250 likes | 343 Vues
Covering key networking concepts such as switch fabrics, protocols, routing algorithms, security elements, and calculations related to NAT, encryption, and routing. Includes true/false questions, protocol explanations, and calculation examples.
E N D
Final Exam Review • Knowledge questions • True or false statement (explain why) • Protocol • Calculation • Cover the contents after midterm coverage
Knowledge Question Examples • Three classes of switch fabric, speed relationship • What is Head-of-the-line (HOL) blocking? • Where can queue occur in router? • TCP header size? IP header size? UDP header size? • How many bits in IP of IPv6? Address space size? Why it is very slow to be deployed? (enough IP space, hard upgrading and compatible) • Routing: what are Link state, distance vector? • Internet two-level routing? (inter-AS, intra-AS) • RIP, OSPF, BGP? Used where? • OSPF uses link state, BGP/RIP uses distance vector • Which is better? pure ALOHA, slotted ALOHA, CSMA/CD? • What are their assumptions? (collision detection, time syn) • CSMA/CD? CSMA/CA? Why wireless use CSMA/CA?
Knowledge Question Examples • Ethernet Broadcast MAC addr.? What the broadcast address for? What is ARP? • Why Ethernet is much better than aloha in efficiency? (homework 3) • Hub vs. Switch? (homework 3) • 802.11a, b, g: speed? Working frequency? • 802.15? (personal area network, example: bluetooth) • Wireless no collision detection? • listen while sending, fading, hidden terminal • Network security three elements: • Confidentiality, authentication, integrity • What is public/symmetric key cryptography? Pro vs. con? • Why use “nonce” in security? (replay attack) What is man-in-the-middle attack? • Usage of firewall? (block outside active traffic to inside) • IP spoofing? SYN flood DoS attack? UDP flood? • What is a botnet? • Different between email virus vs. worm? • Vulnerability, user interaction to propagate, speed • IPSec vs. SSL? (different layers, tcp vs. udp)
Protocol Problem Examples • NAT address translation procedure • Digital signature procedure • HTTPS connection procedure • CA, public key • Secure email (assume known public key) • Confidentiality • Integrity
Calculation Examples • Homework 3 prob. 7 (subnet addressing) • Homework 2, prob. 9-11 (link state, distance vector) • Homework 3, prob. 4 (parity checking) • Homework 3, prob. 5 (CRC calculation) • Homework 3, prob. 11 (wireless MAC protocol) • Caesar cipher decrypt, Vigenere cipher, one-time pad decrypt (given the pad)
Three types of switching fabrics Property? Speed order?
Head-of-the-Line (HOL) blocking: queued datagram at front of queue prevents others in queue from moving forward • Queue can occur at both input port and output port of a router
Inter-AS routing between A and B b c a a C b B b c a d Host h1 A A.a A.c C.b B.a Intra-AS and Inter-AS routing Host h2 Intra-AS routing within AS B Intra-AS routing within AS A • We’ll examine specific inter-AS and intra-AS Internet routing protocols shortly
Global or decentralized information? Global: all routers have complete topology, link cost info “link state” algorithms Decentralized: router knows physically-connected neighbors, link costs to neighbors iterative process of computation, exchange of info with neighbors “distance vector” algorithms Routing Algorithm classification
3 1 2 4 S: 10.0.0.1, 3345 D: 128.119.40.186, 80 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 1: host 10.0.0.1 sends datagram to 128.119.40.186, 80 2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table S: 128.119.40.186, 80 D: 10.0.0.1, 3345 S: 128.119.40.186, 80 D: 138.76.29.7, 5001 NAT: Network Address Translation NAT translation table WAN side addr LAN side addr 138.76.29.7, 5001 10.0.0.1, 3345 …… …… 10.0.0.1 10.0.0.4 10.0.0.2 138.76.29.7 10.0.0.3 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345 3: Reply arrives dest. address: 138.76.29.7, 5001
