dương thiên t1
TRANSCRIPT
Dng Thin [email protected]/tu.duongthien-----------------------------------Chapter 1 - InternetNetwork Edge [11] bin ca mng- Host (End Systems - h thng u cui): trn host chy ng dng phn tn (distributed applications) [12] + Client/Server [12]: Client gi yu cu (request), Server p ng (response) yu cu + P2P [12]: Peer va l Client va l Server- Edge router (router bin), l gateway ca mng truy cp (access networks). Cc host kt ni vi edge router thnh access networks [11], bao gm: LAN [21], WLAN [22], Intranet (hnh nh thu nh ca Internet, gii hn trong cng ty)Dch v ca mng my tnh [7]: C s h tng truyn thng cho cc ng dng mng.(communication infrastructure) Dch v truyn thng tin cy v best-effort (c gng tt nht c th). Protocol [6] [8] giao thc Lut truyn thng, iu khin vic gi nhn cc gi tin: nh dng gi, th t trao i gi, nhng hnh vi cn thc hin khi nhn c gi, ... IETF chun ha giao thc trong cc vn bn RFC (Request For Comments) Ngoi ra c cc RFC s hu ring cho cc giao thc thng mi (Skype, Yahoo Messenger, ...).
Network Core [28] li ca mng- Core router (router li), mi vng (AS) c nhiu router li kt ni vi nhau, do mt ISP qun l.- ISP phn thnh nhiu cp: [41] + "tier-1" ISPs to thnh trc chnh (backbone) ca Internet [39] + "tier-2" regional ISPs, kt ni n mt hoc nhiu ISP "tier-1" + local ISPs kt ni n end systems (khch hng, ngi dng Internet u cui). Ngi dng u cui kt ni n ISP thng qua: Dial-up modem: 56Kbps, khng s dng Internet v din thoi cng lc, khng c ch "always on" (lun m). DSL (Digital Subcriber Line): s dng c s h tng in thoi, Up 1Mbps - Down 8Mpb, lun m. HFC (Hybrid Fiber Coax): c s h tng truyn hnh cp, Up 2Mbps - Down 30Mbps.- Kin trc ca core: [28] + circuit switching: direct link, no sharing, call setup [29] resource reservation (ti nguyn dnh ring, c chia s bng 2 phng thc: TDM Time Division Multiplexing, FDM Frequency Division Multiplexing [31]) + packet switching: full bandwidth, c th truyn theo cc ng i khc nhau [33], statistical multiplexing (ghp knh mang tnh thng k, bandwidth phn chia theo yu cu) [34] dng router (store-and-forward): router nhn v chuyn tip gi n router k tip thuc tuyn ng truyn --> nhim v ca router: forwarding + routing
Mi trng truyn dn vt l (Physical Media)Tc truyn (bandwidth) tnh bng bit/giy.Hai loi:- Guided (wire): cp ng trc (coax), cp xon (twisted pair, CAT5, CAT3), cp quang (fiber), Hybrid Fiber Coax (HFC). [24] [25]- Unguided (wireless): radio signal, microwave, satellite signal. [26] D b nh hng ca mi trng: reflection (phn x), obstruction (cn tr) bi vt cn, interference (nhiu), attenuation (suy gim)
Loss [53]- Do hng i (queue, buffer) qu y, dn n ct ui hng i (droptail)Delay [45, 46] 4 loi- processing (error checking, determine output)- queueing (waiting time, depends router's congestion), traffic intensity (Length * Average Packet Arrival Rate / Rate) [50]- transmission (Length/Rate)- propagation (distance/speed) Ty theo ng truyn, transmission delay c th ln hn propagation delay, v d: LANThroughput [54] thng lng- s bit qua link trong mt n v thi gian- throughput trung bnh l throughtput nh nht trong cc link to thnh ng truyn [55]- phn bit thng lng vi bng thng + bng thng (bandwidth) l tc truyn ti a c th ca link. + thng lng (throughput) l lng d liu thc t qua link trong mt n v thi gian, nh vy thng lng ln nht chnh l bng thng.
Internet v OSI- Lin quan: Layer Service Protocol (Header) Service: 7: h tr ng dng, cho php truy cp ti nguyn mng. 6: dch, m ha, nn d liu. 5: to, qun l v kt thc session. 4: chuyn segment gia process v process. 3: chuyn datagram t host ngun n host ch. 2: chuyn frame t u link ny n u link kia. 1: chuyn cc bit ra ng truyn, cung cp cc thng s vt l cho ng truyn.
