spam.fr signal
Download
Report
Transcript spam.fr signal
Chapter 1
Introduction
A note on the use of these ppt slides:
We’re making these slides freely available to all (faculty, students, readers).
They’re in PowerPoint form so you can add, modify, and delete slides
(including this one) and slide content to suit your needs. They obviously
represent a lot of work on our part. In return for use, we only ask the
following:
If you use these slides (e.g., in a class) in substantially unaltered form,
that you mention their source (after all, we’d like people to use our book!)
If you post any slides in substantially unaltered form on a www site, that
you note that they are adapted from (or perhaps identical to) our slides, and
note our copyright of this material.
Computer Networking:
A Top Down Approach ,
5th edition.
Jim Kurose, Keith Ross
Addison-Wesley, April
2009.
Thanks and enjoy! JFK/KWR
All material copyright 1996-2009
J.F Kurose and K.W. Ross, All Rights Reserved
Introduction
1-1
Chapter 1: Introduction
Our goal:
get “feel” and
terminology
more depth, detail
later in course
approach:
use Internet as
example
Overview:
what’s the Internet?
what’s a protocol?
network edge; hosts, access
net, physical media
network core: packet/circuit
switching, Internet structure
performance: loss, delay,
throughput
security
protocol layers, service models
history
Introduction
1-2
Chapter 1: roadmap
1.1 What is the Internet?
1.2 Network edge
end systems, access networks, links
1.3 Network core
circuit switching, packet switching, network structure
1.4 Delay, loss and throughput in packet-switched
networks
1.5 Protocol layers, service models
1.6 Networks under attack: security
1.7 History
Introduction
1-3
What’s the Internet: “nuts and bolts” view
PC
millions of connected
computing devices:
hosts = end systems
wireless
laptop
running network
cellular
handheld
apps
communication links
fiber, copper,
access
points
radio, satellite
wired
links
transmission
rate = bandwidth
routers: forward
router
packets (chunks of
data)
Mobile network
server
Global ISP
Home network
Regional ISP
Institutional network
Introduction
1-4
“Cool” internet appliances
Web-enabled toaster +
weather forecaster
IP picture frame
http://www.ceiva.com/
World’s smallest web server
http://www-ccs.cs.umass.edu/~shri/iPic.html
Internet phones
Introduction
1-5
What’s the Internet: “nuts and bolts” view
protocols control sending,
Mobile network
receiving of msgs
e.g., TCP, IP, HTTP, Skype,
Ethernet
Internet: “network of
networks”
loosely hierarchical
public Internet versus
private intranet
Global ISP
Home network
Regional ISP
Institutional network
Internet standards
RFC: Request for comments
IETF: Internet Engineering
Task Force
Introduction
1-6
What’s the Internet: a service view
communication
infrastructure enables
distributed applications:
Web, VoIP, email, games,
e-commerce, file sharing
communication services
provided to apps:
reliable data delivery
from source to
destination
“best effort” (unreliable)
data delivery
Introduction
1-7
What’s a protocol?
human protocols:
“what’s the time?”
“I have a question”
introductions
… specific msgs sent
… specific actions taken
when msgs received,
or other events
network protocols:
machines rather than
humans
all communication
activity in Internet
governed by protocols
protocols define format,
order of msgs sent and
received among network
entities, and actions
taken on msg
transmission, receipt
Introduction
1-8
What’s a protocol?
a human protocol and a computer network protocol:
Hi
TCP connection
request
Hi
TCP connection
response
Got the
time?
Get http://www.awl.com/kurose-ross
2:00
<file>
time
Q: Other human protocols?
Introduction
1-9
协议很复杂
协议必须把所有不利的条件事先都估计
到,而不能假定一切都是正常的和非常
理想的。
看一个计算机网络协议是否正确,不能
光看在正常情况下是否正确,而且还必
须非常仔细地检查这个协议能否应付各
种异常情况。
著名的协议举例
【例1-1】
占据东、西两个山顶的蓝军1和蓝军2与驻扎在
山谷的白军作战。其力量对比是:单独的蓝军1
或蓝军2打不过白军,但蓝军1和蓝军2协同作战
则可战胜白军。现蓝军1拟于次日正午向白军发
起攻击。于是用计算机发送电文给蓝军2。但通
信线路很不好,电文出错或丢失的可能性较大
(没有电话可使用)。因此要求收到电文的友
军必须送回一个确认电文。但此确认电文也可
能出错或丢失。试问能否设计出一种协议使得
蓝军1和蓝军2能够实现协同作战因而一定(即
100 %而不是99.999…%)取得胜利?
明日正午进攻,如何?
同意
这样的协议无法实现!
收到“同意”
…
收到:收到“同意”
