* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download chapterw4
Wireless security wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Distributed firewall wikipedia , lookup
Deep packet inspection wikipedia , lookup
Network tap wikipedia , lookup
Internet protocol suite wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Computer network wikipedia , lookup
Airborne Networking wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Zero-configuration networking wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Packet switching wikipedia , lookup
Routing in delay-tolerant networking wikipedia , lookup
UniPro protocol stack wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Chapter 3: Networking and Internetworking • • • • • Introduction Types of network Network principles Internet protocols Network case studies: Ethernet, wireless LAN and ATM • Summary Revision on Networking Network performance measures • l = length of signal path in communication medium (metres) • v = signal propagation speed in the medium (metres/second) • L = average length of frame or packet (bits) • C = transmission rate (bits/second) • Propagation delay = l / v , in seconds • shows how long a bit takes to propagate along the path • Transmission time = L / C , in seconds • shows how long it takes to get packet onto the medium • Throughput: how fast data can pass a certain point • can be measured in bits/second, packets/second, … • Efficiency is related to throughput, e.g. • efficiency = throughput (in packets/sec) * packet transmission time Ex1 Consider an optical fibre 3000 km long with transmitter transmitting at 1.5 Gbps (1 Gbps = 1 000 000 000 bps). The signal propagation speed in optical fibre is approximately 200 000 km/sec. Suppose packet switching is being used with a packet length of 2000 bits. • What is the bit propagation delay along the fibre ? • What is the packet transmission time here ? • How many packets have been transmitted and are propagating over the fibre when the first bit reaches the destination ? Ex2 • Consider a route in a store-and-forward network going through 8 intermediate nodes. The packets contain 1000 bits and are transmitted at 64 kbps. Assume propagation delays over the links are negligible. As a packet travels along the route, it encounters an average of 5 packets when it arrives at each node. How long does it take for the packet to get to the receiver if the nodes transmit on a “first come first served” basis ? • At each intermediate node, 6 packets must be transmitted in order for “our” packet to be transmitted: our packet finds 5 packets ahead of it, which will be transmitted first due to the “first come first served” policy. • • • What is the bit propagation delay along the fibre ? What is the packet transmission time here ? How many packets have been transmitted and are propagating over the fibre when the first bit reaches the destination ? Ex3 150 nodes are connected to a 1000 metre length of coaxial cable. Using some (unspecified) protocol, each node can transmit 70 frames/second, where each frame is 1000 bits long. The transmission rate at each node is 100 Mbps. • What is the per-node throughput ? • What is the total throughput (of the 150 nodes) ? • What is the efficiency of this protocol ? Internetworking • Internetwork – integrate many subnets that use different network technologies • Requirements – Unified internetwork addressing scheme that enables packets to be addressed to any host connected to any subnet – A protocol defining the format of internetwork packets and giving rules according to which they are handled – Interconnecting components that route packets to their destinations in terms of internetwork addresses, transmitting the packets using subnets with a variety of network technologies Internetworking • Internetwork – integrate many subnets that use different network technologies • Requirements – Unified internetwork addressing scheme that enables packets to be addressed to any host connected to any subnet – A protocol defining the format of internetwork packets and giving rules according to which they are handled – Interconnecting components that route packets to their destinations in terms of internetwork addresses, transmitting the packets using subnets with a variety of network technologies Internetworking components • Router – Conduct routing, additionally link networks of different types • Bridge – link networks of different types, but not conduct routing • Hub – Connect hosts and extend