. Client sends request Client Server process process Resource Internetworking 4. Client 3. Server sends response 2. Server 15-213/18-213: Introduc2on to Computer Systems handles handles 20th Lecture, April. 3, 2013 response request Note: clients and servers are processes running on hosts (can be the same or different hosts) Instructors: Todd C. Mowry and Anthony Rowe ¢ Most network applica8ons are based on the client-server model: § A server process and one or more client processes § Server manages some resource § Server provides service by manipulang resource for clients § Server ac2vated by request from client (vending machine analogy) Carnegie Mellon Carnegie Mellon Hardware Organiza8on of a Network Host Computer Networks CPU chip register file ¢ A network is a hierarchical system of boxes and wires organized by geographical proximity ALU § SAN (System Area Network) spans cluster or machine room system bus memory bus § Switched Ethernet, Quadrics QSW, … § LAN (Local Area Network) spans a building or campus I/O main MI § Ethernet is most prominent example bridge memory § WAN (Wide Area Network) spans country or world § Typically high-speed point-to-point phone lines Expansion slots ¢ An internetwork (internet) is an interconnected set of I/O bus networks USB graphics disk network § The Global IP Internet (uppercase “I”) is the most famous example controller adapter controller adapter of an internet (lowercase “i”) mouse keyboard monitor ¢ Let’s see how an internet is built from the ground up disk network 1 Carnegie Mellon Carnegie Mellon What is the Internet? Lowest Level: Ethernet Segment host host host 100 Mb/s 100 Mb/s hub port ¢ Ethernet segment consists of a collec8on of hosts connected by wires (twisted pairs) to a hub ¢ Spans room or floor in a building ¢ Operaon § Each Ethernet adapter has a unique 48-bit address (MAC address) § E.g., 00:16:ea:e3:54:e6 § Hosts send bits to any other host in chunks called frames § Hub slavishly copies each bit from each port to every other port § Every host sees every bit § Note: Hubs are on their way out. Bridges (switches, routers) became cheap enough to replace them (means no more broadcas2ng) Carnegie Mellon Carnegie Mellon Next Level: Bridged Ethernet Segment Conceptual View of LANs A B ¢ For simplicity, hubs, bridges, and wires are o\en shown as a host host host host host collecon of hosts aached to a single wire: X hub 100 Mb/s bridge 100 Mb/s hub host host ... host 1 Gb/s host host 100 Mb/s 100 Mb/s hub bridge hub Y host host host host host C ¢ Spans building or campus ¢ Bridges cleverly learn which hosts are reachable from which ports and then selec8vely copy frames from port to port 2 Carnegie Mellon Carnegie Mellon Next Level: internets Logical Structure of an internet ¢ Mul8ple incompa8ble LANs can be physically connected by host specialized computers called routers router host router ¢ The connected networks are called an internet router router router router host host ... host host host ... host LAN LAN router router router WAN WAN ¢ Ad hoc interconnec8on of networks § No par2cular topology § Vastly different router & link capaci2es LAN 1 and LAN 2 might be completely different, totally incompaHble ¢ Send packets from source to des8na8on by hopping through (e.g., Ethernet and Wifi, 802.11*, T1-links, DSL, …) networks § Router forms bridge from one network to another § Different packets may take different routes Carnegie Mellon Carnegie Mellon The Noon of an internet Protocol What Does an internet Protocol Do? ¢ How is it possible to send bits across incompa8ble LANs ¢ Provides a naming scheme and WANs? § An internet protocol defines a uniform format for host addresses § Each host (and router) is assigned at least one of these internet addresses that uniquely iden2fies it ¢ Soluon: § protocol soaware running on each host and router ¢ Provides a delivery mechanism § smooths out the differences between the different networks § An internet protocol defines a standard transfer unit (packet) § Packet consists of header and payload ¢ Implements an internet protocol (i.e., set of rules) § Header: contains info such as packet size, source and des2naon § governs how hosts and routers should cooperate when they addresses transfer data from network to network § Payload: contains data bits sent from