c1 1page per sheet

8/3/2019 C1 1page Per Sheet

1/82

Chapter 1Introduction

Introduction 1-1

Computer Networking:A Top Down Approach ,5th edition.

Jim Kurose, Keith RossAddison-Wesley, April2009.

A note on the use of these ppt slides:Were making these slides freely available to all (faculty, students, readers).Theyre in PowerPoint form so you can add, modify, and delete slides(including this one) and slide content to suit your needs. They obviouslyrepresent a lotof work on our part. In return for use, we only ask thefollowing: If you use these slides (e.g., in a class) in substantially unaltered form,

that you mention their source (after all, wed like people to use our book!) If you post any slides in substantially unaltered form on a www site, that

you note that they are adapted from (or perhaps identical to) our slides, andnote our copyright of this material.

Thanks and enjoy! JFK/KWR

All material copyright 1996-2009J.F Kurose and K.W. Ross, All Rights Reserved


2/82

Chapter 1: IntroductionOur goal: get feel and

terminology more depth, detail

laterin course

Overview: whats the Internet? whats a protocol? network edge; hosts, access net,

Introduction 1-2

approac : use Internet asexample

network core: packet/circuit

switching, Internet structure performance: loss, delay,

throughput security protocol layers, service models

history


3/82

Chapter 1: roadmap

1.1 What isthe Internet?

1.2 Network edge end systems, access networks, links

1.3 Network core

Introduction 1-3

c rcu sw c ng, pac e sw c ng, ne wor s ruc ure

1.4 Delay, loss and throughput in packet-switchednetworks

1.5 Protocol layers, service models

1.6 Networks under attack: security1.7 History


4/82

Whats the Internet: nuts and bolts view

Hng triu thit b tnhton c ni mng:

hosts = end systems chy cc ng dng

mng Home network

Mobile network

Global ISP

PC

server

wirelesslaptop

cellularhandheld

Introduction 1-4

Institutional network

router

wiredlinks

accesspoints

commun ca on n s fiber, copper,

radio, satellite

transmissionrate = bandwidth

routers:Chuyn ccpackets (gi tin)


5/82

Cool internet appliances

IP picture framehttp://www.ceiva.com/

Web-enabled toaster +weather forecaster

Introduction 1-5

Worlds smallest web serverhttp://www-ccs.cs.umass.edu/~shri/iPic.html Internet phones


6/82

Whats the Internet: nuts and bolts viewprotocols(giao thc) iu

khin vic gi/nhn cc msg e.g., TCP, IP, HTTP, Skype,

Ethernet

Internet:mng ca cc

Home network

Mobile network

Global ISP

Introduction 1-6

loosely hierarchical public Internet versus private

intranet

Cc tiu chun Internet RFC: Request for comments IETF: Internet Engineering

Task Force

Institutional network


7/82

Whats the Internet: a service view H tng truyn thng

(communication

infrastructure)cho php ccng dng phn b: Web, VoIP, email, games,

-

Introduction 1-7

, Cc ng dng s dng cc

dch v truyn thng(communication services)

Truyn d liu bo m tmy ngun n my ch Truyn d liu thng (ko

bo m)


8/82

Whats a protocol?human protocols:My gi ri?Cho ti hi gii thiu

network protocols: My tnh, ko phi ngi Tt c cc hot ng

truyn thng trnInternet phi tun th

Introduction 1-8

gi i mt thng ipnht nh

mt hnh ng nht

nh c thc hinkhi nhn c thngip, hoc khi c 1 skin khc

cc protocolsprotocols define format,

order of msgs sent and

received among networkentities, and actions

taken on msgtransmission, receipt


9/82

Whats a protocol?a human protocol and a computer network protocol:

Xin cho

Xin choTCP connectionrequest

Introduction 1-9Q: Other human protocols?

Cho hi my giri?

2:00

TCP connectionresponse

Get http://www.awl.com/kurose-ross

Thi gian


10/82

Chapter 1: roadmap1.1 What isthe Internet?

1.2 Network edge end systems, access networks, links

1.3 Network core

Introduction 1-10






11/82

A closer look at network structure: network edge: ng

dng v cc mytnh (hosts)

access networks,

Introduction 1-11

wired, wirelesscommunication links

network core: interconnected

routers

network of

networks


12/82

The network edge: end systems (hosts):

Chy cc C trnh ng dng e.g. Web, email ng bin ca mng peer-peer

client/server model

Introduction 1-12

client/server

Client yu cu v nhn cc dch

v t cc server

e.g. Web browser/server;email client/server

peer-peer model: Dng t hoc ko dng cc

server dnh ring

e.g. Skype, BitTorrent


13/82

Access networks and physical mediaQ: Kt ni cc host vo cc

edge router ra sao?

