15-441 Spring 2005 Final Name: Andrew ID: INSTRUCTIONS: There are 20 pages (numbered at the bottom). Make sure you have all of them. Please write your name on this cover and at the top of each page in this booklet. If you nd a question ambiguous, be sure to write down any assumptions you make. It is better to partially answer a question than to not attempt it at all. Be clear and concise. Limit your answers to the space provided. Question A B C D E Points / / / / / F G H I J / / / / / A Multiple Choice 1. Terry C. Packet implements a NAT box according to the basic NAT description. (It is not the more complicated port-translating NAT). Whenever Terrys NAT box sees a packet from a local address, it replaces the source address with one of the boxs available global addresses and records the local address to global address mapping. For some reason, Terry is unable to properly use certain TCP-based client applications from behind the NAT box. Which of these reasons is a good explanation for the problem? (Circle ALL that apply) A. The client application might be sending its IP address in the payload for the server to process. Solution: YES. The NAT box needs to translate all IP addresses belonging to hosts behind it, and the failing clients are said to be behind it. But the NAT box must know where to nd those IP addresses in the packet. Addresses in the end-to-end payload are likely to slip through the NAT box unnoticed. B. The server application might be sending its IP address in the payload for the client to process. Solution: NO. Since the NAT box translates only IP addresses belonging to hosts be- hind it, and it is the client that is behind the NAT box, server IP addresses dont need translation. So there is no problem with carrying them in end-to-end payloads. C. Terrys client is trying to communicate with a server that is behind the same NAT box, and the NAT does not know how to forward those packets. Solution: NO. Assuming that Terrys client application is not congured to use a proxy server that is outside the private network, the path between a client and server that are both behind the same NAT does not require address translation. If the NAT for some reason is in that path (for example, it is also acting as an ordinary forwarder) it will not look in its translation table for addresses within the private network. And in its role as an ordinary forwarder it should have a route to the server. D. Terry has forgotten to modify the Ethernet CRC sequence in the NAT after adjusting the IP source address, so packets are being dropped by the switch at the other end of Terrys NAT box. Solution: NO. The Ethernet CRC is in the link-layer header. The link layer doesnt calculate the CRC until the NAT box calls on it to send the packet, so the CRC calculation automatically includes any address translations the NAT box did. At the other end of the link, the link layer may receive a packet with a bad CRC and discard it, but the reason for the bad CRC cant be that the NAT box translated some network-layer address after calculation of the CRC. 2. Otto Pilot creates a new network for the 150 PC computers he mounted within his car. Each computer sends indepenent UDP query/response packets to the other computers in the car when it needs to know or do something. After running the OttoNet for a few days, Otto notices that network congestion Page 2 occasionally causes a congestion collapse because too many packets are sent into the network, only to be dropped before reaching the eventual destination. These packets consume valuable resources. Which of the following techniques is likely to reduce the likelihood of a congestion collapse? (Circle ALL that apply) A. Increase the size of the queue in each router from 4 packets to 8 packets. Solution: NO. There are two possibilities for the timeout value. First, suppose that Ben used the answer to question 9 to set the timeout. Given a xed timeout, lengthening queues would increase, not decrease, the chance of congestion collapse. The longer queues may cause clients to time out and resend their request packets, even though a response may already be on its way back. Second, suppose that Ben adjusted the timeout for the longer queues. Doubling queue lengths certainly doesnt prevent congestion collapse, because congestion collapse can occur with queues of any length. There is no a priori reason to believe that it is less likely with 8-packet queues than with 4-packet queues. Increasing the size of the queue to 8 packets might have a positive eect: some packets that would otherwise have been dropped might eventually reach their destination. However, it might also have a negative eect: packets that would otherwise have been dropped remain in the system and may cause congestion elsewhere. B. Use exponential backo in the timeout mechanism while retrying queries. Solution: YES. Exponential backo reduces the injection rate of packets to a level that the network can tolerate. C. If a query is not answered within a timeout