…
结论
这样无限循环下去,两边的蓝军都始终
无法确定自己最后发出的电文对方是否
已经收到。
没有一种协议能够蓝军能 100% 获胜。
Chapter 1: roadmap
1.1 What is the Internet?
1.2 Network edge
end systems, access networks, links
1.3 Network core
circuit switching, packet switching, network structure
1.4 Delay, loss and throughput in packet-switched
networks
1.5 Protocol layers, service models
1.6 Networks under attack: security
1.7 History
Introduction
1-14
A closer look at network structure:
network edge:
applications and
hosts
access networks,
physical media:
wired, wireless
communication links
network core:
interconnected
routers
network of
networks
Introduction
1-15
The network edge:
end systems (hosts):
run application programs
e.g. Web, email
at “edge of network”
peer-peer
client/server model
client host requests, receives
service from always-on server
client/server
e.g. Web browser/server;
email client/server
peer-peer model:
minimal (or no) use of
dedicated servers
e.g. Skype, BitTorrent
Introduction
1-16
1. 客户服务器方式
客户(client)和服务器(server)都是指通信
中所涉及的两个应用进程。
客户服务器方式所描述的是进程之间服
务和被服务的关系。
客户是服务的请求方,服务器是服务的
提供方。
课件制作人:谢希仁
运行
客户
程序
网络边缘
运行
服务器
程序
A
B
客户
网络核心
服务器
客户 A 向服务器 B 发出请求服务,
而服务器 B 向客户 A 提供服务。
客户软件的特点
被用户调用后运行,在打算通信时主动向
远地服务器发起通信(请求服务)。因此,
客户程序必须知道服务器程序的地址。
不需要特殊的硬件和很复杂的操作系统。
课件制作人:谢希仁
服务器软件的特点
一种专门用来提供某种服务的程序,可
同时处理多个远地或本地客户的请求。
系统启动后即自动调用并一直不断地运
行着,被动地等待并接受来自各地的客
户的通信请求。因此,服务器程序不需
要知道客户程序的地址。
一般需要强大的硬件和高级的操作系统
支持。
课件制作人:谢希仁
2. 对等连接方式
对等连接(peer-to-peer,简写为 P2P)是
指两个主机在通信时并不区分哪一个是
服务请求方还是服务提供方。
只要两个主机都运行了对等连接软件
(P2P 软件),它们就可以进行平等的、
对等连接通信。
双方都可以下载对方已经存储在硬盘中
的共享文档。
课件制作人:谢希仁
对等连接方式的特点
对等连接方式从本质上看仍然是使用客
户服务器方式,只是对等连接中的每一
个主机既是客户又同时是服务器。
例如主机 C 请求 D 的服务时,C 是客户,
D 是服务器。但如果 C 又同时向 F提供
服务,那么 C 又同时起着服务器的作用。
课件制作人:谢希仁
运行
P2P 程序
E
F
运行
P2P 程序
网络边缘
C
运行
P2P 程序
网络核心
D
运行
P2P 程序
Access networks and physical media
Q: How to connect end
systems to edge router?
residential access nets
institutional access
networks (school,
company)
mobile access networks
Keep in mind:
bandwidth (bits per
second) of access
network?
shared or dedicated?
Introduction
1-24
Dial-up Modem
central
office
home
PC
home
dial-up
modem
telephone
network
Internet
ISP
modem
(e.g., AOL)
Uses existing telephony infrastructure
Home is connected to central office
up to 56Kbps direct access to router (often less)
Can’t surf and phone at same time: not “always on”
Digital Subscriber Line (DSL)
Existing phone line:
0-4KHz phone; 4-50KHz
upstream data; 50KHz-1MHz
downstream data
home
phone
Internet
DSLAM
telephone
network
splitter
DSL
modem
home
PC
central
office
Also uses existing telephone infrastruture
up to 1 Mbps upstream (today typically < 256 kbps)
up to 8 Mbps downstream (today typically < 1 Mbps)
dedicated physical line to telephone central office
Residential access: cable modems
Does not use telephone infrastructure
Instead uses cable TV infrastructure
HFC: hybrid fiber coax
asymmetric: up to 30Mbps downstream, 2
Mbps upstream
network of cable and fiber attaches homes to
ISP router
homes share access to router
unlike DSL, which has dedicated access
Introduction
1-27
Ethernet Internet access
100 Mbps
Institutional
router
Ethernet
switch
To Institution’s
ISP
100 Mbps
1 Gbps
100 Mbps
server
Typically used in companies, universities, etc
10 Mbs, 100Mbps, 1Gbps, 10Gbps Ethernet
Today, end systems typically connect into Ethernet
switch
Wireless access networks
shared wireless access
network connects end system
to router
via base station aka “access
point”
wireless LANs:
802.11b/g (WiFi): 11 or 54 Mbps
wider-area wireless access
provided by telco operator
~1Mbps over cellular system
(EVDO, HSDPA)
next up (?): WiMAX (10’s Mbps)
over wide area
router
base
station
mobile
hosts
Introduction
1-29
Home networks
Typical home network components:
DSL or cable modem
router/firewall/NAT
Ethernet
wireless access
point
to/from
cable
headend
cable
modem
router/
firewall
Ethernet
wireless
laptops
wireless
access
point
Introduction
1-30
Physical Media
Bit: propagates between
transmitter/rcvr pairs
physical link: what lies
between transmitter &
receiver
guided media:
signals propagate in solid
media: copper, fiber, coax
Twisted Pair (TP)
two insulated copper
wires
Category 3: traditional
phone wires, 10 Mbps
Ethernet
Category 5:
100Mbps Ethernet
unguided media:
signals propagate freely,
e.g., radio
Introduction
1-31
Physical Media: coax, fiber
Coaxial cable:
Fiber optic cable:
conductors
bidirectional
baseband:
pulses, each pulse a bit
high-speed operation:
two concentric copper
single channel on cable
legacy Ethernet
broadband:
multiple channels on
cable
HFC
glass fiber carrying light
high-speed point-to-point
transmission (e.g., 10’s100’s Gps)
low error rate: repeaters
spaced far apart ; immune
to electromagnetic noise
Introduction
1-32
各种电缆
无屏蔽双绞线 UTP
聚氯乙烯
套层
绝缘层
屏蔽双绞线 STP
铜线
聚氯乙烯 屏蔽层
铜线
绝缘层
套层
同轴电缆
绝缘保护套层
外导体屏蔽层
绝缘层
内导体
光线在光纤中的折射
折射角
包层
纤
芯
包层
(低折射率的媒体)
纤芯
(高折射率的媒体)
入射角
包层
(低折射率的媒体)
光纤的工作原理
低折射率
(包层)
高折射率
(纤芯)
光线在纤芯中传输的方式是不断地全反射
Physical media: radio
signal carried in
electromagnetic
spectrum
no physical “wire”
bidirectional
propagation
environment effects:
reflection
obstruction by objects
interference
Radio link types:
terrestrial microwave
e.g. up to 45 Mbps channels
LAN (e.g., Wifi)
11Mbps, 54 Mbps
wide-area (e.g., cellular)
3G cellular: ~ 1 Mbps
satellite
Kbps to 45Mbps channel (or
multiple smaller channels)
