Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download PPT
Document related concepts
Asynchronous Transfer Mode wikipedia , lookup
Distributed firewall wikipedia , lookup
Deep packet inspection wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Computer network wikipedia , lookup
Internet protocol suite wikipedia , lookup
TCP congestion control wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Transcript
Course Review Outline • Networks: A top down view (for a change). • Other topics. • Security • QoS • Multicast • Questions? Final Review: 12/10/2001 2 Protocol Stacks The Open Systems Interconnection (OSI) Model. 7 Application Application Presentation 6 Presentation 5 Session Session 4 Transport Transport 3 Network 2 Data link 1 Physical Network Network Data link Data link Data link Physical Physical Physical Final Review: 12/10/2001 3 Browsing the Web 7 Web Browser Web Server 6 Presentation Presentation 5 Session 4 Transport 3 Network Session 2 Data link Data link 1 Physical Physical ? Transport Network Network Data link Data link Physical Physical Client Server Final Review: 12/10/2001 4 HTTP Request Example GET / HTTP/1.1 Accept: */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) Host: www.seshan.org Connection: Keep-Alive Final Review: 12/10/2001 5 HTTP Response Example HTTP/1.1 200 OK Date: Tue, 27 Mar 2001 03:49:38 GMT Server: Apache/1.3.14 (Unix) (Red-Hat/Linux) mod_ssl/2.7.1 OpenSSL/0.9.5a DAV/1.0.2 PHP/4.0.1pl2 mod_perl/1.24 Last-Modified: Mon, 29 Jan 2001 17:54:18 GMT ETag: "7a11f-10ed-3a75ae4a" Accept-Ranges: bytes Content-Length: 4333 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: text/html ….. Final Review: 12/10/2001 6 Single Transfer Example Client SYN 0 RTT Client opens TCP connection 1 RTT Client sends HTTP request for HTML Server SYN DAT ACK 2 RTT ACK DAT FIN Server reads from disk ACK Client parses HTML Client opens TCP connection FIN ACK 3 RTT Client sends HTTP request for image SYN SYN ACK DAT Server reads from disk ACK 4 RTT Image begins to arrive DAT Final Review: 12/10/2001 7 Persistent Connection Example Client 0 RTT Client sends HTTP request for HTML Server DAT ACK Server reads from disk DAT 1 RTT ACK Client parses HTML Client sends HTTP request for image DAT ACK Server reads from disk DAT 2 RTT Image begins to arrive Final Review: 12/10/2001 8 DNS Server • A DNS server is responsible for maintaining the name-address mapping in a specific domain. • E.g. cs.cmu.edu • The network manager can add, remove, or change mappings. • Computers can send requests to the server to translate a name into an address. • But how do you find the server? • Recursively contact the parent in the hierarchical name space • Caching is used to speed up the lookup of frequently used names. Other DNS servers cs.cmu.edu hawaii.cs.cmu.edu Final Review: 12/10/2001 128.17.4.174 9 Typical Exchange • Sender creates and initializes a socket. • Sender issues an open connection command. • Specifies destination IP and application port addresses • Sender blocks while connection is established • If the connection succeeds, data exchange can start. • Lots of things can go wrong: wrong addresses, receiver or network down. • Receiver creates and initializes a socket. • Receiver listens on the socket for a connection request. • Can sometimes restrict the type of connection • If receiver accepts the connection and the connection succeeds, data exchange can start. • Communication typically uses a different socket Final Review: 12/10/2001 10 Browsing the Web 7 Web Browser Web Server 6 Presentation Presentation 5 Session Session 4 Transport Transport 3 Network 2 Data link Data link Physical Physical 1 ? Network Network Data link Data link Physical Physical Client Server Final Review: 12/10/2001 11 Connection management Sender Receiver syn Open syn/ack Establish Initial Sequence Numbers ack Data fin ack fin Time Close ack Final Review: 12/10/2001 12 Reliability • Checksum guarantees end-end data integrity. • Sequence numbers detect packet sequencing problems: • duplicate: ignore • reordered: reorder or drop • lost: retransmit • Lost packets detected by sender. • uses time out to detect lack of acknowledgment • requires reliable roundtrip time estimate • Retransmission