Computer Networking: April 2012

Tuesday, April 24, 2012

Part V: Other Aspects of Computer Networking

Chapter 28: Network Performance (QoS and DiffServ)

Measures of Performance

Latency (delay) - the time required to transfer data across a network

Propagation delay - time required for a signal to travel across a transmission medium
Access delay - time needed to obtain access to a transmission medium
Switching delay - time required to forward a packet
Queuing delay - time a packet spends in the memory of a switch or router waiting to be selected for transmission

These account for most delays on the Internet

Server delay - time required for a server to respond to a request and send a response

Throughput (capacity) - the amount of data that can be transferred per unit time

Several ways to measure:

Capacity of a single channel
Aggregate capacity of all channels
Theoretical capacity of the underlying hardware
Effective data rate achieved by an application (goodput)

Most significant for users
Some network capacity is not available to user data because protocols:

Send packet headers, trailers, and control information
Impose a limit on the window size (receive buffer)
Use protocols to resolve names and addresses
Use a handshake to initiate and terminate communication
Reduce the transmission rate when congestion is detected
Retransmit lost packets

You can always buy more throughput, , but you cannot buy lower delays.

Jitter (variability) - the changes in delay that occur and the duration of the changes

Two general approaches to handling jitter:

Design an isochronous network with no jitter

Telephone systems use this approach to guarantee delay along all paths is the same.

Use a protocol that compensates for jitter

Video and voice over Internet take this approach
Much less expensive than isochronous network
About to reduce the impact of jitter, but if variance in delay is too large the output will still be affected.

The Relationship Between Delay and Throughput

Utilization as a Measure of Delay

Throughput and delay are not completely independent. As traffic in a computer network increases, delays increase.

A network that operates at close to 100% of its throughput capacity experiences severe delay

Network should not be operated above 90% of capacity.

Effective delay = (Delay when network idle) / (1 - %Network utilization)

Delay-Throughput Product

Bits present in a network = D x T

Measures the volume of data that can be present on the network.
A network with throughput T and delay D can have a total of T x D bits in transit at any time.

Active Measurement of Delay, Throughput and Jitter

To assess throughput, a sender transfers a large volume of data and a receiver records the time from start of data arriving until all data has arrived, and calculates the amount of data sent per unit time.
"Packet train" is used to measure jitter

A sender emits a series of packets with a small, fixed delay between packets. The receiver records the time at which each packet arrives and uses the sequence of times to compute differences in delay.

Delay measurement requires that two hosts have synchronized clocks. (Over a short distance these clocks must be extremely accurate).

Can also measure the round trip time and divide by two using a tool such as Ping.

However delay along a path from A to B can differ substantially from the delay along a path from B to A. So the half-roundtrip measure may not be accurate.

Measuring network performance can be surprisingly difficult because:

Routes are asymmetric
Conditions change rapidly
Measurement can affect performance
Traffic is bursty

Aggregate data traffic is also bursty.

Passive Measurement, Small Packets and NetFlow

Passive measurement monitors a network and counts packets, but does not inject additional traffic.
To assess link utilization, an ISP measures the total data transferred over a link per unit time; to assess the impact on a router or switch, an ISP measures the number of packets transferred per unit time.

Fine-Grain and Coarse-Grain QoS

Fine-Grain - a provider allows a customer to state specific QoS requirements for a given instance of communication; a customer makes a request each time a flow is created (e.g., for each TCP connection).

Constant Bit Rate (CBR) - data enters the flow at a fixed rate, such as data from a digitized voice call entering at exactly 64 Kbps
Variable Bit Rate (VBR) - data enters the flow at a variable rate within specified statistical bounds which include:

Sustained Bit Rate (SBR)
Peak Bit Rate (PBR)
Sustained Burst Size (SBS)
Peak Burst Size (PBS)

Available Bit Rate (ABR) - the flow agrees to use whatever data rate is available at a given time
Unspecified Bit Rate (UBR) - no bit rate is specified for the flow; the application is satisfied with best-effort service
Despite many years of research and standards work, the fine-grain approach to QoS has been relegated to a few special cases.

Coarse-Grain - a provider specifies a few broad classes of service that are each suitable for one type of traffic; a customer must fit all traffic into the classes.

Course-Grain is the most commonly used.

Quality of Service (QoS)

Network provisioning allows networks to be designed to provide a specific level of service.
A switch or router implements QoS with four steps:

Classification and Policing

Assigns traffic flow identifier that indicates a traffic class, then the router polices the parameters for the flow of that class.

Forwarding Computation
Output Queuing

Most implementations create a set of queues for each output port. Flow identifier used to queue the packet.

Traffic Scheduling

Selects a packet to send whenever the port is idle.
No algorithm for traffic scheduling is perfect:

Leafy Bucket - allows a queue to send packets at a fixed rate by incrementing the packet counter periodically and using the counter to control transmission.
Token Bucket - allows a queue to send data at a fixed rate by incrementing a byte counter periodically and using the counter to control transmission.
Weighted Round Robin - selects packets from a set of queues according to a set of weights that divide the capacity into fixed percentages, assuming a uniform packet size.
Deficit Round Robin - a variant of the round-robin approach that accounts for bytes sent rather than packets transferred, and allows a temporary deficit caused by a large packet.

