15-441 Roundup - PowerPoint PPT Presentation

About This Presentation
Title:

15-441 Roundup

Description:

15-441 Roundup – PowerPoint PPT presentation

Number of Views:85
Avg rating:3.0/5.0
Slides: 46
Provided by: DavidAn75
Learn more at: http://www.cs.cmu.edu
Category:
Tags: roundup | spoofing

less

Transcript and Presenter's Notes

Title: 15-441 Roundup


1
15-441 Roundup
2
7-layer or 4-layer dip?
  • Layering Reuse, interoperability
  • OSI 7-layer model

Application
Application
7
Presentation
Presentation
6
Session
Session
5
Transport
Transport
4
Network
Network
Network
3
Data link
Data link
Data link
2
Physical
Physical
Physical
1
3
OSI Functions
  • (1) Physical transmission of a bit stream.
  • (2) Data link flow control, framing, error
    detection.
  • (3) Network switching and routing.
  • (4) Transport reliable end to end delivery.
  • (5) Session managing logical connections.
  • (6) Presentation data transformations.
  • (7) Application specific uses, e.g. mail, file
    transfer, telnet, network management.

Multiplexing takes place in multiple layers
4
The TCP/IP Model
Application (plus libraries)
Application
Presentation
Session
TCP/UDP IP/ICMP
Transport
Network
Data link
Data link
Physical
Physical
5
Layering and stacks
  • Some layers - particularly in the OSI model - not
    so well defined
  • Layer violations often useful for performance
    reasons.
  • Buffer management
  • Reduce redundant information between headers

6
The lower layers - concepts
7
Limits to Speed and Distance
  • Noise random energy is added to the signal.
  • Attenuation some of the energy in the signal
    leaks away.
  • Dispersion attenuation and propagation speed are
    frequency dependent.
  • Changes the shape of the signal
  • Effects limit the data rate that a channel can
    sustain.
  • But affects different technologies in different
    ways
  • Effects become worse with distance.
  • Tradeoff between data rate and distance

8
Why Do We Need Encoding?
  • Meet certain electrical constraints.
  • Receiver needs enough transitions to keep track
    of the transmit clock
  • Avoid receiver saturation
  • Create control symbols, besides regular data
    symbols.
  • E.g. start or end of frame, escape, ...
  • Error detection or error corrections.
  • Some codes are illegal so receiver can detect
    certain classes of errors
  • Minor errors can be corrected by having multiple
    adjacent signals mapped to the same data symbol
  • Encoding can be very complex, e.g. wireless.

9
Encodings
  • NRZ - Non-Return to Zero
  • Simple 0 low, 1 high
  • Long runs of 0s and 1s lose synch
  • NRZI - transition on 1
  • Long runs of 0s lose sync
  • Manchester - low/high 0, high/low 1
  • Uses 2x as many transitions
  • 4B/5B, etc -
  • Encode multiple 0s and 1s. Efficient. Used in
    Ethernet.
  • SONET - many observations of flag pattern.

10
Datalink Functions
  • Framing encapsulating a network layer datagram
    into a bit stream.
  • Add header, mark and detect frame boundaries,
  • Media access controlling which frame should be
    sent over the link next.
  • Easy for point-to-point links half versus full
    duplex
  • Harder for multi-access links who gets to send?
  • Error control error detection and correction to
    deal with bit errors.
  • May also include other reliability support, e.g.
    retransmission
  • Flow control avoid that the sender outruns the
    receiver.

