Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.

Slides:



Advertisements
Similar presentations
Delivery and Forwarding of
Advertisements

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim
1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Chapter 7 – Transport Layer Protocols
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Content Switch Design Introduce Linux networking source code. IP Masquerade techniques. LVS(Linux Virtual Server). Design of the Content Switch.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Internetworking.
11/2/2000Weihong Wang/Content Switch Page 1 Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of.
Content Switch. Introduction of content web switch.. Some content switch products in the market.. Design of a content switch.
TCP Splicing for URL-aware Redirection
TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.
Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.
Communication Protocols III Tenth Meeting. Connections in TCP A wants to send to B. What is the packet next move? A travels through hub and bridge to.
TCP. Learning objectives Reliable Transport in TCP TCP flow and Congestion Control.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)
Gursharan Singh Tatla Transport Layer 16-May
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Process-to-Process Delivery:
A Brief Taxonomy of Firewalls
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Chapter 6: Packet Filtering
PA3: Router Junxian (Jim) Huang EECS 489 W11 /
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
6.1. Transport Control Protocol (TCP) It is the most widely used transport protocol in the world. Provides reliable end to end connection between two hosts.
Operating Systems Recitation 9, May 19-20, Iterative server Handle one connection request at a time. Connection requests stored in queue associated.
Section 5: The Transport Layer. 5.2 CS Computer Networks John Mc Donald, Dept. of Computer Science, NUI Maynooth. Introduction In the previous section.
ICOM 6115©Manuel Rodriguez-Martinez ICOM 6115 – Computer Networks and the WWW Manuel Rodriguez-Martinez, Ph.D. Lecture 26.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
Access Control List (ACL)
TCP1 Transmission Control Protocol (TCP). TCP2 Outline Transmission Control Protocol.
Transmission Control Protocol
Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The layers are The four layers of the TCP/IP model are listed.
ECE 526 – Network Processing Systems Design Packet Processing I: algorithms and data structures Chapter 5: D. E. Comer.
Chapter 12 Transmission Control Protocol (TCP)
Delivery, Forwarding, and Routing of IP Packets
Othman Othman M.M., Koji Okamura Kyushu University 1.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Filtering Traffic Using Access Control Lists Introducing Routing and Switching.
Networking Basics CCNA 1 Chapter 11.
1 OSI and TCP/IP Models. 2 TCP/IP Encapsulation (Packet) (Frame)
S305 – Network Infrastructure Chapter 5 Network and Transport Layers.
Socket Programming.
1 Kyung Hee University Chapter 6 Delivery Forwarding, and Routing of IP Packets.
Individual Project 1 Sarah Pritchard. Fran, a customer of your company, would like to visit your company’s website from her home computer… How does your.
ISDS 4120 Project 1 DWAYNE CARRAL JR 3/27/15. There are seven layers which make up the OSI (Open Systems Interconnection Model) which is the model for.
Hour 6 The Transport Layer 1. What You'll Learn in This Hour Connections oriented and connectionless protocols Ports and sockets TCP UDP 2.
Access Control List (ACL) W.lilakiatsakun. Transport Layer Review (1) TCP (Transmission Control Protocol) – HTTP (Web) – SMTP (Mail) UDP (User Datagram.
1 Kyung Hee University Chapter 11 User Datagram Protocol.
McGraw-Hill Chapter 23 Process-to-Process Delivery: UDP, TCP Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
Lecture 4: Stateful Inspection, Advanced Protocols.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI transport layer CCNA Exploration Semester 1 – Chapter 4.
Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.
Chapter 5 Network and Transport Layers
COMP2322 Lab 6 TCP Steven Lee Mar 29, 2017.
Process-to-Process Delivery, TCP and UDP protocols
VIRTUAL SERVERS Presented By: Ravi Joshi IV Year (IT)
© 2003, Cisco Systems, Inc. All rights reserved.
TCP Transport layer Er. Vikram Dhiman LPU.
Process-to-Process Delivery:
TCP/IP Protocol Suite: Review
INFORMATION FLOW ACROSS THE INTERNET
Process-to-Process Delivery: UDP, TCP
Transport Layer 9/22/2019.
TCP Connection Management
Presentation transcript:

Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak Yoav Helfman A Director of distributed array of web servers

Page: 2 Director Introduction 1.1. General Our goal was to develop a Layer-5 director that switches itself into a layer-4 director after making the "request routing" decision, based on the URL. Then it should assign a new connection to the requesting client by using NAPT(Network Address & Port Translation). As a platform for the director we use Linux operating system.

Page: 3 Director General Layout Internet VIP Load Balancer/Director Linux Box WAN/ LAN Real Server1 Real Server2 Real Server3 RIP1 RIP2 RIP3 CIP Client CIP: Client IP Address & Port VIP: Virtual IP Address & Port RIP: Real Server IP Address & Port The Director is connected to two networks: the web servers farm network, and the network representing the outside world (Internet).

Page: 4 Director 1.0 General Layout cont. The Director reads HTTP requests (on port number 80) from the global network adapter at this stage the Director and NAPT are working together, processes them (using a hash function in order to find the server that holds the URL) and sends the requests to the selected web server through the local network adapter. From this moment on NAPT “ takes initiative ” performing the translation between the actual physical server and the client, actually the Layer 5 level has finished it ’ s part at this stage.

Page: 5 Director Modules. The project consists of four main modules: Layer 5 URL Director NAPT timeout manager Layer 3/4 NAPT Debug Director

Page: 6 Director 1.0 Modules cont. Layer 5 URL Director  Accept: Examines each “GET” request and makes new routing decision based on a hashing function of the URL.  Connect: Initiate a new connection to the selected server. Layer 3/4 NAPT  Listener: Receives new packets and Classifies them.  Connection Establisher: Manages the NAPT table entries.  NAPT: Redirects the "packet's flow” to the real WEB server and back to the client.

Page: 7 Director 1.0 Modules cont. NAPT timeout manager  Timeout: Terminates inactive client-server connections and removes finished connections NAPT entries. Debug  Print: Enables a real time Director tables view.

Page: 8 Director 1.0 Packets Buffer Modules cont. Header Content Extraction NAPT Entries Packet Routing (Load Balancing) Incoming Packets Forward Packet Layer 5 URL Director

Page: 9 Director 1.0 Raw Sockets We used raw sockets in order to intercept the raw data directly from layer 3 Raw Sockets allows the user to receive the packets directly to the user level without passing through all the network layers on the way A copy of the packets is sent to us by the Raw Sockets and the real packet continues it ’ s way to the TCP stack Raw Socket intercept the packets before the packets are processed by the TCP/IP, therefore we can receive and send data even if the TCP/IP is blocked The use of Raw Sockets is identical to intercepting the packets in the kernel level in terms of the data received

Page: 10 Director 1.0 Algorithms used Layer 5 Director - Accept  Initializes the layer 4 threads and tables  Calls accept() waiting for new connections  When a new connection arrives we create a new thread which connects to the client.  Loops back to accept()

Page: 11 Director 1.0 Algorithms cont. Layer 5 Director - Connect  Reads the request from the client  Calculates the length of the URL and decides which server to connect to.  Calls Connect() with the address of the server containing the requested page.  Builds a semi-complete NAPT entry and inserts it into the semi-complete table.  The thread finishes and exits

Page: 12 Director 1.0 Algorithms cont. Layer 3/4 Director - Listener  Creates a raw-socket and calls Recv() on the socket  After intercepting a packet we categorize it (only TCP packets are inspected - by looking at the protocol field in the IP header we can tell which packets are TCP): 1.SYN packet – discarded 2.SYN-ACK packet – inserted into the SYN-ACK queue. 3.All the other packets are inserted into the Data queue.

