Administrivia Naming Domain Name System _DNS_ Challenges and Concerns

Document Sample
Administrivia Naming Domain Name System _DNS_ Challenges and Concerns Powered By Docstoc
					A-PDF Watermark DEMO: Purchase from to remove the watermark


                                    • Feedback forms today; please remind me 15 mins early
                                                                                             – Please do the online SOOTs on blacboard

                                                                                                                                                                End point admission control paper

                                                                                                                                                                                                                                                                                               ∗ A set of Name to value bindings
                                                                                                                                                                                                                                                                                               ∗ Define membership in a group

                                                                                                                                                                                                                                                                                               ∗ Yellow pages vs. white pages
                                                                                                                                                                                                                                                                                               ∗ What are they used for?
                                                                                                                                                                                                        SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23

                                                                                                                                                                                                                                                                                                                                       SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23
                                                                                                                                                                Weighted Fair Queueing

                                                                                                                                                                                                                                                                                               ∗ Help locate objects
                                                                                                                                                                                                                                                                                             – What do names do?
                                                                                                                                                                Integrated Services

                                                                                                                                                                                                                                                                                             – Directory services
                                                                                                                                                                                                                                                                                               ∗ Identify objects

                                                                                                                                                                                                                                                                                               ∗ Specify a role
                                                                                                                                                                Leaky Bucket
                                                                                                                                             • Last time– QoS

                                                                                                                                                                                                                                                                                • Overview

                 Domain Name System (DNS)                                                                                                                                                                                                                              Challenges and Concerns

                                                                                                                                          User                        1
                                                                                                                        user @

                     Name                                                                                                                  Mail
                                                                                                                                                                                                                                                      • Challenges
                     server                                                                                                              program
                                                                                                                                                                                                                                                        – How to build a directory system for the whole
                                                                                                                                          TCP                                                                                                           – Can you suggest some approaches (dumb or
                                                                                                                                                                                                                                                          ∗ HOSTS.txt – until mid-1980s
                                                                                                                                            IP                                                                                                          – Is there a phone directory for the whole world?

                                                                                                                                                                                                                                                      • Concerns/Requirements
    • Scalable directory services protocol for the
                                                                                                                                                                                                                                                        –   Ease of administration
                                                                                                                                                                                                                                                        –   Availability
    • Berkeley Internet Name Domain (bind) on unix                                                                                                                                                                                                      –   Scalability
      machines                                                                                                                                                                                                                                          –   Security
                                                                                                                                                                                                                                                        –   Extensibility
    • Most common use: directory service to map from
      host name to IP address

     SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                                                                                                                                                    3                                                 SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                                  4
                                      Name Server                                                                                                                                                                                                                           DNS

• Each server maintains a collection of resource records (RR)          • The naming system for the Internet
                                                                         –                                              highly successful
• Each record: (Name, Value, Type, Class, TTL)                           –                                              widely distributed administration
  –   Record indicates binding Name to Value                             –                                              good for long-lived, static information
  –   Type specifies the type of binding                                  –                                              not extensible
  –   Class allows other entities to define types                         –                                              simple API
  –   TTL: how long the record is valid for
                                                                       • Name Servers and Resolvers
                                                                         – Name servers are the directory databases
                                                                         – Resolvers generate the queries that do the lookup (tree walk)

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                        7   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                                                                                                                                                                                                                                                                                                            5

                                                                                                                                                                                                                                                                                                                                                   ux01 ux04
                                                                                                                                                                          • Each zone supported by two or more name

                                                                                                                                                                                                                                                               • Break the domains into zones

                                                                                                                                                                                                                                                                                                • Idea: use a hierarchy of domains; hosts defined
                                                                          SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23

                                                                                                                                                                            servers (why?)