270 msec end-end delay
geosynchronous versus low
altitude
Introduction
1-36
Chapter 1: roadmap
1.1 What is the Internet?
1.2 Network edge
end systems, access networks, links
1.3 Network core
circuit switching, packet switching, network structure
1.4 Delay, loss and throughput in packet-switched
networks
1.5 Protocol layers, service models
1.6 Networks under attack: security
1.7 History
Introduction
1-37
The Network Core
mesh of interconnected
routers
the fundamental
question: how is data
transferred through net?
circuit switching:
dedicated circuit per
call: telephone net
packet-switching: data
sent thru net in
discrete “chunks”
Introduction
1-38
Network Core: Circuit Switching
End-end resources
reserved for “call”
link bandwidth, switch
capacity
dedicated resources:
no sharing
circuit-like
(guaranteed)
performance
call setup required
Introduction
1-39
Network Core: Circuit Switching
network resources
(e.g., bandwidth)
divided into “pieces”
pieces allocated to calls
dividing link bandwidth
into “pieces”
frequency division
time division
resource piece idle if
not used by owning call
(no sharing)
Introduction
1-40
Circuit Switching: FDM and TDM
Example:
FDM
4 users
frequency
time
TDM
frequency
time
Introduction
1-41
2.4 信道复用技术
2.4.1 频分复用、时分复用
A1
B1
C1
复用(multiplexing)是通信技术中的基本概
念。
信道
信道
信道
(a) 不使用复用技术
A2
A1
B2
B1
C2
C1
A2
复用
共享信道
分用
B2
C2
(b) 使用复用技术
课件制作人:谢希仁
频分复用 FDM
(Frequency Division Multiplexing)
用户在分配到一定的频带后,在通信过程中自始至终都占用
这个频带。
频分复用的所有用户在同样的时间占用不同的带宽资源(请
注意,这里的“带宽”是频率带宽而不是数据的发送速率)。
频率
频率 5
频率 4
频率 3
频率 2
频率 1
时间
课件制作人:谢希仁
时分复用TDM
(Time Division Multiplexing)
时分复用则是将时间划分为一段段等长的时分复
用帧(TDM 帧)。每一个时分复用的用户在每一
个 TDM 帧中占用固定序号的时隙。
每一个用户所占用的时隙是周期性地出现(其周
期就是 TDM 帧的长度)。
TDM 信号也称为等时(isochronous)信号。
时分复用的所有用户是在不同的时间占用同样的
频带宽度。
课件制作人:谢希仁
时分复用
频率
A 在 TDM 帧中
的位置不变
ABCDABCDABCDABCD
TDM 帧
TDM 帧
TDM 帧
TDM 帧
…
TDM 帧
时间
课件制作人:谢希仁
时分复用
频率
B 在 TDM 帧中
的位置不变
ABCDABCDABCDABCD
TDM 帧
TDM 帧
TDM 帧
TDM 帧
…
TDM 帧
时间
课件制作人:谢希仁
时分复用
频率
C 在 TDM 帧中
的位置不变
ABCDABCDABCDABCD
TDM 帧
TDM 帧
TDM 帧
TDM 帧
…
TDM 帧
时间
课件制作人:谢希仁
时分复用
频率
D 在 TDM 帧中
的位置不变
ABCDABCDABCDABCD
TDM 帧
TDM 帧
TDM 帧
TDM 帧
…
TDM 帧
时间
课件制作人:谢希仁
时分复用可能会造成
线路资源的浪费
使用时分复用系统传送计算机数据时,
由于计算机数据的突发性质,用户对
分配到的子信道的利用率一般是不高的。
用户
时分复用
A
a
B
b
a
t
①
t ②
b
ab
C
c
t ③
c
#1
bc
c
#2
#3
a
d
#4
④
D
d
t
4 个时分复用帧
课件制作人:谢希仁
t
统计时分复用 STDM
(Statistic TDM)
用户
统计时分复用
A
a
B
b
a
b
t
①
t ②
a b b c c d a
C
c
c
t
③
#1
#2
#3
④
D
d
t
3 个 STDM 帧
课件制作人:谢希仁
t
Numerical example
How long does it take to send a file of
640,000 bits from host A to host B over a
circuit-switched network?
All links are 1.536 Mbps
Each link uses TDM with 24 slots/sec
500 msec to establish end-to-end circuit
Let’s work it out!
Introduction
1-51
Network Core: Packet Switching
each end-end data stream
divided into packets
user A, B packets share
network resources
each packet uses full link
bandwidth
resources used as needed
Bandwidth division into “pieces”
Dedicated allocation
Resource reservation
resource contention:
aggregate resource
demand can exceed
amount available
congestion: packets
queue, wait for link use
store and forward:
packets move one hop
at a time
Node receives complete
packet before forwarding
Introduction
1-52
Packet Switching: Statistical Multiplexing
100 Mb/s
Ethernet
A
B
statistical multiplexing
C
1.5 Mb/s
queue of packets
waiting for output
link
D
E
Sequence of A & B packets does not have fixed pattern,
bandwidth shared on demand statistical multiplexing.
TDM: each host gets same slot in revolving TDM frame.
