Cisco IP routing [Book Review] - IEEE Network

El NEW BOOKS and MULTIMEDIA/Edited by Ioanis Nikolaidis

The New Books and Multimedia column contains brief reviews of new books in the computer communications field. Each review includes a highly abstracted description of the contents, relying on the publisher’s descriptive materials, minus advertising superlatives, and checked for accuracy against a copy of the book. The reviews also comment on the structure and the target audience of each book. Publishers wishing to have their books listed in this manner should send copies and appropriate advertising materials to Ioanis Nikolaidis at the address below, with an indication that books are intended for the IEEE Network New Books and Multimedia column. Appropriate books will be reviewed in the column. Ioanis Nikolaidis Computing Science Department, University of Alberta, Edmonton, Alberta, Canada T6G 2E8

Stream Contrcd Transmission Profocol, A Reference Guide Randall R. Stewart and Qiaobing Xie, 2002, Addison-Wesley, ISBN 0-20 17 2 1 86-4, 35 1 pages., hardcover, CD-ROM included The Stream Control Transmission Protocol (SCTP) is another transport layer protocol for IP, presented in RFC 2960. SCTP’s particular feature is the conservation of messa,ge boundaries (as opposed to TCP’s lack of such a feature). SCTP is motivated by the inconveniences of TCP’s ordered byte stream service model. For example, contrary to TCP, SCTP allows reordering of the messages, as long as integrity of the messages is maintained. Furthermore, the idea of multihomed IP hosts (as exhibited by IPv6) is not exploited by TCP, and TCP is also vulnerable to certain denial of ser-

present the mechanism for future extensions, a proposed API (essentially a socket-based one, including some not yet finalized socket option flags), and the SCTP Stream feature through certain example applications (ftp-like transfer, call control, Web browser). The book is complemented by a CDROM providing an open source SCTP reference implementation.

Cisco IP Routing Alex Zinin, 2002, Addison-Wesley, ISBN 0-201 -60473-6, 635 pages, hardcover. What Zinin’s book achieves that the majority of books on vendor-oriented (and Cisco in particular) routing fail to capture is the description of what goes on inside an actual router, in terms of the algorithms and data structures used. Given the complicated nature of most routing algorithms and relevant configuration information, understanding the principle of operation does not imply a good understanding of what a specific sequence of commands (in the case of Cisco, the 10s commands) will produce as results or side-effects. Compounding the problem is the fact that several routing algorithms may be used on a single router, their interaction and correspondence being anything but trivial. Explanation of the internals is achieved in

EDITOR’S CHOICE Web Caching and Replication Michael Rabinovich and Oliver Spatscheck, 2002, Addison-Wesley, ISBN 0201-61570-3, 361 pages, softcover. Rabinovich and Spatscheck remind us that not only human users, but also an increasing number of computer applications rely on the Web, demanding even better performance from its services. Even if we ignore such computer applications, the idea of even better Web use experience is pushing the envelope of performance. Caching and replication are two widely used techniques for improving

vice attacks. SCTP essentially provides a

performance in such client-server environments. These particular techniques gave

solution to these issues, while maintaining the same congestion control logic as TCP. The book is geared to protocol developers and implementers, but can be read by anyone curious to know of SCTP’s features or wishing to discover limitations of TCP and how they can be solved. It is not surprising that a chapter is dedicated to comparing and contrasting TCP and SCTP. If we factor out the TCP vs. SCTP chapter and the introductory (mostly terminology) chapters, what is left is a detailed, down to the last bit, description of SCTP. People who enjoy understanding the low-level details of protocols, from headers to underlying state machines, will certainly enjoy such detailed coverage. In the order presented, the topics are: packet formats and header information, setting up SCTP associations (and underlying states), the data transfer stage (what are called DATA chunkcs), the congestion control mechanism (providing precise implementation guidelines), failure detection and recovery, dealing with out-of-the-blue (OOTB) packets, and closing/terminating a n association (graceful or not). Additional chapters

