DCN : Section 7

1CMM 1312 Data Communications and Networking

DCN : Section 7

Internet Technology


Learning Objectives

Introduction to Internet and classful IP addressing Internet and Intranet; Understand of subnet and subnet mask; Understand the relationship between domain name

and DNS; Introduction to the components of Intranet; such as

web servers, routers and proxy service; Familiar with with TCP/IP protocol suite; Introduction to security issues, such as cryptography,

PKI and CA, etc.


Internet (1)

The Internet is A network of networks. Connecting networks from homes, schools, and

businesses worldwide. A decentralized, global collection of networks usin

g TCP/IP suite protocols for communication. The Internet (capital I) refers to a specific WAN made

up of many interconnected networks around the globe, including servers and routers.


Internet (2)

The Internet provides the following: A global collection of text files, multimedia

files, etc. A collection of network services interconnected

by a system of hypertext documents. Web browsers to access WWW

Hypertext documents formatted in HTML supported by Internet WWW servers.


Internet (3)


Internet Addressing


Internet Scaling Problems (1)

IP version 4 (IPv4) addressing mechanism for addressing packets and directing information on a network.

The current IPv4 defines 2^32 (4,294,967,296) addresses available.

IP addressing shortage has caused the following: Continuing depletion of IP v4 address space; Difficulty in routing traffic between more

networks on the Internet Super Highway.


Internet Scaling Problems (2)

The address shortage problem is aggravated by the fact that portions of the IP addresses have not been efficiently allocated due to the significant amount of organizations have their own IP addresses.

Also, the traditional model of classful addressing does not allow the address space to be used to its maximum potential.

The long term solution to these problems can be deployed IPv6.


Classful IP Addressing (1)

A unique IP address for each network The 32 bits are divided into network number and host

number. Two-level Address Structure

The network number (also called network-prefix) identifies the network on which the host resides.

The host number identifies the particular host on the given network.



All hosts on a given network share the same network number, but have a unique host number.

Any two hosts on different networks may possess different network number, but may have the same host number.



Developed to support different size of networks. It is decided that the IP address space should be divided into classes.

Addressing scheme of each class specifies a boundary between the network number and the host number at a different point within the 32-bit address.

Connecting the private network to the Internet, however, requires using a registered IP address to avoid duplicates.



To prevent duplication, an organisation called Internet Information Center (InterNIC) assigns Internet addresses to organizations and individuals that requires an Internet site.

IP address space was divided primarily into Class A: for network with more than 216 hosts Class B: for network with between 28 and 216 h

osts Class C: for network with fewer than 28 hosts



The host calculation requires that 2 is subtracted because of the all 0s (“this network”) and all 1s (“broadcast”) host numbers cannot be assigned to individual hosts.


Class A Networks (/8 Prefixes)

Each Class A (/8) network address has a 8-bit network -prefix with the highest order bit is set to zero and a 7-bit network number, followed by 24-bit host number.

A maximum of 126 (2^7-2) /8 networks can be defined.

The calculation requires that the 2 is subtracted because the /8 network 0.0.0.0 is reserved for use as the default route and /8 network 127.0.0.0 (also written 127.0.0.0/8) has been reserved.


Class A Networks (/8 Prefixes)

Each /8 supports a maximum of 16,777,214 (2^24-2) hosts per network.

Since the /8 address block contains 2^31 (2,147,483,648) individual addresses and the IPv4 address space a max of 2^32 (4,294,967,296) addresses, the /8 address space is 50% of the total address space.


Class B Networks (/16 Prefixes)

Each Class B (/16) network address has a 16-bit network-prefix, with the two highest order bits set to 1-0, and a 14-bit network number, followed by a 16-bit host number.

A maximum of 16,384 (2^14) /16 networks can be defined with up to 65,534 (2^16-2) hosts per network.

Since the entire /16 address block containing 2^30 (1,073,741,824) addresses, it represents 25% of the total IPv4 address space.


Class C Networks (/24 Prefixes)

Each Class C (/24) network address has a 24-bit network-prefix, with the three highest order bits set to 1-1-0, and a 21-bit network number, followed by a 8-bit host number.

A maximum of 2,097,152 (2^21) /24 networks can be defined with up to 254 (2^8-2) hosts per network.

Since the entire /24 address block containing 2^29 (536,870,912) addresses, it represents 12.5% of the total IPv4 address space.