Qua mng truy cp thngtrc

Mng truy cp ca t chc

Introduction 1-13

(trng hc, cty) Mng truy cp khng dy

Nh :

Kh nng truyn (bandwidth,bits per second) ca mngtruy cp?

Dng chung hay dnh ring?


14/82

telephone

network Internet

home

dial-up

modem

ISP

modem

(e.g., AOL)

My tnh gia nh

Vn phng trung tm

Dial-up Modem

S dng h tng mng in thoi ang c

My tnh gia nh c kt ni vo vn phngtrung tm Tc truy cp trc tip n cc router ln ti 56Kbps

Ko th va lt web, va nghe in thoi cng lc


15/82

telephone

network

home

phone

Internet

DSLAM

Existing phone line:

0-4KHz phone; 4-50KHz

upstream data; 50KHz-1MHz

downstream data

s litter

Digital Subscriber Line (DSL)

DSLmodem

home

PC

central

office

Cng s dng h tng in thoi ang c

Tc upstream ln ti 1Mbps (hin gi < 256 Kbps) Tc downstream ln ti 8Mbps (hin gi < 1 Mbps) S dng ng truyn vt l dnh ring ni n vn

phng trung tm.


16/82

Residential access: cable modems

Khng s dng h tng in thoi S dng h tng mng truyn hnh cp

HFC: hybrid fiber coax Bt i xng: 30Mbps downstream, 2 Mbps

Introduction 1-16

upstream Mng li cp ng v cp quang ni tng h gia

nh n router ca ISP Cc h gia nh chia s truy cp (share access)

ti router Khng nh DSL, k thut dedicated access


17/82

Residential access: cable modems

Introduction 1-17Diagram: http://www.cabledatacomnews.com/cmic/diagram.html


18/82

Cable Network Architecture: Overview

T icall 500 to 5 000 homes

Introduction 1-18

home

cable headend

cable distributionnetwork (simplified)


19/82


server(s)

Introduction 1-19

home

cable headend

cable distributionnetwork


20/82


Introduction 1-20

home

cable headend

cable distributionnetwork (simplified)


21/82


VIDEO

VIDEO

VIDEO

VIDEO

VIDEO

VIDEO

DATA

DATA

CO

NTROL

1 2 3 4 5 6 7 8 9

FDM (more shortly):

Introduction 1-21

home

cable headend

cable distributionnetwork

anne s


22/82

ONT

OLT

optical

ONToptical

fiber

optical

fibersInternet

Fiber to the Home

central office splitter

ONT

S dng ng cp quang ni n nh

S dng 2 k thut cp quang cnh tranh: Passive Optical network (PON) Active Optical Network (PAN)

Tc truy cp Internet cao hn, cho php TV v

in thoi.


23/82

100 Mbps

100 Mbps

Ethernet

switch

Institutional

routerTo Institutions

ISP

Ethernet Internet access

100 Mbps

1 Gbps

server

c dng ph bin trong cc Cty, trng hc, 10 Mbs, 100Mbps, 1Gbps, 10Gbps Ethernet Hin thi, cc host c ni trc tip n cc Ethernet

switch


24/82

Wireless access networks

Kt ni host n router qua ccmng truy cp khng dy

(wireless) dng chung Qua cc base station (hoc access

point)

base

router

Introduction 1-24

802.11b/g (WiFi): 11 or 54 Mbps

wider-area wireless access provided by telco operator

~1Mbps over cellular system(EVDO, HSDPA) next up (?): WiMAX (10s Mbps)

over wide area

a on

mobilehosts


25/82

Home networks

Cc thnh phn tiu biu ca home network DSL or cable modem

router/firewall/NAT Ethernet wireless access

Introduction 1-25

point

wirelessaccesspoint

wirelesslaptops

router/

firewall

cable

modem

to/fromcable

headend

Ethernet


26/82

Physical Media

Bit: propagates betweentransmitter/rcvr pairs

physical link: what liesbetween transmitter &

Twisted Pair (TP) two insulated copper

wires Category 3: traditional

phone wires, 10 MbpsEthernet

Introduction 1-26

Phng tin truyn dn(guided media): signals propagate in solid

media: copper, fiber, coax

unguided media: signals propagate freely, e.g.,

radio

Category 5:100Mbps Ethernet


27/82

Physical Media: coax, fiber

Coaxial cable: Hai dy dn ng trc Hai hng baseband:

