Carnegie Mellon

Computer Science Department.

15-441 Spring 2005
Final
Name:
Andrew ID:
INSTRUCTIONS:
There are 20 pages (numbered at the bottom). Make sure you have all of them.
Please write your name on this cover and at the top of each page in this booklet.
If you nd a question ambiguous, be sure to write down any assumptions you make.
It is better to partially answer a question than to not attempt it at all.
Be clear and concise. Limit your answers to the space provided.
Question A B C D E
Points / / / / /
F G H I J
/ / / / /
A Multiple Choice
1. Terry C. Packet implements a NAT box according to the basic NAT description. (It is not the more
complicated port-translating NAT). Whenever Terrys NAT box sees a packet from a local address, it
replaces the source address with one of the boxs available global addresses and records the local address
to global address mapping. For some reason, Terry is unable to properly use certain TCP-based client
applications from behind the NAT box. Which of these reasons is a good explanation for the problem?
(Circle ALL that apply)
A. The client application might be sending its IP address in the payload for the server to process.
Solution: YES. The NAT box needs to translate all IP addresses belonging to hosts
behind it, and the failing clients are said to be behind it. But the NAT box must know
where to nd those IP addresses in the packet. Addresses in the end-to-end payload are
likely to slip through the NAT box unnoticed.
B. The server application might be sending its IP address in the payload for the client to process.
Solution: NO. Since the NAT box translates only IP addresses belonging to hosts be-
hind it, and it is the client that is behind the NAT box, server IP addresses dont need
translation. So there is no problem with carrying them in end-to-end payloads.
C. Terrys client is trying to communicate with a server that is behind the same NAT box, and
the NAT does not know how to forward those packets.
Solution: NO. Assuming that Terrys client application is not congured to use a proxy
server that is outside the private network, the path between a client and server that are
both behind the same NAT does not require address translation. If the NAT for some
reason is in that path (for example, it is also acting as an ordinary forwarder) it will not
look in its translation table for addresses within the private network. And in its role as
an ordinary forwarder it should have a route to the server.
D. Terry has forgotten to modify the Ethernet CRC sequence in the NAT after adjusting the IP
source address, so packets are being dropped by the switch at the other end of Terrys NAT
box.
Solution:
NO. The Ethernet CRC is in the link-layer header. The link layer doesnt calculate the CRC
until the NAT box calls on it to send the packet, so the CRC calculation automatically
includes any address translations the NAT box did. At the other end of the link, the link
layer may receive a packet with a bad CRC and discard it, but the reason for the bad
CRC cant be that the NAT box translated some network-layer address after calculation
of the CRC.
2. Otto Pilot creates a new network for the 150 PC computers he mounted within his car. Each computer
sends indepenent UDP query/response packets to the other computers in the car when it needs to know
or do something. After running the OttoNet for a few days, Otto notices that network congestion
Page 2
occasionally causes a congestion collapse because too many packets are sent into the network, only to
be dropped before reaching the eventual destination. These packets consume valuable resources.
Which of the following techniques is likely to reduce the likelihood of a congestion collapse? (Circle ALL
that apply)
A. Increase the size of the queue in each router from 4 packets to 8 packets.
Solution: NO. There are two possibilities for the timeout value. First, suppose that Ben
used the answer to question 9 to set the timeout. Given a xed timeout, lengthening
queues would increase, not decrease, the chance of congestion collapse. The longer queues
may cause clients to time out and resend their request packets, even though a response may
already be on its way back. Second, suppose that Ben adjusted the timeout for the longer
queues. Doubling queue lengths certainly doesnt prevent congestion collapse, because
congestion collapse can occur with queues of any length. There is no a priori reason to
believe that it is less likely with 8-packet queues than with 4-packet queues. Increasing
the size of the queue to 8 packets might have a positive eect: some packets that would
otherwise have been dropped might eventually reach their destination. However, it might
also have a negative eect: packets that would otherwise have been dropped remain in the
system and may cause congestion elsewhere.