Other Classes

There are two additional classes – Class D and E. Class D addresses have their leading four bits set

to 1-1-1-0. It is used to Support IP multicasting. Class E addresses have their leading four bits set

to 1-1-1-1. It is used for research and experimental purposes


Dotted Decimal Notation (1)

To make Internet address easier for human users to read and write, it can be expressed as 4 decimal numbers, each separated by a dot. This is called dotted decimal notation.

It divides the 32-bit Internet address into four 8-bit (byte) fields and specifies the value of each field.


Dotted Decimal Notation (2)

/8 (A) – 1.xxx.xxx.xxx through 126.xxx.xxx.xxx /16 (B) – 128.0.xxx.xxx through 191.255.xxx.xxx /24(C) – 192.0.0.xxx through 223.255.255.xxx xxx represents the host number field, which is assigned b

y the local network administrator. Note that: 127.xxx.xxx.xxx has been reserved for looping t

est purpose.


Problems of two-level

classical hierarchy (1) The present two-level classical hierarchy faces the problem of

Global routing tables were beginning to grow very fast. Local administrators had to request another network before

a new network could be installed at their own site. Subnetting, which supports three-level hierarchy, was introduc

ed. It increases addressing capacity. It divides private network into smaller components, called s

ubnets.


Problems of two-level classical hierarchy (2)


Subnets (1)

Based on a three-level hierarchy: a network number, a subnet number, and a host number created from the bits allocated for your host number.

Subnetting attacked the expanding routing table problem by ensuring that the subnet structure is NEVER visible outside of the organization’s private network. (ie Subnet number of a network is not advertised to external networks).


Subnets (2)

It routes from a public network to any subnet of an IP address is the same, regardless of the subnet on which the destination host resides.

It is used the same network number but different subnet numbers.

Routers in private network must differentiate between each subnet.

All of the subnets in the organisation are collected into a single routing table entry.


Subnets (3)

Router is set to accept all traffic from the Internet to your designated IP address (for example, 132.132.0.0).

Traffic is received and forwarded to the interior subnets you have set up (for example, 132.132.32.0, 132.132.64.0, 132.132.96.0, 132.132.128.0 and ...., which are using 3-bit in the third octet of the IP as subnets).


Subnets (4)

Internet routers use only the network-prefix of the destination address for routing traffic to a subnet configuration.

Routers use the extended network-prefix to route traffic between subnets.

Extended network prefix consists of the class network prefix and the subnet number.

Extended network prefix is identified by a subnet mask.


Using Subnet Masks (1)

If you are given a network address: 132.132.0.0/16, the default subnet mask for /16 (class B) is to be 255.255.0.0.

The host ID can be ranged from 132.132.0.1 to 132.132.255.254.

A total of 2^16-2 (65534) hosts can be placed to this network.

( network-prefix) ( host )

132.132.0.0/16 =10000100.10000100. 00000000. 00000000

subnet mask =10000100.10000100. 00000000. 00000000



You are also given a network address: 132.132.0.0/16 and want to use the first 3 bits of third octet to represent the subnet number.

Since 8=23, three bits are required to achieve eight subnets.

This network is subnetting a /16 so it will need three more bits, or /19, as the extended network-prefix.

A 19-bit extended network-prefix can be expressed in 255.255.224.0.



The eight subnet numbers are given below. The 19-bit extended network-prefix has been shown italics.

subnet #0 = 10000100.10000100. 00000000. 00000000

= 132.132.0.0/19

subnet #1 =10000100.10000100. 00100000. 00000000

= 132.132.32.0/19

subnet #2 =10000100.10000100. 01000000. 00000000

= 132.132.64.0/19

subnet #3 =10000100.10000100. 01100000. 00000000

= 132.132.96.0/19

subnet #4= 10000100.10000100. 10000000. 00000000

subnet #5= 10000100.10000100. 10100000. 00000000

subnet #6= 10000100.10000100. 11000000. 00000000

subnet #7= 10000100.10000100. 11100000. 00000000



subnet #4 =10000100.10000100. 10000000. 00000000

= 132.132.128.0/19

subnet #5 =10000100.10000100. 10100000. 00000000

= 132.132.160.0/19

subnet #6 =10000100.10000100. 11000000. 00000000

= 132.132.192.0/19

subnet #7= 10000100.10000100. 11100000. 00000000

= 132.132.224.0/19



An easy way to check if the subnets are correct is to ensure they are multiples of the subnet#1 address. In this case, they are of multiples of 32: 0, 32, 64, 96, 128, ….

