WWDC2004 Session 104

Transcript

Kind: captions
Language: en
ladies and gentlemen please welcome our
first presenter senior networking
engineer Laurel daman good morning
everybody and welcome to the coordinate
working update so this only will talk
about the goal of this session for for
the core networking update we want we
want to do an overview of my quest and
networking and the different components
that are you know involved in networking
for mac OS 10 and of course we'll also
talk about what is new in Tiger the
tiger is a big shame for this wwc and
also a second part of the session will
have a networking API overview we'll go
through the different level of API that
we have in Mac OS 10 for which are
related to networking and try to see you
know which API belong for you as an
application or a developer which API to
use best fit you know what you're doing
so we'll we'll look at that so first of
first of all I'd like to to remind some
of the ongoing goals that we have for
the core networking in mac OS 10 so one
you know one of the first goal is the
ease of use that you know probably a
trademark of Apple and the Macintosh so
we're trying to make sure that the
networking in Mac OS 10 is really easy
to use so that's one of our first call
second goal which which goes with the
first goal is mobility there is a big
and faces for us about having or user
Mobile's I see here quite a few people
you know running with power books and
that's that's a pretty big focus for us
to make sure that your mobile networking
experience is very smooth and and
powerful but you know everything works
together so that's one of our big goal
the other big ol we have specially
considering that we're unix-based and
we're getting
more into the server is the performance
so we're trying to make sure that we can
squeeze every little bit of performance
out of the of the Macintosh in the
system through the networking stacks and
all the networking component in Mac OS
10 and one other ongoing all that we
have in Mac OS 10 is is security you've
you've heard you know that there is a
few security update and you probably
seen that in your in your software
update and one of the things we're
trying to see in internet working part
specially is that we're based on
standards that are pretty much done in
another time where things were more
friendly computers were you know on the
same network and trusted each other and
that kind of ID change a little bit in
the last few years so security is a big
we're trying to make sure that
our status is all current with all the
fixes and all the you know oh all the
problems that that are found our perfect
you know as rapidly as we can so that's
an ethical extensibility we'll talk
about some new things that we've done
this year for Tiger to extend the
networking in different way for you guys
to to be able to create your own
Caxton's and those kind of things will
go in detail into that another of course
ongoing all the standards we're very
very close to standards we're trying to
make sure that we follow all the
standards and we're good citizen in term
of of networking world where different
nodes are coming from different vendors
and different you know vision of the
world we're trying to make sure that we
not only follow standards but we also
give some room to interpretation when
some usage things are a closer to the
realities and closer to standard so
that's that's one big focus for us also
in the core networking making sure that
we follow all the standards so here we
get a little graphic trying to explain
remind you probably for most of you
how networking Mac OS is Mac os10 is
structured so if we look at the lower
part the colonel part one of the big
component of the Mac os10 networking is
is in the colonel just as a reminder the
downwind kernel which which is open
source so you guys can check out the
forces and check all the code in there
is made pretty much of the bsd part of
the kernel which as a networking part on
your left and which is a little bit i
lighted in the file system also in the
darwin Colonel we have the mac colonel
part which provides basic you know s
services scheduling memory of this kind
of neat stuff underneath that we add the
i/o kit layer which as driver developers
know is what provides the interface with
your driver hardware driver for a
networking card or something like that
so if we focus a little bit inside that
that part which is the networking we're
based on v.i.c stack so we have of
course you probably know the socket
layer on top of that which mirrors the
bsd socket from user land and underneath
that we get TCP UDP ipv6 ipv4 IP cycle
those are part of the colonel and we
have and this is part of what you'll
find in a in a standard of ESD like
system and we have a little different
here which somehow mirror CIO key player
for driver which is a data link
interface layer which is something
specific that we have for you to hook up
you know sort of drivers or drivers in
internet working stack that's that's how
the system structures on on top of that
unusual and we have the bsd socket which
provide us you know basically the
projects like and also the unix like a
socket interface that most of all other
layers are based on the layers using
a networking and on top of this D socket
we get core services which will go into
more detail about the API for that level
which are based GF networks and all
those guys which which are based on this
PhD sockets or client of the bsd socket
and of course on top of that we have
probably your application which may talk
directly to the core services through CS
network or some other layer or directly
to be at the socket or maybe a
combination of both or could also talk
directly to the colonel through some of
the means that we'll talk about during
the session so yeah this is a little bit
and i'll light highlight about what
we're going to be talking about here in
this session we're focusing on the
networking part of the colonel and the
year socket and the other layers on top
of that so i think a pretty much talked
about things in this slide but i always
want to remind everybody that you know
for architecture is based on the freebsd
so we did a report you know few years
ago and so we're pretty much BS before
four plus a bunch of others think but
this is this is the core of what for
networking stack here so what does it
mean for you it means that because we're
very close to a bsd means that it's easy
to port unix-like applications so if you
have a tool or an application which is
you know coming from 3g or another
flavor of BSE it's really simple to get
that to work on mac OS x so that's
that's a big plus the fact that we're
based on freebsd also means that we have
a very robust architecture in terms of
the stack and it's a well-proven you
know in there for a long time it's been
improved it's been you know tested in
very different ways so that sets a very
very good solution for us also it means
that the because it's open source the
code is available so for you developers
you can go and check out the darwin
project and you know you have some some
you know wondering how we do this or
