T NetFPGA prototype of zfilter forwarding. Petri Jokela ericsson research, Nomadiclab
|
|
- Jacob Hampton
- 5 years ago
- Views:
Transcription
1 T NetFPGA prototype of zfilter forwarding Petri Jokela ericsson research, Nomadiclab
2 CONTENT Information centric networking Reasoning, background Forwarding with In-packet Bloom Filters Basic idea Enhancements Security Implementation The NetFPGA router and reference implementation Implementing zfilters on a NetFPGA
3 Information centric networking
4 Background Most of the work has been done in PSIRP EU FP7 project Information centric networking Publish/Subscribe for distributing data Currently, the work is going also in the Future Internet programme, as part of ICT-SHOK
5 Clean slate approach DATA as the first class citizen Users interested in data, not in the hosts Topic based publish/subscribe DDoS problems in current networks Network serves the sender Unwanted traffic can be sent against the receiver s will Target: Data delivery ONLY when explicitly requested Data published once, received multiple times BUT from different locations and at different times Asynchronous multicast: timely separated requests Data delivery from caches instead of the actual source Caching becomes an essential function in the network
6 RTFM architecture Rendezvous - matching publish and subscribe events Publish (ID) Matching Rendezvous Rendezvous Rendezvous Topology Topology Topology Subscribe (ID) Publisher fwd fwd fwd fwd fwd fwd Subscriber
7 RTFM architecture Rendezvous - matching publish and subscribe events Topology - network topology knowledge, path creation Publish (ID) Matching Rendezvous Rendezvous Rendezvous Path creation Topology Topology Topology Subscribe (ID) Publisher fwd fwd fwd fwd fwd fwd Subscriber
8 RTFM architecture Rendezvous - matching publish and subscribe events Topology - network topology knowledge, path creation Forwarding - fast delivery Matching Publish (ID) FID Rendezvous Rendezvous Rendezvous Path creation Topology Topology Topology Subscribe (ID) Publisher fwd fwd fwd fwd fwd fwd Data delivery Subscriber
9 In-packet bloom filters for packet forwarding
10 Topic based pub/sub: how to deliver data? Routing based on Topic ID 10^11 topics => enormous amount of state in forwarders State need to be changed based on subscriptions => Not scalable How about storing the state in the packet? Define the path from the source to the destination IP: include all visited IP addresses in a list - A long list of IP addresses, and we do not solve the DDoS Without IP: Include all visited nodes in the packet - Long list of Node IDs! Compress the list into a Bloom filter! - Path not visible
11 Bloom filters Probabilistic data structure, space efficient Used to test if an element is a member of a set Possibility for false positives Inserting items Hash and set bits Data 1 Data Verifying Hash and check if set Hash 1 Hash 2 Data 1
12 Link IDs and forwarding Bloom filters (zfilters) No names for nodes Each link is identified with a unidirectional Link ID Link IDs Statistically unique Periodically changing Size e.g. 256 bits Local or centrally controlled Source routing Include all Link IDs into a Bloom filter Multicasting supported Stateless ρmax = maximum amount of 1 s A A->B A->B B->C zf: A->B->C B D B->C C
13 Creation of zfilters zfilter creation Assumes knowledge of the network topology Assumes knowledge of the link IDs on the path Topology information Currently e.g. OSPF or PCE (Path Computation Element) for (G) MPLS zfilter creation can be merged with the existing protocols Once created, the zfilter can be assigned to the data source Pure zfilter based forwarding in the whole network can be put into the packet in a network router Makes it possible to run IP from the end-host
14 Forwarding decision Forwarding decision based on binary AND and CMP zfilter in the packet matched with all outgoing Link IDs Multicasting: zfilter contains more than one outgoing links Interfaces Link ID zfilter & = Yes/No zfilter
15 Example: zf creation and forwarding Topology: zfilter formation IF 1-2 IF S OR Node 1: Match and forward IF 1-2: Topic ID DATA zfilter: & = Source IF S-1 Interface Link ID IF S IF 1-3 IF 1-1 Node 1 IF 1-2 Interface Link ID IF IF IF
16 Using Link Identity Tags (LIT) Make results better with a simple trick Define n different LITs instead of a single LID LIT has the same size as LID, and also k bits set to one [Power of choices] Route creation and packet forwarding Calculate n different candidate zfilters Select the best performing zfilter, based on some policy Host 1: Iface out Link ID LIT 1 LIT 2 LIT n Host 2: Iface out Link ID LIT 1 LIT 2 LIT n Candidate zfilter zfilter 1 zfilter 2 zfilter n
17 Using Link Identity Tags (LIT) Interfaces LIT1 & = LIT2 d? & = LITn & = d BF Yes/No d BF
18 Forwarding efficiency Simulations with Rocketfuel SNDlib Forwarding efficiency with 20 subscribers ~80%
19 Forwarding efficiency Simulations with Rocketfuel SNDlib Forwarding efficiency with 20 subscribers ~80% LIT Optimized: 88% n
20 Virtual trees Popular paths can be merged into virtual trees A single Link ID for the tree Additional state in the forwarding nodes Increase scalability A virtual tree is not bound to a certain publication delivery E.g. a single tree for all AS transit traffic C D A B E F Virtual B->C->D->E
