CAN201_Review
Outline
Critical points
1. Network performance: RTT, delay …
2. Protocols:
- HTTP, Email, Video streaming, FTP …
- DNS
- UDP, TCP, 3-way handshake, 4-way goodbye
- IP, TCP (4-tuple)
- How to check and correct errors? Differences? (Checksum, CRC …)
3. Application Layer Architecture
- C/S, P2P or ?
4. How to connect LANs using routers? How to send a datagram crossing different LANS?
5. Routing algorithms
6. Symmetric and asymmetric key encryption, RSA
7. Public key certification
WordList
Connect to internet
- Create a DHCP request message
- Put it in a UDP segment (source port 68, distination port 67)
- UDP segment is then placed within an IP datagram (broadcast IP dest addr (255.*4))
- IP datagram is then placed in an Ethernet frame (dest MAC addr FF*6;soure MAC is Bob’s) and boardcast on LAN
- Received at router running DHCP servie
- IP datagram is extracted from the Ethernet frame, the datagrame’s payload is demuxed to UDP segment, DHCP request message is extracted from UDP segment
- Now, DHCP server has the DHCP request msg
- DHCP server creates a DHCP ACK message
this IP addr, IP addr of DNS server, IP of default gateway router, subnet block
- DHCP --> UDP --> IP --> Ethernet frame
- DHCP ACK is sent by the router to the switch. Because of self-learning,… (fowward a frame with MAC… through the port leading to Bob)
- Bob received DHCP ACK
- Its IP, DNS IP, default gateway into IP forwarding table
- DNS query (UDP --> IP --> Ethernet) (need MAC of the gateway router)
- ARP query (dest IP: the gateway’s), boardcast FF*6
- Switch send the frame to all connected devices
- The gateway router received ARP query
- ARP reply
- …
- TCP socket
- TCP SYN segment; web server responds with TCP SYNACK; TCP connection established.
- HTTP request and reply.
fragment 切片
MAC address 48bits
ipv4 address 32bits
ipv6 address 128bits
[P34]
Application - Message
FTP; SMTP; HTTP
(presentation/session ISO/OSI)
Transport - Segment
TCP;UDP
Network - Datagram
IP;routing protocols
Link - Frame
Ethernet;802.111(wifi),PPP
Physical - Bit (Signal)
on the wire
1
1
−
x
=
∑
n
=
0
∞
x
n
\frac{1}{1-x}=\sum_{n=0}^{\infty}x^n
1−x1=∑n=0∞xn
1
(
1
−
x
)
2
=
∑
n
=
1
∞
n
x
n
−
1
\frac{1}{(1-x)^2}=\sum_{n=1}^{\infty}nx^{n-1}
(1−x)21=∑n=1∞nxn−1
1
B
y
t
e
=
8
b
i
t
s
1Byte=8bits
1Byte=8bits
b
p
s
bps
bps (
b
i
t
/
s
bit/s
bit/s) 比特率
1
k
b
p
s
=
1
0
3
b
p
s
1kbps=10^3bps
1kbps=103bps
1
M
b
p
s
=
1
0
6
b
p
s
1Mbps=10^6bps
1Mbps=106bps
1
G
b
p
s
=
1
0
9
b
p
s
1Gbps=10^9bps
1Gbps=109bps
1
k
=
1000
1k=1000
1k=1000
1
K
=
1024
1K=1024
1K=1024
proc: nodal processing delay 节点处理时延
queue queueing delay 排队时延
trans: transmission delay 传输时延
prop: propagation delay 传播时延
RTT(Round trip time)
traffic intensity [p27]
throughput 吞吐量 [p30]
Server
Always on host
Permanent IP address
High performance/ Distributing computing
Client
Link to server
Dynamic IP
Do not communicate directly with others
intermittently间断 connected
P2P
No always-on server
Self scalability拓展: new peer new seivice capacity new demands
intermittently connected
Dynamic IP
IP
32-bit IPv4/ 128-bit IPv6
Transport service requirements [p59]
Data integrity
Throughput
Timing
Security
Why Email runs on tcp?
