CSE331: Introduction to Networks and Security Lecture 6

advertisement
CSE331:
Introduction to Networks
and Security
Lecture 6
Fall 2002
Announcements
• Project 1 will be handed out this Friday
– Form groups of two or three
– Mail group members to Aditya
achadha@gradient.cis.upenn.edu
– If you can’t find a partner, mail Aditya
– Groups should be formed before project is handed
out
CSE331 Fall 2002
2
Recap
• Ethernet
– Exponential backoff algorithm
• 802.11
CSE331 Fall 2002
3
Today
• Finish up link layer
– 802.11
– (briefly) Token Rings
• Packet Switching
CSE331 Fall 2002
4
Multiple Access Collision Avoidance
• Sender transmits Request To Send (RTS)
– Includes length of data to be transmitted
– Timout leads to exponential backoff (like Ethernet)
• Receiver replies with Clear To Send (CTS)
– Echoes the length field
• Receiver sends ACK of frame to sender
• Any node that sees CTS cannot transmit for
durations specified by length
• Any node that sees RTS but not CTS is not
close enough to the receiver to interfere
– It’s free to transmit
CSE331 Fall 2002
5
Wireless Access Points
Distribution System
A
AP1
B
AP3
AP2
D
C
• Distribution System – wired network infrastructure
• Access points – stationary wireless device
• Roaming wireless
CSE331 Fall 2002
6
Selecting an Access Point
• Active scanning
– Node sends a Probe frame
– All AP’s within reach reply with a Probe Response
frame
– Node selects an AP and sends Association
Request frame
– AP replies with Association Response frame
• Passive scanning
– AP periodically broadcasts Beacon frame
– Node sends Association Request
CSE331 Fall 2002
7
Node Mobility
Distribution System
A
AP1
B
AP3
AP2
B
D
C
• B moves from AP1 to AP2
• B sends Probes, eventually prefers AP2 to
AP1
• Sends Association Request
CSE331 Fall 2002
8
Frame Format
16
16
48
48
48
16
48
32
Ctrl Length Addr1 Addr2 Addr3 Seq Addr4 Body CRC
• Ctrl: flags (CTS, RTS, or Data?)
• Body up to 2312 bytes
• 4 addresses
3
2
1
4
CSE331 Fall 2002
9
802.11 Security Issues
• Packet sniffing is worse
–
–
–
–
–
No physical connection needed
Long range (6 blocks)
Current encryption standards (WEP) not that good
WEP = Wired Equivalent Privacy
http://www.nakedwireless.ca/winudcol.htm
• Denial of service
– Association (and Disassociation) Requests are not
authenticated
• We’ll talk more about these issues in the security part
of the course.
CSE331 Fall 2002
10
Token Rings
• IBM Token Ring (IEEE 802.5)
– Support 4Mbps or 16Mbps over twisted pair for about 250
nodes.
• FDDI = Fiber Distributed Data Interface
– It supports 100Mbps for as much as 200km of fiber and 500
nodes (with at most 2km between nodes).
Data always flows
one direction
around the ring.
CSE331 Fall 2002
11
Token Ring MAC
• The token is a special
bit pattern
– Sender gets the token
– Inserts a frame
– Waits for the frame to
return
– Forwards the token
CSE331 Fall 2002
12
Token Ring Issues
• THT = Token Hold Time
– Prevent one node from hogging the network
– Higher THT = better utilization, but not as fair
– Typical THT = 10ms for IBM Token Ring
• What happens when a node fails?
– Must ensure that ring is unbroken.
– What happens if the token is lost?
• Nodes elect a monitor station
– Periodically sends “status OK” message
– Ensures that there is always one token.