21 zfilter collection During packet traversal, the reverse zf can be easily generated Add a field in the packet for collected zfilter All routers forwarding the packet add the incoming LID to the field Once the packet arrives to the destination, the collected zf can be used to forward data to the reverse direction IF 1-1 Node 1 IF 1-2 IF 2-1 Node 2 IF 2-2 DATA c-zf zf c-zf = c-zf OR LID1-1 Interface Link ID IF IF Matching for outgoing Interface Link ID IF IF
22 Security features - zformation
23 Forwarding security Goal: to ensure (probabilistically) that hosts cannot send un-authorized traffic zfilter weaknesses zfilter replay attacks Computational attack correlate zfilters to learn link IDs Traffic injection attack Solution (z-formation): Compute LIT in line speed and bind it to path: in-coming and out-going port time: periodically changed key flow: flow identifier (e.g. IP 5-tuple / content id)
24 Secure case: z-formation aka Secure in-packet BFs IN port # OUT port # Flow ID Z K(t) Form LITs algorithmically at packet handling time LIT(d) = Z (I, K (t), In, Out, d), Secure periodic key K Input port index Output port index d BF LIT(d) & = yes/no Flow ID from the packet, e.g. Information ID IP addresses & ports d from the packet
25 Security properties zfilter works both as a forwarding ID and a capability To send, a host needs to know or guess a valid zfilter Bound to the outgoing ports along the path Traffic injection possible Hard to construct one without knowing LITs along the path Correlation attacks possible Zformation Bound to the incoming and outgoing ports Traffic injection difficult (due to binding to incoming port) Very hard to construct one without knowing keys along the path Correlation attacks possible only for a given flow ID Bound to the packet stream (flow ID) Need a cryptographically good Z algorithm
26 Injection attacks Assuming attacker knows a zfilter passing at h hops distance from attacker Left y-axis shows the probability of a single packet reaching target for various fill factors Right y-axis shows the average number of attempts for one successful injection with probability 0.5 Attack success probability max = 0.45 max = 0.50 max = 0.55 Pr = Attack path length (h) Number of attempts x ( max = 0.5)
27 Discussion Replay attacks: limited to the key lifetime As zfilters are tied to periodically changing keys (K(t)), one per node, the capabilities become expirable Brute force attack: Best attack strategy Assuming attack traffic of 1M pps (1Gbps / 1000 bits pp) > 40min to guess (with Pr=0.5) one 5-hop working zfilter (which is only usable for single host) Re-keying time? Trade-off between minimizing duration of unwanted traffic vs. overhead of zfilter renewal e.g., 1 min enough to complete transactional traffic + protect short paths Attack detection and mitigation: fpr increase: triggers detection plus e.g. blacklist mechanism on FlowID
28 zfilter implementation We had a novel forwarding mechanism Does it work? With simulations and prototyping we can verify We needed a platform that is powerful has fast interfaces supports implementing own functions is not too complex to learn and implement Decision NetFPGA seemed to meet our expectations zfilter forwarding node implementation FreeBSD was selected as the end-host implementation platform Also forwarding implementation
29 NetFPGA
30 Netfpga card general A low-cost platform suitable for research and teaching of networking hardware and router design Processing load moved from the CPU to the card Host CPU has access to the NetFPGA via registers Allows building of high-speed, hardware-accelerated networking system prototypes Uses Verilog and cross compilation environment NetFPGA project run at Stanford University Small group of people + large number of developers around the world
31 Netfpga
32 Netfpga reference implementation SCONE User level IPv4 router ARP, ICMP, PW-OSPF Telnet, web interfaces CLI: Command Line Interpreter Conf. routing table NetFPGA board HCORR; the hw part of the implementation
33 Hardware modules Reference pipeline 4 x 1Gb interfaces User data path 64-bits wide, running 125 MHz Max peak: 8Gbps RxQ Creates a module header Input Arbiter Retrieves packets from input interfaces
34 Hardware modules Reference pipeline Output Port Lookup Decision of the output port E.g. FIB on an IPv4 router Write destination port(s) to the module header Output Queues Use module header for putting the packet to the right queue(s) MAC: physical interfaces CPU: Interface to upper layer processing
35 verilog HDL - Hardware Description Language Phil Moore Similarities to programming languages Concurrency aspects: Modula, Simula Syntax: C Allows quick creation and debugging of large systems Modular design root & sub-modules Writing code Operations executed concurrently; think in clock cycles Not a sequentially processed programming language Everything can be simulated Synthesis Automatic translation of HDL into netlist of digital cells
36 Verilog Simulate in Linux Ubuntu has simulation tools Icarus Verilog Simulator Contains tools for compiling and simulating
