ppt - Oklahoma State University
advertisement
ECEN5553 Telecom Systems Dr. George Scheets Week #5 Read [9a] "The Cognitive Net is Coming" [8b] "How Can the Internet Have Too Many Routes and Not Enough Addresses?" [10a] "Cybercrime: Dissecting the State of Underground Enterprise" [10b] "A Call to Cyber Arms" [11a] "The Complete Story of Phish" [11b] "Target Breach Happened Because of a Basic Network Segmentation Error" [11c] "Sony Hack Dubbed 'Unparalleled' Crime" Exam #1 Lecture 15, 21 September (Live) No later than 28 September (Remote DL) Outline 7 October 2015, Lecture 22 (Live) No later than 14 October (Remote DL) Outlines Received due 7 October (local) 14 October (remote) 12 % Exam #1 (90 points) Friday, 21 September (Local) Remote Distant Learners, no later than 28 September Work 3 of 4 pages Closed Book & Notes Calculators & phones are NOT allowed ...Set up numerical problem for full credit Most equations are provided (on 5th page) Approximately 40% of upcoming exam will be lifted from the Fall 2014 Exam #1 Anything in the notes, on Power Point, or in reading assignments is fair game On Short Answer or Essay Questions Answer the Question! Memory Dump in the space provided Knowledgeable individual can write more Grader will look for "Power Point bullets" Same remarks as instructor's typically not required To get "A" or "B", instructor needs to walk away with impression you could've said more Got space? Anything else pertinent to add? It is NOT necessary to write small or fill up allotted space to get a good score! Lost points? No comments? → Insufficient info provided Rule of Thumb: "X" point question needs > "X" facts Wireshark Packet Capture This interaction startedwith a click on a Firefox bookmark to a distance calculator from a computer in Engineering South at OSU Stillwater. Firefox then triggers a query to an OSU Domain Name Server asking for the IPv4 address of www.indo.com. This is next followed by a TCP 3 way handshake to open logical connections, an HTTP request to download the distance calculator page, and the beginning of the file transfer. ISO OSI Seven Layer Model MSS = 1460 B = Size of Layer 6 & 7 info per packet Layer 7 Layer 6 Layer 5 Layer 4 Layer 3 Layer 2 Layer 1 Application Presentation Session Transport Network Data Link Physical Windows API Windows TCP Windows TCP Windows IP PC NIC Ethernet Payload = 1500 B PC NIC TCP Window Size (Layer 4) Effects End-to-End Throughput Suppose Window Size (set by PC) = 64 KB Microsoft Windows XP Maximum Segment Size = 1 KB Server can send < 64 unACK'd packets PC Server 3,000 Km Throughput on 64 Kbps Line Packet #1 PC Server 3,000 Km, 64 Kbps line NPD = Prop Delay / Packet inject time Prop Delay = distance / EM energy speed = 3,000,000 m / 200,000,000 m/sec = 0.015 seconds Packet inject time = 8,376 bits / 64 Kbits/sec = 0.1309 seconds (7B PPP, 20B IPv4, 20B TCP) NPD = 0.015 / 0.1309 = 0.1146 Front end of packet arrives at far side prior to back end being transmitted. Throughput on 64 Kbps Line #1 PC Packet #2 Server #1 ACK 3,000 Km, 64 Kbps line At this instant in time... 2nd unACK'd packet is being transmitted ACK for #1 enroute back to server TCP+IP+Layer 2 → 47 bytes if PPP When ACK#1 arrives at server, only packet #2 is unacknowledged. Will 64 packet unACK'd limit be reached? No. At most, 1 packet likely unACK'd. Throughput on 45 Mbps Line #3 #2 #1 Server PC 3,000 Km, 45 Mbps line NPD = Prop Delay / Packet inject time Prop Delay = distance / EM energy speed = 3,000,000 m / 200,000,000 m/sec = 0.015 seconds Packet inject time = 8,376 bits / 45 Mbits/sec = 186.1 μseconds (PPP, IPv4, TCP overhead) NPD = 0.015 / 0.0001861 = 80.60 80.60 average sized packets will fit back-to-back on this line Throughput on 45 Mbps Line Packets 1 - 64 PC Server 3,000 Km, 45 Mbps line At this instant in time, the Server... Has transmitted 64 packets w/o ACK. Has hit window limit. Halts. Throughput on 45 Mbps Line Packets 2 - 64 #1 PC Server