Examination 2D1392 Protocols and Principles of the Internet 2E1605 Internetworking Date: March 9 th 2007 at 8:00 13:00 SOLUTIONS
1. IP Addressing? (5p) There are ten nodes connected to your network: a router R and hosts H 1 to H 9. You can be assigned a network address from the pool 145.13.67.0/24. The bigger the address range you ask for, the higher the cost. a) What network address/prefix should you ask for in order to minimize the cost? (1) Ask for 145.13.67.0/28 b) What is the subnet mask of your network? (1) The mask is 255.255.255.240 c) Assume that router R has the smallest IP address in your network. It sends a datagram to the directed broadcast address of your network. What are the source and destination addresses? (1) Src: 145.13.67.1, dst: 145.13.67.15 d) Router R sends a multicast packet to all hosts in your network. What is the destination IP address of the packet? (1) Dst: 224.0.0.1 e) How many subnets (not necessarily of equal size) can you split your network into, if you want to be able to accommodate the 9 hosts? Assume that you can install any number of interfaces in router R, and all subnets are connected to router R. (1) You can create two /29 subnets. Then the router has three interfaces, i.e. takes two IP addresses + 2 network addresses + 2 directed broadcast + 9 hosts = 15<16. 2. ARP and bridging (5p) Consider the following network consisting of 2 bridges and 1 router. Hosts H 1 to H 6 have one interface each. B 1 and B 2 are learning bridges. R 1 is a router with an appropriate routing table. All ARP caches and the bridges learning tables are empty. Assume that ARP snooping is used. H 1 B 1 H 2 H 3 H 4 R 1 B 2 H 5 H 6 a) Add the necessary physical (MAC) and logical (IP) addresses, and identify the subnets! (1p) b) Host H 1 sends an IP packet to host H 2. Show the contents of the bridges learning tables and the hosts and the router s ARP caches after the packet has been delivered. (2p) c) Shortly after the delivery of the packet, host H 2 sends an IP packet to host H 5. Show the new contents of the ARP caches and the learning tables. (1p)
d) After the packet is delivered, host H 6 sends an IP packet to host H 1. Show the new contents of the ARP caches and the learning tables. (1p) 3. IPv4 forwarding? (5p) A router has the routing table shown below. Determine the next-hop address and the outgoing interface for the packets arriving to the router with source addresses as given in points (a)-(e). Destination Next hop Flags Interface 67.0.0.0/16 - U m0 157.29.10.0/24 129.29.10.33 UG m1 112.147.12.0/24 178.147.113.25 UG m2 129.29.10.32/28 - U m1 173.78.34.128/25 129.29.10.34 UG m1 178.147.64.0/18 - U m2 13.129.67.0/24 67.0.172.13 G m0 192.16.7.8/32 178.147.92.127 UGH m2 0.0.0.0/0 67.0.89.1 UG m0 a) 67.16.221.19 (1p) 67.0.89.1 on m0 b) 192.16.7.8 (1p) 178.147.92.127 on m2 c) 13.129.67.14 (1p) discarded, because next hop s U flag is not set d) 178.147.66.178 (1p) 178.147.66.178 on m2, direct delivery e) 157.29.10.254 (1p) 129.29.10.33 4. TCP I?(5p) a) What is the purpose of flow control? How does TCP flow control work? (1p) Its purpose is to ensure that the sender does not overwhelm the receiver with data. The receiver advertises its window to the sender. The sender is not allowed to have more unacknowledged data in the network than the receiver window size. b) What does cumulative acknowledgement mean and how is the TCP SACK option related to it? (1p) Cumulative acknowledgement means that segments are not necessarily acknowledged individually, but a continuous sequence of segments can be acknowledged with one ACK. SACK is Selective ACKnowledgement, and is used to make feedback more efficient in the presence of losses. c) TCP s congestion control consists of two main phases. What are these phases, and what is the principal difference between them? (2p) Slow start (SS) and congestion avoidance (CA). In slow start: the congestion window is doubled every RTT. In congestion avoidance: it is increased by 1 every RTT, and halved if a loss event occurs (CA), reset to 1 if a timeout occurs (SS). d) How do flow control and congestion control interact at the sender in TCP? (1p) The sender s window size is set to min(cwnd, rwnd). 5. TCP II?(5p) a) The accurate estimation of the RTT is very important for the proper operation of TCP. What happens if the RTT is underestimated or if it is overestimated? (1p)
