Elements of Computer Networking - 1
Elements of Computer Networking - 1
Computer Networking
An Integrated Approach
By
Narasimha Karumanchi
Dr. A. Damodaram
Dr. M. Sreenivasa Rao
All rights reserved. No part of this book may be reproduced in any form or by any
electronic or mechanical means, including information storage and retrieval systems,
without written permission from the publisher or author.
Acknowledgements
ℎ and ℎ , it is impossible to thank you adequately for everything you have
done, from loving me unconditionally to raising me in a stable household, where you
persistent efforts traditional values and taught your children to celebrate and embrace
life. I could not have asked for better parents or role-models. You showed me that
anything is possible with faith, hard work and determination.
This book would not have been possible without the help of many people. I would like to
thank them for their efforts in improving the end result. Before we do so, however, I
should mention that I have done my best to correct the mistakes that the reviewers
have pointed out and to accurately describe the protocols and mechanisms. I alone am
responsible for any remaining errors.
First and foremost, I would like to express my gratitude to many people who saw me
through this book, to all those who provided support, talked things over, read, wrote,
offered comments, allowed me to quote their remarks and assisted in the editing,
proofreading and design. In particular, I would like to thank the following individuals.
, Senior Consultant, Juniper Networks Pvt. Ltd.
ℎ, Lecturer, Nagarjuna Institute of Technology and Sciences, MLG
- ℎ ℎ
M. Tech,
Founder, .
Other Titles by Narasimha Karumanchi
Data Structures and Algorithms Made Easy
Data Structures and Algorithms for GATE
Data Structures and Algorithms Made Easy in Java
Coding Interview Questions
Peeling Design Patterns
IT Interview Questions
Data Structure and Algorithmic Thinking with Python
Preface
Dear Reader,
Please Hold on! We know many people do not read the preface. But we would strongly
recommend that you go through the preface of this book at least.
There are hundreds of books on computer networking already flooding the market. The
reader may naturally wonder what the need of writing another book on computer
networking is!
This book assumes you have basic knowledge about computer science. Main objective
of the book is to provide you the of and ℎ
questions. Before writing the book, we set ourselves the following :
The book be written in ℎ that readers without any background in
computer networking should be able to understand it and .
The book should present the concepts of in
and straightforward manner with a − explanation.
The book should provide enough examples so that readers get better
understanding of the and also useful for the interviews.
We mean, the book should cover interview questions.
Please remember, the books which are available in the market are lacking one or many
of these goals. Based on my teaching and industrial experience, we thought of writing
this book aiming at achieving these goals in a simple way. A 3-stage formula is used in
writing this book, i.e.
+ +
We used very simple language such that a school going student can also understand
the concepts easily. Once the concept is discussed, it is then interlaced into problems.
The solutions of each and every problem are well explained.
Finally, interview questions with answers on every concept are covered. All the interview
questions in this book are collected from various interviews conducted by top software
development companies.
This book talks about networks in everyday terms. The language is friendly; you don’t
need a graduate education to go through it.
As a job seeker if you read complete book with good understanding, we are sure you will
challenge the interviewers and that is the objective of this book.
This book is very much useful for the students of engineering degree and masters
during their academic course. All the chapters of this book contain theory and their
related problems. If you read as a student preparing for competition exams (e.g. GATE),
content of this book covers all the required topics in full details.
It is that, at least reading of this book is required to get full
understanding of all the topics. In the readings, you can directly go to any
chapter and refer. Even though, enough readings were given for correcting the errors,
due to human tendency there could be some minor typos in the book.
If any such typos found, they will be updated at . . We request you to
constantly monitor this site for any corrections, new problems and solutions. Also,
please provide your valuable suggestions at: @ . .
Wish you all the best. We are sure that you will find this book useful.
ℎ ℎ Dr. A. Dr. M.
M. Tech, M.Tech. (C.S.E.), Ph.D. (C.S.E) Dean MSIT Programme,
Founder, . Director, School of IT M.Tech. (C.S.E.), Ph.D. (C.S.E)
Director, School of IT
Table of Contents
2. Introduction------------------------------------------------------------------------ 19
2.1 What is a Computer Network? ----------------------------------------------------------- 19
2.2 Basic Elements of Computer Networks ------------------------------------------------- 19
2.3 What is an Internet? ----------------------------------------------------------------------- 20
2.4 Fundamentals of Data and Signals------------------------------------------------------ 20
2.5 Network Topologies ------------------------------------------------------------------------ 24
2.6 Network Operating Systems -------------------------------------------------------------- 28
2.7 Transmission Medium --------------------------------------------------------------------- 29
2.8 Types of Networks -------------------------------------------------------------------------- 31
2.9 Connection-oriented and Connectionless services ------------------------------------ 34
2.10 Segmentation and Multiplexing -------------------------------------------------------- 35
2.11 Network Performance -------------------------------------------------------------------- 35
2.12 Network Switching------------------------------------------------------------------------ 42
Problems and Questions with Answers------------------------------------------------------ 48
Chapter
Organization of
Chapters 1
1.1 Why Computer Networks are needed?
Computer networking is one of the most exciting and important technical fields of our
time. Information and communication are two of the most important strategic issues for
the success of every enterprise.
is the mother of invention, and whenever we really need something, humans
will find a way to get it. Let us imagine we do not have computer networking in our lives
now. People can communicate only with each other through phone (or fax). For
example, sharing a printer between many computers will be difficult as printer cable
must be attached to the computer which requires printing. Removable media such as
diskettes or thumb drives must be used in order to share files or to transfer files from
one machine to another machine.
Just imagine you need to transfer a file to one thousand computers. To these
problems, computer networks are . Computer networks allow the user to
access and either of the same organization or from
other enterprises or public sources. Computer networks provide faster communication
than other facilities. Many applications or software’s are also developed for enhancing
communication. Some examples are Email, Instance Messages, and internet phone.
Also, TCP provides a mechanism for error correction. In TCP, error detection and
correction in TCP is achieved by:
1. Checksum
2. Acknowledgement
3. Timeout and retransmission
In this chapter, we discuss several error control algorithms such as Stop and
Wait ARQ, Go Back N ARQ, Selective Reject ARQ etc...
11. : TCP provides a way for the receiver to control the amount of
data sent by the sender. Nodes that send and receive TCP data segments can
operate at different data rates because of differences in CPU and network
bandwidth. As a result, it is possible for sender to send data at a faster rate than
the receiver can handle.
If the receiver is slower than the sender, bytes will have to be dropped from the
receiver’s sliding window buffer. TCP deals with this issue using what is known
as .
As an example, consider a conversation with your friend. One of you listens
while the other speaks. You might nod your head as you listen or you might
interrupting the flow with a "Whoa, slow down, you are talking too fast!" This is
actually flow control. Some of us are better at it than others, but we all do it to
some degree. You nod to indicate you understood and are ready for the next
statement of information or you tell your friend when they are going too fast.
That's control.
This chapter focuses on such controlling algorithms for computer networks
( mechanism, and ).
12. : In today’s world, the (TCP)
carries huge Internet traffic, so performance of the Internet depends to a great
extent on how well TCP works. TCP provides a reliable transport service between
two processes running on source and destination nodes.
In this chapter, we discuss another important component of TCP;
mechanism. The important strategy of TCP is to send packets into the
network and then to react to that occur. TCP congestion
control was introduced into the Internet in the late 1980s by ;
roughly eight years after the TCP/IP protocol stack had become operational.
To address these issues, multiple mechanisms were implemented in TCP to
govern the rate with which the data can be sent in both directions (
and ): , , and
. These are the subject of this chapter.
13. : The session layer resides above the transport layer, and provides
value added services to the underlying transport layer services. The session
layer (along with the presentation layer) adds services to the transport layer that
are likely to be of use to applications, so that each application doesn't have to
provide its own implementation. Layer 5 of the OSI reference model is session
layer. It does not add many communications features/functionality, and is thus
termed a very thin layer. On many systems, the Layer 5 features are disabled,
but you should nonetheless know what failures can be prevented by a session
layer.
The session layer provides the following services:
I. Dialog management
II. Synchronization
III. Activity management
IV. Exception handling
This chapter ends with discussion on major session layer protocols such as
AppleTalk Data Stream Protocol (ADSP), AppleTalk Session Protocol (ASP),
Chapter
Introduction 2
2.1 What is a Computer Network?
A computer network is a group of computers that are connected together and
communicate with one another. These computers can be connected by the telephone
lines, co-axial cable, satellite links or some other communication techniques.
Medium Network
Devices
Message
Communication begins with a message that must be sent from one device to another.
People exchange ideas using many different communication methods. All of these
methods have ℎ elements in common.
The first of these elements is the ( ). Message sources are
people, or electronic devices, that need to send a message to other
individuals/devices.
The second element of communication is the ( ), of the
message. The destination receives the message and interprets it.
Important Question
From the choices below, select the best definition of a network.
A. A collection of printers with no media.
B. Devices interconnected by some common communication channel.
C. A device that sends communication to the Internet.
D. A shared folder stored on a server.
Answer: B.
Analog data take values on some interval. Examples of analog data are voice
and video. The data that are collected from the real world with the help of transducers
are continuous-valued or analog in nature.
On the contrary, digital data take values. Text or character strings can be
considered as examples of digital data. Characters are represented by suitable codes,
e.g. ASCII code, where each character is represented by a 7-bit code.
Amplitude
Time
The readings from the thermometer are also continuous in amplitude. This means that
assuming your eyes are sensitive enough to read the mercury level, readings of 37,
37.4, or 37.440183432°C are possible. In actuality, most cardiac signals of interest are
analog by nature. For example, voltages recorded on the body surface and cardiac
motion is continuous functions in time and amplitude.
In this, signals 0 and 1 are transmitted as electric waves. A system of transmitting
analog signals is called system.
sound and video stored in this computer are held and manipulated as patterns of
binary values.
Time
2.4.7 Frequency
Frequency describes the number of waves that pass a fixed place in a given amount of
time. So if the time it takes for a wave to pass is 1/2 second, the frequency is 2 per
second. If it takes 1/100 of an hour, the frequency is 100 per hour.
High frequency waves Low frequency waves
1 0 1 1 1 0 0 0 1 0
Time
The speed of the data is expressed in bits per second (bits/s, bits per second or bps).
The data rate is a function of the duration of the bit or bit time:
1
=
Rate is also called ℎ C. If the bit time is 10 , the data rate equals:
R= = 10 bps or 100 million bits/sec
×
This can be used to translate baud into a bit rate using the following formula:
= ×
Baud can be abbreviated using the shortened form when being used for technical
purposes.
The significance of these formulas is that higher baud rates equate to greater amounts
of data transmission, as long as the bits per symbol are the same. A system using 4800
baud modems that has 4 bits per symbol will send less data than a system using 9600
baud modems that also has 4 bits per symbol. So, all other things being equal, a higher
rate is generally preferred.
2.4.10 Attenuation
(also called ) is a general term that refers to any reduction in the
strength of a signal. Attenuation occurs with any type of signal, whether digital or
analog. It usually occurs while transmitting analog or digital signals over long
distances.
How is it expressed?
As the name suggests, signal to noise ratio is a comparison or ratio of the amount of
signal to the amount of noise and is expressed in decibels. Signal to noise ratio is
abbreviated / and higher numbers mean a better specification. A component
with a signal to noise ratio of 100 dB means that the level of the audio signal is 100 dB
higher than the level of the noise and is a better specification than a component with a
S/N ratio of 90 dB.
Signal-to-noise ratio is defined as the power ratio between a signal and noise. It can be
derived from the formula
P µ
= =
P
where µ is the signal mean or expected value
the standard deviation of the noise
Node
Link
Only one computer at a time can transmit a packet on a bus topology. Systems in a bus
topology listen to all traffic on the network but accept only the packets that are
addressed to them. Broadcast packets are an exception because all computers on the
network accept them. When a computer sends out a packet, it travels in both directions
from the computer. This means that the network is occupied until the destination
computer accepts the packet.
The number of computers on a bus topology network has a major influence on the
performance of the network. A bus is a passive topology. The computers on a bus
topology only listen or send data. They do not take data and send it on or regenerate it.
So if one computer on the network fails, the network is still up.
Advantages
One advantage of a bus topology is . The bus topology uses less cable than other
topologies. Another advantage is the ease of . With the bus topology, we
simply connect the system to the cable segment. We need only the amount of cable to
connect the workstations we have. The ease of working with a bus topology and the
minimum amount of cable make this the most economical choice for a network
topology. If a computer fails, the network stays up.
Disadvantages
The main disadvantage of the bus topology is the difficulty of ℎ . When the
network goes down, usually it is from a break in the cable segment. With a large
network this can be tough to isolate. A cable break between computers on a bus
topology would take the entire network down. Another disadvantage of a bus topology is
that the ℎ the traffic, the the network.
Scalability is an important consideration with the dynamic world of networking. Being
able to make changes easily within the size and layout of your network can be
important in future productivity or downtime. The bus topology is not very scalable.
Link
Hub
Node
Advantages
One advantage of a start topology is the centralization of cabling. With a hub, if one link
fails, the remaining systems are not affected like they are with other topologies, which
we will look at in this chapter.
Centralizing network components can make an administrator’s life much easier in the
long run. Centralized management and monitoring of network traffic can be vital to
network success. With this type of configuration, it is also easy to add or change
configurations with all the connections coming to a central point.
Disadvantages
On the flip side to this is the fact that if the hub fails, the entire network, or a good
portion of the network, comes down. This is, of course, an easier fix than trying to find
a break in a cable in a bus topology.
Link
Node
As shown in figure, the ring topology is a circle that has no start and no end.
Terminators are not necessary in a ring topology. Signals travel in one direction on a
ring while they are passed from one system to the next. Each system checks the packet
for its destination and passes it on as a repeater would. If one of the systems fails, the
entire ring network goes down.
Advantages
The nice thing about a ring topology is that each computer has equal access to
communicate on the network. (With bus and star topologies, only one workstation can
communicate on the network at a time.) The ring topology provides good performance
for each system. This means that busier systems that send out a lot of information do
not inhibit other systems from communicating. Another advantage of the ring topology
is that signal degeneration is low.
Disadvantages
The biggest problem with a ring topology is that if one system fails or the cable link is
broken the entire network could go down. With newer technology this isn’t always the
case. The concept of a ring topology is that the ring isn’t broken and the signal hops
from system to system, connection to connection.
Another disadvantage is that if we make a cabling change to the network or a system
change, such as a move, the brief disconnection can interrupt or bring down the entire
network.
Link
Node
A mesh topology is not very common in computer networking. The mesh topology is
more commonly seen with something like the national phone network. With the mesh
topology, every system has a connection to every other component of the network.
Systems in a mesh topology are all connected to every other component of the network.
If we have 4 systems, we must have six cables— three coming from each system to the
other systems.
Two nodes are connected by dedicated point-point links between them. So the total
number of links to connect nodes would be
( )
[Proportional to ]
Advantages
The biggest advantage of a mesh topology is fault tolerance. If there is a break in a cable
segment, traffic can be rerouted. This fault tolerance means that the network going
down due to a cable fault is almost impossible.
Disadvantages
A mesh topology is very hard to administer and manage because of the numerous
connections. Another disadvantage is cost. With a large network, the amount of cable
needed to connect and the interfaces on the workstations would be very expensive.
Repeater-1
Repeater-2 Repeater-3
All the topologies discussed so far are symmetric and constrained by well-defined
interconnection pattern. However, sometimes no definite pattern is followed and nodes
are interconnected in an arbitrary manner using point-to-point links.
Unconstrained topology allows a lot of configuration flexibility but suffers from the
complex routing problem. Complex routing involves unwanted overhead and delay.
2.6.1 Peer-to-peer
Peer to Peer
Network
File Server
Other
equipment
Twisted pair cables are widely used in telephone network and are increasingly being
used for data transmission.
Larger the cable diameter, lower is the transmission loss, and higher transfer speeds
can be achieved. A co-axial cable can be used over a distance of about 1 KM and can
achieve a transfer rate of up to 100 Mbps.
On the flip side, difficult installation and maintenance procedures of fiber require
skilled technicians. Also, the cost of a fiber-based solution is more. Another drawback
of implementing a fiber solution involves cost for fitting to existing network
equipment/hardware. Fiber is incompatible with most electronic network equipment.
That means, we have to purchase fiber-compatible network hardware.
Fiber-optic cable is made-up of a core glass fiber surrounded by cladding. An insulated
covering then surrounds both of these within an outer protective sheath.
Since light waves give a much high bandwidth than electrical signals, this leads to high
data transfer rate of about 1000 Mbps. This can be used for long and medium distance
transmission links.
A MAN may be fully owned and operated by a private company or be a service provided
by a public company.
Projector
Camera
Scanner
Printer
This service does not have the reliability of the connection-oriented method, but it is
useful for periodic burst transfers.
Neither system must maintain state information for the systems that they send
transmission to or receive transmission from. A connectionless network provides
minimal services. User Datagram Protocol (UDP) is a connectionless protocol.
Common features of a connectionless service are:
Data (packets) do not need to arrive in a specific order
Reassembly of any packet broken into fragments during transmission must be
in proper order
No time is used in creating a session
No acknowledgement is required.
These large streams of data would result in significant delays. Further, if a link in the
interconnected network infrastructure failed during the transmission, the complete
message would be lost and have to be retransmitted in full.
A better approach is to divide the data into smaller, more manageable pieces to send
over the network. This division of the data stream into smaller pieces is called
. Segmenting messages has two primary benefits.
, by sending smaller individual pieces from source to destination, many different
conversations can be interleaved on the network. The process used to interleave the
pieces of separate conversations together on the network is called .
data in the segment, the host retransmits the segment. The time from when the timer is
started until when it expires is called the of the timer.
What should be the ideal be? Clearly, the timeout should be larger than the
connection's round-trip time, i.e., the time from when a segment is sent until it is
acknowledged.
Otherwise, unnecessary retransmissions would be sent. But the timeout should not be
much larger than the - ; otherwise, when a segment is lost, TCP would not
quickly retransmit the segment, thereby introducing significant data transfer delays
into the application. Before discussing the timeout interval in more detail, let us take a
closer look at the round-trip time ( ).
The round trip time calculation algorithm is used to calculate the average time for data
to be acknowledged. When a data packet is sent, the elapsed time for the
acknowledgment to arrive is measured and the mean deviation algorithm
is applied. This time is used to determine the interval to retransmit data.
= (1- ) * + *
The above formula is written in the form of a programming language statement - the
new value of is a weighted combination of the previous value of
and the new value for . A typical value of is = .1, in which
case the above formula becomes:
= .9 + .1
Next Router/Switch
or
Processing delay Destination
Processing delay
Router or Switch
= + + +
These are the latencies caused only by propagation delays in the transmission medium.
If you were the only one sending one single data bit and you had unlimited bandwidth
available, the speed of the packet would still be delayed by the propagation delay.
This delay happens without regard for the amount of data being transmitted, the
transmission rate, the protocol being used or any link impairment.
For example:
Serialization of a 1500 byte packet used on a 56K modem link will take 214
milliseconds
Serialization of the same 1500 byte packet on a 100 Mbps LAN will take 120
microseconds
Serialization can represent a significant delay on links that operate a lower
transmission rates, but for most links this delay is a tiny fraction of the overall latency
when compared to the other contributors.
Voice and video data streams generally use small packet sizes (~20 ms of data) to
minimize the impact of serialization delay.
the use of radio spectrum is controlled by nearly every government on the planet. The
amount of radio spectrum occupied by any given radio signal is called its bandwidth.
The nature of radio spectrum use is beyond this paper but it’s important to understand
that generally the occupied radio spectrum of a modem signal will increase with the
data rate:
Higher modem data rates cause the modem to occupy more radio bandwidth
Lower modem data rates will let the modem occupy less radio bandwidth
Since radio spectrum is a limited resource, the occupied radio bandwidth is an
important limiting factor in wireless and satellite links.
Noise in the radio channel will perturb the analog signal waveform and can cause the
demodulator at the receiver to change a digital one into a zero or vice versus. The effect
of noise can be overcome by increasing the power level of the transmitted signal, or by
adding a few extra error correcting bits to the data that is being transmitted. These
error correcting bits help the receiver correct bit errors. However, the error correction
bits increase the bandwidth that is required.
Bandwidth
The Bandwidth × Delay Product, or BDP for short determines the amount of data that
can be in transit in the network. It is the product of the availalbe bandwidth and the
latency. Sometimes it is calculated as the data link's capacity multiplied by its round
trip time (RTT). BDP is a very important concept in a Window based protocol such as
TCP.
It plays an especially important role in high-speed / high-latency networks, such as
most broadband internet connections. It is one of the most important factors of
tweaking TCP in order to tune systems to the type of network used.
The BDP simply states that:
( ) = ℎ( / ) × ( )
2.11.5 Revisiting Queuing Delay
2.11 Network Performance 39
Elements of Computer Networking Introduction
Queuing delay depends on the number and size of the other packets in the queue before
it as well as the transmission rate of the interface. With queuing delays, below is the
common question which arises frequently.
When is the queuing delay large and when is it insignificant?
The answer to this question depends on the rate at which traffic arrives at the queue,
the transmission rate of the link, and the nature of the arriving traffic, that is, whether
the traffic arrives occasionally or arrives in bursts. To get some insight here, let “ ”
denote the average rate at which packets arrive at the queue (" " is in units of
packets/sec). Also, assume that is the transmission rate; that is, it is the rate (in
bits/sec) at which bits are pushed out of the queue.
For simplicity, that all packets consist of bits. Then the average rate at which bits
arrive at the queue is bits/sec. Finally, suppose that the queue is very big, so that it
can hold basically an infinite number of bits. The ratio / , called the ,
often plays an important role in estimating the extent of the queuing delay.
×
=
Where, is the average arrival rate of packets (e.g. packets/sec)
is the average packet length (e.g. in bits), and
is the transmission rate (e.g. bits/sec)
If × / > 1, then the average rate at which bits arrive at the queue exceeds the rate
at which the bits can be transmitted from the queue. In this unfortunate situation, the
queue will tend to increase without bound and the queuing delay will approach infinity.
Therefore, one of the golden rules in traffic engineering is: Design your system so that
the traffic intensity is no greater than 1.
Now think about the case × / = 1. Here, the nature of the arriving traffic impacts
the queuing delay. For instance, if packets arrive periodically -that is, one packet
arrives every / seconds - then every packet will arrive at an empty queue and there
will be no queuing delay. On the other hand, if packets arrive in bursts but
occasionally, there can be a considerable average queuing delay.
For instance, suppose packets arrive simultaneously every ( / ) seconds. Then the
first packet transmitted has no queuing delay; the second packet transmitted has a
queuing delay of / seconds; and more commonly, the packet transmitted has a
queuing delay of ( − 1) × / seconds.
Most of us know from experience that the actual network speed is much slower than
what is specified. Throughput is the actual amount of data that could be transferred
through the network. That is the actual amount of data that gets transmitted back and
forth from your computer, through the Internet to the web server in a single unit of
time.
When downloading a file you will see a window with a progress bar and a number. This
number is actually the throughput and you must have noticed that it is not constant
and almost always has a value lower than specified bandwidth for your connection.
Several factors like the number of users accessing the network, network topology,
physical media and hardware capabilities can effect this reduction in the bandwidth. As
you can imagine, throughput is also measured using the same units used to measure
the bandwidth.
As you have seen, bandwidth and throughput seems to give a similar measurement
about a network, at the first glance. They are also measured using the same units of
measurement. Despite all these similarities they are actually different. We can simply
say that the bandwidth is the maximum throughput you can ever achieve while the
actual speed that we experience while surfing is the throughput.
To simplify further, you can think of the bandwidth as the width of a highway. As we
increase the width of the highway more vehicles can move through a specified period of
time. But when we consider the road conditions (craters or construction work in the
highway) the number of vehicles that can actually pass through the specified period of
time could be less than the above. This is actually analogous to the throughput. So it is
clear that bandwidth and throughput gives two different measurements about a
network.
10. : It is defined as the number of data bits sent per unit time.
It is found by dividing the number of data bits by the elapsed time between
sending two frames. For the unrestricted protocols the effective data rate is
. For the stop and wait protocol, it is .
Link
Node
It is not efficient to build a physically separate path for each pair of communicating end
systems. An alternative method to a - - connection is ℎ a
network. In a communication network, each communicating (or
or or ℎ ) is connected to a network node.
The interconnected nodes are capable of transferring data between stations.
Shared Medium
Communication Network
Depending on the architecture and techniques used to transfer data, two basic
categories of communication networks are broadcast networks and switched networks.
Broadcast Networks
2.12 Network Switching 42
Elements of Computer Networking Introduction
Switched Networks
Communication Networks
Node
Link
Broadcast is a method of sending a signal where multiple nodes may hear a single
sender node. As an example, consider a conference room with full of people. In this
conference room, a single person starts saying some information loudly.
During that time, some people may be sleeping, and may not hear what person is
saying. Some people may not be sleeping, but not paying attention (they are able to
hear the person, but choose to ignore). Another group of people may not only be awake,
but be interested in what is being said. This last group is not only able to hear the
person speaking, but is also listening to what is being said.
In this example, we can see that a single person is broadcasting a message to all others
that may or may not be able to hear it, and if they are able to hear it, may choose to
listen or not.
Communication Networks
Circuit Establishment
Data Transfer
Circuit Disconnect
Therefore, the channel capacity must be reserved between the source and destination
throughout the network and each node must have available internal switching capacity
to handle the requested connection. Clearly, the switching nodes must have the
intelligence to make proper allocations and to establish a route through the network.
packet size, are also exchanged between the source and the destination during call
setup. The virtual circuit is cleared after the data transfer is completed.
Virtual circuit packet switching is connection orientated. This is in contrast to
datagram switching, which is a connection less packet switching methodology.
hop, as the message travels through the path toward its destination. Hence, to ensure
proper delivery, each intermediate switch may maintain a copy of the message until its
delivery to the next hop is guaranteed.
In case of message broadcasting, multiple copies may be stored for each individual
destination node. The store-and-forward property of message-switched networks is
different from queuing , in which messages are simply stored until their preceding
messages are processed. With store-and-forward capability, a message will only be
delivered if the next hop and the link connecting to it are both available. Otherwise, the
message is stored indefinitely. For example, consider a mail server that is disconnected
from the network and cannot receive the messages directed to it. In this case, the
intermediary server must store all messages until the mail server is connected and
receives the e-mails.
The store-and-forward technology is also different from admission control techniques
implemented in packet-switched or circuit switched networks. Using admission control,
the data transmission can temporarily be delayed to avoid overprovisioning the
resources. Hence, a message-switched network can also implement an admission
control mechanism to reduce network’s peak load.
The message delivery in message-switched networks includes wrapping the entire
information in a single message and transferring it from the source to the destination
node. The message size has no upper bound; although some messages can be as small
as a simple database query, others can be very large. For example, messages obtained
from a meteorological database center can contain several million bytes of binary data.
Practical limitations in storage devices and switches, however, can enforce limits on
message length.
Each message must be delivered with a header. The header often contains the message
routing information, including the source and destination, priority level, expiration
time. It is worth mentioning that while a message is being stored at the source or any
other intermediary node in the network, it can be bundled or aggregated with other
messages going to the next node. This is called . One important
advantage of message interleaving is that it can reduce the amount of overhead
generated in the network, resulting in higher link utilization.
Question 2: Imagine the length of a cable is 2500 metres. If the speed of propagation in
a thick co-axial cable is 60% of the speed of light, how long does it take for a bit to
travel from the beginning to the end of the cable? Ignore any propagation delay in
the equipment. (Speed of light = 3 x 10 metres / sec)
: Speed of propagation = 60% × = 60 × 3 × 10 / 100 = 18 × 10 metres / sec.
So it would take a bit 2500 / 18 × 10 = 13.9 secs.
Question 3: Suppose that data are stored on 2.44 Mbyte floppy diskettes that weight
20 gm each. Suppose that an airliner carries 10 kg of these floppies at a speed of
2.12 Network Switching 48
Elements of Computer Networking Introduction
2000 km/h over a distance of 8000 km. What is the data transmission rate in bits
per second of this system?
: Let us first calculate the time for which data was carried.
=
So, Time = = = 4 hrs.
10 µ (micro second) and that the switch begins retransmitting immediately after it
has finished receiving the packet.
:
A) For each link it takes = 5 µ to transmit the packet on the link, after which it
takes an additional 10 µs for the last bit to propagate across the link. Thus for a LAN
with only with only one switch that starts forwarding only after receiving the whole
packet, the total transfer delay is the transmit delays + two propagation delays = 30 µ .
B) For 3 switched and thus 4 links, the total delay is 4 transmission delays + 4
propagation delays = 60 µ .
Question 10: Determine the maximum length of the cable (in km) for transmitting data
at a rate of 500 Mbps in an Ethernet LAN with frames of size 10,000 bits. Assume
the signal speed in the cable to be 2,00,000 km/s.
A) 1 B) 2 C) 2.5 D) 5
:B
= +
ℎ ℎ
= +
Propagation time
2× ℎ
=
Propagation time
10000 2× ℎ
=
500 × 1000000 bits/sec 200000 /
Length = 2 km
Question 11: A packet switch receives a packet and determines the outbound link to
which the packet should be forwarded. When the packet arrives, one other packet is
halfway done being transmitted on this outbound link and four other packets are
waiting to be transmitted. Packets are transmitted in order of arrival. Suppose all
packets are 1,200 bytes and the link rate is 3 Mbps. What is the queuing delay for
the packet? More generally, what is the queuing delay when all packets have length
S, the transmission rate is T, X bits of the currently being transmitted packet have
been transmitted, and packets are already in the queue?
: The arriving packet must first wait for the link to transmit 5,400 bytes or
43,200 bits. Since these bits are transmitted at 3 Mbps, the queuing delay is 14.3 msec.
× ( )
Generally, the queuing delay is .
Question 12: Suppose we would like to urgently deliver 60 Terabytes of data from
to . We have a 1000 Mbps dedicated link for data transfer
available. Would you prefer to transmit the data via this link or instead use AirMail
overnight delivery? Explain.
Answer: 60 Terabytes = 60 × 10 × 8 bits. So, if using the dedicated link, it will take 60
× 10 × 8 / (1000 × 10 ) = 480000 seconds = 5.6 days. But with AirMail overnight
delivery, we can guarantee the data arrives in one day, and it only costs us no more
than USD 100.
Question 13: Two nodes, A and B, communicate through a store & forward network.
Node A is connected to the network by a 10 Mbps link, while node B is connected
by a 5 Mbps link. Node A sends two back-to-back packets of 1000 bits each. The
difference between the arrival times of the two packets at B is 1 ms. What is the
smallest capacity of a link along the path between A and B?
Note: Assume that there are no other packets in the network except the ones sent
by A, and ignore the packet processing time. Assume both packets follow the same
path, and they are not reordered. The arrival time of a packet at a node is defined
as the time when the last bit of the packet has arrived at that node.
: Since packets are sent back-to-back, the difference between the arrival times of
the packets at B represents the transmission time of the second packet on the slowest
link in the path. Thus, the capacity of the slowest link is 1000 bits/1 ms = 1 Mbps.
Question 14: Consider an infinite queue that can send data at 10 Kbps. Assume the
following arrival traffic:
• During every odd second the queue receives an 1000 bit packet every 50 ms
• During every even second the queue receives no data.
Assume an interval I of 10 sec starting with an odd second (i.e., a second in which
the queue receives data). At the beginning of interval I the queue is empty. What is
the maximum queue size during interval I?
: 10 packets. There are 20 packets arriving during the 1 second and 10 packets
sent at the end of that second. Thus at the end of 1 second there are 10 packets in the
queue. All the 10 packets will be sent at the end of 2 second (since no new packets are
received). Thus, at the end of 2 second the queue size is 0. After that the process
repeats.
(Note: The following alternate answers: 11 packets, 10 Kb, and 11 Kb all received
maximum points. The 11 packets and 11 Kbps assume that at a time when a packet is
received and another one is sent out, the received packet is already in the queue as the
other packet is sent out.)
Question 15: For the Question 14, what is the average time (delay) a packet spends in
the queue during interval I?
:
• 1 packet arrives at time 0 and starts being transmitted immediately, at time 0. →
delay 0
• 2 packet arrives at 0.05 s and starts being transmitted at 0.1 s (after the first
packet) → delay 0.05 s
• 3 packet arrives at 0.1 s and starts being transmitted at 0.2 s (after first two
packets) → delay 0.1 s
• 4 packet arrives at 0.15 s and starts being transmitted at 0.3 s (after first three
packets) → delay 0.15 s
…
• packet arrives at ( − 1)×0.05 s and starts being transmitted at (k-1)*0.1 s
delay ( − 1)×0.05 s
This process continues every 2 seconds.
Thus, the average delay of the first 20 packets is
( … )× . × × .
= = 0.475 s
Alternate solution that approximates the average delay: We use Little’s theorem:
_ _ _
_ = . During an odd second the number of packets in the
_
queue increases linearly from 0 to 10 and during the next second it decreases from 10
to 0. This means that the average number of packets in the queue is 5. Over an odd and
an even second the average arrival rate is = 10.
_ _ _
Then, _ = = = 0.5sec.
_
(Note: The following answers also received maximum points: 0.575s and 0.5s.)
Question 16: Similar to Question 14 and Question 15, now assume that during odd
seconds the queue receives 1000 bit packets every 25 ms (instead of every 50 ms),
and during even seconds it still receives no data. For this traffic patterns answer
the same questions. What is the maximum queue size during interval I?
: 110 packets. In this case the queue is never empty. During the first 9 seconds
of interval I there are 5 s×(1 s/25 ms) = 200 packets received and 90 packets sent out.
Thus, at the end of the 9 second there are 110 packets in the queue.
(Note: The following answers also received the maximum number of points: 111
packets, 110 Kb, and 111 Kb.)
Question 17: For the Question 16, what is the average time (delay) a packet spends in
the queue during interval I?
: Packets received during first second
• 1 packet arrives at time 0 and starts being transmitted immediately, at time 0. →
delay 0
• 2 packet arrives at 0.025 s and starts being transmitted at 0.1 s (after the first
packet) → delay 0.075 s
• 3 packet arrives at 0.05s and starts being transmitted at 0.2 s (after first two
packets) → delay 0.15 s
• 4 packet arrives at 0.075 s and starts being transmitted at 0.3 s (after first three
packets) → delay 0.225 s
…
• packet arrives at ( − 1)×0.025 s and starts being transmitted at ( − 1)×0.1 s →
delay ( − 1) ×0.075s
The average delay of the packets in the first two seconds is
( … )∗ . × × .
= = 1.4625 s
Packets received during 3 second: note that at the beginning of the 3 second there
are still 20 packets in the queue
• 1 packet arrives at time 0 and starts being transmitted immediately, at time 2s →
delay 2
• 2 packet arrives at 0.025s and starts being transmitted at 2+0.1 s → delay
2+0.075 s
• 3 packet arrives at 0.05s and starts being transmitted at 2+0.2 s → delay 2+0.15
s
• 4 packet arrives at 0.075s and starts being transmitted at 2+0.3 s → delay
2+0.225 s
…
• packet arrives at (k-1)*0.025s and starts being transmitted at 2+( − 1) × 0.1 s
→ delay 2+( − 1) ×0.075 s
The average delay of the packets in the first two seconds is
( … )× . × × .
= = 3.4625 s
…
Packets received during 9 second: note that at the beginning of the 9 second there
are still 80 packets in the queue
• 1 packet arrives at time 0 and starts being transmitted immediately, at time 8s
→ delay 2
• 2 packet arrives at 0.025s and starts being transmitted at 8+0.1s → delay
8+0.075s
Alternate solution that approximates the average delay: The average arrival rate is 40
packets/2 sec = 20 packets/sec.
During the 1st sec the number of packets in the queue increases linearly from 0 to 30,
thus the average number of packets in the queue in the 1 sec is 15. During 2 second
the queue decreases linearly from 30 to 20, thus the average number of packets in the
queue is 25, and the average number of packets in the queue over the first two seconds
is 20.
During 3 and 4 seconds the process repeats with the difference that there are 20
packets in the queue at the beginning of the 3 second. Thus, the average number of
packets in the queue during the 3 and 4 seconds is 20+20 = 40.
Similarly, the average number of packets during the 5 and 6 seconds is 40+20 = 60,
during the 7 and 8 seconds 60+20=80, and during the 9 and 10 seconds is
80+20=100.
Thus the average number of packets over the entire interval I is = 60.
_ _ _
According to the Little’s theorem _ = = = 6sec.
_
(Note: In general the average number of packets over the interval defined by the 2× − 1
and 2× seconds is ×20, where >= 1.)
Question 18: Suppose a CSMA/CD network is operating at 1 Gbps, and suppose there
are no repeaters and the length of the cable is 1 km. Determine the minimum frame
size if the signal propagation speed is 200 km/ms.
: Since the length of the cable is 1 km, we have a one-way propagation time of
= = 0.005 ms = 5 µs. So, 2 = 10 µs.
/
: Period = = 1 ms.
Question 20: A digital signaling system is required to operate at 9600 bps. If a symbol
encodes a 4-bit word, what is the minimum required channel bandwidth?
: The formula to use is
Maximum number of bits/sec=2×Channel bandwidth×Number of bits per sample
Question 23: Suppose that data is stored on 1.4 Mbyte floppy diskettes that weight 30
grams each. Suppose that an airliner carries 10 Kg of these floppies at a speed of
1000 Km/h over a distance of 5000 Km. What is the data transmission rate in bps
of this system?
: Each floppy measures 30 grams. We have the following
Number of floppies = 10 × 10 /30 = 333333.33
Total number of bits transported = Number of floppies × 1.4 × 1024 (not 1000!) × 1024 ×
8
i.e., Number of bits/sec = Total number of bits transported/5*3600.
The answer is 217.4 Mbps.
: When we talk of computer momory, it is typically measured in powers of 2, thefore
1 Kb = 2 bytes. When it comes to networks, we use clocks to send data, if a clock is 1
Khz, we transmit at the rate of 1 kilobits per sec, where the kilo is 1000, we are
transmitting at the clock rate.
Question 24: Consider a 150 Mb/s link that is 800 km long, with a queue large enough
to hold 5,000 packets. Assume that packets arrive at the queue with an average
rate of 40,000 packets per second and that the average packet length is 3,000 bits.
Approximately, what is the propagation delay for the link?
: 800 km times 5 microseconds per km is 4,000 microseconds or 4 ms.
Question 25: For the Question 24:, what is the transmission time for an average length
packet?
: Link speed is 150 bits per microsecond, so a 3,000 bit packet can be sent in 20
microseconds.
Question 26: For the Question 24:, what is the traffic intensity?
: Bit arrival rate is 40,000 times 3,000 or 120 Mb/s. Since the link rate is 150
Mb/s, I=0.8
Question 27: For the Question 24:, what is the average number of packets in the queue?
: =4.
Question 28: What is the average number in the queue, if the average arrival rate is
80,000 packets per second?
: In this case, the traffic intensity is 1.6, so the queue will be nearly full all the
time. So, the average number is just under 5,000 packets.
Question 29: A user in Hyderabad, connected to the Internet via a 5 Mb/s connection
retrieves a 50 KB (B=bytes) web page from a web server in New York, where the
page references 4 images of 300 KB each. Assume that the one way propagation
delay is 20 ms. Approximately how long does it take for the page (including images)
to appear on the user’s screen, assuming persistent HTTP?
: Total time is 3RTT + Transmission time.
.
3RTT = 120 ms and Transmission time = = = 2 seconds
/ /
Total time = 2.12 seconds.
Question 30: For the Question 29, how long would it take using non-persistent HTTP
(assume a single connection)?
2(1 + number of objects in page)RTT + Transmission time
400 ms + 2 seconds = 2.4 seconds
Question 31: Suppose a movie studio wants to distribute a new movie as a digital file to
1,000 movie theaters across country using peer-to-peer file distribution. Assume
that the studio and all the theaters have DSL connections with an 8 Mb/s
downstream rate and a 4 Mb/s upstream rate and that the file is 10 GB long.
Approximately, how much time is needed to distribute the file to all the theaters
under ideal conditions?
: The total upstream bandwidth is about 4 Gb/s. Since the file must be delivered
to 1,000 studios, we have 10 TB of data to be delivered. At 4 Gb/s, this takes 20,000
seconds, or roughly 6 hours.
Question 32: For the Question 24:, suppose the studio wanted to use the client-server
method instead. What is the smallest link rate that is required at the studio that
will allow the file to be distributed in under 40,000 seconds?
: This time period is twice the time used for the first part, so the server’s
upstream bandwidth must be half as large as the upstream bandwidth of the peers in
the first part. So, 2 Gb/s is enough.
Question 33: Suppose a file of 5,000 bytes is to be sent over a line at 2400 bps.
Calculate the overhead in bits and time in using asynchronous communication.
Assume one start bit and a stop element of length one bit, and 8 bits to send the
byte itself for each character. The 8-bit character consists of all data bits, with no
parity bit.
: Each character has 25% overhead. For 10,000 characters, there are 20,000
extra bits. This would take an extra = 2.0833 seconds.
Question 34: Calculate the overhead in bits and time using synchronous
communication. Assume that the data are sent in frames. Each frame consists of
1000 characters - 8000 bits and an overhead of 48 control bits per frame.
: The file takes 10 frames or 480 additional bits. The transmission time for the
additional bits is = 0.2 seconds.
Question 35: What would the answers to Question 28 and Question 29 be for a file of
100,000 characters?
: Ten times as many extra bits and ten times as long for both.
Question 36: What would the answers to Question 28 and Question 29 be for the
original file of 10,000 characters except at a data rate of 9600 bps?
: The number of overhead bits would be the same, and the time would be
decreased by a factor of 4 = .
Chapter
stack, or peer, on the other device. This allows computers running different operating
systems to communicate with each other easily.
If you are having trouble understanding this concept, then imagine that you need to
mail a large document to a friend, but do not have a big enough envelope. You could
put a few pages into several small envelopes, and then label the envelopes so that your
friend knows what order the pages go in. This is exactly the same thing that the
Network Layer does.
Since other types of devices, such as printers and routers, can be involved in network
communication, devices (including computers) on the network are actually referred to
as . Therefore, a client computer on the network or a server on the network would
each be to as a .
While sending data over a network, it moves down through the OSI stack and is
transmitted over the transmission media. When the data is received by a node, such as
another computer on the network, it moves up through the OSI stack until it is again in
a form that can be accessed by a user on that computer.
Each of the layers in the OSI model is responsible for certain aspects of getting user
data into a format that can be transmitted on the network. Some layers are for
establishing and maintaining the connection between the communicating nodes, and
other layers are responsible for the addressing of the data so that it can be determined
where the data originated (on which node) and where the data's destination is.
An important aspect of the OSI model is that each layer in the stack provides services to
the layer directly above it. Only the layer, which is at the top of the stack,
would not provide services to a higher-level layer.
The process of moving user data down the OSI stack on a sending node (again, such as
a computer) is called . The process of moving raw data received by a node
up the OSI stack is referred to as - .
Data Data
Sender Receiver
Physical Link
To encapsulate means to enclose or surround, and this is what happens to data that is
created at the Application layer and then moves down through the other layers of the
OSI model. A header, which is a segment of information affixed to the beginning of the
data, is generated at each layer of the OSI model, except for the Physical layer.
This means that the data is encapsulated in a succession of headers—first the
layer header, then the layer header, and so on. When the data
reaches the ℎ layer, it is like a candy bar that has been enclosed in several
different wrappers.
When the data is transmitted to a receiving node, such as a computer, the data travels
up the OSI stack and each header is stripped off of the data. First, the layer
header is removed, then the layer header, and so on. Also, the headers are not
just removed by the receiving computer; the header information is read and used to
determine what the receiving computer should do with the received data at each layer of
the OSI model.
In OSI model, the sending computer uses these headers to communicate with the
receiving computer and provide the receiving computer with useful. As the data travels
up the levels of the peer computer, each header is removed by its equivalent protocol.
These headers contain different information depending on the layer they receive the
header from, but tell the peer layer important information, including packet size,
frames, and datagrams.
Control is passed from one layer to the next, starting at the application layer in one
station, and proceeding to the bottom layer, over the channel to the next station and
back up the hierarchy.
Each layer's header and data are called . Although it may seem confusing, each
layer has a different name for its service data unit. Here are the common names for
service data units at each level of the OSI model.
Layer Encapsulation
Name Devices Keywords/Description
# Units
Network services for application
7 Application data PC processes, such as file, print,
messaging, database services
Standard interface to data for the
application layer. MIME
6 Presentation data encoding, data encryption,
conversion, formatting,
compression
Inter host communication.
Establishes, manages and
5 Session data
terminates connection between
applications
Provides end-to-end message
delivery and error recovery
(reliability).
4 Transport segments
Segmentation/desegmentation of
data in proper sequence (flow
control).
Logical addressing and path
3 Network packets router determination. Routing.
Reporting delivery errors
Physical addressing and access
bridge, to media. Two sublayers: Logical
2 Data Link frames
switch, NIC Link Control (LLC) and Media
Access Control (MAC)
Binary transmission signals and
repeater,
encoding. Layout of pins,
1 Physical bits hub,
voltages, cable specifications,
transceiver
modulation
The TCP/IP model, similar to the OSI model, has a set of layers. The OSI has seven
layers and the TCP/IP model has or layers depending on different preferences.
Some people use the Application, Transport, Internet and Network Access layers.
Others split the layer into the Physical and Data Link components.
Data Data
Sender Receiver
Internet Internet
Physical Link
The OSI model and the TCP/IP models were both created independently. The TCP/IP
network model represents reality in the world, whereas the OSI mode represents an
ideal.
Layer # Description Protocols
Defines TCP/IP application protocols and HTTP, Telnet, FTP, TFTP,
how host programs interface with transport SNMP, DNS, SMTP,
layer services to use the network. X Windows, other
application protocols
Provides communication session TCP, UDP, RTP
management between the nodes/computers.
Defines the level of service and status of the
connection used when transporting data.
Packages data into IP datagrams, which IP, ICMP, ARP, RARP
contain source and destination address
information that is used to forward the
datagrams between hosts and networks.
Performs routing of IP datagrams.
Specifies details of how data is physically Ethernet, Token Ring,
sent through the network, including how FDDI, X.25, Frame Relay,
bits are electrically signaled by hardware RS-2
devices that interface directly with a
network medium, such as coaxial cable,
optical fiber, or twisted-pair copper wire.
(Simple Network Management Protocol), SMTP (Simple Mail Transfer Protocol), DHCP
(Dynamic Host Configuration Protocol), RDP (Remote Desktop Protocol) etc.
same instance, they will collide with each other, destroying the data. If the data is
destroyed during transmission, the data will need to be retransmitted. After collision,
each host will wait for a small interval of time and again the data will be retransmitted.
This is a combination of the Data Link and Physical layers of the OSI model which
consists of the actual hardware.
We send data back and forth over the connection by speaking to one another over the
phone lines. Like the phone company, TCP guarantees that data sent from one end of
the connection actually gets to the other end and in the same order it was sent.
Otherwise, an error is reported.
TCP provides a point-to-point channel for applications that require reliable
communications. The Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP),
and Telnet are all examples of applications that require a reliable communication
channel. The order in which the data is sent and received over the network is critical to
the success of these applications. When HTTP is used to read from a URL, the data
must be received in the order in which it was sent. Otherwise, we end up with a
jumbled HTML file, a corrupt zip file, or some other invalid information.
Application: HTTP, ftp, telnet, SMTP,…
Transport: TCP, UDP,…
Network: IP,…
Link: Device driver,…
For many applications, the guarantee of reliability is critical to the success of the
transfer of information from one end of the connection to the other. However, other
forms of communication don't require such strict standards. In fact, they may be
slowed down by the extra overhead or the reliable connection may invalidate the service
altogether.
Consider, for example, a clock server that sends the current time to its client when
requested to do so. If the client misses a packet, it doesn't really make sense to resend
it because the time will be incorrect when the client receives it on the second try. If the
client makes two requests and receives packets from the server out of order, it doesn't
really matter because the client can figure out that the packets are out of order and
make another request. The reliability of TCP is unnecessary in this instance because it
causes performance degradation and may hinder the usefulness of the service.
Another example of a service that doesn't need the guarantee of a reliable channel is the
ping command. The purpose of the ping command is to test the communication
between two programs over the network. In fact, ping needs to know about dropped or
out-of-order packets to determine how good or bad the connection is. A reliable channel
would invalidate this service altogether.
The UDP protocol provides for communication that is not guaranteed between two
applications on the network. UDP is not connection-based like TCP. Rather, it sends
independent packets of data from one application to another. Sending datagrams is
much like sending a letter through the mail service: The order of delivery is not
important and is not guaranteed, and each message is independent of any others.
The UDP connectionless protocol differs from the TCP connection-oriented protocol in
that it does not establish a link for the duration of the connection. An example of a
connectionless protocol is postal mail. To mail something, you just write down a
destination address (and an optional return address) on the envelope of the item you're
sending and drop it in a mailbox. When using UDP, an application program writes the
destination port and IP address on a datagram and then sends the datagram to its
destination. UDP is less reliable than TCP because there are no delivery-assurance or
error-detection and error-correction mechanisms built into the protocol.
Application protocols such as FTP, SMTP, and HTTP use TCP to provide reliable,
stream-based communication between client and server programs. Other protocols,
such as the Time Protocol, use UDP because speed of delivery is more important than
end-to-end reliability.
: The TCP and UDP protocols use ports to map incoming data to a particular
process running on a computer.
In datagram-based communication such as UDP, the datagram packet contains the
port number of its destination and UDP routes the packet to the appropriate
application, as illustrated in this figure:
3.7 Understanding Ports 68
Elements of Computer Networking OSI and TCP/IP Models
TCP or UDP
Packet
Data Port# Data
Port numbers range from 0 to 65,535 because ports are represented by 16-bit numbers.
The port numbers ranging from 0 - 1023 are restricted; they are reserved for use by
well-known services such as HTTP and FTP and other system services. These ports are
called well − known ports. Your applications should not attempt to bind to them.
Port Protocol
21 File Transfer Protocol
23 Telnet Protocol
25 Simple Mail Transfer Protocol
80 Hypertext Transfer Protocol
Question 5: Which OSI layer is concerned with reliable end-to-end delivery of data?
A) Application B) Transport C) Network D) Data Link
:B
Question 6: Logical addressing is found in the ____ layer, while physical addressing is
found in the __ layer.
A) Physical, Network B) Network, Physical
C) Data Link, Network D) Network, Data Link
:D
Question 7: The OSI Reference Model layers, in order from top to bottom, are:
A) Application, Physical, Session, Transport, Network, Data Link, Presentation
B) Application, Presentation, Network, Session, Transport, Data Link, Physical
C) Physical, Data Link, Network, Transport, Session, Presentation, Application
D) Application, Presentation, Session, Transport, Network, Data Link, Physical
:D
Question 8: The process-to-process delivery of the entire message is the responsibility
of the ___ layer.
A) Network B) Transport C) Application D) Physical
:B
Question 9: The ___ layer is the layer closest to the transmission medium.
A) Physical B) Data link C) Network D) Transport
:A
Question 10: Mail services are available to network users through the __ layer.
A) Data link B) Physical C) Transport D) Application
:D
Question 11: As the data packet moves from the lower to the upper layers, headers are
__
A) Added B) Subtracted C) Rearranged D) Modified
:B
Question 12: As the data packet moves from the upper to the lower layers, headers are
___
A) Added B) Removed C) Rearranged D) Modified
:A
Question 13: The __ layer lies between the network layer and the application layer.
A) Physical B) Data link C) Transport D) None of the above
:C
Question 14: Layer 2 lies between the physical layer and the __ layer.
A) Network B) Data link C) Transport D) None of the above
:A
Question 15: When data are transmitted from device A to device B, the header from A’s
layer 4 is read by B’s __ layer.
A) Physical B) Transport C) Application D) None of the above
:B
Question 16: The ___ layer changes bits into electromagnetic signals.
A) Physical B) Data link C) Transport D) None of the above
:A
Question 17: The physical layer is concerned with the transmission of ___over the
physical medium.
A) Programs B) Dialogs C) Protocols D) Bits
:D
Question 18: Which layer functions as a connection between user support layers and
network support layers?
A) Network layer B) Physical layer C) Transport layer D) Application layer
:C
Question 19: What is the main function of the transport layer?
