Chapter 28: Network Performance (QoS and DiffServ)
- Measures of Performance
- Latency (delay) - the time required to transfer data across a network
- Propagation delay - time required for a signal to travel across a transmission medium
- Access delay - time needed to obtain access to a transmission medium
- Switching delay - time required to forward a packet
- Queuing delay - time a packet spends in the memory of a switch or router waiting to be selected for transmission
- These account for most delays on the Internet
- Server delay - time required for a server to respond to a request and send a response
- Throughput (capacity) - the amount of data that can be transferred per unit time
- Several ways to measure:
- Capacity of a single channel
- Aggregate capacity of all channels
- Theoretical capacity of the underlying hardware
- Effective data rate achieved by an application (goodput)
- Most significant for users
- Some network capacity is not available to user data because protocols:
- Send packet headers, trailers, and control information
- Impose a limit on the window size (receive buffer)
- Use protocols to resolve names and addresses
- Use a handshake to initiate and terminate communication
- Reduce the transmission rate when congestion is detected
- Retransmit lost packets
- You can always buy more throughput, , but you cannot buy lower delays.
- Jitter (variability) - the changes in delay that occur and the duration of the changes
- Two general approaches to handling jitter:
- Design an isochronous network with no jitter
- Telephone systems use this approach to guarantee delay along all paths is the same.
- Use a protocol that compensates for jitter
- Video and voice over Internet take this approach
- Much less expensive than isochronous network
- About to reduce the impact of jitter, but if variance in delay is too large the output will still be affected.
- The Relationship Between Delay and Throughput
- Utilization as a Measure of Delay
- Throughput and delay are not completely independent. As traffic in a computer network increases, delays increase.
- A network that operates at close to 100% of its throughput capacity experiences severe delay
- Network should not be operated above 90% of capacity.
- Effective delay = (Delay when network idle) / (1 - %Network utilization)
- Delay-Throughput Product
- Bits present in a network = D x T
- Measures the volume of data that can be present on the network.
- A network with throughput T and delay D can have a total of T x D bits in transit at any time.
- Active Measurement of Delay, Throughput and Jitter
- To assess throughput, a sender transfers a large volume of data and a receiver records the time from start of data arriving until all data has arrived, and calculates the amount of data sent per unit time.
- "Packet train" is used to measure jitter
- A sender emits a series of packets with a small, fixed delay between packets. The receiver records the time at which each packet arrives and uses the sequence of times to compute differences in delay.
- Delay measurement requires that two hosts have synchronized clocks. (Over a short distance these clocks must be extremely accurate).
- Can also measure the round trip time and divide by two using a tool such as Ping.
- However delay along a path from A to B can differ substantially from the delay along a path from B to A. So the half-roundtrip measure may not be accurate.
- Measuring network performance can be surprisingly difficult because:
- Routes are asymmetric
- Conditions change rapidly
- Measurement can affect performance
- Traffic is bursty
- Aggregate data traffic is also bursty.
- Passive Measurement, Small Packets and NetFlow
- Passive measurement monitors a network and counts packets, but does not inject additional traffic.
- To assess link utilization, an ISP measures the total data transferred over a link per unit time; to assess the impact on a router or switch, an ISP measures the number of packets transferred per unit time.
- Fine-Grain and Coarse-Grain QoS
- Fine-Grain - a provider allows a customer to state specific QoS requirements for a given instance of communication; a customer makes a request each time a flow is created (e.g., for each TCP connection).
- Constant Bit Rate (CBR) - data enters the flow at a fixed rate, such as data from a digitized voice call entering at exactly 64 Kbps
- Variable Bit Rate (VBR) - data enters the flow at a variable rate within specified statistical bounds which include:
- Sustained Bit Rate (SBR)
- Peak Bit Rate (PBR)
- Sustained Burst Size (SBS)
- Peak Burst Size (PBS)
- Available Bit Rate (ABR) - the flow agrees to use whatever data rate is available at a given time
- Unspecified Bit Rate (UBR) - no bit rate is specified for the flow; the application is satisfied with best-effort service
- Despite many years of research and standards work, the fine-grain approach to QoS has been relegated to a few special cases.
- Coarse-Grain - a provider specifies a few broad classes of service that are each suitable for one type of traffic; a customer must fit all traffic into the classes.
- Course-Grain is the most commonly used.
- Quality of Service (QoS)
- Network provisioning allows networks to be designed to provide a specific level of service.
- A switch or router implements QoS with four steps:
- Classification and Policing
- Assigns traffic flow identifier that indicates a traffic class, then the router polices the parameters for the flow of that class.
- Forwarding Computation
- Output Queuing
- Most implementations create a set of queues for each output port. Flow identifier used to queue the packet.
- Traffic Scheduling
- Selects a packet to send whenever the port is idle.
- No algorithm for traffic scheduling is perfect:
- Leafy Bucket - allows a queue to send packets at a fixed rate by incrementing the packet counter periodically and using the counter to control transmission.
- Token Bucket - allows a queue to send data at a fixed rate by incrementing a byte counter periodically and using the counter to control transmission.
