Lecture 04: Network Delays

National University of
Computer & Emerging
Sciences
Spring 2025
BSCS
Lecture 04
Network Performance(Delay, Loss, Throughput)

and Security

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Chapter 1: roadmap
• What is the Internet?
• What is a protocol?
• Network edge: hosts, access network,
physical media
• Network core: packet/circuit switching,
internet structure
• Protocol layers, service models
• Performance: loss, delay, throughput
• Security
• History

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays
How do packet delay and loss
occur?
• packets queue in router buffers, waiting for turn for
transmission
 queue length grows when arrival rate to link (temporarily)
exceeds output link capacity
 packet loss occurs when memory to hold queued packets fills
up

packet being transmitted (transmission delay)

A

B
packets in buffers (queueing delay)
free (available) buffers: arriving packets
dropped (loss) if no free buffers

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Packet delay: four sources

transmission
A propagation

B
nodal
processing queueing

dnodal = dproc + dqueue + dtrans + dprop

dproc: nodal processing dqueue: queueing delay

 Forwarding table lookup  time waiting at output link for
 Forwarding packet transmission
 check bit errors  depends on congestion level of
 typically < microsecs router

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Packet delay: four sources

transmission
A propagation

B
nodal
processing queueing

dnodal = dproc + dqueue + dtrans + dprop

dtrans: transmission delay: dprop: propagation delay:
 L: packet length (bits)  d: length of physical link
 R: link transmission rate (bps)  s: propagation speed (~2x108 m/sec)
 dtrans = L/R  dprop = d/s
dtrans and dprop
very different

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Example
What are the propagation time and the transmission time for a
2.5-kbyte message (an e-mail) if the bandwidth of the network is
1 Gbps? Assume that the distance between the sender and the
receiver is 12,000 km and that light travels at 2.4 × 108 m/s.

Note that in this case, because the message is short and the bandwidth is
high, the dominant factor is the propagation time, not the transmission
time. The transmission time can be ignored.

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays
Caravan analogy
100 km
ten-car caravan toll booth
(aka 10-bit (aka link)
packet)
 car ~ bit; caravan ~ packet; toll
service ~ link transmission
 toll booth takes 12 sec to service
car (bit transmission time)
 “propagate” at 100 km/hr
 Q: How long until caravan is lined
up before 2nd toll booth?
FAST, National University of Computer and Emerging Sciences, Islamabad
100 km
toll booth toll booth
 time to “push” entire caravan
through toll booth onto
highway = 12*10 = 120 sec
 time for last car to propagate
from 1st to 2nd toll both:
100km/(100km/hr) = 1 hr
 A: 62 minutes
Lecture 04: Network Delays

Caravan analogy
100 km 100 km

ten-car caravan toll booth toll booth

(aka 10-bit (aka router)
packet)

 suppose cars now “propagate” at 1000 km/hr

 and suppose toll booth now takes one min to service a car
 Q: Will cars arrive to 2nd booth before all cars serviced at first booth?
A: Yes! after 7 min, first car arrives at second booth; three cars still at
first booth

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Packet queueing delay

(revisited)
 a: average packet arrival rate

average queueing delay

 L: packet length (bits)
 R: link bandwidth (bit transmission rate)

L .a arrival rate of bits “traffic

:
R service rate of bits intensity” traffic intensity = La/R 1

 La/R ~ 0: avg. queueing delay small La/R ~ 0

 La/R -> 1: avg. queueing delay large
 La/R > 1: more “work” arriving is more
than can be serviced - average delay
infinite!
La/R -> 1

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

“Real” Internet delays and

routes
 what do “real” Internet delay & loss look like?
 traceroute program: provides delay measurement from
source to router along end-end Internet path towards
destination. For all i:
• sends three packets that will reach router i on path towards
destination (with time-to-live field value of i)
• router i will return packets to sender
• sender measures time interval between transmission and reply

3 probes 3 probes

3 probes

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Real Internet delays and routes

traceroute: gaia.cs.umass.edu to www.eurecom.fr
3 delay measurements from
gaia.cs.umass.edu to cs-gw.cs.umass.edu
1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms 3 delay measurements
2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms
3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms to border1-rt-fa5-1-0.gw.umass.edu
4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms
5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms
6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms
7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms trans-oceanic link
8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms
9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms
10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms
11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms looks like delays
12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms decrease! Why?
13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms
14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms
15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms
16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms
17 * * *
18 * * * * means no response (probe lost, router not replying)
19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms

* Do some traceroutes from exotic countries at www.traceroute.org

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Packet loss
 queue (aka buffer) preceding link in buffer has finite capacity
 packet arriving to full queue dropped (aka lost)
 lost packet may be retransmitted by previous node, by source end
system, or not at all
buffer
(waiting area) packet being transmitted
A

B
packet arriving to
full buffer is lost

* Check out the Java applet for an interactive animation (on publisher’s website) of queuing and loss

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Throughput
 throughput: rate (bits/time unit) at which bits are being sent from
sender to receiver
• instantaneous: rate at given point in time
• average: rate over longer period of time

link
pipecapacity
that can carry linkthat
pipe capacity
can carry
serverserver,
sendswith
bits Rsfluid at rate
bits/sec Rfluid at rate
c bits/sec
(fluid)
fileinto
of Fpipe
bits (Rs bits/sec) (Rc bits/sec)
to send to client

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Throughput
Rs < Rc What is average end-end throughput?

