62 17C.

102
Copy Right : Ra i Unive rsit y
N
E
T
W
O
R
K
I
N
G
LESSON 18
DESCRIPTION OF NETWORK DESIGN
How Windows Peer-to-Peer Networking Works
In this section, we briefly describe the Windows Peer-to-Peer
Networking architecture and then describe the details of the
fundamental peer-to-peer capabilities of peer discovery and
name resolution, graphing, grouping, replicated storage, and
searching.
Windows Peer-to-Peer Networking
Architecture
The architecture of Windows Peer-to-Peer Networking is
shown in Figure 1.
Figure : Windows Peer-to-Peer Networking architecture
Windows Peer-to-Peer Networking architecture consists of the
following components:
Graphing The Graphing component is responsible for
maintaining a set of connected nodes known as a graph and
providing flooding and replication of data across the graph.
The Graphing component uses the Flood &
Synchronization, Store, and Graph Maintenance
subcomponents.
Grouping The Grouping component is the security layer
provided by default on top of a graph. The security layer
defines the security model behind group creation, invitation,
and connection to the group. In addition, Grouping
leverages PNRP as the name resolution protocol - and
enables multiple applications to share the same graph. The
Grouping component uses the Group Security and Group
Security Service Provider (SSP) subcomponents.
NSP The Name Service Provider (NSP) component provides
a mechanism to access an arbitrary name service provider. In
the case of Windows Peer-to-Peer Networking, peer-to-peer
applications use the NSP interface to access PNRP.
PNRP The PNRP component provides peer-to-peer name
resolution.
Identity Manager Identity manager enables the creation and
management of peer-to-peer identities.
Microsoft TCP/ IP version 6 protocol The Microsoft
TCP/ IP version 6 protocol (IPv6) provides the transport
over which Windows Peer-to-Peer Networking operates.
The details of how Windows Peer-to-Peer Networking works
are described in the following sections:
IPv6 andNAT traversal
Nameresolution andpeer discovery with PNRP
Graphing
Grouping
Replicatedstore
Searching
IPv6 and NAT Traversal
Windows Peer-to-Peer Networking uses IPv6 as its Internet
layer. IPv6 was chosen because it restores the end-to-end
computing model to networking. With IPv6, there are no issues
with address shortage that require the use of Network Address
Translators (NATs). For more information about how NATs
translate addresses and port numbers and use port mappings
NATs for IPv4 extend the lifetime of the IPv4 public address
space, but at the expense of breaking end-to-end communica-
tion.
IPv6 support was included in Microsoft Windows XP as a
developer preview edition. A production-quality release of an
IPv6 protocol is available in Windows XP Service Pack 1 and the
upcoming Windows Server 2003 family. A common misconcep-
tion about IPv6 is that the existing IPv4 infrastructure (your
intranet and the Internet) must be upgraded to support IPv6
before it can be used. This is not true. The designers of IPv6
realized that IPv4 infrastructures will be in place for the
foreseeable future and created a series of transition technologies
that allow IPv6 traffic to be sent over an IPv4 network by
encapsulating an IPv6 packet with an IPv4 header.
The two transition technologies recommended for use and
supported by the IPv6 protocol for Windows XP and the
Windows Server 2003 family are the following:
Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
ISATAP is an address assignment and automatic tunneling
technology that is used to provide unicast IPv6 connectivity
between IPv6 hosts across an IPv4 intranet. ISATAP is
described in the Internet draft titled Intra-Site Automatic
Tunnel Addressing Protocol (ISATAP) (draft-ietf-ngtrans-
isatap-0x.txt).
6to4
6to4 is an address assignment and automatic tunneling
technology that is used to provide unicast IPv6 connectivity
between IPv6 sites and hosts across the IPv4 Internet. 6to4
is described in RFC 3056.
Copy Right : Ra i Unive rsit y
17C.102 63
N
E
T
W
O
R
K
I
N
G
For IPv6 connectivity across the IPv4 Internet, 6to4 is the
preferred address assignment and tunneling technology.
However, 6to4 depends on the assignment of a public IP
address to a computer connected to a private network that acts
as a 6to4 router. The IPv6 protocol for Windows XP and the
Windows Server 2003 family can be used as a 6to4 router either
automatically by enabling Internet Connection Sharing (ICS) or
through manual configuration. Many Network Address
Translators (NATs) that are used to connect small office or
home office networks to the Internet do not yet have 6to4
router capability. Additionally, there might be more than one
NAT between a host on a private network and the IPv4
Internet, in which case 6to4 would not work even if the NAT
connected to the private network had 6to4 functionality.
Another issue with NATs is their default inability to forward
traffic that does not use either TCP or UDP. IPv6 over IPv4
traffic uses protocol 41. If this type of traffic is not recognized
by the NAT, it is discarded.