A) Node-to-node delivery B) Process-to-process delivery
C) Synchronization D) Updating and maintenance of routing tables
:B
Question 20: Which of the following is an application layer service?
A) Remote log-in B) File transfer and access
C) Mail service D) All the above
:D
Question 21: Best effort means packets are delivered to destinations as fast as possible.
Is it true or false?
: False. Best effort refers to no guarantees about performance of any kind, not
high performance.
Question 22: In the OSI model, the transport layer can directly invoke (use) the data link
layer. Is it true or false?
: False. In the OSI model a layer can only use the service provided by the layer
below it. In this case, the transport layer can only use the service provided by the
networking layer.
Question 23: Data are transmitted over an internet in packets from a source system to a
destination across a path involving a single network and routers. Is it true or false?
: False
Question 24: In TCP/IP model, exactly one protocol data unit (PDU) in layer is
encapsulated in a PDU at layer ( – 1). It is also possible to break one -level PDU
into multiple ( – 1)-level PDUs (segmentation) or to group multiple -level PDUs
into one ( – 1)-level PDU (blocking). In the case of segmentation, is it necessary
that each ( – 1)-level segment contain a copy of the n-level header?
In the case of blocking, is it necessary that each -level PDU retain its own header,
or can the data be consolidated into a single -level PDU with a single -level
header?
: . This would violate the principle of separation of layers. To layer ( – 1), the
-level PDU is simply data. The ( – 1) entity does not know about the internal format of
the -level PDU. It breaks that PDU into fragments and reassembles them in the proper
order.
Question 25: For the Question 24, in the case of blocking, is it necessary that each -
level PDU retain its own header, or can the data be consolidated into a single -level
PDU with a single -level header?
: Each -level PDU must retain its own header, for the same reason given in
Question 24.
Question 26: A TCP segment consisting of 1500 bits of data and 20 bytes of header is
sent to the IP layer, which appends another 20 bytes of header.This is then
transmitted through two networks, each of which uses a 3-byte packet header. The
destination network has a maximum packet size of 800 bits. How many bits,
including headers, are delivered to the network layer protocol at the destination?
: Data + Transport header + Internet (IP) header = 1820 bits. This data is
delivered in a sequence of packets, each of which contains 24 bits of network header
and up to 776 bits of higher-layer headers and/or data. Three network packets are
needed. Total bits delivered = 1820 + 3 × 24 = 1892 bits.
Question 27: In the OSI model, the _____ layer is concerned with finding the best path
for the data from one point to the next within the network.
A) Data Link B) Network C) Physical D) Application
:B
Question 28: Error detection is performed at the __ layer of the OSI model?
A) Data Link B) Transport C) Network D) Both a and b
:D
Question 29: ___ is a very powerful error detection technique and should be considered
for all data transmission systems?
A) Vertical redundancy check B) Cyclic redundancy checksum
C) Simple parity D) Horizontal parity
:B
Question 30: Which layer addresses do routers use to determine a packet's path?
A) Data Link B) Network C) Physical D) Application
:B
Question 31: Why does the data communication industry use the layered OSI reference
model?
1. It divides the network communication process into smaller and simpler
components, thus aiding component development, design, and troubleshooting.
2. It enables equipment from different vendors to use the same electronic
components, thus saving research and development funds.
3. It supports the evolution of multiple competing standards and thus provides
business opportunities for equipment manufacturers.
4. It encourages industry standardization by defining what functions occur at each
layer of the model.
A) 1 only B) 1 and 4 C) 2 and 3 D) 3 only
: B. The main advantage of a layered model is that it can allow application
developers to change aspects of a program in just one layer of the layer model's
specifications. Advantages of using the OSI layered model include, but are not limited
to, the following:
It divides the network communication process into smaller and simpler
components, thus aiding compo- nent development, design, and
troubleshooting
It allows multiple-vendor development through standardization of network
components
It encourages industry standardization by defining what functions occur at
each layer of the model
It allows various types of network hardware and software to communicate
Question 32: Which of the following functionalities must be implemented by a transport
protocol over and above the network protocol ?
Chapter
Networking
Devices 4
4.1 Glossary
: Network segments that typically use the same communication protocol
use bridges to pass information from one network segment to the other.
: When different communications protocols are used by networks,
gateways are used to convert the data from the sender’s
:Another name for a hub is a concentrator. Hubs reside in the core of the
LAN cabling system. The hub connects workstations and sends every
transmission to all the connected workstations.
: A MDA is a plug-in module allowing selection among
fiber-optic, twisted pair, and coaxial cable.
: When the electrical characteristics of various networks are
different, media filter adapter connectors make the connections possible.
: MAUs are special concentrators or hubs for use in
Token Ring networks instead of Ethernet networks.
: Modem is a device that digital signals to analog signals and
analog signals to digital signals.
:NICs are printed circuit boards that are installed in
computer workstations. They provide the physical connection and circuitry
required to access the network.
: Connectivity device used to regenerate and amplify weak signals, thus
extending the length of the network. Repeaters perform no other action on the
data.
: Links two or more networks together, such as an Internet Protocol
network. A router receives packets and selects the optimum path to forward the
packets to other networks.
ℎ: A connection device in a network that functions much like a bridge, but
directs transmissions to specific workstations rather than forwarding data to all
workstations on the network.
: The name transceiver is derived from the combination of the words
transmitter and receiver. It is a device that both transmits and receives signals
and connects a computer to the network. A transceiver may be external or
located internally on the NIC.
: Firewall provides controlled data access. Firewalls can be hardware or
software based and between networks. These are an essential part of a
network’s security strategy.
4.1 Glossary 74
Elements of Computer Networking Networking Devices
NIC provides physical access to a networking medium and often provides a low-level
addressing system through the use of MAC addresses. It allows users to connect to
each other either by using or .
The network interface card (NIC) is an add-on component for a computer, much like a
video card or sound card is. On most of the systems the NIC is integrated into the
system board. On others it has to be installed into an expansion slot.
Most network interface cards have the ℎ protocol as the language of the data
that is being transferred back and forth. However, network interface cards do not all
necessarily need physical Ethernet or other cables to be functional. Some have wireless
capabilities through including a small - that uses radio waves to transmit
information. The computer must have a software driver installed to enable it to interact
with the NIC. These drivers enable the operating system and higher-level protocols to
control the functions of the adapter.
Each NIC has a unique (MAC) address to direct traffic. This unique
MAC address ensures that information is only being sent to a specific computer name
and not to multiple ones if not intended to. Circled in the picture below is an example of
an integrated network interface card.
The MAC (Media Access Layer) address, or hardware address, is a 12-digit number
consisting of digits 0-9 and letters A-F. It is basically a hexadecimal number assigned to
the card. The MAC address consists of two pieces: the first signifies which vendor it
comes from, the second is the serial number unique to that manufacturer.
Example MAC addresses:
00-B0-D0-86-BB-F7 01-23-45-67-89-AB 00-1C-B3-09-85-15
The NIC performs the following functions:
It translates data from the parallel data bus to a serial bit stream for
transmission across the network.
It formats packets of data in accordance with protocol.
It transmits and receives data based on the hardware address of the card.
4.4.3 Transceivers
The term does not necessarily describe a separate network device but rather
embedded in devices such as network cards.
Transceiver is a short name for - . It is a device that both transmits
and receives analog or digital signals. The term transceiver is used most frequently to
describe the component in local-area networks (LANs) that actually applies signals onto
the network wire and detects signals passing through the wire. For many LANs, the
transceiver is built into the network interface card (NIC). Older types of networks,
however, require an external transceiver.
The transceiver does not make changes to information transmitted across the network;
it adapts the signals so devices connected by varying media can interpret them. A
transceiver operates at the physical layer of the OSI model. Technically, on a LAN the
transceiver is responsible to place signals onto the network media and also detecting
incoming signals traveling through the same cable. Given the description of the function
of a transceiver, it makes sense that that technology would be found with network cards
(NICs).
Amplifier
Amplifier is an electronic circuit that increases the power of an input signal. There are
many types of amplifiers ranging from voice amplifiers to optical amplifiers at different
frequencies.
Repeater
The repeater is an electronic circuit that receives a signal and retransmits the same
signal with a higher power. Therefore, a repeater consists of a signal receiver, an
and a . Repeaters are often used in submarine communication
cables as signal would be attenuated to just a random noise when travelling such a
distance. Different types of repeaters have different types of configurations depending
on the transmission medium. If the medium is microwaves, repeater may consist of
antennas and waveguides. If the medium is optical it may contain photo detectors and
light emitters.
6000 meters
Repeater
Sending Node
Receiving Node
ℎ can normally transmit a distance of 500 meters and this can be extended by
introducing repeaters. ℎ can normally transmit a distance of 185 meters, and
can also be extended by using a repeater. This is the advantage to using a repeater. If a
network layout exceeds the normal specifications of cable we can use repeaters to build
network. This will allow for greater lengths when planning cabling scheme.
Repeaters no other action on the data. Repeaters were originally separate
devices. Today a repeater may be a separate device or it may be incorporated into a
hub. Repeaters operate at the physical layer of the OSI model.
4.4.5 Hubs
Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports.
When a packet arrives at one port, it is copied to the other ports so that all segments of
the LAN can see all packets. A ℎ contains multiple ports. When a packet arrives at
one port, it is copied to all (broadcast) the ports of the hub. When the packets are
copied, the destination address in the frame does not change to a address. It
does this in a rudimentary way; it simply copies the data to all of the nodes connected
to the hub.
Hub
Hub Hub
The main function of the hub is to broadcast signals to different workstations in a LAN.
General speaking, the term hub is used instead of repeater when referring to the device
that serves as the center of a network.
4.4.6 Modems
Modem is a device that digital signals to analog signals and analog signals to
digital signals. The word modem stands for and . The process of
converting digital signals to analog signals is called . The process of
converting analog signals to digital signals is called . Modems are used
with computers to transfer data from one computer to another computer through
telephone lines.
Analog connection
Digital connection
Analog Connection
The connection between the modem and the telephone line is called a .
It converts digital signals from a computer to analogue signals that are then sent down
the telephone line. A modem on the other end converts the analogue signal back to a
digital signal the computer can understand. A workstation is connected to an analogue
modem. The analogue modem is then connected to the telephone exchange analogue
modem, which is then connected to the internet.
Analog Digital
Modem Modem
Digital Connection
The connection of modem to computer is called digital connection
Types of Modems
There are two types of modems:
Internal modems
External modems
Internal Modems
It fits into expansion slots inside the computer. It is directly linked to the telephone
lines through the telephone jack. It is normally less inexpensive than external modem.
Its transmission speed is also less external modem.
External Modems
It is the external unit of computer and is connected to the computer through serial port.
It is also linked to the telephone line through a telephone jack. External modems are
expensive and have more operation features and high transmission speed.
Advantages of Modems
Inexpensive hardware and telephone lines
Easy to setup and maintain
Disadvantage of Modems
Very slow performance
bridge, the bridge not only regenerate the frame but it also checks the address of the
destination and forwards the new copy only to the segment to which the destination
address belongs. Ethernet LAN
Hub
Bridge
A bridge device data traffic at a network boundary. Bridges reduce the amount of
on a LAN by dividing it into segments. Key features of a bridge are mentioned
below:
A bridge operates both in physical and data-link layer
A bridge uses a table for /
A bridge does not ℎ the physical (MAC) addresses in a
1. [ ]: Places incoming
frame onto all outgoing ports original incoming port.
2. : Stores the origin of a frame (from which port) and
later uses this information to place frames to that port.
3. : Uses a subset of the LAN topology for a loop-free
operation.
4. : Depends on routing information in frame to place the
frame to an outgoing port.
Destination No
Yes
found in
table?
Forward frame to all
Direction = No
LANs except X
port X?
Forward frame to
Yes correct LAN
Count discarded
frames
1. If the source address is present in the forwarding table, the bridge the
source address and corresponding interface to the table. It then checks the
destination address to determine if it is in the table.
2. If the destination address is listed in the table, it determines if the destination
address is on the same LAN as the source address. If it is, then the bridge
the frame since all the nodes have already received the frame.
3. If the destination address is listed in the table but is on a different LAN than
the source address, then the frame is forwarded to that LAN.
4. If the destination address is not listed in the table, then the bridge forwards the
frame to all the LANs except the one that which originally received the frame.
This process is called .
In some bridges, if the bridge has not accessed an address in the forwarding table over
a period of time, the address is removed to free up memory space on the bridge. This
process is referred to as .
Packets with a source A and destination B are received and discarded, since the node B
is directly connected to the LAN-1, whereas packets from A with a destination C are
forwarded to network LAN-2 by the bridge.
At the time of installation of a transparent bridge, the table is empty. When a packet is
encountered, the bridge checks its source address and build up a table by associating a
source address with a port address to which it is connected. The flowchart explains the
learning process.
Source No
found in
table?
Add source to table
Yes with direction and
timer
Update direction
and timer
Table Building
The table building up operation is illustrated in figure. Initially the table is empty.
Address Port
Node-A Node-B
LAN-1
Node-F
Port-1
Port-3
Bridge
Port-2
Node-E
LAN-2
LAN-3
Node-C Node-D
1. When node A sends a frame to node D, the bridge does not have any entry for
either D or A. The frame goes out from all three ports. The frame floods the
network. However, by looking at the source address, the bridge learns that node
A must be located on the LAN connected to port 1.
This means that frame destined for A (in future), must be sent out through port
1. The bridge adds this entry to its table. The table has its first entry now.
Address Port
A 1
2. When node E sends a frame to node A, the bridge has an entry for A, so it
forwards the frame only to port 1. There is no flooding. Also, it uses the source
address of the frame (E in this case), to add a second entry to the table.
Address Port
A 1
E 3
3. When node B sends a frame to C, the bridge has no entry for C, so once again it
floods the network and adds one more entry to the table.
Address Port
A 1
E 3
B 1
4. The process of learning continues as the bridge forwards frames.
Loop Problem
Forwarding and learning processes work without any problem as long as there is no
redundant bridge in the system. On the other hand, redundancy is desirable from the
viewpoint of reliability, so that the function of a failed bridge is taken over by a
redundant bridge.
The existence of redundant bridges creates the so-called loop problem as shown figure.
Assuming that after initialization tables in both the bridges are empty let us consider
the following steps:
Node-B
LAN-1
Bridge-A Bridge-B
LAN-2
Node-A
1: Node A sends a frame to node B. Both the bridges forward the frame to
LAN 1 and update the table with the source address of A.
2: Now there are two copies of the frame on LAN-1. The copy sent by
Bridge-A is received by Bridge-B and vice versa. As both the bridges have no
information about node B, both will forward the frames to LAN-2.
3: Again both the bridges will forward the frames to LAN-1 because of the
lack of information of the node B in their database and again Step-2 will be
repeated, and so on.
So, the frame will continue to around the two LANs indefinitely.
An Example
Let us walk through the below example for running the spanning tree algorithm on.
Note that some of the LAN segments have a cost 3 times that of others. The following
convention is used for the remaining discussion:
DC means designated cost for a LAN segment
Bridge-# means bridge number
LAN-1 DC = 3
1 1 Root Bridge
Bridge-2 Bridge-1
2
2 3
DC = 3 LAN-2
LAN-3 DC = 1
1
1 1
Bridge-6
Bridge-3 Bridge-4
2
2
2 3
DC = 1 LAN-6
LAN-4 DC = 3
1
Bridge-5
2
LAN-5 DC = 3
Step 1 of the algorithm is already shown in the first picture: Bridge 1 is chosen as the
since all the bridges are assumed to have the same priority. The tie is
broken by choosing the bridge with the smallest ID number.
Next, we determine the root path cost (RPC) for each port on each bridge ℎ ℎ the
bridge. Then each bridge other than the root chooses its port with the lowest RPC
as the root port (RP). Ties are broken by choosing the - port. The root
port is used for all control messages from the root bridge to this particular bridge.
LAN-1 DC = 3
RP RP 1 RPC = 3
1 RPC = 1 1 RPC = 1
Bridge-6
Bridge-3 Bridge-4
2 2 RPC = 2
2 RPC = 4 RPC = 4 3 DC = 1 RP LAN-6
LAN-4 DC = 3
RP
1 RPC = 4
Bridge-5
RPC = 7
2
LAN-5 DC = 3
The root bridge is always the designated bridge for the LAN segments directly attached
to it. The ports by which the root bridge attaches to the LAN segments are thus
designated ports. We assume that no LAN segment attaches to the root bridge by more
than 1 port. Since a root port cannot be chosen as a designated port, do not waste time
even considering root ports as possible designated ports.
In the drawing on the next page, we see that LAN-1, LAN-2, and LAN-3 are directly
attached to the root bridge via ports 1, 2, and 3 respectively on the root bridge. Thus we
only need to consider LAN-4, LAN-5, and LAN-6. LAN-4 could use either port 2 on
Bridge-3 or port 3 on Bridge-4 as its designated port. The DPC for each is 1 since
anything sent from LAN-4 through such a port goes across LAN-3 to the root bridge and
the cost of LAN-3 is just 1.
Since we have a tie for the DP we choose the one on the lowest number bridge. That
means that Bridge-3 is the designated bridge and its port 2 is the designated port for
LAN-3. For LAN-5 there is only one port that could be chosen, so the designated port for
LAN-5 is port 2 on Bridge-5 and the designated bridge is Bridge-5. There is no choice
for LAN-6 either as one port is a root port. Thus the designated port for S6 is the other
one: port 2 on Bridge-4.
LAN-1 DC = 3
1
1 RP 1 RP
DP Bridge-6
DPC = 1
Bridge-3 Bridge-4
2 2
DP 2 DPC = 1 DPC = 1 3 DC = 1 RP LAN-6
LAN-4
DC = 3
1 RP
Bridge-5
2
LAN-5 DC = 3 DP DPC = 4
LAN-1 DC = 3
1 Block 1 DP
Root Bridge
Bridge-2 Bridge-1
2 DP
2 RP 3 DP
DC = 3 LAN-2
LAN-3 DC = 1
1 Block
1 RP 1 RP
DP Bridge-6
Bridge-3 Bridge-4
2 2 RP
DP 2 Block 3 DC = 1 LAN-6
LAN-4
DC = 3
1 RP
Bridge-5
2 DP
LAN-5 DC = 3
Finally, in step 4 each port that is not a root port or designated port is set to be in a
blocking state so that no traffic can flow through it. The blocked ports are X-ed out
above. This, then, produces our spanning tree (no loops). To better see the spanning
tree, the picture can be redrawn as shown on the next page, with the root bridge as the
root of the tree.
FDDI
Ring LAN Bridge
Ethernet LAN
Translational bridges are a type of transparent bridge that connects LANs that use
different protocols at the data link and physical layers, for example, FDDI (Fiber
Distributed Data Interface) and Ethernet.
Token Token
Ring LAN Bridge Ring LAN
Bridge
Token
Ring LAN
Source route bridging is used in token ring networks. A source route bridge links two or
more rings together. There are fundamental characteristics in how a source route bridge
transmits a frame between rings. A source route bridge does not create and maintain
forwarding tables. The decision to forward or drop a frame is based on information
provided in the frame.
The destination station is responsible for maintaining routing tables that define a route
to all workstations on the network. The source workstation is responsible for
determining the path of a frame to its destination. If no route information is available,
then the source station has the ability to perform route discovery to learn the potential
paths that can be taken.
4.4.2 Switches
ℎ is a device that filters and forwards packets between LAN segments. Switch
works at the layer 2 of the OSI model. The main purpose of the switch is to concentrate
connectivity while making data transmission more efficient. Think of the switch as
something that combines the connectivity of a hub with the traffic regulation of a bridge
on each port. Switches makes decisions based on MAC addresses.
A switch is a device that performs switching. Specifically, it forwards and filters OSI
layer 2 datagrams (chunk of data communication) between ports (connected cables)
based on the MAC addresses in the packets.
As discussed earlier, a hub forwards data to all ports, regardless of whether the data is
intended for the system connected to the port. This mechanism is inefficient; and
switches tries to address this issue to some extent. This is different from a hub in that
it only forwards the datagrams to the ports involved in the communications rather than
all ports connected. Strictly speaking, a switch is not capable of routing traffic based on
IP address (layer 3) which is necessary for communicating between network segments
or within a large or complex LAN.
Switch
Data
Data
fragment-free switching read at least 64 bytes of the Ethernet frame before switching it
to avoid forwarding Ethernet runt frames (Ethernet frames smaller than 64 bytes).
4.4.3 Routers
4.4.3.1 What is Router?
are ℎ devices that join multiple together. Technically, a router is
a Layer 3 device, meaning that it connects two or more networks and that the router
operates at the network layer of the OSI model.
Routers maintain a table (called ) of the available routes and their
conditions and use this information along with distance and cost algorithms to
determine the best route for a given packet. Typically, a packet may travel through a
number of network points with routers before arriving at its destination.
The purpose of the router is to examine incoming packets (layer 3), chose the best path
for them through the network, and then switches them to the proper outgoing port.
Routers are the most important traffic controlling devices on large networks.
Routers are networking devices that forward data packets between networks using
headers and to determine the best path to forward the packets.
Routers also provide interconnectivity between and media (networks which
use different protocols).
have just discussed? Second, how is service delivery provided? In the next section, we
address these questions.
Internet
4.4.4 Gateways
The term is used in networking to describe the to the Internet. The
controls traffic that travels from the inside network to the Internet and
provides security from traffic that wants to enter the inside network from the Internet.
A network gateway is an internetworking system which joins two networks that use
different base protocols. A network gateway can be implemented completely in software,
completely in hardware, or as a combination of both. Depending on the types of
protocols they support, network gateways can operate at any level of the OSI model.
Since a gateway (by definition) appears at the edge of a network, related capabilities like
firewalls tend to be integrated with it. On home networks, a router typically serves as
the network gateway although ordinary computers can also be configured to perform
equivalent functions.
Gateway
Sub-Network
Sub-Network Gateway
Sub-Network
As mentioned earlier, the Internet is not a single network but a collection of networks
that communicate with each other through gateways. A gateway is defined as a system
that performs relay functions between networks, as shown in figure above. The different
networks connected to each other through gateways are often called ,
because they are a smaller part of the larger overall network.
With TCP/IP, all interconnections between physical networks are through gateways. An
important point to remember for use later is that gateways route information packets
based on their destination network name, not the destination machine. Gateways are
completely transparent to the user.
If the default gateway becomes unavailable, the system cannot communicate outside its
own subnet, except for with systems that it had established connections with prior to
the failure.
4.4.3.1 Gateway
The between gateway and router is, gateway it is defined as a network
node that allows a network to interface with another network with different protocols. A
router is a device that is capable of sending and receiving data packets between
computer networks, also creating an overlay network.
Gateways and routers are two words are often confused due to their similarities. Both
gateways and routers are used to regulate traffic into more separate networks. However,
these are two different technologies and are used for different purposes.
The term gateway can be used to define two different technologies: gateway and default
gateway. These two terms should not be confused. In terms of communications
network, gateway it is defined as a network node that allows a network to interface with
another network with different protocols. In simple terms, gateway allows two different
networks to communicate with each other. It contains devices such as impedance
protocol translators, rate converters, or signal translators to allow system
interoperability.
A protocol translation/mapping gateway interconnects networks that have different
network protocol technologies. Gateways acts as a network point that acts as an
entrance to another network. The gateway can also allow the network to connect the
computer to the internet. Many routers are available with the gateway technology,
which knows where to direct the packet of data when it arrives at the gateway.
Gateways are often associated with both routers and switches.
4.4.3.2 Router
A router is a device that is capable of sending and receiving data packets between
computer networks, also creating an overlay network. The router connects two or more
data line, so when a packet comes in through one line, the router reads the address
information on the packet and determines the right destination, it then uses the
information in its routing table or routing policy to direct the packet to the next
network. On the internet, routers perform functions. Routers can also
be wireless as well as wired.
The most common type of routers is small office or home routers. These are used for
passing data from the computer to the owner's cable or DSL modem, which is
connected to the internet. Other routers are huge enterprise types that connect large
businesses to powerful routers that forward data to the Internet.
When connected in interconnected networks, the routers exchange data such as
destination addresses by using a dynamic routing protocol. Each router is responsible
for building up a table that lists the preferred routes between any two systems on the
interconnected networks. Routers can also be used to connect two or more logical
groups of computer devices known as subnets. Routers can offer multiple features such
as a DHCP server, NAT, Static Routing, and Wireless Networking.
These days’ routers are mostly available with built-in gateway systems make it easier
for users with them not having to buy separate systems.
4.4.5 Firewalls
The term firewall was derived from and intended to the
of fire from one to another. From the computer security perspective, the Internet is
an unsafe environment; therefore is an excellent metaphor for network
security. A firewall is a system designed to prevent unauthorized access to or from a
private network. Firewalls can be implemented in either hardware or software form, or a
combination of both. Firewalls prevent unauthorized users from accessing private
networks. A firewall sits between the two networks, usually a private network and a
public network such as the Internet.
F
I
R
E
Internal Network W Internet (Unsecure)
A
L
L
The functions of a router, hub and a switch are all quite different from one another,
even if at times they are all integrated into a single device. Let's start with the hub and
the switch since these two devices have similar roles on the network. Each serves as a
central connection for all of your network equipment and handles a data type known as
frames. Frames carry the data. When a frame is received, it is amplified and then
transmitted on to the port of the destination PC. The big difference between these two
devices is in the method in which frames are being delivered.
In a hub, a frame to every one of its ports. It doesn't matter that the frame is
only destined for one port. The hub cannot distinguish which port a frame should be
sent to. Broadcasting it on every port ensures that it will reach its intended destination.
This places a lot of traffic on the network and can lead to poor network response times.
Additionally, a 10/100Mbps hub must share its bandwidth with each and every one of
its ports. So, when only one PC is broadcasting, it will have access to the maximum
available bandwidth. If, however, multiple PCs are broadcasting, then that bandwidth
will need to be divided among all of those systems, which will degrade performance.
A switch, however, keeps a record of the addresses of all the devices connected to
it. With this information, a switch can identify which system is sitting on which port.
So, when a frame is received, it knows exactly which port to send it to, without
significantly increasing network response times. And, unlike a hub, a 10/100Mbps
switch will allocate a full 10/100Mbps to each of its ports. So regardless of the number
of PCs transmitting, users will always have access to the maximum amount of
bandwidth. It's for these reasons why a switch is considered to be a much better choice
than a hub.
are completely different devices. Where a hub or switch is concerned with
transmitting frames, a router's job, as its name implies, is to route packets to other
networks until that packet ultimately reaches its destination. One of the key features of
a packet is that it not only contains data, but the destination address of where it's
going.
A router is typically connected to at least two networks, commonly two Local Area
Networks (LANs) or Wide Area Networks (WAN) or a LAN and its ISP's network, for
example, your PC or workgroup and EarthLink. Routers are located at gateways, the
places where two or more networks connect. Using headers and forwarding tables,
routers determine the best path for forwarding the packets. Router use protocols such
as ICMP to communicate with each other and configure the best route between any two
hosts.
Full Message
Packet Packet
Switch Switch
No Segmentation
Source Destination
Segment
Packet Packet
Switch Switch
With Segmentation
Source Destination
A) Consider sending the message from source to destination without message
segmentation. How long does it take to move the message from the source host to
the first packet switch? Keeping in mind that each switch uses store-and-forward
packet switching, what is the total time to move the message from source host to
destination host?
B) Now suppose that the message is segmented into 5,000 packets, with each
packet being 1,500 bits long. How long does it take to move the first packet from
source host to the first switch? When the first packet is being sent from the first
switch to the second switch, the second packet is being sent from the source host to
the first switch. At what time will the second packet be fully received at the first
switch?
C) How long does it take to move the file from source host to destination host when
message segmentation is used? Compare this result with your answer in part (A)
and comment.
:
×
A) Time to send message from source host to first packet switch = sec = 6 sec.
. ×
With store-and-forward switching, the total time to move message from source host to
destination host = 6 sec × 3 hops = 18 sec.
. ×
B) Time to send 1st packet from source host to first packet switch = sec = 1 msec.
. ×
Time at which second packet is received at the first switch = 1.5 × 10 time at which
first packet is received at the second switch = 2 × 1 msec = 2 msec.
C) Time at which 1st packet is received at the destination host = 1 msec × 3 hops = 3
msec . After this, every 1msec one packet will be received; thus time at which last
(5000 ) packet is received = 3 msec + 4999 × 1 msec = 5.002 sec.
It can be seen that delay in using message segmentation is significantly less (more than
rd).
Question 2: For the following statement, indicate whether the statement is True or
False.
Switches exhibit lower latency than routers.
: True. No routing table look-up, no delays associated with storing data ,
bits flow through the switch essentially as soon as they arrive.
Question 3: Packet switches have queues while circuit switches do not. Is it true or
false?
: False. Routers have queues; switches do not, even though the packet switch
must have more memory than a circuit switch to receive a full packet before it can
forward it on.
Question 4: Consider the arrangement of learning bridges shown in the following
figure. Assuming all are initially empty, give the forwarding tables for each of the
bridges B1-B4 after the following transmissions:
B3 C
A B1 B2
B4 D
D sends to C; A sends to D; C sends to A
: When D sends to C, all bridges see the packet and learn where D is. However,
when A sends to D, the packet is routed directly to D and B3 does not learn where A is.
Similarly, when C sends to A, the packet is routed by B2 towards B1 only, and B4 does
not learn where C is.
The forwarding table for Bridge B1:
Destination Next Hop
A A-Interface
C B2-Interface
D B2-Interface
The forwarding table for Bridge B2:
Destination Next Hop
A B1-Interface
C B3-Interface
D B4-Interface
The forwarding table for Bridge B3:
Destination Next Hop
C C-Interface
D B2-Interface
The forwarding table for Bridge B4:
Destination Next Hop
A B2-Interface
D D-Interface
Question 5: Which type of bridge observes network traffic flow and uses this
information to make future decisions regarding frame forwarding?
A) Remote B) Source routing C) Transparent D) Spanning tree
:C
Question 6: Learning network addresses and converting frame formats are the function
of which device?
A) Switch B) Hub C) MAU D) Bridge
:D
Question 7: The device that can operate in place of a hub is a:
A) Switch B) Bridge C) Router D) Gateway
:A
Question 8: Which of the following is NOT true with respective to a transparent bridge
and a router?
A) Both bridge and router selectively forward data packets
B) A bridge uses IP addresses while a router uses MAC addresses
C) A bridge builds up its routing table by inspecting incoming packets
D) A router can connect between a LAN and a WAN.
: B. Bridge is the device which work at data link layer whereas router works at
network layer. Both selectively forward packets, build routing table and connect
between LAN and WAN but since bridge works at data link it uses MAC addresses to
route whereas router uses IP addresses.
Chapter
LAN Technologies 5
5.1 Introduction
The bottom two layers of the Open Systems Interconnection (OSI) model deal with the
physical structure of the network and the means by which network devices can send
information from one device on a network to another.
The data link layer controls how data packets are sent from one node to another.
Data Data
Sender Receiver
Physical Link
This means that they are not only able to speak, but listen at the same time they are
speaking. All of them will speak and listen at the same time. How is this possible? In
order to sing in harmony, each singer must be able to hear the frequencies being used
by the other singers, and strive to create a frequency with their voice that matches the
desired frequency to create that harmony.
This feed-back of each singer to listen to the collective, and possibly key into a specific
singer's voice is used by them as they sing to create the exact frequency needed, and
ensure their timing is the same as the rest of the singers. All members are able to hear
all other members, and speak at the same time. They are all acting as a -
communications in a broadcast network.
Networks
A point-to-point link consists of a single sender on one end of the link, and a single
receiver at the other end of the link. Many link-layer protocols have been designed for
point-to-point links; PPP (point-to-point protocol) and HDLC (High-level Data Link
Control) are two such protocols.
Now, let us consider a different kind of scenario in which we have a medium which is
shared by a number of users.
Shared Medium
Any user can broadcast the data into the network. Now whenever it is broadcasted
obviously there is a possibility that several users will try to broadcast simultaneously.
This problem can be addressed with medium access control techniques.
Now question arises how different users will send through the shared media. It is
necessary to have a protocol or technique to regulate the transmission from the users.
That means, at a time only one user can send through the media and that has to be
decided with the help of Medium Access Control (MAC) techniques. Medium access
control techniques determines the next user to talk (i.e., transmit into the channel).
A good example is something we are familiar with - a classroom - where teacher(s) and
student(s) share the same, single, broadcast medium. As humans, we have evolved a set
of protocols for sharing the broadcast channel ("Give everyone a chance to speak."
"Don't speak until you are spoken to." "Don't monopolize the conversation." "Raise your
hand if you have question." "Don't interrupt when someone is speaking." "Don't fall
asleep when someone else is talking.").
Similarly, computer networks have protocols called protocols. These
protocols control the nodes data transmission onto the shared broadcast channel.
There are various ways to classify multiple access protocols. Multiple access protocols
can be broadly divided into four types; random, round-robin, reservation and
channelization. These four categories are needed in different situations. Among these
four types, channelization technique is static in nature. We shall discuss each of them
one by one.
Broadcast Multiple Access Techniques
TDMA
Random Access Techniques
FDM
A ALOHA Round-Robin Reservation
CDMA
CSMA Polling R-ALOHA
CSMA/CA
When each node has a fixed flow of information to transmit (for example, a data file
transfer), reservation based access methods are useful as they make an efficient use of
communication resources. If the information to be transmitted is bursty in nature, the
reservation-based access methods are not useful as they waste communication
resources.
Random-access methods are useful for transmitting short messages. The random
access methods give freedom for each to get access to the network whenever the
user has information to send.
5.4.1 ALOHA
Aloha protocol was developed by at . In the
language, Aloha means , , and . University of Hawaii consists
of a number of islands and obviously they cannot setup wired network in these islands.
In the University of Hawaii, there was a centralized computer and there were terminals
distributed to different islands. It was necessary for the central computer to
communicate with the terminals and for that purpose developed a protocol
called ℎ .
Central Node
Random Access
Broadcast
Terminal-1
… Terminal-4
Terminal-2 Terminal-3
Central node and terminals (stations) communicate by using a wireless technique called
. Each of these stations can transmit by using frequency which is
access shared by all the terminals. After receiving the data, the central node
retransmits by using a frequency and that will be received by all terminals.
There are two different types of ALOHA:
1. Pure ALOHA
2. Slotted ALOHA
can listen to broadcasts on the medium, even its own, and determine whether the
frames were transmitted.
A Frame-A.1 Frame-A.2
B Frame-B.1 Frame-B.2
C Frame-C.1 Frame-C.2
D Frame-D.1 Frame-D.2
Time
Collision Durations
As shown in diagram, whenever two frames try to occupy the channel at the same time,
there will be a collision and both will be damaged. If first bit of a new frame overlaps
with just the last bit of a frame almost finished, both frames will be totally destroyed
and both will have to be retransmitted.
No
No
> Got ACK?
K=K+1
Yes Yes
If data was received correctly at the central node, a short acknowledgment packet was
sent to the terminal; if an acknowledgment was not received by a terminal after a short
wait time, it would automatically retransmit the data packet after waiting a randomly
selected time interval. This acknowledgment mechanism was used to detect and correct
for collisions created when two terminals both attempted to send a packet at the same
time.
In pure ALOHA, the stations transmit frames whenever they have data to send.
When two or more stations transmit at the same time, there will be a collision
and the frames will get destroyed.
In pure ALOHA, whenever any station transmits a frame, it expects the
acknowledgement from the receiver.
If acknowledgement is not received within specified time, the station assumes
that the frame has been destroyed.
If the frame is destroyed because of collision the station waits for a random
amount of time and sends it again. This waiting time must be random
otherwise same frames will collide again and again.
Therefore pure ALOHA dictates that when time-out period passes, each station must
wait for a random amount of time before resending its frame. This will
reduce collisions.
Frame-B.1
Frame-A.1
Frame-C.1
t- t t+
Time
Vulnerable Duration=2×
Packet transmitted within this range will overlap with other packets. As a result,
collision will occur and the central node will send the garble packet to terminals.
When the garble packet is received by all terminals; they will know that packet has not
been transmitted successfully and the terminals will perform retransmission. The
retransmission technique is used here whenever there is a collision.
This is about 0.184. So, the best channel utilization with the pure ALOHA protocol is
only 18.4%.
The probability of collision in pure ALOHA is,
1−
Where is the total time which is the sum of propagation and transmission times.
A Frame-A.1 Frame-A.2
B Frame-B.1 Frame-B.2
C Frame-C.1 Frame-C.2
D Frame-D.1
Slots
Time
Frame-B.1
Frame-A.1
Frame-C.1
t- t t+
Time
Vulnerable Duration=
1. 1-Persistent CSMA
2. Non-Persistent CSMA
3. p-Persistent CSMA
Yes
Channel
Busy?
No
Send data
In this method, station that wants to transmit data senses the channel to
check whether the channel is idle or busy. If the channel is busy, the station waits until
it becomes idle. When the station detects an idle-channel, it immediately transmits the
frame with probability 1. Hence it is called 1-persistent CSMA. This method has the
highest chance of collision because two or more nodes may find channel to be idle at
the same time and transmit their frames. When the collision occurs, the nodes wait a
random amount of time and start all over again.
Sense continuously
Frame Time
of 1-Persistent CSMA
The propagation delay greatly affects this protocol. As an example, just after the node-1
begins its transmission, node-2 also ready to send its data and senses the channel. If
the node-1 signal has not yet reached node-2, node-2 will sense the channel to be idle
and will begin its transmission. This will result in collision.
Even if propagation delay is zero, collision will still occur. If two nodes became ready in
the middle of third node's transmission, both nodes will wait until the transmission of
first node ends and then both will begin their transmission exactly simultaneously. This
will also result in collision.
Yes
Channel Wait for
Busy? random time
No
Send data
In non-persistent CSMA, a node senses the channel. If the channel is busy, then the
node waits for a random amount of time and senses the channel again. After the wait
time, if the channel is idle then it sends the packet immediately. If a collision occurs
then the node waits for a random amount of time and start all over again.
In non-persistent CSMA, a node does not sense the channel continuously while it is
busy. Instead, after sensing the busy condition, it waits for a randomly selected interval
of time before sensing again.
Wait Wait
Sense Sense
Sense and send
Frame Time
of Non-Persistent CSMA
It reduces the chance of collision because the stations wait a random amount of time. It
is unlikely that two or more stations will wait for same amount of time and will
retransmit at the same time.
of Non-Persistent CSMA
It reduces the efficiency of network because the channel remains idle when there may
be stations with frames to send. This is due to the fact that the stations wait a random
amount of time after the collision.
Yes
Channel
Busy?
No
No No
Probability ≥ Wait for Channel
? Slot time Busy?
Yes Yes
Whenever a station becomes ready to send, it senses the channel. If channel is busy,
station waits until next slot. If channel is idle, it transmits with a probability . With the
probability = − , the station then waits for the beginning of the next time slot. If the
next slot is also idle, it either transmits or waits again with probabilities and .
This process is repeated till either frame has been transmitted or another station has
begun transmitting. In case of the transmission by another station, the station acts as
though a collision has occurred and it waits a random amount of time and starts again.
Probability does not allow transmission
Sense continuously
Time Slots
Frame Time
This method is used when channel has time slots such that the time slot duration is
equal to or greater than the maximum propagation delay time.
of p-persistent CSMA
It reduces the chance of collision and improves the efficiency of the network.
Time
Channel busy Idle Channel
random intervals. This reduces the probability of a collision after the first retry. The
nodes are not supposed to transmit immediately after the collision has occurred.
Otherwise there is a possibility that the same frames would collide again.
CSMA/CD uses the electric activity on the cable to find the status of the channel. A
collision is detected by the of the received pulse and then comparing it with the
transmitted signal power.
After the collision is detected, the node stops transmitting and waits random amount of
time ( - time) and then sends its data again assuming that no other station is
transmitting in this time. This time slot called slot. If the collision occurs
again then the back-off delay time is progressively.
1. If the channel is idle, transmit; otherwise, go to Step 2.
2. If the channel is busy, continue sensing until the channel is idle, and then
transmit immediately.
3. If a collision is detected during transmission, send a jam signal to other nodes
sharing the medium saying that there has been a collision and then stop
transmission.
4. After sending the jam signal, wait for a random amount of time, then try
sending again.
Sent data
collision found?
Choose a random
number R between 0 Yes
No
and 2 − 1
Send and receive
No
Send a Yes Collision
> K=K+1 jam signal found?
Yes No
is generally set to 15
Abort Success
cannot detect the collision. So, the only solution for wireless networks is collision
avoidance. In the previous section, we have seen that CSMA/CD deals with
transmissions after a collision has occurred. But, CSMA/CA acts to prevent collisions
before they happen.
In CSMA/CA, a station will signal its intention to transmit before it actually transmits data.
In this way, stations will sense when a collision might occur; this allows them to avoid
transmission collisions. Unfortunately, this broadcasting of the intention to transmit data
increases the amount of traffic on the channel and slows down network performance.
CSMA/CA avoids the collisions using three basic concepts.
1. Inter-frame space (IFS)
2. Contention window
3. Acknowledgements
5.4.4.3 Acknowledgements
Despite all the precautions, collisions may occur and destroy the data. The positive
acknowledgment and the time-out timer can help guarantee that receiver has received
the frame.
idle, then the packet is sent. If the channel is not idle, the stations waits for a randomly
chosen period of time, and then checks again to see if the channel is idle. This period of
time is called the - factor, and is counted down by a - counter.
Start
K: Number of attempts [back-off counter] Station has
: Maximum propagation time data to send
: Average transmission time for a frame
: Back-off time K= 0
No
Channel Idle?
Yes
No
Channel Still
Idle?
Yes
Choose a random
Contention window
number R between 0
size is 2 − 1
and 2 − 1
Send frameS
Wait time-out
No
No
K>15? K=K+1 Got ?
Yes Yes
Abort Success
If the channel is idle when the - counter reaches , the node transmits the
packet. If the channel is not idle when the - counter reaches , the -
factor is set again, and the process is repeated.
t t
… Common Channel
Data
f f
… …
Source-4
Source-3
t
t
At the receiving end of the system, bandpass filters are used to pass the desired signal
(the signal in the appropriate frequency sub-band) to the appropriate user and to block
all the unwanted signals.
It is also appropriate to design an FDM system so that the bandwidth allocated to each
sub-band is slightly larger than the bandwidth needed by each source. This extra
bandwidth is called a - .
As we can see in figure, FDM divides one channel (with frequency between 0 Hz and 3000
Hz) into several sub-channels including the Guard-band. Guard-band acts as a
delimiter for each logical sub-channel so that the interference (crosstalk) from other
sub-channel can be minimized.
Modulator-1:
Generates a
signal in the
Source-1 frequency sub-
band between Guard-band
2000Hz and
2800Hz
Modulator -2:
Generates a
Channel capable of
signal in the
passing frequency
Source-2 frequency sub-
between 0 Hz and
band between
3000Hz
1000Hz and
1800Hz
Modulator -3:
Generates a
Source-3 signal in the
frequency sub-
band between 0
Hz and 800 Hz
For example, the multiplexed circuit is divided into 3 frequencies. Channel #1 (for
Source-1) using 0-800 Hz for its data transfer and delimited by 200 Hz Guard-band.
Channel #2 (for Source-2) using 1000-1800 Hz and delimited by 200 Hz too; and so on.
In regards to speed, we simply need to divide the main circuit amongst the available
sub-channels. For example, if we have a 64 Kbps physical circuit and wanted to use 4
sub-channels, each sub-channel will have 16 Kbps.
However, Guard-band is also using this 64 Kbps physical circuit and therefore each
channel will be using only 15 Kbps with 4 Guard-bands (1 Kbps per Guard-band). This
calculation depends on the specification.
Now, normally for each of these channels a frequency is statically allocated but if the
traffic is burst that means all the channels do not have data to send all the time. In
such a case there can be under utilization of the channels because a channel is
statically or permanently allocated to a particular station or user.
Code
Channel-n
Channel-1
Channel-2
Frequency
……
Time
What can be done to improve the utilization? Solution would be, instead of statically
allocating a channel to a station the channels can be assigned on demand.
That means not only the overall bandwidth is divided into a number of channels but
each channel can be allocated to a number of stations or users. If we have a number of
channels, we can use the below equation to find the number of channels that can be
used.
( × )
Number of channels, =
This is how we get the total number of channels that is possible in Frequency Division
Multiplexing.
If we have channels, since each channel can be shared by more than one user the
total number of stations that can be provided a service can be greater than . If it is
statically allocated then the total number of number of stations that can be used in
service is equal to .
However, since this is allocated or assigned dynamically on demand the total number of
stations can be larger than the number of channels. This is possible only when the
traffic is bursty and if the traffic is streamed (continuously sent) then of course it
cannot be done.
f f
Source-1 Source-2
… …
t t
… Common Channel
t
Data
f f
… …
Source-3 Source-4
t t
As an example, consider a channel with speed 192 kbit/sec from Hyderabad to Delhi.
Suppose that three sources, all located in Hyderabad, each have 64 kbit/sec of data
and they want to transmit to individual users in Delhi. As shown in Figure 7-2, the
high-bit-rate channel can be divided into a series of time slots, and the time slots can be
alternately used by the three sources.
The three sources are thus capable of sending all of their data across the single, shared
channel. Clearly, at the other end of the channel (in this case, in Delhi), the process
must be reversed (i.e., the system must divide the 192 kbit/sec multiplexed data stream
back into the original three 64 kbit/sec data streams, which are then provided to three
different users). This reverse process is called .
a a a
a a a
Demultiplexer
Multiplexer
a b c a b c a b c
c c c
c c c
Low-bit-rate
Low-bit-rate
input channels
output channels
Choosing the proper size for the time slots involves a trade-off between efficiency and
delay. If the time slots are too small (say, one bit long) then the multiplexer must be fast
enough and powerful enough to be constantly switching between sources (and the
demultiplexer must be fast enough and powerful enough to be constantly switching
between users).
If the time slots are larger than one bit, data from each source must be stored (buffered)
while other sources are using the channel. This storage will produce delay.
If the time slots are too large, then a significant delay will be introduced between each
source and its user.
If we assign the stream enough slots for its peak rate (that is, for 50 kbit/sec), then we
will be wasting slots when the rate drops well below the peak value. This waste will be
high if the system has many variable-speed low-bit-rate streams.
Statistical TDM works by calculating the average transmission rates of the streams to
be combined, and then uses a high-speed multiplexing link with a transmission rate
that is equal to (or slightly greater than) the statistical average of the combined streams.
Since the transmission rates from each source are variable, we no longer assign a fixed
number of time slots to each data stream.
If it is done dynamically based on demand then we call it time division multiple access.
That means a particular channel can be shared by a number of stations or users. We
are dividing into different time slots and each of these time slots can be shared by more
than one station or user. That technique called TDMA or Time Division Multiple Access.
Code
Channel-n
Channel-2
Channel-1
Frequency
Time
If we have a number of channels, we can use the below equation to find the number of
channels that can be used.
×( × )
Number of channels, =
This is how we get the total number of channels that is possible in Time Division
Multiplexing.
Through
Antenna
Block diagram of CDMA system is shown in figure. Since the human speech is in the
analog signal, it has to be first converted into digital form. This function is performed by
5.5 Static Channelization Techniques 122
Elements of Computer Networking LAN Technologies
the source encoding module. After the source information is coded into a digital form,
redundancy needs to be added to this digital message or data. This is done to improve
performance of the communication system (due to noise).
⊗ ⊗
Multipliers
Data
Common Channel
⊗ ⊗
+1, +1, +1, +1 +1, -1, +1, -1 +1, +1, -1, -1 +1, -1, -1, +1
For , multiplying the chip sequence +1, +1, +1, +1 with -1 becomes -1, -1 -1, -1. On
the other hand, for multiplying +1 with +1, -1, +1 -1 becomes +1, -1, +1 -1. Then for
, multiplying -1 with the chip sequence +1, +1, -1, -1 becomes -1, -1, +1, +1. For , it
is multiplied with +1. That means, multiplying +1 with the chip sequence +1, -1, -1, +1
becomes +1, -1, -1, +1.
⊗ Multipliers ⊗
Data
Common Channel
⊗ ⊗
Now these are added bit by bit and for the first bit we can see that sum of +1, -1, +1, -1
becomes 0. For the second bit, -1, -1, -1, -1 becomes -4 (we have to add all the four).
Similarly, for third bit -1, +1, +1, -1 it is 0 and for fourth bit –1, -1, +1, +1 it is 0.
Code
+1, +1, +1, +1
Source-1
Code
+1, -1, +1, -1
Source-3
Code
+1, -1, -1, +1
Source-4
The final composite signal corresponds to 0, -4, 0, 0 and this can be sent over the
medium. After it is received; the same chip sequences (which were used before
transmission) are used for demultiplexing.
5.5 Static Channelization Techniques 124
Elements of Computer Networking LAN Technologies
Code
+1, +1, +1, +1 Divide
with 4
⊗ 0, -4, 0, 0 -4 -1 0
Code
+1, -1, +1, -1 Divide
with 4
⊗ 0, +4, 0, +4 +1 0
0, -4, 0, 0
⊕ Code
+1, +1, -1, -1
Divide
with 4
⊗ 0, -4, 0, 0 -4 -1 0
Code
+1, -1, -1, +1 Divide
with 4
⊗ 0, +4, 0, +4 +1 1
using an antenna. This is how the transmission is performed and as we can see the
bandwidth here is at times the bandwidth of each of the channels.
At the receiving end; signals from all the transmitters are being received by antenna
and then the composite signal is multiplied with the digital demodulator. After
demodulation we get the composite signal and that is multiplied with unique pseudo
random binary sequence. After multiplying with the same pseudo random sequence we
get the original signal back. Of course it will have some noise because of interference
and other problems but we get back the binary information.
Let's consider one other operation—a cyclic shift. Let the notation [ ] indicates
the sequence of bits [ ] cyclically shifted places to the right. For example,
[ ]=[ … ]
[ ] =[ … ]
[ ] = …
The third desirable property of a chip sequence is that the -bit sequence
produced by [ ] ⊕ [ ] should exhibit balance for all non-zero values of less
than (the number of 1’s in [ ] ⊕ [ ] should differ from the number of 0’s by
no more than one for any value 1 ≤ j ≤ – 1).
Why does the property help ensure and ?
Since ⊕ of two bits produces a if both bits are the same (if both bits are 0’s or if
both bits are 1’s) and produces a if the two bits are different (if one of the bits is 0
and the other is 1). If a sequence of bits is truly random and independent, then
cyclically shifting the sequence by an arbitrary number of places; performing a bit-by-
bit comparison of the original; and shifted sequences should produce the same number
of agreements (the values of the two bits are the same) as disagreements (the values of
the two bits are different). Of course, if the sequence contains an odd number of bits,
the number of agreements and disagreements will have to differ by at least one.
As shown above, adding them would give 4 and dividing the result with number of bits
gives 1. So, we found that multiplying same chip sequences would give 1. Also, if we
multiply with the complement then we get 0. That means;
. =1
. = 0; if ≠
. =0
This is the ℎ property that is to be satisfied by the chip sequences, only then
the multiplexing and demultiplexing is possible. In other words transmission and
subsequent recovery at the receiving end is possible only when this ℎ property
is satisfied.
5.6 LocalTalk
LocalTalk is a network protocol developed by for ℎ computers. Older
computers can be connected through a serial port with special twisted pair cable and
adapters. The main disadvantage of LocalTalk is the speed (230 Kbps).
Although LocalTalk networks are slow, they are popular because they are easy and
inexpensive to install and maintain.
5.7 Ethernet
The most popular set of protocols for the Physical and Data Link layers is Ethernet.
Ethernet operates at the first two layers of the OSI model: Physical and Data Link
layers. Initially, Ethernet was given a name ℎ . Ethernet was created by
(in 1973). Metcalfe thought the name ℎ suitable because the cable
used to build a network is a passive medium that permits the propagation of data.
5.6 LocalTalk 128
Elements of Computer Networking LAN Technologies
The cost of an Ethernet port on a node is very low compared to other technologies.
Many vendors build Ethernet into the motherboard of the computer so that it is not
necessary to purchase a separate NIC.