B. Use exponential backo in the timeout mechanism while retrying queries.
Solution: YES. Exponential backo reduces the injection rate of packets to a level that
the network can tolerate.
C. If a query is not answered within a timeout interval, multiplicatively reduce the maximum rate
at which the client application sends OttoNet query packets.
Solution: YES. If this question had said current rather than maximum rate, it would
have exactly been exponential backo. Reducing the maximum rate eventually produces
the same end result.
D. Use a ow control window at each receiver to prevent buer overruns.
Solution: NO. Flow control windows apply to streams of data. OttoNet requests are not
streams, they are independent packets, each one of which may be delivered to a dierent
server, so a ow control window is not applicable. Moreover, ow control is an end-to-end
mechanism to ensure that a slow receivers buers dont get overwritten by a fast sender.
But the problem states that the server and client processing are both innitely fast, so
adding ow control would not accomplish anything.
3. We discussed three dierent routing protocols: link state routing (LS), distance vector routing (DV),
and path vector routing (PV). Please answer the following questions by circling the protocol(s) for which
the claim applies:
LS, DV, PV - Requires a map of the complete topology
Solution: LS
LS, DV, PV - Sends its routing table to its neighbors
Page 3
Solution: DV PV
LS, DV, PV - Requires ooding
Solution: LS
LS, DV, PV - Suers the count to innity problem
Solution: DV
LS, DV, PV - BGP is this type of routing protocol
Solution: PV
Page 4
B Short Answer
4. Why is there a minimum packet size on Ethernet?
Solution: To ensure that CDMAs collision detection works. The sender must ensure that they are
still transmitting one maximum bit round-trip later.
5. Why is there a maximum packet size on Ethernet?
Solution: A maximum packet size helps ensure that everybody gets a chance to talk, helps reduce
the maximum amount of buering needed in switches and routers, and reduces the amount of data
that is lost by a single error.
6. Give one reason that DNS lookups are run over UDP rather than TCP:
Solution: OK: Connection-setup overhead, short-duration interaction NOT OK: Header overhead
Page 5
7. Right before the nal, Srini decides that hes had it with Pittsburgh weather and transfers to CMU-
Qatar, taking the only copy of the nal with him. Dave, being the new guy, is stuck with running the
class, and not wanting to re-write the whole thing, needs to get the nal from Srini in a secure way.
Using advanced gnome agents, a group of nefarious 441 students has somehow installed a device that
can intercept and modify packets sent from Srini to Dave. The exam must not fall into undergraduate
hands, or be replaced by a false exam!
Dave and Srini already have both PGP keys and other private keys for each other. These keys have not
been compromised.
For each of the following methods, can the exam be stolen? Can it be replaced with another? Why?
(a) Srini sends the exam in plaintext.
(b) Srini signs the exam with his private key, sends it.
(c) Srini encrypts the exam with Daves public key, sends it.
(d) Srini encrypts the exam with Daves public key, signs it with his private key.
(e) Srini signs and encrypts the exam with a shared secret key.
(f) Srini and Dave use Die-Hellman to negotiate a session key, and encrypt the exam using that.
Page 6
C QoS
Consider the gure below showing a ow passing through 2 leaky buckets before it enters the network.
Packets
Token
wait
remove
token
remove
token
Bucket
size
Bucket
size
send
to
network
Rate
Rate
3000 1
100 pkts/sec
1000 pkts/sec
8. On the next page, you are shown 4 ow behaviors. Circle those which could have been generated by the
tandem leaky bucket policer.
Solution: The 2nd and 4th graphs. The rst graph is wrong because there can only be 3 seconds
of peak rate 1000 pkts/sec. The third graph is wrong because the maximum number of packets in
a single second is 1000.
