Download ECE544_Review

ECE544: Communication
Networks-II, Spring 2010
D. Raychaudhuri
Lecture 10: Review
Packet switching (Internet)
Characteristics of Packet
Switching
• Store and forward
– packets are self contained units
– can use alternate paths - reordering
• Contention
– congestion
– delay
Protocols
• On top of a packet switched network, need
• Set of rules governing communication
between network elements (applications,
hosts, routers)
• Protocols define:
– format and order of messages
– actions taken on receipt of a message
Layering
User A
Teleconferencing
User B
Peers
Application
Transport
Network
Link
Host
Host
Layering: technique to simplify complex systems
ISO Architecture
End host
End host
Application
Application
Presentation
Presentation
Session
Session
Transport
Transport
Network
Network
Network
Network
Data link
Data link
Data link
Data link
Physical
Physical
Physical
Physical
One or more nodes
within the network
Internet Architecture
• Defined by Internet Engineering Task Force (IETF)
• Hourglass Design
• Application vs Application Protocol (FTP, HTTP)
FTP
HTTP
NV
TFTP
UDP
TCP
IP
NET1
NET2
…
NETn
High Level Design
Technology choice
(e.g. MPLS optical)
Mbps needed?
Technology choice
(e.g. IP router)
Access Net
Physical
Span?
Technology choice
(e.g. Ethernet SW)
bps
Pkt size
Burst statistics
Stream parameters
Users
(#, density, mobility)
Technology choice
(e.g. 802.11n)
bps/sq-m for wireless access
Ethernet Overview
• History
–
–
–
–
developed by Xerox PARC in mid-1970s
roots in Aloha packet-radio network
standardized by Xerox, DEC, and Intel in 1978
similar to IEEE 802.3 standard
• CSMA/CD
– carrier sense
– multiple access
– collision detection
• Frame Format
64
48
48
16
Preamble
Dest
addr
Src
addr
Type
32
Body
CRC
Ethernet Performance
• Max throughput <1 as a function of span
– instability can occur unless load is reduced under
congestion conditions
– retransmission backoff policy for stability
~0.8
Thru
stable policy
(retx backoff)
Capacity Limit
Traffic
margin
Overload
region
unstable policy
(no backoff)
load lines
Normal operating
point
stable policy
(backoff too high)
Offered Traffic
Ethernet Bridging
• Bridge device for scaling network span
Ethernet A
Bridge
Ethernet B
Pkt forwarding
table
..can “learn”
from packet source addr
Ethernet Hubs vs. Ethernet Switches
• An Ethernet switch is a packet switch for Ethernet
frames
• Buffering of frames prevents collisions
• Each port is isolated and builds its own collision domain
– Break subnet into LAN segments
• Host can directly connect to switch, no collision, full duplex
• An Ethernet Hub does not perform buffering:
• Collisions occur if two frames arrive at the same time.
Hub
Switch
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
HighSpeed
Backplane
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
CSMA/CD
Input
Buffers
Output
Buffers
Spanning Trees / Transparent Bridges
• A solution is to prevent loops in the
topology
LAN 2
d
Bridge 4
Bridge 3
• IEEE 802.1d has an algorithm that
organizes the bridges as spanning
tree in a dynamic environment
Bridge 1
LAN 5
– Note: Trees don’t have loops
Bridge 5
• Bridges that run 802.1d are called
transparent bridges
LAN 1
Bridge 2
LAN 3
LAN 4
Virtual LAN
•
•
•
•
•
Group the stations in a broadcast domain, regardless of their physical
location.
