A Path Layer for the Internet
|
|
- Meagan Armstrong
- 6 years ago
- Views:
Transcription
1 A Path Layer for the Internet Enabling Network Operations on Encrypted Traffic Mirja Kühlewind, Tobias Bühler, Brian Trammell, ETH Zürich Stephan Neuhaus, Roman Müntener, Zürich Univ. of Applied Sciences and Gorry Fairhurst, Univ. of Aberdeen IEEE/IFIP Conf. on Network and Service Management Tokyo, 28 November 2017 measurement architecture experimentation This project has received funding from the European Union s Horizon 2020 research and innovation programme under grant agreement No The opinions expressed and arguments employed reflect only the authors' view. The European Commission is not responsible for any use that may be made of that information.. Supported by the Swiss State Secretariat for Education, Research and Innovation under contract number The opinions expressed and arguments employed herein do not necessarily reflect the official views of the Swiss Government.
2 Increasing Deployment of Encryption architecture 2
3 Increasing Deployment of Encryption architecture % of Mozilla pageloads using TLS 2
4 Increasing Deployment of Encryption architecture % of Mozilla pageloads using TLS 2
5 Increasing Deployment of Encryption architecture % of Mozilla pageloads using TLS No management function that needs cleartext access to application headers/payload will work on the new Internet. 2
6 Protocol Stack Encryption QUIC share of egress traffic at Google (MAPRG, IETF99) QUIC: new, UDP-encapsulated transport, optimized for HTTP/2 Developed/deployed by Google, 7% of Internet traffic end Under standardization in the IETF, expected deployments QUIC encrypts everything not needed to establish communication and forward packets. Nothing that uses TCP headers will work on the new Internet, either. 3
7 Protocol Stack Encryption QUIC share of egress traffic at Google (MAPRG, IETF99) QUIC: new, UDP-encapsulated transport, optimized for HTTP/2 Developed/deployed by Google, 7% of Internet traffic end Under standardization in the IETF, expected deployments QUIC encrypts everything not needed to establish communication and forward packets. Nothing that uses TCP headers will work on the new Internet, either. 3
8 Explicit Cooperation The cleartext party is over, and DPI is dead. Encryption for privacy, security, and protocol evolvability. A third way: replace use of cleartext by in-network functions with endpoint-controlled signaling. Explicit cooperation based on declarative, advisory signals requiring no trust between endpoints and path can reduce disruption driven by increased encryption. 4
9 Introducing the Path Layer The boundary between network (hop-by-hop, stateless) and transport (end-to-end, stateful) blurred by in-network state. Approach: add a layer to the stack to support these functions and use crypto to reinforce the boundary. Application (higher-level semantics) Transport (end to end streams/messages) Network (hop by hop forwarding) Link (medium access) 5
10 Introducing the Path Layer The boundary between network (hop-by-hop, stateless) and transport (end-to-end, stateful) blurred by in-network state. Approach: add a layer to the stack to support these functions and use crypto to reinforce the boundary. Path Application (higher-level semantics) Transport (end to end streams/messages) Integrity and Confidentiality Protection (Privacy, Security, and Evolvability) Path Communication (Explicit Cooperation with On-Path Devices) UDP Encapsulation (NAT/middlebox Compatibility) Network (hop by hop forwarding) Link (medium access) 5
11 Path Layer Principles An endpoint should be able to explicitly expose signals to be used by onpath devices. Everything not intended for use by the path should be encrypted. An endpoint should be able to request signals from devices on the path. An on-path device should not be able to forge, change, or remove a signal sent by an endpoint. The endpoint should control signaling between endpoints and the path, or from one on-path device to another. It should be possible for an endpoint to request and receive signals from a previously unknown on-path device. The mechanism should present no significant surface for amplification attacks. 6
12 Applications of the Path Layer Transport-Independent On-Path State Latency Measurement Loss and Congestion Measurement Path Trace Accumulation Loss/Latency Tradeoff Path MTU Discovery }Today's talk Generic mechanism allows for future extensibility 7
13 Sender to Path Signaling sender on-path receiver 8
14 Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver 8
15 Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver signal type := value 8
16 Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver 8
17 Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver signal type == value 8
18 Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver 8
19 Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver MAC OK 8
20 Sender to Path Signaling application transport path type value encrypt MAC IP sender on-path receiver 8
21 Basic PLUS Header UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9
22 Basic PLUS Header Recognize 31 PLUS packets 0 on path UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9
23 Basic PLUS Header UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 Connection 12 state establishment setup PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9
24 Basic PLUS Header UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 PLUS Magic 0xd8007ff L R S 0 12 Connection and Association Token (CAT) Explicit stop signal teardown 20 Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9
25 Basic PLUS Header UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S Loss 28 and latency measurement Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9
