Master Course Computer Networks IN2097. You have now safely shutdown the Internet. Outline. Internet-Shutdown. Internet-Shutdown. Recall last lecture

Similar documents
Master Course Computer Networks IN2097

Master Course Computer Networks IN2097

Part 5: Link Layer Technologies. CSE 3461: Introduction to Computer Networking Reading: Chapter 5, Kurose and Ross

Master Course Computer Networks IN2097

Master Course Computer Networks IN2097

Ethernet Switches (more)

Master Course Computer Networks IN2097

Hubs. Interconnecting LANs. Q: Why not just one big LAN?

Lecture 7. Network Layer. Network Layer 1-1

Virtualization of networks

CPEG 514. Lecture 11 Asynchronous Transfer Mode (ATM) CPEG 514

Asynchronous Transfer Mode

Virtual Link Layer : Fundamentals of Computer Networks Bill Nace

BROADBAND AND HIGH SPEED NETWORKS

Outline. Circuit Switching. Circuit Switching : Introduction to Telecommunication Networks Lectures 13: Virtual Things

ATM. Asynchronous Transfer Mode. these slides are based on USP ATM slides from Tereza Carvalho. ATM Networks Outline

Asynchronous Transfer Mode (ATM) ATM concepts

Virtualization. Stefan Schmid - 1

Internetworking Part 1

Data Communication & Networks G Session 7 - Main Theme Networks: Part I Circuit Switching, Packet Switching, The Network Layer

CSE 3214: Computer Network Protocols and Applications Network Layer

Virtual Link Layer : Fundamentals of Computer Networks Bill Nace

Bandwidth-on-Demand up to very high speeds. Variety of physical layers using optical fibre, copper, wireless. 3BA33 D.Lewis

Computer Networks. Instructor: Niklas Carlsson

ATM. Asynchronous Transfer Mode. (and some SDH) (Synchronous Digital Hierarchy)

WAN Technologies (to interconnect IP routers) Mario Baldi

Lecture 4 - Network Layer. Transport Layer. Outline. Introduction. Notes. Notes. Notes. Notes. Networks and Security. Jacob Aae Mikkelsen

ATM Logical Connections: VCC. ATM Logical Connections: VPC

Chapter 5: The Data Link Layer

Master Course Computer Networks IN2097

Key Network-Layer Functions

Master Course Computer Networks IN2097

Master Course Computer Networks IN2097

Chapter 4 Network Layer

Chapter 4 Network Layer: The Data Plane. Part A. Computer Networking: A Top Down Approach

Communication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner

Chapter 10. Circuits Switching and Packet Switching 10-1

BROADBAND AND HIGH SPEED NETWORKS

DigiPoints Volume 1. Leader Guide. Module 12 Asynchronous Transfer Mode. Summary. Outcomes. Objectives. Prerequisites

Last time. Wireless link-layer. Introduction. Characteristics of wireless links wireless LANs networking. Cellular Internet access

Telematics Chapter 7: MPLS

Digital Communication Networks

Chapter 5 Link Layer and LANs. Chapter 5: The Data Link Layer. Link Layer. Our goals: understand principles behind data link layer services:

CSC 401 Data and Computer Communications Networks

Chapter 5 Link Layer and LANs. 5: DataLink Layer 5-1

CMSC 332 Computer Networks Network Layer

Asynchronous. nous Transfer Mode. Networks: ATM 1

Computer Network Architectures and Multimedia. Guy Leduc. Chapter 2 MPLS networks. Chapter 2: MPLS

Chapter 5: The Data Link Layer. Chapter 5 Link Layer and LANs. Link Layer: Introduction. Link Layer. Link layer: context. Link Layer Services

Packet Switching. Hongwei Zhang Nature seems to reach her ends by long circuitous routes.

Wireless Networks. Communication Networks

ATM Asynchronous Transfer Mode revisited

This Lecture. BUS Computer Facilities Network Management X.25. X.25 Packet Switch. Wide Area Network (WAN) Technologies. X.

