Internet applications,

performance and security

Maria Kihl

2

Book chapters

Forouzan 4th: 21.2, 24.2, 25.1-4, 27, 31.1

Forouzan 5th: 18.3, 19.2, 25.1, 26.1, 26.6, 31

Kihl: 8.8, 10.2, 11.2

Application layer paradigms

There are two basic user paradigms for Internet

applications:

• Client-server paradigm

• For example WWW, Online games, Web TV, Facebook

• Peer-to-peer paradigm

• For example BitTorrent, Voddler, Skype

• Some applications use both paradigms, for example

Spotify.

3

Client-server paradigm

4

Peer-to-peer paradigm

5 25.5

Example of application: WWW

• The idea of the World Wide Web (WWW) was

first proposed by Tim Berners-Lee in 1989 at

CERN, the European Organization for Nuclear

Research, to allow several researchers at different

locations throughout Europe to access each

others’ researches.

• The commercial Web started in the early 1990s.

6

Basic concept of WWW

WWW is based on three basic parts:

• Web documents (pages)

• HyperTextMarkup Language (HTML) is used for static web

documents

• Dynamic web documents are created with script languages (JSP,

CGI, ASP, etc.)

• Universal Resource Locator (URL)

• Standardized way to identify the location of web documents

• HyperText Transfer Protocol (HTTP)

• Protocol for access of web documents on a web server 7

Universal Resource Locator (URL)

A web document has four identifiers: Protocol, Host,

Port and Path. An URL is defined as:

protocol://host:port/path

When standard HTTP port 80 is used it is omitted, for

example:

http://www.mhhe.com/compsci/forouzan

8

Basic document retrieval process

9

HTTP

• HTTP is a text-based protocol with two basic types

of messages: Requests and Responses.

• HTTP sets up and uses a TCP connection

• HTTP 1.1 uses persistent connections which means that all

parts of the web document use the same TCP

connection.

10

Basic operation of HTTP 1.1

11

Formats of Requests and Responses

12

Cookies

• The original WWW was stateless, which means that

each request/response message is treated separately,

with no history of other messages.

• Cookies were introduced to be able to store

information about the client.

• Cookies introduces the concept of a user session.

• The creation and storage of cookies depend on the

implementation, but the concept is the same.

13

Example of cookies

14

Mapping from host name to IP address

• Application protocols use host names (for example

www.lth.se).

• However, TCP/IP uses IP addresses.

• The mapping from host name to IP addresses is

performed by Domain Name System (DNS).

15

Basic operation of DNS

16

17

Domain Name space

• DNS uses a hierarchical name space and the whole Internet is divided into domains and subdomains.

• A domain name is a sequence of labels separated with dots, e.g. www.telecom.lth.se.

18

Domain name space in DNS

root

Example of labels and domains

19

Domains and subdomains

20

21

Domain types

The domain name space is divided into three different

sections.

22

Generic domains

23

Country domains

24

Domain Name Servers

The domain name space is stored in special DNS servers. The

servers are distributed and each domain or subdomain have

their own servers.

25

From name to address (1)

angel2.angelnet.se

angel1.heavennet.se

1. angel2.angelnet.se ?

ns.heavennet.se

26

From name to address (2)

angel1.heavennet.se

angel2.angelnet.se

ns.heavennet.se sunic.sunet.se

2. angel2.angelnet.se ?

3. Ask ns.angelnet.se

27

From name to address (3)

angel1.heavennet.se

angel2.angelnet.se

ns.heavennet.se

ns.angelnet.se

4. angel2.angelnet.se ?

5. IP = 194.52.54.47

Network Performance

A good network performance is crucial for most

applications. Two factors of a network or system that

influence the performance are:

Delay

Throughput

Both these factors are dependent on the load on the

network or system.

Congestion

Congestion (Overload) occurs when the number of

packets sent to a system is greater than the number of

packets the system can handle.

System Arrivals (packets/sec)

Capacity (packets/sec)

Arrivals > Capacity Congestion (Overload)

Queuing delay

All routers and servers have buffers where jobs are stored in

wait for service. When the load increases, the buffers fill up,

and the queuing delay increases. Finally, packets will be

dropped due to full buffers.

Delay as a function of load

The delay will increase exponentially to the load.

This can be shown with queuing theory.

Throughput as a function of load

During overload, the throughput declines sharply.

Long delays casues retries from hosts or routers. All

dropped packets also cost capacity.

Internet Control Message Protocol

(ICMP)

The IP protocol has no error-reporting or error-

correcting mechanism. The IP protocol also lacks a

mechanism for host and management queries.

The Internet Control Message Protocol (ICMP) has

been designed to compensate for the above two

deficiencies.

It is a companion to the IP protocol.

ICMP in the TCP/IP stack

ICMP message

Two types of messages:

Error-reporting messages

Query messages

Encapsulation

The ICMP message is encapsulated in an IP datagram:

Error-reporting

When an error in the IP datagram delivery is detected, ICMP

reports the error to the source of the IP datagram. The error

message includes the IP header and first 8 bytes of the original

datagram.

Some Error reporting messages

Destination unreachable: A router cannot route a datagram or a host cannot deliver a datagram.

Source quench: A datagram is discarded due to congestion.

Time exceeded: A datagram has been discarded since its TTL value has reached 0.

Redirection: A host has the wrong default router, and needs to update its routing table.

Some ICMP Query messages

Echo-request and Reply: Is used to determine if two systems

(hosts or routers) have connection on the IP level.

Timestamp request and reply: Is used to determine the

round-trip time (RTT) between two systems.

Router-Solicitation and Advertisment: Is used by a host to

find the routers that are connected to its network.

Debugging Tools

There are several tools that can be used in the Internet

for debugging. Some of them are:

Ping

Traceroute

Ping

The Ping program uses ICMP echo-request and reply

messages to find information about a destination.

Traceroute

Traceroute (in UNIX) or Tracert (in Windows) can be

used to trace the route of a packet from the source to

the destination.

It manipulates the TTL field in the IP header and uses

two ICMP messages: Time Exceeded and Destination

Unreachable to find the route of a packet.

Traceroute, example

Network Security

There are five concepts that relates to network

security:

Message confidentiality (Privacy)

Message confidentiality (or privacy) means that the

transmitted message must make sense to only the

intended receiver. To all others, the message must be

unreadable.

Privacy is usually achieved by encryption of the

message.

Encryption, example

Message Integrity

Message Integrity means that the message must arrive

at the receiver exactly as it was sent. There must be no

changes during the transmission, neither accidently nor

maliciously.

Message Integrity can be achieved with message

digests.

Message digest

Message Authentication

In message authentication the receiver needs to be

sure of the sender’s identity and that an imposter has

not sent the message.

Message authentication can be achieved with a keyed

hash function that constructs an encrypted message

digest, also called a digital signature.

Digital signature

Message Nonrepudiation

Message nonrepudiation means that a sender must not

be able to deny sending a message that he or she, in

fact, did send.

Message nonrepudiation can be solved with a trusted

third party and the use of digital signatures.

Trusted center for nonrepudiation

Entity Authentication

Entity authentication is a technique designed to let one

party prove the identity of another party. An entity can

be a person, a process, a client, or a server.

The simplest solution is to use passwords. Another

solution is a so called challenge-response

authentication.

Challenge-response authentication

Rb = Random bit sequence (Nonce)

Internet security protocols

The following three security protocols ensure

Authentication and Confidentality on different layers:

IPSec: Security for IP.

SSL/TLS: Security for TCP.

PGP: Security for Email (SMTP).

These protocols will be studied in the course Internet Protocols.

Some bonus material: Research on Internet

user behavior and traffic volumes

• In collaboration with Acreo AB, we are involved in

European Research projects related to Internet

traffic monitoring and modelling.

• We have published some papers on Internet user

behavior patterns and generated traffic volumes.

56

Investigated network

57

Residential network in Sweden with about 2600 households

(FTTH and DSL). The measurements shown were performed

in 2007, 2009, and 2012.

Total traffic volumes

58

Traffic volume ratios

59

WWW usage

60

Which types of web sites are people using the most?

Major changes since 2007

• More video streaming.

• Less BitTorrent (but still much!)

• Facebook has increased the ratio for social media

sites.

61

World of Warcraft traffic pattern

62

WoW session lengths

63 Longest session identfied was 28 hours...

Some results on Facebook

• Recently, I supervised a master project that analysed

Facebook user behavior.

• The objective was to analyse how users

upload/download pictures, and ”like” patterns.

• Measurements during 6 days in the network shown

before (May 2012).

64

Ranking of downloaded pictures

65

The graph shows a ranking of the pictures downloaded by

users at least 50 times.

Popularity ranking

Identification and ranking of the Facebook users that

are most downloaded by other users.

66 There are a few users with a huge amount of followers.

Ranking of Likes

There are a few users that are heavy ”like”-users. The

most active user ”liked” 760 times in the measurement

period.

67