The lowest and highest number of subnet will not be used. In fact, there are only SIX possible subnets in the above case.

In general, Possible subnets = 2 (number of masked bits) - 2 Possible hosts per subnet = 2 (number of masked bits) - 2



After two examples, we have done the following: Set the subnet mask bits to 1 if your network treats the

corresponding bit in the IP address as part of the extended network prefix

Set the subnet mask bits to 0 if your network treats the bit as part of the host number.

The internal network address is the logical AND of the subnet mask with the IP address.

The host number within the subnet is the remaining host address portion of the IP address.


DNS (1)

Because IP addresses are hard to remember, the text version of the IP address is always used. This text version is called a domain name.

For example, the IP address 198.105.232.4 would be translated to microsoft.com

To translate and track domain names, InterNIC uses the Domain Name Service (DNS).


DNS (2)

DNS is a set of distributed databases containing IP addresses and their corresponding domain names.

DNS, with servers located all over the Internet, performs the translation back and forth between names and numbers.

A user can type in a domain name instead of the IP address.


DNS (3)


Domain Name (1)

DNS uses several levels of naming conventions, each of which is called a domain.

A domain refers to a group of computers and devices on a network that is administered as a unit with common rules and procedures.

Top-Level Domain (TLD): it indicates the class of institution, such as .com, .edu, .gov, .org

Second-Level Domain (SLD): it is registered by an organisation or entity by InterNIC, such as ibm, microsoft


Domain Name (2)


Domain Name (3)


World Wide Web (1)

The collection of hyperlinked documents accessible on the Internet is known as the World Wide Web, WWW, W3 or simply Web.

A Web site is where a related collection of web pages or files stored on a web server.

Web Browser: a client program which requests a web page from a web server and displays it on the local computer


World Wide Web (2)

Uniform resource locator (URL): it is the address of a file accessible on the WWW, such as an HTML web pages or any file supported by the HTTP.


Intranet

It is used to be an internal corporate network enhanced with Internet technology, such as adopting a WWW browser, email and newsgroup system.

It emphasizes in secured against inappropriate access, such as password control.

So that, it is often connected to outside Internet via a firewall and/or a router for protecting any intruder’s attack.


Web Server

Application that publishes HTML and other types of documents on the World Wide Web.

It receives an HTTP, FTP, or other type of request for a document from a browser, it responds by sending the document to the browser.

A secure web server is a server on the WWW that supports one or more of the major security protocols such as Secure Socket Layer (SSL) or HTTPS.


Firewall

A firewall sets an electronic boundary that prevents unauthorized users from accessing certain location on a network

It can examine each packet in the stream to see whether if the sender is authorized access

It is designed to control the flow of packets based on the source, destination, port and packet type information in each packet

It can be implemented in hardware, software, or a combination of both.


Router

A router is a device that connects two or more networks. It sorts addressed data packets and sends them to the

correct destinations with the built-in routing table. It can connect networks that use different network

adapters or transmission media as long as both sides of connection use same protocols.


Proxy Server

It is used to overcome delays, slower response times, and security concerns.

Traffic problems are partly due to the repeated retrieving of objects from remote Web servers.

Caching frequently requested Internet information. It reduces the number of times the same information

is accessed over an Internet connection, the download time, and the load on the remote server.


Proxy Service Benefits (1)

It reduces WAN traffic to the Internet and on the primary Web server by providing local LAN access to cached information.

It reduces the load on Web Internet servers and increases Internet and intranet performance.

It enhances intranet security with access control and content filtering, which can avoid users to indecent web sites.


Proxy Services Benefits (2)

It distributes LAN client requests across multiple proxy servers, for example, FTP requests on one server and HTTP requests on another server.

Proxy servers receive your requests, check for authorization, then go to get information. If you are not authorized, your request will be denied.

ISPs can use proxy servers to stop users from going to certain sites, too.


OSI Model versus TCP/IP


TCP/IP Suite of Protocols (1)

TCP/IP is the Internet suites of network protocols that allows different computers to communicate.

Underneath TCP/IP, there are various media protocols that help move the data over the various networks on the Internet.