segments of Ethernet and other broadcast local network • Switch – Perform similar function to router, but for LANs only Chapter 3: Networking and Internetworking • • • • • Introduction Types of network Network principles Internet protocols Network case studies: Ethernet, wireless LAN and ATM • Summary Internet protocols • Protocol layers (n1) – TCP(UDP)/IP,(n2) web [HTTP], Email [SMTP,POP], news [NNTP], FTP, SSL, etc • Exceptions to the universal adoption of TCP/IP – The use of WAP for wireless applications on portable devices – Special protocols to support multimedia streaming applications • Heterogeneous underlying networks support – The success of TCP/IP: independence of the underlying transmission technology (n3) – E.g., IP over ATM, IP over Ethernet, IP over PPP, etc Internet protocol layers Message Layers Application Messages (UDP) or Streams (TCP) Transport UDP or TCP packets Internet IP datagrams Network interface Network-specific frames Underlying network IP addressing • Schemes for naming and addressing hosts and for routing IP packets to their destination is challenging. • Requirement: – It must be universal – It must be efficient – The addressing scheme must lend itself to the development of routing scheme • The scheme – A 32-bit numeric identifier containing a network identifier and a host identifier – There are four allocated classed of Internet address-A,B,C,D Internet address structure Clas s A: Clas s B: 0 7 24 Netw ork ID Host ID 1 0 14 16 Netw ork ID Host ID 21 Clas s C: 1 1 0 8 Netw ork ID Host ID 28 Clas s D (multicast ): 1 1 1 0 Multicast address 28 27 Clas s E (reserved): 1 1 1 1 0 unused Decimal representation of Internet addresses octet 1 octet 2 Network ID Class A: octet 3 Host ID 1.0.0.0 to 1 to 127 0 to 255 0 to 255 Network ID Class B: Range of addresses 128 to 191 0 to 255 127.255.255.255 Host ID 0 to 255 0 to 255 0 to 255 128.0.0.0 to 191.255.255.255 Network ID Class C: 192 to 223 0 to 255 Host ID 0 to 255 1 to 254 192.0.0.0 to 223.255.255.255 Multicast address Class D (multicast): Class E (reserved): 224 to 239 0 to 255 0 to 255 1 to 254 240 to 255 0 to 255 0 to 255 1 to 254 224.0.0.0 to 239.255.255.255 240.0.0.0 to 255.255.255.255 Two steps were taken: IPv6, Classless interdomain routing (CIDR) IP protocol • Transmits datagrams from one host to another, if necessary via intermediate routers – Unreliable (best-effort) delivery semantics • packets can be lost, duplicated, delayed or delivered out of order – Address resolution: Address Resolution Module(ARP) • IP address -> Ethernet address mapping, (IP address, Ethernet address) pairs cache on each host header IP addres s of s ource IP addres s of des tination up to 64 kiloby tes data [1] Addressing • [1] How to find if destination is in the same network ? – IP address = network ID + host ID. • Source and destination network IDs match => same network (I.e. direct connectivity) – Splitting address into multiple parts is called hierarchical addressing Network Boundary Host IP Forwarding: Example Scenario routing table in A Dest. Net. next router Nhops 223.1.1 223.1.2 223.1.3 IP datagram: misc source dest fields IP addr IP addr data datagram remains unchanged, as it travels source to destination addr fields of interest here A 223.1.1.4 223.1.1.4 1 2 2 223.1.1.1 223.1.2.1 223.1.1.2 223.1.1.4 223.1.2.9 B 223.1.1.3 223.1.3.1 223.1.3.27 223.1.2.2 223.1.3.2 E IP Forwarding (Direct) Dest. Net. next router Nhops misc data fields 223.1.1.1 223.1.1.3 223.1.1 223.1.2 223.1.3 Starting at A, given IP datagram addressed to B: look up net. address of B find B is on same net. as A link layer will send datagram directly to B inside link-layer frame B and A are directly connected A 223.1.1.4 223.1.1.4 1 2 2 223.1.1.1 223.1.2.1 223.1.1.2 223.1.1.4 223.1.2.9 B 223.1.1.3 223.1.3.1 223.1.3.27 223.1.2.2 223.1.3.2 E IP Forwarding (Indirect): Step 1 Dest. Net. next router Nhops misc data fields 223.1.1.1 223.1.2.2 223.1.1 223.1.2 223.1.3 Starting at A, dest. E: look up network address of E E on different network A, E not directly attached routing table: next hop router to E is 223.1.1.4 link layer sends datagram to router 223.1.1.4 inside link-layer frame datagram arrives at 223.1.1.4 continued….. 