Char of Network Archtectures and Servces Department of Informatcs Techncal Unversty of Munch Note: Durng the attendance check a stcker contanng a unque QR code wll be put on ths exam. Ths QR code contans a unque number that assocates ths exam wth your matrculaton number. Ths number s prnted both next to the QR code and to the sgnature feld n the attendance check lst. Advanced Computer Networks Module: IN97 Date: 8.4.6 Examner: Prof. Dr.-Ing. Georg Carle Exam: Fnal exam P P P 3 P 4 P 5 Frst correcton Second correcton Sample Soluton Left room from to from to Early submsson at Notes
Sample Soluton
Char of Network Archtectures and Servces Department of Informatcs Techncal Unversty of Munch Fnal exam Advanced Computer Networks Ths exam conssts of Prof. Dr.-Ing. Georg Carle Char of Network Archtectures and Servces Department of Informatcs Techncal Unversty of Munch 6 pages wth a total of 5 problems and a two-sded prnted cheat sheet. Frday, 8.4.6 8:3 9:3 Please make sure now that you receved a complete copy of the exam. Subproblems marked by * can be solved wthout results of prevous subproblems. Answers are only accepted f the soluton approach s documented. Gve a reason for each answer unless explctly stated otherwse n the respectve subproblem. Do not wrte wth red or green colors nor use pencls. The total amount of achevable credts n ths exam s 6. Allowed resources: a non-annotated, prnted vocabulary Englsh natve language. Physcally turn off all electronc devces, put them nto your bag and close the bag. Sample Soluton Page / 6
Problem Quz ( credts) The followng questons cover multple topcs and can be solved ndependently of each other. a)* Connect the protocols to ther correspondng ISO/OSI layer as well as to ther correspondng term for ther PDU. Hnt: There may be terms where no/several parngs are possble. IP Frame Ethernet Segment 3 TCP Package b)* Add a sngle edge to the network n Fgure b) to ncrease the maxmum value of k when performng the k-core algorthm. Add an edge between A and D or between B and D. E D A F c)* Gven the IP address 6.49..6 and subnet mask 55.55.55.9, determne the correspondng network and broadcast addresses. Netmask 55.55.55.9 corresponds to a prefx length of 6, leavng 6 bt for the host part,. e., the subnet has a total of 64 addresses. 6.49..6 thus belongs to the frst subnet startng at 6.49.. (network address) and endng at 6.49..63 (broadcast address). Sample Soluton d)* Longest prefx matchng s an algorthm commonly used n computer networks. Where s t used specfcally and how does t work? Used n routers for determnng the best next-hop for a gven packet. Btwse AND between the packet s destnaton address and subnet mask of each entry n a router s routng table, startng at the longest (most specfc prefx). If the result matches the correspondng route s network address, the best match s found. C B Page / 6
C k d g a b c e f h S S C C Fgure.: Software defned network topology Consder the software defned network n Fgure.. The network conssts of two clents C and C and an OpenFlow controller C. In between the clents two swtches S and S are nstalled. Each of the swtches s connected to a sngle clent, to the respectve other swtch and to the controller. There are two flow tables already nstalled on the swtches: Match felds dl_type = x8, nw_proto = x, nw_src = C _src_p Match felds Table.: Flow table of S dl_type = x8, nw_proto = x6, nw_src = C _src_p Table.: Flow table of S Acton [port_c] Acton [port_e] The standard acton for a packet f no rule matches s to transmt t to the controller. The default acton of the controller s to send ncomng packets back to the swtch and to nstruct t to forward the packet to all nterfaces except the orgnal source nterface and the management port. Explanaton for match felds: dl_type: used type of payload for the data lnk layer protocol (Hnt: see cheat sheet for values, secton Ethernet) nw_proto: used type of payload for the network layer protocol (Hnt: see cheat sheet for values, secton IPv4) nw_src: source address of network protocol Sample Soluton e)* C pngs C. Lst all nterfaces an ICMP echo request packet travels through the topology n the correct order (only the request packet, not the answer packet). a, b, c, e, g,, (), g, f, h 3 Page 3 / 6