Inter-AS routing between A and B b c a a C b B b c a d Host h1 A A.a A.c C.b B.a Intra-AS and Inter-AS routing Host h2 Intra-AS routing within AS B Intra-AS routing within AS A • RIP: Routing Information Protocol • OSPF: Open Shortest Path First • BGP: Border Gateway Protocol (Inter-AS)
A wants to send datagram to B, and B’s MAC address not in A’s ARP table. A broadcasts ARP query packet, containing B's IP address Dest MAC address = FF-FF-FF-FF-FF-FF all machines on LAN receive ARP query B receives ARP packet, replies to A with its (B's) MAC address frame sent to A’s MAC address (unicast) A caches (saves) IP-to-MAC address pair in its ARP table until information becomes old (times out) soft state: information that times out (goes away) unless refreshed ARP is “plug-and-play”: nodes create their ARP tables without intervention from net administrator ARP protocol: Same LAN (network)
What is network security? Confidentiality: only sender, intended receiver should “understand” message contents • sender encrypts message • receiver decrypts message Authentication: sender, receiver want to confirm identity of each other • Virus email really from your friends? • The website really belongs to the bank? Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection • Digital signature
RTS(B) RTS(A) reservation collision RTS(A) CTS(A) CTS(A) DATA (A) ACK(A) ACK(A) Collision Avoidance: RTS-CTS exchange B A AP DIFS CIFS CIFS defer CIFS time Textbook Page 522 figure
public Internet administered network Firewall • Block outside-initiated traffic to inside of a local network • Usually do not block any traffic initiated from inside to outside firewall
Digital signature = signed message digest H: Hash function H: Hash function large message m large message m + - digital signature (decrypt) digital signature (encrypt) K K B B encrypted msg digest encrypted msg digest + - - KB(H(m)) KB(H(m)) H(m) H(m) Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: H(m) Bob’s private key Bob’s public key equal ? No confidentiality !
. KS( ) + + KB(KS ) KB + . + KB( ) Secure e-mail • Alice wants to send confidential e-mail, m, to Bob. KS KS(m ) m Internet KS • Alice: • generates random symmetric private key, KS. • encrypts message with KS (for efficiency) • also encrypts KS with Bob’s public key. • sends both KS(m) and KB(KS) to Bob.
. . KS( ) KS( ) + + + - KB(KS ) KB(KS ) KB KB + - KS KS(m ) KS(m ) m m KS Internet KS . . + - KB( ) KB( ) Secure e-mail • Alice wants to send confidential e-mail, m, to Bob. • Bob: • uses his private key to decrypt and recover KS • uses KS to decrypt KS(m) to recover m
+ - KA KA + - . . + - KA( ) KA( ) . . - - KA(H(m)) KA(H(m)) H(m ) m H( ) H( ) compare Internet m H(m ) m Secure e-mail (continued) • Alice wants to provide message integrity (unchanged, really written by Alice). • Alice digitally signs message. • sends both message (in the clear) and digital signature.
+ K B How SSL (https) works? Three-way handshake Request server certificate K-CA(K+B) Server B Client Certificate from CA K+B(KA-B) Symmetric session key KA-B(m) time
Distance table gives routing table cost to destination via E Outgoing link to use, cost D () A B C D A 3 5 6 4 A B C D A,3 B,4 D,4 A,4 B 5 4 9 11 D 8 9 4 5 destination destination Routing table Distance table
2 1 7 Y Z X X c(X,Y) + min {D (Z,w)} c(X,Z) + min {D (Y,w)} D (Y,Z) D (Z,Y) = = w w = = 7+1 = 8 2+1 = 3 X Z Y Distance Vector Algorithm: example
CRC Example Want: D.2r XOR R = nG equivalently: D.2r = nG XOR R equivalently: if we divide D.2r by G, want remainder R D.2r G R = remainder[ ]
2,A 5,A 1,A infinity,- infinity,- A 2,A 4,D1,A2,D infinity,- AD 2,A 3,E1,A2,D4,E ADE 2,A 3,E 1,A2,D 4,E ADEB 2,A3,E1,A2,D 4,E ADEBC 2,A3,E1,A2,D4,E ADEBCF A D B E F C Dijkstra’s algorithm: example D(B),p(B) D(D),p(D) D(C),p(C) D(E),p(E) Step 0 1 2 3 4 5 N D(F),p(F) 5 3 5 2 2 1 3 1 2 1
Caesar cipher decrypt: • “welcome”, key= +2 • Vigenere cipher • “final exam” key=3,4,-1 (blank space does not change)