Introduction
1-53
Packet-switching: store-and-forward
L
R
takes L/R seconds to
R
transmit (push out)
packet of L bits on to
link at R bps
store and forward:
entire packet must
arrive at router before
it can be transmitted
on next link
delay = 3L/R (assuming
zero propagation delay)
R
Example:
L = 7.5 Mbits
R = 1.5 Mbps
transmission delay = 15
sec
more on delay shortly …
Introduction
1-54
Packet switching versus circuit switching
Packet switching allows more users to use network!
1 Mb/s link
each user:
100 kb/s when “active”
active 10% of time
circuit-switching:
10 users
packet switching:
with 35 users,
probability > 10 active
at same time is less
than .0004
N users
1 Mbps link
Q: how did we get value 0.0004?
Introduction
1-55
Packet switching versus circuit switching
packet switching
great for bursty data
resource sharing
simpler, no call setup
excessive congestion: packet delay and loss
protocols needed for reliable data transfer,
congestion control
Q: How to provide circuit-like behavior?
bandwidth guarantees needed for audio/video apps
still an unsolved problem (chapter 7)
Q: human analogies of reserved resources (circuit
switching) versus on-demand allocation (packet-switching)?
Introduction
1-56
电路交换的特点
电路交换必定是面向连接的。
电路交换的三个阶段:
建立连接
通信
释放连接
课件制作人:谢希仁
电路交换举例
A 和 B 通话经过四个交换机
通话在 A 到 B 的连接上进行
中继线
A
用户线
(
C
(
D
(
交换机
中继线
交换机
交换机
交换机
B
(
用户线
课件制作人:谢希仁
电路交换举例
C 和 D 通话只经过一个本地交换机
通话在 C 到 D 的连接上进行
中继线
A
用户线
(
C
(
D
(
交换机
中继线
交换机
交换机
交换机
B
(
用户线
课件制作人:谢希仁
电路交换传送计算机数据效率低
计算机数据具有突发性。
这导致通信线路的利用率很低。
课件制作人:谢希仁
2. 分组交换的主要特点
在发送端,先把较长的报文划分成较短
的、固定长度的数据段。
报文
1101000110101010110101011100010011010010
假定这个报文较长
不便于传输
课件制作人:谢希仁
添加首部构成分组
每一个数据段前面添加上首部构成分组。
报文
数 1据
分组
数
据
数
据
首部
分组 2
首部
分组 3
首部
请注意:现在左边是“前面”
课件制作人:谢希仁
分组交换的传输单元
分组交换网以“分组”作为数据传输单
元。
依次把各分组发送到接收端(假定接收
端在左边)。
分组 1
首部
数
据
分组 2
首部
数
据
分组 3
首部
数
据
课件制作人:谢希仁
分组首部的重要性
每一个分组的首部都含有地址等控制信
息。
分组交换网中的结点交换机根据收到的
分组的首部中的地址信息,把分组转发
到下一个结点交换机。
用这样的存储转发方式,最后分组就能
到达最终目的地。
课件制作人:谢希仁
收到分组后剥去首部
接收端收到分组后剥去首部还原成报文。
分组 1
首部
数
据
分组 2
首部
数
据
分组 3
首部
数
据
收到的数据
课件制作人:谢希仁
最后还原成原来的报文
最后,在接收端把收到的数据恢复成为
原来的报文。
报文
1101000110101010110101011100010011010010
数
据
数
据
数
据
这里我们假定分组在传输过程中没有出
现差错,在转发时也没有被丢弃。
课件制作人:谢希仁
因特网的核心部分
因特网的核心部分是由许多网络和把它们互连
起来的路由器组成,而主机处在因特网的边缘
部分。
在因特网核心部分的路由器之间一般都用高速
链路相连接,而在网络边缘的主机接入到核心
部分则通常以相对较低速率的链路相连接。
主机的用途是为用户进行信息处理的,并且可
以和其他主机通过网络交换信息。路由器的用
途则是用来转发分组的,即进行分组交换的。
课件制作人:谢希仁
网络核心部分
H2
H4
路由器
H6
网络
主机
H1
H5
H3
网络核心部分
H2
路由器
B
主机
H4
H6
D
E
A
H1
发送的
分组
C
H3
H5
分组交换网的示意图
H4
H2
注意分组路径的变化!
D
路由器
B
H6
主机
H1
E
H2 向 H6 发送分组
A
C
H3
H5
互联网
H1 向 H5 发送分组
课件制作人:谢希仁
注意分组的存储转发过程
H2
H4
在路由器
在路由器
最后到达目的主机
在路由器
AC暂存
E
暂存
暂存 H5
D
查找转发表
查找转发表
查找转发表
路由器
找到转发的端口
找到转发的端口
找到转发的端口
B
H1 向 H5 发送分组
H6
主机
H1
E
A
C
H3
H5
互联网
课件制作人:谢希仁
路由器
在路由器中的输入和输出端口之间没有
直接连线。
路由器处理分组的过程是:
把收到的分组先放入缓存(暂时存储);
查找转发表,找出到某个目的地址应从哪个
端口转发;
把分组送到适当的端口转发出去。
课件制作人:谢希仁
主机和路由器的作用不同
主机是为用户进行信息处理的,并向网
络发送分组,从网络接收分组。
路由器对分组进行存储转发,最后把分
组交付目的主机。
课件制作人:谢希仁
分组交换的优点
高效 动态分配传输带宽,对通信链路
是逐段占用。
灵活 以分组为传送单位和查找路由。
迅速 不必先建立连接就能向其他主机
发送分组。
可靠 保证可靠性的网络协议;分布式
的路由选择协议使网络有很好的生存性。
课件制作人:谢希仁
分组交换带来的问题
分组在各结点存储转发时需要排队,这
就会造成一定的时延。
分组必须携带的首部(里面有必不可少
的控制信息)也造成了一定的开销。
课件制作人:谢希仁
存储转发原理
并非完全新的概念
在 20 世纪 40 年代,电报通信也采用了
基于存储转发原理的报文交换(message
switching)。
报文交换的时延较长,从几分钟到几小
时不等。现在报文交换已经很少有人使
用了。
课件制作人:谢希仁
三种交换的比较
电路交换
报文交换
分组交换
报
文
连接建立
数据传送
报
文
报文
连接释放
报
文
t
A
B
C
D
比特流直达终点
A
B
C
D
A
B
C
D
报文 报文 报文
分组 分组 分组
存储 存储
转发 转发
存储 存储
转发 转发
数据传送
的特点
Internet structure: network of networks
roughly hierarchical
at center: “tier-1” ISPs (e.g., Verizon, Sprint, AT&T,
Cable and Wireless), national/international coverage
treat each other as equals
Tier-1
providers
interconnect
(peer)
privately
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
Introduction
1-78
Tier-1 ISP: e.g., Sprint
POP: point-of-presence
to/from backbone
peering
…
…
.
