ECE3076 Review - Georgia Institute of Technology
Download
Report
Transcript ECE3076 Review - Georgia Institute of Technology
ECE3600 Review
Chap. 4 – IP Addresses, Routers
Chap. 5 – LANs, Ethernet
Chap. 6 - Wireless LANs
Chap. 7 - Multimedia
Chap. 8 - Network Security
Chap. 5, 6, 7, 8 Review
1
Chapter 4a - IP Addresses
network address, network mask
CIDR notation - a.b.c.d/n
sub-nets, no. hosts, reserved addresses
network address, broadcast address
routing choice, longest prefix rule
dividing a block of IP addresses into sub-nets
aggregating Subnets to shorten Routing Table "Longest Prefix Rule"
Network Address Translation, "private address blocks", how NAT
capability changes IP addresses and Ports (single outside IP, many
private IPs inside).
IP Header
Fragmentation - Datagram ID
Offset, Flags: "Frag. Flag" (mf), "Do Not Frag. (DNF)
Time to Live (TTL), 1's Checksum
IPv6 - 128-bit addresses, Flow ID (future use), Frag. info in option
2
Datagram networks (Internet)
• no call setup at network layer
• routers: no state about end-to-end connections
– no network-level concept of “connection”
• packets forwarded using destination host address
– packets between same source-dest pair may take
different paths (network congestion is busty)
application
transport
network
data link 1. Send data
physical
application
transport
2. Receive data network
data link
physical
Network Layer
4-33
Chapter 4b - Routing
Routers forward IP datagrams toward recipient
Parts of a router (input queue, output queue,
switching fabric, routing processor [forwarding table])
OSPF
Dykstra algorithm, forwarding table from tree.
Broadcast to all, link costs to neighbors
RIP
Bellman-Ford algorithm, lowest route in
forwarding table from nearest neighbors tables (+1)
Reverse path poisoning to prevent loops
Limited to small sub-nets.
BGP
Used on backbone to connect AS’s.
4
Router Architecture Overview
Two key router functions:
• run routing algorithms/protocol (RIP, OSPF, BGP)
• forwarding datagrams from incoming to outgoing link
Network Layer
4-55
Output port queueing
• buffering when arrival rate via switch exceeds
output line speed
• queueing (delay) and loss due to output port
buffer overflow!
Network Layer
4-66
Datagram networks (Internet)
• no call setup at network layer
• routers: no state about end-to-end connections
– no network-level concept of “connection”
• packets forwarded using destination host address
– packets between same source-dest pair may take
different paths (network congestion is busty)
application
transport
network
data link 1. Send data
physical
application
transport
2. Receive data network
data link
physical
Network Layer
4-77
Subnets – have a
contiguous block of IP
addresses which have
the first N bits in
common (a "/N").
223.1.1.0/24
Recipe
• To determine the
subnets, detach each
interface from its host
or router, creating
islands of isolated
networks. Each isolated
network is called a
223.1.0.0/22
subnet.
223.1.2.0/24
223.1.3.0/24
Subnet mask: /24
Higher Order Subnet
Network Layer
8
Textbook refers to /20 in the network designator
200.23.16.0/20 as the “subnet mask”.
/20 represents a 32-bit binary number that has
20 “1” bits at left and 12 “0”s at the right:
11111111 11111111 11110000 00000000
This number in dotted decimal format is:
255.255.240.0
A network designator is incomplete without the
network mask (either the dotted-decimal
form or slash + no. bits in prefix, “/20”).
9
The (sub)network mask can be used to change:
• an IP address into the corresponding
network address (for comparison in a
router forwarding table).