Circle 1 correct graph (with or without anything else) 5 points. Circle 2 correct graphs (and nothing
else) 10 points. Circle 3 (or more) graphs: 5 points
Page 7
6000 6003 6004
6005 6006
6001 6002
12200
12100
12000
11000
8000
10000
9000
t seconds
6000 6003 6004
6005 6006
6001 6002
50
150
250
1250
2250
3250
time t seconds
6000 6003 6004
6005 6006
6001 6002
230
200
150
3230
3330
time t seconds
6000
600,000
6001 6002 6003 6004 6005 6007 6006
600,100
600,600
600,700
time t seconds
to network by time
t seconds
Packets delivered
to network by time
t seconds
Packets delivered
to network by time
t seconds
Packets delivered
to network by time
t seconds
Packets delivered
Page 8
D Label Swapping
You are trying to debug a problem with your companys virtual circuit-based network. A diagram of the
network is shown below. A, B, and C are hosts attached to the network. S1, S2, and S3 are switches
congured to act as label swapping virtual circuit switches.
C
1
3
2
4
1
3
2
4
1
3
2
4
A S1
S2
S3
B
The label swapping tables for the switches are congured as follows. Some of the entries are stale and not
actually in use right now.
Switch Input Port Input Label Output Port Output Label
S1 2 2 3 4
S1 4 2 3 1
S1 4 17 2 2
S2 2 19 4 2
S2 3 1 2 19
S2 3 2 2 15
S2 3 5 4 2
S2 4 2 2 1
S2 4 1 4 1
S3 2 1 1 2
S3 2 2 4 5
S3 4 1 1 1
S3 4 4 1 5
Page 9
9. Write the sequence of (Switch, Input Port, Input Label) tuples and the destination node and label for
each of these packets. Weve given you the start node and starting label. The intermediate tuples should
look like (S1, 1, 999) [e.g., switch S1, input port 1, label 999].
(a) Start node A, label 17.
Switch tuples:
Solution: (S1, 4, 17) (S2, 4, 2)
Dest node and nal label:
Solution:
(b) Start node A, label 2.
Switch tuples:
Solution:
Dest node and nal label:
Solution:
(c) Start node C, label 1.
Switch tuples:
Solution:
Dest node and nal label:
Solution:
10. You are explaining your network to a colleague, who remarks on an interesting feature of your network.
(a) What do you tell your colleague when she asks why you congured the paths for packets (a) and
(b) above?
Solution: The conguration is most likely to load balance the path between A and B. It could
also be to provide a redundant fail-over path.
(b) Your colleague thinks this feature is neat, and asks you how to implement it in her packet-switched,
IP network. What do you tell her?
Solution: This form of load balancing cant be implemented in a basic IP network that does
only destination-based forwarding.
11. You notice that the network seems much more sluggish than normal. Packets are getting through, but
they take a lot longer than they did before your assistant made some changes to the label swapping tables
yesterday. You do some debugging and nd that the problem shows up when node B starts transmitting
with local label 19. Whats going on?
Page 10
E Congestion Window
12. Consider the following plot of TCP window size as a function of time. Note that the transfer ends
normally in the 26th round.
0
5
10
15
20
25
30
35
40
45
0 5 10 15 20 25 30
Transmission Round
C
o
n
g
e
s
t
i
o
n
W
i
n
d
o
w
S
i
z
e
(
s
e
g
m
e
n
t
s
)
Assuming TCP Reno is the protocol experiencing the behavior shown above, answer the following ques-
tions.
(a) List each round other than the 16th in which a packet loss occurred.
Solution: Only round 22.
(b) How many packets were sent between the start of the 7th round and the end of the 15th round?
