Berkeley ELENG 122 - Review – Final - D1111390

Home> Schools> University of California, Berkeley> Electrical Engineering (ELENG) > ELENG 122> Review – Final

DOC PREVIEW

Berkeley ELENG 122 - Review – Final

School name University of California, Berkeley

Course Eleng 122- Introduction to Communication Networks

Pages 6

This preview shows page 1-2 out of 6 pages.

Save

View full document

Premium Document

Do you want full access? Go Premium and unlock all 6 pages.

Access to all documents

Download any document

Ad free experience

Subscribe for instant access Get instant access

Unformatted text preview:

Walrand Final Review 2005 REVIEW Final TCP DNS QoS Security Ad Hoc Check List Review Final EECS 122 University of California Berkeley 2 Contents Index Review2 TCP TCP Service Service Protocol Phases Error Control Congestion Control Flow Control Application p1 p2 HTTP ftp DNS p1 p2 p3 ports p1 p2 Transport IP A B C A B p1 p2 TCP Byte Stream 3 TOC Congestion Control Protocol Phases Ordered reliable well paced TOC Transport Overview Illustration 4 Error Control Go Back N SYN k 3 way handshake Sender Transmitter window A 1 A N where A last ACK received without gap Transmit packets in transmitter window If timeout for ACK k retransmit k k 1 Variation fast retransmit after 3DA SYN n ACK k 1 DATA k 1 ACK n 1 ACK k n 1 data exchange Receiver FIN Receiver window P 1 P N where P last received packet without gap When gets a packet in receiver window ACK with sequence number of next expected packet close FIN ACK FIN FIN ACK TOC Transport TCP Steps EECS 122 close 5 TOC Transport TCP SWP GBN Definition 6 1 Walrand Final Review 2005 TCP Algorithm AIMD Congestion Control A Flows share links Try to be fair y C C x B y D E Limit rates x y How to share the links bandwidth x 7 TOC Congestion Control The Problem TCP Algorithm 8 TOC Congestion Control TCP Algorithm AIMD Refinements Summary Slow Start Start with W 1 Discover quickly available throughput Increase window fast W W 1 at each ACK exponential over time When TO ssthresh W 2 restart SS until ssthress CA 64KB W Congestion Avoidance AIMD W W 1 W at each ACK linear over time W W 2 when congestion is detected 3DA Fast retransmit fast recovery After timeout ssthresh W 2 SS until ssthresh X 3DA X 3DA 0 5 X Timer value A 3D A average D deviation Ignore retransmissions in calculations After TO Double timeout value reset after new ACK TOC Congestion Control TCP Algorithm AIMD 0 5 TO 1 SS 9 Flow Control 3 TO 0 5 X 0 5 3 CA SS TOC Congestion Control TCP Refinements Summary CA 10 Congestion Control Summary Objective Avoid saturating destination Algorithm Receiver avertizes window RAW Slow Start Discover available bandwidth Congestion Avoidance AIMD Tries to be fair Refinements window min RAW OUT W where OUT Oustanding Last sent last ACKed W Cong Window from AIMD refinements Fast Retransmit 3DA Fast Recovery Reset W to W 2 instead of W 1 More precisely ssthresh W 2 W ssthresh 3 W W 1 per DA after 3rd DA W ssthresh when get new ACK TO set ssthresh W 2 W 1 SS until W ssthresh then CA Timers Timeout Average 4 Deviations If time out Timeout x 2 Reset after new packet or new ACK RAW ACK RAW TOC Congestion Control TCP Refinements Flow Control EECS 122 Flow Control Window min RAW OUT W 11 TOC Congestion Control Summary 12 2 Walrand Final Review 2005 Names and Servers DNS Names and Servers Iterated Queries Summary root edu berkeley eecs sims gov com mil org net uk fr mit A zone corresponds to an administrative authority that is responsible for that portion of the hierarchy argus 13 TOC Congestion Control Summary Iterated Queries February 5 2003 Abhay Parekh EE122 S2003 Version draws from Stoica EE122 F2002 14 DNS Summary Iterated query root name server Contacted server 2 replies with name 3 of server to contact