College of Computing
Georgia Institute of Technology
Networking Qualifying Exam: Spring 2009
Part I
This qualifying exam has six questions over two days. Each question has multiple sub-questions.
The exam has two parts. Part I has three questions and is to be completed by 5 p.m. on March 23, 2009.
Part II has three questions and is to be completed by 5 p.m. on March 24, 2009. Your answers must be
typed. Submit each part of the exam as a single PDF to aglass@cc.gatech.edu.
Some parts of each question are open ended; you should do your best in providing as complete an answer as
possible covering as many angles as you can see to the question.
1
Active Queue Management
Random Early Drop (RED) is an ”active queue management” mechanism developed for the Internet. Answer
the following questions:
(a) What is the main motivation for active queue management schemes in general?
(b) Describe the specific mechanisms that RED proposes and explain how these mechanisms achieve
RED’s desired objectives.
(c) Is RED implemented in commercial routers? By which vendors and in what specific form?
(d) What are the main challenges in using RED? Have these issues been resolved and is RED deployed
widely?
(e) Consider the paper Characterising Residential Broadband Networks by Dischinger et al. in IMC
2007.
• Describe in as much detail as you can the scheme that the paper proposes to detect the presence
of RED in an ISP path.
• Under what conditions might the proposed detection mechanism produce false positives (i.e., it
will claim the presence of RED when there is no active queue management on the path)?
2
Performance Evaluation
You have built a discrete event simulation of a packet switched network and you are using it to try to evaluate
end-to-end delays for a brand new routing protocol you just invented. Answer the following questions:
Networking Qualifying Exam: Part I
March 23, 2009
Page 2 of 2
(a) If your goal is to be as realistic as possible, what are the various elements of your simulation that you
need models for? and where would you look for such models?
(b) You start testing your simulation with relatively low traffic input rate and large router buffers. You
measure, independently, the average end-to-end delay and the average queue occupancy in the routers.
Name a queuing theory law that you could use to gain some confidence that the simulation is producing reasonable values? How would you use it in this case? In general, where and how can this law be
applied? Find the authoritative reference where this Law has been proven.
(c) Suppose you want to evaluate the effect of a single network parameter on the performance of your
routing protocol, ultimately producing a graph with the parameter varying on the x-axis and the network’s end-to-end delay on the y-axis. Explain the issues you would need to worry about to produce
each point on that graph from the simulation.
3
Address Spoofing
(a) What is IP address spoofing?
(b) Describe a type of attack that an attacker can mount using only packets with spoofed source IP addresses. Explain the advantage to mounting the attack using traffic that has spoofed source IP addresses.
(c) One type of defense against IP address spoofing that is implemented in Cisco (and other) routers is
called Unicast Reverse Path Filtering (uRPF). This mechanism will drop a packet that arrives on an
interface which the router would not use to send packets in the reverse direction towards that source IP
address. Describe network configurations where uRPF would not work, and explain why the scenario
you have described might actually be plausible in practice.
(d) Design an automated mechanism to defend against IP address spoofing. Your technique should work
at line rate and should scale to a number of active flows that would appear on a router where your
scheme is deployed (you should look up appropriate specifications for the routers or network devices
where you intend to deploy your scheme).
You can take some leeway in designing your scheme (e.g., your scheme might generate additional
packets), as long as you state your assumptions.