37 zfilter implementation on a netfpga
38 Implementation - overview NS3 simulator FreeBSD 7.x: End-host and forwarding NetFPGA: Forwarding Open source: Publisher - FreeBSD Subscriber - FreeBSD Subscriber - FreeBSD NetFPGA NetFPGA
39 Features of the implementation Packet forwarding decision made when there is enough information available Packets arrive in 64-bit pieces zfilter 256 bits long Decision independently and simultaneously for each port in constant time Validity of zfilter checked simultaneously Number of 1-bits in the packet Wrong ethertype Zero TTL Variables used for routing can be modified from the user space Access specific memory addresses
40 Features of the implementation Maintains last packet forwarding information on the user space Monitoring and debugging Implemented features Basic zfilter based forwarding Link Identity Tag support Tested with 4 ports, each having 4 LITs Virtual Path support Same tests as with LITs Reverse path zfilter collection Done when the field exists MAC addresses still used Not mandatory, but no reason to remove at this point Own ethertype (ACDC) to distinguish from other packets
41 Implementation Based on the reference switch design Modifications only to the user data path input_arbiter output_port_lookup Input arbiter Parsers & LUTs output_port_selector output_queues output_queues
42 output_port_selector structure Register Interface Register access logic id_store ctrl bus data bus Status registers Header state parser Header counter Bit counter Ethertype Do zfiltering Combine results out_ports TTL
43 Functions by clock cycle Selections initialized to 1 set to 0 if comparison does not match bit counter: count bits set to one req. ID[0..63] req. ID[ ] req. ID [ ] req. ID [ ] wait for the packet, set selections to 1 get ethertype, remove inc. port from sel. set table index store TTL filter with ID [0..63] filter with ID [ ] filter with ID [ ] filter with ID [ ] Combine decisions from every table CLK cycles
44 Implementation zfilter: 500 lines of Verilog code Most of the code is in port_selector Forwarding decision simple clk) begin if (incoming_filter) // make forwarding decision selection[port]<= (selection[port])&((in_zfilter & id[port]) == id[port]); else if(out_selection_ready) out_selection<=selection; else selection<=1; end
45 overview of the New user datapath
46 Management software Configuring the id_store Read and configure LIT values Set d, the number of LITs per interface Set the length of the LITs Both real and virtual link information Testing with the software Send customizable data packets to the card, by defining outgoing interface delays between packets sizes of the packets TTL in the packet header (loop prevention) d for LIT selection the actual forwarding zfilter Collect information about the forwarding decisions made
47 Testing and measuring Early performance results Latency slightly smaller when compared to IP forwarding zf latency stays constant, independent of the network size Resource consumption 4 real and 4 virtual LITs per interface Most of the resource consumed by other components than zfiltering Path Avg. latency Std dev. Plain wire 94 µs 28 µs IP router 102 µs 44 µs zfilter 96 µs 28 µs Resource Used / Available 4-input LUTs / Slice Flip/Flops (FF) /
48 Experiences and Future work Easy to get started by using reference design Working proof-of-concept implementation Quite good initial performance results Future work Continue with the missing functionality Testing Performance measurements
49 Material available Implementations available at NetFPGA forwarding FreeBSD end-host implementation and forwarding Related publications available Jokela, Zahemszky, Esteve, Arianfar, Nikander, LIPSIN: Line-Speed Publish/Subscribe Inter-Networking, SIGCOMM '09 Keinänen, Jokela, Slavov, Implementing zfilter based forwarding node on a NetFPGA, NetFPGA Developers Workshop 2009 Esteve, Jokela, Nikander, Särelä, Ylitalo, Self-routing Denial-of- Service Resistant Capabilities using In-packet Bloom Filters, EC2ND 09
50
Overview. Implementing Gigabit Routers with NetFPGA. Basic Architectural Components of an IP Router. Per-packet processing in an IP Router
Overview Implementing Gigabit Routers with NetFPGA Prof. Sasu Tarkoma The NetFPGA is a low-cost platform for teaching networking hardware and router design, and a tool for networking researchers. The NetFPGA
More informationLIPSIN: Line speed Publish/Subscribe Inter-Networking
LIPSIN: Line Speed Publish/Subscribe Inter-Networking TR09-0001 Document Properties: Title of Contract Publish-Subscribe Internet Routing Paradigm Acronym PSIRP Contract Number FP7-INFSO-IST 216173 Start
More informationLIPSIN: Line Speed Publish/Subscribe Inter-Networking
LIPSIN: Line Speed Publish/Subscribe Inter-Networking Petri Jokela 1, András Zahemszky 1, Christian Esteve Rothenberg 2, Somaya Arianfar 1, and Pekka Nikander 1 1 Ericsson Research, NomadicLab, Finland
More informationDesign and Realization of an Information-centric Networking Architecture. Dirk Trossen, Computer Laboratory
Design and Realization of an Information-centric Networking Architecture Dirk Trossen, Computer Laboratory Outline WHY are we actually doing ICN? WHAT are the main principles? HOW could we do it? one example