what's going on you can always check the
code and we actually added a few cases
where people were coming and say hey
I'll look in this code source you know
in the source code there for darwin and
i found this problem in this you know in
this area and so we looked at it oh wow
yeah that's a problem so and we fix it
so we do that so you know feel free this
is all open source everything in the
kernel for for the networking is there
so we have so because we have this we
have the tcp/ip stack and we with the
work of cannae a few years ago we
integrated ipv6 and ipsec in in in the
stack also so we also have a full range
of PPP Elementor which is part of the of
what we have in Mac OS 10 we get PP
pppoe we got a bunch of other things we
get a VPN solution which is in the
kernel also we which is based in on PPP
to TP and and also you know leveraging
from IT sack we also have a firewall IP
fire oh sorry and the net which are part
of what of what we got from freebsd now
we get ipfw to also we'll talk about
that and that which give you things like
the internet sharing in new zealand it's
based on the net that we have in the
kernel here and some of the things that
we have and we added the you know from
Apple so I things like dynamic
configuration we made in the past few
years a lot of work to make sure that
this you know freebsd stack that we got
is we're talking about mobility of few
minutes ago is more aware of mobile you
know environment means that we have
events and a lot of things that we added
to make sure that things in New Zealand
get notified when we change your address
or when there's a dns change or all
those kind of things so all that is it
work that we added around this part in
the core of the networking to make sure
that those events you know telling you
the interface came up or all those kind
of things you know bubble up to reuse
land into some some tools that will make
sure that the configuration get yet you
know readjusted in function of what's
going on in terms of you changing your
airport you know plugging in your
Ethernet cable or going home and all
those kind of things other than through
some basic mechanism we added in that
global tax it sets that we got from from
PSD and of course we are sure you're all
aware that we have rendezvous and the
dns service discovery is one of the
things that we have also in our
networking architecture which is central
to a lot of the services that are used
by I apps and a lot of things like that
so so now that we with you know in broad
turn kind of described what's going on
in terms of the networking architecture
in that case then I'd like to to talk a
little bit about what is new in tiger so
since last year a year ago we're here
and and all the focus were wasn't enter
and we introduced a lot of interesting
things in in painter but this is a new
year and now tiger is the focus and on
Tiger we got a lot of exciting new new
changes also we have we have some very
core changes of this year in Tiger we
get some kernel changes you may have
heard from you know few slides or
background presentation that we're doing
something about fine grain locking and
we're going to go in more detail about
what this being and what those changes
are another thing that changes that is
related to that is we now finally have
some kernel programming interfaces that
are more modern and give a lot of new
functionality so we'll talk about that
we also have some good changes in IT
sack and we also have you know villains
changes that that we're not there you
know when we talked last year we also
have a bunch of huge event changes some
IT configuration changes high-level
preference API which is new in Tiger so
talk a little bit about that other
changes ipfw to which is an upgrade or
for firewall solution if you want both
from from new zealand and the colonel
and also site-to-site VPN so fine a
grain colonel fine grain locking okay so
what why do we need well to have a
little recap here we are we said we're
using the BS inside of the networking
the stack and everything busy
historically as one you know in the
kernel you get one thing is going on at
a time so what we did previously in Mac
OS 10 is that we add the mechanism which
we we called funnel which means that we
were trying because we we have a lot of
machines that are SMP so we get you know
it serves but even your g5 and
everything most of them are as to
processor nowadays so in order to not be
completely locked into the kernel where
one thing can go at a time and
everything is waiting for it we used to
have this mechanism we called funnel
which basically let us do on one
processor some networking operation
while the other processor might be doing
you know you stole an operation or you
know file system operation so we had
where this kind of split personality in
the kernel we're only two things could
could go at a time but two different
things we couldn't have to networking
operation going on so the problem with
that is this model we've lived with it
for a while and it's been working pretty
well but it's got some fundamental issue
with it and you know one of them is not
really scalable when your server like an
xserve and you're trying to do just you
know net traffic and everything is going
through your cash you don't do any any
file system operation and basically you
have one cpu which is really loaded and
joseph one is kind of idle so because
everything is going forces for the
networking and and so you know there's
there's this big funnel which blocks
everything so what we did in Tiger is
that we change and/or pinning of
this by instead of having those two big
locks adding you know finer grain
locking a different level in the
networking stackin in the rest of the
colonel so that we can have simultaneous
operation going on for you know
different operation both in the file
system and end in the networking so
another thing that we added here is and
that was part of our previous model
issues that we didn't have reference
counting for objects so if you added you
know multicast addresses let's say you
know we didn't really keep track of who
added multicast addresses we removed it
and in some corner cases we might have
some issue you know where we lost
reference and so that newscast address
was leaked you know so we had some some
problem with some objects that might
leak or might not be you know in the
right in right situation so we're fixing
that with the fine grain walking in the
kernel and by having you know new us
counting for for most of the object sets
we're using internet working and one of
the thing about this is that it's it's a
transparent to application it's really
only in the kernel that we're changing
the socket layer and all the programming
model for for applications that are in
New Zealand doesn't change however you
know this is a new model for kernel
extensions because we're changing so
many things in the ways of stack
structure that Colonel extension will
have to change but we'll talk about that
so the biggest reason for doing going
with finer grain locking symmetric
multiprocessing getting a big thing you
know they're you know arrays of fixers