In Ethernet, both the data link and the physical layers are involved in the creation and
transmission of frames. The physical layer is related to the type of LAN cabling and how
the bits are transmitted and received on the cable. Ethernet divides the Data Link layer
into two separate layers:
Logical Link Control (LLC) layer
Medium Access Control (MAC) layer
The MAC sublayer address is the physical hardware address of the source and
destination computer. All devices on a LAN must be identified by a unique MAC
address. This sublayer controls which computer devices send and receive the data and
allows NICs to communicate with the physical layer. The next level of processing is the
LLC sublayer. It is responsible for identifying and passing data to the network layer
protocol.
ℎ :
ℎ : ℎ :
For example, 10BaseT Ethernet protocol uses 10 for the speed of transmission at 10
megabits per second [Mbps], the for [means it has full control of the wire
on a single frequency], and the for cable.
ℎ :
100BaseT 100 Mbps over Twisted-pair category 5
100BaseFX 100 Mbps over fiber optic cable
100BaseSX 100 Mbps over multimode fiber optic cable
100BaseBX 100 Mbps over single mode fiber cable
ℎ :
1000BaseT 1000 Mbps over 2-pair category 5
1000BaseTX 1000 Mbps over 2-pair category 6
1000BaseFX 1000 Mbps over fiber optic cable
1000BaseSX 1000 Mbps over multimode fiber cable
1000BaseBX 1000 Mbps over single mode fiber cable
The choice of an Ethernet technology depends on parameters like: location and size of
user communities, bandwidth, and QoS requirements.
a previous query. The advantage of full-duplex Ethernet is that the transmission rate is
theoretically double what it is on a half-duplex link.
Full-duplex operation requires the cabling to dedicate one wire pair for transmitting and
another for receiving. Full-duplex operation does not work on cables with only one path
(for example, coaxial cable).
10BASE-
10BASE-FB 10BASE-FL Old FOIRL
FP
Backbone or
Repeater- Repeater-
Topology Star repeater
repeater link repeater link
system
Maximum cable
500 2000 2000 1000
length (in meters)
Allows end system
Yes No No No
connections?
Allows cascaded
No Yes No No
repeaters?
Maximum collision
2500 2500 2500 2500
domain (in meters)
Size in Bytes
Frame field Description
Indicates the start of a new frame and establishes
synchronization conditions between devices. The last byte, or
Preamble
start frame delimiter, always has a 10101011-bit pattern. This
byte indicates the start of a frame.
Destination Address The Destination Address is the hardware (MAC) address of the
(DA) receiving device.
Source Address (SA) Specifies the hardware (MAC) address of the sending device.
The Type field specifies the network layer protocol used to send
Type
the frame, for example TCP/IP.
The Data field is for the actual data being transmitted from
Data device to device. It also contains information used by the
network layer and indicates the type of connection.
Frame Check Sequence Contains CRC error-checking information.
Size in Bytes
Frame field Description
Indicates the start of a new frame and establishes
synchronization conditions between devices. The last byte, or
Preamble
start frame delimiter, always has a 10101011-bit pattern. This
byte indicates the start of a frame (same as DIX frame).
The Start Frame Delimiter (SFD) has the same 10101011-bit
sequence found at the end of the DIX preamble. Both formats
Start Frame Delimiter
use the same number of bytes to perform the synchronization
of the signals.
The Destination address can be either 2 or 6 bytes. Whether 2
Destination Address or 6 bytes are used, all devices within the same network must
(DA) use the same format. IEEE protocols specify that a 10Mbs
network must use 6 bytes. The 2 byte length is obsolete.
Source Address (SA) Same as DA.
The Length field indicates the number of bytes in the data
field. If the data field is less than the required 46 bytes, a pad
Length
field is added to the data frame. The bytes added for padding
purposes are usually zeros.
The Data field is for the actual data being transmitted from
Data and Padding device to device. It also contains information used by the
network layer and indicates the type of connection.
Frame Check Sequence Contains CRC error-checking information (same as DIX frame).
It should be noted that if one device uses an IEEE 802.3 NIC and the other device uses a DIX
Ethernet NIC, they would not be able to communicate with one another. Devices must create the
same Ethernet frame format in order to be compatible. One way to tell them apart is that the DIX
frame has a field, which defines the protocol used for the frame, and IEEE 802.3 has a ℎ
field in its place. IEEE 802.3 also has additional fields not used with the DIX format.
Size in Bytes
Size in Bytes
particular server on the network. They are the only devices that receive frames
announcing the availability of that server. Any device that does not belong to this group
will ignore or discard these frames.
A frame is addressed for all network devices to read and process. A broadcast
address is a unique address used only for broadcast frames. It is not a hardware
address. Broadcast frames are transmitted across bridges and switches; but, routers
will stop broadcast frames.
3. Destination makes a
1. Sender holding token
copy of data and passes
sends bits of frame
4. Sender receives
bits of frame
When a computer wants to send data to another computer, it waits for the token to
come around and then attaches its data to it. The token is then passed to the next
computer in the ring until it reaches the recipient computer. The recipient attaches two
bits of data to the token to inform the sender that the data was received. Other
computers can't send data until the ring is free again.
4 1
Free Token
5 6
At the start, an empty information frames are continuously circulated on the ring. To
use the network, a machine first has to capture the free Token and replace the data
with its own message.
3 2
Data Frame
4 1
5 6
In the example above, machine 1 wants to send some data to machine 4, so it first has
to capture the free Token. It then writes its data and the recipient's address onto the
Token.
3 2
Data Frame
4 1
5 6
The packet of data is then sent to machine 2 who reads the address, realizes it is not its
own, so passes it on to machine 3.
3 2
Data Frame
4 1
5 6
3 2
4 1
Data Frame
5 6
This time it is the correct address and so machine 4 reads the message. It cannot,
however, release a free Token on to the ring; it must first send the frame back to
machine 1 with an acknowledgement to say that it has received the data.
3 2
4 1
Data Frame
5 6
The receipt is then sent to machine 5 who checks the address, realizes that it is not its
own and so forwards it on to the next machine in the ring, machine 6.
Machine 6 does the same and forwards the data to machine 1, who sent the original
message.
Machine 1 recognizes the address, reads the acknowledgement from number 4 and then
releases the free Token back on to the ring ready for the next machine to use.
3 2
4 1
Data Frame
5 6
Hub
The Token still circulates around the network and is still controlled in the same
manner. Using a hub or a switch greatly improves reliability because the hub can
automatically bypass any ports that are disconnected or have a cabling fault.
Size in Bytes
Size in Bytes
5.8.5.1 Multiple-Token
In multiple-token mode, the transmitting machine generates a new free token and
places it on the ring immediately following the last bit of transmitting data. This type of
operation allows several busy tokens and one free token on the ring at the same time.
5.8.5.2 Single-Token
Single-token operation requires that a transmitting machine wait until it has cleared its
own busy token before generating a new free token. If a packet is longer than the ring
latency, however, the machine will receive (and erase) its busy token before it has
finished transmitting data.
In this case, the machine must continue transmitting data and generate a new free
token only after the last data bit has been transmitted. This is the same as multiple-
token operation. Thus single-token and multiple-token operation differ only in cases for
which the packet is shorted than the ring latency.
5.8.5.3 Single-Packet
For single-packet operation, a machine does not issue a new free token until after it has
circulated completely around the ring and erased its entire transmitted packet. This
type of operation is the most conservative of the three in ensuring that two
transmissions do not interfere.
Both single-packet and single-token operation ensure that there is only a single token
on the ring at any given time, but the difference is that single-packet operation requires
that the complete packet be cleared before generating a new free token.
= 100 ×
+
Usually the time to send a token is small compared to the time to send a frame, so percent utilization
is close to 100%.
Data Received 0 0 0 1 0 1 1 0
An example consider the figure above. It shows the effect of a single-bit error on a data
unit. To understand the impact of the change, imagine that each group of 8 bits is an
ASCII character with a 0 bit added to the left. In figure, 00110110 was sent but
00010110 was received.
The term (or - error) means that 2 or more bits in the data unit have
changed from 1 to 0 or from 0 to 1. Figure shows the effect of a burst error on a data
unit.
A burst error means that 2 or more bits in the data unit have changed.
Data Sent 0 0 1 1 0 1 1 0
Data Received 1 0 0 1 0 0 1 0
In this case, 00110110 was sent, but 10010010 was received. Note that a burst error
does not necessarily mean that the errors occur in consecutive bits. The length of the
burst is measured from the first corrupted bit to the last corrupted bit. Some bits in
between may not have been corrupted.
5.9.1 Redundancy
The basic idea in detecting or correcting errors is redundancy. To be able to detect or
correct errors, we need to send some extra bits with our data. These redundant bits are
added by the sender and removed by the receiver. Their presence allows the receiver to
detect or correct corrupted bits.
the bits in the frame will thus be 1, and the error is detected. In fact, the single parity
check is sufficient to detect any odd number of transmission errors in the received
frame.
1 0 0 1 1 0 0 1 0
1 1 0 1 0 1 1 0 1
0 0 1 0 0 1 0 1 1
0 1 0 1 0 0 0 1 1 Row Parity Check
1 0 0 1 0 0 1 0 1
0 1 0 0 0 1 0 1 1
1 1 1 0 1 0 1 1 0
0 0 0 0 0 1 1 1 1
Column parity check
Column Parity Check
on Row parity checks
5.9.6 Checksums
A checksum is a value which is computed which allows you to check the validity of
something. Checksums take on various forms, depending upon the nature of the
transmission and the needed reliability. For example, the simplest checksum is to sum
up all the bytes of a transmission, computing the sum in an 8-bit counter. This value is
appended as the last byte of the transmission.
The idea is that upon receipt of bytes, you sum up the first − 1 bytes, and see if the
answer is the same as the last byte. Since this is a bit awkward, a variant on this theme
is to, on transmission, sum up all the bytes, the (treating the byte as a signed, 8-bit
value) negate the checksum byte before transmitting it. This means that the sum of all
n bytes should be 0.
These techniques are not terribly reliable; for example, if the packet is known to be 64
bits in length, and you receive 64 '\0' bytes, the sum is 0, so the result must be correct.
Of course, if there is a hardware failure that simply fails to transmit the data bytes
(particularly easy on synchronous transmission, where no "start bit" is involved), then
the fact that you receive a packet of 64 0 bytes with a checksum result of 0 is
misleading; you think you've received a valid packet and you've received nothing at all.
A solution to this is to do something like negate the checksum value computed, subtract 1
from it, and expect that the result of the receiver's checksum of the n bytes is 0xFF (-1, as a
signed 8-bit value). This means that the 0-lossage problem got resolved. As an another
example, let's say the checksum of a packet is 1 byte long. A byte is made up of 8 bits, and
each bit can be in one of two states, leading to a total of 256 (28 ) possible combinations.
Since the first combination equals zero, a byte can have a maximum value of 255.
If the sum of the other bytes in the packet is 255 or less, then the checksum
contains that exact value.
If the sum of the other bytes is more than 255, then the checksum is the
remainder of the total value after it has been divided by 256.
The Cyclic Redundancy Check is the most powerful of the redundancy checking techniques,
the CRC is based on binary division. In CRC a sequence of redundant bits, called the or
the is appended to the end of a data stream. The resulting data becomes
exactly divisible by a second, predetermined binary number.
At its destination, the incoming data is divided by the same number. The diagram below will
show you the sequence of events that takes place when using CRC.
CRC technique is also applicable to data storage devices, such as a disk drive. In this
situation each block on the disk would have check bits, and the hardware might
automatically initiate a reread of the block when an error is detected, or it might report the
error to software.
then check the data by repeating the calculation, dividing by the key word , and verifying
that the remainder is . The only novel aspect of the CRC process is that it uses a simplified
form of arithmetic, which we'll explain below, in order to perform the division.
By the way, this method of checking for errors is obviously not foolproof, because there are
many different message strings that give a remainder of when divided by . In fact, about 1
out of every randomly selected strings will give any specific remainder. Thus, if our
message string is garbled in transmission, there is a chance (about , assuming the
corrupted message is random) that the garbled version would agree with the check word. In
such a case the error would go undetected. Nevertheless, by making large enough, the
chances of a random error going undetected can be made extremely small. That's really all
there is to it. The rest of our discussion will consist simply of refining this basic idea to
improve its effectiveness.
When discussing CRCs it's customary to present the key word in the form of a
whose coefficients are the binary bits of the number . For example, suppose we
want our CRC to use the key = 37. This number written in binary is 100101, and
expressed as a polynomial it is + + 1.
In order to implement a CRC based on this polynomial, the transmitter and receiver must
have agreed in advance that this is the key word they intend to use. So, for the sake of
discussion, let's say we have agreed to use the generator polynomial 100101.
By the way, it's worth noting that that the remainder of any word divided by a 6-bit word will
contain no more than 5 bits, so our CRC words based on the polynomial 100101 will always
fit into 5 bits. Therefore, a CRC system based on this polynomial would be called a 5 −
CRC. In general, a polynomial with bits leads to a − 1 CRC.
Now suppose I want to send you a message consisting of the string of bits = 0010 1100
0101 0111 0100 011, and I also want to send you some additional information that will allow
you to check the received string for correctness.
Using our agreed key word = 100101, I'll simply by to form the remainder ,
which will constitute the CRC check word. However, we are going to use a simplified kind of
division that is particularly well-suited to the binary form in which digital data is expressed.
If we interpret as an ordinary integer (37), it's binary representation, 100101, is really
shorthand for
(1)2 + (0) 2 + (0) 2 + (1) 2 + (0) 2 + (1) 2
Every integer can be expressed uniquely in this way, i.e., as a polynomial in the base 2 with
coefficients that are either 0 or 1. This is a very powerful form of representation, but it's
actually more powerful than we need for purposes of performing a data check.
Also, operations on numbers like this can be somewhat laborious, because they involve
borrows and carries in order to ensure that the coefficients are always either 0 or 1. (The
same is true for decimal arithmetic, except that all the digits are required to be in the range 0
to 9.)
To make things simpler, let's interpret our message , key word , and remainder , not
as actual integers, but as abstract polynomials in a dummy variable (rather than a
definite base like 2 for binary numbers or 10 for decimal numbers).
Also, we'll simplify even further by agreeing to pay attention only to the parity of the
coefficients, i.e., if a coefficient is an odd number we will simply regard it as 1, and if it is an
even number we will regard it as 0.
This is a tremendous simplification, because now we don't have to worry about borrows and
carries when performing arithmetic. This is because every integer coefficient must obviously
be either odd or even, so it's automatically either 0 or 1.
To give just a brief illustration, consider the two polynomials + + 1 and + + 1. If
we multiply these together by the ordinary rules of algebra we get
( + + 1)( + + 1) = + +2 +2 +2 +1
but according to our simplification we are going to call every coefficient 0, so the result
of the multiplication is simply + + 1. You might wonder if this simplified way of doing
things is really self-consistent.
5.9 Error Detection Techniques 148
Elements of Computer Networking LAN Technologies
For example, can we divide the product + + 1 by one of its factors, say, + + 1, to give
the other factor? The answer is yes, and it's much simpler than ordinary long division. To
divide the polynomial 110001 by 111 (which is the shorthand way of expressing our
polynomials) we simply apply the bit-wise exclusive-OR operation repeatedly as follows
111 110001
111
0010
000
0100
111
0111
111
000
This is exactly like ordinary long division, only simpler, because at each stage we just need to
check whether the leading bit of the current three bits is 0 or 1. If it's 0, we place a 0 in the
quotient and the current bits with 000. If it's 1, we place a 1 in the quotient
and the current bits with the divisor, which in this case is 111.
As can be seen, the result of dividing 110001 by 111 is 1011, which was our other factor, +
+ 1, leaving a remainder of 000. (This kind of arithmetic is called the arithmetic of
polynomials with coefficients from the field of integers modulo 2.)
So now let us concentrate on performing a CRC calculation with the message string and
key word defined above. We simply need to divide by using our simplified polynomial
arithmetic.
In fact, it's even simpler, because we don't really need to keep track of the quotient - all we
really need is the remainder. So we simply need to perform a sequence of 6-bit
with our key word , beginning from the left-most 1 of the message string, and at each
stage thereafter bringing down enough bits from the message string to make a 6-bit word
with leading 1. The entire computation is shown below:
00101 0 0 1 0 1 1 0 0 0 1 0 1 0 1 1 1 0 1 0 0 0 1 1
100101
00100101
100101
0000000101110
100101
00101110
100101
00101100
100101
001 00111
1 00101
0 0 0 0 1 0 remainder = CRC
Our CRC word is simply the remainder, i.e., the result of the last 6-bit exclusive OR
operation. Of course, the leading bit of this result is always 0, so we really only need the
last five bits. This is why a 6-bit key word leads to a 5-bit CRC. In this case, the CRC
word for this message string is 00010, so when we transmit the message word we will
also send this corresponding CRC word.
When you receive them you can repeat the above calculation on with our agreed
generator polynomial and verify that the resulting remainder agrees with the CRC
word weincluded in our transmission.
What we've just done is a perfectly fine CRC calculation, and many actual
implementations work exactly that way, but there is one potential drawback in our
method. As you can see, the computation shown above totally ignores any number of
"0"s ahead of the first 1 bit in the message. It so happens that many data strings in real
applications are likely to begin with a long series of "0"s, so it's a little bothersome that
the algorithm isn't working very hard in such cases.
To avoid this , we can agree in advance that before computing our -bit CRC we
will always begin by exclusive the leading n bits of the message string with a
string of "1"s. With this convention (which of course must be agreed by the
transmitter and the receiver in advance) our previous example would be evaluated as
follows
0100000
100101
000101001
100101
00110001
100101
0101000
100101
00110111
100101
0100101
100101
0000000100011
100101
0 0 0 1 1 0 remainder = CRC
So with the convention, the 5-bit CRC word for this message string
based on the generator polynomial 100101 is 00110. That's really all there is to
computing a CRC, and many commercial applications work exactly as we've described.
People sometimes use various table-lookup routines to speed up the divisions, but that
doesn't alter the basic computation or change the result. In addition, people sometimes
agree to various non-standard conventions, such as interpreting the bits in reverse
order, but the essential computation is still the same. (Of course, it's crucial for the
transmitter and receiver to agree in advance on any unusual conventions they intend to
observe.)
Now that we've seen how to compute CRC's for a given key polynomial, it's natural to
wonder whether some key polynomials work better (i.e., give more robust ℎ ) than
others. From one point of view the answer is obviously yes, because the larger our key
word, the less likely it is that corrupted data will go undetected. By appending an -bit
CRC to our message string we are increasing the total number of possible strings by a
factor of 2 , but we aren't increasing the degrees of freedom, since each message string
has a unique CRC word. Therefore, we have established a situation in which only 1 out
of 2 total strings ( + ) is valid. Notice that if we append our CRC word to our
message word, the result is a multiple of our generator polynomial. Thus, of all possible
combined strings, only multiples of the generator polynomial are valid.
So, if we assume that any corruption of our data affects our string in a completely
random way, i.e., such that the corrupted string is totally uncorrelated with the original
string, then the probability of a corrupted string going undetected is 1/(2 ). This is the
basis on which people say a 16-bit CRC has a probability of 1/(2 ) = 1.5E-5 of failing to
detect an error in the data, and a 32-bit CRC has a probability of 1/(2 ), which is
about 2.3E-10 (less than one in a billion).
Since most digital systems are designed around blocks of 8-bit words (called ), it's
most common to find key words whose lengths are a multiple of 8 bits. The two most
common lengths in practice are 16-bit and 32-bit CRCs (so the corresponding generator
polynomials have 17 and 33 bits respectively). A few specific polynomials have come
into widespread use. For 16-bit CRCs one of the most popular key words is
10001000000100001, and for 32-bit CRCs one of the most popular is
100000100110000010001110110110111. In the form of explicit polynomials these
would be written as
+ + +1
and
+ + + + + + + + + + + + + +1
The 16-bit polynomial is known as the 25 , and the 32-bit polynomial is the
ℎ , and both are widely used in all sorts of applications. (Another
common 16-bit key polynomial familiar to many modem operators is
11000000000000101, which is the basis of the − 16 protocol). These polynomials
are certainly not unique in being suitable for CRC calculations, but it's probably a good
idea to use one of the established standards, to take advantage of all the experience
accumulated over many years of use.
Nevertheless, we may still be curious to know how these particular polynomials were
chosen. It so happens that one could use just about ANY polynomial of a certain degree
and achieve most of the error detection benefits of the standard polynomials. For
example, -bit CRC will certainly catch any single of m consecutive
for any less than , basically because a smaller polynomial can't be a multiple of
a larger polynomial. Also, we can ensure the detection of any odd number of bits simply
by using a generator polynomial that is a multiple of the , which is +
1. A polynomial of our simplified kind is a multiple of + 1 if and only if it has an even
number of terms.
It's interesting to note that the standard 16-bit polynomials both include this parity
check, whereas the standard 32-bit CRC does not. It might seem that this represents a
shortcoming of the 32-bit standard, but it really doesn't, because the inclusion of a
parity check comes at the cost of some other desirable characteristics. In particular,
much emphasis has been placed on the detection of two separated single-bit errors, and
the standard CRC polynomials were basically chosen to be as robust as possible in
detecting such double-errors. Notice that the basic E representing two
5.9 Error Detection Techniques 151
Elements of Computer Networking LAN Technologies
: In normal token ring operation, a station sending information holds the token
until the sending data circles the entire ring. After the sending station strips the data
from the ring, it then issues a free token.
With Early Token Release (ETR), a token is released immediately after the sending
station transmits its frame. This allows for improved performance, since there is no
delay in the downstream neighbour waiting for the token. ETR is only available on 16
megabit rings.
Question 2: What is the difference between Ethernet and Token Ring networks?
: Token Ring is single access, meaning there is only one token. So, at
only one station is able to use the LAN. Ethernet is a shared access medium,
where all stations have equal access to the network at the time.
Question 3: At what speeds does token ring run?
: Token ring runs at speeds of 4 Mbps and 16 Mbps.
Question 4: What is a beacon frame?
: A beacon frame is sent generated by a station or stations that do not detect a
receive signal. A station or stations will broadcast these beacon MAC frames with until
the receive signal is restored.
Question 5: Medium access methods can be categorized as random, maximized or
minimized.
: False
Question 6: ALOHA is an early multiple-random-access method that requires frame
acknowledgment.
: True
Question 7: In the carrier sense multiple-access (CSMA) method, a station must listen
to the medium prior to the sending of data onto the line.
: True
Question 8: In the carrier sense multiple-access (CSMA) method, the server will let a
device know when it is time to transmit.
: False
Question 9: Some examples of controlled-access methods are: reservation, polling and
token passing.
: True
Question 10: Carrier sense multiple access with collision avoidance (CSMA/CA) is CSMA
with procedures added to correct after a collision has happened.
: False
Question 11: Carrier sense multiple access with collision detection (CSMA/CD) is CSMA
with a post collision procedure.
: True
Question 12: FDMA, TDMA and CDMA are controlled-access methods.
: False
Question 13: Channelization is a multiple-access method in which the available
bandwidth of a link is shared in time, frequency, or through code, between stations
on a network.
: True
Question 14: In the reservation access method, a station reserves a slot for data by
controlling transmissions to and from secondary stations.
: False
Question 15: Multiple Access Protocols include:
A. Random-Access Protocols C. Channelization Protocols
B. Controlled-Access Protocols D. All of the above.
:D
Question 16: ALOHA is an example of the earliest:
A. Random-access method C. Channelization protocols
C. Controlled-access method D. All of the above.
:A
Question 17: Polling works with topologies in which one devise is designated as the
___station and the other devices are known as ___ devices.
A. Secondary / primary C. Permanent / switched
B. Primary / secondary D. Physical / virtual
:B
Question 18: The select mode is used when:
A. the sender has something to format. C. the primary device has something to send.
B. the receiver has something to receive. D. the secondary device has something to send.
:C
Question 19: The act of polling secondary devices is so that:
A. The primary device can solicit transmissions from the secondary devices.
B. The secondary devices can solicit transmissions from the primary devices.
C. The secondary device wants to over-ride the primary device.
D. The primary device is in flex mode.
:A
Question 20: Polling is a type of:
A. Random-access C. channelization access
B. Controlled-access D. None of the above.
:B
Question 21: In the reservation access method, a station needs to make a reservation
before:
A. Sending data C. Both A and B.
B. Receiving data D. None of the above.
:A
Question 22: In a channelization access method, the available bandwidth of a link is
shared:
A. In time C. via code
B. In frequency D. All of the above.
:D
Question 23: What is the advantage of controlled access over random access?
: In a random access method, each station has the right to the medium without
being controlled by any other station. However, if more than one station tries to send,
there is an access conflict (collision) and the frames will be either destroyed or modified.
To avoid access collisions or to resolve it when it happens, we need procedures to
address the issues caused by collisions or to try to avoid them, if possible. Some
examples of random access include ALOHA and CSMA.
In controlled access, the stations consult with one another to find which station has the
right to send. A station cannot send unless it has been authorized by other stations.
Three popular controlled access methods include: Reservation, polling and token-
passing.
Question 24: Groups of stations share a 64 pure ALOHA channel. Each station
outputs a 1000 bit frame on an average of once every 100 seconds. What is the
maximum value of (i.e. how many stations can be connected)?
: The maximum throughput for pure Aloha is 18.4%.
Therefore the usable channel rate is equal to 0.184 ∗ 56 = 11.77 .
Bits per second outputted by each station = = 10 [ = ]
station outputs 10 bps on a channel which has the usable channel rate of 11.77 .
. ×
∴ = = 1177 stations
=
For example, a 100 Mbit/s (or 10,000,000 bits per second) Ethernet and maximum
∗
packet size of 1526 bytes gives a maximum packet transmission time = ≈ 122
µ .
: Propagation time is the amount of time it takes for the head of the
signal to travel from the sender to the receiver. It can be computed as the ratio between
the link length and the propagation speed over the specific medium.
From the problem statement we have the value: 10 (10000 frames per second).
×
= + = + = 66.67 × 10
× ×
The probability of collision in pure ALOHA is:
=1−
× × . ×
=1−
.
=1−
= 1- (2.718) . = 1 − 0.27 = 0.73
Question 26: Consider the delay of pure ALOHA versus slotted ALOHA at low load.
Which one is less? Explain your answer.
: Statistically pure ALOHA is supposed to be less efficient than slotted ALOHA
(both at normal load or when collisions occur in a contention channel). However, if the
load is low, then pure ALOHA is supposed to be as efficient as slotted ALOHA. But if we
consider the delay of sending the packet in a slotted time as in the slotted ALOHA
protocol, then we can say that slotted ALOHA’s delay is more than the one in pure
ALOHA protocol, which sends the packet immediately.
Question 27: The valid frame length must be at least 64 bytes long so as to prevent a
station from completing the transmission of a short frame before the first bit has
even reached the far end of the cable, where it may collide with another frame. How
is the minimum frame length adjusted if the network speed goes up?
: As the network speed goes up, the minimum frame length must go up or the
maximum cable length must come down, proportionally so that the sender does not
incorrectly conclude that the frame was successfully sent in case of collision.
Question 28: TDM with sources having different data rates: Consider the case of three
streams with bit rates of 8 kbit/sec, 16 kbit/sec, and 24 kbit/sec, respectively. We
want to combine these streams into a single high-speed stream using TDM.
: The high-speed stream in this case must have a transmission rate of 48
kbit/sec, which is the sum of the bit rates of the three sources. To determine the
number of time slots to be assigned to each source in the multiplexing process. We
must reduce the ratio of the rates, 8:16:24, to the lowest possible form, which in this
case is 1:2:3. T
he sum of the reduced ratio is 6, which will then represent the minimum length of the
repetitive cycle of slot assignments in the multiplexing process. The solution is now
readily obtained: In each cycle of six time slots we assign one slot to Source A (8
kbit/sec), two slots to Source B (16 kbit/sec), and three slots to Source: C (24 kbit/sec).
Figure 7-4 illustrates this assignment, using “a” to indicate data from Source A, “b” to
indicate data from Source B, and “c” to indicate data from Source C.
Question 29: Consider a system with four low-bit-rate sources of 20 kbit/sec, 30
kbit/sec, 40 kbit/sec, and 60 kbit/sec. Determine the slot assignments when the
data streams are combined using TDM.
: The rate ratio 20:30:40:60 reduces to 2:3:4:6. The length of the cycle is
therefore 2 + 3 + 4 + 6 = 15 slots. Within each cycle of 15 slots, we assign two slots to
the 10 kbit/sec source, three slots to the 15 kbit/sec source, four slots to the 20
kbit/sec source, and six slots to the 30 kbit/sec source.
Question 30: Explain why the hidden terminal problem can be solved by CSMA/CA
protocol.
: A hidden station problem occurs in a wireless LAN if we use CSMA access
protocol. Suppose each station A, B, C and D aligns in a line from left to right.
Assuming station A is transmitting from to B, however, station C cannot sense the
transmission signal because it is out of range of A, it falsely assumes that it is safe to
transmit to B. This will cause a collision at station B, which called a hidden station
problem since the competitor is too far away to be detected.
The main reason to cause this problem is that the sender doesn’t have a correct
knowledge about the receiver’s activity. CSMA can only tell whether there is an activity
around. However, by using CSMA/CA protocol, the sender can get the receiver’s status
through the handshaking. For instance, station C can receive the stations B’s CTS and
know how long the station A will take to transmit data. It will stop its transmission
request before station A completes.
Question 31: Given the following information, find the minimum bandwidth required for
the path:
FDM Multiplexing
Five devices, each requiring 4000 Hz.
200 Hz guard band for each device.
:
No. of devices = 5.
No. of guard bands required between these is 4.
Hence total bandwidth = (4000 × 5) + (200 × 4) = 20.8 KHz.
5.9 Error Detection Techniques 156
Elements of Computer Networking LAN Technologies
Question 32: A small Local Area Network (LAN) has four machines A, B, C and D
connected in the following topology:
LAN-1 LAN-2
Bridge
: True
Question 45: With full-duplex operation a station can transmit and receive
simultaneously. Is it true or false?
: True
Question 46: A technique known as slotted ____ organizes time on the channel into
uniform slots whose size equals the frame transmission time. Transmission is
permitted to begin only at a slot boundary.
A) Ethernet B) ALOHA C) boundary relay D) CSMA
:B
Question 47: Ethernet now encompasses data rates of ____.
A) 100 Mpbs, 1 Gbps, 10 Gbps, and 100 Gbps
B) 10 Mbps, 100 Mpbs, 1 Gbps, and 10 Gbps
C) 1 Gpbs, 10 Gbps, 100 Gbps, and 1000 Gbps
D) 10 Mbps, 100 Mbps, 1000 Mbps, and 10 Gbps
:B
Question 48: A problem with ____ is that capacity is wasted because the medium will
generally remain idle following the end of a transmission, even if there are one or
more stations waiting to transmit.
A) 1-persistent CSMA B) slotted ALOHA
C) p-persistent CSMA D) nonpersistent CSMA
:D
Question 49: One of the rules for CSMA/CD states, "after transmitting the jamming
signal, wait a random amount of time, then attempt to transmit again". This
random amount of time is referred to as the ___.
A) Precursor B) Backoff C) Backlog D) carrier time
:B
Question 50: Which of the following makes use of two optical fibre cables, one for
transmission and one for reception, and utilizes a techniques known as intensity
modulation.
A) 100BASE-T4 B) 10BASE-F C) 100BASE-FX D) 10BASE-T
:C
Question 51: Why do 802.11 (wireless) networks use acknowledgements?
: Unlike a wired Ethernet where collisions can be detected, it is difficult to detect
a collision on a wireless network as the strength of the signal being transmitted is so
much greater than the strength of the signal being received. Without being able to
detect a collision, a sender is unsure if their transmitted data arrived intact, thus a
mechanism for acknowledgements must be used.
Question 52: Why are the wires twisted in twisted-pair copper wire?
: The twisting of the individual pairs reduces electromagnetic interference. For
example, it reduces crosstalk between wire pairs bundled into a cable.
Question 53: Which type of Ethernet framing is used for TCP/IP and AppleTalk?
A) Ethernet 802.3 B) Ethernet 802.2 C) Ethernet II D) Ethernet SNAP
: D. Ethernet 802.3 is used with NetWare versions 2 through 3.11, Ethernet
802.2 is used with NetWare 3.12 and later plus OSI routing, Ethernet II is used with
TCP/IP and DECnet, and Ethernet SNAP is used with TCP/IP and AppleTalk.
Question 54: Ethernet is said to be non-deterministic because of which of the following?
5.9 Error Detection Techniques 159
Elements of Computer Networking LAN Technologies
A) It is not possible to determine how long it will take to get a frame from one device
to another.
B) It is not possible to determine whether an error has occurred during the
transmission of a frame.
C) It is not possible to determine if another device wishes to transmit.
D) It is not possible to determine the maximum time a device will have to wait to
transmit.
:D
Question 55: The multiplexer creates a frame that contains data only from those input
sources that have something to send in __ multiplexing.
A) Frequency Division B) Statistical Time Division
C) Synchronous Time Division D) Dense Wavelength
:B
Question 56: How many 8-bit characters can be transmitted per second over a 9600
baud serial communication link using asynchronous mode of transmission with one
start bit, eight data bits, and one parity bit ?
A) 600 B) 800 C) 876 D) 1200
: B. Baud is the symbol which is sent over the link, baud = 9600 bits 18 bit
character has baud size of 12 bits. So no. of characters = = 800.
Question 57: A and B are the only two stations on an Ethernet. Each has a steady
queue of frames to send. Both A and B attempt to transmit a frame, collide, and A
wins the first backoff race, At the end of this successful transmission by A, both A
and B attempt to transmit and collide. The probability that A wins the second
backoff race is
A) 0.5 B) 0.625 C) 0.75 D) 1.0
: B. A wins the first back off race the conditions are (0,1). After that during
second back off four conditions (0,1,2,3).
Probability = × + × = + = 0.625
Question 58: In a network of LANs connected by bridges, packets are set from one LAN
to another through intermediate bridges. Since more than one path may exist
between two LANs, packets may have to be routed through multiple bridges. Why is
the spanning tree algorithm used for bridge-routing?
A) For shortest path routing between LANs
B) For avoiding loops in the routing paths
C) For fault tolerance D) For minimizing collisions
: B. Spanning tree algorithm for a graph is applied to find a tree free of cycles, so
in this network we apply spanning tree algorithm to remove loops in routing paths.
Chapter
The hosts and routers are recognized at the network level by their logical addresses. A
address is an address. A logical address is unique universally. It is
Node-3
Node-2
When Node 1 tries to communicate with Node 2, the following steps resolve Node 2's
software-assigned address (10.0.0.70) to Node 2‘s hardware-assigned media access
control address:
1. Based on the contents of the routing table on Node 1, IP determines that the
forwarding IP address to be used to reach Node 2 is 10.0.0.70. Node 1 then
checks its own local ARP cache for a matching hardware address for Node 2.
2. If Node 1 finds no mapping in the cache, it broadcasts an ARP request frame to
all hosts on the local network with the question "What is the hardware address
for 10.0.0.70?" Both hardware and software addresses for the source, Node 1,
are included in the ARP request.
3. Each host on the local network receives the ARP request and checks for a
match to its own IP address. If a host does not find a match, it discards the ARP
request.
4. Node 2 determines that the IP address in the ARP request matches its own IP
address and adds a hardware/software address mapping for Node 1 to its local
ARP cache.
5. Node 2 sends an ARP reply message containing its hardware address directly
back to Node 1.
6. When Node 1 receives the ARP reply message from Node 2, it updates its ARP
cache with a hardware/software address mapping for Node 2.
Once the media access control address for Node 2 has been determined, Node 1 can
send IP traffic to Node 2 by addressing it to Node 2's media access control address.
The following diagram shows how ARP resolves IP addresses to hardware addresses for
two hosts on different physical networks connected by a common router.
Node-2
Router
Once the media access control address for Router interface 1 has been determined,
Node 1 can send IP traffic to Router interface 1 by addressing it to the Router interface
1 media access control address. The router then forwards the traffic to Node 2 through
the same ARP process as discussed in this section.
Each dynamic ARP cache entry has a potential lifetime of 10 minutes. New entries
added to the cache are . If an entry is not reused within 2 minutes of being
added, it expires and is removed from the ARP cache. If an entry is used, it receives two
more minutes of lifetime. If an entry keeps getting used, it receives an additional two
minutes of lifetime up to a maximum lifetime of 10 minutes.
We can view the ARP cache by using the command. To view the ARP cache, type
− at a command prompt.
:
Interface: 192.168.1.2 --- 0xf
ℎ
192.168.1.1 00-08-5c-8d-4f-8f dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
224.0.0.252 01-00-5e-00-00-fc static
255.255.255.255 ff-ff-ff-ff-ff-ff static
The ARP Cache is needed for improving efficiency on the operation of the ARP. The
cache maintains the recent mappings from the Internet addresses to hardware
addresses. The normal expiration time of an entry in the cache is 20 minutes from the
time the entry was created.
The RARP packet format is almost identical to the ARP packet. An RARP request is
broadcast, identifying the sender’s hardware address, asking for anyone to respond with
the sender’s IP address. The reply is normally unicast.
Node-2, Node-3
RARP Server
Any device on the network that is set up to act as an RARP server responds to the
broadcast from the source. It generates an RARP reply.
Below are some key points in RARP process.
1. Sender generates RARP request message: The source node generates an RARP
request message. It puts its own MAC address as both the sender MAC and also
the destination MAC. It leaves both the sender IP Address and the destination
IP Address blank, since it doesn't know either.
2. Sender broadcasts RARP request message: The source broadcasts the ARP
request message on the local network.
3. Local nodes process RARP request message: The message is received by each
node on the local network and processed. Nodes that are not configured to act
as RARP servers ignore the message.
4. RARP server generates RARP reply message: Any node on the network that is
set up to act as an RARP server responds to the broadcast from the source
device. It generates an RARP reply. It sets the sender MAC address and sender
IP address to its own hardware and IP address of course, since it is the sender
of the reply. It then sets the destination MAC address to the hardware address
of the original source device. It looks up in a table the hardware address of the
source, determines that device's IP address assignment, and puts it into the
destination IP address field.
5. RARP server sends RARP reply message: The RARP server sends the RARP reply
message to the device looking to be configured.
6. Source device processes RARP reply message: The source node processes the
reply from the RARP server. It then configures itself using the IP address in the
destination IP address supplied by the RARP server.
D Router
E B
The IP and MAC addresses for each host and the router are as follows:
Chapter
IP Addressing 7
7.1 Introduction
Let us start our discussion with a basic question: What is a ? Well, a is
a set of communication rules used for connecting some computers in a network. As for
example a man goes to some different land and wants to find his destination. Then
there should be some standard pattern for such people to talk to each other or to
communicate. These standard patterns are some set of rules with which we need to
send our data to this distant land and talk to the person. Thus there is standard set of
protocols without which our communication is impossible for the Internet. These
are called .
Communication between hosts can happen only if they can identify each other on the
network. No doubt you have heard the term . Unless you are a techie, though,
you may not understanding of what an IP address actually is or how it works. Let's
explore the concept with real world scenarios.
The Internet is a global network connecting billions of devices. Each device uses a
to communicate with other devices on the network. These protocols govern
communication between all devices on the Internet.
In 1969, BBN Technologies started building the Interface Message Processors (IMPs) for
the ARPANET and an important piece of the network was missing: the software that
would govern how computers would communicate. Graduate students at various
facilities funded by the US Department of Defense Advanced Research Projects Agency
(DARPA) had been given the task in 1969 of developing the missing communication
protocols. They formed an informal . The students connected to
ARPANET, who had been given the task in 1969 of developing the technical protocols,
also began to establish the informal protocols that would influence interpersonal
communications on the Internet in general.
From 1973 to 1974, ′ networking research group at worked out details of
the idea, resulting in the first TCP specification. DARPA then contracted with BBN
Technologies, Stanford University, and the University College London to develop
operational versions of the protocol on different hardware platforms. Four versions were
developed: TCP v1, TCP v2, TCP v3 and IP v3, and TCP/IP v4.
In 1975, a two-network TCP/IP communications test was performed between Stanford
and University College London (UCL). In November, 1977, a three-network TCP/IP test
was conducted between sites in the US, the UK, and Norway. Several other TCP/IP
prototypes were developed at multiple research centers between 1978 and 1983.
Internet Protocol version 4 (IPv4), developed in 1981, currently controls the majority of
intranet and Internet communication. It was the first viable protocol to handle distance
computer communication. Predecessors had difficulty routing data over long distances
with high reliably. Many questions were answered by IPv4 that were unknown at the
time.
Over the next decade, the usefulness of IPv4 soon surfaced. IPv4’s predecessors fell
short of the requirements for large scale communication. IPv4 was developed by
Internet Engineering Task Force (IETF) in September 1981. When IP was first
standardized in September 1981, the specification required that each system attached
to an IP-based internet be assigned a unique, 32-bit Internet address value.
1 1 1 1 1 1 1 1
128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)
Here is a sample octet conversion when not all of the bits are set to 1.
0 1 0 0 1 0 0 1
0 64 0 0 8 0 0 1 (0+64+0+0+8+0+0+1=73)
And this is sample shows an IP address represented in both binary and decimal.
10. 1. 22. 19 (decimal)
00001010. 00000001. 00010110. 00010011 (binary)
These octets are broken down to provide an addressing scheme that can accommodate
large and small networks. There are five different classes of networks, A to E. This
document focuses on addressing classes A to C, since classes D and E are reserved and
discussion of them is beyond the scope of this document.
Till date, Internet Protocol has been recognized has IPv4 only. Versions 0 to 3 were used
while the protocol was itself under development and experimental process. So, we can
assume lots of background activities remain active before putting a protocol into
production.
Protocol version 5 was used while experimenting with stream protocol for internet. It is
known to us as Internet Stream Protocol which used Internet Protocol number 5 to
encapsulate its datagram. IP Version 5 (IPv5) was an IP-layer protocol that provides
end-to-end guaranteed service across a network. That is, it was compatible with IP at
the network layer but was built to provide a Quality of Service for streaming services.
In short, IPv5 never became an official protocol due to its overhead. Many years ago,
Internet Stream Protocol (ST) was considered IP version five by industry researchers,
but ST was abandoned before ever becoming a standard or widely known as IPv5. Work
on ST and IPv5 is not expected to ever restart. Though it was never brought into public
use, but it was already used.
Because the highest number that 7 bits can represent in binary is 128, there are 128
possible Class A network addresses. Of the 128 possible network addresses, two are
reserved for special cases. So, a maximum of 126 (2 -2)/8 networks can be defined.
The calculation requires that the 2 is subtracted because the /8 network 0.0.0.0 is
reserved for use as the and the /8 network 127.0.0.0 (also written 127/8
or 127.0.0.0/8) has been reserved for the function. Each /8 supports a
maximum of 16,777,214 (2 -2) hosts per network. The host calculation requires that 2
is subtracted because the all 0’s ( ℎ ) and all 1’s ( ) host-numbers may
not be assigned to individual hosts.
Since the /8 address block contains 2 (2,147,483,648 ) individual addresses and the
IPv4 address space contains a maximum of 2 (4,294,967,296) addresses, the /8
address space is 50% of the total IPv4 unicast address space.
A maximum of 16,384 (2 )/16 networks can be defined with up to 65,534 (2 -2) hosts
per network. Since the entire /16 address block contains 2 (1,073,741,824)
addresses, it represents 25% of the total IPv4 unicast address space.
A maximum of 2,097,152 (2 )/24 networks can be defined with up to 254 (2 -2) hosts
per network. Since the entire /24 address block contains 2 (536,870,912) addresses,
it represents 12.5% (or 1/8th) of the total IPv4 unicast address space.
The first four bits of a Class D address must be 1110. Therefore, the first octet range for
Class D addresses is 11100000 to 11101111, or 224 to 239. An IP address that starts
with a value in the range of 224 to 239 in the first octet is a Class D address.
7.6.6 Summary
Number of First Number of Usable Number of
IP Number of
bits for Octet of Network ID Number of Possible
Address Host IDs Per
(Network IP Bits Used To Network ID Network
Class Network ID
ID/Host ID) Address Identify Class Bits IDs
2 -2 =
Class A 8/24 0xxx xxxx 1 8-1=7 2 -2 = 126
16, 277, 214
2 -2 = 2 -2 =
Class B 16/16 10xx xxxx 2 16-2=14
16,384 65,535
2 -2 =
Class C 24/8 110x xxxx 3 24-3=21 2 -2 = 254
2, 097, 152
Note: For class D and class E we do not use the concept of Network-ID.
Destination
In this mode, data is sent only to one destined host. The destination address field
contains 32-bit IP address of the destination host. Here source sends data to the
targeted destination.
7.7.2 Broadcast
In this mode the packet is addressed to all hosts in a network segment. The destination
address field contains special broadcast address i.e. 255.255.255.255. When a host
sees this packet on the network, it is bound to process it. Here sends packet,
which is entertained by all the .
Broadcast signifies a one to all relation between the source and the destination.
Broadcasts are mostly confined to the LAN and need special rules to travel beyond the
router.
7.7.3 Multicast
This mode is a mix of previous two modes, i.e. the packet sent is neither destined to a
single host nor all the hosts on the segment. In this packet, the destination address
contains special address which starts with 224.x.x.x and can be entertained by more
than one host.
Source Destination
Destination Destination
Here a sends packets which are entertained by more than one nodes. Every
network has one IP address reserved for network number which represents the network
and one IP address reserved for broadcast address, which represents all the host in that
network.
Private IP
NAT
Internet Addresses
So, an IP address can be private (for use on a LAN) or public (for use on the Internet or
WAN). IP addresses can be determined statically (assigned to a computer by a system
administrator) or dynamically (assigned by another device on the network on demand).
An IP address is considered public if the IP number is valid and falls outside any of the
IP address ranges reserved for private uses by IPv4 networking standard. Public IP
addresses are used by Internet servers including those for Web sites and DNS servers),
network routers or any computer connected directly to the Internet via a modem. Each
public IP is assigned to a range or block of addresses. The Internet Assigned Numbers
Authority (IANA) controls ownership of these IP ranges and assigns each block to
organizations such as Internet Service Providers (ISPs) who in turn allocate individual
IP addresses to customers.
Using a private IP address on a residential or business computer can improve network
security and conserve public addressing space.
[DNS]: This is very likely that a user does not know the IP
address of a remote Server he/she wants to connect to. But he knows the name
assigned to it for example, CareerMonk.com. When the user types in the name
of remote server he wants to connect to the localhost behind the screens sends
a DNS query. Domain Name System is a method to acquire the IP address of
the host whose Domain Name is known.
[NAT]: Almost all devices in a computer network
are assigned private IP addresses which are not routable on Internet. As soon
as a router receives an IP packet with private IP address it drops it. In order to
access Servers on public private address, computer networks use an address
translation service, which translates between public and private addresses,
called . When a PC sends an IP packet out of a
private network, NAT changes the private IP address with public IP address and
vice versa.
We can now describe the packet flow. Assume that a user wants to access
www. .com from her/his personal computer. She/he is having internet
connection from her ISP. The following steps will be taken by the system to help her
reach destination website.
00 To 03 04 To 07 08 09 10 11 12 13 14 15 16 17 18 19 To 31
Version IHL ToS D T R M R0 Total Length
IP Identification (IPID) R0 DF MF Fragment Offset
Time-To-Live (TTL) Protocol Header Checksum
Source IP Address
Destination IP Address
Options & padding (variable, usually none)
Version: 4 bits
Identifies the version of IP used to generate the datagram. For IPv4, this is of course the
number 4. The purpose of this field is to ensure between devices that may
be running different versions of IP.
IHL: 4 bits
Internet Header Length (IHL) specifies the length of the IP header, in 32-bit words. This
includes the length of any options fields and padding. The normal value of this field
when no options are used is 5 (5 32-bit words = 5*4 = 20 bytes). Contrast to the longer
ℎ field.
Identification: 16 bits
This field uniquely identifies the datagram. It is usually incremented by 1 each time a
datagram is sent. All fragments of a datagram contain the same identification value.
This allows the destination host to determine which fragment belongs to which
datagram.
It is an identification value assigned by the sender to help in assembling the fragments
of a datagram. This field is used by the recipient to reassemble messages without
accidentally mixing fragments from different messages. This is needed because
fragments may arrive from multiple messages mixed together, since IP datagrams can
be received out of order from any device.
Flags: 3 bits
It is used for fragmentation. DF means do not fragment. It is a request to routers not to
fragment the datagram since the destination is incapable of putting the pieces back
together.
MF means more fragments to follow. All fragments except the last one have this bit set.
It is needed to know if all fragments of a datagram have arrived.
Protocol: 8 bits
This field tells IP where to send the datagram up to. Few commonly used protocols are:
Hex Value Decimal Value Protocol
00 0 Reserved
01 1 ICMP [Internet Control Message Protocol]
02 2 IGMP [Internet Group Management Protocol]
06 6 TCP [Transmission Control Protocol]
11 17 UDP [User Datagram Protocol]
put their address into this field. It is always the device that originally sent the
datagram.
Options: variable
The options may appear or not in datagrams. One or more of several types of options
may be included after the standard headers in certain IP datagrams.
Padding: variable
If one or more options are included, and the number of bits used for them is not a
multiple of 32, enough zero bits are added to the header to a multiple of 32 bits
(4 bytes).
The fragments are sent separately and reassembled at the destination (not at a router).
It does that because the router may have to fragment it again. Each fragment has its
own header. The identification number is copied into each fragment. One bit in the
field says are coming. If that bit is 0, then it indicates this is the
last fragment. Fragment size is identified by their offset within the data packet.
7.11.1 An Example
Suppose we have a physical layer that can transmit a maximum of 660 bytes. And,
suppose IP wants to send 1460 bytes of data. So, the IP datagram is a total of 1480
bytes, including the 20 byte IP header:
20-byte IP header 1460 bytes of data
MTU=1480 bytes
Small MTU
ℎ :
Default Mask
The following example describes the use of a subnet mask to separate the network ID
and host ID portions of an IP address for a Class B network (for Class B networks the
first 2 octets of the IP address indicates the network ID and the last 2 octets indicates
the host ID):
32-bit IP Address: 10010010 10101000 00000000 00000111
32-bit Subnet Mask: 11111111 11111111 00000000 00000000
Observe how the subnet mask consists of 2 octets of contiguous 1’s (indicating the
network ID part of the corresponding IP address), and 2 octets of contiguous 0’s
(indicating the host ID part of the corresponding IP address). Using the subnet mask,
we can easily separate the IP address into its two parts:
Network ID: 10010010 10101000
Host ID: 00000000 00000111
Even though it is easy to understand the role of the subnet mask while working in
binary, binary notation is in general too difficult and confusing for humans. Hence IP
addresses and subnet masks are usually written in − notation, in which
each octet is converted to its equivalent decimal number, and the four decimal numbers
are separated with dots (i.e., periods). The IP address and subnet mask from the
example above would appear in dotted-decimal as:
IP Address: 146.168.0.7
Subnet Mask: 255.255.0.0
Network ID: 146.168
Host ID: 0.7
Note that the network ID is usually seen written as 4 octets (which can be created by
appending any necessary 0 octets to the end of the network ID as delimited by the
subnet mask), and that leading 0 octets are usually dropped from the host ID, as in:
Network ID: 146.168.0.0
Host ID: 7
7.13.3 Subnetting
Finally, let us discuss the basic concepts of . Imagine that
organization has obtained an official network address from Internet Service
Provider (ISP) to use on the . They could equally well imagine that organization
has chosen a IP address to use for an internal TCP/IP network that will not be
connected to the Public Internet (i.e., an intranet).
In either scenario, they have the same problem: Organization has enough hosts that
they cannot coexist on the same TCP/IP network. The network must be broken up into
separate subnetworks.
To segment the original network, we must devise an addressing scheme that is able to
identify each within the larger network. This will require the use of an
additional along with the original . A given host will then be
uniquely identified by the combination of:
1. A that uniquely specifies the network on which the host resides (if
the network is on the public Internet, this network ID is the address that will
identify the network (including all its subnets) on the public Internet)
2. A that uniquely specifies the subnetwork (within the original network)
on which the host resides
3. A host ID that uniquely specifies the host on the subnetwork
An IP address already accommodates a network ID and a host ID, so all that is required
is some way to create the subnet ID field. Since we can’t expand the size of the IP
address (32 bits for IPv4), we must some bits from the existing address to use
for the subnet ID. We can’t borrow bits from the network ID part of the IP address
because this has been pre-assigned by our ISP to uniquely identify our organization’s
network. Hence we are forced to borrow bits to create the subnet ID from the existing
host ID field.