Underestimation: retransmissions happen before the ACK arrives -> generates excess traffic -> can lead to congestion collapse Overestimation: the throughput decreases in the presence of losses. b) What is the silly window syndrome? When can it occur, and how can it be resolved? (2p) Sender driven vs. receiver driven. Sender driven: Nagle s algorithm. Receiver driven: Clark s solution or delayed ACKs. c) TCP sends a segment at 13:20:10. It does not receive an acknowledgement, so that at 13:20:20 it retransmits the segment. The ACK for the segment arrives at 13:20:22. The RTTstdev was initially 1.25s. What was the estimated RTT at 13:20:10, 13:20:20 and 13:20:22? What were the corresponding RTOs? (2p) RTT estimates: 5,5,5. RTO values: 10,20,20 6. Application layer?(5p) a) FTP can operate in two different modes, active and passive. Explain the difference between these two modes! (2p) In active mode the client tells to the server on which port it is ready to accept (PORT command) a data connection from the server. The server issues the active open. In passive mode the client asks for a port number (PASV command) from the server, and issues an active open to that port. b) Name three reasons for using MIME to transfer e-mail messages via SMTP! (1p) MIME is used to overcome the limitations of SMTP: Textual message bodies in other character sets, non-textual message bodies, multi-part message bodies, textual header information in other character sets. c) What is the delay jitter? How can it be handled? Typically UDP is considered to be more suitable for multimedia transmission than TCP. Is this true in general? Motivate your answer! (2p) Delay jitter is the difference in the time it takes for different packets to travel between two hosts. One can use a playout buffer to decrease the effects of jitter. TCP retransmissions make the delay/delay jitter hard to predict, while a certain amount of losses is usually tolerable for multimedia, so that reliability is not the most important. Hence UDP can be more suitable, but mainly if the multimedia has to be played out with a small delay (e.g.: real-time communication, streaming with repositioning). It does not make sense to say that UDP is faster than TCP! 7. DNS I (5p) The following is an example of a DNS zone file. ;;; zone file for music.lab.kthnoc.net. $TTL 86400 @ IN SOA root.music.lab.kthnoc.net. dnsadmin.kthnoc.net. ( 2007022801 ;!!SERIAL!! 14400 ; Refresh 4 hour(s) 3600 ; Retry 1 hour(s) 604800 ; Expire 7 day(s) 86400 ; Minimum 1 day(s) ) IN NS root IN NS root.lab.kthnoc.net. IN MX 5 mx1.music.lab.kthnoc.net. root.music.lab.kthnoc.net. IN A 192.0.2.53 mx1 IN A 192.0.2.25 www IN CNAME www.kthnoc.net. ;;; end of zone file for music.lab.kthnoc.net
Please answer the following questions a) Describe in your own words what a resource record (RR) is. (1p) RFC1035, page 11: A RR consists of NAME, TYPE, CLASS, TTL, RDLENGTH and RDATA. or A RR in dns is equal to a database entry (a row) in a database. b) You can find several types of RRs in the example. Name one type of RR not listed in the example above and describe it. (1p) For example, PTR which in its left part holds a reverse coded ipv4 or ipv6 address (+ in-addr.arpa. or ip6.arpa.) and in the rightmost part holds a hostname. c) The BIND program will expand the " IN NS root" row. Write down the fully expanded row. (1p) music.lab.kthnoc.net. 86400 IN NS root.music.lab.kthnoc.net. d) One external resolver keeps one of the RRs from the example in its cache. What is the maximum time it keeps the RR in the cache without asking the name server again? (1p) 86400 seconds or 1 day. e) What kind of RR(s) is/are needed for a parent zone to point out a subzone? (1p) At least one NS RR and sometimes also one or more A RR (glue). (RFC1034, page 20,21) 8. DNS II (5p) A name server with BIND installed and running listens on two sockets (port 53 udp and port 53 tcp). a) Give two examples, one when UDP is used and one