Internet QoS Technologies

Resource Reservation Protocol (RSVP)
Common Open Policy (COPS)
Differentiated Services (DiffServ)
Multiprotocol Label Switching (MPLS)

Chapter 29: Multimedia and IP Telephony (VoIP)

Unlike conventional transport protocols, a protocol that transfers real-time data only handles the problem of jitter, and does not retransmit lost packets.
To overcome jitter and achieve smooth playback of real-time data, two techniques are employed:

Timestamps - a sender provides a timestamp for each piece of data, the receiver uses the timestamps to handle out-of-order packets and to display the data in the correct time sequence.
Jitter Buffer - a buffer receives data and delays playback.

Real-time Transport Protocol (RTP)

RTP sits above the transport layer (transfer protocol)
Provides three pieces of data in each packet that permit the receiver to implement a jitter buffer:

A sequence number that allows the receiver to place incoming packets in the correct order and to detect missing packets.
A timestamp that allows the receiver to play the data in the packet at the correct timein the multimedia stream.
A series of source identifiers that allow the receiver to know the source(s) of the data.

RTP Encapsulation

RTP uses UDP for message transport

Frame(IP(UDP(RTP())))

IP Telephony

Routers cost much less than traditional telephone switches, this is driving a replacement trend.
Most significant complications arise from desire to be backward compatible with existing Public Switched Telephone Network (PSTN)
Signaling and VoIP Standards

Audio is encoded with Pulse Code Modulation (PCM)
RTP is used to transfer the digitized audio
The processes of call setup and termination are known as signaling; multiple signaling protocols have been proposed for use with IP telephony.

Components of an IP Telephone System

IP Telephone - operates like a conventional telephone, but uses IP to send digitized voice
Media Gateway Controller - provides control and coordination between IP telephones for services such as call setup, call termination, and call forwarding.
Media Gateway - provides a connection between two networks that use different encodings, and translates as a call passes between them.
Signaling Gateway - connects to two networks that use different signaling mechanisms, and translates call management requests and responses.

Session Initiation Protocol (SIP) Terminology and Concepts

SIP minimizes that need for additional protocols by using existing protocols wherever possible.
Operates on the application layer
Encompasses all aspects of signaling
Provides services such as call forwarding
Relies on multicast for conference calls
Allows two sides to negotiate capabilities and choose the media and parameters to be used.
Defines six basic message types (methods):

Invite - session creation, an endpoint is invited to participate in the session
Ack - acknowledgement response to invite
Bye - session termination, call is ended.
Cancel - pending request cancellation
Register - registration of the user's location
Options - query to determine capabilities of called party

SIP defines three new elements that constitute a signaling system:

User agent - device that makes a terminates phone calls.
Location server - DB of information about each user (IP address, subscribed services, preferences)
Support servers:

Proxy - can forward requests from user agents to another location; handle routing and policy enforcement
Redirect - handles tasks such as call forwarding, 800-number connections
Registrar - receives registration requests and updates the DB that location servers consult

H.323 Characteristics

Handles all aspects of a digital telephone call
Includes signaling to set up and manage the call
Allows the transmission of video and data while a call is in progress
Sends binary messages that are defined by ASN.1 and encoded using Basic Encoding Rules (BER)
Incorporates protocols for security
Uses special hardware (Multipoint Control Unit) to support conference calls
Defines servers to handle tasks such as address resolution, authentication, authorization, accounting and features.

Telephone Number Mapping and Routing

E.164 Numbers (ENUM)

Solves the problem of converting an E.164 phone number into a Uniform Resource Identifier (URI)
Uses the Domain Name System to store the mapping

Telephone Routing over IP (TRIP)

Solves the problem of finding a user in an integrated network
A location server or other network element can use TRIP to advertise routes.
Divides the world into IP Telephone Administrative Domains (ITADs)

Chapter 30: Network Security

Major security problems on the Internet

Phishing - masquerading as a well-known site to obtain a user's personal information
Misrepresentation - making false or exaggerated claims about goods or services, or delivering fake or inferior products
Scams - various forms of trickery intended to deceive naive users into investing money or abetting a crime
Denial of Service - intentionally blocking a particular internet site to prevent or hinder business activities and commerce.
Loss of Control - an intruder gains control of a computer system and uses the system to perpetrate a crime
Loss of Data - loss of intellectual property or other valuable proprietary business information.

Techniques Used in Security Attacks

Wiretapping - making a copy of packets as they traverse a network to obtain information
Replay - sending packets captured from a previous session
Buffer overflow - sending more data than a receiver expects in order to store values in variables beyond the buffer.
Address spoofing - faking the IP source address in a packet to trick a receiver into processing the packet
Name spoofing - using a misspelling of a well-known name or poisoning a name server with an incorrect binding
DoS and DDoS - flooding a site with packets to prevent the site from successfully conducting normal business.
SYN flood - sending a stream of random TCP SYN segments to exhaust a receiver's set of TCP connections.
Key breaking - automatically guessing a decryption key or a password to gain unauthorized access to data
Port Scanning - attempting to connect to each possible protocol port on a host to find a vulnerability.
Packet interception - removing a packet from the Internet which allows substitution and man-in-the-middle attacks.

Devising a network security policy can be complex because a rational policy requires an organization to relate network and computer security to human behavior and to assess the value of information.
Authorization policies are meaningless without authentication mechanisms that can unambiguously verify the identity of a requester.
Security Technologies

Hashing - Data Integrity
Encryption - Privacy
Digital Signatures - Message authentication
Digital Certificates - Sender authentication
Firewalls - Site integrity

Uses packet filtering to prevent unwanted communication.

