CSE331: Introduction to Networks and Security Lecture 6
advertisement
CSE331: Introduction to Networks and Security Lecture 6 Fall 2002 Announcements • Project 1 will be handed out this Friday – Form groups of two or three – Mail group members to Aditya achadha@gradient.cis.upenn.edu – If you can’t find a partner, mail Aditya – Groups should be formed before project is handed out CSE331 Fall 2002 2 Recap • Ethernet – Exponential backoff algorithm • 802.11 CSE331 Fall 2002 3 Today • Finish up link layer – 802.11 – (briefly) Token Rings • Packet Switching CSE331 Fall 2002 4 Multiple Access Collision Avoidance • Sender transmits Request To Send (RTS) – Includes length of data to be transmitted – Timout leads to exponential backoff (like Ethernet) • Receiver replies with Clear To Send (CTS) – Echoes the length field • Receiver sends ACK of frame to sender • Any node that sees CTS cannot transmit for durations specified by length • Any node that sees RTS but not CTS is not close enough to the receiver to interfere – It’s free to transmit CSE331 Fall 2002 5 Wireless Access Points Distribution System A AP1 B AP3 AP2 D C • Distribution System – wired network infrastructure • Access points – stationary wireless device • Roaming wireless CSE331 Fall 2002 6 Selecting an Access Point • Active scanning – Node sends a Probe frame – All AP’s within reach reply with a Probe Response frame – Node selects an AP and sends Association Request frame – AP replies with Association Response frame • Passive scanning – AP periodically broadcasts Beacon frame – Node sends Association Request CSE331 Fall 2002 7 Node Mobility Distribution System A AP1 B AP3 AP2 B D C • B moves from AP1 to AP2 • B sends Probes, eventually prefers AP2 to AP1 • Sends Association Request CSE331 Fall 2002 8 Frame Format 16 16 48 48 48 16 48 32 Ctrl Length Addr1 Addr2 Addr3 Seq Addr4 Body CRC • Ctrl: flags (CTS, RTS, or Data?) • Body up to 2312 bytes • 4 addresses 3 2 1 4 CSE331 Fall 2002 9 802.11 Security Issues • Packet sniffing is worse – – – – – No physical connection needed Long range (6 blocks) Current encryption standards (WEP) not that good WEP = Wired Equivalent Privacy http://www.nakedwireless.ca/winudcol.htm • Denial of service – Association (and Disassociation) Requests are not authenticated • We’ll talk more about these issues in the security part of the course. CSE331 Fall 2002 10 Token Rings • IBM Token Ring (IEEE 802.5) – Support 4Mbps or 16Mbps over twisted pair for about 250 nodes. • FDDI = Fiber Distributed Data Interface – It supports 100Mbps for as much as 200km of fiber and 500 nodes (with at most 2km between nodes). Data always flows one direction around the ring. CSE331 Fall 2002 11 Token Ring MAC • The token is a special bit pattern – Sender gets the token – Inserts a frame – Waits for the frame to return – Forwards the token CSE331 Fall 2002 12 Token Ring Issues • THT = Token Hold Time – Prevent one node from hogging the network – Higher THT = better utilization, but not as fair – Typical THT = 10ms for IBM Token Ring • What happens when a node fails? – Must ensure that ring is unbroken. – What happens if the token is lost? • Nodes elect a monitor station – Periodically sends “status OK” message – Ensures that there is always one token. CSE331 Fall 2002 13 OSI Reference Model Application Presentation Session Transport Network Next: Packet switching, IP Data Link Covered so far: Ethernet, 802.11, Token Rings Physical CSE331 Fall 2002 14 Packet Switching • A switch – Has many inputs and many outputs – Takes packets that arrive on an input and forwards them to the right output Switch • Key problem: finite output bandwidth CSE331 Fall 2002 15 Star Topology • Scalability – Large networks can be built by interconnecting switches. – Can connect via high bandwidth point-to-point links = large distances. – Adding a new host to a switch doesn’t necessarily degrade performance. CSE331 Fall 2002 16 Switching Issues • Contention – Arrival rate of packets going to the same output exceeds output capacity – Switch buffers packets • Congestion – Switch runs out of buffer space – Forces packets to be dropped CSE331 Fall 2002 17 Forwarding Decision • How does the switch know where to forward a packet? – Looks at the packet header to make the decision • Common approaches – Datagram (or connectionless) e.g. IP – Virtual Circuit (or connection-oriented) e.g. Frame Relay, ATM – (Less common) Source routing CSE331 Fall 2002 18 Datagram approach • Every packet contains a complete destination address – Enough information so that any switch can decide where the packet goes. • Features of datagram approach – Packets can be sent at anywhere at any time – Sender doesn’t know if network can deliver the packet (or if destination host is available) – Each packet is forwarded independently (two packets may take different routes) – Possible to route around switch or link failures CSE331 Fall 2002 19 Forwarding Tables • Provide route information. • Easy to determine if network is known (and unchanging) Forwarding table for switch 2. Dest. Port A 3 B 2 C 3 D 3 E 0 F 1 G 2 H 2 C D 3 0 1 E 1 3 2 0 2 1 F 2 A G 3 0 3 1 B 2 H CSE331 Fall 2002 Port numbers 20 Virtual Circuit Switching • VCI = Virtual Circuit Identifier • Incoming port + VCI uniquely identify virtual circuit • Setup phase constructs circuit table entries at C each switch D 0 3 1 E 1 3 11 2 5 0 2 1 F 2 7 A Switch In Port In VCI Out Port Out VCI 1 2 5 1 11 2 3 11 2 7 3 0 7 1 8 CSE331 Fall 2002 G 3 0 3 1 4 B 2 H 21 Virtual Circuits • Setup phase – Initial setup message contains complete destination address – Intermediate switches (outgoing pass) • Allocate an entry in the table • Record In Port, Out Port • Generate incoming VCI – Intermediate switches (return pass) • Get the outgoing VCI from next hop • Reply to previous hop with the incoming VCI CSE331 Fall 2002 22 Virtual Circuit Switching Features • Sender must wait for 1 RTT (minimum) before first data is sent • Per-packet overhead reduced – After setup, only port # & VCI needed (small) – Compare to full address in datagrams (big) • If a switch or link fails, connection is broken – Also, must deallocate old entries to free up space • Can allocate resources to the virtual circuit – Buffer space for reliable, in order delivery – Percentage of outgoing bandwidth (QoS) CSE331 Fall 2002 23 Source Routing • Sender knows net topology • Indicates sequence of ports as part of packet D C 3 0 1 1 3 2,1 2 1,2,1 – (many implementations) E 0 2 1 F 2 1 A • Headers of variable (unbounded?) length G 3 0 3 1 B 2 H • IP includes source route option CSE331 Fall 2002 24 Bridges and LAN Switches A B C • Bridge accepts LAN frames on one port, outputs them on another. • Optimization: only forward appropriate frames 1 Bridge 2 X Y Z • Learning bridges – watch incoming source address A at port number X – add entry to forward address A to port X – if no entry, broadcast to all ports – doesn’t work if there are loops! CSE331 Fall 2002 25