f)* Consder a swtch based on off-the-shelf hardware such as Open vswtch and a dedcated SDN swtch based on specalzed hardware. Lst two advantages for each of the swtches. Benefts of off-the-shelf hardware swtches Hardware costs are lower Standard hardware s avalable from dfferent vendors so one s less dependent on a sngle manufacturer Larger memory Benefts of hardware swtches Hgher port densty Hgher bandwdth Lower latency Sample Soluton Page 4 / 6
Problem Receve Sde Scalng (9 credts) Receve Sde Scalng (RSS) s a feature to dstrbute the network traffc to dfferent hardware queues assgned to dfferent CPU cores. Fgure. presents the sequence performed durng packet recepton on an RSS system. packet q q q n hash lookup lookup table Fgure.: Receve Sde Scalng a)* Why s the support for multple hardware queues benefcal for dstrbutng CPU load to dfferent cores nstead of usng a sngle queue. A sngle queue s used only by a dedcated core Therefore, no synchronzaton between dfferent consumers of a queue s necessary The followng calculatons use the XOR (exclusve or) and MOD (modulo) operators. The hash functon s appled on a gven IPv4 address A.B.C.D: hash(ipv4 src_addr ) = hash(a.b.c.d) = A XOR B XOR C XOR D After calculatng the hash a lookup n a hardware lookup table s performed. Ths determnes the hardware queue where packets are enqueued. CPU cores assgned to a queue process the packets afterwards. The lookup s calculated as follows: For ths problem: n = 3. lookup(hash(ipv4 src_addr )) = hash(ipv4 src_addr ) b)* Perform a hash and a lookup operaton on the IP address 9... mod n IP to hex: 9... = xc Hash & Lookup: (xc XOR x XOR x XOR x) mod 3 = xc3 mod 8 = 3 Sample Soluton c) Determne the IP addresses of the 9... / 9 subnet for the followng mappngs. 9... 9...7 3 4 5 6 7 Lookup table queue queue queue queue 3 queue 4 queue 5 queue 6 queue 7 Page 5 / 6
The lookup table has a fxed sze of 8. All cells of the lookup table must be flled at all tmes. As the cores should have a smlar utlzaton, the ncomng packets should be dstrbuted n a unform manner among the cores. You can assume that the source IP addresses are unformly dstrbuted whch leads to a unform dstrbuton for hash and lookup functon alke. d)* Gve the content of a lookup table f three queues/cores are n use. Try to approxmate the unform dstrbuton as closely as possble. MOD result 3 4 5 6 7 Core number e) Calculate the relatve probablty of packet dstrbuton for each core n percent. P, = 3 8 = 37.5% P = 8 = 5% f) What would be the deal value and how bg s the maxmum devaton. P deal = 33.33% P max_dev = P deal P = 33.33% 5% = 8.33% g)* Dependng on n, how many CPU cores/queues should be used f the dstrbuton should be met as accurately as possble? for =...n Sample Soluton Page 6 / 6
Problem 3 BGP (7 credts) Fgure 3. shows a small AS topology ncludng border routers R, R and R3. AS and AS77 are costumers of AS. AS and AS77 have a peerng agreement,. e., they exchange traffc for free. AS and AS77 own prefxes that are announced to ther customers/peerng partners. AS77 owns the prefx 9.68../, AS owns the prefx 5.7.../6. AS Owned Prefxes: 5.7../6 9..8.5 7..8.5 R R4 AS R3 9..8.4 Fgure 3.: AS topology R AS77 Owned Prefxes: 9.68../ a)* There exst two flavors of BGP. Whch ones are used between the lsted routers? R4, R3: BGP R, R3: ebgp b)* Create the routng table entry/entres for the border router of A (R) for the owned prefxes of AS77. Network destnaton Subnetmask Next hop IP address 9.68.. 55.55.4. 7..8.5 Sample Soluton Page 7 / 6