Gi tin i t trn xung: encapsulation [64], gn thm header ca layer Header + PDU (data t lp trn chuyn xung: Header lp trn + PDU ca lp trn) Gi tin i t di ln: decapsulation, loi b cc header bn ngoi thy thng tin trong header thuc layer - Internet [62] Layers (5): [Application] [Transport] [Network] [Link] [Physical] Services: [application support] [process-to-process] [host-to-host, routing] [point-to-point hoc hop-to-hop] [ch nh thng s vt l cho ng truyn] Devices: [] [] [router] [switch, bridge] [hub (nhn bn tn hiu), repeater (khuch i tn hiu)] Packet: [Message] [Segment] [Datagram] [Frame] [Packet] Address: [] [port (process)] [IP (host)] [MAC (interface)] []- OSI (Open Systems Interconnection Reference Model) [63] Layers (7): [Application][Presentation][Session][Transport][Network][Link][Physical] Presentation: format, encryption, compression, interpret Session: synchronization, checkpointing, recovery of data exchange
Security (quan tm n ti tt c cc layer)- Malware (Malicious software) [67]: virus (nhn bn, k sinh), worm (nhn bn, khng k sinh), trojan horse (khng nhn bn, k sinh), spyware (khng nhn bn, khng k sinh)- DoS [69]: Denial of Service, lm cn kit ti nguyn my nn nhn + vulnerability (im yu) attack: khai thc im yu ca h thng (h iu hnh, li ng dng, li cu hnh, ...) + bandwidth flooding: lm trn bng thng + connection flooding: ginh ht cc kt ni- Packet sniffing [70] bt v phn tch gi tin trong mi trng truyn + IP spoofing [71] gi mo IP, v d gi packet vi a ch ngun gi mo + record-and-playback [72] dng li thng tin xc thc (replay attack)
Chapter 2 - Application LayerAplication-to-AplicationNetwork Application Application Model + Client-Server [8]: always-on host, permanent IP t chc thnh server farm (load balancing, clustering, -> tng scalability, fault-tolerance) + P2P: peer va l client va l server [9], + Hybrid (Client-Server (server trung tm) + P2P): v d: Skype, Instant Messaging [10] C s to ng dng Gi/nhn thng qua socket (IP nh a ch host + port nh process) [12] Message truyn [15] m t trong RFC ty protocol Ni dung ca protocol: type, syntax, semantic, rule Phn loi ng dng [16] chn dch v lp Transport data loss tolerant, timing sensitive, throughput, security --> reliable, unreliable
HTTP (TCP 80) pull-model- Web page [21]: trang HTML, trong cha nhiu object, cc object nh v bi cc URL c trong trang HTML URL (Uniform Resource Locator): host[:port] + /path- Message + HTTP request (request line --> command [GET (ly), POST (a), HEAD (thng tin)]) [29] + HTTP response (status line --> reply code [34] 200, 301, 400, 404, 505) [33]- HTTP Connections [24] + nonpersistent: 1.0, mi object mt TCP connection, 2 * RTT + transmission delay [27] + persistent: 1.1, cc object nm trn cng site dng chung mt TCP connection- Cookies [37] do HTTP "stateless" (HTTP server xem cc request u mi, khng lin quan vi nhau) Server t mt tp tin (cookie) ghi nh trn client, client km cookie theo request server nhn ra mnh Server: Set-cookie trong HTTP Response u tin Client: km theo cookie trong tng HTTP Request k tip Dng: authorization, shopping carts, recommendations, user session state- Cache: t trn Proxy, gim lu lng d liu cn ti v. GET conditional [44] If-modified-since: cache --> Web server kim tra trang lu trn cache c phin bn mi trn server cha Web server p ng: Trang yu cu cha thay i --> 304 (khng km trang yu cu) Trang yu cu thay i --> 200 + trang cp nht mi
FTP (TCP 20, 21)- Ports [46] 21: control (command, status, username, password, ...) theo c ch "out-of-band" 20: data (d liu tp tin, danh sch tp tin trong th mc, ...)- Lnh FTP [48] trong giao thc FTP: USER, PASS, LIST, RETR, STOR- Lnh FTP trong Windows: open, dir, get, put
MailMessage [58], ni dung thng ip mail: MIME multipart, 7-bit, Base64 Base64: b m 6-bit, 3 byte d liu s chuyn thnh 4 byte 6-bitUser Agent [50]: phn mm gi mail pha client nhim v: composing, editing, reading, gi mail ln mail server bng SMTPMail Transfer Agent [51]: mail server, cha outgoing message queue + cc mailbox cc mail server trao i trc tip nhau bng SMTP
Gi: (mail transfer protocol) [52] SMTP (TCP 25) push-model (Simple Mail Transfer Protocol) Dng trong: Mail Server Mail Server, UA --> (outgoing message queue) Mail Server Lnh SMTP [54]: HELO, MAIL FROM, RCPT TO, DATA (c CRLF.CRLF), QUIT. [54]Nhn: (mail access protocol) [59] POP (TCP 110) (Post Office Protocol) authorization phase (USER PASS) + transaction phase (LIST, RETR, DELE) (UA domain name)- Query: query (yu cu phn gii a ch domain name - > IP) u tin c gi n Local DNS + iterated [69] DNS Local ln lt hi cc DNS Server: Root DNS, TLD DNS, Authority DNS + recursive [70] thit lp bng trng flags trong thng ip
Chapter 3 - Transport LayerHot ng ti u cui (end system) Process-to-Process [4] Bn gi chia nh thng ip thnh cc segment, gn thm header lp Transport, ri chuyn xung lp Network.nh v process bng port (16-bit). Port + IP = Socket Well-known (port pha Server, 0-1023): c bit r, ng vi tng dch v. Lit k trong RFC 1700. Ephemeral (port pha Client, 1024-65535): chn ngu nhin port cn trngThng tin v port buc phi c trong header lp Transport, cung cp thng tin cho dch v:- Mutiplexing: ghp knh thc hin ti my gi, thu thp d liu t nhiu process gi, gn header to thnh segment, chuyn xung lp Network.- Demutiplexing: tch knh thc hin ti my nhn, phn phi cc segment n ng process nhn (da vo destination port).
