leksioni 4 rrj
Download
Report
Transcript leksioni 4 rrj
Struktura e Internetit : Rrjeti i rrjetave
Opcion: lidh cdo ISP aksesi ne nje ISP global tranziti? KLientat dhe
providerat ISP kane marreveshje biznesi
access
net
access
net
access
net
access
net
access
net
access
net
access
net
global
ISP
access
net
access
net
access
net
access
net
access
net
access
net
access
net
access
net
access
net
Struktura e Internetit : Rrjeti i rrjetave
Por duhet te jene disa ISP globale qe te kete konkurence ….
access
net
access
net
access
net
access
net
access
net
access
net
access
net
ISP A
access
net
access
net
access
net
ISP B
ISP C
access
net
access
net
access
net
access
net
access
net
access
net
Struktura e Internetit : Rrjeti i rrjetave
Por duhet te jene disa ISP globale qe te kete konkurence …. Dhe
keto ISP duhet te nderlidhen
Internet exchange point
access
access
net
net
access
net
access
net
access
net
IXP
access
net
ISP A
IXP
access
net
access
net
access
net
access
net
ISP B
ISP C
access
net
peering link
access
net
access
net
access
net
access
net
access
net
Struktura e Internetit : Rrjeti i rrjetave
… dhe rrjeta rajonale mund te duhen per te lidhur rrjetat e
aksesit
access
net
access
net
access
net
access
net
access
net
IXP
access
net
ISP A
IXP
access
net
access
net
access
net
access
net
ISP B
ISP C
access
net
access
net
regional net
access
net
access
net
access
net
access
net
Struktura e Internetit : Rrjeti i rrjetave
… dhe providerat e pembajtjes (psh., Google, Microsoft, Akamai
) mund te kene rrjetat e veta qe te sjellin sherbimet, permbajtjen
prane perdoruesve
access
net
access
net
access
net
access
net
access
net
IXP
access
net
ISP A
access
net
Content provider network
IXP
access
net
access
net
access
net
ISP B
ISP B
access
net
access
net
regional net
access
net
access
net
access
net
access
net
Struktura e Internetit : Rrjeti i rrjetave
Tier 1 ISP
Tier 1 ISP
IXP
IXP
Regional ISP
access
ISP
access
ISP
Google
access
ISP
access
ISP
IXP
Regional ISP
access
ISP
access
ISP
access
ISP
access
ISP
Ne qender: numer i vogel rrjetash te medha mire te lidhura
“tier-1 (rreshti i pare)” ISP komerciale (psh., Level 3, Sprint, AT&T,
NTT), mbulim kombetar e nderkombetar
Rrjetat providerave te permbajtjes (psh, Google): rrjet privat qe lidh
qendrat e te dhenave te saj me Internet, shpesh duke tejkaluar tier-1,
Introduction 1-6
Tier-1 ISP: psh., Sprint
POP: point-of-presence
to/from backbone
peering
…
…
…
…
…
to/from customers
Introduction 1-7
Chapter 1: roadmap
1.1 Cfare eshte Interneti?
1.2 rrjeti skajor
sistemet fundore, rrjetat e aksesit, linjat
1.3 rrjeti qendror
transmetimi (kycja) me pakete, kycja me qark,
struktura e rrjetave
1.4 vonesa, humbje, sjellja ne rrjeta
1.5 shtresat e protokolleve, modelet e sherbimeve
1.6 rrjetat nen sulm: siguria
1.7 histori
Introduction 1-8
Si ndodhin humbjet dhe vonesat?