and everything we're trying to get
maximum power out of those machines and
to do that we had to do some changes so
in simply improvement that we've done
this those finer grain looking you know
networking and file systems for boots
are our will be better because we get
some parallelism we have to Mize the
data layout in the colonel by having you
know those locks by finer object
instead of having one big lug that gets
everything reference counting and also
provide because we're changing all this
at the same time we're providing new
stable Colonel interface that that go
beyond behind I oak it so as a kernel
extension writer you'll be able to to to
use some more stable interfaces so I've
been talking about throw this but
anyways just as a reminder this is this
is what what the colonel locking is for
the be a sign painter so we see on the
left networking stack in the South
system and both of them are just you
know funnel by those big logs where
everything coming in or out is all you
know stop by this lock so you need to
acquire that that lock before you you
can do any networking operation of our
system operation so now if we zoom in
into the networking stack in Tiger we
see at the socket layer we get some
smaller lock sure add the protocol layer
same thing in the interface layers same
thing so what it means is that if let's
say one application is is doing your
socket operation on it so get a on TCP
it will be at the same time will be able
to perform another operation and as a
socket without you know contending for
that one lock and serializing all those
operation so we're getting this more
parallelism I was talking about so
that's that's going to be a big win this
is our new model it's still an evolving
model but pretty much this is the
direction we're going on where we're
going to get you no finer locks & finer
you know entities that said that get on
yeah it sucked so so we can have more
parallelism and live on different
sockets and they're doing the same thing
for the file system and there's a
session this afternoon that will explain
all that so the other big change that we
have in the kernel parts here which is
related to the change for the
the finer grain marking is the colonel
programming interfaces for about 3-4
years I think now we've been telling you
know people were writing Colonel
extension Network Colonel extension next
year we're going to break you you know
we're changing all this well this is a
year so there is a full session about
this this afternoon but what happened is
that because we had to change all those
colonel structures for locking for ref
counting and everything it was the right
time to provide a new API for you guys
were writing kernel extensions that kind
of visa late from the implementation of
the networking stacks and of the
internal of what we're doing that way we
have more way to to improve it or change
it or fix bug we had we had a lot of
problems in the past few years we're
trying to fix bugs and we needed a new
field in one of the structure in the
kernel and we've never been able to do
the right fix because some you know
Colonel extension which was linked
against a colonel was using that that
field or that structure and by by adding
a new field we were just breaking them
so that's that's not a sustainable model
in the long run and went to scramble and
find ways to get around that with this
new model that we're introducing for for
the final grand locking and the new
criminal interpreting interface you will
not be able to get through the structure
directly there won't be an intimate
knowledge of the colonel implementation
that that way you know we can change you
live accessors and those kind of things
and that way we can change the
implementation without disturbing the
text you know itself so that's that the
issue with the NK is today is that they
have an intimate knowledge of the
colonel implementation basically you
need to be reeling you know something
and there is some confusion with those
interfaces and some missing function
ology also so we're addressing that
there is new kpi's the colonel
structures are are opaque now and there
is access of functions
all those things that you used to do by
directly calling into into or directly
accessing the structures one other thing
we just talked about there's a new
locking model the locking and the
reference counting are implicit so when
you're doing one operation with your nke
on a socket or something like that will
will take care of locking the target for
you Andres counting it but you know
we're not doing the walls of you you
will now be responsible for for doing
your own locking of your own structures
because before you were protected by
those funnels when nobody else could get
into your structure when you were in
there now because of this simultaneous
operation we can get with the final
grain locking it's really possible that
you know multiple thread will be or
early text you know Global's will be
accessed by multiple threads for we know
so you need to and will provide
primitive for that you need to lock your
own structure also so one of the other
thing with those colonel programming
interfaces that we're providing a more
consistent behavior across API so there
was some confusion we're trying to
address that and the drawback of all
this as I said for years we said we're
going to braid to the printer penser nks
that you have right now the kernel
extensions well they will need to be
reworked to work on tiger because there
is no way by by doing the extensive
changes we've done in the colonel we can
provide compatibility with those nks
that were you know basically fetching
stuff Alice structures and linking
directly so there's there's no way for
that so just a little overview hear
about the networking KPI level that we
introduced this year we get in dark blue
here we got a socket you know socket
well we get socket KPI socket filter IP
filter plumber' functions and the face
filter and interface and so there is a
full session of this afternoon at three
thirty talking about those
new networking KPI so if you're
interested in this I highly recommend to
go and see all the glory details about
what's going on here but I just for four
people were you know just new to
networking here and so just want to make
sure that you understand that KP I mean
the NTS are really a large a last resort
solution as a as a networking developers
to do some things that you cannot do in
New Zealand it's good for doing things
like content inspection you know you're
trying to see what's going on and all
the packets coming in from one interface
or on one socket to dupe pseudo
interfaces it's very specific things I
guess filtering or you're trying to do a
network file system those are good good
cases where you can use nks but try
first to see if you cannot do that in
New Zealand because working in New
Zealand is where with you know easier
than working in the colonel in the
kernel we can panic and now we introduce
a new thing you can deadlock you know so
and those things are not energy really
easy to debug for your user if your
program doesn't work very well you know