interval, multiplicatively reduce the maximum rate at which the client application sends OttoNet query packets. Solution: YES. If this question had said current rather than maximum rate, it would have exactly been exponential backo. Reducing the maximum rate eventually produces the same end result. D. Use a ow control window at each receiver to prevent buer overruns. Solution: NO. Flow control windows apply to streams of data. OttoNet requests are not streams, they are independent packets, each one of which may be delivered to a dierent server, so a ow control window is not applicable. Moreover, ow control is an end-to-end mechanism to ensure that a slow receivers buers dont get overwritten by a fast sender. But the problem states that the server and client processing are both innitely fast, so adding ow control would not accomplish anything. 3. We discussed three dierent routing protocols: link state routing (LS), distance vector routing (DV), and path vector routing (PV). Please answer the following questions by circling the protocol(s) for which the claim applies: LS, DV, PV - Requires a map of the complete topology Solution: LS LS, DV, PV - Sends its routing table to its neighbors Page 3 Solution: DV PV LS, DV, PV - Requires ooding Solution: LS LS, DV, PV - Suers the count to innity problem Solution: DV LS, DV, PV - BGP is this type of routing protocol Solution: PV Page 4 B Short Answer 4. Why is there a minimum packet size on Ethernet? Solution: To ensure that CDMAs collision detection works. The sender must ensure that they are still transmitting one maximum bit round-trip later. 5. Why is there a maximum packet size on Ethernet? Solution: A maximum packet size helps ensure that everybody gets a chance to talk, helps reduce the maximum amount of buering needed in switches and routers, and reduces the amount of data that is lost by a single error. 6. Give one reason that DNS lookups are run over UDP rather than TCP: Solution: OK: Connection-setup overhead, short-duration interaction NOT OK: Header overhead Page 5 7. Right before the nal, Srini decides that hes had it with Pittsburgh weather and transfers to CMU- Qatar, taking the only copy of the nal with him. Dave, being the new guy, is stuck with running the class, and not wanting to re-write the whole thing, needs to get the nal from Srini in a secure way. Using advanced gnome agents, a group of nefarious 441 students has somehow installed a device that can intercept and modify packets sent from Srini to Dave. The exam must not fall into undergraduate hands, or be replaced by a false exam! Dave and Srini already have both PGP keys and other private keys for each other. These keys have not been compromised. For each of the following methods, can the exam be stolen? Can it be replaced with another? Why? (a) Srini sends the exam in plaintext. (b) Srini signs the exam with his private key, sends it. (c) Srini encrypts the exam with Daves public key, sends it. (d) Srini encrypts the exam with Daves public key, signs it with his private key. (e) Srini signs and encrypts the exam with a shared secret key. (f) Srini and Dave use Die-Hellman to negotiate a session key, and encrypt the exam using that. Page 6 C QoS Consider the gure below showing a ow passing through 2 leaky buckets before it enters the network. Packets Token wait remove token remove token Bucket size Bucket size send to network Rate Rate 3000 1 100 pkts/sec 1000 pkts/sec 8. On the next page, you are shown 4 ow behaviors. Circle those which could have been generated by the tandem leaky bucket policer. Solution: The 2nd and 4th graphs. The rst graph is wrong because there can only be 3 seconds of peak rate 1000 pkts/sec. The third graph is wrong because the maximum number of packets in a single second is 1000. Circle 1 correct graph (with or without anything else) 5 points. Circle 2 correct graphs (and nothing else) 10 points. Circle 3 (or more) graphs: 5 points Page 7 6000 6003 6004 6005 6006 6001 6002 12200 12100 12000 11000 8000 10000 9000 t seconds 6000 6003 6004 6005 6006 6001 6002 50 150 250 1250 2250 3250 time t seconds 6000 6003 6004 6005 6006 6001 6002 230 200 150 3230 3330 time t seconds 6000 600,000 6001 6002 6003 6004 6005 6007 6006 600,100 600,600 600,700 time t seconds to network by time t seconds Packets delivered to network by time t seconds Packets delivered to network by time t seconds Packets delivered to network by time t seconds Packets delivered Page 8 D Label Swapping You are trying to debug a problem with your companys virtual circuit-based network. A diagram of the network is shown below. A, B, and C are hosts attached to the network. S1, S2, and S3 are switches congured to act as label swapping virtual circuit switches. C 1 3 2 4 1 3 2 4 1 3 2 4 A S1 S2 S3 B The label swapping tables for the switches are congured as follows. Some of the entries are stale and not actually in use right now. Switch Input Port Input Label Output Port Output Label S1 2 2 3 4 S1 4 2 3 1 S1 4 17 2 2 S2 2 19 4 2 S2 3 1 2 19 S2 3 2 2 15 S2 