Rs bits/sec Rc bits/sec

Rs > Rc What is average end-end throughput?

Rs bits/sec Rc bits/sec

bottleneck link
link on end-end path that constrains end-end throughput

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Throughput: network scenario

 per-connection end-
Rs end throughput:
Rs Rs min(Rc,Rs,R/10)
 in practice: Rc or Rs is
R
often bottleneck
Rc Rc
Rc
* Check out the online interactive exercises for more
examples: http://gaia.cs.umass.edu/kurose_ross/

10 connections (fairly) share

backbone bottleneck link R bits/sec

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Chapter 1: roadmap
• What is the Internet?
• What is a protocol?
• Network edge: hosts, access network,
physical media
• Network core: packet/circuit switching,
internet structure
• Performance: loss, delay, throughput
• Security
• Protocol layers, service models
• History

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Network security
 Internet not originally designed with (much) security in
mind
• original vision: “a group of mutually trusting users attached
to a transparent network” 
• Internet protocol designers playing “catch-up”
• security considerations in all layers!
 We now need to think about:
• how bad guys can attack computer networks
• how we can defend networks against attacks
• how to design architectures that are immune to attacks
Introduction: 1-18

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Bad guys: packet interception

packet “sniffing”:
 broadcast media (shared Ethernet, wireless)
 promiscuous network interface reads/records all packets (e.g.,
including passwords!) passing by

A C

src:B dest:A
payload B

Wireshark software used for our end-of-chapter labs is a (free) packet-sniffer

Introduction: 1-19

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Bad guys: fake identity

IP spoofing: injection of packet with false source address

A C

src:B dest:A
payload
B

Introduction: 1-20

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Bad guys: denial of service

Denial of Service (DoS): attackers make resources (server,
bandwidth) unavailable to legitimate traffic by
overwhelming resource with bogus traffic

1. select target
2. break into hosts around
the network (see botnet)

3. send packets to target target

from compromised hosts

Introduction: 1-21

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Lines of defense:
 authentication: proving you are who you say you are
• cellular networks provides hardware identity via SIM card; no such
hardware assist in traditional Internet
 confidentiality: via encryption
 integrity checks: digital signatures prevent/detect tampering
 access restrictions: password-protected VPNs
 firewalls: specialized “middleboxes” in access and core
networks:
 off-by-default: filter incoming packets to restrict senders, receivers,
applications
 detecting/reacting to DOS attacks

… lots more on security (throughout, Chapter 8) Introduction: 1-22

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Computer Networking: A Top Down Approach

8th edition
Jim Kurose, Keith Ross
Addison-Wesley

A note on the origin of these ppt slides:

These slides are freely provided by the book authors and it represents a lot of work on their part.
We would like to thank J.F Kurose and K.W. Ross.

23
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Network security

• field of network security:

– how bad guys can attack computer networks
– how we can defend networks against attacks
– how to design architectures that are immune
to attacks
• Internet not originally designed with
(much) security in mind
– original vision: “a group of mutually trusting
users attached to a transparent network” 
– Internet protocol designers playing “catch-
up”
– security considerations in all layers! 25
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

What is network security?

Confidentiality: only sender, intended receiver should

“understand” message contents. Access must be restricted to
those authorized to view the data in question.
– sender encrypts message
– receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Message integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards) without
detection
Access and Availability: services must be accessible
and available to users
26
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 06: Network Security
Friends and enemies: Alice, Bob,
Trudy
• well-known in network security world
• Bob, Alice want to communicate “securely”
• Trudy (intruder) may intercept, delete, add messages

Alice Bob
channel data, control
messages

data secure secure data

sender sreceiver

Trudy

FAST, National University of Computer and Emerging Sciences, Islamabad

Lecture 04: Network Delays

Who might Bob, Alice be?

• … well, real-life Bobs and Alices!

• Web browser/server for electronic
transactions (e.g., on-line purchases)
• on-line banking client/server
• DNS servers
• routers exchanging routing table updates
•…

28
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Roadmap

• What is network security?

• Principles of cryptography
• Authentication
• Message integrity

29
FAST, National University of Computer and Emerging Sciences, Islamabad
 The language of
Lecture 04: Network Delays

cryptography
Alice’s Bob’s
K encryption K decryption
A
key Bkey

plaintext encryption ciphertext decryption plaintext

algorithm algorithm

30
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Symmetric key cryptography

KS KS

plaintext encryption ciphertext decryption plaintext

message, m algorithm algorithm
K (m) m = KS(KS(m))
S

symmetric key crypto: Bob and Alice share same

(symmetric)
S key: K

Q: how do Bob and Alice agree on key value?

