Name Services Vidya Satyanarayanan
Why do we need Name Services?
Requirements for name spaces Allow simple but meaningful names to be used Potentially infinite number of names Structured –to allow similar subnames without clashes –to group related names Allow re-structuring of name trees –for some types of change, old programs should continue to work Management of trust
Composed naming domains used to access a resource from a URL file Web server Socket URL Resource ID (IP number, port number, pathname) WebExamples/earth.html8888 DNS lookup (Ethernet) Network address 2:60:8c:2:b0:5a ARP lookup
URI Uniform Resource Identifiers (URI) offer a general solution for any type of resource. There two main classes: URLUniform Resource Locator –typed by the protocol field (http, ftp, nfs, etc.) –resources cannot be moved between domains URNUniform Resource Name –Solves the dangling problem of URL. –Given URN it return the URL. –requires a universal resource name lookup service - a DNS-like system for all resources –Format of URN: urn: : –e.g. urn:ISBN:
Name Resolution: Navigation methods Client A client iteratively contacts name servers NS1–NS3 in order to resolve a name NS2 NS1 NS3 Name servers Used in: DNS: Client presents entire name to servers, starting at a local server, NS1. If NS1 has the requested name, it is resolved, else NS1 suggests contacting NS2 (a server for a domain that includes the requested name). NFS: Client segments pathnames (into 'simple names') and presents them one at a time to a server together with the filehandle of the directory that contains the simple name. Iterative navigation
Non-recursive and recursive server-controlled navigation A name server NS1 communicates with other name servers on behalf of a client Recursive server-controlled client NS2 NS1 NS client NS2 NS1 NS3 Non-recursive server-controlled DNS offers recursive navigation as an option, but iterative is the standard technique. Recursive navigation must be used in domains that limit client access to their DNS information for security reasons.
DNS - The Internet Domain Name System A distributed naming database Name structure reflects administrative structure of the Internet Rapidly resolves domain names to IP addresses –exploits caching heavily –typical query time ~100 milliseconds Scales to millions of computers –partitioned database –caching Resilient to failure of a server –replication
DNS name servers Note: Name server names are in italics, and the corresponding domains are in parentheses. Arrows denote name server entries a.root-servers.net (root) ns0.ja.net (ac.uk) dns0.dcs.qmw.ac.uk (dcs.qmw.ac.uk) alpha.qmw.ac.uk (qmw.ac.uk) dns0-doc.ic.ac.uk (ic.ac.uk) ns.purdue.edu (purdue.edu) uk purdue.edu ic.ac.uk qmw.ac.uk... dcs.qmw.ac.uk *.qmw.ac.uk *.ic.ac.uk *.dcs.qmw.ac.uk *.purdue.edu ns1.nic.uk (uk) ac.uk... co.uk yahoo.com.... authoritative path to lookup: jeans-pc.dcs.qmw.ac.uk
DNS server functions and configuration Main function is to resolve domain names for computers, i.e. to get their IP addresses (Host name resolution) –caches the results of previous searches until they pass their 'time to live' Other functions: –get mail host for a domain –reverse resolution - get domain name from IP address –Host information - type of hardware and OS –Well-known services - a list of well-known services offered by a host –Other attributes can be included (optional)
DNS resource records Record typeMeaningMain contents AA computer addressIP number NSAn authoritative name serverDomain name for server CNAMEThe canonical name for an aliasDomain name for alias SOAMarks the start of data for a zoneParameters governing the zone WKSA well-known service descriptionList of service names and protocols PTRDomain name pointer (reverse lookups) Domain name HINFOHost informationMachine architecture and operating system MXMail exchangeList of < TXTText stringArbitrary text
DNS issues Name tables change infrequently, but when they do, caching can result in the delivery of stale data. –Clients are responsible for detecting this and recovering Its design makes changes to the structure of the name space difficult. For example: –merging previously separate domain trees under a new root –moving sub trees to a different part of the structure (e.g. if Scotland became a separate country, its domains should all be moved to a new country-level domain.
Directory and discovery services Directory service:- 'yellow pages' for the resources in a network –Retrieves the set of names that satisfy a given description –e.g. X.500, LDAP, MS Active Directory Services (DNS holds some descriptive data, but: –the data is very incomplete – DNS isn't organised to search it) Discovery service:- a directory service that also: –is automatically updated as the network configuration changes –meets the needs of clients in spontaneous networks (Section 2.2.3) –discovers services required by a client (who may be mobile) within the current scope, for example, to find the most suitable printing service for image files after arriving at a hotel. –Examples of discovery services: Jini discovery service, the 'service location protocol', the 'simple service discovery protocol' (part of UPnP), the 'secure discovery service'.