More information(Deployable) Reduction of Multicast State with In-packet Bloom Filters
(Deployable) Reduction of Multicast State with In-packet Bloom Filters Petri Jokela, Heikki Mahkonen Ericsson Research, NomadicLab Kirkkonummi, Finland Christian Esteve Rothenberg University of Campinas
More informationKEY MANAGEMENT IN INFORMATION CENTRIC NETWORKING
KEY MANAGEMENT IN INFORMATION CENTRIC NETWORKING Bander A Alzahrani, Vassilios G. Vassilakis and Martin J. Reed School of Computer Science and Electronic Engineering, University of Essex, UK ABSTRACT Information
More informationNetFPGA Hardware Architecture
NetFPGA Hardware Architecture Jeffrey Shafer Some slides adapted from Stanford NetFPGA tutorials NetFPGA http://netfpga.org 2 NetFPGA Components Virtex-II Pro 5 FPGA 53,136 logic cells 4,176 Kbit block
More informationIntroduction to Information Centric Networking. Andrés Arcia-Moret N4D Lab, Computer Laboratory University of Cambridge
Introduction to Information Centric Networking Andrés Arcia-Moret N4D Lab, Computer Laboratory University of Cambridge Agenda Motivation Information Centric Networking Implementations: NDN, DONA, NetInf,
More informationOn Content-Centric Router Design and Implications
On Content-Centric Router Design and Implications Somaya Arianfar 1, Pekka Nikander 2 and Jörg Ott 1 1 Aalto University, 2 Ericsson Research, NomadicLab ABSTRACT In this paper, we investigate a sample
More informationLECTURE 8. Mobile IP
1 LECTURE 8 Mobile IP What is Mobile IP? The Internet protocol as it exists does not support mobility Mobile IP tries to address this issue by creating an anchor for a mobile host that takes care of packet
More informationDesign principles in parser design
Design principles in parser design Glen Gibb Dept. of Electrical Engineering Advisor: Prof. Nick McKeown Header parsing? 2 Header parsing? Identify headers & extract fields A???? B???? C?? Field Field
More informationPerformance analysis of Bloom filterbased
Aalto University School of Science Degree Programme of Computer Science and Engineering Sajjad Rizvi Performance analysis of Bloom filterbased multicast Master s Thesis Espoo, June 18, 2011 Supervisor:
More informationP51: High Performance Networking
P51: High Performance Networking Lecture 6: Programmable network devices Dr Noa Zilberman noa.zilberman@cl.cam.ac.uk Lent 2017/18 High Throughput Interfaces Performance Limitations So far we discussed
More informationFast Inter-domain Mobility with In-packet Bloom Filters
Fast Inter-domain Mobility with In-packet Bloom Filters Mikko Särelä Ericsson Research, NomadicLab, Finland mikko.sarela@ericsson.com Jörg Ott Aalto University, School of Science and Technology jo@netlab.tkk.fi
More informationList of groups known at each router. Router gets those using IGMP. And where they are in use Where members are located. Enhancement to OSPF
Multicast OSPF OSPF Open Shortest Path First Link State Protocol Use Dijkstra s algorithm (SPF) Calculate shortest path from the router to every possible destination Areas Limit the information volume
More informationCisco IOS Flexible NetFlow Command Reference
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationAccess Rules. Controlling Network Access
This chapter describes how to control network access through or to the ASA using access rules. You use access rules to control network access in both routed and transparent firewall modes. In transparent
More informationLecture 12: Interconnection Networks. Topics: communication latency, centralized and decentralized switches, routing, deadlocks (Appendix E)
Lecture 12: Interconnection Networks Topics: communication latency, centralized and decentralized switches, routing, deadlocks (Appendix E) 1 Topologies Internet topologies are not very regular they grew
More informationICS 351: Today's plan. routing protocol comparison encapsulation network dynamics multicasting in general IP multicasting IGMP PIM
ICS 351: Today's plan routing protocol comparison encapsulation network dynamics multicasting in general IP multicasting IGMP PIM what routing is not: Ethernet switching does not use IP addresses in any
More informationNetFPGA Update at GEC4
NetFPGA Update at GEC4 http://netfpga.org/ NSF GENI Engineering Conference 4 (GEC4) March 31, 2009 John W. Lockwood http://stanford.edu/~jwlockwd/ jwlockwd@stanford.edu NSF GEC4 1 March 2009 What is the
More informationProgrammable Dataplane
Programmable Dataplane THE NEXT STEP IN SDN? S I M O N J O U E T S I M O N. J O U E T @ G L A S G O W. A C. U K H T T P : / / N E T L A B. D C S.G L A. A C. U K GTS TECH+FUTURES WORKSHOP - SIMON JOUET
More informationA novel approach to ICN: POINT ip Over IcN the better ip. Dr. Dmitrij Lagutin, Aalto University, Finland
A novel approach to ICN: POINT ip Over IcN the better ip Dr. Dmitrij Lagutin, dmitrij.lagutin@aalto.fi, Aalto University, Finland Information Centric Networking (ICN) Information Centric Networking (ICN)
More informationInformation-Centric Networking and Software Defined Networking
Information-Centric Networking and Software Defined Networking Mays AL-Naday Martin Reed Jan 15, 2015 Introduction 1 Introduction 2 3 4 Information-Centric Networking and Media streaming Introduction Traditional