26 Basic PLUS Header 31 Transport prefers 0 0 UDP Source Port loss to latency UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9
27 Basic PLUS Header Transport is reordering-tolerant 0 0 UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9
28 Basic PLUS Header UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum 8 12 PLUS Magic 0xd8007ff Connection and Association Token (CAT) L R S Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted 9
29 Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10
30 Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10
31 Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10
32 Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10
33 Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10
34 Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10
35 Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10
36 Transport-Independent On-Path State architecture packet a b zero uniflow stopping timeout idle timeout b a CATb = CATb stopping associating y x Sy=1 PSEy = PSNx stopwait associated timeout associated a b CATa = CATb PSEa = PSNb x y Sx = 1 10
37 Latency Measurement Sender Receiver PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11
38 Latency Measurement Sender Receiver PSN n PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11
39 Latency Measurement Sender Receiver PSN n RTT PSN q PSE n PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11
40 Latency Measurement Sender Receiver PSN n RTT delay PSN q PSE n PSN n+1 PSE q PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11
41 Latency Measurement Sender Receiver PSN n RTT delay PSN q PSE n PSN n+1 PSE q Observer PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11
42 Latency Measurement Sender Receiver PSN n RTT delay PSN q PSE n RTTfwd PSN n+1 PSE q Observer PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11
43 Latency Measurement Sender Receiver PSN n RTT delay PSN q PSE n RTTfwd PSN n+1 PSE q RTTrev Observer PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11
44 Latency Measurement Sender Receiver PSN n RTT RTTfwd PSN q PSE n RTTest delay PSN n+1 PSE q RTTrev = RTTfwd + RTTrev Observer PSN/PSE are explicit measurement signals replacing TCP SEQ/ACK + TSOPT 11
45 Path to Receiver Signaling with Feedback sender on-path receiver 12
46 Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver 12
47 Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver signal type := value 12
48 Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver 12
49 Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver signal type := value 12
50 Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver 12
51 Path to Receiver Signaling with Feedback application transport path type value encrypt partial MAC IP sender on-path receiver signal type == value MAC OK 12
52 Path to Receiver Signaling with Feedback application transport fb type=value encrypt path IP sender on-path receiver 12
53 Path to Receiver Signaling with Feedback application transport fb type=value encrypt path IP sender on-path receiver 12
54 Extended PLUS Header UDP Source Port UDP Destination Port 4 UDP Length UDP Checksum PLUS Magic 0xd8007ff Connection and Association Token (CAT) Packet Serial Number (PSN) Packet Serial Echo (PSE) L R S 1 28 PCF Type PCF Len II PCF Value (varlen) Encrypted 13
55 Extended PLUS Header Extensible 12 signal type UDP Source Port UDP Length PLUS Magic 0xd8007ff UDP Destination Port UDP Checksum Connection and Association Token (CAT) 28 PCF Type PCF Len II Packet Serial Number (PSN) Packet Serial Echo (PSE) Encrypted PCF Value (varlen) L R S 1 13
56 Extended PLUS Header Extensible 12 signal type UDP Source Port UDP Length UDP Destination Port UDP Checksum PLUS Magic 0xd8007ff TLV supports Connection unknown signal and Association Token (CAT) handling Packet Serial Number (PSN) 28 PCF Type PCF Len II Packet Serial Echo (PSE) Encrypted PCF Value (varlen) L R S 1 13
57 Extended PLUS Header Extensible 12 signal type UDP Source Port UDP Destination Port Integrity Indicator UDP Length specifies UDP Checksum which portion of the PLUS Magic 0xd8007ff PCF Value is covered L R Sby 1 the TLV supports partial MAC Connection unknown signal and Association Token (CAT) handling Packet Serial Number (PSN) 28 PCF Type PCF Len II Packet Serial Echo (PSE) Encrypted PCF Value (varlen) 13
58 Extended PLUS Header Extensible 12 signal type UDP Source Port UDP Destination Port Integrity Indicator UDP Length specifies UDP Checksum which portion of the PLUS Magic 0xd8007ff PCF Value is covered L R Sby 1 the TLV supports partial MAC Connection unknown signal and Association Token (CAT) handling Variable-length value, Packet Serial Number (PSN) semantics defined by Packet Serial Echo (PSE) signal type 28 PCF Type PCF Len II Encrypted PCF Value (varlen) 13
59 Loss and Congestion Measurement PSN is serial, so sequence gaps can be used to estimate one-point upstream loss and loss between two points. Full-path loss requires signaling using extended header: PCF type: 1 len:[2,4,8,16] II: 11(full) Cumulative Loss Count (uint[8,16,32,64]) Cumulative ECE Count (uint[8,16,32,64]) Feed-forward of cumulative loss and ECE seen by sender allows accurate counting anywhere along the path. Sender-side sampling allows efficiency tradeoff. 14
60 Path Tracing sender receiver Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. 15
61 Path Tracing sender receiver Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. 15
62 Path Tracing sender receiver Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path:
63 Path Tracing sender receiver Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path:
64 Path Tracing sender receiver Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 Orange path:
65 Path Tracing sender receiver Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 Orange path:
66 Path Tracing sender receiver Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 Orange path: 238 Green path:
67 Path Tracing sender receiver Each PLUS-aware hop XORs random value per node to PCF type 4 value. Value at receiver indicates which path was taken without identifying path. Red path: 1207 Orange path: 238 Green path:
68 Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16
69 Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16
70 Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16
71 Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16
72 Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16
73 Transport interfaces to PLUS: pilot implementation work under QUIC architecture handshake handshake security (TLS+QUIC packet protection) verify error packet protected packet + pseudoheader packet transport layer (QUIC) receive signal path layer (PLUS) UDP/IP (via socket) feedback request security (TLS+QUIC packet protection) packet + pseudoheader (AD) protected packet packet transport layer (QUIC) send signal path layer (PLUS) UDP/IP (via socket) MTU (a) receiver-side interfaces (b) sender-side interfaces 16
74 Building PLUS-aware middleboxes with fd.io VPP fd.io VPP: framework for building userspace network devices on any DPDK platform, using packet vectors for scalability. PLUS middlebox support implemented as VPP nodes Core node handles state machine and basic header flags One extension node per PCF type Modifications to UDP logic to recognize PLUS magic DPDK input IPv4 input IPv4 lookup IPv4 local IPv4/UDP lookup PLUS basic header PCF additional nodes output 17
75 PLUS and QUIC Both PLUS and QUIC propose encryption and UDP encapsulation to enable transport evolution. PLUS proposes additional explicit signaling to replace information that encryption removes. Declarative and advisory, but better than inference. Many basic PLUS features appear in QUIC in diminished form: QUIC's PN is a PSN, but without echo QUIC's CID is a CAT, but not on every packet Additional QUIC features proposed based on PLUS experience: No PSE, but latency spin bit proposed to replace it for passive RTT 18
76 Conclusions Adding a path layer to the Internet architecture to enable explicit cooperation between endpoints and middleboxes can support transport protocol evolution while replacing manageability and measurability lost through encryption. PLUS provides a testbed for experimenting with explicit cooperation approaches. 19
The Impact of Transport Header Encryption on Operation and Evolution of the Internet
The Impact of Transport Header Encryption on Operation and Evolution of the Internet draft-fairhurst-tsvwg-transport-encrypt Gorry Fairhurst University of Aberdeen (MAMI) Colin Perkins University of Glasgow
More informationObserving Internet Path Transparency
Observing Internet Path Transparency Brian Trammell, ETH Zürich (with Mirja Kühlewind, Elio Gubser, Piet De Vaere, Iain Learmonth, Gorry Fairhurst, Roman Muntener, and Stephan Neuhaus) AIMS 2017, CAIDA,
More informationState of ECN and improving congestion feedback with AccECN in Linux
tate of ECN and improving congestion feedback with AccECN in Linux Mirja Kühlewind Nov 10, 2016 NetDev 2.2 Conference, eoul, Korea measurement architecture experimentation
More informationThe Impact of Transport Header Encryption on Operation and Evolution of the Internet
The Impact of Transport Header Encryption on Operation and Evolution of the Internet draft-fairhurst-tsvwg-transport-encrypt-04 Gorry Fairhurst University of Aberdeen Colin Perkins University of Glasgow
More informationAdvanced Computer Networking. CYBR 230 Jeff Shafer University of the Pacific QUIC
CYBR 230 Jeff Shafer University of the Pacific QUIC 2 It s a Google thing. (Originally) 3 Google Engineering Motivations Goal: Decrease end-user latency on web To increase user engagement So they see more
More informationOn the State of ECN and TCP Options on the Internet
On the State of ECN and TCP Options on the Internet PAM 2013, March 19, Hong Kong Mirja Kühlewind Sebastian Neuner Brian
More informationThe Impact of Transport Header Encryption on Operation and Evolution of the Internet. draft-fairhurst-tsvwg-transport-encrypt-04
The Impact of Transport Header Encryption on Operation and Evolution of the Internet draft-fairhurst-tsvwg-transport-encrypt-04 Gorry Fairhurst, Colin Perkins Transport Transports discover and adapt to
More informationPacketization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels
Packetization Layer Path Maximum Transmission Unit Discovery (PLPMTU) For IPsec Tunnels draft-spiriyath-ipsecme-dynamic-ipsec-pmtu-01 Shibu Piriyath, Umesh Mangla, Nagavenkata Suresh Melam, Ron Bonica
More informationUNIT IV -- TRANSPORT LAYER
UNIT IV -- TRANSPORT LAYER TABLE OF CONTENTS 4.1. Transport layer. 02 4.2. Reliable delivery service. 03 4.3. Congestion control. 05 4.4. Connection establishment.. 07 4.5. Flow control 09 4.6. Transmission
More informationNetworks these days need to handle a lot more
Editor: Yong Cui cuiyong@tsinghua.edu.cn Innovating Transport with : Design Approaches and Research Challenges Yong Cui, Tianxiang Li, and Cong Liu Tsinghua University, China Xingwei Wang Northeastern
More informationMultipath QUIC: Design and Evaluation
Multipath QUIC: Design and Evaluation Quentin De Coninck, Olivier Bonaventure quentin.deconinck@uclouvain.be multipath-quic.org QUIC = Quick UDP Internet Connection TCP/TLS1.3 atop UDP Stream multiplexing
More informationChapter 5 End-to-End Protocols
Chapter 5 End-to-End Protocols Transport layer turns the host-to-host packet delivery service of the underlying network into a process-to-process communication channel Common properties that application
More informationSchahin Rajab TCP or QUIC Which protocol is most promising for the future of the internet?