11
CSMA/CD Algorithm
  • Carrier Sense Multiple Access / with Collision
    Detection
  • Sense for carrier.
  • If carrier present, wait until carrier ends.
  • Send packet and sense for collision.
  • If no collision detected, done transmitting
  • Otherwise, abort immediately, perform
    exponential back off and send packet again.
  • Start to send at a random time picked from an
    interval
  • Length of the interval increases with every
    retransmission

12
Collision Detection Implications
A
B
C
  • All nodes must be able to detect the collision.
  • Any node can be sender
  • gt Must either have short wires, long packets, or
    both.
  • Can calculate length/distance based on
    transmission rate and propagation speed.
  • Messy propagation speed is media-dependent,
    low-level protocol details, ..
  • Minimum packet size is 64 bytes
  • Cable length 256 bit times
  • Example maximum coax cable length is 2.5 km

13
Internetworking Options
7
7
7
7
6
6
6
6
5
5
5
5
4
4
4
4
data link
3
3
3
3
physical
2
2
2
2
2
1
1
1
1
1
1
1
repeater
Switching/bridging (e.g. 802 MAC)
7
7
7
7
6
6
6
6
5
5
5
5
. . .
network
4
4
4
4
3
3
3
3
3
3
3
2
2
2
2
2
2
2
2
1
1
1
1
1
1
1
1
router
gateway
14
Internetworking
  • Repeaters Physical link. One big collision /
    transmission domain.
  • Bridges Datalink. Can separate broadcast
    domains and selectively forward traffic.
    Transparent - preserve MAC addresses.
  • Routers Separate addressing domains. Forward
    through diff. MAC addresses.

15
IP
  • CIDR - Classless Inter-Domain Routing
  • 192.4.16/24 255.255.255.0
  • 24 bits of network, 8 bits of host
  • Covers 192.4.16.0 - 192.4.16.255
  • 192.4.16./23 25.255.254.0
  • Covers 192.4.16.0 - 192.4.17.255
  • Enables more efficient use of address space
    through aggregation.
  • Routing by longest-prefix match
  • /29 is longer (more 1s) than /24.

16
Routing Protocols
  • Intra-domain
  • RIP Routing Information Protocol
  • Distance-Vector.
  • Send information about table to neighbors
    (per-dest cost)
  • Count to infinity problem.
  • Split horizon - Dont advertise routes back to
    next-hop
  • Poison reverse Advertise infinite metric to
    next-hop
  • Neither of these solves all loop problems!
  • OSPF Open Shortest Path First
  • Link-state.
  • Flood neighbor info to entire network
  • Each node generates own routing table
  • Fast convergence, but lots of traffic for large
    nets
  • Inter-domain
  • BGP Border Gateway Protocol
  • Path-Vector. Send full AS path along with
    announcement.
  • Solves loop problems with DV.

17
BGP
  • Internet divided into Autonomous Systems. Each
    has unique .
  • Each AS sends routes with BGP
  • Remember IBGP full-mesh. Why?
  • No AS to distinguish loops.
  • ASes route internally with an IGP (OSPF, etc).
  • Some terms
  • MED (Multi-Exit Discriminator) Peers send to
    influence remote peers routing.
  • Localpref One AS configures to change routing
    to a peer.

18
AS relationships
  • Transit I pay you, you carry my traffic to
    anyone
  • Peering (Often) free, you carry my traffic to
    your customers and vise-versa.
  • Valley-free routing
  • A formalization of the above.

19
Multicast
  • A lot of multicast on project1, so
  • Wont be on the final exam.
  • (Arent you glad you came to class today?)
  • Multicast today
  • Deployed inside organizations / etc.
  • Iffy if you want to use across Internet
  • Concepts useful! E.g., overlay multicast

20
Tunnels, NATs, etc
  • Things to remember
  • NAT - network address translator
  • Lets you use private addresses inside net
  • May let you share one external address
  • (Port-translating NAT)
  • Can break end-to-end reachability naming
  • IPv6
  • 128 bit address space
  • Cleaned up header, no fragmentation, no checksum,
    fixed option processing.
  • For faster router processing

21
Contd.
  • Tunnels - wrap packets in an extra IP header
  • Send indirectly
  • Implement overlay networks (e.g., overlay
    multicast, etc.)