it will panic will give a bad experience
so the performance advantage of working
in the kernel for most things is really
negligible so unless you have a you know
really a good reason you know do do what
what you have to do in user land we
provide and we'll go through this a
bunch of other way to to access api's
and access some of the colonel
functionality from user land so as much
as you can it's recommended that you use
that so yeah programming in the kernel
is dangerous and you know go see the
session this afternoon at three thirty
to get all the all the detail belt will
go through all those api's and and and
and and see what they're doing and
exactly what you have to do with that so
some of the other changes that we have
44 Tigers here and ipsec improvements so
the biggest thing that side is that we
have a completely new aes crypto engine
in the colonel so you may know that the
Apple VPN solution we introduced last
year inventor is based on IP sac and is
using in all to tiki and it's also using
a yes so what we did is we did some work
here and we get something that said
really give us some good optimization
and we're getting twice the performance
throughput twice obscure put with a VPN
now with this new crypto engine to it so
it's a good thing that we have in Tiger
here we have a lot of bug fixes you know
security fixes we're talking about
security within you know monitoring all
the exchanges and all the IT security
things pretty closely and so raccoon is
or I complementation that we have in my
quest and and we've we've been you know
doing some improvement there too and
also one of the benefit of the finer
grain locking we just talked about is
that we're providing more parallelism 90
sec I praefectus is a very heavy
computational engine because you do a
lot of you know computation to to do the
crypto so having some parallelism theron
and not having the world networking site
being stuck while we're doing you know
some some crypto on one packet is a good
thing so with the new model it's going
to help having a better parallelism for
IP second and you know better throughput
for your applications using that and we
have more improvement to come in in
tiger priety section but cannot really
talk about all those yet but there will
be we're working on it really real
actually so VPN improvements so the VPN
was introduced last year for tiger and
forth for Panther and for tiger we were
introducing a site-to-site VPN it's
based on the ipsec tunnel mode something
that was requested by some organization
or they want to have you know a VPN
between two you know
served in between you know here and
somewhere else in the world and they
want to have the site to site VPN not
just the VPN where you connect to 21
serve as a client you know both both
sites are connected to the VPN so
introducing this in in in tiger we also
have one new thing here which is Vicki
and support for something like with that
we call split DNS so a little word of
explanation here is that Apple we're
using we're using or only Tiant ocean to
connect from here you know I see people
my manager you know connected to VPN to
the Apple net worth checking his email
I'm sure and so is using your technology
here to get to get to this to the apple
campus to the Apple network and what
happened is that right now we have only
11 gns so every DNS requests that you're
doing to even if she's trying to go to
yahoo com it's going to go through the
apple dns to get that request with a
split dns what it does is that instead
of going having all the requests going
through the apple dns if we see it's not
an apple related you know the VPN
related requests we're going to go to
sir whatever your provider is you know
you're pure SBC norcom dns server
instead of going all the way through the
apple dns that means that there is less
traffic on you on your VPN for traffic
which doesn't really belong to the to
secure network you're trying to access
so that's one things that weren't
releasing in in the VPN support for
tiger also something that that was
really asked for his support for user
certificate so we're using AP GLS for
that so now the duty annual support and
certificates another thing that that is
pretty new is VLAN so 8 a 2 2 dot 12
tagging supports that right night for
its for server only
so you're probably familiar what what
the villain that but what we did there
is that we have the support for the deal
and it's integrated in in the network
preferences you can also do that for the
command line but you can create your V
line interface and you know manage it
from from from the network preferences
or the command line as you want and it's
for at this point for ethernet drivers
bring the hardware IV line so one of the
big thing is like the tagging for the
VLAN is done through the hardware so
there's there is no almost no overhead
there and right now big serves as a new
g5 exert support site on there on both
built in card or you can have a Don
cards also that that support VLAN
tagging so this is for for the server
side of the VLAN where where you can
know you can you know basically deal
with multiple tags and and multiple z
line at the same time the future
direction for servers and what we're
looking looking at and it's a link
aggregation that seems to be something
that that is on our path so the I Triple
E 8023 AG link aggregation is something
that we're really considering and also
fell over which is another feature for
those those guys for the Xers and see a
2 to 1 X so that's another thing which
is present I mean we introduced that in
mac OS 10 i think it was after yeah it's
been some some of the Panther update
it's essential for a wireless LAN and
for for the security you know so it's
that's it's also it's also used on on
wired LAN for internet so we have we
support we have a wide range of
fortification methods that we support
for a 2 to 1 X and you know you can read
them glast GLS leap you know md5 deep
so a lot of things there four 4 for 8 0
to 1 X and some of the new things we
introduced in we're introducing in tiger
is the wp8 Enterprise Support so that's
something that was requested and also
eap-tls and we have some some improved
certificates support in there that's new
new in tanker IP configuration we talked
and one of the first slide that or ease
of use mobility goals there that are
ongoing goal for the photo crew
networking in apple for mac OS 10 and
the IP configuration is something where
we added a lot of things so we we we
have some things that you might know of
which is called config g which is a
central demon which take care and listen
to all those events always talking about
coming from the colonel were coming from
user length changes from configuration
and basically reconfigure the stack kind
of dynamically and figure out what's
going on so the IP configuration is a
big part of what we're doing here to
provide that mobility side of things and
some of the new things that we're
introducing in tiger is that we we
change quite a bit of the way that the
htp works as a client and when when we
use a the remaining least I'm you know
if there is no dhcp server around so
