Breaking the Kubernetes Kill Chain: Host Path Mount
Chapter - 1 Introduction to networking (3).ppt
1. Jimma University
Jimma Institute of Technology-JiT
Faculty of Electrical and Computer Engineering
MSc in Computer Engineering
Advanced Computer Networks
Henock Mulugeta (PhD)
(AAU, AAiT)
1
3. 3
Networking fundamentals
Outline
Protocol layers, service models
what’s the Internet?
TCP Vs UDP Communication
network edge; hosts, access net
network core: packet/circuit switching
Mobile and ubiquitous computing
Trends in Computing Technology
Computing: Trend, evolution
4. Introduction
Internet and WWW have emerged as global
ubiquitous media for communication and are
changing the way we conduct science, engineering,
and commerce
They are also changing the way we learn, live, enjoy,
communicate, interact, engage, etc.
It appears like the modern life activities are getting
completely centered around the Internet
4
6. 6
Protocol “Layers”
Networks are complex!
many “pieces”:
hosts
routers
links of various
media
applications
protocols
hardware, software
Question:
Is there any way of organizing
structure of network?
Network architectures consist
of layers.
A protocol is defined
between two entities of the
same layer.
The ISO Reference Model has
seven layers.
The Internet (TCP/IP) has
five layers.
7. 7
ISO/OSI reference model
presentation: allow applications to
interpret meaning of data, e.g.,
encryption, compression, machine-
specific conventions
session: synchronization,
checkpointing, recovery of data
exchange
Internet stack “missing” these layers!
these services, if needed, must be
implemented in application
application
presentation
session
transport
network
link
physical
8. 8
Internet Protocol Stack
Application: supporting network
applications and end-user services
FTP, SMTP, HTTP, DNS
Transport: end to end data transfer
TCP, UDP
Network: routing of datagrams from
source to destination
IPv4, IPv6, routing protocols
Data Link: hop by hop frames, channel
access, flow/error control
PPP, Ethernet, IEEE 802.11b
Physical: raw transmission of bits
Application
Transport
Network
Data Link
Physical
001101011...
10. 10
What’s the Internet?
millions of connected
computing devices:
hosts = end systems
running network
apps Home network
Institutional network
Mobile network
Global ISP
Regional ISP
router
PC
server
wireless
laptop
cellular
handheld
wired
links
access
points
communication links
fiber, copper,
radio, satellite
transmission rate
= bandwidth
routers: forward
packets (chunks of
data)
11. 11
What’s the Internet?...
protocols control sending,
receiving of msgs
e.g., TCP, IP, HTTP, Ethernet
Internet: “network of
networks”
public Internet versus private
intranet
Internet standards
RFC: Request for comments
IETF: Internet Engineering
Task Force
IEEE
Home network
Institutional network
Mobile network
Global ISP
Regional ISP
12. 12
What’s the Internet: a service view
communication infrastructure
enables distributed
applications:
Web, VoIP, email, games,
e-commerce, file sharing
communication services
provided to apps:
reliable data delivery from
source to destination
“best effort” (unreliable)
data delivery
13. 13
A closer look at network structure:
network edge:
applications and hosts
access networks,
physical media:
wired, wireless
communication links
network core:
interconnected
routers
network of networks
14. 14
The network edge
end systems (hosts):
run application programs
e.g. Web, email
at “edge of network”
client/server
peer-peer
client/server model
client host requests, receives
service from always-on server
e.g. Web browser-client;
Web server
peer-peer model:
minimal (or no) use of
dedicated servers
e.g. Skype, BitTorrent
15. • Two-tier model (classic)
• Three-tier (when the server, becomes a client)
• Multi-tier (cascade model)
Client-Server Architecture Types
(Tier arch compliments layer architecture)
client server
client Server/client server
client Server/client
server
Server/client
server
15
16. Client-Server Basic Model:
Clients invoke individual servers
• Example:
• Querying a web server, which could then query a mysql or oracle
database before returning the content of a page
• Web server is a client of the database server
– Browser search engine -> crawlers other web servers.
Server
Client
Client
invocation
result
Server
invocation
result
Process:
Key:
Computer:
16
Web server
Oracle DB
17. A service provided by multiple servers
• Services may be implemented as several server processes in
separate host computers.
• Example: Cluster based Web servers and apps such as Google,
parallel databases Oracle
Server
Server
Server
Service
Client
Client
17
18. A service provided by multiple
servers…
• This topology is extremely common.
• A web site like Google serves approximately 100M
searches a day.
• It is obviously simply not feasible to serve them from a
single server.
• Google uses clusters containing 10’s of thousands of
machines offering equivalent services, and you are
redirected (via DNS and other means) to one of them.