31
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Symmetric key cryptography

Advantages:
• Simple
• Fast
• Encrypt and decrypt your own files
• Uses less computer resources: Single-key encryption does not require a lot of computer resources when compared to
public key encryption
Disadvantages:
• Need for secure channel for secret key exchange
• Too many keys: A new shared key has to be generated for communication with every different party. This creates a
problem with managing and ensuring the security of all these keys.
• Origin and authenticity of message cannot be guaranteed: Since both sender and receiver use the same key,
messages cannot be verified to have come from a particular user. This may be a problem if there is a dispute.

32
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
Symmetric key crypto: DES
DES: Data Encryption Standard
• US encryption standard [NIST 1993]

• how secure is DES?

– DES Challenge: 56-bit-key-encrypted
phrase decrypted (brute force) in less
than a day
• making DES more secure:
– 3DES: encrypt 3 times with 3 different
keys

33
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
AES: Advanced Encryption
Standard
• New (Nov. 2001) symmetric-key NIST
standard, replacing DES
• Processes data in 128 bit blocks
• 128, 192, or 256 bit keys
• Brute force decryption (try each key) takes
149 trillion years for AES

34
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Roadmap

• What is network security?

• Principles of cryptography
• Authentication
• Message integrity

35
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Authentication

Goal: Bob wants Alice to “prove” her

identity to him
Protocol ap1.0: Alice says “I am Alice”

“I am Alice”
Failure scenario??

36
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Authentication

Goal: Bob wants Alice to “prove” her identity to

him
Protocol ap1.0: Alice says “I am Alice”

in a network,
Bob can not “see” Alice, so
Trudy simply declares
herself to be Alice
“I am Alice”

37
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Authentication: another try

Protocol ap2.0: Alice says “I am Alice” in an IP packet

containing her source IP address

Alice’s
IP address
“I am Alice”

Failure scenario??

38
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Authentication: another try

Protocol ap2.0: Alice says “I am Alice” in an IP packet

containing her source IP address

Trudy can create

a packet “spoofing”
Alice’s
Alice’s address
IP address
“I am Alice”

39
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
Authentication: yet another
try
Protocol ap3: Alice says “I am Alice” and sends he
encrypted secret password to “prove” i

Alice’s encrypted
“I’m Alice”
IP addr password

Alice’s Failure scenario??

OK
IP addr

40
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
Authentication: yet another
try
Protocol ap3: Alice says “I am Alice” and sends he
encrypted secret password to “prove” i

Alice’s encrypted
“I’m Alice” record
IP addr password
and
Alice’s
OK playback
IP addr
still works!

Alice’s encrypted
“I’m Alice”
IP addr password

41
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
Authentication: yet another
try
Goal: avoid playback attack
nonce: number (R) used only once-in-a-lifetime
ap4.0: to prove Alice “live”, Bob sends Alice
nonce, R. Alice
must return R, encrypted with shared secret
“I am Alice” key

R
KA-B(R) Alice is live, and
only Alice knows
key to encrypt
nonce, so it must
be Alice!
42
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Roadmap

• What is network security?

• Principles of cryptography
• Authentication
• Message integrity

43
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Message Integrity
Bob receives msg from Alice, wants to ensure:
• message originally came from Alice
• message not changed since sent by Alice

44
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
Digital
signatures
cryptographic technique analogous to
hand-written signatures:
• sender (Bob) digitally signs document,
establishing he is document
owner/creator.
• verifiable, nonforgeable: recipient (Alice)
can prove to someone that Bob, and no
one else (including Alice), must have
signed document

45
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
Digital signatures (Asymmetric
cryptography)

simple digital signature for message m:

-
• Bob signs m by encrypting with his private
-
key KB, creating “signed” message, KB(m)

- Bob’s private -
Bob’s message, m KB m,K B(m)
key
Dear Alice
Bob’s message,
Oh, how I have missed Public key m, signed
you. I think of you all the
time! …(blah blah blah) encryption (encrypted) with
algorithm his private key
Bob

46
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
Digital
signatures
-
 suppose Alice receives msg m, with signature: m,
KB(m)
 Alice verifies m signed by Bob by applying Bob’s
public key
Alice thus verifies that:
 Bob signed m
 no one else signed m
non-repudiation:
 Alice can take m, and signature KB(m) to
court and prove that Bob signed m

47
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays

Asymmetric (Public-key) cryptography

• When encrypting, you use their public key to write
message and they use their private key to read it.

48
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
Digital signatures (Asymmetric cryptography) =
Authentication

• When signing, you use your private key to write

message's signature, and they use your public key to
check if it's really yours.

49
FAST, National University of Computer and Emerging Sciences, Islamabad
Lecture 04: Network Delays
Digital signatures (with Hashing) =
Authentication + Message integrity

Bob private key Bob public key

50
FAST, National University of Computer and Emerging Sciences, Islamabad