22
DNS
  • The Domain Name System
  • Distributed name -gt IP (and back) database
  • Addresses returned by A records
  • Hierarchical. Goes from the root (.) down.
    Each level can delegate an NS (name server)
    record.
  • Recursive resolvers - answer a query completely.
    Iterative resolvers - give you the next step.
  • Caching TTL-based.

23
Transport TCP
  • Duties may include
  • Reliability, in-order, demultiplexing, message
    boundaries, congestion control
  • UDP (User Datagram Protocol) Just demux
    checksum. Unreliable, etc.
  • TCP (Transmission Conrol Protocol) Reliable, in
    order byte-stream w/congestion control.

24
Transport Demux
  • TCP UDP both use ports - 16 bit s - as demux
    keys

25
ARQ
  • Automatic Repeat Request
  • (ARR would have endorsed piracy?)
  • Simplest Stop-and-Wait
  • Send packet, wait for response, iterate
  • Slow.
  • Go-back-N
  • Uses a window. Usually along with
  • Sliding window flow control
  • Use more capacity.
  • How to size that window? Theres the rub.

26
Sizing Windows
  • Optimal window size bw rtt
  • Why? Capacity of the pipe, in both directions.
  • Must keep sending pkts until first ACK gets back
    to you (one RTT).
  • BW is available bw.
  • Must not blast traffic Congestion Collapse
  • More work -gt more wasted packet retransmissions
  • In the limit no useful packets get through!
  • How do we find a good window size?

27
Congestion Control
  • Fair and efficient use
  • Network based (ECN, etc) or end-to-end (TCP)
  • AIMD Additive Increase, Multiplicative Decrease
  • Converges to fair efficient use. Cool!
  • What TCP does. MD cut by half. AI add one
    per RTT.

28
TCP
  • Three-way Handshake SYN / SYN-ACK / ACK.
  • ISN - Initial Sequence Number
  • Each side picks one
  • TCP is byte-oriented
  • Tear down with FIN (finshed)
  • Signal error with RST (reset)

29
TCP 2
  • Timeouts Should be familiar
  • EWMA Exponential Weighted Moving Average
    Low-pass filter
  • srtt (alpha srtt) (1 - alpha) new_sample
  • Track RTT and linear deviation
  • Linear deviation always gt std. dev
  • Why? RTT variation is high under high loads
    because buffers fill, adding queueing delay

30
Pacing
  • ACK clocking sends pkts out more slowly
  • Avoid huge bursts (fill buffers -gt loss -gt bad)
  • Slow Start Get up to operating range quickly
    (exponential growth).

31
SACK Enhancements
  • Selective ACKnowledgements
  • Bitmap of received backets
  • Help recover from multiple losses in window
  • All TCP variants need large enough window to
    recover from losses
  • Nagels Algorithm Delay briefly to coalesce
    small packets - one outstanding small packet.

32
TCP Performance
  • Single link, need router buffers
  • 75 link utilization vs 100 link utilization
  • How big buffer? Conservatively, BW RTT
  • Theres that number again. So common, it cant
    help but show up on the final in some form.
  • Simple model
  • (most ignore the constants)

33
Queueing
  • FIFO First In, First Out
  • Scheduling Who goes out when?
  • Fairness, etc., entirely up to end hosts
  • Fair Queueing
  • Routers decide who gets to go (e.g., round-robin,
    Weighted Fair Queueing (WFQ), etc.)
  • Drop-Tail
  • Drop policy drop new pkts if queue is full
  • Can synchronize flows
  • AQM Active Queue Management
  • RED - Random Early Detection
  • Randomly marks (or drops) pkts before queue full

34
Sharing
  • Max-Min Fairness
  • Small demands get what they want
  • Large demands compromise
  • GPS Generalized Processor Sharing
  • Fluid model for Max-Min fairness
  • Accounts for packet sizes
  • Fair Queueing Compute virtual completion times,
    send accordingly
  • Complex, per-flow state. But nice results.

