INTERNAL ASSESSMENT TEST 2 Date : 01/04/2015 Max Marks : 50 Subject & Code : Computer Networks-II/10CS64 Section : VI- A & VI-C Name of faculty : Ravi Dixit Time : 8:30-10:00am Note: Answer ALL Questions (SOLUTIONS) 1. a Define Secrete key and public key encryption method? An encryption system in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. 4 Symmetric-key systems are simpler and faster, but their main drawback is that the two parties must somehow exchange the key in a secure way. Public-key encryption avoids this problem because the public key can be distributed in a non-secure way, and the private key is never transmitted. The disadvantage of symmetric cryptography is that it presumes two parties have agreed on a key and been able to exchange that key in a secure manner prior to communication. A cryptographic system that uses two keys -- a public key known to everyone and a private or secret key known only to the recipient of the message. An important element to the public key system is that the public and private keys are related in such a way that only the public key can be used to encrypt messages and only the corresponding private key can be used to decrypt them. Moreover, it is virtually impossible to deduce the private key if you know the public key. It is also called asymmetric encryption because it uses two keys instead of one key (symmetric encryption).
b For RSA encryption of 4 bit message of 1001 and given that a=3, b=11 and x=3. Find the Public Key, Private Key and the Cipher text. Message, m = 1001 or m=9; a=3, b=11 and x=3 Let n= a.b = 3. 11 = 33 Public Key: Find y such that x.y mod (a-1).(b-1) = 1 ; 3.y mod (3-1)(11-1) = 1; 3.y mod 20 = 1 ; y=7 Public Key = { n, y} = {33, 7} Private Key: Private Key = { n, x} = {33, 3} Cipher Text: c = m x mod n ; = 9 3 mod 33 Cipher text = 3 6 2. a What is the purpose of network management? Explain Management Information Base (MIB) significance in network management. 5
Network management refers to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems. The functions performed by a network management system can be categorized into the following five areas: Fault management, Configuration management, Accounting management, Performance management and Security management Management Information Base (MIB) MIBs are a collection of information organized hierarchically which define the properties of the managed object within the device to be managed (such as a router, switch, etc.) Each managed device keeps a database of values for each of the definitions written in the MIB. As such, it is not actually database but implementation dependent. Each vendor of SNMP equipment has an exclusive section of the MIB tree structure under their control and these are accessed using a protocol such as SNMP. There are two types of MIBs: scalar and tabular. Scalar objects define a single object instance whereas tabular objects define multiple related object instances grouped in MIB tables. The following keywords are used to define a MIB object: Syntax: - Defines the abstract data structure corresponding to the object type. The SMI purposely restricts the ASN.1 constructs that can be used to promote simplicity. Access: - Defines whether the object value may only be retrieved but not modified (read only) or whether it may also be modified (read-write). Description: Contains a textual definition of the object type. The definition provides all semantic definitions necessary for interpretation; it typically contains information of the sort that would be communicated in any ASN.1 commentary annotations associated with the object. MIB Object Identifiers Each object in the MIB has an object identifier (OID), which the management station uses to request the object's value from the agent. An OID is a sequence of integers that uniquely identifies a managed object by defining a path to that object through a tree-like structure called the OID tree or registration tree. When an SNMP agent needs to access a specific managed object, it traverses the OID tree to find the object. The MIB object identifier hierarchy and format is shown in the above figure.
b Give an overview of Domain Name System (DNS) Domain Name Service (DNS): DNS is a host name to IP address translation service DNS is a distributed database implemented in a hierarchy of name servers, an application level protocol for message exchange between clients and servers A lookup mechanism for translating objects into other objects A globally distributed, loosely coherent, scalable, reliable, dynamic database Comprised of three components: A name space: Servers making that name space available Resolvers (clients) which query the servers about the name space: It is easier to remember a host name than it is to remember an IP address. A name has more meaning to a user than a 4 byte number. Applications such as FTP, HTTP, email, etc., all require the user to input a destination. The user generally enters a host name. The application takes the host name supplied by the user and forwards it to DNS for translation to an IP address. DNS works by exchanging messages between client and server machines. A client application will pass the destination host name to the DNS process to get the IP address. The application then sits and waits for the response to return. How DNS Works 5
Client wants IP for www.amazon.com; 1st approx: client queries a root server to find com DNS server client queries com DNS server to get amazon.com DNS server client queries amazon.com DNS server to get IP address for www.amazon.com 3. a What is QoS? Give an overview of Integrated QoS method with block diagram 10 Quality of service (QoS) refers to resource reservation control mechanisms rather than the achieved service quality. Quality of service is the ability to provide different priority to different applications, users, or data flows, or to guarantee a certain level of performance to a data flow. For example, a required bit rate, delay, jitter, packet dropping probability and/or bit error rate may be guaranteed. Quality of service guarantees are important if the network capacity is insufficient, especially for real-time streaming multimedia applications such as voice over IP, online games and IP-TV, since these often require fixed bit rate and are delay sensitive, and in networks where the capacity is a limited resource, for example in cellular data communication. In the absence of network congestion, QoS mechanisms are not required. A network or protocol that supports QoS may agree on a traffic contract with the application software and reserve capacity in the network nodes, for example during a session establishment phase.