Mt knh truyn trn cp

Fiber optic cable: Si quang mang xung nh

sng, mi xung biu din 1bit Lm vic tc cao:

Introduction 1-27

legacy Ethernet

broadband: Nhiu knh truyn trn

cp HFC

g -spee po n - o-po ntransmission (e.g., 10s-100sGps)

t li, min nhiu in t


28/82

Physical media: radio

signal carried inelectromagnetic

spectrum no physical wire bidirectional

Radio link types: terrestrial microwave

e.g. up to 45 Mbps channels LAN (e.g., Wifi)

11Mbps, 54 Mbps

Introduction 1-28

propagation environmenteffects: reflection obstruction by objects interference

wide-area (e.g., cellular) 3G cellular: ~ 1 Mbps satellite

Kbps to 45Mbps channel (or

multiple smaller channels) 270 msec end-end delay geosynchronous versus low

altitude


29/82

Chapter 1: roadmap1.1 What isthe Internet?

1.2 Network edge end systems, access networks, links1.3 Network core

Introduction 1-29






30/82

The Network Core Mng li cc router c

ni kt nhau Cu hi cn bn: d liu

c truyn dn qua

Introduction 1-30

circuit switching:

dedicated circuit percall: telephone net

packet-switching: datasent thru net in discretechunks


31/82

Network Core: Circuit Switching

End-end resources

reserved for call link bandwidth, switch

capacity

Introduction 1-31

dedicated resources: nosharing circuit-like (guaranteed)

performance call setup required


32/82

Network Core: Circuit Switching

network resources (e.g.,bandwidth) divided

into pieces pieces allocated to calls

dividing link bandwidthinto pieces

frequency division time division

Introduction 1-32

used by owning call (nosharing)


33/82

Circuit Switching: FDM and TDMFDM

frequency

4 users

Example:

Introduction 1-33

time

TDM

frequency

time


34/82

Numerical example Gi 1 file 640,000 bits, t host A n host B

qua mng circuit-switched mt bao lu? Tc ng truyn 1.536 Mbps Mi ng truyn s dng TDM vi 24 slots/sec

Introduction 1-34

Cn 500 msec thit lp mch ni 2 im


35/82

Network Core: Packet Switching

Dng d liu c chia thnhcc gi tin (packets)

user A, B packets sharenetwork resources each packet uses full link

Tranh chp ti nguyn: Tng nhu cu ti

nguyn yu cu c thvt qu kh nng tinguyn ang c

Introduction 1-35

bandwidth resources used as needed

Tc nghn: hng i gitin, ch s dng ngtruyn

store and forward:

packets move one hopat a time Node receives complete

packet before forwarding

Bandwidth division into piecesDedicated allocation

Resource reservation


36/82

Packet Switching: Statistical Multiplexing

A

B

C100 Mb/sEthernet

1.5 Mb/s

statistical multiplexing

queue of packets

Introduction 1-36

Sequence of A & B packets does not have fixed pattern,bandwidth shared on demand statistical multiplexing.

TDM: each host gets same slot in revolving TDM frame.

D E

link


37/82

Packet-switching: store-and-forward

Cn L/R giy truynht gi tin L bit lnng truyn vi tc

Example: L = 7.5 Mbits R = 1.5 Mb s

R R R

L

Introduction 1-37

ps store and forward:ton

b gi tin phi nrouter trc khi c thc truyn trn nhnhmng k tip.

tr (delay) = 3 L/R(gi s ko c tr trn

ng truyn)

transmission delay = 15sec

more on delay shortly


38/82

Packet switching versus circuit switching*

1 Mb/s link Mi user:

100 kb/s khi active

Packet switching cho php nhiu user hn dng mng

Introduction 1-38

circuit-switching: 10 users

packet switching: Vi 35 users, xc sut

nhiu hn 10 useractive cng lc < .0004

N users1 Mbps link

Q: Tnh nh th no ra 0.0004?


39/82

Packet switching versus circuit switching

Tt cho trng hp truyn d liu hng lot

resource sharing simpler, no call setup

S n tt qu mc: chm tr v mt gi tin

Is packet switching a slam dunk winner?

Introduction 1-39

Cn c protocol m bo vic truyn d liu, kimsot vic n tt. Q: How to provide circuit-like behavior?