Intrusion Detection Systems - Site integrity
Deep Packet Inspection and Content Scanning - Site integrity

Since they examine packet payloads which are much larger than packet headers and not organized into fixed fields, Deep Packet Inspection mechanisms are limited to lower-speed networks.

Virtual Private Networks - Data privacy

Can be implemented with a stand alone device or using VPN software.
Three options for encryption:

Payload encryption (leaves header unencrypted)
IP-in-IP tunneling

Encypts all fields in the original datagram.

IP-in-TCP tunneling

TCP provides for reliable delivery, but head-of-line blocking can cause delays.

VPN Tunneling Performance

Latency
Throughput
Overhead and Fragmentation

Additional Security Technologies

Pretty Good Privacy (PGP) - cryptographic system that applications can use to encrypt data before transmission.
Secure Shell (SSH) - application layer protocol for remote login that guarantees confidentiality by encrypting data before transmission across Internet.
Secure Socket Layer (SSL) - fits between application and socket API and encrypts data before transmission across Internet. Used in safe financial transactions online.
Transport Layer Security (TLS) - designed as a successor to SSL.
HTTP Security (HTTPS) - combines HTTP with either SSL or TLS and a certificate mechanism to provide users with authenticated, confidential communication over the web.
IP Security (IPsec) - security standard used with IP datagrams
Remote Authentication Dial-In User Service (RADIUS) - service used to provide centralized authentication, authorization and accounting. Popular with dial-up ISPs and VPN systems for remote users.
Wired Equivalent Privacy (WEP) - originally part of the Wi-Fi wireless LAN standard, has been shown to have security weaknesses. Wi-Fi Protected Access (WPA) developed as a replacement.

Chapter 31: Network Management (SNMP)

Although network hardware and protocol software contain mechanisms to automatically route around failures or retransmit lost packets, network managers need to detect and correct underlying problems.
FCAPS Model

Industry standard characterizes the scope of network management:

F - Fault Detection and Correction
C - Configuration and Operation
A - Accounting and Billing
P - Performance Assessment and Optimization
S - Security Assurance and Protection

Element Management System

As it only permits a manager to configure, monitor and control one network element at a time, an element management system is labor intensive and prone to errors.

Network Management Tools

A large variety of tools exist that help a manager configure, measure, diagnose and analyze networks. These include:

Physical Layer Testing
Reachability and Connectivity
Packet Analysis
Network Discovery
Device Interrogation
Event Monitoring
Performance Monitoring
Flow Analysis
Routing and Traffic Engineering
Configuration
Security Enforcement
Network Planning

Simple Network Management Protocol (SNMP)

Uses the fetch-store paradigm for interaction between a manager and an agent. A manager fetches values to determine the device status; operations that control the device are defined as the side-effects of storing into objects.
Management Information Base (MIB)

Although ASN.1 does not provide a mechanism for indexing, MIB variables can correspond to tables or arrays. To emulate a table or an array with an ASN.1 variable, the index for an entry is encoded by appending it to the variable name; when agent software encounters a name that corresponds to a table, the software extracts and uses the index information to select the correct table entry.

Chapter 32: Trends in Networking Technologies and Uses

A variety of technologies have been devised to allow Internet services to scale; although approaches differ widely, each is useful in some cases.

Content Caching
Web Load Balancers
Server Virtualization
Peer-to-Peer Communication
Distributed Data Centers and Replication
Universal Representation (XML)
Social Networking
Mobility and Wireless Networking
Digital Video
Multicast Delivery
Higher-Speed Access and Switching
Optical Switching
Use of Networking in Business
Sensors at Large and in the Home
Ad Hoc Networks
Multicore CPUs and Network Processors
IPv6

Thursday, April 12, 2012

Part IV: Internetworking Using TCP/IP

Chapter 20: Internetworking Concepts, Architecture and Protocols

The motivation for internetworking:

No single networking technology is best for all needs

Universal Service

A communications system that supplies universal service allows arbitrary pairs of computers to communicate
Although universal service is highly desirable, incompatibilities among network hardware, frames, and addresses prevent a bridged network from including arbitrary technologies

Internetworking

Physical network connection with routers

An internet router is a special-purpose hardware system dedicated to the task of interconnecting networks.

It can interconnect networks that use different technologies such as media, physical addressing schemes, or frame formats.

Internet architecture

An internet consists of a set of networks interconnected by routers.
The internet scheme allows each organization to select the number and type of networks, the number of routers to use to interconnect them and the exact interconnection topology.

To build in redundancy and reduce traffic congestion, organizations typically use multiple routers.

The internet is a virtual network because the communication system is an abstraction, that provides the illusion of a uniform network.

Protocols for internetworking

TCP/IP Internet Protocols stand out as the most widely used

Layer 3 (Internet) uses the IP protocol
Layer 4 (Transport) uses the TCP protocol

Chapter 21: IP Internet Addressing

Addresses for the virtual internet

To provide uniform addressing in the Internet, IP defines an abstract addressing scheme that assigns each host a unique protocol address

Applications use IP addresses to communicate

The IP Addressing Scheme

An internet address (IP address) is a unique 32-bit binary number assigned to a host and used for all communication with the host.
IP Address hierarchy

Each computer is assigned a unique address
Although network number assignments must be coordinated globally, suffixes can be assigned locally without global coordination.