Subnet ID
Network ID Host ID
[Bits borrowed from Host ID]
The process of borrowing bits from the host ID field to form a new subnet ID field is
called . The process is shown in table below:
Network ID 3 Bits Borrowed for Subnet ID Host ID (3 bits Shorter)
10010010 10101000 000 00000 00000111
Observe that when we bits from the host ID for the subnet ID, the original
subnet mask is no longer correct. As shown in table below, the original subnet mask
has binary 0’s matching up with the bits in the new Subnet ID. Since binary 0’s in the
subnet mask indicate the Host ID field, the newly created field still appears to
belong to the original Host ID field.
Network ID 3 Bits Borrowed for Subnet ID Host ID (3 Bits Shorter)
10010010
IP Address: 000 00000 00000111
10101000
Original 11111111 000 (0 bits here make subnet ID
00000 00000000
Subnet Mask: 11111111 appear to be part of host ID)
To eliminate confusion over what bits still belong to the original Host ID field and what
bits belong to the new Subnet ID field, we must the binary 1’s in the original
with enough 1 bits to match the size of the newly created field
(and correspondingly reduce the number of 0’s which originally identified the Host ID in
the Subnet Mask by the same amount). The new subnet mask is called a custom subnet
mask. After this adjustment, the total number of bits in the custom subnet mask will
still be 32, but the number of binary 1’s will have increased by the size of the subnet ID,
and the number of binary 0’s will have decreased accordingly. This operation is
illustrated in table below:
Network ID Bits Borrowed for Subnet ID Shortened Host ID
10010010
IP Address: 000 00000 00000111
10101000
Original 11111111
000 00000 00000000
Subnet Mask: 11111111
Custom 11111111 111 (1 bits here indicate field
00000 00000000
Subnet Mask 11111111 belongs to network ID)
3. Estimate how many bits to borrow from the host ID field for the subnet ID field
This step calculates the number of bits needed in the IP address for the subnet ID’s. Let
us denote it with s. That means, it finds the smallest integer s such that 2 – 2 ≥ S.
As the following table describes, with s bits for the subnet ID, we can address 2
different subnets. However, a subnet ID is not allowed to be either all 0’s (which
according to TCP/IP standards always means the current subnet and therefore cannot
be used as a subnet ID for an actual subnet), or all 1’s (which according to TCP/IP
standards is always a broadcast address and therefore cannot be used as a subnet ID
for an actual subnet). Hence with s bits for the subnet ID, the effective number of
addressable subnets is 2 – 2, as shown in table below.
s = Number of 2 – 2 = Number of Valid subnet addresses (all 0’s or all 1’s
bits for subnet ID addressable subnets are invalid and are shown crossed out)
1 (produces no 0
21 – 2 = 2 – 2 = 0
valid addresses) 1
00
01
2 22 – 2 = 4 – 2 = 2
10
11
000
001
010
011
3 23 – 2 = 8 – 2 = 6
100
101
110
111
Calculating is easier if we rewrite the inequality 2 – 2 ≥ S as 2 ≥ S + 2. If you are
comfortable with the entries in table, you can quickly find the smallest s such that 2 ≥
S + 2. For example, if S = 5, the value of s is 3. Similarly, with S = 7, the value of s is 4.
4. Determine how many bits must remain in the host ID field (and therefore cannot be
borrowed for the subnet ID)
This step calculates the number of bits h needed in the IP address for the host ID’s, and
is similar to step 3. Let us denote that number with h. That means, it find the smallest
integer h such that 2 – 2 ≥ H.
In fact, the TCP/IP standards state that a host ID cannot be all 0’s, since a 0 host ID
always refers to the ℎ (and so can never be used as the address for a
particular host), or all 1’s, since all 1’s indicates a address (and so can never
be used for the address of a particular host). Hence the formula for finding the number
of bits needed for the host ID’s is exactly parallel to that used to calculate the number
of bits needed for the subnet ID’s. Similar to step 3, we look for the smallest integer h
such that 2h – 2 ≥ H. For example, if H = 50, the value of h is 6. Similarly, with H = 30,
the value of h is 5.
5. Determine how many bits are in the original network ID and host ID fields
This step determines the total number of host ID bits in the subnet mask for
assigned address class. Let us call the number of host ID bits with letter T. Table below
shows the standard number of Host ID bits for each of the three major address classes,
A, B, and C. To find the of a network ID, look at the first octet in dotted-
decimal notation.
Once we know the address class, it is easy to determine the number of host ID bits from
the table. For example, if we have been officially assigned a Class B address, T = 16; if
we have been officially assigned a Class C address, T = 8; etc.
Calculate the new value for the leftmost zero octet in the standard subnet mask as:
256 – 2
For example, if the adjusted value of s is 4, we calculate 256 – 28 – 4 = 256 – 24 = 256 –
16 = 240. This value will replace the leftmost zero octet in the default subnet mask for
our network class, thus forming the custom subnet mask. Since in Step 5 we
determined that our network ID was Class B, our default subnet mask from table is
255.255.0.0. Replace the leftmost zero octet (shown in bold) with the value 240 to
obtain the 255.255.240.0.
10. Determine the Valid Network ID’s for the New Subnets
The next step is to determine the network (and subnetwork) ID’s for the new subnets.
Start by identifying the leftmost 0 octet in the network ID for network. This is
the octet that corresponds to the leftmost 0 octet in the standard subnet mask (i.e., the
octet shown bolded in table). For the original subnet mask in our example, it would be
the ℎ octet from the left (shown bolded): 146.168.0.0. For a Class A network, this
will always be the second octet (as in 13.0.0.0), for a class B network, this will always
be the third octet (as in 146.168.0.0), and for a Class C network, this will always be the
fourth octet (as in 193.200.17.0).
Note this particular octet will always have all 0’s in the extended subnet ID area (the
area from the original host ID), and so is not a valid subnetwork ID (recall that
a zero value is not permitted for either a network or subnetwork ID).
To obtain the first valid subnetwork ID, add 28 – s to the leftmost 0 octet (as identified
above) in the original network address. Now add 28 – s to the same octet in the first
subnetwork ID to get the second subnetwork ID, add 28 – s to the same octet in the
second to get the third, etc. Continue in this fashion until we have obtained 2s – 2
subnetwork ID’s, or until we reach the value of your custom subnet mask. Note that the
custom subnet mask value itself is not a valid network ID because the subnet ID is all
1’s (the reserved broadcast address).
In our example, the original network ID is 146.168.0.0 (the leftmost zero octet is shown
bolded), the updated value of s is 4, and 28 – s = 28 – 4 = 24 = 16. We expect 2s – 2 = 24 – 2
= 16 – 2 = 14 subnets, which we find as follows:
The first network ID is obtained by adding 28 – s (i.e., 16) to the leftmost 0 octet in the
original network address, forming the first network ID, i.e., add 16 to the third octet
(shown bolded) in 146.168.0.0 to yield
146.168.16.0 (first valid subnet ID)
The second subnet ID is obtained by adding 28 – s (16) to the same octet in the first valid
subnet ID (shown bolded above), i.e., add 16 to the third octet (shown bolded) in
146.168.16.0 to yield
146.168.32.0
To form the third network ID, again add 28 – s (16) to the same octet in the second valid
subnet ID (shown bolded above), i.e., add 16 to the bolded octet in 146.168.32.0 to yield
146.168.48.0
Repeat this procedure until you have obtained the expected 14 subnetwork addresses
(or until you reach the custom subnet mask from Step 9). The results are shown in
table below:
Original Network ID
146.168.0.0
(Not a valid subnetwork address)
Network ID for Subnet 1 146.168.16.0
Network ID for Subnet 2 146.168.32.0
Network ID for Subnet 3 146.168.48.0
Network ID for Subnet 4 146.168.64.0
Network ID for Subnet 5 146.168.80.0
Network ID for Subnet 6 146.168.96.0
Network ID for Subnet 7 146.168.112.0
Network ID for Subnet 8 146.168.128.0
Network ID for Subnet 9 146.168.144.0
Network ID for Subnet 10 146.168.160.0
Network ID for Subnet 11 146.168.176.0
Network ID for Subnet 12 146.168.192.0
Network ID for Subnet 13 146.168.208.0
Network ID for Subnet 14 146.168.224.0
Custom Subnet Mask value
146.168.240.0
(Not a valid subnetwork address)
Continue to add 1 to the rightmost octet until one of the following three conditions
occurs:
1. The octet that you are incrementing reaches 255. When incrementing the value
255, instead of adding 1 (to get 256), roll the 255 back to 0 and add 1 to the
next octet to the left. This operation is similar to a carry in ordinary decimal
addition. For example, assume you have just added 1 to 146.168.16.254 to
obtain 146.168.16.255. The next step would not be to add 1 again to obtain
146.168.16.256 (which is not a valid IP address). Instead, roll the 255 back to 0
and add 1 to the next octet to the left (the 16), yielding 146.168.17.0. From this
point, continue to increment as before to obtain additional IP addresses for the
current subnet.
2. While incrementing, you get to the point where another increment would reach
one less than the network ID for the next subnet. In this case, you have listed
all the valid IP addresses for the current subnet, and you must move on to the
next subnet (by starting with its network ID and repeatedly incrementing the
rightmost octet by 1).
3. We reach a total of 2h – 2 IP addresses for a given subnet. This is equivalent to
condition 2 above, and in fact is just another way of looking at the same
situation. As in condition 2, you have listed all the valid IP addresses for the
current subnet. Move on to the next subnet by starting with its network ID and
repeatedly incrementing by 1.
Repeat this process for all subnetworks to obtain a complete list of valid IP addresses
for each subnet.
In our example, we start with 146.168.16.0, the network ID for the first subnet. Add 1
to the rightmost octet to obtain the first valid IP address for this subnet, namely
146.168.16.1. Again, add 1 to the rightmost octet to obtain the second valid IP address
for this subnet, namely 146.168.16.2. Continue in this fashion until reaching
146.168.16.254, which after incrementing yields an IP address of 146.168.16.255. Note
that this is a valid IP address on the subnet. The next valid IP address is found by
rolling the 255 back to 0 and incrementing the next octet to the left, yielding
146.168.17.0.
Continue incrementing until reaching 146.168.17.255, which is followed by
146.168.18.0. Again, the process repeats until we hit 146.168.18.255, which is followed
by 146.168.19.0. This process will continue all the way to 146.168.30.255, which is
followed by 146.168.31.0. We continue to increment until reaching 146.168.31.254. We
are now at the point where yet another increment would yield one less than the next
subnet’s network ID (i.e., if we were to carry out one more increment we would be at
146.168.31.255, which if it were itself incremented would yield the subnet ID for the
next subnet, 146.168.32.0).
At this point we have a complete list of all valid IP addresses for the first subnet. We
would then have to repeat the entire process for the second subnet, etc. table
summarizes the IP addresses for the first subnet:
IP Addresses for Subnet 1
(Network Address 146.168.16.0)
146.168.16.1 to 146.168.16.255
146.168.17.0 to 146.168.17.255
146.168.18.0 to 146.168.18.255
146.168.19.0 to 146.168.19.255
146.168.20.0 to 146.168.20.255
146.168.21.0 to 146.168.21.255
…
146.168.30.0 to 146.168.30.255
146.168.31.0 to 146.168.31.254
Do not be confused by the fact that some valid IP addresses end in 0 or 255. This
happens normally when subnetting, and the rules about not having network,
subnetwork, or host ID’s equal to all 0’s or all 1’s are not necessarily violated just
because an octet is equal to all 0’s or all 1’s. The rules place restrictions on the values of
network, subnetwork, and host ID’s, not on the values of octets. To understand this,
consider the IP address 146.168.17.0 from table and analyze it according to the custom
subnet mask for our example network, 255.255.240.0.
Standard Network Bits Borrowed from Host ID
Shortened Host ID
ID Part of IP to form Subnet ID Part of IP
Part of IP Address
Address Address
IP Address 10010010
0001 0001 00000000
146.168.17.0 10101000
Custom Subnet 11111111
1111 0000 00000000
Mask 255.255.240.0 11111111
Notice that although the rightmost octet of the Host ID consists of all zero bits, the full
Host ID is a total of 12 bits and is not all 0’s (the sole one bit is shown bolded).
For a second example, consider the IP address 146.168.21.255 from table. Although the
last octet is 255 (eight 1’s in binary), the following analysis shows that the full host ID is
not all 1 bits (the two zero bits in the host ID are shown bolded):
Standard Network Bits Borrowed from Host ID
Shortened Host ID
ID Part of IP to form Subnet ID Part of IP
Part of IP Address
Address Address
IP Address 10010010
0001 0101 11111111
146.168.21.255 10101000
Custom Subnet Mask 11111111
1111 0000 00000000
255.255.240.0 11111111
11. To determine the valid IP addresses for each subnet, we begin with the network ID
for the subnet. Let us start with the first subnet whose address is 193.200.35.32.
To find the first IP address on the subnet, we add 1 to the rightmost octet of the
subnet address: 32 + 1 = 33. Thus the first IP address on subnet 1 is
193.200.35.33
We will continue incrementing until we reach 255, or until the next increment
would reach two less than the next subnet address, or until we have generated 2h –
2 IP addresses (these last two conditions are equivalent and will always occur at the
same time). Since in our case h = 5, we can expect 25 – 2 = 32 – 2 = 30 IP addresses
per subnet. The valid IP addresses for subnet 1 are shown in the following table:
Subnet 1 Address # IP Address
1 193.200.35.33
2 193.200.35.34
3 193.200.35.35
4 193.200.35.36
5 193.200.35.37
6 193.200.35.38
7 193.200.35.39
8 193.200.35.40
9 193.200.35.41
10 193.200.35.42
11 193.200.35.43
12 193.200.35.44
13 193.200.35.45
14 193.200.35.46
15 193.200.35.47
16 193.200.35.48
17 193.200.35.49
18 193.200.35.50
19 193.200.35.51
20 193.200.35.52
21 193.200.35.53
22 193.200.35.54
23 193.200.35.55
24 193.200.35.56
25 193.200.35.57
26 193.200.35.58
27 193.200.35.59
28 193.200.35.60
29 193.200.35.61
30 193.200.35.62
Note that if we increment the last octet of the 30th IP address (table), we get 63,
which is one less than the network ID for the next subnet. Hence
193.200.35.62 is indeed the final IP address on subnet 1. The IP addresses for
the remaining 5 subnets can be found in a similar manner.
million class C addresses and a small number of them were already allocated
by service providers. A class B network would consist of a maximum of 65534
hosts and a class C network consist with a maximum of only 254 hosts. The
classification of internet networks is not practicable since very few
organizations have tens of thousands of hosts, but almost all organizations
have lots more hosts than 254.
2. : The routing tables in the Internet have been
growing as fast as the Internet and the router technology specifically and
computer technology in general has not been able to keep pace. In December
1990 there were 2190 routes and 2 years later there were over 8500 routes. In
July 1995 there were over 29,000 routes, which require approximately 10 MB
in a router with a single peer.
3. ℎ
4. 7.14.1 What is Classless Inter-Domain Routing [CIDR]?
Classless Inter-Domain Routing (CIDR) attempts to solve first two problems by defining
a method to slow the growth of routing tables and reduce the need to allocate new IP
network numbers. It does not attempt to solve the ℎ problem. CIDR was developed
in the 1990s as an alternative scheme for routing network traffic across the Internet.
CIDR concept of class A, B, C, network addresses (hence the name )
and uses the concept of network-prefix. It uses network-prefix instead of 3 bits of IP
address to determine the dividing point between network-ID and host-ID. CIDR
supports arbitrary sized networks (dashed line between network ID and host ID
indicates that it will be varying) instead of standard 8, 16, or 24 bit network numbers.
Network ID Host ID
CIDR is also called as it allows multiple subnets to be grouped together for
network routing.
is the term used when multiple network addresses of the same Class are
combined into blocks. The process of creating is called as .
If the IP networks are , we may be able to use a . If the IP networks
are , we may not be able to use a .
When , we borrowed bits from the host ID portion, which increases the
number of bits used for the network ID portion. With we do exactly the
opposite, meaning we take the bits from the network ID portion and give them to the
host ID portion.
Supernet ID
Network ID Host ID
[Bits borrowed from Network ID]
:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
1 0
Network ID Host ID
(16-Bits) (16-Bits)
:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
1 1 0
Network ID Host ID
(24-Bits) (8-Bits)
:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
1 1 1 0
Multicast Group ID (28 bits)
:
0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7 0 1 2 3 4 5 6 7
1 1 1 1 0
Reserved for future use (27 bits)
Each of the IP address belongs to a particular class that's why they are
addresses. Earlier this addressing system did not have any name, but when classless
addressing system came into existence then it is named as addressing system.
The main disadvantage of classful addressing is that it limited the flexibility and
number of addresses that can be assigned to any device.
Classless addressing is a way to allocate and specify the Internet addresses used in
inter-domain routing more flexibly than with the original system of Internet Protocol (IP)
address classes.
Below are the example routing protocols being in use.
Classful Routing Protocols Classless Routing Protocols
RIP Version 1 RIP Version 2
[Routing Information Protocol Version-1] [Routing Information Protocol Version-2]
IGRP [Interior Gateway Routing Protocol] EIGRP [Enhanced Interior Gateway Routing Protocol]
EGP [Exterior Gateway Protocol] OSPF [Open Shortest Path First]
BGP3 [Border Gateway Protocol 3] IS-IS [Intermediate System to Intermediate System]
BGP4 [Border Gateway Protocol 4]
Router : 192.168.64.0
The addresses pass the prerequisites. They are consecutive and the third octet of the
first address is divisible by 2 (64 mod 2 = 0). These four smaller networks have been
combined to create the 192.168.64.0 supernetwork. Class C supernetworks will usually
assume the address of the subnetwork with the lowest IP address, in this case,
192.168.64.0.
Class C) and use some of the bits reserved for the network ID to identify the host
ID. Example below shows we would create a new supernetwork by combining four
separate subnetworks.
mask:
11111111.11111111.11111100.00000000
mask:
11111111.11111111.11111111.00000000
This new supernetwork can now accommodate 2 , or 1024 hosts. If the first network ID
is 192.168.64.0, the next three network IDs will be 192.168.65.0, 192.168.66.0, and
192.168.67.0.
As with any IP network, the first number in the range (.0 in a class C) has special
significance, and can't be assigned to any hosts on the network. The first number in the
range is called network ID. Conversely, the last or highest number in the range (.255 in
a class C) is called the address, and also can't be used by any host on the
network.
Because of these unique addresses, it would probably be wise not to use the
198.41.78.255 and 198.41.79.0 addresses (in the above example), even though these
should be perfectly legal addresses for hosts when using a supernet.
3. Allocate the highest range of IPs to the highest requirement, so let us assign
192.168.1.0/25 (255.255.255.128) to Technical department. This IP subnet
with network ID 192.168.1.0 has 126 valid host IP addresses which satisfy the
requirement of Technical department. The used for this subnet has
10000000 as the last octet.
4. Allocate the next highest range, so let's assign 192.168.1.128 /26
(255.255.255.192) to Sales department. This IP subnet with network ID
192.168.1.128 has 62 valid host IP Addresses which can be easily assigned to
all Sales departments’ PCs. The subnet mask used has 11000000 in the last
octet.
5. Allocate the next highest range, i.e. Accounts. The requirement of 25 IPs can be
fulfilled with 192.168.1.192/27 (255.255.255.224) IP subnet, which contains
30 valid host IPs. The network number of Accounts department will be
192.168.1.192. The last octet of subnet mask is 11100000.
6. Allocate next highest range to HR department. The HR department contains
only 5 computers. The subnet 192.168.1.224/29 with mask 255.255.255.248
has exactly 6 valid host IP addresses. So this can be assigned to HR
department. The last octet of subnet mask will contain 11111000.
By using VLSM, the administrators can subnet the IP subnet such a way that least
number of IP addresses is wasted. Even after assigning IPs to every department, the
administrator, in this example, still left with plenty of IP addresses which was not
possible if he/she has used CIDR.
IPv4 on its own does not provide any feature which is vulnerable as
data on Internet, which is a public domain, is never safe. Data has to be
encrypted with some other security application before being sent on Internet.
Quality of service (QoS): Quality of Service (QoS) is available in IPv4 and it
depends on the 8 bits of the IPv4 Type of Service (TOS) field and the
identification of the payload. IPv4 Type of Service (TOS) field has limited
functionality and payload identification (uses a TCP or UDP port) is not possible
when the IPv4 datagram packet payload is encrypted.
7.17.4 Auto-configuration
IPv6 supports both stateful and stateless auto configuration mode of its host devices.
This way absence of a DHCP server does not put stop inter segment communication.
7.17.7 No Broadcast
IPv6 does not have any Broadcast support. It uses multicast to communicate with
multiple hosts.
7.17.9 Mobility
IPv6 was designed keeping mobility feature in mind. This feature enables hosts (such as
mobile phone) to roam around in different geographical area and remain connected with
same IP address.
IPv6 mobility feature takes advantage of auto IP configuration and Extension headers.
7.17.12 Extensibility
One of the major advantages of IPv6 header is that it is extensible to add more
information in the option part. IPv4 provides only 40-bytes for options whereas options
in IPv6 can be as much as the size of IPv6 packet itself.
4 100 4 4
5 101 5 5
6 110 6 6
7 111 7 7
8 1000 10 8
9 1001 11 9
A 1010 12 10
B 1011 13 11
C 1100 14 12
D 1101 15 13
E 1110 16 14
F 1111 17 15
IPv4-compatible addresses, derived from IPv4 public addresses, provide a method for
connecting IPv6 hosts or sites over the existing IPv4 Internet infrastructure. IPv6 traffic,
when used with IPv4-compatible addresses, does not require the addition of IPv6
routers. Its traffic is encapsulated with an IPv4 header.
Having bigger the prefix means the smaller is the network (contains fewer hosts). A /96
is a network the size of the entire existing IPv4 Internet, because it has 32 bits' worth of
host addresses in it (96 + 32 = 128). A /120 has only 8 bits left for hosts, so it's the
same size as an IPv4 class C subnet: 256 addresses.
How many /64 networks are there in a /60? Again, deduct the size of the network from
the size of the subnet. 64 - 60 = 4, and 2 is 16, so there are 16 /64 subnets in a /60.
It works for any size prefix and subnet. How many /93 subnets are there in a /91
network? 93 - 91 = 2, so there are four subnets. How many /12 subnets in a /9
network? 12 - 9 = 3, so there are eight subnets. And so on.
7.22.1 Unicast
The unicast Network topology involves one to one association with the source and
destination.
Source
Destination
A unicast address identifies a single interface within the scope of the type of unicast
address. With the appropriate unicast routing topology, packets addressed to a unicast
address are delivered to a single interface. To accommodate load-balancing systems,
RFC 2373 allows for multiple interfaces to use the same address as long as they appear
as a single interface to the IPv6 implementation on the host.
7.22.2 Multicast
A multicast address identifies multiple interfaces. With the appropriate multicast
routing topology, packets addressed to a multicast address are delivered to all
interfaces that are identified by the address.
Source Destination
Destination Destination
In multicast there is a one to many associations between the source and the
destination.
7.22.3 Anycast
is a type of network topology just like its predecessors, unicast, multicast and
broadcast. Anycast is the new player on the block. Anycast is based on IPv6 and the
communication typically happens between a single sender and several nearest receivers
in a group. Anycast technology is a system that increases both the speed and security
of the Internet naming system and, consequently, the entire Internet by creating many
copies of the some data in multiple locations across the world.
An anycast address identifies multiple interfaces. With the appropriate routing topology,
packets addressed to an anycast address are delivered to a single interface, the nearest
interface that is identified by the address. The interface is defined as being
closest in terms of routing distance. A multicast address is used for - -
communication, with delivery to multiple interfaces. An anycast address is used for -
- - - communication, with delivery to a single interface.
The routing tables on the router are updated using IPv6 to give the packets the path to
the nearest destination, making the transfer much faster. IPv6 determines
automatically as to which destination end points are closest, and sends them the
packets like a Unicast. The destination then carries on relays the packets to its nearest
hosts until all destinations are addressed.
Many of the content delivery networks (CDNs) use this feature to increase the speed.
User Datagram Protocol (UDP), or Internet Control Message Protocol (ICMPv6)). There is
no field in IPv6 datagram packet header, which was present in IPv4 header.
7.26.2.1 Version
The size of the field is 4 bits. The Version field shows the version of IP and is set
to 6 for IPv6.
The destination discards the packet. Can you guess the reason?
: There is an error in this packet. The 4 left-most bits (0100) show the version,
which is correct. The next 4 bits (0010) show the header length, which means (2 × 4 =
8), which is wrong. The minimum number of bytes in the header must be 20. The
packet has been corrupted in transmission.
An IP packet has arrived with the first few hexadecimal digits as shown below:
4 5 00 0028 00010000 01 02..........
Question 2: How many hops can this packet travel before being dropped? The data
belong to what upper layer protocol?
: To find the time-to-live field, we should skip 8 bytes (16 hexadecimal digits).
The time-to-live field is the ℎ byte, which is 01. This means the packet can travel
only one hop. The protocol field is the next byte (02), which means that the upper layer
protocol is IGMP.
Question 3: Suppose an IP datagram containing 256 bytes of data is divided into two
fragments, each containing 128 bytes of data. Fill in the table for the header fields
for the two fragments. The header length is measured in units of 4 bytes.
Header field Datagram Fragment 1 Fragment 2
Header length 5
Total length 276
Identification 3
MF 0
Fragment offset 0
: An IP datagram of 256 bytes of data is divided into two fragments, each
containing 128 bytes of data. The header length is 20 bytes but measured in units of 4
bytes. Total length is the sum of header and data bytes. Identification number is the
same in all fragments to indicate that they belong to the same original datagram.
MF flag is always 1 for all fragments except for the last fragment. Fragment offset
indicates where the fragment’s data belongs in the original datagram measured in units
of 8 bytes.
Question 5: Suppose that the destination router receives 3 out of 4 fragments, but the
reassembly timer expires and the router discards these fragments. Sometime later,
the last fourth fragment arrives. How does the router treat this fragment?
: When the reassembly timer expires, the router will discard the 3 fragments
received so far. When the last fourth fragment arrives, the router will treat the fragment
as a new datagram and start another reassembly timer. When this timer expires later,
this fourth fragment will be discarded also.
Question 6: Why is the IP header checksum recalculated at every router?
: The IP header checksum is recalculated at every router because some of the IP
header fields will change, such as the TTL and (if fragmentation occurs) total length, MF
flag, and fragment offset.
Question 7: Suppose a TCP message that contains 2048 bytes of data and 20 bytes of
TCP header is passed to IP for delivery across two networks of the Internet. The first
network uses 14 byte headers and has a MTU of 1024 bytes; the second uses 8-
byte headers with an MTU of 512 bytes. Each network’s MTU gives the size of the
largest IP datagram that can be carried in a link-layer frame. Give the sizes and
offsets of the sequence of fragments delivered to the network layer at the
destination host. Assume all IP headers are 20 bytes. Note: the IP requires that
fragmentation should always happen on 8-byte boundaries.
: Consider the first network. Packets have room for 1024 - 20 = 1004 bytes of IP-
level data; because 1004 is not a multiple of 8 each fragment can contain at most 8×
⌊1004/8⌋ = 1000 bytes. We need to transfer 2048 + 20 = 2068 bytes of such data. This
would be fragmented into fragments of size 1000, 1000, and 68.
Fragment Size Offset
1 1000 0
2 1000 1000
3 68 2000
Over the second network, the 68-byte packet would be unfragmented but the 1000-
data-byte packet would be fragmented as follows. The IP header is 20 bytes, leaving
512-20 = 492 bytes for IP-level data. Again rounding down to the nearest multiple of 8,
each fragment could contain 488 bytes of IP-level data. 1000 bytes of such data would
become fragments with data sizes 488, 488, and 24.
Fragment Size Offset
1 488 0
2 488 488
3 24 976
4 488 1000
5 488 1488
6 24 1976
7 68 2000
Question 8: An organization has a class C network 196.10.10 and wants to form
subnets for five departments, which host as follows:
1. 55 hosts
2. 50 hosts
3. 45 hosts
4. 25 hosts
5. 20 hosts
There are 195 hosts in all. Design a possible arrangement of subnets to make each
department in a different subnet. For each subnet, give subnet mask and range of IP
addresses.
Network-1 Network-2
A MTU = 1500 R1 R2
MTU = 620
Network-3
B MTU = 1500
:
1. Determine that actual data size for transmission: The dada needs to be
transmitted is 1400 octets. We will assume that the size of the IP header is 20
octets.
MTU Frame = Header + Data
620 = 20+ Data
Data = 620-20 = 600
So, each frame can carry an IP datagram with a 20-octet header and 600 data
octets. Note the 600 is divisible by 8. If not, we need to take the nearest multiple of
8 in the Data part of the MTU frame. The reason is that the fragment offset must be
a multiple of 8-byte.
2. The number of fragments needed to transmit 1400 data octets:
= number of fragments
= total number of data to be transmitted at the network layer = IP data = 1400
= maximum data size for the network = 600
1400
= = = ⌈2.33⌉ = 3
600
So, we need 3 fragments, 2 fragments of 600 octets and the last one is (1400 – 2 ×
600) = 200 octets.
Please note that the fragment offset is in 8-byte unit.
Fragment Offset
Fragment Number Data Length More Flag
(8-byte)
1 600 0 1
2 600 600/8 = 75 1
3 200 75+75 = 150 0
Both and are used for reassembly of fragments. The
is one except for the last fragment. The for the last fragment is 0 to
indicate no more fragments.
7.26 IPv6 Datagram Header Format 213
Elements of Computer Networking IP Addressing
= fragment offset
First byte = 300 × 8 = 2400 B
And since length of data is 360 B. So, last byte on this datagram will be 2759.
Question 15: Suppose a company has obtained a block of IP space, in the form of
128.119.152.0/21. How many IP addresses have been allocated to this company?
Now this company wants to build 4 subnets, each subnet having the same amount
of IP addresses, and 4 subnets use up all allocated IP addresses. What are the 4
subnet address space? What is the subnet mask for each subnet?
: The company has been allocated with 2 = 2048 IP addresses.
The four subnets are: 128.119.152.0/23, 128.119.154.0/23, 128.119.156.0/23,
128.119.158.0/23. Each subnet contains 512 IP addresses. The subnet mask for each
subnet is 255.255.254.0.
Question 16: Consider sending a 2400-byte datagram into a link that has an MTU of
700 bytes. Suppose the original datagram is stamped with the identification
number 422. How many fragments are generated? What are the values in the
various fields in the IP datagram(s) generated related to fragmentation?
: The maximum size of data field in each fragment = 680 (because there are 20
bytes IP header). Thus the number of required fragments
2400 − 20
=4
680
Each fragment will have Identification number 422. Each fragment except the last one
will be of size 700 bytes (including IP header). The last datagram will be of size 360
bytes (including IP header). The offsets of the 4 fragments will be 0, 85, 170, 255. Each
of the first 3 fragments will have flag=1; the last fragment will have flag=0.
Question 17: Look at the 40byte dump of an IP packet containing a TCP segment below.
45 20 03 c5 78 06 00 00 34 06 ca 1f d1 55 ad 71 c0 a8 01 7e
00 50 9a 03 3e 64 e5 58 df d0 08 b3 80 18 00 de 00 02 00 00
Identify all the fields of the IP and TCP header.
: IP header: IP version 4, Header Length: 20 bytes, ToS = 20, Total Length =
0x03c5 = 965 bytes, Identification = 0x7806, Flags = 0, Fragment offset = 0, TTL = 0x34
= 52, Proto = TCP, Header Checksum = 0xca1f, Source IP address = 209.85.173.113,
Destination IP address = 192.168.1.126.
TCP header: src port = 80, destination port = 39427, sequence number =0x3e64e558,
ack number = 0xdfd008b3, header length = 8*4 = 32bytes, unused = 0, flags : URG = 0,
ACK = 1, PSH =1, RST =0, SYN = 0, FIN = 0, receive window = 0x000de, Internet
checksum = 0x0002, urgent data pointer = 0.
Question 18: Consider a router that interconnects three subnets: Subnet 1, Subnet 2,
and Subnet 3. Suppose all of the interfaces in each of these three subnets are
required to have the prefix 223.1.17/24. Also suppose that Subnet 1 is required to
support up to 63 interfaces, Subnet 2 is to support up to 95 interfaces, and Subnet
3 is to support up to 16 interfaces. Provide three network addresses (of the form
a.b.c.d/x) that satisfy these constraints.
: 223.1.17.0/26 223.1.17.128/25 223.1.17.192/28.
Question 19: Consider a subnet with prefix 128.119.40.128/26. Give an example of one
IP address (of form xxx.xxx.xxx.xxx) that can be assigned to this network. Suppose
an ISP owns the block of addresses of the form 128.119.40.64/26. Suppose it
wants to create four subnets from this block, with each block having the same
number of IP addresses. What are the prefixes (of form a.b.c.d/x) for the four
subnets?
: Any IP address in range 128.119.40.128 to 128.119.40.191.
Four equal size subnets: 128.119.40.64/28, 128.119.40.80/28, 128.119.40.96/28,
128.119.40.112/28.
Question 20: CareerMonk Inc., is assigned 4 blocks of 256 addresses from ISP,
207.16.204.[0-255], 207.16.205.[0-255],
207.16.206.[0-255] and 207.16.207.[0-255].
A) In class-based addressing, what is the class name for these addresses? What
would be the subnet mask?
B) In this case, what corresponding network prefix(es) appear to routers outside of
the ISP?
C) If instead your ISP uses classless interdomain-routing (CIDR) to assign
addresses to Bears Inc., what are the masks and corresponding network prefix(es)
that appear to routers outside of the ISP?
:
Question 32: Consider a router that connects three subnets: sub1, sub2 and sub3.
Suppose all of the interfaces in each of these three subnets are required to have the
prefix 223.1.17.0/24, and each subnet is required to support up to 60 interfaces.
Provide three network addresses of the form . . . / (where 24 < x ≤ 32) that
satisfies these constraints.
: Use the leftmost 2 bits of the 4th octet for the network. The three networks
could be (1) 223.1.17.64/26, (2) 223.1.17.128/26, and (3) 223.1.17.192/26. This leaves
the right-most 6 bits for a host on the network where 26 > 60.
Question 33: Take a look at the figure representing the IPv4 header from the chapter.
Why must the checksum for an IP header be recalculated at every hop?
: Whenever a packet arrives at a router, the TTL (time-to-live) must be
decremented. Because the header is altered, the checksum must be recalculated. Also,
check traceroute section from Miscellaneous chapter.
Question 34: Take a look at the figure representing the IPv6 header from the chapter.
Notice this does not include a checksum. Why does IPv6 choose not to have a
checksum?
: The primary reason had to do with performance: calculating and verifying a
checksum takes computation time and thus can slow down the processing of a router.
IPv6 chose to eliminate this field for these performance reasons.
However, IPv6 felt it could do so because checksums are also being determined both
above at the transport layer as well as below at the link-layer (i.e. local area networks.)
Question 35: We are given the assignment of setting subnet addresses for 4 buildings of
a company. The number of Internet connected PCs in each building is given in the
following table. Assume that the 131.155.192.0/19 address block is given to us for
this purpose. Use the following table to show the addresses of the four subnets that
we created.
Building # of PCs Subnet address (CIDR format)
1 2200
2 1620
3 550
4 500
:
Building # of PCs Subnet address (CIDR format)
1 2200 131.155.192.0/20
2 1620 131.155.208.0/21
3 550 131.155.216.0/22
4 500 131.155.220.0/23
Question 36: The following is a forwarding table at router R, which uses Classless
Interdomain Routing (CIDR).
Destination Network Next Hop
139.179.222.0/25 R1
139.179.128.0/17 R2
139.179.120.0/21 R3
139.179.216.0/21 R4
139.179.0.0/16 R5
Suppose packets with the following destination IP addresses arrive at router R.
Determine to what next hop each of these packets will be delivered (Give only one
answer for each destination.)
I. 139.179.60.1
II. 139.179.226.4
7.26 IPv6 Datagram Header Format 217
Elements of Computer Networking IP Addressing
III. 139.179.124.55
IV. 139.179.223.18
V. 139.179.127.222
:
I. 139.179.60.1 R5
II. 139.179.226.4 R2
III. 139.179.124.55 R3
IV. 139.179.223.18 R4
V. 139.179.127.222 R3
Question 37: Divide the network with CIDR prefix 139.179.0.0/17 into /20
subnetworks. Show each subnetwork in CIDR format.
: Since we need to form /20 subnets from /17 network, it gives us 8 (20 − 17=3
bits and 2 = 8) such /20 subnetworks.
139.179.0.0/20
139.179.16.0/20
139.179.32.0/20
139.179.48.0/20
139.179.64.0/20 139.179.0.0/17
139.179.80.0/20
139.179.96.0/20
139.179.112.0/20
Question 38: Suppose the following four subnetworks are aggregated into a single
subnetwork: 139.179.192.0/20, 139.179.208.0/20, 139.179.224.0/20,
139.179.240.0/20. Find the CIDR prefix that should be used in order to advertise
this aggregated subnetwork.
:
139.179.192.0/20
139.179.208.0/20
139.179.192.0/18
139.179.224.0/20
139.179.240.0/20
Question 39: Which addresses are valid host addresses?
A) 201.222.5.17 B) 201.222.5.18 C) 201.222.5.16
D) 201.222.5.19 E) 201.222.5.31
: A, B, and D. Subnet addresses in this situation are all in multiples of 8. In this
example, 201.222.5.16 is the subnet, 201.22.5.31 is the broadcast address. The rest
are valid host IDs on subnet 201.222.5.16.
Question 40: You are a network administrator and have been assigned the IP address of
201.222.5.0. You need to have 20 subnets with 5 hosts per subnet. What subnet
mask will you use?
A) 255.255.255.248 B) 255.255.255.128
C) 255.255.255.192 D) 255.255.255.240
: A. By borrowing 5 bits from the last octet, we can have 30 subnets. If we
borrow 4 bits we could only have 14 subnets. The formula is 2 − 2. By borrowing 4
bits, we have 2 − 2=14. By borrowing 5 bits, you have 2 − 2=30. To get 20 subnets, we
would need to borrow 5 bits and the subnet mask would be 255.255.255.248.
Question 41: You are given the IP address of 172.16.2.160 with a subnet mask of
255.255.0.0. What is the network address in binary?
A) 10101100 00010000 B) 00000010 10100000
C) 10101100 00000000 D) 11100000 11110000
A) 192.168.10.29 B) 192.168.10.16
C) 192.168.10.17 D) 192.168.10.31
E) 192.168.10.0
: A and C. 192.168.10.19/28 belongs to 192.168.10.16 network with mask of
255.255.255.240. This offers 14 usable ip address range from 192.168.10.17 – 30. Use
the cram table above if you are confused.
Question 53: Convert the following decimal IP address to binary.
130.85.65.38
: 10000010.01010101.01000001 .00100110
Question 54: Given 130.85.0.0/20 as the IP address, answer the following questions.
How many usable IP address do you have per subnet?
: 4094
Question 55: For the Question 54, what is the total number of subnets you have?
: 16
Question 56: For the Question 54, what is the broadcast address?
: 130.85.15.255
Question 57: Given 130.85.0.0/23 as the IP address, answer the following questions.
How many usable IP address do you have per subnet?
: 510
Question 58: For the Question 57, what is the total number of subnets you have?
: 128
Question 59: For the Question 57, what is the last usable address in this subnet?
: 130.85.1.254
Question 60: Given 130.85.8.0/22 as the IP address, answer the following questions.
How many usable IP address do you have per subnet?
: 1022
Question 61: For the Question 60, what is the total number of subnets you have?
: 64
Question 62: For the Question 60, what is the subnet mask?
: 255.255.252.0
Question 63: For the Question 60, is IP address 130.85.12.231 in this subnet?
: No
Question 64: Given 65.20.0.0/14 as the IP address, answer the following questions.
How many usable IP address do you have per subnet?
: 262142
Question 65: For the Question 64, what is the first usable address in this subnet?
: 65.20.0.1
Question 66: For the Question 64, what is the broadcast address for this subnet?
: 65.23.255.255
Question 67: For the Question 64, what is the subnet mask?
7.26 IPv6 Datagram Header Format 221
Elements of Computer Networking IP Addressing
: 255.252.0.0
Question 68: Given 130.85.28.32/27 as the IP address, answer the following questions.
How many usable IP address do you have per subnet?
: 30
Question 69: For the Question 68, what is the first usable address in this subnet?
: 130.85.28.33
Question 70: For the Question 68, what is the broadcast address?
: 130.85.28.63
Question 71: For the Question 68, is IP address 130.85.28.65 in this subnet?
: No
Question 72: Given 68.32.20.8/29 as the IP address, answer the following questions.
How many usable IP address do you have per subnet?
:6
Question 73: For the Question 72, what is the first usable address in this subnet?
: 68.32.20.9
Question 74: For the Question 72, what is the subnet mask?
: 255.255.255.248
Question 75: For the Question 72, what is the broadcast address?
: 68.32.20.15
Question 76: For the Question 72, is IP address 68.32.20.13.16 in this subnet?
: No
Question 77: Given 130.85.33.177/26 as the IP address, answer the following
questions. What is the Network ID for this subnet?
: 130.85.33.128
Question 78: For the Question 77, what is the first usable address in this subnet?
: 130.85.33.129
Question 79: For the Question 77, what is the subnet mask?
: 255.255.255.192
Question 80: For the Question 77, what is the broadcast address?
: 130.85.33.191
Question 81: Given 130.85.68.33/18 as the IP address, answer the following questions.
What is the Network ID for this subnet?
: 130.85.64.0
Question 82: For the Question 81, what is the first usable address in this subnet?
: 130.85.64.1
Question 83: For the Question 81, what is the subnet mask?
: 255.255.192.0
Question 84: For the Question 81, what is the broadcast address?
: 130.85.127.255
Question 85: Given 68.120.54.12/12 as the IP address, answer the following questions.
What is the Network ID for this subnet?
: 68.112.0.0
Question 86: For the Question 85, what is the first usable address in this subnet?
: 68.112.0.1
Question 87: For the Question 85, what is the subnet mask?
: 255.240.0.0
Question 88: For the Question 85, what is the broadcast address?
: 68.127.255.255
Question 89: Address 192.5.48.3 belongs to
A) class A B) class B C) class C D) class D
: C. Address 192.5.48.3 belongs to class C.
Question 90: Unlike Ipv4, Ipv6 does not include the following field in the base header
A) Next Header field B) Field for Fragmentation information
C) Flow Label D) Kind field
: B. Unlike Ipv4, Ipv6 does not include the field for Fragmentation information in
the base header.
Question 91: 127.0.0.1 is a
A) Limited broadcast address B) Direct broadcast address
C) Multicast address D) Loop-back address
: D. 127.0.0.1 is a loop-back address.
Question 92: Network address prefixed by 1110 is a
A) Class A address B) Multicast address
C) Class B address D) Reserve address
: B. Network address prefixed by 1110 is a multicast address.
Question 93: One of the header fields in an IP datagram is the Time to Live (TTL) field.
Which of the following statements best explains the need for this field?
A) It can be used to prioritize packets
B) It can be used to reduce delays
C) It can be used to optimize throughput
D) It can be used to prevent packet looping
: D. Whenever Time to live field reaches zero we discard the packet,so that we
can prevent it from looping.
Chapter
IP Routing 8
8.1 Introduction
The purpose of the router is to examine incoming packets, chose the best path for them
through the network; and then switches them to the proper outgoing port. Routers are
the most important traffic-regulating devices on large networks.
Routers are networking devices that forward data packets between networks using
ℎ and to determine the best path to forward the packets.
Routers work at the network layer of the TCP/IP model layer 3 of the OSI model.
As an example, assume that we want to send a postcard just based on person names
(with minimum information). For example, s [USA], ℎ [India] or
[USA] it would be routed to them due to their fame; no listing of the
street address or the city name would be necessary. The postal system can do such
routing to famous personalities, depending on the name alone.
routing to the specific ZIP code. This idea is not possible with IP addressing since netids
do not have any geographical proximity. In fact, an IP netid address such 134.193.0.0
can be geographically far away from the immediately preceding IP netid address
134.192.0.0. Thus, at the netid level, IP addressing is fiat; there is no hierarchy.
You might be wondering why IP address numbering is not geographic. To give a short
answer, an advantage of a nongeographic address is that an organization that has been
assigned an IP address block can keep its address block even if it moves to a different
location or if it wants to use a different provider for connectivity to the Internet. A
geographically based address system usually has limitations in regard to providing
location-independent flexibility.
In order to provide the flexibility those two netids that appear close in terms of their
actual numbering can be geographically far away, core routers in the Internet need to
maintain an explicit list of all valid netids along with an identified outgoing link so that
when a packet arrives the router knows which way to direct the packet. The list of valid
netids is quite large, currently at 196,000 entries. Thus, to minimize switching time at a
router, efficient mechanisms are needed that can look up an address, identify the
appropriate outgoing link (direction), and process the packet quickly so that the
processing delay can be as minimal as possible.
There is, however, another important phase that works in tandem with the lookup
process at a router. This is the updating of a table in the router, known as the routing
table that contains the identifier for the next router, known as the next hop, for a given
destination netid. The routing table is in fact updated ahead of time. In order to update
such a table, the router would need to store all netids it has learned about so far;
second, if a link downstream is down or congested or a netid is not reachable for some
reason, it needs to know so that an alternate path can be determined as soon as
possible. This means that a mechanism is required for communicating congestion or a
failure of a link or non-reachability of a netid. This mechanism is known as the routing
protocol mechanism. The information learned through a routing protocol is used for
generating the routing table ahead of time.
If new information is learned about the status of links or nodes, or the reachability of a
netid through a routing protocol, a routing algorithm is then invoked at a router to
determine the best possible next hop for each destination netid in order to update the
routing table. For efficient packet processing, another table, known as the forwarding
table, is derived from the routing table that identifies the outgoing link interfaces. The
forwarding table is also known as the Forwarding Information Base (FIB). We will use
the terms forwarding table and FIB interchangeably.
It should be noted that a routing algorithm may need to take into account one or more
factors about a link, such as the delay incurred to traverse the link, or its available
bandwidth, in order to determine the best possible path among a number of possible
paths. If a link along a path does not have adequate bandwidth, congestion or delay
might occur. To minimize delay, an important function, called traffic engineering, is
performed. Traffic engineering is concerned with ways to improve the operational
performance of a network and identifies procedures or controls to be put in place ahead
of time to obtain good network performance.
Finally, there is another important term associated with networking in general and net-
work routing in particular, labeled as architecture. There are two broad ways the term
architecture from the architecture of a building is applicable here: (1) a floor inside a
building may be organized so that it can be partitioned efficiently for creating office
spaces of different sizes by putting in flexible partitions without having to tear down any
concrete walls, (2) it provides standardized interfaces, such as electrical sockets, so that
equipment that requires power can be easily connected using a standardized socket
without requiring modification to the building or the floor or the equipment.
Similarly, there are several ways we use the term architecting a network: for example,
from the protocol point of view, various functions are divided so that each function can
be done separately, and one function can depend on another through a well-defined
relationship. From a router’s perspective, architecting a net-work refers to how it is
organized internally for a variety of functions, from routing protocol handling to packet
processing. From a network perspective, this means how the network topology
architecture should be organized, where routers are to be located and bandwidth of
links determined for efficient traffic engineering, and so on. Later, we will elaborate
more on architectures.
To summarize, we can say that the broad scope of network routing is to address routing
algorithms, routing protocols, and architectures, with architectures encompassing
several different aspects for efficient routing.
Static routing systems cannot react to network changes, they generally are considered
unsuitable for today's large, constantly changing networks. Most of the dominant
routing algorithms today are dynamic routing algorithms.
The dynamic routing algorithms are used in the dynamic routers and these
routers can sense a faulty router in the network. Also, the dynamic router
eliminates the faulty router and finds out another possible optimal path from
the source to the destination. If any router is down or faulty due to certain
reasons, this fault is circulated in the entire network.
The static routing is suitable for very networks and they cannot be used
in large networks. As against this, dynamic routing is used for networks.
The manual routing has no specific routing algorithm.
The static routing is the way of routing the data packets from a source
to a destination in a network. The dynamic routing uses algorithms for
routing the data packets.
The static routing has the advantage that it requires minimal memory. Dynamic
router, however, have quite a few memory overheads, depending on the routing
algorithms used.
In a flat routing, each network ID is represented individually in the routing table. The
network IDs have no network/subnet structure and cannot be summarized.
Hierarchical routing simplify routing tables and lower the amount of routing
information that is exchanged, but they require more planning. IP implements
hierarchical network addressing, and IP internetworks can have a hierarchical routing
structure.
In hierarchical routing, the internetwork can be divided into routing domains (also
called or ). A routing domain is a collection of contiguous networks
connected by routers that share the routing information for the routes within the
domain.
8.4.2 Delay
Routing is the time required to move a packet from source to destination. Delay
depends on many factors, including the bandwidth of intermediate network links, the
port queues (receive and transmit queues that are there in the routers) at each router
along the way, network congestion on all intermediate network links, and the physical
distance to be traveled.
8.4.3 Bandwidth
Bandwidth is the available traffic capacity of a link. Although bandwidth is a rating of
the maximum attainable throughput on a link, routes through links with greater
bandwidth do not necessarily provide better routes than routes through slower links.
For example, if a faster link is busier, the actual time required to send a packet to the
destination could be greater.
8.4.4 Load
refers to the degree to which a network resource, such as a router, is busy. Load
can be calculated in a variety of ways, including CPU utilization and packets processed
per second.
8.4.6 Reliability
in routing algorithms is the dependability (usually described in terms of the
- rate) of each network link. Some network links might go down more often than
others. After a network fails, certain network links might be repaired more easily or
more quickly than other links.
Any reliability factor can be taken into account in the assignment of the reliability
ratings, which are arbitrary numeric values, usually assigned to network links by
network administrators.
After the first transmission, all the routers within one hop receive the packet. After the
second transmission, all the routers within two hops receive the packet, and so on.
Unless a mechanism stops the transmission, the process continues; as a result, the
volume of traffic increases with time.
B
C
Source
A D
Destination
E F
In this figure, two packets arrive at node A from a source. The first packet is copied to
both nodes B and E. At nodes B and C, the copies of the packet are copied to their
neighbouring nodes.
In flooding, all possible routes between source and destination are tried. A packet will
always get through if a path exists. As all routes are tried, at least one packet will pass
through the shortest route. All nodes, directly or indirectly connected, are visited. Main
limitation flooding is that it generates vast number of duplicate packets.
Another approach is keep track of packets, which are responsible for flooding using a
sequence number and avoid sending them out a second time. A variation, which is
slightly more practical, is selective flooding. The routers do not send every incoming
packet out on every line, only on those lines that go in approximately in the direction of
destination. Some of the important utilities of flooding are:
Internet Interior
R Gateway
R
R
R R R
R
R
R
R
Core Network
Exterior Gateway
R R
R AS R R
the core network are called exterior gateways and the routing protocol these exterior
gateways use is called the (EGP).
Unlike IGPs the EGP cannot be different on different exterior gateways and it must be
an Internet standard.
Two classes of routing protocols are used to allow these domains to efficiently exchange
routing information:
Routing Protocols
Intra-Domain Inter-Domain
8.7.1 IGP
In small and slowly changing network the network administrator can establish or
modify routes manually. Administrator keeps a table of networks and updates the table
whenever a network is added or deleted from the autonomous system. The disadvantage
of the manual system is obvious; such systems are neither scalable nor adaptable to
changes.
AS
R R
IGP
One of the most widely used IGPs is Routing Information Protocol (RIP). This protocol
uses a technique called Distance Vector Algorithm. Link State (LS) and Open Shortest
Path First (OSPF) are other examples of commonly available interior gateway protocols.
AS AS
Current BGP, BGP4, is capable of carrying routing information only for IPv4. Some
extensions have been added to this protocol so that it can be used for other network
layer protocols such as IPv6. And, this new protocol is called BGP4+.
Hop
Hop Router
Router
Hop
Source
Hop
Hop
Gateway Router
RIP is not good when we have an alternative path with the same number of routers, but
with a faster bandwidth. RIP doesn’t understand that as it’s a distance vector and not a
link state protocol. A link state can calculate the fastest link not depending on the ℎ
, and its limit is 15 hops.