requires that sender keeps copy of the data until ACK is received. • performance issue Final Review: 12/10/2001 13 When to Send a Packet? • End-to-end flow control. • avoid buffer overflow on receiver • receiver advertizes a window size • Congestion control. • estimates amount of data that can be in network • implemented using the congestion window, slow start, and fast retransmit/recovery mechanisms • Efficiency considerations. • try to send large packets (if possible) • more efficient in the network and on end points • piggybacking of acks Final Review: 12/10/2001 14 Window Size versus Throughput Sender Receiver Time Throughput = Window Size Roundtrip Time Final Review: 12/10/2001 15 TCP Congestion Avoidance • Congestion avoidance limits how fast TCP can send data. • Implemented using a congestion window that limits how much data can be in the network • independent from flow control window • transmission is limited by minimum of the two windows • window grows in response to acknowledgement • Packet loss is seen as sign of congestion. • multiplicative decrease of the congestion window • have to cut back fast since cost of congestion is high • How do you detect when more bandwidth becomes available? • gradually increment congestion window (probing) • results in oscillation around congestion window size! Final Review: 12/10/2001 16 TCP Saw Tooth Behavior Congestion Window Initial Slowstart Timeouts may still occur Slowstart to pace packets Fast Retransmit and Recovery Final Review: 12/10/2001 Time 17 Browsing the Web 7 Web Browser Web Server 6 Presentation Presentation 5 Session Session 4 Transport Transport 3 Network 2 Data link Data link 1 Physical Physical ? Network Network Data link Data link Physical Physical Client Server Final Review: 12/10/2001 18 Hop-by-Hop Packet Forwarding in the Internet Host Ethernet Packets over SONET Mixed Ethernet Host 7 .. 3 2 1 Final Review: 12/10/2001 19 Addressing in IP v4 (Basic) • Each host has an Internet address. • Addresses are hierarchical. • address contains hint about location • Address space is divided in three classes of point-topoint addresses, multicast addresses, and some special addresses. type A B C D 1 2 3 4 network host 7 14 21 (multicast) 24 16 8 28 Example: 128.2.209.19 Final Review: 12/10/2001 20 Routing based on Network Identifier Net ID Next Net ID Next Net ID Next Net ID Next Forwarding Table Host Host AN 2 Host AN 4 ISP 1 ISP 2 Host AN 3 Host ISP 3 AN 5 AN 1 Host Net.Host Final Review: 12/10/2001 21 Problems with Simple Address Structure • Running out of addresses. • Especially true for mid-sized networks • Routing tables are becoming too big. • 100 of thousands of entries • Temporary solution: classless inter-domain routing. • Use address space more efficiently by relaxing the strict address structure, • length of network address is variable • generalization of subnetting idea • have internet service providers hand out blocks of addresses to their customers Final Review: 12/10/2001 22 Route Lookup with CIDR • Problem: with CIDR there can be multiple matches when looking up an address. • Can for example happen when a customer switches ISPs but keeps addresses • Solution: lookup is based on longest prefix match. 10110110 10110110 010 hosts hosts 10110110 010 0100011 • If there are multiple matches in the lookup, the longest match (longest netmask) wins Final Review: 12/10/2001 23 What Does Routing Do? Other routers • Routing protocol specifies how routers jointly collect information about the network. • Routing protocols must be standardized • Routing algorithm uses network information to select appropriate routes and to set up the routing table. • The data forwarding engine performs route lookup in the routing table. • through which interface should a packet be forwarded? Routing protocol Routing Protocol Routing Algorithms Final Review: 12/10/2001 Route Lookup 24 Dijkstra’s Algorithm (Link State) 5, E 5, E 3, F 3, F 5 B 1 6, B 6, B A 3 3 C 6, E F 2 3 2 D 4 4 E 2 2, F 6, E 6, E Final Review: 12/10/2001 25 Distance Vector Routing Example - A/3 A/3 A/3 - C/1 C/1 C/1 - D/4 C/2 C/2 A C D B C D - B/3 B/3 B/3 - C/9 B/4 B/4 - - B/7 B/5 3 4 1 A 9 A B D B C D 1 A B C - - B/7 C/5 - B/4 C/2 C/2 - C/1 C/1 C/1 - A/9 