Page: 13 Director 1.0 Algorithms cont. Layer 3/4 Director – Connection Establisher  In order to extract the sequence numbers we examine the SYN-ACK packets which are stored in the SYN-ACK queue.  Removes a packet from the queue and searches for the semi-complete entry which has the same port and IP.  Updates the sequence numbers according to the direction of the packet (client-server or server-client)  Inserts the seq. no. into the ACK-3 queue (explained later)  If both directions are updated, the entry is removed from the semi-complete table and entered into the NAPT table.  Loop back to remove a new SYN-ACK packet

Page: 14 Director 1.0 Algorithms cont. Layer 3/4 Director - NAPT  Removes a packet from the Data queue.  Checks if the packet is the ACK packet from one of the handshakes (by comparing its sequence number to the sequence numbers stored in the ACK-3 queue.  Searches for an entry in the NAPT table which has the same port and IP.  If no entry is found the packet is discarded.  If an entry is found we fix the source and destination port and IP, the sequence numbers and the checksums.  We update the time field in the NAPT entry.  The packet is sent onwards (to the server or to the client).

Page: 15 Director 1.0 Algorithms cont.  If an entry has received RST (from any direction), the entry is removed. NAPT timeout manager - Timeout  Every 10 seconds the thread wakes up and goes over all the entries in the NAPT and semi-complete tables.  If an entry is found which has not been used in over 24 hours, it is removed from the tables.  If an entry has received both FINs (from each direction) and at least 60 seconds have passed, the entry is removed.

Page: 16 Director 1.0 Algorithms cont. Debug - Print  At any time we can examine all the tables and queues by hitting a number and pressing enter – a thread is waiting all the time to print the contents of the threads.

Page: 17 Director 1.0 Tables and Queues NAPT and Semi-Complete tables: Each entry consists of:  Source and destination IP  Source and destination port  Client-director sequence and ack numbers  Director-server sequence and ack numbers  Time stamp  Socket file descriptors (client-director and director- server)  Flags - indicating whether we ’ ve received both FINs

Page: 18 Director 1.0 Tables Queues cont. Tables and Queues cont.  Functions: The table is implemented as a queue: Enqueue – add a new entry at the head of the queue. Dequeue – remove an entry from the end of the queue. Find – finds an address by the given source and destination port and IP.

Page: 19 Director 1.0 Tables and Queues cont. Data and SYN-ACK queues  These queues hold the packet as received off the raw socket, with the link layer headers removed – just the IP and TCP layer headers are saved.  Functions: Enqueue – add a new entry at the head of the queue Dequeue – remove an entry from the end of the queue

Page: 20 Director 1.0 Tables and Queues cont. ACK-3 queues  This queue hold the sequence no. as received in the SYN-ACK packet. This queue is used to identify the 3 rd packet of the handshake, so that it won ’ t be passed on to the server.  Functions: Enqueue – add a new item at the head of the queue. Remove – find remove an item from the queue if it exists.

Page: 21 Director 1.0 Tables and Queues cont. Address table  This table is used for storing the addresses of the servers and the clients for the use of the raw socket.  The table consists of the IP and port of the address, and a struct sockaddr_ll.  Functions: Enqueue – add a new address to the table. Remove – find remove an address from the table. Find – finds an address by the given port and IP

Page: 22 Director 1.0 In order to avoid having the kernel automatically send an ack for every TCP packet received we used the built in linux firewall:  After sending the SYN-ACK packet to the client we insert a rule in to the firewall that blocks all TCP traffic to this client (port and IP).  After calling connect() we add a rule that blocks all TCP traffic to the server we just connected to (port and IP).  When the entry is removed from the NAPT table, the rule is removed from the firewall too.  Although we are blocking all output traffic to some servers, we can still send raw data to those server using the Raw Sockets. Notes

23F0_4553_c1 © 1999, Cisco Systems, Inc. Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.