* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Chapter 18 - William Stallings, Data and Computer
Wireless security wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Network tap wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Distributed firewall wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Airborne Networking wikipedia , lookup
Computer network wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Deep packet inspection wikipedia , lookup
TCP congestion control wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Internet protocol suite wikipedia , lookup
Real-Time Messaging Protocol wikipedia , lookup
Routing in delay-tolerant networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Internet Protocol and Applications Addressing ‘Routing is part of IP, router needs to interpret addresses’ Format: server. institution. domain => Not an actual Internet address => Identifies a host computer / server owned by an institution that is connected to an internet => Domain does not have geographic significance Address identifies the following using 32-bits: - Participating network - Node ID within the network IPv4 Address Formats IP Addresses - Class A start with binary 0 all 0 (in first octet) is reserved 01111111 (127) (in first octet) is reserved range 1.x.x.x to 126.x.x.x all allocated Very large networks IP Addresses - Class B start with binary 10 range 128.x.x.x to 191.x.x.x second octet also included in network address 214 = 16,384 class B networks all allocated Fairly large IP Addresses - Class C start with binary 110 range 192.x.x.x to 223.x.x.x second and third octet also part of network address 221 = 2,097,152 networks nearly all allocated Relatively small IP Addresses - Class D Multicast addressing: one address for one group. Example Uses: - Software updates to installed machines - video stream to selected users ‘Routing is different from uni-cast routing’ Classless Addresses 32-bit addressing has limitations. Example: Class B assigned, network has 1000 machines => Huge unused addresses Alternative: assign a group of class C networks Problems: - Burden to plan for growth (256-increments) - Additional routing table information (performance suffers) Classless Addresses Classless Inter-domain Routing (CIDR): - Does not fall into above classes - Number of bits defining the network number varies => Allows networks of varying sizes Commonly used for multiple class C networks. For 1000 nodes: 211.195.8.0 to 211.195.11.0 Classless Addresses Classless Inter-domain Routing (CIDR): => First 22-bits are the same => 22-bit network number, 10-bit local identifier ‘Router can extract the network number by AND operation using a subnet mask’ ‘several smaller groups into a larger group – super-netting’ => Fewer network numbers in routers Classless Addresses Classless Inter-domain Routing (CIDR): ‘Router needs to know the number of bits in the network ID’ Network address w. x. y. z is replaced by w. x. y. z / m m- number of bits in the network ID Subnet Mask Calculation Binary Representation Dotted Decimal IP address 11000000.11100100.00010001 .00111001 192.228.17 .57 Subnet mask 11111111.11111111.11111111 .11100000 255.255.255 .224 Bitwise AND o f address and mask (resultant networ k/subn et number) 11000000.11100100.00010001 .00100000 192.228.17 .32 Subnet numb er 11000000.11100100.00010001 .001 1 Host numb er 00000000.00000000.00000000 .00011001 25 Problems # Classify the following: 183.104.200.32, 210.20.34.100, 115.193.23.32 # IP address = 140.100.120.02, subnet mask = 255.255.224.0, network number? # Can 255.255.224.7 be a mask? # For 8000 IP addresses, find the number of class C networks needed and describe CIDR addressing scheme (subnet mask). Obtaining an Addresses Typical approach: client machine requests an IP address from the server, server runs a protocol: Dynamic Host Configuration Protocol (DHCP) that assigns an IP address from the list it maintains. Server is maintained by ISP or LAN manager. Internet Corporation for Assigned Names and Numbers (ICANN) – allocates IP addresses. Obtaining an Address Difficult to memorize IP addresses => get a host name registered Host name is stored in a distributed directory referenced by client programs Registration is done through an accredited registrar (ICANN accredits) www.google.com = 216.239.53.99 Domain Name System Translates text form of an address to the 32bit address. It is a distributed database. Why? Challenge is to manage millions of addresses among servers and to provide a quick translation. ‘Concept of domain eases this task’ DNS has hierarchical arrangement of organization. Domain Name System Root server edu com org mit tamu microsoft ieee acm … Host sends a request to the local name server - A. Process is complete if A can provide the translation. Domain Name System Else, A sends the request to another server B at a higher level. The process continues until the request is resolved. The translated address is stored in the local cache of all intermediate servers => avoids duplication of the complex translation process IP Header IP packets and Fragmentation Different fields of the IP packet – we covered Different network architectures allow different Maximum Transfer Units (MTU) IP packet length < MTU => smooth entire transfer. IP packet length > MTU => fragmentation. Identification, flags, offset fields aid the process of reassembly. Fragmentation Flag: More fragment bit (MFB) = ‘1’ for each fragment except the last. Do not fragment bit = ‘1’, server responds with error if IP packet length > MTU, used repeatedly to determine MTU Fragment offset field measures offset in units of 8 bytes. # IP packet