35
QoS
  • Quality of Service
  • Differentiate between flows
  • Some get good service (guarantees, etc)
  • Some get best effort
  • Application utility curves
  • Elastic (file xfer) vs. Inelastic (hard realtime)
  • Requires admission control
  • Cant over-promise!
  • Token Buckets
  • Rate Let average amount of traffic through
  • Bucket Accommodate some burstiness
  • RSVP - Resource reServVtion Protocol
  • Set up QoS / token bucket state at routers on path

36
Wireless
  • Mobility
  • Routing solution excess global state
  • Mobile IP Triangle routing, tunneling via home
    agent that proxies for mobile node
  • TCP solution Re-bind connection
  • Link layer Learning bridges
  • Noisy -gt losses
  • Link-layer retransmission (802.11)
  • End-to-end approach (SACK, ELN - Explicit Loss
    Notification).

37
Wireless MAC issues
  • CSMA/CD doesnt work too well
  • Hard to listen while transmitting
  • Hidden terminal - clobber someone else
  • Exposed terminal - mistakenly think youll
    clobber
  • Solution RTS / CTS
  • Ready To Send / Clear To Send

38
Ad Hoc Networks
  • Routing harder No fixed infrastructure
  • Protocols
  • DSR - Dynamic Source Routing
  • AODV - Ad Hoc On-Demand Distance Vector
  • Sensor Networks
  • Limited battery life drives everything
  • Multi-hop can save power (Tx power proportional
    to distance squared)
  • Aggregation holds the big promise. Dont do n2
    communication

39
HTTP
  • HyperText Transfer Protocol
  • Stateless request-response protocol over TCP
  • Persistent HTTP Optimizes for fewer TCP
    connection setups.
  • Fewer slow starts, 3-way handshakes
  • Caching
  • Expires header, Get-If-Modified-Since request
  • ETags (Entity Tags) help identify version of
    document when using cookies, etc.

40
Web Caching
  • Proxy Caches
  • Client-based.
  • Content Distribution Networks
  • Server-driven.
  • Usually use DNS to send client to replica
  • Mapping problem
  • Example Akamai
  • Big benefit Coping with flash crowds
  • Much content (50?) uncacheable
  • Dynamic
  • Unpopular

41
P2P
  • Search techniques Centralized (napster),
    broadcast (gnutella), superpeers (KaZaA), routing
    (Chord)
  • Consistent Hashing
  • Goal Dont move all content around when of
    buckets changes slightly
  • Used in Chord to do routing in log(n) hops using
    finger table
  • Points 1/2, 1/4, 1/8, way around the ring

42
Security
  • Private Key
  • E.g., DES (Data Encryption Standard), or newer
    AES (Advanced Encryption Standard)
  • Must have a shared secret.
  • Public Key
  • E.g., RSA, Diffie-Hellman
  • Can encrypt to a public key, and not read
  • Must have the public key. really slow.
  • Key Distribution - big challenge!
  • Private Kerberos (andrew)
  • Public Certificiate Authorities (mozilla)

43
Security 2
  • Hash functions
  • One-way. We hope.
  • Digital signature Sign a hash of the data
  • SSL - Secure Sockets Layer
  • Pre-packaged encryption/etc. routines
  • Now TLS (Transport Layer Security)
  • Used in HTTPS/etc.
  • IPSEC - ip-layer security

44
Network Security
  • IP model assumed much trust
  • Spoofing source IPs
  • DoS - Denial of Service attacks
  • DDoS - Distributed DoS
  • - Hundreds/thousands of attack machines
  • TCP ISN adds some protection
  • As long as its really random. )

45
Firewalls!
  • Filter traffic in network
  • Stateless - match static traffic rules
  • Stateful - remember more about connections
  • Basic Match src, dst, ports, flags
  • Expect a question about filtering to specific
    CIDR blocks
  • Set up rules to do the right things
  • Create CIDR blocks to match the right ranges of
    IP addresses
  • IDS Intrusion Detection System
  • Tell you when youve been hacked. ) (Or whos
    trying to hack you)
Write a Comment
User Comments (0)
About PowerShow.com