Original Classes of IP Addresses (Superceded by newer format)

The original IP addressing scheme divided addresses into classes

Classes differed by the number of 8-bit segments alllocated to the prefix and suffix that together comprise the 32-bit IP address

Class A: one bit identifier (0), 7-bit prefix, 24-bit suffix

Accommodates 128 networks; 16,777,216 hosts per network

Class B: two bit identifier (10), 14-bit prefix, 16-bit suffix

Accommodates 16,384 networks; 65,536 hosts per network

Class C: three bit identifier (110), 21-bit prefix, 8-bit suffix

Accommodates 2,097,152 networks; 256 hosts per network

Class D: four bit identifier (1110), 28-bit multicast address

Class D addresses are still used for multicasting, but multicasting does not work globally

Class E: four bit identifier (1111), 28-bit address

Class E was reserved and not assigned.

Dotted Decimal Notation

A syntactic form that IP software uses to express 32-bit binary values when interacting with humans.

Represents each octet in decimal and uses dots to separate octets.

Authority for Addresses

Internet Corporation for Assigned Names and Numbers (ICANN) handles address assignment and adjudication disputes.

Does not assign individual prefixes, authorizes a set of registrars to do so.

Subnet and Classless Addressing

Original "classful" addressing scheme became a limitation to growth

Organizations demanded Class A or B addresses to accommodate future growth, meanwhile few group wanted the remaining Class C addresses.

Two new mechanisms invented to overcome the limitation:

Classless addressing

Instead of having distinct address classes, they allowed the division between prefix and suffix to occur on an arbitrary bit boundary

For example: an ISP might assign a prefix that is 26-bits long with a six-bit suffix, permitting up to 62 hosts on the prefix

This effectively splits Class C addresses into four longer prefixes (with the addition of two prefix bits)

Subnet addressing

To mark the exact boundary between network prefix and host suffix, a 32-bit value known as an address mask was used.

The address mask consisted of 1s marking the places of the prefix bits, and 0s marking the places of the suffix bits
Routers would join the IP and address mask using a logical AND function to derive the accurate network prefix.

Classless Inter-Domain Routing (CIDR) Notation

Specifies addressing and forwarding in a format that is more readable to humans by extending Dotted Decimal notation with a slash followed by the number of prefix bits

For example, a 26-bit prefixed network with IP 192.5.48.69 would be: 192.5.48.69/26

Special IP Addresses

A network address is denoted by host address zero

128.211.0.16/28 is a network because all bits beyond the 28th are zero.

Directed Broadcast Address

Used to send a copy of a packet to all hosts on a physical network
Formed by adding a suffix that consists of all 1s to the network prefix

128.211.0.31/28 is a directed broadcast address

Limited Broadcast Address

Broadcast on a directly-connected network, used during system startup by a computer that does not yet know the network number.
IP address for limited broadcast consists of 32 1-bits

255.255.255.255

This Computer Address

Used on startup since startup protocols use IP to communicate, but the computer does not yet have an IP
All zeros (0.0.0.0)

Loopback Address

Used to test network applications during debugging
127/8 reserved for use with loopback

127.0.0.1 is the most popular loopback address

Routers and the IP Addressing Principle

An IP address does not identify a specific computer. Instead, each IP address identifies a connection between a computer and a network.
A computer with multiple network connections (e.g., a router) must be assigned one IP address for each connection.

These computers are said to be "multi-homed"

Chapter 22: Datagram Forwarding

Virtual Packets

Since it includes incompatible networks, the Internet cannot adopt a particular hardware packet format.
To accommodate heterogeneity, the Internet Protocol defines a hardware-independent packet format

IP Datagram

Each packet sent across TCP/IP internet is called an IP datagram. Each datagram consists of a header followed by a data area, which is known as a payload.
The size of a datagram is determined by the application that sends data. Allowing the size of datagrams to vary makes IP adaptable to a variety of applications.
Has a specific header format

Forwarding an IP Datagram

As each destination in a forwarding table corresponds to a network, the number of entries in a forwarding table is proportional to the number of networks in the Internet, not the number of hosts.
Software examines each table entry by using the mask to extract a prefix of the destination address and comparing the result to the Destination field of the table entry. If they are equal the datagram will be forwarded to the Next Hop in the entry.
Longest Prefix Match

Resolves ambiguity that can arise when more than one entry matches a destination, by examining entries with the longest prefix first

For example: 128.10.0.0/16 would otherwise be equivalent to 128.10.2.0/24

Destination Address and Next Hop Address

Destination address in a datagram header always refers to the ultimate destination; at each point, a next hop is computed, but the next hop address does not appear in the datagram header.

Best-Effort Delivery

Since IP is designed to operate over all types of network hardware, including hardware that experiences problems, IP datagrams may not be delivered correctly. Although IP makes a best effort to deliver each datagram, it does not guarantee that it will handle all problems. Such problems include:

Data duplication
Delayed or out-of-order delivery
Corruption of data
Datagram loss

IP Encapsulation

A datagram is encapsulated in a frame for transmission across a physical network. The destination address in the frame is the MAC address of the next hop to which the datagram is being sent. The address is obtained by translating the IP address of the next hop to an equivalent MAC address.

Transmission across an Internet

When a datagram arrives in a network frame, the receiver extracts the datagram from the frame payload area and discards the frame header.

Maximum Transmission Unit (MTU) and Datagram Fragmentation

Each network has an MTU that specifies the maximum amount of data a frame can carry. When a router receives a datagram that is larger than the MTU of the network over which it is to be sent, the router divides the datagram into smaller pieces called fragments. Each fragment uses the IP datagram format, but carries only part of the original payload.