• Similar techniques can be used for Oracle databases,
that are replicated over many servers to offer
redundancy and performance.
18
19. Proxy servers (replication transparency) and
caches: Web proxy server
• A cache is a store of recently used data.
Client
Proxy
Web
server
Web
server
server
Client
19
20. 20
Web caches (proxy server)
• user sets browser: Web
accesses via cache
• browser sends all HTTP
requests to cache
– object in cache: cache
returns object
– else cache requests object
from origin server, then
returns object to client
Goal: satisfy client request without involving origin server
client
Proxy
server
client
origin
server
origin
server
21. 21
Web caches (proxy server)…
• cache acts as both client and server
• typically cache is installed by ISP (university, company,
residential ISP)
Why Web caching?
• reduce response time for client request
• reduce traffic on an institution’s access link.
• Reduce costs to use access link.
22. 22
Caching scenario
Assumptions
• average object size = 1Mb
• average request rate from
institution’s browsers to origin
servers = 15/sec
• delay from the router on the
Internet side of the access link to
any origin server and back is = 2
sec (Internet delay)
Consequences
• total delay = Internet delay + access
delay + LAN delay
= 2 sec + >20 sec+ milliseconds
origin
servers
public
Internet
institutional
network
100 Mbps LAN
1.5 Mbps
access link
23. 23
Caching scenario…
possible solution (expensive)
• increase bandwidth of access link
to, say, 10 Mbps
Consequence
• Total delay = Internet delay + access
delay + LAN delay
= 2 sec + 2 sec + msecs
• often a costly upgrade
origin
servers
public
Internet
institutional
network
100 Mbps LAN
10 Mbps
access link
24. 24
Caching scenario…
possible solution: install cache
• suppose hit rate is 0.5 (up to 0.7)
consequence
• 50% requests satisfied almost
immediately
• 50% requests satisfied by origin
server
• utilization of access link reduced to
50%, resulting in lower delay rate
• Cashes may not have up to date
version of the resource!
origin
servers
public
Internet
institutional
network
100 Mbps LAN
1.5 Mbps
access link
institutional
cache
25. 25
Conditional GET
• Goal: don’t send object if cache
has up-to-date cached version
• cache: specify date of cached
copy in HTTP request
If-modified-since: <date>
• server: response contains no
object if cached copy is up-to-date:
HTTP/1.0 304 Not Modified
cache server
HTTP request msg
If-modified-since:
<date>
HTTP response
HTTP/1.0
304 Not Modified
object
not
modified
HTTP request msg
If-modified-since:
<date>
HTTP response
HTTP/1.0 200 OK
<data>
object
modified
26. Variants of Client Sever Model: Mobile code
and Web applets
• Applets downloaded to clients give good interactive response
• Mobile codes such as Applets are potential security threat, so
the browser gives applets limited access to local resources
(e.g. NO access to local/user file system).
a) client request results in the downloading of applet code
Web
server
Client
Web
server
Applet
Applet code
Client
b) client interacts with the applet
26
27. Variants of Client Sever Model:
Mobile Agents
• A running program (code and data) that travels from one
computer to another in a network carrying out an
autonomous task, usually on behalf of some other
process
– advantages: flexibility, savings in communications cost
• Potential security threat to the resources in computers they
visit. The environment receiving agent should decide which of
the local resource to allow. (e.g., crawlers and web servers).
• Agents themselves can be vulnerable – they may not be able
to complete task if they are refused access.
• Example technology:
– Java Agent Development Framework (JADE)
27
28. Thin clients and compute servers
• Network computer: download OS and applications from
the network and run on a desktop (solve up-gradation
problem) at runtime.
• Thin clients: Windows-based UI on the user machine and
application execution on a remote computer. E.g, X-11
system.
Thin
Client
Application
Process
Network computer or PC
Compute server
network
28
29. Thin clients and compute servers…
• Network computer: Citrix Application Server does this,
loading applications over network as needed to run on
local desktop.
• Thin clients: X11 (Unix), RDC/Terminal Services
(Windows), VNC (Unix/Windows) “Presentation
Server” approach Sends raster of desktop image,
– user clicks and keyboard entries are sent to remote server.
• Centralized infrastructure is easy to maintain and
secure(eg keep antivirus and patches up to date
centrally)!
29
30. Peer Processes: A distributed application
based on peer processes
• All of the processes play similar roles, interacting cooperatively as peers to
perform distributed activities or computations without distinction between
clients and servers. E.g., music sharing systems Napster, Gnutella, Kaza,
BitTorrent.