3 5 4 2 S2 4 2 2 1 S2 4 1 4 1 S3 2 1 1 2 S3 2 2 4 5 S3 4 1 1 1 S3 4 4 1 5 Page 9 9. Write the sequence of (Switch, Input Port, Input Label) tuples and the destination node and label for each of these packets. Weve given you the start node and starting label. The intermediate tuples should look like (S1, 1, 999) [e.g., switch S1, input port 1, label 999]. (a) Start node A, label 17. Switch tuples: Solution: (S1, 4, 17) (S2, 4, 2) Dest node and nal label: Solution: (b) Start node A, label 2. Switch tuples: Solution: Dest node and nal label: Solution: (c) Start node C, label 1. Switch tuples: Solution: Dest node and nal label: Solution: 10. You are explaining your network to a colleague, who remarks on an interesting feature of your network. (a) What do you tell your colleague when she asks why you congured the paths for packets (a) and (b) above? Solution: The conguration is most likely to load balance the path between A and B. It could also be to provide a redundant fail-over path. (b) Your colleague thinks this feature is neat, and asks you how to implement it in her packet-switched, IP network. What do you tell her? Solution: This form of load balancing cant be implemented in a basic IP network that does only destination-based forwarding. 11. You notice that the network seems much more sluggish than normal. Packets are getting through, but they take a lot longer than they did before your assistant made some changes to the label swapping tables yesterday. You do some debugging and nd that the problem shows up when node B starts transmitting with local label 19. Whats going on? Page 10 E Congestion Window 12. Consider the following plot of TCP window size as a function of time. Note that the transfer ends normally in the 26th round. 0 5 10 15 20 25 30 35 40 45 0 5 10 15 20 25 30 Transmission Round C o n g e s t i o n W i n d o w S i z e ( s e g m e n t s ) Assuming TCP Reno is the protocol experiencing the behavior shown above, answer the following ques- tions. (a) List each round other than the 16th in which a packet loss occurred. Solution: Only round 22. (b) How many packets were sent between the start of the 7th round and the end of the 15th round? Solution: 33 + 34 + ... + 41 = 333 (c) Identify the intervals of time when TCP slow start is operating. (2 pts) Solution: 1-6, 23-26 (d) Identify the intervals of time when TCP congestion avoidance is operating (AIMD). (1 pt) Solution: 6-23 (e) After the 16th transmission round, is segment loss detected by a triple duplicate ACK or by a timeout? (2 pts) Page 11 Solution: dupack (f) What is the initial value of ssthreshold at the rst transmission round? (2 pts) Solution: 32 (g) What is the value of ssthreshold at the 18th transmission round? (2 pts) Solution: 21 (h) What is the value of ssthreshold at the 24th transmission round? (2 pts) Solution: 13 (i) During what transmission round is the 70th segment sent? (2 pts) Solution: 7 (j) Assuming a packet loss is detected after the 26th round by the receipt of a triple duplicate ACK, what will be the values of the congesion-window size and of ssthreshold? (2 pts) Solution: 4,4 Page 12 F Link Utilization 13. In the simple network shown below, we would like a TCP connection to fully utilize the bottleneck link. What should we make the size of buer B? Show your calculations. Assume that the advertised receiver window is very large. The link latencies below are one-way. 100 Mbit/s Router Receiver 10 Mbit/s 20 msec buffer B Sender 20 msec Solution: buer size = RTT * Bottleneck bandwidth buer size = 80 ms * 10 Mbps buer size = 800 Kbits buer size = 100 KB (3 pts were deducted if 1-way delay was used instead of RTT) (3 pts were deducted if 100 MB vs 10MB was used) Page 13 G Mobile IP Mobile Node (128.2.87.111) Sender (121.29.13.28) FA M M S HA Home Agent (128.2.87.242) Foreign Agent (100.11.21.23) 14. A sender S is sending TCP data to a mobile host M (see Figure). Initially the mobile host is in its home network. Later on it moves to a dierent network and needs to use Mobile IP in order to receive data from S. All local area networks are Ethernets. Part 1: The sender S sends TCP data to the mobile node while is in its home network. (a) What headers does each packet have (names only), starting with the layer 2 header and up to the transport layer header? Solution: ethernet, ip, tcp (b) What are the source and destination IP addresses in the packet? Solution: src: 121.29.13.28 dst: 128.2.87.111 Part 2: The correspondent node is sending TCP data to the mobile node which has moved to the foreign network. (c) What headers does each packet have (names only), starting with the layer 2 header and up to the transport layer header, as the packets arrive at the mobiles home agent? Solution: ethernet, ip, tcp (d) What headers does each packet have (names only), starting with the layer 2 header and up to the transport layer header, as the packets arrive at the mobiles foreign agent? Solution: ethernet, ip, ip, tcp (e) What are the source and destination IP addresses in