Reassembly of a Datagram from Fragments

The ultimate destination reassembles the fragments, not the next hop router. This has two advantages:

Reduces the amount of state information in routers since the router does not need to know whether the datagram is a fragment.
Allows routes to change dynamically; if an intermediate router was to reassemble the fragment they would all have to reach that router.

Collecting the Fragments of a Datagram

Fragments of a datagram can get lost or arrive in an arbitrary order.
These segments are reassembled in the correct order by:

Referencing a unique identification number in the identification field of each datagram and the IP source address in an incoming fragment to determine the datagram to which the fragment belongs.
Additionally, the fragment offset field tells a receiver where the data in the fragment belongs in the original datagram.

Consequences of Fragment Loss

When the first fragments arrive from a given datagram, the receiver starts a reassembly timer. If all segments arrive before the timer runs out, the receiver cancels the timer and reassembles the datagram.
If the timer runs out before all fragments arrive, the receiver discards the fragments that have arrived.

There is no mechanism for the receiver to tell the sender what fragments did not arrive.
If the sender was to retransmit there is no guarantee the data would travel the same path or be fragmented in the same way.

Fragmenting a Fragment

If a fragment goes though a router with a smaller MTU than the size of the fragment, it will be fragmented again.
IP does not distinguish between original fragments and subfragments.
A receiver cannot know whether an incoming fragment is the result of one router fragmenting a datagram or multiple routers fragmenting fragments.

Designer work hard to avoid this scenario.
The advantage of making all fragments the same is that a receiver can perform reassembly of the original datagram without first reassembing subfragments.

Saves CPU time and reduces the amount of header information required in each fragment.

Chapter 23: Support Protocols and Technologies

Address Resolution

IP addressses are abstractions provided by protocol software. Since physical network hardware does not know how to locate a computer from its IP address, the next hop address must be translated to an equivalent MAC address before a frame can be sent.
Mapping between a protocol address and a hardware address is called address resolution. A host or router uses address resolution when it needs to send a packet to another computer on the same physical network.

A computer never attempts to resolve the address of a computer that attaches to a remote network.

Address Resolution Protocol (ARP)

If computer B needs to resolve the IP address of computer C, computer B broadcasts a request for the MAC address of the computer that has the given IP address. This broadcast travel only across the one network. When it receives the request, computer C sends a directed reply to computer B indicating that it has the IP address in question and giving its MAC address.
ARP Message Format

Although the ARP message format is sufficiently general to allow arbitrary protocol and hardware addresses, ARP is almost always used to bind an IP address to a 48-bit Ethernet address

ARP Caching and Message Processing

To reduce network traffic, ARP software extracts and saves the information from responses so it can be used for subsequent packets.
The information is kept in a small cache, and when it needs to bind an address, ARP starts by searching the cache.

An entry is replaced when a response arrives, and the oldest entry is removed whenever the table runs out of space or after an entry has not been updated for a long period of time (20 minutes)
Most computer communication involves two-way traffic, if a message travels from B to C, the probability is high that a reply will travel from C to B.
As each address binding requires memory, a computer cannot store an arbitrary number of address bindings.

Conceptual Address Boundary

ARP forms a conceptual boundary in the protocol stack: layers above ARP use IP, and layers below ARP use MAC addresses.

Internet Control Message Protocol (ICMP)

Includes both messages about errors and informational messages.
ICMP encapsulates messages in IP for transmission, and IP uses ICMP to report problems.

Protocol Software, Parameters and Configuration

Protocol software is parameterized to allow a compiled binary image to run on multiple computers in a variety of network environments without change.
When a copy of the software is started on a given computer, it must be configured by setting parameters that supply information about the computer and the networks to which it attaches.

Dynamic Host Configuration Protocol (DHCP)

Allows a computer to move to a new network and obtain configuration information without requiring an administrator to make manual changes to a database.
Operation and Optimizations

The three most significant performance optimization elements are:

Recovery from loss or duplication
Caching of server addresses
Avoidance of synchronized flooding

Network Address Translation (NAT)

Allows multiple computers to share a single, globally valid IP address
NAT Operation and Private Addresses

NAT provides blocks of private (nonroutable) addresses

10.0.0.0/8 - Class A private address block
169.254.0.0/16 - Class B private address block
172.16.0.0/12 - 16 contiguous Class B blocks
192.168.0.0/16 - 256 contiguous Class C blocks

The most basic form of NAT replaces the IP source address in datagrams passing from the site to the Internet, and replaces the IP destination address in datagrams passing from the internet to the site.

Transport Layer NAT (NAPT)

The basic version of NAT described above only handles situations in which each host at a site communicates with a unique server in the Internet. If two hosts at the site attempt to communicate with the same remote server, NAT will not be able to correctly route the incoming datagrams.
The solution is to use protocol port numbers to distinguish among services.

Entries in the translation table used by NAPT contain a quadruple of source and destination IP addresses and protocol port numbers.
NAT is particularly useful in a residence or small business that is sharing an internet connection via Ethernet or Wi-Fi.

Chapter 24: The Future IP (IPv6)

Previous chapters discuss IPv4 which has been extremely successful

Made it possible for the Internet to handle heterogeneous networks, dramatic changes in network technologies, and extreme increases in scale.

