Chapter 19
Download
1 / 53

Chapter 19 - PowerPoint PPT Presentation


  • 174 Views
  • Updated On :

Chapter 19. by David G. Messerschmitt. Protocol architecture. by David G. Messerschmitt. Summary. Network architecture Internet protocols Some network security issues. Key ideas. Packet encapsulation : one packet can be encapsulated in another

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chapter 19' - cayla


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter 19 l.jpg

Chapter 19

by

David G. Messerschmitt


Protocol architecture l.jpg

Protocol architecture

by

David G. Messerschmitt


Summary l.jpg
Summary

  • Network architecture

  • Internet protocols

  • Some network security issues


Key ideas l.jpg
Key ideas

  • Packet encapsulation: one packet can be encapsulated in another

  • Packet fragmentation: one packet can be split into two or more packets and encapsulated

  • Protocol layering: one service can be layered on another by fragmentation and encapsulation


Slide5 l.jpg

Original packet

New

header

Packet encapsulated in another packet

Encapsulated again

Original packet

(including its header)

is payload of new packet

Encapsulated packet

Original packet


Slide6 l.jpg

Header

Payload

Original packet

Divide into packet fragments

New packets

Reassembled original packet


Slide7 l.jpg

Layer n+1 protocol header

Layer n+1

Layer n+1

Peer-to-peer communication

Layer n

Layer n

Layer n

protocol header

Encapsulated layer n+1

packet, including header


Layered protocol modularity l.jpg
Layered protocol modularity

  • Layer n+1 protocol is logically peer-to-peer

  • Layer n+1 protocol depends on services of layer n

  • Layer n+1 packets are encapsulated in layer n packets

  • Layer n+1 never sees layer n packet headers

  • Layer n ignores layer n+1 packet headers (part of payload)


Key ideas again l.jpg
Key ideas (again)

  • Packet encapsulation: one packet can be encapsulated in another

  • Packet fragmentation: one packet can be split into two or more packets and encapsulated

  • Protocol layering: one service can be layered on another by fragmentation and encapsulation


Ietf omg layers l.jpg
IETF/OMG Layers

Physical

Logical

Application

Application

ORB

ORB

IIOP

IIOP

Layering

TCP or UDP

TCP or UDP

IP

IP

IP

Network 1

N 1

N 2

Network 2

Host A

Host B

Switch


Internet logical view l.jpg
Internet: logical view

Application

Application

Peer-to-peer

TCP or UDP

TCP or UDP

Host A

Host B

The constituent networks are not visible to the application; TCP/UDP does not reside in packet switches


Internet physical view l.jpg
Internet: physical view

IP

IP

IP

Network 1

N 1

N 2

Network 2

Host A

Host B

Switch

IP serves to connect heterogeneous networks into an internetwork


What ip does do l.jpg
What IP does do

  • Allow packets to traverse multiple networks

  • Deliver packet to specified destination host

  • Best effort: deliver as reliably and as soon as it can


What ip doesn t do l.jpg

Guarantee latency for packets that are delivered

Guarantee delivery, or notify source host if packet is not delivered

Guarantee order of delivery

Guarantee integrity of packet payload

Maintain conversational context (each packet is independent)

Specify what process that should receive the packet at destination host

What IP Doesn’t Do


Ip header l.jpg

Version

Priority

FlowLabel

PayloadLen

NextHeader

HopLimit

SourceAddress

DestinationAddress

32 bits

IP header


Transport services udp and tcp l.jpg
Transport services: UDP and TCP

  • Direct packet to a particular process

  • UDP adds:

    • Payload integrity for packets delivered

  • TCP adds:

    • Reliable delivery of bytestream session


Comparison of services l.jpg
Comparison of services

IP: host-to-

host

Host

Host

Process

Process

Process-to-

process

TCP

UDP

IP: Best-effort datagram

UDP: best-effort datagram with payload integrity

  

byte

byte

byte

byte

byte

byte

  

TCP: reliable bi-directional bytestream


Udp tcp ports publish subscribe l.jpg
UDP/TCP ports (publish/subscribe)

Port

Port

Process

Process

IP: host-to-

host

Host

Host

SourcePort

DestinationPort

(rest of UDP or TCP header)

Encapsulated

in IP packet

32 bits


Http service l.jpg

Client can make requests

GET (pull)

POST (push)

(some others)

Server responds

HTTP headers

HTML document

or JPEG, or GIF, or…

HTTP Service


Url structure l.jpg

<scheme>://<host>:<port>/<path>

Scheme

HTTP, FTP, GOPHER, MAILTO, ...