we're going to be a little bit smarter
about trying to figure out hey can we
use this address we also use ARP you
know we doin our probing to make sure
that ok it's a router AC or we can you
know kind of shave off a couple of
seconds and make make your powerbook you
know combat faster when you wake it up
and be on the network those kind of
things we're also doing a lot of people
of multiple interfaces and multiple
addresses so now in Tigers are is a
concurrent parts that are being sent out
on all the interfaces so we are not
waiting sequentially to get you know all
the information for all the interfaces
so there is
or parallelism going there and we also
have a support for dynamic proxy
configurations and you know which is
known by the assistant thing it was
asked for by by a bunch of people for
that back support and we talked about
the split dns and now we get the split
gnite that we're using for the VPN but
we also have this split genus mechanism
that can be used on a bunch of other
ways also its parts base of the system
another thing that we introduced in
Tiger at different level of
configuration more higher level so more
geared toward people that are ISPs and
things like that that need to to
configure a machine for you because
you're just you know getting a new a new
dsl something like that so until now
those people had to do a bunch of things
to figure out what was your
configuration and your services you know
now we're introducing the high level
preference API it's kind of an aggregate
of code that were different places all
over the system so things like the
network preferences panel or the network
config framework you had to dig in and
get some of the information there so
much information from Japanese framework
which which is private and you know
things like the Moores SC SCF from
queens that you know give you some
information battle to get this but now
with this new new API will let you
manipulate a lot of different entities
you know network location you know you
can add location homework you know
whatever network services you can
manipulate with us with this API so your
internet seen as an interface can be
manipulated created deleted you know
change as as an entity here by some high
level primitives and also the network
entities your configuration for v4 for
configuration for DNA right for ipv6 you
know all those kind of things can can be
seen instead of like parsing XML or
going through different frameworks to
get through those now you get some
higher level way of doing that yeah I
talking in India highlight that the
changes that we have for ipfw to so IPFW
to is one thing that we reported and and
and and put into our core is you know it
gives us a bunch of you of new things so
it's faster it's more complete and more
features so you know it's a lot of
things there so more complete because
you get full sets and so you can have a
different rule set for your firewalls
that you can turn on and off instantly
so depending on your location depending
on a bunch of other you know said that
that you decide you can turn on and off
the set and have enough different
behavior for your firewall on the fly so
that's something that is much easier to
do with ipfw too so yeah you can have a
dress set and list and so you can have
your address list and build that and use
that and create you know your rule sets
is that way so much more flexibility
it's also as a big features get keep
alive for dynamic rule so it will it
will do a much better job getting you
know whatever the content is that get
filtered by the the firewall it will
will get keep alive on those connection
everything so we'll know what's going on
so that's that's something we get from
ipfw to it's also backward compatible
with ipfw with the previous one but if
you're doing you know an application
which is a firewall and your based on
ipfw what we will ask you for for tiger
is to use a new rule set because a new
rule set is more rich and we're still
compatible with your one but we're
asking you to move on and and use a new
rule set so we can you know at some
point you protect the old one so
following this what you'll see in your
inter control panel in the preference
panel is that there is a bunch of
changes set set has been done here in
that the kind of leveraging on the fact
that we have now ipfw 21
the thing we added in Tiger is you
deeply sheltering so now you can do UDP
filtering from the UI font you know in
the inter control panel we get better
logging that was one of the problem of
the previous firewalls that was spewing
all its log to the main you know log
file now ipfw as its own log file so you
can we have more control about this and
also we added in the you know I am owed
in there which is a stealth mode which
basically let let your your computer be
invisible if you want on the network if
you should choose to do so and what it
does is like even if right now
somebody's trying to let's say to do a
connect to a TCP you know connect and
sending us in trying to get to get to
your port 22 into your ssh and ssh is
off if you don't have the stealth mode
what's gonna happen that we're going to
send a reset saying no there's no
service they're turning on stealth mode
we're just going to ignore that we're
going to log that request but we're not
going to say anything back so you know
if that port is not is not in use we
won't you know won't even say we're here
so if you scan or something like that
nail but you know the drawback is
somebody's trying to to really connect
to you it won't know if it's because
you're not there because you're just you
know playing silencer but it's a stealth
mode okay so one of the things there's a
lot of changes in in rendezvous also
this year in tiger I'm not going to talk
into detail about those because there's
a full rounded web date session on
Friday at ten thirty n so there's a lot
of things that sets that are going to
get an answer I've been announced
actually so new in Tiger just txt record
API it's it's available from Java and I
think we know that rendezvous now all
the you know there's there's much more
than that
I think we announced it that everything
is on the different on different
platform to get access to the same API
and everything so I encourage you to to
go see the randomization to get all the
detail about what's new in Tiger for
rendezvous i'd like i'd like to make a
little ploy here and just trying to to
get you know people to be aware of ipv6
I've been you know I've been an apple
for a while and I've been working on
ipv6 for I don't know many years now
trying to get you know ipv6 around and
think then and I think it's I think it's
time for developers to kind of try to be
aware of ipv6 and try to make sure you
know we've we've been saying I've g6 is
coming and everything but you know it's
really ultimately we've done a lot of
things inside the gos to make sure that
we're ready for ipv6 but until some of
you guys come up with a killer apps that
is using ipv6 you know it's not really
going to you know fly very very high so
this is like my few slides trying to do
them to like get you to encourage you to
to go with ipv6 so that's what's going
on with ipv6 in Mac OS 10 every single
interface on my question as well as a
link local address so since Jaguar now
we've been having a TV section or turned
on in Mac OS 10 and one of the things
you probably notice this was Fe 80
addresses that you get on every
interface so those are our great that's
a great integration with rendezvous
because every single machine on that
network is or you know Mac os10 will
we'll have a link local address so they
can communicate without any
configuration using those addresses so
it's a good it's a good way to leverage
with run the rule because you you don't
really care about the address and angie
ipv6 addresses are you know bigger and
like hard to type and everything but
with something like rendezvous you just
don't care you just just use names and
you and you use a higher level form of
of you know services so you don't really
care what the underlying addresses is
really hundred twenty-eight detour
that's a great integration is that these
of configurations to stateless
configuration so you have you have a
router it's going to pick it up you
don't you're using a link-local on that
link so that's that's really really easy
for for for for you to use you know
there's nothing you know to be worried
about too much and I said Mac os10 since
Jaguar is it and every release we adding
new level of support for it so we get
supporting the bsd socket you know of
course we get the configuration since
pentre is is you can configure in the in
the network configuration panel we can
configure ipv6 or make it auto configure
the manually all those kind of things
already there we got a bunch of services
that are ipv6 you may not even know but
you know apple shares ipv6 aware you can
do over firewire you know it's ipv6 a
lot of things in the system are already
ipv6 ready and all the frameworks that
we'll talk about later when well over
view the api's are all ready for ipv6 GF
network has been doing a lot of work to
make sure I TD success is is a is a
present in there and that works with it
the gns all those kind of things are all
ipv6 aware so i encourage you to follow
for those points you know it's a future
you know it may not be something that we
need you know in the next two weeks but
it's slowly it's getting its gaining
some ground or you know i already
testing for it internet too it's
mandated there geo DS made it something
that that series they require also and
it's pretty big in japan so the point is
here is like your application should be
ipv6 aware you may not be able to or
want to take you know all of the good
stuff for my statistics at this point
but at least be ipv6 aware and for doing
this one of the things that you need to
do is just make sure that your your
model your your application is address
independent and we'll see pretty much
how easy it is or you know of course
it's flying with slides but you know a
little example here showing you how
taking a biggie kind of application
where we're just doing here what we're
doing is we're doing a kinect and you
know get us and get us by a pub www.m
and then we're trying to to you know to
connect to that to that to that server
here so this is like standard bsd normal
unix code however there's a couple of
things that are wrong here all those
things that are highlighted in red I'm
not sure if you continue if I'm not in
front of them absolutely all those
things are i alighted in red here are
really address dependent RV for
dependent why because this struct
sockaddr well it's dependent of the size
of an ipv4 address something like AF
inet of course you know it's it's ipv4
get us by name well get us by name is
the old legacy way to get the resolver
it it's address dependent and all those
things where we do a size of of you know
that structure which is before all this
is going to break if you're trying to
get with a v6 address so don't do that
so instead of doing this there's to do
the same thing to be able to have
something which is address independent
in this version here we're doing the
same thing we're just trying to create a
socket and also here which is trying to
do a to resolve and get the socket and
connect and connect to it you know
completely in a completely address
independent so if you have a v6 address
it will work with v6 if you just start
with this far dress it doesn't change
anything which is probably the case from
for you know still for some few weeks to
come it will work with ipv6 oh here with
what's going on is that instead of of
saying you know PF inet where I finite
we're saying inspect which means I don't
care could be a finite AF i need six and
i'm ready for it and so so we are using
also gather info which is a much richer
ap is and then
get us by name and here we're saying hey
okay we want you know www calm and you
know HTTP and we want to hinge back and
the result back and here depending of
what we're getting back and the for loop
here you know we don't even look at the
fact it's an ipv4 and ipv6 which is okay
can i connect with what i get is a
result from my dns query if I can you
know I don't care which protocol it is I
just do a connect with that so I know
this is not really you know it sounds
really a real-life application and
everything but from from the developer
point of view and most of you here are
developers the before v6 doesn't
really matter once you get you know you
get to your to your application because
you're just trying to deal with TCP
right or us or UDP whatever you're doing
you know if you buy just restructuring
your curl a little bit and making you
know aware of like okay you know my
address and I'm getting maybe more than
four bytes because it could be an ipv6
address and it's going to be 128 bits
you know by taking some simple steps you
can make sure that your application is
the six and while mint here is this code
today you turn off ipv4 in Japan in a
device as those little thermometer that
just do IP you know this succeed that no
v-force back at all you try to connect
to the device here you'll connect you'll
try first in before or it's a DNS
doesn't give you a v4 address you know
back it will give you back a g6 address
the link local address much you know
probably and so you'll connect to that
to that address here and you code will
work what no matter what you know if
it's v4 or v6 you don't care so that's
just a little you know thing to try to
get you guys aware of ipv6 and ow it
doesn't have a lot you know to do that
and and it's easy to just to just change
to just change your code to to get to
ipv6 sorry
so that was my little ipv6 talk so now
we what we're going to do here in this
in this in this session is we talked
about what's new in Tiger for the
Coronet working in Mac OS 10 now we will
go back a little bit and do a review of
the different level of API we have it
available for you guys and in which
level you know me make more sense and
then another to do your application and
to get the most of the system so we're
going to this kind of diagram here
showing at the bottom here is a kernel
where we just put the networking stack
because we don't really care about the
right so in the in the kernel we talked
about the fact that you can do this a
kpi and there's a full session about
this but for most people on user space
you know we see we think about the bsd
socket because we're unix page and the
eye socket is like some two models there
but there is a lot of more things that
are based on the socket API are also
things that we see here on the side like
the dns service discovery of the stem
configuration or look at the which you
know that does the name resolution that
you can use and enjoy a TI provided so
we'll go through those so as a reminder
here so the bsd socket but we talked
about the dns service discovery the
system configuration when you can do
network setup network which ability you
know the connection dial up and also at
the higher level the framework
networking api which go see a socket yes
network's the proxy SSL and the network
diagnostics foundation URL and
ultimately at the top of the stack here
WebKit so we'll go and have a little
talk about every single of those there's
the socket so that's a core programming
interface everything in New Zealand is
pretty much based on that
there's you know that set the main wall
interface and the native interface of
the system why provided fundamental
networking API i highly recommend you
know reading the stevens book if you
want to go to all the details of the
socket API it's a very rich API a lot of
things in there you get you know it can
be complicated but this is how you get
the most out of the system you do that
when you want performance and total
control if you're doing a server
application and you don't really care
about all you know nicely uie sinks and
you just want to have raw power you know
I would recommend using sockets because
sockets is will you like the closer look
closest you can get to them to the
networking so performance total control
you can use you still can use things
like select or cake use for doing a
synchronous operation one of the things
that people tend to think that socket is
like oh ok well I'm doing a socket
operation and doing your read and
blocked and my stratus block and chill
until data come back well that's one way
of fusing sockets but you can also use
it in an asynchronous way and there is
some way to do that but that's you have
a lot of control a lot of things in the
socket and there's plenty of books
explaining what to do but it's a little
bit can be a little bit complicated also
from from the socket layer what we do is
we provide low level access to some of
the I was talking earlier when we are
talking about kernel extensions network
channel expansion that we would like you
to avoid to all you know possible you
know as much as possible to to go in the
kernel and get you on Chrome extension
because it's messy and it's you know
it's dangerous and everything so we
provide low level access to a bunch of
stuff from the socket API things like
ipsec or we get thng RV which is a way
to get directly to the interface I think
I have a fly on that and that's that's
that's where you want to use suck it
also a good way to use socket is the
compatibility and portability we we said
before word based on freebsd pretty much
a
tool that is using you know some BS DC
ism in terms of the networking it's got
a compile and be working pretty much
without any touching it you know on a
Mac os10 because of the bsd socket and
you're using sockets in and we respect
that that padding here so bsd socket
really low level but gives you full
control that's where you want to use it
so the resolver library so wide that it
does pain to address resolution of
course that's said the thing you know
it's known for because in the network to
Eugenia server and get get all those a
quad a whatever all those records at
that you're getting and giving that
there's also service location and a
bunch of other stuff actually for the
resolver library you know yeah the
service and you can get you know things
from EDC host and all those kind of
things so it goes hand in hand with a
socket API this is a kind of the same
level using socket API but it's pretty
low level kind of kind of fun you know
access to to to the to the network and
the configuration as we said before it
gets full ipv6 support so you can do
query for qwali or you can everything is
ready for ipv6 we do the left work last
year to get that done it used by nine
which is you know of course a big
standard and we do as a split dns report
so that means that as a developer here
you can have several resolvers you can
you can make it have several resolver so
for one part the things we can say hey
and i want to resolve you this resolver
to get the information because i'm on
some internal network and i know that in
my you know a closed land here i want to
use this resolver that's going to
resolve the address of you know my
coworker two cubes down the line here
and that dns is not you know public out
there so i want to use that set resolver
so so the query can be dispatched to the
appropriate server depending of of the
type of the question
one of the things that we get into split
gnf support here another level of API
which was kind of on the side here as
the network are rich ability API so it
can check so what's you for that you can
check the name or the address or an
address a pair and basically be notified
when the rich abilities change so you
won't be on the road on the probability
monk you don't get any network access
because you far from starbucks and now
you gettin rich and and now your network
reach ability change because you have
you have connectivity and everything and
so this city i will tell your
application your mail application or
from higher level application hey now
it's a good time to to send some data
because you have you have said that hose
that you're trying to reach is there at
this point i can i can see it again go
through it so yeah it's unify a set of
disparate information that I kind of you
know kind of piecemeal information all
over the place and it gives you a
connection status also so I ain't get
both a synchronous and asynchronous mode
to use so dns service discovery so oops
guess pmf to discover services I'm sure
you're all the world with whittles
rendezvous functionality so I'm not
going to go into detail on this but you
get the rent of API you know where you
can name and register your services you
can browse for services and you can you
know resolve in the service to address
so for more things about rendezvous go
to the wonderful session Friday pfn grv
socket and goes for it so from from user
space you you have some kind of very low
level access so we're using it in the 80
to 1 X implementation where basically
we're going directly to the interface
through this level without being you
know encumbered by being in the kernel
and being a kind of extension it you
know if you're trying to do let's say
you know stack user space or something
like that you can use that to you know
for something like tech net or IP XO
everything it's a good way you're
getting really
direct access to the interface while
being in user space there's some other