Motivation for change

At the current Internet growth rate, each of the possible IPv4 network prefixes will eventually be assigned. Larger addresses are necessary to accommodate continued growth
New features could provide special facilities for some applications such as real-time audio and video
More complex routing to accommodate replicated services such as Google's distributed data centers or multi-user collaboration tools

Since IP is central to all Internet communication, changing IP requires a change to the entire Internet
IPv6 Features

Address size - 128 bits rather than 32 bits
Header format - almost every field in the header has been changed, some have been replaced
Extension headers - IPv6 encodes information into separate headers, the base IPv6 header followed by zero or more extension headers, followed by data.
Support for Real-time Traffic - includes a mechanism that allows a sender and receiver to establish a high-quality path through the underlying network and to associate datagrams with that path.

Can also be used to associate datagrams with low-cost paths.

Extensible protocol - unlike IPv4, IPv6 does not specify all possible protocol features, senders can add additional information to the datagram and new features can be added to the design as needed.

IPv6 Datgram Format

Base Header

Version - identifies the protocol as v6
Traffic Class - uses differentiated services to specify general characteristics that the datagram needs

Low-latency, low jitter, etc.

Flow Label - originally intended to associate a datagram with a particular underlying network path

End-to-end flow labels have since fallen out of favor

Payload Length - size of the data being carried
Next Header - specifies the type of information that follows the current header, if there is an extension header it specifies the type or if no extension header exists it specifies the type of data being carried in the payload.
Hop Limit - corresponds to IPv4 "Time-to-Live" field

Interpreted stictly, datagram will be discarded if the Hop Limit counts down to zero before the datagram arrives at its destination.

Source Address
Destination Address

Optional Extension Headers 1 - N
Payload

Fragmentation, Reassembly and Path MTU

IPv6 places fragment information in a separate fragment extension header

The presence of this header identifies the datagram as a fragment.
The base header and headers that control routing are treated as unfragmentable

Fragmentation is performed by the sending host, not by routers as in IPv4. If fragmentation is required, the sending host receives an ICMP error message, and reduces the fragment size until fragments can be sent to the destination.

If a router along the path receives a datagram that is larger than the network MTU, it will send an error message and discard the datagram.
Path MTU discovery is used to determine the minimum MTU

This is an iterative procedure
The result is that the sender fragments the datagram into a size equal to the path MTU

The Purpose of Multiple Headers

Economy

Makes it possible to define a large set of features without requiring each datagram header to have at least one field for each feature

Extensibility

Adding a new feature does not change the existing protocol headers as it would have in IPv4

IPv6 Addressing

Unicast - the address corresponds to a single computer. A datagram sent to the address is routed along a shortest path to the computer.
Multicast - the address corresponds to a set of computers, and membership in the set can change at any time. IPv6 delivers one copy of the datagram to each member of the set.
Anycast - the address corresponds to a set of computers that share a common prefix. A datagram sent to the address is delivered to exactly one of the computers (e.g., the computer closest to the sender).

IPv6 Colon Hexadecimal Notation

Since IPv6 occupies 128 bits the dot decimal notation used to make IPv4 addresses more readable results in 16 numbers separated by dots
In order to make this notation more readable Colon Hex is used to represent the address with 16 bits separated by colons.

69DC:8864:FFFF:FFFF:0:1280:8C0A:FFFF

Zero compression is also used, replacing a string of zeros with a double colon

FF0C:0:0:0:0:0:0:B1 can be written FF0C::B1

Chapter 25: UDP Datagram Transport Service

User Datagram Protocol (UDP)

One of two Transmission Control Protocols in the TCP/IP suite (the other is TCP)
UDP is less complex and easier to understand than TCP.

Know as a "thin protocol layer."

UDP characterized as:

End-to-end.

It can distinguish among multiple application programs running on a given computer.

Connectionless.

The interface it provides to applications follows a connectionless paradigm.
Any application can send data at any time and UDP does not transmit any packets other than the packets that carry user data.

Message-oriented.

An application that uses UDP sends and receives individual messages called user datagrams and consisting of two parts:

A short header that specifies the sending and receiving application programs. The header includes:

UDP Source Port
UDP Destination Port
UDP Message Length
UDP Checksum - this is optional.

When a message arrives at its destination, UDP examines the checksum field and only verifies it if the value is non-zero.

A payload that carries the data being sent.

If a UDP message is larger than the network MTU, IP will fragment the resulting datagram, which reduces efficiency.

Best-effort.

Offers the same best-delivery semantics as IP. Arises becuase UDP uses IP for transmission.
Communication semantics same as IP so messages can be lost, duplicated, delayed, delivered out-of-order, or corrupted.
UDP only suffices for applications such as voice or video that can tolerate delivery errors.

Arbitrary interaction.

Allows an application to send to many other applications, receive from many other applications, or communicate with exactly one other application.
Modes of Interaction and Broadcast Delivery

Four styles of interaction:

1-to-1
1-to-Many
Many-to-1
Many-to-Many

Operating system independent.

Provides a means of identifying application programs that does not depend on identifiers used by the local operating system.
UDP uses an abstract set of identifiers called protocol port numbers
Each computer that implements UDP must provide a mapping between protocol port numbers and the program identifiers that the operating system uses.

UDP Checksum and Pseudo Header

The UDP header does not include the source of destination IP address

This makes UDP smaller and more efficient, but introduces a possibility of error.

To confirm that a message has reached the correct destination UDP extends the checksum.

When computing the checksum, UDP includes a pseudo header that contains the source, destination and type (i.e., Proto) fields for the IP datagram and a UDP datagram length.

The sender computes the checksum as if the UDP header contained extra fields.
To verify the checksum, a receiver must obtain the UDP length and the source, destination, and type fields from the IP datagram, then appends them to the UDP message before verifying the checksum.

