Agenda 1. QUIZ 2. LANS, WANS & THE DATA LINK LAYER 3. HOMEWORK & HOMEWORK FOR NEXT CLASS 4....

Agenda

1. QUIZ 2. LANS, WANS & THE DATA LINK LAYER 3. HOMEWORK & HOMEWORK FOR NEXT CLASS 4. Perroyclinic BIDDERS CONFERENCE 5. ETHERNET AND BEYOND 6. ARCHITECTURE 7. PHYSICAL LIMITS 8. HUBS, BRIDGES, ROUTERS 9. ATM 10. ENCAPSULATION/VPN

Physical/Data Link/Network/ Layers?

Response time of a transaction:RT = (i) N(i) S(i)

N(i) = Number of times service i is needed S(i) = Time needed for completion of service i

Server i utilization:U(i) = A(i) S(i)

A(i) = Arrival rate of requests for service i

Queue length at server i:

Q(i) = U

Ui

i

()

()1

Homework-P 1 of 3

A company has a corporate network which consists of fiveEthernet LANs connected to a mainframe through 56 KBpslines. Each LAN has about 20 workstations which generate one message per second. Each message is 1000 bytes (8bits per byte). Most workstations interact with each other on their LANs with only 20% of the messages being sent to themainframe. The messages sent to the mainframe access a corporate database which services 50 I/O per second. Howmuch of a congestion problem exists on the LAN, the WAN and the mainframe database.

Homework P 2 of 3

An Advise To The Lovelorn database operates on a T-1 line.The average input is 1000 bytes of questions. The average output has 1Million bytes of answers. Database processing time averages 3 seconds. What is the total response time if you assume 8 bits per byte.

Homework P 3 of 3

Ping ns1.bangla.net. How many packets were lost?What was the response time?Now do a trace route and see how many hops it takes to get to get to ns1.bangla.net.

Homework

Visit Web site http://www.openview.hp.com and takean interactive tour. (Note: You need to sign up)

Chapter 1, Problems 10 & 12

Chapter 2, Problems 1 & 5 (less the drawing in 2-5)

Group Project

1. Hand in Team Names & Members Names (They are due on September 15th)

2. Any questions on handout?

Bidders Conference

Local Area Networks

MANs and LANs 802 Series/Origins 802.3 802.4 802.5 802.6/DQDB Data Link Layer Protocols

LANs & Layers

Source Port

802.1 Bridging

802.2 Logical Link Control

CSMA Token Token MAN IVD Wire- Future less CD Bus Ring

802.3 802.4 802.5 802.6 802.9 802.11

802.7 Broadband Tag

802.8 Fiber Optic Tag

DataLinkLayer

PhysicalLayer

Data Link & Physical Layer Entities--802.3

Data Link Layer• Data Encapsulation & decapsulation

• Establishes frame• Provides source & destination addresses• Provides error detection

• Media Access Management• Interfaces with physical layer (tx/rx frame)• Buffers frame• Provides collision avoidance• Provides collision handling

Data Link & Physical Layer Entities--802.3

Physical Layer• Data Encoding & Decoding

• Provides the signals to synchronize the stations (preamble)• Encodes the binary data stream to self-clocking Manchester code at transmit site & decodes at receive site

• Channel Access• Introduces the physical signal onto the channel on the transmit side and receives it on the receive side• Senses if a carrier is on the channel• Detects a collision on the channel

TCP/IP Protocol Suite

User ApplicationsTelnet FTP SMTP XWindows TFTP NFS SunRPC SNMPTransmission Control Protocol

(TCP)User Datagram Protocol

(UDP)Internet Protocol (IP)

Physical Network

IEEE 802.3 Frame Format CSMA/CD

Pre-amble

To Fromaddr addr

Data Pad Check sum

7 1 2/6 2/6 2 0 - 1500 0 - 46 4

Start of framedelimiter

Length ofdata field

IEEE 802.5 Frame Format Token Ring

Data Checksum

1 1 1 2/6 2/6 No Limit 4 1 1

SD AC ED

1 1 1

Token

Frame controlAccess control

Starting delimiter

To Fromaddr addr

End delimiter

Frame status

IEEE 802.4 Frame Format Token Bus

Data Checksum

1 1 1 2/6 2/6 0 - 8182 4 1

Frame controlAccess control

Starting delimiter

To Fromaddr addr

End delimiter

IEEE 802.X Frame Format Efficiency

What is the nominal efficiency of 802.3 (data vs. OH)? 72/1500=What is the nominal efficiency of 802.5 (data vs. OH)? 21/8182+=What is the nominal efficiency of 802.4 (data vs. OH)? 20/8182=