                                                                                                                                                                                                                                                                                                  within a domain
                                                                                                                            – Secondary polls primary for updates

                                                                                                                            – Primary and secondary are exact copies of

                                                                                                                                                                                                                      – Each zone administered independently

                                                                                                                                                                                                                                                                                                                                                                                                          Domain Name System Hierarchy
                                                                                                                              each other

                                                                                                                                                                                                                                                                                                                                                                         princeton … mit
                            Resource Record Types


                                                                                                                                                                                                                                                                                                                                                                         cisco … yahoo nasa … nsf

• A: Value gives the 32-bit IPv4 address
• PTR: value gives hostname for the IP address in the name field

• NS: Value is the name for the host running the name server that
  knows how to resolve names within the specified domain name

                                                                                                                                                                                                                                                                                                                                                                         arpa … navy
• CNAME: provides canonical name for specified host; used for aliases

• MX: value gives the name for the host running mail server that

                                                                                                                                                                                                                                                                                                                                                                         acm … ieee
  accepts messages for the specified domain

• Not easily extensible; everyone must agree on changes


SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                        8
                                       Server Hierarchy                                                                                                                     MX Example

• At the top level is the root domain managed by a set of root name                                                                • When you send mail to
  servers                                                                                                                          • Mail program queries DNS for an MX record for opal
                                                                                                                                   • The following info is returned (I used nslookup, querytype=mx):
  – Give a starting point to the full DNS database
  – Thirteen servers distributed all over the world; why not just two?                                                                             canonical name =
  – Manages top level domains such as .edu, .com, .net and .org                                                                                         preference = 0, mail exchanger =
  – Also manages geographical (country) domains such as .us, .in,                                                                                       internet address =
    and even .jo                                                                                                                                        name
  – US domains are maintained by the Network Information Center
                                                                                                                                   • These correspond to:
                                                                                                                                      –   (,,CNAME,IN)
• Next level is middle-level domains like and
                                                                                                                                      –   (,,MX,IN)                                                                                                                           –   (,,A,IN)
• Where do the root name servers get their information?                                                                               –   (,bingnet1...,NS,IN)

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                                                                                   11   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                                             9

                                      Name Resolution                                                                                              Name Resolution – Server Hierarchy
                                                                                                                   server                                                                        Root
                                                                                           .ed                                                                                                name server
                                                                                rince            .2  33
                                                                          .cs.p              128              3
                                                                     ada                 96.
                                                                  cic                8.1
                                                                             du , 12
                                                                      to n.e
                                                                  nce                     4
                        1                                     pri                                                                                                                Princeton        …            Cisco
                 Local                          Princeton                                                     name server                 name server
              Client                              name                                                              name
                            server,                           server
                             8                                                                            5
                                                                       ad                                                                                             CS                      EE
                                                             cic          a.c
                                                           19 ada.                rin                                                                             name server             name server
                                                             2.1 cs.                  cet
                                                                 2.6 pri                  on
                                                                    9.6 nce                  .ed
                                                                        0       ton              u        6
                                                                                                                     CS            • Each zone managed by its own name server
                                                                                                 7                 server
                                                                                                                                   • Should the name server include the full directory?
• Site-wide cache to speed up resolution of frequently used names
                                                                                                                                   • Server hierarchy provides scalability and distributed management
• gethostbyname() and gethostbyaddr()

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                                                                                   12   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                                            10
                                                                                              Aside: DNS Cache Poisoning                                                                                                                                                                                                                        Caching and Replication

• Spoofing attack (security next time)
                                                                                                                                                                                                                                                                                                                     • 13 root servers (top level servers)
• Mallory (man-in-the-middle) asks its DNS server for the address of                                                                                                                                                                                                                                                                                                          – Recently, there was a denial of service attack on those
• DNS server recursively sends the request to                                                                                                                                                                                                                                                          – What would happen if the attack was successful?

• Before it can answer, Mallory spoofs the answer telling the DNS                                                                                                                                                                                                                                                    • Caching: to reduce DNS traffic, each resolution is cached locally
  server that is his own machine
                                                                                                                                                                                                                                                                                                                       – Recommended TTL for hosts is 2 days
• Users now connect to Mallory instead of and volunteer
                                                                                                                                                                                                                                                                                                                       – Record specifies TTL field (can set it to 0 if no caching is desired)
  their passwords
• Solution: authenticate DNS replies/updates

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                                                                                                                                                                                                                                                                15        SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                              13
                                                                                                    • Core operation in p2p applications: finding data

                                                                                                                                                                                                          • Peer-to-peer applications can provide

                                                                                                                                                                                                                                                    • Chord: general lookup service for peer-to-peer
   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23