A VLAN ID (VID) in the frame
A frame is not forwarded/broadcasted from one VLAN to another VLAN
Each VLAN establishes its own spanning tree
Assign a port to one or multiple or all VLANs (static or dynamic)
Host B
Host A
VLAN 100
VLAN 100
B2
B1
VLAN 200
Host C
VLAN 200
Host D
Wireless LANs
• IEEE 802.11a & b, Hiperlan2
• Bandwidth: ~1-20 Mbps
• Physical Media
– spread spectrum radio (2.4, 5 GHz)
– diffused infrared (10m)
RTS/CTS Procedure
RTS
CTS
Data Packet
L
length (L)
RTS collision
exponential
backoff
ACK
ATM Vision
The Ultimate Integrated Services Network
Voice
Voice
Data
Voice
Video
ATM
Network
Data
Data
Video
Video
• ATM network moves cells (fixed length packets) with low delay
and low delay variation at high speeds
• Devices at ends translate (e.g., segment and reassemble)
between cells and original traffic
ATM UNI Cell
7
6
5
4
3
2
1
0
Generic Flow
Control
Virtual Path Identifier
Virtual Path Identifier
Virtual Channel
Identifier
Virtual Channel
Identifier
Virtual Channel
Identifier
Payload Type
Identifier
5 Byte Header
CLP
Header Error
Check
Payload
(48 bytes)
CLP = Cell Loss Priority
48 Byte Payload
Bandwidth Negotiation
UNI
Setup
(20 Mb/s)
Connect
(10 Mb/s)
NNI
Setup
(15 Mb/s)
Connect
(10 Mb/s)
UNI
Setup
(10 Mb/s)
Connect
(10 Mb/s)
7
Virtual Connections
76
Video
Video
42
4
Data
88
Voice
52
Data
22
Video
1
37
Video
78
Voice
5
2
6
Connection Table
Video
Data
Video
Voice
Port
1
1
2
2
VPI/VCI
0/37
0/42
0/37
0/78
Port
3
5
6
4
5
4
3
VPI/VCI
0/76
0/52
0/22
0/88
2
1
0
Virtual Path
Identifier
Virtual Path
Identifier
Virtual Channel
Identifier
Virtual Channel
Identifier
Virtual Channel
Identifier
Payload Type
Identifier
Header Error
Check
Payload
(48 bytes)
3
37
6
Generic Flow
Control
CLP
ATM Vision
The Ultimate Integrated Services Network
Voice
Voice
Data
Voice
Video
ATM
Network
Data
Data
Video
Video
• ATM network moves cells (fixed length packets) with low delay
and low delay variation at high speeds
• Devices at ends translate (e.g., segment and reassemble)
between cells and original traffic
ATM UNI Cell
7
6
5
4
3
2
1
0
Generic Flow
Control
Virtual Path Identifier
Virtual Path Identifier
Virtual Channel
Identifier
Virtual Channel
Identifier
Virtual Channel
Identifier
Payload Type
Identifier
5 Byte Header
CLP
Header Error
Check
Payload
(48 bytes)
CLP = Cell Loss Priority
48 Byte Payload
Bandwidth Negotiation
UNI
Setup
(20 Mb/s)
Connect
(10 Mb/s)
NNI
Setup
(15 Mb/s)
Connect
(10 Mb/s)
UNI
Setup
(10 Mb/s)
Connect
(10 Mb/s)
7
Virtual Connections
76
Video
Video
42
4
Data
88
Voice
52
Data
22
Video
1
37
Video
78
Voice
5
2
6
Connection Table
Video
Data
Video
Voice
Port
1
1
2
2
VPI/VCI
0/37
0/42
0/37
0/78
Port
3
5
6
4
5
4
3
VPI/VCI
0/76
0/52
0/22
0/88
2
1
0
Virtual Path
Identifier
Virtual Path
Identifier
Virtual Channel
Identifier
Virtual Channel
Identifier
Virtual Channel
Identifier
Payload Type
Identifier
Header Error
Check
Payload
(48 bytes)
3
37
6
Generic Flow
Control
CLP
IP Internet
• Concatenation of Networks
H2
H1
Network 1 (Ethernet)
H7
R3
H3
Network 4
(point-to-point)
Network 2 (Ethernet)
R1
R2
H4
Network 3 (FDDI)
• Protocol Stack
H5
H6
H1
H8
TCP
R1
ETH
R2
IP
IP
ETH
R3
IP
FDDI
FDDI
IP
PPP
H8
PPP
TCP
IP
ETH
ETH
Dynamic Host Control
Protocol (DHCP)
• DHCP packet format (runs over UDP)
Operation
HType
HLen
Hops
Xid
Flag
Secs
ciaddr
yiaddr
siaddr
giaddr
chaddr (16B)
....
