1 期末复习 罗忠文 内容取自 ucb 的教程 [email protected]
TRANSCRIPT
Announcements
• Ground Rules for Final– Closed book, with single 8.5x11 (both sides) crib sheet– Accommodations? Email me….
• Exam covers entire semester
• This review only covers post-midterm material– See midterm review for earlier material
• Everything in review slides is fair game– But so is everything else except material from
o Designing in 90 minuteso Advanced routing (except what’s in final review)o P2P (except what’s in final review)
2
This Review
• 60 slides!
• I won’t try to get through all of them
• But should serve as a useful study guide– Along with midterm review
• Evaluations at end of class…..
3
DHCP and ARP
4
5
What Does a Host Need to Know?
• What IP address the host should use?
• What local DNS server to use?
• How to tell which destinations are local?
• How do we address them using local network?
• How to send packets to remote destinations?
host host DNS... host host DNS...
router router
1.2.3.0/23 5.6.7.0/24
1.2.3.7 1.2.3.156???
1.2.3.19
router
6
Avoiding Manual Configuration
• L3: Dynamic Host Configuration Protocol (DHCP)– End host learns how to send packets– Learn IP address, DNS servers, “gateway”, what’s local
• L2: Address Resolution Protocol (ARP)– For local destinations, learn mapping between IP
address and MAC address
host host DNS... host host DNS...
router router
1.2.3.0/23255.255.254.0
5.6.7.0/24
1.2.3.7 1.2.3.1561.2.3.48
1.2.3.19
router
1A-2F-BB-76-09-AD
7
Address Resolution Protocol
• Every node maintains an ARP table– <IP address, MAC address> pair
• Consult the table when sending a packet– Map destination IP address to destination MAC address– Encapsulate and transmit the data packet
• But: what if IP address not in the table?– Sender broadcasts: “Who has IP address 1.2.3.156?”– Receiver responds: “MAC address 58-23-D7-FA-20-B0”– Sender caches result in its ARP table
• Link-layer protocol (RFC 826)– Because necessary to bootstrap IP connectivity
8
Bootstrapping Problem
• Host doesn’t have an IP address yet– So, host doesn’t know what source address to use
• Host doesn’t know who to ask for an IP address– So, host doesn’t know what destination address to use
• Solution: IP-level discovery protocol to find server– Broadcast a server-discovery message (255.255.255.255)
– Server(s) sends a reply offering an address
host host host...
DHCP server
9
Dynamic Host Configuration Protocol
arrivingclient
DHCP server203.1.2.5
DHCP discover(broadcast)
DHCP offer
DHCP request
DHCP ACK
(broadcast)
Why all the broadcasts?
(broadcast)
(broadcast)
Where to send packets
• Determine if destination is local using the netmask– If netmask of destination address is same as netmask of
source, then destination is local
• If destination is on the local network– Need to find out its MAC address using ARP
• If destination is not local (“remote”)– Need to send to gateway router (as specified by DHCP)– Use ARP to determine MAC address of gateway router
10
Network Control Messages(and how to use them for
discovery)
11
12
Internet Control Message Protocol
• ICMP runs on top of IP– Same level as TCP and UDP– Though viewed as an integral part of IP (not transport)
• Diagnostics (network “print” statement)– Triggered when an IP packet encounters a problem
• ICMP packet sent back to the source IP address– Includes the error information (e.g., type and code)– IP header plus 8+ byte excerpt from original packet
• Source host receives the ICMP packet– Inspects excerpt to identify socket
• Exception: ICMP not sent if problem is ICMP– And just for fragment 0 of a group of fragments
13
Types of Control Messages
• Need Fragmentation– IP packet too large for link layer, DF set
• TTL Expired– Decremented at each hop; generated if 0
• Unreachable– Subtypes: network / host / port
• Source Quench– Old-style signal asking sender to slow down
• Redirect– Tells source to use a different local router
14
Discovering Network Path Properties
• ICMP provides way for routers to talk to end hosts
• Can be used in clever ways to probe the network to discover things about its internals:–PMTU Discovery:
o What is largest packet that can be sent completely through the network w/o needing fragmentation?