                                                 – Why not use DNS?
                                                 – Given a key, find the value corresponding to it


                                                                                                                                                        – Permenance (your stuff available when you are
                                                                                                                                                        – redundant storage
                                                                                                                                                          hierarchical naming

                                                                                                                                                                                                                                                                                                                                              Who are you – reverse DNS

                                                                                                                                                                                                                                                                                                                     • the domain provides reverse mapping
                                                                                                                                                                                                                                                                                                       Chord Paper

                                                                                                                                                                                                                                                                                                                     • Used by servers to figure out who is connecting to them

                                                                                                                                                                                                                                                                                                                     • Records of type PTR

                                                                                                                                                                                                                                                                                                                     • nslookup with querytype=ptr on

                                                                                                                                                                                                                                                                                                                             name =
                                                                                                                                                                                                                                                                                                                                 nameserver =

                                                                                                                                                                                                                                                                                                                     • Dynamic DNS

                                                                                                                                                                                                                                                                                                                     SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                              14
                                Aside: SETI@home                                                            Why not DNS

• Largest and best known peer-to-peer computing project               • Presumes structure: permenant nodes in a hierarchy, root servers,
• SETI: Search for Extraterrestrial Intelligence
                                                                      • Requires manual management of routing information (NS records)
  – Gobs of data from radio telescopes need to be analyzed
                                                                      • Requires naming structure (nodes in .edu zones have to end with
  – No one will fund them, cant buy computing resources
• Big success:
                                                                      • Updates difficult, dynamic DNS here but optional and not everywhere
  – Around 4 mil. clients downloaded                                  • For P2P:
  – Total CPU time: 1246848 years! 54.8 TFLOPS
  – ASCI RED (biggest supercomputing cluster) is 12 TFLOPS with         – Hosts can come and go
    cost $100 million                                                   – No host hierarchy
  – Get your own copy:              – No naming structure

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                      19   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                            17

                  Searching in Peer-2-Peer Networks                                       Some Peer to Peer Applications

• What possible ways are there to organize a P2P network?             • Cooperative Mirroring: content providers cache each other’s data –
                                                                        provide load balancing (plan for average rather than peak)
  – Napster – centralized index
  – Gnutella – flood the “overlay network”, get responses              • Time-shared storage: if intermittently connected, someone else can
                                                                        make your “stuff” available. When you are connected, you make
• Neither is scalable, especially given the resolution and update       theirs available in return
                                                                      • Distributed index:             finding data based on keyword input as in
• How do we carry out such generalized resolution in such a dynamic     Napster/Gnutella
                                                                      • Embarrasingly parallel applications (e.g., breaking code, SETI@home)

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                      20   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                            18
    Classifying Peer to Peer Networks                          Searching in Decentralized
                                                               Unstructured P2P Networks

• Structured vs. Unstructured                        • Example: (the old) Gnutella
  – Unstructured: data can be stored anywhere
  – Structured: data has to be stored at a specific   • Basically, we have no idea where the data is;
    place (e.g., according to a hash function)         devolves to random search
  – Terms of Data and Network Structure
  – What is the tradeoff?                            • Some approaches (assume existence of overlay
                                                       network connecting nodes)
• Centralized vs. Decentralized                        – Flood
                                                       – Expanding Ring
  – Centralized support or no centralized support
                                                       – Random Walkers
  – For indexing and for joining/leaving
                                                       – Keep score of replies you receive from
                                                         neighbors – use highest scores on similar
                                                       – Local indices
                                                       – Replication of popular search items
                                                       – ...

                                                     • What if centralized unstructured?

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23     21   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23   22

                      Structured P2P                                       Chord Protocol

• Enforce a structure on the network, Typically
  using Distributed Hash Tables (DHT)

• A DHT is a hash table where each node is
  responsible for a portion of the hash space
  – A data item is placed at the node responsible
    for the hash value for its search key
    ∗ Search key is predetermined – cannot do
       general searches
                                                     • Key idea:
  – Finding a data item is quick – we know where
    its stored!                                        – Arrange the nodes in a logical circle, where
    ∗ But how do we know the responsible node?           every node knows its successor node
    ∗ What happens as nodes join and leave?              ∗ Pass the request along the circle until
                                                           someone replies
                                                         ∗ Very slow: O(N) messages needed, sequental