rise to new industries (equipment and services alike), and a good understanding, of what is achievable and why, becomes necessary for anyone wishing to purchase and integrate equipment and services into their Web infrastructure. The book serves the purpose of properly calibrating the expectations from these two techniques. The intended audience spans IT professionalslooking at improvingtheir own installed infrastructure to graduate students and, in general, researchers in the area. Indeed, the book provides a wide collection of research results, summarized and structured in concise fashion. It is demonstrated how even the last drop of performance can be squeezed. For example, the oxymoron in the title “Caching the Uncacheable” illustrates how cookies (and other stateful information) and dynamic content can be exploited. The book is organized in fiveerts; the first is, predictably, an introduction to some essential protocols (IP, TCP, and HTTP). The description of HTTP is focused on extensions relevant to caching (conditional requests, request redirection, cache-control header, cookies, expanded object identifiers, learning of proxy chains).The part ends by reviewing resultsin measurement and evaluation of object sizes, types, and popularity, arguing the general difficulty of staging a single representative experiment that can have globally valid results. Thenexttwopartscoverthetwokeytopicsofthebooktitle. Cachingspanssevenchapters, covering reasonable expectations, deployment techniques (transparent, nontransparent), cooperative proxy caching, cache consistency, replacement policies, prefetching, and caching the uncacheable (dynamic content). The part on replication covers mechanisms for request distribution and how to implement them (DNS-based, anycast, distributed file systems, redirection by applets and HTTP, L7 switches), specialized content delivery networks (CDNs), and server selection schemes. It is to be commended that the book ends with a review of the more exotic options and less established trends, such as transcoding, the Internet Content Adaptation Protocol (ICAP),watermarking, cooperative CDN, and forward proxies.

A

IEEE Network

March/April2002

2# NEW BOOKS and MULTIMEDIA

li

/

this book by providing the (C-like) pseudocode of what essentially happ’ens behind the scenes when certain c mmands are invoked (we are warned not to expect that the pseudocode is a qneto-one reflection of the actual Ci co source code, but rather a summariz d idea of the control flow). That beidg said, understanding the internals boil down to understanding the pseudocode, possibly alienating some readers n t keen on reading code. Nevertheless, one can approach the pseudocode on an hs needed basis, when the behavior of c Immands is not exactly as intuitive as Xne might expect. The reader is assumed to be familiar with networking, but a short review of IP addressing and its relation to routing is nevertheless provided in the introduction. A chapter describes the routing information organization and management inside Cisco routers, followed by a chapter that describes the IP forwarding process options present in Cisco routers: fast, optimum, distributed, NetFlow, and Cisco Express forwarding. After the internal mechanisms and forwarding options come the chapters on actual routing protocols: static routing, dynamic routing, distance vector protocols (RIP and IGRP), and link state protocols (OSPF and IS-IS). A separate chapter describes Enhanced IGRP, Cisco’s proprietary protocol. The style is geared toward answering specific questions as to why things work in a particular way, instead of just how. Consistent with the book’s scope, each chapter includes several examples and is followed by a Q-and-A section of the most frequently asked questions.

t

l+ P

sl’

cally the cryptographic techniques include DES, 3DES, IDEA, SAFER, Blowfish, CAST-128, RC2, RC4, RC5, RC6, AES, RSA, Diffie-Hellman, EIGamal, DSS, ECC, digital envelopes, key protection, and pseudorandom sequences, as well as certain legal issues. The reader should be warned that the presentation of cryptographic techniques is severely condensed (the topics listed above take less than 28 pages of the book); if interested in the properties and limitations of a scheme, instead of just its application, the reader is advised to seek other sources of information. From the remaining parts, the second is devoted to firewalls: packet filtering, SOCKS, application-level gateways, configuration of firewalls, and in gcneral the architectural elements of a potentially secured network. The communications part pays attention to a handful of specific protocols at different layers of the protocol stack, explaining their principles of operation. These include MS-PPTP, IPsec, SKIP, IDE, SSL, TLS, Kerberos, SESAME, PGP, and SWIME. The book ends with a discussion of PKI (certificates and certificate authorities), and a short overview of electronic commerce, risk management policies and principles. Overall, the book is written for an audience without necessarily a significant technical background who wish to quickly rcview a broad introduction to the available techniques and protocols of network security.