of 4000 data bytes, MTU = 1400 bytes. Show fragments with offset, MFB. IP routing ‘Is based on routing tables stored at routers and the interpretation of IP addresses’ Physical address: one used by underlying physical network. Example: Ethernet addresses enclosed in IEEE 802.3 frames, these are 48-bit numbers assigned to the network interface cards Physical addresses have local significance but none at the global IP scale. IP routing IP packets are enclosed in frames if they travel through LAN, If the frame goes to a router, IP layer extracts the packet, examines address, determines where to send. If the packet needs to go to a machine in the attached LAN, IP puts it in a frame and sends it to the destination – direct routing. How to obtain the physical address? IP routing Dynamic Binding (Address Resolution Protocol): Router sends a broadcast-request with an IP address for a response of physical address. Appropriate device responds with physical address => stored in router-cache The cache needs periodic update to accommodate changes. Routers # Router 1 is connected to a network (LAN) with IP addresses 143.200.x.y Router 2 is connected to a network (LAN) with IP addresses 143.100.x.y Router 1 and Router 2 are connected. * Router 1 gets a packet with destination 143.200.10.5 => direct delivery => get physical address (using ARP or cache) => send a frame Routers * Router 1 gets a packet with destination 143.100.20.4 => not connected to the LAN => get the next hop (from routing table) => send the packet to router 2. After receiving the packet, router 2 follows the same process as described in the earlier case. ‘traceroute / tracert command can be used to display intermediate routers between the host and a specified destination’ Routers Issues: Finding the next hop: the router looks it up in the table, challenge is to look it up fast, otherwise, packets accumulate => cause delay => buffer overflow (in extreme case) Hash structure works fast for searching the table (Content Addressable Memory) Next hop entry is stored at a location generated from a hash function of the destination. Routers Issues: Finding the next hop: In that case there is no searching and next hop is found quickly. Moving packet from input to output port: Bus => simple, one at a time (slow) Switch => connects two end points, flexible connection, complex control Routers Issues: Scheduling packets for transmission => refers to order in which packets are transmitted, FIFO – simple, but Quality of Service dictates the priority of packets (mail versus real time audio) # Routers A, B, C connects 7 networks (total), each of A, B, C connects to three networks, only two networks connect to two routers, others to one each. How many common nexthop are in routing table of the middle router? Problems # What percentage of total IP addresses each class represents? # Network address = 192.168.100.0 Subnet mask = 255.255.255.192 How many subnets possible? How many hosts in each? # A company has six departments each having ten computers (or networked devices). Find the subnet mask for the network of each department. Problems # A CIDR address is specified as 192.168.100.0/25. How many host addresses are on the network? # Given the network address of 192.168.100.0 and the subnet mask of 255.255.255.192, find the number of subnets created and the number of hosts per subnet. Routing Using Subnets Multicast routing ‘One to selected many’ Internet Group Management Protocol (IGMP) – operates between a host and the local router - Allows the host to join and leave various multicast groups IP packets are used with protocol field = 2 to exchange messages. Router sends a query to find out group members. Multicast routing Host responds indicating it belongs / no more belongs to a particular multicast group (Identified by a class D address). The challenge is to convey this message to all routers and to implement some multicast routing algorithm. # Example network with multicast group hosts in selected networks - Only a few routers are of importance Multicast routing If only uni-cast packets are sent, number of copies are more, - through multicasting, source sends only a copy, then it is replicated only one for each network having multicast group members. => much less packets in the networks, significant difference in large groups. Router needs to know what to do with such a packet. - Multicast routing A spanning tree of routers can be formed that reaches all the hosts in a group – multicast tree. Different trees for different multicast groups – becomes very huge at global scale. => Very few IP routers support multicasting. Distance Vector Multicast Routing Protocol (DVMRP) uses Reverse Path Broadcasting (RPB). Multicast routing RPB assumes that a router knows the next link along the shortest path to a given node. Router action (after receiving a multicast packet): - Identify the source and the port where received - Look up the source in the routing table and find the next hop in a path to the source Multicast routing If the next hop corresponds to the port where the packet arrived, then send the packet over all other ports. - Otherwise, drop the packet. => Avoids packet-travel in loops (forward only to lead away from source) But, may still add redundancy in packettravel. Pruning is needed to limit the forwarding from a router. - Multicast routing When a router gets a multicast packet but has no group member attached, it uses IGMP with a prune message to the sender. => Sender no longer sends such packets. If a host subsequently joins the group, that router sends a Graft message for resumption of multicast packets. Example: Multicasting