…
…
…
to/from customers
Introduction
1-79
Internet structure: network of networks
“Tier-2” ISPs: smaller (often regional) ISPs
Connect to one or more tier-1 ISPs, possibly other tier-2 ISPs
Tier-2 ISP pays
tier-1 ISP for
connectivity to
rest of Internet
tier-2 ISP is
customer of
tier-1 provider
Tier-2 ISP
Tier-2 ISP
Tier 1 ISP
Tier 1 ISP
Tier-2 ISP
Tier 1 ISP
Tier-2 ISPs
also peer
privately with
each other.
Tier-2 ISP
Tier-2 ISP
Introduction
1-80
Internet structure: network of networks
“Tier-3” ISPs and local ISPs
last hop (“access”) network (closest to end systems)
local
ISP
Local and tier3 ISPs are
customers of
higher tier
ISPs
connecting
them to rest
of Internet
Tier 3
ISP
Tier-2 ISP
local
ISP
local
ISP
local
ISP
Tier-2 ISP
Tier 1 ISP
Tier 1 ISP
Tier-2 ISP
local
local
ISP
ISP
Tier 1 ISP
Tier-2 ISP
local
ISP
Tier-2 ISP
local
ISP
Introduction
1-81
Internet structure: network of networks
a packet passes through many networks!
local
ISP
Tier 3
ISP
Tier-2 ISP
local
ISP
local
ISP
local
ISP
Tier-2 ISP
Tier 1 ISP
Tier 1 ISP
Tier-2 ISP
local
local
ISP
ISP
Tier 1 ISP
Tier-2 ISP
local
ISP
Tier-2 ISP
local
ISP
Introduction
1-82
Chapter 1: roadmap
1.1 What is the Internet?
1.2 Network edge
end systems, access networks, links
1.3 Network core
circuit switching, packet switching, network structure
1.4 Delay, loss and throughput in packet-switched
networks
1.5 Protocol layers, service models
1.6 Networks under attack: security
1.7 History
Introduction
1-83
How do loss and delay occur?
packets queue in router buffers
packet arrival rate to link exceeds output link
capacity
packets queue, wait for turn
packet being transmitted (delay)
A
B
packets queueing (delay)
free (available) buffers: arriving packets
dropped (loss) if no free buffers
Introduction
1-84
Four sources of packet delay
1. nodal processing:
check bit errors
determine output link
2. queueing
time waiting at output
link for transmission
depends on congestion
level of router
transmission
A
propagation
B
nodal
processing
queueing
Introduction
1-85
Delay in packet-switched networks
3. Transmission delay:
R=link bandwidth (bps)
L=packet length (bits)
time to send bits into
link = L/R
transmission
A
4. Propagation delay:
d = length of physical link
s = propagation speed in
medium (~2x108 m/sec)
propagation delay = d/s
Note: s and R are very
different quantities!
propagation
B
nodal
processing
queueing
Introduction
1-86
Caravan analogy
100 km
ten-car
caravan
toll
booth
cars “propagate” at
100 km/hr
toll booth takes 12 sec to
service car (transmission
time)
car~bit; caravan ~ packet
Q: How long until caravan
is lined up before 2nd toll
booth?
100 km
toll
booth
Time to “push” entire
caravan through toll
booth onto highway =
12*10 = 120 sec
Time for last car to
propagate from 1st to
2nd toll both:
100km/(100km/hr)= 1 hr
A: 62 minutes
Introduction
1-87
Caravan analogy (more)
100 km
ten-car
caravan
100 km
toll
booth
Cars now “propagate” at
1000 km/hr
Toll booth now takes 1
min to service a car
Q: Will cars arrive to
2nd booth before all
cars serviced at 1st
booth?
toll
booth
Yes! After 7 min, 1st car
at 2nd booth and 3 cars
still at 1st booth.
1st bit of packet can
arrive at 2nd router
before packet is fully
transmitted at 1st router!
See Ethernet applet at AWL
Web site
Introduction
1-88
Nodal delay
d nodal d proc d queue d trans d prop
dproc = processing delay
typically a few microsecs or less
dqueue = queuing delay
depends on congestion
dtrans = transmission delay
= L/R, significant for low-speed links
dprop = propagation delay
a few microsecs to hundreds of msecs
Introduction
1-89
Queueing delay (revisited)
R=link bandwidth (bps)
L=packet length (bits)
a=average packet
arrival rate
traffic intensity = La/R
La/R ~ 0: average queueing delay small
La/R -> 1: delays become large
La/R > 1: more “work” arriving than can be
serviced, average delay infinite!
Introduction
1-90
“Real” Internet delays and routes
What do “real” Internet delay & loss look like?