Routing Problem
• Network as a Graph
A
6
1
3
4
C
2
1
B
9
E
F
1
D
Problem: Find lowest cost path between
two nodes
• Factors
– static: topology
– dynamic: load
Two main approaches
• DV: Distance-vector protocols
• LS: Link state protocols
• Variations of above methods applied to:
– Intra-domain routing (small/med networks)
• RIP, OSPF
– Inter-domain routing (large/global
networks)
• BGP-4
Example - initial distances
1
B
C
Info at
node
7
8
A
1
E
2
2
D
Distance to node
A
B
C
D
E
0
7
~
~
1
C
7
~
0
1
1
0
~
2
8
~
D
~
~
2
0
2
E
1
8
~
2
0
A
B
Link State Algorithm
Flooding:
1) Periodically distribute link-state
advertisement (LSA) to neighbors
- LSA contains delays to each
neighbor
2) Install received LSA in LS database
3) Re-distribute LSA to all neighbors
Path Computation
1) Use Dijkstra’s shortest path algorithm
to compute distances to all destinations
2) Install <destination, nexthop> pair in
forwarding table
Dijkstra/OSPF Method 1
2
R1
4
R2
R3
9
R5
1
4
R4
Step #
Confirmed
Tentative
(R#, cost, next hop)
(R#, cost, next hop)
1
(R1,0,-)
-
2
(R1,0,-)
(R2,4,R2)
3
(R1,0,-)
(R2,4,R2)
(R3,6,R2)
(R4,8,R2)
Internet Structure
Today
Large corporation
“Consumer ” ISP
Peering
point
Backbone service provider
“ Consumer” ISP
Large corporation
Small
corporation
“Consumer”ISP
Peering
point
Subnetting
• Add another level to address/routing hierarchy:
subnet
• Subnet masks define variable partition of host part
• Subnets visible only within site
Network number
Host number
Class B address
111111111111111111111111
00000000
Subnet mask (255.255.255.0)
Network number
Subnet ID
Subnetted address
Host ID
Super-netting (CIDR)
• Class addressing doesn’t match real
needs:
– Class C is 255 addresses, too small
– Clsss B is 64K addresses, too big
• Need method of allocating addresses in
multiple sizes
• Assign block of contiguous network
numbers to nearby networks
• Called CIDR: Classless Inter-Domain
Routing
Classless Inter Domain Routing (CIDR)
Net ID
Host ID
Class B:
Class C:
Net ID
Host ID
 Problem: Class B addresses are running out
 Solution: Allocate multiple Class C addresses
 Problem: Random allocation of Class C addresses need
multiple routing table entries
 Solution: Allocate “contiguous” Class C addresses
 Routing entry:
[IP Address of Network and Net Mask]
IP Address:
195.201.3.5 = 11000011 11001001 00000011 00000101
Net Mask:
254.0.0.0 = 11111110 00000000 00000000 00000000
----------------------------------------------------------------------------------------Network IP:
194.0.0.0 = 11000010 00000000 00000000 00000000
Route Aggregation with
CIDR
Corporation X
(11000000000001000001)
Border gateway
(advertises path to
11000000000001)
Regional network
Corporation Y
(11000000000001000000)
Chapter 4, Figure 26
IPv4 & IPv6 Header
Comparison
IPv6 Header
IPv4 Header
Version
IHL
Type of Service
Identification
Time to Live
Protocol
Total Length
Flags
Fragment
Offset
Header Checksum
Source Address
Legend
Payload Length
Flow Label
Next
Header
Hop Limit
Padding
- field’s name kept from IPv4 to IPv6
- fields not kept in IPv6
- Name & position changed in IPv6
- New field in IPv6
Traffic Class
Source Address
Destination Address
Options
Version
Destination Address
Inter-AS routing in the Internet: BGP
R4
R5
R3
BGP
AS1
AS2
(RIP intra-AS
routing)
(OSPF
intra-AS
routing)
BGP
R1
R2
Figure 4.5.2-new2: BGP use for inter-domain routing
AS3
(OSPF intra-AS
routing)
Multicast: one sender to many receivers
• Multicast: act of sending datagram to multiple
receivers with single “transmit” operation
– One-to-many, many-to-many
• Question: how to achieve multicast
Multicast via unicast
• source sends N unicast
datagrams, one
addressed to each of N
receivers
– Redundant traffic around
sender
multicast receiver (red) – Keep track of all the IP
addresses to send to
Routers forward
unicast datagrams not a multicast receiver
Shortest Path Tree
• mcast forwarding tree: tree of shortest
path routes from source to all receivers
– Dijkstra’s algorithm
S: source
LEGEND
R1
1
2
R4
R2
3
R3
router with attached
group member
5
4
R6
router with no attached
group member
R5
6
R7
i
link used for forwarding,
i indicates order link
added by algorithm
Reverse Path Forwarding: example
S: source
LEGEND
R1
R4