To address the need for an IPv6 over IPv4 address assignment
and tunneling solution that works for hosts that are located
across NATs that cannot also be 6to4 routers, Microsoft is
working with the Internet standards bodies to define Teredo,
also known as IPv6 NAT Traversal (NAT-T). Teredo is defined
in an Internet draft titled Teredo: Tunneling IPv6 over UDP
through NATs (draft-ietf-ngtrans-shipworm-0x.txt).
Teredo works by assigning global IPv6 addresses that are based
on the public IPv4 address of the NAT interface that is
connected to the Internet and then encapsulating IPv6 packets
with both an IPv4 header and a UDP header. By using both an
IPv4 and a UDP header, most NATs can translate Teredo traffic.
Name Resolution and Peer Discovery with PNRP
In order for communication to occur between peers, they must
be able to discover each others presence and resolve each others
network locations (addresses, protocols, and ports) from names
or other types of identifiers. How peers discover each other and
resolve each others names for communication is complicated by
transient connectivity and the lack of address records in DNS.
Windows Peer-to-Peer Networking solves this problem with a
name resolution and peer discovery scheme with the following
attributes:
Distributed and serverless for name resolution
Like DNS, the complete list of names is stored on
computers throughout the cloud. Unlike DNS, there are no
servers that provide name resolution. Each peer stores a
portion of the list in its cache and can refer to other peers.
Central servers are not used to resolve names. Windows
Peer-to-Peer Networking is not strictly serverless, as there is a
seed node that facilitates initialization.
The use of identifiers (IDs) instead of names
Rather than using a name, such as a fully qualified domain
name in DNS, IDs are used to identify peer entities. IDs are
just numbers and therefore are not subject to language and
trademark or copyright issues.
The use of multiple IDs
Each separate peer computer, user, group, device, service or
other type of peer node can have its own peer ID.
Ability to scale to large numbers of IDs
The list of IDs is distributed among the peers using a multi-
level cache and referral system that allows name resolution to
scale to billions of IDs, while requiring minimal resources on
each node.
The protocol used to send messages between peers for name
resolution and peer discovery is Peer Name Resolution Protocol
(PNRP).
PNRP uses multiple clouds, in which a cloud is a grouping of
computers that use addresses of a specific scope. A scope is an
area of the network over which the address is unique. PNRP
clouds are based on the address scopes for IPv6 addresses. The
following clouds are defined:
The global cloud corresponds to the global IPv6 address
scope and represents all the computers on the entire IPv6
Internet. There is only a single global could.
The site-specific cloud corresponds to the site IPv6 address
scope and site-local addresses. A site is a portion of an
organization network that has defined geographical or
topological boundaries. There can be multiple site-specific
clouds.
The link-local cloud corresponds to the link-local IPv6 address
scope and link-local addresses. A link-local cloud is for a specific
link, typically the same as the locally attached subnet. There can
be multiple link-local clouds.
Figure. An example peer-to-peer network
Graphing
A peer graph, or graph, is a set of nodes that are multiply
connected to form a coupled network of nodes for the
purposes of propagating data in the form of records or point-
to-point data streams. Another way to think of a graph is as a
collection of peer graph nodes connected such that any peer
graph node may communicate with all other graph nodes via a
series of logical neighbor connections. A peer graph node is a
peer connected to a peer graph.
64 17C.102
Copy Right : Ra i Unive rsit y
N
E
T
W
O
R
K
I
N
G
A peer graph is built and based on flooding. Flooding is the
process of propagating a record to all users connected to a
graph. A flooding protocol is used to do the following:
Propagate the addition of new records to all the nodes of
the graph.
Propagate the updates of changed records to all nodes of the
graph.
Propagate the deletion of deleted records to all the nodes of
the graph.
To perform these functions, each flooded record that is
identified by a globally unique identifier (GUID), has an
increasing version number or sequence number, and is further
qualified by an age or a status.
In addition, a synchronization process ensures that peers have
the same set of records, which can result in the flooding of
more records.
A well-connected graph has the following properties:
It is connected. There is a path between any two nodes,
It has a small diameter. There are a relatively small number
of hops between the nodes on the farthest edges of the
graph. The benefit to a small diameter is that updates are
propagated rapidly to all graph nodes.
It is robust. The graph remains connected even if some
nodes or some connections disappear.
A graph is built based the connections of neighbors. A
neighbor in a graph is a peer graph node that is one graph hop
away (is directly connected via a TCP connection). A graph hop
is a logical connection that operates above the Internet layer, and
can therefore be one or multiple router hops away.
A node ID is a random number a peer graph node chooses
when they connect to a peer graph. The node ID should be
unique across the graph. A graph is identified by a graph
signature, which is the lowest node ID of all graph nodes
connected to a peer graph. The graph signature is used to detect
breaks in the graph known as partitions.
Graph Maintenance
The flooding protocol already defines how information is
flooded throughout the graph. The graph maintenance
protocol defines how the group evolves to maintain robust
connectivity and to maintain a small diameter. This is done
through the following:
A signature procedure computes the signature of a group. If
the group is partitioned, each of the partitions will have a
different signature. This can be used to detect that two or
more partitions need to be repaired. Designated nodes in the
graph known as contacts keep track of the signature records.