I don t know this name but ask this local name server server mango srv cs cmu edu 1 8 requesting host DNS is a crucial part of the internet Namespace is hierarchical Administration is distributed It is vulnerable in various ways but no more than other parts of the internet infrastructure Its performance is enhanced by caching DNS Hacks can enable many interesting things iterated query 4 5 intermediate name server edu server 6 7 authoritative name server ns1 berkeley edu whistler cs cmu edu www berkeley edu 15 QoS Token Buckets GPS WFQ 16 Token Bucket up to s tokens Token Buckets GPS WFQ Comparison TB WFQ r tokens s Token Counter Packet Buffer 17 EECS 122 18 3 Walrand Final Review 2005 GPS Generalized Processor Sharing GPS Definition D2 t w2 Packets are classified K classes Each class k has a weight wk At each time scheduler serves backlogged classes at a rate proportional to their weight Notes DK t w C wK Class K This is idealized since scheduler does not respect packet boundaries mixes bits of different packets Model is a simple approximation of WFQ Class k is guaranteed a service rate Cwk iwi 19 WFQ Weighted Fair Queuing 20 Comparison Definition Define Packets are classified K classes Each class j has a weight wj At each time scheduler serves backlogged classes at in increasing order of their departure times under GPS assuming no more arrivals Gn departure time of packet n under GPS Fn departure time of packet n uner WFQ Then Fn Gn M C where M maximum packet size C link rate 21 22 Security WFQ and TB A s t A t A s t s all 0 s t w Threats DDOS Cryptography Systems C Sum of weights 1 Fact If wC then the delay under WFQ is at most w M C 23 EECS 122 Contents Index Review2 Security 24 4 Walrand Final Review 2005 Threats DDOS Against Type Protection Network Link DDOS Physical Routers Tables DNS DDOS Detect Filter Detect Isolate Detect Filter Computers Physical Infection Intrusion Physical security Virus detection Firewall passport Users Identity Privacy Signature password watermark Encryption relay Documents Integrity Confidentiality Message authentication code Encryption Distributed Denial of Service Attack Basic Mechanism Saturate a link to a host by sending requests from many nodes across the Internet Effect Host is incapacitated Remedies Verify that source IP exists i e is not spoofed Block packets that DDOS tools use some ICMPs Limit rate of ICMP flows Limit rate of SYNs Trace back from last router upstream to block packets toward that link Contents Index Review2 Security Threats 25 Cryptography Channel E K Plaintext 26 Systems Bob P Contents Index Review2 Security DDOS Alice C D K Signed P P Integrity Alice Cyphertext Key Exchange Secret Key K known only to Bob and Alice Examples One time Pad DES Key Distribution Trusted Channel SK PK DiffieHellman D P H P Alice Bob A z a mod p 1 2 B z b mod p Signed A B Signed A B K B a mod p K A b mod p Public Key Alice advertises K Example RSA Note PK is more complex Notes use PK for SK exchange Contents Index Review2 Security Cryptography 1 D P Alice is not secure Find P E C Alice 2 Simple Diffie Hellman a and b is not secure Man in Middle 27 Systems Contents Index Review2 Security Systems 28 Ad Hoc Authentication Alice Definition Routing Link State vs On Demand Bob Alice psswd F X K X Check H psswd X 1 K shared

View Full Document

Berkeley ELENG 122 - Review – Final

Sign up for free to view:

This document and 3 million+ documents and flashcards
High quality study guides, lecture notes, practice exams
Course Packets handpicked by editors offering a comprehensive review of your courses
Better Grades Guaranteed


School:
Email:
New Password:
Confirm Password:

This preview shows page 1-2 out of 6 pages.

Berkeley ELENG 122 - Review – Final

Sign up for free to view:

Please select your school