More informationCMSC 332 Computer Networks Network Layer
CMSC 332 Computer Networks Network Layer Professor Szajda CMSC 332: Computer Networks Where in the Stack... CMSC 332: Computer Network 2 Where in the Stack... Application CMSC 332: Computer Network 2 Where
More informationCisco IOS Switching Paths Overview
This chapter describes switching paths that can be configured on Cisco IOS devices. It contains the following sections: Basic Router Platform Architecture and Processes Basic Switching Paths Features That
More informationExperience with the NetFPGA Program
Experience with the NetFPGA Program John W. Lockwood Algo-Logic Systems Algo-Logic.com With input from the Stanford University NetFPGA Group & Xilinx XUP Program Sunday, February 21, 2010 FPGA-2010 Pre-Conference
More informationICS 451: Today's plan
ICS 451: Today's plan ICMP ping traceroute ARP DHCP summary of IP processing ICMP Internet Control Message Protocol, 2 functions: error reporting (never sent in response to ICMP error packets) network
More informationRouter Construction. Workstation-Based. Switching Hardware Design Goals throughput (depends on traffic model) scalability (a function of n) Outline
Router Construction Outline Switched Fabrics IP Routers Tag Switching Spring 2002 CS 461 1 Workstation-Based Aggregate bandwidth 1/2 of the I/O bus bandwidth capacity shared among all hosts connected to
More informationIP Multicast Technology Overview
IP multicast is a bandwidth-conserving technology that reduces traffic by delivering a single stream of information simultaneously to potentially thousands of businesses and homes. Applications that take
More informationLecture 9: Bridging & Switching"
Lecture 9: Bridging & Switching" CSE 123: Computer Networks Alex C. Snoeren HW 2 due Wednesday! Lecture 9 Overview" Finishing up media access Contention-free methods (rings) Moving beyond one wire Link
More informationOpenSMART: Single-cycle Multi-hop NoC Generator in BSV and Chisel
OpenSMART: Single-cycle Multi-hop NoC Generator in BSV and Chisel Hyoukjun Kwon and Tushar Krishna Georgia Institute of Technology Synergy Lab (http://synergy.ece.gatech.edu) hyoukjun@gatech.edu April
More informationLecture: Interconnection Networks
Lecture: Interconnection Networks Topics: Router microarchitecture, topologies Final exam next Tuesday: same rules as the first midterm 1 Packets/Flits A message is broken into multiple packets (each packet
More informationIP Multicast. Overview. Casts. Tarik Čičić University of Oslo December 2001
IP Multicast Tarik Čičić University of Oslo December 00 Overview One-to-many communication, why and how Algorithmic approach (IP) multicast protocols: host-router intra-domain (router-router) inter-domain
More informationFundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,
Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin, ydlin@cs.nctu.edu.tw Chapter 1: Introduction 1. How does Internet scale to billions of hosts? (Describe what structure
More informationTopics for Today. Network Layer. Readings. Introduction Addressing Address Resolution. Sections 5.1,
Topics for Today Network Layer Introduction Addressing Address Resolution Readings Sections 5.1, 5.6.1-5.6.2 1 Network Layer: Introduction A network-wide concern! Transport layer Between two end hosts
More informationCSE 123: Computer Networks Alex C. Snoeren. HW 2 due Thursday 10/21!
CSE 123: Computer Networks Alex C. Snoeren HW 2 due Thursday 10/21! Finishing up media access Contention-free methods (rings) Moving beyond one wire Link technologies have limits on physical distance Also
More informationOn the Security of In-Packet Bloom- Filter Forwarding
Aalto University School of Science Degree Programme of Computer Science and Engineering Markku Antikainen On the Security of In-Packet Bloom- Filter Forwarding Master s Thesis Espoo, June 30, 2011 Supervisors:
More informationRouting Basics ISP/IXP Workshops
Routing Basics ISP/IXP Workshops 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 addresses are 32 bits long range from 1.0.0.0 to
More informationStateless ICN Forwarding with P4 towards Netronome NFP-based Implementation
Stateless ICN Forwarding with P4 towards Netronome NFP-based Implementation Aytac Azgin, Ravishankar Ravindran, Guo-Qiang Wang aytac.azgin, ravi.ravindran, gq.wang@huawei.com Huawei Research Center, Santa
More informationFirewall Mode Overview
CHAPTER 16 This chapter describes how to set the firewall mode, as well as how the firewall works in each firewall mode. You can set the firewall mode independently for each context in multiple context
More informationTowards Future Internet
Towards Future Internet Reijo Juvonen Head of Operations, Research and Technology Nokia Siemens Networks ICT SHOK Future Internet Focus Area Director Telecom Forum '2008, TKK, 4.11.2008 1 Nokia Siemens
More informationNETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different
More informationIntroduction to Routers and LAN Switches
Introduction to Routers and LAN Switches Session 3048_05_2001_c1 2001, Cisco Systems, Inc. All rights reserved. 3 Prerequisites OSI Model Networking Fundamentals 3048_05_2001_c1 2001, Cisco Systems, Inc.