Distributed Queue Dual Bus (DQDB)--IEEE 802.6Bus A

Bus B

Computer

Data Link Layer—NM View

Framing:Character countStarting & ending with character stuffing

Starting & ending flags & bit stiffing

Coding:Error correction (Hamming distance)Error detection (Polynomial checksum)

Data Link Layer-NM View

Data Link Protocols:Synchronous Data Link Control (SDLC)High Level Data Link Control HDLC)Serial Line Internet Protocol (SLIP)Point-to-Point Protocol (PPP)Link Control Protocol (LCP)Network Control protocol (NCP)

Ethernet And Beyond

Ethernet:a. Is the current evolution of ALOHA, i.e., CSMA/CD (1) Ethernet bus data rate is 10 Mbps. When traffic reaches 40% to 70% Utilization (of the maximum) collisions cause degraded performance. (2) Utilization must be monitored to keep performance at an acceptable level.b. Has an OSI subset architecture and physical limits:

Layers In The OSI Stack

ApplicationPresentationSessionTransportNetworkData LinkPhysical

Network Managementuses some of theselevels to manage others

But how do they relateto each other?

Ethernet And Beyond

Ethernet:a. Is the current evolution of ALOHA, i.e., CSMA/CDb. Has an OSI subset architecture and physical limits:

Architecture: Network

LLCData Link MAC Sublayer

Physical Convergence LayerPMD Sublayer

Fast Ethernet

Ethernet And Beyond

Gigabit Ethernet:a. Is theoretically cheaper than FDDI and ATMb. Is 100 times faster than Ethernetc. Has an OSI subset architecture and physical limits:

Ethernet And Beyond

Gigabit Ethernet:Has an OSI subset architecture and physical limits:

Architecture: Network LLC

Data Link MAC SublayerReconciliation SublayerConvergence Sublayer

Physical PMA SublayerPMD Sublayer

Data Link Layer

Framing:Character countStarting & ending with character stuffing

Starting & ending flags & bit stiffing

Coding:Error correction (Hamming distance)Error detection (Polynomial checksum)

Ethernet And Beyond

Gigabit Ethernet:Has an OSI subset architecture and physical limits:

Topology Limits: Type 9 µ 50 µ 50 µ 62.5 µ Bal Shld UTP

SM SM MM MM Cable Cable1000BASE-LX 10 km 3 km 550 m 440 m1000BASE-SX 550 m 260 m1000BASE-CX 25 m1000BASE-T 100 m

Ethernet And Beyond

Hubs, Bridges, Routers & Switches (ATM):a. Hubs (1) Overcome length and numbers limitations limitations by connecting each DTE to a hub or stacked hubs in a wiring closet. (2) Are easily managed with the installation of patch panels {especially patch panels with decent connectors}.b. Bridges switch data between LANS (1) Provide switching and filtering (2) Operate at the Data Link layer (3) Can be transparent and use spanning tree algorithms (4) Can be source routing and used in token rings or to connect token rings with ethernet LANS

Ethernet And Beyond

Hubs, Bridges, Routers & Switches (ATM): (continued)c. Routers (1) Operate at the network level and contain tables of addresses. (2) Can optimize network performance in areas of bandwidth and latency. (3) Are fundamentally slower than bridges.b. Switches (1) Are circuit or packet (2) Operate at various levels (3) Are the fundamental characteristic of ATM implementations (4) Management issues occur at the Network Layer

Layers In The OSI Stack

ApplicationPresentationSessionTransportNetworkData LinkPhysical

The Network Layer/ATM

• Objective # 1: Minimize mean packet delay

• Objective # 2: Maximize total network throughput


• Architectural Views:– Internet Community: Networking should be

connectionless.

– Telephone & ATM Communities: Networking should be connection oriented.


Internet ATM

Email FTP …….

TCPIPATMData Link

Physical


• Routing Algorithms– Non Adaptive or Static Routing

• Shortest Path

• Flooding

• Flow based

– Adaptive• Distance Vector

• Count-to-Infinity

• Link State


• Congestion Control (open loop) Algorithms– Leaky Bucket Algorithm--buffers unregulated packet

flow and converts it to a regulated flow. Excess packets are thrown away.

– Token Bucket Algorithm--allows host computers to save up packets and burst them (up to the maximum size of the bucket). Excess packets are saved at host.


• Congestion Control (closed loop) Algorithms– Choke Packets--router advises source router it is getting

too heavy a utilization. Response is voluntary.

– Fair Queuing--routers have multiple queues for each output line, one for each source.