Match[i] = {(IP & mask[i] == Network_addr[i]}
“==“ means “TRUE if equals”
•
• an IP address (or network address) into
the network Broadcast Address:
Broadcast_addr = IP | ~mask
“&” bitwise AND
“|” bitwise OR
“~” bitwise inversion (0->1, 1->0)
Network Layer
10
Split a subnet - Bitwise Calculations
To split a subnet into 2 half-size subnets
200.23.16.0/20 (max IP = 200.23.31.255)
Add 1 more bit to the prefix, a '0' or a '1'
1101000 00011001 0001(0/1)xx xxxxxxxx
The lower subnet will have "0", so the network
address is the same, except the prefix size is 21
200.23.16.0/21
(max IP = 200.23.23.255)
The higher subnet will have "1", so the network
address split-byte is higher by the value of that
bit, 0001 xxxx -> 0001 1xxx = 16 + 8 =24
200.23.24.0/21
(max IP = 200.23.31.255)
11
NAT: Network Address Translation
NAT translation table
WAN side: Server addr LAN side addr
& port, Client port
and Client port
1: host 10.0.0.1
2: NAT router
sends datagram to
changes datagram
128.119.40.186, 80
source addr from 128.119.40.186, 80, 5001 10.0.0.1, 3345
……
……
10.0.0.1, 3345 to
138.76.29.7, 5001,
S: 10.0.0.1, 3345
updates table
D: 128.119.40.186, 80
10.0.0.1
(Server IP, port are not changed)
1
S: 138.76.29.7, 5001
2 D: 128.119.40.186, 80
10.0.0.4
10.0.0.2
138.76.29.7
S: 128.119.40.186, 80
D: 138.76.29.7, 5001
3
3: Reply arrives
dest. address:
138.76.29.7, 5001
from 128.119.40.186, 80
Slide modified 10/19/2008 by JAC
S: 128.119.40.186, 80
D: 10.0.0.1, 3345
4
10.0.0.3
4: NAT router
changes datagram
dest addr from
138.76.29.7, 5001 to 10.0.0.1, 3345
Network Layer
4-12
12
IPv6
• Initial motivation: 32-bit address space in 2012 was
completely allocated (NAT and CIDR* fixed the
problem for for a dozen years). IPv6 has 128 bits.
• Additional motivation:
– header format helps speed processing/forwarding
– header changes to facilitate QoS
IPv6 datagram format:
– fixed-length 40 byte header (versus 20 for IPv4)
– no fragmentation allowed (6 bytes saved)
*Before CIDR (Classless Internet Domain Routing), there were only
three subnet sizes (classes):
Class A= /8 (4M), B = /16 (65k), C = /24 (255 addresses)
If an org needed 260 addresses, a Class B (65,535) was allocated.
Network Layer
4-13
13
IPv6 Header (Cont)
Priority: identify priority among datagrams in flow
Flow Label: identify datagrams in same “flow.”
(concept of“flow” not well defined).
Next header: identify upper layer protocol for data
“6to4 Translation”
4-byte IPv4 -> 16-byte IPv6
A.B.C.D -> :2002:aabb:ccdd/80
“:aa:”=“A in 2-char hex”
“:bb:”=“B in 2-char hex”
etc.
IPv4 address can become an
IPv6 sub-net with 80 bits for
“host” addresses (1e24 hosts)
http://en.wikipedia.org/wiki/6to4
Network
Layer by JAC
Slide modified
10/23/2012
4-14
14
Chapter 5 -Local Area Networks - Ethernet
Ethernet can transport many Network Layer
protocols besides IP.
LAN connects hosts to other hosts on that LAN or
to the gateway router (to connect worldwide)
Hubs - collision domains, exponential backoff
Switches - "forwarding table" self learning
How are addresses assigned -Manufacturer ID
Virtual LAN (VLAN) – what? why?
CDMA/CD - what is “CD”, “MA”, “CD”
Collisions, Exponential Backoff
Full or Half Duplex
Address Resolution Protocol (ARP), uses
broadcast addresses (MAC and IP)
- (as does DHCP when looking for IP, netmask, DNS IP)
[Dynamic Host Configuration Protocol]
15
Adaptors Communicating
datagram
rcving
node
link layer protocol
sending
node
frame
physical layer
media and signals
adapter
• link layer implemented in
“adaptor” (aka NIC)
– Ethernet (802.11) card,
serial card, WiFi card
• sending side:
frame
adapter
• receiving side
– looks for errors, rdt, flow
control, etc
– extracts datagram, passes
to receiving node
– encapsulates datagram in a • adapter is semiautonomous
frame
– adds error checking bits,
• link & physical layers
rdt, flow control, etc.
Q3-16
16
CSMA/CD (Collision Detection)
CSMA/CD: carrier sensing, deferral as in CSMA
– collisions detected within short time
– colliding transmissions aborted, reducing channel
wastage
• collision detection:
– easy in wired LANs: measure signal strengths,
compare transmitted, received signals
– difficult in wireless LANs: receiver shut off while
transmitting
• human analogy: the polite conversationalist
17
MAC Addresses and ARP
• 32-bit IP4 or 128-bit IPv6 address:
– network-layer address
– used to get datagram to destination IP subnet
• MAC (or LAN or Physical or Ethernet) address:
– used to get frame from one interface to another
physically-connected interface (same network)
– 48 bit MAC address (for most LANs)
burned in the adapter ROM (can be changed by OS
software).
Q3-18
18
DHCP: Dynamic Host Configuration Protocol
Goal: allow host to dynamically obtain its IP
address from network server when it joins
network
Can renew its lease on address in use
Allows reuse of addresses (only hold address
while connected an “on”
Support for mobile users who want to join
network.
Q3-19
19
Switch example
Learning
Suppose C sends frame to D
address interface
switch
1
3
2
hub
hub
hub
A
I
B
C
F
D
E
G
A
B
E
G
1
1
2
3
C
1
H
Switch receives frame from from C
notes in switch table that C is on interface 1
If C were in table, the time stamp (TTL) would be updated.
because D is not in table, switch forwards frame into interfaces 2
and 3 (Floods).
frame received by D (and E & F, which ignore it)
Q3-20
20
Switches vs. Routers
• both store-and-forward devices
– routers: network layer devices (examine network layer headers)
– switches are link layer devices
• routers maintain routing tables, implement routing algorithms
• switches maintain switch tables, implement filtering, learning
algorithms
5 HTTP
Application
Transport
Network
MAC
Physical
4 TCP
3 IP
2 Eth-MAC
1 Eth-Phys.
1
Hub
Switch
Q3-21
21
Chap. 6 - Wireless LANs
What is:
Wireless Access Point (AP)
IEEE 802.11a, b, g - WiFi
IEEE 802.15 WiMax
CDMA/CA (Collision Avoidance)
"Hidden Terminal" problem
How helped by "CA": RTS, CTS packets
Modulation Techniques
TDMA - Time slots
CDMA - Chip codes
MAC Packet Header
3rd Address needed on radio side - why
Same as Ethernet on wired side (no AP MAC
address)
Chap. 6,7,8 Review
22
802.11 frame: addressing
R1 router
H1
Internet
AP
R1 MAC addr H1 MAC addr
dest. address
AP MAC addr H1 MAC addr R1 MAC addr
address 1
address 2
source address
802.3 frame
(Ethernet)
address 3
802.11 frame
Chap. 6,7,8 Review
23
Cellular Networks
Modulation Techniques
Combined FDMA & TDMA - Freq. Div &Time slots
CDMA - Chip codes
Hexagonal Cells
Why Hex, where is antenna located (serves 3 cells)
Parade of Technolgies
AMPS (Advanced Mobile Phone Sys.): FM, 1 call/freq. 0.8
GHz
2G (2nd Generation)
IS-136 - Combined FDMA & TDMA
GSM - Combined FDMA & TDMA
IS-95 - CDMA
2.5G - Enhanced data rates: GPRS, EDGE - (144 to 380 Kbps)
3G - GSM with CDMA
Chap. 6,7,8 Review
24
Mobility
• Handoff
– used first in Cellular Telephone Systems
– Connection stretches along path through
previous cells
Chap. 6,7,8 Review
25
Chap. 7 - Multimedia
What is:
QoS - Quality of Service. Guarantees:
Packet delay less than a Maximum
Bandwidth greater than a Minimum
Defined by SLA, Service Level Agreement, w ISP
Policing
Token Bucket algorithm
Streaming Media
Out-of-Band Control Channel (RTSP)
Client Buffering - smoothes out delay variations
Interactive Media
requires short round-trip time
limits use of large buffers
less delay variation tolerance
Chap. 6,7,8 Review
26
Bandwidth Needed for Media
• Streaming Media - Not compressed
• Bandwidth = (Sampling Rate)*log2(Levels)
• Telephone - (PCM)
– 8000 samples/s, 256 levels (8 bits)=64 kb/s
– Compressed voice = 5kb/s to 12kb/s
• CD Music, Stereo (2 channels)
– 44,100 samples/s, 65k levels (16 bits)= 1.5 Mb/s
– Compressed (MP3) 96 to 160 kb/s
• Video
– Compressed -(MPEG4) < 1 Mbps)
Chap. 6,7,8 Review
27
Streaming Multimedia: UDP or TCP?
UDP
• server sends at rate appropriate for client
(oblivious to network congestion !)
– often send rate = encoding rate = constant rate
– then, fill rate = constant rate - packet loss
• short playout delay (2-5 seconds) to compensate
for network delay jitter
• error recover: time permitting
TCP
•
•
•
•
send at maximum possible rate under TCP
fill rate fluctuates due to TCP congestion control
larger playout delay: smooth TCP delivery rate
HTTP/TCP passes more easily through firewalls
Chap. 6,7,8 Review
28
Video - Recovery from Packet Loss
• TCP - too slow
• UDP - Requires (one or all)
– FEC (Forward Error Correction)
– Interleaving
• lone dropouts -> many short dropouts
– Application-Level Recovery
• Freeze picture
• Extrapolate across gap
Chap. 6,7,8 Review
29
VoIP Setting up a Connection
• SIP - Session Initiation Protocol
• Finds "callee" by IP, email address, or telephone no.
• Call Management
– add new media streams
– conference calls
– transfer and hold
Chap. 6,7,8 Review
30
Compare SIP with H.323
• H.323 is another signaling
protocol for real-time,
interactive
• H.323 comes from the ITU
(telephony).
• H.323 is a complete, vertically
integrated suite of protocols for
multimedia conferencing:
signaling, registration, admission
control, transport and codecs.
• SIP is a single component. Works
with RTP, but does not mandate
it. Can be combined with other
protocols and services.
• SIP comes from IETF:
Borrows much of its
concepts from HTTP. SIP
has a Web flavor, whereas
H.323 has a telephony
flavor.
• SIP uses the KISS
principle: Keep it simple
stupid.
Chap. 6,7,8 Review
31
Content distribution networks (CDNs)
Content replication
• Challenging to stream large
files (e.g., video) from single
origin server in real time
origin server
in North America
• Solution: replicate content at
hundreds of servers
CDN distribution node
throughout Internet
– content downloaded to CDN
servers ahead of time
– placing content “close” to
user avoids impairments
(loss, delay) of sending
content over long paths
CDN server
– CDN server typically in
CDN server
in S. America CDN server in Asia
edge/access network
in Europe
Chap. 6,7,8 Review
32
Scheduling And Policing Mechanisms
• scheduling: choose next packet to send on link
• FIFO (first in first out) scheduling: send in
order of arrival to queue
– real-world example?
– discard policy: if packet arrives to full queue: who
to discard?
• Tail drop: drop arriving packet
• priority: drop/remove on priority basis
• random: drop/remove randomly
Chap. 6,7,8 Review
33
Policing Mechanisms
Token Bucket: limit input to specified Burst Size and
Average Rate.
• bucket can hold b tokens
• tokens generated at rate r token/sec unless bucket
full
• over interval of length t: number of packets
admitted less than or equal to (r t + b).
Chap. 6,7,8 Review
34
IETF Differentiated Services
• Edge Router
– Marks packets as "in-profile" or "out-profile"
– Marks packets as to "Class of Service"
• Core Routers
– "Per Class" traffic management
– Assured Forwarding of "in-profile" packets
RSVP - Resource Reservation Protocol
• Reserves resources (bandwidth, delay limits,
…) along an end-to-end path.
Chap. 6,7,8 Review
35
Chap. 8 - Security
What is:
Symmetric-Key encryption (secret-key)
What is a major problem?
Public-Key encryption (asymmetric-key)
How do you know public-key owner is correct?
How do you know it really is "amazon.com"
How does "amazon.com" know it really is you?
Where are the Top-Level CA's certificates that your
browser uses?
What is maximum message length for a 1024-bit
key?
How does "session key" help?
Chap. 6,7,8 Review
36
What is network security?
Confidentiality: only sender, intended receiver should
“understand” message contents
– sender encrypts message
– receiver decrypts message
Authentication: sender, receiver want to confirm identity
of each other
Message Integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards) without
detection
Access and Availability: services must be accessible
and available to users
Chap. 6,7,8 Review
37
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: a lot!
– eavesdrop: intercept messages
– actively insert messages into connection
– impersonation: can fake (spoof) source address in
packet (or any field in packet)
– hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in
place
– denial of service: prevent service from being used
by others (e.g., by overloading resources)
– compromise a computer (take control of it)
Chap. 6,7,8 Review
38
• What is:
– An exploit (program that exploits a vulnerability to "compromise" a
computer)
–
–
–
–
Firewall (packet filter at connection to Internet)
A Trojan Horse (attack code hidden in legit program)
Phishing (email with link to fake Web site)
A Cryptographic Hash algorithm (MD5, SHA1)
• creates a fixed length hash of much longer message
– PGP (Pretty Good Privacy) or GPG (Gnu Privacy Guard)
• secure email, encrypts, signs
– SSL (Secure Socket Layer)
• used by HTTPS to encrypt Web connections
– IPsec (IP security)
• Encrypts IP connections, creates VPN's (Virtual Private
Networks)
Chap. 6,7,8 Review
39
How do you use public/private keys to:
• Protect the secrecy of a message
– Generate new random "session key"
– Encrypt message with "session key"
– Encrypt session key with receiver's public key
• Digitally sign a message
– Encrypt hash of message with your private key
Chap. 6,7,8 Review
40