• Distributed “white board” – users on several computers to view and
Application
Application
Application
Peer 1
Peer 2
Peer 3
Peers 5 .... N
Sharable
objects
Application
Peer 4
30
31. 31
Network edge: connection-oriented service
Goal: data transfer
between end systems
handshaking: setup
(prepare for) data
transfer ahead of time
3-phase for conn. est.
4-phase for connection
termination
TCP - Transmission
Control Protocol
Internet’s connection-
oriented service
TCP service [RFC 793]
reliable, in-order byte-
stream data transfer
loss: acknowledgements and
retransmissions
flow control:
sender won’t overwhelm
receiver
congestion control:
senders “slow down sending
rate” when network
congested
32. 32
Network edge: connectionless service
Goal: data transfer
between end systems
same as before!
UDP - User Datagram
Protocol [RFC 768]:
Internet’s connectionless
service
unreliable data
transfer
no flow control
no congestion control
App’s using TCP:
HTTP (Web), FTP (file
transfer), Telnet (remote
login), SMTP (email)
App’s using UDP:
streaming media,
teleconferencing, DNS,
Internet telephony
33. 33
Access networks
Q: How to connect end
systems to edge router?
residential access nets
institutional access
networks (school,
company)
mobile access networks
Issues
bandwidth (bits per
second) of access
network?
shared or dedicated?
34. 34
Residential access: point to point access
Dialup via modem
up to 56Kbps direct access to
router
Can’t surf data and voice at
same time: can’t be “always
on”
DSL: digital subscriber line modem (High speed network)
deployment: telephone company (typically)
up to 1 Mbps upstream
up to 20 Mbps downstream
dedicated physical line to ISP
simultaneously pass voice and data over a single telephone
line.
35. 35
Company access: local area networks
company/univ local area
network (LAN) connects end
system to edge router
Ethernet:
10 Mbs, 100Mbps, 1Gbps,
10Gbps Ethernet
modern configuration:
end systems connect into
Ethernet switch
36. 36
Wireless access networks
shared wireless access network
connects end system to router
via base station “access point”
wireless LANs:
802.11b/g (WiFi): 11 or 54 Mbps
wider-area wireless access
provided by telcom operator
~1Mbps over cellular system
(EVDO, CDMA)
WiMAX (10’s Mbps) over wide area
(Wireless Sensor Networks)
base
station
mobile
hosts
router
37. 37
Local Area Networks
Typical LAN components:
DSL or cable modem
router/firewall
Ethernet
wireless access
point
wireless
access
point
wireless
laptops
router/
firewall
cable
modem
to/from
cable
headend
Ethernet
38. 38
Physical Media
Bit: propagates between
transmitter/rcvr pairs
physical link: what lies
between transmitter &
receiver
guided media:
signals propagate in solid
media: copper, fiber, coax
unguided media:
signals propagate freely, e.g.,
radio, micro wave…
Twisted Pair (TP)
two insulated copper
wires
Category 3: traditional
phone wires, 10 Mbps
Ethernet
Category 5 TP: 100Mbps
Ethernet
39. 39
Physical Media: coax, fiber
Coaxial cable:
two concentric copper
conductors
bidirectional
baseband:
single channel on cable
legacy Ethernet
broadband:
multiple channel on cable
HFC
Fiber optic cable:
glass fiber carrying light
pulses, each pulse a bit
high-speed operation:
high-speed point-to-point
transmission (e.g., 5 Gbps)
low error rate: repeaters
spaced far apart ; resistant
to electromagnetic noise
40. 40
Physical media: radio
signal carried in
electromagnetic spectrum
no physical “wire”
bidirectional
propagation environment
effects:
reflection
obstruction by objects
interference
Radio link types:
terrestrial microwave
e.g. up to 45 Mbps channels
LAN (e.g., WaveLAN)
2Mbps, 11Mbps
wide-area (e.g., cellular)
e.g. 3G: hundreds of kbps
satellite
up to 50Mbps channel (or
multiple smaller channels)
270 msec end-end delay
geosynchronous versus LEOS
41. 41
The Network Core
mesh of interconnected
routers
the fundamental question:
how is data transferred
through net?
circuit switching:
dedicated circuit per
call: telephone net
packet-switching: data
sent thru net in discrete
forms
42. 42
Network Core: Circuit Switching
A ''dedicated'' circuit is
set up for each
connection.
The communicating
parties use this fixed
circuit during the
conversation.
Once the
communication finish,
the circuit can be
released for other uses.
