Hierarchical Protocol Architecture
Suguru Yamaguchi Nara Institute of Science and Technology Department of Information Science
Overview
Concept and structure of hierarchical protocol architecture – “ISO 7 layer reference model” – Just a conceptual model. But this reference model provides common basis of the computer network.
Overview of TCP/IP – TCP/IP uses its own 5 layer model. • Developed almost in the same period for the design of ISO 7 layer reference model. – Recently more complex & sophisticated
Information Network 1 / 2013 2 OSI 7 Layer Reference Model
Fundamental model of the hierarchical computer network protocol architecture – 7 Layer Type • Physical / Data Link / Network / Transport / Session / Presentation / Application – established as a ISO/OSI standard • Not limited to communication systems. • Define the concept of the hierarchical protocols. • This model was widely accepted by many people. From the late 1970s to the early 1980s. – This reference model contributed to the clear discussion on details of communication protocols.
Information Network 1 / 2013 3 OSI 7 Layer Reference Model
n-SAP (Service Access Point) Layer n+1 n-PDU (Protocol Data Unit)
Layer n Layer n
Peer entity
Layer n-1 n-PDU = Header + SDU (Service Data Unit)
Information Network 1 / 2013 4 OSI 7 Layer Reference Model
ES (End System) ES (End System) Application NFS Presentation XDR Upper Layer Protocol Session Sun RPC
Transport IS (Intermediate System) TCP Network IP Data Link IEEE802.3 Physical Ethernet Coax
Physical connection Physical connection
Information Network 1 / 2013 5 Roles of layers
Layer Role Application Protocols of Applications Presentation Machine independent but application specific expression of data. Session Application specific of “form” of communication. Transport Communication between the processes running on the nodes in the network, but as a common platform. Connection is the major concept in this layer. Network Data exchange functions, which is independent from some specific data links. End-to-end communication mechanism over networks interconnected. The “packet” is a container for data to be exchanged. Datalink Transmission procedure for data chunk (“frame”) over a single communication media. Define this layer tightly with Physical layer (L1) Physical Fundamental Transmission procedures for “bits” over communication media.
Information Network 1 / 2013 6 Layer Structure
Application Application Process Process
application application presentation presentation session session transport transport
network network
datalink datalink
physical Node physical Node
Information Network 1 / 2013 7
Technical Aspect of Hierarchical Protocol
multiplexing and demultiplexing – under layer is multiplexing upper layer protocols • e.g. Ethernet can use IP and Apple Talk as a upper layer protocol. • receiver divide data for upper protocol
Information Network 1 / 2013 8 Multiplexing
Application PAP Presentation FTP DNS Session Session Manager Transport TCP UDP TP4/AppleTalk Network IP AppleTalk Data Link IEEE802.3 Ethernet Physical CAT/5 cable
Information Network 1 / 2013 9 Demultiplexing
Application PAP Presentation FTP DNS Session Session Manager Transport TCP UDP TP4/AppleTalk Network IP AppleTalk Data Link IEEE802.3 Ethernet Physical CAT/5 cable
Information Network 1 / 2013 10 Encapsulation
Application Presentation Session Transport Network Data Link Physical
Information Network 1 / 2013 11 Pros & Cons
Pro. Con. – Simple – hierarchical implementation – easily understandable can not improve quality and – Separated & parallel its performance. implementations – memory and data – concealment function and managements are difficult independent version up by encapsulation process • flexible length of data is – interconnection between difficult to be handled. different networks
Information Network 1 / 2013 12 Network Layer Gateway
ES (End System) ES (End System) Application Application Presentation Presentation Session Session
Transport Network layer gateway Transport Network IPv4 Network Data Link Data Link Physical Physical
Physical connection Physical connection
Information Network 1 / 2013 13 Application Layer Gateway
ES (End System) Application layer gateway ES (End System) Application SMTP→X400 Application Presentation Presentation Session Session Transport TCP TCP Transport Network IPv4 IPv6 Network Data Link Data Link Physical Physical
Physical connection Physical connection
Information Network 1 / 2013 14 Conclusion
Hierarchical Protocol – Step-by-step solution – Abstraction of service in layer • Physical Layer: bit • Data Link Layer: frame • Network Layer: packet • Transport Layer: connection – Divide interface and implementation – Hierarchical protocol can interconnect between different networks. – More flexible structure, e.g. VPN
Information Network 1 / 2013 15 Additional Materials Overview
Background of hierarchical protocol architecture OSI 7 Layer Reference Model – Early 1980’s – Basic model of communication protocols – Functions in each layer – Interfaces provided by each layer Development of hierarchical protocol – Learn more about social deployment of the computer network protocols
Information Network 1 / 2013 17 Historical Background (1)
1920s~1950s Development of Communication Theory – Two fundamental theories formed base of communication theory. Especially, you should understand Shannon theory. – Harry Nyquist (1924)
• Maximum data rate = 2H log2 V (bits/s) – H: low pass filter bandwidth – V: discrete level of signal – Claude Shannon (1948) • Expand to noisy channel
• Maximum data rate = H log2 (1+S/N) – S/N: signal-to-noise ratio
Information Network 1 / 2013 18
Historical Background (2)
1960’s Mainframe computers (e.g. IBM370…) were widely used, and there was a strong demand to access the computers. – Connection between user terminals and host computer – The major problem was its communication channel implementation for simple character-based information. Independent development between communication service technology (e.g. telephone) and computer communication technology. – transmission and exchange (telegram, telephone) – computer networks “Modem” era – digital information slowly transmitted by analog channel and • 300bit/sec, 1200bit/sec, etc. – how to convert bit sequence into electronic signal – modulation technology (differential Manchester coding etc.)