source host § TCP/IP is the protocol for the global IP Internet 3 Carnegie Mellon Carnegie Mellon Transferring Data Over an internet Other Issues LAN1 Host A Host B LAN2 ¢ We are glossing over a number of important quesons: client server § What if different networks have different maximum frame sizes? (1) data (8) data (segmentaon) § How do routers know where to forward frames? protocol protocol internet packet soware soware § How are routers informed when the network topology changes? (2) data PH FH1 (7) data PH FH2 § What if packets get lost? LAN1 frame LAN1 LAN2 adapter adapter Router ¢ These (and other) quesons are addressed by the area of (3) data PH FH1 (6) data PH FH2 systems known as computer networking LAN1 LAN2 adapter adapter LAN2 frame (4) data PH FH1 data PH FH2 (5) protocol PH: Internet packet header soware FH: LAN frame header Carnegie Mellon Carnegie Mellon Global IP Internet Hardware and Soware Organizaon ¢ Most famous example of an internet of an Internet Applica8on ¢ Based on the TCP/IP protocol family § IP (Internet protocol) : Internet client host Internet server host § Provides basic naming scheme and unreliable delivery capability Client User code Server of packets (datagrams) from host-to-host Sockets interface § UDP (Unreliable Datagram Protocol) (system calls) § Uses IP to provide unreliable datagram delivery from TCP/IP Kernel code TCP/IP process-to-process Hardware interface § TCP (Transmission Control Protocol) (interrupts) § Uses IP to provide reliable byte streams from process-to-process Network Hardware Network over connecons adapter and firmware adapter ¢ Accessed via a mix of Unix file I/O and func8ons from the Global IP Internet sockets interface 4 Carnegie Mellon Carnegie Mellon Protocol Layers Basic Internet Components ¢ Internet backbone: § collec2on of routers (naonwide or worldwide) connected by high-speed point-to-point networks ¢ Network Access Point (NAP): § router that connects mul2ple backbones (oaen referred to as peers) HTTP, SSL, NTP, … ¢ Regional networks: § smaller backbones that cover smaller geographical areas TCP, UDP (e.g., ci2es or states) ¢ Point of presence (POP): IP, ICMP § machine that is connected to the Internet Ethernet MAC ¢ Internet Service Providers (ISPs): § provide dial-up or direct access to POPs Twisted Pair Wire Carnegie Mellon Carnegie Mellon NAP-Based Internet Architecture Internet Connec8on Hierarchy Private “peering” NAP NAP NAP ¢ NAPs link together commercial backbones provided by agreements companies such as AT&T and Worldcom between Colocaon two backbone sites companies Backbone Backbone Backbone Backbone ¢ Currently in the US there are about 50 commercial o[en bypass backbones connected by ~12 NAPs (peering points) NAP POP POP POP POP POP POP POP T3 ¢ Similar architecture worldwide connects na8onal networks to the Internet Regional net ISP Big Business POP POP POP POP POP POP POP Cable DSL T1 T1 modem ISP (for individuals) Small Business Pgh employee DC employee 5 Carnegie Mellon Carnegie Mellon Naming and Communicang on the Internet Evoluon of Internet: Naming ¢ Original Idea ¢ Dynamic address assignment § Every node on Internet would have unique IP address § Most hosts don't need to have known address § Everyone would be able to talk directly to everyone § Only those func2oning as servers § No secrecy or authen2caon § DHCP (Dynamic Host Configuraon Protocol) § Messages visible to routers and hosts on same LAN § Local ISP assigns address for temporary use § Possible to forge source field in packet header ¢ Example: ¢ Shortcomings § My laptop at CMU (wired connec2on) § There aren't enough IP addresses available § IP address 128.2.213.29 (bryant-tp4.cs.cmu.edu) § Don't want everyone to have access or knowledge of all other hosts § Assigned stacally § Security issues mandate secrecy & authen2caon § My laptop at home § IP address 192.168.1.5 § Only valid within home network Carnegie Mellon Carnegie Mellon Evolu8on of Internet: Firewalls Virtual Private Networks 176.3.3.3 1 10.2.2.2 Firewall Firewall 10.6.6.6 198.3.3.3 4 2 10.x.x.x 3 216.99.99.99 Corporaon X Corporaon X Internet Internet ¢ Firewalls ¢ § Hides organizaons nodes from rest of Internet Suppor8ng road warrior § Employee working remotely with assigned IP address 198.3.3.3 § Use local IP addresses within organizaon § Wants to appear to rest of corporaon as if working internally § For external service, provides proxy service § From address 10.6.6.6 1. Client request: src=10.2.2.2, dest=216.99.99.99 § Gives access to internal services (e.g., ability to send mail) 2. Firewall forwards: src=176.3.3.3, dest=216.99.99.99 3. Server responds: src=216.99.99.99, dest=176.3.3.3 ¢ Virtual Private Network (VPN) 4. Firewall forwards response: src=216.99.99.99, dest=10.2.2.2 § Overlays private network on top of regular Internet 6 Carnegie Mellon Carnegie Mellon A Programmer’s View of the Internet IP Addresses ¢ 32-bit IP addresses are stored in an IP address struct ¢ Hosts are mapped to a set of 32-bit IP addresses § IP addresses are always stored in memory in network byte order § 128.2.203.179 (big-endian byte order) § True in general for any integer transferred in a packet header from one machine to another. ¢ The set of
Load more

Recommended publications
  • A Secure Peer-To-Peer Web Framework
    A Secure Peer-to-Peer Web Framework Joakim Koskela Andrei Gurtov Helsinki Institute for Information Technology Helsinki Institute for Information Technology PO Box 19800, 00076 Aalto PO Box 19800, 00076 Aalto Email: joakim.koskela@hiit.fi Email: andrei.gurtov@hiit.fi Abstract—We present the design and evaluation of a se- application, that can be deployed without investing in dedi- cure peer-to-peer HTTP middleware framework that enables cated infrastructure while addressing issues such as middlebox a multitude of web applications without relying on service traversal, mobility, security and identity management. providers. The framework is designed to be deployed in existing network environments, allowing ordinary users to create private II. PEER-TO-PEER HTTP services without investing in network infrastructure. Compared to previous work, scalability, NAT/firewall traversal and peer From its launch in the early 1990s, the HyperText Transfer mobility is achieved without the need for maintaining dedicated Protocol (HTTP) had grown to be one of the most popular servers by utilizing new network protocols and re-using existing protocols on the Internet today. It is used daily for everything network resources. from past-time activities, such as recreational browsing, gam- I. INTRODUCTION ing and media downloads, to business- and security-critical Peer-to-peer (P2P) systems have been popular within net- applications such as payment systems and on-line banking. work research during the past years as they have the potential The success of HTTP has clearly grown beyond its original to offer more reliable, fault-tolerant and cost-efficient network- design as a simple, easy to manage protocol for exchanging ing.
    [Show full text]
  • I.L. 40-614A 1 1. INTRODUCTION the Basic Interface to Remote Terminal, Or BIRT, Is an INCOM Network Master. BIRT Gives Users An
    I.L. 40-614A 1. INTRODUCTION 3. DESCRIPTION The Basic Interface to Remote Terminal, or BIRT, is 3.1. Power Requirements an INCOM Network Master. BIRT gives users an economical way of getting information from their Range: 48 Vdc to 250 Vdc and 120 Vac INCOM-compatible devices since it connects directly between a user’s external MODEM or personal com- Burden: 3.5 W @ 48 Vdc puter and the INCOM network. 9 W @ 250 Vdc 5 W @ 120 Vac BIRT can directly replace Westinghouse MINTs, talk- ing to all INCOM-based communication devices. 3.2. Temperature Range BIRTs also include a special high-speed mode for communicating with SADIs – allowing users to collect For Operation: 0˚ to +55˚ C data from other manufacturer’s relays more rapidly For Storage: -20˚ to +80˚ C than ever before. 3.3. Physical Dimensions BIRTs are built to handle the abuse of substation environment; their “hardened” RS-232 serial port can The BIRT enclosure dimensions are identical to the handle surges and sustained high voltages that ERNI and SADI, as shown in figure 1. would destroy ordinary serial ports, and BIRTs can run on a wide range of voltages, from 48 to 250 Vdc Dimensions and weight of chassis or even 120 Vac, with no jumpers or adjustments needed. Height: 5.26” (133.6) mm) Width: 3.32” (84.3) mm) Depth: 5.92” (150.4) mm) 2. FEATURES Weight: 2.0 lbs (0.9 kg) BIRT is designed to be very flexible in its RS-232 External Wiring: See figures 2 and 3.