example when TCP is used. Motivate why UDP and why TCP is used in your examples. (2p) Udp: A normal standard query about a RR to the name server holding the zone file in the example above. The tight coding of the RR makes the transfer small and the answer fast. Tcp: (RFC1034, page 28,29) A zonetransfer of the zone in the example above should be reliable and holds more data than a simple RR query, therefor tcp is used. b) Describe the two independent mechanisms that update a secondary (slave) server including what triggers the mechanism. (3p) Mechanism 1: (RFC1034, page 28,29) The secondary requests the SOA from the master at regular intervals determined by the values found in the SOA. Then the SERIAL field is then compared (using sequence space arithmetic). If the requested SERIAL is found to be bigger the secondary should request a AXFR or a IXFR (depending on implementation). Mechanism 2: (RFC1996, A Mechanism for Prompt Notification of Zone Changes, DNS NOTIFY) When the masters zonefile is updated and reloaded it triggers a flooding mechanism: the master sends a notify message to all NS hosts in the zonefile. The name server receiving such a notify can decide to act on that notify and request a zone transfer from the master. -----------------------------------
9. Dynamic Routing I (5p) a) Describe the difference between intra-domain and inter-domain routing with respect to routing protocols and metrics? (1p) Intra-domain routing is concerned with routing within an administrative routing domain. Since all resources are under the control of the administrator, you are typically concerned with hops and bandwidth and optimizations of traffic paths and traffic load. Link-state protocols is a good choice here. Inter-domain routing is concenrned with more general policies including costs and business relations. Thus, an inter-domin protocol needs to be able to express complex policies, which is the case in BGP. b) What is route preference (administrative distance)? How is it used in a router? (1p) Route preference expresses the priority of the same route from different protocols. If two protocols have the same route in one router, the route with lower preference is installed in the routing table (ie FIB). c) Explain what route aggregation (summarization) is. Why is it necessary? (1p) Route aggregation is the forming of a more general (less specific) prefix from more specific prefixes.route aggregation is necessary to bring the number of prefixes down and also (possibly) to hide information about specific networks. If there were no route aggregation, the global routing tables would be very large. d) Explain what route redistribution is. Give two examples of situations where route redistribution is useful.(2p) Route distribution is when a route (or set of routes) is distributed from one protocol to another. One typical examples is when interior routes that exists in an internal routing protocol (such as OSPF) are (aggregated and) announced via BGP. Another example is when exterior routes (eg from BGP) are injected into an internal routing protocol (such as OSPF). 10. Dynamic Routing II (5p) The following is a description of the Bellman-Ford algorithm used in distance-vector routing protocols as described in the specification of RIP-2 (Routing Information Protocol) from RFC 2453. If it is possible to get from entity i to entity j directly, then a cost, d(i,j), is associated with the hop between i and j. The cost is infinite if i and j are not immediate neighbors. Let D(i,j) represent the metric of the best route from entity i to entity j. Then, the best metric must be described by D(i,i) = 0, all i D(i,j) = min [d(i,k) + D(k,j)], otherwise k The algorithm: Entity i gets its neighbors k to send it their estimates of their distances to the destination j. When i gets the estimates from k, it adds d(i,k) to each of the numbers. This is simply the cost of traversing the network between i and k. Now and then i compares the values from all of its neighbors and picks the smallest. It can be proven that this algorithm will converge to the correct estimates of D(i,j) in finite time in the absence of topology changes.
