Tuesday, April 24, 2012

Part V: Other Aspects of Computer Networking



Chapter 28: Network Performance (QoS and DiffServ)

  • Measures of Performance
    • Latency (delay) - the time required to transfer data across a network
      • Propagation delay - time required for a signal to travel across a transmission medium
      • Access delay - time needed to obtain access to a transmission medium
      • Switching delay - time required to forward a packet
      • Queuing delay - time a packet spends in the memory of a switch or router waiting to be selected for transmission
        • These account for most delays on the Internet
      • Server delay - time required for a server to respond to a request and send a response
    • Throughput (capacity) - the amount of data that can be transferred per unit time
      • Several ways to measure:
        • Capacity of a single channel
        • Aggregate capacity of all channels
        • Theoretical capacity of the underlying hardware
        • Effective data rate achieved by an application (goodput)
          • Most significant for users
          • Some network capacity is not available to user data because protocols:
            • Send packet headers, trailers, and control information
            • Impose a limit on the window size (receive buffer)
            • Use protocols to resolve names and addresses
            • Use a handshake to initiate and terminate communication
            • Reduce the transmission rate when congestion is detected
            • Retransmit lost packets
      • You can always buy more throughput, , but you cannot buy lower delays.
    • Jitter (variability) - the changes in delay that occur and the duration of the changes
      • Two general approaches to handling jitter:
        • Design an isochronous network with no jitter
          • Telephone systems use this approach to guarantee delay along all paths is the same.
        • Use a protocol that compensates for jitter
          • Video and voice over Internet take this approach
          • Much less expensive than isochronous network
          • About to reduce the impact of jitter, but if variance in delay is too large the output will still be affected.
  • The Relationship Between Delay and Throughput
    • Utilization as a Measure of Delay
      • Throughput and delay are not completely independent. As traffic in a computer network increases, delays increase.
        • A network that operates at close to 100% of its throughput capacity experiences severe delay
          • Network should not be operated above 90% of capacity.
        • Effective delay = (Delay when network idle) / (1 - %Network utilization)
    • Delay-Throughput Product
      • Bits present in a network = D x T
        • Measures the volume of data that can be present on the network. 
        • A network with throughput T and delay D can have a total of T x D bits in transit at any time.
  • Active Measurement of Delay, Throughput and Jitter
    • To assess throughput, a sender transfers a large volume of data and a receiver records the time from start of data arriving until all data has arrived, and calculates the amount of data sent per unit time.
    • "Packet train" is used to measure jitter
      • A sender emits a series of packets with a small, fixed delay between packets. The receiver records the time at which each packet arrives and uses the sequence of times to compute differences in delay.
    • Delay measurement requires that two hosts have synchronized clocks. (Over a short distance these clocks must be extremely accurate).
      • Can also measure the round trip time and divide by two using a tool such as Ping.
        • However delay along a path from A to B can differ substantially from the delay along a path from B to A. So the half-roundtrip measure may not be accurate.
    • Measuring network performance can be surprisingly difficult because:
      • Routes are asymmetric
      • Conditions change rapidly
      • Measurement can affect performance
      • Traffic is bursty
        • Aggregate data traffic is also bursty.
  • Passive Measurement, Small Packets and NetFlow
    • Passive measurement monitors a network and counts packets, but does not inject additional traffic.
    • To assess link utilization, an ISP measures the total data transferred over a link per unit time; to assess the impact on a router or switch, an ISP measures the number of packets transferred per unit time.
    • Fine-Grain and Coarse-Grain QoS
      • Fine-Grain - a provider allows a customer to state specific QoS requirements for a given instance of communication; a customer makes a request each time a flow is created (e.g., for each TCP connection).
        • Constant Bit Rate (CBR) - data enters the flow at a fixed rate, such as data from a digitized voice call entering at exactly 64 Kbps
        • Variable Bit Rate (VBR) - data enters the flow at a variable rate within specified statistical bounds which include:
          • Sustained Bit Rate (SBR)
          • Peak Bit Rate (PBR)
          • Sustained Burst Size (SBS)
          • Peak Burst Size (PBS)
        • Available Bit Rate (ABR) - the flow agrees to use whatever data rate is available at a given time
        • Unspecified Bit Rate (UBR) - no bit rate is specified for the flow; the application is satisfied with best-effort service
        • Despite many years of research and standards work, the fine-grain approach to QoS has been relegated to a few special cases.
      • Coarse-Grain - a provider specifies a few broad classes of service that are each suitable for one type of traffic; a customer must fit all traffic into the classes.
        • Course-Grain is the most commonly used.
  • Quality of Service (QoS)
    • Network provisioning allows networks to be designed to provide a specific level of service.
    • A switch or router implements QoS with four steps:
      • Classification and Policing
        • Assigns traffic flow identifier that indicates a traffic class, then the router polices the parameters for the flow of that class. 
      • Forwarding Computation
      • Output Queuing
        • Most implementations create a set of queues for each output port. Flow identifier used to queue the packet.
      • Traffic Scheduling
        • Selects a packet to send whenever the port is idle.
        • No algorithm for traffic scheduling is perfect:
          • Leafy Bucket - allows a queue to send packets at a fixed rate by incrementing the packet counter periodically and using the counter to control transmission.
          • Token Bucket - allows a queue to send data at a fixed rate by incrementing a byte counter periodically and using the counter to control transmission.
          • Weighted Round Robin - selects packets from a set of queues according to a set of weights that divide the capacity into fixed percentages, assuming a uniform packet size.
          • Deficit Round Robin - a variant of the round-robin approach that accounts for bytes sent rather than packets transferred, and allows a temporary deficit caused by a large packet.
    • Internet QoS Technologies
      • Resource Reservation Protocol (RSVP)
      • Common Open Policy (COPS)
      • Differentiated Services (DiffServ)
      • Multiprotocol Label Switching (MPLS)