TCP is more reliable than UDP (connected-oriented)
In TCP data can be received without any gaps in a correct order
UDP sends only the datagram
The packet loss or failures during the transmission cannot be decided in UDP
TCP
Data be received in the correct order
Reliable transport
Flow controlRcvBuffer
rwnd: receive window 发送方维护接收窗口(free buffer)Congestion control
cwnd (congestion window)
triple duplicate ACK
Dose not offer: timing; minimum throughput guarantee; security
Connection-oriented [p152] point-tp-point
full duplex 全双工
cumulative acknowledgment
SampleRTT: time from segment transmission until ACK receipt [p157]
Fast retransmit:
sender receives 3 ACKs for same data (timeout period too long)3-way handshake[p166]
Step1: SYN=1, seq=x
Step2: SYN=1, seq=y, ACK=x+1 [SYNACK] (允许连接 connection granted)
Step3: SYN=0, seq=x+1, ACK=y+14-way goodbye[p167]
Step1: --> Fin=1, seq=x
Step2: <-- ACKbit=1, ACKnum=x+1
Step3: <-- Fin=1, seq=y
Step4: --> ACKbit=1, ACKnum=y+1
UDP
Unreliable data transfer
rtt [p140]
2.0 ANK/NAK; Checksum
2.1 add sequence number ACK01/NCK01 (duplicate data packet)
2.2 NAK-free
3.0 countdown timer [stop-and-wait]
Pipelining 流水线
Silde window
| Sending Window(SW) | Receive Window | |
|---|---|---|
| SW=1 | RW=1 | Stop-and-wait |
| SW>1 | RW=1 | GBN(流水线) |
| SW>1 | RW>1 | SR(流水线) |
Go-Back-N
n 2 n 2^n 2n 2 n − 1 2^n-1 2n−1
Receiver only sends cumulative ack 发送已确认的ACK
Sender: timer retransmit for all
Selective-repeat
n 2 n 2^n 2n 2 ( n − 1 ) 2^{(n-1)} 2(n−1)
Receiver sends individual ack for each packet
Sender: timer retransmit for each
SSL(secure sockets layer)
Provide encrypted TCP connection
Data integrity
End-point authentication
At app layer
Security
encrypt decrypt plaintext ciphertext
- Confidentiality
message cannot be determined by an attacker. Only sender, intended receive should “understand” message contents
- Integrity
Receive can detect 检测 whether the message sent was altered in transit.
- authentication /ɔːθɛntɪˈkeɪʃ(ə)n/ 验证
sender, receiver want to confirm identity of each other
- access and availability to users
Digital signatures数字签名
Bob’s signature can can establish he is document owner/creator
Verifiale 可验证性
nonforgeable 不可伪造
Message digests 摘要
fixed-length; easy to compare; fingerprint(指纹)
Hash algorithms: MD5, SHA-1
Certification authorities (CA)
Binds public key to particular entity(实体)
Verify the identity of the key and owner
Proof that E is indeed E
certificate(证书): Digital signature signed by CA including Bob’s public key
Alice: K S ( K A − ( H ( m ) ) + m ) + K B + ( K S ) K_S(K_A^-(H(m))+m)+K_B^+(K_S) KS(KA−(H(m))+m)+KB+(KS)
Protocol ap1.0: 明文
Protocol ap2.0: ip packet spoofing(欺骗)
Protocol ap3.0-1: playback attack (encrypte don’t work)
Protocol ap4.0: R: once-in-a-lifetime; nonce(随机数) to validate Alice is live or not
Protocol ap5.0: public key
Hole: the middle attack
RSA
- Two large prime numbers: p p p, q q q
- n = p × q n=p\times q n=p×q, z = ( p − 1 ) ( q − 1 ) z=(p-1)(q-1) z=(p−1)(q−1)
- Choose e < n e<n e<n ( e e e, z z z relatively prime)
- Choose d d d such that e d − 1 ed-1 ed−1 is exactly divisable by z z z (可被整除)
- K B + = ( n , e ) K_B^+=(n,e) KB+=(n,e), K B − = ( n , d ) K_B^-=(n,d) KB−=(n,d)