ACK#1 3,000 Km, 45 Mbps line At this instant in time, The PC has processed 1st packet & sent an ACK The Server is still halted, waiting for ACK #1. When ACK #1 arrives, server can then transmit one additional packet. Other ACK’s arrive fast enough to allow back-toback transmission of next group of 64 packets Can Estimate Throughput with a Time Line to = 0 to: t1 t2 t3 time Leading edge of 1st packet injected t1: Trailing edge of 64th packet injected t1 = (64*1047B)(8b/B)/(45 Mb/sec) = 11.91 msec t2: Leading edge of 1st packet hits far side 15 msec (propagation delay) If ACK injected right away... t3: ...ACK arrives at server at t = 30 msec Process Repeats... Can Estimate Throughput with a Time Line to = 0 11.91 15.00 30.00 time (msec) This system can transmit 64(1,047) = 67,008 B = 536,064 bits Every 30 msec (one round trip time) Estimated throughput = 536,064/0.03 = 17.89 Mbps Actual throughput a bit lower 1st ACK not transmitted until packet #1 fully received... ... and processed by PC 65th packet not transmitted until ACK #1 fully received... ... and processed by Server Can Estimate Throughput with a Time Line to = 0 11.91 15.00 30.00 time (msec) Need to be able to fill the pipe for 1 RTT 30 msec in our example 45 Mbps * .030 sec = 1.35 M b = 168,750 B = 168,750/1,047 = 161.2 packets Window Size needs to be = 161.2 segments*1,000 bytes/segment = 161,200 B Actually would need another segment or two to cover source & sink processing TCP Header 4 Bytes Source Port Destination Port Sequence Number ACK Number Window Checksum UDP Header (8 Bytes) 4 Bytes Source Port Destination Port Checksum For interactive real-time traffic, usually used with Real Time Transport Protocol (12 bytes). Virtual Circuits Routing decisions made once when circuit is set up Concerned switches have internal Look-Up tables updated All packets part of info transfer follow the same path Allows option of setting aside switch resources (buffer space, bandwidth) for specific traffic flows MPLS, Frame Relay, ATM, & Carrier Ethernet use VC’s Datagrams IP uses Datagrams Routing Tables updated independently of individual traffic flows Routers continuously talking with each other Packets may follow different paths Routers get no advance warning of specific packet flows. IP is Connectionless 20 IP 20 TCP up to 1,460 Data + Padding I/O decisions based on IP address & look-up table. Tables updated independent of traffic, hence path thru network may suddenly change. TCP is connection oriented. TCP, UDP, and IP 30+ year old Protocols Designed for data One Utilized Priority & “Best Effort” services No QoS Guarantees Available bandwidth depends on other users TCP (Layer 4 & 5) provides reliable transfer UDP (Layer 4 & 5) unreliable transfer IP at Layer 3 Arbitrary Protocols at Layers 1 & 2 source: http://www.sandvine.coms Internet Traffic 2008 - 2009 Comparison Fixed Access Internet Traffic Profile 2013 Source: www.sandvine.com/downloads/documents/Phenomena_2H_2012/ Sandvine_Global_Internet_Phenomena_Snapshot_2H_2012_NA_Fixed.pdf & www.sandvine.com/downloads/general/global-internet-phenomena/2014/1h-2014-global-internet-phenomena-report.pdf 2015 Fixed Access https://www.sandvine.com/downloads/general/global-internet-phenomena/2015/global-internet-phenomena-report-latin-america-andnorth-america.pdf 2012 Mobile Access Internet Traffic Profile http://www.sandvine.com/downloads/documents/Phenomena_2H_2012/ Sandvine_Global_Internet_Phenomena_Snapshot_2H_2012_NA_Mobile.pdf 2013 Mobile Access Internet Traffic Profile source: www.sandvine.com/downloads/general/global-internet-phenomena/2014/1h-2014-global-internet-phenomena-report.pdf 2015 Mobile Access https://www.sandvine.com/downloads/general/global-internet-phenomena/2015/global-internet-phenomena-report-latin-america-andnorth-america.pdf Internet Traffic Growth source: "The Road to 100G Deployment", IEEE Communications Magazine, March 2010 Internet Traffic Growth source: www.cisco.com/c/en/us/solutions/collateral/service-provider/visual-networking-index-vni/VNI_Hyperconnectivity_WP.html Combining the Figures VoIP PC to PC Internet Phone to Internet Phone Commodity Internet VoIP PC to Wired Phone Internet Phone to Wired Phone Gateway Commodity Internet Phone System VoIP (Wired Phone-to-Wired Phone) Carrier prioritizes VoIP traffic (DiffServ) Paths nailed down (MPLS) Gateways control # of voice calls Good Quality Possible with this configuration Gateway Gateway Phone System Phone System "QoS Enabled" Internet Traditional Videoconferencing 384 Kbps fixed rate output (video + audio) Camera Codec Audio Video Codec Dedicated Bandwidth Network: Circuit Switched TDM 6 Bytes @ 8000 times/sec *State Owned Fiber *ISDN 2002 Videoconferencing V2.0 384 Kbps fixed rate output (video + audio) Now > 784 Kbps Camera Codec Packet Switched StatMuxed Prioritized *State Owned Fiber Audio Video Codec This is technique being used in this class for video to & from Tulsa & Stillwater. Internet Video Streaming The Internet Quality of Received Stream depends on: (1) Size of your pipe. (2) Internet congestion. PC (3) Server congestion. Disk Drive Internet Video Streaming Disk Drive Stillwater Video Server generates packets. Fairly steady generation if server not swamped. Rate depends on pipe size. Internet Video Streaming Internet Video Server Packets exit at an irregular rate. Random delays. Non-Dedicated Bandwidth (Packet Switched, Stat Muxing) Disk Drive ISP Routes can be Roundabout Launched 30 January 2007, 2 miles from OSU campus 1 Dr. Scheets' home router 6 SBC routers adsl-70-233-191-254.dsl.okcyok.sbcglobal.net ex2-p11-0.eqchil.sbcglobal.net Using DiffServe, End-to-End 7 Level3 routers performance on Te-3-2.Chicago1.Level3.net this 22 router kscymo2wcx010-pos9-0-oc48.wcg.net path ... tulsok6wcx2-pos11-0-oc48.wcg.net 5 ONENET routers at least 1 in Oklahoma City 3 Oklahoma State routers ISP Routes can be Roundabout Launched 5 September 2008, 2 miles from OSU campus 1 Scheets' home router 4 SBC routers adsl-70-233-191-254.dsl.okcyok.sbcglobal.net bb1-g1-0-2.rcfril.sbcglobal.net 1 Equinix router 1 Transitrail router ...may be worse onenet.chcgil01.transitrail.net than End-to-End 3 ONENET routers performance on at least 1 in Oklahoma City this 14 router path when not 4 Oklahoma State routers using DiffServ. rtt = 55 msec Internet Service Provider Network LAN PC Router Corporate sites using Internet as WAN. Can pay ISP extra $$ → Traffic between sites gets preferential treatment. LAN PC Interactive VOICE & VIDEO over the commodity INTERNET (Best Effort, No Priorities) Is not ready for Prime Time Delay & Quality problems difficult to solve under the current system... ...although throwing Bandwidth at the problem will alleviate Has a place for the user whose main concern is $$$$ or convenience Internet Service Provider Network LAN PC Router Routers operate at Layers 1-3. PC’s operate at Layers 1-7. Routers do not monitor opening of TCP Logical Connections. RSVP would change this. LAN PC Multi-Protocol Label Switching Enables Virtual Circuits End-to-End Paths nailed down Traffic Engineering Easier Resource Reservation Easier Seeing fairly widespread ISP deployment Internet QoS Most every ISP is installing or testing one or more of following... DiffServ MPLS Resource Reservation capability Pricing structure to reflect different QoS ... but they are not yet widely deployed. As a result, currently the Commodity Internet remains mostly Best Effort, FIFO Routing Thinking of moving large amounts of high quality, time sensitive traffic over the Commodity Internet? Check back in 2-3 years when... Priorities Enabled (IPv6 and/or DiffServ) Resources Guaranteed (Resource Reservation Protocol (RSVP) or equivalent is deployed) Flat rate pricing is gone The Internet Is... A superb information source Sometimes difficult to separate wheat from chaff IEEE Communications or Proceedings Peer IEEE Reviewed