Chapter 29: Multimedia and IP Telephony (VoIP)

  • Unlike conventional transport protocols, a protocol that transfers real-time data only handles the problem of jitter, and does not retransmit lost packets.
  • To overcome jitter and achieve smooth playback of real-time data, two techniques are employed:
    • Timestamps - a sender provides a timestamp for each piece of data, the receiver uses the timestamps to handle out-of-order packets and to display the data in the correct time sequence.
    • Jitter Buffer - a buffer receives data and delays playback.
  • Real-time Transport Protocol (RTP)
    • RTP sits above the transport layer (transfer protocol)
    • Provides three pieces of data in each packet that permit the receiver to implement a jitter buffer:
      • A sequence number that allows the receiver to place incoming packets in the correct order and to detect missing packets.
      • A timestamp that allows the receiver to play the data in the packet at the correct timein the multimedia stream.
      • A series of source identifiers that allow the receiver to know the source(s) of the data.
    • RTP Encapsulation
      • RTP uses UDP for message transport
        • Frame(IP(UDP(RTP()))) 
  • IP Telephony
    • Routers cost much less than traditional telephone switches, this is driving a replacement trend.
    • Most significant complications arise from desire to be backward compatible with existing Public Switched Telephone Network (PSTN)
    • Signaling and VoIP Standards
      • Audio is encoded with Pulse Code Modulation (PCM)
      • RTP is used to transfer the digitized audio
      • The processes of call setup and termination are known as signaling; multiple signaling protocols have been proposed for use with IP telephony.
    • Components of an IP Telephone System
      • IP Telephone - operates like a conventional telephone, but uses IP to send digitized voice
      • Media Gateway Controller - provides control and coordination between IP telephones for services such as call setup, call termination, and call forwarding.
      • Media Gateway - provides a connection between two networks that use different encodings, and translates as a call passes between them.
      • Signaling Gateway - connects to two networks that use different signaling mechanisms, and translates call management requests and responses.
    • Session Initiation Protocol (SIP) Terminology and Concepts
      • SIP minimizes that need for additional protocols by using existing protocols wherever possible.
      • Operates on the application layer
      • Encompasses all aspects of signaling
      • Provides services such as call forwarding
      • Relies on multicast for conference calls
      • Allows two sides to negotiate capabilities and choose the media and parameters to be used.
      • Defines six basic message types (methods):
        • Invite - session creation, an endpoint is invited to participate in the session
        • Ack - acknowledgement response to invite
        • Bye - session termination, call is ended.
        • Cancel - pending request cancellation
        • Register - registration of the user's location
        • Options - query to determine capabilities of called party
      • SIP defines three new elements that constitute a signaling system:
        • User agent - device that makes a terminates phone calls.
        • Location server - DB of information about each user (IP address, subscribed services, preferences)
        • Support servers:
          • Proxy - can forward requests from user agents to another location; handle routing and policy enforcement
          • Redirect - handles tasks such as call forwarding, 800-number connections
          • Registrar - receives registration requests and updates the DB that location servers consult
    • H.323 Characteristics
      • Handles all aspects of a digital telephone call
      • Includes signaling to set up and manage the call
      • Allows the transmission of video and data while a call is in progress
      • Sends binary messages that are defined by ASN.1 and encoded using Basic Encoding Rules (BER)
      • Incorporates protocols for security
      • Uses special hardware (Multipoint Control Unit) to support conference calls
      • Defines servers to handle tasks such as address resolution, authentication, authorization, accounting and features.
  • Telephone Number Mapping and Routing
    • E.164 Numbers (ENUM)
      • Solves the problem of converting an E.164 phone number into a Uniform Resource Identifier (URI)
      • Uses the Domain Name System to store the mapping
    • Telephone Routing over IP (TRIP)
      • Solves the problem of finding a user in an integrated network
      • A location server or other network element can use TRIP to advertise routes.
      • Divides the world into IP Telephone Administrative Domains (ITADs)



