ppt - Oklahoma State University
Download
Report
Transcript ppt - Oklahoma State University
ECEN5553 Telecom Systems
Dr. George Scheets Week #5
Read
[9a] "The Cognitive Net is Coming"
[8b] "How Can the Internet Have Too Many Routes and Not Enough
Addresses?"
[10a] "Cybercrime: Dissecting the State of Underground Enterprise"
[10b] "A Call to Cyber Arms"
[11a] "The Complete Story of Phish"
[11b] "Target Breach Happened Because of a Basic
Network Segmentation Error"
[11c] "Sony Hack Dubbed 'Unparalleled' Crime"
Exam #1 Lecture 15, 21 September (Live)
No later than 28 September (Remote DL)
Outline 7 October 2015, Lecture 22 (Live)
No later than 14 October (Remote DL)
Outlines
Received
due 7 October (local)
14 October (remote)
12 %
Exam #1 (90 points)
Friday, 21 September (Local)
Remote Distant Learners, no later than 28 September
Work 3 of 4 pages
Closed Book & Notes
Calculators & phones are NOT allowed
...Set up numerical problem for full credit
Most equations are provided (on 5th page)
Approximately 40% of upcoming exam will be lifted from
the Fall 2014 Exam #1
Anything in the notes, on Power Point, or in reading
assignments is fair game
On Short Answer or Essay Questions
Answer the Question!
Memory Dump in the space provided
Knowledgeable
individual can write more
Grader will look for "Power Point bullets"
Same remarks as instructor's typically not required
To get "A" or "B", instructor needs to walk away
with impression you could've said more
Got
space? Anything else pertinent to add?
It is NOT necessary to write small or fill up allotted space
to get a good score!
Lost points? No comments? → Insufficient info provided
Rule of Thumb: "X" point question needs > "X" facts
Wireshark Packet Capture
This interaction startedwith a click on a Firefox bookmark to a distance calculator from a
computer in Engineering South at OSU Stillwater. Firefox then triggers a query to an OSU
Domain Name Server asking for the IPv4 address of www.indo.com. This is next followed by
a TCP 3 way handshake to open logical connections, an HTTP request to download the
distance calculator page, and the beginning of the file transfer.
ISO OSI Seven Layer Model
MSS = 1460 B =
Size of Layer 6 & 7 info per packet
Layer 7
Layer 6
Layer 5
Layer 4
Layer 3
Layer 2
Layer 1
Application
Presentation
Session
Transport
Network
Data Link
Physical
Windows API
Windows TCP
Windows TCP
Windows IP
PC NIC
Ethernet
Payload = 1500 B
PC NIC
TCP Window Size (Layer 4)
Effects End-to-End Throughput
Suppose
Window
Size (set by PC) = 64 KB
Microsoft
Windows XP
Maximum
Segment Size = 1 KB
Server can send < 64 unACK'd packets
PC
Server
3,000 Km
Throughput on 64 Kbps Line
Packet #1
PC
Server
3,000 Km, 64 Kbps line
NPD = Prop Delay / Packet inject time
Prop
Delay = distance / EM energy speed
= 3,000,000 m / 200,000,000 m/sec
= 0.015 seconds
Packet inject time = 8,376 bits / 64 Kbits/sec
= 0.1309 seconds (7B PPP, 20B IPv4, 20B TCP)
NPD = 0.015 / 0.1309 = 0.1146
Front end of packet arrives at far side prior to
back end being transmitted.
Throughput on 64 Kbps Line
#1
PC
Packet #2
Server
#1 ACK
3,000 Km, 64 Kbps line
At this instant in time...
2nd
unACK'd packet is being transmitted
ACK for #1 enroute back to server
TCP+IP+Layer
2 → 47 bytes if PPP
When
ACK#1 arrives at server,
only packet #2 is unacknowledged.
Will 64 packet unACK'd limit be reached?
No.
At most, 1 packet likely unACK'd.
Throughput on 45 Mbps Line
#3 #2 #1
Server
PC
3,000 Km, 45 Mbps line
NPD = Prop Delay / Packet inject time
Prop
Delay = distance / EM energy speed
= 3,000,000 m / 200,000,000 m/sec
= 0.015 seconds
Packet inject time = 8,376 bits / 45 Mbits/sec
= 186.1 μseconds (PPP, IPv4, TCP overhead)
NPD = 0.015 / 0.0001861 = 80.60
80.60 average sized packets will fit back-to-back
on this line
Throughput on 45 Mbps Line
Packets 1 - 64
PC
Server
3,000 Km, 45 Mbps line
At this instant in time, the Server...
Has
transmitted 64 packets w/o ACK.