- Weighted Round Robin - selects packets from a set of queues according to a set of weights that divide the capacity into fixed percentages, assuming a uniform packet size.
- Deficit Round Robin - a variant of the round-robin approach that accounts for bytes sent rather than packets transferred, and allows a temporary deficit caused by a large packet.
- Internet QoS Technologies
- Resource Reservation Protocol (RSVP)
- Common Open Policy (COPS)
- Differentiated Services (DiffServ)
- Multiprotocol Label Switching (MPLS)
Chapter 29: Multimedia and IP Telephony (VoIP)
- Unlike conventional transport protocols, a protocol that transfers real-time data only handles the problem of jitter, and does not retransmit lost packets.
- To overcome jitter and achieve smooth playback of real-time data, two techniques are employed:
- Timestamps - a sender provides a timestamp for each piece of data, the receiver uses the timestamps to handle out-of-order packets and to display the data in the correct time sequence.
- Jitter Buffer - a buffer receives data and delays playback.
- Real-time Transport Protocol (RTP)
- RTP sits above the transport layer (transfer protocol)
- Provides three pieces of data in each packet that permit the receiver to implement a jitter buffer:
- A sequence number that allows the receiver to place incoming packets in the correct order and to detect missing packets.
- A timestamp that allows the receiver to play the data in the packet at the correct timein the multimedia stream.
- A series of source identifiers that allow the receiver to know the source(s) of the data.
- RTP Encapsulation
- RTP uses UDP for message transport
- Frame(IP(UDP(RTP())))
- IP Telephony
- Routers cost much less than traditional telephone switches, this is driving a replacement trend.
- Most significant complications arise from desire to be backward compatible with existing Public Switched Telephone Network (PSTN)
- Signaling and VoIP Standards
- Audio is encoded with Pulse Code Modulation (PCM)
- RTP is used to transfer the digitized audio
- The processes of call setup and termination are known as signaling; multiple signaling protocols have been proposed for use with IP telephony.
- Components of an IP Telephone System
- IP Telephone - operates like a conventional telephone, but uses IP to send digitized voice
- Media Gateway Controller - provides control and coordination between IP telephones for services such as call setup, call termination, and call forwarding.
- Media Gateway - provides a connection between two networks that use different encodings, and translates as a call passes between them.
- Signaling Gateway - connects to two networks that use different signaling mechanisms, and translates call management requests and responses.
- Session Initiation Protocol (SIP) Terminology and Concepts
- SIP minimizes that need for additional protocols by using existing protocols wherever possible.
- Operates on the application layer
- Encompasses all aspects of signaling
- Provides services such as call forwarding
- Relies on multicast for conference calls
- Allows two sides to negotiate capabilities and choose the media and parameters to be used.
- Defines six basic message types (methods):
- Invite - session creation, an endpoint is invited to participate in the session
- Ack - acknowledgement response to invite
- Bye - session termination, call is ended.
- Cancel - pending request cancellation
- Register - registration of the user's location
- Options - query to determine capabilities of called party
- SIP defines three new elements that constitute a signaling system:
- User agent - device that makes a terminates phone calls.
- Location server - DB of information about each user (IP address, subscribed services, preferences)
- Support servers:
- Proxy - can forward requests from user agents to another location; handle routing and policy enforcement
- Redirect - handles tasks such as call forwarding, 800-number connections
- Registrar - receives registration requests and updates the DB that location servers consult
- H.323 Characteristics
- Handles all aspects of a digital telephone call
- Includes signaling to set up and manage the call
- Allows the transmission of video and data while a call is in progress
- Sends binary messages that are defined by ASN.1 and encoded using Basic Encoding Rules (BER)
- Incorporates protocols for security
- Uses special hardware (Multipoint Control Unit) to support conference calls
- Defines servers to handle tasks such as address resolution, authentication, authorization, accounting and features.
- Telephone Number Mapping and Routing
- E.164 Numbers (ENUM)
- Solves the problem of converting an E.164 phone number into a Uniform Resource Identifier (URI)
- Uses the Domain Name System to store the mapping
- Telephone Routing over IP (TRIP)
- Solves the problem of finding a user in an integrated network
- A location server or other network element can use TRIP to advertise routes.
- Divides the world into IP Telephone Administrative Domains (ITADs)
Chapter 30: Network Security
- Major security problems on the Internet
- Phishing - masquerading as a well-known site to obtain a user's personal information
- Misrepresentation - making false or exaggerated claims about goods or services, or delivering fake or inferior products
- Scams - various forms of trickery intended to deceive naive users into investing money or abetting a crime
- Denial of Service - intentionally blocking a particular internet site to prevent or hinder business activities and commerce.
- Loss of Control - an intruder gains control of a computer system and uses the system to perpetrate a crime
- Loss of Data - loss of intellectual property or other valuable proprietary business information.
- Techniques Used in Security Attacks
- Wiretapping - making a copy of packets as they traverse a network to obtain information
- Replay - sending packets captured from a previous session
- Buffer overflow - sending more data than a receiver expects in order to store values in variables beyond the buffer.