But this is a description of an algorithm, not a description of a protocol. Describe what concretizations need to be made in a protocol specification in order for an actual implementation to be made. Motivate your answer. Hint: Issues that you should address in your answer include addressing and timing, for example. There are many possible answers to this question. The main issue is a logical reasoning that proves that the student has understood the underlying principles of routing protocols. Bellman-Ford is an algorithm that on an abstract level describes how to compute a shortest path. However, the description talks about entities and defines the algorithm via an equation system. But a protocol in a real network need to concern itself about actual nodes, links, messages and timing. First, an IP routing protocol needs to refer to addresses. In IP, the primary concept is IP subnetworks not entities. Second, a router needs to identify tits neighbours, and which links the neighbours appear on. Third, a router needs to form messages and send them over a link to its neighbours. Fourth, the algorithm says now and then, a router needs to know how often it should send out messages (such as every 30 seconds). Fifth, the algorithm only briefly mentions topology changes but this is a major issue not all addressed by the algorithm. For example, old data will get stale, a protocol needs to know when routes time-out. Topology changes may lead to inconsistencies (eg. Count-to-infinity) which leads to a limitiation of the inifinity concept (16 in RIP). It may also lead to other fixes (such as split horizon and poison reverse, for example). 11. IPv6 (5p) a) A difference between IPv4 and IPv6 is that the header checksum has been removed in IPv6? Why was it removed, motivate your answer? (2p) The IP header checksum algorithm ( the Internet checksum ) is very weak, really only a parity check, so that it should be easy to implement in software. A CRC (cyclic redundancy check) which may be performed in hardware by the link-layer is much stronger. Since IPv6 requires all links to provide a strong checksum, there is really no need to have this checksum at all. b) In IPv6, stateless autoconfiguration has been added. Describe how this works and how it relates to stateful autoconfiguration using DHCP. (3p) Stateless autoconfiguration in IPv6 is designed to be able to attach to a network with no manual or central configuration (such as in DHCP). The idea is that a host first form a linklocal address that can be used to connect to all nodes on a sub-network. This link-local address is typically formed by concatenating a well-known prefix to a MAC address. The host then queries any routers on the subnetwork using ICMP router solicitation messages over multicast. Any routers on the network picking up this will return with router advertisements which contains information about the site. Such as prefixes to use, next-hop addresses, etc. The host can now form global addresses by concatenating the global prefix with its mac address and communicate with the outside world using the next-hop address. However, DHCP needs to be used in many cases anyway since there is a lot of information that is not present in the router advertisements.
12. General (5p) In many link layers there is a reliability mechanism that implements reliability in the network components at the link layers. For example, a link layer can itself have an ARQ (Automatic Repeat-reQuest) mechanism that resends lost packets on a local basis (i.e., on a single link). In such a network, the link layer itself is reliable. Assume the whole network (all link-layers from src to destination) is constructed in this way. Argue for the advantages and disadvantages for such a scheme with respect to the IP and TCP design. In particular, how does it relate to the end-to-end argument? There can be very variants on the answers to this question The main issue is a logical reasoning that proves that the student has understood the underlying principles of data networks. The following are a couple of examples of reasonings that are valid. The reasoning should include that TCP implements reliability on an end-to-end basis. A reliable link using ARQ may interfer with the TCP retransmission mechanisms. The RTT computation in TCP, for example must be on an order of magnitude larger than retransmissions on a link, otherwise retransmissions may occur both on links and end-nodes and cause duplicates and strange behavior of TCP. The situation is an example of layering violation that also breaks the end-to-end principle which states that as much as possible should be off-loaded to the end-nodes. In a pure IP network, reliability is handled by the transport layer at the end-nodes. Another interesting aspect is that many link-layer ARQ mechanisms are made for links with high bit error rates. TCP congestion control was designed for losses due to congestion only. One can argue that TCP does not handle bit errors well and that such a mechanism is necessary to cope for such situations. This is a weakness with TCP and should argue for adding the handling of lower-layer fault-handling or indication in IP. (There exist such proposal such as ECN: Early Congestion Notification). Finally, if one devises a network which is fully reliable, composed of only reliable links, then much of the end to-end argument falls. It would lead to a more intelligent network where data is stored in the links. It might produce a simpler IP layer and removes most of the need for TCP, but probably to new problems in the routers and line-cards.