Has hit window limit. Halts.
Throughput on 45 Mbps Line
Packets 2 - 64
#1
PC
Server
ACK#1
3,000 Km, 45 Mbps line
At this instant in time,
The
PC has processed 1st packet & sent an ACK
The Server is still halted, waiting for ACK #1.
When
ACK #1 arrives, server can then transmit one
additional packet.
Other ACK’s arrive fast enough to allow back-toback transmission of next group of 64 packets
Can Estimate Throughput with a Time Line
to = 0
to:
t1
t2
t3
time
Leading edge of 1st packet injected
t1: Trailing edge of 64th packet injected
t1 = (64*1047B)(8b/B)/(45 Mb/sec) = 11.91 msec
t2: Leading edge of 1st packet hits far side
15 msec (propagation delay)
If ACK injected right away...
t3: ...ACK arrives at server at t = 30 msec
Process Repeats...
Can Estimate Throughput with a Time Line
to = 0
11.91 15.00
30.00
time (msec)
This system can transmit
64(1,047)
= 67,008 B = 536,064 bits
Every 30 msec (one round trip time)
Estimated throughput = 536,064/0.03 = 17.89 Mbps
Actual throughput a bit lower
1st
ACK not transmitted until packet #1 fully received...
... and processed by PC
65th packet not transmitted until ACK #1 fully received...
... and processed by Server
Can Estimate Throughput with a Time Line
to = 0
11.91 15.00
30.00
time (msec)
Need to be able to fill the pipe for 1 RTT
30
msec in our example
45 Mbps * .030 sec = 1.35 M b = 168,750 B
= 168,750/1,047 = 161.2 packets
Window Size needs to be =
161.2 segments*1,000 bytes/segment = 161,200 B
Actually would need another segment or two to
cover source & sink processing
TCP Header
4 Bytes
Source Port
Destination Port
Sequence Number
ACK Number
Window
Checksum
UDP Header (8 Bytes)
4 Bytes
Source Port
Destination Port
Checksum
For interactive real-time traffic, usually used
with Real Time Transport Protocol (12 bytes).
Virtual Circuits
Routing decisions made once when
circuit is set up
Concerned
switches have internal
Look-Up tables updated
All packets part of info transfer follow
the same path
Allows option of setting aside switch
resources (buffer space, bandwidth) for
specific traffic flows
MPLS, Frame Relay, ATM, & Carrier
Ethernet use VC’s
Datagrams
IP uses Datagrams
Routing Tables updated independently of
individual traffic flows
Routers
continuously talking with each other
Packets may follow different paths
Routers get no advance warning of
specific packet flows.
IP is Connectionless
20
IP
20
TCP
up to 1,460
Data + Padding
I/O decisions based on IP address & look-up table.
Tables updated independent of traffic, hence path
thru network may suddenly change.
TCP is connection oriented.
TCP, UDP, and IP
30+ year old Protocols
Designed for data
One Utilized Priority & “Best Effort” services
No QoS Guarantees
Available bandwidth depends on other
users
TCP (Layer 4 & 5) provides reliable transfer
UDP (Layer 4 & 5) unreliable transfer
IP at Layer 3
Arbitrary Protocols at Layers 1 & 2
source: http://www.sandvine.coms
Internet
Traffic
2008 - 2009
Comparison
Fixed Access Internet Traffic Profile
2013
Source: www.sandvine.com/downloads/documents/Phenomena_2H_2012/ Sandvine_Global_Internet_Phenomena_Snapshot_2H_2012_NA_Fixed.pdf
& www.sandvine.com/downloads/general/global-internet-phenomena/2014/1h-2014-global-internet-phenomena-report.pdf
2015 Fixed Access
https://www.sandvine.com/downloads/general/global-internet-phenomena/2015/global-internet-phenomena-report-latin-america-andnorth-america.pdf
2012 Mobile Access Internet Traffic Profile
http://www.sandvine.com/downloads/documents/Phenomena_2H_2012/
Sandvine_Global_Internet_Phenomena_Snapshot_2H_2012_NA_Mobile.pdf
2013 Mobile Access Internet Traffic Profile
source: www.sandvine.com/downloads/general/global-internet-phenomena/2014/1h-2014-global-internet-phenomena-report.pdf
2015 Mobile Access
https://www.sandvine.com/downloads/general/global-internet-phenomena/2015/global-internet-phenomena-report-latin-america-andnorth-america.pdf
Internet Traffic Growth
source: "The Road to 100G Deployment", IEEE Communications Magazine, March 2010
Internet Traffic Growth
source: www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/VNI_Hyperconnectivity_WP.html
Combining the
Figures
VoIP
PC
to PC
Internet Phone to Internet Phone
Commodity
Internet
VoIP
PC
to Wired Phone
Internet Phone to Wired Phone
Gateway
Commodity
Internet
Phone
System
VoIP (Wired Phone-to-Wired Phone)
Carrier
prioritizes VoIP traffic (DiffServ)
Paths nailed down (MPLS)
Gateways control # of voice calls
Good Quality Possible with this configuration
Gateway
Gateway
Phone
System
Phone
System
"QoS Enabled"
Internet
Traditional Videoconferencing
384 Kbps fixed
rate output
(video + audio)
Camera
Codec
Audio
Video
Codec
Dedicated Bandwidth
Network:
Circuit Switched TDM
6 Bytes @ 8000 times/sec
*State Owned Fiber
*ISDN
2002 Videoconferencing V2.0
384 Kbps fixed
rate output
(video + audio)
Now > 784 Kbps
Camera
Codec
Packet Switched
StatMuxed
Prioritized
*State Owned Fiber
Audio
Video
Codec
This is technique being
used in this class for
video to & from Tulsa &
Stillwater.
