18/05/2018 Network001

Cours Réseaux et Securité informatique

Protocol
The rules used for communication between two parties
The rules for how two entities communicate Specifies types of messages sent, syntax/format of messages, the
order of messages sent/received among network entities and actions taken on message transmission/receipt,
the timing of messages (what to do when you can't do anything).

Internet Protocol Stack

Application : supports end-user services and network applications HTTP, SMTP, DNS, FTP, NTP
Transport : end to end data transfer TCP, UDP
Network : routing of datagrams from source to destination IPv4, IPv6, BGP, RIP, Addressing and routing
Data link : how to communicate over a single link, channel access, framing, flow/error control, hop by hop basis
PPP, Ethernet, IEEE 802.11b Wi-fi, etc.
Physical : transmission of bits Digital sends over communication into bits

Data Link Layer L2

Introduction, Services

Layer-Number : 2
Data Unit : Frame (encapsulates datagram)
Responsibility : transferring datagram from one node to physically adjacent node over a link
Encapsulation: IP packet goes into a frame (Ethernet,..) and router deals with it accordingly

(1) Define a service model to offer to higher layer, Design decision between
Connected-oriented ACK’d (Point-to-Point protocol, in dial-up modems) / Un-ACK’d (ATM Asynchronous
Transfer Mode on reliable fiber-optic connection)
Connectionless: ACK’d (WiFi, ACK’s in NL) / Un-ACK’d (Ethernet because it’s highly reliable and directly
connected)

(2) Framing: format, size, delimiters, etc. Encapsulate datagram into frame, adding header
(3) Link access / addressing MACs (48-bit space which are unique identifiers), Trailer Channel access if
shared medium "MAC" addresses used in frame headers to identify source, destination
Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 1/16
18/05/2018 Network001

(4) Link management (Control and manage the operation of the link, might be full/half/duplex), flow control,
error control, reliable delivery

LLC: error control, flow control, all the reliable data transfer elements (timeout, retransmission), half-duplex vs
full-duplex
MAC: regulate access to a shared link with multiple stations
Full/Half duplex: can listen and send at the same time / can only listen or send at one point (nodes at both
ends of link can transmit, but not at same time)

Flow control: Pacing between adjacent sending and receiving nodes (Reliable delivery between adjacent
nodes)
Error detection: Errors caused by signal attenuation, noise. Receiver detects presence of errors: Signals
sender for retransmission or drops frame
Error correction: Receiver identifies and corrects bit error(s) without resorting to retransmission

Link Layer Implementation

On each host, DLL implemented in "adaptor" (NIC)/on a chip card (Ethernet/802.11); Ethernet chipset
Implements link, physical layer, it is attached into host’s system buses Combination of hardware, software,
firmware

Sending side : Encapsulates datagram in frame, Adds error checking bits, rdt, flow control, etc.
Receiving side: Looks for errors (detection/correction), rdt, flow control, etc. Extracts datagram, passes to
upper layer at receiving side

Multiple Access Protocols

Types of links:
Point-to-point PPP for dial-up access Point-to-point link between Ethernet switch, host
Broadcast BC (shared wire or medium) (Old-fashioned Ethernet 802.11 wireless LAN)
Problem : Two or more simultaneous transmissions by nodes: interference Collision if node receives two or
more signals at the same time.

Multiple access protocol (MAC Medium Access Control) : Distributed algorithm that determines how nodes
share channel, i.e. determine when node can transmit, Communication about channel sharing must use
Typesetting math: 100%
channel itself
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 2/16
18/05/2018 Network001

1- MAC Protocoles :
Channel partitioning : Divide channel into smaller "pieces" (Time(slots)/Frequency Division), Allocate them to
node for exclusive use Share channel. efficiently and fairly at high load, Inefficient at low lad: delay in channel
access, 1/N bandwidth allocated even if only 1 active node

2- Random access : Channel not divided, allow collisions "Recover" from collisions, Efficient at low load: single
node can fully utilize channel High load: collision overhead CSMA, CSMA/CD (used in Ethernet), CSMA/CA
(used in 802.11)

3- Taking turns : Nodes take turns, but nodes with more to send can take longer turns Uses best of both worlds
Polling from central site, token passing Bluetooth, FDDI, token ring