CSE331 Fall 2002
13
OSI Reference Model
Application
Presentation
Session
Transport
Network
Next: Packet switching, IP
Data Link
Covered so far: Ethernet, 802.11, Token Rings
Physical
CSE331 Fall 2002
14
Packet Switching
• A switch
– Has many inputs and many outputs
– Takes packets that arrive on an input and forwards
them to the right output
Switch
• Key problem: finite output bandwidth
CSE331 Fall 2002
15
Star Topology
• Scalability
– Large networks can be
built by interconnecting
switches.
– Can connect via high
bandwidth point-to-point
links = large distances.
– Adding a new host to a
switch doesn’t
necessarily degrade
performance.
CSE331 Fall 2002
16
Switching Issues
• Contention
– Arrival rate of packets going to the same output
exceeds output capacity
– Switch buffers packets
• Congestion
– Switch runs out of buffer space
– Forces packets to be dropped
CSE331 Fall 2002
17
Forwarding Decision
• How does the switch know where to forward a
packet?
– Looks at the packet header to make the decision
• Common approaches
– Datagram (or connectionless)
e.g. IP
– Virtual Circuit (or connection-oriented)
e.g. Frame Relay, ATM
– (Less common) Source routing
CSE331 Fall 2002
18
Datagram approach
• Every packet contains a complete destination
address
– Enough information so that any switch can decide
where the packet goes.
• Features of datagram approach
– Packets can be sent at anywhere at any time
– Sender doesn’t know if network can deliver the
packet (or if destination host is available)
– Each packet is forwarded independently (two
packets may take different routes)
– Possible to route around switch or link failures
CSE331 Fall 2002
19
Forwarding Tables
• Provide route information.
• Easy to determine if network
is known (and unchanging)
Forwarding table
for switch 2.
Dest.
Port
A
3
B
2
C
3
D
3
E
0
F
1
G
2
H
2
C
D
3
0
1
E
1
3
2
0
2
1
F
2
A
G
3
0
3
1
B
2
H
CSE331 Fall 2002
Port
numbers
20
Virtual Circuit Switching
• VCI = Virtual Circuit Identifier
• Incoming port + VCI uniquely
identify virtual circuit
• Setup phase constructs
circuit table entries at
C
each switch
D
0
3
1
E
1
3
11
2
5
0
2
1
F
2
7
A
Switch In Port In VCI Out Port Out VCI
1
2
5
1
11
2
3
11
2
7
3
0
7
1
8
CSE331 Fall 2002
G
3
0
3
1
4
B
2
H
21
Virtual Circuits
• Setup phase
– Initial setup message contains complete
destination address
– Intermediate switches (outgoing pass)
• Allocate an entry in the table
• Record In Port, Out Port
• Generate incoming VCI
– Intermediate switches (return pass)
• Get the outgoing VCI from next hop
• Reply to previous hop with the incoming VCI
CSE331 Fall 2002
22
Virtual Circuit Switching Features
• Sender must wait for 1 RTT (minimum) before
first data is sent
• Per-packet overhead reduced
– After setup, only port # & VCI needed (small)
– Compare to full address in datagrams (big)
• If a switch or link fails, connection is broken
– Also, must deallocate old entries to free up space
• Can allocate resources to the virtual circuit
– Buffer space for reliable, in order delivery
– Percentage of outgoing bandwidth (QoS)
CSE331 Fall 2002
23
Source Routing
• Sender knows net
topology
• Indicates sequence
of ports as part of
packet
D
C
3
0
1
1
3
2,1
2
1,2,1
– (many implementations)
E
0
2
1
F
2
1
A
• Headers of variable
(unbounded?) length
G
3
0
3
1
B
2
H
• IP includes source
route option
CSE331 Fall 2002
24
Bridges and LAN Switches
A
B
C
• Bridge accepts LAN frames
on one port, outputs them on
another.
• Optimization: only forward
appropriate frames
1
Bridge
2
X
Y
Z
• Learning bridges
– watch incoming source address A at port number X
– add entry to forward address A to port X
– if no entry, broadcast to all ports
– doesn’t work if there are loops!
CSE331 Fall 2002
25
Download