Chapter 30: Network Security

  • Major security problems on the Internet
    • Phishing - masquerading as a well-known site to obtain a user's personal information
    • Misrepresentation - making false or exaggerated claims about goods or services, or delivering fake or inferior products
    • Scams - various forms of trickery intended to deceive naive users into investing money or abetting a crime
    • Denial of Service - intentionally blocking a particular internet site to prevent or hinder business activities and commerce.
    • Loss of Control - an intruder gains control of a computer system and uses the system to perpetrate a crime
    • Loss of Data - loss of intellectual property or other valuable proprietary business information.
  • Techniques Used in Security Attacks
    • Wiretapping - making a copy of packets as they traverse a network to obtain information
    • Replay - sending packets captured from a previous session
    • Buffer overflow - sending more data than a receiver expects in order to store values in variables beyond the buffer.
    • Address spoofing - faking the IP source address in a packet to trick a receiver into processing the packet
    • Name spoofing - using a misspelling of a well-known name or poisoning a name server with an incorrect binding
    • DoS and DDoS - flooding a site with packets to prevent the site from successfully conducting normal business.
    • SYN flood - sending a stream of random TCP SYN segments to exhaust a receiver's set of TCP connections.
    • Key breaking - automatically guessing a decryption key or a password to gain unauthorized access to data
    • Port Scanning - attempting to connect to each possible protocol port on a host to find a vulnerability.
    • Packet interception - removing a packet from the Internet which allows substitution and man-in-the-middle attacks.
  • Devising a network security policy can be complex because a rational policy requires an organization to relate network and computer security to human behavior and to assess the value of information.
  • Authorization policies are meaningless without authentication mechanisms that can unambiguously verify the identity of a requester.
  • Security Technologies
    • Hashing - Data Integrity
    • Encryption - Privacy
    • Digital Signatures - Message authentication
    • Digital Certificates - Sender authentication
    • Firewalls - Site integrity
      • Uses packet filtering to prevent unwanted communication.
    • Intrusion Detection Systems - Site integrity
    • Deep Packet Inspection and Content Scanning - Site integrity
      • Since they examine packet payloads which are much larger than packet headers and not organized into fixed fields, Deep Packet Inspection mechanisms are limited to lower-speed networks.
    • Virtual Private Networks - Data privacy
      • Can be implemented with a stand alone device or using VPN software.
      • Three options for encryption:
        • Payload encryption (leaves header unencrypted)
        • IP-in-IP tunneling
          • Encypts all fields in the original datagram.
        • IP-in-TCP tunneling
          • TCP provides for reliable delivery, but head-of-line blocking can cause delays.
      • VPN Tunneling Performance
        • Latency
        • Throughput
        • Overhead and Fragmentation
  • Additional Security Technologies
    • Pretty Good Privacy (PGP) - cryptographic system that applications can use to encrypt data before transmission.
    • Secure Shell (SSH) - application layer protocol for remote login that guarantees confidentiality by encrypting data before transmission across Internet.
    • Secure Socket Layer (SSL) - fits between application and socket API and encrypts data before transmission across Internet. Used in safe financial transactions online.
    • Transport Layer Security (TLS) - designed as a successor to SSL.
    • HTTP Security (HTTPS) - combines HTTP with either SSL or TLS and a certificate mechanism to provide users with authenticated, confidential communication over the web.
    • IP Security (IPsec) - security standard used with IP datagrams
    • Remote Authentication Dial-In User Service (RADIUS) - service used to provide centralized authentication, authorization and accounting. Popular with dial-up ISPs and VPN systems for remote users.
    • Wired Equivalent Privacy (WEP) - originally part of the Wi-Fi wireless LAN standard, has been shown to have security weaknesses. Wi-Fi Protected Access (WPA) developed as a replacement.