An attacker controllng AS wants to snff the traffc that s exchanged between AS and AS77 for ther respectve prefxes 5.7../6 and 9.68../. Therefore, ths traffc shall be routed through AS,.e., AS performs a man-n-the-mddle attack. c)* Descrbe what the attacker has to do to perform the man-n-the-mddle attack. The attacker AS has to announce more specfc entres to AS to get the traffc from AS to AS77. The attacker AS has to announce a route for prefx 5.7.7. to AS77. AS77 wll prefer ths route over the route to ts provder AS because t s cheaper for AS77. 3 d) Lst the new routng table entry/entres for the border router of AS (R) after a successful man-n-themddle attack of AS wth as lttle entres as possble. Network destnaton Subnetmask Next hop IP address 9.68.. 55.55.48. 9..8.5 9.68.8. 55.55.48. 9..8.5 Sample Soluton Page 8 / 6
Problem 4 Wreshark (4 credts) We consder the IP packet depcted n Fgure 4. as hexdump n network byte order. IHL TOS Total Length Identfcaton Flags/FragOffset TTL 45 c 5c d4 f6 3f 6e 6c C A 3 3 34 ae Fgure 4.: Partal hexdump of an IP packet n network byte order The topology of the network for ths problem s gven n Fgure 4.. A clent C wants to connect from ts local network to a server S on the Internet va the NAT router R. Note: To solve ths problem use the cheat sheet that s handed out separately. R.eth MAC: ::5E::53: IP:... C.eth MAC: ::5E::53: IP:... a)* Mark and name the header felds n Fgure 4.. Fgure 4.: The network topology n whch the packet was recorded R.eth MAC: ::5E::53: IP: 9... S.eth MAC: ::5E::53:3 IP: 9... b)* Argue from whch nterface to whch nterface the packet (see Fgure 4.) was transferred. Sample Soluton The packet was transferred from R.eth to C.eth, because the source IP address s S.eth and the destnaton IP address s already translated to the prvate address... c)* Argue what protocol s contaned n the payload of the IP packet n Fgure 4.. The protocol feld of the IP packet contans, x so a ICMP message s transferred. Page 9 / 6
The IP packet n Fgure 4. contans an ncomplete ICMP message startng at offset x4. d)* Argue whch knd of ICMP message t s and why ths message could be generated. The type and the code feld of the ICMP message are x3,.e. a destnaton unreachable message wth a destnaton port unreachable code feld. The message ndcates an error that a specfc port of the destnaton could not be reached. For nstance the applcaton may be not runnng and the port s closed or port could be blocked by a frewall. 3 4 5 Ths ICMP message was receved after clent C tred to open an SSH connecton to S. Wth ths nformaton t s possble to recreate the mssng payload of the ICMP message. e) Name the protocol(s) contaned n the payload of the ICMP message. IP (header) + TCP (header but only frst 8 byte) f)* Create a hexdump of the mssng payload for the ICMP message of Fgure 4.. Hnt: The calculaton of correct checksums s not necessary, fll n xff blocks f needed. Not all lsted headers mght be used for SSH. IP Verson: 4 TTL: Values between x and xfe Protocol: TCP (x6) Header checksum: xff xff Source IP: xa x x x also xc x x x possble for some NATs. Destnaton IP: xc x x x Destnaton Port: x6 (SSH) Source Port: all ports as long as hgher than 4 Sequence Number: x x Sample Soluton Page / 6
g)* Generate a hexdump of the Ethernet frame for the IP packet gven n Fgure 4.. The entre payload of the Ethernet packet may be abbrevated wth.... Hnt: The calculaton of correct checksums s not necessary, fll n xff blocks f needed. 5E 53 5E 53 8... FF FF FF FF Sample Soluton Page / 6
