Transcript Chapter 12: Networking

Cosc 2150:
Computer Organization
Chapter 12:
Network Organization and Architecture
Chapter 12 Objectives
• Become familiar with the fundamentals of
network architectures.
• Learn the basic components of a local area
network.
• Become familiar with the general architecture of
the Internet.
Bandwidth
• Bit (b) = a unit of information, 0 or 1
— 10 bits can represent 1024 different messages
— 20 bits represent > 1 million
— 30 bits > 1 billion messages
• The bandwidth of a communication channel = number of bits
per second it transmits
• All channels have limited bandwidth
• One byte (B) = 8 bits (an octet)
• Transmitting 1 MB at 56K bps takes 143 sec.
• 1 GB = gigabyte takes 40 hours
— at 7Mbps 19 minutes; at 1 Gbps takes 8 seconds)
• Latency = delay from first bit transmitted to first received
Progress of Technology
• Have more disk storage
— 1971:
— 2001:
— 2008:
IMPROVEMENT: 8000 x
10 MB
80,000 MB
1,000,000 MB (1 TB)
• Higher communication speeds
1971-2001
— Human speech:
30 bits/sec
IMPROVEMENT:
— 1971 Modem
300 bits/sec
3 BILLION x
— 2001 Modem:
56,000 bits/sec
— T1 line:
1,544,000 bits/sec
— Internet 2:
1,000,000,000 bits/sec
— Nortel:
1,000,000,000,000 bits/sec in 1 fiber
(entire U.S. telephone traffic)
BANDWIDTH
APPLICATION
TECHNOLOGY
Experimental
1 terabit
All U.S. telephone conversations simultaneously
Gigabit
Ethernet
1 gigabit
Full-motion HDTV
OC12 = 622 Mb
FDDI
OC3 = 155 Mb
Virtual Reality, Medical Imaging
T3/E3
T3 = 44.7 Mb
Video Conferencing, Multimedia
DSL ~ 7 Mb
Streaming Video + Voice
T1 = 1.544 Mb
ADSL
T1/E1
ISDN
128K
Browsing, Audio
New Modem
56K
E-mail, FTP
In Kbps
19.2
Old Modem
Telnet
4.8
Wireless WAN
Paging
Human speech = 30 bps
Fiber
Copper
Early Academic and Scientific Networks
• In the 1960s, the Advanced Research Projects
Agency funded research under the auspices of the
U.S. Department of Defense.
• Computers at that time were few and costly. In
1968, the Defense Department funded an
interconnecting network to make the most of these
precious resources.
• The network, DARPANet, designed by Bolt, Beranek,
and Newman, had sufficient redundancy to
withstand the loss of a good portion of the network.
• DARPANet, later turned over to the public domain,
eventually evolved to become today’s Internet.
Some humor first
http://www.the5thwave.com/images/cartoons_computer/large/training/631lg.gif
OSI - The Model
• A layered model
• Each layer performs a subset of the required
communication functions
• Each layer relies on the next lower layer to
perform more primitive functions
• Each layer provides services to the next higher
layer
• Changes in one layer should not require
changes in other layers
OSI - The Model (2)
OSI Layers (1)
• Transmission media (Layer 0 Hardware)
— cables between two network stations
• Physical (Layer 1 Hardware)
— Physical interface between devices
–
–
–
–
Mechanical
Electrical
Functional
Procedural
• Data Link (Layer 2 Hardware)
— Means of activating, maintaining and deactivating a
reliable link
— Error detection and control
— Higher layers may assume error free transmission
— transmits and receives frames, MAC protocol belongs to
this layer
OSI Layers (2)
• Network (layer 3 Hardware)
—Transport of information
—Higher layers do not need to know about underlying
technology
—Not needed on direct links
—Most high level Network protocols are in this layer
• Transport (layer 4)
—Exchange of data between end systems
—Error free
—In sequence
—No losses
—No duplicates
—Quality of service
OSI Layers (3)
• Session (layer 5)
—Control of dialogues between applications
—Dialogue discipline
—Grouping
—Recovery
• Presentation (layer 6)
—Data formats and coding
—Data compression
—Encryption
• Application (layer 7)
—Means for applications to access OSI environment
Network Hardware Outline
• layer 0: media
—Cabling
• Layer 1: physical
—repeaters, hubs
• Layer 2: Link layer
—bridges, switches, and Collision domains
• Layer 3: Network layer
—Router, router architecture.
Layer 0: Transmission media
• 10BASE2 standard
—uses coax cable (like Cable TV wiring). component
pieces include BNC T connectors and BNC
terminators
—Segments of cable had a maximum length of 185
meters
—Why 10BASE2? standards committee rounded 185 to
200, then shorten it.