TCP/IP also works in conjunction with the following protocols for specific applications.



FTP (File Transfer Protocol) for file transfer HTTP (HyperText Transfer Protocol) for browsin

g in WWW HTTPS (http with Secure Socket Layer) for secure

data transfer in WWW NNTP (Network News Transfer Protocol) for new

s group reading SMTP (Simple Mail Transfer Protocol) for deliver

ing e-mail



TCP/IP stands for Transmission Control Protocol/Internet Protocol.

It is the most popular open-system (non proprietary protocol suite.

It can be used to communicate across any set of interconnected networks and is suited for LAN and WAN communication.



Roughly correspond to a network communications model defined by the International Organization for Standardization (ISO) called the OSI model.

TCP/IP Suite of Protocols can map to a four-layer conceptual model, which is known as DARPA model: Application, Transport, Internet and Network Interface.

Each layer in the DARPA model corresponds to one or more layers of the seven-layer OSI model.


TCP/IP Protocol Layers (1)


TCP/IP Protocol Layers (2)

User applications communicate with the top layer of the protocol suite.

Top-level protocol layer on the source computer passes information to the lower layers of the protocol stack, which in turn pass it to the physical network.

Physical network transfers the information to the destination computer.


Network Interface Layer

It is responsible for placing TCP/IP packets on the network medium and receiving packets.

It was designed to be independent of the network access method, frame format and medium.

In this way, TCP/IP can be used to connect different network types, such as Ethernet, Token ring, X.25 or Frame Relay.

It encompasses the Data Link and Physical layers of OSI model.


Internet Layer (1)

It is responsible for addressing, packaging and routing functions. The core protocols are ARP, ICMP and IP.

Address Resolution Protocol (ARP): it is to map the Internet Layer address to the network Interface Layer address, such as a hardware address.

Internet Control Message Protocol (ICMP): it is to provide diagnostic functions and reporting errors or conditions between hosts and routers.


Internet Layer (2)

Internet Protocol (IP): it is a routing protocol and responsible for IP providing packet delivery services (routing) between hosts.

All packets are delivered by the IP datagram delivery service.


Internet Layer (3)

IP will always make a best effort attempt to deliver a packet.

All packets are transmitted independently of any other packets and IP does not attempt to recover from errors.


Internet Layer (4)

The acknowledgement of packets and recovery is the responsibility of a higher-layer protocol, such as TCP.

The Internet Layer is analogous to the Network Layer of the OSI model.


Internet Layer (5)

Applications using the IP datagram delivery service expect to receive replies from the destination node.

Packet takes the form called IP datagram. The datagram consists of a header and a data section. Header section contains the header information, the sou

rce IP address, the destination IP address and options.


Internet Layer (6)


Transport Layer (1)

It is consisted of two protocols, UDP and TCP. UDP provides a one-to-one or one-to-many, unrelia

ble and connectionless delivery service to send and receive messages.

TCP provides a one-to-one, connection-oriented, reliable communications for byte stream-delivery services on top of the IP datagram delivery service.

The transport layer encompasses the responsibilities of the OSI Transport Layer


Transport Layer (2)

Applications can be identified through protocol ports. Two types of protocol ports:

Well-known port assignmentsport numbers between 1 and 1,023 for particular

applicationsFor example, 20 and 21 for FTP, 23 for Telnet,

80 for HTTP Dynamically bound ports

port number 1,024 to 65,535


Transport Layer (3)


Transport Layer (4)

TCP segments are encapsulated in an IP datagram. TCP buffers the stream by waiting for enough data

to fill a large datagram before sending the datagram.

At the receiving end, TCP checks successive sequence numbers to ensure that all the segments are received and processed in the order of the sequence numbers.


Transport Layer (5)

The receiving end sends an acknowledgment to the sender for the segments received.

TCP enables the sender to have several outstanding segments before the receiver must return an acknowledgment.

If the sender does not receive an acknowledgment for a segment within a certain time, it retransmits that segment as a recovery.


Application Layer (1)

It provides applications the ability to access the services of the other layer.

It defines the protocols that applications use to exchange data.

The Application Layer is analogous to the Application, Presentation and Session Layers of the OSI model.

The most widely used protocols here are HTTP, FTP, SMTP, Telnet, DNS and SNMP.



