Академический Документы
Профессиональный Документы
Культура Документы
Protocol
The rules used for communication between two parties
The rules for how two entities communicate Specifies types of messages sent, syntax/format of messages, the
order of messages sent/received among network entities and actions taken on message transmission/receipt,
the timing of messages (what to do when you can't do anything).
Introduction, Services
Layer-Number : 2
Data Unit : Frame (encapsulates datagram)
Responsibility : transferring datagram from one node to physically adjacent node over a link
Encapsulation: IP packet goes into a frame (Ethernet,..) and router deals with it accordingly
(1) Define a service model to offer to higher layer, Design decision between
Connected-oriented ACK’d (Point-to-Point protocol, in dial-up modems) / Un-ACK’d (ATM Asynchronous
Transfer Mode on reliable fiber-optic connection)
Connectionless: ACK’d (WiFi, ACK’s in NL) / Un-ACK’d (Ethernet because it’s highly reliable and directly
connected)
(2) Framing: format, size, delimiters, etc. Encapsulate datagram into frame, adding header
(3) Link access / addressing MACs (48-bit space which are unique identifiers), Trailer Channel access if
shared medium "MAC" addresses used in frame headers to identify source, destination
Typesetting math: 100%
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 1/16
18/05/2018 Network001
(4) Link management (Control and manage the operation of the link, might be full/half/duplex), flow control,
error control, reliable delivery
LLC: error control, flow control, all the reliable data transfer elements (timeout, retransmission), half-duplex vs
full-duplex
MAC: regulate access to a shared link with multiple stations
Full/Half duplex: can listen and send at the same time / can only listen or send at one point (nodes at both
ends of link can transmit, but not at same time)
Flow control: Pacing between adjacent sending and receiving nodes (Reliable delivery between adjacent
nodes)
Error detection: Errors caused by signal attenuation, noise. Receiver detects presence of errors: Signals
sender for retransmission or drops frame
Error correction: Receiver identifies and corrects bit error(s) without resorting to retransmission
On each host, DLL implemented in "adaptor" (NIC)/on a chip card (Ethernet/802.11); Ethernet chipset
Implements link, physical layer, it is attached into host’s system buses Combination of hardware, software,
firmware
Sending side : Encapsulates datagram in frame, Adds error checking bits, rdt, flow control, etc.
Receiving side: Looks for errors (detection/correction), rdt, flow control, etc. Extracts datagram, passes to
upper layer at receiving side
Types of links:
Point-to-point PPP for dial-up access Point-to-point link between Ethernet switch, host
Broadcast BC (shared wire or medium) (Old-fashioned Ethernet 802.11 wireless LAN)
Problem : Two or more simultaneous transmissions by nodes: interference Collision if node receives two or
more signals at the same time.
Multiple access protocol (MAC Medium Access Control) : Distributed algorithm that determines how nodes
share channel, i.e. determine when node can transmit, Communication about channel sharing must use
Typesetting math: 100%
channel itself
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 2/16
18/05/2018 Network001
1- MAC Protocoles :
Channel partitioning : Divide channel into smaller "pieces" (Time(slots)/Frequency Division), Allocate them to
node for exclusive use Share channel. efficiently and fairly at high load, Inefficient at low lad: delay in channel
access, 1/N bandwidth allocated even if only 1 active node
2- Random access : Channel not divided, allow collisions "Recover" from collisions, Efficient at low load: single
node can fully utilize channel High load: collision overhead CSMA, CSMA/CD (used in Ethernet), CSMA/CA
(used in 802.11)
3- Taking turns : Nodes take turns, but nodes with more to send can take longer turns Uses best of both worlds
Polling from central site, token passing Bluetooth, FDDI, token ring
Carrier Sense Multiple Access (CSMA) Carrier Sense : Listen before transmit, If channel sensed idle:
transmit entire frame else (busy): defer transmission
Collisions : propagation delay means two nodes may not hear each other’s transmission. it can still occur and
the entire packet transmission time wasted
Collision Detection wired LANs: measure signal strengths, compare transmitted, received signals (easy),
wireless LANs: received signal strength overwhelmed by local transmission strength (Difficult). Colliding
transmissions aborted, reducing channel wastage
Ethernet
Payload : Sending adapter encapsulates IP datagram (or other network layer protocol packet) in Ethernet
frame
Preamble: 7 bytes with pattern 10101010 followed by one byte with pattern 10101011 Used to synchronize
receiver, sender clock rates.