    [Show full text]
  • Introduction to Peer-To-Peer Networks
    Introduction to Peer-to-Peer Networks The Story of Peer-to-Peer The Nature of Peer-to-Peer: Generals & Paradigms Unstructured Peer-to-Peer Systems Sample Applications 1 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt A Peer-to-Peer system is a self-organizing system of equal, autonomous entities (peers) which aims for the shared usage of distributed resources in a networked environment avoiding central services. Andy Oram 2 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt The Old Days NetNews (nntp) Usenet since 1979, initially based on UUCP Exchange (replication) of news articles by subscription Group creation/deletion decentralised DNS Distributed delegation of name authorities: file sharing of host tables Name “Servers” act as peers Hierarchical information space permits exponential growth Systems are manually configured distributed peers 3 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt SETI@home: Distributed Computing Search for Extraterrestrial Intelligence (SETI) Analyse radio sig- nals from space Globally shared computing res. Idea 1995 First version 1998 2002 ≈ 4 Mio clnt E.g. Screensaver From Anderson et. al.: SETI@home, Comm. ACM, 45 (11), Nov. 2002 http://setiathome.berkeley.edu/ - ongoing 4 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt SETI@home (2) http-based client-server model No client-client communication Data chunks: load & return N-redundancy for fault detection Attacks: bogus code From Anderson
    [Show full text]
  • Peer-To-Peer Networks
    Peer-to-Peer Networks 14-740: Fundamentals of Computer Networks Credit to Bill Nace, 14-740, Fall 2017 Material from Computer Networking: A Top Down Approach, 6th edition. J.F. Kurose and K.W. Ross traceroute • P2P Overview • Architecture components • Napster (Centralized) • Gnutella (Distributed) • Skype and KaZaA (Hybrid, Hierarchical) • KaZaA Reverse Engineering Study 14-740: Spring 2018 2 What is P2P? • Client / Server interaction • Client: any end-host • Server: specific end-host • P2P: Peer-to-peer • Any end-host • Aim to leverage resources available on “clients” (peers) • Hard drive space • Bandwidth (especially upload) • Computational power • Anonymity (i.e. Zombie botnets) • “Edge-ness” (i.e. being distributed at network edges) • Clients are particularly fickle • Users have not agreed to provide any particular level of service • Users are not altruistic -- algorithm must force participation without allowing cheating • Clients are not trusted • Client code may be modified • And yet, availability of resources must be assured P2P History • Proto-P2P systems exist • DNS, Netnews/Usenet • Xerox Grapevine (~1982): name, mail delivery service • Kicked into high gear in 1999 • Many users had “always-on” broadband net connections • 1st Generation: Napster (music exchange) • 2nd Generation: Freenet, Gnutella, Kazaa, BitTorrent • More scalable, designed for anonymity, fault-tolerant • 3rd Generation: Middleware -- Pastry, Chord • Provide for overlay routing to place/find resources 14-740: Spring 2018 6 P2P Architecture • Content Directory
    [Show full text]
  • Secure Shell- Its Significance in Networking (Ssh)
    International Journal of Application or Innovation in Engineering & Management (IJAIEM) Web Site: www.ijaiem.org Email: [email protected] Volume 4, Issue 3, March 2015 ISSN 2319 - 4847 SECURE SHELL- ITS SIGNIFICANCE IN NETWORKING (SSH) ANOOSHA GARIMELLA , D.RAKESH KUMAR 1. B. TECH, COMPUTER SCIENCE AND ENGINEERING Student, 3rd year-2nd Semester GITAM UNIVERSITY Visakhapatnam, Andhra Pradesh India 2.Assistant Professor Computer Science and Engineering GITAM UNIVERSITY Visakhapatnam, Andhra Pradesh India ABSTRACT This paper is focused on the evolution of SSH, the need for SSH, working of SSH, its major components and features of SSH. As the number of users over the Internet is increasing, there is a greater threat of your data being vulnerable. Secure Shell (SSH) Protocol provides a secure method for remote login and other secure network services over an insecure network. The SSH protocol has been designed to support many features along with proper security. This architecture with the help of its inbuilt layers which are independent of each other provides user authentication, integrity, and confidentiality, connection- oriented end to end delivery, multiplexes encrypted tunnel into several logical channels, provides datagram delivery across multiple networks and may optionally provide compression. Here, we have also described in detail what every layer of the architecture does along with the connection establishment. Some of the threats which Ssh can encounter, applications, advantages and disadvantages have also been mentioned in this document. Keywords: SSH, Cryptography, Port Forwarding, Secure SSH Tunnel, Key Exchange, IP spoofing, Connection- Hijacking. 