Internet Video Streaming
The Internet
Quality of
Received Stream
depends on:
(1) Size of your
pipe.
(2) Internet
congestion.
PC
(3) Server
congestion.
Disk Drive
Internet Video Streaming
Disk Drive
Stillwater
Video Server
generates
packets.
Fairly steady generation if server not swamped.
Rate depends on pipe size.
Internet Video Streaming
Internet
Video Server
Packets exit at an irregular rate.
Random delays.
Non-Dedicated Bandwidth
(Packet Switched, Stat Muxing)
Disk Drive
ISP Routes can be Roundabout
Launched 30 January 2007, 2 miles from OSU campus
1 Dr. Scheets' home router
6 SBC routers
adsl-70-233-191-254.dsl.okcyok.sbcglobal.net
ex2-p11-0.eqchil.sbcglobal.net
Using DiffServe,
End-to-End
7 Level3 routers
performance on
Te-3-2.Chicago1.Level3.net
this 22 router
kscymo2wcx010-pos9-0-oc48.wcg.net
path ...
tulsok6wcx2-pos11-0-oc48.wcg.net
5 ONENET routers
at least 1 in Oklahoma City
3 Oklahoma State routers
ISP Routes can be Roundabout
Launched 5 September 2008, 2 miles from OSU campus
1 Scheets' home router
4 SBC routers
adsl-70-233-191-254.dsl.okcyok.sbcglobal.net
bb1-g1-0-2.rcfril.sbcglobal.net
1 Equinix router
1 Transitrail router
...may be worse
onenet.chcgil01.transitrail.net
than End-to-End
3 ONENET routers
performance on
at least 1 in Oklahoma City
this 14 router
path when not
4 Oklahoma State routers
using DiffServ.
rtt = 55 msec
Internet Service Provider Network
LAN
PC
Router
Corporate sites using Internet as WAN.
Can pay ISP extra $$ →
Traffic between sites gets preferential treatment.
LAN
PC
Interactive VOICE & VIDEO
over the commodity INTERNET
(Best Effort, No Priorities)
Is not ready for Prime Time
Delay & Quality problems difficult to
solve under the current system...
...although throwing Bandwidth at the
problem will alleviate
Has a place for the user whose main
concern is $$$$ or convenience
Internet Service Provider Network
LAN
PC
Router
Routers operate at Layers 1-3.
PC’s operate at Layers 1-7.
Routers do not monitor opening of TCP
Logical Connections. RSVP would change this.
LAN
PC
Multi-Protocol
Label Switching
Enables Virtual Circuits
End-to-End
Paths nailed down
Traffic Engineering Easier
Resource Reservation Easier
Seeing fairly widespread ISP deployment
Internet QoS
Most every ISP is installing or testing one
or more of following...
DiffServ
MPLS
Resource
Reservation capability
Pricing structure to reflect different QoS
... but they are not yet widely deployed.
As a result, currently the Commodity
Internet remains mostly
Best
Effort, FIFO Routing
Thinking of moving large amounts
of high quality, time sensitive
traffic over the
Commodity Internet?
Check back in 2-3 years when...
Priorities Enabled (IPv6 and/or DiffServ)
Resources Guaranteed
(Resource Reservation Protocol (RSVP)
or equivalent is deployed)
Flat rate pricing is gone
The Internet Is...
A
superb information source
Sometimes
difficult to separate wheat from chaff
IEEE Communications or Proceedings
Peer
IEEE
Reviewed
Spectrum
Reviewed
Jane
Doe's Web site
Reviewed
A
by editor
by Jane Doe
good marketing tool
The Internet Is...
a Security Nightmare
Any-to-Any connectivity is both strength and
weakness
Tracert yields Router IP Addresses
Could Telnet or HTTP to many. Password?