Addresses: 6 byte source, destination MAC addresses If adapter receives frame with matching destination
Typesetting math: 100%
address, or with broadcast address (e.g. ARP packet), it passes data in frame to network layer protocol
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 3/16
18/05/2018 Network001
Switchs
Switch: Multiple Simultaneous Transmissions, Link-layer device: takes an active role Store (buffer packets),
forward Ethernet frames, Examine incoming frame’s MAC address, selectively forward frame to one-or-more
outgoing links when frame is to be forwarded on segment, uses CSMA/CD to access segment,
Transparent(Hosts are unaware of presence of switches), Plug-and-play, Self-learning, No configuration
(not need to be).
Ethernet protocol used on each incoming link, full duplex (Each link is its own collision domain (Different
Ethernet segments, do not collide))
Switching: A-to-A’ and B-to-B’ can transmit simultaneously, without collisions (Both transmit at same time)
Switch: Self-Learning
switch table : each switch has one, where each entry has (MAC address of host, interface to reach host, time
stamp), Entries maintained (switch know A' is reachable via interface 4, and B' reachable via interface 5).
Switch learns which hosts can be reached through which interfaces When frame received, switch "learns" the
location of sender: incoming LAN segment Records sender/location pair in switch table (initially empty).
When frame arrives at switch, it knows it came from interface 1 – looks at mac address of who sent it, records
in switch table (Mac A comes from device connected on interface 1) Puts a timer (remember it for 60 minutes)
and when it expires, it will update a new entry.
Frame filtering/forwarding
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 4/16
18/05/2018 Network001
Interconnecting Switches
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 5/16
18/05/2018 Network001
Collision domain : is a logical network segment where data packets can “collide” with one another for being
sent on a shared medium
BraodCast Domain : is a logical network segment in which any computer connected to the network can directly
transmit to any other in the domain without having to go through a routing device.
1- Root switch election : In switched net, SW.root is elected. each SW has 1@MAC and 1N°PRIO
parametrable (0x8000 PDF), is SW.ID(BID). SW with less PRIO win. Case(Equality) with @MAC smallest win.
2- Root ports specification : Switchs will specify one and only one port as root port using the cost associated
with link (with shortest path to the root switch, using fields path cost and port ID of BPDU). case equality POR
with min port ID win.
3- Identifying designated ports : For each NT.SGM links SW, 1POR_designed (PORdsg) is identified. Those
Typesetting math: 100%
SGM can link plus than 2SW. PORdsg is POR linking to SGM connecting direct to ROT.
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 6/16
18/05/2018 Network001
4- Blocking loops POR neither is PORrot nor PORdsg is blocked (can receive BPDU but not retransmit).
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 7/16
18/05/2018 Network001
LAN Single broadcast domain: All layer-2 broadcast traffic (ARP, DHCP, unknown location of destination MAC
address) must cross entire LAN
Virtual Local Area Network Switch(es) supporting VLAN capabilities can be configured to define multiple
virtual LANS over single physical LAN infrastructure (Take a single physical switch and logically separate into
multiple pieces)
Port-based VLAN : Switch ports grouped (by switch management software) so that a single physical switch
operates as multiple virtual switches
Network Layer L3
Routing/Forwarding : determine route (end-to-end path through network) taken by packets from source to
destination over many hops and move packets from router's input to appropriate router output (determines local
forwarding).
Typesetting math: 100%
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 9/16
18/05/2018 Network001
Connection-less network layer protocol, Defined in RFC 791 (1981), Data-oriented, no guarantee model
IP Packet Format :
Time-to-live: value decremented by every router and if it goes to 0, too many hops, infinite loop. Router throws
a packet with a TTL of 0.