223.1.1.4 223.1.1.4 1 2 2 A 223.1.1.1 223.1.2.1 223.1.1.2 223.1.1.4 223.1.2.9 B 223.1.1.3 223.1.3.1 223.1.3.27 223.1.2.2 E 223.1.3.2 IP Forwarding (Indirect): Step 2 misc data fields 223.1.1.1 223.1.2.2 Arriving at 223.1.1.4, destined for 223.1.2.2 look up network address of E E on same network as router’s interface 223.1.2.9 router, E directly attached link layer sends datagram to 223.1.2.2 inside link-layer frame via interface 223.1.2.9 datagram arrives at 223.1.2.2 Dest. next network router Nhops interface 223.1.1 223.1.2 223.1.3 A - 1 1 1 223.1.1.4 223.1.2.9 223.1.3.27 223.1.1.1 223.1.2.1 223.1.1.2 223.1.1.4 223.1.2.9 B 223.1.1.3 223.1.3.1 223.1.3.27 223.1.2.2 223.1.3.2 E The Internet Network layer Host, router network layer functions: Transport layer: TCP, UDP Network layer IP protocol •addressing conventions •datagram format •packet handling conventions Routing protocols •path selection •RIP, OSPF, BGP routing table ICMP protocol •error reporting •router “signaling” Link layer physical layer IP Addressing: introduction • IP address: 32-bit identifier for host, router interface • Interface: connection between host, router and physical link – router’s typically have multiple interfaces – host may have multiple interfaces – IP addresses associated with interface, not host, router • Hosts in the same network have same network ID 223.1.1.1 223.1.2.1 223.1.1.2 223.1.1.4 223.1.1.3 223.1.2.9 223.1.3.27 223.1.2.2 223.1.3.2 223.1.3.1 223.1.1.1 = 11011111 00000001 00000001 00000001 223 1 1 1 IP Address Formats • Class A: Class B: Class C: Class D: 0 Network 1 7 bits 10 Network Host 2 14 16 bits 110 Network Host 3 21 8 bits 1110 Multicast Group addresses 4 28 bits Class E: Reserved. Router Host 24 Router Subnet Addressing • Classful addressing inefficient: Everyone wants class B addresses • Can we split class A, B addresses spaces and accommodate more networks ? – Need another level of hierarchy. Defined by “subnet mask”, which in general specifies the sets of bits belonging to the network address and host address respectively Network Host Boundary is flexible, and defined by subnet mask IP routing • Routs packets from source to destination – Internet topology: Autonomous System, Areas(n1) – Routing algorithms: • RIP -1 • RIP-2 • Open Short Path First (OSPF) – Default routes: trade routing efficiency for table size – Classless interdomain routing (CIDR): create subnet by means of subdividing address or aggregating addresses by mask field, e.g. 162.105.203.0/24 Future of IP • IPv6(n1) – 2128 (3*1038) addresses, 1000 IP addresses per square meter of the Earth’s surface – Routing speed : no checksum, no fragmentation – Real time : priority and flow label which is used to reserve resources – Extension header ( information of router, authentication, etc), – multicast and anycast – Security through extension header type • Migration from IPv4: – IPv6 router island, – depend on economics IPv6 header layout Version (4 bits) Priority (4 bits ) Pay load length (16 bits ) Flow label (24 bits) Next header (8 bits) Sourc e address (128 bits ) Destination addres s (128 bits ) Hop limit (8 bits) The MobileIP routing mechanism Sender Subsequent IP packets tunnelled to FA Mobile host MH Address of FA returned to sender First IP packet addressed to MH Internet Foreign agent FA Home agent First IP packet tunnelled to FA TCP and UDP • Use of ports – Provide process-to-process communication • UDP features • TCP features UDP features • Connectionless • Datagram delivery – A UDP datagram is encapsulated inside an IP packet, up to 64kb in size • Con – unreliable delivery due to unreliable IP • Pro – minimal additional cost and transmission delays TCP • Connection oriented – two side must shake hands to establish a bi-directional communication channel • Message delivery – Deliver arbitrary long sequences of bytes via stream-based programming abstraction – Sequencing: divide stream into data segments, sequence number on each segment – Checksum: cover the header and the data in the segment • Flow control – Receiver send the highest number of received segment and window size to sender by acknowledge message – Buffering: receiver buffer and sender buffer used for flow control – In interactive application, receiver inform sender when timeout or the buffer reaches the MTU limit – Retransmission: retransmit the segment when no acknowledgement within a specified timeout Domain names • Symbolic names for hosts and networks – upm.edu.my • The DNS would not workable without the extensive use of caching. Firewall • The purpose of a firewall is to monitor and control all communication into and out of an intranet – including service control, – behavior control – and user control • Filter approaches (n1) – IP packet filtering, e.g. router/filter – TCP gateway, e.g. bastion – Application level gateway, e.g. telnet proxy process • Virtual private networks (VPN) – Secure connections located at different sites using public Internet links – By the use of cryptographically protected secure channels at the IP level Firewall configurations a) Filt ering router Rout er/ f ilter Protect ed intranet Internet w eb/f tp s erv er b) Filt ering router and bastion R/ f ilter Bast ion Internet w eb/f tp s erv er c ) Sc reened s ubnet f or bas tion R/ f ilter Internet w eb/f tp s erv er Bast ion R/ f ilter Chapter 3: Networking and Internetworking • • • • • Introduction Types of network Network principles Internet protocols Network case studies: Ethernet, wireless LAN and ATM • Summary Ethernet • IEEE 802.3[Xerox 1973] – Carrier sensing, multiple access with collision detection – Frame broadcasting – Bandwidth: 3m -> 10m -> 100m -> 1000m • Ethernet packet layout (n1) – 248 different addresses • Packet collisions – Carrier sensing • wait until no signal is present then transmit – Collision detection • When transmit through output port, also listen on the input port, and compare the two signals, If differ, send jamming signal – Back-off • wait a time n before retransmitting, n: a random integer Ethernet frame layout 7bytes 1byte preamble S 6 bytes 6 bytes Destination address 2 bytes Source Length address of data 46 bytes ≤ length ≤ 1500bytes Data for transmission 4 bytes Frame check sequence Ethernet … continued • Ethernet efficiency – Efficiency = number of packets transmitted successfully / theoretical maximum number without collision – Affected by • A finite time for a signal inserted at a point in the media to reach all other points • number of stations on the network • stations’ level of activity Wireless LAN • Wireless LAN types – Infrastructure network, e.g. IEEE 802.11 (n1) – Ad hoc network: network built on the fly • Collision detection failures in 802.11 – Hidden stations: carrier sensing fail to detect that another station on the network is transmitting, lead to collision at base station – Fading: the strength of radio signals diminishes rapidly with the distance from the transmitter, so that defeating both carrier sensing and collision detection – Collision masking Wireless LAN configuration A B C Laptops radio obs truction Palmtop Server D E Wireless LAN Base s tation/ acc es s point LAN 802.11 introduction • Slot reservation added to the MAC protocol in 802.11 1. Firstly, sense the medium, if no carrier signal, then • • • 2. Sender send a RTS (Request To Send) frame to receiver; Receiver reply a CTS (Clear To Send) frame to sender. The effect of the exchange is • • 3. medium is available an out-of-range station is in the process of requesting a slot an out-of-range station is using a slot the station within range of sender will pick up the RTS frame and take note of the duration the station within range of receiver will pick up the CTS frame and take note of the duration Begin to transmit 802.11 introduction … continued • 802.11 avoid collisions in ways – CTS frames avoid the hidden station and fading problem – If RTS/CTS is corrupted, then a back-off period is used – When RTS/CTS exchange correctly, there is no collisions in the following communication except intermittent fading prevents a third party from receiving either of them • Security in 802.11 – Shared-key authentication mechanism – XOR operation on the base of shared key to prevent from eavesdropping Asynchronous Transfer Mode networks (ATM) • Deploy ATM on top of other networks – Can be implemented over existing digital telephony networks, Bandwidth from 32 kbps (voice) to 622mbps – Native mode: Over optical fiber, copper and other transmission media, bandwidth up to several gigabits per seconds • ATM layers (n1) – Adaptation layer • end-to-end layer implemented at the sending and receiving host – ATM layer • connection-oriented service that transmits fixed length packets called cells, avoid flow control and error checking at the switching, provide bandwidth and latency guarantees • VC (virtual channel): a logical unidirectional association between two endpoints of a link in the physical path from source to destination • VP (virtual path): a bundle of virtual channel that are associated with a physical path between two switching nodes ATM protocol layers Mess age Lay ers Applic ation Higher-lay er protoc ols ATM adaption layer ATM cells ATM layer ATM virtual channels Phy sical ATM… continued • The nodes in a ATM network can play three distinct roles (n1) – Hosts: send and receive messages – VP switches: hold tables showing the correspondence information between incoming and outgoing VPs – VP/VC switches: correspondence information for both VPs and VCs • ATM cell: 5-bytes header and a 48-byte data field Header: 5 by tes Virtual path id Virtual channel id Flags 53 bytes Data Switching virtual paths in an ATM network Host VPI = 2 VPI = 3 VPI = 4 VPI in VPI out 2 3 VP/VC s w itch VP sw itch 4 5 VPI = 5 VP sw itch Host VPI : virtual path identifier Virtual path Virtual channels Chapter 3: Networking and Internetworking • • • • • Introduction Types of network Network principles Internet protocols Network case studies: Ethernet, wireless LAN and ATM • Summary Summary • Layered protocols – 7 layers in OSI model / 5 layers in the Internet • Delivery approach – Packet switch, frame relay • Routing mechanism – distance vector / link state • Congestion control • The Internet – TCP/IP • Network cases – Ethernet, WLAN, ATM OSI protocol summary Layer Description Examples Application Protocols that are designed to meet the communication requirements of specific applications, often defining the interface to a service. HTTP, FTP , SMTP, CORBA IIOP Presentation Protocols at this level transmit data in a network representation that is independent of the representations used in individual computers, which may differ. Encryption is also performed in this layer, if required. Secure Sockets (SSL),CORBA Data Rep. Session At this level reliability and adaptation are performed, such as detection of failures and automatic recovery. EJB Transport This is the lowest level at which messages (rather than packets) are handled. Messages are addressed to communication ports attached to processes, Protocols in this layer may be connection-oriented or connectionless. TCP, UDP Network Transfers data packets between computers in a specific network. In a WAN or an internetwork this involves the generation of a route passing through routers. In a single LAN no routing is required. IP, ATM virtual circuits Data link Responsible for transmission of packets between nodes that are directly Ethernet MAC, connected by a physical link. In a WAN transmission is between pairs of ATM cell transfer, routers or between routers and hosts. In a LAN it is between any pair of hosts. PPP Physical The circuits and hardware that drive the network. It transmits sequences of Ethernet base- band binary data by analogue signalling, using amplitude or frequency modulation signalling, ISDN of electrical signals (on cable circuits), light signals (on fibre optic circuits) or other electromagnetic signals (on radio and microwave circuits). Distance-Vector Routing table for the network Routings from A To Link Cost A local 0 B 1 1 C 1 2 D 3 1 E 1 2 A Hosts or local networks Routings from B To Link Cost A 1 1 B local 0 C 2 1 D 1 2 E 4 1 1 3 Routings from D To Link Cost A 3 1 B 3 2 C 6 2 D local 0 E 6 1 B 2 Links 4 C 5 D 6 Routings from C To Link Cost A 2 2 B 2 1 C local 0 D 5 2 E 5 1 E Routers Routings from E To Link Cost A 4 2 B 4 1 C 5 1 D 6 1 E local 0 Psudo-code for RIP routing algorithm Send: Each t seconds or when Tl changes, send Tl on each non-faulty outgoing link. Receive: Whenever a routing table Tr is received on link n: for all rows Rr in Tr { if (Rr.link <> n) { Rr.cost = Rr.cost + 1; Rr.link = n; if (Rr.destination is not in Tl) add Rr to Tl; // add new destination to Tl else for all rows Rl in Tl { if (Rr.destination = Rl.destination and (Rr.cost < Rl.cost or Rl.link = n)) Rl = Rr; // Rr.cost < Rl.cost : remote node has better route // Rl.link = n : remote node is more authoritative } } } Simplified view of the QMW Computer Science network Campus router 138.37.95.240/29 subnet 138.37.95.241 router/ firewall hammer Staff subnet Student subnet 138.37.88.251 138.37.88 compute server 138.37.94.251 Eswitch file server/ gateway Eswitch bruno 138.37.88.249 % 138.37.94 custard 138.37.94.246 dialup server henry 138.37.88.230 printers other servers file server hotpoint 138.37.88.162 web server copper 138.37.88.248 hub desktop computers Campus router 138.37.95.248/29 subnet hub 138.37.88.xx desktop computers 138.37.94.xx sickle 138.37.95.249 router/ firewall 100 Mbps Ethernet 1000 Mbps Ethernet Eswitch: Ethernet switch Tunnelling IPv6 encapsulated in IPv4 packets IPv4 network A IPv6 IPv6 B Encapsulators IP encapsulated in PPP packets PPP network A IP IP Encapsulators B ATM cell layout Header: 5 by tes Virtual path id Virtual channel id Flags 53 bytes Data