Chapter 26: TCP Reliable Transport Service

Transmission Control Protocol (TCP) is a transport layer protocol that provides reliability.
TCP service has seven major features:

Connection orientation

An application must first request a connection to a destination, and then use the connection to transfer data.
TCP connections are virtual connections because they are achieved in software.

Point-to-Point communication

Each TCP connection has exactly two endpoints.

Complete reliability

TCP guarantees that the data sent across a connection will be delivered exactly as sent, complete and in order.

Full duplex communication

Allows data to flow in either direction, and allows either application program to send data at any time.

Stream interface

Applications send a continuous stream of octets across a connection.
TCP does not group data into records or messages, and does not guarantee to deliver data in the same size pieces that were transferred by the sending application.

Reliable connection startup

Allows two applications to reliably start communication.

Graceful connection shutdown

Before closing a conneciton, TCP ensures that all data has been delivered and that both sides have agreed to shut down the connection.

End-to-end protocol

It provides communication between an application on one computer and an application on another computer.
Transport protocols do more than detect errors, they employ techniques that can repair or circumvent problems.
Major problems to an end-to-end transport protocol include:

Unreliable communication - messages sent across the internet can be lost, duplicated, corrupted, delayed, or delivered out of order.

To compensate for corrupted bits a protocol might include parity bits, a checksum, or a cyclic redundancy check (CRC).
Sequencing handles duplicates and out-of-order delivery

Sending side attaches a sequence number to each packet.
Receiving side stores both the sequence number of the last packet received in order, as wellas a list of additional packets that arrived out of order.
When a packet arrives the receiver examines the sequence number:

If it is the next one expected, it is delivered to the next highest layer and the list is checked to see if other packets can also be delivered.
If out of order, the protocol adds the packet to the list.

If a packet arrives that has already been delivered or matches one already on the list, the duplicate packet is discarded.

To handle packet loss, transport protocols use positive acknowledgement with retransmission.

When a frame arrives intact the receiving protocol software sends a small acknowledgement.
The sender takes responsibility for ensuring that each packet is transferred successfully.

When a packet is sent the sender sets a timer
If no acknowledgement is received before the timer expires, the sender will retransmit the packet.

Replay errors in which a delayed packet affects later communication

To prevent replay, protocols mark each session with a unique ID and require that ID to be present in each packet.
Packets that arrive with an incorrect ID are discarded.

End system reboot - at any time during communication either of the two end systems might crash and reboot. There must be no confusion between sessions (some embedded systems can reboot in less time than it takes a packet to cross the internet)
Heterogeneous end systems - a powerful sender can generate data so fast that it overruns a slow receiver.

Flow control prevents data overrun, several techniques available:

Stop-and-go is the simplest form

Sender waits after transmitting each packet to receive a control message (usually an acknowledgement) from the receiver.
Prevents overrun but results in extremely low throughput.

Sliding Window offers high throughput rates

Sender and receiver use a fixed window size to determine the amount of data that can be sent before an acknowledgement arrives.
The throughput can be increased by increasing the window size, but the network bandwidth imposes an upper bound.

Sliding window throughput = min(Network bandwidth, Stopandgo protocol throughput x Window size)

Congestion in the Internet - if senders aggressively transmit data intermediate switches and routers can become overrun with packets, analogous to a congested highway.

Transport protocols attempt to avoid congestion collapse by monitoring the network and reacting quickly once congestion starts. There are two basic approaches:

Arrange for intermediate systems (routers) to inform a sender when congestion occurs
Use increased delay or packet loss as an estimate of congestion

Modern network hardware works well, so most delay and loss result from congestion, not hardware failure.

Techniques Used in TCP to Handle Packet Loss

The delay required for data to reach a destination and an acknowledgement to return depends on traffic in the Internet as well as the distance to the destination.
As TCP allows multiple application programs to communicate with multiple application programs to communicate with multiple destinations concurrently and traffic conditions to affect delay, TCP must handle a variety of delays that can change rapidly.
Buffers, Flow Controls and Windows

TCP uses a window mechanism to control the flow of data.

A TCP window is measured in bytes.
A notification that specifies the size of the window is known as a window advertisement.

A receiver sends a window advertisement with each acknowledgement.
A sender that receiver a zero window advertisement will stop sending until the receiver again advertises a positive window.

TCP's Three-Way Handshake

TCP uses the term synchronization segment (SYN segment) to describe the control messages to create a connection, and the term finish segment (FIN segment) to describe the control messages to close a connection. Acknowledgments (ACK).
To start a connection:

Each side sends a control message that specifies an initial buffer size (for flow control) and a sequence number.

Host 1: Send syn
Host 2: Receiver syn; send syn and ack
Host 1: Receive syn and ack; send ack

TCP requires each end to generate a random 32-bit sequence number that becomes the initial sequence for data sent.

The probability of replay is very low since TCP chooses a new random number after reboot.

TCP Congestion Control

Conceptually a transport protocol should reduce the rate of transmission when congestion occurs.
Since it uses an variable size window TCP can achieve a reduction in data rate by temporarily reducing the window size.

In extreme cases where loss occurs, TCP temporarily reduces the window size to half its current value.

TCP Segment Format

The sequnce number field in a TCP segments gives the sequence number for the first byte of data carried in the segment in the forward direction.
An acknowledgement number gives the first sequence number for which data is missing in the reverse direction.