Chapter 31: Network Management (SNMP)

  • Although network hardware and protocol software contain mechanisms to automatically route around failures or retransmit lost packets, network managers need to detect and correct underlying problems.
  • FCAPS Model
    • Industry standard characterizes the scope of network management:
      • F - Fault Detection and Correction
      • C - Configuration and Operation
      • A - Accounting and Billing
      • P - Performance Assessment and Optimization
      • S - Security Assurance and Protection
  • Element Management System
    • As it only permits a manager to configure, monitor and control one network element at a time, an element management system is labor intensive and prone to errors.
  • Network Management Tools
    • A large variety of tools exist that help a manager configure, measure, diagnose and analyze networks. These include:
      • Physical Layer Testing
      • Reachability and Connectivity
      • Packet Analysis
      • Network Discovery
      • Device Interrogation
      • Event Monitoring
      • Performance Monitoring
      • Flow Analysis
      • Routing and Traffic Engineering
      • Configuration
      • Security Enforcement
      • Network Planning
  • Simple Network Management Protocol (SNMP)
    • Uses the fetch-store paradigm for interaction between a manager and an agent. A manager fetches values to determine the device status; operations that control the device are defined as the side-effects of storing into objects.
    • Management Information Base (MIB)
      • Although ASN.1 does not provide a mechanism for indexing, MIB variables can correspond to tables or arrays. To emulate a table or an array with an ASN.1 variable, the index for an entry is encoded by appending it to the variable name; when agent software encounters a name that corresponds to a table, the software extracts and uses the index information to select the correct table entry.



Chapter 32: Trends in Networking Technologies and Uses

  • A variety of technologies have been devised to allow Internet services to scale; although approaches differ widely, each is useful in some cases.
    • Content Caching
    • Web Load Balancers
    • Server Virtualization
    • Peer-to-Peer Communication
    • Distributed Data Centers and Replication
    • Universal Representation (XML)
    • Social Networking
    • Mobility and Wireless Networking
    • Digital Video
    • Multicast Delivery
    • Higher-Speed Access and Switching
    • Optical Switching
    • Use of Networking in Business
    • Sensors at Large and in the Home
    • Ad Hoc Networks
    • Multicore CPUs and Network Processors
    • IPv6

No comments:

Post a Comment