—The 10 is for 10Mbps (megabits per second)
Layer 0: Transmission media (2)
• 10BASE-T
—The T is for “twisted”, as in twisted-pair wires
—The wire is normally called Category 3 (CAT3) or
better like CAT5
—maximum length is 100 meters (328 feet),
• 10BASE-F
—F stands for Fiber, or fiber optic media
Layer 0: Transmission media (3)
• 100BASE-T
— covers the entire range of 100Mbps systems, all twisted pair and
fiber media
— 100BASE-TX, uses twisted pair cat-5 wire (100 meters max
length)
— 100BASE-FX, uses fiber.
• 1000BASE-T or Gigabit or GigE
— covers the entire range of 1000Mbps systems.
— Uses both Cat-5, Cat-5e and fiber
Layer 0: Transmission media (4)
• Multi-Gigabit Ethernet
—10 Gbps Standard and working on faster, 50 to 100
Gbps standards
—Cisco Announce 1 Zettabyte edge routers (2008)
– Fiber optic cabling.
• Cable connectors for Cat3 and Cat5
—RJ-11 4 wire modular connected. Also used in
standard telephone cables. Cat 3 wires only.
—RJ-45 8 wire connected. RJ-45 can be used to
connect 4 wire as well.
What if the max length is to short?
• The max length is where the signal degrades
past the point of usefulness
• You will need to put a piece of network
hardware.
—What do you use?
– Depends on where it is connecting to
Distance Limitations
• Copper = Cat 5 wiring
• MMF = Multimode fiber
• SMF = Single-mode fiber
Fiber Optic
• Optical fiber supports three different
transmission modes depending on the type of
fiber used.
—Single-mode fiber provides the fastest data rates over
the longest distances. It passes light at only one
wavelength, typically, 850, 1300 or 1500
nanometers.
—Multimode fiber can carry several different light
wavelengths simultaneously through a larger fiber
core.
Fiber Optic
• Multimode graded index fiber also supports
multiple wavelengths concurrently, but it does
so in a more controlled manner than regular
multimode fiber
• Unlike regular multimode fiber, light waves are
confined to the area of the optical fiber that is
suitable to propagating its particular
wavelength.
—Thus, different wavelengths concurrently transmitted
through the fiber do not interfere with each other.
High Capacity Digital Links
• When an STS signal is passed over an optical carrier
network, the signal is called OCx, where x is the
carrier speed.
• The fundamental
SDH signal is STM-1,
which conveys
signals at a rate of
155.52Mbps.
• The SONET
hierarchy along with
SDH is shown in the
table.
Ethernet
“dominant” Network/LAN technology:
• cheap $20 for 1000Mbs!
• first widely used LAN technology
• Simpler, cheaper than token LANs and ATM
• Kept up with speed race: 10, 100, 1000 Mbps
Metcalfe’s Ethernet
sketch
Ethernet Interface Card
• NIC for short.
—The piece of hardware you put into your computer to
talk to the network.
—Can be 10Mb, 100Mb, even 1Gb card now.
—10/100Mb cards run anywhere from $20 to $100+ for
pcmcia cards.
Ethernet Technologies: 10Base2
• thin coaxial cable in a bus topology
• repeaters used to connect up to multiple
segments
Repeaters
• A hardware device that connects to segments
together.
—repeater repeats bits it hears on one interface to its
other interfaces
— (Layer 1) physical layer device only!
Repeaters
• Signal attenuation is corrected by repeaters that
amplify signals in physical cabling.
• Repeaters are part of the network medium (Layer 1).
—In theory, they are dumb devices functioning entirely
without human intervention. However, some
repeaters now offer higher-level services to assist
with network management and troubleshooting.
Interconnecting LANs
Q: Why not just one big LAN?
• Limited amount of supportable traffic: on single
LAN, all stations must share bandwidth
• limited length: 802.3 specifies maximum cable
length
• large “collision domain” (can collide with many
stations)
Collision Domains
• When network devices share the same, physical
transmission media, it is more than possible
packets of data will collide
—Collision Domain
– Network Devices use CSMA/CD
+ A devices listens to see if the media is available, then it been
transmitting.
– More then possible two devices will attempt to transmit at
the same time.