– Hop-by-Hop Choke Packets--have choke packet take effect at every hop it passes through--what’s wrong with this as a network layer strategy?

– Load shedding--routers through the packets away--what’s wrong with this as a network layer strategy?


OSI ATM ATMlayer layer sublyr Functionality

3/4

2/3

2

1

AAL

ATM

Phys

CSSAR

TC

PMD

Providing the standard interfaceSegmentation and reassembly

Flow ControlCell header generation/extractionVirtual Ckt path managementCell multiplexing/demultiplexing

Cell rate decoupling Cell generationHeader, Checksum & Frame generationPacking/Unpacking cells fromenclosing envelope

Bit timing and physical network access

IP OSI SONET ATM ATMlayer layer layer layer sublyr Functionality

3/4

2/3

2

1

AAL

ATM

Phys

CSSAR

TC

PMD

Providing the standard interfaceSegmentation and reassembly

Flow ControlCell header generation/extractionVirtual Ckt path managementCell multiplexing/demultiplexing

Cell rate decoupling Cell generationHeader, Checksum & Frame generationPacking/Unpacking cells from enclosing envelope

Bit timing and physical network access

3

4

1

2

The Network Layer/ATM/IP/SONET


The ATM Layer:a. Is regarded in the ATM community as a Data Link

Layer.b. Has Network Layer functionality.c. Is connection oriented, using “Virtual Channel/virtual

circuits.d. Does not provide acknowledgments--good or bad?e. Has two designated interfaces:

(1) User-Network Interface (UNI) is between hostand network (or possibly customer and carrier).

(2) Network-Network Interface (NNI) is betweenswitches (ATM version of routers).

The Network Layer/ATMThe ATM Layer five byte header:

GeneralFlow Control

4 8 16 3 1 8VirtualPathIdentifier

VirtualChannelIdentifier

Payload Type

HeaderErrorCheck

CLP

VirtualPathIdentifier

VirtualChannelIdentifier

Payload Type

CLP

HeaderErrorCheck

How many payload types are there?


Characteristics of ATM service categories:

RT NRTService Characteristic CBR VBR VBR ABR UBRBandwidth guarantee Yes Yes Yes Option NoSuitable for real time traffic Yes Yes No No NoSuitable for bursty traffic No No Yes Yes YesFeedback about congestion No No No Yes No

The Network Layer/ATMATM quality of service parameters:Parameter Acronym MeaningPeak cell rate PCR Max rate at which cell will be sentSustained cell rate SCR Long term average cell rateMinimum cell rate MCR Minimum acceptable cell rateCell delay varia toler CDVT Maximum acceptable cell jitterCell loss ratio CLR Fraction of cells lost/delivered too lateCell transfer delay CTD How long delivery takes (mean to max)Cell delay variation CDV Variance in cell delivery timesCell error rate CER Fraction of cells delivered without errorCell misinsertion rate CMR Fraction of cells delivered wrong placeSeverly-errored SECBR Fraction of blocks garbled cell block ratio

WAN-Virtual Circuits

VPNVPN


A reason to care:1. Number of countries with identified collection involvement

1997: 37 1998: 47 1999: 56 2000:632. Where they’re from:

Asia: 37% Europe: 19% Eurasia: 21% Middle East: 18%3. Technologies targeted:

Information Systems ElectronicsSensors & Lasers Marine SystemsAeronautics Biological & ChemicalEnergetic Materials Manufacturing & FabricationNuclear Technology Power SystemsSpace Systems Signature Control


Problems For Management• VPN implementation, services & overall utility vary widely--the single complete solution that can meet all your needs does not exist• (Depending on your environment) some implementations hold distinct advantages over others


Virtual Private Networking Version 2.01. What is a VPN?2. What is a tunnel?3. What is the relationship between VPNs and multi- system management?4. What is significance of Service Level Agreements (SLAs)?


Virtual Private Networking Enhancers1. IPSec: • A protocol that authenticates, encapsulates (tunnels) and encrypts traffic across IP networks.• It supports key management, the Internet Key Exchange protocol & various encryptions (e.g., DES & Tripple DES) 2. Multiprotocol Label Switching (MPLS):• Defines a process in which a label is attached to an IP header to increase routing efficiency and enable routers to forward packets according to specified QoS levels.• Uses a tunneling technique.