UDP (connectionless, unreliable) n gin, tc cao do khng thit lp v duy tr trng thi kt ni, khng c cc c ch kim sot lung, kim sot tc nghn.- Header (8) [17]: source port, destination port, length (header+payload, tnh bng byte), checksum- Internet Checksum [19]: thc hin vi pseudo-header, cng c nh cc n v 16-bit nh phn, trn qu 16-bit th wraparound (cng s trn vo kt qu), ly b 1 (o bit) kt qu --> checksum Kim tra: tng 16-bit (k c checksum) phi cha ton bit 1.- Giao thc trn UDP: Dng cho cc giao thc a phng tin (audio/video nn chu c mt gi) hoc kiu thng ip request/response c kch thc nh (nm trn trong mt segment). Nu mun truyn ti tin cy bng UDP, b sung tnh tin cy bng cch dng giao thc lp trn ca lp Transport. V d, giao thc RTP (trn UDP) dng sequence number xc nh th t gi. Mt s giao thc dng UDP: DNS, SNMP (Simple Network Management Protocol), DHCP (Dynamic Host Configuration Protocol), cc giao thc multimedia (RTP, Real-Time Protocol), ...
TCP (connection-oriented, reliable)C ch: + reliable: stop-and-wait (bn gi ngng ch gi li, ln lt tng gi) rdt 1.0: knh truyn khng li --> khng cn cung cp dch v truyn tin cy [26] rdt 2.0: knh truyn c li --> cung cp checksum, feedback (ACK, NAK) [27] rdt 2.1: nu gi feedback b sai th xem nh NAK v gi li gi tin --> c th duplicate gi --> cung cp thm sequence number loi gi duplicate (khng extract d liu t gi duplicate nhng vn gi ACK bin nhn)[34] rdt 2.2: dng ACK c gi thay cho NAK --> duplicate ACK l c li [35] rdt 3.0: knh truyn c li v c mt gi (mt gi gi i, mt ACK gi v) --> cung cp timer [37] thi gian ca timer [60]: ngn (premature) --> gi li khng cn thit di --> p ng chm khi mt gi thi gian timeout (timeoutinterval) phi tnh t RTT, ch l RTT bin ng theo trng thi ng truyn t EstimatedRTT [61] tnh TimeoutInterval [63] RTT c lng: EstimatedRTT = (1 - ) EstimatedRTT trc + * sampleRTT ( = 0.125) Bin an ton: DevRTT = (1 - ) DevRTT trc + * |sampleRTT - EstimatedRTT| ( = 0.25) TimeoutInterval = EstimatedRTT + 4 * DevRTT + pipelining protocols: [43] resized sliding window, kch thc window thay i (gii hn lng gi gi ti a) Go-Back N [47]: lun nhn ng th t, cumulative ACK (ACK tch ly), khi timeout gi li ton b ca s tnh t gi b mt (gi u ca s), mt timer cho gi u ca ca s trt, mt ACK nh hn ACK tch ly khng b nh hng, gi nhn c khng ng th t s b hy. xem Applet: http://www.eecis.udel.edu/~amer/450/TransportApplets/GBN/GBNindex.html Selective Repeat [51]: khng dng cumulative ACK, mi timer cho tng gi gi, mt ACK phi gi li, khi timeout ch gi li nhng gi cha ACK trong ca s, gi nhn c khng ng th t s tm lu li (buffer). xem Applet: http://www.eecis.udel.edu/~amer/450/TransportApplets/SR/SRindex.htmlHeader (20): [58] TCP nh s th t cho tng byte trong chui byte gi i. S th t gi khi to hai bn khc nhau, ng b lc to kt ni (bng gi SYN). + source port, destination port: dng cho dch v demultiplexing. + sequence number: "first", s th t ca byte u tin ca segment ang gi. [59] + ack number: "next", s th t ca byte k tip bn nhn mun nhn. Cc byte c s th t trc s ny c nhn [59] Quan h gia SEQ (bn gi) v ACK (bn nhn): gi 1 [SEQ = x, Len = d], ACK ca gi 1 [SEQ = y, ACK = x + d] + header length: tnh bng "word 32-bit", thng bng 5 (20 bytes). + flags: ACK: bin nhn, ACK number c hiu lc. PUSH: khng t chc vng m gi/nhn, y ngay d liu ln