Chapter 4. Computer Networking: A Top Down Approach 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, sl April 2009.

Protocol Architecture (diag) Computer Networks. ATM Connection Relationships. ATM Logical Connections

Lecture 16: Network Layer Overview, Internet Protocol

Introduction to ATM Traffic Management on the Cisco 7200 Series Routers

Chapter 5 Link Layer and LANs

Cell Switching (ATM) Commonly transmitted over SONET other physical layers possible. Variable vs Fixed-Length Packets

1997, Scott F. Midkiff 1

William Stallings Data and Computer Communications 7 th Edition. Chapter 11 Asynchronous Transfer Mode

Chapter 5 The Link Layer and LANs

Lecture 03 Chapter 11 Asynchronous Transfer Mode

Chapter 5 Link Layer and LANs

Master Course Computer Networks IN2097

CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 12

Chapter 5. understand principles behind data link layer. layer technologies. Some terminology: hosts and routers are nodes communication channels that

Packet Switching - Asynchronous Transfer Mode. Introduction. Areas for Discussion. 3.3 Cell Switching (ATM) ATM - Introduction

CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 11

Fragmenting and Interleaving Real-Time and Nonreal-Time Packets

Communication Networks

CSCD 433/533 Advanced Networks

Administrivia. Homework on class webpage If you are having problems following me in class (or doing the homework problems), please buy the textbook

Chapter 5 The Link Layer and LANs

CompSci 356: Computer Network Architectures. Lecture 7: Switching technologies Chapter 3.1. Xiaowei Yang

Operating Systems. 16. Networking. Paul Krzyzanowski. Rutgers University. Spring /6/ Paul Krzyzanowski

Master Course Computer Networks IN2097

precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)

Lecture 22 Overview. Last Lecture. This Lecture. Next Lecture. Internet Applications. ADSL, ATM Source: chapter 14

ATM Technology in Detail. Objectives. Presentation Outline

Label Switching. The idea. Add a small label (sometimes called a tag ) on the front of a packet and route the packet based on the label. cs670.

Mission Critical MPLS in Utilities

A T M. Cell Switched Technology. not SMDS. Defacto Standard Multimedia capable Use with SONET or SDH. Fixed Length - 53 bytes. DigiPoints Volume 1

HW3 and Quiz. P14, P24, P26, P27, P28, P31, P37, P43, P46, P55, due at 3:00pm with both soft and hard copies, 11/11/2013 (Monday) TCP), 20 mins

BROADBAND AND HIGH SPEED NETWORKS

Computer Communication Networks

The Network Layer and Routers

Chapter 4: network layer

COMP9332 Network Routing & Switching

Internet Multicast Routing

Common Protocols. The grand finale. Telephone network protocols. Traditional digital transmission

Information and Communication Networks. Communication

Asynchronous Transfer Mode (ATM) Broadband ISDN (B-ISDN)

Network layer overview

atm txbuff atm txbuff number no atm txbuff Syntax Description

CISC452 Telecommunications Systems. Lesson 6 Frame Relay and ATM

MPLS AToM Overview. Documentation Specifics. Feature Overview

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

! Cell streams relating to different media types are multiplexed together on a statistical basis for transmission and switching.

TDTS06: computer Networks

Transcription:

Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Outline Recall last lecture Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Project status Internet Strucuture Network virtualisation Chair for Network Architectures and Services Institut für Informatik Technische Universität München http://www.net.in.tum.de Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 2 Internet-Shutdown Internet-Shutdown http://www.turfftheinternet.com/ http://www.turfftheinternet.com/shutdown.html You have w safely shutdown the Internet. Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 3 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 4 1