Contacts are elected randomly.
A reconnection procedure allows nodes to establish
appropriate connections.
A disconnection procedure allows nodes to leave a graph
without creating a hole in the graph.
When information is flooded across the graph, a graph node
that has multiple connections will receive multiple copies of
it. To decide which connections to keep and which to
remove, a graph node evaluates flooded information and
calculates a bidirectional utility index, a number used to
indicate the usefulness of the information sent between
given connected peers. The utility index has a low value when
the information sent across the connection has been
consistently previously received and is of no value.
On an ongoing basis, based on the current utility index and the
information that is received during the flooding, peer nodes
make adjustments in their connections to neighboring nodes.
Connections are created and removed so that the graph
converges to a topology that is optimal for flooding for the
current traffic pattern.
Grouping
Grouping is the combination of PNRP, peer graphing, and the
Microsoft Peer Grouping security provider. The Microsoft Peer
Grouping security provider provides the following:
The management of the credentials of the members of a
group
The secure publication of records in a group
A unique group ID identifies every group. This group ID is
used by group members to differentiate between different
groups for which the local machine is a member, and also for
identification of groups between different peers. Groups use
secured peer names, as defined for PNRP, as group IDs.
For secure groups, participation is restricted to a set of users
known as group members. Every group member has an
identity, a unique peer name, and credentials that prove the
ownership of the group members identity. Every group
member also has credentials to prove they are a member of a
group.
Information in the form of records is securely flooded
throughout a group. A record contains the following:
The publishing member identity
Data to prove record validity
A validity time
A payload that contains the record information
The security provided by Windows Peer Grouping is a combi-
nation of the following:
Peer names
Group membership certificates (the credentials associated
with peer names)
Roles (member and administrator)
Secure publishing
Security policies
Secure connections
Replicated Store
The replicated store is the set of records associated with a graph
that are securely published and synchronized between all the
members of the group. The replicated store represents the view
of the group data, which should be the same for all group
members. Graphing ensures that records are propagated to all
nodes. Grouping prevents unauthorized records from being
propagated throughout the graph. Record replication between
Copy Right : Ra i Unive rsit y
17C.102 65
N
E
T
W
O
R
K
I
N
G
group members uses SSL to provide encryption and data
integrity for record data.
When a new group member joins the group, they automatically
receive all the group records from the current group member to
which they attach. After the initial synchronization, group
members periodically resynchronize their replicated stores to
ensure that all group members consistently have the same view.
After joining the group, applications can register new record
types and begin publishing them using the security of the
group. When an application publishes a new record, the security
mechanisms for the group are applied to the record and it is
published securely. New records published by applications are
automatically flooded to all group members.
Applications can also register interest in receiving all the records
of a specific record type. When the record is received, the
application is notified and the record data is passed to the
application. For example, a group chat application can register
interest in receiving all chat records types so that it can monitor
the chat activity within the group and notify the user appropri-
ately.
Searching
Searching is the mechanism for locating data within the group.
There are two different search models:
A local search searches the replicated store, the set of local
records for the group. In a local search, a group member does
not send search queries to other group members.
A distributed search sends queries to group members.
Windows Peer-to-Peer Networking does not yet support
distributed searches, however the architecture of Windows
Peer-to-Peer Networking does allow you to develop
distributed searching components and capabilities.
For Windows Peer-to-Peer Networking, the local search includes
the use of the common logical operators AND and OR, and
the use of not equal. Because all group records have a
common set of fields, you can perform keyword searches on
these fields. Group records can also have a set of attributes,
which are extensible metadata that describe the record. As long
as the schema for the included attributes is followed, you can
also search on the information in the record attributes.
Summary
The Point-to-Point Protocol (PPP) originally emerged as an
encapsulation protocol for transporting IP traffic over point-to-
point links. PPP also established a standard for assigning and
managing IP addresses, asynchronous and bit-oriented
synchronous encapsulation, network protocol multiplexing,
link configuration, link quality testing, error detection, and
option negotiation for added networking capabilities.
PPP provides a method for transmitting datagrams over serial
point-to-point links, which include the following three
components:
A method for encapsulating datagrams over serial links
An extensible LCP to establish, configure, and test the
connection
A family of NCPs for establishing and configuring different
network layer protocols
PPP is capable of operating across any DTE/ DCE interface.
PPP does not impose any restriction regarding transmission rate
other than those imposed by the particular DTE/ DCE interface
in use.
Six fields make up the PPP frame. The PPP LCP provides a
method of establishing, configuring, maintaining, and
terminating the point-to-point connection.
Review Questions
Q What are the main components of PPP?
Q What is the only absolute physical layer requirement imposed
by PPP?
Q How many fields make up the PPP frame, and what are they?
Q How many phases does the PPP LCP go through, and what
are they?