COMPUTER SECURITY

COMPUTER
NETWORKING
노현용
 NETWORK:DATA PLANE
Focus on the data plane to understand the principles of network layer
service.

Instantiation, implementing on the Internet

 WHAT IS THE NETWORK LAYER?
The network layer receives segments from A router analyzes IP datagram headers to
the transport layer and delivers them to the forward data along the correct path.
destination host.

application

host
transport
0110
network
segment

link

physical
 R1 R2
H1 H2

NETWORK application network network application

transport link link transport

LAYER: network physical physical network

DATA PLANE link

physical
link

physical

This figure shows a simple network of two hosts, H1 and H2

It's a picture that shows you.
The router has a truncated protocol stack.
The higher layer of the network layer in the protocol stack does
not exist because it does not support the transport layer and the
application layer.
TWO KEY NETWORK-LAYER FUNCTIONS

Network layer
Forwarding
move packets from a router’s input link to appropriate
router output link

Routing
determine route taken by packets from source to
destination

routing algorithm
NETWORK LAYER : TWO CONTROL-PLANE
APPROACHES
traditional routing algorithms software-defined networking (SDN)
implemented in routers implemented in (remote) servers​
traditional routing algorithms

For example, a routing

algorithm runs on each and
every router, and a router
must have both forwarding
and routing functions.
Software-Defined Networking (SDN)

Routers communicate with

remote controllers by
exchanging messages
containing forwarding tables
and other routing
information.

Installed in a remote data

center with high reliability
and redundancy
Software-Defined Networking (SDN)

Controllers in remote data

centers manage network devices
centrally, offering flexibility,
reliability, and redundancy for
stable network operation in case
of failures.
When a network is software-defined
The controller that computes the
forwarding table interacts with
the router
Run in software
 NETWORK SERVICE MODEL
Network layer provisioning services

guaranteed delivery

guaranteed delivery within delay limits

in-order datagram delivery

guaranteed minimum bandwidth to flow

restrictions on changes in inter-packet spacing

security service

There are many other variations as well.

 NETWORK SERVICE MODEL
Internet network layer
best-effort service
Characteristics of best-effort service
It does not guarantee that packets will be received in the order they are sent.
It does not guarantee that packets will be delivered to the destination.
It does not guarantee delay between end systems.
It does not have a guaranteed minimum bandwidth.
 NETWORK SERVICE MODEL
Internet network layer
best-effort service
 NETWORK SERVICE MODEL
Internet network layer
Best-in-class service internet model
simplicity of mechanism has allowed internet to be widely deployed adopted
sufficient provisioning of bandwidth allows performance of real-time applications (e.g.
interactive voice,video) to be good enough for most of the time

replicated, application-layer distributed services connecting close to clients' networks,

allow services to be provided from multiple locations
congestion control of elastic services helps
it's hard to argue with success of best-effort service model
 WHAT'S INSIDE A ROUTER?

input ports, switching, output ports

buffer management, scheduling

input ports, switching, output ports

Four Elements of a Router

Hardware
Input port
Switch fabric
Output port
Software
Routing processor
input ports, switching, output ports

Input port
Physical link coming from the router
Performs link layer functions required to interoperate
with the link layer
Key function is the lookup function
Refers to the forwarding table to determine the router
output port through the switch structure for the
arrived packet
input ports, switching, output ports

Switching Fabric
Transfers packets from input to output port within
Four Elements of a Router
the router
Connects input and output ports
Hardware
Output Port Input port
Stores packets from
Switch the switch fabric
fabric
After performing
Output link
portlayer and physical layer
functions, data is forwarded to the output link.
Software
Routing Processor
Routing processor
Performs control plane functions
Runs routing protocol, manages link state
information, and calculates forwarding table
 Input port functions

physical layer
bit-level reception
decentralized switching
destination-based forwarding
link layer
forward based only on destination IP address
e.g., Ethernet
generalized forwarding
forward based on any set of header
Destination-based Forwarding
 Longest prefix matching

11001000 00010111 00010110 10100001

examples
11001000 00010111 00011000 10101010
 Longest prefix matching

Match

11001000 00010111 00010110 10100001

examples Packet
11001000 00010111 00011000 10101010 0
 Longest prefix matching

Match
11001000 00010111 00010110 10100001
examples Packet
11001000 00010111 00011000 10101010 2
 Longest prefix matching

