agenda 1. quiz 2. lans, wans & the data link layer 3. homework & homework for next class 4....
TRANSCRIPT
Agenda
1. QUIZ 2. LANS, WANS & THE DATA LINK LAYER 3. HOMEWORK & HOMEWORK FOR NEXT CLASS 4. Perroyclinic BIDDERS CONFERENCE 5. ETHERNET AND BEYOND 6. ARCHITECTURE 7. PHYSICAL LIMITS 8. HUBS, BRIDGES, ROUTERS 9. ATM 10. ENCAPSULATION/VPN
Physical/Data Link/Network/ Layers?
Response time of a transaction:RT = (i) N(i) S(i)
N(i) = Number of times service i is needed S(i) = Time needed for completion of service i
Server i utilization:U(i) = A(i) S(i)
A(i) = Arrival rate of requests for service i
Queue length at server i:
Q(i) = U
Ui
i
()
()1
Homework-P 1 of 3
A company has a corporate network which consists of fiveEthernet LANs connected to a mainframe through 56 KBpslines. Each LAN has about 20 workstations which generate one message per second. Each message is 1000 bytes (8bits per byte). Most workstations interact with each other on their LANs with only 20% of the messages being sent to themainframe. The messages sent to the mainframe access a corporate database which services 50 I/O per second. Howmuch of a congestion problem exists on the LAN, the WAN and the mainframe database.
Homework P 2 of 3
An Advise To The Lovelorn database operates on a T-1 line.The average input is 1000 bytes of questions. The average output has 1Million bytes of answers. Database processing time averages 3 seconds. What is the total response time if you assume 8 bits per byte.
Homework P 3 of 3
Ping ns1.bangla.net. How many packets were lost?What was the response time?Now do a trace route and see how many hops it takes to get to get to ns1.bangla.net.
Homework
Visit Web site http://www.openview.hp.com and takean interactive tour. (Note: You need to sign up)
Chapter 1, Problems 10 & 12
Chapter 2, Problems 1 & 5 (less the drawing in 2-5)
Group Project
1. Hand in Team Names & Members Names (They are due on September 15th)
2. Any questions on handout?
Local Area Networks
MANs and LANs 802 Series/Origins 802.3 802.4 802.5 802.6/DQDB Data Link Layer Protocols
LANs & Layers
Source Port
802.1 Bridging
802.2 Logical Link Control
CSMA Token Token MAN IVD Wire- Future less CD Bus Ring
802.3 802.4 802.5 802.6 802.9 802.11
802.7 Broadband Tag
802.8 Fiber Optic Tag
DataLinkLayer
PhysicalLayer
Data Link & Physical Layer Entities--802.3
Data Link Layer• Data Encapsulation & decapsulation
• Establishes frame• Provides source & destination addresses• Provides error detection
• Media Access Management• Interfaces with physical layer (tx/rx frame)• Buffers frame• Provides collision avoidance• Provides collision handling
Data Link & Physical Layer Entities--802.3
Physical Layer• Data Encoding & Decoding
• Provides the signals to synchronize the stations (preamble)• Encodes the binary data stream to self-clocking Manchester code at transmit site & decodes at receive site
• Channel Access• Introduces the physical signal onto the channel on the transmit side and receives it on the receive side• Senses if a carrier is on the channel• Detects a collision on the channel
TCP/IP Protocol Suite
User ApplicationsTelnet FTP SMTP XWindows TFTP NFS SunRPC SNMPTransmission Control Protocol
(TCP)User Datagram Protocol
(UDP)Internet Protocol (IP)
Physical Network
IEEE 802.3 Frame Format CSMA/CD
Pre-amble
To Fromaddr addr
Data Pad Check sum
7 1 2/6 2/6 2 0 - 1500 0 - 46 4
Start of framedelimiter
Length ofdata field
IEEE 802.5 Frame Format Token Ring
Data Checksum
1 1 1 2/6 2/6 No Limit 4 1 1
SD AC ED
1 1 1
Token
Frame controlAccess control
Starting delimiter
To Fromaddr addr
End delimiter
Frame status
IEEE 802.4 Frame Format Token Bus
Data Checksum
1 1 1 2/6 2/6 0 - 8182 4 1
Frame controlAccess control
Starting delimiter
To Fromaddr addr
End delimiter
IEEE 802.X Frame Format Efficiency
What is the nominal efficiency of 802.3 (data vs. OH)? 72/1500=What is the nominal efficiency of 802.5 (data vs. OH)? 21/8182+=What is the nominal efficiency of 802.4 (data vs. OH)? 20/8182=
Data Link Layer—NM View
Framing:Character countStarting & ending with character stuffing
Starting & ending flags & bit stiffing
Coding:Error correction (Hamming distance)Error detection (Polynomial checksum)
Data Link Layer-NM View
Data Link Protocols:Synchronous Data Link Control (SDLC)High Level Data Link Control HDLC)Serial Line Internet Protocol (SLIP)Point-to-Point Protocol (PPP)Link Control Protocol (LCP)Network Control protocol (NCP)
Ethernet And Beyond
Ethernet:a. Is the current evolution of ALOHA, i.e., CSMA/CD (1) Ethernet bus data rate is 10 Mbps. When traffic reaches 40% to 70% Utilization (of the maximum) collisions cause degraded performance. (2) Utilization must be monitored to keep performance at an acceptable level.b. Has an OSI subset architecture and physical limits:
Layers In The OSI Stack
ApplicationPresentationSessionTransportNetworkData LinkPhysical
Network Managementuses some of theselevels to manage others
But how do they relateto each other?