RIP was designed for exchanging information within a limited size network, such as a
network of 250 routes or a maximum of 15 hops. A RIP router maintains a routing table
and periodically sends announcements to inform other RIP routers of the networks it
can reach.
RIP also announces when it can no longer reach previously reachable networks. RIP
version 1 uses IP packets for its announcements. A later enhancement, RIP
version 2, also allows IP packets for its announcements.
RIP routers maintain only the best route (the route with the lowest metric value) to a
destination. After updating its routing table, the router immediately begins transmitting
routing updates to inform other network routers of the change.
These updates are sent independently of the regularly scheduled updates that RIP
routers send.
If multiple routes have the same metric, RIP chooses the first route it finds. RIP is
limited to routes of 15 hops or less. If a network is more than 15 hops away, RIP does
not put its route into the router’s routing table.
RIP suits star topologies very well. It is less suited to a meshed (multiply connected)
network, because in meshed networks it learns multiple copies of routes, with different
metrics.
8.8.3 Neighbours
To maintain its table of RIP routes, the RIP router periodically receives broadcasts of
routing information from neighbouring routers, called RIP ℎ . Similarly, the
router periodically broadcasts its routing information to its neighbours. The router
removes routes from the table if the neighbouring routers do not keep them up to date
(refresh them).
Each router interface’s RIP neighbours must be in the same subnet as the interface.
In addition, the RIP hop-count limit prevents routing loops from continuing indefinitely.
Typical features of RIP are: hop-count limit, hold-downs, split horizons, and poison
reverse updates.
When RIP for IP routers add routes to their routing table, based on routes advertised by
other routers, they keep only the best route in the routing table and they update a lower
cost route with a higher cost route only if is being announced by the same source as the
current lower cost route.
In certain situations, as shown in figures below, this causes the - -
problem.
Announcement Announcement
Network Length Network Length
1 1 3 1
Network-1
Network-2
Network-3
3 2 1 2
Router-1 Router-2
Now assume that the link from Router 2 to Network 3 fails and is sensed by Router 2.
As shown in figure, Router 2 changes the hop count for the route to Network 3 to
indicate that it is unreachable, an infinite distance away.
Network-2
Network-3
Router-1 Router-2
However, before Router 2 can advertise the new hop count to Network 3 in a scheduled
announcement, it receives an announcement from Router 1.
The Router 1 announcement contains a route to Network 3 which is two hops away.
Because two hops away is a better route than 16 hops, Router 2 updates its routing
table entry for Network 3, changing it from 16 hops to three hops, as shown in figure.
Announcement
Network Length
1 1
Network-1
Network-2
Network-3
3 2
Router-1 Router-2
When Router 2 announces its new routes, Router 1 notes that Network 3 is available
three hops away through Router 2.
Because the route to Network 3 on Router 1 was originally learned from Router 2,
Router 1 updates its route to Network 3 to four hops.
Announcement
Network Length
3 3
Network-1
Network-2
Network-3
1 2
Router-1 Router-2
When Router 1 announces its new routes, Router 2 notes that Network 3 is available
four hops away through Router 1.
Because the route to Network 3 on Router 2 was originally learned from Router 1,
Router 2 updates its route to Network 3 to five hops.
Announcement
Network Length
1 1
Network-1
Network-2
Network-3
3 4
Router-1 Router-2
The two routers continue to announce routes to Network 3 with higher and higher hop
counts until infinity (16) is reached. Then, Network 3 is considered unreachable and the
route to Network 3 is eventually timed out of the routing table. This is known as the
count-to-infinity problem.
The count-to-infinity problem is one of the reasons why the maximum hop count of RIP
for IP internetworks is set to 15 (16 for unreachable). Higher maximum hop count
values would make the convergence time longer when count-to-infinity occurs.
Also note that during the count-to-infinity in the previous example, the route from
Router 1 to Network 3 is through Router 2. The route from Router 2 to Network 3 is
through Router 1. A routing loop exists between Router 1 and Router 2 for Network 3
for the duration of the count-to-infinity problem.
8.8.5.2 Hold-Downs
Hold-downs are used to prevent regular update messages from inappropriately
reinstating a route that has gone bad. When a route goes down, neighbouring routers
will detect this. These routers then calculate new routes and send out routing update
messages to inform their neighbours of the route change. This activity begins a wave of
routing updates that filter through the network.
Triggered updates do not instantly arrive at every network device. It is therefore possible
that a device that has yet to be informed of a network failure may send a regular update
message (indicating that a route that has just gone down is still good) to a device that
has just been notified of the network failure. In this case, the latter device now contains
incorrect routing information.
Hold-downs tell routers to hold down any changes that might affect recently removed
routes for some period of time. The hold-down period is usually calculated to be just
greater than the period of time necessary to update the entire network with a routing
change. Hold-down prevents the count-to-infinity problem.
Announcement
Announcement Network Length
Announcement
Network Length 2 1
Network Length Announcement
1 1 1 2
2 1 Network Length
3 2 3 1
Network-1
Network-2
Network-3
Router-1 Router-2
Announcement
Announcement Announcement Network Length
Announcement
Network Length Network Length 2 1
Network Length
1 1 3 1 1 2
2 1
3 16 1 16
3 2
Network-1
Network-2
Network-3
Router-1 Router-2
However, in a multipath internetwork, split horizon with poison reverse greatly reduces
count-to-infinity and routing loops. Count-to-infinity can still occur in a multipath
internetwork because routes to networks can be learned from multiple sources.
In figure, split horizon with poison reverse advertises learned routes as unreachable in
the direction from which they are learned. Split horizon with poison reverse does have
the disadvantage of additional RIP message overhead because all networks are
advertised.
00 To 07 08 To 15 16 to 31
Command Version Unused
Address Family Identifier Route Tag
IP Address
Zero Route Table Entry
Zero
Metric
Command
field indicates that the packet is a request or a response. The request
command requests the responding system to send all or part of its routing table.
Destinations for which a response is requested are listed later in the packet. The
response command represents a reply to a request or, more frequently, an unsolicited
regular routing update.
In the response packet, a responding system includes all or part of its routing table.
Regular routing update messages include the entire routing table. It is a 1-byte field
containing either 0x01 or 0x02. 0x01 indicates a RIP request for all or part of the
routing tables of neighbouring routers. 0x02 indicates a RIP response consisting of all
or part of a neighbouring router's routing table.
Version number
field specifies the RIP version being implemented. With the potential for
many RIP implementations in an internetwork, this field can be used to signal different,
potentially incompatible, implementations.
It is a 1-byte field set to the value of 0x01 for RIP v1.
Address
follows another 16-bit field of zeros. In Internet RIP implementations, this field
typically contains an IP address.
Zero
Not used.
Metric
field follows two more 32-bit fields of zeros and specifies the hop count. The hop
count indicates how many internetwork hops (routers) must be traversed before the
destination can be reached.
It is a 4-byte field for the number of hops to the IP network that must be a value from 1
to 16. The metric is set to 16 in a General RIP Request or to indicate that the network is
unreachable in a RIP response (announcement).
00 To 07 08 To 15 16 to 31
Command Version Unused
Address Family Identifier Route Tag
IP Address
Subnet Mask Route Table Entry
Next Hop
Metric
Command
field indicates that the packet is a request or a response. The request
command requests the responding system to send all or part of its routing table.
Destinations for which a response is requested are listed later in the packet. The
response command represents a reply to a request or, more frequently, an unsolicited
regular routing update.
In the response packet, a responding system includes all or part of its routing table.
Regular routing update messages include the entire routing table.
It is a 1-byte field containing either 0x01 or 0x02. 0x01 indicates a RIP request for all or
part of the routing tables of neighbouring routers.
0x02 indicates a RIP response consisting of all or part of a neighbouring router's
routing table.
Version number
field specifies the RIP version being implemented. With the potential for
many RIP implementations in an internetwork, this field can be used to signal different,
potentially incompatible, implementations.
It is a 2-byte field identifying the protocol family. This is set to the value of 0x00-02 to
indicate the IP protocol family.
Address
follows another 16-bit field of zeros. In Internet RIP implementations, this field
typically contains an IP address.
Subnet mask
Subnet mask contains the subnet mask for the entry. If this field is zero, no subnet
mask has been specified for the entry.
Next hop
Next hop field indicates the IP address of the next hop to which packets for the entry
should be forwarded.
Metric
field follows two more 32-bit fields of zeros and specifies the hop count. The hop
count indicates how many internetwork hops (routers) must be traversed before the
destination can be reached.
It is a 4-byte field for the number of hops to the IP network that must be a value from 1
to 16. The metric is set to 16 in a General RIP Request or to indicate that the network is
unreachable in a RIP response (announcement).
As a link state routing protocol, OSPF contrasts with RIP and IGRP, which are distance
vector routing protocols. Routers running the distance vector algorithm send all or a
portion of their routing tables in routing update messages, but only to their neighbours.
Adjacency
It is a logical connection between a router and the Designated Router (DR) and Backup
Designated Router (BDR).
Link
A network or router interface assigned to any network. In algorithm, OSPF Link is the
same as the interface.
Interface
An interface is a physical interface on a router. If the link is up the interface is up.
State
It is the functional level of an interface that determines whether or not full adjacencies
are allowed to form over the interface.
Routing table
Routing table is derived from the Shortest Path Tree. Each entry of this table is
by a destination, and contains the destination's cost and a of paths (described by its
type and next hop) to use in forwarding packets to the destination.
OSPF Areas
These are similar to EIGRP Autonomous Systems (ASes). OSPF areas are used to
establish a hierarchical network.
Non-Broadcast Multi-Access
NBMA are networks like Frame Relay, X.25 and ATM. While these networks allow for
multiple-access they do not have any broadcast capabilities like Ethernet. Special
consideration is required when configuring an NBMA network with OSPF.
Broadcast (multi-access)
Ethernet allows for broadcast and multi-access. It requires the election of a Designated
Router and a Backup Designated Router.
Point to Point
This configuration eliminates the need for DR and BDR.
Router ID
The Router ID is the highest IP address of all configured Loopback interfaces. It is then
used to represent the router. If there are no loopback interfaces configured the Router
ID will use the highest IP address of any of its configured interfaces.
OSPF Features
OSPF has the following features:
This protocol is , which means that its specification is in the public
domain. That means, anyone can implement it without paying license fees.
OSPF is based on the algorithm (also called ’ algorithm, named
after the person credited with its creation).
: OSPF can detect and propagate topology changes faster than
RIP. Count-to-infinity does not occur with OSPF.
OSPF is a link-state routing protocol that calls for the sending of link-state
advertisements (LSAs) to all other routers within the same hierarchical area.
Information on attached interfaces, metrics used, and other variables are
included in OSPF LSAs. As a link-state routing protocol, OSPF contrasts with
RIP, which are distance-vector routing protocols. Routers running the distance-
vector algorithm send all or a portion of their routing tables in routing-update
messages only to their neighbors.
Support for Authentication: OSPF specifies that all the exchanges between
routers must be ℎ . It allows a number of authentication methods.
Different areas can choose different authentication methods. The idea behind
authentication is that only authorized router are allowed to advertise routing
information.
OSPF include routing. It can calculate separate routes for each
Type of Service (TOS), for example it can maintain separate routes to a single
destination based on ℎ - and ℎ ℎ ℎ ℎ .
OSPF provides . When several equal-cost routes to a destination
exist, traffic is distributed equally among them.
OSPF uses different message formats to distinguish the information acquired
from within the network (internal sources) with that which is acquired from a
router outside (external sources).
- routes: OSPF-calculated routes are always loop-free.
: With OSPF, an AS can be subdivided into contiguous groups of
networks called areas. Routes within areas can be summarized to minimize
route table entries. Areas can be configured with a default route summarizing
all routes outside the AS or outside the area.
Each is self-contained; the topology of an area is hidden from the rest of
the Autonomous System (AS) and from other too. As a result, OSPF can
scale to large and very large internetworks. In contrast, RIP for IP internetworks
cannot be subdivided and no route summarization is done beyond the
summarizing for all subnets of a network ID.
Router
Link State PDU
Router Router
Router
Topological
Routing Table
Database
′ Route
algorithm
SPF Algorithm
The SPF routing algorithm is the basis for OSPF operations. When an SPF router is
powered up, it initializes its routing protocol data structures and then waits for
indications from lower-layer protocols that its interfaces are functional.
Once a router is assured that its interfaces are functioning, it uses the OSPFHello
protocol to acquire neighbors. Neighbors are routers with interfaces to a common
network. The router sends hello packets to its neighbors and receives their hello
packets. In addition to helping acquire neighbors, hello packets also act as keep alive to
let routers know that other routers are still functional.
On multi-access networks (networks supporting more than two routers), the Hello
protocol elects a designated router and a backup designated router. The designated
router is responsible, among other things, for generating LSAs for the entire multi-
access network. Designated routers allow a reduction in network traffic and in the size
of the topological database.
When the link state databases of two neighboring routers are synchronized, the routers
are said to be adjacent. On multi-access networks, the designated router determines
which routers should become adjacent. Topological databases are synchronized
between pairs of adjacent routers. Adjacencies control the distribution of routing
protocol packets. These packets are sent and received only on adjacencies.
′ ′ ′
Route Route Route
algorithm algorithm algorithm
Each router periodically sends an LSA. LSAs are also sent when a router’s state
changes. LSAs include information on a router’s adjacencies. By comparing established
adjacencies to link states, failed routers can be quickly detected and the network’s
topology altered appropriately. From the topological database generated from LSAs,
each router calculates a shortest-path tree, with itself as root. The shortest-path tree, in
turn, gives a routing table.
with AS. An area’s topology is invisible to entities outside the area. By keeping area
topologies separate, OSPF passes less routing traffic than it would if the AS were not
partitioned.
R R R R
Area-1 Area-2
R R
R R
R
R R
Area partitioning creates two different types of OSPF routing, depending on whether the
source and destination are in the same or different areas. Intra-area routing occurs
when the source and destination are in the same area; inter-area routing occurs when
they are in different areas. An OSPF backbone is responsible for distributing routing
information between areas. It consists of all area border routers, networks not wholly
contained in any area, and their attached routers.
8.9.2.1 Down
In this state, a router has not heard a hello packet from any OSPF neighbour yet.
8.9.2.2 Attempt
This state is valid only for manually configured neighbours in NBMA environment. The
neighbours are not discovered dynamically but must be configured manually.
8.9.2.3 Init
This state indicates that the router has received a hello packet from its neighbour, but
the receiving router's ID was not included in the hello packet. It simply means that the
router did received hello messages from a neighbour, but they don’t have the Router ID
of the receiving router, as a known neighbour.
8.9.2.4 2-Way
It means that router did receive hello message from neighbour and that hello message
includes its Router ID. This means the both routers are able to see each other Hello
Messages, which also means that now they have 2-way communication going on. A
router has seen its own Router ID in the hello packet from the neighbour(s).
8.9 Open Shortest Path First [OSPF] 250
Elements of Computer Networking IP Routing
8.9.2.5 ExStart
In this state the master/slave relationship is established necessary to exchange
Database Description Packets. Since all the packets have their sequence number
allowing routers to detect more recent information, initial numbers are negotiated in
this state. The router with the highest Router ID becomes the master.
8.9.2.6 Exchange
In this OSPF neighbour state, DBD packets are exchanged. These packets only contain
the LSA header information. This information will be used by routers to see what LSA’s
they have and what LSA’s they don’t have.
The routers will send Database Description packets (description of the LDSB). Link
State Request packets to request more recent LSAs are also sent in this state.
No Hello packets received=Down
Down State
Send Hello Packets
Move to Init state
More LSAs
No needed?
Yes
Loading State
8.9.2.7 Loading
This is where the actual exchange of OSPF Database information happens. On basis of
the information gathered in the above stage, Link State Requests (LSR’s) are generated
to request for missing LSA’s and the requests are fulfilled by Link State Update (LSU’s)
packets.
The LSR packets are sent to neighbours in the loading state. They request more recent
LSAs discovered in the Exchange state. Link State Updates are sent in response to
LSRs.
8.9.2.8 Full
Once both routers have a synchronized database after the LSR/LSU exchange process,
they exchange LSA Ack’s with each other in order to confirm & then move on to Full
state. OSPF neighbours are fully adjacent. All information about networks/subnets
have been exchanged and acknowledged.
Router-1 Router-2
Router-4
Point-to-point links don't scale well. A much more efficient manner of connecting a large
number of devices is to implement a multi-access segment. Multi-access segment is a
segment which can be accessed by multiple end points. An ℎ segment is an
example of such a network.
Ethernet networks support broadcasts; a single packet transmitted by a device can be
multiplied by the medium (in this case an Ethernet switch) so that every other end
point receives a copy. This is advantageous not only in bandwidth savings, but also in
facilitating automatic neighbour discovery.
In the example above, Router-1 can multicast (a broadcast intended only for certain
recipients) an OSPF hello message to the link, knowing that all other OSPF routers
connected to the link will receive it and reply with their own multicast message.
Consequently, neighbours can quickly identify each other and form adjacencies without
knowing addresses beforehand.
OSPF routers on a multi-access segment will elect a designated router (DR) and backup
designated router (BDR) with which all non-designated routers will form an adjacency.
This is to ensure that the number of adjacencies maintained does not grow too large.
8.9 Open Shortest Path First [OSPF] 252
Elements of Computer Networking IP Routing
Router-4
In the figure, note that Router-1 must transmit an individual packet for every
destination. Also, this is inefficient with regard to bandwidth and requires the router to
know the addresses of his neighbours before it can communicate to them.
After the algorithm finishes will have the shortest distance from source
to each other vertex . To simplify the understanding of ’ algorithm, let us
assume that the given vertices are maintained in two sets. Initially the first set contains
only the source element and the second set contains all the remaining elements.
After the iteration, the first set contains vertices which are closest to the source.
These vertices are the ones for which we have already computed shortest distances
from source.
The algorithm can be better understood through an example, which will explain each
step that is taken and how is calculated. The weighted graph below has 5
vertices from − .
The value between the two vertices is known as the edge cost between two vertices. For
example, the edge cost between and is 1. Dijkstra’s algorithm can be used to find
shortest path from source to the remaining vertices in the graph.
4
A B
4
1 2
E
4
C D
4
After the first step, from vertex , we can reach and . So, in the table we
update the reachability of and with their costs and same is shown below.
4
A B
4
0 -
4 A 1 2
1 A E
-1 -
-1 - 4
C D
4
ℎ ℎ ,
Now, let us select the minimum distance among all. The minimum distance vertex is .
That means, we have to reach other vertices from these two vertices ( and ). For
example can be reached from and also from . In this case we have to select the one
which gives low cost.
Since reaching through is giving minimum cost (1 + 2), we update the table
for vertex with cost 3 and the vertex from which we got this cost as .
4
A B
4
0 -
3 C 1 2 E
1 A
5 C 4
-1 - C D
4
ℎ ℎ ,
The only vertex remaining is . To reach , we have to see all the paths through
which we can reach and select the one which gives minimum cost. We can see
that if we use as intermediate vertex through then we get the minimum cost.
A 4 B
4
0 -
3 C
1 2
1 A E
5 C
7 B
C D 4
4
A B
4
1 2 E
C D
4
IP Header
OSPF Header
Packet Header
All OSPF packets share a common OSPF Header of 24-bytes. This header allows the
receiving router to validate and process the packets. The format of common OSPF
header is:
00 To 07 08 To 15 16 To 31
Version Type Packet Length
Router ID
Area ID
Checksum Authentication Type
Authentication Data
Authentication Data
00 To 15 16 To 23 24 To 31
IP Header
OSPF Common Header (20 Bytes)
Network Mask
Hello Interval Options Router Priority
Router Dead Interval
Designated Router
Backup Designated Router
Neighbour
00 To 15 16 To 23 24 25 26 27 28 29 30 31
IP Header
OSPF Common Header (20 Bytes)
Interface MTU Options 0 0 0 0 0 I M MS
DD Sequence Number
An LSA Header
[2-bytes]: Contains the MTU value of the outgoing interface. For virtual-
links, this field is set to 0x0000.
[1-byte]: Same as Options field in a Hello packet.
− : Indicates this is the first in the series of DBD packets.
− : Indicates whether the DBD packet is the last in the series of packets. Last
packet has a value of 0, while all previous packets have a value of 1.
− / : Master=1, Slave=0.
: Used to sequence the collection of DBD packets. The initial value
should be unique. The sequence number then increments by 1 until the complete
database description has been sent.
[Variable length]: This field contains the LSA headers describing the local
router's database.
Note: During the DBD packet exchange, a Master/Slave relationship is established
between the neighbours. The router with the highest Router ID becomes the Master and
initiates DBD packet exchange. The Interface MTU should match on neighbours
otherwise FULL adjacency is not reached.
00 To 31
IP Header
00 To 31
IP Header
OSPF Common Header (20 Bytes)
# LSAs
LSAs
…….
IGP
AS1
BGP
IGP IGP
AS2 AS3
BGP is an example of ℎ routing protocols. BGP was not built to route within
an Autonomous System (AS), but rather to route between AS’s. BGP maintains a
separate routing table based on shortest AS Path and various other attributes, as
opposed to IGP metrics like distance or cost. BGP is the routing protocol of choice on
the Internet. Essentially, the Internet is a collection of interconnected Autonomous
Systems.
BGP Autonomous Systems are assigned an Autonomous System Number (ASN), which
is a 16-bit number ranging from 1 – 65535. A specific subset of this range, 64512 –
65535, has been reserved for private (or internal) use.
BGP utilizes TCP for reliable transfer of its packets, on port 179.
I-BGP
AS1
E-BGP
AS2 AS3
AS1 AS2
AS1
When the TCP connection is established, BGP peers immediately identify themselves to
each other by simultaneously sending open messages, and move into the
state. The open messages let the peers agree on various protocol parameters, such as
timers, and negotiate shared capabilities.
When each switch receives an open message, it checks all the fields. If it with
the contents of the open message, it sends a notification message, closes the connection
and goes into the state. If it finds no errors, it moves into the state
and sends back a keep-alive message.
AS E-BGP
AS2
1
AS E-BGP
AS2
1
main error code and a more detailed sub-code. Through the notification mechanism, a
graceful close guarantees the delivery of all outstanding messages prior to closing the
underlying TCP session.
IGP No
Advertise
EGP Internet
Incomplete Local AS
BGP attributes are that define characteristics of routed prefixes in a BGP path.
They are used to shape routing policy. For example, some of the attributes can be used
in combination to equalize the distribution of inbound and outbound traffic among
available multiple paths for load balancing.
The attribute information is forwarded when BGP peers advertise routes using UPDATE
messages. There are several types of BGP attributes:
1. Well-known Mandatory
2. Well-known Discretionary
3. Optional (or partial) Transitive
4. Optional (or partial) Non-transitive
attributes may not be supported by all BGP implementations. A
attribute is one that must show in the description of a route. A attribute is
one that does not have to appear. A attribute is an optional attribute can be
passed unmodified by a BGP speaker that does not have an implementation for it.
After a attribute has been passed, it is marked as a attribute. A BGP
speaker that does not have an implementation for a - attribute must delete
it, not passing it to other BGP peers.
8.10.7.5 IGP
Route is interior to the originating AS or advertised via network command.
8.10.7.6 EGP
Route is learned via the Exterior Border Gateway Protocol (EBGP).
139.39/16
205.70/16
This example is the most reliable because no equipment is shared between the two
links. If the traffic between the two networks is equal, the approach to load balancing
would be to use the link between and for traffic going to 139.39/16 and use the
link between and for traffic going to 205.70/16.
Multi-homing to more than one provider is shown in figure. The customer is multi-
homed to ISP1 and ISP2; ISP1, ISP2, and ISP3 connect to each other. The customer has
to decide how to use address space, as this is critical for load balancing from the ISPs to
the customer, whether it delegates it by ISP1, ISP2, both, or independently.
ISP3
ISP2
ISP1
Customer Network
When the customer uses the address space delegated to it by ISP1, the customer uses a
more specific prefix out of ISP1’s aggregate and ISP1 can announce only the aggregate
to ISP2. When the customer gets as much traffic from ISP1 as it gets from both ISP2
and ISP3, load balancing can be good.
When ISP2 and ISP3 together send substantially more traffic than ISP1, load balancing
can be poor. When the customer uses the address space delegated to it by ISP2, it does
the same although ISP1 is the ISP to announce the more specific route and attract
traffic to it.
Load balancing may be quite good if ISP1’s address space is used, but not very good if
ISP2’s space is used.
When the customer uses the address space delegated to it by both ISP1 and ISP2, the
degree of load balancing from ISP1 and ISP2 to the customer depends on the amount of
traffic destined for the two ISPs. If the amount of traffic for the two is about the same,
load balancing towards the customer can be quite good, if not, load balancing can be
poor.
8.10.11 Triggers
The trigger facility automatically runs specific command scripts when particular
triggers are activated. When an event activates a trigger, parameters specific to the
event are passed to the script that is run.
: This is a 16-byte field is included for compatibility; it must be set to all ones.
ℎ: This 2-byte unsigned integer indicates the total length of the message, including
the header in bytes. Thus, it allows one to locate the (Marker field of the) next message
in the TCP stream. The value of the ℎ field must always be at least 19 and no
greater than 4096, and may be further constrained, depending on the message type.
Padding of extra data after the message is not allowed. Therefore, the ℎ field must
have the smallest value required, given the rest of the message.
: This 1-byte unsigned integer indicates the type code of the message. This
document defines the following type codes:
1 – OPEN
2 – UPDATE
3 – NOTIFICATION
4 – KEEPALIVE
: This 1-byte unsigned integer indicates the protocol version number of the
message. The current BGP version number is 4.
: This 2-byte unsigned integer indicates the Autonomous System
number of the sender.
: This 2-byte unsigned integer indicates the number of seconds the sender
proposes for the value of the Hold Timer. Upon receipt of an OPEN message, a BGP
speaker calculate the value of the Hold Timer by using the smaller of its
configured and the received in the OPEN message.
The Hold Time be either zero or at least three seconds. An implementation MAY
reject connections on the basis of the Hold Time. The calculated value indicates the
maximum number of seconds that may elapse between the receipt of successive
KEEPALIVE and/or UPDATE messages from the sender.
: This 4-byte unsigned integer indicates the BGP Identifier of the sender.
A given BGP speaker sets the value of its BGP Identifier to an IP address that is
assigned to that BGP speaker. The value of the BGP Identifier is determined upon start-
up and is the same for every local interface and BGP peer.
ℎ: This 1-byte unsigned integer indicates the total length of
the Optional Parameters field in octets. If the value of this field is zero, no Optional
Parameters are present.
: This field contains a list of optional parameters, in which each
parameter is encoded as a < , ℎ, > triplet.
A C F
H
D G
:
B E
A C F
H
D G
So, for the link between two routers A and B, there is a distance vector sent from A to B
and a distance vector sent from B to A. Distance vector packets from other routers are
never sent on this link.
Second, we must know what and how much information is contained in each distance
vector packet. Each distance vector packet contains a single distance metric for every
router in the network. In this problem, we are told to use 16-bit delays as distance
metrics. Since there are 50 routers, each distance vector carries 50 16-bit distance
values. The size of a distance vector packet is therefore equal to 50×16 = 800 bits.
Finally, we must know how often these distance vector packets are exchanged. The
problem tells us that routers exchange 2 distance vector packets every second.
Therefore, on a single link, we exchange two 800 bit packets every second in each
direction. Thus, we are sending 1600 bits per second in each direction. If we consider
the total bandwidth used in both directions, we are using a combined total of twice this
amount of bandwidth to send distance vector packets. So the answer is 3200 bits per
second.
Question 5: Assume that source and destination are connected through two
intermediate routers labeled . Determine how many times each packet has to visit
the network layer and the data link layer during a transmission from to D.
S R R D
NL NL NL NL
DLL DLL DLL DLL
PL PL PL PL
S R R D
S R R D
Question 6: In an OSPF autonomous system with areas, how many areas are
connected to the backbone area?
A) 1 B) – 1 C) D) + 1
: B.
Question 7: Forwarding tables for routers typically only include network addresses (i.e.
142.36.0.0/24) of destinations and not actual hosts they may route to. Why do
routers just include network addresses and not hosts?
: Because this is the primary function of routers - to route to networks. Once the
network layer has determined the final network where the destination host resides, the
work of the network layer is done (well almost.) It is then up to the local area network
(for example, Ethernet or 802.11) to deliver the packet to the destination host.
Question 8: Assume there are two routers - R1 and R2. The network interfaces
connecting R1 and R2 are 150.1.4.1 and 150.1.4.2 respectively. Router R1 connects
a subnet with the address 150.1.1.0/24. Router R2 connects two subnets:
150.1.2.0/24 and 150.1.3.0/24.
On network 150.1.3.0/24, there are three hosts: a printer with the address
150.1.3.10, a workstation with 150.1.3.20, and a laptop with 150.1.3.30. These
three hosts exchange information regularly and thus have the IP addresses for the
other hosts in their subnet within their routing tables. Graphically, this network
appears as follows:
150.1.2.1
150.1.1.1 150.1.4.1 150.1.4.2
150.1.1.0/24 R1 R2 150.1.2.0/24
150.1.3.1
Host, 150.1.3.20
Laptop, 150.1.3.30
Forwarding tables in routers contain (1) destination network, (2) gateway (next
router), and (3) outgoing interface. For example, the forwarding table in router R1
is:
Destination Network Next Router Outgoing Interface
150.1.1.0/24 - 150.1.1.1
150.1.2.0/24 150.1.4.2 150.1.4.1
150.1.3.0/24 150.1.4.2 150.1.4.1
Fill in the values of the forwarding table for router R2.
:
Destination Network Next Router Outgoing Interface
150.1.1.0/24 150.1.4.1 150.1.4.2
150.1.2.0/24 - 150.1.2.1
150.1.3.0/24 - 150.1.3.1
Question 9: For the previous problem, fill in the values of the forwarding table for
printer.
:
Destination Network Next Router Outgoing Interface
150.1.1.0/24 150.1.3.1 150.1.3.10
150.1.2.0/24 150.1.3.1 150.1.3.10
150.1.3.0/24 - 150.1.3.10
Question 10: When the router runs out of buffer space, this is called __.
A. Source Quench B. Redirect
C. Information Request D. Low Memory
: A. Source quench is the process where the destination router, or end
internetworking device will ℎ the date from the , or the source router. This
usually happens when the destination router runs out of buffer space to process
packets.
Question 11: An autonomous system can only exist if all routers in that system meet
which criteria?
A) Interconnected B) Run the same routing protocol
C) Assigned same autonomous system number
D) Run IGRP only E) Run RIP only
A,B, and C. An autonomous system is a set of routers and networks under the
same administration. Each router must be interconnected, run the same routing
protocol, and assigned the same autonomous system number. The network Information
Center (NIC) assigns a unique autonomous system number to enterprises.
Question 12: A default route is analogous to a __
8.10 Border Gateway Protocol [BGP] 273
Elements of Computer Networking IP Routing
: Taking the first 23 bits of the above IP address as network address, we have
192.53.56.0. It does not match the network addresses of the first three rows. The
packet will be forwarded to default gateway which is Router 2.
Question 21: Which of the following describe router functions?
A) Packet switching B) Packet filtering
C) Internetwork communication D) Path selection E) All of the above
: E. Routers provide packet switching, packet filtering, internetwork
communication, and path selection.
Question 22: Which of the following statements is false about Internet Protocol (IP)?
A) It is possible for a computer to have multiple IP addresses
B) IP packets from the same source to the same destination can take different
routes in the network
C) IP ensures that a packet is forwarded if it is unable to reach its destination
within a given number of hopes
D) The packet source cannot set the route of an outgoing packets; the route is
determined only by the routing tables in the routers on the way.
: D. Internet protocol ensures that a packet is forwarded if it is unable to reach
its destination within a given no. of hops. One computer can have multiple IP addresses
also packets having same source & destination can take different routes.
Source doesn’t decide where to route the packet, but it is decided by the routing tables
at intermediate routers.
Chapter
From user’s point of view, the TCP/IP-based Internet can be considered as a set of
application programs that use the Internet to carry out useful communication tasks.
Most popular internet applications include Electronic mail (E-mail), File transfer, and
Remote login. IP routing allows transfer of IP datagrams among a number of stations or
hosts, where the datagram is routed through the Internet based on the IP address of the
destination.
But, in this case, several application programs ( ) running simultaneously on a
source host has to communicate with the corresponding processes running on a remote
destination host through the Internet. This requires an additional mechanism called
- - delivery, which is implemented with the help of a -
protocol.
The transport level protocol will require an additional address, called port number, to
select a particular process among multiple processes running on the destination host.
So, there is a requirement of the following third type of delivery system.
Data Data
Sender Receiver
Physical Link
Internetwork Receiver
Sender
(For example, Internet)
Data Data
Sender Receiver
Internet Internet
Physical Link
In addition to UDP and TCP, there are other transport-layer protocols that can be used
in TCP/IP, all of which differ in terms of how they handle transport-layer tasks.
Developers are not limited to the standard choices for applications. If neither TCP nor
UDP nor any other defined transport-layer service is appropriate for your application,
you can write your own transport-layer protocols and get others to adapt it (or use your
application package exclusively).
network operations.
Packet is the block of control information and data for one transaction
between a host and its network. Packets are the exchange medium used by
Packet
processes to send and receive data through Internet networks. A packet is
sent from a source to a destination.
It is a logical connecting point for a process. Data is transmitted between
processes through ports (or sockets). Each port provides queues for sending
and receiving data.
Port In an interface program network, each port has an Internet port number
based on how it is being used. A particular port is identified with an
Internet socket address, which is the combination of an Internet host
address and a port number.
A process is a that is . A process is the active element in a
computer. Terminals, files, and other I/O devices communicate with each
Process
other through processes. Thus, network communications is inter-process
communications (that is, communication between processes).
A protocol is a set of rules for governing communications at the physical or
logical level. Protocols often use other protocols to provide services. For
Protocol
example, a connection-level protocol uses a transport-level protocol to
transport packets that maintain a connection between two hosts.
Server is a computer or process that provides data, services, or resources
Server
that can be accessed by other computers or processes on the network.
9.4.1 Ports
Generally speaking, a computer has a single physical connection to the network. All
data destined for a particular computer arrives through that connection. However, the
data may be intended for different applications running on the computer. So, how does
the computer know to which application to forward the data? The answer is through the
use of ports.
Data transmitted over the Internet is accompanied by addressing information that
identifies the computer and the port for which it is destined. The computer is identified
by its 32-bit IP address, which IP uses to deliver data to the right computer on the
network. Ports are identified by a 16-bit number, which TCP and UDP use to deliver the
data to the right application.
: The TCP and UDP protocols use ports to map incoming data to a particular
process running on a computer.
Each process that wants to communicate with another process identifies itself one or
more ports. A port is a 16-bit number, used by the host-to-host protocol to identify to
which higher level protocol or application program (process) it must deliver incoming
messages. The TCP and UDP protocols use ports to map incoming data to a particular
process running on a computer.
TCP or UDP
Packet
Data Port# Data
There are two types of ports: - ports and ℎ ports.
9.4.2 Sockets
A socket is a (endpoint) that we can name and address
in a network. The processes that use a socket can reside on the same system or on
different systems on different networks. Sockets are useful for both stand-alone and
network applications.
Sockets commonly are used for client/server interaction. Usually, a typical system
configuration places the server on one machine, with the clients on other machines. The
clients connect to the server, exchange information, and then disconnect.
Client Server
UDP [User Datagram Protocol] is a protocol that provides a mechanism for application
programs to send messages to other programs with a minimum of protocol mechanism
(overhead). The protocol is transaction oriented; delivery and duplicate protection are
UDP
Packet
Data Port# Data
UDP is one of the core protocols of the Internet protocol suite. Using UDP, programs on
networked computers can send short messages sometimes called to one
another. It was designed by . in 1980.
UDP does not guarantee reliability or ordering in the way that TCP does. Datagrams
may arrive , may appear , or ℎ . Avoiding
the overhead of checking whether every packet actually arrived makes UDP faster and
more efficient, at least for applications that do not need guaranteed delivery.
Time-sensitive applications generally use UDP because dropped packets are preferable
to delayed packets. UDP's stateless nature is also useful for servers that
from huge numbers of clients. Unlike TCP, UDP is compatible with packet
broadcast (sending to all on local network) and multicasting (send to all subscribers).
Note that applications using UDP must handle all problems to ensure reliable transfer.
They must deal with:
Duplicate messages
Lost messages
Delayed and Out-of-Order delivery
Source port:1234
Destination port:5678
Client Server
Source port:5678
Destination port:1234
The figure shows a typical usage of the UDP port numbers. The client process uses port
number 1234 while the server process uses port number 5678. When the client sends a
, it is identified as originating from port number 1234 on the client host and
destined to port number 5678 on the server host. When the server process replies to
this request, the server's UDP implementation will send the reply as originating from
port 5678 on the server host and destined to port 1234 on the client host.
UDP datagrams are received from multiple application programs. A single sequence of
UDP datagrams is passed to the IP layer. From there, messages pass to the device's IP
layer, where they are packaged in IP datagrams and sent out over the internetwork to
different destinations. The technical term for this is (simply means
).
00 To 15 16 To 31
Source Port Destination Port
Length Checksum
Application Data
[16-bits]: Indicates the port of the sending process. It is the port to which
replies should be addressed.
[16-bits]: Specifies the port of the destination process on the
destination host.
ℎ [16-bits]: The length (in bytes) of this user datagram, including the header.
ℎ [16-bits]: An optional 16-bit one's complement of the one's complement sum
of a -IP header, the UDP header, and the UDP data. The pseudo-IP header
contains the source and destination IP addresses, the protocol, and the UDP length.
Pseudo header is added to the UDP datagram at the time of checksum calculation (at
transmitter and at receiver). The pseudo header is not transmitted. It is used to verify
the correctness of the IP address.
00 To 07 08 To 15 16 To 31
Source IP Address
Destination IP Address
Padding Protocol UDP Length
while (count--) {
sum+= *buf++;
if (sum & 0xFFFF0000) {
sum &= 0xFFFF;
sum++;
}
}
return ~(sum & 0xFFFF);
}
9.6.5 TCP/IP
TCP/IP stands for / . It was developed in
1978 and driven by ℎ and . Today, TCP/IP is a language governing
communications among all computers on the Internet.
TCP/IP is two separate protocols, and , which are used together. The Internet
Protocol standard controls how packets of information are sent out over networks. IP
has a packet-addressing method that lets any computer on the Internet forward a
packet to another computer that is a step (or more) closer to the packet's recipient.
The TCP ensures the reliability of data transmission across Internet connected
networks. TCP checks packets for errors and submits requests for re-transmissions if
errors are found; it also will return the multiple packets of a message into a proper,
original sequence when the message reaches its destination.
TCP provides an interface to network communications that is different from the User
Datagram Protocol (UDP). The properties of TCP make it highly attractive to network
programmers, as it simplifies network communication by solving many of the problems
of UDP, such as ordering of packets and packet loss.
While UDP is concerned with the transmission of packets of data, TCP focuses instead
on establishing a network connection, through which a stream of bytes may be sent and
received. The diagram below is the simplest way to show the concept of a
protocol.
[ACK]
[SYN] Hello Firefox. [ACK]
Hello Server. I am
[SYN] Perfect.
Firefox. Can I
I am Server. Let Thanks!
talk to you?
us talk.
Node A Node B
SYN
SYN, ACK
ACK
− 1: Node A sends the initial packet to Node B. This packet has the bit
enabled. Node B receives the packet and sees the bit which has a value of "1" (in
binary, this means ON) so it knows that Node A is trying to establish a connection with
it.
− 3: Node A sends another packet to Node B and with the bit set (with binary
1); it effectively tells Node B 'Yes, I acknowledge your previous request'.
Once the 3-way handshake is complete, the connection is established (virtual circuit)
and the data transfer begins.
Before we proceed, we should note that you will come across the terms or
; these terms should not be confused with the and
numbers as they are different fields within the TCP header.
Let understand this by showing two nodes that want to send data to each other in a
reliable way. Node A wants to send data to Node B in a reliable way, so we are going to
use TCP to accomplish this.
Node A Node B
: SEQ = J, ACK = 0
− 1: First our Node A will send a TCP SYN, telling Node B that it wants to setup a
connection. There’s also a sequence number and to keep things simple we picked
number J.
− 2: Node B will respond to Node A by sending a SYN, ACK message back. We can
see it picks its own sequence number K (some random number) and it sends ACK=J+1.
ACK= J+1 means that it acknowledges that it has received the TCP SYN from Node A
which had sequence number J and that it is ready for the next message with sequence
number J+1.
− 3: The last step is that Node A will send an acknowledgement towards Node B in
response of the SYN that Node B sent towards Node A. We can see it sends ACK=K+1
which means it acknowledges the SEQ=K from Node B. Since Node B sent a ACK=J+1
towards Node A, Node A now knows it can send the next message with sequence
number J+1.
The rule is that either end can send a FIN when it is done sending data. When a TCP
receives a FIN, it must notify the application that the other end has terminated that
direction of data flow. The sending of a FIN is normally the result of the application
issuing a .
While it's possible for an application to take advantage of the half-close feature, in
practice few TCP applications use it.
Node A Node B
FIN M
ACK M+1
FIN N
ACK N+1
Step-1: One application calls first, and we say that this end (Node A) performs the
. This end's TCP sends a FIN segment, which means it is finished sending
data.
Step-2: The other end that receives the FIN performs the . The received FIN
is acknowledged by TCP. The receipt of the FIN is also passed to the application as an
end-of-file (after any data that may have already been queued for the application to
receive), since the receipt of the FIN means the application will not receive any
additional data on the connection.
Step-3: Sometime later, the application that received the end-of-file will close its socket.
This causes its TCP to send a FIN.
Step-4: The TCP on the system that receives this final FIN (the end that did the active
close) acknowledges the FIN.
Since a FIN and an ACK are required in each direction, four segments are normally
required. We use the qualifier because in some scenarios, the FIN in Step 1 is
sent with data. Also, the segments in Steps 2 and 3 are both from the end performing
the passive close and could be combined into one segment.
The white army is larger than either of the blue armies alone, but together the blue
armies are larger than the white army. If either blue army attacks by itself, it will be
defeated, but if the two blue armies attack simultaneously, they will be victorious.
The blue armies want to synchronize their attacks. However, their only communication
medium is to send messengers on foot down into the valley, where they might be
captured and the message lost (i.e., they have to use an unreliable communication
channel). The question is: Does a protocol exist that allows the blue armies to win?
Suppose that the commander of blue army #1 sends a message reading: ''I propose we
attack at dawn on October 31. How about it?'' Now suppose that the message arrives,
the commander of blue army #2 agrees, and his reply gets safely back to blue army #1.
Will the attack happen? Probably not, because commander #2 does not know if his
reply got through. If it did not, blue army #1 will not attack, so it would be foolish for
him to charge into battle.
Now let us improve the protocol by making it a ℎ − ℎ ℎ . The initiator of
the original proposal must acknowledge the response. Assuming no messages are lost,
blue army #2 will get the acknowledgement, but the commander of blue army #1 will
now hesitate. After all, he does not know if his acknowledgement got through, and if it
did not, he knows that blue army #2 will not attack. We could now make a four-way
handshake protocol, but that does not help either.
In fact, it can be proven that no protocol exists that works. Suppose that some protocol
did exist. Either the last message of the protocol is essential or it is not. If it is not,
remove it (and any other unessential messages) until we are left with a protocol in
which every message is essential.
What happens if the final message does not get through? We just said that it was
essential, so if it is lost, the attack does not take place. Since the sender of the final
message can never be sure of its arrival, he will not risk attacking. Worse yet, the other
blue army know this, so it will not attack either.
To see the relevance of the two-army problem to releasing connections, just substitute
''disconnect'' for ''attack.'' If neither side is prepared to disconnect until it is convinced
that the other side is prepared to disconnect too, the disconnection will never happen.
In practice, one is usually prepared to take more risks when releasing connections than
when attacking white armies, so the situation is not entirely hopeless. Figure shows
four scenarios of releasing using a three-way handshake. While this protocol is not
infallible, it is usually adequate.
Node A Node B
FIN
FIN
ACK
In figure, we see the normal case in which one of the users sends a FIN (Finish)
segment to initiate the connection release. When it arrives, the receiver sends back a
FIN segment, too, and starts a timer, just in case its FIN is lost. When this FIN arrives,
the original sender sends back an ACK segment and releases the connection.
Finally, when the ACK segment arrives, the receiver also releases the connection.
Releasing a connection means that the transport entity removes the information about
the connection from its table of currently open connections and signals the connection's
owner (the transport user) somehow. This action is different from a transport user
issuing a DISCONNECT primitive.
Node A Node B
FIN
FIN
ACK
If the final ACK segment is lost, as shown in above figure, the situation is saved by the
timer. When the timer expires, the connection is released anyway.
Node A Node B
FIN
FIN
FIN
FIN
ACK
Now consider the case of the second FIN being lost. The user initiating the
disconnection will not receive the expected response, will time out, and will start all over
9.6 Transmission Control Protocol [TCP] 294
Elements of Computer Networking TCP and UDP
again. In above figure we see how this works, assuming that the second time no
segments are lost and all segments are delivered correctly and on time.
Node A Node B
FIN
FIN
ACK
Our last scenario, figure above, is the same as previous case except that now we
assume all the repeated attempts to retransmit the FIN also fail due to lost segments.
After N retries, the sender just gives up and releases the connection. Meanwhile, the
receiver times out and also exits.
While this protocol usually suffices, in theory it can fail if the initial FIN and N
retransmissions are all lost. The sender will give up and release the connection, while
the other side knows nothing at all about the attempts to disconnect and is still fully
active. This situation results in a half-open connection.
We could have avoided this problem by not allowing the sender to give up after N retries
but forcing it to go on forever until it gets a response. However, if the other side is
allowed to time out, then the sender will indeed go on forever, because no response will
ever be forthcoming. If we do not allow the receiving side to time out, then the protocol
hangs.
One way to kill off half-open connections is to have a rule saying that if no segments
have arrived for a certain number of seconds, the connection is then automatically
disconnected. That way, if one side ever disconnects, the other side will detect the lack
of activity and also disconnect.
Of course, if this rule is introduced, it is necessary for each transport entity to have a
timer that is stopped and then restarted whenever a segment is sent. If this timer
expires, a dummy segment is transmitted, just to keep the other side from
disconnecting. On the other hand, if the automatic disconnect rule is used and too
many dummy segments in a row are lost on an otherwise idle connection, first one side,
then the other side will automatically disconnect.
We will not belabour this point any more, but by now it should be clear that releasing a
connection without data loss is not nearly as simple as it at first appears.
At the other end, the receiving station acknowledges receipt of the segment at the TCP
layer by sending back an ACK message. If the original sender does not receive the ACK
within a certain time period, then it retransmits the original segment. This is called
Positive Acknowledgment Retransmission or PAR.
Of course, it's possible that the original message may just arrive late. In this case, the
receiving station will eventually receive two identical segments. The duplicate segment
is simply discarded.
How long should the timeout period be? I.e. how long should Node A wait for a response
from Node B before it resends the packet? Clearly, within a LAN, Node A would expect
packets to be acknowledged within just a few milliseconds. However, if Node A and B
are on different sides of the globe, then a much longer timeout period is required.
Node A Node B
Data
ACK
Data
Timeout
Data
ACK
If the timeout is set too long, unnecessary delays will be introduced into the network. If
the timeout is set too short, then premature retransmission will result in packet
duplications, leading to network congestion and eventually to a state of collapse. For
this reason, TCP uses algorithms to dynamically adjust the timeout period to suit the
state of the network.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Window
As shown above, data within the window boundary is eligible to be sent by the sender.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Window
The maximum transmission rate is ultimately bound by the receiver’s ability to accept
and process data. However, this technique implies an implicit trust arrangement
between the TCP sender and receiver.
The window size reflects the amount of buffer space available for new data at the
receiver. If this buffer space size shrinks because the receiver is being overrun, the
receiver will send back a smaller window size.
In the extreme case the windows size will decrease to very small or one octet. This is
called the . Most TCP implementations take special measure to
avoid it.
The goal of the sliding window mechanism is to keep the channel full of data and to
reduce the delays for waiting acknowledgements.
Note: For more details refer chapter.
TCP segments are received from multiple application programs. . A single sequence of
UDP datagrams is passed to the IP layer. From there, messages pass to the device's IP
layer, where they are packaged in IP datagrams and sent out over the internetwork to
different destinations. The technical term for this is (simply means
).
An opposite mechanism is responsible for receipt of . Each TCP segment
received is passed to appropriate application program. The IP layer must take this
stream of unrelated segments, and eventually pass them to the correct process (through
the transport layer protocol above it). This is the reverse of multiplexing: .
Figure shows the encapsulation of a TCP data as an IP datagram. A good analogy for
how encapsulation works is a comparison to sending a letter enclosed in an envelope.
You might write a letter and put it in a white envelope with a name and address, but if
you gave it to a courier for overnight delivery, they would take that envelope and put it
in a larger delivery envelope.
Data is passed to IP typically from one of the two main transport layer protocols: TCP or
UDP. This data is already in the form of a TCP or UDP message with TCP or UDP
headers.
This is then encapsulated into the body of an IP message, usually called an IP datagram
or IP packet. Encapsulation and formatting of an IP datagram is also sometimes called
—again, the implied comparison to an envelope is obvious.
Starting Point
timeout send: RST
CLOSED
LISTEN
recv: SYN
send: SYN, ACK passive open
appl: send data appl: close
recv: RST
send: SYN or timeout
recv: SYN
SYN_RCVD recv: send: SYN, ACK SYN_SENT
ACK simultaneous open
send: active open
<Noth recv: SYN, ACK
ing> send: ACK
ESTABLISHED recv:FIN
CLOSE_WAIT
send: ACK
appl: close appl: close
data transfer state
send: FIN send: FIN
appl: close
send: FIN
simultaneous close
recv:FIN LAST_ACK
FIN_WAIT_1 CLOSING
send: ACK
recv:
FIN, passive close
ACK
recv: ACK send: recv: ACK recv: ACK
send: <Nothing> ACK send: <Nothing> send: <Nothing>
recv:FIN
FIN_WAIT_2 TIME_WAIT
send: ACK
active close
The two transitions leading to the ESTABLISHED state correspond to the opening of a
connection, and the two transitions leading from the ESTABLISHED state are for the
termination of a connection. The ESTABLISHED state is where data transfer can occur
between the two ends in both the directions.
If a connection is in the LISTEN state and a SYN segment arrives, the connection makes
a transition to the SYN_RCVD state and takes the action of replying with an ACK+SYN
segment. The client does an active open which causes its end of the connection to send
a SYN segment to the server and to move to the SYN_SENT state.
The arrival of the SYN+ACK segment causes the client to move to the ESTABLISHED
state and to send an ACK back to the server. When this ACK arrives the server finally
moves to the ESTABLISHED state. In other words, we have just traced the THREE-WAY
HANDSHAKE.
In the process of terminating a connection, the important thing to keep in mind is that
the application process on both sides of the connection must independently close its
half of the connection. Thus, on any one side there are three combinations of transition
that get a connection from the ESTABLISHED state to the CLOSED state:
The main thing to recognize about connection teardown is that a connection in the
TIME_WAIT state cannot move to the CLOSED state until it has waited for two times the
maximum amount of time an IP datagram might live in the Inter net. The reason for this
is that while the local side of the connection has sent an ACK in response to the other
side's FIN segment, it does not know that the ACK was successfully delivered.
As a consequence this other side might re transmit its FIN segment, and this second
FIN segment might be delayed in the network. If the connection were allowed to move
directly to the CLOSED state, then another pair of application processes might come
along and open the same connection, and the delayed FIN segment from the earlier
incarnation of the connection would immediately initiate the termination of the later
incarnation of that connection.
00 To 15 16 To 31
Source Port Number Destination Port Number
Sequence Number
Acknowledgment Number
Reserved
4-bit Header Length URG ACK PSH RST SYN FIN Window Size
(6-bits)
Checksum Urgent Pointer
Options (if any)
Data (if any)
[16-bit]: This is the source port of the packet. The source port was originally
bound directly to a process on the sending system.
[16-bit]: This is the destination port of the TCP packet. Just as with the
source port, this was originally bound directly to a process on the receiving system.