Schahin Rajab sr2@kth.se 2016 04 20 TCP or QUIC Which protocol is most promising for the future of the internet? Table of contents 1 Introduction 3 2 Background 4 2.1 TCP 4 2.2 UDP 4 2.3 QUIC 4 2.4 HTTP
More informationTCP : Fundamentals of Computer Networks Bill Nace
TCP 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross Administrivia Lab #1 due now! Reminder: Paper Review
More informationCSE 461 The Transport Layer
CSE 461 The Transport Layer The Transport Layer Focus How do we (reliably) connect processes? This is the transport layer Topics Naming end points UDP: unreliable transport TCP: reliable transport Connection
More informationAdding Passive Measurability to QUIC
Institut für Technische Informatik und Kommunikationsnetze Piet De Vaere Adding Passive Measurability to QUIC Master Thesis MA-2017-16 September 2017 to April 2018 Tutor: Prof. Dr. Laurent Vanbever Supervisor:
More informationDissemination of Paths in Path-Aware Networks
Dissemination of Paths in Path-Aware Networks Christos Pappas Network Security Group, ETH Zurich IETF, November 16, 2017 PANRG Motivation How does path-awareness extend to the edge? 2 PANRG Motivation
More informationxkcd.com End To End Protocols End to End Protocols This section is about Process to Process communications.
xkcd.com 1 2 COS 460 & 540 End to End Protocols 3 This section is about Process to Process communications. or the how applications can talk to each other. 5- (UDP-TCP).key - November 9, 2017 Requirements
More informationCS 421: COMPUTER NETWORKS SPRING FINAL May 24, minutes. Name: Student No: TOT
CS 421: COMPUTER NETWORKS SPRING 2012 FINAL May 24, 2012 150 minutes Name: Student No: Show all your work very clearly. Partial credits will only be given if you carefully state your answer with a reasonable
More informationIP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia
IP - The Internet Protocol Based on the slides of Dr. Jorg Liebeherr, University of Virginia Orientation IP (Internet Protocol) is a Network Layer Protocol. IP: The waist of the hourglass IP is the waist
More informationcs144 Midterm Review Fall 2010
cs144 Midterm Review Fall 2010 Administrivia Lab 3 in flight. Due: Thursday, Oct 28 Midterm is this Thursday, Oct 21 (during class) Remember Grading Policy: - Exam grade = max (final, (final + midterm)/2)
More informationLink download full: Test Bank for Business Data Networks and Security 9th Edition by Panko https://digitalcontentmarket.org/download/business-data-networks-and-security-9thedition-by-panko/ Business Data
More informationIPSec. Overview. Overview. Levente Buttyán
IPSec - brief overview - security associations (SAs) - Authentication Header (AH) protocol - Encapsulated Security Payload () protocol - combining SAs (examples) Overview Overview IPSec is an Internet
More informationReliable Transport I: Concepts and TCP Protocol
Reliable Transport I: Concepts and TCP Protocol Stefano Vissicchio UCL Computer Science COMP0023 Today Transport Concepts Layering context Transport goals Transport mechanisms and design choices TCP Protocol
More informationA New Internet? RIPE76 - Marseille May Jordi Palet
A New Internet? RIPE76 - Marseille May 2018 Jordi Palet (jordi.palet@theipv6company.com) -1 (a quick) Introduction to HTTP/2, QUIC and DOH and more RIPE76 - Marseille May 2018 Jordi Palet (jordi.palet@theipv6company.com)
More informationCSE 461 Connections. David Wetherall
CSE 461 Connections David Wetherall djw@cs.washington.edu Connections Focus How do we (reliably) connect processes? This is the transport layer Topics Naming processes TCP / UDP Connection setup / teardown
More informationQUIC: the details. Robin Marx PhD researcher Hasselt University. Curl-up Prague March 2019
QUIC: the details Robin Marx - @programmingart PhD researcher Hasselt University https://quic.edm.uhasselt.be Curl-up Prague March 2019 QUIC in Theory and Practice @ DeltaV 2018 https://www.youtube.com/watch?v=b1sqfjixjtc
More informationTCP/IP Protocol Suite
TCP/IP Protocol Suite Computer Networks Lecture 5 http://goo.gl/pze5o8 TCP/IP Network protocols used in the Internet also used in today's intranets TCP layer 4 protocol Together with UDP IP - layer 3 protocol
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 8 Announcements Plan for Today: Networks: TCP Firewalls Midterm 1: One week from Today! 2/17/2009 In class, short answer, multiple choice,
More informationICS 351: Networking Protocols
ICS 351: Networking Protocols IP packet forwarding application layer: DNS, HTTP transport layer: TCP and UDP network layer: IP, ICMP, ARP data-link layer: Ethernet, WiFi 1 Networking concepts each protocol
More informationMore Accurate ECN Feedback in TCP draft-ietf-tcpm-accurate-ecn-04