Traceroute program: provides delay
measurement from source to router along end-end
Internet path towards destination. For all i:
sends three packets that will reach router i on path
towards destination
router i will return packets to sender
sender times interval between transmission and reply.
3 probes
3 probes
3 probes
Introduction
1-91
“Real” Internet delays and routes
traceroute: gaia.cs.umass.edu to www.eurecom.fr
Three delay measurements from
gaia.cs.umass.edu to cs-gw.cs.umass.edu
1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms
2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms
3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms
4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms
5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms
6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms
7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms trans-oceanic
8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms
link
9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms
10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms
11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms
12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms
13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms
14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms
15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms
16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms
17 * * *
* means no response (probe lost, router not replying)
18 * * *
19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms
Introduction
1-92
Packet loss
queue (aka buffer) preceding link in buffer has
finite capacity
packet arriving to full queue dropped (aka lost)
lost packet may be retransmitted by previous
node, by source end system, or not at all
buffer
(waiting area)
A
B
packet being transmitted
packet arriving to
full buffer is lost
Introduction
1-93
Throughput
throughput: rate (bits/time unit) at which
bits transferred between sender/receiver
instantaneous: rate at given point in time
average: rate over longer period of time
link
capacity
that
can carry
server,
with
server
sends
bits pipe
Rs bits/sec
fluid
at rate
file of
F bits
(fluid)
into
pipe
Rs bits/sec)
to send to client
link that
capacity
pipe
can carry
Rfluid
c bits/sec
at rate
Rc bits/sec)
Introduction
1-94
Throughput (more)
Rs < Rc What is average end-end throughput?
Rs bits/sec
Rc bits/sec
Rs > Rc What is average end-end throughput?
Rs bits/sec
Rc bits/sec
bottleneck link
link on end-end path that constrains end-end throughput
Introduction
1-95
Throughput: Internet scenario
per-connection
end-end
throughput:
min(Rc,Rs,R/10)
in practice: Rc or
Rs is often
bottleneck
Rs
Rs
Rs
R
Rc
Rc
Rc
10 connections (fairly) share
backbone bottleneck link R bits/sec
Introduction
1-96
Chapter 1: roadmap
1.1 What is the Internet?
1.2 Network edge
end systems, access networks, links
1.3 Network core
circuit switching, packet switching, network structure
1.4 Delay, loss and throughput in packet-switched
networks
1.5 Protocol layers, service models
1.6 Networks under attack: security
1.7 History
Introduction
1-97
Protocol “Layers”
Networks are complex!
many “pieces”:
hosts
routers
links of various
media
applications
protocols
hardware,
software
Question:
Is there any hope of
organizing structure of
network?
Or at least our discussion
of networks?
Introduction
1-98
Organization of air travel
ticket (purchase)
ticket (complain)
baggage (check)
baggage (claim)
gates (load)
gates (unload)
runway takeoff
runway landing
airplane routing
airplane routing
airplane routing
a series of steps
Introduction
1-99
Layering of airline functionality
ticket (purchase)
ticket (complain)
ticket
baggage (check)
baggage (claim
baggage
gates (load)
gates (unload)
gate
runway (takeoff)
runway (land)
takeoff/landing
airplane routing
airplane routing
airplane routing
departure
airport
airplane routing
airplane routing
intermediate air-traffic
control centers
arrival
airport
Layers: each layer implements a service
via its own internal-layer actions
relying on services provided by layer below
Introduction
1-100
Why layering?
Dealing with complex systems:
explicit structure allows identification,
relationship of complex system’s pieces
layered reference model for discussion
modularization eases maintenance, updating of
system
change of implementation of layer’s service
transparent to rest of system
e.g., change in gate procedure doesn’t affect
rest of system
layering considered harmful?
Introduction
1-101
Internet protocol stack
application: supporting network
applications
FTP, SMTP, HTTP
transport: process-process data
transfer
TCP, UDP
network: routing of datagrams from
source to destination
IP, routing protocols
link: data transfer between
application
transport
network
link
physical
neighboring network elements
PPP, Ethernet
physical: bits “on the wire”
Introduction
1-102
ISO/OSI reference model
presentation: allow applications to
interpret meaning of data, e.g.,
encryption, compression, machinespecific conventions
session: synchronization,
checkpointing, recovery of data
exchange
Internet stack “missing” these
layers!
these services, if needed, must
be implemented in application
needed?