Host

An IP address or DNS name

Port

TCP port number

Optional (defaults to 80 for http)

URL Structure


Http example l.jpg
HTTP example

  • When a browser fetches http://www.si.umich.edu/~presnick/

    • http:// says to use HTTP protocol

    • Resolve www.si.umich.edu in DNS

      • 141.211.203.34

    • Make TCP connection

      • 141.211.203.34, port 80

    • Send the following text string

      • GET /~presnick/


Server sends back l.jpg
Server sends back

HTTP/1.1 200 OK

Date: Mon, 22 Dec 1997 15:12:32 GMT

Server: Apache/1.2.4

Last-Modified: Thu, 04 Dec 1997 16:26:10 GMT

ETag: "5f2f2-33fd-3486d9a2"

Content-Length: 13309

Accept-Ranges: bytes

Connection: close

Content-Type: text/html

<HTML> ….


Slide23 l.jpg
HTML

<H1>

Paul Resnick</H1>

<IMG SRC="RESNICK.gif" ALT="[PHOTO]" HSPACE=10 ALIGN=LEFT>

<BR>Associate Professor

<BR>University of Michigan

<BR>School of Information

<BR>314 West Hall

<BR>550 East University Avenue

<BR>Ann Arbor, MI 48109-1092

<BR>[email protected]


What browsers send to servers l.jpg
What Browsers Send to Servers

  • Your IP address

  • The browser type

  • The refer link

    • What URL you last looked at

  • Cookies (persistent client state for a URL)

    • Server response can include a set-cookie header

    • Browser saves the cookie

    • Browser resends to server next time


How tcp works l.jpg

How TCP works

by

David G. Messerschmitt


Aggregating byte stream l.jpg
Aggregating byte stream

Original bytes are aggregated and….

  

byte

byte

byte

byte

byte

byte

  

….encapsulated in TCP packets, with

a sequence number included in the TCP header

  

byte

byte

byte

byte

byte

  

byte

byte

byte

byte

byte

The TCP packets are encapsulated in IP packets


Tcp connections l.jpg
TCP connections

  • TCP establishes a session with ordered and bidirectional reliable delivery of bytes

    • Establishment:

      • Inform receiving port of connection

      • Initialize packet sequence number

      • Congestion and flow control state

    • Disestablishment

      • By either peer

      • Free state and resources


Http uses tcp l.jpg
HTTP uses TCP

  • Often have to request another page

    • e.g., image

  • HTTP/1.0 requires a new TCP session for each

    • Overhead of session establishment

  • HTTP/1.1 permits reuse of one TCP session for multiple requests


Reliable packet delivery acknowledgement and resending l.jpg

ACK

ACK

Reliable packet delivery: acknowledgement and resending

Source

Destination

Source

Destination

Timeout

IP loses packets

IP is used to send TCP packets and return ACK


Slide30 l.jpg

ACK

ACK

ACK

ACK

ACK

Source

Source

Destination

Destination

Task

Concurrent

tasks for

higher

throughput

Packets can

be reordered

using sequence

number


Tcp congestion l.jpg
TCP Congestion

  • If link is congested

    • Switch queue for that link fills up

    • Drops packets

  • Source resends non-ACK’ed packets

    • Makes congestion worse


Tcp congestion control l.jpg

Voluntary source-imposed policy

Source controls the number of non-ACK’ed packets that have been sent

Controls the number of concurrent sends, and hence packet throughput

Slow start, slowly increase rate

Monitor non-ACK’s and delay of ACK’s to estimate congestion

Quickly decrease if congestion detected

TCP Congestion Control


Tcp congestion control flaws l.jpg
TCP congestion control flaws

  • “Fairness criterion”

    • Maybe “equal division” of resources is not what is wanted

  • Estimating congestion by retransmission is flawed for wireless links

  • Depends on accurate implementation -- cheating possible

  • Application can avoid congestion control by using UDP


Tcp flow control l.jpg

Recall that this is to avoid recipient from being overwhelmed

Recipient must control source

Recipient explicitly requests lower send rate

MaxUnackedPackets is a parameter of ACK’s

TCP Flow Control


Multicasting l.jpg
Multicasting overwhelmed

  • So far, we’ve assumed node A sends to B

  • Multicasting: node A sends same message to B, C, and D

    • Could set up A-B, A-C, and A-D connections

    • But A becomes a bottleneck

      • Handling ACKS and resends

    • And it’s inefficient

      • Some intermediate nodes may receive the message several times

  • Multicast protocols try to have A send only once

    • Intermediate nodes do more work

B

A

C

D


Domain name system l.jpg

Domain Name System overwhelmed

by

David G. Messerschmitt


Slide37 l.jpg

Hosts overwhelmed

NS

NS

eecs.berkeley.edu

“root”