–Traceroute:o What is the series of routers that a packet traverses
as it travels through the network?
15
Path MTU Discovery
• MTU = Maximum Transmission Unit– Largest IP packet that a link supports
• Path MTU (PMTU) = minimum end-to-end MTU– Sender must keep datagrams no larger to avoid
fragmentation
• How does the sender know the PMTU is?
• Strategy (RFC 1191):– Try a desired value– Set DF to prevent fragmentation– Upon receiving Need Fragmentation ICMP …
o … oops, that didn’t work, try a smaller value
16
Discovering Routing via Time Exceeded
host DNS... host host DNS...
router routerrouter
host
1.2.3.7
8.9.10.11
5.6.7.156
• Host sends an IP packet– Each router decrements the time-to-live field
• If TTL reaches 0– Router sends Time Exceeded ICMP back to the source– Message identifies router sending it
o Since ICMP is sent using IP, it’s just the IP source address
Time exceeded
17
Traceroute: Exploiting Time Exceeded
• Time-To-Live field in IP packet header– Source sends a packet with TTL ranging from 1 to n– Each router along the path decrements the TTL– “TTL exceeded” sent when TTL reaches 0
• Traceroute tool exploits this TTL behavior
source destination
TTL=1
Time exceeded
TTL=2
Send packets with TTL=1, 2, … and record source of Time Exceeded message
Routing
18
19
Three levels in routing hierarchy
• Networks: reaches individual hosts– Link-layer routing (self-learning)
• Intradomain: routes between networks– Lowest-cost routing (link-state, distance-vector)
• Interdomain: routes between ASes– BGP (path vector)
Lowest Cost Routing
20
21
Link State: Control Traffic
• Each node floods its local information• Each node then knows the entire network topology
Host A
Host BHost E
Host D
Host C
N1 N2
N3
N4
N5
N7N6
22
Local Computation of Routes
Host A
Host BHost E
Host D
Host C
N1 N2
N3
N4
N5
N7N6
A
BE
DC
A
BE
DC A
BE
DC
A
BE
DC
A
BE
DC
A
BE
DC
A
BE
DC
Each node independently calculates shortest paths(using Dijkstra’s algorithm)
23
Distance Vector Routing
• Each router knows the links to its neighbors– Does not flood this information to the whole network
• Each router has provisional “shortest path”– E.g.: Router A: “I can get to router B with cost 11 via
next hop router D”
• Routers exchange this information with their neighboring routers– Again, no flooding the whole network
• Routers update their idea of the best path using info from neighbors
• This iterative process converges with set of shortest paths
24
Bellman-Ford Algorithm
• INPUT:–Link costs to each neighbor–Not full topology
• OUTPUT:–Next hop to each destination and the
corresponding cost–Does not give the complete path to the
destination
Bellman-Ford – Overview
• Each router maintains a table– Row for each possible destination– Column for each directly-attached
neighbor to node– Entry in row Y and column Z of node X
best known distance from X to Y, via
Z as next hop = DZ(X,Y)
A C12
7
B D3
1
B C
B 2 8
C 3 7
D 4 8
Node A
Neighbor (next-hop)
Destinations DC(A, D)
Bellman-Ford
• Know the Bellman-Ford algorithm, count-to-infinity, and poisoned reverse….
• No need to know Dijkstra’s Algorithm
26
Interdomain Routing
27
BGP Basics
• If domains A and B have an interdomain link:– Their border routers announce routes to each other
o One route for each reachable prefix
– Routes announced whenever changed or withdrawno Route withdrawn when domain no longer offering path to prefixo It usually has a path itself, but is choosing to not export that path
• Policies:– Import policy: which routes the domain will use
o Chooses among routes advertised by neighbors
– Export policy: which routes the domain lets other useo Purely a filtering policy
• Route computation: path vector– Loop detection, which enables flexible policies 28
29
Joining BGP and IGP Information
• Border Gateway Protocol (BGP)–Announces reachability to external destinations–Maps a destination prefix to an egress point
o 128.112.0.0/16 reached via 192.0.2.1
• Interior Gateway Protocol (IGP)–Used to compute paths within the AS–Maps an egress point to an outgoing link
o 192.0.2.1 reached via 10.1.1.1
192.0.2.1
10.1.1.1
30
IGP, eBGP, iBGP,….
Border routerInternal router
1. Provide internal reachability (IGP)2. Learn routes to external destinations (eBGP)3. Distribute externally learned routes internally (iBGP)4. Select closest egress (IGP)
62
4 9 2
13
3
Routing Follows the Money!
• Peers provide transit between their customers
• Peers do not provide transit to each other31
traffic allowed traffic not allowed
32
Examples of Standard Policies
• Transit network:– Selection: prefer customer to peer to provider– Export:
o Let customers use any of your routeso Let anyone route through you to your customero Block everything else
• Multihomed (nontransit) network:– Export: Don’t export routes for other domains– Selection: pick primary over backup
34
Advanced Routing
Basic Routing Techniques
• Self-learning
• Link-state
• Distance-vector
• Path-vector
35
Self-Learning
• Requirements:– Plug-and-play (no management needed)– Flat address space
• Forwarding rules:– Watch which port MAC addresses come from– When in doubt, flood to all other ports
• Spanning tree needed for flooding– Does not use shortest data paths– Network unusable while spanning tree recomputed
36
Intradomain (L3)
• Link-state:– Global state, local computation– Flood local topology information– Each router computes shortest paths on graph– Requires routers to have globally consistent state
• Distance-vector:– Local state, global computation– Routers participate in distributed computation– Exchange current views on “shortest paths”– Hard to prevent loops while responding to failures
o E.g., count-to-infinity37
Interdomain: Path-vector
• Path-vector enables:– General policy autonomy for import and export– Easy detection of loops (which allows policy freedom!)
• Disadvantages of path-vector– High churn rate (many updates)– Convergence after failure can be slow– Policy oscillations possible
o Even limited degrees of autonomy can result in policy oscillations
38
Three Routing Challenges
• Resilience– Slow convergence after failures, worse as networks grow– Network not reliable during convergence– Most important barrier to a more reliable Internet
o Goal is 99.999% availability, now 99.9% at besto Gaming, media, VoIP, finance (trading) make this more important
• Traffic engineering– Current traffic engineering mechanisms cumbersome– Must find more adaptive methods
• Policy oscillations in interdomain routing39
Meeting These Challenges
• Augmenting all approaches with multipath– Routing computes more than one path– Allows hosts to use alternate paths when failure occurs
• Augmenting LS with Failure-Carrying Packets– No packet drops during convergence– Requires change to packet header
• Augmenting DV with Routing Along DAGs– Local adaptation prevents packet drops, spreads load– No need for header changes, applies to L2 and L3
• Augmenting PV with Policy Dispute Resolution– Only invoked when oscillation is in progress
40
41
TCP
42
TCP Service Model• Reliable, in-order, duplex byte-stream delivery
– Hopefully with good performance
• Challenges - the network can– drop packets
o Even perhaps a large number– delay packets
o Even perhaps for many seconds– deliver packets out-of-order
o Follows from possibility of arbitrary delay– replicate packets
o Weird, but it does sometimes happen– corrupt packets
43
Timing Diagram: 3-Way Handshaking
Client (initiator)
Server
SYN, SeqNum = x
SYN + ACK, SeqNum = y, Ack = x + 1
ACK, Ack = y + 1
ActiveOpen
PassiveOpen
connect()
listen()
accept()
44
Normal Termination, Both Together
SYN
SYN
AC
K
AC
KD
ata
FIN
FIN + A
CK
AC
K
timeA
B
AC
K
Connectionnow closed
Timeout:Avoid reincarnation
Can retransmitFIN ACK if ACK lost
45
Abrupt Termination
• A sends a RESET (RST) to B– E.g., because app. process on A crashed
• That’s it– B does not ack the RST– Thus, RST is not delivered reliably– And: any data in flight is lost– But: if B sends anything more, will elicit another RST
SYN
SYN
AC
K
AC
KD
ata
RST
AC
K
timeA
B
Data R
ST
46
TCP Support for Reliable Delivery
• Checksum– Used to detect corrupted data at the receiver– …leading the receiver to drop the packet
• Sequence numbers– Used to detect missing data– ... and for putting the data back in order
• Retransmission– Sender retransmits lost or corrupted data– Timeout based on estimates of round-trip time– Fast retransmit algorithm for rapid retransmission
47
ACKing and Sequence Numbers
• Sender sends packet – Data starts with sequence number X– Packet contains B bytes
o X, X+1, X+2, ….X+B-1
• Upon receipt of packet, receiver sends an ACK– If all data prior to X already received:
o ACK acknowledges X+B (because that is next expected byte)– If highest byte already received is some smaller value Y
o ACK acknowledges Y+1o Even if this has been ACKed before
48
Flow Control
• Advertised Window: W– Can send W bytes beyond the next expected byte
• Receiver uses W to prevent sender from overflowing buffer
49
Reliability: TCP Retransmission
50
Reasons for Retransmission
Packet
ACK
Tim
eou
t
Packet
ACK
Tim
eou
t
Packet
Tim
eou
t
Packet
ACK
Tim
eou
t
Packet
ACK
Tim
eou
tPacket
ACK
Tim
eou
t
ACK lostDUPLICATE
PACKET
Packet lost Early timeoutDUPLICATEPACKETS
51
How Long Should Sender Wait?
• Sender sets a timeout to wait for an ACK– Too short: wasted retransmissions– Too long: excessive delays when packet lost
• RTO = EstimatedRTT + 4 x EstimatedDeviation
• Estimated RTT: exponential average of RTT– Only sample packets that are not retransmitted
• Deviation = | SampleRTT – EstimatedRTT |
• EstimatedDeviation: exp. average of Deviation
52
Alternative to Timeouts
• Triple duplicate ACK (“three dups”)– Packet n is lost, but packets n+1, n+2, …, arrive
• On each arrival of a packet not in sequence, receiver generates an ACK– So as n+1, n+2, … arrive, receiver generates repeated
ACKs for seq.no. n– “duplicate” acknowledgments since they all look the
same– Sender sees 3 of these (four ACKs in total) and
immediately retransmits packet n (and only n)
• Termed Fast Retransmission
53
Congestion Control Overview
54
Basics of TCP Congestion Control
• Each source determines the available capacity– … so it knows how many packets to have in flight
• Congestion window (CWND)– Maximum # of unacknowledged bytes to have in flight– Congestion-control equivalent of receiver window– MaxWindow = min{congestion window, receiver window}– Send at the rate of the slowest component
• Adapting the congestion window– Decrease upon detecting congestion– Increase upon lack of congestion: optimistic exploration
• Packet losses used as sign of congestion
Summary of Increase
• “Slow-start”: increase cwnd by MSS for each ack
• Leave slow-start regime when either:– cwnd > SSThresh– Packet drop
• Enter AIMD regime– Increase by MSS for each window’s worth of acked data– Increment per ACK:
CWND += MSS * (MSS / CWND)
55
56
Summary of Decrease
• Cut CWND half on loss detected by NACK – “fast retransmit”
• Cut CWND all the way to 1 MSS on timeout– Set ssthresh to cwnd/2
• Never drop CWND below 1 MSS
57
TCP Dynamics
t
Window
Slow-start restart: Go back to CWND of 1 MSS, but take advantage of knowing the previous value of CWND.
Slow start in operation until it reaches half of previous CWND, I.e.,
SSTHRESH
TimeoutFast
Retransmission
SSThreshSet to Here
Additional Congestion Control Topics
• Equation-based congestion control– rate ~ MSS/[RTT*sqrt(loss rate)] (know this equation)
• Extending TCP to higher speeds– Change CWND adjustment at higher speeds
• Signaling congestion without packet drops– Explicit congestion notification (ECN)
58
59
Security
Basic Requirements for Secure Communication
• Availability: Will the network deliver data?– Infrastructure compromise, DDoS
• Authentication: Who is this actor?– Spoofing, phishing
• Integrity: Do messages arrive in original form?
• Confidentiality: Can adversary read the data?– Sniffing, man-in-the-middle
• Provenance: Who is responsible for this data?– Forging responses, denying responsibility– Not who sent the data, but who created it
60