Solution: 33 + 34 + ... + 41 = 333
(c) Identify the intervals of time when TCP slow start is operating. (2 pts)
Solution: 1-6, 23-26
(d) Identify the intervals of time when TCP congestion avoidance is operating (AIMD). (1 pt)
Solution: 6-23
(e) After the 16th transmission round, is segment loss detected by a triple duplicate ACK or by a
timeout? (2 pts)
Page 11
Solution: dupack
(f) What is the initial value of ssthreshold at the rst transmission round? (2 pts)
Solution: 32
(g) What is the value of ssthreshold at the 18th transmission round? (2 pts)
Solution: 21
(h) What is the value of ssthreshold at the 24th transmission round? (2 pts)
Solution: 13
(i) During what transmission round is the 70th segment sent? (2 pts)
Solution: 7
(j) Assuming a packet loss is detected after the 26th round by the receipt of a triple duplicate ACK,
what will be the values of the congesion-window size and of ssthreshold? (2 pts)
Solution: 4,4
Page 12
F Link Utilization
13. In the simple network shown below, we would like a TCP connection to fully utilize the bottleneck link.
What should we make the size of buer B? Show your calculations. Assume that the advertised receiver
window is very large. The link latencies below are one-way.
100 Mbit/s
Router Receiver
10 Mbit/s
20 msec
buffer B
Sender
20 msec
Solution: buer size = RTT * Bottleneck bandwidth buer size = 80 ms * 10 Mbps buer size =
800 Kbits buer size = 100 KB
(3 pts were deducted if 1-way delay was used instead of RTT)
(3 pts were deducted if 100 MB vs 10MB was used)
Page 13
G Mobile IP
Mobile Node (128.2.87.111)
Sender (121.29.13.28)
FA
M
M
S
HA
Home Agent (128.2.87.242)
Foreign Agent (100.11.21.23)
14. A sender S is sending TCP data to a mobile host M (see Figure). Initially the mobile host is in its home
network. Later on it moves to a dierent network and needs to use Mobile IP in order to receive data from
S. All local area networks are Ethernets.
Part 1: The sender S sends TCP data to the mobile node while is in its home network.
(a) What headers does each packet have (names only), starting with the layer 2 header and up to the
transport layer header?
Solution: ethernet, ip, tcp
(b) What are the source and destination IP addresses in the packet?
Solution: src: 121.29.13.28 dst: 128.2.87.111
Part 2: The correspondent node is sending TCP data to the mobile node which has moved to the
foreign network.
(c) What headers does each packet have (names only), starting with the layer 2 header and up to the
transport layer header, as the packets arrive at the mobiles home agent?
Solution: ethernet, ip, tcp
(d) What headers does each packet have (names only), starting with the layer 2 header and up to the
transport layer header, as the packets arrive at the mobiles foreign agent?
Solution: ethernet, ip, ip, tcp
(e) What are the source and destination IP addresses in the packet in (d)?
Page 14
Solution: src: 128.2.87.242 dst: 121.29.13.28
Page 15
H Wireless MAC Issues
15. Consider the following topology of wireless laptops A, B, C and D. The dotted lines indicate the range
of wireless transmissions from each node. For example, B is within range of A, A & C are within range
of B, B & D are within range of C and only C is within range of D.
D A B C
Assume that each node uses an RTS/CTS based MAC protocol (i.e. like MACAW)
(a) If C is sending B an RTS, why does A know not to transmit?
Solution: A hears the CTS
(b) If B is sending data to C, why does D know not to transmit?
Solution: D heard the RTS from C
(c) Using the nodes above, give an example of the hidden terminal problem.
Solution: If A wants to transmit to B and C wants to transmit to D, the transmissions will
clobber each other, even though A and C cannot hear each others transmissions.
(d) Irene Packet is considering implementing a walkie-talkie service for her wireless PDAs. Her pro-
gram largely uses small packets to avoid delaying any voice. Should Irene use RTS/CTS for her
deployment? Why?
Solution: No. RTS/CTS is primarily to permit collision resolution to nish quickly. The
overhead of RTS/CTS isnt worth it for really small packets.