lp trn. SYN: ng b gi, cung cp SEQ number khi to, SEQ number c hiu lc. FIN: bo dng gi (bn nhn vn c th gi), sau c th kt thc kt ni khng tng minh. RESET: t chi hoc kt thc kt ni TCP mt cch tng minh. URGENT: d liu khn ch bi Urg Data Pointer c y ngay ln lp trn, Urg Data Pointer c hiu lc. + receive window: bn nhn bo kh nng nhn ca buffer bn nhn, dng iu chnh ca s gi --> c ch flow control. + checksum: ging UDP (dng pseudo header). + urg data pointer: ch n byte theo sau d liu khn, dng vi c URGENTReliable Data Transfer [65]: rdt, pipelined, cumulative ACK, single timer (cho segment u ca s trt), cache gi khng ng th t Sender [66]: + c d liu: to segment vi SEQnumber tip, start timer (nu cha c), gi xung lp Network. + timer (timeout): gi li segment cha ACK c nht (SEQnumber nh nht), khi chy timer. + nhn ACK (vi ACKnumber l y): trt ca s ln SendBase (=y), khng quan tm mt cc ACK nh hn. Receiver [70]: + nhn segment, nu trc u bin nhn (c ACK): hon gi ACK, ch segment tip. + nhn segment, trc c 1 segment cha ACK: gi ACK cho segment va nhn. + segment n khng ng th t, c khong trng: gi ACK tch ly --> gi "duplicate ACK" + segment thuc khong trng n: gi ngay ACK cho segment .Fast Retransmit [71]: gi nhanh li gi mt, gii quyt vn thi gian timeout gy tr hon vic gi li. Bn gi nhn c 3 "duplicate ACK", lp tc gi li m khng cn ch timer timeout.Flow control: [75] kim sot lung, trnh cho bn gi c nng lc mnh hn lm trn buffer bn nhn. Bn nhn bo RcvWindow trong TCP Header, RcvWindow = RcvBuffer - [LastByteRcvd - LastByteRead] [76] Bn gi hn ch d liu cha ACK: LastByteSent - LastByteACK SYN-SENT --[nhn SYN+ACK, ACK]--> ESTABLISHED + Server: CLOSED --> LISTEN --[nhn SYN, SYN+ACK]--> SYN-RCVD --[nhn ACK]--> ESTABLISHED ng connection: + Client: ESTABLISHED --[FIN]--> FIN-WAIT-1 --[nhn ACK]--> FIN-WAIT-2 --[nhn FIN, ACK]--> TIME-WAIT --[timer timeout]-->CLOSED + Server: ESTABLISHED --[nhn FIN, ACK]--> CLOSE-WAIT --[FIN]--> LAST-ACK --[nhn ACK]--> CLOSED FIN-WAIT-2: trng thi ng kt ni pha Client, Server vn chuyn d liu v Client vn p ng bng ACK.Congestion control: tng l gim lu lng truyn ti, tc gim kch thc ca s gi (cwind), sau khi nhn thy tc nghn (nhn thy mt gi nh timeout hoc 3 "duplicate ACK"). C hai giai on: + Slow Start: tng cp s nhn (gp i) kch thc ca s gi cho n ngng. + Congestion Avoidance: tng cp s cng (tng 1 MSS) ca s gi. T ngng, tng thm d cho n khi pht hin ng . Ngng mi sau ng = 1/2 cwind lc ng Hai trng hp pht hin ng (gy rt gi): timeout (tnh hnh tc nghn ng bo ng): cwind gim n 1 --> tr li Slow Start [99] (Tahoe + Reno) 3 duplicate ACKs: + Tahoe: cwind gim n 1 --> tr li Slow Start + Reno: cwind gim n ngng mi --> Fast Recovery, Fast Retransmit [73] xem Applet: http://media.pearsoncmg.com/aw/aw_kurose_network_4/applets/fairness/index.html
Chapter 4 - Network LayerHost-to-Host [4]: cung cp ng truyn gia hai my tnh, c mt trn cc host v cc router trong mng li. Router (thit b lp 3) kim tra IP header ca cc gi tin chuyn qua n v quyt nh u ra.Chc nng [5]: Forwarding: chuyn tip, nhn gi tin th chuyn tip ra u ra, da trn bng forwarding table. Routing: nh tuyn, xc nh ng i, t thng tin ca gi tin u vo xc nh u ra. thut ton nh tuyn s thit lp thng tin nh tuyn cho bng forwarding table. Connection Setup: chc nng ny ch c vi mng chuyn mch knh.