the packet in (d)? Page 14 Solution: src: 128.2.87.242 dst: 121.29.13.28 Page 15 H Wireless MAC Issues 15. Consider the following topology of wireless laptops A, B, C and D. The dotted lines indicate the range of wireless transmissions from each node. For example, B is within range of A, A & C are within range of B, B & D are within range of C and only C is within range of D. D A B C Assume that each node uses an RTS/CTS based MAC protocol (i.e. like MACAW) (a) If C is sending B an RTS, why does A know not to transmit? Solution: A hears the CTS (b) If B is sending data to C, why does D know not to transmit? Solution: D heard the RTS from C (c) Using the nodes above, give an example of the hidden terminal problem. Solution: If A wants to transmit to B and C wants to transmit to D, the transmissions will clobber each other, even though A and C cannot hear each others transmissions. (d) Irene Packet is considering implementing a walkie-talkie service for her wireless PDAs. Her pro- gram largely uses small packets to avoid delaying any voice. Should Irene use RTS/CTS for her deployment? Why? Solution: No. RTS/CTS is primarily to permit collision resolution to nish quickly. The overhead of RTS/CTS isnt worth it for really small packets. Page 16 I Web Transfer In the topology shown below, machine A is a desktop client, N is a name server (but not the authoritative name server for S), C is a Web cache, R is a router and S is a Web server. Client A is congured to use Web cache C for all requests (assume that the Web cache resolves the name for any Web server and that the client is congured with the IP address of the cache). All wires/links are ethernet segments. A N C R S Assume the following: All the machines were just booted and their associated caches (ARP, DNS, Web, persistent connection) are all empty http://S/index.html ts in a single packet Persistent HTTP connections are used among A, C, and S (i.e. you should assume that once any connection between these hosts is established it is never closed) Web caches respond to TCP requests that look like packet two in table 1 below (e.g., GET http://foo/bar/). They reply with the normal web cache contents. 16. The user on machine A, requests the web page http://S/index.html. The table below shows a number of messages sent/received in servicing this request (this is not necessarily a complete list of all packets). In addition, there are a few bogus packets that are never sent/received. The packets are not listed in temporal order - ll in the order column to indicate the order in which each packet was sent/received (1=rst, 2=second, etc.). Place an X in the order column if the packet is bogus. Table 1: HTTP Request ID Src Dst Src Port Dst Port Protocol Contents Order 1 C DNS root DNS UDP query for S 2 A C Web Cache TCP GET http://S/index.html 3 N DNS root DNS UDP query for S 4 C S HTTP TCP SYN 5 C S HTTP TCP GET index.html 6 S A HTTP TCP index.html 7 A broadcast ARP who is R 8 C A Web Cache TCP index.html 9 N C DNS UDP address for S 10 S C HTTP TCP index.html Page 17 Solution: ID Src Dst Src Port Dst Port Protocol Contents Order 1 C DNS root DNS UDP query for S X 2 A C Web Cache TCP GET http://S/index.html 2 3 N DNS root DNS UDP query for S 3 4 C S HTTP TCP SYN 5 5 C S HTTP TCP GET index.html 6 6 S A HTTP TCP index.html X 7 A broadcast ARP who is R 1 8 C A Web Cache TCP index.html 8 9 N C DNS UDP address for S 4 10 S C HTTP TCP index.html 7 Page 18 17. Assume that the client A has no local Web or DNS cache and that cache C has no DNS cache. However, all other cacheable things are cached. On a subsequent request for http://S/ index.html which of the messages from Table 1 would be eliminated (use the ID column to name the messages)? Solution: Answer: 3, 4, 5, 7, 10 Page 19 J Firewalls Sparky McFirewall has networks 10.0.2/24, 10.0.4/24 and notices that hosts 10.0.0.32, 10.0.0.252, 10.0.1.54, 10.0.3.2 and 10.0.3.129 are attacking her host 10.0.2.23. He sees that his rewall already contains: deny ip to/from 10.0.0.0/25 to any 18. Which hosts does this rule match? Which of the following rules would work to block the remaining hosts? (Select only one). A. deny ip to/from 10.0.0.0/22 B. deny ip to/from 10.0.3.0/24 C. deny ip to/from 10.0.3.2/32, deny ip to/from 10.0.3.129/32 D. deny ip to/from 10.0.0.0/22, deny ip to/from 10.0.3.0/24, E. deny ip to/from 10.0.0.0/23, deny ip to/from 10.0.3.0/24 F. deny ip to/from 10.0.0.0/24, deny ip to/from 10.0.1.0/23 G. deny ip from brain to paper 19. After adding in this rule, someone complains that they cant get to a popular web site in the rewalled range. Sparky decides to allow internal users to browse Web sites in the rewalled range. Which rules need to be added? (You may not need all of the spaces below). Src IP/mask Src Port Dst IP/mask Dst Port ACK set Action 20. A disgruntled employee tells the attacker about your new rewall rules. How could the attacker take advantage of these rules to continue attacking your hosts? The End Congratulations! Have a great summer! Page 20