Networking Qualifying Exam Georgia Tech April 4, 2008 Answer 6 of the following 9 questions. Question 1 We consider a packet scheduling scenario in which there are 3 flows (denoted as 1, 2, and 3) with equal weights. The jth packet of flow i is denoted pi,j . Its arrival time and length (in bits) are denoted as ai,j and li,j respectively. Let a1,1 = a2,1 = a3,1 = 0. Let a1,2 = a2,2 = a3,2 = 6 and a3,3 = 8. Let l1,1 = 14, l1,2 = 2, l2,1 = 10, l2,2 = 8, l3,1 = 6, l3,2 = 2, and l3,3 = 12. Suppose the service rate of the link is 1 bit per second. Then 1. What is the GPS finish time of all these packets? 2. What is the service order of these packets under W F Q? 3. What is the service order of these packets under W F 2 Q 4. What is the service order of these packets under DRR when the quantum size is 8 bits? 5. What is the service order of these packets under Virtual Clock? Question 2 The following problem arises in estimating traffic matrices from SNMP link counts. We know that three independent random variables X, Y , and Z are distributed as N (a, 1), N (b, 1), and N (c, 4) respectively, where a, b, c are the parameters we would like to estimate and N (m, v) standards for Gaussian distribution with mean m and variance v. Now we observe a set of realizations of X, Y , and Z as x = 3, y = 5, and z = 7. We also know that • a+b=9 • b + c = 14.5 1 Then what is the Maximum Likelihood Estimate of a, b, c after we have had the above observations of X, Y , and Z? Hint: consult Wikipedia for definitions/techniques like “Gaussian distributions”, “Lagrange multipliers”, and “Maximum Likelihood Estimators” Question 3 1. Suppose that a router’s IP lookup trie that has a branching factor of 224 at its first level, and a branching factor of as much as 28 at its second level. • Let pi be the number of prefixes in the routing table whose prefix length is i, for i = [1, 32]. Express the total number of entries in the trie in terms of pi . • Suppose that each prefix in the routing table is looked up exactly once. Express the average number of memory lookups as a function of pi . • In practice, some prefixes will be looked up more often than others. (a) Explain why. (b) Explain what mechanism(s) routers use to speed up lookups for IP addresses that are looked up more frequently. • Explain the advantages and disadvantages of content-addressable memory for performing IP prefix lookups. 2. Suppose that you wanted to design a router that could have forwarding table entries for ranges of arbitrary sizes (not just powers of two). Design a space-efficient mechanism for doing range-based IP address lookups. Question 4 1. Labovitz showed that, in theory, when a BGP withdrawal occurs path exploration could cause as much as O(n!) iterations before converging to a stable state. • Explain why path exploration occurs. In other words, explain why, when a router hears a withdrawal for path ABC, that it cannot assume that all paths containing BC are invalid/withdrawn. • Give an example where this could result in O(n!) iterations before convergence, where n is the length of the path. 2. Propose an extension to BGP that could mitigate path exploration. (Hint: Think about individual link failures, the different causes of withdrawals other than failures, etc.) Question 5 Describe as many TCP variants as you can and explain: 2 • The main differences between them in operation and performance • Describe the motivation behind the development of each variant Sketch a technique that one can deploy to determine which variant of TCP is implemented at a remote node (client or server). Question 6 1. Explain the rationale for ”layering” in network architectures. 2. Do you think the Internet protocols adhere to strict layering principles? Give one example where they do and another where they don’t or argue (again through examples) that the Internet consistently violates or consistently adheres to layering. 3. Discuss (using specific examples) whether layering is effective in multi-hop wireless networks? Question 7 Suppose that you have collected a sample X of m jitter measurements, and you now want to estimate the mean jitter with a desirable confidence interval (say the 90% confidence interval). Your sample is small, however, the jitter variance is high, and so you do not want to use asymptotic results such as the central limit theorem. Design a statistical procedure that will allow you to estimate the previous confidence interval more accurately than simply relying on the sample mean and sample variance of X. Hint: think about sampling repeatedly from X. Question 8 You are asked to formulate an optimization problem for an instance of BGP traffic engineering. You do not need to solve this problem; just formulate it mathematically. If you need to make any assumptions, please write and justify them. Suppose that you are the operator of an Autonomous System (AS) X. Your network has a number of border links to other ASes. You are given a set S of traffic flows that will need to be routed through X. Each flow corresponds to a unique destination prefix. A flow should be routed from its (unique) ingress link to a unique egress link. The IGP protocol in X routes a flow through the minimum cost path from its ingress link to the selected egress link. For each flow in S you know the following: 1. the ingress link that brings that flow into network X, 2. the rate of the flow (Mbps), 3 3. a set of possible egress links for that flow (note that you do not know the actual egress link for each flow; this is what you need to determine). You are also given the following: 1. the capacity of each egress link (Mbps), 2. the IGP cost to route a flow from an ingress link i to an egress link j. Your goal is to minimize the total cost of routing the flows in S. The cost of routing a flow from ingress i to egress j is equal to the product of the flow rate and the IGP distance from i to j. Do not forget to consider, first, the capacity constraints at the egress links, and second, that each flow should be routed through the minimum cost path. Question 9 In his classic paper on exposing the security weaknesses of the TCP/IP protocol stack, Bellovin describes an attack whereby an attacker could hijack a TCP connection by guessing the sequence number in the TCP connection. 1. Explain Bellovin’s “connection hijacking” attack and explain the types of attacks that can and cannot be mounted with a connection hijack. 2. One attack that is difficult to mount with Bellovin’s attack is one where an attacker spoofs an IP address of the sender. Explain why it is difficult to mount such an attack without an additional attack on the routing system. 3. Devise a mechanism that prevents all IP spoofing. Feel free to alter the structure of IP addresses (e.g., you can use IPv6 CGA, HIP, etc.). 4