leksioni 4_rrj
Post on 07-Nov-2014
185 Views
Preview:
TRANSCRIPT
Struktura e Internetit : Rrjeti i rrjetave
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnetaccess
net
accessnet
…
………
…
…
Opcion: lidh cdo ISP aksesi ne nje ISP global tranziti? KLientat dhe providerat ISP kane marreveshje biznesi
globalISP
Struktura e Internetit : Rrjeti i rrjetave
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnetaccess
net
accessnet
…
………
…
…
Por duhet te jene disa ISP globale qe te kete konkurence ….
ISP B
ISP A
ISP C
Struktura e Internetit : Rrjeti i rrjetave
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnetaccess
net
accessnet
…
………
…
…
Por duhet te jene disa ISP globale qe te kete konkurence …. Dhe keto ISP duhet te nderlidhen
ISP B
ISP A
ISP C
IXP
IXP
peering link
Internet exchange point
Struktura e Internetit : Rrjeti i rrjetave
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnetaccess
net
accessnet
…
………
…
…
… dhe rrjeta rajonale mund te duhen per te lidhur rrjetat e aksesit
ISP B
ISP A
ISP C
IXP
IXP
regional net
Struktura e Internetit : Rrjeti i rrjetave
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnet
accessnetaccess
net
accessnet
…
………
…
…
… dhe providerat e pembajtjes (psh., Google, Microsoft, Akamai ) mund te kene rrjetat e veta qe te sjellin sherbimet, permbajtjen prane perdoruesve
ISP B
ISP A
ISP B
IXP
IXP
regional net
Content provider network
Introduction
Struktura e Internetit : Rrjeti i rrjetave
Ne qender: numer i vogel rrjetash te medha mire te lidhura “tier-1 (rreshti i pare)” ISP komerciale (psh., Level 3,
Sprint, AT&T, NTT), mbulim kombetar e nderkombetar Rrjetat providerave te permbajtjes (psh, Google): rrjet
privat qe lidh qendrat e te dhenave te saj me Internet, shpesh duke tejkaluar tier-1, providerat rajonale
1-6
accessISP
accessISP
accessISP
accessISP
accessISP
accessISP
accessISP
accessISP
Regional ISP Regional ISP
IXP
IXP
Tier 1 ISP Tier 1 ISP Google
IXP
Introduction
Tier-1 ISP: psh., Sprint
…
to/from customers
peering
to/from backbone
…
………
POP: point-of-presence
1-7
Introduction
Chapter 1: roadmap1.1 Cfare eshte Interneti?1.2 rrjeti skajor
sistemet fundore, rrjetat e aksesit, linjat1.3 rrjeti qendror
transmetimi (kycja) me pakete, kycja me qark, struktura e rrjetave
1.4 vonesa, humbje, sjellja ne rrjeta1.5 shtresat e protokolleve, modelet e
sherbimeve1.6 rrjetat nen sulm: siguria1.7 histori
1-8
Introduction
Si ndodhin humbjet dhe vonesat?
Paketat vihen ne rradhe ne buferat e routerave
Ritmi i paketave ne arrdhje tejkalon (perkohesisht) kapacitetin e linkut te daljes
Paketat presin tu vije rradha
A
B
Pakete qe po transmetohet (vonesa)
pakete ne rradhe (vonesa)
Bufer i lire: paketat ne ardhje humben nese nuk ka bufera te lire
1-9
Introduction
Kater burimet e vonesave te paketave
dproc: perpunimi ne nyje
Kontroll i gabimeve te biteve
Percakton linkun e daljes
zakonisht < msec
A
B
perhapja
transmetimi
Perpunimi ne nyjerradha
dqueue: vonesa prej rradhes
Koha e pritjes ne linkun e daljes per transmetim
Varet nga niveli i bllokimit te ruterit
dnodal = dproc + dqueue + dtrans + dprop
1-10
Introduction
dtrans: vonesa e transmetimit:
L: gjatesia e paketes (bits)
R: bandwidth i linkut (bps)
dtrans = L/R
dprop: vonesa e perhapjes: d: gjatesia e linkut fizik s: shpejtesia e perhapjes ne
mjedis (~2x108 m/sec) dprop = d/sdtrans and dprop
very different
Kater burimet e vonesave te paketave
Perhapje
propagation
Perpunim ne nyje
(Processing)Rradha(queueing)
dnodal = dproc + dqueue + dtrans + dprop
1-11
A
B
tranmetim
* Check out the Java applet for an interactive animation on trans vs. prop delay
Introduction
Analogjia me karvanin
Makinat “perhapen” me shpejtesi100 km/hr
kontrolli do 12 sec per te sherbyer nje makine (koha e transmetimit te nje biti)
makina~bit; karvani ~ paketa
Pyetje: Sa kohe do qe karvani te rreshtohet perpara kontrollit te dyte?