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23     23   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23   24
                                                                               SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23

                                                                                                                             – Joins/Stabilization in the background to keep

                                                                                                                             – Keep track of your power-of-2 successors in a

                                                                                                                             – Use consistent hashing to map the key to a node
                                                                                                                               ∗ log N entries per node; O(Log N) messages

                                                                                                                               ∗ Each node is responsible for the keys that hash
                                                                                                                               pointers current

                                                                                                                               routing table

                                                                                                                                                                                   Main Improvement – Use Routing
                    Other Ideas and Open Problems

                                                                                                                                 needed to resolve

                                                                                                                                 to the range [predecessor,id)
• Other Structured Organizations have been studied
  – DHT based: CAN (Hypercube), Tapestry (Plaxon Tree), Debruijn

    Network, XOR Network, ...
  – Skip Lists
  – SIGCOMM 2003 paper argues that ring is best from a robustness

• Loosely structured (super-peers that are structured)?

• Incentives for participation?

• Freenet, BT...

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                            27

             Internet Indirection Infrastructure Paper                                                                                                       Discussion

• Contribution: a generic indirection overlay architecture                  • Structured vs. unstructured
  –   Decouples sending from receiving
                                                                            • Hash is random, neighbors may be very far from each other
  –   Receivers install triggers for addresses they want to receive from
  –   Senders send to an address
  –   Packet is forwarded to all triggers associated with the address       • What about restricting where the data goes (e.g., for security
• Paper shows how such an architecture can be used for mobility,
  multicast, anycast and service composition

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                            28   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                                                                                  26
          Supporting Mobility Multicast and Anycast                                                                I3 – API

                                                                     • Rendevous based communication model
                                                                       1. sendPacket(p)
                                                                       2. insertTrigger(t)
                                                                       3. removeTrigger(t)

                                                                     • How is it implemented?

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                     31   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23              29

                                 Key Generalization                                                         Match Rules

• Stackable Identiers                                                • Packet represented as pair (id, data)
                                                                       – an id-list generalization discussed later
• Packet p = (idstack , data)
  – Sends a packet to a series of identifiers                         • Assume identifier is m-bits long
  – Similar to source routing
                                                                     • exact match threshold is k, k < m
• Trigger t = (id, idstack )
                                                                     • A packet id matches a trigger id (idt) if
  – Sends packet to another identifier instead of just address
                                                                       – id and idt have a prefix match of at least k bits
• Their examples are a little confusing                                – There is no trigger with a longer prefix match

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                     32   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23              30
                                    Implementation                               Supporting Service Composition – Heterogeneous
                                                                                                Multicast Example

• Need a robust, stable, scalable and efficient overlay network

• They implement on top of Chord
  – Lookup key hashes to a unique “server” that acts as the rendevous
  – Look up and execute the trigger at the server

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                              35   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23           33

                                    Security Issues                               Chains of Triggers Example – Hierarchical MCast

• Eavesdropping: Can subscribe to somebody else’s trigger
  – Use private triggers; low probability of intercept – have to guess
    the trigger
    ∗ Is this really true? What if we figure out where the packets are
  – Change these triggers periodically
  – Use multiple trigger servers, and send to them randomly
• Trigger hijacking; install your own trigger to replace a valid one (e.g.,
  replace the public trigger for a host so you get all its traffic)
• DoS attacks

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                              36   SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23           34
                                Performance Issues

• They use simulation to study performance penalties and issues

• Problem, Chord performance may be bad for the initial lookup; even
  though O(log(N)) lookups only, the location of the servers can be all
  over the place
  – They cache multiple successors for each next hop and choose the
    one that is closest in network distance

• Overall, “latency stretch” relative to native IP can be lowered to 1.5–2
  (90th percentile) A-to-S-to-R

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                             37


• What lessons can we learn from this paper?

• Fundamentally, what is it that is being proposed?

• How does it relate to other works we saw? Mobility, Multicast ...

• How will this perform?

• On the face of it, it seems that major “triangulation problems” can

• Can anything be done to help?

SUNY-B INGHAMTON – CS528 FALL ’05 L EC. #23                             38

Shared By: