WWDC2004 Session 104

Transcript

Kind: captions Language: en ladies and gentlemen please welcome our first presenter senior networking engineer Laurel daman good morning everybody and welcome to the coordinate working update so this only will talk about the goal of this session for for the core networking update we want we want to do an overview of my quest and networking and the different components that are you know involved in networking for mac OS 10 and of course we'll also talk about what is new in Tiger the tiger is a big shame for this wwc and also a second part of the session will have a networking API overview we'll go through the different level of API that we have in Mac OS 10 for which are related to networking and try to see you know which API belong for you as an application or a developer which API to use best fit you know what you're doing so we'll we'll look at that so first of first of all I'd like to to remind some of the ongoing goals that we have for the core networking in mac OS 10 so one you know one of the first goal is the ease of use that you know probably a trademark of Apple and the Macintosh so we're trying to make sure that the networking in Mac OS 10 is really easy to use so that's one of our first call second goal which which goes with the first goal is mobility there is a big and faces for us about having or user Mobile's I see here quite a few people you know running with power books and that's that's a pretty big focus for us to make sure that your mobile networking experience is very smooth and and powerful but you know everything works together so that's one of our big goal the other big ol we have specially considering that we're unix-based and we're getting more into the server is the performance so we're trying to make sure that we can squeeze every little bit of performance out of the of the Macintosh in the system through the networking stacks and all the networking component in Mac OS 10 and one other ongoing all that we have in Mac OS 10 is is security you've you've heard you know that there is a few security update and you probably seen that in your in your software update and one of the things we're trying to see in internet working part specially is that we're based on standards that are pretty much done in another time where things were more friendly computers were you know on the same network and trusted each other and that kind of ID change a little bit in the last few years so security is a big we're trying to make sure that our status is all current with all the fixes and all the you know oh all the problems that that are found our perfect you know as rapidly as we can so that's an ethical extensibility we'll talk about some new things that we've done this year for Tiger to extend the networking in different way for you guys to to be able to create your own Caxton's and those kind of things will go in detail into that another of course ongoing all the standards we're very very close to standards we're trying to make sure that we follow all the standards and we're good citizen in term of of networking world where different nodes are coming from different vendors and different you know vision of the world we're trying to make sure that we not only follow standards but we also give some room to interpretation when some usage things are a closer to the realities and closer to standard so that's that's one big focus for us also in the core networking making sure that we follow all the standards so here we get a little graphic trying to explain remind you probably for most of you how networking Mac OS is Mac os10 is structured so if we look at the lower part the colonel part one of the big component of the Mac os10 networking is is in the colonel just as a reminder the downwind kernel which which is open source so you guys can check out the forces and check all the code in there is made pretty much of the bsd part of the kernel which as a networking part on your left and which is a little bit i lighted in the file system also in the darwin Colonel we have the mac colonel part which provides basic you know s services scheduling memory of this kind of neat stuff underneath that we add the i/o kit layer which as driver developers know is what provides the interface with your driver hardware driver for a networking card or something like that so if we focus a little bit inside that that part which is the networking we're based on v.i.c stack so we have of course you probably know the socket layer on top of that which mirrors the bsd socket from user land and underneath that we get TCP UDP ipv6 ipv4 IP cycle those are part of the colonel and we have and this is part of what you'll find in a in a standard of ESD like system and we have a little different here which somehow mirror CIO key player for driver which is a data link interface layer which is something specific that we have for you to hook up you know sort of drivers or drivers in internet working stack that's that's how the system structures on on top of that unusual and we have the bsd socket which provide us you know basically the projects like and also the unix like a socket interface that most of all other layers are based on the layers using a networking and on top of this D socket we get core services which will go into more detail about the API for that level which are based GF networks and all those guys which which are based on this PhD sockets or client of the bsd socket and of course on top of that we have probably your application which may talk directly to the core services through CS network or some other layer or directly to be at the socket or maybe a combination of both or could also talk directly to the colonel through some of the means that we'll talk about during the session so yeah this is a little bit and i'll light highlight about what we're going to be talking about here in this session we're focusing on the networking part of the colonel and the year socket and the other layers on top of that so i think a pretty much talked about things in this slide but i always want to remind everybody that you know for architecture is based on the freebsd so we did a report you know few years ago and so we're pretty much BS before four plus a bunch of others think but this is this is the core of what for networking stack here so what does it mean for you it means that because we're very close to a bsd means that it's easy to port unix-like applications so if you have a tool or an application which is you know coming from 3g or another flavor of BSE it's really simple to get that to work on mac OS x so that's that's a big plus the fact that we're based on freebsd also means that we have a very robust architecture in terms of the stack and it's a well-proven you know in there for a long time it's been improved it's been you know tested in very different ways so that sets a very very good solution for us also it means that the because it's open source the code is available so for you developers you can go and check out the darwin project and you know you have some some you know wondering how we do