Paketat vihen ne rradhe ne buferat e routerave
Ritmi i paketave ne arrdhje tejkalon (perkohesisht) kapacitetin e
linkut te daljes
Paketat presin tu vije rradha
Pakete qe po transmetohet (vonesa)
A
B
pakete ne rradhe (vonesa)
Bufer i lire: paketat ne ardhje humben nese nuk ka bufera te lire
Introduction 1-9
Kater burimet e vonesave te
paketave
transmetimi
A
perhapja
B
Perpunimi ne nyje
rradha
dnodal = dproc + dqueue + dtrans + dprop
dproc: perpunimi ne nyje
Kontroll i gabimeve te
biteve
Percakton linkun e daljes
zakonisht < msec
dqueue: vonesa prej
rradhes
Koha e pritjes ne linkun e
daljes per transmetim
Varet nga niveli i bllokimit
te ruterit
1-10
Introduction
Kater burimet e vonesave te paketave
tranmetim
Perhapje
propagation
A
B
Perpunim
ne nyje
(Processing)
Rradha
(queueing)
dnodal = dproc + dqueue + dtrans + dprop
dtrans: vonesa e transmetimit:
L: gjatesia e paketes (bits)
R: bandwidth i linkut (bps)
dtrans = L/R
dtrans and dprop
very different
dprop: vonesa e perhapjes:
d: gjatesia e linkut fizik
s: shpejtesia e perhapjes ne mjedis
(~2x108 m/sec)
dprop = d/s
* Check out the Java applet for an interactive animation on trans vs. prop delay
Introduction 1-11
Analogjia me karvanin
100 km
Karvan me Kontrolli/
10 makina pagesa
Makinat “perhapen” me
shpejtesi100 km/hr
kontrolli do 12 sec per te
sherbyer nje makine (koha e
transmetimit te nje biti)
makina~bit; karvani ~ paketa
Pyetje: Sa kohe do qe karvani
te rreshtohet perpara
kontrollit te dyte?
100 km
Kontrolli/
pagesa
Koha per te “shtyre” te
gjithe karvanin nga
kontroli ne autostrade
= 12*10 = 120 sec
Koha e “perhapjes” se
makines se fundit nga
kontrolli i pare ne ate
te dytin:
100km/(100km/hr)= 1
hr
Pergjigje: 62 minutes
Introduction 1-12
Analogjia me karvanin(me shume)
100 km
Karvani me
10 makina
kontroll
i takses
100 km
kontroll
i takses
Supozo tani makinat “perhapen” me 1000 km/hr
Dhe supozo kontrolli do nje min t’i sherbeje nje makine
Pyetje: A do te arrijne makinat ne kontrollin e dyte perpara se
te gjithe makinat te jene sherbyer ne kontrollin e pare?
A: Po! Mbas 7 min, makina e pare arrin ne kontrollin e dyte;
tre makina jane akoma ne kontrollin e pare.
Introduction 1-13
R: bandwidth i linkut (bps)
L: gjatesia e paketes (bits)
a: ritmi mesatar i arritjes
se paketave
average queueing
delay
Vonesa ne rradhes (e ripare)
traffic intensity
= La/R
La/R ~ 0: vonesa mesatare ne rradhe e vogel
La/R -> 1: vonesa mesatare ne rradhe e madhe
La/R > 1: me shume “pune” po arrin
qe duhet sherbyer, vonesa mesatare infinit!
* Check out the Java applet for an interactive animation on queuing and loss
La/R ~ 0
La/R -> 1
Introduction 1-14
Vonesat dhe rruget “reale” te Internetit
Si duken vonesat dhe humbjet “reale” te Internetit?
Programi Traceroute: jep matjen e voneses nga
burimi ne router gjate rruges ne Internet fillim-fund
deri ne arritje. Per te gjitha i:
Dergon tre paketa qe do te arrijne cdo router i ne rrugen
drejt arritjes
router i do te ktheje paketa tek derguesi
Derguesi mat intervalin e kohes midis transmetimit dhe
pergjigjes.