application
presentation
session
transport
network
link
physical
Introduction
1-103
Encapsulation
source
message
segment
M
Ht
M
datagram Hn Ht
M
frame Hl Hn Ht
M
application
transport
network
link
physical
link
physical
switch
destination
M
Ht
M
Hn Ht
Hl Hn Ht
M
M
application
transport
network
link
physical
Hn Ht
Hl Hn Ht
M
M
network
link
physical
Hn Ht
M
router
Introduction
1-104
两个主机交换文件
主机 1
文件传送模块
把文件交给下层模块
进行发送
只看这两个文件传送模块
好像文件及文件传送命令
是按照水平方向的虚线传送的
主机 2
文件传送模块
把收到的文件交给
上层模块
再设计一个通信服务模块
主机 1
文件传送模块
通信服务模块
把文件交给下层模块
进行发送
主机 2
只看这两个通信服务模块
好像可直接把文件
可靠地传送到对方
文件传送模块
通信服务模块
把收到的文件交给
上层模块
再设计一个网络接入模块
主机 1
主机 2
文件传送模块
文件传送模块
通信服务模块
通信服务模块
网络接入模块
网络
接口
通信网络
网络
接口
网络接入模块
网络接入模块负责做与网络接口细节有关的工作
例如,规定传输的帧格式,帧的最大长度等。
分层的好处
各层之间是独立的。
灵活性好。
结构上可分割开。
易于实现和维护。
能促进标准化工作。
层数多少要适当
若层数太少,就会使每一层的协议太复
杂。
层数太多又会在描述和综合各层功能的
系统工程任务时遇到较多的困难。
计算机网络的体系结构
计算机网络的体系结构(architecture)是计算机
网络的各层及其协议的集合。
体系结构就是这个计算机网络及其部件所应完
成的功能的精确定义。
实现(implementation)是遵循这种体系结构的
前提下用何种硬件或软件完成这些功能的问题。
体系结构是抽象的,而实现则是具体的,是真
正在运行的计算机硬件和软件。
1.7.3 具有五层协议的体系结构
TCP/IP 是四层的体系结构:应用层、运
输层、网际层和网络接口层。
但最下面的网络接口层并没有具体内容。
因此往往采取折中的办法,即综合 OSI
和 TCP/IP 的优点,采用一种只有五层协
议的体系结构 。
五层协议的体系结构
5
应用层
4
运输层
3
网络层
2
数据链路层
数据链路层
1
物理层
应用层(application layer)
运输层(transport layer)
网络层(network layer)
数据链路层(data link layer)
物理层(physical layer)
主机 1 向主机 2 发送数据
主机 1
AP1
5
主机 2
应用进程数据先传送到应用层
加上应用层首部,成为应用层 PDU
AP2
5
4
4
3
3
2
2
1
1
主机 1 向主机 2 发送数据
主机 1
主机 2
AP2
AP1
5
应用层 PDU 再传送到运输层
5
4
加上运输层首部,成为运输层报文
4
3
3
2
2
1
1
主机 1 向主机 2 发送数据
主机 1
主机 2
AP2
AP1
5
5
4
运输层报文再传送到网络层
4
3
加上网络层首部,成为 IP 数据报(或分组)
3
2
2
1
1
主机 1 向主机 2 发送数据
主机 1
主机 2
AP2
AP1
5
5
4
4
3
IP 数据报再传送到数据链路层
3
2
加上链路层首部和尾部,成为数据链路层帧
2
1
1
主机 1 向主机 2 发送数据
主机 1
主机 2
AP2
AP1
5
5
4
4
3
3
2
数据链路层帧再传送到物理层
2
1
最下面的物理层把比特流传送到物理媒体
1
主机 1 向主机 2 发送数据
主机 1
主机 2
AP2
AP1
5
5
4
4
3
3
2
1
电信号(或光信号)在物理媒体中传播
从发送端物理层传送到接收端物理层
2
1
应用层(application
layer)
物理传输媒体
主机 1 向主机 2 发送数据
主机 1
AP1
主机 2
AP2
5
5
4
4
3
3
2
2
1
物理层接收到比特流,上交给数据链路层 1
主机 1 向主机 2 发送数据
主机 1
AP1
主机 2
AP2
5
5
4
4
3
3
2
数据链路层剥去帧首部和帧尾部 2
取出数据部分,上交给网络层
1
1
主机 1 向主机 2 发送数据
主机 1
AP1
主机 2
AP2
5
5
4
4
3
网络层剥去首部,取出数据部分 3
上交给运输层
2
2
1
1
主机 1 向主机 2 发送数据
主机 1
AP1
主机 2
AP2
5
5
4
运输层剥去首部,取出数据部分
4
上交给应用层
3
3
2
2
1
1
主机 1 向主机 2 发送数据
主机 1
AP1
主机 2
AP2
5
应用层剥去首部,取出应用程序数据 5
上交给应用进程
4
4
3
3
2
2
1
1
主机 1 向主机2 发送数据
主机 1
AP1
我收到了 AP1 发来的
应用程序数据!
主机 2
AP2
5
5
4
4
3
3
2
2
1
1
主机 1 向主机 2 发送数据
主机 1
注意观察加入或剥去首部(尾部)的层次
应用层首部
AP1
5
运输层首部
3
链路层
首部
AP2
应用程序数据
H5
应用程序数据
5
H4
H5
应用程序数据
H3
H4
H5
应用程序数据
链路层
尾部
4
H3
H4
H5
应用程序数据
网络层首部
4
主机 2
3
2
H2
T2
2
1
10100110100101 比 特 流 110101110101
1
主机 1 向主机 2 发送数据
主机 1
主机 2
AP2
AP1
5
5
4
4
计算机 2 的物理层收到比特流后
交给数据链路层
3
3
2
H2
T2
2
1
10100110100101 比 特 流 110101110101
1
H3
H4
H5
应用程序数据
主机 1 向主机 2 发送数据
主机 1
主机 2
AP2
AP1
5
4
5
数据链路层剥去帧首部和帧尾部后
把帧的数据部分交给网络层
3
2
1
H2
H3
H4
H5
应用程序数据
H3
H4
H5
应用程序数据
4
3
T2
2
1
主机 1 向主机 2 发送数据
主机 1
AP1
5
主机 2
网络层剥去分组首部后
把分组的数据部分交给运输层
4
3
H3
AP2
5
H4
H5
应用程序数据
4
H4
H5
应用程序数据
3
2
2
1
1
主机 1 向主机 2 发送数据
主机 1
AP1
运输层剥去报文首部后
把报文的数据部分交给应用层
5
4
H4
主机 2
AP2
H5
应用程序数据
5
H5
应用程序数据
4
3
3
2
2
1
1
主机 1 向主机 2 发送数据
主机 1
主机 2
应用程序数据
AP1
5
4
3
H5
应用程序数据
应用层剥去应用层 PDU 首部后
把应用程序数据交给应用进程
AP2
5
4
3
2
2
1
1
主机 1 向主机2 发送数据
主机 1
AP1
我收到了 AP1 发来的
应用程序数据!