More informationChapter 6 Delivery and Routing of IP Packets
Chapter 6 Delivery and Routing of IP Packets Outline Delivery Forwarding Routing Structure of a Router Delivery v.s. Routing Delivery The way a packet is handled by the underlying networks under the control
More informationChapter 6. Delivery and Forwarding of IP Packets
Chapter 6 Delivery and Forwarding of IP Packets TCP/IP Protocol Suite 1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. OBJECTIVES: To discuss the delivery of
More informationPacketShader: A GPU-Accelerated Software Router
PacketShader: A GPU-Accelerated Software Router Sangjin Han In collaboration with: Keon Jang, KyoungSoo Park, Sue Moon Advanced Networking Lab, CS, KAIST Networked and Distributed Computing Systems Lab,
More informationECE 697J Advanced Topics in Computer Networks
ECE 697J Advanced Topics in Computer Networks Network Measurement 12/02/03 Tilman Wolf 1 Overview Lab 3 requires performance measurement Throughput Collecting of packet headers Network Measurement Active
More informationOutline. Circuit Switching. Circuit Switching : Introduction to Telecommunication Networks Lectures 13: Virtual Things
8-5: Introduction to Telecommunication Networks Lectures : Virtual Things Peter Steenkiste Spring 05 www.cs.cmu.edu/~prs/nets-ece Outline Circuit switching refresher Virtual Circuits - general Why virtual
More informationCSE 473 Introduction to Computer Networks. Final Exam. Your Name: 12/17/2014 PLEASE WRITE LEGIBLY NO POINTS FOR ILLEGIBLE ANSWERS
CSE 47 Introduction to Computer Networks Roch Guérin Final Exam Your Name: 12/17/2014 PLEASE WRITE LEGIBLY NO POINTS FOR ILLEGIBLE ANSWERS 1. [10 points] Bob has been provided with the following pair of
More informationRouting and router security in an operator environment
DD2495 p4 2011 Routing and router security in an operator environment Olof Hagsand KTH CSC 1 Router lab objectives A network operator (eg ISP) needs to secure itself, its customers and its neighbors from
More informationUsing NetFlow Sampling to Select the Network Traffic to Track
Using NetFlow Sampling to Select the Network Traffic to Track This module contains information about and instructions for selecting the network traffic to track through the use of NetFlow sampling. The
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationComputer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS
Computer Network Architectures and Multimedia Guy Leduc Chapter 2 MPLS networks Chapter based on Section 5.5 of Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley,
More informationSCAN: Scalable Content routing for
ICC 2011@kyoto SCAN: Scalable routing for content-aware Networking Munyoung Lee, Kideok Cho, Kunwoo Park, Td T Ted Taekyoung Kwon, Yanghee Choi (mylee@mmlab.snu.ac.kr) Seoul National University 2011. 6.
More informationAxon: A Low-latency Device Implementing Source-routed Ethernet
Axon: A Low-latency Device Implementing Source-routed Ethernet Abstract This paper introduces the Axon, an Ethernet-compatible device for creating large-scale, local-area networks. Specifically, an Axon
More informationMultimedia Streaming. Mike Zink
Multimedia Streaming Mike Zink Technical Challenges Servers (and proxy caches) storage continuous media streams, e.g.: 4000 movies * 90 minutes * 10 Mbps (DVD) = 27.0 TB 15 Mbps = 40.5 TB 36 Mbps (BluRay)=
More informationIntroduction to the OpenCAPI Interface
Introduction to the OpenCAPI Interface Brian Allison, STSM OpenCAPI Technology and Enablement Speaker name, Title Company/Organization Name Join the Conversation #OpenPOWERSummit Industry Collaboration
More informationConfiguring Wireless Multicast
Finding Feature Information, on page 1 Prerequisites for, on page 1 Restrictions for, on page 1 Information About Wireless Multicast, on page 2 How to Configure Wireless Multicast, on page 6 Monitoring
More informationPacketExpert PDF Report Details
PacketExpert PDF Report Details July 2013 GL Communications Inc. 818 West Diamond Avenue - Third Floor Gaithersburg, MD 20878 Phone: 301-670-4784 Fax: 301-670-9187 Web page: http://www.gl.com/ E-mail:
More informationExamination 2D1392 Protocols and Principles of the Internet 2G1305 Internetworking 2G1507 Kommunikationssystem, fk SOLUTIONS
Examination 2D1392 Protocols and Principles of the Internet 2G1305 Internetworking 2G1507 Kommunikationssystem, fk Date: January 17 th 2006 at 14:00 18:00 SOLUTIONS 1. General (5p) a) Draw the layered
More informationIP Multicast Jean Yves Le Boudec 2017
IP Multicast Jean Yves Le Boudec 2017 1 IP Multicast Unicast = send to one destination Multicast = send to a group of destinations IP has multicast addresses: 224.0.0.0/4 (i.e. 224.0.0.0 to 239.255.255.255)
More informationResource Control and Reservation
1 Resource Control and Reservation Resource Control and Reservation policing: hold sources to committed resources scheduling: isolate flows, guarantees resource reservation: establish flows 2 Usage parameter
More informationRSVP 1. Resource Control and Reservation
RSVP 1 Resource Control and Reservation RSVP 2 Resource Control and Reservation policing: hold sources to committed resources scheduling: isolate flows, guarantees resource reservation: establish flows
More informationProcessor Architectures At A Glance: M.I.T. Raw vs. UC Davis AsAP
Processor Architectures At A Glance: M.I.T. Raw vs. UC Davis AsAP Presenter: Course: EEC 289Q: Reconfigurable Computing Course Instructor: Professor Soheil Ghiasi Outline Overview of M.I.T. Raw processor
More informationAV-friendly networking. Cambridge, England