Spectrum Reviewed Jane Doe's Web site Reviewed A by editor by Jane Doe good marketing tool The Internet Is... a Security Nightmare Any-to-Any connectivity is both strength and weakness Tracert yields Router IP Addresses Could Telnet or HTTP to many. Password? Espionage Read “The Cuckoo’s Egg” by Cliff Stoll Former #1 on New York Times Best Seller Recommended by Dr. Scheets’ Mom The Internet Is... a Security Nightmare Bad things have been out there for years Viruses, Worms, Trojans, Denial of Service, etc. November 2, 1988 Internet Worm Network shut down for 2-3 days Took advantage of Unix buffer overflow problems Poor password choices 2009-2010 State Stuxnet Worm sponsored? Seemed to target Iran's nuclear bomb program The Internet Is... a Security Nightmare TCOM5223 Information Assurance Management TCOM5233 Applied Information Systems Security TCOM5243 Information Technology Forensics “Remember, when you connect with another computer, you're connecting to every computer that computer has connected to.” Dennis Miller, Saturday Night Live Pros of Using the Internet Any-to-Any Connectivity It’s Inexpensive (save $$$$) Tons of valuable information available Excellent marketing/sales tool Cons of Using the Commodity Internet Any-to-Any Connectivity puts all attached machines at risk WARNING: SECURITY HAZARD! Slightly higher risk of Theft of Traffic Tons of Worthless Information Available No QoS guarantees or Guaranteed Bandwidth May have trouble rapidly moving large files May have trouble reliably moving time sensitive traffic 802.3 Ethernet Packet Format Bytes: 7 1 6 6 MAC Destination Address 40 IPv6 20 TCP 2 MAC Source Address 6-1440 Data + Padding 4 CRC Connectionless vs. Connection Oriented Connectionless * Packet delivery may be out of order * Packet delivery NOT guaranteed * Packets may be mangled * End User’s responsibility to fix any problems Connection Oriented * Packet delivery in order * Packet delivery usually guaranteed IP is Connectionless 20 IP 20 TCP up to 1,460 Data + Padding I/O decisions based on IP address & look-up table. Tables updated independent of traffic. Wide Area Connectivity Options Leased Line (a.k.a. Private Line) Network Switches are byte aware Circuit is assigned trunk BW via TDM BW Route required is based on peak input rates through system determined in advance. Pricing function of distance & peak rate Most expensive connectivity option Highest quality connectivity option Leased Line Usage U.S. Revenues still around $34 Billion in 2009 Drop in Corporate Increase in wireless backhaul $30 Billion in 2014 Shift is to Internet Services source: Insight Research Switched Ethernet LAN's Edge Router PC Switched Hub PC PC PC PC Switched Hub Switched Hub PC PC Ex) Corporate Leased Line Connectivity Detroit OKC Carrier Leased Line Network 128 Kbps NYC Telecom Carriers dedicate 320, 128, and 256 Kbps links for our sole use via Circuit Switching. Router Ex) Corporate Leased Line Connectivity Detroit 384 Kbps Carrier Leased Line Network OKC 320 Kbps From/To OKC DET NYC OKC - 144 76 DET 88 - 28 NYC 112 34 - NYC Router How will company connect to Internet? Configuration Every site connect locally? All sites connect thru, say, OKC? Type of connection Leased Line DSL? Cable Modem? Other? Ex) Internet thru OKC Detroit ISP OKC Carrier Leased Line Network NYC Traffic matrix should expand to include ISP. Faster line speeds likely required. Router Ex) Internet thru OKC Detroit ISP 640 Kbps OKC From\To OKC Carrier Leased Line Network DET NYC ISP OKC - 144 76 60 DET 88 - 28 50 NYC 112 34 - 40 ISP 110 100 90 - NYC Router How big should the pipe to the ISP be? 300 Kbps is outbound from ISP > 640 Kbps circuit needed. Ex) Internet thru OKC Detroit ISP 640 Kbps OKC From\To OKC DET OKC - 144 Carrier Leased Line Network NYC ISP 76 DET 88 - 28 NYC 112 34 - ISP 110 100 90 NYC 60 Router 50 Need to bump size of other 40 2 pipes. 194/186 I/O @ NYC → 448 Kbps 278/166 I/O @ DET → 576 Kbps