Cn c c ch m bo tc truyn ti thiu chocc ng dng video/audioVn cn l vn nan gii (chng 7)

Q: human analogies of reserved resources (circuit

switching) versus on-demand allocation (packet-switching)?


40/82

Internet structure: network of networks

C cu trc phn cp trung tm: cc nh cung cp dch v Internet cp 1

tier-1 ISPs (e.g., Verizon, Sprint, AT&T, Cable andWireless), c tm bao ph quc gia/quc t treat each other as e uals

Introduction 1-40

Tier 1 ISP

Tier 1 ISP

Tier 1 ISP

Tier-1providersinterconnect(peer)

privately


41/82

Tier-1 ISP: e.g., Sprint

peering

to/from backbone

POP: point-of-presence

Introduction 1-41

to/from customers

.


42/82


Nh cung cp dch v cp 2 (Tier-2 ISPs): nh hn, bao ph cp vng Kt ni n 1 hoc nhiu ISP cp 1, cng c th vi cc ISP cp 2khc

Tier-2 ISPs

Introduction 1-42

Tier 1 ISP

Tier 1 ISP

Tier 1 ISP

Tier-2 ISPTier-2 ISP

Tier-2 ISP Tier-2 ISP

Tier-2 ISP

Tier-2 ISP paystier-1 ISP forconnectivity torest of Internet tier-2 ISP is

customeroftier-1 provider

a so peer

privately witheach other.


43/82


ISP cp 3 (Tier-3 ISPs) v cc ISP a phng last hop (access) network (closest to end systems)

localISPlocal

ISPlocalISP

localISP Tier 3

ISP

Introduction 1-43

Tier 1 ISP

Tier 1 ISP

Tier 1 ISP



Tier-2 ISP

local

ISP

local

ISP

local

ISP

localISP

oca an t er-

3 ISPs arecustomersofhigher tierISPsconnecting

them to restof Internet


44/82


Mt gi tin i xuyn qua nhiu mng!

localISPlocal

ISPlocalISP

localISP Tier 3

ISP

Introduction 1-44

Tier 1 ISP

Tier 1 ISP

Tier 1 ISP



Tier-2 ISP

local

ISP

local

ISP

local

ISP

localISP


45/82

Chapter 1: roadmap

1.1 What isthe Internet?

1.2 Network edge end systems, access networks, links1.3 Network core

Introduction 1-45






46/82

How do loss and delay occur?packets queuein router buffers packet arrival rate to link exceeds output link capacity packets queue, wait for turn

Introduction 1-46

A

B

pac et e ng transm tte e ay

packets queueing (delay)

free (available) buffers: arriving packets

dropped (loss) if no free buffers


47/82

Four sources of packet delay

1. nodal processing: check bit errors determine output link

2. queueing time waiting at output

link for transmission depends on congestion

level of router

Introduction 1-47

A

B

propagation

transmission

nodalprocessing queueing


48/82

Delay in packet-switched networks

3. Transmission delay: R=link bandwidth (bps)

L=packet length (bits) time to send bits into

link = L R

4. Propagation delay: d = length of physical link

s = propagation speed inmedium (~2x108 m/sec)

ro a ation dela = d s

Introduction 1-48

A

B

propagation

transmission

nodal

processing queueing

Note: s and R are verydifferent quantities!

Caravan analogy


49/82

Caravan analogy

Cc xe hi lan truyn vntc 100 km h

Thi gian trm thu phy ton on caravan

Trm thu ph 2

Trm thu ph 1

on caravan gm 10 xe

100 km 100 km

Introduction 1-49

Trm thu ph phc v mi xemt 12 giy (transmissiontime)

Xe t~bit; caravan ~ packet Q: Thi gian cn on

caravan lm xong th tc trm thu ph 1 v tp kt n

trm thu ph th 2?

ln ng = 12*10=120giy

Thi gian chic xe saucng i t trm 1 n

trm 2:100km/(100km/h)= 1 h

A: 62 pht

Caravan analogy (more)


50/82

Caravan analogy (more)

Cc xe lan truyn vi ng vy! Sau 7 pht, xe

th nht n trm thu ph

Trm thu ph 2

Trm thu ph 1

on caravan gm 10 xe

100 km 100 km

Introduction 1-50

t c 1 m Trm thu ph phc v 1

xe mt 1 pht Q: Cc xe s n trm

th 2 trc khi tt c ccxe c phc v xong trm 1?

