Internetwork Programming ECE 4110
Popular in Course
Popular in ELECTRICAL AND COMPUTER ENGINEERING
This 0 page Class Notes was uploaded by Cassidy Effertz on Monday November 2, 2015. The Class Notes belongs to ECE 4110 at Georgia Institute of Technology - Main Campus taught by Staff in Fall. Since its upload, it has received 13 views. For similar materials see /class/233919/ece-4110-georgia-institute-of-technology-main-campus in ELECTRICAL AND COMPUTER ENGINEERING at Georgia Institute of Technology - Main Campus.
Reviews for Internetwork Programming
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 11/02/15
ECE 4110 Congestion amp ECN Stevens Chapter 211 218 RTT estimate RTTnew aRTTold 1aRTTpkt Enhanced scheme Van Jacobson 1988 Uses enhanced measurement Accounts for average plus variance RTTpkt often measured at 500ms precision Round Trip Timeout RTO RTO Avg 4Deviation Initialized to Avg 0 Deviation 6 seconds Retransmit after 2XRTO And again at 4XRTO And again at 8XRTO And so on doubling multiplier each time Until receiving an ack Slow Start Recall Slow Start Uses congestion window CWND Measured in bytes Incremented in segment size MSS CWND initialized to one MSS Grows by MSS for each packet that is received and acknowledged before RTO Exponential growth Attempting to approximate CWND Delay X Bandwidth Indication of Lost packet C 0N GEST I 0N Note that not every successfully sent packet is ack d If 4 packets sent ie CWND gt 4 M88 and they are all received then the receiver rnay acknowledge only the last packet Therefore packet is lost if 1 RTO timeout occurs this could be a lost ack also but is treated as lost packet 2 A duplicate ack previously sent packet is received gt ltCongestion Avoidanceilt When a lost packet is detected Set SSTHRESH 12 min CWND RCVRWin New variable SSTHRESH is Slow Start Threshold If lost packet is due to timeout set CWND MSS Growing CWND on successful packet ack 0 Previously add MSS to CWND for every successful packet If CWNDltSSTHRESH add MSS Slow Start If CWNDgtSSTHRESH add lCWND Congestion Avoidance Note that congestion avoidance is linear growth slow start is W growth Fast Retransmit amp Fast Recovery More modi cations proposed 1990 VJ duplicate acks Indicates a packet was lost but later packets arrived CWND gtgtMSS OR packets were reordered along the way Receiver must ack immediately for incorrect packet cannot delay If three or more duplicate acks received Mild congestion one packet was lost others owing Don t overreact 0 Set SSTHRESH 12 CWND Retransmit the missing packet 0 Set CWND SSTHRESH 3 segments Add one segment to CWND for any more duplicate acks 0 On next nonduplicate ack set CWND SSTHRESH from above Continue with normal CWNDgtSSTHRESH congestion avoidance Network Implications Fairness In Internet backbonez congestion occurs when a large number of hosts exceed the link capacity Verses nding modem speed in a single user perspective Each active sender dynamically seeks to achieve the same level of packet loss More loss gt slower throughput Less loss gt faster throughput Extensions amp Tricks 0 Problems with synchronization What if queue lls up and drops many packets at the same time 0 Causes all TCP connections to slow down at the same time 0 Network is suddenly underutilized 0 Solution try to throw away a few packets before queues are completely full In special cases Can slow one application down by throwing away its packets more often Same as giving one application more queue space or more priority Explicit Congestion Noti cation 3 httpwwwieyforgrfcU c3168lxt Instead of dropping a packet set a congestion bit in the packet header 1 Negotiate ECN capable senderreceiver Use bit pair in IP header NOT TCP header Set bit pair to 10 or 01 to indication ECN capable Leave at 00 for not ecn capable 2 Queues set congestion bit pair to 11 when consistently near full This is a noti cation to the receiver that the sendergt receiver link was full 3 Receiver sets new bit from RESERVED eld in TCP header receiver tells sender called ECNEcho ECE 4 Sender reacts to ECE bit in ack packet as if a packet was lost congestion avoidance without resending 5 Sender replies with TCP RESERVED eld CWR bit to let receiver know that it is responding to congestion ECE 4110 Security Many types of security issues 1e password aging amp length etc Network Security Physical security of network ie