3 probes
3 probes
3 probes
Introduction 1-15
Vonesat dhe rruget “reale” te Internetit
traceroute: gaia.cs.umass.edu to www.eurecom.fr
3 matje te voneses nga
gaia.cs.umass.edu ne cs-gw.cs.umass.edu
1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms
2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms
3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms
4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms
5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms
6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms
7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms trans-oceanic
8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms
link
9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms
10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms
11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms
12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms
13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms
14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms
15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms
16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms
17 * * *
18 * * * * Do te thote nuk ka pergjigje (probe e humbur, router nuk pergjigjet)
19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms
* Do some traceroutes from exotic countries at www.traceroute.org
Introduction 1-16
Humbja e paketave
rradha(ose buffer) e linkut paraardhes ne buffer ka
kapacitet te fundem
Paketat qe arrijne kur rradha eshte plot hidhen (ose
humben)
Paketat e humbura mund te ritransmetohennga nyja
paraardhese, nga burimi ne sistem, ose te mos
ritransmetohet
buffer
(zona e pritjes)
A
Paketa qe po transmetohet
B
paketa qe po arrin ne nje buffer plot eshte humbur
* Check out the Java applet for an interactive animation on queuing and loss
Introduction 1-17
Throughput - sjellja
throughput: ritmi (bite/ne njesine e kohes) me te
cilen bitet transferohen midis derguesit /marresit
E castit: ritmi ne nje cast te kohes
mesatare: ritmi ne nje periudhe te gjate
server,
with bite
serveri
dergon
file of F bits
(ngjashmeri
me leng)
to send
to
client
ne tub
link
capacity
tub
qe mban leng me
Rsritem
bits/sec
Rs bits/sec)
link
tubcapacity
qe mban leng me
Rcritem
bits/sec
Rc bits/sec)
Introduction 1-18
Throughput (vazhdim)
Rs < Rc Sa eshte throughputi mesatar fillim-mbarim?
Rs bits/sec
Rc bits/sec
Rs > Rc Sa eshte throughputi mesatar fillim-mbarim?
Rs bits/sec
Rc bits/sec
bottleneck link (linku me i ngushte)
Linku ne rrugen fillim-fund qe kufizon throughputin fillim-fund
Introduction 1-19
Throughput: Skenari ne Internet
throughput: min per
lidhjen fillim-fund
(Rc,Rs,R/10)
Ne praktike: Rc ose
Rs eshte zakonisht
bottleneck
Rs
Rs
Rs
R
Rc
Rc
Rc
10 lidhje (ne menyre te drejte)
ndajnelinkun bottleneck R bits/sec
Introduction 1-20
Chapter 1: roadmap
1.1 what is the Internet?
1.2 network edge
end systems, access networks, links
1.3 network core
packet switching, circuit switching, network structure
1.4 delay, loss, throughput in networks
1.5 Shtresat e protokollit, Modelet e sherbimit
1.6 networks under attack: security
1.7 history
Introduction 1-21
“Shtresat” e Protokollit
Rrjetat jane komplekse,
Me shume “pjese”:
hoste
routera
linke me mjedise
te ndryshme
zbatime
protokolle
hardware,
software
Pyetje:
A ka ndonje shprese per
strukture te organizuar
te rrjetave?
…. Ose se paku diskutimi
yne mbi rrjetat?
Introduction 1-22
Organizimi i udhetimit ajror
bileta (blerje)
bileta (complain)
bagzhe (kontrol)
bagazhe (claim)
porta (hyrje)
porta (dalje)
ngritja e aeroplanit
Ulje e aeroplanit
airplane routing
airplane routing
airplane routing
Nje seri hapash
Introduction 1-23
Shtresezimi i funksioneve te fluturimit
ticket (purchase)
ticket (complain)
ticket
baggage (check)
baggage (claim
baggage
gates (load)
gates (unload)
gate
runway (takeoff)
runway (land)
takeoff/landing
airplane routing
airplane routing
airplane routing
airplane routing
airplane routing
Qendrat e ndermjetme te konrollit te trafikut ajror
Airport i arritjes
Airporti I nisjes
lshtresa: cdo shtrese implementon nje sherbim
Nepermjet veprimeve te tij brenda shtreses
Mbeshtetet ne sherbimet e dhena nga shtresa
e meposhteme
Introduction 1-24
Pse shtresezim?
Duke u marre me sisteme komplekse:
Strukture eksplicite lejon identifikimin,
marrdheniet ndermjet pjeseve te sistemit
kompleks
reference model reference i shtesezuar per diskutim
Modularizimi lehteson mirembajtjen, updating e
sistemeve
Ndryshimi i implementimit te sherbimit te eshte
transparent per pjesen tjeter te sistemit
P.sh, ndryshimi i procedurave ne porta nuk ndikon ne
pjesen tjeter te sistemit
Shtresezimi i konsideruar i demshem?
Introduction 1-25
Internet protocol stack
zbatim: zbatime me mbeshtetje
nga rrjeti
FTP, SMTP, HTTP
transport: trnsmetim te dhenash
proces-proces
TCP, UDP
rrjet: routing i datagrameve nga
burimi ne destinacion
IP, routing protocols
link: transferim te dhenash midis
elemente komshinj ne rrjet
zbatim
transport
rrjet
link
fizik
Ethernet, 802.111 (WiFi), PPP
fizik: bits “ne tel”
Introduction 1-26
ISO/OSI modeli i referimit
prezantim: lejon zbatimet te
interpretojne kuptimin e te
dhenave, p.sh., enkriptimi,
kompresimi, konvencione
specifike te makines
sesion: sinkronizim, kontroll,
recovery of data exchange
Internet stack “nuk I ka” keto
shtresa!
Keto sherbime, nese kerkohen,
duhet te implementohenne
zbatime
Jane te nevojshme?
zbatim
prezantim
sesion
transport
rrjet
link
fizik
Introduction 1-27
Enkapsulimi
source
message
segment
M
Ht
M
datagram Hn Ht
M
frame
M
Hl Hn Ht
application
transport
network
link
physical
link
physical
switch
M
Ht
M
Hn Ht
M
Hl Hn Ht
M
destination
Hn Ht
M
application
transport
network
link
physical
Hl Hn Ht
M
network
link
physical
Hn Ht
M
router
Introduction 1-28
Chapter 1: roadmap
1.1 what is the Internet?
1.2 network edge
end systems, access networks, links
1.3 network core
packet switching, circuit switching, network structure
1.4 delay, loss, throughput in networks
1.5 protocol layers, service models
1.6 networks under attack: security
1.7 history
Introduction 1-29
Siguria e Rrjetave
Fusha e sigurise se rrjetave:
Si munden te keqinjte te sulmojne rrjetat e
kompjuterave
Si mund t’i mbrojme rrjetat nga sulmet
Si te projektohen arkitektura qe jane imune ndaj
sulmeve
Interneti nuk eshte projektuar fillimisht me
(shume) siguri ne mendje
Vizioni origjinal: “nje grup perdoruesish qe besojne
njeri-tjetrin te lidhur me nje rrjet transparent”
Projektuesit e protokolleve te Internet duke u
pershtatur kushteve
Konsiderata sigurie ne te gjitha shtresat!
Introduction 1-30
Te keqinjte: fut malware ne hoste nepermjet
Internetit
malware mund te futet ne host nga:
virus: infektim qe vete replikohet duke
marre/ekzekutuar objekte (psh., e-mail attachment)
krimb: infektim qe vete replikohet duke marre ne
menyre pasive objekte qe vete ekzekutohen
spyware malware mund te regjistroje keystrokes,
web site te vizituara, upload info tek faqja e
mbledhjes
Hostet e infektuara mund te futen ne botnet, te
perdorura per spam. Sulmet DDoS
Introduction 1-31
Te keqinjte: sulm servareve, infrastruktures se
rrjetit
Denial of Service (DoS) (Mohim sherbimi): sulmuesit bejne
resurset (server, bandwidth) te pamunduara per
trafikun ligjitim duke mbingarkuar me trafik te rreme
1. zgjidh target
2.Thyerje ne hostet ne rrjet
3. Dergo paketa ne target nga
hostet e komprementuara
target
Introduction 1-32
Te keqinjte mund pergjojne paketat
paket “sniffing”:
broadcast media (shared ethernet, wireless)
promiscuous network interface reads/records all packets
(e.g., including passwords!) passing by
C
A
src:B dest:A
payload
B
wireshark software used for end-of-chapter labs is a
(free) packet-sniffer
Introduction 1-33
Te keqinjte mund perdorin
adresa te rreme
IP spoofing: dergo paketa me adrese burimi te rreme
C
A
src:B dest:A
payload
B
… lots more on security (throughout, Chapter 8)
Introduction 1-34
Introduction: summary
covered a “ton” of material!
Internet overview
what’s a protocol?
network edge, core, access
network
packet-switching versus
circuit-switching
Internet structure
performance: loss, delay,
throughput
layering, service models
security
history
you now have:
context, overview, “feel”
of networking
more depth, detail to
follow!
Introduction 1-35