Carrier Sense Multiple Access (CSMA) Carrier Sense : Listen before transmit, If channel sensed idle:
transmit entire frame else (busy): defer transmission
Collisions : propagation delay means two nodes may not hear each other’s transmission. it can still occur and
the entire packet transmission time wasted
Collision Detection wired LANs: measure signal strengths, compare transmitted, received signals (easy),
wireless LANs: received signal strength overwhelmed by local transmission strength (Difficult). Colliding
transmissions aborted, reducing channel wastage

Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Algorithm:

when a station has a frame to send

sense the channel
IF idle, then transmit
IF busy, then wait until idle before transmitting
IF collision occurs
THEN abort frame transmission
send jamming signal
(distributed, make noise on channel to tell
everyone on it that there was a collision)
wait random time and try again

Ethernet

LAN technology(Invented at Xerox PARC in 1970s)

Topologies :
Bus: All nodes in same collision domain (can collide with each other) Wiretap to connect stations
Star: Active switch in center Each 'spoke' runs a (separate) Ethernet protocol

Variable-sized frames Min/Max legal size is 64/1518 bytes

MAC : CSMA/CD CSMA with Collision Detection Multiple versions with varying speeds 100 mbps, 1 Gbps (Gig
e), 10 Gbps, 100 Gbps

Ethernet Frame Structure

Payload : Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet
frame
Preamble: 7 bytes with pattern 10101010 followed by one byte with pattern 10101011 Used to synchronize
receiver, sender clock rates.
Addresses: 6 byte source, destination MAC addresses If adapter receives frame with matching destination
Typesetting math: 100%
address, or with broadcast address (e.g. ARP packet), it passes data in frame to network layer protocol
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 3/16
18/05/2018 Network001

Otherwise, adapter discards frame

Type: Indicates higher layer protocol (mostly IP but others possible, e.g. Novell IPX, AppleTalk) Length field,
which is a type field in the modern version, Describes any encapsulation
CRC: Cyclic redundancy check at receiver Cyclic Repeat Code Error detected: frame is dropped

Switchs

Switch: Multiple Simultaneous Transmissions, Link-layer device: takes an active role Store (buffer packets),
forward Ethernet frames, Examine incoming frame’s MAC address, selectively forward frame to one-or-more
outgoing links when frame is to be forwarded on segment, uses CSMA/CD to access segment,
Transparent(Hosts are unaware of presence of switches), Plug-and-play, Self-learning, No configuration
(not need to be).

Ethernet protocol used on each incoming link, full duplex (Each link is its own collision domain (Different
Ethernet segments, do not collide))
Switching: A-to-A’ and B-to-B’ can transmit simultaneously, without collisions (Both transmit at same time)

Switch: Self-Learning
switch table : each switch has one, where each entry has (MAC address of host, interface to reach host, time
stamp), Entries maintained (switch know A' is reachable via interface 4, and B' reachable via interface 5).

Switch learns which hosts can be reached through which interfaces When frame received, switch "learns" the
location of sender: incoming LAN segment Records sender/location pair in switch table (initially empty).

When frame arrives at switch, it knows it came from interface 1 – looks at mac address of who sent it, records
in switch table (Mac A comes from device connected on interface 1) Puts a timer (remember it for 60 minutes)
and when it expires, it will update a new entry.

Frame filtering/forwarding

when frame received at switch:

record incoming link, MAC address of sending host
index switch table using MAC destination address
IF entry found for destination
THEN
IF destination on segment from which frame arrived
THEN drop frame
Typesetting math: 100%
ELSE forward frame on interface indicated by entry

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 4/16
18/05/2018 Network001

Frame destination, A', location

If known: selectively send on just one link
If unknown : flood the frame out to all segments (broadcast), A’ replies back because (frame addressed to
them). The switch learns where A’ was (interface 4).

Interconnecting Switches

Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 5/16
18/05/2018 Network001

Collision domain : is a logical network segment where data packets can “collide” with one another for being
sent on a shared medium
BraodCast Domain : is a logical network segment in which any computer connected to the network can directly
transmit to any other in the domain without having to go through a routing device.

Spanning Tree Protocol

Braodcast storm BS : switches endlessly flood broadcast frames to all ports, are a possibility when redundant
paths exist on a network
STP : mechanism is required to prevent BS. Bridge Protocol Data Unit BPDU messages echangés entre les
switches. Algo STP

1- Root switch election : In switched net, SW.root is elected. each SW has 1@MAC and 1N°PRIO
parametrable (0x8000 PDF), is SW.ID(BID). SW with less PRIO win. Case(Equality) with @MAC smallest win.