Internet gateway PDA service Music service Discovery Alarm Camera Guest's devices Laptop TV/PC Hotel wireless network Revision: Spontaneous networks Easy connection of guest's devices –wireless network –automatic configuration Easy integration with local services –discovery of services relevant to guest's needs
Service discovery in Jini Printing service Lookup service Lookup Printing service admin admin, finance finance Client Mobile client Corporate infoservice Network 2. Here I am: Request printing & receive proxy 1. ‘finance’ lookup service? 4. Use printing service Jini services register their interfaces and descriptions with the Jini lookup services in their scope Clients find the Jini lookup services in their scope by IP multicast Jini lookup service searches by attribute or by interface type
Case Study of Global Name Service Designed and implemented to provide facilities for resource location, mail addressing and authentication. GNS manages a naming database, composed of a tree of directories holding names and values. –Each directory is assigned an integer which serves as the unique directory identifier (DI). –The values stored at the leaves of the directory tree are organized into value trees. –Names in GNS has 2 parts:.
GNS directory tree and value tree for user Peter.Smith UKFR AC QMW DI: 322 Peter.Smith password mailboxes DI: 599(EC) DI: 574DI: 543 DI: 437 AlphaGammaBeta
Accommodating the change of structure Integrating 2 separate GNS – Integrate the database rooted at the EC directory and another directory rooted at NORTH AMERICA. When the client refers to the name with EC as the root, will it still be valid? will work. EC UKFR DI: 599 DI: 574DI: 543 NORTH AMERICA US DI: 642 DI: 732 #599 = #633/EC #642 = #633/NORTH AMERICA Well-known directories: CANADA DI: 633(WORLD)
Restructuring the directory Suppose US becomes part of the EC, then names beginning WORLD/NORTH AMERICA/US will no longer work. So we insert a “symbolic link” in place of the original US entry which acts as a redirection to the US directory in its new location. EC UKFR DI: 599 DI: 574DI: 543 NORTH AMERICA US DI: 642 DI: 457 DI: 732 #599 = #633/EC #642 = #633/NORTH AMERICA Well-known directories: CANADA DI: 633(WORLD) #633/EC/US US
Summary of GNS GNS addresses the needs for scalability and re-configurability. The solution adopted for merging & moving directory trees has a lot of overload.
X.500 Directory Service Satisfies the descriptive queries, designed to discover the names and attributes of other users or system resources. Range of Queries – White pages: e.g. access to obtain a user’s electronic mail address. Yellow pages: e.g. obtaining the names of all the garages specializing in the repair of a car. The data stored is organized in a tree structure with named nodes. Supports wide range of attributes,that are stored at each node Access both by name and by searching with required attributes. The name tree is called the Directory Information Tree (DIT) and the entire directory structure including the data is called the Directory Information Base (DIB).
Servers – Directory Service Agents (DSA). Clients – Directory User Agents (DUA). DSA DUA
Relation between DIB entries and OOPs...France (country)Great Britain (country)Greece (country)... BT Plc (organization)University of Gormenghast (organization)... Department of Computer Science (organizationalUnit) Computing Service (organizationalUnit) Engineering Department (organizationalUnit)... X.500 Service (root) Departmental Staff (organizationalUnit) Research Students (organizationalUnit) ely (applicationProcess)... Alice Flintstone (person)Pat King (person)James Healey (person)... Janet Papworth (person)...
Methods to access the directory 1.read: An absolute or relative name for an entry is given, together with the attributes to be read. 2.search: This is an attribute based access request. A base name and a filter expression is specified as arguments. Returns a list of names (Domain Names) for all the entries below the base node for which the filter evaluates to TRUE. Searching is very costly when it is applied to a large portions of directory tree.
Administration and updating of the DIB Interface includes operations for adding, deleting and modifying entries. Relies on extensive use of replication and caching technologies. LDAP – Lightweight directory Access Protocol The Standard interface to X.500 uses LDAP. The DUA accesses X.500 directory services directly over TCP/IP. Replaces the ASN.1 encoding with textual encoding. LDAP can be used as an interface to any Directory Service if it obeys the LDAP specification. LDAP provides secure access to directory data through authentication.
Summary Name services: –refer the binding of resource names to addresses (and other attributes) –Names are resolved to give addresses and other attributes –Goals : Scalability (size of database, access traffic (hits/second), update traffic) Reliability Trust management (authority of servers) –Issues exploitation of replication and caching to achieve scalability without compromising the distribution of updates navigation methods Directory and discovery services: –'yellow pages' retrieval by attributes –dynamic resource registration and discovery