Today, a hash is used instead, which allows us to have more open connections at the
same time.
[32-bit]: The sequence number field is used to set a number on each
TCP packet so that the TCP stream can be properly sequenced (e.g., the packets winds
up in the correct order).
[32-bit]: This field is used when we acknowledge a specific
packet a host has received. For example, we receive a packet with one Sequence
number set, and if everything is okay with the packet, we reply with an ACK packet
with the Acknowledgment number set to the same as the original Sequence number.
[4-bit]: This field indicates how long the TCP header is, and where the Data
part of the packet actually starts. It is set with 4 bits, and measures the TCP header in
32 bit words.
[6-bits]: These bits are reserved for future usage.
[1-bit]: This field tells us if we should use the Urgent Pointer field or not. If set to 0,
do not use Urgent Pointer, if set to 1, do use Urgent pointer.
[1-bit]: This bit is set to a packet to indicate that this is in reply to another packet
that we received, and that contained data. An Acknowledgment packet is always sent to
indicate that we have actually received a packet, and that it contained no errors. If this
bit is set, the original data sender will check the Acknowledgment Number to see which
packet is actually acknowledged, and then dump it from the buffers.
[1-bit]: The PUSH flag is used to tell the TCP protocol on any intermediate hosts to
send the data on to the actual user, including the TCP implementation on the receiving
host. This will push all data through, unregard less of where or how much of the TCP
Window that has been pushed through yet.
[1-bit]: The RESET flag is set to tell the other end to tear down the TCP connection.
This is done in a couple of different scenarios, the main reasons being that the
connection has crashed for some reason, if the connection does not exist, or if the
packet is wrong in some way.
[1-bit]: The SYN (or Synchronize sequence numbers) is used during the initial
establishment of a connection. It is set in two instances of the connection, the initial
packet that opens the connection, and the reply SYN/ACK packet. It should never be
used outside of those instances.
[1-bit]: The FIN bit indicates that the host that sent the FIN bit has no more data to
send. When the other end sees the FIN bit, it will reply with a FIN/ACK. Once this is
done, the host that originally sent the FIN bit can no longer send any data. However,
the other end can continue to send data until it is finished, and will then send a FIN
packet back, and wait for the final FIN/ACK, after which the connection is sent to a
CLOSED state.
[16-bit]: The Window size field is used by the receiving host to tell the
sender how much data the receiver permits at the moment. This is done by sending an
ACK back, which contains the Sequence number that we want to acknowledge, and the
Window field then contains the maximum accepted sequence numbers that the sending
host can use before he receives the next ACK packet. The next ACK packet will update
accepted Window which the sender may use.
ℎ [16-bit]: This field contains the checksum of the whole TCP header. It is a
one's complement of the one's complement sum of each 16 bit word in the header. If the
header does not end on a 16 bit boundary, the additional bits are set to zero. While the
checksum is calculated, the checksum field is set to zero. The checksum also covers a
96 bit −ℎ containing the Destination-, Source-address, protocol, and TCP
length. This is for extra security.
00 To 07 08 To 15 16 To 31
Source IP Address
Destination IP Address
Reserved Protocol TCP Header Length
[16-bit]: This is a pointer that points to the end of the data which is
considered urgent. If the connection has important data that should be processed as
soon as possible by the receiving end, the sender can set the URG flag and set the
Urgent pointer to indicate where the urgent data ends.
[ ]. The Options field is a variable length field and contains optional
headers that we may want to use. Basically, this field contains 3 subfields at all times.
An initial field tells us the length of the Options field, a second field tells us which
options are used, and then we have the actual options.
Both TCP and UDP are widely used IP transfer layer protocols. For applications
requiring reliable transfers, is generally preferred, while applications that value
throughput more than reliability are best served using UDP.
Most TCP/IP stacks provide both protocols, so the application can use whichever
transfer protocol is more appropriate, even changing from one to the other as desired.
Rather than rely solely on TCP, the network system developer might want to investigate
the trade-offs related to use of UDP.
Also, even if someone used TCP for something like this and noticed and retransmitted a
lost datagram, it would be useless, because the lost datagram would belong to a part of
the clip that is long past-and the time spent in that retransmission might make the
current part of the clip arrive late. Clearly, UDP is best for this situation.
Question 5: A small Local Area Network (LAN) has four machines A, B, C and D
connected in the following topology:
LAN-1 LAN-2
Bridge
The window size is 16K-2K (or 14K) because there is one packet in the receiver-side
buffer when the acknowledgement is generated. Since the window size is 14K, the
sender can send up to 7 2K packets before waiting for another acknowledgement.
Question 18: Assume two end-hosts communicate using the sliding window protocol.
Assume the receiver window is always smaller than the sender’s window and the
size of the receiver window is w bits. Let C be the link capacity between the two
end-hosts in bps, and RTT be the round-trip time between the two end hosts in sec.
What is the maximum throughput achieved by the two end-hosts? Assume every bit
is acknowledged.
: There are two cases (see figure below)
Case 1: RTT > , throughput =
Case 2: RTT ≤ , throughput = C
Sender Receiver
RTT
Sender Receiver
RTT
Question 19: Suppose Host A sends two TCP segments back to back to Host B
aver a TCP connection. The first segment has sequence number 90; the second
has sequence number 110.
A) Suppose that the first segment is lost but the second segment arrives at B.
In the acknowledgement that Host B to Host A, what will be the
acknowledgement number?
B) How much data is in the first segment?
:
A) Ack number = 90
B) 20 bytes
Question 20: Suppose Client A initiates a Telnet session with Server S. At about
the same time, Client B also initiates a Telnet session with Server S. Provide
possible source and destination port numbers for
A) The segments sent from A to S.
B) The segments sent from B to S.
C) The segments sent from S to A.
D) The segments sent from S to B.
E) If A and B are different hosts, is it possible that the source port number in
the segments from A to S is the same as that from B to S?
F) How about if they are the same host?
Answer:
Source Port Destination Port
A) A→S 467 23
B) B→S 513 23
C) S→A 23 467
D) S→B 23 513
E) True.
F) False.
Question 21: UDP and TCP use 1s complement for their checksums. Suppose you
have the following three 8-bit bytes: 01010101 01110000 01001100. What is the 1s
complement of the sum of these 8-bit bytes? Show all work. With the 1s
complement scheme, how does the receiver detect errors? Is it possible that a 1-bit
error will go undetected? How about a 2-bit error?
: Note, wrap around if overflow.
01010101
01110000
11000101
11000101
01001100
00010010
One's complement = 1 1 1 0 1 1 0 1
To detect errors, the receiver adds the four words (the three original words and the
checksum). If the sum contains a zero, the receiver knows there has been an error. All
one-bit errors will be detected, but two-bit errors can be undetected (e.g., if the last digit
of the first word is converted to a 0 and the last digit of the second word is converted to
a 1).
Question 22: Suppose we have the following 2 bytes: 00110100 and 01101001. What
is the 1s complement of these 2 bytes?
:
00 1101 00
01 1010 01
10 0111 01
One's complement = 01 1000 10
Question 23: For the bytes in Question 22:, give an example where one bit is flipped
in each of the 2 bytes and yet the 1s complement doesn’t change.
:
Suppose First Byte is: 00110101
Suppose Second Byte is: 0 1 1 0 1 0 0 0
If a 0 is changed to 1 in the first byte and a 1 is changed to 0 in the second byte in the
same bit position, 1’s complement doesn’t change and the error goes undetected.
Question 24: Suppose you have the following 2 bytes: 11110101 and 00101001.
What is the 1s complement of these 2 bytes?
:
11 1101 01
00 1010 01
00 0111 11
One's complement = 11 1000 00
Question 25: The web server www.CareerMonk.com has IP address 76.12.23.240. A
client at address 74.208.207.41 downloads a file from the Career Monk web site.
Assuming the client has an arbitrary port number > 1024, what is a possible socket
pair comprising this connection?
: There are numerous possible answers to this question, however all require the
server listening on port 80. If we assume the client is assigned the socket 2500, the
socket pair is [76.12.23.240:80] / [74.208.207.41:2500].
Question 26: Protocols in the network stack may be either reliable or unreliable. In
the Internet, reliability occurs at the transport layer and TCP offers reliability, UDP
is unreliable. Assume a developer prefers to use UDP, however the application they
are designing requires reliability. Explain how it is possible to design a reliable
protocol stack, yet use UDP at the transport layer.
: Any layer that is considered reliable provides that reliability to the layer(s)
above it. In the network protocol stack, if TCP is used at the transport layer, it then
provides reliability to the application layer. If TCP is not in use, the application layer
has no reliability unless it provides the reliability itself.
Therefore, if reliability is required by an application and UDP is in use at the transport
layer, reliability must then be provided by the application. We saw in class how to build
a reliable protocol with sequencing and acknowledgements when we broke up into
separate groups and each group constructed a reliable protocol. Ideas similar to this
can also be put to use at the application layer.
Question 27: The server CareerMonk.com (70.42.23.161) provides an ftp server for
downloading software. A client (at address 116.35.22.9) wants to download a file
from the ftp server using an active ftp connection. Other than the well-known port
numbers for the data and control channels, arbitrary port numbers are > 1024.
What is a possible socket pair comprising this active connection?
: For an active ftp connection, let's assume the client is assigned the port
numbers 5000 and 5001. The control channel will consist of the socket pair
[70.42.23.161:21 / 116.35.22.9:5000]. Once this control channel is established, the
data channel would comprise the socket pair [70.42.23.240:20 / 116.35.22.9:5001].
Question 28: Repeat the previous question, except that the connection uses passive
FTP.
: For a passive FTP connection, let's assume the client is assigned the port
numbers 6000 and 6001. The control channel will consist of the socket pair
[70.42.23.161:21 / 116.35.22.9:6000]. Once this is established, the server will listen to
an arbitrary port (which it informs the client of.) Assuming the arbitrary port is 7500,
the data channel will consist of the socket pair [70.42.23.161:7500 /
116.35.22.9:6001].
Question 29: Assume .com hosts a web page named Album.html
containing 9 different images. Explain how this web page is downloaded using a
Question 44: Packets of the same session may be routed through different paths in
A) TCP, but not UDP B) TCP and UDP
C) UDP but not TCP D) Neither TCP, nor UDP
: B. Selection of any path during routing of a packet is done at Network layer not
at transport layer, So TCP and UDP both have nothing to do with this.
Question 45: What is the maximum size of data that the application layer can pass
on to the TCP layer below?
A) Any size B) 216 bytes-size of TCP header
C) 216 bytes D) 1500 bytes
: B. Application layer pass data to TCP layer. The length is of 16 bits. So total
length 2 bytes. But this is not complete payload, it has header also. So actual data. =
2 bytes - Size of TCP header.
Chapter
Data
ACK
Data
Timeout
Data
ACK
In the figure, the arrows represent transmitted data and/or acknowledgements, and
time is represented by the vertical line. An acknowledgement can be or .
A positive acknowledgement implies that the receiving host recovered the data and that
10.1 Introduction 315
Elements of Computer Networking TCP Error Control
it passed the integrity check. A negative acknowledgement implies that the failed data
segment needs to be retransmitted. It can be caused by failures such as data corruption
or loss.
When data is ready to be transmitted via TCP, it is passed from the upper-layer protocol
to TCP, where it becomes encapsulated into segments. The IP layer then encapsulates
these segments into datagrams and handles the point-to-point transmission of the data.
At the other end, the receiving station acknowledges receipt of the segment at the TCP
layer by sending back an ACK message. If the original sender does not receive the ACK
within a certain time period, then it retransmits the original segment. This is called
or .
Of course, it's possible that the original message may just arrive late. In this case, the
receiving station will eventually receive two identical segments. The duplicate segment
is simply discarded.
How long should the timeout period be? I.e. how long should Node A wait for a response
from Node B before it resends the packet? Clearly, within a LAN, Node A would expect
packets to be acknowledged within just a few milliseconds. However, if Node A and B
are on different sides of the globe, then a much longer timeout period is required.
If the timeout is set too long, unnecessary delays will be introduced into the network. If
the timeout is set too short, then premature retransmission will result in packet
duplications, leading to network congestion and eventually to a state of collapse. For
this reason, TCP uses algorithms to dynamically adjust the timeout period to suit the
state of the network.
Node A Node B
Data
Timeout
Data
ACK
In the above figure, the first two segments indicate the same data packets. First
segment represents original transmission and the second one represents retransmission
(after timeout). The final segment represents the ACK. If it was assumed that the ACK
was for the original transmission, but it was actually for the retransmission as shown in
figure, then the calculated Sample RTT would be too large.
Proposed is the following modification to TCP:
1. Do not take into account the RTT sampled from packets that have been
retransmitted. This means that, TCP calculated only for packets that
were sent once, and did not calculate for packets that were sent
twice, that is, for packets that were retransmitted.
2. On successive retransmissions, set each timeout to twice the previous one.
Whenever there was retransmission, TCP used the following formula to
calculate:
= ×2
Node A Node B
Old
Duplicate : SEQ = N
Conceptually, perhaps the most serious threat facing the integrity of TCP data is
external old duplicates, that is, from a previous instance of the connection. Suppose a
TCP connection is opened between A and B. One segment from A to B is duplicated and
unduly delayed, with sequence number N. The connection is closed, and then another
instance is reopened, that is, a connection is created using the same ports.
At some point in the second connection, when an arriving packet with SEQ=N would be
acceptable at B, the old duplicate shows up. Later, of course, B is likely to receive a
SEQ=N packet from the new instance of the connection, but that packet will be seen by
B as a duplicate (even though the data does not match), and (we will assume) ignored.
Reception of an old duplicate ACK segment at the sender could be only slightly less
serious: it is likely to lock up the connection so that no further progress can be made
and a is required to resynchronize the two ends.
Duplication of sequence numbers might happen in either of two ways:
1. Sequence number wrap-around on the current connection
A TCP sequence number contains 32 bits. At a high enough transfer rate, the 32-bit
sequence space may be ( ) within the time that a segment may be
delayed in queues.
transport protocol, since every sequence number field must be finite, and therefore any
sequence number may eventually be reused. In the Internet protocol suite, the MSL
bound is enforced by an IP-layer mechanism, the − − or TTL field.
Node A Node B
Segment 39
Segment 40
Segment 41
Data
ACK
Data
Timeout (RTO)
Data
ACK
How long should the timeout period be? If the timeout is set too long, unnecessary
delays will be introduced into the network. If the timeout is set too short, then
premature retransmission will result in packet duplications, leading to network
congestion and eventually to a state of collapse.
For this reason, TCP uses algorithms to dynamically adjust the timeout period to suit
the state of the network. The sender sets the Retransmission time-out (RTO) timer when
sending a segment. If the sender does not receive the corresponding acknowledgement;
it assumes the segment is lost and the segment.
Data
ACK
Checksum
Data invalid
Timeout (RTO)
Data
ACK
How long should the sender wait? The sender sets the Retransmission time-out (RTO)
timer when sending a segment. If the sender does not receive the corresponding
acknowledgement; it assumes the segment is lost and the segment.
10.8 ARQ Retransmission Techniques
The receiver can control the pace of incoming segments by carefully timing
acknowledgments. But, what happens if a segment is received in error? Of course some
set of procedures must be defined so that errors can be dealt with.
Three types of error control are discussed in your text. All are collectively called
automatic repeat request, or ARQ. The three types of error control are:
1. Stop and Wait ARQ
2. Go Back N ARQ
3. Selective Reject ARQ
Don't confuse Stop and Wait Flow Control with Stop and Wait ARQ. These are different
concepts that are part of a stop and wait transmission protocol.
Node A Node B
Data
ACK
Timeout
Data
ACK
What happens if a segment, an ACK or a NAK are lost in transit? This could be a
problem, so when a segment is sent, the transmitter starts a timer. If the timer counts
down to zero before an ACK or NAK is received the transmitter resends the segment.
This condition is called a . Note the following:
If a segment is lost, after the transmitter times out, the segment is resent and
the receiver accepts it without any knowledge of the lost segment.
If a NAK is lost, the transmitter times out and resends the segments. The
receiver accepts the retransmitted segment as if the NAK had been received
normally. There is no requirement to send a NAK. The transmitter will resend
the segment anyway. Sending the NAK forces the transmitter to resend
immediately, rather than waiting for a time out to occur.
If an ACK is lost, the transmitter times out and resends the segment. The
receiver already has this segment, so it discards the duplicate and resends the
ACK.
Data-1
Data-2
Data-3 Checksum
invalid
Data-4
Data-5
REJect-3
Data-3
Data-4
Data-5
This feature guarantees that segments are received in order, but it also means that
some good segments may have to be resent.
In the above figure, note how the transmitter begins by resending the segment that was
in error and then continues by sending succeeding segments until its window is
exhausted.
The receiver, upon finding and erred segment, will request that segment be resent and
only that segment is resent. The receiver has to keep track of what segments are coming
in and what sequence they belong in.
Reordering the segments may be required. The receiver cannot deliver segment contents
to layer three until the segments have been put in order and no segments are missing
in the sequence.
The transmitter also has to keep careful track of which segments have been sent, which
have been acknowledged and which are available to be sent. Selective Reject ARQ works
in combination with sliding window flow control.
Selective Reject ARQ is not common at the data link layer. It requires much more
processing and buffer space to implement. The marginal improvement in capacity is not
easy to justify in the hardware used at the data link layer. We will see Selective Reject
ARQ later when we study TCP, however.
The sender sends some request to the server, and the server formulates a response
broken into four TCP segments (segments). The server sends all four segments in
response to the request. However, the second response segment is dropped somewhere
on the network and never reaches the host. Let's walk through what happens.
10.9 Selective Acknowledgments (SACK) 323
Elements of Computer Networking TCP Error Control
Client Server
Request
Segment-1
Segment -2
Segment -3
Segment -4
ACK-1
ACK-1
Segment -2
Segment -3
Segment -4
ACK-2
ACK-3
ACK-4
Request
Segment-1
Segment -2
Segment -3
Segment -4
ACK-1, SACK-3
ACK-1, SACK-3,4
Segment -2
ACK-2
Support for SACK is negotiated at the beginning of a TCP connection; if both hosts
support it, it may be used. Let's look at how our earlier example plays out with SACK
enabled:
Step 1: Response segment #2 is lost.
Step 2: The client realizes it is missing a segment between segments #1 and #3. It sends
a duplicate acknowledgment for segment #1, and attaches a SACK option indicating
that it has received segment #3.
Step 3: The client receives segment #4 and sends another duplicate acknowledgment for
segment #1, but this time expands the SACK option to show that it has received
segments #3 through #4.
Step 4: The server receives the client's duplicate ACK for segment #1 and SACK for
segment #3 (both in the same TCP segment). From this, the server deduces that the
client is missing segment #2, so segment #2 is retransmitted. The next SACK received
by the server indicates that the client has also received segment #4 successfully, so no
more segments need to be transmitted.
Step 5: The client receives segment #2 and sends an acknowledgment to indicate that it
has received all data up to including segment #4.
information which is stored in the packet header. Such as addresses, port numbers and
other control arguments. One of those arguments is the Header Checksum.
The checksum is a numerical value which is used for error detection on a packet
transmission. How? Before a packet goes on the transmission medium, the checksum is
calculated at the source. This process is repeated at the receiving end and the
recalculated checksum is with the original checksum. If they match, the
transmission went just fine, if not then it is possible that some data got lost or
corrupted.
00 To 03 04 To 07 08 09 10 11 12 13 14 15 16 17 18 19 To 31
Version IHL ToS D T R M R0 Total Length
IP Identification (IPID) R0 DF MF Fragment Offset
Time-To-Live (TTL) Protocol Header Checksum
Source IP Address
Destination IP Address
Options & padding (variable, usually none)
For details on this refer chapter. For now, we just need to know the
following information:
Version 4 bits
IHL 4 bits
ToS 8 bits
Total Length 16 bits
Identification 16 bits
Flags 8 bits
Fragment Offset 8 bits
Time-to-Live 8 bits
Protocol 8 bits
Checksum 16 bits
Source IP 32 bits
Destination IP 32 bits
Total 160 bits = 20 bytes
Let us construct IP Header and add values to these variables. Starting with the
we will give it the value 4 (assuming IPv4 is being used). Using a decimal-to-binary
convertor we see that the number 4 in binary format is 0100. We will write it down as it
is, since it already is 4 bits long.
ℎ (IHL): IHL specifies the length of the IP header, in 32-bit words.
This includes the length of any options fields and padding. The normal value of this
field when no options are used is 5 (5 32-bit words = 5*4 = 20 bytes). Contrast to the
longer ℎ field. We will stay with the 5 since it is the most wide spread value
and also the smallest possible value. The number 5 in binary is 0101.
(ToS) field: It is used carry information to provide quality of service (QoS)
features, such as prioritized delivery, for IP datagrams. These parameters are to be used
to guide the selection of the actual service parameters when transmitting a datagram
through a particular network. We will set this field to 0. This field takes up 8 bits. So,
we will have 0000 0000.
ℎ: This is the TCP header length, which has a minimum value of 160 bits,
plus the ℎ( if no data is contained in the packet). We will continue
our calculations as if the ℎ has a size of 160 bits. So we have
ℎ + ℎ = 160 + 160 = 320 bits. But because the
ℎ is measured in bytes we will rewrite the 320 bits in 40 bytes (40
bytes = 320 bits). So again with the help of our binary convertor we can see that 40 in
binary is 00101000, but because we want to have 16 bits will add 8 more zeros to this
result. So we get: 00000000 00101000.
: Since this is our first constructed packet; we will set the
field to 1 (we can use whatever value we want). So because we have a 16 bit field we will
have: 0000000000000001.
: Which we will set to 0. Again because this is a 8 bit field we will have: 00000000.
: The same goes for the field. We will have:
00000000.
: This field can get a maximum value off 255. This is measured in seconds
but because this value gets reduced at every host it passes, we can say that this is the
number of hops a packet can travel through the internet before it gets discarded. We
will set it to 127. Were 127 in binary is 01111111.
: Since we are using TCP as our next level protocol, and because the TCP
Protocol's ID number is 6 we will set this to 6. And 6 in binary is 00000110.
ℎ : We will set this to 0, since we haven't completed our calculations. So we get
this: 00000000 00000000.
: The source address we are sending the packet from has an IP address
of 192.68.43.1. Let us write each number in binary format.
192 11000000
68 01000100
43 00101011
1 00000001
We will write this without the dots as: 11000000 01000100 00101011 00000001.
: Let us say, we want to send the packet to 10.176.2.34 and its
binary representation is 00001010 10110000 00000010 00100010.
We will have a flashback to our binary-format values:
IP Header
0100
0101
00000000
00000000 00101000
00000000 00000001
00000000
00000000
01111111
00000110
00000000 00000000
11000000 01000100 00101011 00000001
00001010 10110000 00000010 00100010
Next, we will divide this stuff into 16 bit words. Then, add them together. We can either
use a binary calculator or convert each 16 bit word to decimal and then add it.
16 bit Words In decimal
01000101 00000000 17664
10.10 TCP Checksum Calculation 327
Elements of Computer Networking TCP Error Control
00000000 00101000 40
00000000 00000001 1
00000000 00000000 0
01111111 00000110 32518
00000000 00000000 0
11000000 01000100 49220
00101011 00000001 11009
00001010 10110000 2736
00000010 00100010 546
Total 113734
We next need to convert this into format: 1 46, But something doesn't
look so fine. We said that the checksum field is 16 bit long, and what we have here
seems to be longer than 16 bits. In-fact it is 20 bits long. Don't worry. In this case we
remove the first digit of 1BC46 (which is 1) and we add it to the remaining 4 digits, that
is BC46, so we have BC46 + 1 = BC47.
Now the last step that we need to take is to subtract the result from FFFF. FFFF- BC47
= 43B8 (or 65535 - 48199 = 17336, in decimal) which is our final checksum that we will
put into the checksum field.
00 To 15 16 To 31
Source Port Number Destination Port Number
Sequence Number
Acknowledgment Number
Reserved
4-bit Header Length URG ACK PSH RST SYN FIN Window Size
(6-bits)
Checksum Urgent Pointer
Options (if any)
Data (if any)
00 To 07 08 To 15 16 To 31
Source IP Address
Destination IP Address
Reserved Protocol TCP Header Length
Remember when we said that the TCP Header checksum contains a Pseudo Header?
Well there is no problem. Since the Pseudo Header fields are IP Header values we
already have our binaries.
We have:
Source IP
11000000010001000010101100000001
Address(192.68.43.1)
Destination IP
00001010101100000000001000100010
Address(10.176.2.34)
10.10 TCP Checksum Calculation 329
Elements of Computer Networking TCP Error Control
B) The bandwidth is 10 Mbps, but after we finish sending each data packet, we must
wait one RTT before sending the next
C) The link allows infinitely fast transmits, but limits bandwidth such that only 20
packets can be sent per RTT. Assume zero transmit time.
D) As in (C), but during the first RTT, we can send one packet; during the second
RTT we can send two packets; during the third RTT we can send 4 = 2 and so on.
Answer: We will count the transfer as completed when the last data bit arrives at its
destination
A) 1.5 MB = 12,582,912 bits,
( , , )
2 initial RTTs (160 ms) + bps (transmit) + (propagation)=1.458 secs
( , , )
B) To the above, we add the time for 1499 RTTs for a total of 1.46 + 119.92 = 121.38
secs
C) This is 74.5 RTTs, plus the two initial RTTs, for 6.12 secs.
D) Right after the handshaking is done, we send one packet. One RTT after
handshaking, we send 2 packets.
At RTTs past the handshaking, we have sent 1+2+4+... + 2 = 2 – 1. At = 10, we
have thus been able to send all 1500 packets, the last batch arrives 0.5 RTT later. ∴
Total time is 2 + 10.5 RTTs or 1 sec.
Question 2: Suppose we want to devise a single-bit error-correcting Hamming code for
a 16-bit data string. How many parity bits are needed? How about for a 32-bit data
string.
: The number of bits actually transmitted is the number of data bits plus the
number of parity bits. If we have 16 data bits and only use 4 parity bits, then we would
have to transmit 20 bits. Since there are only 16 combinations that can be constructed
using 4 parity bits, this is not enough. With 5 parity bits, we must transmit 21 bits.
Since there are 32 combinations that can be constructed using 5 parity bits, there will
be enough combinations to represent all single-bit errors.
With 32 data bits, using 5 parity bits will not be enough since we would have to
transmit 37 data bits and 5 parity bits only allows 32 combinations. With 6 parity bits,
we have to transmit 38 data bits. Since 6 parity bits gives 64 combinations, there will
be enough combinations to represent all single-bit errors.
Question 3: According to end-to-end argument reliability must be implemented at
networking layer. Is it true or false?
: False. Since reliability at the networking layer cannot ensure the application
end-to-end reliability, and since it may hurt the latency of applications that do not
require reliability (e.g., voice over IP), according to the end-to-end argument the
networking layer shouldn’t provide reliability.
Question 4: Consider a reliable data transfer protocol that uses only negative
acknowledgements. Suppose the sender only sends data infrequently. Would the
negative-acknowledgment-only protocol be preferable to a protocol the uses both
positive and negative acknowledgements? Explain.
Now consider the scenario where the sender has a lot of data to transmit and the
connection experiences very few packet losses. In this scenario, would a negative-
acknowledgment-only protocol be preferable to a protocol the uses both positive and
negative acknowledgements? Explain.
: If the data is sent infrequently, you could argue that sending both positive
(ACK) and negative (NAK) acknowledgements would suffice as generally few
acknowledgements would be sent as there is relatively little data to acknowledge.
In the situation where there is a lot of data being transmitted, yet there are very few
packet losses, NAKs may work better than both ACK/NAK as there will be fewer
negative acknowledgements being generated.
Question 5: Assume host A sends four TCP segments to a receiver B. B will send an
ACK to A after correct receipt of a single segment (i.e. it sends an ACK for each
segment it receives.) The First and fourth segments arrive, however the second
segment is dropped by a router. How will B acknowledge receipt of the segments it
has received so far?
: It will ACK 1 both times (or, said differently, it would ACK 2 both times as it is
expecting to receive 2.)
Question 6: For the previous question, B then receives the third segment. How will it
acknowledge receipt of it?
: Again, it will ACK the segment it is expecting to receive next, which in this case
is 2.
Question 7: For the previous question, in terms of acknowledgements, how will B
ultimately handle the second (missed) segment?
: A will ultimately timeout and resend it. When B receives the segment, it will
send a cumulative acknowledgements for all four segments it has received.
Question 8: Suppose a TCP message that contains 2048 bytes of data and 20 bytes of
TCP header is passed to IP for delivery across two networks of the Internet. The first
network uses 14 byte headers and has a MTU of 1024 bytes; the second uses 8-
byte headers with an MTU of 512 bytes. Each network’s MTU gives the size of the
largest IP datagram that can be carried in a link-layer frame. Give the and
of the sequence of fragments delivered to the network layer at the
destination host. Assume all IP headers are 20 bytes. Note, the IP requires that
fragmentation should always happen on 8-byte boundaries.
: Consider the first network. Packets have room for 1024 - 20 = 1004 bytes of IP-
level data; because 1004 is not a multiple of 8 each fragment can contain at most 8×
floor((1004/8)) = 1000 bytes. We need to transfer 2048 + 20 = 2068 bytes of such data.
This would be fragmented into fragments of size 1000, 1000, and 68.
Fragment Size Offset
1 1000 0
2 1000 1000
3 68 2000
Over the second network, the 68-byte packet would be unfragmented but the 1000-
data-byte packet would be fragmented as follows. The IP header is 20 bytes, leaving
512-20 = 492 bytes for IP-level data. Again rounding down to the nearest multiple of 8,
each fragment could contain 488 bytes of IP-level data. 1000 bytes of such data would
become fragments with data sizes 488, 488, and 24.
Fragment Size Offset
1 488 0
2 488 488
3 24 976
4 488 1000
5 488 1488
6 24 1976
7 68 2000
Question 9: Consider the TCP round-trip time and timeout estimation algorithm:
EstimatedRTT = ( 0.875 × EstimatedRTT ) + ( 0.125 × SampleRTT )
talking over a TCP connection that has a TCP window size of 64 KB (kilobytes), the
sender can only send 64 KB of data and then it must stop and wait for an
acknowledgment from the receiver that some or all of the data has been received.
If the receiver acknowledges that all the data has been received then the sender is free
to send another 64 KB. One way to improve the reliability of the TCP connection is to
reduce the window size that the receiver needs to receive before sending an
acknowledgement. However, this will reduce throughput as more segments and
acknowledgements will need to be sent in order to transfer the same amount of data.
Question 14: The maximum window size for data transmission using the selective reject
protocol with -bit frame sequence numbers is
A) 2 B) 2 C) 2 - 1 D) 2
: B. bit frame sequence numbers are used. So possible sequence numbers are
2 . But sending and receiving window work together; so =2 .
Chapter
Error control is the of detecting and correcting both the bit level and packet
level errors. Error control is the process of detecting and correcting both the bit level
and packet level errors.
Sender Receiver
First bit of
segment is First bit of
put into the segment arrived
medium at receiver
Last bit of
All fields of the segment segment arrived
kept on medium at receiver
Take a look at Stop and Wait Flow Control in the next diagram. Notice that much of the
time, the receiver and the transmitter are doing nothing but waiting.
Sender Receiver
Segment travels on
medium to receiver
Sender begins First bit of
sending the segment arrived
segment at receiver
Segment arrived
at receiver and
ACK: A small segment which
checked for errors
gives permission to sender
for sending next segment. If no errors are
found, an ACK is
sent to the sender
After the ACK is received; the
sender sends the next
segment (big) to receiver
Segments are usually numbered to keep track of them. Acknowledgments are also
numbered. Stop and Wait Flow Control need only number the segments as segment 0
and segment 1. The acknowledgments are numbered ACK 0 and ACK 1.
Look how much time the transmitter is doing nothing in the above diagram. When a
segment is small, much of the time is spent waiting for it to travel across the network
and for the ACK to return.
One solution to this problem of poor efficiency is to send larger segments. When
segments are larger, more time is spent sending data. Larger segments are more
efficient as long as there are few errors. If there is an error the entire segment has to be
resent. The larger the segment the more likely there will be an error in it, so there is a
point where no benefits are found by increasing the segment size. When there are
frequent errors very small segments might be appropriate.
sending a new packet. If the acknowledgment is not received before the timer expires,
the source retransmits the packet. Such a technique is called
(PAR).
By assigning each packet a sequence number, PAR enables nodes to track lost or
packets caused by network delays that result in . The
sequence numbers are sent back in the acknowledgments so that the acknowledgments
can be tracked.
PAR is an use of ℎ, however, because a host must wait for an
acknowledgment before sending a new packet, and only one packet can be sent at a
time.
Sender Receiver
Data
ACK
Data
Timeout
Data
ACK
, it is a form of flow control, preventing the sending side from overrunning the
receive buffer on the receiving side.
, it is a form of speed matching, allowing the sending side to keep sending at its
own pace without having to stall and wait for the receiving side to acknowledge the sent
bytes. The window size specifies how far the sender can get ahead of the receiver.
Finally, as we will see below, it is a performance mechanism to take best advantage of
the characteristics of the underlying network.
TCP’s 16-bit window field is used by the receiver to tell the sender how many bytes of
data the receiver is willing to accept. Since the window field is limited to a maximum of
16 bits, this provides for a maximum window size of 65,535 bytes.
The window size advertised by the receiver (called ) tells the sender
how much data, starting from the current position in the TCP data byte stream can be
sent without waiting for further acknowledgements. As data is sent by the sender and
then acknowledged by the receiver, the window slides forward to cover more data in the
byte stream. This concept is called and is shown in figure.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Window
As shown above, data within the window boundary is eligible to be sent by the sender.
Bytes sent and got ACK’s
1 2 3 4 5 6 7 8 9 10 11 12 13 14
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Window
11.7.2.1 An Example
In a TCP sliding-window operation, for example, the sender might have a sequence of
bytes to send (numbered 1 to 10) to a receiver who has a window size of four. The
sender then would place a window around the first four bytes and transmit them
together. It would then wait for an acknowledgment.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Window
Node A Node B
SEQ: Bytes: 1 to 4
ACK: 5, Window = 5
ACK
The receiver would respond with an ACK = 5, indicating that it has received bytes 1 to 4
and is expecting byte 5 next. In the same packet, the receiver would indicate that its
window size is 5. The sender then would move the sliding window five bytes to the right
and transmit bytes 5 to 9.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Window
Node A Node B
SEQ: Bytes: 5 to 9
ACK
The receiver would respond with an ACK = 10, indicating that it is expecting sequenced
byte 10 next. In this packet, the receiver might indicate that its window size is 0
(because, for example, its internal buffers are full). At this point, the sender cannot
send any more bytes until the receiver sends another packet with a window size greater
than 0.
SYN: Window=32KB
ACK
The number of bytes that may be sent at any time before the sender must pause and
wait for acknowledgement is limited by factors:
1. The of the ’ : The size of the receiver’s buffer matters because the
sender cannot send more bytes than the receiver has room to buffer; otherwise
data is lost.
2. The of the ’ : The size of the sender’s buffer matters because
the sender cannot recycle its own buffer space until the receiver has
acknowledged the bytes in the send buffer, in case the network loses the data
and the bytes must be resent.
The sender knows the receiver’s remaining buffer size because the receiver
this value as the TCP window size in each acknowledgement replied to the sender. The
sender always knows its send buffer size.
But the effective window size used by the sender is actually the minimum of the TCP
window size advertised by the receiver, based on the unused space in its ,
and the sender’s own send buffer size. To change the effective window size for best
performance, both buffer sizes, one at either end of the connection, must be tuned.
The receiver node advertises its window size in each acknowledgement replied to the
sender node. may be standalone segments, called
, or they may be piggy backed on data segments being sent in the
other direction. The advertised window size is the space remaining in the receiver’s
buffer. This is the flow control aspect of the sliding window.
The window size is also the largest number of bytes that may be sent before the sender
has to wait for the receiver to reply with an acknowledgement. Sent bytes must be
buffered by the sender until they are acknowledged by the receiver, in case the sender
must resend them. This is the reliability aspect of TCP. The sender can run at its own
rate until the receiver advertises a window size of zero. This is the speed matching
aspect of TCP.
The initial TCP window size advertised by the receiver is based on the receive buffer
size.
Data Receiving
Spare Room TCP Data in Buffer
from IP Application
MaxRcvBuffer
B) What is the maximum possible file transfer time assuming S uses only the
retransmission mechanism? Please give a scenario which achieves the
maximum transfer time. This scenario should indicate which packet (or ack) is
dropped, if any.
C) Repeat question (B) but now assume that S uses both the and - -
ack retransmission mechanisms.
:
A) 3 × : No packet or ack is lost.
B) 3 × + : A packet in the last window is lost.
C) Same as (B), if the last packet is lost.
Question 3: Flow control is a key function that is typically performed by a protocol. Is it
true or false?
: True
Question 4: Consider an error-free 1024-kbps channel used to send 512B data frames
in one direction, with very short acknowledgements coming back the other way.
Assume a propagation delay of 50 msec. What is the maximum throughput for a
window size of 1, 7, 15, 127, and 255?
: A 512B frame (4096 bits) occupies the channel for 4096/1,024,000 sec or 4
msec. The round trip and propagation time is 104 msec, so we need a window of 104/4
or 26 frames to keep the channel busy. With a window size of 1, we can send 4096 bits
per 104 msec for a throughput of 39.39 Kbps. For a window of 7 frames, it is 7 times
higher, or 275.69 Kbps, etc. 1024 is the upper bound.
Question 5: For the Question ,at what minimum window size can the protocol run at
the full rate of the channel?
: For windows above 26 ( = 1024/39.39) frames, the full 1,024 kbps is used.
: since the problem description was not clear about ignoring ACKs, we will also
accept the answer: since ACKs are required to acknowledge the data, the protocol can
never run at the full rate.
Question 6: Consider the Go-Back-N protocol with a send window size of 10 and a
sequence number range of 1024. Suppose that at time t, the next in-order packet
that the receiver is expecting has a sequence number of k. Assume that the
medium does not reorder messages. What are the possible sets of sequence number
inside the sender’s window at time t?
: Here we have a window size of = 10. Suppose the receiver has received packet
− 1, and has ACKed that and all other preceding packets. If all of these ACK's have
been received by the sender, then the sender's window is [ , + − 1]. Suppose next
that none of the ACKs have been received at the sender.
In this second case, the sender's window contains − 1 and the packets up to and
including − 1. The sender's window is thus [ − , − 1]. By these arguments, the
senders window is of size 10 and begins somewhere in the range [ − , ].
Question 7: What are all possible values of the ACK field in the message currently
propagating back to the sender at time t?
: If the receiver is waiting for packet , then it has received (and ACKed) packet
− 1 and the − 1 packets before that. If none of those ACKs have been yet received
by the sender, then ACK messages with values of [ − , − 1] may still be propagating
back. Because the sender has sent packets [ − , − 1], it must be the case that the
sender has already received an ACK for − − 1. Once the receiver has sent an ACK
for − − 1 it will never send an ACK that is less that − − 1. Thus the range of in-
flight ACK values can range from − to − 1.
Question 8: With the Go-Back-N protocol, is it possible for the sender to receive an
ACK for a packet that falls outside of its current window?
: Yes. Suppose the sender has a window size of 3 and sends packets 1, 2, 3 at .
At ( > ) the receiver ACKS 1, 2, 3. At ( > ) the sender times out and resends
1, 2, 3.
At the receiver receives the duplicates and re-acknowledges 1, 2, 3. At the sender
receives the ACKs that the receiver sent at and advances its window to 4, 5, 6. At
the sender receives the ACKs 1, 2, 3 the receiver sent at . These ACKs are outside its
window.
Question 9: Suppose host A is sending to a multicast group. The destinations are leaf
nodes of a tree rooted at A with depth and with each non-leaf node having
children, so there are destinations. Ignore counting the ACK’s for this question.
How many individual link transmissions are involved if A sends a multicast
message to all destinations?
: One multicast transmission involves all + +…+ = links.
Question 10: How many individual link transmissions are involved if A sends a unicast
message to each destination?
: One unicast retransmission involves links; sending to everyone would require
× links.
Question 11: Suppose A sends a multicast message to all destinations, but a fraction f
of the destinations fail to receive the message. Option (i) is to send a separate
unicast transmission to each of those destinations. Option (ii) is to send a single
multicast transmission to all destinations. Which option requires more individual
link transmissions? (Your answer should depend on the values of , , and ).
: The additional unicast transmission to fraction of the recipients uses × ×
links. Equating this to the answer in Question 9, we get
−
=
( − 1) × ×
Question 12: Host A is sending data to host B over a full duplex link. A and B are using
the sliding window protocol for flow control. The send and receive window sizes are
5 packets each. Data packets (sent only from A to B) are all 1000 bytes long and the
transmission time for such a packet is 50 µs. Acknowledgment packets (sent only
from B to A), are very small and require negligible transmission time. The
propagation delay over the link is 200 µs . What is the maximum achievable
throughput in this communication?
A) 7.69 × 10 bps B) 11.11 × 10 bps
C) 12.33 × 10 bps D) 15.00 × 10 bps
: B.
Data packet size = 1000 bytes
Number of packets = 5
Total data = 5000 bytes
Propagation delay = 200 µs
Transmission time = 50 µs per packet
Time to 5 packets
= 5 × 50 µs = 200 µs
Total time for 5 packets = 250 + 200 = 450 µs
Rate = = = 11.11 × 10 bps
×
Chapter
TCP Congestion
Control
12
12.1 Introduction
In today’s world, the (TCP) carries huge Internet traffic, so
performance of the Internet depends to a great extent on how well TCP works. TCP
provides a reliable transport service between two processes running on source and
destination nodes.
Another important component of TCP is its mechanism. The
important strategy of TCP is to send packets into the network and then to react to
that occur. TCP congestion control was introduced into the Internet in
the late 1980s by ; roughly eight years after the TCP/IP protocol stack had
become operational.
To address these issues, multiple mechanisms were implemented in TCP to govern the
rate with which the data can be sent in both directions ( and
): , , and .
Receiver bottleneck
Physical bottlenecks
The most notable and common problem that networks are faced with is loss of data.
While loss of data in a network can occur due to a variety of reasons, in the
network is the most common reason. In simple terms, refers to the loss of
network performance when a network is heavily loaded. This loss of performance can be
data loss, large delays in data transmission, which is often unacceptable. Due to this,
controlling and avoiding congestion is a critical problem in network management and
design.
The most common type of computer network is a packet-switched network, where nodes
send data in the form of packets to each other. The most common strategy used to
transfer data is - - . Each node waits till it has received a whole packet
before forwarding it at a later time to the appropriate output link.
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Window
As shown above, data within the window boundary is eligible to be sent by the sender.
12.3 Types of Congestion 350
Elements of Computer Networking TCP Congestion Control
1 2 3 4 5 6 7 8 9 10 11 12 13 14
1 2 3 4 5 6 7 8 9 10 11 12 13 14
Window
The maximum transmission rate is ultimately bound by the receiver’s ability to accept
and process data. However, this technique implies an implicit trust arrangement
between the TCP sender and receiver. The sender and also the network can play a part
in determining the transmission rate of data flow as well.
It is important to consider the on the window size of 65,535 bytes. Consider a
typical internetwork that may have link speeds of up to 1 Gb/s or more. On a 1 Gb/s
network 125,000,000 bytes can be transmitted in one second. This means that if only
two TCP stations are communicating on this link, at best 65,535/125,000,000 or only
about .0005 of the bandwidth will be used in each direction each second!
Recognizing the need for larger windows on high-speed networks, the Internet
Engineering Task Force (IETF) released a standard for a . This
standard effectively allows the window to increase from 16 to 32 bits or over 4 billion
bytes of data in the window.
Node A Node B
Data
ACK
Data
Timeout
Data
ACK
Request
Segment-1
Segment -2
Segment -3
Segment -4
ACK-1
ACK-1
Segment -2
Segment -3
Segment -4
ACK-2
ACK-3
ACK-4
TCP keeps track of when data is sent and at what time acknowledgements covering
those sent bytes are returned. TCP uses this information to calculate an estimate of
round trip time. As packets are sent and acknowledged, TCP adjusts its round-trip time
estimate and uses this information to come up with a reasonable timeout value for
packets sent.
12.4 An Overview of TCP Flow Control 352
Elements of Computer Networking TCP Congestion Control
10 Mbps 2 Mbps
Node A Router R2 Node B
Let us consider that node A uses a window of three segments. It thus sends three back-
to-back segments at 10 Mbps and then waits for an acknowledgement. Node A stops
sending segments when its window is full. These segments reach the buffers of router
R2. The first segment stored in this buffer is sent by router R2 at a rate of 2 Mbps to
the destination node.
Upon reception of this segment, the destination sends an acknowledgement. This
acknowledgement allows node A to transmit a new segment. This segment is stored in
the buffers of router R2 while it is transmitting the second segment that was sent by
node A.
Thus, after the transmission of the first window of segments, TCP sends one data
segment after the reception of each acknowledgement returned by the destination. In
practice, the acknowledgements sent by the destination serve as a kind of that
allows the sending node to adapt its transmission rate to the rate at which segments
are received by the destination.
This TCP - is the first mechanism that allows TCP to adapt to heterogeneous
networks. It depends on the availability of buffers to store the segments that have been
sent by the sender but have not yet been transmitted to the destination.
If many TCP senders are attached to the left part of the network above, they all send a
window full of segments. These segments are stored in the buffers of the router before
being transmitted towards their destination. If there are many senders on the left part
of the network, the occupancy of the buffers quickly grows. A consequence of the buffer
occupancy is that the round-trip-time, measured by TCP, between the sender and the
receiver increases.
The congestion collapse is a problem that all heterogeneous networks face. Different
mechanisms have been proposed in the scientific literature to avoid or control network
congestion. Some of them have been implemented and deployed in real networks.
To understand this problem in more detail, let us first consider a simple network.
Consider a network where 20,000 bits segments are sent. When the buffer is empty,
such a segment requires 2 millisecond to be transmitted on the 10 Mbps link and 10
12.7 Congestion Collapse Problem 354
Elements of Computer Networking TCP Congestion Control
Ideal Throughput
Congestion Collapse
Transfer Phase
Connection Phase
Slow Start Congestion Avoidance
During the transfer phase, a source sends data (in the form of segments) on the flow
until the required number has been received successfully. A receiver signals receipt of
data segments by sending acknowledgments (ACKs) to the source. By sending duplicate
acknowledgments, a receiver may also indicate failure to receive specific segments,
which the source must then retransmit.
Also, a sender may fail to receive acknowledgments, which requires the sender to raise
a timeout and to retransmit unacknowledged data. During the transfer phase,
congestion control procedures determine when a source may send data segments to a
receiver. The resulting series of segments is known as a flow.
Remember that, with the TCP sliding window protocol concept, the window size
( ) is equal to the maximum number of unacknowledged data that a source
may send.
Consider a system where the source has infinite data to send. Assume the source uses
a FIFO (First In First Out) as a send buffer of size . Of the connection, the
source immediately fills the buffer which is then dequeued at the rate allowed by the
line. Then the buffer can receive new data as old data is acknowledged.
Let be the average time need to wait for an acknowledgement to come back. This time
is counted from the instant the data is put into FIFO. This system is an approximate
model of a TCP connection for a source which is infinitely fast and has infinite amount
of data to send. In this case, the throughput of the connection can be given as
ℎ ℎ =
The delay T is equal to the propagation and transmission times of the data and
acknowledgement, plus the processing time, plus possible delays in sending
acknowledgement.
= + + +
Thus, in the periods of congestions, there is a first automatic congestion control effect:
sources reduce their rates whenever the network delay increases. This is because the
time to get acknowledgements increase. This has a side effect, which is not essential in
the TCP congestion control mechanism.
= ( , )
= -( - )
Note that, replaces in the calculation of (refer
the formula in ℎ section of chapter).
Thus, a TCP source is allowed to send no faster than the slowest component (the
network or the destination host) can accommodate.
A congestion control scheme tries to bring the network back to an operating state, while
a congestion avoidance scheme tries to keep the network at an optimal state. Without
congestion control a network may cease operating ( ℎ ℎ ) whereas networks
have been operating without congestion avoidance for a long time.
The point at which a congestion control scheme is called upon depends on the amount
of memory available in the routers, whereas, the point at which a congestion avoidance
scheme is invoked is independent of the memory size.
The problem, of course, is how TCP comes to learn an appropriate value for
. Unlike the , which is sent by the receiving side of the
connection, there is no one to send a suitable to the sending side of TCP.
The answer is that the TCP source sets the based on the level of congestion
it perceives to exist in the network.
Node A Node B
= MSS×(MSS/ )
= +
That is, rather than incrementing by an entire MSS bytes each RTT, we
increment it by a fraction of MSS every time an ACK is received. Assuming that each
ACK acknowledges the receipt of MSS bytes, then that fraction is MSS/ .
Time
This pattern of continually increasing and decreasing the congestion window continues
throughout the lifetime of the connection. In fact, if we plot the current value of
as a function of time, we get a ℎ pattern.
The important concept to understand about AIMD is that the source is willing to reduce
its congestion window at a much faster rate than it is willing to increase its congestion
window. This is in contrast to an additive increase/additive decrease strategy in which
the window would be increased by 1 packet when an ACK arrives and decreased by 1
when a timeout occurs.
One main reason to decrease the window aggressively and increase it conservatively is
that the consequences of having too large a window are much worse than those of it
being too small. For example, when the window is too large, packets that are dropped
will be retransmitted, making congestion even worse, thus, it is important to get out of
this state quickly.
When a TCP connection first begins, the slow-start algorithm initializes a congestion
window to 1. Slow-start effectively increases the congestion window exponentially,
rather than linearly. When acknowledgements are returned by the receiver, the
congestion window increases by double for each acknowledgement returned.
For example, the first successful transmission and acknowledgement of a TCP segment
increases the window to two segments. After successful transmission of these two
segments and acknowledgements completes, the window is increased to four segments.
Then eight segments, then sixteen segments and so on, doubling from there on out up
to the maximum window size advertised by the receiver or until congestion finally does
occur.
Node A Node B
At some point the congestion window may become too large for the network or network
conditions may change such that packets may be dropped. Packets lost will trigger a
timeout at the sender. When this happens, the sender goes into congestion avoidance
mode and congestion window is set to half.
position of the duplicate ACK in the byte stream). This process is called the
algorithm.
Client Server
Segment-1
Segment-2
Segment-3
Segment-4
Segment-5
ACK-1
ACK-1
ACK-1
ACK-1
Segment-6
Segment-2
ACK-6
Time
congestion, the network throughput may drop to zero and the path delay may become
very high. A congestion control scheme helps the network to recover from the
congestion state.
A congestion avoidance scheme allows a network to operate in the region of low delay
and high throughput. Such schemes prevent a network from entering the congested
state. Congestion avoidance is a mechanism while congestion control is a
mechanism.
12.11.1 DECbit
DECbit is one of the earlier congestion avoidance methods. DECbit require cooperation
of network switches and traffic sources. In the DECbit method, the congested network
switches set congestion indication bit in the network layer header of a data packet,
where the congestion is indicated by the average queue length greater than or equal to
1. Non-congested switches ignore the congestion indication bit field.
That means, a single congestion bit is added to the packet header. A router sets this bit
in a packet if its average queue length is greater than or equal to 1 at the time the
packet arrives. This average queue length is measured over a time interval that spans
the + , plus the current busy cycle.
At the destination, the bit is copied into the transport header of the acknowledgment
packet which is then transmitted to the source. The source updates its window once
every two round-trip times, and if at least 50% of the bits examined are set during the
interval, the window size is reduced from its current value , to ×
.
Otherwise it is increased to + , where = 0.875 and = 1. The scheme
uses minimal amount of feedback from the network, with just one bit in the network
layer header to indicate congestion. The technique addresses the important issue of
fairness and achieves the goal to some extent.
When there is a transient change in the network, is designed to adapt to the
change and converge to the efficient operating point.
earlier than it would have to, so as to notify the source that it should decrease its
congestion window sooner than it would normally. That is, the router drops a few
packets before it has run out of its buffer space completely so as to cause the source to
slow down earlier, with the expectation that it does not have to drop lots of packets later
on. Note that RED can easily be adapted to work with an explicit feedback scheme
simply by marking a packet instead of dropping it.