2- Root ports specification : Switchs will specify one and only one port as root port using the cost associated
with link (with shortest path to the root switch, using fields path cost and port ID of BPDU). case equality POR
with min port ID win.

3- Identifying designated ports : For each NT.SGM links SW, 1POR_designed (PORdsg) is identified. Those
Typesetting math: 100%
SGM can link plus than 2SW. PORdsg is POR linking to SGM connecting direct to ROT.
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 6/16
18/05/2018 Network001

4- Blocking loops POR neither is PORrot nor PORdsg is blocked (can receive BPDU but not retransmit).

5- Topology changed reapply the STP-Algorithm

Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 7/16
18/05/2018 Network001

Virtual LAN VLAN

LAN Single broadcast domain: All layer-2 broadcast traffic (ARP, DHCP, unknown location of destination MAC
address) must cross entire LAN
Virtual Local Area Network Switch(es) supporting VLAN capabilities can be configured to define multiple
virtual LANS over single physical LAN infrastructure (Take a single physical switch and logically separate into
multiple pieces)
Port-based VLAN : Switch ports grouped (by switch management software) so that a single physical switch
operates as multiple virtual switches

Typesetting math: 100%

Traffic isolation: Frames to/from ports 1-8 can only reach ports 1-8
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 8/16
18/05/2018 Network001

Can define VLAN based :

Port , MAC addresses
Dynamic membership: Ports can be dynamically assigned among VLANs
Forwarding between VLANS: Done via routing (just as with separate switches)

VLANs Spanning Multiple Switches

Trunk port: Carries frames between VLANS defined over multiple physical switches,
Frames forwarded within VLAN between switches must carry VLAN ID info.
802.1q protocol adds/removed additional header fields for frames forwarded between trunk ports.
803.1Q VLAN Frame Format

Network Layer L3

Routing/Forwarding : determine route (end-to-end path through network) taken by packets from source to
destination over many hops and move packets from router's input to appropriate router output (determines local
forwarding).
Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 9/16
18/05/2018 Network001

Internet Protocol (IP)

Connection-less network layer protocol, Defined in RFC 791 (1981), Data-oriented, no guarantee model
IP Packet Format :
Time-to-live: value decremented by every router and if it goes to 0, too many hops, infinite loop. Router throws
a packet with a TTL of 0.
Hop count: if packet hasn’t made it within ~30 hops, it is probably in a loop and will get thrown away Upper
layer protocol
Length – 16 bits (65536 Bytes), MTU size typically 1500
Fragmentation/reassembly : If a large packet (size) sent and the network router doesn’t allow that size, it
breaks it up into smaller pieces. (Flgs More fragments, don’t fragment (will drop packet)) (Offsets expressed in
multiple of 8 bytes) Final destination assembles all spaces, knows from header the original size and sees the
identifiers; also knows the offsets and waits for missing pieces (buffer overflow ‘ping of death’)

IPv4 Addressing

IP address (@i): 32-bit identifier for host/router for each interface (multiple) (IP addresses associated with each
interface)
Interface: connection between host/router and physical link
@i has two parts : network (left 1,2 or 3 bytes) part to address nets ( 2|N|−([|N|/8])
) et host (right 3,2 or 1 bytes)
part to address hosts (2
|H |−2 ) and divided into 5 classes :
Typesetting math: 100%
Special IPs :
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 10/16
18/05/2018 Network001

127.0.0.1: loopback interface

192.68.0.0./18: private IP (non-routable IP addresses Not routable packets, not supposed to show up on the
internet)
10.0.0.0/8, 172.16.0.0/12
Allow you to hide computers inside network in these experimental/private IP addresses
255 broadcast (all hosts or all networks) Address refers to a broadcast function Can send one packet to
multiple computers.

Address Resolution Protocol (ARP and reverse RARP)

The address resolution protocol (arp) is a protocol used by the Internet Protocol (IP) [RFC826], specifically
IPv4, to map IP network addresses to the hardware addresses used by a data link protocol. The protocol
operates below the network layer as a part of the interface between the OSI network and OSI link layer. It is
used when IPv4 is used over Ethernet.
The types of ARP message are: ARP request ARP reply RARP request RARP reply

When a computer tries to contact a remote computer on the same LAN.