B/4 B/4 - B/1 B/1 B/1 - D/1 D/1 D/1 Final Review: 12/10/2001 26 Hierarchical Routing • Two level routing based on intra-domain and inter-domain routing to improve scalability. • Matches the structure of the address space. • Driven in part by business/management concerns. • Local network information is kept internal • Agreements with specific service providers at boundaries Host Host Host Host Host Host Final Review: 12/10/2001 27 Browsing the Web 7 Web Browser Web Server 6 Presentation Presentation 5 Session Session 4 Transport Transport 3 Network 2 Data link Data link 1 Physical Physical ? Network Network Data link Data link Physical Physical Client Server Final Review: 12/10/2001 28 Datalink in the Backbone • Routers are connected by point-point links or by (datalink layer) switched clouds. • Point-point links typically based on SONET. • E.g. Packets over SONET • Switched clouds often uses virtual connection datalink technologies. • E.g., ATM, frame relay Router Switched Cloud PCs at Work Point-Point link PC at Home Final Review: 12/10/2001 29 802.3 Ethernet Broadcast technology host host host host host host host host Hub • Carrier-sense multiple access with collision detection (CSMA/CD). • 10Mbps cable rate. • Maximum diameter 2.5km. • Minimum frame = 64 bytes. • Thick or thin coax; 10Base-T unshielded twisted pair in star configuration using hub. Final Review: 12/10/2001 30 Ethernet Switches • Bridges make it possible to increase LAN capacity. • Packets are no longer broadcasted - they are only forwarded on selected links • Adds a switching flavor to the broadcast LAN • Ethernet switch is a special case of a bridge: each bridge port is connected to a single host. • Simplifies the protocol and hardware used (only two stations on the link) • Can make the link full duplex (really simple protocol!) • Can have different port speeds Final Review: 12/10/2001 31 Framing • A link layer function, defining which bits have which function. • Minimal functionality: mark off units of transmission. • Some techniques: • • • • frame delimiter characters with character stuffing frame delimiter codes with bit stuffing out of band delimiters (e.g. FDDI control symbols) synchronous transmission (e.g. SONET) Final Review: 12/10/2001 32 Browsing the Web 7 Web Browser Web Server 6 Presentation Presentation 5 Session Session 4 Transport Transport 3 Network 2 Data link 1 Physical Network Network Data link Data link Data link Physical Physical Physical ? Client Server Final Review: 12/10/2001 33 The Frequency Domain • A (periodic) signal can be viewed as a sum of sine waves of different strengths. • Every signal has an equivalent representation in the frequency domain. Amplitude • What frequencies are present and what is their strength • Similar to radio and TV signals Time Frequency Final Review: 12/10/2001 34 Wireless: Good News Bad News • Great technology: no wires to install, convenient mobility, .. • High attenuation limits distances. • Wave propagates out as a sphere • Signal strength reduces quickly (1/distance)2 • High noise due to interference from other transmitters. • Use MAC and other rules to limit interference • Aggressive encoding techniques to make signal less sensitive to noise • Other effects: multipath fading, security, .. • Ether has limited bandwidth. • Try to maximize its use Final Review: 12/10/2001 35 TCP Problems Over Noisy Links • Wireless links are inherently error-prone • Fades, interference, attenuation • Errors often happen in bursts • TCP cannot distinguish between corruption and congestion • TCP unnecessarily reduces window, resulting in low throughput and high latency • Burst losses often result in timeouts • Sender retransmission is the only option • Inefficient use of bandwidth Final Review: 12/10/2001 36 Proposed Solutions • End-to-end protocols • Selective ACKs, Explicit loss notification • Split-connection protocols • Separate connections for wired path and wireless hop • Reliable link-layer protocols • Error-correcting codes • Local retransmission Final Review: 12/10/2001 37 Browsing the Web 7 Web Browser Web Server 6 Presentation Presentation 5 Session Session 4 Transport Transport 3 Network 2 Data link 1 Physical Client Network Network Data link