lec14-Application Layer.pptx

Full Transcript

1 LEC14: APPLICATION LAYER © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 Application, Presentation, and Session: Application Layer The upper three layers of the OSI model (application, presentation, and session) define functions of the TCP/IP application layer. The application layer provides the interface between the applications used to communicate, and the underlying network over which messages are transmitted. Application layer protocols are used to exchange data between programs running on the source and destination hosts. Some of the most widely known application layer protocols are Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), Internet Message Access Protocol (IMAP), and Domain Name System (DNS). © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2 Application, Presentation, and Session:  The presentation functions: layer has three Presentation and Session Layer primary Formatting, or presenting, data at the source device into a compatible format for receipt by the destination device Compressing data in a way that can be decompressed by the destination device Encrypting data for transmission and decrypting data upon receipt  The session layer functions: It creates and maintains dialogs between source and destination applications. It handles the exchange of information to initiate dialogs, keep them active, and to restart sessions that are disrupted or idle for a long period of time. The presentation layer formats data for the application layer, and it sets standards for file formats. Some well-known standards for video include Matroska Video (MKV), Motion Picture Experts Group (MPG), and QuickTime Video (MOV). Some well-known graphic image formats are Graphics Interchange Format (GIF), Joint Photographic Experts Group (JPG), and Portable Network Graphics (PNG) © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3 Application, Presentation, and Session: The TCP/IP application protocols specify the format and control information necessary for many common internet communication functions. Application layer protocols are used by both the source and destination devices during a communication session. For the communications to be successful, the application layer protocols that are implemented on the source and destination host must be compatible. TCP/IP Application Layer Protocols  Application: Name System Protocol: DNS - Domain Name System (or Service) Port Number: TCP, UDP client 53 Characteristics: Translates domain names, such as cisco.com, into IP addresses.  Application: Email Protocol: SMTP – simple mail transfer protocol Port Number: TCP 25 Characteristics: enables clients to send email to mail server enables servers to send email to other servers  Host Config DHCP Dynamic Host Configuration Protocol UDP client 68, server 67 Dynamically assigns IP addresses to be re-used when no longer needed  Web HTTP - Hypertext Transfer Protocol TCP 80, 8080 A set of rules for exchanging text, graphic images, sound, video, and other multimedia files on the World Wide Web © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4 Application, Presentation, and Session: TCP/IP Application Layer Protocols © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5 Application, Presentation, and Session: TCP/IP Application Layer Protocols © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6 Peer-to-Peer: Client-Server Model Client and server processes are considered to be in the application layer. In the client/server model, the device requesting the information is called a client and the device responding to the request is called a server. The client is a hardware/software combination that people use to directly access the resources that are stored on the server. The client begins an exchange by requesting data from the server, which responds by sending one or more streams of data to the client. Application layer protocols describe the format of the requests and responses between clients and servers. One example of a client/server network is the email service of an ISP used to send, receive, and store email. The email client on a home computer issues a request to the email server of the ISP for any unread mail. The server responds by sending the requested email to the client. Data transfer from a client to a server is referred to as an upload, and data from a server to a client is called a download. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7 Peer-to-Peer: Peer-to-Peer Networks In the peer-to-peer (P2P) networking model, the data is accessed from a peer device without the use of a dedicated server. The P2P network model involves two parts: P2P networks and P2P applications. The two parts have similar features, but in practice they work quite differently. In a peer-to-peer (P2P) network, two or more computers are connected via a network and can share resources (such as printers and files) without having a dedicated server. Every connected end device (known as a peer) can function as both a server and a client. One computer might assume the role of server for one transaction while simultaneously serving as a client for another. The roles of client and server are set on a per request basis. In a peer-to-peer exchange, both devices are considered equal in the communication process. Peer 1 has files that are shared with Peer 2 and can access the shared printer that is directly connected to Peer 2 to print files. Peer 2 is sharing the directly connected printer with Peer 1 while accessing the shared files on Peer 1 © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8 Peer-to-Peer: Peer-to-Peer Applications A P2P application allows a device to act as both a client and a server within the same communication. Some P2P applications use a hybrid system where each peer accesses an index server to get the location of a resource stored on another peer. In this model, every client is a server, and every server is a client. P2P applications require that each end device provide a user interface and run a background service. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9 Web and Email Protocols : Hypertext Transfer Protocol and Hypertext Markup Language When a web address or Uniform Resource Locator (URL) is typed into a web browser, the web browser establishes a connection to the web service. The web service is running on the server that is using the HTTP protocol. To better understand how the web browser and web server interact, examine how a web page is opened in a browser. Step 1 The browser interprets the three parts of the URL: http (the protocol or scheme) www.cisco.com (the server name) index.html (the specific filename requested) © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10 Web and Email Protocols:Hypertext Transfer Protocol and Hypertext Markup Language (Cont.) Step 2 The browser then checks with a name server to convert www.cisco.com into a numeric IP address, which it uses to connect to the server. Step 3 In response to the request, the server sends the HTML code for this web page to the browser. The client initiates an HTTP request to a server by sending a GET request to the server and asks for the index.html file. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11 Web and Email Protocols: Hypertext Transfer Protocol and Hypertext Markup Language (Cont.) Step 4 The browser deciphers the HTML code and formats the page for the browser window. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12 Web and Email Protocols: HTTP and HTTPS HTTP is a request/response protocol that specifies the message types used for that communication when a client, typically a web browser, sends a request to a web server. The three common message types are GET, POST, and PUT: GET - This is a client request for data. A client (web browser) sends the GET message to the web server to request HTML pages. POST - This uploads data files to the web server, such as form data. PUT - This uploads resources or content to the web server, such as an image. Although HTTP is remarkably flexible, it is not a secure protocol. The request messages send information to the server in plaintext that can be intercepted and read. The server responses, typically HTML pages, are also For secure communication across the internet, the HTTP Secure (HTTPS) protocol is used. HTTPS uses authentication and encryption to secure data as it travels between the client and server. HTTPS uses the same client request/server response process as HTTP, but the data stream is encrypted with Transport Layer Security (TLS) or its predecessor, Secure Socket Layer (SSL), before being transported across the network. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13 Web and Email Protocols: Email Protocols  To run on a computer or other end device, email requires several applications and services, as shown in the Figure.  Email is a store-and-forward method of sending, storing, and retrieving electronic messages across a network. Email messages are stored in databases on mail servers. Email clients communicate with mail servers to send and receive email.  Mail servers communicate with other mail servers to transport messages from one domain to another. An email client does not communicate directly with another email client when sending email. Instead, both clients rely on the mail server to transport messages.  The email protocols used for operation are: Simple Mail Transfer Protocol (SMTP) – used to send mail. Post Office Protocol (POP) & (Internet Message Access Protocol) IMAP – used for clients to receive The application layer process that sends mail uses SMTP. A client retrieves email using one of the two application layer protocols: POP or IMAP. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14 Web and Email Protocols: SMTP, POP and IMAP An SMTP message must have a message header and a message body. The message body can contain any amount of text, and the message header must have a properly formatted recipient email address and a sender address. When a client sends email, the client SMTP process connects with a server SMTP process on wellknown port 25. After the connection is made, the client attempts to send the email to the server across the connection. When the server receives the message, it either places the message in a local account, if the recipient is local, or forwards the message to another mail server for delivery. The server periodically checks the queue for messages and attempts to send them again. If a message is still not delivered after a predetermined expiration time, it is returned to the sender as undeliverable. The destination email server may not be online or may be busy. If so, SMTP spools messages to be sent at a later time. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15 Web and Email Protocols: SMTP, POP and IMAP (Cont.) POP is used by an application to retrieve mail from a mail server. When mail is downloaded from the server to the client using POP the messages are then deleted on the server. The server starts the POP service by passively listening on TCP port 110 for client connection requests. When a client wants to make use of the service, it sends a request to establish a TCP connection with the server. When the connection is established, the POP server sends a greeting. The client and POP server then exchange commands and responses until the connection is closed or aborted. With POP, email messages are downloaded to the client and removed from the server, so there is no centralized location where email messages are kept. Note: Since POP does not store messages, it is not recommended for small businesses that need a centralized backup solution. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16 Web and Email Protocols: SMTP, POP and IMAP (Cont.) IMAP is another protocol that describes a method to retrieve email messages. Unlike POP, when a user connects to an IMAP server, copies of the messages are downloaded to the client application. The original messages are kept on the server until manually deleted. When a user decides to delete a message, the server synchronizes that action and deletes the message from the server. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17 IP Addressing Services: Domain Name Service Some application layer–specific protocols were designed to make it easier to obtain addresses for network devices. These services are essential because it would be very timeconsuming and difficult to remember IP addresses instead of URLs or to manually configure all the devices in a medium to large network. In data networks, devices are labeled with numeric IP addresses to send and receive data over networks. Domain names were created to convert the numeric IP addresses into a simple, recognizable name. Fully-qualified domain names (FQDNs), such as http://www.cisco.com, are much easier for people to remember than 198.133.219.25. The DNS protocol defines an automated service that matches resource names with the required numeric network address. It includes the format for queries, responses, and data. DNS communications use a single format called a message. This message format is used for all types of client queries and server responses, error messages, and the transfer of resource record information between servers. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18 IP Addressing Services: DNS Message Format  The DNS server stores different types of resource records that are used to resolve names. These records contain the name, address, and type of record.  Some of these record types are as follows: A - An end device IPv4 address NS - An authoritative name server AAAA - An end device IPv6 address (pronounced quad-A) MX - A mail exchange record  When a client makes a query, the DNS process on the server first looks at the server’s own records to resolve the name. If it is unable to resolve the name by using its stored records, it contacts other servers to resolve the name.  After a match is found and returned to the original requesting server, the server temporarily stores the numbered address in case the same name is requested again.  