+ This area is called a collision domain
Hubs
• Physical Layer devices: essentially repeaters
operating at bit levels: repeat received bits on one
interface to all other interfaces
• Hubs can be arranged in a hierarchy (or multi-tier
design), with backbone hub at its top
Hubs (more)
• Each connected LAN referred to as LAN segment
• Hubs do not isolate collision domains: node may collide
with any node residing at any segment in LAN
• Hub Advantages:
— simple, inexpensive device
— Multi-tier provides graceful degradation: portions of the LAN continue to
operate if one hub malfunctions
— extends maximum distance between node pairs (100m per Hub)
— can connect different Ethernet types (e.g., 10BaseT and 100baseT)
Hub limitations
• single collision domain results in no increase in max
throughput
—multi-tier throughput same as single segment
throughput
• individual LAN restrictions pose limits on number of
nodes in same collision domain and on total allowed
geographical coverage
Bridges
• ( Layer 2 ) Link Layer devices: operate on
Ethernet frames, examining frame header and
selectively forwarding frame based on its
destination
• Bridge isolates collision domains since it buffers
frames
• When frame is to be forwarded on segment,
bridge uses CSMA/CD to access segment and
transmit
Bridges (more)
• Bridge advantages:
— Isolates collision domains resulting in higher total max
throughput, and does not limit the number of nodes nor
geographical coverage
— Transparent: no need for any change to hosts LAN adapters
• bridges filter packets
— same-LAN -segment frames not forwarded onto other LAN
segments
• forwarding:
— how to know which LAN segment on which to forward frame?
— looks like a routing problem
Backbone Bridge
Ethernet Switches
• layer 2 forwarding, filtering
using LAN addresses
• Switching: A-to-B and A’-to-B’
simultaneously, no collisions
• large number of interfaces
• often: individual hosts, starconnected into switch
—Ethernet, but no collisions!
Ethernet Switches
• Store and forward: frame is completely
received, and then sent.
• cut-through switching: frame forwarded from
input to output port without awaiting for
assembly of entire frame
—slight reduction in latency
—Does not isolate collision domains.
• combinations of shared/dedicated, 10/100/1000
Mbps interfaces
Full & Half Duplex
• Full Duplex:
— Communication that takes place simultaneously, in both
directions, between sender and receiver.
— No collisions possible in full duplex mode.
— Available on switches, double the speed, 100Mbps line can pass
200Mbps at a time.
• Half Duplex:
— two-way communication occurring in only one direction at a
time. Standard communication method. Line speeds are rated
at half duplex speed.
Auto sensing networking devices
• Most networking devices auto sense whether they can
talk 10Mb, 100Mb, and 1Gb.
• Simple for configuration, plug it in, let the computer and
hub/switch figure it out.
• Does not take into account transmission media
• 2 devices that can “speak” at 100Mbps on cat 3
(10Mbps) will attempt to use 100Mbps.
Routers
•Function at layer 3,
network layer.
•Able to route
based on IP,
instead of MAC
•See previous
lecture for
routing.
NORTEL
3COM
CISCO
WWF Bridges vs. Routers
• both store-and-forward devices
— routers: network layer devices (examine network layer
headers)
— bridges are Link Layer devices
• routers maintain routing tables, implement routing
algorithms
• bridges maintain filtering tables, implement filtering,
learning and spanning tree algorithms
network routers
• A router is a device that operates at network
layer or layer 3.
• Routers actually looks at the message and
determine what to do with it.
• For broadcast traffic, it drops the message
• It allows you to design more complex networks
with multiple network protocols.
• It also routes between multiple IP domains
network routers
• Routers are complex devices because they contain
buffers, switching logic, memory, and processing
power to calculate the best way to send a packet to its
destination.
Routing Using Subnets
Routers vs. Bridges
Bridges + and + Bridge operation is simpler requiring less processing
bandwidth
- Topologies are restricted with bridges: a spanning tree
must be built to avoid cycles
- Bridges do not offer protection from broadcast storms
(endless broadcasting by a host will be forwarded by a
bridge)
Routers vs. Bridges
Routers + and + arbitrary topologies can be supported, cycling is limited by TTL
counters (and good routing protocols)
+ provide firewall protection against broadcast storms
- require IP address configuration (not plug and play)
- require higher processing bandwidth
• bridges do well in small (a hundred hosts) while routers
used in large networks (thousands of hosts)
IEEE 802.11 Wireless LAN
• wireless LANs: untethered (often mobile) networking
• IEEE 802.11 standard:
— MAC protocol
— unlicensed frequency spectrum: 900Mhz, 2.4Ghz
• Basic Service Set (BSS) (a.k.a.
“cell”) contains:
— wireless hosts
— access point (AP): base
station
• BSS’s combined to form
distribution system (DS)
Ad Hoc Networks
• Ad hoc network: IEEE 802.11 stations can dynamically form
network without AP
• Applications:
—“laptop” meeting in conference room, car
— interconnection of “personal” devices
— battlefield
• IETF MANET
(Mobile Ad hoc Networks)
working group
LANs and WANs
• Local Area Networks (LAN)
— A set of computer connected in a geographically close network,
such as in the same building, campus or office building.
• Wide Area Networks (WAN)
— A computer network that uses long-range telecommunications
links to connect the networked computers over long distances.