More Accurate ECN Feedback in TCP draft-ietf-tcpm-accurate-ecn-04 Bob Briscoe, CableLabs Mirja Kühlewind, ETH Zürich Richard cheffenegger, NetApp IETF-100 Nov 2017 Problem (Recap) Congeston Existence,
More informationEITF25 Internet Techniques and Applications L7: Internet. Stefan Höst
EITF25 Internet Techniques and Applications L7: Internet Stefan Höst What is Internet? Internet consists of a number of networks that exchange data according to traffic agreements. All networks in Internet
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationMiddleboxes in Cellular Networks
Middleboxes in Cellular Networks Szilveszter Nádas, Salvatore Loreto Ericsson Research, Szilveszter.Nadas@ericsson.com, Salvatore.Loreto@ericsson.com November 4, 2014 Abstract This is a position paper
More informationNetwork Layer (1) Networked Systems 3 Lecture 8
Network Layer (1) Networked Systems 3 Lecture 8 Role of the Network Layer Application Application The network layer is the first end-to-end layer in the OSI reference model Presentation Session Transport
More informationIslamic University of Gaza Faculty of Engineering Department of Computer Engineering ECOM 4021: Networks Discussion. Chapter 5 - Part 2
Islamic University of Gaza Faculty of Engineering Department of Computer Engineering ECOM 4021: Networks Discussion Chapter 5 - Part 2 End to End Protocols Eng. Haneen El-Masry May, 2014 Transport Layer
More informationAn Industry view of IPv6 Advantages
An Industry view of IPv6 Advantages March 2002 Yanick.Pouffary@Compaq.Com Imagine what IPv6 can do for you! 1 Where we are Today IPv4 a victim of its own success IPv4 addresses consumed at an alarming
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationStream Control Transmission Protocol
Chapter 13 Stream Control Transmission Protocol Objectives Upon completion you will be able to: Be able to name and understand the services offered by SCTP Understand SCTP s flow and error control and
More informationECE 435 Network Engineering Lecture 10
ECE 435 Network Engineering Lecture 10 Vince Weaver http://web.eece.maine.edu/~vweaver vincent.weaver@maine.edu 28 September 2017 Announcements HW#4 was due HW#5 will be posted. midterm/fall break You
More informationTransport Layer Marcos Vieira
Transport Layer 2014 Marcos Vieira Transport Layer Transport protocols sit on top of network layer and provide Application-level multiplexing ( ports ) Error detection, reliability, etc. UDP User Datagram
More informationUser Datagram Protocol
Topics Transport Layer TCP s three-way handshake TCP s connection termination sequence TCP s TIME_WAIT state TCP and UDP buffering by the socket layer 2 Introduction UDP is a simple, unreliable datagram
More informationCASP Cross- Application Signaling Protocol
CASP Cross- Application Signaling Protocol Henning Schulzrinne August 27, 2002 Overview Protocol properties Message delivery Transport protocol usage Message forwarding Message format Next-hop discovery
More informationQuickly Starting Media Streams Using QUIC
Quickly Starting Media Streams Using QUIC Packet Video Workshop 2018 Şevket Arısu and Ali C. Begen Agenda Motivation and our goal Previous work and our contributions Approach, setup and evaluation Results
More information416 Distributed Systems. Networks review; Day 2 of 2 Fate sharing, e2e principle And start of RPC Jan 10, 2018
416 Distributed Systems Networks review; Day 2 of 2 Fate sharing, e2e principle And start of RPC Jan 10, 2018 1 Last Time Modularity, Layering, and Decomposition Example: UDP layered on top of IP to provide
More informationCSEP 561 Connections. David Wetherall
CSEP 561 Connections David Wetherall djw@cs.washington.edu Connections Focus How do we (reliably) connect processes? This is the transport layer Topics Naming processes TCP / UDP Connection setup / teardown
More informationIntroduction to Computer Networks. CS 166: Introduction to Computer Systems Security
Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet
More informationBusiness Data Networks and Security 10th Edition by Panko Test Bank
Business Data Networks and Security 10th Edition by Panko Test Bank Chapter 2 Network Standards 1) Internet standards are published as. A) RFCs B) IETFs C) TCP/IPs D) Internet Protocols Question: 1a Objective:
More informationIPv6: Are we really ready to turn off IPv4? Geoff Huston APNIC
IPv6: Are we really ready to turn off IPv4? Geoff Huston APNIC The IPv6 Timeline 1990 2000 2010 2020 The IPv6 Timeline Yes, we ve been working on this for close to 30 years! 1990 2000 2010 2020 In-situ
More informationCPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION
CPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION Department of Computer Science University of Calgary Professor: Carey Williamson March 8, 2013 This is a CLOSED BOOK exam. Textbooks, notes, laptops,
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationbitcoin allnet exam review: transport layer TCP basics congestion control project 2 Computer Networks ICS 651
bitcoin allnet exam review: transport layer TCP basics congestion control project 2 Computer Networks ICS 651 Bitcoin distributed, reliable ("hard to falsify") time-stamping network each time-stamp record
More informationMultipath QUIC: Design and Evaluation
Multipath QUIC: Design and Evaluation Quentin De Coninck, Olivier Bonaventure quentin.deconinck@uclouvain.be multipath-quic.org Outline The QUIC protocol Designing Multipath for QUIC Experimental Design
More informationAN exam March
AN exam March 29 2018 Dear student This exam consists of 7 questions. The total number of points is 100. Read the questions carefully. Be precise and concise. Write in a readable way. Q1. UDP and TCP (25
More informationOSI Transport Layer. Network Fundamentals Chapter 4. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1
OSI Transport Layer Network Fundamentals Chapter 4 Version 4.0 1 Transport Layer Role and Services Transport layer is responsible for overall end-to-end transfer of application data 2 Transport Layer Role
More informationPart VI. Appendixes. Appendix A OSI Model and Internet Protocols Appendix B About the CD
Part VI Appendixes Appendix A OSI Model and Internet Protocols Appendix B About the CD OSI Model and Internet Protocols APPENDIX A In this appendix, you will Learn about the OSI model Review the network
More informationCSCI 466 Midterm Networks Fall 2013
CSCI 466 Midterm Networks Fall 2013 Name: This exam consists of 6 problems on the following 7 pages. You may use your single-sided hand-written 8 ½ x 11 note sheet and a calculator during the exam. No
More informationSquare Pegs in a Round Pipe: Wire-Compatible Unordered Delivery In TCP and TLS
Square Pegs in a Round Pipe: Wire-Compatible Unordered Delivery In TCP and TLS Jana Iyengar*, Bryan Ford + Syed Obaid Amin* +, Michael F. Nowlan +, Nabin Tiwari* *Franklin & Marshall College + Yale University
More informationCSEP 561 Connections. David Wetherall
CSEP 561 Connections David Wetherall djw@cs.washington.edu Connections Focus How do we (reliably) connect processes? This is the transport layer Topics Naming processes Connection setup / teardown Sliding
More informationReliable Transport I: Concepts and TCP Protocol
Reliable Transport I: Concepts and TCP Protocol Brad Karp UCL Computer Science CS 3035/GZ01 29 th October 2013 Part I: Transport Concepts Layering context Transport goals Transport mechanisms 2 Context:
More informationCSCI-GA Operating Systems. Networking. Hubertus Franke
CSCI-GA.2250-001 Operating Systems Networking Hubertus Franke frankeh@cs.nyu.edu Source: Ganesh Sittampalam NYU TCP/IP protocol family IP : Internet Protocol UDP : User Datagram Protocol RTP, traceroute
More informationARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1
ARP, IP, TCP, UDP CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1 IP and MAC Addresses Devices on a local area network have IP addresses (network layer) MAC addresses (data
More informationStudent ID: CS457: Computer Networking Date: 3/20/2007 Name:
CS457: Computer Networking Date: 3/20/2007 Name: Instructions: 1. Be sure that you have 9 questions 2. Be sure your answers are legible. 3. Write your Student ID at the top of every page 4. This is a closed
More informationA New Internet? Introduction to HTTP/2, QUIC and DOH
A New Internet? Introduction to HTTP/2, QUIC and DOH and more LACNIC 29 - Panamá May 2018 Jordi Palet (jordi.palet@theipv6company.com) -1 Internet is Changing More and more, Internet traffic is moving
More informationDetNet. Flow Definition and Identification, Features and Mapping to/from TSN. DetNet TSN joint workshop IETF / IEEE 802, Bangkok
DetNet Flow Definition and Identification, Features and Mapping to/from TSN DetNet TSN joint workshop IETF / IEEE 802, Bangkok Balázs Varga 2018-11-11 DetNet - Data plane and related functions Page 1 Balázs
More information416 Distributed Systems. Networks review; Day 1 of 2 Jan 5 + 8, 2018
416 Distributed Systems Networks review; Day 1 of 2 Jan 5 + 8, 2018 1 Distributed Systems vs. Networks Low level (c/go) Run forever Support others Adversarial environment Distributed & concurrent Resources
More informationAn SCTP-Protocol Data Unit with several chunks
SCTP for Beginners Section 2 SCTP Packets he protocol data units (PDU) of SCTP are called SCTP packets. If SCTP runs over IP (as described in RFC2960 ), an SCTP packet forms the payload of an IP packet.