1. INTRODUCTION SSH Secure Shell was first created in 1995 by Tatu Ylonen with the release of version 1.0 of SSH Secure Shell and the Internet Draft “The SSH Secure Shell Remote Login Protocol”.
    [Show full text]
  • Terminal Services Manager Getting Started
    Terminal Services Manager Getting Started LizardSystems Table of Contents Introduction 3 Installing Terminal Services Manager 3 Before starting the application 4 Starting the application 5 Connect to a Remote Desktop Services Servers 6 User Interface 10 Main Window 10 Main menu 11 Administrative tools 16 Network tools 16 Toolbar 17 Computer list 18 Servers tab 19 Users tab 20 Sessions tab 22 Processes tab 23 Dialog boxes 25 Add Computer 25 Create New Group 26 Add Computers Wizard 26 Import computers from network 27 Import computers from Active Directory 28 Import computers from IP Range 28 Import computers from file 30 Search for computers 30 Select grouping type for computers 31 Add computers to list 32 Preferences 33 General 33 Computer list 34 Terminal services 35 2 Terminal Services Manager - Getting Started Introduction Using Terminal Services Manager, you can see the details of users connected to a remote host, their sessions, and their active processes. For several hosts simultaneously, you can monitor each user, session, and process's usage of remote host resources (CPU, memory, etc.) in real-time. Using Terminal Services Manager, you can easily perform various administrative tasks to manage resources and users on a remote host, for example, disconnecting all inactive users, closing inactive users' sessions, or terminating a remote host process. You may use Terminal Services Manager to view information and monitor servers, users, sessions, and processes on servers running Windows Server. You can also perform certain administrative tasks; for example, you can disconnect or log off users from their Remote Desktop Services sessions. Installing Terminal Services Manager • You can install Terminal Services Manager after downloading it from the Download page.
    [Show full text]
  • Security with SSH.Pdf
    Security with SSH Network Startup Resource Center http://www.nsrc.org/ These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Topics • What is SSH • Where to get SSH • How to enable and configure SSH • Where to get SSH clients for Windows • Host keys: authentication of server to client • Issues to do with changing of the host key • Password authentication of client to server • Cryptographic authentication client to server • hostkey exchange, scp, and sftp labs What is SSH? From Wikipedia: Secure Shell (SSH) is a cryptographic network protocol for secure data communication, remote command-line login, remote command execution, and other secure network services between two networked computers that connects, via a secure channel over an insecure network, a server and a client (running SSH server and SSH client programs, respectively). i.e., ssh gives you a secure command line interface on remote machines… Topics • Where SSH applies directly to dealing with these two areas of security: - Confidentiality - Keeping our data safe from prying eyes • Authentication and Authorization - Is this person who they claim to be? - With keys alternative method to passwords Where to get SSH • First see if SSH is installed on your system and what version. Easiest way is: $ ssh ±V • Commonly used SSH in Linux and FreeBSD is OpenSSH. You can find the home page here: http://www.openssh.org/ • You can install OpenSSH via packages on Linux and FreeBSD. Ubuntu 12.04.3 LTS currently installs version 5.9p1 of OpenSSH. Obtain SSH Client for Windows There are several free, shareware, and commercial ssh clients for Windows.