43. 43
Network Core: Circuit Switching…
network resources (e.g., bandwidth)
divided into “pieces”
pieces allocated to calls
resource piece idle if not used by owning call (no
sharing)
dividing link bandwidth into “pieces”
frequency division
time division
45. 45
Network Core: Circuit Switching…
Advantage
Fixed bandwidth,
guaranteed capacity (no
congestion)
Low variants in end-to-
end delay (delay is
almost constant)
Disadvantages:
Connection set-up and
termination introduces
extra overhead (thus
initial delay)
User pay for circuit, even
when not sending data
Other users can't use the
circuit even if it is free of traffic
• statistics show that during a
typical phone conversation:-
- 64-73% of the time one
speaker talking
- 3-7% of the time both
spearkers talking,
- 20-33% of the time both
speakers silent.
Example: Ordinary voice phone
service
46. 46
Network Core: Packet Switching
each end-end data stream
divided into packets
user A, B packets share
network resources
each packet uses full link
bandwidth
resources used as needed
resource contention:
aggregate resource
demand can exceed
amount available
congestion: packets
queue, wait for link use
store and forward:
packets move one hop
at a time
Node receives complete
packet before forwarding
Bandwidth division into “pieces”
Dedicated allocation
Resource reservation
47. 47
Packet Switching: Statistical Multiplexing
Sequence of A & B packets does not have fixed pattern,
bandwidth shared on demand statistical multiplexing.
TDM: each host gets same slot in revolving TDM frame.
A
B
C
100 Mb/s
Ethernet
1.5 Mb/s
D E
statistical multiplexing
queue of packets
waiting for output
link
48. 48
Packet-switching: store-and-forward
takes L/R seconds to
transmit (push out)
packet of L bits on to
link at R bps
store and forward: entire
packet must arrive at
router before it can be
transmitted on next link
Example:
L = 7.5 Mbits
R = 1.5 Mbps
transmission delay = 15
sec
R R R
L
49. 49
Packet switching
Advantage
Packet Switching is more efficient and robust for data
that can withstand delays in transmission.
example:- e-mail messages and Web pages.
great for bursty data
resource sharing
simpler, no call setup
Disadvantage
excessive congestion: packet delay and loss
protocols needed for reliable data transfer,
congestion control
50. 50
Mobile and Ubiquitous Computing
Mobile Computing
• People traveling with their computers while
staying connected to other computers or the
Internet.
Ubiquitous Computing
• Weiser’s idea of one person, many
computers as opposed to the mainframe
technology.
•(also known as “pervasive computing”)
51. The Trends in Computing Technology
● Mainframe computing (60’s-70’s)
– massive computers to execute big
data processing applications
– very few computers in the world
● Desktop computing (80’s-90’s)
– one computer at every desk to help in
business related activities
– computers connected in intranets to a
massive global network (internet), all
wired
● Ubiquitous computing (00’s?)
– tens/hundreds of computing devices
in every room/person,
- becoming “invisible” and part of the
environment 51
52. Computing: Trend
Size
Number
One Computer for Many
People
(Mainframe Computing)
One Computer for
One Person
(PC Computing)
Many Computers for
One Person
(Ubiquitous/Pervasive
Computing)
56. What is Ubiquitous Computing
(ubicomp)?
Ubicomp is a post-desktop model of human computer
interaction in which information processing has been
thoroughly integrated into everyday objects and activities.
Integrate computers seamlessly into the world
– invisible, everywhere computing.
– Often called pervasive/invisible computing.
Ubicomp is about making computers invisible.
56
57. Mobile Computing vs. Ubiquitous Computing
● Mobile computing:
– Abe owns Mobile phone with web access, voice and short
messaging.
- Remains connected while he drives from Piasa to Bole.
● Ubiquitous computing:
– Abe is leaving home to go and meet his friends.
- While passing the fridge, the fridge sends a message to his
shoe that milk is almost finished.
– When Abe is passing grocery store, shoe sends message to
glasses which displays BUY milk message.
– Abe buys milk, goes home.
57
58. 58
Wireless Technologies
• Wireless communication technologies provide powerful
building blocks for next-generation applications
– WPAN (RFID, IRDA, Bluetooth, NFC)
– WLAN (IEEE 802.11 “Wi-Fi”) hot-spots for broadband access
• Smart phones, PDAs, and laptops with integrated WLANs
– Broadband Wireless access technology- WMAN
• IEEE 802.16 10-30 Km 40 Mbps WiMax
– Wide area wireless data also growing
• GSM, GPRS, CDMA2000 1xEV-DO (2.4 Mbps data optimized)
• Networking of ubiquitous and embedded devices
– Smart spaces, sensor networks (IEEE 802.15.4a- ZigBee)
– Context-aware mobile data services
– Wireless sensor networks for monitoring and control
– VOIP for integrated voice services over wireless data networks
– MANET, VANET,…