Koha per te “shtyre” te gjithe karvanin nga kontroli ne autostrade = 12*10 = 120 sec
Koha e “perhapjes” se makines se fundit nga kontrolli i pare ne ate te dytin: 100km/(100km/hr)= 1 hr
Pergjigje: 62 minutes
Kontrolli/pagesa
Kontrolli/pagesa
Karvan me 10 makina
100 km 100 km
1-12
Introduction
Analogjia me karvanin(me shume)
Supozo tani makinat “perhapen” me 1000 km/hr Dhe supozo kontrolli do nje min t’i sherbeje nje
makine Pyetje: A do te arrijne makinat ne kontrollin e dyte
perpara se te gjithe makinat te jene sherbyer ne kontrollin e pare? A: Po! Mbas 7 min, makina e pare arrin ne
kontrollin e dyte; tre makina jane akoma ne kontrollin e pare.
kontroll i takses
kontroll i takses
Karvani me 10 makina
100 km 100 km
1-13
Introduction
R: bandwidth i linkut (bps)
L: gjatesia e paketes (bits)
a: ritmi mesatar i arritjes se paketave traffic intensity
= La/R
La/R ~ 0: vonesa mesatare ne rradhe e vogel
La/R -> 1: vonesa mesatare ne rradhe e madhe
La/R > 1: me shume “pune” po arrin qe duhet sherbyer, vonesa mesatare
infinit!
ave
rage
qu
eue
ing
d
ela
y
La/R ~ 0
Vonesa ne rradhes (e ripare)
La/R -> 11-14
* Check out the Java applet for an interactive animation on queuing and loss
Introduction
Vonesat dhe rruget “reale” te Internetit
Si duken vonesat dhe humbjet “reale” te Internetit?
Programi Traceroute: jep matjen e voneses nga burimi ne router gjate rruges ne Internet fillim-fund deri ne arritje. Per te gjitha i: Dergon tre paketa qe do te arrijne cdo router i ne
rrugen drejt arritjes router i do te ktheje paketa tek derguesi Derguesi mat intervalin e kohes midis
transmetimit dhe pergjigjes.3 probes
3 probes
3 probes
1-15
Introduction
Vonesat dhe rruget “reale” te Internetit
1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms 5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms17 * * *18 * * *19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms
traceroute: gaia.cs.umass.edu to www.eurecom.fr
3 matje te voneses ngagaia.cs.umass.edu ne cs-gw.cs.umass.edu
* Do te thote nuk ka pergjigje (probe e humbur, router nuk pergjigjet)
trans-oceaniclink
1-16* Do some traceroutes from exotic countries at www.traceroute.org
Introduction
Humbja e paketave rradha(ose buffer) e linkut paraardhes ne
buffer ka kapacitet te fundem Paketat qe arrijne kur rradha eshte plot
hidhen (ose humben) Paketat e humbura mund te
ritransmetohennga nyja paraardhese, nga burimi ne sistem, ose te mos ritransmetohet
A
B
Paketa qe po transmetohet
paketa qe po arrin ne nje buffer plot eshte humbur
buffer (zona e pritjes)
1-17* Check out the Java applet for an interactive animation on queuing and loss
Introduction
Throughput - sjellja throughput: ritmi (bite/ne njesine e
kohes) me te cilen bitet transferohen midis derguesit /marresit E castit: ritmi ne nje cast te kohes mesatare: ritmi ne nje periudhe te gjate
server, withfile of F bits
to send to client
link capacity
Rs bits/sec
link capacity
Rc bits/secserveri dergon
bite(ngjashmeri me
leng) ne tub
tub qe mban leng
me ritem Rs
bits/sec)
tub qe mban leng
me ritem Rc bits/sec)
1-18
Introduction
Throughput (vazhdim)
Rs < Rc Sa eshte throughputi mesatar fillim-mbarim?
Rs bits/sec Rc bits/sec
Rs > Rc Sa eshte throughputi mesatar fillim-mbarim?
Linku ne rrugen fillim-fund qe kufizon throughputin fillim-fund
bottleneck link (linku me i ngushte)
Rs bits/sec Rc bits/sec
1-19
Introduction
Throughput: Skenari ne Internet
10 lidhje (ne menyre te drejte) ndajnelinkun bottleneck R bits/sec
Rs
Rs
Rs
Rc
Rc
Rc
R
throughput: min per lidhjen fillim-fund (Rc,Rs,R/10)
Ne praktike: Rc ose Rs eshte zakonisht bottleneck
1-20
Introduction
Chapter 1: roadmap1.1 what is the Internet?1.2 network edge
end systems, access networks, links1.3 network core
packet switching, circuit switching, network structure
1.4 delay, loss, throughput in networks1.5 Shtresat e protokollit, Modelet e
sherbimit1.6 networks under attack: security1.7 history
1-21
Introduction
“Shtresat” e ProtokollitRrjetat jane
komplekse,Me shume “pjese”:
hoste routera linke me
mjedise te ndryshme
zbatime protokolle hardware,
software
Pyetje: A ka ndonje shprese
per strukture te organizuar te
rrjetave?
…. Ose se paku diskutimi yne mbi
rrjetat?
1-22
Introduction
Organizimi i udhetimit ajror
Nje seri hapash
bileta (blerje)
bagzhe (kontrol)
porta (hyrje)
ngritja e aeroplanit
airplane routing
bileta (complain)
bagazhe (claim)
porta (dalje)
Ulje e aeroplanit
airplane routing
airplane routing
1-23
Introduction
ticket (purchase)
baggage (check)
gates (load)
runway (takeoff)
airplane routing
Airporti I nisjesAirport i arritjesQendrat e ndermjetme te konrollit te trafikut ajror
airplane routing airplane routing
ticket (complain)
baggage (claim
gates (unload)
runway (land)
airplane routing
ticket
baggage
gate
takeoff/landing
airplane routing
Shtresezimi i funksioneve te fluturimit
lshtresa: cdo shtrese implementon nje sherbim Nepermjet veprimeve te tij brenda
shtreses Mbeshtetet ne sherbimet e dhena
nga shtresa e meposhteme 1-24
Introduction
Pse shtresezim?Duke u marre me sisteme
komplekse: Strukture eksplicite lejon identifikimin,
marrdheniet ndermjet pjeseve te sistemit kompleks reference model reference i shtesezuar per
diskutim Modularizimi lehteson mirembajtjen,
updating e sistemeve Ndryshimi i implementimit te sherbimit te
eshte transparent per pjesen tjeter te sistemit
P.sh, ndryshimi i procedurave ne porta nuk ndikon ne pjesen tjeter te sistemit
Shtresezimi i konsideruar i demshem?1-25
Introduction
Internet protocol stack zbatim: zbatime me
mbeshtetje nga rrjeti FTP, SMTP, HTTP
transport: trnsmetim te dhenash proces-proces TCP, UDP
rrjet: routing i datagrameve nga burimi ne destinacion IP, routing protocols
link: transferim te dhenash midis elemente komshinj ne rrjet Ethernet, 802.111 (WiFi), PPP
fizik: bits “ne tel”
zbatim
transport
rrjet
link
fizik
1-26
Introduction
ISO/OSI modeli i referimit prezantim: lejon zbatimet
te interpretojne kuptimin e te dhenave, p.sh., enkriptimi, kompresimi, konvencione specifike te makines
sesion: sinkronizim, kontroll, recovery of data exchange
Internet stack “nuk I ka” keto shtresa! Keto sherbime, nese
kerkohen, duhet te implementohenne zbatime
Jane te nevojshme?
zbatim
prezantim
sesion
transport
rrjet
link
fizik
1-27
Introduction
source
applicationtransportnetwork
linkphysical
HtHn M
segment Ht
datagram
destination
applicationtransportnetwork
linkphysical
HtHnHl M
HtHn M
Ht M
M
networklink
physical
linkphysical
HtHnHl M
HtHn M
HtHn M
HtHnHl M
router
switch
Enkapsulimimessage M
Ht M
Hn
frame
1-28
Introduction
Chapter 1: roadmap1.1 what is the Internet?1.2 network edge
end systems, access networks, links1.3 network core
packet switching, circuit switching, network structure
1.4 delay, loss, throughput in networks1.5 protocol layers, service models1.6 networks under attack: security1.7 history
1-29
Introduction
Siguria e Rrjetave Fusha e sigurise se rrjetave:
Si munden te keqinjte te sulmojne rrjetat e kompjuterave
Si mund t’i mbrojme rrjetat nga sulmet Si te projektohen arkitektura qe jane imune
ndaj sulmeve Interneti nuk eshte projektuar fillimisht
me (shume) siguri ne mendje Vizioni origjinal: “nje grup perdoruesish qe
besojne njeri-tjetrin te lidhur me nje rrjet transparent”
Projektuesit e protokolleve te Internet duke u pershtatur kushteve
Konsiderata sigurie ne te gjitha shtresat!1-30
Introduction
Te keqinjte: fut malware ne hoste nepermjet Internetit
malware mund te futet ne host nga: virus: infektim qe vete replikohet duke
marre/ekzekutuar objekte (psh., e-mail attachment)
krimb: infektim qe vete replikohet duke marre ne menyre pasive objekte qe vete ekzekutohen
spyware malware mund te regjistroje keystrokes, web site te vizituara, upload info tek faqja e mbledhjes
Hostet e infektuara mund te futen ne botnet, te perdorura per spam. Sulmet DDoS
1-31
Introduction
target
Denial of Service (DoS) (Mohim sherbimi): sulmuesit bejne resurset (server, bandwidth) te pamunduara per trafikun ligjitim duke mbingarkuar me trafik te rreme1. zgjidh target
2. Thyerje ne hostet ne rrjet
3. Dergo paketa ne target nga hostet e komprementuara
Te keqinjte: sulm servareve, infrastruktures se rrjetit
1-32
Introduction
Te keqinjte mund pergjojne paketatpaket “sniffing”:
broadcast media (shared ethernet, wireless) promiscuous network interface reads/records
all packets (e.g., including passwords!) passing by
A
B
C
src:B dest:A payload
wireshark software used for end-of-chapter labs is a (free) packet-sniffer
1-33
Introduction
Te keqinjte mund perdorin adresa te rremeIP spoofing: dergo paketa me adrese
burimi te rremeA
B
C
src:B dest:A payload
1-34
… lots more on security (throughout, Chapter 8)
Introduction
Introduction: summary
covered a “ton” of material!
Internet overview what’s a protocol? network edge, core,
access network packet-switching
versus circuit-switching
Internet structure performance: loss,
delay, throughput layering, service models security history
you now have: context, overview,
“feel” of networking more depth, detail
to follow!
1-35
top related