• The line between two is blurry, since LANs can cover
geography then some WANs
Network Firewalls
• Definition: A system that can not be broken in to.
— Monitors traffic and "protects" the computers behind it.
– Configure so that only certain inbound and outbound ports are
"open"
+ Blocking port 6000, means that nothing can remotely connect to that
port
– Configure so that IP are not allowed "through" the firewall
(inbound, outbound, or both)
— Firewalls are a layer 4 device, because it works on Port numbers
as well as IP number, and even MAC addresses.
Network Firewalls (2)
• Packet Filtering
— block certain types of packets, such only allowing TCP packets
to port 25, but block UDP packets.
— Blocking all ICMP packets
— Allowing only ssh packets.
• Also can provide "Zones" of security
— unrestricted access from/to internet, protected zones (called
DMZs) from/to the internet, and no access zone from/to
internet.
– Or other section of the local network.
NAT
• Network Address Translation
—The internal computers have a 10.x.x.x IP numbers
—When a computer wants to access the internet, the
NAT receives the packet, changes the IP to it's, then
sends to the internet. On response, the NAT
forwards it onto the computer again.
—Since the NAT is acting as a go between, the
computer is protected.
VPN
• Virtual Private Network
— A method to provide a secure and encrypted connection
between two trusted networks over an unsecured line
– Where line could be the internet.
— Example
– A company has two locations, New York and LA.
+ They could pay for a private connection between, which is really
expensive
+ Or use a VPN on each side to connect them over the internet.
VPN (2)
• A VPN client connects to the VPN server.
—All networking from the client is directed to the
server, which acts as the network gateway.
– So the client functions as if it was behind a firewall and
could access everything like normal.
—Example
– Employee goes on a business trip. Connect up to an
unsecured network. Connects to the VPN server (via the
client) and now has a secure connection to "work" over the
unsecured network.
IDS
• Intrusion Detection System
—Detects traffic matching a signature of a known
attack. Similar to a Anti-Virus program.
– alerts the admin to the attack
—If it a NIPS (network Intrusion Prevention system),
then it will initiate defensive response.
– such as terminating the connection
+ by configuring the firewall to block it.
Putting it all together
Web Architecture
TIER 4
Database
TIER 3
Applications
TIER 2
Server
TIER 1
SOURCE: INTERSHOP
Deploying network equipment
• Minimize collision domains where ever possible
• Put biggest switches on top or where the most
capacity is needed
• Always! plan to bandwidth to increase.
—planning only for today, causes more problems
tomorrow.
Internet
• a lot of WANs and LANs connected together to form the
global access to computers via TCP/IP. Connected in a
very chaotic manner, no real order.
• At the top of the internet hierarchy are National Service
Providers (NSPs) that form the backbone of the internet.
— Regional ISPs connect to an NSP.
— Network Access Points (NAPs) are switching centers between
the NSPs. Generally referred to as Metropolitan area exchanges
(MAEs).
Internet hosts count
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
–
213
235
562
1,204
1,961
5,089
28,174
80,000
159,000
376,000
727,000
1,313,000
2,217,000
5,846,000
14,352,000
21,819,000
29,760,000
43,230,000
72,398,000
109,574,000
147,345,000
171,638,000
233,101,000
317,646,000
394,992,000
433,193,000
541,677,000
Internet host 1991 to 2007
Hosts in millions
Reference: http://www.gandalf.it/data/data1.htm
Connecting to Internet Backbone
SOURCE: HOWSTUFFWORKS.COM
Structure of the Internet
NAP
Europe
Backbone 1
NAP
Backbone 4, 5, N
Japan
Regional A
Backbone 2
NAP
NAP
Backbone 3
Australia
Regional B
MAPS
UUNET MAP
SOURCE: CISCO SYSTEMS
Satellite Access
(InterSatCom)
Home Networks
• Connecting via DSL or Cable Modem and assuming you are
connecting 2 or more computers in your house.
— You may want a firewall.
– Most Cable Modem provide "no protection" from the internet
— Connect DSL/Cable modem, then firewall, then a hub or wireless hub.
– With Wireless don't forget to set the WEP, otherwise, you maybe providing
internet access to your neighbors as well without your knowledge.
— For Home use, you do not need the expensive switches and hubs.
Many wireless hubs provide 10/100 connection as well. And may also
include a firewall.
References
• See References inside this lecture
• The Internet Security Guidebook, from planning
to deployment, Ellis and Speed, Academic Press,
2001
• The CERT® Guide to System and Network
Security Practices, Allen, Addison Wesley, 2001
• TCP/IP Network Administration, Hunt, 3rd,
O'Reilly, 2002
• How the Internet Works, Gralla, QUE, 1999
• The Essentails of Computer Organization and
Architecture, chap12, Null
• Numerous websites
Q&A