- Encrypt: C = M e m o d n C=M^e \; mod\; n C=Memodn
- Decrypt: M = C d m o d n M=C^d\; mod \; n M=Cdmodn
- Summary: M = ( M e m o d n ) d m o d n M=(M^e\; mod\; n)^d\; mod \; n M=(Memodn)dmodn
| symmetric | asymmetric |
|---|---|
| a single key for both encryption and decryption | two key one to encrypt and the other one to decrypt |
| fast | encryption process is slow |
| used in large data transfer | transfer small amount of data |
| only provides confidentiality | provides confidentiality, authenticity and **non-repudiation /rɪˌpjuːdɪˈeɪʃn/**不可否认性 |
| DES;3DES;AES | RSA |
1. Network performance
1.1
1.2 HTTP [p64]
Overview:
-
Hypertext Transfer Protocol 超文本传输协议
-
Application layer protocol
-
Uses TCP[port 80]:
- Client initiates TCP connection (creates socket) to server, port 80
- Server accepts TCP connection from client
- HTTP messages (application-layer protocol messages) exchanged between browser (HTTP client) and Web server (HTTP server)
- TCP connection closed
-
Stateless:
Server maintains no information about past client requests
Cookie [p71]
4 components:
- cookie header line of HTTP response
- of request
- cookie file in user’s host
- in back-end(后端) database at Web site
Used for
Authorization
Web Caches 缓存 = proxy server 代理
计算题
Email [p75]
Three major components
Mail user agent
Mail server
SMTP (application layer; TCP)
mail access protocol
POP3; IMAP; Exchange ActiveSync
DNS [p83]
local–>root–>TLD–>authoritative
iterative
recursive 圈
- Application-layer
- C/S
- UDP (port 53)
- Distributed, hierarchical database
- Host name to IP address
- Host aliasing 别名
- Mail server aliasing 别名
- Load distribution 负载分配
- A single point of failure 单点故障
- Traffic volume
- Distant centralized database
- Maintenance 维护
1.2 Questions
[C1R11]
Suppose there is exactly one packet switch between a sending host and a receiving host. The transmission rates between the sending host and the switch and between the switch and the receiving host are
R
1
R_1
R1 and
R
2
R_2
R2, respectively. Assuming that the switch uses store-and-forward packet switching, what is the total end-to-end delay to send a packet of length
L
L
L? (Ignore queuing, propagation delay, and processing delay.)
Answer:
t
=
L
R
1
+
L
R
2
t=\frac{L}{R_1}+\frac{L}{R_2}
t=R1L+R2L
[C1R16]
Consider sending a packet from a source host to a destination host over a fixed route. List the delay components in the end-to-end delay. Which of these delays are constant and which are variable? (端到端时延的组成成分)
Answer:
Fixed: processing delays, transmission delays, propagation delays
Variable: queuing delays
[C1R18]
A user can directly connect to a server through either long-range wireless or a twisted-pair cable for transmitting a
1500
1500
1500-
b
y
t
e
s
bytes
bytes file. The transmission rates of the wireless and wired media are
2
2
2 and
100
M
b
p
s
100 Mbps
100Mbps, respectively. Assume that the propagation speed in air is
3
×
1
0
8
m
/
s
3 \times10^8m/s
3×108m/s, while the speed in the twisted pair is
2
×
1
0
8
m
/
s
2\times10^8m/s
2×108m/s. If the user is located
1
k
m
1 km
1km away from the server, what is the nodal delay when using each of the two technologies?