M hnh dch v [8]: chuyn mch knh (circuit switching, VC network), chuyn mch gi (packet switching, datagram network)Circuit Switching (ATM - Asynchronous Transfer Mode, Frame-relay, X.25): dng giao thc bo hiu (signal protocol) [15], fixed-size packet (cell) Giao thc bo hiu gi thng ip bo hiu hnh thnh knh o (VC - Virtual Channel), cc router thuc knh o s lu tr thng tin v knh o. Gii phng knh o: gii phng ti nguyn ti cc u cui v cc router thuc knh o. Chuyn mch (nhn) lp 2, do nh tuyn khng da vo IP m da vo VC Thng tin cho Forwarding Table [14] (incomming interface + incomming VC) --> outgoing VC Cc dch v ca ATM [9]: Constant Bit Rate, VariableBR, AvailableBR, UnspecifiedBR.Packet Switching (Internet): dch v "best-effort" Khng thit lp knh o, khng lu tr thng tin knh o nh tuyn lp 3 da trn IP ch, c th c nhiu ng i khc nhau [16] Router (thit b lp 3) thng tin cho Fowarding Table (destination network) --> outgoing interface.
Kin trc b nh tuyn (router) Chc nng [21]: chy gii thut nh tuyn (RIP, OSPF, BGP --> bng nh tuyn) v chuyn tip gi tin theo bng nh tuyn. Bao gm: input port v output port, b x l nh tuyn (routing processor), c cu chuyn mch (switching fabric). Cc c cu chuyn mch: + memory [24]: CPU trc tip iu khin, gi tin c sao chp vo b nh h thng --> hn ch bi bng thng ca b nh + shared bus [25]: chuyn tip s dng bus dng chung (shared bus) --> tranh ginh bus. + crossbar[26]: dng a vi x l.Output Port [27]: cn buffer khi tc ca c cu chuyn mch ln hn tc truyn ti gy ra loss Kch thc buffer: gim loss RTT thng thng (~250ms) * bng thng ca link; vi n lung (flow): RTT * C / (N)^1/2 Input Port [30]: cn buffer khi tc cng vo ln hn tc ca c cu chuyn mch, gy ra HOL (Head-of-the-Line) --> queuing delay + loss
Protocol [32]: 3 nhm giao thc. + IP: nh a ch, nh dng gi, quy tc x l gi tin. + Routing (RIP, OSPF, BGP): giao thc chn ng i (nh tuyn). + ICMP: bo li, giao thc bo hiu ca router v cc thit b mng.
Giao thc IP:[34] Header Version: 4 (version 6 c cu trc header khc) Header Length: tnh bng word 32-bit (5-word hoc 20 bytes, nu khng c option) ToS (Type of Service): phn loi cc gi theo dch v, u tin, dng cho QoS Length: bytes, kch thc (header + payload) Identifier, flag (Reversed, DF, MF), Fragment Offset Phn mnh: phn mnh ti router, do datagram i t link c MTU ln vo link c MTU nh hn kch thc d liu. Ch rp mnh ti ch, mi mnh u c IP Header ring. MTU (Maximum Transfer Unit) n v truyn ti ti a, thit lp cho ng truyn. Cc mnh ca mt gi c chung Identifier [flag MD (More Fragment)][offset] [36] [0][x]: fragment cui (x = offset phn mnh / 8) [1][0]: fragment u [0][0]: khng c phn mnh flag DF (Don't Fragment) = 1: gi tin khng c php phn mnh TTL (Time To Live): trnh loop, thng thit lp bng s router trong mng, mi router (hop) gim TTL 1 n v nu router thy TLL = 0 nh rt gi v gi tin qua tt c cc hop m vn cha n ch. --> dng trnh trng hp gi tin lp v hn (inifitive loop) Protocol: giao thc lp trn, dng x l header u tin trong PDU ca datagram
a ch IPv4 (32-bit): Dng nh danh cho network interface ca host v router. CIDR [42]: Classless Inter Domain Routing (nh tuyn lin min khng phn lp) prefix (s bit 1 trong mask) --> mask. V d: prefix /21 --> [ 8 ] . [ 8 ] . [ 5 + 3 ] . [ 8 ] --> 255.255.(256 - 2^3).0 T a ch IP + mask (hoc prefix) suy ra: lp mng: da vo cc bit u tin (0:A 10:B 110:C) hoc da vo dy IP private (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), public hoc loopback (127.0.0.0/8) s host ti a trong mng, tr 2 a ch: a ch u (tn mng, Network ID), a ch cui (broadcast) Route aggregation: kh nng s dng mt prefix cho nhiu mng c gi l tm tt ng. Tm tt ng gim kch thc bng nh tuyn: ISP ly khi a ch t ICANN (Internet Corporation for Assigned) v phn phi. V d: summary route 200.23.16.0/20 ch ng v cc mng: 200.23.16.0/23, 200.23.18.0/23, 200.23.20.0/23, 200.23.30.0/23, ...