主机 2
AP2
5
5
4
4
3
3
2
2
1
1
Chapter 1: roadmap
1.1 What is the Internet?
1.2 Network edge
end systems, access networks, links
1.3 Network core
circuit switching, packet switching, network structure
1.4 Delay, loss and throughput in packet-switched
networks
1.5 Protocol layers, service models
1.6 Networks under attack: security
1.7 History
Introduction
1-132
Network Security
The field of network security is about:
how bad guys can attack computer networks
how we can defend networks against attacks
how to design architectures that are immune to
attacks
Internet not originally designed with
(much) security in mind
original vision: “a group of mutually trusting
users attached to a transparent network”
Internet protocol designers playing “catch-up”
Security considerations in all layers!
Introduction
1-133
Bad guys can put malware into
hosts via Internet
Malware can get in host from a virus, worm, or
trojan horse.
Spyware malware can record keystrokes, web
sites visited, upload info to collection site.
Infected host can be enrolled in a botnet, used
for spam and DDoS attacks.
Malware is often self-replicating: from an
infected host, seeks entry into other hosts
Introduction
1-134
Bad guys can put malware into
hosts via Internet
Trojan horse
Hidden part of some
otherwise useful
software
Today often on a Web
page (Active-X, plugin)
Virus
infection by receiving
object (e.g., e-mail
attachment), actively
executing
self-replicating:
propagate itself to
other hosts, users
Worm:
infection by passively
receiving object that gets
itself executed
self- replicating: propagates
to other hosts, users
Sapphire Worm: aggregate scans/sec
in first 5 minutes of outbreak (CAIDA, UWisc data)
Introduction
1-135
Bad guys can attack servers and
network infrastructure
Denial of service (DoS): attackers make resources
(server, bandwidth) unavailable to legitimate traffic
by overwhelming resource with bogus traffic
1.
select target
2. break into hosts
around the network
(see botnet)
3. send packets toward
target from
compromised hosts
target
Introduction
1-136
The bad guys can sniff packets
Packet sniffing:
broadcast media (shared Ethernet, wireless)
promiscuous network interface reads/records all
packets (e.g., including passwords!) passing by
C
A
src:B dest:A
payload
B
Wireshark software used for end-of-chapter
labs is a (free) packet-sniffer
Introduction
1-137
The bad guys can use false source
addresses
IP spoofing: send packet with false source address
C
A
src:B dest:A
payload
B
Introduction
1-138
The bad guys can record and
playback
record-and-playback: sniff sensitive info (e.g.,
password), and use later
password holder is that user from system point of
view
A
C
src:B dest:A
user: B; password: foo
B
Introduction
1-139
Network Security
more throughout this course
chapter 8: focus on security
crypographic techniques: obvious uses and
not so obvious uses
Introduction
1-140
Chapter 1: roadmap
1.1 What is the Internet?
1.2 Network edge
end systems, access networks, links
1.3 Network core
circuit switching, packet switching, network structure
1.4 Delay, loss and throughput in packet-switched
networks
1.5 Protocol layers, service models
1.6 Networks under attack: security
1.7 History
Introduction
1-141
Internet History
1961-1972: Early packet-switching principles
1961: Kleinrock - queueing
theory shows
effectiveness of packetswitching
1964: Baran - packetswitching in military nets
1967: ARPAnet conceived
by Advanced Research
Projects Agency
1969: first ARPAnet node
operational
1972:
ARPAnet public demonstration
NCP (Network Control Protocol)
first host-host protocol
first e-mail program
ARPAnet has 15 nodes
Introduction
1-142
Internet History
1972-1980: Internetworking, new and proprietary nets
1970: ALOHAnet satellite
network in Hawaii
1974: Cerf and Kahn architecture for
interconnecting networks
1976: Ethernet at Xerox
PARC
ate70’s: proprietary
architectures: DECnet, SNA,
XNA
late 70’s: switching fixed
length packets (ATM
precursor)
1979: ARPAnet has 200 nodes
Cerf and Kahn’s internetworking
principles:
minimalism, autonomy - no
internal changes required
to interconnect networks
best effort service model
stateless routers
decentralized control
define today’s Internet
architecture
Introduction
1-143
Internet History
1980-1990: new protocols, a proliferation of networks
1983: deployment of
TCP/IP
1982: smtp e-mail
protocol defined
1983: DNS defined
for name-to-IPaddress translation
1985: ftp protocol
defined
1988: TCP congestion
control
new national networks:
Csnet, BITnet,
NSFnet, Minitel
100,000 hosts
connected to
confederation of
networks
Introduction
1-144
Internet History
1990, 2000’s: commercialization, the Web, new apps
Early 1990’s: ARPAnet
decommissioned
1991: NSF lifts restrictions on
commercial use of NSFnet
(decommissioned, 1995)
early 1990s: Web
hypertext [Bush 1945, Nelson
1960’s]
HTML, HTTP: Berners-Lee
1994: Mosaic, later Netscape
late 1990’s:
commercialization of the Web
Late 1990’s – 2000’s:
more killer apps: instant
messaging, P2P file sharing
network security to
forefront
est. 50 million host, 100
million+ users
backbone links running at
Gbps
Introduction
1-145
Internet History
2007:
~500 million hosts
Voice, Video over IP
P2P applications: BitTorrent
(file sharing) Skype (VoIP),
PPLive (video)
more applications: YouTube,
gaming
wireless, mobility
Introduction
1-146
Introduction: Summary
Covered a “ton” of material!
Internet overview
what’s a protocol?
network edge, core, access
network
packet-switching versus
circuit-switching
Internet structure
performance: loss, delay,
throughput
layering, service models
security
history
You now have:
context, overview,
“feel” of networking
more depth, detail to
follow!
Introduction
1-147