More informationTransport: How Applications Communicate
Transport: How Applications Communicate Week 2 Philip Levis 1 7 Layers (or 4) 7. 6. 5. 4. 3. 2. 1. Application Presentation Session Transport Network Link Physical segments packets frames bits/bytes Application
More informationCommunication Networks
Communication Networks Spring 2018 Laurent Vanbever nsg.ee.ethz.ch ETH Zürich (D-ITET) March 19 2018 Materials inspired from Scott Shenker & Jennifer Rexford Last week on Communication Networks Reliable
More informationSDN-based Network Obfuscation. Roland Meier PhD Student ETH Zürich
SDN-based Network Obfuscation Roland Meier PhD Student ETH Zürich This Talk This thesis vs. existing solutions Alice Bob source: Alice destination: Bob Hi Bob, Hi Bob, Payload encryption ǾǼōĦ
More informationRequest for Comments: 4755 Category: Standards Track December 2006
Network Working Group V. Kashyap Request for Comments: 4755 IBM Category: Standards Track December 2006 Status of This Memo IP over InfiniBand: Connected Mode This document specifies an Internet standards
More informationSolution to Question 1: ``Quickies'' (25 points, 15 minutes)
Solution to Question : ``Quickies'' (25 points, 5 minutes) What is meant by the term statistical multiplexing? Answer: In statistical multiplexing, data from multiple users (senders) is sent over a link.
More informationEE-379 Embedded Systems and Applications Introduction to Ethernet
EE-379 Embedded Systems and Applications Introduction to Ethernet Cristinel Ababei Department of Electrical Engineering, University at Buffalo Spring 2013 Note: This course is offered as EE 459/500 in
More informationMobile IP and Mobile Transport Protocols
Mobile IP and Mobile Transport Protocols 1 IP routing Preliminaries Works on a hop-by-hop basis using a routing table 32 bits: 129.97.92.42 Address = subnet + host (Mobility No packet for you) Two parts»
More informationProgramming Assignment 3: Transmission Control Protocol
CS 640 Introduction to Computer Networks Spring 2005 http://www.cs.wisc.edu/ suman/courses/640/s05 Programming Assignment 3: Transmission Control Protocol Assigned: March 28,2005 Due: April 15, 2005, 11:59pm
More informationChapter 11. User Datagram Protocol (UDP)
Chapter 11 User Datagram Protocol (UDP) Outline Process-to-process communication User datagram Checksum UDP operation Use of UDP UDP package Figure 11-1 Position of UDP in the TCP/IP Protocol Suite The
More informationIntroduction to TCP/IP networking
Introduction to TCP/IP networking TCP/IP protocol family IP : Internet Protocol UDP : User Datagram Protocol RTP, traceroute TCP : Transmission Control Protocol HTTP, FTP, ssh What is an internet? A set
More informationOutline Computer Networking. Functionality Split. Transport Protocols
Outline 15-441 15 441 Computer Networking 15-641 Lecture 10: Transport Protocols Justine Sherry Peter Steenkiste Fall 2017 www.cs.cmu.edu/~prs/15 441 F17 Transport introduction TCP connection establishment
More informationConnections. Topics. Focus. Presentation Session. Application. Data Link. Transport. Physical. Network
Connections Focus How do we connect processes? This is the transport layer Topics Naming processes Connection setup / teardown Flow control Application Presentation Session Transport Network Data Link
More informationCSCI-1680 Transport Layer I Rodrigo Fonseca
CSCI-1680 Transport Layer I Rodrigo Fonseca Based partly on lecture notes by David Mazières, Phil Levis, John Janno< Today Transport Layer UDP TCP Intro Connection Establishment Transport Layer "#$ -##$
More informationNAT, IPv6, & UDP CS640, Announcements Assignment #3 released
NAT, IPv6, & UDP CS640, 2015-03-03 Announcements Assignment #3 released Overview Network Address Translation (NAT) IPv6 Transport layer User Datagram Protocol (UDP) Network Address Translation (NAT) Hacky
More informationCSCI-1680 Network Layer:
CSCI-1680 Network Layer: Wrapup Rodrigo Fonseca Based partly on lecture notes by Jennifer Rexford, Rob Sherwood, David Mazières, Phil Levis, John JannoA Administrivia Homework 2 is due tomorrow So we can
More informationTCP/IP Protocol Suite 1
TCP/IP Protocol Suite 1 Stream Control Transmission Protocol (SCTP) TCP/IP Protocol Suite 2 OBJECTIVES: To introduce SCTP as a new transport-layer protocol. To discuss SCTP services and compare them with
More informationTCP /IP Fundamentals Mr. Cantu