During the session it may monitor the achieved level of performance, for example the data rate and delay, and dynamically control scheduling priorities in the network nodes. It may release the reserved capacity during a tear down phase. Integrated services (IntServ): IntServ or integrated services is an architecture that specifies the elements to guarantee quality of service (QoS) on networks. IntServ specifies a fine-grained QoS system, which is often contrasted with DiffServ's coarse-grained control system. The idea of IntServ is that every router in the system implements IntServ, and every application that requires some kind of guarantees has to make an individual reservation. Integrated services approach consists of two service classes 1. Guaranteed service class: - defined for applications that cannot tolerate a delay beyond particular value. Real time applications like voice or video communications use this type of service 2. Controlled-load service class:- defined for applications that can tolerate some delay and loss. The below figure shows four processes providing quality of service
Traffic shaping Traffic shaping provides a means to control the volume of traffic being sent into a network in a specified period or the maximum rate at which the traffic is sent (rate limiting). This control can be accomplished in many ways and for many reasons; however traffic shaping is always achieved by delaying packets. Traffic shaping is commonly applied at the network edges to control traffic entering the network, but can also be applied by the traffic source (for example, computer or network card) or by an element in the network. A traffic shaper works by delaying metered traffic such that each packet complies with the relevant traffic contract. Metering may be implemented with for example the leaky bucket or token bucket algorithms Admission Control It is a network function that computes the resource(bandwidth and buffers) requirements of new flow and determines whether the resources along the path to be followed are available. Before sending packet the source must obtain permission from admission control. Admission control decides whether to accept the flow or not. Flow is accepted if the QoS of new flow does not violate QoS of existing flows QoS can be expressed in terms of maximum delay, loss probability, delay variance, or other performance measures. QoS requirements: Peak, Average., Minimum Bit rate, Maximum burst size, Delay, Loss requirement Network computes resources needed like Effective bandwidth QoS & Resource Allocation, VPN, MPLS If flow accepted, network allocates resources to ensure QoS delivered as long as source conforms to contract
3. Resource reservation protocol The Resource ReSerVation Protocol (RSVP) is a Transport layer protocol designed to reserve resources across a network for an integrated services Internet. RSVP does not transport application data but is rather an Internet control protocol, like ICMP, IGMP, or routing protocols. RSVP provides receiver-initiated setup of resource reservations for multicast or unicast data flows with scaling and robustness. RSVP can be used by either hosts or routers to request or deliver specific levels of quality of service (QoS) for application data streams or flows. RSVP defines how applications place reservations and how they can relinquish the reserved resources once the need for them has ended. RSVP operation will generally result in resources being reserved in each node along a path. RSVP is not itself a routing protocol and was designed to interoperate with current and future routing protocols. RSVP by itself is rarely deployed in telecommunications networks today, but the traffic engineering extension of RSVP, or RSVP-TE, is becoming more widely accepted nowadays in many QoS-oriented networks. 4. Packet scheduling Packet scheduling refers to the decision process used to choose which packets should be serviced or dropped. Buffer management refers to any particular discipline used to regulate the occupancy of a particular queue. At present, support is included for drop-tail (FIFO) queueing, RED buffer management, CBQ (including a priority and round-robin scheduler), and variants of Fair Queueing including, Fair Queueing (FQ) and Deficit Round-Robin (DRR).
4 a. Give an overview of Leaky Bucket approach for traffic shaping 5 Leaky Bucket Traffic Shaping The algorithm is used to control the rate at which data is injected into a network, smoothing out "burstiness" in the data rate. A leaky bucket provides a mechanism by which bursty traffic can be shaped to present a steady stream of traffic to the network, as opposed to traffic with erratic bursts of lowvolume and high-volume flows. A leaky bucket interface is connected between a packet transmitter and the Network No matter at which rate the packets enter the traffic shaper, the outflow is regulated as a constant rate. When a packet arrives, the interface decides whether that packet should be queued or discarded, depending on the capacity of the buffer. Incoming packets are discarded once the bucket becomes full. This method directly restricts the maximum size of burst coming into the system. Packets are transmitted as either fixed-size packets or variable-size packets. Leaky bucket scheme is modeled by two main buffers, one buffer forms a queue of incoming packets and other one receives authorizations. Leaky-bucket traffic-shaper algorithm is summarized as follows. Begin leaky-bucket Algorithm 1. define for the algorithm = rate at which packets with irregular rate arrive at the main buffer g = rate at which authorization grants at the grant buffer w = size of the grant buffer and can be dynamically adjusted 2. Every 1/g seconds, a grant arrives. 3. Over each period of 1/g seconds, i grants can be assigned to the first i incoming packets, where i< = w, and packets exit from the queue one at a time every 1/g seconds, totaling i/g seconds. 4. If more than w packets are in the main buffer, only the first w packets are assigned
grants at each window time of 1/g, and the rest remain in the main queue to be examined in the next 1/g interval. 5. If no grant is in the grant buffer, packets start to be queued b. Explain Weighted Fair Queueing method applied in traffic scheduling 5 Weighted fair queuing (WFQ) is a data packet scheduling technique allowing different scheduling priorities to statistically multiplexed data flows.