AV-friendly networking Cambridge, England www.ninetiles.com Benefits of networks for AV Live and file transfer on the same infrastructure Few high-capacity links vs many single-signal Easier to reconfigure
More informationThe Network Layer and Routers
The Network Layer and Routers Daniel Zappala CS 460 Computer Networking Brigham Young University 2/18 Network Layer deliver packets from sending host to receiving host must be on every host, router in
More informationSwitchBlade: A Platform for Rapid Deployment of Network Protocols on Programmable Hardware
SwitchBlade: A Platform for Rapid Deployment of Network Protocols on Programmable Hardware Muhammad Bilal Anwer, Murtaza Motiwala, Mukarram bin Tariq, Nick Feamster School of Computer Science, Georgia
More informationUsers Guide: Fast IP Lookup (FIPL) in the FPX
Users Guide: Fast IP Lookup (FIPL) in the FPX Gigabit Kits Workshop /22 FIPL System Design Each FIPL Engine performs a longest matching prefix lookup on a single 32-bit IPv4 destination address FIPL Engine
More informationKNOM Tutorial Internet Traffic Matrix Measurement and Analysis. Sue Bok Moon Dept. of Computer Science
KNOM Tutorial 2003 Internet Traffic Matrix Measurement and Analysis Sue Bok Moon Dept. of Computer Science Overview Definition of Traffic Matrix 4Traffic demand, delay, loss Applications of Traffic Matrix
More informationChapter 4. Routers with Tiny Buffers: Experiments. 4.1 Testbed experiments Setup
Chapter 4 Routers with Tiny Buffers: Experiments This chapter describes two sets of experiments with tiny buffers in networks: one in a testbed and the other in a real network over the Internet2 1 backbone.
More informationRouting Basics ISP/IXP Workshops
Routing Basics ISP/IXP Workshops 1 Routing Concepts IPv4 Routing Forwarding Some definitions Policy options Routing Protocols 2 IPv4 Internet uses IPv4 addresses are 32 bits long range from 1.0.0.0 to
More informationMODULE: NETWORKS MODULE CODE: CAN1102C. Duration: 2 Hours 15 Mins. Instructions to Candidates:
BSc.(Hons) Computer Science with Network Security BEng (Hons) Telecommunications Cohort: BCNS/17B/FT Examinations for 2017-2018 / Semester 2 Resit Examinations for BCNS/15A/FT, BTEL/15B/FT & BTEL/16B/FT
More informationMultiprotocol Label Switching (MPLS) on Cisco Routers
Multiprotocol Label Switching (MPLS) on Cisco Routers This document describes commands for configuring and monitoring Multiprotocol Label Switching (MPLS) functionality on Cisco routers and switches. This
More informationInstitute of Computer Technology - Vienna University of Technology. L73 - IP QoS Integrated Services Model. Integrated Services Model
Integrated Services Model IP QoS IntServ Integrated Services Model Resource Reservation Protocol (RSVP) Agenda Integrated Services Principles Resource Reservation Protocol RSVP Message Formats RSVP in
More informationDesign Intentions. IP QoS IntServ. Agenda. Design Intentions. L73 - IP QoS Integrated Services Model. L73 - IP QoS Integrated Services Model
Design Intentions Integrated Services Model IP QoS IntServ Integrated Services Model Resource Reservation Protocol (RSVP) The Internet was based on a best effort packet delivery service, but nowadays the
More informationLM1000STXR4 Gigabit Ethernet Load Module
Gigabit Ethernet Load Module Gigabit Ethernet Load Module Ixia's Gigabit Ethernet Load Modules offer complete Layer 2-3 network and routing/bridging protocol testing functionality in a single platform.
More informationRule based Forwarding (RBF): improving the Internet s flexibility and security. Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs
Rule based Forwarding (RBF): improving the Internet s flexibility and security Lucian Popa, Ion Stoica, Sylvia Ratnasamy UC Berkeley Intel Labs Motivation Improve network s flexibility Middlebox support,
More informationA Framework for Optimizing IP over Ethernet Naming System
www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul
More informationIntroduction. Introduction. Router Architectures. Introduction. Recent advances in routing architecture including
Router Architectures By the end of this lecture, you should be able to. Explain the different generations of router architectures Describe the route lookup process Explain the operation of PATRICIA algorithm
More informationLecture 11: Packet forwarding
Lecture 11: Packet forwarding Anirudh Sivaraman 2017/10/23 This week we ll talk about the data plane. Recall that the routing layer broadly consists of two parts: (1) the control plane that computes routes
More informationMobile IP. Mobile Computing. Mobility versus Portability
Mobile IP Mobile Computing Introduction Amount of mobile/nomadic computing expected to increase dramatically in near future. By looking at the great acceptance of mobile telephony, one can foresee a similar
More informationNetwork Verification: Reflections from Electronic Design Automation (EDA)
Network Verification: Reflections from Electronic Design Automation (EDA) Sharad Malik Princeton University MSR Faculty Summit: 7/8/2015 $4 Billion EDA industry EDA Consortium $350 Billion Semiconductor
More informationWhat is Multicasting? Multicasting Fundamentals. Unicast Transmission. Agenda. L70 - Multicasting Fundamentals. L70 - Multicasting Fundamentals
What is Multicasting? Multicasting Fundamentals Unicast transmission transmitting a packet to one receiver point-to-point transmission used by most applications today Multicast transmission transmitting
More informationOutline. The demand The San Jose NAP. What s the Problem? Most things. Time. Part I AN OVERVIEW OF HARDWARE ISSUES FOR IP AND ATM.