Information Network 1 / 2013 19
Historical Background (3)
the late 1960s ~ the early 1970s First deployment of data communication services, but only provides primitive services. – X.25 • standardization from IBM HDLC • first step for the computer network
Birth of “LAN” - Metcalfe’s Ethernet – Around 1970. – Ethernet (802.3), Token Ring (802.5) – Dawn of high-speed data communication technology – Completely different technology from the “modem” • In 1200bit/sec era, Ethernet proposed 1Mbps technology.
Information Network 1 / 2013 20
Historical Background (4)
the mid-1970s and the late 1970s Demand for the standard procedure of system interconnections – Various computer networks • Generalized digital leased line as a long-distance communication • Data exchange network:X.25 • LAN System – Customized for vendors, systems and clients • Huge operation cost and development cost • “cost” except application – Emerging large scale online system, e.g. banking systems. – Standardization. Why not!? • Strong fear on the vendor centric architecture in the market. • Fear on “big blue”.
Information Network 1 / 2013 21
Historical Background (5)
the mid-1970s and the late 1970s Complicated development of communication systems – functional separation and packaging • The same as structured programming • Separated development and implementation – Origin of hierarchical protocol • Sync. Link / HDLC / X.25 • Coax / Ethernet / XNS • digital leased line / ARPAnet
Information Network 1 / 2013 22
Historical Background (6)
the late 1970s and the early1980s Beginning of standardization efforts – three streams for standardization • as an international standard : ISO/OSI • as a research achievement : TCP/IP • Industrial standardization IBM/SNA, Digital/DECnet, Xerox/XNS, ….
Information Network 1 / 2013 23 OSI 7 Layer Reference Model
Fundamental model of the hierarchical computer network protocol architecture – 7 Layer Type • Physical / Data Link / Network / Transport / Session / Presentation / Application – established as a ISO/OSI standard • Not limited to communication systems. • Define the concept of the hierarchical protocols. • This model was widely accepted by many people. From the late 1970s to the early 1980s. – This reference model contributed to the clear discussion on details of communication protocols.
Information Network 1 / 2013 24 OSI 7 Layer Reference Model
n-SAP (Service Access Point) Layer n+1 n-PDU (Protocol Data Unit)
Layer n Layer n
Peer entity
Layer n-1 n-PDU = Header + SDU (Service Data Unit)
Information Network 1 / 2013 25 OSI 7 Layer Reference Model
ES (End System) ES (End System) Application NFS Presentation XDR Upper Layer Protocol Session Sun RPC
Transport IS (Intermediate System) TCP Network IP Data Link IEEE802.3 Physical Ethernet Coax
Physical connection Physical connection
Information Network 1 / 2013 26 Physical Layer
Physical Layer (Layer 1) Transmission procedures for “bits” over communication media – procedure of bit transmission between nodes – e.g. • electrical signal level (e.g. 0: < +0.5v, 1 > 3.7v) • procedure of bit transmission (e.g. synchronization, error detection…) Defined and bound with each communication media – Fit to their characteristics and attributions. – Normally, treated as a set of physical and data link layers.