TCP /IP Fundamentals Mr. Cantu OSI Model and TCP/IP Model Comparison TCP / IP Protocols (Application Layer) The TCP/IP subprotocols listed in this layer are services that support a number of network functions:
More informationSCTP s Reliability and Fault Tolerance
SCTP s Reliability and Fault Tolerance Brad Penoff, Mike Tsai, and Alan Wagner Department of Computer Science University of British Columbia Vancouver, Canada Distributed Systems Group Seattle Conference
More informationTransport layer. UDP: User Datagram Protocol [RFC 768] Review principles: Instantiation in the Internet UDP TCP
Transport layer Review principles: Reliable data transfer Flow control Congestion control Instantiation in the Internet UDP TCP 1 UDP: User Datagram Protocol [RFC 768] No frills, bare bones Internet transport
More informationCSCI-1680 Transport Layer I Rodrigo Fonseca
CSCI-1680 Transport Layer I Rodrigo Fonseca Based partly on lecture notes by David Mazières, Phil Levis, John Jannotti Today Transport Layer UDP TCP Intro Connection Establishment From Lec 2: OSI Reference
More informationTransport layer. Review principles: Instantiation in the Internet UDP TCP. Reliable data transfer Flow control Congestion control
Transport layer Review principles: Reliable data transfer Flow control Congestion control Instantiation in the Internet UDP TCP 1 UDP: User Datagram Protocol [RFC 768] No frills, bare bones Internet transport
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationCSC 4900 Computer Networks: Security Protocols (2)
CSC 4900 Computer Networks: Security Protocols (2) Professor Henry Carter Fall 2017 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message Integrity 8.4 End point Authentication
More informationIPv6 Protocol. Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer Cisco Systems, Inc.
IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer fmajstor@cisco.com Cisco Systems, Inc. 1 Agenda IPv6 Primer IPv6 Protocol Security Dual stack approach
More informationTransport Layer. Application / Transport Interface. Transport Layer Services. Transport Layer Connections
Application / Transport Interface Application requests service from transport layer Transport Layer Application Layer Prepare Transport service requirements Data for transport Local endpoint node address
More informationInternet Control Message Protocol
Internet Control Message Protocol The Internet Control Message Protocol is used by routers and hosts to exchange control information, and to inquire about the state and configuration of routers and hosts.
More informationPLEASE READ CAREFULLY BEFORE YOU START
MIDTERM EXAMINATION #2 NETWORKING CONCEPTS 03-60-367-01 U N I V E R S I T Y O F W I N D S O R - S c h o o l o f C o m p u t e r S c i e n c e Fall 2011 Question Paper NOTE: Students may take this question
More informationECE697AA Lecture 3. Today s lecture
ECE697AA Lecture 3 Transport Layer: TCP and UDP Tilman Wolf Department of Electrical and Computer Engineering 09/09/08 Today s lecture Transport layer User datagram protocol (UDP) Reliable data transfer
More informationNetworking for Data Acquisition Systems. Fabrice Le Goff - 14/02/ ISOTDAQ
Networking for Data Acquisition Systems Fabrice Le Goff - 14/02/2018 - ISOTDAQ Outline Generalities The OSI Model Ethernet and Local Area Networks IP and Routing TCP, UDP and Transport Efficiency Networking
More informationRID IETF Draft Update
RID IETF Draft Update Kathleen M. Moriarty INCH Working Group 5 August 2004 This work was sponsored by the Air Force under Air Force Contract Number F19628-00-C-0002. "Opinions, interpretations, conclusions,
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8
CIS 551 / TCOM 401 Computer and Network Security Spring 2007 Lecture 8 Announcements Reminder: Project 1 is due on tonight by midnight. Midterm 1 will be held next Thursday, Feb. 8th. Example midterms
More informationCS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [NETWORKING] Frequently asked questions from the previous class surveys
CS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [NETWORKING] The Receiver's Buffer Small it may be But throttle the mightiest sender It can Not just the how much But also the when Or if at all Shrideep Pallickara
More informationTCP modifications for Congestion Exposure
TCP modifications for Congestion Exposure ConEx 82. IETF Taipei November 17, 2011 draft-kuehlewind-conex-tcp-modifications-01 Mirja Kühlewind Richard Scheffenegger
More information