Other routing Resource Reservation Protocol (RSVP) - Deals with QoS over Internet - Embeds messages in IP packets (protocol field value 46) - Messages contain requests that certain resources be reserved to meet QoS, for example: buffer space. - A router chooses the maximum to satisfy several different requests. Other routing Internet Control Message Protocol (ICMP) - Is used for reporting errors and for providing router-updates on conditions that can develop in the Internet. - Protocol field = 1 Typical messages: Destination unreachable, Echo request, Echo reply. ICMP Message Formats Checksum One’s complement of 16-bit (one’s complement) addition of all 16-bit words in the header. one’s complement addition – carry added with LSB of result # Header with ten octets, checksum in the last two octets: 01 00 F6 F7 F4 F5 F2 03 00 00 - Find checksum and resulting header - Verify the checksum (final value = FFFFH) Why Change IP? Address space exhaustion two level addressing (network and host) wastes space network addresses used even if not connected growth of networks and the Internet extended use of TCP/IP multiple vs. single address per host requirements for new types of service IPv6 Enhancements expanded 128 bit address space improved option mechanism most options not examined by intermediate routers dynamic address assignment increased addressing flexibility Any-cast & multicast support for resource allocation labeled packet flows IPSec RFC 1636 (1994) identified security need encryption & authentication to be in IPv6 but designed also for use with current IPv4 applications needing security include: branch office connectivity remote access over Internet extranet & intranet connectivity for partners electronic commerce security IPSec Scenario IPSec Benefits provides strong security for external traffic resistant to bypass below transport layer, hence transparent to applications can be transparent to end users can provide security for individual users if needed IPSec Functions Authentication for authentication only Encapsulating a Header(AH) Security Payload (ESP) for combined authentication/encryption key exchange function manual or automated VPNs usually need combined function Transport Protocol ‘Defines what one device can say to another on behalf of the user – defines end user protocol’ ‘Reliable communication between sites with logical connection’ Connection management: establishing, maintaining, and ending a connection. Establishes parameters: sequence numbers used for bytes, number of bytes an entity can receive. Transport Protocol Entities exchange segments, do error checking, acknowledging, and flow control, leaving transmission details to lower levels. Establish connection: Two way handshake A – send connection request B – receive connection request, establish connection, send acknowledgement A – receive acknowledgement, establish connection Transport Protocol A and B exchange data and eventually disconnect. Problem: if the first request is delayed and eventually shows up at a much later time B thinks it as another connection. Worse: if some of A’s data were seriously delayed and finally arrived after the retransmitted one. Transport Protocol Three way handshake is used with initial sequence numbers each entity uses. A – send TCP segment with SYN = 1 and sequence = x B - send TCP segment with SYN = 1, acknowledgement = x+1 and sequence = y A – send TCP segment with acknowledgement = y+1 Transport Protocol – send TCP data segments, sequence beginning with x+1 and acknowledgements beginning with y+1 B – send TCP data segments, sequence beginning with y+1 and acknowledgements beginning with x+1 A TCP Header Transport Protocol Disconnect Protocol: A – receive a CLOSE primitive from the application, send TCP segment with FIN = 1 and sequence = p (current sequence count) B – receive disconnect request and notify the application of finished data, send TCP segment with acknowledgement = p+1 Transport Protocol – receive a CLOSE primitive from the application, send TCP segment with FIN = 1, and acknowledgement = p+1, sequence = q (current sequence count) A – send TCP segment with acknowledgement = q+1 B Transport Protocol Flow Control: - In TCP, sequence number refers to byte sequence, not packet / segment sequence - Each entity can alter the size of the other’s sending window dynamically using Window field. Flow control is implemented using credit mechanism (window advertisement) Transport Protocol A credit specifies the maximum number of bytes this entity can receive (and buffer) from the other entity. This is in addition to those already received and buffered. A – initial sequence = 100, can buffer upto 200 bytes (credit) B – initial sequence = 700, can buffer upto 200 bytes (credit) Transport Protocol Each segment contains 100 bytes. (All these have been agreed upon by three way handshake) A starts by sending two segments Data = …, s = 101, a = 701 Data = …, s = 201, a = 701 Waits for more credit. Transport Protocol B A responds by sending two segments Data = …, s = 701, a = 301, c = 0 Data = …, s = 801, a = 301, c = 200 responds by sending two segments Data = …, s = 301, a = 901 Data = …, s = 401, a = 901 (Credit restrictions also apply to B, omitted here for simplicity) Transport Protocol ‘Allows the protocol to be robust taking advantage of changing conditions to adjust credit’ # Identify applications requiring real-time quality of service. - Downloading audio files - Accessing a remote host - Watching a live training session - Watching a broadcast news Transport Protocol - using FTP to download small file - using FTP to download very large file # Assume: -TCP entities