DHCP (UDP 67) [44]: chi tit [46], t giao thc BOOTPDHCP (Dynamic Host Configuration Protocol) giao thc cu hnh host ng, cp pht mt b [IP, mask, default gateway, DNS local] Cc thng ip DHCP: DHCP Discover: x (0.0.0.0,68) --> (255.255.255.255,67): tm DHCP Server DHCP Offer: DHCP Server (67) --> (255.255.255.255,68) --> x: mi thu a ch IP cn ri yiadd DHCP Request: x (0.0.0.0,68) --> (255.255.255.255,67) --> DHCP Server: yu cu thu a ch yiadd DHCP ACK: DHCP Server (67) --> (255.255.255.255,68) --> x, ng cho thu a ch yiadd
NAT (Network Address Translation) [54] Chuyn a ch private thnh public, dng bng NAT gi tin t ngoi tr v n ng a ch my gi Topology: Web Server 128.119.40.186 ---- Internet ---- 138.76.29.7 (pulic) ROUTER 10.0.0.1 (private) ---- host (10.0.0.2) Host --> Web Server: [S:10.0.0.2:1234; D:128.119.40.186:80] Ti router: bng NAT: [WAN:138.76.29.7:5000; LAN:10.0.0.2:1234] LAN --> WAN [S:138.76.29.7:5000; D:128.119.40.186:80] Web Server --> Host: [S:128.119.40.186:80; D:138.76.29.7:5000] Ti router: WAN --> LAN [S:128.119.40.186:80; D:10.0.0.2:1234] Vn truy cp vo trong NAT: Client mun truy cp Server trong LAN. + Gii php 1: cu hnh NAT tnh chuyn tip yu cu kt ni n port ch nh vo my ch, V d: kt ni n 123.76.29.7:2500 -> 10.0.0.1:25000 + Gii php 2: dng giao thc IDG (Internet Gateway Device), thm/loi port nh x. + Gii php 3: dng my chuyn tip gi (relaying)
IPv6 [63]: 16 bytes (128-bit, gp 4 ln IPv4) C ch rt gn a ch: + S 0 u nhm c th loi b. V d: 1088:0:0:0:8:800:200C:463A + n gin cc nhm s 0 lin tip nhau bng "::". V d: 1088::8:800:200C:463A + Ch c th s dng mt ln "::" vi a ch. V d: (ng)::AB65:8952:0:0:0 v (sai)::AB65:8952:: IPv6 header (40) [64]: Version, Priority, Flow Label (id cng flow), Payload Length, Next Header (giao thc tng trn), Hop Limit, Source IP, Destination IP Khng cho php fragmentation (gi gi tin c kch thc nh hn MTU ti thiu). ICMPv6: b sung thm thng ip (qun l nhm) Truyn IPv6 qua mng IPv4: dng tunnelling (header IPv4 bc ngoi header IPv6 truyn qua mng IPv4).ICMP [60]: dng thng tin tng mng gia cc thit b, nm trn IP nhng di lp 4 cc thng ip phn bit bng cp (type, code) (+ 8 byte u gi IP gy li) + traceroute (tra ng i n ch): gi UDP (TTL tng dn, port ch ln), nhn ICMP bo li gi v t router dc ng n ch. ICMP Time Exceeded (TTL Expired) (11, 0) ICMP Destination Port Unreachable (3, 3) + tracert (ging traceroute): gi ICMP Echo Request ((8, 0), TTL tng dn), nhn ICMP bo li gi v t router dc ng n ch. ICMP Time Exceeded (TTL Expired) (11, 0) ICMP Echo Reply (0, 0) + ping (cho bit trng thi kt ni vi ch): gi ICMP Echo Request (8, 0), nhn ICMP Echo Reply (0, 0).
Giao thc nh tuynPhn loi: Thng tin ton cc hay phn tn: + Ton cc: mi router c thng tin y v topology v chi ph (thut ton link state) + Phn tn: router thu thp thng tin t cc router lng ging, cp nht lan truyn (thut ton distance vector) nh tuyn tnh hay ng: + Static: cu hnh th cng thit lp ln u, khng t ng nh tuyn li khi topology thay i. + Dynamic: nh k t ng gi gi tin kim tra v cp nht, t ng nh tuyn li nu topology thay i.Thut ton: Intradomain: nh tuyn trong mt AS - Autonomous System, cm router do mt ISP qun l. Link state [75]: da trn thut ton Dijkstra, metric l trng thi link (lu lng). OSPF (Open Shortest Path First) [109] Distance Vector [81]: da trn thut ton quy hoch ng Bellman-Ford, metric l s hop. RIP (Routing Information Protocol) [102] Interdomain [94]: nh tuyn phn cp gia cc gateway router. Gateway router: + C ng lin kt trc tip n gateway router thuc AS khc. + Cu hnh nh tuyn intradomain (nu mng ch trong AS) v nh tuyn interdomain (nu mng ch thuc AS khc). BGP [114] (Border Gateway Protocol)
Broadcast v Multicast Broadcast (LAN): gi n tt c cc my (flooding), bng a ch broadcast ca subnet hoc 255.255.255.255. Nhn bn gi ti ngun (source duplicate). Multicast (WAN): gi n cc my tham gia nhm multicast, cc my thuc cc mng khc nhau. Mt nhm multicast l mt a ch lp D. Nhn bn ti router thuc cy Multicast. Multicast Forwarding Tree: cy bao trm kt ni cc router lin kt n mng c thnh vin nhm multicast. Gi tin multicast c gi trn cy n thnh vin trong nhm.Router gateway ca mng c thnh vin thuc nhm multicast chy giao thc IGMP. + Source-based: cy khc nhau, tng ng vi ngun gi khc nhau. Shortest Path Tree Reverse Path Forwarding: ch forward gi tin n trn cy Shortest Path Tree gia node v ngun. Prune: ct cc subtree (router) khng c thnh vin nhm multicast, dng thng ip upstream prune. + Shared-tree: cy duy nht cho tt c thnh vin. Cy Steiner: cy bao trm ti tiu kt ni cc router c thnh vin nhm multicast, thut ton c phc tp cao. Cy center-based: mt router c chn lm trung tm (nhn gi tin gi v l ngun pht multicast), gi l "im hn" RP (Rendez-vous Point). Giao thc nh tuyn multicast: DVMRP (Distance Vector Multicast Routing Protocol). Datagram multicast ng gi trong datagram thng thng.
Chapter 5Link l ng truyn gia mt thit b vi thit b lin k (device-to-device). Ni cch khc, link ni gia cc node lin k (node-to-node).Nh vy, mt knh lin lc s gm nhiu link, kt ni cc node lin k dc theo knh lin lc . Gi tin truyn trn link gi l frame.Trn cc link khc nhau c th chy giao thc lp Link khc nhau. Cc giao thc lp Link ch hot ng trn kiu link tng ng, mi giao thc cung cp dch v truyn ti khc nhau.V d: giao thc 802.11 dng truyn frame t laptop n Access Point qua link khng dy; giao thc 802.3 dng truyn frame t Access Point n router gateway qua link c dy.
Service [6][7]:Lp 1 v lp 2 ch hot ng trn card mng (NIC - Network Interface Card). NIC c gn vo bus ca h thng, l mt t hp phn cng, phn mm v firmware. Cc dch v:- truyn ti tin cy- kim sot lung (flow control)- framming: hai ngha ng gi datagram thnh frame truyn, gn thm header v trailer (nu cn). da vo preamble (c), phn dng bit t lp 1 a ln thnh frame. trnh c preamble trong d liu gi: + byte stuffing: nu c byte trng vi preamble trong d liu, chn byte ESC trc byte nu c byte ESC trong d liu, chn ESC trc n (ESC ESC) + bit stuffing: chn bit chc rng preamble khng xut hin trong d liu gii V d: trnh xut hin preamble 01111110 trong d liu gi, nu xut hin 5 bit 1 lin tc th chn 1 bit 0 ngay sau n.- error control (error detection + error correction (FEC - Forwarding Error Control)) theo c ch dng m d tha (redundancy) [12] m d tha l m thm vo kim tra, khng c trng ring trong header nh lp 4. parity bit (chn / l) --> pht hin 1 li, khng sa li 2D - parity --> pht hin v sa li (nh v c li) CRC (Cyclic Redundancy Check) [15] m a thc, s hc modulo 2 (php tr = XOR), chia a thc Bn gi: D v G (r+1 bit) --> R (r bit, s d ca [D * 2^r] /G): gi M = D + R Bn nhn: M v G --> M chia ht cho G th M khng li, nu d R', R' dng nh v v sa li G (generator) hai bn u c theo quy c, Ethernet dng CRC-32.- truy cp link (link access): bo m khng ng trong mi trng a truy cp (mi trng Broadcast).- truyn song cng (full-duplex, hai chiu cng lc), bn sng cng (half-duplex, hai chiu khng cng lc).