Ethernet And Beyond
Ethernet:a. Is the current evolution of ALOHA, i.e., CSMA/CDb. Has an OSI subset architecture and physical limits:
Architecture: Network
LLCData Link MAC Sublayer
Physical Convergence LayerPMD Sublayer
Fast Ethernet
Ethernet And Beyond
Gigabit Ethernet:a. Is theoretically cheaper than FDDI and ATMb. Is 100 times faster than Ethernetc. Has an OSI subset architecture and physical limits:
Ethernet And Beyond
Gigabit Ethernet:Has an OSI subset architecture and physical limits:
Architecture: Network LLC
Data Link MAC SublayerReconciliation SublayerConvergence Sublayer
Physical PMA SublayerPMD Sublayer
Data Link Layer
Framing:Character countStarting & ending with character stuffing
Starting & ending flags & bit stiffing
Coding:Error correction (Hamming distance)Error detection (Polynomial checksum)
Ethernet And Beyond
Gigabit Ethernet:Has an OSI subset architecture and physical limits:
Topology Limits: Type 9 µ 50 µ 50 µ 62.5 µ Bal Shld UTP
SM SM MM MM Cable Cable1000BASE-LX 10 km 3 km 550 m 440 m1000BASE-SX 550 m 260 m1000BASE-CX 25 m1000BASE-T 100 m
Ethernet And Beyond
Hubs, Bridges, Routers & Switches (ATM):a. Hubs (1) Overcome length and numbers limitations limitations by connecting each DTE to a hub or stacked hubs in a wiring closet. (2) Are easily managed with the installation of patch panels {especially patch panels with decent connectors}.b. Bridges switch data between LANS (1) Provide switching and filtering (2) Operate at the Data Link layer (3) Can be transparent and use spanning tree algorithms (4) Can be source routing and used in token rings or to connect token rings with ethernet LANS
Ethernet And Beyond
Hubs, Bridges, Routers & Switches (ATM): (continued)c. Routers (1) Operate at the network level and contain tables of addresses. (2) Can optimize network performance in areas of bandwidth and latency. (3) Are fundamentally slower than bridges.b. Switches (1) Are circuit or packet (2) Operate at various levels (3) Are the fundamental characteristic of ATM implementations (4) Management issues occur at the Network Layer
The Network Layer/ATM
• Objective # 1: Minimize mean packet delay
• Objective # 2: Maximize total network throughput
The Network Layer/ATM
• Architectural Views:– Internet Community: Networking should be
connectionless.
– Telephone & ATM Communities: Networking should be connection oriented.
The Network Layer/ATM
• Routing Algorithms– Non Adaptive or Static Routing
• Shortest Path
• Flooding
• Flow based
– Adaptive• Distance Vector
• Count-to-Infinity
• Link State
The Network Layer/ATM
• Congestion Control (open loop) Algorithms– Leaky Bucket Algorithm--buffers unregulated packet
flow and converts it to a regulated flow. Excess packets are thrown away.
– Token Bucket Algorithm--allows host computers to save up packets and burst them (up to the maximum size of the bucket). Excess packets are saved at host.
The Network Layer/ATM
• Congestion Control (closed loop) Algorithms– Choke Packets--router advises source router it is getting
too heavy a utilization. Response is voluntary.
– Fair Queuing--routers have multiple queues for each output line, one for each source.
– Hop-by-Hop Choke Packets--have choke packet take effect at every hop it passes through--what’s wrong with this as a network layer strategy?
– Load shedding--routers through the packets away--what’s wrong with this as a network layer strategy?
The Network Layer/ATM
OSI ATM ATMlayer layer sublyr Functionality
3/4
2/3
2
1
AAL
ATM
Phys
CSSAR
TC
PMD
Providing the standard interfaceSegmentation and reassembly
Flow ControlCell header generation/extractionVirtual Ckt path managementCell multiplexing/demultiplexing
Cell rate decoupling Cell generationHeader, Checksum & Frame generationPacking/Unpacking cells fromenclosing envelope
Bit timing and physical network access
IP OSI SONET ATM ATMlayer layer layer layer sublyr Functionality
3/4
2/3
2
1
AAL
ATM
Phys
CSSAR
TC
PMD
Providing the standard interfaceSegmentation and reassembly
Flow ControlCell header generation/extractionVirtual Ckt path managementCell multiplexing/demultiplexing
Cell rate decoupling Cell generationHeader, Checksum & Frame generationPacking/Unpacking cells from enclosing envelope
Bit timing and physical network access
3
4
1
2
The Network Layer/ATM/IP/SONET
The Network Layer/ATM
The ATM Layer:a. Is regarded in the ATM community as a Data Link
Layer.b. Has Network Layer functionality.c. Is connection oriented, using “Virtual Channel/virtual
circuits.d. Does not provide acknowledgments--good or bad?e. Has two designated interfaces:
(1) User-Network Interface (UNI) is between hostand network (or possibly customer and carrier).
(2) Network-Network Interface (NNI) is betweenswitches (ATM version of routers).
The Network Layer/ATMThe ATM Layer five byte header:
GeneralFlow Control
4 8 16 3 1 8VirtualPathIdentifier
VirtualChannelIdentifier
Payload Type
HeaderErrorCheck
CLP
VirtualPathIdentifier
VirtualChannelIdentifier
Payload Type
CLP
HeaderErrorCheck
How many payload types are there?
The Network Layer/ATM
Characteristics of ATM service categories:
RT NRTService Characteristic CBR VBR VBR ABR UBRBandwidth guarantee Yes Yes Yes Option NoSuitable for real time traffic Yes Yes No No NoSuitable for bursty traffic No No Yes Yes YesFeedback about congestion No No No Yes No
The Network Layer/ATMATM quality of service parameters:Parameter Acronym MeaningPeak cell rate PCR Max rate at which cell will be sentSustained cell rate SCR Long term average cell rateMinimum cell rate MCR Minimum acceptable cell rateCell delay varia toler CDVT Maximum acceptable cell jitterCell loss ratio CLR Fraction of cells lost/delivered too lateCell transfer delay CTD How long delivery takes (mean to max)Cell delay variation CDV Variance in cell delivery timesCell error rate CER Fraction of cells delivered without errorCell misinsertion rate CMR Fraction of cells delivered wrong placeSeverly-errored SECBR Fraction of blocks garbled cell block ratio
WAN-Virtual Circuits
A reason to care:1. Number of countries with identified collection involvement
1997: 37 1998: 47 1999: 56 2000:632. Where they’re from:
Asia: 37% Europe: 19% Eurasia: 21% Middle East: 18%3. Technologies targeted:
Information Systems ElectronicsSensors & Lasers Marine SystemsAeronautics Biological & ChemicalEnergetic Materials Manufacturing & FabricationNuclear Technology Power SystemsSpace Systems Signature Control
WAN-Virtual Circuits
Problems For Management• VPN implementation, services & overall utility vary widely--the single complete solution that can meet all your needs does not exist• (Depending on your environment) some implementations hold distinct advantages over others
WAN-Virtual Circuits
Virtual Private Networking Version 2.01. What is a VPN?2. What is a tunnel?3. What is the relationship between VPNs and multi- system management?4. What is significance of Service Level Agreements (SLAs)?
WAN-Virtual Circuits
Virtual Private Networking Enhancers1. IPSec: • A protocol that authenticates, encapsulates (tunnels) and encrypts traffic across IP networks.• It supports key management, the Internet Key Exchange protocol & various encryptions (e.g., DES & Tripple DES) 2. Multiprotocol Label Switching (MPLS):• Defines a process in which a label is attached to an IP header to increase routing efficiency and enable routers to forward packets according to specified QoS levels.• Uses a tunneling technique.
MPLS vs. Circuit Switching
MPLS• Minimizes changes to hardware by routing and switching functions• Will establish pre-hop behavior for delay sensitive traffic• Permits bandwidth reservation and flow control over wide range of paths• Will permit bandwidth & other constraints to be considered in computes• Provides ranking to individual flows so during failure important flows go first
Circuit Switching• Hardware designs do not need to change• Minimizes delay variations
• Enables accurate bandwidth reservations• Can automatically compute routes over known/specified bandwidths• Can provide hard guarantees of service and routing
VPN Example: Cisco Secure Client
CAMPUS
X.509Cert Auth
VPN Administrator
Cisco SecureAccess ControlServer-AAA
Cisco 7100 SeriesVPN Router Extranet User
with Internet Access
Extranet Userwith Cisco SecureVPN Client
InternetVPN and/or IP-VPN
Mobile DialRemote Access Userwith Cisco Secure VPN Client
Mobile Home Userwith Cisco Secure VPN Client
VPN Example: Cisco Secure Client
Advertised Features• Full compliance with IPSec and related standards
• DES, 3DES, MD-5 & SHA-1 algorithms• Internet Key Exchange using ISAKMP/Oakley
• Interoperates with virtually all PC Windows communications devices: LAN adapters, modems, PCMCIA cards, etc.• GUI for configuring security policy and managing certificates• Easy to install and transparent to use with easy configuration for deployment to end users• Security policy can be exported and protected as read only by the VPN administrator
VPN Example: Cisco Secure Client
Advertised Applications• Travelling “Road Warrior” communications (client to gateway)• Creation of virtual “secure enclave” on unprotected network• X.509 v3 certificates• FIPS-46 DES encryption• FIPS-180-1 SHA-1 hash• FIPS-186 DSS digital signatures• CAPI 2.0: Microsoft Crypto API• PKCS: Public Key Cryptographic Standards• IP Security Standards
VPN Example: Cisco Secure Client
Internet Protocol Security Standards• RFC 2401 Security Architecture for Internet Protocol• RFC 2402 IP Authentication Header• RFC 2403 Use of HMAC-MD5-96 within ESP & AH• RFC 2404 Use of HMAC-SHA-1-96 within ESP & AH• RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV• RFC 2406 IP Encapsulating Security Payload (ESP)• RFC 2407 IP Security Domain of Interpretation for ISAKMP• RFC 2408 Internet Security Association & Key Management Protocol (ISAKMP)• RFC 2409 Internet Key Exchange (IKE)• RFC 2410 NULL Encryption Algorithm & its uses with IPSec
VPN Evaluation: Computer Networks Report
Services Wt. GTEI Uunet InfonetQuest AT&TPSINetGeogr Coverage 25% 5 3 4 2 2 2.5SLAs 25% 4 4.5 3 1.5 3 2.5Pricing 20% 2.5 5 3.5 3.5 1 1Security 20% 4.5 3.5 2 4 3.5 2QoS Support 10% 2 2 2 1 1 2Total Score 3.85 3.76 3.05 2.46 2.25 2.05
B B C+ D D DSpecific Products Evaluated: GTE Internetworking: VPN Advantage Note: Scores weighted 0-5Uunet: UUsecure VPN Direct EditionInfonet: Private InternetQuest Communications: Quest VPNAT&T: Virtual Private Network Service (VPNS)
PSINET: IntraNet
Enterprise Firewalls Problems For Management• What are you most concerned about?
• Penetration protection• Performance• Logging & reporting• Data overload• Good records
• Type to use?• Hardware (inspection only)• Proxy (software processing)
• Central or Distributed Management?
Enterprise FirewallsPotential Contradictory Goals• Penetration protection vs. performance• Logging & reporting vs. data overload• Good records vs. archival costs
Central or Distributed management• Central management creates security policy & pushes it out (security policy defined once & easier monitor or each firewall is configured separately in one GUI (good for small sites but more overhead)• Distributed management takes more people
Firewall Evaluation: Computer Networks Report
Services Wt. VPN-1 SecPIX Raptor NetScreen Sidewinder
Management 30% 4 5 4 3 2 Reporting 30% 5 4 2 2 2 Security Features 20% 5 3 5 3 3 Firewall Perform 10% 5 5 3 5 3 VPN Perform 10% 3 2 2 5 2 Total Score 4.5 4.0 3.3 3.1 2.3
A- B+ C+ C+ D Compaines: VPN-1 Gateway & VPN-1 Accellerator Card: Check Point Secure PIX: CiscoRaptor: Axent NetScreen 100 1.66: NetScreen Technologies Note: Scores weighted 0-5Sidewinder: Secure Computing