    [Show full text]
  • Networking Telnet
    IBM i Version 7.2 Networking Telnet IBM Note Before using this information and the product it supports, read the information in “Notices” on page 99. This edition applies to IBM i 7.2 (product number 5770-SS1) and to all subsequent releases and modifications until otherwise indicated in new editions. This version does not run on all reduced instruction set computer (RISC) models nor does it run on CISC models. This document may contain references to Licensed Internal Code. Licensed Internal Code is Machine Code and is licensed to you under the terms of the IBM License Agreement for Machine Code. © Copyright International Business Machines Corporation 1998, 2013. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Telnet................................................................................................................... 1 What's new for IBM i 7.2..............................................................................................................................1 PDF file for Telnet........................................................................................................................................ 1 Telnet scenarios...........................................................................................................................................2 Telnet scenario: Telnet server configuration.........................................................................................2 Telnet scenario: Cascaded Telnet
    [Show full text]
  • LAB MANUAL for Computer Network
    LAB MANUAL for Computer Network CSE-310 F Computer Network Lab L T P - - 3 Class Work : 25 Marks Exam : 25 MARKS Total : 50 Marks This course provides students with hands on training regarding the design, troubleshooting, modeling and evaluation of computer networks. In this course, students are going to experiment in a real test-bed networking environment, and learn about network design and troubleshooting topics and tools such as: network addressing, Address Resolution Protocol (ARP), basic troubleshooting tools (e.g. ping, ICMP), IP routing (e,g, RIP), route discovery (e.g. traceroute), TCP and UDP, IP fragmentation and many others. Student will also be introduced to the network modeling and simulation, and they will have the opportunity to build some simple networking models using the tool and perform simulations that will help them evaluate their design approaches and expected network performance. S.No Experiment 1 Study of different types of Network cables and Practically implement the cross-wired cable and straight through cable using clamping tool. 2 Study of Network Devices in Detail. 3 Study of network IP. 4 Connect the computers in Local Area Network. 5 Study of basic network command and Network configuration commands. 6 Configure a Network topology using packet tracer software. 7 Configure a Network topology using packet tracer software. 8 Configure a Network using Distance Vector Routing protocol. 9 Configure Network using Link State Vector Routing protocol. Hardware and Software Requirement Hardware Requirement RJ-45 connector, Climping Tool, Twisted pair Cable Software Requirement Command Prompt And Packet Tracer. EXPERIMENT-1 Aim: Study of different types of Network cables and Practically implement the cross-wired cable and straight through cable using clamping tool.
    [Show full text]
  • Chapter 7, “Configuring Telnet”
    Send document comments to [email protected]. CHAPTER 7 Configuring Telnet This chapter describes how to configure Telnet on Nexus 1000V and includes the following topics: • Information About the Telnet Server, page 7-1 • Prerequisites for Telnet, page 7-1 • Guidelines and Limitations, page 7-2 • Configuring Telnet, page 7-2 • Verifying the Telnet Configuration, page 7-5 • Default Setting, page 7-5 • Additional References, page 7-5 • Feature History for Telnet, page 7-6 Information About the Telnet Server The Telnet protocol enables you to set up TCP/IP connections to a host. Telnet allows a person at one site to establish a TCP connection to a login server at another site and then passes the keystrokes from one device to the other. Telnet can accept either an IP address or a domain name as the remote device address. Note On Nexus 1000V, the Telnet server is enabled by default. Prerequisites for Telnet Telnet has the following prerequisites: • You have configured IP on a Layer 3 interface, out-of-band on the mgmt 0 interface, or inband on an Ethernet interface. Cisco Nexus 1000V Security Configuration Guide, Release 4.0(4)SV1(1) OL-19418-01 7-1 Chapter 7 Configuring Telnet Guidelines and Limitations Send document comments to [email protected]. Guidelines and Limitations • By default, the Telnet server is enabled. Note Be aware that the Nexus 1000V commands might differ from the Cisco IOS commands. Configuring Telnet This section includes the following topics: • Enabling the Telnet Server, page 7-2 • Starting an IP Telnet Session to a Remote Device, page 7-3 • Clearing Telnet Sessions, page 7-4 Enabling the Telnet Server Use this procedure to enable the Telnet server.