Outline AN OVERVIEW OF HARDWARE ISSUES FOR IP AND ATM Name one thing you could achieve with ATM that you couldn t with IP! Nick McKeown Assistant Professor of Electrical Engineering and Computer Science
More informationMulti-layer resource management in ICN
Multi-layer resource management in ICN M.J. Reed School of Computer Science and Electronic Engineering, University of Essex, UK PURSUIT/COMET Workshop Outline 1 Introduction 2 PURSUIT (PSIRP) architecture
More informationChapter 5 Reading Organizer After completion of this chapter, you should be able to:
Chapter 5 Reading Organizer After completion of this chapter, you should be able to: Describe the operation of the Ethernet sublayers. Identify the major fields of the Ethernet frame. Describe the purpose
More informationGuide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols
Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols 1 Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among
More informationWhat is mobility? Mobile IP. Mobility Impact on Protocol Stack (cont.) Advanced Topics in Computer Networks
Advanced Topics in Computer Networks What is mobility? spectrum of mobility, from the perspective: Mobile IP no mobility high mobility Chalermek Intanagonwiwat Slides courtesy of James F. Kurose, Keith
More informationLecture 12: Link-state Routing. Lecture 12 Overview. Router Tasks. CSE 123: Computer Networks Chris Kanich. Routing overview
Lecture : Link-state Routing CSE 3: Computer Networks Chris Kanich Lecture Overview Routing overview Intra vs. Inter-domain routing Link-state routing protocols CSE 3 Lecture : Link-state Routing Router
More informationLayer 3 Routing (UI 2.0) User s Manual
User s Manual Edition 3.3, November 2018 www.moxa.com/product Models covered by this manual: IKS-G6824A, ICS-G7826A, ICS-G7828A, ICS-G7848A, ICS-G7850A, ICS-G7852A, PT-G7828 Series 2018 Moxa Inc. All rights
More informationCS 457 Lecture 11 More IP Networking. Fall 2011
CS 457 Lecture 11 More IP Networking Fall 2011 IP datagram format IP protocol version number header length (bytes) type of data max number remaining hops (decremented at each router) upper layer protocol
More informationRouting Basics. Routing Concepts. IPv4. IPv4 address format. A day in a life of a router. What does a router do? IPv4 Routing
Routing Concepts IPv4 Routing Routing Basics ISP/IXP Workshops Forwarding Some definitions Policy options Routing Protocols 1 2 IPv4 IPv4 address format Internet uses IPv4 addresses are 32 bits long range
More informationCSE 461 MIDTERM REVIEW
CSE 461 MIDTERM REVIEW NETWORK LAYERS & ENCAPSULATION Application Application Transport Transport Network Network Data Link/ Physical Data Link/ Physical APPLICATION LAYER Application Application Used
More informationAdvanced Network Design
Advanced Network Design Organization Whoami, Book, Wikipedia www.cs.uchicago.edu/~nugent/cspp54015 Grading Homework/project: 60% Midterm: 15% Final: 20% Class participation: 5% Interdisciplinary Course
More informationIntroduction to IPv6. IPv6 addresses
Introduction to IPv6 (Chapter 4 in Huitema) IPv6,Mobility-1 IPv6 addresses 128 bits long Written as eight 16-bit integers separated with colons E.g. 1080:0000:0000:0000:0000:0008:200C:417A = 1080::8:800:200C:417A
More informationJakub Cabal et al. CESNET
CONFIGURABLE FPGA PACKET PARSER FOR TERABIT NETWORKS WITH GUARANTEED WIRE- SPEED THROUGHPUT Jakub Cabal et al. CESNET 2018/02/27 FPGA, Monterey, USA Packet parsing INTRODUCTION It is among basic operations
More informationScale Computer Networking. Scale. Problem 1 Reconnecting LANs. Lecture 8 Bridging, Addressing and Forwarding
Scale 5- Computer Networking yak yak Lecture 8 Bridging, Addressing and Forwarding What breaks when we keep adding people to the same wire? 9--06 Lecture 8: Bridging/Addressing/Forwarding Scale Problem
More informationLogiCORE IP Serial RapidIO Gen2 v1.2
LogiCORE IP Serial RapidIO Gen2 v1.2 Product Guide Table of Contents Chapter 1: Overview System Overview............................................................ 5 Applications.................................................................
More informationLecture 3: Packet Forwarding
Lecture 3: Packet Forwarding CSE 222A: Computer Communication Networks Alex C. Snoeren Thanks: Mike Freedman & Amin Vahdat Lecture 3 Overview Paper reviews Packet Forwarding IP Addressing Subnetting/CIDR
More informationConfiguring NetFlow Statistics Collection
38 CHAPTER This chapter describes how to configure NetFlow statistics on the Catalyst 4500 series switches. It also provides guidelines, procedures, and configuration examples. This feature is only available
More information