router with attached
group member
R2
R5
R3
R6
R7
router with no attached
group member
datagram will be
forwarded
datagram will not be
forwarded
• result is a source-specific reverse SPT
– may be a bad choice with asymmetric links
Distance-Vector Multicast
Routing Protocol (DVMRP)
DVMRP consists of two major components:
(1) a conventional distance-vector routing protocol
(like RIP) which builds, in each router, a routing
table like this:
Subnet
(Destination)
shortest dist
(cost)
via interface
(NextHop)
a
1
i1
b
5
i1
c
…
3
…
i2
…
(2) a protocol for determining how to forward
multicast packets, based on the routing table
and routing messages
Multicast OSPF (MOSPF)
• an extension to OSPF (Open Shortest-Path First),
a link-state, intra-domain routing protocol
specified in RFCs 1584 & 1585
• multicast-capable routers indicate that capability
with a flag in their link-state messages
• routers include in their link-state messages a list
of all groups that have members on the router’s
directly-attached links (as learned through IGMP)
Protocol Independent
Multicast (PIM)
• “Protocol Independent”
– does not perform its own routing information exchange
– uses unicast routing table made by any of the existing unicast
routing protocols
• PIM-DM (Dense Mode) - similar to DVMRP, but:
– without the routing information exchange part
– differs in some minor details
• PIM-SM (Sparse Mode), or just PIM - instead of
directly building per-source, shortest-path trees:
– initially builds a single (unidirectional) tree per group ,
shared by all senders to that group
– once data is flowing, the shared tree can be converted to a persource, shortest-path tree if needed
Phase 1: Build Shared Tree
Shared tree after
R1,R2,R3 join
Join message
toward RP
RP
R1
Join G
R4
R2
R3
Random Early Detection
(RED)
• Detect incipient congestion, allow bursts
• Keep power (throughput/delay) high
– keep average queue size low
– assume hosts respond to lost packets
• Avoid window synchronization
– randomly mark packets
• Avoid bias against bursty traffic
• Some protection against ill-behaved users
RED Operation
Min thresh
Max thresh
Average queue
length
P(drop)
1.0
MaxP
Avg length
minthresh
maxthresh
Reservation protocol: RSVP
Upper layer protocols and applications
IP service interface
IP
ICMP IGMP RSVP
Link layer service interface
Link layer modules
PATH and RESV messages
Sender 1
PATH
R
Sender 2
PATH
RESV (merged)
RESV
R
receiver 1
R
R
RESV
receiver 2
RSVP versus ATM (Q.2931)
• RSVP
– receiver generates reservation
– soft state (refresh/timeout)
– separate from route establishment
– QoS can change dynamically
– receiver heterogeneity
• ATM
– sender generates connection request
– hard state (explicit delete)
– concurrent with route establishment
– QoS is static for life of connection
– uniform QoS to all receivers
DiffServ
• Analogy:
– airline service, first class, coach, various
restrictions on coach as a function of
payment
• Best-effort expected to make up bulk of
traffic, but revenue from first class
important to economic base (will pay
for more plentiful bandwidth overall)
• Not motivated by real-time! Motivated
by economics and assurances
Premium traffic flow
Company A
Packets in premium
flows have bit set
Premium packet flow
restricted to R bytes/sec
internal
router
host
first hop
router
ISP
border
router
border
router
Unmarked
packet flow
RIO drop probabilities
P(drop)
1.0
MaxP
Minout Minin
Maxout Maxin
AvgLen
Basic Mobile IP
• How does it work?
– Agent discovery: advertisement/solicitation
– MH registration
– Use of Care-of-Address (COA)
– Proxy ARP (Address Resolution Protocol)
– Packet tunneling
– Triangle routing
Key components
Home Address:
MH’s permanent IP address,
network ID of this address identifies
the mobile’s home network.
MH
HA
HN
R1
Home Network:
the network identified
with a mobile node
Home Agent:
a router attached to the MH’s home network
maintains current location information for the MH
is responsible for forwarding packets destined for the
MH when MH is away from home.
R3
Route Optimization
FN
CH
Corresponding Host:
a host or router communicationg
with a mobile node.
R2
Foreign Network:
a network, other than MA’s home
network, that MH is currently attached
to.