M Manchester [55]: dng trong 10BaseT trnh tnh trng khng xc nh c s bit 0 (hoc 1) lin tc 1: cao-thp 0: thp-cao
Multiple Access Protocol [20] cho link Broadcast (giao thc MAC)Hai kiu link [17]: Point-to-Point: PPP (dialup), link gia host v switch Broadcast: mng Ethernet c, WLAN (dng chung tn s). Trong link broadcast, c th xy ra ng trn link, node nhn hn 1 tn hiu ti mt thi im.Cn giao thc a truy cp ng truyn (MAC - Multiple Access Protocol), l gii thut xc nh cch cc node chia s knh truyn.Ch thng tin iu phi vic chia s phi s dng chnh knh , ngha l khng dng c ch "out-of-band".Cc nhm giao thc MAC:- Channel Partitioning: phn chia knh truyn thnh cc knh nh hn ri phn phi chng cho cc node cn truyn. Hiu qu khi ti cao (chia s knh truyn cng bng), khng hiu qu khi ti thp (knh ri gy tr cho cc knh cn truyn). Cc cch phn chia knh truyn: TimeDMA [21]: a truy cp ng truyn phn chia theo thi gian, cc host truy cp knh truyn theo vng, mi vng host chim mt slot thi gian c phn chia. Slot khng dng s ri. FrequencyDMA [22]: a truy cp ng truyn phn chia theo tn s, knh c phn chia thnh nhiu bng tn, host c gn cho mt bng tn xc nh. Bng tn khng dng s ri CodeDMA- Random Access: truy cp knh truyn mt cch ngu nhin, nu gp ng th truyn li: Hiu qu khi ti thp (dnh trn bng thng), khng hiu qu khi ti cao (d ng ). Giao thc nhm ny ch r: cch pht hin ng v cc phc hi sau ng . [25] Slotted ALOHA: chia cc slot thi gian truyn frame, cc node ng b thi gian truyn ti u slot, cc host truyn mt cch ngu nhin, nu c ng trong slot th hy ri truyn li cc gi trong slot (37%). [27] Pure ALOHA: khng cn ng b, truyn ngu nhin thi im bt k, kh nng ng cao (18%). [29] CSMA (Carrier Sense Multiple Access): lng nghe trc khi truyn, knh rnh th truyn, knh bn hon truyn. CSMA vn c th xy ra ng do tr lan truyn, tn hiu do node ny cha lan truyn n node kia nn node kia vn truyn. CD (Collision Detection): khi truyn vn lng nghe ng , ng th hy gi tin ang truyn. CSMA/CD dng cho Ethernet - 802.3 do pht hin ng d trong ng truyn c dy. CSMA/CA (Collision Avoidance) dng cho WLAN - 802.11.- Taking turns: thay phin nhau truyn, quyn truyn lun phin cng bng. Dng trong Bluetooth, FDDI, IBM Token Ring. Hiu qu khi ti cao (ging Channel Partitioning) ln ti thp (ging Random Access). [34] polling: my master qut thm d v cp quyn truyn ca cc my slave. im yu: my master [35] token passing (Token Ring - 802.5): my c token mi c truyn. im yu: token (hin tng mt token)
MAC address (6 bytes, 48-bit) [38] gn cng trong ROM ca NIC, c th thay i MAc bng phn mm. khc nhau trn mi NIC, cha m nh sn xut (OUI) a ch broadcast lp Link: FF-FF-FF-FF-FF-FF
ARP: (IP address --> MAC address) Phn gii a ch (IP --> MAC) [42] My A gi cho my B nhng my A khng c MAC ca my B trong cache (bng ARP): - My A broadcast (FF-FF-FF-FF-FF-FF) ARP Request ton mng hi MAC ca my B. - My B tr li MAC ca n trong ARP Reply, cc my khc nh rt gi do IP ch khng phi ca n. - My A lu thng tin nh x IP - MAC ca B trong ARP cache. Xem bng lnh arp. - My A dng MAC ca B lm a ch ch trong frame truyn. Cn ch khi gi gi t A n B qua nhiu link, khi bt gi trn mt link: - a ch IP ngun l a ch IP ca A, a ch IP ch l a ch IP ca B. - a ch MAC ngun l a ch MAC ca u link gi (khng nht thit l A), a ch MAC ch l a ch MAC ca u link nhn (khng nht thit l B). Phn gii a ch ngoi mng [44] Gi n MAC (cng LAN) ca gateway. Tn cng in hnh: ARP poisoning.
Ethernet (giao thc MAC 802.3) Topology Bus (th h c, d ng trn bus) v Star (hin nay, dng Switch, gim ng ). + Frame [48]: [Preamble (7 byte 10101010) + Start of Frame (1 byte 10101011)][Destination MAC] [Source MAC][Type/Length][Data (max: 1500)] [FCS - Frame check sequence (CRC-32)][Trailer (pad): m cho 46 byte ti thiu)] + CSMA/CD [31]: CSMA (lng nghe trc khi truyn) CD (khi truyn vn lng nghe pht hin ng ) + CD: hy truyn, truyn jam signal 48-bit [52] chy gii thut exponential backoff [51] chn slot thi gian gi li. ng ln n (n gim kh nng ng li.Hiu sut Ethernet [53]: 1/(1 + 5t[prop]/t[trans]), max: t[prop] tin n 0 hoc t[trans] tng n v cng.C nhiu chun Ethernet vi tc truyn khc nhau, cho cc mi trng truyn khc nhau:- Cp ng: 100Base-TX, 100Base-T2, 100Base-T4- Cp quang: 100Base-FX, 100Base-SX, 100Base-BX
Thit b: Hub [57] (thit b layer 1, lm vic vi tn hiu), sao chp tn hiu vo n cc li ra. Switch [58] (thit b layer 2, lm vic vi a ch MAC) c bng CAM (Content Addressable Memory), nh x MAC - Port hc: MAC A gi frame n switch ti port a, CAM lu nh x A - a (thit b c a ch MAC l A ang cm vo port a). switch kim tra a ch MAC ch ca gi tin n, tham chiu CAM, chuyn ra port nh x a ch MAC . nu cha hc c MAC ch, gi frame ra mi port (flooding). Cut-through: ch ca switch, va nhn va chuyn, khng cn i frame.
PPP [69] (giao thc point-to-point) + Frame [72]: [Flag][Address][Control][Protocol][Info][Check][Flag] + Flag (preamble): 01111110, byte stuffing