Chapter 27: Internet Routing and Routing Protocols

IP routing can be partitioned into two broad categories:

Static routing

Most Internet hosts use static routing.

The host's forwarding table contains two entries: one for the network to which the host attaches, and a default entry that directs all other traffic to a separate router.

Dynamic routing

Most Internet routers use dynamic routing

Each router runs software that learns about destinations other routers can reach, and informs other routers about destinations that it can reach.
The routing software uses incoming information to update the local forwarding table continuously.

Autonomous Systems

The internet is divided into autonomous systems; routers within an autonomous system exchange routing information, which is then summarized before being passed to another group.
Two types of Internet routing protocols

Interior gateway protocols (IGPs)

Usually easy to install and operate, but may limit the size or routing complexity of an autonomous system.

Exterior gateway protocols (EGPs)

Used to exchange routing information with a router in another autonomous system; and to implement policy constraints.
More complex to install and operate than IGPs, but offer more flexibility and lower overhead.

Optimal routes, routing metrics and IGPs

Although most internet routing protocols are designed to use a hop count metric, it is possible for a network administrator to override the metric to enforce a policy.
Within an autonomous system, IGP software uses a routing metric to choose an optimal path to each destination. EGP software finds a path to each destination, but cannot find an optimal path because it cannot compare routing metrics from multiple autonomous systems.

Border Gateway Protocol (BGP)

Is the exterior gateway protocol that Tier-1 ISPs use to exchange routing information among autonomous systems at the center of the Internet.

Current version is BGP-4

BGP has the following characteristics:

Routing among autonomous systems
Provision for policies
Facilities for transit routing
Reliable transport

Routing Information Protocol (RIP)

Among the first IGP protocols used in the Internet
Has the following characteristics:

Routing within an autonomous system
Hop count metric
Unreliable transport - uses UDP to transfer messages among routers.
Broadcast or multicast delivery
Support for CIDR and Subnetting
Support for default route propagation
Distance vector algorithm
Passive version for hosts

Illustrates a disadvantage of distance vector protocols: the size of a message is proportional to the number of networks that can be reached.

Sending RIP messages introduces delay and processing RIP messages consumes many CPU cycles.

Delay means route changes propagate slowly.

RIP works well among a few routers, but does not scale well.

Open Shortest Path First Protocol (OSPF)

Satisfies the demand for a routing protocol that can scale to large organizations. Uses Dijkstra's SPF algorithm to compute shortest paths.
OSPF has the following characteristics:

Routing within an autonomous system
CIDR support
Authenticated message exchange
Imported routes - can introduce routes learned from other means such as BGP
Link-state algorithm
Support for metrics - allows an administrator to assign a cost to each route.
Support for multi-access networks - traditional link state routing is inefficient across a multi-access network, OSPF optimizes by designating a single router to broadcast on the network.

OSPF Areas

Since it allows a manger to partition the routers and networks in an autonomous system into multiple areas, OSPF can scale to handle a larger number of routers than other IGPs.

Intermediate System-Intermediate System (IS-IS)

An IGP developed at Digital Equipment Corp. created at the same time as OSPF with much of the same functionality. The main differences are:

IS-IS was proprietary, OSPF was created as an open standard.
OSPF designed to run over IP; IS-IS was designed to run over CLNS (part of the OSI protocol stack that is no longer in use)
OSPF was designed to propagate IPv4 routes; IS-IS was designed to propagate routes for OSI protocols.
Over time, OSPF gained many features, as a result IS-IS now has less overhead.

Since DEC has dissolved, IS-IS is no longer under copyright protection so a new version was defined in the 2000s to integrate with IP and the internet.

The largest ISPs have grown to a size where the extra overhead is OSPF makes IS-IS more attractive. So it is making a comeback.

IP Multicast Semantics

Membership in an IP multicast group is dynamic: a computer can join or leave a group at any time.
Group membership defines a set of receivers; an arbitrary application can send a datagram to the group, even if the application is not a group member.
Internet Group Management Protocol (IGMP)

Used only on the network between the host and the router.
Defines the host, not the application to be a group member.
When the last application on a host leaves the group, the host uses IGMP to inform the local router that it is no longer a member of the group.

Forwarding and Discovery Techniques

Flood and Prune

Ideal when group is small and all members are attached to a contiguous LAN.
Routers forward each datagram to all networks
Uses Reverse Path Broadcasting (RPB) to avoid routing loops by breaking cycles.
If a router learns that not hosts on a given network are members of the group, the router prunes the network from the set.

Configuration and Tunneling

Ideal when the group is geographically dispersed
A router at each site is configured to know about other sites.
When a multicast datagram arrives, the router at the site transmits the datagram on all directly attached LANs via hardware multicast.
Consults configuration table to determine which remote sites should receive a copy and uses IP-in-IP tunneling to transfer a copy of the multicast datagram to each of the remote sites.

Core-based Discovery

Allows multicast to scale gracefully from a small group to a large group with members in arbitrary locations.
To provide smooth growth, some multicast routing protocols designate a unicast address for each multicast group.
When router1 receives a multicast datagram that must be transmitted to a group, it encapsulates the multicast datagram in a unicast datagram and forwards the unicast datagram to the group's core unicast address.
When the datagram reaches router2 that participates in the group, router2 removes and processes the multicast message.

Multicast Protocols

Th dynamic characteristics of Internet multicast make the problem of multicast route propagation difficult.
Although many protocols have been proposed, the Internet does not currently have an Internet-wide multicast routing facility.