2, v 3 xe v n cn trm 1 Bit u tin ca gi tin c

th n router th 2 trckhi gi tin c truyn i

ht router th 1! See Ethernet applet at AWL

Web site


51/82

Nodal delay

dproc = processing delay typically a few microsecs or less

proptransqueueprocnodal ddddd +++=

Introduction 1-51

dqueue

= queuing delay depends on congestion

dtrans = transmission delay = L/R, significant for low-speed links

dprop = propagation delay a few microsecs to hundreds of msecs


52/82

Queueing delay (revisited)

R=tc truyn cho phpca ng truyn (bps)

L=chiu di gi tin (bits) a=tc trung bnh ca

Introduction 1-52

= traffic intensity = La/R

La/R ~ 0: ch(trung bnh hng i) nh

La/R -> 1: ch(trung bnh hng i) ln La/R > 1: chc th rt ln!

Delay = 1 /(1-)


53/82

Real Internet delays and routes

What do real Internet delay & loss look like? Traceroute program: o tr t my ngun n

router, dc theo ng n my ch. Vi mi i: gi 3 gi tin n router th i nm trn con ng n ch

Introduction 1-53

My ngun s tnh c thi gian gi tin i-v

3 probes

3 probes

3 probes

R l I t t d l d t


54/82

Real Internet delays and routes

1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms

traceroute: gaia.cs.umass.edu to www.eurecom.frThree delay measurements fromgaia.cs.umass.edu to cs-gw.cs.umass.edu

Introduction 1-54

- . . . . . .7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms

8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms17 * * *18 * * *

19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms

* means no response (probe lost, router not replying)

trans-oceaniclink

P k t l


55/82

Packet loss

Hng i (queue) trc ng truyn c kchthc c hn

Cc gi tin n mt hng i y s b mt Cc i tin b mt c th c tru n l i ho c

Introduction 1-55

khngA

B

packet being transmitted

packet arriving tofull buffer is lost

buffer(waiting area)

Th h t


56/82

Throughput

Thng lng (throughput): s bit truyngia bn truyn v nhn trong mt n v

thi gian Tc thi: tnh mt thi im.

Introduction 1-56

ru : r .

server, withfile of F bits

to send to client

link capacityRs bits/sec

link capacityRc bits/sec

pipe that can carryfluid at rateRs bits/sec)

pipe that can carryfluid at rateRc bits/sec)

server sends bits(fluid) into pipe

Th h t ( )


57/82

Throughput (more)

Rs< Rc What is average end-end throughput?

Rs bits/sec Rc bits/sec

Introduction 1-57

Rs> Rc What is average end-end throughput?

Rs bits/sec Rc bits/sec

link on end-end path that constrains end-end throughput

bottleneck link

Th h t I t t i


58/82

Throughput: Internet scenario

Rs

Rs

Rs per-connection end-end throughput:

min R R R 10

Introduction 1-58

10 connections (fairly) sharebackbone bottleneck link R bits/sec

Rc

Rc

Rc

R

in practice: Rc or Rsis often bottleneck

Chapter 1: roadmap


59/82

Chapter 1: roadmap

1.1 What isthe Internet?1.2 Network edge

end systems, access networks, links

1.3 Network core

Introduction 1-59





Protocol Layers


60/82

Protocol Layers

Mng vn phc tp! Gm nhiu th:

hosts routers

Question:C cch g t chccu

Introduction 1-60

media applications protocols

hardware, software

Organization of air travel


61/82

Organization of air travel

Quy v (mua v)

Hnh l (giao)

gates (cht hng)

Quy v (than phin)

Hnh l (nhn)

gates (dhng)

Introduction 1-61

Mt chui gm nhiu buc

Ct cnh

iu khin bay

H cnh

iu khin bay

iu khin bay

Layering of airline functionality


62/82

ticket (purchase)

baggage (check)

gates (load)

runway (takeoff)

ticket (complain)

baggage (claim

gates (unload)

runway (land)

ticket

baggage

gate

takeoff/landing

y g y

Introduction 1-62

departureairport

arrivalairport

intermediate air-trafficcontrol centers

Layers: mi tng (layer) ci t mt dch v (service)

Nh chnh nhng hnh ng ngay tng Nh nhng dch v c cung cp bi cc tng

bn di n.

Why layering?