Information Network 1 / 2013 27 Data Link Layer (1)
Data Link Layer (Layer 2) Transmission procedure for data chunk over the communication media. – Working with the physical layer. – “frame”, bit sequence with its structure • data transmission unit – Contention and coordination with multiple nodes in a single communication media. Standard elements – identification in communication media – frame format – access procedure (MAC sub-layer)
Information Network 1 / 2013 28 Data Link Layer (2)
Many standards – Data exchange procedure by digital leads lines (HDLC) – IEEE802.x series (ISO8802) • Ethernet 802.3 • Token Ring 802.5 • WiFi 802.11 – Define as a DLL (e.g. ISDN…) • I.100 series includes call procedure and data frame definitions Each data link layer is normally defined with its specific physical layer. – physical channel and transmission procedure are tightly coupled.
Information Network 1 / 2013 29 Network Layer (1)
Network Layer (Layer 3) Data exchange functions, which is independent from some specific data links. – define communication between ES’s (End Systems) – address assign for nodes – gateway function implement as an IS (Intermediate System) – definition of packet
Information Network 1 / 2013 30 Network Layer (2)
Standard elements – Format of ES and IS addresses / identification. – Packet format – Routing mechanism of packet switching. – Broadcast / multicast / anycast
Information Network 1 / 2013 31 Transport Layer (1)
Transport Layer (Layer 4) Communication between the processes in the network – Multiple processes exist in ES – Process = service provider – fundamental protocol for process – using common transport protocol in network • communication ES uses common transport protocol
Information Network 1 / 2013 32 Transport Layer (2)
Functions of transport layer – provides more usable communication service than a packet switching done in Network layer. – Define End-to-End communications – Error and flow controls using retransmission of packets – error handling is embedded.
Information Network 1 / 2013 33 Upper Layer Protocols
Protocols in session, presentation and application layers are called “Upper Layer Protocol” – Definition for each specific application / service – Implementation of the various requirements by network applications
Information Network 1 / 2013 34 Session Layer
Define unit of communication – Transaction – Session Define process for communication unit – Transaction Logging & Roll-back operation – Session Termination Model definition for fundamental information processing.
Information Network 1 / 2013 35 Presentation Layer
The expression of data – Provides a basis of expression of data properly in different platforms – Decimal number “1” can be encoded in multiple ways. • expression of “1” – How many byte use? » 1, 2, 4, less than 1 byte (6 bits), …. – How to go about byte order? » Little Endian / Big Endian – How to go about bit order before transmission? » MSB first, LSB first
Information Network 1 / 2013 36 Application Layer
Protocols for applications – They do not define the applications – SMTP (simple mail transfer protocol) for E-mail. – However, many E-mail applications are existing. • MTA: sendmail, qmail, postfix, etc…. • MUA: Eudora, Mozilla Thunderbird, MS/Outlook, etc….
Information Network 1 / 2013 37
History of computer network protocol development in 20th century. Development of hierarchical protocol
1980s Industrial “de facto” standards – IBM SNA, DECNET, Xerox XNS – AppleTalk, Novell Netware, NetBIOS OSI – CLNP, TP4, IS-IS, X400, … TCP/IP – RIP, EGP/BGP, OSPF – TELNET, SMTP, DNS, FTP, SNMP, NTP, …. – DARPA adapted TCP/IP as a standard. • ARPAnet, MILnet
Information Network 1 / 2013 39 Development of hierarchical protocol
We knew the market winner of computer communication protocols in 1990’s – “TCP/IP” Mistakes of OSI – Slow standardization(defeat of ISO standardization process)by national delegates. – Complex specifications – Only “7 Layer Reference Model” and X.500 are still widely used. Victory of TCP/IP – Simple, open and fast process of standardization(victory of IETF standardization process) – The United States continued using TCP/IP. – simple specification and implementation oriented
Information Network 1 / 2013 40
Decline of vendor protocol
Once standardized, but losing the game. – DECNET→OSI Protocol – AppleTalk → TCP/IP applications – Netware, NetBios → TCP/IP applications – Xerox XNS: decline and lost
Only IBM / SNA was survived – Large scale general-purpose system known as “legacy system” – Difficult to migrate “mission-critical” system to the other open platform
Information Network 1 / 2013 41 Development of hierarchical protocol
21st century Development of upper layer protocol – session layer – presentation layer “Demise of protocols” – processing platform
layer segmentation and sophistication – MPLS – J2EE, .NET, GRID….