vandalism Data securityprivacy con dentiality ie credit card info Allowed Users amp Uses Firewalls Denial of service Data Security Wiretap ie tcpdump Read Passwords telnetrlogin Credit card information web Email private data File transfers Requires Access to network path between Src amp Dest A Linux box or similar cheap Copper Wireless FiberOptic can all be covertly wiretapped Separate Encryption Concept Encrypt things before sending Programs to encrypt data Crypt DES pkzip passwords etc Problem How to securely transfer key Solution Public Key cryptography ie PGP Uses computationally dif cult publicgtprivate key Easier to nd X2 than sqrtX Subject to brute force exhaustive search Longer key means longer search Build Encryption into Application Example Https secure http in web browser Email extensions Secure Shell Log in that uses public key Can act as tunneling for other applications Tunneling 1P payload can be another packet More overhead Less data smaller MTU Encryption security Bypass Firewalls Special private addresses Unroutable protocols Multicast Netbios Appletalk etc Replay Attack Don t care about the content just the result Ie dispense 100 from John Doe s account at an ATM machine Sequence numbers date stamps etc to secure Denial of Service Creating a situation Where other users can not access normally expected services Network Traf c overload Server overload Legitimate or via software glitches Firewalls Stateless Examine each packet independently and allow or block based on information in packet Sorne protocols ie H323 Videoconferencing are dif cult to use w stateless rewalls since a startup connection socket is used to negotiate port values for further sockets Statefull Maintain history of packets sources destinations users andor applications Stateless rewall Often implemented by routers simple security programs Typically examine 1 Protocol IP IGMP UDP TCP 2 Source address port 3 destination address port 4 TCP ags This can differentiate an ongoing connection from a startup connection Cisco Accesslists Stateless rewall Syntax Access list xxxx ltpermitdenygt ltipudptcpgt ltsrcgt ltsrc netmaskgt ltsrc portsgt ltdestgt ltdest netmaskgt ltdest portsgt ltestablishedgt 0 Multiple lines evaluated in order 0 Find m match of Src Addr Src Port Dest Addr Dest Port ltestablishedgt o If permit forward packet if deny discard packet o If no match deny packet Access list can be incoming or outgoing on any interface Ports can be a range or can use a name for most services Addresses can be Any ECE 4110 Monday NOV 18th Ping Traceroute Ping ICMP based Echo request Echo reply Traceroute Uses TTL on a bogus UDP packet TTL decremented by each router When TTL reaches zero packet is deleted ICMP message TTL expired sent to source 0 Source sends packet with TTL 0123 Notes the source of the ICMP message Reading TCPIP Illustrated chptrs 67 Next lab 1 Sites Hemisphere gtrepgatech edu Eaglecscgatechedu Your pick 2 sites outside of Georgia Traceroute to each site Draw a single map with all four sites Ping Record route Statistics on 100 pings lost minavgmaX latency Same statistics with packet size 50010001500 One packet per second Formal Assignment on Wednesday linuX server Will include DNS queries Who am I Finding your IP address Useful for Outof thebox autocon guration Diskless devices Portables mobile RARP Reversearp Broadcast your media ethernet address Server replies unicast with IP address RARP Uses ARP packet format not an IP packet Limitations Only responds with IP address Unknown Netmask Gatewayrouter DNS server Bootp UDP protocol Server port 67 Client port 68 not ephemeral Reply provides Client IP address Bootp server address Boot le name diskless clients etc Options essentially other information from server 0 Netmask Timeof Day Routers Timer servers DNS servers Hostname printer server etc Bootp limitations Hardware Ethernet address MUST be pre oon gured into server OnetoOne Ethernetltgt IP address correlation Cannot temporarily assign an IP address Dynamic Host Con guration Protocol DHCP Very similar to bootp Same ports Very similar packet DHCP server can answer a bootp request Adds idea of address lease Address is only good for limited time Client can request a renewal of lease Client hardware address not strictly required to obtain lease administrator can require this Can have statically assigned reserved addresses