It is assumed that no previous IP datagrams have been received form this computer
ARP must first be used to identify the MAC address of the remote computer.
Arp request message ("who is X.X.X.X tell Y.Y.Y.Y", where X.X.X.X and Y.Y.Y.Y are IP addresses) is sent using
the Ethernet broadcast address.(Ethernet protocol type of value 0x806).
Since it is broadcast, it is received by all systems in the same collision domain (LAN).
Target will receive a copy of the query. Only this responds. The other systems discard the packet silently.
The target forms an arp response (@i "X.X.X.X is @p hh:hh:hh:hh:hh:hh").
Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 11/16
18/05/2018 Network001

This packet is unicast to the address of the computer sending the query (Y.Y.Y.Y).
Since the original request also included the hardware address (Ethernet source address) of the requesting
computer, this is already known (not require another arp message to find this out).

Subnetting

Device interfaces with same subnet part of IP address can physically reach each other without intervening
router. Subnetworks - different IPs
old way : Recursive re-partitioning within the host field of an IP address. Network part –correct organization/IP
address block Subnet splits byte space with host. Host part that uniquely identifies computer

Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 12/16
18/05/2018 Network001

IP Addressing: CIDR

Classless, InterDomain Routing, Subnet portion of address of arbitrary length. Address format: a.b.c.d/x,
where x is number of bits in subnet portion of address. Define arbitrary boundary between network and host ID

Routing Algorithms

Routing algorithm determines end-to-end path through network (routes)

using structure called routing table with entries [SubNet, Interface, Cost]

RA type :
Global: All routers have complete topology, link cost information Link State algorithms
Decentralized : Router knows physically-connected neighbors (link costs to them), Iterative process of
computation, exchange of info. Distance Vector algo

Static: Routes change slowly over time

Dynamic: Routes change more quickly Periodic update In response to link cost changes
Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 13/16
18/05/2018 Network001

Intra-AS RIP (DV) OSPF (LS)

Inter-AS BGP (LS++)

Link State

algorithm : Dijkstra’s algorithm

parameters : Net topology, link costs known to all nodes
startegy : Link state broadcast

All nodes have same info

Computes least cost paths from one node (source) to all other nodes
Gives forwarding table for that node

Iterative: after k iterations, know least cost path to k destinations

Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 14/16
18/05/2018 Network001

- Routers send and collect info about the status (state) of each link {Up/down Who
How far}
- Flooded to other routers
- Build global info

Each router:
(1) HELLO protocol or boot up to check links and interfaces and latency (how long
it takes to contact)
(2) Construct a "link state packet LSP" Lists packets, interfaces, and how far awa
y
(3) Flood packet to other routers LSP and your connectivity and send to all other
routers
(4) Receive LSPs from others
(5) Uses Dijkstra’s algo to calculate good routes for routing table, Take global i
nfo and running algo to populate RT.

Distance Vector

Bellman-Ford equation (dynamic programming); Know immediate neighbor, not entire graph
Each router maintains a vector(destination, distance) //from everyone else
Neighbour exchange : When a router boots up, finds neighbors, and sends an update to them, keeps going on
until shared info
Done periodically and when changes occur

Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 15/16
18/05/2018 Network001

Distance Vector Algorithm

x maintains distance vector Dx = [Dx(y): y ∈ N], Dx(y) = esimate of least cost fro
m x to y
Node x:
Knows cost to each neighbor v: c(x,v)
Maintains its neighbors'distance vectors : For each neighbor v, x maintains [Dv =
Dv(y): y ∈ N]
Compute how much does it cost to the neighbor router, Key idea:
-From time-to-time, each node sends its own DV estimate (DVE) to neighbors
-When(x receives new DVE from neighbor) it updates its own DV using BF equation: D
x←minv{c(x,v)+Dv(y)} for each node y∈N

Iterative, asynchronous: Each local iteration caused by 1-Local link cost change 2- DV update message from
neighbor
Distributed : Each node notifies neighbors only when its DV changes, Neighbors then notify their neighbors if
necessary

each node
wait for (change in local link cost or message from neighbor)
recompute estimates
IF DV to any destination has changed, notify neighbors

Typesetting math: 100%

http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 16/16