MPLS vs. Circuit Switching

MPLS• Minimizes changes to hardware by routing and switching functions• Will establish pre-hop behavior for delay sensitive traffic• Permits bandwidth reservation and flow control over wide range of paths• Will permit bandwidth & other constraints to be considered in computes• Provides ranking to individual flows so during failure important flows go first

Circuit Switching• Hardware designs do not need to change• Minimizes delay variations

• Enables accurate bandwidth reservations• Can automatically compute routes over known/specified bandwidths• Can provide hard guarantees of service and routing

VPN Example: Cisco Secure Client

CAMPUS

X.509Cert Auth

VPN Administrator

Cisco SecureAccess ControlServer-AAA

Cisco 7100 SeriesVPN Router Extranet User

with Internet Access

Extranet Userwith Cisco SecureVPN Client

InternetVPN and/or IP-VPN

Mobile DialRemote Access Userwith Cisco Secure VPN Client

Mobile Home Userwith Cisco Secure VPN Client


Advertised Features• Full compliance with IPSec and related standards

• DES, 3DES, MD-5 & SHA-1 algorithms• Internet Key Exchange using ISAKMP/Oakley

• Interoperates with virtually all PC Windows communications devices: LAN adapters, modems, PCMCIA cards, etc.• GUI for configuring security policy and managing certificates• Easy to install and transparent to use with easy configuration for deployment to end users• Security policy can be exported and protected as read only by the VPN administrator


Advertised Applications• Travelling “Road Warrior” communications (client to gateway)• Creation of virtual “secure enclave” on unprotected network• X.509 v3 certificates• FIPS-46 DES encryption• FIPS-180-1 SHA-1 hash• FIPS-186 DSS digital signatures• CAPI 2.0: Microsoft Crypto API• PKCS: Public Key Cryptographic Standards• IP Security Standards


Internet Protocol Security Standards• RFC 2401 Security Architecture for Internet Protocol• RFC 2402 IP Authentication Header• RFC 2403 Use of HMAC-MD5-96 within ESP & AH• RFC 2404 Use of HMAC-SHA-1-96 within ESP & AH• RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV• RFC 2406 IP Encapsulating Security Payload (ESP)• RFC 2407 IP Security Domain of Interpretation for ISAKMP• RFC 2408 Internet Security Association & Key Management Protocol (ISAKMP)• RFC 2409 Internet Key Exchange (IKE)• RFC 2410 NULL Encryption Algorithm & its uses with IPSec

VPN Evaluation: Computer Networks Report

Services Wt. GTEI Uunet InfonetQuest AT&TPSINetGeogr Coverage 25% 5 3 4 2 2 2.5SLAs 25% 4 4.5 3 1.5 3 2.5Pricing 20% 2.5 5 3.5 3.5 1 1Security 20% 4.5 3.5 2 4 3.5 2QoS Support 10% 2 2 2 1 1 2Total Score 3.85 3.76 3.05 2.46 2.25 2.05

B B C+ D D DSpecific Products Evaluated: GTE Internetworking: VPN Advantage Note: Scores weighted 0-5Uunet: UUsecure VPN Direct EditionInfonet: Private InternetQuest Communications: Quest VPNAT&T: Virtual Private Network Service (VPNS)

PSINET: IntraNet

Enterprise Firewalls Problems For Management• What are you most concerned about?

• Penetration protection• Performance• Logging & reporting• Data overload• Good records

• Type to use?• Hardware (inspection only)• Proxy (software processing)

• Central or Distributed Management?

Enterprise FirewallsPotential Contradictory Goals• Penetration protection vs. performance• Logging & reporting vs. data overload• Good records vs. archival costs

Central or Distributed management• Central management creates security policy & pushes it out (security policy defined once & easier monitor or each firewall is configured separately in one GUI (good for small sites but more overhead)• Distributed management takes more people

Enterprise Firewall

Internet

CentralManager

Firewall Evaluation: Computer Networks Report

Services Wt. VPN-1 SecPIX Raptor NetScreen Sidewinder

Management 30% 4 5 4 3 2 Reporting 30% 5 4 2 2 2 Security Features 20% 5 3 5 3 3 Firewall Perform 10% 5 5 3 5 3 VPN Perform 10% 3 2 2 5 2 Total Score 4.5 4.0 3.3 3.1 2.3

A- B+ C+ C+ D Compaines: VPN-1 Gateway & VPN-1 Accellerator Card: Check Point Secure PIX: CiscoRaptor: Axent NetScreen 100 1.66: NetScreen Technologies Note: Scores weighted 0-5Sidewinder: Secure Computing

Agenda 1. QUIZ 2. LANS, WANS & THE DATA LINK LAYER 3. HOMEWORK & HOMEWORK FOR NEXT CLASS 4....

Documents

Transcript of Agenda 1. QUIZ 2. LANS, WANS & THE DATA LINK LAYER 3. HOMEWORK & HOMEWORK FOR NEXT CLASS 4....