Information Network 1 / 2013 42 Significant technologies
Data Link – Ethernet : LAN technology – HDLC : classical packet switching technology TCP/IP Protocol Suite – TCP/IP protocol is used most in the world. – especially, IP and TCP Network Management Application Technology
Information Network 1 / 2013 43
Hierarchical protocol architecture is flexible
Technical Aspect of Hierarchical Protocol
multiplexing and demultiplexing – under layer is multiplexing upper layer protocols • e.g. Ethernet can use IP and Apple Talk as a upper layer protocol. • receiver divide data for upper protocol
Information Network 1 / 2013 45 Multiplexing
Application PAP Presentation FTP DNS Session Session Manager Transport TCP UDP TP4/AppleTalk Network IP AppleTalk Data Link IEEE802.3 Ethernet Physical CAT/5 cable
Information Network 1 / 2013 46 Demultiplexing
Application PAP Presentation FTP DNS Session Session Manager Transport TCP UDP TP4/AppleTalk Network IP AppleTalk Data Link IEEE802.3 Ethernet Physical CAT/5 cable
Information Network 1 / 2013 47
Technical Aspect of Hierarchical Protocol
encapsulation – Lower-level protocol encapsulates a packet of upper-level protocol – (n-1) PDU = (n-1) header + (n)PDU – stores upper layer packet in a data area
Information Network 1 / 2013 48 Encapsulation
Application Presentation Session Transport Network Data Link Physical
Information Network 1 / 2013 49 Pros & Cons
Pro. Con. – Simple – hierarchical implementation – easily understandable can not improve quality and – Separated & parallel its performance. implementations – memory and data – concealment function and managements are difficult independent version up by encapsulation process • flexible length of data is – interconnection between difficult to be handled. different networks
Information Network 1 / 2013 50 Network Layer Gateway
ES (End System) ES (End System) Application Application Presentation Presentation Session Session
Transport Network layer gateway Transport Network IPv4 Network Data Link Data Link Physical Physical
Physical connection Physical connection
Information Network 1 / 2013 51 Transport Layer Gateway
ES (End System) ES (End System) Application Application Presentation Presentation
Session Transport layer gateway Session Transport 4/6 mapping Transport Network IPv4 IPv6 Network Data Link Data Link Physical Physical
Physical connection Physical connection
Information Network 1 / 2013 52 Application Layer Gateway
ES (End System) Application layer gateway ES (End System) Application SMTP→X400 Application Presentation Presentation Session Session Transport TCP TCP Transport Network IPv4 IPv6 Network Data Link Data Link Physical Physical
Physical connection Physical connection
Information Network 1 / 2013 53 VIRTUAL PRIVATE NETWORK (VPN)
Information Network 1 / 2013 54 VPN
A VPN is a private network that uses a public network (usually the Internet) to connect remote sites or users together using advanced encryption and tunnels to protect: – Confidentiality of information – Integrity of data – Authentication of users The primary benefits include: – Security • Private on public infrastructure: encryption & authentication – Reduced cost • Elimination of expensive dedicated WAN circuits – Scalability • Corporate network availability can be scaled quickly with minimal cost
Information Network 1 / 2013 55 VPN Classification
Remote access VPN – Targeted at mobile users and home telecommutes Site-to-Site VPN – Used to connect remote offices and branch offices to the headquarters internal network over a shared infrastructure
Information Network 1 / 2013 56 VPN Technologies Layer 2 VPNs
Operate at Layer 2 of the OSI reference model Point-to-point connection Common protocols: – Point-to-Point Tunneling Protocol (PPTP) – Layer 2 Tunneling Protocol (L2TP) – Layer 2 Forwarding Connectivity between sites over a virtual circuit – A virtual circuit is a logical end-to-end connection between two endpoints in a network Popular Layer 2 VPNs – ATM – Frame Relay
Information Network 1 / 2013 57 VPN Technologies Layer 3 VPNs
The delivery header of a connection between two sites is at Layer 3 of the OSI model Generic Routing Encapsulation (GRE) Tunnels: RFC 1701 MPLS VPNs (RFC 2547) – Use labels to encapsulate the original data or payload – Key advantage: flexibility to configure arbitrary technologies – Scalability: no point-to-point tunnels IPSec VPNs – IPSec is a suite of protocols developed under the auspices of the IETF to achieve secure services over IP packet-switched networks – Services: authentication, integrity, access control, confidentiality