The basic idea of how RED decides when to drop a packet and what packet to be
dropped can be demonstrated with a simple FIFO queue. Rather than waiting for the
queue to become completely full and then being forced to drop each arriving packet,
RED drops each arriving packet with some drop probability whenever the queue length
exceeds some dropping level.
In this way, there is still space for other service classes even if one of them exceeded its
available space. The drawback of this solution is that packet discarding happens even if
there is available free memory for accepting new packets in the queue.
The biggest problems in a network are related to the allocation of network resources
(such as buffers and link bandwidth) to different users. A limited amount of resources
has to be shared among many different competing traffic flows in an efficient way in
order to maximize the performance and the use of the network resources. The behavior
of routers in terms of packet handling can be controlled to achieve different kind of
services.
There are a number of packet handling mechanisms, which are related to:
• Classification of packets
• Admission Control and Traffic Shaping
• Queuing and scheduling disciplines
• Packet discard techniques
indicates the process of categorizing packets into flows in a router.
All packets belonging to the same flow or the same class of service are ruled in a
predefined manner and are processed in a corresponding way by the router. For
example, all packets belonging to a certain application or related to a specific protocol
may be defined to form a traffic flow. Packet classification process is needed for those
services that require the distinction between different kinds of traffic.
Once packets are classified, functions are performed to check whether
enough network resources are available according to the packet service classification. If
resources are available, packets are handled according to their classification. Traffic
shaping functions are used to control the volume of traffic entering in the networks and
the rate at which packets are sent. There are two methods for achieving Traffic shaping:
leaky bucket and token bucket.
Afterwards, packets are scheduled into ( ). Queues are managed in a way
to ensure each queue gets the level of services required for its class. There are a number
of queue disciplines are described: First-In-First-Out (FIFO), Priority Queuing (PQ), etc..
When network congestion is experienced, packets in excess must be . Packet
discard cannot be avoided but can be controlled. Several techniques for handling packet
discard are showed, such as Tail Drop, Early Drop, Drop Preference and RED.
Bucket Size
Initial fullness of bucket
when the maximum number are already queued, the new packet is unceremoniously
discarded. This arrangement can be built into the hardware inter face or simulated by
the host operating system. It was first proposed by Turner and is called the leaky
bucket algorithm.
Buffer Size
Initial fullness of buffer
Network
To understand the leaky bucket model, define three parameters of the bucket:
The capacity (B)
The rate at which water flows out of the bucket (R)
The initial fullness of the bucket (F)
Illustration showing a buffer as a bucket, input rate as water entering the bucket, and
output rate as water leaving through a hole in the bucket
If water is poured into the bucket at exactly rate R, the bucket will remain at F, because
the input rate equals the output rate. If the input rate increases while R remains
constant, the bucket accumulates water. If the input rate is larger than R for a
sustained period, eventually the bucket overflows. However, the input rate can vary
around R without overflowing the bucket, as long as the average input rate does not
exceed the capacity of the bucket. The larger the capacity, the more the input rate can
vary within a given window of time.
The leaky bucket is defined by ℎ parameters:
1. The average bit rate, in bytes per second, which corresponds to the output rate
(R)
2. The buffer window, measured in milliseconds, which corresponds to the bucket
capacity (B).
3. The initial buffer fullness, which is generally set to zero.
The bit rate measures the average number of bits per second in the encoded stream.
The buffer window measures the number of milliseconds of data at that bit rate that
can fit in the buffer. The size of the buffer in bits is equal to × ( /1000).
If there is no token in the bucket, the packet cannot be send. However, the limit of
burst is restricted by the number of tokens available in the bucket at a particular
instant of time. The implementation of basic token bucket algorithm is simple; a
variable is used just to count the tokens. This counter is incremented every t seconds
and is decremented whenever a packet is sent. Whenever this counter reaches zero, no
further packet is sent out.
algorithm is a finer way to implement traffic shaping uses a token bucket
filter, which allows bursts of packets to be sent every now and then. The tocken bucket
filter is a way to implement both admission control and traffic shaping. The philosophy
is the same than the leaky bucket’s one, however the token bucket allows having
permission to send bursts of packets.
Figure shows the token bucket scheme. The algorithm is that every certain period of
time – which determines the rate packets are served – a token is saved. Each token can
be associated to one packet (blue packets in the figure) or, in general, to a defined
quantity of data.
Token Bucket
when we don’t consider time interval as zero, burst size depends on bucket depth b,
and maximum speed of output link.
For a token bucket size C bytes, with arrival rate A bytes/sec, and the maximum output
rate O bytes/sec, the maximum burst time B can be given as:
=
−
=
−
B) S = = 22.3 msec. There is a 25 MB/s output burst of 22.3msec after the
( )
onset of the incoming burst of data.
C) The maximum burst output of 200 Mbps (25 MBps) lasts only 22.3 msec which
means (25 × 10 )×(22.3 × 10 ) = 557.5×103 bytes (544.4KB) of data was delivered by
the token bucket.
However the incoming burst lasts 40 msec and this means (200× 10 × 40× 10 ) = 106
bytes of data was delivered to the bucket, that is 442.5 × 10 left after 22.3 msec which
then must drain at the token rate of 16 Mbps (2 MBps = 2000 KBps). Thus, there is an
additional 16 Mbps burst from the token-bucket after 22.3 msec of (442.5/2000) =
221.25 msec duration. Hence the token-bucket output exhibits the following cyclic
behavior: 200 Mbps burst of 22.3 msec duration, 16 Mbps burst of 221.25 msec
duration and then 756.45 msec of no output.
Question 2: The standard - implementation of the leaky bucket
algorithm allows one packet to be transmitted per token generated, independent of
the length of the packet. The byte-counting variation defines a token not as 1
packet but bytes. Thus if = 1024, one token can be used to transmit either one
1024-byte packet, or two 512-byte packets (conversely two tokens are needed to
transmit one 2048-byte packet). What are the pros and cons of these two
approaches for congestion rate control in networks?
: The byte-counting variation achieves a smoother average bit rate than -
. However it does not achieve a perfect constant bit rate since tokens will
accumulate for large packets which will then be transmitted at full speed. The byte-
counting variant also has the following problems:
The length of the packet needs to be determined, and a count kept, hence a
more complex implementation.
If packets are small the output packet rate will be high and since routers queue
and process on a per packet basis this may actually exacerbate end-to-end
delays and consequent congestion.
The packet-counting version is simpler to implement and helps control congestion more
effectively since the packet rate is constant, but it also has problems:
A large variance in packet sizes will mean a large variance in bit rate.
Longer packets will be given an effective higher data rate, which may create
congestion problems on networks with smaller MTUs (i.e. packet is segmented
as many smaller packets which will then create longer queues and processing
delays).
Question 3: A computer on a 6-Mbps network is regulated by a token bucket. The
token bucket is filled at the rate of 1 Mbps. It is initially filled to capacity with 8
Mbps. How long the computer transmit at the full 6 Mbps?
: Suppose for time , the computer can transmit at the full 6 Mbps.Then 6t = 8 +
t. Hence, t = 1.6 sec.
Question 4: Suppose that the TCP congestion window is equal to 8K bytes just before a
timeout occurs. How big will the congestion window be if the next sixteen packet
transmissions are all successfully acknowledged? Assume that the maximum
segment size is 1K, all transmitted packets are 1K in length, and the receiver's
advertised window is always equal to 64K bytes.
: When a packet transmission times out (i.e., no acknowledgement for the packet
arrives within a timeout period determined by the Jacobson-Karels algorithm), then we
have to initiate the slow start phase. This means that we set the threshold to half of the
current congestion window or half of the current sliding window, whichever is less.
In this case, the congestion window (8K) is less than the sliding window (64K), so the
threshold is set to 4K. Since we are using , the congestion window is also
reduced to 1 maximum segment size – or 1K.
Because the congestion window is now 1K, the TCP sender transmits one packet before
stopping to wait for an acknowledgement. (We can only send one congestion window’s
worth of data, or one sliding window’s worth of data, whichever is less.) the
ℎ , the congestion window increases by one segment size whenever one
segment of data is acknowledged.
Thus, when the packet’s acknowledgement arrives at the sender, the sender increases
its congestion window from 1K to 2K. Because the window size is now 2K, the sender
sends 2 TCP packets without waiting for an acknowledgement first. When the two
acknowledgements return, the congestion window at the source increases from 2K to
4K. So far the sender has transmitted 3 packets since the timeout has occurred.
The congestion window has now reached the threshold value (4K), so now we say that
the sender is no longer in the slow start phase. Instead, it is in the congestion
avoidance (or linear increase) phase. the ℎ , the
congestion window only increases by one segment size whenever a full congestion
window’s worth of data has been acknowledged. Since the congestion window is
currently 4K, the congestion window will not advance to 5K until 4 1K packets have
been acknowledged.
So, after sending 4 more packets and receiving their acknowledgements, the sender’s
congestion window increases to 5K. After sending 5 more packets and receiving their
acknowledgements, the congestion window increases to 6K.
Since the timeout, the sender has transmitted 12 packets. In order for the congestion
window to increase from 6K to 7K, the sender must receive acknowledgements for an
additional 6 packets. However, the problem is only interested in the size of the
congestion window after 4 more packets have been transmitted (12+4 = 16). So the
answer to this problem is that after sixteen packets have been successfully
acknowledged, the size of the congestion window remains at 6K.
45
40
35
Co
ng 30
est
io 25
n
20
Wi
nd
15
ow
10
0 5 10 15 20 25 30
Time
:
A. [1,6] and [23,26] because the window is increasing exponentially.
Question 20: Calculate the token bucket parameters rate and bucket depth for a flow
with the following traffic requirements: the maximum rate is R = 20 Mbps, the
maximum rate can only be used up to 4 seconds, and in the first 10 seconds up to
140 Mb can be transmitted.
: The data sent in the first 4 seconds at the rate is 80 Mb. Then, in the next 6
another 60 Mb need to be sent at the rate . This means = 10 Mbps.
To compute the value for , we have = 4 s (i.e. is depleted at the rate − up to its
exhaustion), thus = 40 Mb.
Question 21: A static table is more flexible than a dynamic table in responding to both
error and congestion conditions. Is it true or false?
: False
Question 22: A static table is more flexible than a dynamic table in responding to both
error and congestion conditions. Is it true or false?
: False
Question 23: The diagram at right shows two TCP senders at left and the corresponding
receivers at right. Both senders use TCP Tahoe and are sending large files. Assume
that the MSS is 1 KB, that the one-way propagation delay for both connections is
50 ms and that the link joining the two routers has a bandwidth of 8 Mb/s.
Source-2 50 ms Router-2
Let 1 and 2 be the values of the senders’ congestion windows. What is the
smallest value of 1+ 2 for which the link joining the two routers could
stay busy all the time?
: RTT=0.1, so 0.1×8 Mb=100 KB is enough to keep the link busy.
Question 24: For the previous Question-23, assume that the link buffer overflows
whenever 1+ 2=150 KB and that at time 0, cwnd1=120 KB and cwnd2=30
KB. Approximately, what are the values of cwnd1 and cwnd2 one RTT later?
: Since we’re using Tahoe, cwnd1=cwnd2=1 KB
Question 25: For the previous Question-23, approximately how many more RTTs pass
before the first sender leaves the slow-start state?
: Since ℎ ℎ is set to 60 KB on entering slow-start, it takes about 6 RTTs for
to get above the slow-start threshold, triggering the transition out of the slow-start
state.
Question 26: Assume that the initial sequence number used by a TCP sender is 2000.
TCP sender starts in the Slow Start phase of the congestion control algorithm
(assume that ssthresh is initially very large) and transmits a TCP segment with
length MSS = 1500 Bytes.
The sender then receives an ACK segment with an acknowledgement number 3500
and a receive window 5000. The sender then sends two segments each with length
1500 Bytes. The next ACK segment the sender receives has an acknowledgement
number 5000 and a receive window RW.
If RW = 3000, what is the maximum number of bytes that the sender can transmit
further without getting another ACK segment from the receiver?
: Since the initial sequence number is 2000, an ACK is received with sequence
number 5000, CongestionW (Congestion Window) becomes 4500 (note that we are at
the beginning of slow start where CongestionW = 4500 initially after which it increases
to upon the reception of ACK with sequence number 3500 and then to 4500 upon the
reception of ACK with sequence number 5000.
ReceiveW = 3000.
12.13 Traffic Shaping Algorithms 373
Elements of Computer Networking TCP Congestion Control
Chapter
Session Layer
13
13.1 Introduction
The session layer resides above the transport layer, and provides value added services
to the underlying transport layer services. The session layer (along with the
presentation layer) adds services to the transport layer that are likely to be of use to
applications, so that each application doesn't have to provide its own implementation.
Data Data
Sender Receiver
Physical Link
Layer 5 of the OSI reference model is session layer. It does not add many
communications features/functionality, and is thus termed a very ℎ layer. On many
systems, the Layer 5 features are disabled, but you should nonetheless know what
failures can be prevented by a session layer.
Note: The TCP/IP protocols do not include a session layer at all.
If the receiver wants to send the data, he can request for the token. The sender decides
when to give up on acquiring the token, receiver becomes sender.
13.4.2 Synchronization
The layer handles only , ℎ deals with
layer . For example, in a file transfer, the transport layer might deliver data
correctly, but the application layer might be unable to write the file because the file
system is full.
Users can split the data stream into pages, inserting ℎ between
each page. When an error occurs, the receiver can resynchronize the state of the
session to a previous synchronization point. This requires that the sender hold data as
long as may be needed.
Synchronization refers to one of distinct but related concepts: ℎ of
, and ℎ of .
ℎ refers to the idea that multiple processes are to join up or
handshake at a certain point, so as to reach an agreement or commit to a certain
sequence of action. synchronization refers to the idea of keeping multiple copies of
a dataset in coherence with one another, or to maintain data.
In computer networking, ℎ is achieved through the use of sequence
numbers. The ISO protocols provide both major and minor synchronization points.
When ℎ , one can only go back as far as the previous major
synchronization point. In addition, major synchronization points are acknowledged
through explicit messages (making their use expensive). In contrast, minor
synchronization points are just .
Let us consider another example. Say we are transferring a database file from one end
machine to another. A packet (also called ) gets to the destination transport
layer, and an acknowledgement is send back. Unfortunately, this can happen before the
destination application has written the received data to disk. If the destination
transport layer reboots, it will receive a restart request from the source, but since the
source thinks it knows how much data has been received at the destination it will not
bother to resend it. Unfortunately, one packet will be lost as it was caught in RAM as
the destination computer failed.
The problem is that the two end applications do not hand shake that the data sent got
handled by the destination application. This is call ℎ .
For example, a bank transaction may consist of locking a record, updating a value, and
then unlocking the record. If an application processed the first operation, but never
received the remaining operations (due to client or network failures), the record would
remain locked forever. Activity management addresses this problem.
1 10 5 6
Server Stub
Client Stub
(Actual Procedure)
2 9 4 7
8
Transport Layer Transport Layer
Socket Socket
3
The client calls a local procedure, called the . To the client process, this
appears to be the actual procedure, because it is a regular local procedure. It just does
something different since the real procedure is on the server. The client stub packages
the parameters to the remote procedure (this may involve converting them to a standard
format) and builds one or more network messages. The packaging of arguments into a
network message is called ℎ and requires serializing all the data elements into
a flat array-of-bytes format.
1. Network messages are sent by the client stub to the remote system (via a
system call to the local kernel using transport layer sockets interfaces).
2. Network messages are transferred by the kernel to the remote system via some
protocol (either connectionless or connection-oriented: TCP or UDP).
3. A server stub, sometimes called the , receives the messages on the
server. It unmarshals the arguments from the messages and, if necessary,
converts them from a standard network format into a machine-specific form.
4. The server stub calls the server function (which, to the client, is the remote
procedure), passing it the arguments that it received from the client.
5. When the server function is finished, it returns to the server stub with its
return values.
6. The server stub converts the return values, if necessary, and marshals them
into one or more network messages to send to the client stub.
7. Messages get sent back across the network to the client stub.
8. The client stub reads the messages from the local kernel.
9. The client stub then returns the results to the client function, converting them
from the network representation to a local one if necessary.
10. The client code then continues its execution.
The major benefits of RPC are twofold. First, the programmer can now use procedure
call semantics to invoke remote functions and get responses. Secondly, writing
distributed applications is simplified because RPC hides all of the network code into
stub functions. Application programs don’t have to worry about details such as sockets,
port numbers, and data conversion and parsing. On the OSI reference model, RPC
spans both the session and presentation layers (layers five and six).
since that memory location likely point to something completely different on the remote
system.
If we want to support passing by reference, we will have to send a copy of the
arguments over, place them in memory on the remote system, pass a pointer to them to
the server function, and then send the object back to the client, copying it over the
reference.
If remote procedure calls have to support references to complex structures, such as
trees and linked lists, they will have to copy the structure into a pointer less
representation (e.g., a flattened tree), transmit it, and reconstruct the data structure on
the remote side.
procedure calls have to be prepared to either test for the failure of a remote procedure
call or catch an exception.
Chapter
Presentation Layer
Protocols 14
14.1 Introduction
The presentation layer is the sixth layer of the OSI model. It responds to service
requests from the application layer and issues service request to the session layer. The
presentation layer performs certain functions that are requested sufficiently often to
finding a general solution for users, rather than letting each user solve the problems. In
particular, unlike all the lower layers, which are just interested in moving bits reliably
from here to there, the presentation layer is concerned with the syntax and semantics of
the information transmitted.
Data Data
Sender Receiver
Physical Link
from the session layer, it makes sure that the data is in the proper format and once
again converts it if it is not.
To understand how data formatting works, imagine two dissimilar systems. The first
system uses Extended Binary Coded Decimal Interchange Code (EBCDIC) to represent
characters onscreen. The second system uses American Standard Code for Information
Interchange (ASCII) for the same function. (Note: Most personal computers use ASCII,
while mainframe computers traditionally use EBCDIC.) Layer 6 provides the translation
between these two different types of codes.
The presentation layer provides a variety of coding and conversion functions that are
applied to application layer data. These functions ensure that information sent from the
application layer of one system would be readable by the application layer of another
system. Some examples of presentation layer coding and conversion schemes include
common data representation formats, conversion of character representation formats,
common data compression schemes, and common data encryption schemes.
Example conversions are:
Conversion of a Sun .RAS raster graphic to JPG.
Conversion of ASCII to IBM EBCDIC
Conversion of .PICT on a MAC to .jpg
Conversion of .wav to .mp3
When reading a file, generally system reads 8 bits at a time to read a single
character. But this coding scheme is inefficient. The reason for this is that some
characters are more frequently used than other characters.
Let's say that the character ′ ′ is used 10 times more frequently than the character
′ ′. It would then be advantageous for us to use a 7 bit code for e and a 9 bit code
for instead because that could reduce our overall message length.
On average, using Huffman coding on standard files can reduce them anywhere
from 10% to 30% depending to the character frequencies. The idea behind the
character coding is to give longer binary codes for less frequent characters and
groups of characters. Also, the character coding is constructed in such a way that
no two character codes are prefixes of each other.
14.6.2 An Example
Let's assume that after scanning a file we found the following character
frequencies:
Character Frequency
12
2
7
13
14
85
In this, create a binary tree for each character that also stores the frequency with
which it occurs (as shown below).
The algorithm works as follows: Find the two binary trees in the list that store
minimum frequencies at their nodes.
Connect these two nodes at a newly created common node that will store no
character but will store the sum of the frequencies of all the nodes connected below
it. So our picture looks like follows:
21 27
48
21 27
48 f-85
21 27
b-2 c-7
Once the tree is built, each leaf node corresponds to a letter with a code. To determine
the code for a particular node, traverse from the root to the leaf node. For each move to
the left, append a 0 to the code and for each move right append a 1. As a result for the
above generated tree, we get the following codes:
Letter Code
a 001
b 0000
c 0001
d 010
e 011
f 1
In the above example, since we have six characters, let's assume each character is
stored with a three bit code. Since there are 133 such characters (multiply total
frequencies with 3), the total number of bits used is 3 ∗ 133 = 399.
Using the Huffman coding frequencies we can calculate the new total number of bits
used:
Letter Code Frequency Total Bits
a 001 12 36
b 0000 2 8
c 0001 7 28
d 010 13 39
e 011 14 42
f 1 85 85
Total 238
Thus, we saved 399 − 238 = 161 bits, or nearly 40% storage space.
14.7.1 Authentication
Authentication is the process of determining whether someone is who it is declared to
be. In private and public computer networks, authentication is commonly done through
the use of logon passwords. Knowledge of the password is assumed to guarantee that
the user is authentic. Each user registers initially, using an assigned or self-declared
password.
On each subsequent use, the user must know and use the previously declared
password. The weakness in this system for transactions that are significant (such as
the exchange of money) is that passwords can often be stolen, accidentally revealed, or
forgotten. For this reason, Internet business and many other transactions require a
more robust authentication process.
The use of digital certificates issued and verified by a Certificate Authority (CA) as part
of a public key infrastructure is the standard way to perform authentication on the
Internet.
14.7.2 Authorization
After authentication, a user must gains ℎ for doing certain tasks. For
example, after logging into a system; the user may try to issue commands. The
authorization process determines whether the user has the authority to issue such
commands.
In other words, authorization is the process of enforcing policies: determining what
types or qualities of activities, resources, or services a user is permitted. Usually,
authorization occurs within the context of authentication. Once you have authenticated
a user, they may be authorized for different types of access or activity.
14.7.4 Confidentiality
Confidentiality refers to limiting access to information on a resource to authorized
people. An attacker that exploits a weakness in a product to access non-public
information is compromising the confidentiality of that product.
For example, a weakness in a web site that enables a visitor to read a file that should
not be read would constitute security vulnerability. However, a weakness that revealed
the physical location of a file would not constitute vulnerability.
14.7.5 Availability
Availability refers to the possibility to access a resource. An attacker that exploits a
weakness in a product, denying appropriate user access to it, is compromising the
availability of that product.
For example, a weakness that enables an attacker to cause a server to fail would
constitute security vulnerability, since the attacker would be able to regulate whether
the server provided service or not. However, the fact that an attacker could send a huge
number of legitimate requests to a server and monopolize its resources would not
constitute security vulnerability, as long as the server operator still could control the
computer.
14.7.6 Non-repudiation
To repudiate means to deny. Non-repudiation is the process of ensuring that a
transferred message has been sent and received by the parties claiming to have sent
and received the message. Nonrepudiation is a way to guarantee that the sender of a
message cannot later deny having sent the message and that the recipient cannot deny
having received the message.
As an example, someone (say, person A) claims that person B used offensive words and
person B attempts to repudiate (deny) the claim. It is easy to prove that he has used
offensive words. There is evidence that person B has used offensive words. If person B
cannot repudiate the claim about offensive words, the evidence provides non-
repudiation.
Non-repudiation is an active attempt to create proofs which may be used against an
identified person who is denying that they are the origin of a communication or action.
The proofs are identity, authentication of the identity, and something connecting a
communication or action to the identity.
In the above example there are legal documents that record the testimony of many
witnesses who identified and authenticated person B and witnessed him using offensive
words. This is a passive and accidental production of artifacts connecting an action to
an identity.
In security we want active purposeful production of proofs that may assist in a non-
repudiation argument. In order to do that we must identify an entity, authenticate the
identity and connect the identified entity to a specific action or communication.
Some people use public/private key certificates to sign their email. By using their e-
mail address they are providing identification. Their use of a private key (to sign the e-
mail) provides authentication as long as the private key is known only by the individual.
When they sign an e-mail with their digital signature they are connecting the content of
the e-mail to the identity authenticated by the certificate. These proofs may assist in
preventing an individual from repudiating the contents of the e-mail;
ℎ − .
However, to repudiate the e-mail a sender may claim that their private key was stolen
(known by another party) and the thief sent the e-mail.
Note: Although data encryption is commonly mentioned as a typical presentation layer
task, almost all OSI layers could perform this task. For more details on security refer
Network Security chapter.
Chapter
Network Security
15
15.1 What is Network Security?
Network security refers to a set of and used by a network
administrator to prevent and monitor unauthorized access of a computer network.
These activities include protecting the usability, reliability, integrity, and safety of
computer network and data.
in the attack. The FBI also obtained data from Google and Verizon indicating
that attacker had more recently been logging into his Gmail address from a
Verizon account, having previously logged into the same address via the
Optimum Online account that was used to access company FTP server.
Attacker was employed at newspaper publisher from mid-2011 to mid-2012 as
a Web administrator and webmaster. According to the employee who contacted
the FBI, attacker knew the login user name and password for the company's
FTP server, which hadn't been changed after his termination in mid-2012.
3. Computer hackers arrested over to millions: A man entered a
branch of the bank in South East London, where he attempted to
install a device that would have allowed hackers to access its network from
outside. The device is called keyboard video mouse (KVM), which fit into the
back of a machine. It cost as small as £10 and are widely available in computer
stores or online.
It records the keyboard activity and also users can send commands to the
computer from elsewhere. The gang, which was allegedly operating out of a
small office in a shed in West London, was suspected of planning to use Wi-Fi
in order to connect to the device and transfer funds electronically.
Had the plan been successful, police believe the hackers could have had access
to millions of pounds of customer funds. But the plan was failed following an
intelligence led operation by officers from the Metropolitan Police’s special E-
Crime.
Every year, organizations are spending billions of dollars for network security and it is
increasing. Every company should monitor its systems for unauthorized access and
attacks.
In any organization, security team should educate people and discourage people to
break into systems for illegal and malicious reasons
15.6.2 Prevention
The foundation of the network security is prevention. To provide some level of security,
it is necessary to implement measures to prevent the exploitation of vulnerabilities.
15.6.3 Detection
Once preventative measures are implemented, procedures need to be put in place to
detect potential security problems. This is helpful if the preventative measures fail. It is
very important that problems be detected immediately. The sooner a problem is
detected the easier it is to correct and cleanup.
15.6.4 Correct
Organizations need to develop a plan that identifies the appropriate correction to a
security problem. The plan should be in writing and should identify who is responsible
for what actions and the varying corrections and levels of escalation.
15.7.2 Threat
In computer security, a ℎ refers to anything that has the to cause serious
harm to a computer system. A threat is something that or happen, but has
the potential to cause serious damage. Threats can lead to attacks on computer
systems, networks and more.
15.7.3 Malware
Malware means software. This is a program that is specifically designed to get
access and damage a computer without the knowledge of the owner. Malware includes
computer viruses, worms, Trojan horses, keyloggers, dialers, spyware, and adware.
Majority of active malware threats are usually worms or Trojans rather than viruses.
system down. It is comparable to a computer virus, but able to spread copies of itself
from one computer to another without the assistance of users.
15.7.6 Antivirus
Anti-virus software is a program (or a set of programs) that are designed to prevent,
search for, detect, and remove software viruses, and other malicious software like
worms, Trojans, adware, and more.
These tools are critical for users to have installed and up-to-date because a computer
without anti-virus software installed will be infected within minutes of connecting to the
internet. The anti-virus companies update their detection tools constantly to deal with
the more than 60,000 new pieces of malware created daily.
There are several different companies that offer anti-virus software and what each offers
can vary but all perform some basic functions:
Scan specific files or directories for any malware or known malicious patterns.
Allow you to schedule a scan.
Allow you to initiate a scan of a specific file or of your computer, or of a CD or
flash drive at any time.
Remove any malicious code detected –sometimes you will be notified of an
infection and asks if you want to clean the file, other programs will
automatically do this behind the scenes.
Show you the ℎ ℎ of your computer.
15.7.7 Adware
Adware is a program (or software) with advertisements embedded in the application.
Adware is an allowed alternative offered to users who do not wish to pay for software.
There are many ad-supported programs, games or utilities that are distributed as
adware (or freeware). Today we have a growing number of software developers who offer
their products as sponsored freeware (adware) until you pay to register. If we are using
adware, when we stop running the software, the ads should disappear, and we always
have the option of disabling the ads by purchasing a registration key.
15.7.10 Spyware
Spyware is a program (or software) that gathers user information through the user's
Internet connection without his or her knowledge. Spyware is generally used for
advertising purposes.
Spyware applications are typically bundled as a hidden component of
programs that can be downloaded from the Internet. But, it should be noted that the
most of the freeware applications do not come with spyware. Once installed, the
spyware monitors user activity on the Internet and transmits that information in the
background to someone else. Spyware can also gather information about e-mail
addresses and even passwords and credit card numbers.
Spyware is mostly classified into four types: monitors, , , and
. Spyware is mostly used for the purposes such as; tracking and storing
internet users' movements on the web and serving up pop-up ads to users.
may fail to detect the virus because the virus is new and no signature is yet available,
or it may fail to detect because of configuration settings or even faulty signatures.
15.7.17 Firewall
A firewall is a software system designed to prevent unauthorized access to or from a
private network. Firewalls can be implemented in both hardware and software, or a
combination of both. Firewalls are frequently used to prevent unauthorized Internet
users from accessing private networks connected to the Internet, especially intranets.
All messages entering or leaving the intranet pass through the firewall, which examines
each message and blocks those that do not meet the specified security criteria.
There are several types of firewall techniques:
: Looks at each packet entering or leaving the network and accepts
or rejects it based on user-defined rules. Packet filtering is fairly effective and
transparent to users, but it is difficult to configure. In addition, it is susceptible
to IP spoofing.
: Applies security mechanisms to specific applications, such
as FTP and Telnet servers. This is very effective, but can impose performance
degradation.
- : Applies security mechanisms when a TCP or UDP
connection is established. Once the connection has been made, packets can
flow between the hosts without further checking.
: Checks all messages entering and leaving the network. The proxy
server effectively hides the true network addresses.
15.7.18 Hacker
This is a term for a computer enthusiast. A ℎ is a person who enjoys learning
programming languages and computer systems and can often be considered an expert
on the subject. Among professional programmers, depending on how it used, the term
can be either complimentary or derogatory, although it is developing an increasingly
derogatory connotation.
In positive sense (also called ℎ ℎ ℎ ), hacker is a person who enjoys exploring
the details of computers and how to stretch their capabilities. On the negative side (also
called ℎ ℎ ), hacker would engage in the above for malicious purposes.
in a variety of ways. They can embed arbitrary code within a fake application, or Trojan
horse, and will be executed whenever you launch the fraudulent software.
Attackers can also use a combination of spyware and logic bombs in an attempt to steal
your identity. For example, cyber-criminals use spyware to covertly install a keylogger
on your computer. The keylogger can capture your keystrokes, such as usernames and
passwords.
The logic bomb is designed to wait until you visit a website that requires you to login
with your credentials, such as a banking site or social network. Consequently, this will
trigger the logic bomb to execute the and capture credentials and send
them to a remote attacker.
15.7.27 Wi-Fi
Wi-Fi is the name of a popular wireless networking technology that uses waves to
provide wireless high-speed Internet and network connections. Wi-Fi works with no
physical wired connection between sender and receiver by using radio frequency (RF)
technology, a frequency within the electromagnetic spectrum associated with radio wave
propagation.
When an RF current is supplied to an antenna, an electromagnetic field is created that
then is able to propagate through space. The cornerstone of any wireless network is an
access point (AP).
The primary job of an access point is to broadcast a wireless signal that computers can
detect and tune into. In order to connect to an access point and join a wireless network,
computers and devices must have wireless network adapters.
15.8.1 Authentication
Authentication is the process of determining whether someone is who it is declared to
be. In private and public computer networks, authentication is commonly done through
the use of logon passwords. Knowledge of the password is assumed to guarantee that
the user is authentic. Each user registers initially, using an assigned or self-declared
password.
On each subsequent use, the user must know and use the previously declared
password. The weakness in this system for transactions that are significant (such as
the exchange of money) is that passwords can often be stolen, accidentally revealed, or
forgotten. For this reason, Internet business and many other transactions require a
more robust authentication process.
The use of digital certificates issued and verified by a Certificate Authority (CA) as part
of a public key infrastructure is the standard way to perform authentication on the
Internet.
15.8.2 Authorization
After authentication, a user must gains ℎ for doing certain tasks. For
example, after logging into a system; the user may try to issue commands. The
authorization process determines whether the user has the authority to issue such
commands.
In other words, authorization is the process of enforcing policies: determining what
types or qualities of activities, resources, or services a user is permitted. Usually,
authorization occurs within the context of authentication. Once you have authenticated
a user, they may be authorized for different types of access or activity.
Data Integrity is the assurance that data have not been changed inappropriately. There
are many ways in which data might be altered: accidentally (through hardware and
transmission errors), or because of an intentional attack.
For example, a weakness that allows an administrator to change the permissions on
any file on a system would not be security vulnerability because an administrator
already has this capability. In contrast, if a weakness allowed an unprivileged user to
do the same thing, it would constitute security vulnerability.
15.8.4 Confidentiality
Confidentiality refers to limiting access to information on a resource to authorized
people. An attacker that exploits a weakness in a product to access non-public
information is compromising the confidentiality of that product.
For example, a weakness in a web site that enables a visitor to read a file that should
not be read would constitute security vulnerability. However, a weakness that revealed
the physical location of a file would not constitute vulnerability.
15.8.5 Availability
Availability refers to the possibility to access a resource. An attacker that exploits a
weakness in a product, denying appropriate user access to it, is compromising the
availability of that product.
For example, a weakness that enables an attacker to cause a server to fail would
constitute security vulnerability, since the attacker would be able to regulate whether
the server provided service or not. However, the fact that an attacker could send a huge
number of legitimate requests to a server and monopolize its resources would not
constitute security vulnerability, as long as the server operator still could control the
computer.
15.8.6 Non-repudiation
To repudiate means to deny. Non-repudiation is the process of ensuring that a
transferred message has been sent and received by the parties claiming to have sent
and received the message. Nonrepudiation is a way to guarantee that the sender of a
message cannot later deny having sent the message and that the recipient cannot deny
having received the message.
As an example, someone (say, person A) claims that person B used offensive words and
person B attempts to repudiate (deny) the claim. It is easy to prove that he has used
offensive words. There is evidence that person B has used offensive words. If person B
cannot repudiate the claim about offensive words, the evidence provides non-
repudiation.
Non-repudiation is an active attempt to create proofs which may be used against an
identified person who is denying that they are the origin of a communication or action.
The proofs are identity, authentication of the identity, and something connecting a
communication or action to the identity.
In the above example there are legal documents that record the testimony of many
witnesses who identified and authenticated person B and witnessed him using offensive
words. This is a passive and accidental production of artifacts connecting an action to
an identity.
In security we want active purposeful production of proofs that may assist in a non-
repudiation argument. In order to do that we must identify an entity, authenticate the
identity and connect the identified entity to a specific action or communication.
Some people use public/private key certificates to sign their email. By using their e-
mail address they are providing identification. Their use of a private key (to sign the e-
mail) provides authentication as long as the private key is known only by the individual.
When they sign an e-mail with their digital signature they are connecting the content of
the e-mail to the identity authenticated by the certificate. These proofs may assist in
preventing an individual from repudiating the contents of the e-mail;
ℎ − . However, to repudiate the e-mail a sender may claim that their
private key was stolen (known by another party) and the thief sent the e-mail.
Source Destination
Source Destination
Attacker
: The middle man receives the message, modifies it and then sends
to the actual receiver. Modification is an attack that tampers with a resource.
Its aim is to modify information that is being communicated with two or more
parties.
Source Destination
Attacker
: The middle man will just create a new message and will send it to
the receiver. The receiver will believe that the message came from the sender. A
Fabrication attack is also called counterfeiting. This attack usually inserts new
information, or records extra information on a file. It is mainly used to gain
access to data or a service.
Source Destination
Attacker
Based on the above discussion, there are two main types of attacks whose aim is to
compromise the security of a network.
Passive attack
Active attack
As seen in earlier chapters, when a client makes a TCP connection to a server; the client
and server perform a three-way handshake to establish the connection.
Client sends a SYN message to server.
Server replies back with SYN/ACK message to client ( ℎ ).
Client sends ACK message to server ( ) and the connection is now
established.
Client Server
SYN
SYN/ACK
In SYN flood attack, the attacker does not respond to the server with the expected ACK
code. The attacker can either simply not send the expected ACK, or uses wrong IP
(by spoofing the source IP address) in the SYN. This causes the server to send the
SYN/ACK to a wrong IP address (which might not exist at all); which will not send an
ACK because it “knows” that it never sent a SYN.
SYN/ACK to fake IP
and waits for ACK
The server will wait for the acknowledgement for some time, but in an attack
increasingly large numbers of half-open connections will bind resources on the server
until no new connections can be made. This results in a denial of service to legitimate
traffic. Some systems may also malfunction badly or even crash if other operating
system functions are starved of resources in this way.
ICMP ping utilities often included large-packet capability and became the namesake of
the problem, although UDP and other IP-based protocols also could transport Ping of
Death.
Server Link
This causes the problem that someone could see your data. It’s just like you sending
out a mail and the postman can take a peek if he wants too.
Another point we have to make clear that data can be transmitted in Plain text format
or encrypted code format. If data encrypted, the attacker only sees a pile of meaningless
strings. He can choose to rank his brain to crack them down if he really wants to get
the original data from it but it’s not easy at all. It’s pretty much like what happened in
the Second World War. Everybody could receive telegram commands but it took a great
effort to crack the code.
Attacker
Station-1 Stations-2
Ram<--[Mallory's_key] Attacker
5. Ram encrypts a message with what he believes to be Mary's key, thinking that only
Mary can read it:
Ram "Meet me at the bus stop!"[encrypted with Mallory's key]-->Attacker
6. However, because it was actually encrypted with attacker's key, attacker can decrypt
it, read it, modify it (if desired), re-encrypt with Mary's key, and forward it to Mary:
Attacker "Meet me at 22nd Ave!"[encrypted with Mary's key]-->Mary
7. Mary thinks that this message is a secure communication from Ram.
This example shows the need for and to have some way to ensure that they
are truly using each other's public keys, rather than the public key of an attacker.
Otherwise, such attacks are generally possible, in principle, against any message sent
using public-key technology. Fortunately, there are a variety of techniques that help
defend against MITM attacks.
The hacker is impersonating the both sides of the conversation to gain access to funds.
This example holds true for a conversation with a client and server as well as person to
person conversations. In the example above the attacker intercepts a public key and
with that can transpose his own credentials to trick the people on either end into
believing they are talking to one another securely.
recipient clicks on the link in the email, they are directed to the fake website, where
they are prompted to divulge their personal information.
15.11 Cryptography
15.11.1 What is Cryptography?
Cryptography is about keeping communications private. Cryptography is the science of
information security. The word ℎ is derived from Greek. In Greek,
means and ℎ means .
Cryptography = Crypto + Graphy = Secret + Writing.
It is the art of protecting information by converting it into an unreadable format.
Cryptography is an important part of preventing private data from being stolen. Even if
the attackers were able intercept our messages they still will not be able to read the
data if it is protected by cryptography.
Cryptography is used to fulfill the functions: Authentication, Authorization, Data
Integrity, Confidentiality, Availability, and Non-Repudiation (refer
section).
A B C D E F ….. X Y Z
A B C D E F ….. X Y Z A B C
During the 16 century, Vigenere designed a cipher that was the first cipher which used
an encryption key. In one of his ciphers, the encryption key was repeated multiple times
spanning the entire message, and then the cipher text was produced by adding the
message character with the key character modulo 26.
As with the Caesar cipher, Vigenere’s cipher can also easily be broken; however,
Vigenere’s cipher brought the very idea of introducing encryption keys into the picture,
though it was poorly executed. Comparing this to Caesar cipher, the secrecy of the
message depends on the secrecy of the encryption key, rather than the secrecy of the
system.
In early 19 century, everything became electric. The Enigma machine was invented by
engineer ℎ at the end of World War. It was heavily used by the
forces during the World War as well. The Enigma machine used 3 or 4 or
even more rotors. The rotors rotate at different rates as you type on the keyboard and
output appropriate letters of cipher text. In this case the key was the initial setting of
the rotors.
The Enigma’s cipher was eventually by Poland. Later, the technology was
transferred to the British cryptographers.
Book ciphers like this: The sender composes his message and then consults the
code book. Common words and phrases are replaced with a group of numbers and
letters, and any remaining text is encoded character by character. The result is
transmitted. The receiver then looks up each group in the corresponding code book and
reassembles the message. An additional level of security can be added by enciphering
the code groups; this is called - ℎ .
High-grade Japanese naval codes since the 1920s had relied on code books and
superencipherment to protect their communications, and the U.S., Great Britain,
Australia, and Holland all had had considerable against them. The Japanese
navy regularly changed their code books and the superencipherment technique. But,
the supherencipherment was generally weak and easily broken (Japanese characters
were encoded as for transmission, and this made them vulnerable to standard
cryptological attacks such as frequency analysis).
The main Japanese code was 25. Finding the contents of the JN25 code book was
essentially an exercise in puzzle-solving. Code-breakers at HYPO used IBM
punch-card sorting machines to find messages using specific code groups. The end
result was a huge card catalog representing the inferences and deductions of code
groups of the JN25 code book.
In early 1942 when the U.S. began detecting signs of an impending attack, the target
was encoded as " ." Locations in the JN25 code book were represented by a code
group, and AF was not definitively known by the U.S. So the code-breakers at Station
HYPO devised an intelligent experiment to confirm the identity of AF. Pearl Harbor and
Midway Island were connected by an underwater cable. Station HYPO sent orders to
Midway by cable to broadcast a radio message that the ′ plant had
down. The radio message was broadcast without encryption to ensure that
Japan could read it if it was intercepted.
The radio message was intercepted by Japan and reported by a message encoded in
JN25 stating that AF's desalinization plant was out of order. That message was
intercepted by Station HYPO. AF was thus confirmed as Midway.
The next question was regarding the timing of attack. Station HYPO said that the attack
would come in late May to early June 1942. Station HYPO's intelligence helped U.S. in
winning the war with limited resources.
In 1997, and in the following years, DES was broken by an exhaustive search attack.
The main problem with DES was the small size of the encryption key. As computing
power increased it became easy to brute force all different combinations of the key to
obtain a possible plain text message.
In 1997, NIST again put out a request for proposal for a new block cipher. It received 50
submissions. One of those submissions was in 2000, and named Advanced Encryption
Standard (AES).
15.11.5 Cryptanalysis
is the art of ciphers. That means, retrieving the plaintext without
knowing the proper key. is the study of ciphers, ciphertext, or
cryptosystems to finding in them. In other words, it will allow retrieval of the
plaintext the ciphertext, without knowing the key or the algorithm. This is known
as breaking the cipher, ciphertext, or cryptosystem.
Breaking is sometimes used interchangeably with weakening. This refers to finding a
fault in the design or implementation of the cipher.
Cryptography
Bit or Byte
Stream Cipher Cipher Stream
Stream
With stream ciphers, patterns in the plaintext can be reflected in the ciphertext. As an
example, consider the plaintext "We will discuss one to one" into ciphertext to compare
the two patterns:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
1 2 3 4 5 6 A B C D E F G H I J K L M N O P Q R S T
predictable regularity. It is not hard for a trained code breaker to break this type of
code.
Another problem with stream ciphers is that they can be easily affected to a
substitution attack even without breaking the code. This is a type of replay attack
where someone can simply copy a section of an old message and insert it into a new
message. We don't need to break the code to insert the old section into a new message.
Examples of stream ciphers are:
ℎ
ℎ #4 (RC4)
-
Block of Block of
Block Cipher
Plaintext Ciphertext
A cipher that generates a block of ciphertext that is significantly larger than the
information it is trying to protect is of little practical value. Think about it in terms of
network bandwidth: If the ciphertext block was twice the size of the plaintext, the net
effect is that your bandwidth would be cut in half. This would also have an impact on
files stored in an encrypted format. An unencrypted file 5 MB in size would be 10 MB in
size when encrypted.
Examples of block ciphers are:
Data Encryption Standard (DES)
International Data Encryption Algorithm (IDEA)
SKIPJACK
As long as both and know the secret key, they can encrypt and decrypt
all messages that use this key. The term - refers to the
keys ℎ by users.
Symmetric encryption (also called or was
the only type of encryption in use to the development of public-key encryption in
1976.
Input Plain Text Secret Key shared by Sender and Receiver Output Plain Text
When RC4 was first developed, it was a proprietary algorithm; however, the code was
leaked to several locations online and in email starting in September of 1994. Since the
algorithm is now known, it is no longer considered to be a secret.
RC4 is an example for cipher and uses a key.
15.13.1.7.6 SKIPJACK
is an example for block cipher developed by the U.S. National Security Agency
(NSA). supports a 64-bit size and a 80-bit key. The block is internally
divided into 16-bit words.
For centuries, all cryptography was based on the symmetric key cryptosystems. Then in
1976, two computer scientists, ℎ and of
, introduced the concept of asymmetric cryptography.
Input Plain Text ′ public key ′ private key Output Plain Text
Input Plain Text private key ′ public key Output Plain Text
key. Only has access to her corresponding private key and as a result is the
only person with the capability of decrypting the encrypted data back into its original
form.
[Typ e a quote from the [Typ e a quote from the
document or the summary of document or the summary of
an intere sting point. You can an intere sting point. You can
position t he t ext box anywhere
position t he t ext box anywhere
in the docum ent. Use the
Drawing Tools tab to c hange Cipher Text in the docum ent. Use the
Drawing Tools tab to c hange
the formatting of the pull
the formatting of the pull
quote text box.]
Input Plain Text ’ public key ’ private key Output Plain Text
As only has access to her key, it is possible that only can decrypt the
encrypted data. Even if someone else gains access to the encrypted data, it will remain
confidential as they should not have access to ’ key. Public key
cryptography can therefore achieve Confidentiality.
15.13.2.7.1 Diffie-Hellman
– key exchange (D–H) is a specific method of exchanging keys. It is one of
the earliest examples of key exchange implemented within the field of
cryptography.
The Diffie–Hellman key exchange method allows two parties that have no prior
knowledge of each other to jointly establish a shared secret key over an insecure
communications channel. This key can then be used to encrypt subsequent
communications using a symmetric key cipher.
The scheme was first invented by ℎ and in 1976. In 2002,
suggested the algorithm be called – – key exchange in
recognition of ℎ ′ contribution to the invention of public-key cryptography.
15.13.2.7.2 RSA
The RSA is a public key algorithm developed by Ron Rivest, Adi Shamir, and Len
Adelman at Massachusetts Institute of Technology (MIT). To generate keys, RSA
algorithm multiplies large prime numbers.
Its strength lies in the fact that it is extremely difficult to factor the product of large
prime numbers. This algorithm is one of the most well-known public key encryption
algorithms. The RSA also provides digital signature capabilities.
Hash Algorithm (SHA). Then in 1995, the NSA made a change to SHA. The new
algorithm was called SHA-1. Today, the most popular hash function is SHA-1, with
MD5 still being used in older applications.
Breaking a hash function means showing that two messages getting same hash code
(same message digests for two different messages). On other words, getting a collision
for two different input plain texts is nothing but breaking a hash function.
Security researches announced some pretty impressive cryptographic results against
MD5 and SHA-1. Collisions have been demonstrated in MD5 and SHA-1. It's time for us
all to migrate away from SHA-1. Luckily, there are alternatives which are harder-to-
break hash functions: SHA-224, SHA-256, SHA-384 and SHA-512.
Small
Text Encryption/D Uytrg ohgf -
Here. ecryption ihsp
Hashes, on the other hand, compile a stream of data into a small digest, and it's strictly
a one way operation. All hashes of the same type - this example show the MD5 variety -
have the size no matter how big the inputs are.
Small
Text Hash 75cdbfeb70a06d422
Here Function 10938da88c42991
Message Digest
Input Plain Text
Compare?
Input Plain Text
Sender
Message N
Digest
Message not changed: Accept
15.14.6.1 MD4
MD4 was developed by Ron Rivest when he was working at RSA. MD4 is an example for
one-way hash function. It takes a message of variable length and produces a 128-bit
message digest. MD4 has been proven to have weaknesses.
15.14.6.2 MD5
MD5 was also created by Ron Rivest as an improvement on MD4. Like MD4, MD5
creates a unique 128-bit message digest derived from the message. This value, which is
a fingerprint of the message, is used to verify the integrity of the message.
If a message or file is modified in any way, even a single bit, the MD5 cryptographic
checksum for the message or file will be different. It is considered very difficult to alter a
message or file in a way that will cause MD5 to generate the same result as was
obtained for the original file.
While MD5 is more secure than MD4, it too has been found to have some weaknesses.
15.14.6.3 SHA-1
SHA-1 is a one-way hash algorithm used to create digital signatures. SHA-1 is derived
from SHA, which was developed in 1994 by the NIST. SHA-1 is similar to the MD4 and
MD5 algorithms developed by Ron Rivest. SHA-1 is slightly slower than MD4 and MD5,
but it is reported to be more secure.
The SHA-1 hash function produces a 160-bit hash value or message digest. I am aware
of no known cryptographic attacks against SHA-1 that have been successful. Since it
produces a 160-bit message digest it is more resistant to brute force attacks than MD4
and MD5, which produce a 128-bit message digest.
circumstance observed in our lives. We rarely take for granted that they are used in
transferring money through checks and credit cards; acting as identification on driver’s
licenses; or even acting as that a document has been read, understood and
agreed to.
Traditionally, paper documents are validated and certified by written signatures, which
work fairly well to provide authenticity. For electronic documents, a similar mechanism
is needed. , which are nothing but a string of and
generated by using a digital signature algorithm, serve the purpose of validation and
authentication of electronic documents.
Since a digital signature is just a sequence of zeroes and ones, it is desirable for it to
have the following properties:
Signature must be a bit pattern that depends on the message being signed (so,
for the same originator, the digital signature is different for different
documents).
Signature must use some information that is unique to the sender ( ) to
prevent forgery and denial.
It must be relatively easy to produce.
It must be relatively easy to recognize and verify the authenticity of digital
signature.
It must be computationally infeasible to forge a digital signature ℎ by
constructing a new message for an existing digital signature constructing a
fraudulent digital signature for a given message.
To verify that the received document is from the sender and that the contents
have not been modified; several procedures have been developed, and they are called
ℎ techniques.
In addition, basic authentication techniques produce signatures that are as long as the
message themselves.
Hash Message
Message
Function Digest
Hash Message
Message
Function Digest
Compare
Sender’s
Public Key
Encrypted
Message Encrypt
Message
Random
Symmetric Encrypted Digital
Key Encrypt Symmetric Envelope
Key
The symmetric key itself is encrypted using the intended recipient’s public key. The
combination of the encrypted message and the encrypted symmetric key is the digital
envelope.
Receiver’s
Private Key
The original message and the digital signature are then encrypted by the sender using a
randomly generated key and a symmetric-key algorithm.
The symmetric key itself is encrypted using the recipient’s public key. The combination
of encrypted message and signature, together with the encrypted symmetric key, form
the digital envelope containing the signed message.
Message Message
Encrypt
Digest
Hash Digital
Function Signature Signed
Message
Encrypt
Random
Message
Symmetric
Digest
Key
Receiver’s
Public Key
Signature
Function
Sender’s Private Key
Encrypted Digital
Signed Decrypt Message
Signature
Message
Signed Random
Message Encrypted Symmetric
Decrypt
Symmetric Key
Key
Hash Signature
Receiver’s
Function Function
Private Key
Message Message
Digest Digest
Sender’s
Compare Public Key
Figure shows the process of opening a digital envelope, recovering the message, and
verifying the signature. First, the symmetric key is recovered using the recipient’s
private key. This is then used to decrypt and recover the message and the digital
signature. The digital signature is then verified as described earlier.
The direct digital signature involves only the communication parties, sender and
receiver. This is the simplest type of digital signature. It is assumed that the recipient
knows the public key of the sender. In a simple scheme, a digital signature may be
formed by encrypting the entire message or the hash code of the message with the
sender’s private key. Confidentiality can be provided by further encrypting the entire
message plus signature with either the receiver’s public key encryption or the shared
secret key, which is conventional encryption.
A sender may later deny sending a particular message by claiming that the private key
was lost or stolen and that someone else forged his signature. One way to overcome this
is to include a time stamp with every message and requiring notification of loss of key to
the proper authority. In case of dispute, a trusted third party may view the message and
its signature to arbitrate the dispute.
The presence of T solves the problem faced by direct signature schemes, namely that A
might deny sending a message. The arbiter plays a sensitive and crucial role in this
scheme, and all parties must trust that the arbitration mechanism is working properly.
There are many variations of arbitrated digital-signature schemes. Some schemes allow
the arbiter to see the messages, while others don’t.