turfftheinternet.com Registrant: Cockos Incorporated 245 8th Street San Francisco, CA 94103 Registrar: DOTSTER Created on: 10-SEP-00 Expires on: 10-SEP-13 Last Updated on: 18-JUN-10 Administrative, Technical Contact: Frankel, Justin Cockos Incorporated 245 8th Street San Francisco, CA 94103, US 707-726-2567 Domain servers in listed order: NS1.COCKOS.COM NS2.COCKOS.COM Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 5 turfftheinternet.com About Cockos: We lovingly craft the software that we would want to use. Past Experience: The employees of Cockos have created and launched many fine products and techlogies prior to joining Cockos, including Gnutella, K-Meleon, Kaillera, NSIS, SHOUTcast, and Winamp. Justin Frankel (born 1978) is an American computer programmer best kwn for his work on the Winamp media player application and for inventing the gnutella peer-to-peer network. He's also the founder of Cockos Incorporated which creates music production and development software such as the REAPER digital audio workstation, the NINJAM collaborative music tool and the Jesusonic expandable effects processor. In 2002, he was named to the MIT Techlogy Review TR100 as one of the top 100 invators in the world under the age of 35.[1] source: wikipedia Christophe Thibault John Schwartz Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 6 Internet Emergency Control by Whitehouse http://news.cnet.com/8301-13578_3-10320096-38.html Bill would give president emergency control of Internet 28 August 2009 http://www.politechbot.com/docs/rockefeller.revised.cybersecurit y.draft.082709.pdf - in the event of an immediate threat to strategic national interests involving compromised Federal Government or United States critical infrastructure information system or network (A) may declare a cybersecurity emergency; and (B) may, if the President finds it necessary for the national defense and security, and in coordination with relevant industry sectors, direct the national response to the cyber threat and the timely restoration of the affected critical infrastructure information system or network; Electronic Frontier Foundation, 28 August 2009 "The language has changed but it doesn't contain any real additional limits," EFF's Tien says. "It simply switches the more direct and obvious language they had originally to the more ambiguous (version)...the designation of what is a critical infrastructure system or network as far as I can tell has specific process. There's provision for any administrative process or review. That's where the problems seem to start. And then you have the amorphous powers that go along with it." Translation: If your company is deemed "critical," a new set of regulations kick in involving who you can hire, what information you must disclose, and when the government would exercise control over your computers or network. Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 7 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 8 2

Jena Longo, deputy communications director for the Senate Commerce Committee The president of the United States has always had the constitutional authority, and duty, to protect the American people and direct the national response to any emergency that threatens the security and safety of the United States. The Rockefeller-Swe Cybersecurity bill makes it clear that the president's authority includes securing our national cyber infrastructure from attack. The section of the bill that addresses this issue, applies specifically to the national response to a severe attack or natural disaster. This particular legislative language is based on longstanding statutory authorities for wartime use of communications networks. To be very clear, the Rockefeller-Swe bill will t empower a "government shutdown or takeover of the Internet" and any suggestion otherwise is misleading and false. The purpose of this language is to clarify how the president directs the public-private response to a crisis, secure our ecomy and safeguard our financial networks, protect the American people, their privacy and civil liberties, and coordinate the government's response. Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Project: VMs Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 9 Project Infrastructure 32 Virtual Machines created, hosted and made accessible Instructions available in svn under pub/readme-vm.txt How to access your virtual machine You can log into your virtual machine using the OpenSSH private key named "id_rsa" in your team's SVN directory. If you're using OpenSSH type something like: ssh -i /path/to/mccn/team99/id_rsa root@mccn99.net.in.tum.de You have to replace "99" by your team number, obviously. If you prefer a different SSH implementation refer to its documentation on how to use OpenSSH private keys. How to install software on your virtual machine man 8 apt-get DNS The subdomain "t.mccn01.net.in.tum.de" is delegated to "mccn01.net.in.tum.de". The same goes for the other hosts. Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 11 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 12 3

Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Network Architectures Link virtualization:, MPLS Asynchrous Transfer Mode: 1990 s/00 standard for high-speed networking 155Mbps to 622 Mbps and higher Broadband Integrated Service Digital Network architecture Goal: integrated, end-end transport of carry voice, video, data meeting timing/qos requirements of voice, video versus Internet best-effort model next generation telephony: technical roots in telephone world packet-switching (fixed length packets, called cells ) using virtual circuits, and label swapping Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 14 Datagram or VC network: why? architecture Internet data exchange among computers elastic service, strict timing requirements smart end systems (computers) can adapt, perform control, error recovery simple inside network, complexity at edge many link types different characteristics uniform service difficult evolved from telephony human conversation: strict timing, reliability requirements need for guaranteed service dumb end systems telephones complexity inside network AAL end system adaptation layer: only at edge of network data segmentation/reassembly roughly analogous to Internet transport layer layer: network layer cell switching, routing layer switch switch AAL end system Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 15 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 16 4

: Network or Link layer? Vision: end-to-end transport: from desktop to desktop is a network techlogy Reality: used to connect IP backbone routers IP over as switched link layer, connecting IP routers IP network network Adaptation Layer (AAL) Adaptation Layer (AAL): adapts upper layers (IP or native applications) to layer below AAL present only in end systems, t in switches AAL layer segment (header/trailer fields, data) fragmented across multiple cells analogy: TCP segment in many IP packets AAL AAL end system switch switch end system Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 17 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 18 Adaptation Layer (AAL) [more] Different versions of AAL layers, depending on service class: AAL1: for CBR (Constant Bit Rate) services, e.g. circuit emulation AAL2: for VBR (Variable Bit Rate) services, e.g., MPEG video AAL5: for data (e.g., IP datagrams) User data AAL PDU cell Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 19 Layer Service: transport cells across network analogous to IP network layer very different services than IP network layer possible Quality of Service (QoS) Guarantees Network Architecture Internet Service Model best effort ne CBR VBR ABR UBR constant rate guaranteed rate guaranteed minimum ne Guarantees? Bandwidth Loss Order Timing Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 20 Congestion feedback (inferred via loss) congestion congestion 5

Layer: Virtual Circuits VCs VC transport: cells carried on VC from source to destination call setup, teardown for each call before data can flow addressing of destination e.g. by E.164 number each packet carries VC identifier (t destination ID) label swapping: VC identifier may change along path every switch on source-destination path maintains state for each passing connection link, switch resources (bandwidth, buffers) may be allocated to VC: to get circuit-like perf. Permanent VCs (PVCs) long lasting connections typically: permanent route between to IP routers Switched VCs (SVC): dynamically set up on per-call basis Advantages of VC approach: QoS performance guarantee for connection mapped to VC (bandwidth, delay, delay jitter) Drawbacks of VC approach: Inefficient support of datagram traffic one PVC between each source/destination pair does t scale SVC introduces call setup latency, processing overhead for short lived connections Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 21 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 22 Layer: cell cell header 5-byte cell header 48-byte payload (Why?) small payload short cell-creation delay for digitized voice halfway between 32 and 64 (compromise!) Cell header VCI: virtual channel ID may change from link to link through network PT: Payload type: RM (resource management) vs. data cell CLP: Cell Loss Priority bit CLP = 1 implies low priority cell, can be discarded if congestion HEC: Header Error Checksum cyclic redundancy check Cell format Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 23 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 24 6

Virtual Circuit Switching Multiplexing of Variable vs. Fixed Size Packets Multiplexing of variable size packets Multiplexing Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 25 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 26 Identifiers Virtual Connections Cell Virtual Path Identifiers and Virtual Channel Identifiers (UNI: User-to-Network-Interface NNI: Network-to-Network-Interface) Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 27 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 28 7