Match
11001000 00010111 00010110 10100001 longest prefix matching rule
examples
11001000 00010111 00011000 10101010 Packet Packet
1,2 1
 Longest prefix matching

we’ll see why longest prefix matching is used shortly, when we study addressing
longest prefix matching: often preformed using ternary content addressable
memories(TCAMs)
content addressable: present address to TCAM : retrieve address in one clock
cycle, regardless of table size
Cisco Catalyst: ~1M routing table entries in TCAM
 switching

Router's core function is packet transmission between input and output links through a switching
structure.
Switching speed determines how fast packets move from input to output, usually measured as a
multiple of line speed.
 switching

three major types of switching fabrics

memory
bus
interconnection network(Crossbar)
 switching

Packet Forwarding Process

1. When a packet arrives, the input port sends an interrupt to the routing processor, which copies
the packet to the processor memory.
2. The routing processor extracts the destination address from the header.
3. It finds the appropriate output port in the forwarding table and copies the packet to the buffer
of the output port.
 switching

If the memory bandwidth can write or read packets to or from memory at most B per second, the
total forwarding throughput must be less than B/2, and two packets cannot be forwarded
simultaneously because only one memory read/write operation can be performed at a time over
the shared system bus even if the destination ports are different.
 switching

datagram from input port memory to output port memory via a shared bus
bus contention: switching speed limited by bus bandwidth
32 Gbps bus, Cisco 5600
 switching

Overcoming the bandwidth limitations of bus

Crossbar switch
Cisco 12000
 output port functions

Output port processing takes packets stored in the memory of the output port and
transmits them over the output link. This includes selecting and dequeuing packets
for transmission, and performing any necessary link layer and physical layer
forwarding functions.
 Input port queuing

Queuing also occurs at the input port when the switch architecture is not fast enough to
forward all arriving packets
- Queuing delays and packet loss due to input buffer overflow
HOL blocking (head-of-the-line blocking)
- Datagrams stored at the front of the queue prevent other packets from being forwarded
 Output port queuing

When the switching structure arrives at the output port faster than the packet
transmission speed (output link speed), buffering (queuing) is required
When the network is congested, the buffer is full and packet loss occurs A scheduling rule
is required to select and transmit datagrams stored in the buffer
Priority-based scheduling
 How much buffering?

Link capacity C
Amount of buffering B = RTT (250msec)
Amount of buffer needed = RTT * C
Large number of independent TCP flows N
Buffering required when a large number of independent TCP flows traverse the link
Excessive buffering: increased queuing delay
-> Keep links sufficiently full, but not fuller
 PACKET SCHEDULING

Fist Come, First Served Priority queueing

Round robin Weighted fair queueing

 FIFO queuing

FIFO (First In, First Out) method

Select packets to be transmitted on the output link in the same order in which they
arrived in the output link queue.
 Priority queuing

Packets arriving at the output link are classified by priority class when they arrive at the
queue
Packets in the highest priority class are transmitted
Same priority -> FCFS method
Non-preemptive priority queuing: Even if packet 4 with higher priority arrives during the
transmission of packet 2, packet 4 waits for transmission because it does not stop once the
transmission of the packet starts.
 Round Robin

Classification by class, such as priority queuing

No strict service priority between classes
Services are provided alternately between classes
: class1 -> class2 -> class3 -> class1 -> ...
Work preservation queuing: No idle state allowed, next class is checked immediately
 WFQ

Generalized form of Round Robin

Difference from RR: Each class is given a different amount of service time
Each class i is assigned a weight (W(i))
Service time guaranteed to class i while there are class i packets to transmit =
Minimum bandwidth guarantee
 🔺
[Network Neutrality]
ISP
-Definition of what exactly constitutes a 'class' of traffic
- How to share/allocate resources
- Packet scheduling, buffer management mechanisms
- Potentially giving datagrams priority over datagrams from other companies using the datagram's source IP address
- Blocking traffic with a source IP address from a specific company or country
- Different countries have different approaches to network neutrality.
Three clear and bright rules of reference
1) No Blocking
: Services do not block legitimate content, applications, services, or non-service devices based on reasonable network management
2) No Throttling
: Use of non-harmful devices based on reasonable network management does not damage or degrade legitimate Internet traffic
3) No Paid Prioritization
: No involvement in paid prioritization
Paid prioritization uses techniques such as traffic shaping and priority traffic management
 COMPUTER SECURITY

Q&A

노현용