Page 16
I Web Transfer
In the topology shown below, machine A is a desktop client, N is a name server (but not the authoritative
name server for S), C is a Web cache, R is a router and S is a Web server. Client A is congured to use
Web cache C for all requests (assume that the Web cache resolves the name for any Web server and that the
client is congured with the IP address of the cache). All wires/links are ethernet segments.
A
N C
R
S
Assume the following:
All the machines were just booted and their associated caches (ARP, DNS, Web, persistent connection)
are all empty
http://S/index.html ts in a single packet
Persistent HTTP connections are used among A, C, and S (i.e. you should assume that once any
connection between these hosts is established it is never closed)
Web caches respond to TCP requests that look like packet two in table 1 below (e.g., GET http://foo/bar/).
They reply with the normal web cache contents.
16. The user on machine A, requests the web page http://S/index.html. The table below shows a number
of messages sent/received in servicing this request (this is not necessarily a complete list of all packets).
In addition, there are a few bogus packets that are never sent/received. The packets are not listed in
temporal order - ll in the order column to indicate the order in which each packet was sent/received
(1=rst, 2=second, etc.). Place an X in the order column if the packet is bogus.
Table 1: HTTP Request
ID Src Dst Src Port Dst Port Protocol Contents Order
1 C DNS root DNS UDP query for S
2 A C Web Cache TCP GET http://S/index.html
3 N DNS root DNS UDP query for S
4 C S HTTP TCP SYN
5 C S HTTP TCP GET index.html
6 S A HTTP TCP index.html
7 A broadcast ARP who is R
8 C A Web Cache TCP index.html
9 N C DNS UDP address for S
10 S C HTTP TCP index.html
Page 17
Solution:
ID Src Dst Src Port Dst Port Protocol Contents Order
1 C DNS root DNS UDP query for S X
2 A C Web Cache TCP GET http://S/index.html 2
3 N DNS root DNS UDP query for S 3
4 C S HTTP TCP SYN 5
5 C S HTTP TCP GET index.html 6
6 S A HTTP TCP index.html X
7 A broadcast ARP who is R 1
8 C A Web Cache TCP index.html 8
9 N C DNS UDP address for S 4
10 S C HTTP TCP index.html 7
Page 18
17. Assume that the client A has no local Web or DNS cache and that cache C has no DNS cache. However,
all other cacheable things are cached. On a subsequent request for http://S/ index.html which of the
messages from Table 1 would be eliminated (use the ID column to name the messages)?
Solution: Answer: 3, 4, 5, 7, 10
Page 19
J Firewalls
Sparky McFirewall has networks 10.0.2/24, 10.0.4/24 and notices that hosts 10.0.0.32, 10.0.0.252, 10.0.1.54,
10.0.3.2 and 10.0.3.129 are attacking her host 10.0.2.23. He sees that his rewall already contains:
deny ip to/from 10.0.0.0/25 to any
18. Which hosts does this rule match?
Which of the following rules would work to block the remaining hosts? (Select only one).
A. deny ip to/from 10.0.0.0/22
B. deny ip to/from 10.0.3.0/24
C. deny ip to/from 10.0.3.2/32, deny ip to/from 10.0.3.129/32
D. deny ip to/from 10.0.0.0/22, deny ip to/from 10.0.3.0/24,
E. deny ip to/from 10.0.0.0/23, deny ip to/from 10.0.3.0/24
F. deny ip to/from 10.0.0.0/24, deny ip to/from 10.0.1.0/23
G. deny ip from brain to paper
19. After adding in this rule, someone complains that they cant get to a popular web site in the rewalled
range. Sparky decides to allow internal users to browse Web sites in the rewalled range. Which rules
need to be added? (You may not need all of the spaces below).
Src IP/mask Src Port Dst IP/mask Dst Port ACK set Action
20. A disgruntled employee tells the attacker about your new rewall rules. How could the attacker take
advantage of these rules to continue attacking your hosts?
The End Congratulations! Have a great summer!
Page 20