Physical Layer Physical Medium Dependent (PMD) sublayer SONET/SDH: transmission frame structure (like a container carrying bits); bit synchronization; bandwidth partitions (TDM); several speeds: OC3 = 155.52 Mbps OC12 = 622.08 Mbps OC48 = 2.45 Gbps OC192 = 9.6 Gbps TI/T3: transmission frame structure (old telephone hierarchy): 1.5 Mbps/ 45 Mbps unstructured: just cells (busy/idle) transmission of idle cells when data cells to send IP-Over- Classic IP only 3 networks (e.g., LAN segments) MAC (802.3) and IP addresses Ethernet LANs IP over replace network (e.g., LAN segment) with network addresses, IP addresses Ethernet LANs network Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 29 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 30 IP-Over- Datagram Journey in IP-over- Network app transport IP Eth phy IP AAL Eth phy phy phy phy app transport IP AAL phy at Source Host: IP layer maps between IP, destination address (using ARP) passes datagram to AAL5 AAL5 encapsulates data, segments cells, passes to layer network: moves cell along VC to destination at Destination Host: AAL5 reassembles cells into original datagram if CRC OK, datagram is passed to IP Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 31 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 32 8

IP-Over- Multiprotocol label switching (MPLS) Issues: IP datagrams into AAL5 PDUs from IP addresses to addresses just like IP addresses to 802.3 MAC addresses! ARP server Ethernet LANs network initial goal: speed up IP forwarding by using fixed length label (instead of IP address) to do forwarding borrowing ideas from Virtual Circuit (VC) approach but IP datagram still keeps IP address! PPP or Ethernet header MPLS header IP header remainder of link-layer frame label Exp S TTL 20 3 1 5 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 33 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 34 MPLS capable routers a.k.a. label-switched router forwards packets to outgoing interface based only on label value (don t inspect IP address) MPLS forwarding table distinct from IP forwarding tables signaling protocol needed to set up forwarding Label Distribution Protocol (LDP) RSVP-TE forwarding possible along paths that IP alone would t allow (e.g., source-specific routing) MPLS supports traffic engineering must co-exist with IP-only routers Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 35 MPLS forwarding tables R6 R5 in out out label label dest interface 10 A 0 12 D 0 8 A 1 R4 R2 in out out label label dest interface 1 0 8 6 A 0 R3 0 in out out label label dest interface 10 6 A 1 12 9 D 0 in out R1 out label label dest interface Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 36 0 1 D 0 6 - A 0 A 9

Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Virtual Private Networks (VPN) Virtual Private Networks VPNs Networks perceived as being private networks by customers using them, but built over shared infrastructure owned by service provider (SP) Service provider infrastructure: backbone provider edge devices Customer: customer edge devices (communicating over shared backbone) Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 38 VPN Reference Architecture customer edge device provider edge device Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 39 VPNs: Why? Privacy Security Works well with mobility (looks like you are always at home) Cost many forms of newer VPNs are cheaper than leased line VPNs ability to share at lower layers even though logically separate means lower cost exploit multiple paths, redundancy, fault-recovery in lower layers need isolation mechanisms to ensure resources shared appropriately Abstraction and manageability all machines with addresses that are in are trusted matter where they are Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 40 10

VPN: logical view Leased-Line VPN virtual private network customer edge device provider edge device customer sites interconnected via static virtual channels (e.g., VCs), leased lines customer site connects to provider edge Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 41 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 42 Customer Premise VPN Variants of VPNs all VPN functions implemented by customer customer sites interconnected via tunnels tunnels typically encrypted Service provider treats VPN packets like all other packets Leased-line VPN configuration costs and maintenance by service provider: long time to set up, manpower CPE-based VPN expertise by customer to acquire, configure, manage VPN Network-based VPN Customer routers connect to service provider routers Service provider routers maintain separate (independent) IP contexts for each VPN sites can use private addressing traffic from one VPN cant be injected into ather Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 43 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 44 11

Network-based Layer 3 VPNs Tunneling multiple virtual routers in single provider edge device Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 45 Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 46 MPLS-based VPN T-PE MPLS S-PE MPLS T-PE Terminating-PE MPLS Aggregation Network S-PE MPLS Backbone Network MPLS tunnel S-PE Switching-PE MPLS T-PE T-PE T-PE/S-PE MPLS Aggregation Networks Network IN2097 - Master Security, Course WS 2008/09, Computer Chapter Networks, 9 WS 2011/2012 47 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback