name spaces
play

Name Spaces OS-level Address spaces Naming and Addressing - PDF document

Name Spaces OS-level Address spaces Naming and Addressing File tree and file pathname File descriptors Networks Ethernet/LAN MAC addresses (48-bit) Jeff Chase IP addresses (32-bit or 64-bit in IPv6) Duke


  1. Name Spaces OS-level – Address spaces Naming and Addressing – File tree and file pathname – File descriptors Networks – Ethernet/LAN “MAC” addresses (48-bit) Jeff Chase – IP addresses (32-bit or 64-bit in IPv6) Duke University – Port numbers – DNS names, e.g., vmm01.cod.cs.duke.edu – URL = DNS name + port + file pathname Services Naming issues Context and Hierarchy • Aliasing • Names are assigned/resolved relative to a context – Unix “links” – Uniformity vs. autonomy • Referential integrity – Autonomy � local control and customizability – Reference counts and garbage collection – Autonomy � fragmentation – Dangling references – Local vs. global name spaces • Name changes – Collisions • Name resolution • Nested contexts – Replication • Contexts may be controlled by different – Mobility administrative authorities – Security • Location, location, location Naming Resolution Structures Ethernet Addressing • Telephone book • 48-bit address space – Everyone has one • Hardwired into network interface – All lookups are local • Sequence of six bytes/octets: 12:34:56:78:9A:BC – Highly resilient • First three bytes identifies the vendor of the NIC • Central server: directory assistance • Name space is “flat” – Authoritative – No structure in the names with respect to location – Useful even when you don’t have your phone book • How to route network traffic to a node by MAC address? • Scalable directory service? • What about name changes? 1

  2. Ethernet 101 Collision Detection: Failure • May be a broadcast medium. A B C A B C – E.g., hubbed network – E.g., wireless (802.11) • Collisions may occur. – “CSMA/CD” – Exponential backoff • All nodes must be able to Time detect the collision. – Any node can be sender • => Must either have short wires, long packets, or both. • Modern wired Ethernet: – full-duplex – switched point-to-point [Srini/Anderson] [Srini/Anderson] ARP ARP/MAC Questions LAN (Ethernet) Address Resolution Protocol • What if nonexistent destination “Fred”? • Each node/if is configured to reside on a given IP • Stale name bindings in the cache? subnet assigned to its LAN. – Nodes can change IP address (DHCP) • To send to an IP address within the subnet, must • Manageability? Plug-and-Play know MAC address. • Secure? • ARP resolves IP address to MAC address. • Are MACs unforgeable? • ARP broadcasts “who on this LAN is named Fred”? – Software licensing by MAC • Exactly the node with IP address “Fred” responds. – What is the MAC address for a virtual machine? • Each node maintains an ARP cache of IP->MAC. • Scalable? • Caches IP->MAC mapping for incoming ARPs. ARP Poisoning/Spoofing Scaling Ethernet • Doctor up ARP packets • Self-learning bridges/switches. • Send bogus or aliased MAC addresses • Connect them together in “arbitrary” topologies • Send false mappings • Confuse bridges/switches • Confuse hosts host host host host host host • Redirect traffic to your MAC or into a black hole • ….or to your Registration Page • Example: Bridge – Hi Alice, my name is Bob, I am at MAC X. – Hi Bob, my name is Alice, I am at MAC X. host host host host host host – Traffic Alice <-> Bob passes through X. 2

  3. Scaling Ethernet DNS 101 Domain names are the basis for the Web’s global • Bridges learn where MACs are connected. URL space. – Direct-connected to local port. – Symbolic veneer over the IP address space – Connected to a neighboring switch/bridge • Human readable – And so on… – autonomous naming domains, e.g., cs.duke.edu • Cache source (MAC, port) when frames go by. • specific nodes, e.g., vmm01.cs.duke.edu • Broadcast if you don’t know where a destination is. • service aliases (e.g., www, mail servers) • Topology issues? – Almost every Internet application uses domain names when it establishes a connection to • Manageable? Scalable? another host. – “Phone book for the Internet” DNS Service Domain Name Hierarchy com • The Domain Name System (DNS) is a planetary name gov org generic TLDs net service that translates Internet domain names. top-level firm shop domains arts • maps <DNS name> to <IP address> web (TLDs) us fr • (mostly) independent of location, routing etc. country-code .edu TLDs • Hierarchical name space and service structure: – Fully qualified names are “little endian” duke washington unc – Scalability mc – Decentralized administration cs env cs cs – Domains are naming contexts www vmm01 (prophet) • Replaced primordial flat hosts.txt namespace How is this different from hierarchical directories in distributed file systems? Do we already know how to implement this? DNS Service 101 DNS Name Server Hierarchy – client-side resolvers DNS servers are organized into a hierarchy WWW server for • typically in a library that mirrors the name space. nhc.noaa.gov com Root servers list (IP 140.90.176.22) gov • gethostbyname , servers for every org net Specific servers are designated as TLD. gethostbyaddr firm shop authoritative for portions of the name space. “ www.nhc.noaa.gov is arts – cooperating servers web 140.90.176.22” us .edu fr DNS server for • query-answer-referral Servers may delegate nhc.noaa.gov management of Subdomains correspond to model ... unc subdomains to child organizational ( admininstrative ) “lookup www.nhc.noaa.gov” • forward queries among name servers. duke boundaries, which are not local necessarily geographical. DNS server servers Servers are bootstrapped with pointers cs env Parents refer • server-to-server may use mc to selected peer and parent servers. subdomain queries to TCP (“zone transfers”) their children. Resolvers are bootstrapped with pointers to one or more local servers; they issue recursive queries. 3

  4. Ethernet MACs: Summary DNS: Summary • Global naming context • Human readable names (“symbolic”). – Vendors responsible for unique assignment • Hierarchical structure of nested naming contexts • Fixed-width machine-readable name space – Like file system directories • Name resolution by local broadcast – Name resolution by pathname traversal – Many shortcuts in bridged/switched LANs • Each naming context has a controlling authority that resolves names in the context. – No “location hint” in an ethernet MAC � mobility • Each parent context has a “secure binding” to the • No controlling authority authoritative server for each child context. – Easy manageability: plug and play • Everyone has a secure link to the “root”. – Weak security • Dynamic, distributed, global name service • Global name resolution? • Hierarchical structure is simple but problematic. – Need “internetworking”. DNS: The Big Issues DNS: Cost of Hierarchy • Who can obtain a new domain name, and by whose • Root servers: the gang of 13 authority? – Not much diversity there: BIND on Unix • What about trust? How can we know if a server is – “A” root authoritative, or just an impostor? • Special case of ‘centralized’ • What happens if a server lies or behaves – Think bottleneck erratically? What denial-of-service attacks are – Single point of attack and failure possible? What about privacy? • October 21, 2002 • What if an “upstream” server fails? – DDOS attack against roots DNS Politics ICANN or,The Cost of Uniformity • DNS is a global name space. Internet Corporation for Assigned Names and Numbers • That makes it a global political issue. • Sets prices for domain names • History: • Accredits domain name registrars – TLD registry run by Network Solutions, Inc. • Accepts/rejects proposed TLDs – US government (NSF) granted monopoly, regulated • Controls the root servers but not answerable to any US or international • Chartered by US Department of Commerce authority. • Oversight/control process unclear and controversial – In 9/98, control transitioned to a more open • http://www.internetgovernance.org management structure. • http://www.icann.org – Still under US control, with many accusations of power grabs by US industry. 4

Recommend


More recommend