Information Network 1 / 2013 58 VPN Technologies Transport Layer VPNs (SSL/TLS)
Used to provide security with single HTTP-based applications Secure Socket Layer (SSL) – Developed by Netscape for secure authentication connection between browsers and servers – SSL Version 3, open standard in 1999 and called Transport Layer Security (TLS) Version 1 – Use of certificates is fundamental – Server-only authentication – Server-client authentication – Protocols: • SSL Handshake • SSL Record • SSL Cipher Change • SSL Alert
Information Network 1 / 2013 59 VPN Technologies Application Layer
Provide protection for only a single application Secure Shell (SSH): – Remote login protection S-MIME Pretty Good Privacy (PGP)
Information Network 1 / 2013 60 Encryption & Security Protocol
IPSec (Internet Protocol Security) – Network layer – Protects and authenticates IP packets – Framework of open standard – Provides CIA (Confidentiality, Integrity, and Authentication) – It consists of two sub-layers • Encapsulating Security Payload (ESP): encrypts the packet’s payload with a symmetric key – It provides confidentiality, data integrity, data origin authentication, and anti- reply services • Authentication Header (AH): uses hashing operation to hide packet information – It provides connectionless integrity, data authentication, and replay protection but does not provide confidentiality
Information Network 1 / 2013 61 Encapsulation
First layer: L2TP encapsulation – A PPP frame (an IP datagram) is wrapped with an L2TP header and a UDP header. Second layer: IPsec encapsulation – The resulting L2TP message is then wrapped with an IPsec ESP header and trailer, an IPsec AH, and a final IP header.
Information Network 1 / 2013 62 IPSec (RFC2401) Overview Encryption
A cryptographic algorithm is the mathematical function used for encryption and decryption. Two categories of cryptographic algorithms Symmetric: the same key is used to encrypt and decrypt the message – Problem of key distribution – DES, 3DES, AES Asymmetric: use separate keys one for encryption and another for decryption – The encryption key is called public key and is available for anyone – The decryption key is called private key and should be kept secret – The two keys are mathematically related – Hash: To attest the content of a message and the identity of the sender, a digital signature is created by the message with a private key
Information Network 1 / 2013 63 IPSec (RFC2401) Overview Transport mode
In this mode an IPSec header (AH or ESP) is inserted between the IP header and the upper layer protocol header
Original IP TCP DATA Header
Original IP AH TCP DATA Header Authenticated
Original IP ESP ESP ESP TCP DATA Header Header Header Authentication Authenticated Encripted
Information Network 1 / 2013 64 IPSec (RFC2401) Overview Tunnel mode
The original IP packet is encapsulated in another IP datagram, and an IPSec header (AH or ESP) is inserted between the outer and inner headers,
Original IP TCP DATA Header
Original IP Original IP AH TCP DATA Header Header Authenticated
New IP ESP Original IP ESP ESP TCP DATA Header Header Header Trailer Auth, Authenticated Encripted
Information Network 1 / 2013 65 IPSec (RFC2401) Overview Key Management and Security Association
Diffie-Hellman Key Exchange Security association (SA) – Basic building block of IPSec – Internet Key Exchange (IKE) SA: • Default IPSec method for secure key negociation • Phase 1: mutual authentication of systems, session key establishment • Phase 2: negociation and establishment of IPSec SA
Information Network 1 / 2013 66 Hands-on Exercise Information Network I
April 19, 2012 Hands-on Outline
• Use Wireshark to understand the protocol architecture • Introducing well-known network tools • ifconfig • ping • nslookup A 'Culinary' Hint to Remember the OSI Layers
Away Application DNS, HTTP,SMTP,... Pizza Presentation ASCII, JPEG, ... Such Session SQL, RPC Throw Transport TCP, UDP Not Network IP, ICMP, ARP, PING Do Data Link IEEE 802.2, 802.3, ... Please Physical IEEE 802.5, ... Running VM and Logging in
user: information-network1 pwd: network2013 Wireshark Brief Introduction command menus
Listing of captured packets
Details of selected packet headers
Packet contents in hexadecimal and in ASCII Interconnection Between the Layers • launch Wireshark • go to naist.jp • stop wireshark • details on next pages Perfect Encapsulation Physical Layer
ethernet, IP, TCP, and http are coming! Data Link Network Transport Application TCP/IP 3-ways Handshake Know Your IP address with ifconfig ipconfig -a Check connectivity with ping ping www.google.com Domain name <-> IP address with nslookup
nslookup www.facebook.com