Hop count: if packet hasn’t made it within ~30 hops, it is probably in a loop and will get thrown away Upper
layer protocol
Length – 16 bits (65536 Bytes), MTU size typically 1500
Fragmentation/reassembly : If a large packet (size) sent and the network router doesn’t allow that size, it
breaks it up into smaller pieces. (Flgs More fragments, don’t fragment (will drop packet)) (Offsets expressed in
multiple of 8 bytes) Final destination assembles all spaces, knows from header the original size and sees the
identifiers; also knows the offsets and waits for missing pieces (buffer overflow ‘ping of death’)
IPv4 Addressing
IP address (@i): 32-bit identifier for host/router for each interface (multiple) (IP addresses associated with each
interface)
Interface: connection between host/router and physical link
@i has two parts : network (left 1,2 or 3 bytes) part to address nets ( 2|N|−([|N|/8])
) et host (right 3,2 or 1 bytes)
part to address hosts (2
|H |−2 ) and divided into 5 classes :
Typesetting math: 100%
Special IPs :
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 10/16
18/05/2018 Network001
The address resolution protocol (arp) is a protocol used by the Internet Protocol (IP) [RFC826], specifically
IPv4, to map IP network addresses to the hardware addresses used by a data link protocol. The protocol
operates below the network layer as a part of the interface between the OSI network and OSI link layer. It is
used when IPv4 is used over Ethernet.
The types of ARP message are: ARP request ARP reply RARP request RARP reply
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 11/16
18/05/2018 Network001
This packet is unicast to the address of the computer sending the query (Y.Y.Y.Y).
Since the original request also included the hardware address (Ethernet source address) of the requesting
computer, this is already known (not require another arp message to find this out).
Subnetting
Device interfaces with same subnet part of IP address can physically reach each other without intervening
router. Subnetworks - different IPs
old way : Recursive re-partitioning within the host field of an IP address. Network part –correct organization/IP
address block Subnet splits byte space with host. Host part that uniquely identifies computer
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 12/16
18/05/2018 Network001
IP Addressing: CIDR
Classless, InterDomain Routing, Subnet portion of address of arbitrary length. Address format: a.b.c.d/x,
where x is number of bits in subnet portion of address. Define arbitrary boundary between network and host ID
Routing Algorithms
RA type :
Global: All routers have complete topology, link cost information Link State algorithms
Decentralized : Router knows physically-connected neighbors (link costs to them), Iterative process of
computation, exchange of info. Distance Vector algo
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 13/16
18/05/2018 Network001
Link State
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 14/16
18/05/2018 Network001
- Routers send and collect info about the status (state) of each link {Up/down Who
How far}
- Flooded to other routers
- Build global info
Each router:
(1) HELLO protocol or boot up to check links and interfaces and latency (how long
it takes to contact)
(2) Construct a "link state packet LSP" Lists packets, interfaces, and how far awa
y
(3) Flood packet to other routers LSP and your connectivity and send to all other
routers
(4) Receive LSPs from others
(5) Uses Dijkstra’s algo to calculate good routes for routing table, Take global i
nfo and running algo to populate RT.
Distance Vector
Bellman-Ford equation (dynamic programming); Know immediate neighbor, not entire graph
Each router maintains a vector(destination, distance) //from everyone else
Neighbour exchange : When a router boots up, finds neighbors, and sends an update to them, keeps going on
until shared info
Done periodically and when changes occur
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 15/16
18/05/2018 Network001
Iterative, asynchronous: Each local iteration caused by 1-Local link cost change 2- DV update message from
neighbor
Distributed : Each node notifies neighbors only when its DV changes, Neighbors then notify their neighbors if
necessary
each node
wait for (change in local link cost or message from neighbor)
recompute estimates
IF DV to any destination has changed, notify neighbors
http://localhost:8888/notebooks/Documents/notebooks/ipython/net_security/Network001.ipynb 16/16