The particular scheme employed depends on the needs of the applications. Generally,
an arbitrated digital-signature scheme has advantages over a direct digital-signature
scheme such as the trust in communications between the parties provided by the
trusted arbiter and in the arbitration of later disputes, if any.
The two most popular and commonly used public-key system based digital signature
schemes are the (named after , ℎ , and , the inventors of the RSA
public-key encryption scheme) and the digital signature algorithm ( ) approaches.
The DSA is incorporated into the Digital Signature Standard (DSS), which was
published by the National Institute of Standards and Technology.
RSA is a commonly used scheme for digital signatures. In RSA approach, the message
to be signed is input to a hash function that produces a secure hash code of fixed
length. This hash code is then encrypted using the sender’s private key to form the
signature. Both the signature and the message are then concatenated and transmitted.
The recipient takes the message and produces a hash code. The recipient also decrypts
the signature using the sender’s public key. If the calculated hash code matches the
decrypted signature, the signature is accepted as valid.
This is because only the sender knows the private key, and thus only the sender could
have produced a valid signature. The signature generation and verification using RSA is
identical to the schemes discussed earlier.
Sender’s
Private Key
Message
Digest
Hash Message Signature
Message
Function Digest Function
Digital
Signature
Random Global
Number Public Key
The signing process in DSS (using DSA) is shown in figure. The DSA approach also
makes use of a hash function. The hash code is provided as input to a signature
function together with a random number generated for this particular signature.
The signature function also uses the sender’s private key and a set of parameters
known to a group of communicating parties, referred to as global public key. The output
signature consists of two components.
The signature verification process is shown in figure. At the receiving end, the hash
code of the incoming message is generated and input to a verification function, together
with the two components of the signature. The verification function uses the global
public key as well as sender’s public key and recreates (one of the two components of)
the original digital signature. A ℎ between the recreated and the original signature
indicates the authenticity of the signature. The signature function is such that it
assures the recipient that only the sender, with the knowledge of the private key, could
have produced the valid signature.
Digital
Signature
Compare
Sender’s Global
Public Key Public Key
The basis of the RSA scheme is the difficulty of factoring of large prime numbers. That
of the DSA scheme is the difficulty of computing discrete logarithms. The DSA provides
only the signature function whereas the RSA scheme could additionally provide
encryption and key exchange. The signature verification using the RSA scheme is about
100 times faster than a DSA scheme. The signature generation is slightly faster in the
DSA scheme.
Work is underway for several extensions of the basic digital signature scheme such as
enabling signatures by multiple parties (group digital signatures), signatures by a
hierarchy of signatories, and protocols for simultaneous signing of contracts
electronically by two or more signatories, separated by wide distances.
As an example, let’s suppose that Ram often sends messages to Mary and that Mary
needs to be sure that a message from Ram really has come from Ram before she acts on
its information. Also, assume that they have decided to solve their problem by selecting
a password, and they agreed not to share this secret with anyone else. If Ram’s
messages can somehow demonstrate that the sender knows the password, Mary will
know that the sender is Ram.
The only question left for Ram and Mary to resolve is how Ram will show that he knows
the password. He could simply include it somewhere in his messages (say, a signature
block at the end— , ). This would be simple and efficient and might
even work if Ram and Mary can be sure that no one else is reading their mail.
Unfortunately, that is not the case. Their messages pass over a network used by
attacker, who has a network analyzer and a hobby of scanning traffic in hope that one
day he might find a password. So it is out of the question for Ram to prove that he
knows the secret simply by saying it. To keep the password secret, he must show that
he knows it without revealing it.
The Kerberos protocol solves this problem with key cryptography. Rather than
sharing a password, they share a cryptographic , and they use knowledge of this key
to verify one another’s identity. For the technique to work, the shared key must be
symmetric—a single key must be capable of both encryption and decryption. One party
proves knowledge of the key by encrypting a piece of information, the other by
decrypting it.
Kerberos is an authentication protocol for ℎ on . Kerberos
is a network protocol that uses - cryptography ( key cryptography) to
authenticate client-server applications. The user's password does not have to pass
through the network. It works by assigning a unique key (called a ) to each user
that logs on to the network. The ticket is then embedded in messages to identify the
sender of the message.
The instance is optional and is used to tell the type of user. For example administrator
users normally have the admin instance. The following are examples of principals
referred to users:
[email protected]
admin/[email protected]
hr/[email protected]
If the entries are services, then the principals will use the following form:
Service/Hostname@REALM
The first component is the name of the service (say, ). The second component is the
complete hostname (FQDN: Fully Qualified Domain Name) of the machine providing the
requested service. It is important that this component exactly matches (in lower case
letters) the DNS reverse resolution of the application server's IP address. The following
are valid examples of principals referring to services:
imap/[email protected]
host/[email protected]
afs/[email protected]
Finally, there are principals which do not refer to users or services but play a role in the
operation of the authentication system. An overall example is / @
with its associated key is used to encrypt the Ticket Granting Ticket.
In Kerberos 4 there can never be more than two components and they are separated by
the character ". " instead of "/" while the hostname in the principals referring to services
is the short one, i.e. not the FQDN. The following are valid examples:
[email protected]
[email protected]
[email protected]
15.16.4.3 Ticket
It is a record that helps a client to authenticate itself with a server. It contains the
client's identity; a session key, a timestamp, and other needed information. This
information is encrypted using server's secret key.
In other words, a ticket is a record that a client machine sends to an application server
for its authenticity. Tickets are issued by the authentication server and are encrypted
using the secret key of the service. Since this key is a secret shared only between the
authentication server and the server providing the service, not even the client which
requested the ticket can know it or change its contents. The main information
contained in a ticket includes:
The requesting user's principal (generally the username)
The principal of the service it is intended for
The IP address of the client machine from which the ticket can be used. In
Kerberos 5 this field is optional and may also be multiple in order to be able to
run clients under NAT
The date and time (timestamp) when the tickets validity commences
The ticket's maximum lifetime
The session key
Each ticket has expiration (generally 10 hours). This is needed because the
authentication server no longer has any control over an already issued ticket. Even
though the realm administrator can prevent the issuing of new tickets for a certain user
at any time, it cannot prevent users from using the tickets they already possess. Tickets
contain a lot of other information and flags which characterize their behavior, but we
won't go into that here.
15.16.4.4 Encryption
As you can see Kerberos often needs to encrypt and decrypt the messages (tickets and
authenticators) passing between the various participants in the authentication. It is
important to note that Kerberos uses only symmetrical key encryption (in other words
the same key is used to encrypt and decrypt).
15.16.4.5 Authenticator
In secret key authentication, authentication begins when someone is outside a
communications door and wants to go in. To gain entry, this person (say, client)
presents an authenticator in the form of a piece of information encrypted in the secret
key. The information in the authenticator must be different each time the protocol is
executed; otherwise an old authenticator could be reused by attackers to overhear the
communication.
On receiving an authenticator, the person guarding the door decrypts it. If it was
successful, the doorkeeper knows that the person giving the authenticator has the
correct key. Only two people have the correct key; the doorkeeper is one of them, so the
person who presented the authenticator must be the other.
If the person outside the door wants mutual authentication, the same protocol can be
executed in reverse, with a small difference. The doorkeeper can extract part of the
information from the original authenticator, encrypt it in a new authenticator, and then
give the new authenticator to the person waiting outside the door. The person outside
the door can then decrypt the doorkeeper’s authenticator and compare the result with
the original. If there is a match, the person outside the door will know that the
doorkeeper was able to decrypt the original, so he must have the correct key. This is
called ℎ .
It will help if we go through an example. Suppose and decide that before
transferring any information between their computers, each will use knowledge of a
shared secret key to verify the identity of the party at the other end of the connection.
They agree to follow this protocol:
Ram Mary
{Timestamp}
extracts the field that contains the time on Ram’s machine, and evaluates the
time.
Mary’s task will be easier if her clock is synchronized with Ram’s. Assume that
both Ram and Mary use a network time service to keep their clocks fairly close.
This way, Mary can compare the time from the authenticator with the current
time on her clock. If the time is within the allowable skew, it’s probable that the
authenticator came from Ram, but Mary still does not have proof that the
authenticator actually came from him.
Another person might have been watching network traffic and might now be
replaying an earlier attempt by Ram to establish a connection with Mary.
However, if Mary has recorded the times of authenticators received from Ram
during the past five minutes, she can defeat attempts to replay earlier messages
by rejecting any message with a time that is the same as or earlier than the
time of the last authenticator. If this authenticator yields a time later than the
time of the last authenticator from Ram, then this message must be from Ram.
3. Mary uses the key she shares with Ram to encrypt the time taken from Ram’s
message and sends the result back to him.
Note that Mary does not send back all of the information taken from Ram’s
authenticator, just the time. If she sent back everything, Ram would have no
way of knowing whether someone posing as Mary had simply copied the
authenticator from his original message and sent it back to him unchanged.
She sends just a piece of the information in order to demonstrate that she was
able to decrypt the authenticator and manipulate the information inside. She
chooses the time because that is the one piece of information that is sure to be
unique in Ram’s message to her.
4. Ram receives Mary’s reply, decrypts it, and compares the result with the time in
his original authenticator. If the times match, he can be confident that his
authenticator reached someone who knows the secret key needed to decrypt it
and extract the time. He shares that key only with Mary, so it must be Mary
who received his message and replied.
authenticate each other. The server’s copy of the session key is encrypted in the server’s
- key. The client’s copy of the key is encrypted in the client’s -
key.
Since it resides entirely on a single physical server it can be logically considered divided
into three parts: , Authentication Server (AS) and Ticket Granting Server (TGS).
Note that the KDC is simply providing a ticket-granting service. It does not keep track of
its messages to make sure they reach the intended address. No harm will be done if the
KDC’s messages fall into the wrong hands. Only someone who knows the client’s secret
key can decrypt the client’s copy of the session key. Only someone who knows the
server’s secret key can read what is inside the ticket.
When the client receives the KDC’s reply, it extracts the ticket and the client’s copy of
the session key, putting both aside in a secure cache (located in volatile memory, not on
disk). When the client wants admission to the server, it sends the server a message that
consists of the ticket, which is still encrypted with the server’s secret key, and an
authenticator, which is encrypted with the session key. The ticket and authenticator
together are the client’s credentials to the server.
Client Server
{Time}
ℎ (Client/server)
When the server receives credentials from a client, it decrypts the session ticket with its
secret key, extracts the session key, and uses the session key to decrypt the client’s
authenticator. If everything checks out, the server knows that the client’s credentials
were issued by a trusted authority, the KDC. If the client has asked for mutual
authentication, the server uses its copy of the session key to encrypt the timestamp
from the client’s authenticator and returns the result to the client as the server’s
authenticator.
One benefit gained by using session tickets is that the server does not have to store the
session key that it uses in communicating with this client. It is the client’s
responsibility to hold a ticket for the server in its credentials cache and present the
ticket each time it wants access to the server. Whenever the server receives a session
ticket from a client, it can use its secret key to decrypt the ticket and extract the session
key. When the server no longer needs the session key, it can discard it.
Another benefit is that the client does not need to go back to the KDC each time it
wants access to this particular server. Session tickets can be reused. As a precaution
against the possibility that someone might steal a copy of a ticket, session tickets have
an expiration time, specified by the KDC in the ticket’s data structure. How long a ticket
is valid depends on Kerberos policy for the domain. Typically, tickets are good for no
longer than eight hours, about the length of a normal logon session. When the user logs
off, the credentials cache is flushed and all session tickets—as well as all session keys—
are destroyed.
15.16.4.6.2 Database
The database is the container for entries associated with users and services. We refer to
an entry by using the (i.e. the name of the entry) even if often the term
is used as a for . Each entry contains the following information:
In order to make it more difficult to steal the keys present in the database, the
implementations encrypt the database (including database backups).
server never communicates directly with the Key Distribution Center. The messages we
will discuss are listed below (see also the figure below):
AS_REG
AS_RES
Client Database
TGS_RES
AP_REG
Application Server
AP_RES
To see how the three subprotocols work together, let’s look at how Ram, a user at a
client, gets access to Mary, a service on the network.
15.16.6.1 AS Exchange
Ram begins by logging on to the network. He types his logon name and his password.
The Kerberos client on Ram’s machine converts his password to an encryption key and
saves the result in its credentials cache.
The client then sends the KDC’s authentication service a Kerberos Authentication
Service Request (AS_REQ). The first part of this message identifies the user, Ram, and
the name of the service for which he is requesting credentials, the ticket-granting
service. The second part of the message contains ℎ data that proves
Ram knows the password. This is usually a timestamp encrypted with Ram’s long-term
key, although the protocol permits other forms of ℎ data.
AS_REQ
AS_RES
When the KDC receives AS_REQ, it looks up the user Ram in its database, gets his
long-term key, decrypts the preauthentication data, and evaluates the timestamp
inside. If the timestamp passes the test, the KDC can be assured that the
preauthentication data was encrypted with Ram’s long-term key and thus that the
client is .
After it has verified Ram’s identity, the KDC creates that the Kerberos client
on his machine can present to the ticket-granting service. First, the KDC invents a
logon session key and encrypts a copy of it with Ram’s long-term key. Second, it
embeds another copy of the logon session key in a TGT, along with other information
about Ram such as his authorization data. The KDC encrypts the TGT with its own
long-term key. Finally, it sends both the encrypted logon session key and the TGT back
to the client in a Kerberos Authentication Service Reply (AS_REP).
When the client receives the message, it uses the key derived from Ram’s password to
decrypt his logon session key and stores the key in its credentials cache. Then it
extracts the TGT from the message and stores that in its credentials cache as well.
TGS_RES
When the KDC receives TGS_REQ, it decrypts the TGT with its own secret key,
extracting Ram’s logon session key. It uses the logon session key to decrypt the
authenticator and evaluates that. If the authenticator passes the test, the KDC extracts
Ram’s authorization data from the TGT and invents a session key for the client, Ram, to
share with the service, Mary.
The KDC encrypts one copy of this session key with Ram’s logon session key. It embeds
another copy of the session key in a ticket, along with Ram’s authorization data, and
encrypts the ticket with Mary’s long-term key. The KDC then sends these credentials
back to the client in a Kerberos Ticket-Granting Service Reply (TGS_REP).
When the client receives the reply, it uses Ram’s logon session key to decrypt the
session key to use with the service, and stores the key in its credentials cache. Then it
extracts the ticket to the service and stores that in its cache.
15.16.6.3 CS Exchange
The Kerberos client on Ram’s machine requests service from Mary by sending Mary a
Kerberos Application Request (AP_REQ). This message contains an authenticator
encrypted with the session key for the service, the ticket obtained in the TGS Exchange,
and a flag indicating whether the client wants mutual authentication. (The setting of
this flag is one of the options in configuring Kerberos. The user is never asked.)
AP_REQ
AP_RES
The service, Mary, receives AP_REQ, decrypts the ticket, and extracts Ram’s
authorization data and the session key. Mary uses the session key to decrypt Ram’s
authenticator and then evaluates the timestamp inside. If the authenticator passes the
test, Mary looks for a mutual authentication flag in the client’s request. If the flag is set,
she uses the session key to encrypt the time from Ram’s authenticator and returns the
result in a Kerberos Application Reply (AP_REP).
When the client on Ram’s machine receives AP_REP, it decrypts Mary’s authenticator
with the session key it shares with Mary and compares the time returned by the service
with the time in the client’s original authenticator. If the times match, the client knows
that the service is genuine, and the connection proceeds. During the connection, the
session key can be used to encrypt application data or the client and server can share
another key for this purpose.
ticket could be replayed and entry gained. Kerberos relies implicitly on the
underlying formalism in the precision of clocks on the servers.
Another problem with Kerberos is, if the attackers could the of the
user; then it would give access to all services. A solution to this weakness could
be solved with the use of the challenge/response mechanism, where the server
would generate the timestamp encrypted using client-key and the client would
respond with some function of the timestamp proving its accuracy.
Kerberos can be improved by the protocol from the encryption
ℎ used. It is seen that with the faster desktops; the security offered by
56-bit DES algorithms is insufficient. The more sophisticated 128 bit AES
algorithms give better security. By making Kerberos independent of the
encryption algorithm, the above change would be seamless.
In Kerberos is a robust protocol for authentication and security though with
drawbacks, its pros far out weight the cons.
For the client to communicate with the server are issued. The first ticket
(initial ticket) is issued by the Kerberos Authentication Server to validate the
Ticket Granting Server. All the will be issued by the TGS only.
Tickets are reusable whereas a new authenticator is required every time the
client initiates a new connection with the server.
Every ticket is assigned a key.
The server should maintain a history of previous requests for which the
timestamp in the authenticator is still valid. This helps the server to
requests that could arise from a ticket and authenticator.
15.17 Firewalls
15.17.1 Introduction
Firewall is an important aspect of the Internet and network security. Firewall is a
familiar word for regular Internet users and for working people. You might have also
heard of people saying ℎ ℎ
ℎ ℎ . In this section, we try to
understand the background of firewalls in layman’s terms.
F
I
R
E
Internal Network W Internet (Unsecure)
A
L
L
Restricted
Traffic is stopped because it
⊗
Traffic did not meet the rules
Firewalls may decide to allow or block network traffic between devices based on the
rules that are pre-configured or set by the firewall administrator.
Access to
specified Allowed Traffic
Traffic is allowed because it
resources ⊕
meet the rules
Personal firewalls are easy to install and use and preferred by end-users for use on
their personal computers. But, large networks and companies prefer those firewalls that
have plenty of options to configure so as to meet their customized needs.
For example, a company may set up different firewall rules for servers, servers
and Web servers. Also, the company can even control how the employees connect to the
Internet by blocking access to certain websites or restricting the transfer of files to other
networks. In addition to security, a firewall can give the company a tremendous control
over how people use the network.
Hardware
Firewall
Internet (Unsecure)
Hub
Hardware firewalls are more complex. They also have software components, but run
either on a specially engineered network appliance or on an optimized server dedicated
to the task of running the firewall. The operating system underlying a hardware firewall
is as basic as possible and very difficult to attack. Since no other software runs on
these machines, and configuration is little more complicated. These are difficult to
compromise and tend to be extremely secure.
A hardware firewall is placed between a local network (such as a corporation), and a
less secure area (such as the Internet). There are many different default configurations
for these devices - some allow no communications from the outside and must be
configured, using rules, others (like those available for the home market) are already
configured to block access over risky ports. Rules can be as simple as allowing port 80
traffic to flow through the firewall in both directions, or as complex as only allowing
1433 (SQL server) traffic from a specific IP address outside of the network through the
firewall to a single IP address inside the network.
Firewalls are also used for Network Address Translation (NAT). This allows a network to
use private IP addresses that are not routed over the Internet. Private IP address
schemes allow organizations to limit the number of publicly routed IP addresses they
use, reserving public addresses for Web servers and other externally accessed network
equipment. NAT allows administrators to use one public IP address for all of their users
to access the Internet - the firewall is enough to send the requests back to the
requesting workstation's internal IP. NAT also allows users inside a network to contact
a server using a private IP while users outside the network must contact the same
server using an external IP.
In addition to port and IP address rules, firewalls can have a wide variety of
functionality. They can also act as caching servers, VPNs, routers, and more. Some
examples of hardware firewalls are ℎ , , , and from
.
Internet (Unsecure)
Hub
A software firewall also allows certain programs on the user's computer to access the
Internet, often by express permission of the user. Windows Update, and antivirus
software are a few programs that a user might expect to access the Internet.
One drawback to software firewalls is that they are software running on a personal
computer operating system. If the underlying operating system is compromised, then
the firewall can be compromised as well. Since many other programs also run on a
home computer, malicious software could potentially enter the computer through some
other application and compromise the firewall.
Software firewalls also rely heavily upon the user making the right decisions. If someone
using a software firewall mistakenly gives a keylogger or a Trojan permission to access
the Internet, security on that machine is compromised even though there is nothing
wrong with the firewall itself.
Network Address Translation (NAT) routers offer the advantages of packet filtering
firewalls but can also hide the IP addresses of computers behind the firewall, and offer a
level of circuit-based filtering.
The filtering rules used to determine whether to deny or authorize a packet are non-
dynamic. In other words, they don't change. The rules are , hence the name static
packet filtering firewall.
Application Layer
Allowed Traffic
Application Layer ⊗ ⊕ ⊗: ⊕:
Physical Layer
Allowed Traffic
Static packet filtering examines a packet based on the information in its header. Unlike
static packet filtering, stateful inspection tracks each connection traversing all
interfaces of the firewall and makes sure they are valid. For example, a stateful firewall
may examine not just the header information but also the contents of the packet up
through the application layer to determine more about the packet than just information
about its source and destination.
A stateful inspection firewall also monitors the state of the connection and the
information in a . Because of this, filtering decisions are based not only on
administrator-defined rules (as in static packet filtering) but also on context that has
been established by prior packets that have passed through the firewall.
15.17.6.2.3 How does a Network Firewall Interact with OSI and TCP/IP?
Network firewalls operate at different layers to use different criteria to restrict traffic.
The lowest layer at which a firewall can work is layer three. In the OSI model this is the
network layer. In TCP/IP it is the Internet Protocol layer. This layer is concerned with
routing packets to their destination. At this layer a firewall can determine whether a
packet is from a trusted source, but cannot be concerned with what it contains or what
other packets it is associated with.
Firewalls that operate at the layer know a little more about a packet, and are
able to grant or deny access depending on more sophisticated criteria. At the
application level, firewalls know a great about what is going on and can be very
selective in granting access.
Based on this discussion, it would appear that firewalls functioning at a higher level in
the stack must be superior in every respect. But, this is not necessarily the case. The
lower in the stack the packet is , the more secure the firewall. If the intruder
cannot get past level three, it is impossible to gain control of the operating system.
Application Layer
Transport Control ⊗: ⊕:
Protocol (TCP) ⊗ ⊕
Traffic is filtered based on rules such as
when a session is initiated by recognized
system.
Internet Protocol (IP)
Unknown traffic is allowed up to level-4 only.
Data Link Layer
Physical Layer
Allowed Traffic
They filter packets based on specified session rules, such as when a session is initiated
by a recognized computer.
Circuit level gateways are relatively low cost and they have the advantage of hiding
information about the private network they protect. But, they do not filter individual
packets.
Application Layer ⊗ ⊕
⊗: ⊕:
Transport Control Protocol (TCP) Traffic is filtered based on rules such as
specified applications (browser) or a protocol
Internet Protocol (IP) (FTP), or combinations.
Physical Layer
Allowed Traffic
An application level gateway that is configured to be a web proxy (ℎ ) will not allow
any , ℎ, or other traffic through. Because they examine packets at
application layer, they can filter application specific commands such as http:post and
get, etc. This cannot be accomplished with either packet filtering firewalls or circuit
level neither of which knows anything about the application level information.
Application level gateways can also be used to log user activity and logins.
15.17.7.1 IP Addresses
As seen earlier chapters, each machine on the Internet is assigned a unique address
called an . IP addresses are 32-bit numbers, normally expressed as four
in a . A typical IP address looks like this: 216.27.61.19. For
example, if a certain IP address outside the company is reading too many files from a
server, the firewall can block all traffic to or from that IP address.
15.17.7.3 Protocols
The protocol is the pre-defined way that someone who wants to use a service talks with
that service. The could be a person, but more often it is a computer program
like a Web browser. Protocols are often text, and simply describe how the client and
server will have their conversation. A firewall can decide which of the systems can allow
or have access to common protocols like IP, SMTP, FTP, UDP, ICMP, Telnet or SNMP.
Some common protocols that we can set firewall filters for include:
IP (Internet Protocol) - the main delivery system for information over the
Internet
TCP (Transmission Control Protocol) - used to break apart and rebuild
information that travels over the Internet
HTTP (Hyper Text Transfer Protocol) - used for Web pages
FTP (File Transfer Protocol) - used to download and upload files
UDP (User Datagram Protocol) - used for information that requires no response,
such as streaming audio and video
ICMP (Internet Control Message Protocol) - used by a router to exchange the
information with other routers
SMTP (Simple Mail Transport Protocol) - used to send text-based information (e-
mail)
SNMP (Simple Network Management Protocol) - used to collect system
information from a remote computer
Telnet - used to perform commands on a remote computer
A company might set up only one or two machines to handle a specific protocol and ban
that protocol on all other machines.
15.17.7.4 Ports
Any server machine makes its services available to the Internet using numbered ports,
one for each service that is available on the. For example, if a server machine is running
a Web (http) server and an server, the Web server would typically be available on
port 80, and the server would be available on port 21. A company might block port
21 accesses on all machines but one inside the company. Blocking or disabling ports of
servers that are connected to the internet will help maintain the kind of data flow we
want to see it used for and also close down possible entry points for hackers or
malignant software.
15.17.7.5 Keywords
Firewalls also can search through the data flow for a match of the keywords or phrases
to block out offensive or unwanted data from flowing in. This can be anything. For
example, we could instruct the firewall to block any packet with the word − in it.
The key here is that it has to be an exact match. The − filter would not catch
(no hyphen). But we can include as many words, phrases and variations of them
as we need.
Internet
(Unsecure)
Screening Router
Figure describes the way the screening router functions. Basically, the router monitors
each packet as it attempts to pass through. This examination can occur for both
incoming and outgoing packets. Based on the rules loaded in the router, it either passes
the packet on through or drops it. Screening routers are sometimes referred to as
border routers because they sit on the border separating two or more networks.
Bastion Host
Internet
(Unsecure)
A bastion host is the public face of an internal network. It is one computer or more,
depending upon the size of the system. Generally, a network administrator will
configure a bastion host to have only a single application, such as a proxy server, on
the machine, because it is completely exposed to larger distrusted networks such as the
Internet. All other applications, unnecessary services, programs, protocols and network
ports are removed or disabled in such a way as to lessen threats to the bastion host.
Internet
(Unsecure)
: Dual-
Home host
with two or
more network
interfaces
In firewall configurations, a dual homed host is used to block some or all of the traffic
trying to pass between the networks. It is a computer that sits between two networks
and act as a router between the networks. So, the packets from the Internet are not
transferred directly to the internal network. Systems inside the private network can
communicate with the dual-homed host, and systems outside the firewall can only
communicate with the dual-homed host.
Bastion Host
Internet
(Unsecure)
Screening Router
ℎ ( host) is the only machine that can be accessed from the Internet
and runs proxy applications for allowed services. Other hosts on the secure private
network ( ) must connect to proxy service on the host machine in order to use
the Internet.
A bastion host runs only a few services, for example, e-mail, , Domain Name System
(DNS), or Web services. Internet users must use the bastion host to access a service.
This architecture is more flexible than Dual Homed Host architecture.
Internet
(Unsecure)
Internal Screening
Router
network and the outside public network. It prevents outside users from getting direct
access to a server that has company data.
With a subnet, the router communicates only with the outside
network and the bastion host on the subnet. The router is allowed to
communicate directly with the internal router or the internal network.
The internal router communicates with the internal network and the bastion host.
The two routers never directly communicate with each other.
Internet
(Unsecure)
: Tri-
Home host
with three or
more network
−1
interfaces
−2
A -ℎ firewall may offer some security advantages over firewalls with two
interfaces.
: D.
Question 2: A firewall is typically placed at the edge of a network to protect against
attacks and intrusions. It inspects all the packets that enter and leave the network.
Argue if firewalls violate or conform to the end-to-end principles and fate sharing.
Provide a similar argument for NAT boxes.
: Firewalls do not conform to the - - principles because it performs a
functionality that can be done at the end hosts (like packet inspection). Also, the
performance of the firewall has an effect on the - - communication, and its
crash might derail the communication (shares the fate, in addition to the end-hosts).
NATs also do not conform to the - - principles. By sitting in the critical path, it
makes the communication dependent on its health.
Question 3: Each instance of the code-pink worm infects 1 machine in one second. If
we start from a single infected machine, how many new machines get infected from
second 10 to second 11? How many were infected by second 11?
: From second 0 to 1, 1 machine gets infected. From second 1 to 2, 2 new
machines get infected. From second n to n+1, 2 new machines get infected. From
second 10 to 11 we have 2 which is 1024 new machines. The total number of
machines infected by second 11 is 2048.
: We also gave full credit for solutions which assumed that time starts at 1, instead
of 0.
Question 4: Assume you know the public key of entity X, but X has no information
about you. Can you design a simple protocol to communicate confidentially with X
in both directions (i.e., no one else knows what you and X are sending to each
other)? If yes, specify the protocol, otherwise argue why this is not possible.
: Yes. You send messages to X encrypted with X’s public key and only X can
decrypt them. Also, you send X in the first message your public key or a secret key with
each X can encrypt the return communication. Note that this does not imply you are
authenticated to X.
Question 5: The principal feature of ____ is that it can encrypt and/or authenticate all
traffic at the IP level.
A) IAB B) VPN C) IPSec D) TCP,UDP
:C
Question 6: Consider a block cipher with a block size of 8 bits that is used to encrypt
English text, represented by ASCII characters. Assume we augment this with cipher
block chaining. So, the first byte is xor-ed with an 8 bit initialization vector before
encrypting it and each subsequent byte is xor-ed with the previous ciphertext byte
before encrypting it. Explain the purpose of cipher-block chaining.
: Cipher block chaining is intended to prevent an attacker from exploiting
statistics to help it break a cipher. Specifically, it keeps different instances of a given
plaintext block from having the same ciphertext value. That prevents an intruder from
looking for the most commonly occurring ciphertext byte and concluding that it
corresponds to the letter ‘e’, for example.
Question 7: For the previous question, describe how you could break this encryption
system. Be specific.
: There are at most 256 different ciphertext blocks. This means that a given
ciphertext value will appear repeatedly in a long stream of ciphertext. If we pick one
such ciphertext value and find all its occurrences in the ciphertext, all the characters
that immediately follow these positions are xor-ed with the same value. So, we can
analyze the statistics of the characters in these positions in order to break the code,
with respect to the characters in that position. The process can be repeated for other
ciphertext values.
Question 8: In a typical SSL session between a client and a remote server, how does
the client verify that it is communicating with the desired server, rather than some
intruder? Be specific.
: The server sends the client a certificate containing its public key that has been
signed by a certificate authority. The client uses its copy of the CA’s public key to check
that the certificate was signed by the CA. If the signature matches and is not on the
CA’s revocation list, it accepts it.
Question 9: For the previous question, suppose that an intruder removed a record from
an SSL packet sent from the server to the client. How would the client’s SSL
software detect that something is wrong? Be specific.
: Records in an SSL session are numbered, starting at the beginning of the
session. The sequence numbers are included in the MAC calculation used to verify each
record, so if a record is removed, the SSL software will detect a mismatch in the MAC.
Question 10: For the previous question, suppose an intruder sent a TCP FIN packet to
the server that looked like it came from the client. Would this cause the TCP
connection to be closed? If so, how would the SSL software detect that something
was wrong. Be specific.
: The connection would be closed. Each SSL record has a type field. The last
record of a session has a special type value, so if the connection is closed before the
client sends its last record, the SSL software could detect it by just checking the type
field of the last record received.
Question 11: A commonly employed encryption method used by businesses to send
and receive secure transactions is:
A) Manchester encoding B) Data Encryption Standard (DES)
C) Pulse Code Modulation D) Kerberos
:B
Question 12: How many DES keys on average encrypt a particular plaintext block to
a particular ciphertext block?
: For a particular 64-bit block of plaintext there are 264 possible blocks of
ciphertext. There are only 256 possible DES keys. Each key has a one in 264 chance
of transforming the chosen plaintext into a particular ciphertext. If all possible keys
are tried the overall probability reduces to one in 28.
Question 13: Why can’t the initial permutation in DES have any security value?
: If the initial permutation had value than it must be a factor in making DES
unbreakable (except by exhaustive key search). If this were the case than removing
the permutation should render DES breakable. However, the removal of a known
permutation which can easily be reversed cannot enable DES to be broken and
therefore it is clear that the permutation has no security value.
Question 14: If the DES mangler function were to transform all 32-bit inputs into
the all zero stream regardless of input and stage key what function would DES
encryption perform?
: The 28 left side bits would be the new 28 right side bits and vice versa.
Question 15: What value do the 8 parity bits in DES have?
Chapter
Application Layer
Protocols 16
16.1 Introduction
The application layer of the OSI model provides the first step of getting data onto the
network. Application software is the software programs used by people to communicate
over the network. Examples of application software are HTTP, FTP, email, and others.
Data Data
Sender Receiver
Physical Link
Although the TCP/IP protocol suite was developed prior to the definition of the OSI
model, the functionality of the TCP/IP application layer protocols fits into the
framework of the top three layers of the OSI model: application, presentation, and
session.
In the OSI and TCP/IP models, information is passed from one layer to the next,
starting at the application layer on the transmitting host and proceeding down the
hierarchy to the physical layer, then passing over the communications channel
(physical link) to the destination host, where the information proceeds back up the
hierarchy, ending at the application layer.
Client Server
Logical Link for request
Application Application
Router-2 Router-6
LAN LAN
Router-5
Router-7
Router-1
Router-3 Router-4
Client Server
The application layer is built on the transport layer and provides network services to
user applications. It provides the interface between the applications we use to
communicate and the underlying network over which our messages are transmitted.
Application layer protocols are used to exchange data between programs running on the
source and destination hosts.
Underlying
Application Application Layer protocol
Transport protocol
E-Mail SMTP TCP
Remote terminal access Telnet TCP
Web HTTP TCP
File transfer FTP TCP
Streaming multimedia HTTP (example: YouTube) TCP or UDP
Internet telephony RTP (example: Skype) Typically UDP
Internet chat IRC (Internet Relay Chat) TCP
Host Configurations DHCP (Dynamic Host Configuration Protocol) UDP
The application layer is built on the transport layer and provides network services to
user applications. It provides the interface between the applications we use to
communicate and the underlying network over which our messages are transmitted.
Application layer protocols are used to exchange data between programs running on the
source and destination hosts.
/ and so on. The advantage of this is that the URL can have any ending and
the browser will still get it right.
An important concept here is that to the browser, the server works as a black box. The
browser requests a specific document and the document is either returned or an error
message is returned. How the server produces the document remains unknown to the
browser. This means that the server can read it from a file, run a program to generate
it, or compile it by parsing some kind of command file. It is decided by the server
administrator.
Web browsers such as Google Chrome, Internet Explorer, and Firefox display a padlock
icon to indicate that the website is secure, as it also displays https:// in the address
bar. When a user connects to a website via https, the website encrypts the session with
a Digital Certificate. A user can tell if they are connected to a secure website if the
website URL begins with https:// instead of http://.
Router-2 Router-6
Router-5
Router-1
Router-7
Router-4
Router-3
SMTP
E-Mail sent by
monk@ .com
Client1:
CareerMonk
Mail Server
E-mail received by
ram@ .com
Any email message has a sender, a recipient (sometimes multiple recipients), a message
body, and usually a title heading (subject). From users perspective, when they write an
email message, they see the graphical user interface of their email software (for
example, Outlook), but once that message goes out on the Internet, everything is
converted into strings of text. This text is separated by code words or numbers that
identify the purpose of each section. SMTP provides those codes, and email server
software is designed to understand what they mean. The most common commands are:
HELO Introduce yourself
Introduce yourself and request extended
EHLO
mode
MAIL ROM Specify the sender
RCPT TO Specify the recipient
Specify the body of the message (To, From
DATA
and Subject should be the first three lines)
RSET Reset
QUIT Quit the session
HELP Get help on commands
VRFY Verify an address
EXPN Expand an address
VERB Verbose
The other purpose of SMTP is to set up communication rules between servers. For
example, servers have a way of identifying themselves and announcing what kind of
communication they are trying to perform. There are also ways to handle errors,
including common things like incorrect email addresses.
In a typical SMTP transaction, a server will identify itself, and announce the kind of
operation it is trying to perform. The other server will authorize the operation, and the
message will be sent. If the recipient address is wrong, or if there is some other
problem, the receiving server may reply with an error message of some kind.
Advantages of POP3
We can use only one computer to check our email
Mails are stored on the computer that you use
Outgoing email is stored locally on our PC
Email is available when we are offline
Email is not stored on the server, so disk usage on the server is less
Advantages of IMAP
We can use multiple computers (or any email client) to check our email
Mails are stored on the server
Outgoing email is filtered to a mailbox on the server for accessibility from
another machine.
Email is stored on the server, so our email cannot be deleted/destroyed even if
our computer crash, stolen, or destroyed.
If we read a message on one computer, it is read on any other computer we use
to access our mail. If we reply to an email on one computer, that reply is
available on any computer we use.
FTP uses one connection (port) for commands and the other for sending and
receiving data. FTP has a standard port number on which the FTP server for
connections. A port is a for communicating using the
Internet Protocol (IP). The standard port number used by FTP servers is 21 and is
used only for sending commands. Since port 21 is used exclusively for sending
commands, this port is referred to as a command port. For example, to get a list of
folders and files present on the FTP server, the FTP Client issues a command.
The FTP server then sends a list of all folders and files back to the FTP Client.
So what about the internet connection used to send and receive data? The port
that is used for transferring data is called . The number of the data port
will vary depending on the mode of the connection.
to the server to make the connection. The firewall will allow these outgoing
connections, meaning that no special adjustments to firewall settings are required.
FTP FTP
Client High Port High Port 20 Server
FTP Data Transfer Initiation
from Port 20 on Server to
High Port on Client
The sequence of events for an active FTP connection goes like this:
FTP : Opens random response ports in the high number range (for
example, we will assume ports TCP 6000 and TCP 6001).
FTP : Sends a request to open a command channel from its TCP port
6000 to the FTP server’s TCP port 21.
FTP : Sends an from its TCP port 21 to the FTP client’s TCP port
6000 (the command channel link). The command channel is established at
this point.
FTP : Sends a data request (PORT command) to the FTP server. The
FTP client includes in the PORT command the data port number it opened
to receive data. In this example, the FTP client has opened TCP port 6001
to receive the data.
FTP : The FTP server opens a new inbound connection to the FTP
client on the port indicated by the FTP client in the PORT command. The
FTP server source port is TCP port 20. In this example, the FTP server
sends data from its own TCP port 20 to the FTP client’s TCP port 6001.
FTP FTP
Client High Port High Port 20 Server
FTP Data Transfer Initiation
from High Port on Client to
High Port on Server
FTP : This sends a request to open a command channel from its TCP
port 6000 to the FTP server’s TCP port 21.
FTP : This sends an OK from its TCP port 21 to the FTP client’s TCP
port 6000. The command channel is now established.
FTP : This sends a PASV command requesting that the FTP server
open a port number that the FTP client can connect to establish the data
channel.
FTP : This sends over the command channel the TCP port number
that the FTP client can initiate a connection to establish the data channel.
In this example, the FTP server opens port 7000.
FTP : This opens a new connection from its own response port TCP
6001 to the FTP server’s data channel 7000. Data transfer takes place
through this channel.
Subdomains of
CareerMonk: Blog
Blog, Forum, Forum Products
products
www
Product1
ftp www
The resolver navigates its way down the tree until it gets to the last, left-most part of the
domain name and then looks within that location for the information it needs.
Information about a host such as its name, its IP address and occasionally even its
function are stored in one or more zone files which together compose a larger zone often
referred to as a domain.
Top Level Domains (TLD's)
Second Level Domains
Sub-Domains
Host Name (a resource record)
Within the hierarchy, we will start resolution at the top level domain, work our way
down to the second-level domain, then through zero, one or more sub-domains until we
get to the actual host name we want to resolve into an IP address. It is traditional to use
different DNS servers for each level of the DNS hierarchy.
A domain is a label of the DNS tree. Each node on the DNS tree represents a domain.
Domains under the top-level domains represent individual organizations or entities.
These domains can be further divided into subdomains to ease administration of an
organization's host computers.
For example, company creates a domain called . under the
.com top-level domain. has separate LANs for its , , and .
Therefore, the network administrator for decides to create a separate
subdomain for each division, as shown in figure. Any domain in a subtree is considered
part of all domains above it. Therefore, . . is part of the
.com domain, and both are part of the . domain.
Q3
DNS resolver
cache A3
Q5
Q1 Q2
Web Browser
A5
A1 A2
DNS Server A4
Other DNS
Q4 Servers
HOSTS
file DNS Server
cache
As shown in the initial steps of the query process, a DNS domain name is used in a
program on the local computer. The request is then passed to the DNS Client service for
resolution using locally cached information. If the queried name can be resolved, the
query is answered and the process is completed.
The local resolver cache can include name information obtained from two possible
sources:
If a Hosts file is configured locally, any host name-to-address mappings from
that file are preloaded into the cache when the DNS Client service is started.
Resource records obtained in answered responses from previous DNS queries
are added to the cache and kept for a period of time.
If the query does not match an entry in the cache, the resolution process continues with
the client querying a DNS server to resolve the name.
can answer with a positive matched response from its cache to the requesting client, the
query is completed.
If the queried name does not find a matched answer at its preferred server -- either from
its cache or zone information -- the query process can continue, using recursion to fully
resolve the name. This involves assistance from other DNS servers to help resolve the
name. By default, the DNS Client service asks the server to use a process of recursion
to fully resolve names on behalf of the client before returning an answer. In most cases,
the DNS server is configured, by default, to support the recursion process as shown in
the following figure.
Other DNS Servers
2 “ “ DNS Server
3
4
DNS Server
1
5
DNS Client
10 6 . DNS Server
Preferred 7
DNS Server
8 . . DNS Server
9
In order for the DNS server to do recursion properly, it first needs some helpful contact
information about other DNS servers in the DNS domain namespace. This information
is provided in the form of root hints, a list of preliminary resource records that can be
used by the DNS service to locate other DNS servers that are authoritative for the root
of the DNS domain namespace tree. Root servers are authoritative for the domain root
and top-level domains in the DNS domain namespace tree.
By using root hints to find root servers, a DNS server is able to complete the use of
recursion. In theory, this process enables any DNS server to locate the servers that are
authoritative for any other DNS domain name used at any level in the namespace tree.
For example, consider the use of the recursion process to locate the name
. .com when the client queries a single DNS server. The process
occurs when a DNS server and client are first started and have no locally cached
information available to help resolve a name query. It assumes that the name queried
by the client is for a domain name of which the server has no local knowledge, based on
its configured zones.
First, the preferred server parses the full name and determines that it needs the
location of the server that is authoritative for the top-level domain, . It then uses an
iterative (that is, a nonrecursive) query to the DNS server to obtain a referral to the
. server. Next, a referral answer comes from the . server
to the DNS server for . . .
Finally, the . . server is contacted. Because this server
contains the queried name as part of its configured zones, it responds authoritatively
back to the original server that initiated recursion. When the original server receives the
response indicating that an authoritative answer was obtained to the requested query,
it forwards this answer back to the requesting client and the recursive query process is
completed.
Although the recursive query process can be resource-intensive when performed as
described above, it has some performance advantages for the DNS server. For example,
during the recursion process, the DNS server performing the recursive lookup obtains
information about the DNS domain namespace.
This information is cached by the server and can be used again to help speed the
answering of subsequent queries that use or match it. Over time, this cached
information can grow to occupy a significant portion of server memory resources,
although it is cleared whenever the DNS service is cycled on and off.
BOOT Response
TCP/IP Client BOOTP Server
The BOOTP standard was designed to store and update static information for clients,
including IP addresses. The BOOTP server always issued the same IP address to the
same client. As a result, while BOOTP addressed the need for central management, it
did not address the problem of managing IP addresses as a dynamic resource.
To address the need to manage dynamic configuration information in general, and
dynamic IP addresses specifically, the IETF standardized a new extension to BOOTP
called Dynamic Host Configuration Protocol, or DHCP. DHCP servers utilize BOOTP
packets, with DHCP-specific flags and data, to convey information to the DHCP clients.
To standardize the DHCP environment, the IETF issued a series of RFCs focused on
DHCP extensions to the BOOTP technology in 1997. DHCP is still an area of active
development and it is reasonable to assume that there will be additional RFCs related to
the DHCP environment. Sun is working with other vendors to ensure that DHCP
continues to be a standard supported by a large number of vendors.
When the response comes back from the Internet, the NAT server will forward the
packet back to the client. DHCP enables this to be done without taking up valuable
routable addresses and makes certain that all clients use consistent parameters, such
as subnet masks, routers, and DNS servers.
DHCPOFFER DHCPOFFER
(MAC/IP Address) (MAC/IP Address)
Installation
Complete
Timeline
Graceful
Shutdown
DHCPRELEASE
(MAC/IP Address)
Discards IP
Address Lease
The client then sends a "DHCPREQUEST" message specifying its selected server.
Servers not selected use this message as notification that the client has declined their
offer. The selected server then responds with a "DHCPACK" message if the requested
parameters are acceptable or a "DHCPNAC" message if they are not. The timeline for
this four-way handshake is outlined below in figure.
When a DHCP client boots, the following basic steps occur:
1. The DHCP client loads a minimal version of TCP.
2. It then broadcasts an packet (a "DHCPDISCOVER"
packet). This packet includes the MAC address of the DHCP client, and may
contain other configuration information as well. The DHCPDISCOVER packet is
sent to a specific TCP port number that is recognized as that used by DHCP
servers. The packet causes all DHCP servers receiving it to offer an IP address
that the client can use, with a "DHCPOFFER" packet.
3. The DHCP client then selects the first offer it receives and broadcasts another
packet (a "DHCPREQUEST" packet) requesting that it can keep the IP address it
has on offer. DHCP clients can also arbitrate between offers from numerous
DHCP servers in a number of other ways that are outside the scope of this
discussion.
4. The DHCP server that offered the selected IP address then starts the client's IP
address lease. It also broadcasts an acknowledgement to the client, sending a
"DHCPACK" packet. Other DHCP servers with outstanding lease offers for that
client will also receive the acknowledgement packet and withdraw their offers at
this point.
resets its timer and goes back to the bound state. Or, if a DHCPACK is not received,
and 87.5 percent of the lease time expires, the client goes to the rebinding state.
Boot
Initializing
DHCPDISCOVER
DHCPOFFER
Selecting
DHCPREQUEST
Requesting
DHCPPACK
Lease Cancelled/
Lease Time 50% Expired/
DHCPRELEASE
DHCPREQUEST Bound
Renewing Rebinding
Lease Time 87.5% Expired/
DHCPREQUEST
: The client remains in the rebinding state until one of three events happens. If
the client receives a DHCPNACK or the lease expires, it goes back to the initializing
state and tries to get another IP address. If the client receives a DHCPACK, it goes to the
bound state and resets the timer.
Question 4: Why do HTTP, FTP, SMTP, and POP3 run on top of TCP rather than on
UDP?
: The applications associated with those protocols require that all
application data be received in the correct order and without gaps. TCP provides
this service whereas UDP does not.
Question 5: Can SMTP transfer multiple email messages be over a single TCP
connection?
: Yes. SMTP has a state machine that returns into the initial state after
successful delivery of a message. There is in addition an abort command which
resets the state machine into the initiate state. Hence, it is possible to send
multiple email messages over a single TCP connection.
Question 6: Which DNS records are relevant for forwarding email messages?
: The MX record specifies a list of SMTP server accepting email for a given
domain name. To obtain the IP addresses of the SMTP servers, a lookup using A or
AAAA records must be done.
Question 7: What is a whois database?
: For a given input of domain name (such as CareerMonk.com), IP address
or network administrator name, whois database can be used to locate the
corresponding registrar, whois server, dns server, etc.
Question 8: Agent MonkPerson of the FBI agent walks into Cafe, which has
wireless Internet and runs its own local DNS server. The agent wants to figure
out whether anyone in the cafe has recently accessed www. .com,
before Agent MonkPerson arrived. How can the agent do this using standard
computer networking tools, and without breaking into any computers or
servers?
: Bellow are three possible solutions. All solutions use the fact that if the
site has been accessed recently, it will be in the local DNS server's cache. Here are
three ways to determine whether the name is in the cache.
1. Time nslookup www. .com. If it's in the cache, this will complete
faster than if it isn't.
2. Use dig to query www. .com at the local DNS server. If the
returned TTL is large (about equal to the value when querying the domain
from a DNS server which doesn't have it cached), then it wasn't cached. If
the returned TTL is smaller, then it was cached.
3. Use dig, with recursion explicitly turned off, to query www. .com
at the local DNS server. If the server returns a mapping to an IP address
(Type A record for www. .com), then it was in the cache.
Otherwise, it wasn't.
Question 9: Suppose that a Web server runs in Host C on port 80. Suppose this
Web server uses persistent connections and is currently receiving requests
from two different Hosts, A and B. Are all of the requests being sent through
the same socket at Host C? If they are being passed through different sockets,
do both of the sockets have port 80? Discuss and explain.
: For each persistent connection, the Web server creates a separate
. Each connection socket is identified with a four-tuple: (source IP
address, source port number, destination IP address, destination port number).
When Host C receives an IP datagram, it examines these four fields in the
Question 18: What three protocols operate at the Application layer of the OSI
model? (Choose three.)
A) ARP B) DNS C) PPP D) SMTP E) POP F) ICMP
: B, D, and E.
Question 19: Which application layer protocols correctly match a corresponding
function? (Choose two.)
A) DNS dynamically allocates IP addresses to hosts
B) HTTP transfers data from a web server to a client
C) POP delivers email from the client to the server email server
D) SMTP supports file sharing
E) Telnet provides a virtual connection for remote access
: B and E.
Question 20: As compared to SSH, what is the primary disadvantage of telnet?
A) not widely available
B) does not support encryption
C) consumes more network bandwidth
D) does not support authentication
: B.
Question 21: What are three properties of peer-to-peer applications? (Choose
three.)
A) acts as both a client and server within the same communication
B) requires centralized account administration
C) hybrid mode includes a centralized directory of files
D) can be used in client-server networks
E) requires a direct physical connection between devices
F) centralized authentication is required
: A, C and D.
Question 22: Which email components are used to forward mail between servers?
(Choose two.)
A) MDA B) IMAP C) MTA D) POP E) SMTP F) MUA
: C and E.
Question 23: What application layer protocol describes the services that are used
for file sharing in Microsoft networks?
A) DHCP B) DNS C) SMB D) SMTP E) Telnet
: C.
Question 24: Which statements are correct concerning the role of the MTA in
handling email? (Choose three.)
A) routes email to the MDA on other servers
B) receives email from the client's MUA
C) receives email via the POP3 protocol
D) passes email to the MDA for final delivery
E) uses SMTP to route email between servers
F) delivers email to clients via the POP3 protocol
: B, D, and E.
Question 25: How does the application layer on a server usually process multiple
client request for services?
16.7 Dynamic Host Configuration Protocol [DHCP] 482
Elements of Computer Networking Application Layer Protocols
Chapter
Miscellaneous
Concepts 17
17.1 How traceroute (or tracert) works?
Tracert (and ping) are both command line utilities that are built into Windows
(traceroute and ping for Linux operating systems) computer systems. The basic tracert
command syntax is "tracert hostname". For example, "tracert CareerMonk.com"
and the output might look like:
1 51 ms 59 ms 49 ms 10.176.119.1
2 66 ms 50 ms 38 ms 172.31.242.57
3 54 ms 69 ms 60 ms 172.31.78.130
Discover the path: Tracert sends an ICMP echo packet, but it takes advantage of the
fact that most Internet routers will send back an ICMP ′ ′ message if
the TTL field is ever decremented to zero by a router. Using this knowledge, we can
discover the path taken by IP Packets.
How tracert works: Tracert sends out an ICMP echo packet to the named host, but
with a TTL of 1; then with a TTL of 2; then with a TTL of 3 and so on. Tracert will then
get ′ ′ message back from routers until the destination host
computer finally is reached and it responds with the standard ICMP ′ ℎ ′ packet.
Round Trip Times: Each millisecond (ms) time in the table is the round-trip time that
it took (to send the ICMP packet and to get the ICMP reply packet). The faster (smaller)
the times the better. times of 0 mean that the reply was faster than the computers
timer of 10 milliseconds, so the time is actually somewhere between 0 and 10
milliseconds.
Packet Loss: Packet loss kills throughput. So, having no packet loss is critical to
having a connection to the Internet that responds well. A slower connection with zero
packet loss can easily outperform a faster connection with some packet loss. Also,
packet loss on the last hop, the destination, is what is most important. Sometimes
routers in-between will not send ICMP ′ ′ messages, causing what
looks to be high packet loss at a particular hop, but all it means is that the particular
router is not responding to ICMP echo.