NS

NS

sims.berkeley.edu

berkeley.edu


Delegate name search to local name server l.jpg
Delegate name search to local name server overwhelmed

“root”

tj.watson.ibm.com

NS

info.sims.berkeley.edu

berkeley.edu

NS

NS

sims.berkeley.edu

watson.ibm.com

sims.berkeley.edu

Local server caches recent search results

NS

berkeley.edu


Supplements l.jpg

Supplements overwhelmed

by

David G. Messerschmitt


Network security l.jpg

Network security overwhelmed

by

David G. Messerschmitt


Network security41 l.jpg
Network security overwhelmed

  • Some things to worry about:

    • Sniffing

    • Spoofing

    • Security flaws in public servers


Improving security l.jpg
Improving security overwhelmed

  • Security tools covered earlier

  • Firewalls: a place where security policies can be enforced

    • Who gains access

    • What servers (ports) can be accessed

    • What hosts can be accessed

    • What protocols can pass

    • Other security policies can be enforced


Slide43 l.jpg

Global Internet overwhelmed

Public hosts

Firewall

Bastion

hosts

Second

firewall

Internal

hosts

Protected enclave


Problems with firewalls l.jpg
Problems with firewalls overwhelmed

  • “Benign internal users” assumption is naïve

  • Obstacle to deployment of innovative applications and services

  • Increasingly organizations want to extend extranet to suppliers and customers

  • Solution: resource-based rather than enclave-based security

    • Analogy: border patrol not enough, need secure buildings and vehicles, guards, police, etc.


Where to use encryption l.jpg
Where to use encryption overwhelmed

  • Per link (wireless)

  • Firewall-to-firewall (extranet)

  • Host-to-host (IPsec)

  • Process-to-process (TCP-SSL)

  • Application

What are some strengths and weaknesses in these approaches?


Packet structure l.jpg
Packet structure overwhelmed

  • Payload:

    • Data for application

    • Ignored by network and protocol

    • (Qualification: may also be encapsulated packet)

  • Header:

    • Information for switches

    • Serves as protocol message

Packet length limited by network policy


Protocol endpoints l.jpg

IP: host-to- overwhelmed

host

Host

Host

Process

Process

Process-to-

process

TCP

UDP

Protocol endpoints

Internetworking layer focuses on getting datagrams from one host to another

Transport layer focuses on process-to-process communication services


Addresses vs names l.jpg
Addresses vs. names overwhelmed

Address specifies topological location of host to the network

128 bits (Network,host)

Name is easy to remember or construct and reflects administrative boundaries

info.sims.berkeley.edu


Issues in congestion control l.jpg
Issues in congestion control overwhelmed

  • Social issue: how do we divide limited network resources among users/applications?

  • Approaches:

    • Voluntary (e.g. UDP)

      • “Bad citizen” is rewarded

    • Policy driven (e.g. TCP)

    • Incentivized (e.g. pricing)


Advantages of pricing based congestion control l.jpg
Advantages of pricing-based congestion control overwhelmed

  • Policies can never take into account the “importance” of traffic

  • Users and applications are forced to consider the common resource implications of their actions

  • Users and applications can choose the most “important” traffic for periods of congestion

    • Shift other traffic to off-peak times

  • Source of revenue to expand capacity


Technical approaches to congestion control l.jpg
Technical approaches to congestion control overwhelmed

  • Source-driven throttle algorithm

    • Voluntary, policy, or incentive driven

  • Network-driven

    • Must use fairness criteria

    • Network-to-source flow control

    • Network access enforcement (policing)

      • Traffic priorities allow source to control what traffic is discarded


Undesirability of fixed pricing per unit of capacity l.jpg
Undesirability of fixed pricing per unit of capacity overwhelmed

Willingness to pay for

one more unit of capacity

In reducing capacity from c to c’

Revenue gained

Revenue lost

D(c)

p

Capacity

c’

c

cmax


Downsides of pricing l.jpg
Downsides of pricing overwhelmed

  • Infrastructure for

    • Usage monitoring

    • Congestion monitoring

    • QoS configuration

    • Billing

  • Operational costs

  • How do costs compare to the benefits?


ad