I .

If‘ SANS,A Guide to iSCSI/ iFCP, and FCIP, Protoco/s for Storage Area Networks

Internet and lntranet Sewrib 2nd Edition Rolf Opplinger, 2002, Artech House, ISBN 1-58053-166-0, 403 pages, hardcover. Rolf Opplinger’s book is an attempt to present security in networks (intra- and internets) in a unified fashion. For a long part of the book, networking and cryptography are presented separately, coming together in the second half (“Communications Security”). The contents cover not just cryptographic aspects of security but also general-purpose security mechanisms that can be used to enhance security, such as packet filtering and firewalling. The first part lays the foundations, including terminology, basics of TCPIIP, types and nature of attacks, the OS1 security architecture, and a brief review of cryptographic techniques followed by authentication and key distribution techniques. Specifi-

Tom Clark, 2002, Addison-Wesley,

deployment. Part of the problem is purely the syntactical aspect of such protocols (performance being the other one) that allow, for example, SCSI commands to be conveyed via IP. To this extent, the book presents the SCSI Architecture Model (SAM-2), and SCSI architecture in general (Chapter 4) which is key to understanding the rest. A sequence of chapters ( 5 , 6, and 7 ) provide a review of IP, UDP, and TCP for those unfamiliar with networking. The rest of the book centers around IETF’s Fibre Channel over IP (FCIP), Internet Fibre Channel Protocol (iFCP), and Internet SCSI (iSCSI). These protocols are described in detail, and they correspond to, respectively, FC extensions to connect remote FC SANS via IP (FCIP), mapping between IP and FC end nodes (iFCP), and replacement of FC and devices with native IP storage devices (iSCSI). Another important factor of IP SANs, especially in larger installations, is their management; this is covered in Chapter 9 through presentation of the Internet Storage Name Server (iSNS) protocol. To complete the presentation, security and quality of service of S A N S are presented, even though they are not as closely related to SANs alone per se, but rather to IP security and QoS. Arguments to convince the reader of the value of the application potential of SANs can be found in Chapter 13, from obvious choices (backup) to performance-driven applications (server clustering and massive data distribution). Appendices provide information about the Storage Networking Industry Associ- ‘ ation (SNIA) and IP storage (and rela’ted) vendors.

ISBN 0-201-75277-8, 288 pages, softcover.

java.rmi The Remote Method Invocation Guide

The objective of storage area networks (SANs) is to produce logical storage units that are in fact scalable collections of storage devices over a network. While storage devices are well appreciated as scalable in terms of capacity at a nearly exponential rate, the extent to which a specific network technology is to be uscd and its shortcomings, in terms of scalability, are still an issue for research and development. One prevailing school of thought advocates the use of IP as the network technology of choice. The deployment of SANs over IP requires the solution to a plethora of problems because of the need of a legacy general-purpose internetworking protocol (IP) to efficiently support relatively recent protocols, of specialized nature (SCSI, Fibre Channel), some not even intended for WAN

Esmond Pitt and Kathleen McNiff, 2001, Addison-Wesley, ISBN 0-20170043-3, 284 pages, softcover. The idea of distributed programming across heterogeneous CPUs, OSs, languages, and data formats has galvanized researchers and software developers alike, producing, for example, RPC and CORBA. The emergence of Java as a universal programming language led, naturally, to its use as a step toward simplifying distributed systems programming. The bulk of functionality in support of distributed applications under Java is known as the Remote Method Invocation ( R M I ) API. RMI is already quite popular in the development of applications, but the range of information necessary (which goes beyond the Java RMI doc~

IEEE Network

March/April2002

5