The HyperText Transfer Protocol (HTTP): it is used to transfer files that make up the web pages .

File Transfer Protocol (FTP): it is used for interactive file transfer.

Simple Mail Transfer Protocol (SMTP): it is used for the transfer of mail messages and attachments.



Telnet: a terminal emulation protocol, for remote login to network hosts.

DNS: it is used to resolve a host name to an IP address.

SNMP: it is used between network management console and network devices (routers, bridges) to collect and exchange network management information.


Security Issues on Internet

Since Internet is an open accessed network, there are insufficient security protection for confidential data.

Data protection is to be essential and cryptography have to be enforced.

Cryptography uses mathematical algorithms and processes to convert intelligible plaintext into unintelligible cliphertext, and vice versa.


Cryptography (1)

Cryptography will depend very much on encryption and decryption mechanisms.

To encrypt the plaintext to ciphertext, the originator of the plaintext applies a mathematical formula that uses encryption key. The recipient of the ciphertext then use the same encryption key to decrypt.

There are two kinds of cryptography present: secret key and public key cryptography.


Cryptography (2)

There are some other applications of cryptography: Data encryption is for confidentiality. Digital signatures are to provide accountability and

verify data integrity. Digital certificates are used for authenticating peop

le, applications and services, and for access control (authorization).


Secret key Cryptography (1)

The sender (originator) and receiver (recipient) use the same or called symmetrical key for both encryption and decryption purpose.

In large scale applications, many clients or users need to have the same secret key.

Since encryption is presumably not available prior to key distribution, network based key distribution is not a secure option.


Secret key Cryptography (2)

Owing to the disadvantage of key distribution among the receivers, secret key cryptography is not a secure way to protect data or message.

The most common system is data encryption standard (DES) and is called symmetrical cryptography.


Public Key Cryptography (1)

It will uses pairs of keys: a widely available public key, and a different private key known only to the person, application or service that owns the keys.

Public key can be transmitted unencrypted over insecure lines.

Private key must be kept secret. Since this pair of keys is asymmetrical, it is called

asymmetrical cryptography.






Benefits of Public Key Cryptography (1)

The primary benefit is that it allows users who have no preexisting security arrangement to exchange messages securely.

The need for sender and receiver to share secret keys via some secure channel is eliminated.

All communications involve only public keys, and no private key is ever transmitted or shared. - It is much more safe.


Benefits of Public Key Cryptography (2)

Public key cryptography requires a public key infrastructure (PKI) for managing digital certificates (or e-cert) and encryption keys for people, programs and systems.

It provides confidentiality, authentication, access control, data integrity, and accountability.


Digital Signature (1)

Digital signatures enable the receivers of information to verify the authenticity of the information’s origin and also verify the information is intact.

Thus public key digital signature provides authentication and data integrity.

A digital signature also provides non-repudiation, which means that it prevents the sender from claiming that he or she did not actually send the information.



It serves the same purpose as a handwritten signature.

However, a handwritten signature is easy to counterfeit.

It is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer.




Digital Certificate

A digital certificate (or called e-cert) is an electronic file issued and digitally signed by a Certification Authority (CA), vouching for the identity of the certificate holder.

It usually contains a serial number, an expiration date, the information about the rights, uses, and privileges associated with the certificate, together with information about the CA who issued the certificate.


Certification Authority (1)

A Certification Authority (CA), or called Certificate Authority, is an organization, such as Hongkong Post, that issues independently authenticated digital certificates for use by individuals or organizations.

The Electronic Transactions Bill was passed by the Legislative Council on 5 January 2000 and was published in the Gazette on 7 January 2000. The Bill aims to provide a legal framework to ensure the conduct of electronic transactions is in a secure and trusted environment.



Hongkong Post Launches Public Certification Services.

Hongkong Post has become the first public certification authority in Hong Kong to build a Public Key Infrastructure (PKI).

It issues digital certificates, namely Hongkong Post e-Cert.



CA manages the keys and digital certificates used to implement cryptography within applications such as: Web browsers and web servers for

authentication and confidentiality; Secure network communications via protocol

such as SSL for applications like online banking and online shopping; and

Functions such as digitally signed documents or code.







Date post:	04-Jan-2016
Category:	Documents
Upload:	georgia-kemp
View:	35 times
Download:	0 times

DCN : Section 7

Documents