A, B have initial sequence numbers 400, 900 respectively - segment size = 100 data bytes, initial credit of each = 200 bytes. - each entity delivers a segment to the application, as soon as it receives => freeing up buffer Transport Protocol - A is capable of sending segments at interval of time T (starting at Time = 0) (permitting flow control) , B is capable of sending segments at interval of time 3T (starting at T = 1.5T) (permitting flow control) - Transmission time between A and B is negligible. Diagram showing segment exchange (D, S, A, C) upto time 12T. Transport Protocol In TCP’s flow control logic, an entity uses the credit field to determine when it can send new segments. What is the purpose of acknowledgement then? # # A network has an IP packet size of 128 bytes and maximum packet lifetime of 30s. If 8-bit packet sequence number is used, what is the maximum data rate achieved? Transport Protocol # Round trip time (RTT) between two hosts is 100 ms and both hosts use a TCP window of 32 Kbytes. What is the maximum throughput that can be achieved by TCP in this scenario? # Two hosts are connected by a 100 Mbps link and RTT between them is 1 ms. What is the minimum TCP window size in order to achieve maximum throughput between two hosts? (Assume no overhead) Transport Protocol # A host is receiving data from a remote peer by TCP segments with 1460 bytes of payload. Assume only TCP and IP header overheads for acknowledgements. If TCP acknowledges every other segment, what is the minimum uplink bandwidth needed to achieve data throughput of 1 Mbytes/sec? Transport Protocol TCP uses four timers Retransmission timer: Handles retransmission time - waiting time for an acknowledgement of a segment, controls a lost or discarded segment. Calculation of retransmission time: It should be variable and dynamically adjusted for each connection and may change during the same connection Transport Protocol It is based on RTT, most common is the following: retransmission time = 2 (RTT) RTT is calculated by measuring the time between sending a segment and receiving acknowledgement. Updated RTT = α (previous RTT) + (1- α) (current RTT). α is usually 0.9, for two consecutive RTT = 250 and 70µs, Updated RTT = 232µs, timer = 464µs Transport Protocol Problem: When receiving ACK for a retransmitted segment, sender does not know if it is for the original or for the second one Karn’s solution: do not consider RTT for a retransmitted segment to update RTT, consider only the ones with no retransmission. Transport Protocol Persist timer: deals with zero window-size advertisement - receiver sends a zero window ACK, sender stops - receiver sends an ACK with non-zero window but it is lost - both continue to wait (deadlock) Recovery: sender starts persist timer after receiving zero window ACK. Transport Protocol - when it times out, a probe segment is sent alerting the receiver that the ACK is lost and be resent. Keep-Alive timer: used in most implementations to prevent long idle connection, each time one end receive segment from other side, timer is reset, otherwise (after 2H) a probe is sent, after several probes terminates the connection. Transport Protocol Silly Window Syndrome: A serious problem occurs if : - the sending application creates data slowly - the receiving application consumes data slowly 1-byte data => 41-byte datagram (20-byte TCP header, 20-byte IP header) => huge overhead Transport Protocol at the sender’s end: Nagle’s Algorithm: - Sending TCP sends the first piece of data (even if 1-byte) - Sending TCP accumulates data in the buffer and waits for either an ACK or to fill a maximum size segment. Now, it can send the segment. - Above step is repeated for rest of the transmission. Solution Transport Protocol at the receiver’s end: Clark’s solution: To send an ACK as the data arrive but to announce window size of zero until there is enough space for maximum size segment or half-buffer is empty. Delayed ACK: Receiver waits until there is a decent amount of space in the buffer before sending ACK. It reduces traffic. Solution Transport Protocol # TCP is sending data at 1 Mbytes/sec. If the sequence number starts with 7000, how long it takes before the sequence number goes back to zero? Congestion Control flow control is also used for congestion control recognize increased transit times & dropped packets react by reducing flow of data RFC’s 1122 & 2581 detail extensions two categories of extensions: retransmission timer management window management Problems on Multicasting # Consider four interconnected (Ring topology) routers, each attached to only one network. Each network has 50 hosts belonging to a multicast group. If one host sends a packet to this group, find the following: - Number of packets (copies of the original one) travelling between routers if multiple ‘Unicasting’ is followed. Problems on Multicasting - Number of packets (copies of the original one) travelling between routers if ‘Multicasting’ is followed. Problems on Multicasting # Flooding implies that a router retransmits the packet to all outgoing interfaces except the one in which it was received. Packets have unique identifier so that a router does not flood the same packet more than once. For the network shown on slide 40, find the packets travelling on the links and the networks if flooding is used. Example: Multicasting Problem on Encryption # An encrypted message is: 20 5 21 3 49 4 49 3 4 15, k = 7 and n = 55. A through Z were initially coded as 1 to 26 and a blank (space) as 27. Decrypt this message using RSA. Transport Protocol Two / Three way handshake Flow / Congestion control Different Timers Silly Window