this or what's going on you can always check the code and we actually added a few cases where people were coming and say hey I'll look in this code source you know in the source code there for darwin and i found this problem in this you know in this area and so we looked at it oh wow yeah that's a problem so and we fix it so we do that so you know feel free this is all open source everything in the kernel for for the networking is there so we have so because we have this we have the tcp/ip stack and we with the work of cannae a few years ago we integrated ipv6 and ipsec in in in the stack also so we also have a full range of PPP Elementor which is part of the of what we have in Mac OS 10 we get PP pppoe we got a bunch of other things we get a VPN solution which is in the kernel also we which is based in on PPP to TP and and also you know leveraging from IT sack we also have a firewall IP fire oh sorry and the net which are part of what of what we got from freebsd now we get ipfw to also we'll talk about that and that which give you things like the internet sharing in new zealand it's based on the net that we have in the kernel here and some of the things that we have and we added the you know from Apple so I things like dynamic configuration we made in the past few years a lot of work to make sure that this you know freebsd stack that we got is we're talking about mobility of few minutes ago is more aware of mobile you know environment means that we have events and a lot of things that we added to make sure that things in New Zealand get notified when we change your address or when there's a dns change or all those kind of things so all that is it work that we added around this part in the core of the networking to make sure that those events you know telling you the interface came up or all those kind of things you know bubble up to reuse land into some some tools that will make sure that the configuration get yet you know readjusted in function of what's going on in terms of you changing your airport you know plugging in your Ethernet cable or going home and all those kind of things other than through some basic mechanism we added in that global tax it sets that we got from from PSD and of course we are sure you're all aware that we have rendezvous and the dns service discovery is one of the things that we have also in our networking architecture which is central to a lot of the services that are used by I apps and a lot of things like that so so now that we with you know in broad turn kind of described what's going on in terms of the networking architecture in that case then I'd like to to talk a little bit about what is new in tiger so since last year a year ago we're here and and all the focus were wasn't enter and we introduced a lot of interesting things in in painter but this is a new year and now tiger is the focus and on Tiger we got a lot of exciting new new changes also we have we have some very core changes of this year in Tiger we get some kernel changes you may have heard from you know few slides or background presentation that we're doing something about fine grain locking and we're going to go in more detail about what this being and what those changes are another thing that changes that is related to that is we now finally have some kernel programming interfaces that are more modern and give a lot of new functionality so we'll talk about that we also have some good changes in IT sack and we also have you know villains changes that that we're not there you know when we talked last year we also have a bunch of huge event changes some IT configuration changes high-level preference API which is new in Tiger so talk a little bit about that other changes ipfw to which is an upgrade or for firewall solution if you want both from from new zealand and the colonel and also site-to-site VPN so fine a grain colonel fine grain locking okay so what why do we need well to have a little recap here we are we said we're using the BS inside of the networking the stack and everything busy historically as one you know in the kernel you get one thing is going on at a time so what we did previously in Mac OS 10 is that we add the mechanism which we we called funnel which means that we were trying because we we have a lot of machines that are SMP so we get you know it serves but even your g5 and everything most of them are as to processor nowadays so in order to not be completely locked into the kernel where one thing can go at a time and everything is waiting for it we used to have this mechanism we called funnel which basically let us do on one processor some networking operation while the other processor might be doing you know you stole an operation or you know file system operation so we had where this kind of split personality in the kernel we're only two things could could go at a time but two different things we couldn't have to networking operation going on so the problem with that is this model we've lived with it for a while and it's been working pretty well but it's got some fundamental issue with it and you know one of them is not really scalable when your server like an xserve and you're trying to do just you know net traffic and everything is going through your cash you don't do any any file system operation and basically you have one cpu which is really loaded and joseph one is kind of idle so because everything is going forces for the networking and and so you know there's there's this big funnel which blocks everything so what we did in Tiger is that we change and/or pinning of this by instead of having those two big locks adding you know finer grain locking a different level in the networking stackin in the rest of the colonel so that we can have simultaneous operation going on for you know different operation both in the file system and end in the networking so another thing that we added here is and that was part of our previous model issues that we didn't have reference counting for objects so if you added you know multicast addresses let's say you know we didn't really keep track of who added multicast addresses we removed it and in some corner cases we might have some issue you know where we lost reference and so that newscast address was leaked you know so we had some some problem with some objects that might leak or might not be you know in the right in right situation so we're fixing that with the fine grain walking in the kernel and by having you know new us counting for for most of the object sets we're using internet working and one of the thing about this is that it's it's a transparent to application it's really only in the kernel that we're changing the socket layer and all the programming model for for applications that are in New Zealand doesn't change however you know this is a new model for kernel extensions because we're changing so many things in the ways of stack structure that Colonel extension will have to change but we'll talk about that so the biggest reason for doing going with finer grain locking symmetric multiprocessing getting a big thing you know they're you know arrays of fixers and everything we're trying to get maximum power out of those machines and to do that we had to do some changes so in simply improvement that we've done this those finer grain looking you know networking and file systems for boots are our will be better because we get some parallelism we have to Mize the data layout in the colonel by having you know those locks by finer object instead of having one big lug that gets everything reference counting and also provide because we're changing all this at the same time we're providing new stable Colonel interface that that go beyond behind I oak it so as a kernel extension writer you'll be able to to to use some more stable interfaces so I've been talking about throw this but anyways just as a reminder this is this is what what the colonel locking is for the be a sign painter so we see on the left networking stack in the South system and both of them are just you know funnel by those big logs where everything coming in or out is all you know stop by this lock so you need to acquire that that lock before you you can do any networking operation of our system operation so now if we zoom in into the networking stack in Tiger we see at the socket layer we get some smaller lock sure add the protocol layer same thing in the interface layers same thing so what it means is that if let's say one application is is doing your socket operation on it so get a on TCP it will be at the same time will be able to perform another operation and as a socket without you know contending for that one lock and serializing all those operation so we're getting this more parallelism I was talking about so that's that's going to be a big win this is our new model it's still an evolving model but pretty much this is the direction we're going on where we're going to get you no finer locks & finer you know entities that said that get on yeah it sucked so so we can have more parallelism and live on different sockets and they're doing the same thing for the file system and there's a session this afternoon that will explain all that so the other big change that we have in the kernel parts here which is related to the change for the the finer grain marking is the colonel programming interfaces for about 3-4 years I think now we've been telling you know people were writing Colonel extension Network Colonel extension next year we're going to break you you know we're changing all this well this is a year so there is a full session about this this afternoon but what happened is that because we had to change all those colonel structures for locking for ref counting and everything it was the right time to provide a new API for you guys were writing kernel extensions that kind of visa late from the implementation of the networking stacks and of the internal of what we're doing that way we have more way to to improve it or change it or fix bug we had we had a lot of problems in the past few years we're trying to fix bugs and we needed a new field in one of the structure in the kernel and we've never been able to do the right fix because some you know Colonel extension which was linked against a colonel was using that that field or that structure and by by adding a new field we were just breaking them so that's that's not a sustainable model in the long run and went to scramble and find ways to get around that with this new model that we're introducing for for the final grand locking and the new criminal interpreting interface you will not be able to get through the structure directly there won't be an intimate knowledge of the colonel implementation that that way you know we can change you live accessors and those kind of things and that way we can change the implementation without disturbing the text you know itself so that's that the issue with the NK is today is that they have an intimate knowledge of the colonel implementation basically you need to be reeling you know something and there is some confusion with those interfaces and some missing function ology also so we're addressing that there is new kpi's the colonel structures are are opaque now and there is access of functions all those things that you used to do by directly calling into into or directly accessing the structures one other thing we just talked about there's a new locking model the locking and the reference counting are implicit so when you're doing one operation with your nke on a socket or something like that will will take care of locking the target for you Andres counting it but you know we're not doing the walls of you you will now be responsible for for doing your own locking of your own structures because before you were protected by those funnels when nobody else could get into your structure when you were in there now because of this simultaneous operation we can get with the final grain locking it's really possible that you know multiple thread will be or early text you know Global's will be accessed by multiple threads for we know so you need to and will provide primitive for that you need to lock your own structure also so one of the other thing with those colonel programming interfaces that we're providing a more consistent behavior across API so there was some confusion we're trying to address that and the drawback of all this as I said for years we said we're going to braid to the printer penser nks that you have right now the kernel extensions well they will need to be reworked to work on tiger because there is no way by by doing the extensive changes we've done in the colonel we can provide compatibility with those nks that were you know basically fetching stuff Alice structures and linking directly so there's there's no way for that so just a little overview hear about the networking KPI level that we introduced this year we get in dark blue here we got a socket you know socket well we get socket KPI socket filter IP filter plumber' functions and the face filter and interface and so there is a full session of this afternoon at three thirty talking about those new networking KPI so if you're interested in this I highly recommend to go and see all the glory details about what's going on here but I just for four people were you know just new to networking here and so just want to make sure that you understand that KP I mean the NTS are really a large a last resort solution as a as a networking developers to do some things that you cannot do in New Zealand it's good for doing things like content inspection you know you're trying to see what's going on and all the packets coming in from one interface or on one socket to dupe pseudo interfaces it's very specific things I guess filtering or you're trying to do a network file system those are good good cases where you can use nks but try first to see if you cannot do that in New Zealand because working in New Zealand is where with you know easier than working in the colonel in the kernel we can panic and now we introduce a new thing you can deadlock you know so and those things are not energy really easy to debug for your user if your program doesn't work very well you know it will panic will give a bad experience so the performance advantage of working in the kernel for most things is really negligible so unless you have a you know really a good reason you know do do what what you have to do in user land we provide and we'll go through this a bunch of other way to to access api's and access some of the colonel functionality from user land so as much as you can it's recommended that you use that so yeah programming in the kernel is dangerous and you know go see the session this afternoon at three thirty to get all the all the detail belt will go through all those api's and and and and and see what they're doing and exactly what you have to do with that so some of the other changes that we have 44 Tigers here and ipsec improvements so the biggest thing that side is that we have a completely new aes crypto engine in the colonel so you may know that the Apple VPN solution we introduced last year inventor is based on IP sac and is using in all to tiki and it's also using a yes so what we did is we did some work here and we get something that said really give us some good optimization and we're getting twice the performance throughput twice obscure put with a VPN now with this new crypto engine to it so it's a good thing that we have in Tiger here we have a lot of bug fixes you know security fixes we're talking about security within you know monitoring all the exchanges and all the IT security things pretty closely and so raccoon is or I complementation that we have in my quest and and we've we've been you know doing some improvement there too and also one of the benefit of the finer grain locking we just talked about is that we're providing more parallelism 90 sec I praefectus is a very heavy computational engine because you do a lot of you know computation to to do the crypto so having some parallelism theron and not having the world networking site being stuck while we're doing you know some some crypto on one packet is a good thing so with the new model it's going to help having a better parallelism for IP second and you know better throughput for your applications using that and we have more improvement to come in in tiger priety section but cannot really talk about all those yet but there will be we're working on it really real actually so VPN improvements so the VPN was introduced last year for tiger and forth for Panther and for tiger we were introducing a site-to-site VPN it's based on the ipsec tunnel mode something that was requested by some organization or they want to have you know a VPN between two you know served in between you know here and somewhere else in the world and they want to have the site to site VPN not just the VPN where you connect to 21 serve as a client you know both both sites are connected to the VPN so introducing this in in in tiger we also have one new thing here which is Vicki and support for something like with that we call split DNS so a little word of explanation here is that Apple we're using we're using or only Tiant ocean to connect from here you know I see people my manager you know connected to VPN to the Apple net worth checking his email I'm sure and so is using your technology here to get to get to this to the apple campus to the Apple network and what happened is that right now we have only 11 gns so every DNS requests that you're doing to even if she's trying to go to yahoo com it's going to go through the apple dns to get that request with a split dns what it does is that instead of going having all the requests going through the apple dns if we see it's not an apple related you know the VPN related requests we're going to go to sir whatever your provider is you know you're pure SBC norcom dns server instead of going all the way through the apple dns that means that there is less traffic on you on your VPN for traffic which doesn't really belong to the to secure network you're trying to access so that's one things that weren't releasing in in the VPN support for tiger also something that that was really asked for his support for user certificate so we're using AP GLS for that so now the duty annual support and certificates another thing that that is pretty new is VLAN so 8 a 2 2 dot 12 tagging supports that right night for its for server only so you're probably familiar what what the villain that but what we did there is that we have the support for the deal and it's integrated in in the network preferences you can also do that for the command line but you can create your V line interface and you know manage it from from from the network preferences or the command line as you want and it's for at this point for ethernet drivers bring the hardware IV line so one of the big thing is like the tagging for the VLAN is done through the hardware so there's there is no almost no overhead there and right now big serves as a new g5 exert support site on there on both built in card or you can have a Don cards also that that support VLAN tagging so this is for for the server side of the VLAN where where you can know you can you know basically deal with multiple tags and and multiple z line at the same time the future direction for servers and what we're looking looking at and it's a link aggregation that seems to be something that that is on our path so the I Triple E 8023 AG link aggregation is something that we're really considering and also fell over which is another feature for those those guys for the Xers and see a 2 to 1 X so that's another thing which is present I mean we introduced that in mac OS 10 i think it was after yeah it's been some some of the Panther update it's essential for a wireless LAN and for for the security you know so it's that's it's also it's also used on on wired LAN for internet so we have we support we have a wide range of fortification methods that we support for a 2 to 1 X and you know you can read them glast GLS leap you know md5 deep so a lot of things there four 4 for 8 0 to 1 X and some of the new things we introduced in we're introducing in tiger is the wp8 Enterprise Support so that's something that was requested and also eap-tls and we have some some improved certificates support in there that's new new in tanker IP configuration we talked and one of the first slide that or ease of use mobility goals there that are ongoing goal for the photo crew networking in apple for mac OS 10 and the IP configuration is something where we added a lot of things so we we we have some things that you might know of which is called config g which is a central demon which take care and listen to all those events always talking about coming from the colonel were coming from user length changes from configuration and basically reconfigure the stack kind of dynamically and figure out what's going on so the IP configuration is a big part of what we're doing here to provide that mobility side of things and some of the new things that we're introducing in tiger is that we we change quite a bit of the way that the htp works as a client and when when we use a the remaining least I'm you know if there is no dhcp server around so we're going to be a little bit smarter about trying to figure out hey can we use this address we also use ARP you know we doin our probing to make sure that ok it's a router AC or we can you know kind of shave off a couple of seconds and make make your powerbook you know combat faster when you wake it up and be on the network those kind of things we're also doing a lot of people of multiple interfaces and multiple addresses so now in Tigers are is a concurrent parts that are being sent out on all the interfaces so we are not waiting sequentially to get you know all the information for all the interfaces so there is or parallelism going there and we also have a support for dynamic proxy configurations and you know which is known by the assistant thing it was asked for by by a bunch of people for that back support and we talked about the split dns and now we get the split gnite that we're using for the VPN but we also have this split genus mechanism that can be used on a bunch of other ways also its parts base of the system another thing that we introduced in Tiger at different level of configuration more higher level so more geared toward people that are ISPs and things like that that need to to configure a machine for you because you're just you know getting a new a new dsl something like that so until now those people had to do a bunch of things to figure out what was your configuration and your services you know now we're introducing the high level preference API it's kind of an aggregate of code that were different places all over the system so things like the network preferences panel or the network config framework you had to dig in and get some of the information there so much information from Japanese framework which which is private and you know things like the Moores SC SCF from queens that you know give you some information battle to get this but now with this new new API will let you manipulate a lot of different entities you know network location you know you can add location homework you know whatever network services you can manipulate with us with this API so your internet seen as an interface can be manipulated created deleted you know change as as an entity here by some high level primitives and also the network entities your configuration for v4 for configuration for DNA right for ipv6 you know all those kind of things can can be seen instead of like parsing XML or going through different frameworks to get through those now you get some higher level way of doing that yeah I talking in India highlight that the changes that we have for ipfw to so IPFW to is one thing that we reported and and and and put into our core is you know it gives us a bunch of you of new things so it's faster it's more complete and more features so you know it's a lot of things there so more complete because you get full sets and so you can have a different rule set for your firewalls that you can turn on and off instantly so depending on your location depending on a bunch of other you know said that that you decide you can turn on and off the set and have enough different behavior for your firewall on the fly so that's something that is much easier to do with ipfw too so yeah you can have a dress set and list and so you can have your address list and build that and use that and create you know your rule sets is that way so much more flexibility it's also as a big features get keep alive for dynamic rule so it will it will do a much better job getting you know whatever the content is that get filtered by the the firewall it will will get keep alive on those connection everything so we'll know what's going on so that's that's something we get from ipfw to it's also backward compatible with ipfw with the previous one but if you're doing you know an application which is a firewall and your based on ipfw what we will ask you for for tiger is to use a new rule set because a new rule set is more rich and we're still compatible with your one but we're asking you to move on and and use a new rule set so we can you know at some point you protect the old one so following this what you'll see in your inter control panel in the preference panel is that there is a bunch of changes set set has been done here in that the kind of leveraging on the fact that we have now ipfw 21 the thing we added in Tiger is you deeply sheltering so now you can do UDP filtering from the UI font you know in the inter control panel we get better logging that was one of the problem of the previous firewalls that was spewing all its log to the main you know log file now ipfw as its own log file so you can we have more control about this and also we added in the you know I am owed in there which is a stealth mode which basically let let your your computer be invisible if you want on the network if you should choose to do so and what it does is like even if right now somebody's trying to let's say to do a connect to a TCP you know connect and sending us in trying to get to get to your port 22 into your ssh and ssh is off if you don't have the stealth mode what's gonna happen that we're going to send a reset saying no there's no service they're turning on stealth mode we're just going to ignore that we're going to log that request but we're not going to say anything back so you know if that port is not is not in use we won't you know won't even say we're here so if you scan or something like that nail but you know the drawback is somebody's trying to to really connect to you it won't know if it's because you're not there because you're just you know playing silencer but it's a stealth mode okay so one of the things there's a lot of changes in in rendezvous also this year in tiger I'm not going to talk into detail about those because there's a full rounded web date session on Friday at ten thirty n so there's a lot of things that sets that are going to get an answer I've been announced actually so new in Tiger just txt record API it's it's available from Java and I think we know that rendezvous now all the you know there's there's much more than that I think we announced it that everything is on the different on different platform to get access to the same API and everything so I encourage you to to go see the randomization to get all the detail about what's new in Tiger for rendezvous i'd like i'd like to make a little ploy here and just trying to to get you know people to be aware of ipv6 I've been you know I've been an apple for a while and I've been working on ipv6 for I don't know many years now trying to get you know ipv6 around and think then and I think it's I think it's time for developers to kind of try to be aware of ipv6 and try to make sure you know we've we've been saying I've g6 is coming and everything but you know it's really ultimately we've done a lot of things inside the gos to make sure that we're ready for ipv6 but until some of you guys come up with a killer apps that is using ipv6 you know it's not really going to you know fly very very high so this is like my few slides trying to do them to like get you to encourage you to to go with ipv6 so that's what's going on with ipv6 in Mac OS 10 every single interface on my question as well as a link local address so since Jaguar now we've been having a TV section or turned on in Mac OS 10 and one of the things you probably notice this was Fe 80 addresses that you get on every interface so those are our great that's a great integration with rendezvous because every single machine on that network is or you know Mac os10 will we'll have a link local address so they can communicate without any configuration using those addresses so it's a good it's a good way to leverage with run the rule because you you don't really care about the address and angie ipv6 addresses are you know bigger and like hard to type and everything but with something like rendezvous you just don't care you just just use names and you and you use a higher level form of of you know services so you don't really care what the underlying addresses is really hundred twenty-eight detour that's a great integration is that these of configurations to stateless configuration so you have you have a router it's going to pick it up you don't you're using a link-local on that link so that's that's really really easy for for for for you to use you know there's nothing you know to be worried about too much and I said Mac os10 since Jaguar is it and every release we adding new level of support for it so we get supporting the bsd socket you know of course we get the configuration since pentre is is you can configure in the in the network configuration panel we can configure ipv6 or make it auto configure the manually all those kind of things already there we got a bunch of services that are ipv6 you may not even know but you know apple shares ipv6 aware you can do over firewire you know it's ipv6 a lot of things in the system are already ipv6 ready and all the frameworks that we'll talk about later when well over view the api's are all ready for ipv6 GF network has been doing a lot of work to make sure I TD success is is a is a present in there and that works with it the gns all those kind of things are all ipv6 aware so i encourage you to follow for those points you know it's a future you know it may not be something that we need you know in the next two weeks but it's slowly it's getting its gaining some ground or you know i already testing for it internet too it's mandated there geo DS made it something that that series they require also and it's pretty big in japan so the point is here is like your application should be ipv6 aware you may not be able to or want to take you know all of the good stuff for my statistics at this point but at least be ipv6 aware and for doing this one of the things that you need to do is just make sure that your your model your your application is address independent and we'll see pretty much how easy it is or you know of course it's flying with slides but you know a little example here showing you how taking a biggie kind of application where we're just doing here what we're doing is we're doing a kinect and you know get us and get us by a pub www.m and then we're trying to to you know to connect to that to that to that server here so this is like standard bsd normal unix code however there's a couple of things that are wrong here all those things that are highlighted in red I'm not sure if you continue if I'm not in front of them absolutely all those things are i alighted in red here are really address dependent RV for dependent why because this struct sockaddr well it's dependent of the size of an ipv4 address something like AF inet of course you know it's it's ipv4 get us by name well get us by name is the old legacy way to get the resolver it it's address dependent and all those things where we do a size of of you know that structure which is before all this is going to break if you're trying to get with a v6 address so don't do that so instead of doing this there's to do the same thing to be able to have something which is address independent in this version here we're doing the same thing we're just trying to create a socket and also here which is trying to do a to resolve and get the socket and connect and connect to it you know completely in a completely address independent so if you have a v6 address it will work with v6 if you just start with this far dress it doesn't change anything which is probably the case from for you know still for some few weeks to come it will work with ipv6 oh here with what's going on is that instead of of saying you know PF inet where I finite we're saying inspect which means I don't care could be a finite AF i need six and i'm ready for it and so so we are using also gather info which is a much richer ap is and then get us by name and here we're saying hey okay we want you know www calm and you know HTTP and we want to hinge back and the result back and here depending of what we're getting back and the for loop here you know we don't even look at the fact it's an ipv4 and ipv6 which is okay can i connect with what i get is a result from my dns query if I can you know I don't care which protocol it is I just do a connect with that so I know this is not really you know it sounds really a real-life application and everything but from from the developer point of view and most of you here are developers the before v6 doesn't really matter once you get you know you get to your to your application because you're just trying to deal with TCP right or us or UDP whatever you're doing you know if you buy just restructuring your curl a little bit and making you know aware of like okay you know my address and I'm getting maybe more than four bytes because it could be an ipv6 address and it's going to be 128 bits you know by taking some simple steps you can make sure that your application is the six and while mint here is this code today you turn off ipv4 in Japan in a device as those little thermometer that just do IP you know this succeed that no v-force back at all you try to connect to the device here you'll connect you'll try first in before or it's a DNS doesn't give you a v4 address you know back it will give you back a g6 address the link local address much you know probably and so you'll connect to that to that address here and you code will work what no matter what you know if it's v4 or v6 you don't care so that's just a little you know thing to try to get you guys aware of ipv6 and ow it doesn't have a lot you know to do that and and it's easy to just to just change to just change your code to to get to ipv6 sorry so that was my little ipv6 talk so now we what we're going to do here in this in this in this session is we talked about what's new in Tiger for the Coronet working in Mac OS 10 now we will go back a little bit and do a review of the different level of API we have it available for you guys and in which level you know me make more sense and then another to do your application and to get the most of the system so we're going to this kind of diagram here showing at the bottom here is a kernel where we just put the networking stack because we don't really care about the right so in the in the kernel we talked about the fact that you can do this a kpi and there's a full session about this but for most people on user space you know we see we think about the bsd socket because we're unix page and the eye socket is like some two models there but there is a lot of more things that are based on the socket API are also things that we see here on the side like the dns service discovery of the stem configuration or look at the which you know that does the name resolution that you can use and enjoy a TI provided so we'll go through those so as a reminder here so the bsd socket but we talked about the dns service discovery the system configuration when you can do network setup network which ability you know the connection dial up and also at the higher level the framework networking api which go see a socket yes network's the proxy SSL and the network diagnostics foundation URL and ultimately at the top of the stack here WebKit so we'll go and have a little talk about every single of those there's the socket so that's a core programming interface everything in New Zealand is pretty much based on that there's you know that set the main wall interface and the native interface of the system why provided fundamental networking API i highly recommend you know reading the stevens book if you want to go to all the details of the socket API it's a very rich API a lot of things in there you get you know it can be complicated but this is how you get the most out of the system you do that when you want performance and total control if you're doing a server application and you don't really care about all you know nicely uie sinks and you just want to have raw power you know I would recommend using sockets because sockets is will you like the closer look closest you can get to them to the networking so performance total control you can use you still can use things like select or cake use for doing a synchronous operation one of the things that people tend to think that socket is like oh ok well I'm doing a socket operation and doing your read and blocked and my stratus block and chill until data come back well that's one way of fusing sockets but you can also use it in an asynchronous way and there is some way to do that but that's you have a lot of control a lot of things in the socket and there's plenty of books explaining what to do but it's a little bit can be a little bit complicated also from from the socket layer what we do is we provide low level access to some of the I was talking earlier when we are talking about kernel extensions network channel expansion that we would like you to avoid to all you know possible you know as much as possible to to go in the kernel and get you on Chrome extension because it's messy and it's you know it's dangerous and everything so we provide low level access to a bunch of stuff from the socket API things like ipsec or we get thng RV which is a way to get directly to the interface I think I have a fly on that and that's that's that's where you want to use suck it also a good way to use socket is the compatibility and portability we we said before word based on freebsd pretty much a tool that is using you know some BS DC ism in terms of the networking it's got a compile and be working pretty much without any touching it you know on a Mac os10 because of the bsd socket and you're using sockets in and we respect that that padding here so bsd socket really low level but gives you full control that's where you want to use it so the resolver library so wide that it does pain to address resolution of course that's said the thing you know it's known for because in the network to Eugenia server and get get all those a quad a whatever all those records at that you're getting and giving that there's also service location and a bunch of other stuff actually for the resolver library you know yeah the service and you can get you know things from EDC host and all those kind of things so it goes hand in hand with a socket API this is a kind of the same level using socket API but it's pretty low level kind of kind of fun you know access to to to the to the network and the configuration as we said before it gets full ipv6 support so you can do query for qwali or you can everything is ready for ipv6 we do the left work last year to get that done it used by nine which is you know of course a big standard and we do as a split dns report so that means that as a developer here you can have several resolvers you can you can make it have several resolver so for one part the things we can say hey and i want to resolve you this resolver to get the information because i'm on some internal network and i know that in my you know a closed land here i want to use this resolver that's going to resolve the address of you know my coworker two cubes down the line here and that dns is not you know public out there so i want to use that set resolver so so the query can be dispatched to the appropriate server depending of of the type of the question one of the things that we get into split gnf support here another level of API which was kind of on the side here as the network are rich ability API so it can check so what's you for that you can check the name or the address or an address a pair and basically be notified when the rich abilities change so you won't be on the road on the probability monk you don't get any network access because you far from starbucks and now you gettin rich and and now your network reach ability change because you have you have connectivity and everything and so this city i will tell your application your mail application or from higher level application hey now it's a good time to to send some data because you have you have said that hose that you're trying to reach is there at this point i can i can see it again go through it so yeah it's unify a set of disparate information that I kind of you know kind of piecemeal information all over the place and it gives you a connection status also so I ain't get both a synchronous and asynchronous mode to use so dns service discovery so oops guess pmf to discover services I'm sure you're all the world with whittles rendezvous functionality so I'm not going to go into detail on this but you get the rent of API you know where you can name and register your services you can browse for services and you can you know resolve in the service to address so for more things about rendezvous go to the wonderful session Friday pfn grv socket and goes for it so from from user space you you have some kind of very low level access so we're using it in the 80 to 1 X implementation where basically we're going directly to the interface through this level without being you know encumbered by being in the kernel and being a kind of extension it you know if you're trying to do let's say you know stack user space or something like that you can use that to you know for something like tech net or IP XO everything it's a good way you're getting really direct access to the interface while being in user space there's some other solution to do that also that we're not going to talk too much the diverse sockets which are used by the net so that's an as a way to get packets from a different level in user space and yeah it's pressure the verse a Chrome extension so we talked about all the things kind of in blue here and now we'll talk really briefly on them the things that are built on top of the socket and all the services that are probably for a lot of developers the right solution to use because they're provide some higher-level they hide some of the complexity of you know of the implementation and the needs of the socket and sometimes you just want to get any URL you don't really care about you know how to get there and managing all the networking side of it so we have this so the higher-level frameworks here it's pretty much too kind of glue the big blue which is in between an application like Safari and the raw beauty socket which are you know what we're based on so at you know building from building the stacks from from the bottom here the first level is core foundation the core foundation is really close to it and confrontation is if you don't you know some this is a suggestion overview of what swayed that here but basically the big thing is it's based on the CF one loop and the CF front loop if your application is using the run loop you know that it basically provides a basic asynchronous mechanism where all the network operation instead of dealing with the socket directly I kind of integrated into run loop so yeah I generalized a nephron loop and the carbon events are also based on the cs network Reynold so the CF socket it's it's a very still very low level and it basically connect so to the run loop so you can create your own pocket and then put them in the run opener or do some operations till you have a lot of control in the socket at this point but but kind of integrated with the CF when Luke model it yeah it literally handled any socket the CH stream it's a it's that's a basic screen abstraction here you know signal the client gather round loop when when two bytes come in so again if you're trying to be still close to the socket and kind of have some control but you want to take advantage of some of the run good functionality you know CS trains might be a good a good way to do that and yeah for things that are using stream of course like you know like TCP or yeah the client side pockets are a good way to use this yes dream building on top of that we have yes network so CF network what it does is it provides from protocol implementation so here you don't really care about dealing with your own circuit or your own protocol or something all you want is HTTP service through your application or FTP or using SSL you know things like that or even you know things like probably i uz the CF network or doing some dns resolution you get that to get access to that to the cs network you know framework give you full control still all the protocol details i exposed like HTTP you know you really have to understand what's going on and what kind of request you can you know create or what kind of response you might get when you're using the CF network so it's still very very core but you you need to you don't need to have all the detail and do your own implementation of HTTP if you want or ftp so you control each read and write and you also control the sweating policy which might be important depending what you're doing an application that's that's a good level when you want to control but not you know too much going into the detail CF network is a good layer to base your application on so if you continue building hut iran what's going on between busy socket and down and in safari we see the foundation URL API so i provide more higher level things here so full feature you know set of URL loading so there you really don't care in this case URL and get the result back you don't care what's going on on the network side all the layers underneath you are going to take care of that you know it makes most of the choices for you you don't have to give a lot of details a lot of an option everything it's going to do the right thing asynchronous it's based on callbacks you know API so for somebody would just want to get the file get the URL that's probably the right the right answer here and also one of the good thing about this foundation nsurl is that it's extensible bicep classics we can sub class one of the you know one of the primitive here and get and get your own you know version of it you know depending what you're doing give you know advanced features authentication caching and cookie storage and management also at this level and when we get on top of that you know ultimately you know pretty much sorry you get to the WebKit so the WebKit is the last layer which was last year and it gives you know very little control but you know we do everything for you there so it's really really far away from the networking you know I Sakura we're talking about earlier in the session but you know it gets pluggable architecture new document type you know a lot of things and you know this is really so far away from what I'm doing so I'm not going to go into too much details if you want to know about more about the CF network and all those layers here I highly recommend probably looking at the CD at this point cassette was yesterday to go to Becky session the modern networking using CS networks that's that's that will talk about all those layers on top of years being much much greater detail than I can do here because we're running out of time so too after this I just like you know goodbye a slide here for some of the difficult a P is that we have in mac OS 10 first first thing the nke PDF you know the old programming you know information about what to do for networking extension it's gone we talked about you know we're changing all that go to the session this afternoon we'll go into more detail but don't use that anymore don't use your KPI there see all the network and kpi's the gun they won't open transport API well you know yes network or the sockets and provide more flexibility they've been there for a while will you forget depreciating them so if you can you know stop using it in your new application all those kind of thing appletalk API same thing with with kept in apples are clamping you know around in mac OS 10 for a long while it's still there but the appletalk api's are deprecated now we get we think we have like a good solution now with with rendezvous for service discoveries there is no more need for doing any new things and Apple talk so Apple talk ap eyes are getting deprecated and with that I'd like to point you to some more information we'll contact you know crikey ously is a or I'll net technology evangelist so using as a contact point and also there is a Mac networking network programming and mailing list that you can access and there is a bunch of things on you know reference documentation here and all on the ABC website so I'm not going to go into detail them on that flight but pretty much you go to the ADC networking and you'll feel that