Problem 5 TCP (9 credts) TCP has the ablty to detect packet loss va tmeouts. Ths tmeout value, called RTO, must be adopted to the propertes of a TCP connecton to work properly. a)* What happens to the detecton of packet loss when the RTT of a TCP connecton s estmated too hgh? Losses are detected too late, whch leads to unnecessarly longer connecton tmes. b)* What happens to the detecton of packet loss when the RTT of a TCP connecton s estmated too low? Packets may be wrongly assumed as lost,.e. packets may be retransmtted unnecessarly. For a network experment the connectons S to C and S to C over router R as shown n Fgure 5. are tested. Durng the experment dfferent buffer confguratons for R shall be tested. The bandwdth of each depcted lnk s the same. C R Fgure 5.: Network topology Several actve TCP connectons try to use the full bandwdth avalable between S and C and between S and C. Addtonally a png from C to S s executed. The average RTT measured by png for a large buffer confguraton and a small buffer confguraton s plotted n Fgure 5.. Average RTT [ms] 8 6 4 Sample Soluton S S Large Buffer Small Buffer 3 4 5 6 7 8 9 Tme [s] Fgure 5.: Latency wth dfferent buffer szes Page / 6
c) What s the nfluence of dfferent buffer szes on the accuracy of the RTO estmaton. Argue wth the results for the two buffer szes from Fgure 5.. The latency n Fgure 5. ranges from 4ms to 8ms for the large buffer sze. The latency n Fgure 5. ranges from ms to 5ms for the small buffer sze. Therefore the jtter s hgher for large buffers whch makes t harder to guess the RTO accurately. 3 d)* What happens to latency crtcal applcatons such as VoIP n the presence of large buffers? Latency crtcal applcatons wll not work properly n ths stuaton because the large buffer ntroduce addtonal latency e) How can the stuaton for latency crtcal applcatons be mproved, wthout changng the buffer sze? Stuaton can be mproved by prortzng VoIP traffc (QoS).e. hgh prorty packets leave the buffer earler than other low prorty packets. To mprove the behavor of TCP wth large buffers an actve queue management s ntroduced. f)* Name and explan two dfferent dscard polces. Sample Soluton Tal drop: drop arrvng packet Prorty drop: drop on prorty bass Random drop: drop random packet Page 3 / 6
The algorthm appled s weghted far queung. For that three classes of traffc shall be consdered A, B and C wth ther correspondng weghts w A =, w B = 4, w C = 3. The weght of the traffc classes gves the maxmum burst sze whch s allowed for a certan traffc class. The algorthm starts to send a burst of A traffc, after the burst sze s exhausted or the queue for ths traffc class s empty, the same s done for the traffc class B and afterwards for traffc class C. At each tmeslot an arbtrary number of packets can be receved but only a sngle packet can be sent. 3 3 4 5 g)* Calculate the overall possble bandwdth capacty for each traffc class n percent. Assume that enough packets for all three classes are avalable to always fll the respecve bursts. w n w n w A = 9 =.% w C = 3 9 = 33.3% w B = 4 9 = 44.4% For the next problems consder the followng ncomng packets: Tmeslot 3 4 5 6 7 8 9 A B C h) Compute whch packet s sent out at each tme slot. Addtonally, gve the content of the queues at ths tme. Hnt: Tmeslot s already computed, proceed accordngly. Tmeslot 3 4 5 6 7 8 9 Queue A Queue B Queue C 3 5 5 5 4 3 Sent A B B B B C C C A A C C In the followng a token bucket approach for QoS shall be appled. The ntal tokens are t A =, t B =, and t C =. An addtonal token s generated for the queue A at every fourth, queue B at every second, and queue C at every thrd tmeslot. Token handlng/checkng s done before makng the decson for sendng. )* Compute whch packet s sent out at each tme slot. Addtonally, gve the content of the queues and the avalable tokens for the respectve traffc class at ths tme. Hnt: Tmeslot s already computed, proceed accordngly. Sample Soluton Tmeslot 3 4 5 6 7 8 9 Queue A 3 3 Token A Queue B Token B 3 3 4 3 3 3 4 Queue C 3 4 3 Token C Sent B B C C C C A A B B C A Page 4 / 6
Addtonal space for solutons clearly mark the (sub)problem your answers are related to and strke out nvald solutons. Sample Soluton Page 5 / 6
Sample Soluton Page 6 / 6
Sample Soluton
Sample Soluton