    [Show full text]
  • Primer on Host Identity Protocol
    whitepaper Primer on Host Identity Protocol A simpler, more secure approach to IP communications Creating a new standard for network security Host Identity Protocol (HIP) is an open standards-based network security protocol, approved by the leading Internet standards organization, the Internet Engineering Task Force, in 2015. That event crowned over 15 years of HIP development, testing and deployment in coordination with several large companies (such as Boeing, Ericsson, Nokia, Verizon, TeliaSonera) and standard bodies (Trusted Computing Group, IEEE 802). Recognized by the Internet Engineering Task Force (IETF) community as a fundamental improvement in secure IP architecture, HIP was first deployed within the defense and aerospace industry as a cost-efficient and scalable solution to address growing threat environments and the complexity of security policy management. The protocol has been in use for over 10 years in mission-critical environments of all scale and complexity, including applications where downtime costs exceeds $1 million per hour, and nation-state cyber-attacks occur on a regular basis. tempered.io 1 whitepaper | primer on Host Identity Protocol Timeline of internet transport technology Timeline of internet Tempered launches Airnet, transport technology a free HIP VPN 1969 1980 1983 1990 2006 2007 2015 2021 Arpanet starts using Early Arpanet Commercial Boeing Tempered First HIP precursor to TCP/IP converts internet deploys launches HIP RFC TCP/IP RFC to TCP/IP starts HIP implementation Tempered launches Airnet, a free HIP VPN 1969 1980 1983 1990 2006 2007 2015 2021 Arpanet Early Arpanet Commercial Boeing Tempered is TCP/IP converts internet First HIP deploys launches HIP launched RFC to TCP/IP starts RFC HIP implementation Tempered Networks now offers the leading, field-proven HIP implementation.
    [Show full text]
  • Host Mobility Using an Internet Indirection Infrastructure
    Host Mobility Using an Internet Indirection Infrastructure Shelley Zhuang Kevin Lai Ion Stoica Randy Katz Scott Shenker∗ University of California, Berkeley fshelleyz, laik, istoica, [email protected] Abstract mobile host to have seamless connectivity and continu- ous reachability, it must retain its identifier while chang- We propose the Robust Overlay Architecture for Mobil- ing its location. Previous mobility proposals decouple ity (ROAM) to provide seamless mobility for Internet this binding by introducing a fixed indirection point (e.g., hosts. ROAM is built on top of the Internet Indirection Mobile IP [1]), redirecting through the DNS (e.g., TCP Infrastructure (i3). With i3, instead of explicitly sending Migrate [2]), or using indirection at the link layer (e.g., a packet to a destination, each packet is associated with cellular mobility schemes). an identifier. This identifier defines an indirection point in i3, and is used by the receiver to obtain the packet. However, these proposals lack one or more of the follow- ing properties to fully realize the promise of ubiquitous ROAM takes advantage of end-host ability to control mobility: the placement of indirection points in i3 to provide ef- ficient routing, fast handoff, and preserve location pri- Efficient routing: packets should be routed on paths vacy for mobile hosts. In addition, ROAM allows end • with latency close to the shortest path provided by hosts to move simultaneously, and is as robust as the un- IP routing. derlying IP network to node failure. We have developed a user-level prototype system on Linux that provides • Efficient handoff : the loss of packets during handoff transparent mobility without modifying applications or should be minimized and avoided, if possible.
    [Show full text]