Data link Data link Physical Physical Physical Everything Cleared Up! Final Review: 12/10/2001 Server 38 Security Threats • Impersonation. • Pretend to be another user with the intent of getting access to information or services • Secrecy. • Get access to the contents of packets • Message integrity. • Change a message unbeknownst to the sender or receiver • Repudiation • Denying to have sent a message • Denial of service. • Flooding the system so users with legitimate needs cannot get service • Range of other threats: password guessing, exploiting programming bugs, … Final Review: 12/10/2001 39 Encryption • • • • ciphertext = E(plaintext, k) plaintext = D(ciphertext, k’) Private key (symmetric, e.g. DES) • the two parties share a common private key k Public key (asymmetric, e.g. RSA) • derive two keys, kprivate and kpublic • kprivate is kept private by its owner • kpublic is published Tradeoffs between private and public key cryptography. • Key management, speed Challenge: key management. Final Review: 12/10/2001 40 Example Applications • Kerberos. • Support security in corporate environment • Based on key distribution center that knows all the entities • Know = share secret • Secure socket layer (SSH). • Support secure channels in open internet environment • Based on certificates and certification authorities • Provides privacy, but trust is limited • Pretty good privacy (PGP). • Provides privacy, authentication, repudiation in internet environment • Key management based on a “web of trust” Final Review: 12/10/2001 41 How to Provide QoS? • Admission control limits number of users. • You cannot provide guarantees if there are too many users sharing the same set of resources (bandwidth) • For example, telephone networks - busy tone • This implies that your request for service can be rejected • Traffic enforcement limits how much traffic users can inject based on predefined limits. • Make sure user respects the traffic contract • Data outside of contract can be dropped (before entering the network!) or can be sent at a lower priority • Scheduling support in the routers guarantee that users get their share of the bandwidth. • Again based on pre-negotiated bounds • Signaling protocol gives routers the information they need to provide QoS. • E.g. RSVP Final Review: 12/10/2001 42 Qos Summary Final Review: 12/10/2001 43 IETF QoS Models • Integrated services: diverse QoS at the micro-flow level. • Range of QoS: best effort, controlled load, guaranteed • Specific end-to-end service defined for each class • Requires end-to-end support, e.g. edge and core routers • Concern about complexity, cost, marketing/charging • Differentiated services: QoS at the aggregate flow level. • Defines range of “forwarding behaviors”, but services are defined by the providers • Pushes most complexity to the edge of the network – fast core routers work only with small number of traffic classes • Based on the same building blocks. Final Review: 12/10/2001 44 Multimedia Challenges • TCP/UDP/IP suite provides best-effort, no guarantees on expectation or variance of packet delay • Streaming applications delay of 5 to 10 seconds is typical and has been acceptable, but performance deteriorate if links are congested (transoceanic) • Real-Time Interactive requirements on delay and its jitter have been satisfied by over-provisioning (providing plenty of bandwidth), what will happen when the load increases?... Final Review: 12/10/2001 45 Multicast – Efficient Data Distribution Src Src Final Review: 12/10/2001 46 IP Multicast Architecture Service model Hosts Host-to-router protocol (IGMP) Routers Multicast routing protocols (various) Final Review: 12/10/2001 47 Multicast Routing • Basic objective – build distribution tree for multicast packets • Core based protocols • Examples: CBT, PIM-SM • Flood and prune • Examples: DVMRP, PIM-DM • Link-state multicast protocols • Example: MOSPF Final Review: 12/10/2001 48 Shared vs. Source-based Trees • Source-based trees • Separate shortest path tree for each sender • DVMRP, MOSPF, PIM-DM, PIM-SM • Shared trees • Single tree shared by all members • Data flows on same tree regardless of sender • CBT, PIM-SM Final Review: 12/10/2001 49 Questions? Final Review: 12/10/2001 50