- Address spoofing - faking the IP source address in a packet to trick a receiver into processing the packet
- Name spoofing - using a misspelling of a well-known name or poisoning a name server with an incorrect binding
- DoS and DDoS - flooding a site with packets to prevent the site from successfully conducting normal business.
- SYN flood - sending a stream of random TCP SYN segments to exhaust a receiver's set of TCP connections.
- Key breaking - automatically guessing a decryption key or a password to gain unauthorized access to data
- Port Scanning - attempting to connect to each possible protocol port on a host to find a vulnerability.
- Packet interception - removing a packet from the Internet which allows substitution and man-in-the-middle attacks.
- Devising a network security policy can be complex because a rational policy requires an organization to relate network and computer security to human behavior and to assess the value of information.
- Authorization policies are meaningless without authentication mechanisms that can unambiguously verify the identity of a requester.
- Security Technologies
- Hashing - Data Integrity
- Encryption - Privacy
- Digital Signatures - Message authentication
- Digital Certificates - Sender authentication
- Firewalls - Site integrity
- Uses packet filtering to prevent unwanted communication.
- Intrusion Detection Systems - Site integrity
- Deep Packet Inspection and Content Scanning - Site integrity
- Since they examine packet payloads which are much larger than packet headers and not organized into fixed fields, Deep Packet Inspection mechanisms are limited to lower-speed networks.
- Virtual Private Networks - Data privacy
- Can be implemented with a stand alone device or using VPN software.
- Three options for encryption:
- Payload encryption (leaves header unencrypted)
- IP-in-IP tunneling
- Encypts all fields in the original datagram.
- IP-in-TCP tunneling
- TCP provides for reliable delivery, but head-of-line blocking can cause delays.
- VPN Tunneling Performance
- Latency
- Throughput
- Overhead and Fragmentation
- Additional Security Technologies
- Pretty Good Privacy (PGP) - cryptographic system that applications can use to encrypt data before transmission.
- Secure Shell (SSH) - application layer protocol for remote login that guarantees confidentiality by encrypting data before transmission across Internet.
- Secure Socket Layer (SSL) - fits between application and socket API and encrypts data before transmission across Internet. Used in safe financial transactions online.
- Transport Layer Security (TLS) - designed as a successor to SSL.
- HTTP Security (HTTPS) - combines HTTP with either SSL or TLS and a certificate mechanism to provide users with authenticated, confidential communication over the web.
- IP Security (IPsec) - security standard used with IP datagrams
- Remote Authentication Dial-In User Service (RADIUS) - service used to provide centralized authentication, authorization and accounting. Popular with dial-up ISPs and VPN systems for remote users.
- Wired Equivalent Privacy (WEP) - originally part of the Wi-Fi wireless LAN standard, has been shown to have security weaknesses. Wi-Fi Protected Access (WPA) developed as a replacement.
Chapter 31: Network Management (SNMP)
- Although network hardware and protocol software contain mechanisms to automatically route around failures or retransmit lost packets, network managers need to detect and correct underlying problems.
- FCAPS Model
- Industry standard characterizes the scope of network management:
- F - Fault Detection and Correction
- C - Configuration and Operation
- A - Accounting and Billing
- P - Performance Assessment and Optimization
- S - Security Assurance and Protection
- Element Management System
- As it only permits a manager to configure, monitor and control one network element at a time, an element management system is labor intensive and prone to errors.
- Network Management Tools
- A large variety of tools exist that help a manager configure, measure, diagnose and analyze networks. These include:
- Physical Layer Testing
- Reachability and Connectivity
- Packet Analysis
- Network Discovery
- Device Interrogation
- Event Monitoring
- Performance Monitoring
- Flow Analysis
- Routing and Traffic Engineering
- Configuration
- Security Enforcement
- Network Planning
- Simple Network Management Protocol (SNMP)
- Uses the fetch-store paradigm for interaction between a manager and an agent. A manager fetches values to determine the device status; operations that control the device are defined as the side-effects of storing into objects.
- Management Information Base (MIB)
- Although ASN.1 does not provide a mechanism for indexing, MIB variables can correspond to tables or arrays. To emulate a table or an array with an ASN.1 variable, the index for an entry is encoded by appending it to the variable name; when agent software encounters a name that corresponds to a table, the software extracts and uses the index information to select the correct table entry.
Chapter 32: Trends in Networking Technologies and Uses
- A variety of technologies have been devised to allow Internet services to scale; although approaches differ widely, each is useful in some cases.
- Content Caching
- Web Load Balancers
- Server Virtualization
- Peer-to-Peer Communication
- Distributed Data Centers and Replication
- Universal Representation (XML)
- Social Networking
- Mobility and Wireless Networking
- Digital Video
- Multicast Delivery
- Higher-Speed Access and Switching
- Optical Switching
- Use of Networking in Business
- Sensors at Large and in the Home
- Ad Hoc Networks
- Multicore CPUs and Network Processors
- IPv6
No comments:
Post a Comment