solution to do that also that we're not
going to talk too much the diverse
sockets which are used by the net so
that's an as a way to get packets from a
different level in user space and yeah
it's pressure the verse a Chrome
extension so we talked about all the
things kind of in blue here and now
we'll talk really briefly on them the
things that are built on top of the
socket and all the services that are
probably for a lot of developers the
right solution to use because they're
provide some higher-level they hide some
of the complexity of you know of the
implementation and the needs of the
socket and sometimes you just want to
get any URL you don't really care about
you know how to get there and managing
all the networking side of it so we have
this so the higher-level frameworks here
it's pretty much too kind of glue the
big blue which is in between an
application like Safari and the raw
beauty socket which are you know what
we're based on so at you know building
from building the stacks from from the
bottom here the first level is core
foundation the core foundation is really
close to it and confrontation is if
you don't you know some this is a
suggestion overview of what swayed that
here but basically the big thing is it's
based on the CF one loop and the CF
front loop if your application is using
the run loop you know that it basically
provides a basic asynchronous mechanism
where all the network operation instead
of dealing with the socket directly I
kind of integrated into run loop so yeah
I generalized a nephron loop and the
carbon events are also based on the cs
network Reynold so the CF socket it's
it's a very still very low level and it
basically connect so to the run
loop so you can create your own pocket
and then put them in the run opener or
do some operations till you have a lot
of control in the socket at this point
but but kind of integrated with the CF
when Luke model
it yeah it literally handled any socket
the CH stream it's a it's that's a basic
screen abstraction here you know signal
the client gather round loop when when
two bytes come in so again if you're
trying to be still close to the socket
and kind of have some control but you
want to take advantage of some of the
run good functionality you know CS
trains might be a good a good way to do
that and yeah for things that are using
stream of course like you know like TCP
or yeah the client side pockets are a
good way to use this yes dream building
on top of that we have yes network so CF
network what it does is it provides from
protocol implementation so here you
don't really care about dealing with
your own circuit or your own protocol or
something all you want is HTTP service
through your application or FTP or using
SSL you know things like that or even
you know things like probably i uz the
CF network or doing some dns resolution
you get that to get access to that to
the cs network you know framework give
you full control still all the protocol
details i exposed like HTTP you know you
really have to understand what's going
on and what kind of request you can you
know create or what kind of response you
might get when you're using the CF
network so it's still very very core but
you you need to you don't need to have
all the detail and do your own
implementation of HTTP if you want or
ftp so you control each read and write
and you also control the sweating policy
which might be important depending what
you're doing an application that's
that's a good level when you want to
control but not you know too much going
into the detail CF network is a good
layer to base your application on so if
you continue building hut iran what's
going on between busy socket and down
and in safari we see the foundation URL
API so i provide more higher level
things here so full feature you know set
of URL loading so there you really don't
care in this case
URL and get the result back you don't
care what's going on on the network side
all the layers underneath you are going
to take care of that you know it makes
most of the choices for you you don't
have to give a lot of details a lot of
an option everything it's going to do
the right thing asynchronous it's based
on callbacks you know API so for
somebody would just want to get the file
get the URL that's probably the right
the right answer here and also one of
the good thing about this foundation
nsurl is that it's extensible bicep
classics we can sub class one of the you
know one of the primitive here and get
and get your own you know version of it
you know depending what you're doing
give you know advanced features
authentication caching and cookie
storage and management also at this
level and when we get on top of that you
know ultimately you know pretty much
sorry you get to the WebKit so the
WebKit is the last layer which was last
year and it gives you know very little
control but you know we do everything
for you there so it's really really far
away from the networking you know I
Sakura we're talking about earlier in
the session but you know it gets
pluggable architecture new document type
you know a lot of things and you know
this is really so far away from what I'm
doing so I'm not going to go into too
much details if you want to know about
more about the CF network and all those
layers here I highly recommend probably
looking at the CD at this point cassette
was yesterday to go to Becky session the
modern networking using CS networks
that's that's that will talk about all
those layers on top of years being much
much greater detail than I can do here
because we're running out of time so too
after this I just like you know goodbye
a slide here for some of the difficult a
P is that we have in mac OS 10 first
first thing the nke PDF you know the old
programming you know information about
what to do for networking extension it's
gone we talked about you know we're
changing all that go to the session this
afternoon we'll go into more detail but
don't use that anymore
don't use your KPI there see all the
network and kpi's the gun they won't
open transport API well you know yes
network or the sockets and provide more
flexibility they've been there for a
while will you forget depreciating them
so if you can you know stop using it in
your new application all those kind of
thing appletalk API same thing with with
kept in apples are clamping you know
around in mac OS 10 for a long while
it's still there but the appletalk api's
are deprecated now we get we think we
have like a good solution now with with
rendezvous for service discoveries there
is no more need for doing any new things
and Apple talk so Apple talk ap eyes are
getting deprecated and with that I'd
like to point you to some more
information we'll contact you know
crikey ously is a or I'll net technology
evangelist so using as a contact point
and also there is a Mac networking
network programming and mailing list
that you can access and there is a bunch
of things on you know reference
documentation here and all on the ABC
website so I'm not going to go into
detail them on that flight but pretty
much you go to the ADC networking and
you'll feel that