Espionage
Read “The Cuckoo’s Egg” by Cliff Stoll
Former #1 on New York Times Best Seller
Recommended by Dr. Scheets’ Mom
The Internet Is...
a Security Nightmare
Bad
things have been out there for years
Viruses,
Worms, Trojans, Denial of Service, etc.
November
2, 1988 Internet Worm
Network
shut down for 2-3 days
Took advantage of
Unix
buffer overflow problems
Poor password choices
2009-2010
State
Stuxnet Worm
sponsored?
Seemed to target Iran's nuclear bomb program
The Internet Is...
a Security Nightmare
TCOM5223
Information Assurance Management
TCOM5233
Applied Information Systems Security
TCOM5243
Information Technology Forensics
“Remember, when you connect with another
computer, you're connecting to every computer
that computer has connected to.”
Dennis
Miller, Saturday Night Live
Pros of Using the Internet
Any-to-Any Connectivity
It’s Inexpensive (save $$$$)
Tons of valuable information available
Excellent marketing/sales tool
Cons of Using the Commodity Internet
Any-to-Any Connectivity
puts all attached machines at risk
WARNING: SECURITY HAZARD!
Slightly higher risk of Theft of Traffic
Tons of Worthless Information Available
No QoS guarantees or Guaranteed Bandwidth
May have trouble rapidly moving large files
May have trouble reliably moving time
sensitive traffic
802.3 Ethernet Packet Format
Bytes: 7
1
6
6
MAC
Destination
Address
40
IPv6
20
TCP
2
MAC
Source
Address
6-1440
Data +
Padding
4
CRC
Connectionless vs.
Connection Oriented
Connectionless
* Packet delivery may be out of order
* Packet delivery NOT guaranteed
* Packets may be mangled
* End User’s responsibility to fix any
problems
Connection Oriented
* Packet delivery in order
* Packet delivery usually guaranteed
IP is Connectionless
20
IP
20
TCP
up to 1,460
Data + Padding
I/O decisions based on IP address & look-up table.
Tables updated independent of traffic.
Wide Area Connectivity Options
Leased Line (a.k.a. Private Line) Network
Switches
are byte aware
Circuit is assigned trunk BW via TDM
BW
Route
required is based on peak input rates
through system determined in advance.
Pricing function of distance & peak rate
Most expensive connectivity option
Highest quality connectivity option
Leased Line Usage
U.S. Revenues still around
$34 Billion in 2009
Drop
in Corporate
Increase in wireless
backhaul
$30 Billion in 2014
Shift
is to Internet Services
source: Insight Research
Switched Ethernet LAN's
Edge
Router
PC
Switched
Hub
PC
PC
PC
PC
Switched
Hub
Switched
Hub
PC
PC
Ex) Corporate Leased Line Connectivity
Detroit
OKC
Carrier Leased
Line Network
128 Kbps
NYC
Telecom Carriers
dedicate 320, 128, and 256 Kbps links for
our sole use via Circuit Switching.
Router
Ex) Corporate Leased Line Connectivity
Detroit
384 Kbps
Carrier Leased
Line Network
OKC
320 Kbps
From/To
OKC
DET
NYC
OKC
-
144
76
DET
88
-
28
NYC
112
34
-
NYC
Router
How will company connect to Internet?
Configuration
Every
site connect locally?
All sites connect thru, say, OKC?
Type of connection
Leased
Line
DSL?
Cable
Modem?
Other?
Ex) Internet thru OKC
Detroit
ISP
OKC
Carrier Leased
Line Network
NYC
Traffic matrix should expand to include
ISP. Faster line speeds likely required.
Router
Ex) Internet thru OKC
Detroit
ISP
640 Kbps
OKC
From\To OKC
Carrier Leased
Line Network
DET NYC ISP
OKC
-
144
76
60
DET
88
-
28
50
NYC
112
34
-
40
ISP
110
100
90
-
NYC
Router
How big should the pipe
to the ISP be?
300 Kbps is outbound from ISP
> 640 Kbps circuit needed.
Ex) Internet thru OKC
Detroit
ISP
640 Kbps
OKC
From\To OKC DET
OKC
-
144
Carrier Leased
Line Network
NYC ISP
76
DET
88
-
28
NYC
112
34
-
ISP
110
100
90
NYC
60
Router
50
Need to bump size of other
40 2 pipes.
194/186 I/O @ NYC → 448 Kbps
278/166 I/O @ DET → 576 Kbps