WFQ is a generalization of fair queuing (FQ). Both in WFQ and FQ, each data flow has a separate FIFO queue. WFQ addresses the situation in which different users have different requirements. Each user flow has its own buffer and each user flow also has weight. Here weight determines its relative bandwidth share. The WFQ is depicted in the Figure below. If buffer 1 has weight 1 and buffer 2 has weight 3, then when both buffers are nonempty, buffer 1 will receive 1/(1+3)=1/4 of the bandwidth and buffer 2 will receive ¾ of the bandwidth. For an n-queue system, queue i ϵ {1... n} is assigned a weight ω i. The outgoing link capacity s is shared among the flows with respect to their allocated weights. Each flow i is guaranteed to have a service rate of at least
Given a certain available bandwidth, if a queue is empty at a given time, the unused portion of its bandwidth is shared among the other active queues according to their respective weights. 5 Write Short notes on: a. VPN 10 A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network. A virtual private network can be contrasted with an expensive system of owned or leased lines that can only be used by one organization. The goal of a VPN is to provide the organization with the same capabilities, but at a much lower cost. A VPN works by using the shared public infrastructure while maintaining privacy through security procedures and tunneling protocols such as the Layer Two Tunneling Protocol (L2TP). In effect, the protocols, by encrypting data at the sending end and decrypting it at the receiving end, send the data through a "tunnel" that cannot be "entered" by data that is not properly encrypted. An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses. VPNs provides privacy by using tunneling protocols and security procedures VPN provides the following capabilities Extended geographical communication Reduced operational cost
Enhanced organizational management Enhanced network management There are two types of VPNs Remote Access VPN Site-to-Site VPN b. MPLS Remote Access VPN Remote access tunneling is a user to LAN connection. Organization users are connected to a private network from various remote locations by using remote access VPN. Remote access VPNs use encrypted connections between the organizations private network and remote users through a third party that provider service. Tunneling uses mainly the point to point protocol in remote access VPN. To communicate over internet PPP helps by carrying other internet protocols as IPsec, L2F, PPTP and L2TP. Site-to-Site VPN Site to site tunneling is used to connect multiple fixed sites of an organization over a public network. It can be classified as either intranet or extranet 1. Internet : it is used to connect various remote site LANS of an organization into a private network
2. Extranet: it allows two organizations to work in a shared environment through a tunnel built to connect them. b. MPLS Multiprotocol Label Switching (MPLS) refers to a mechanism which directs and transfers data between Wide Area Networks (WANs) nodes with high performance, regardless of the content of the data. MPLS makes it easy to create "virtual links" between nodes on the network, regardless of the protocol of their encapsulated data. It is a highly scalable, data-carrying mechanism. In an MPLS network, data packets are assigned labels. Packet-forwarding decisions are made solely on the contents of this label, without the need to examine the packet itself. This allows one to create end-to-end circuits across any type of transport medium, using any protocol. The primary benefit is to eliminate dependence on a particular Data Link Layer technology, such as ATM, frame relay, SONET or Ethernet, and eliminate the need for multiple Layer 2 networks to satisfy different types of traffic. MPLS belongs to the family of packet-switched networks. MPLS operates at an OSI Model layer that is generally considered to lie between traditional definitions of Layer 2 (Data Link Layer) and Layer 3 (Network Layer), and thus is often referred to as a "Layer 2.5" protocol. It was designed to provide a unified data-carrying service for both circuit-based clients and packet-switching clients which provide a datagram service model.
1) Ingress LSR: This performs initial packet processing and applies the first label to create a new label. 2) Core LSR: This swaps the incoming label with the corresponding next hop label given by a forwarding table. 3) Egress LSR: This pops the label from the packet. When an IP packet enters into an MPLS domain an ingress LSR processes its information and matches it to a Forward Equivalence Class (FEC). The QoS parameters also define which queueing and discarding policy are to be used. Two protocols are used to exchange information among routers, and they are, Intra domain Routing Protocol (OSPF): This is used to exchange routing information. Label Distribution Protocol: This assigns labels to each packet.