ECE671:Homework41

Homework4assignmentforECE671Posted:03/20/18Due:03/27/18

Note:In all written assignments, please show as much of your work as you can. Even if you get a wrong answer, you can get partial credit if you show your work. If you make a mistake, it will also help the grader show you where you made a mistake.Problem1(20Points):ConsiderthenetworksetupshowninFigure1.SupposethattheISPinsteadassignstheroutertheaddress24.35.112.235andthatthenetworkaddressofthehomenetworkis192.168.100/24.

a. Assignaddressestoallinterfacesinthehomenetwork.b. SupposeeachhosthastwoongoingTCPconnections,alltoport80athost

128.119.50.186.ProvidethesixcorrespondingentriesintheNATtranslationtable.

Figure1

Solution:a) Home addresses: 192.168.100.1, 192.168.100.2, 192.168.100.3 with the

routerinterfacebeing192.168.100.4b) NAT Translation Table

WAN Side LAN Side 24.35.112.235, 4000 192.168.100.1, 3345 24.35.112.235, 4001 192.168.100.1, 3346 24.35.112.235, 4002 192.168.100.2, 3445 24.35.112.235, 4003 192.168.100.2, 3446

24.35.112.235, 4004 192.168.100.3, 3545 24.35.112.235, 4005 192.168.100.3, 3546

Problem2(25Points):QUIC

a. WhatisQUIC’sunderlyingtransportlayerprotocol?WhydidGoogledecidetomakeuseofthistransportprotocol?

b. HowmanyRTTsdoesittakeinthecaseofHTTPoverTCPuntilthefirstbitofagetrequestreachestheserver?HowmanydoesittakeinthecaseofHTTPoverQUIC?

c. WhichprotocolsdoesQUICreplace?d. BothSPDYandQUICsupportmultiplexingofmultipleflowsintooneTCP

session.WhyistherestillheadoflineblockinginthecaseofSPDY?e. DescribeindetailhowQUICachievesreliabletransmission.f. QUICmakesuseofanUUID.What’sthebenefitofemployingthisUUID?

Solution:

a. UDP.Requiredchangeslikemultipath,congestioncontroldifferentfromthestandardTCP,andFECaremucheasiertoimplement

b. 1.5;.5c. ReplacespartofTCP,TLS1.2(completely),andpartofHTTP(/2)d. SPDYstillusesTCPandthuspacketsneedtobeprocessedincorrectorder.

That’snotthecaseforQUIC.Packetlossimpactsonlyindividualflows,thereisHOLblocking.

e. ReliabletransportinQIUCisachievedthroughforwarderrorcorrection(FEC).Currently,thereisa10%overhead,meaningthatforevery10packetssent1canbelost.

f. InTCPa5-tupel(SrcIP,dest.IP,sourceport,destport,proto)isrequiredtoidentifyasession.Theseparameterspartlychangeifamobileclient,e.g.,changesfromWiFitoLTEandthesessioncannotbeeasilyidentified.ThisisdifferentifaUUIDisused.Theflowcanstillbeidentifiedeveniftheclient’sIPaddresshaschanges.

Problem3(20Points):Considerthefollowingnetwork.Withtheindicatedlinkcosts,useDjikstra’sshortest-pathalgorithmtocomputetheshortestpathfromAtoallnetworknodes.Showhowthealgorithmworksbycomputingatablebelow.

ECE671:Homework43

Figure2

St

ep

N’

D(A),p(A) D(B),p(B) D(C),p(C) D(D),p(D) D(E),p(E) D(F),p(F) D(G),p(G) D(H),p(H)

0 1 2 3 4 5 6 7 8 9 Solution:

St

ep

N’

D(A),p(A) D(B),p(B) D(C),p(C) D(D),p(D) D(E),p(E) D(F),p(F) D(G),p(G) D(H),p(H)

0 0, - ∞ ∞ ∞ ∞ ∞ ∞ ∞

A B C D

E F G H

1 A - A, 1 ∞ ∞ A, 4 A, 8 ∞ ∞ 2 AB - - B, 3 ∞ A, 4 B, 7 B, 7 ∞ 3 ABC - - B, 3 C, 4 A, 4 B, 7 C, 5 ∞ 4 ABCD - - - C, 4 A, 4 B, 7 C, 5 D, 4 5 ABCDE - - - - A, 4 B, 7 C, 5 D, 4 6 ABCDEH - - - - - B, 7 C, 5 D, 4 7 ABCDEH

G - - - - - B, 7 C, 5 -

8 ABCDEHGF

- - - - - B, 7 - -

Problem4(20Points):MultiPathTCP

a. ExplainwhytherehasbeenarecentefforttosplitaTCPsessioninoneormoresubflowsthatareroutedoverdifferentpaths?WhywasthisnotconsideredinTCP’soriginaldesign?

b. Figure3illustratesthesessionsetupfortwosubflowsofamultipathTCPsession.Intheblankpartsofthisfigurefilloutthemessagesthatareexchangedbetweenthetwoendnodes.Also,brieflyexplainwhythismethodforlinkingsubflowsisrequired.

c. FillouttheblanksinFigure4andexplainwhymultipathTCPmakesuseoftwolevelsofsequencenumbers.

d. WhatistheshortcomingofmultipathTCPincomparisontoQUICwhenitcomestopacketlosses?

e. Explainwhathappensinthecaseofi)afastretransmit,ii)timeoutexpiration,andiii)oflossofasubflow.

Figure3

SYN,Portsrc=1234,Port

dst=80

_______________________________

ACK

______________________________

MyToken=5678 YourToken=6543

MyToken=6543

ECE671:Homework45

Figure4

Solution:

a. Mobiledevicesandserversindatacentershavemorethanonenetworkinterface(multi-homing)anddatacanberoutedviadifferentpath.Inaddition,ISPstendtoroutedataovermultiplepaths.ThiswasnotthecaseinthebeginningoftheInternetwheretheonlydeviceswithmorethanoneinterfacewererouters.

b. EndnodesneedawaytoidentifytowhichmultipathTCPsessionsubflowsbelong.Thisisachievedbytheusageoftokens.ThetokeninformationisexchangedviaoptionsintheSYNmessages.

Dseq=0,seq=123,"a"

DSeq=1,seq=456,"b"

Dseq=__,seq=____,"c" Dack=__,ack=____

Dack=__,ack=____

Dack=__,ack=___

c. Gapsinsequencenumbersareoftennottoleratedbymiddleboxes.Therefore,eachsubflowusestwosequencenumbers.DseqisusedasthesubflowsequencenumberandSeqastheregularsequencenumberofthemultipathTCPflow.

d. EvenmultipathTCPhastodealwiththeheadoflineblockingissue.Datacanonlybepassedtotheapplicationifalllostsegmentshavebeenretransmitted.ThisisnotthecaseforQUIC.Inaddition,multipathTCPdoesnotprovidea

SYN,Portsrc=1234,Portdst=80+Option[Token=5678] SYN+ACK+Option[Token=6543]

ACK

SYN,Portsrc=1235,Portdst=80

+Option[Token=6543]

MyToken=5678 YourToken=6543

MyToken=6543 YourToken=5678

Dseq=0,seq=123,"a"

DSeq=1,seq=456,"b"

DSeq=2,seq=124,"c" DAck=1,ack=124

DAck=3,ack=125

DAck=2,ack=457

ECE671:Homework47

forwarderrorcorrectionmechanism,whichisbeneficialforvideoandaudiotransmissions.

e. i)Fastretransmitisperformedonthesamesubflowastheoriginaltransmission;ii)upontimeoutexpiration,reevaluatewhetherthesegmentcouldberetransmittedoveranothersubflow,iii)Uponlossofasubflow,alltheunacknowledgeddataareretransmittedonothersubflows.

Problem5(15Points):Firewall(P25)Completethefilterandconnectiontableshownbelowforastatefulfirewallthatisasrestrictiveaspossiblebutaccomplishesthefollowing:(Keepinmindthatruleshigherupinthetablehavehigherpriority!Thefirstrowshowsanexampleforarulethatallowsallinternaluserstoestablishhttpsessionswithexternalhosts.)

a. Allowallinternaluserstoestablishansmtpsessiontoamailserverat130.120.110.10.

b. Allowexternaluserstosurfthecompany’swebsiteat128.112.32.23andaccessanotherserverat128.112.32.24viassh

c. Otherwiseallinboundandoutboundtrafficshouldbeblocked

Action Source Address

Dest address Protocol Source

port Dest port

allow * * TCP * 80

Solution:Filtertable:

Action Source Address

Dest address Protocol Source

port Dest port

Flag bit

allow * * TCP * 80 any

allow * * TCP 22 > 1023 ACK

Allow * 128.112.32.23 TCP * 80 Any

Allow 128.112.32.23 * TCP 80 * Any

Allow * 128.112.32.24 TCP * 22 All

Allow 128.112.32.24 * TCP 22 * All

Deny All All All All All All