FN
FA
MH
Mobile Host:
a host or router capable
of changing its point of
attachment to the Internet
Foreign Agent (FA)
a router in the foreign network that the MH is visiting
provides routing services to the MH while registred
de-tunnels datagram to MH
may serve as default router for outgoing packet from MH
Mobile ATM: Location Mgmt
• Location management can be integrated into existing ATM
connection procedures.... (external servers can also be used)


simple extensions to current CONNECT, RELEASE IE’s, etc.
no need for a-priori partitioning of mobile & static address space
ATM
Host
(4)
setup
(3)
release
(foreign_addr,
(foreign_addr)
home_addr)
(2)
setup
(home_addr)
(1)
update
Current
Foreign
switch
Home
switch
move
Transport Protocol
Host8
Host1
Appl.
Appl.
TCP/UDP
TCP/UDP
IP
IP
ETH
ETH
R1
FDDI
R2
IP
FDDI
PPP
R3
IP
PPP
ETH
IP
ETH
• Transport protocol
– Provides services required by applications using
the services provides by the network layer
– The Transport Layer is the lowest layer in the
network stack that is an end-to-end protocol
User Datagram Protocol (UDP):
Demultiplexing
• Service: Support for multiple processes on each host to
communicate
– Issue: IP only provides communication between hosts (IP
addresses)
• Solution
– Add port number and associate a process with a port number
– 4-Tuple Unique Connection Identifier: [SrcPort, SrcIPAddr,
DestPort,
Appl
Appl
Appl
Appl
DestIPAddr ]
proces
proces
proces
s
0
16
SrcPort
DesPort
Length
Checksum
Payload
proces
s
s
s
31
UDP
UDP
Network
UDP Packet
Format
I
P
IP
Connection Establishment
• Server
– Informs TCP about the
listening port
Connection
Establishment
• Up-call registration
• Client
– Performs three way
handshake
– SYN and ACK flags in the
header are used
– Initial Sequence numbers x
and y selected at random
• Why?
Data
transport
Active
participant
(client)
Passive
participan
t
TCP: Flow Control
• Flow Control
– “Prevent sender from overrunning the capacity (buffer) of the
receiver”
• Solution: Use adaptive receiver window size
– Goal is to keep (C) – (A) < MaxRcvBuffer
– Every packet carries ACK and AdvertisedWindow
Sending Appl
TCP
LastByteAcked (J)
Receiving Appl
LastByteRead
(I) LastByteWritten
(A)
(K) LastByteSent
LastByteSent (K) – LastByteAcked (J) <=
AdvertisedWindow
EffWin = AdvertisedWin (LastByteSent-LastByteAcked)
LastByteWritten – LastByteAcked <= MaxSendBuffer
(B)
NextByteExpected
TCP
(C)
LastByteRcvd
AdvertisedWindow = MaxRcvBuffer((NextByteExp-1)-LastByteRead)
CongestionWindow Size
Congestion Avoidance: (AIMD)
Startup time
Time
• TCP’s saw tooth pattern
• Issues with additive increase
– takes too long to ramp up a connection from the
beginning
– The entire advertised window may be reopened
when a lost packet retransmitted and a single
cumulative ACK is received by the sender
Security Threats
Block Ciphers
• Block of plaintext is treated as a whole and used to produce a
ciphertext block of equal length.
• Example: DES(Data Encryption Standard), AES(Advance
Encryption Technique)
Encryption
Plaintext
Blocks
Of
plaintext
Secret
Key
Blocks
Of
ciphertext
Public Key Ciphers
Diffie-Hellman Key
Exchange
• Enable two users to exchange keys
• Depends on difficulty of computing discrete
logarithms
– P is prime number, A is its primitive root of P; so numbers A
mod(P), A2 mod(P), …..,AP-1 mod(P) are distinct and consists
of integers from 1 through p-1 in some permutation.
– If P=11, then A=2 is primitive root with respect to P
21 mod(11)=2, 22mod(11)=4, 23mod(11)=9, 24mod(11)=5, …
……,210mod(11)=1
Authentication with Public
Keys
Authentication Protocols: Kerberos
• Authentication between two entities via trusted
third party
– Two 2-way handshakes with third party
– Challenge-response
method
A identifies itself and B to S
T: time-stamp
L: lifetime
K: session key
S
A
B
A decrypts T and encodes
with session key K and passes
on the second message
Server sends two message
To A, one with A’s key and
another with B’s, both containing B decrypts K and responds
To A with T+1 encoded by K
session keys
Authentication Protocols
• Public key
authentication
– No secret shared key
needed
A
B
E(x,
Publ
ic
B)
x
IP Security Scenario