The DNS client service on Windows PCs also stores previously resolved names in memory. The ipconfig /displaydns command displays all the cached DNS entries © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19 IP Addressing Services : DNS Message Format (Cont.)  DNS uses the same message format between servers, consisting of a question, answer, authority, and additional information for all types of client queries and server responses, error messages, and transfer of resource record information. DNS message section Description Question The question for the name server Answer Resource Records answering the question Authority Resource Records pointing toward an authority Additional Resource Records holding additional information © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20 IP Addressing Services: DNS Hierarchy DNS uses a hierarchical system to create a database to provide name resolution. DNS uses domain names to form the hierarchy. The naming structure is broken down into small, manageable zones. Each DNS server maintains a specific database file and is only responsible for managing name-to-IP mappings for that small portion of the entire DNS structure. When a DNS server receives a request for a name translation that is not within its DNS zone, the DNS server forwards the request to another DNS server within the proper zone for translation. Examples of top-level domains:.com - a business or industry.org - a non-profit organization.au - Australia © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21 IP Addressing Services : The nslookup Command When configuring a network device, one or more DNS server addresses are provided that the DNS client can use for name resolution. Usually the ISP provides the addresses to use for the DNS servers. Nslookup is a computer operating system utility that allows a user to manually query the DNS servers configured on the device to resolve a given host name. This utility can also be used to troubleshoot name resolution issues and to verify the current status of the name servers. When the nslookup command is issued, the default DNS server configured for your host is displayed. The name of a host or domain can be entered at the nslookup prompt. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22 IP Addressing Services: Dynamic Host Configuration Protocol The Dynamic Host Configuration Protocol (DHCP) for IPv4 service automates the assignment of IPv4 addresses, subnet masks, gateways, and other IPv4 networking parameters. DHCP is considered dynamic addressing compared to static addressing. Static addressing is manually entering IP address information. Rather than use static addressing for each connection, it is more efficient to have automatically using DHCP. IPv4 addresses assigned When a host connects to the network, the DHCP server is contacted, and an address is requested. The DHCP server chooses an address from a configured range of addresses called a pool and assigns (leases) it to the host. DHCP can allocate IP addresses for a configurable period of time, called a lease period. The lease period is an important DHCP setting. When the lease period expires or the DHCP server gets a DHCPRELEASE message, the address is returned to the DHCP pool for reuse. Note: DHCP for IPv6 (DHCPv6) provides similar services for IPv6 clients. However, DHCPv6 does not provide a default gateway address. This can only be obtained dynamically from the Router Advertisement message of the router. Many networks use both DHCP and static addressing. DHCP is used for general purpose hosts, such as end user devices. Static addressing is used for network devices, such as gateway routers, switches, servers, and printers. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 23 IP Addressing Services: DHCP Operation The DHCP Process: When an IPv4, DHCP-configured device boots up or connects to the network, the client broadcasts a DHCP discover (DHCPDISCOVER) message to identify any available DHCP servers on the network. A DHCP server replies with a DHCP offer (DHCPOFFER) message, which offers a lease to the client. The offer message contains the IPv4 address and subnet mask to be assigned, the IPv4 address of the DNS server, and the IPv4 address of the default gateway. The lease offer also includes the duration of the lease If a client receives more than one offer due to multiple DHCP servers on the network, it must choose one. The client sends a DHCP request (DHCPREQUEST) message that identifies the explicit server and lease offer that the client is accepting. The server then returns a DHCP acknowledgment (DHCPACK) message that acknowledges to the client that the lease has been finalized. If the offer is no longer valid, then the selected server responds with a DHCP negative acknowledgment (DHCPNAK) message and the process must begin with a new DHCPDISCOVER message. The DHCP server ensures that all IP addresses are unique; that is, the same IP address cannot be assigned to two different network devices simultaneously Note: DHCPv6 has a set of messages that is similar to those for DHCPv4. The DHCPv6 messages are SOLICIT, ADVERTISE, INFORMATION REQUEST, and REPLY. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24 File Sharing Services: File Transfer Protocol  In the client/server model, the client can upload data to a server and download data from a server if both devices are using a file sharing protocol such as File Transfer Protocol (FTP).  FTP was developed to allow for data transfers between a client and a server. An FTP client is an application which runs on a computer that is being used to push and pull data from an FTP server. Step 1 - The client establishes the first connection to the server for control traffic using TCP port 21. The traffic consists of client commands and server replies. Step 2 - The client establishes the second connection to the server for the actual data transfer using TCP port 20. This connection is created every time there is data to be transferred. Step 3 - The data transfer can happen in either direction. The client can download (pull) data from the server, or the client can upload (push) data to the server. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25 File Sharing Services: Server Message Block  The Server Message Block (SMB) is a client/server, request-response file sharing protocol. Servers can make their own resources available to clients on the network.  It describes the structure of shared network resources, such as directories, files, printers, and serial ports.  All SMB messages have a common format: a fixed-sized header followed by a variable-sized parameter and data component.  Three functions of SMB messages: Start, authenticate, and terminate sessions Control file and printer access Allow an application to send or receive messages to or from another device  Unlike the file sharing supported by FTP, clients establish a long-term connection to servers. After the connection is established, the user of the client can access the resources on the server as though the resource is local to the client host. © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26