63/82

Why layering?

i ph vi cc h thng phc tp: Cu trc r rng cho php nh danh, mi quan h

phc tp gia cc thnh phn h thng phc tp M hnh tham kho c phn tng

Introduction 1-63

Vic thay i cch ci ct dch v ca mt tngkhng nh hng n phn cn li ca h thng

Internet protocol stack


64/82

Internet protocol stack

application: cung cp cc ng dngmng

FTP, SMTP, HTTP transport: truyn d liu gia cc tin

trnh (process)

application

transport

Introduction 1-64

TCP, UDP

network: hng (nh tuyn) ccdatagrams i t ngun n ch IP, routing protocols

link: truyn d liu gia cc phn tmng lng ging nhau PPP, Ethernet

physical: truyn dng bits trn dy

network

link

physical

ISO/OSI reference model


65/82

ISO/OSI reference model

presentation: cho php cc ng dngto ra cc biu din li d liu, e.g.,

m ha d liu, nn d liu, session:ng b ha, checkpointing,

khi phc cc phin trao i d liu

application

presentation

session

Introduction 1-65

Chng giao thc Internet thiu cctng ny! Cc dch v ny, nu cn, phi

uc ci t trong ng dng Cn khng?

transport

network

link

physical

sourceapplication

Encapsulationmessage

M


66/82

application

transportnetwork

linkphysical

HtHn Msegment Ht

datagram

linkphysical

HtHnHl M

switch

message M

Ht MHn

frame

Introduction 1-66

destination

application

transportnetworklink

physical

HtHnHl M

HtHn MHt M

M

networklink

physical

HtHnHl M

HtHn M

HtHn M

router

Chapter 1: roadmap


67/82

Chapter 1: roadmap


end systems, access networks, links

1.3 Network core

Introduction 1-67





Network Security


68/82

Network Security

An ninh mng nhm nghin cu v: Cch thc k xu tn cng vo MMT

Cch thc bo v MMT khi cc t tn cng Cch thc thit k mng khng vi cc t tn

Introduction 1-68

Ban u, Internet khng c thit k vi cc nh an ninh original vision:a group of mutually trusting users

attacked to a transparent networkAn ninh mng cn c xem xt tt c cc tng!

Bad guys can put malware into hosts


69/82

via Internet Malware c th xm nhp my tnh tvirus, worm,

hoc trojan horse

Spyware malware c th ghi nhn bn phm, ving

Introduction 1-69

Cc my tnh b ly nhim c th c kt np vomt botnet, c s dng cho cc tn cng spamhoc DDoS.

Malware thng c kh nng t nhn bn (self-replicating): t mt my tnh b ly nhim, tm kim

cc my tnh khc ly nhim tip.

Bad guys can put malware into hosts


70/82

via Internet Trojan horse

Phn n ca mt vi phn

mm c ch. Hin ti: di dng cc

Active-X, plugin t cc

Worm: Gy ly nhim bng vic tn

cng vo cc l hng bo mt,ko cn ngi kch hot

T nhn bn: t ly lan chnh

Introduction 1-70

Virus Gy ly nhim nh vic

con ngi kch hot ngdng.

T nhn bn: t ly lanchnh n n cc file khctrong cng my

Sapphire Worm: aggregate scans/secin first 5 minutes of outbreak (CAIDA, UWisc data)

Bad guys can attack servers and


71/82

network infrastructure Tn cng t chi dch v (Denial of service -DoS): k

tn cng s dng mt s lung ln cc truy cp hp l

lm cn kit ti nguyn mng (Server, bng thng)1. Chn ch tn cng

Introduction 1-71

2. m n p c c m y

tnh khc t mng

3. Huy ng cc my tnh

b xm nhp, ng lotgi cc gi tin n myb tn cng

target

The bad guys can sniff packets


72/82

g y p

Packet sniffing: broadcast media (shared Ethernet, wireless)

promiscuous network interface reads/records allpackets (e.g., including passwords!) passing by

Introduction 1-72

A

B

C

src:B dest:A payload

Wireshark software used for end-of-chapterlabs is a (free) packet-sniffer

The bad guys can use false source


73/82

addresses IP spoofing:send packet with false source address

A C

Introduction 1-73

B

src: est: pay oa

The bad guys can record and


74/82

playback

record-and-playback: sniff sensitive info (e.g.,

password), and use later password holder isthat user from system point of

view

Introduction 1-74

A

B

C

src:B dest:A user: B; password: foo

Network Security


75/82

y

more throughout this course chapter 8: focus on security crypographic techniques: obvious uses and

not so obvious uses

Introduction 1-75

Chapter 1: roadmap


76/82

p p


end systems, access networks, links1.3 Network core

Introduction 1-76


1.4 Delay, loss and throughput in packet-switchednetworks1.5 Protocol layers, service models


Internet History


77/82

1961: Kleinrock - queueingtheory shows effectiveness

of packet-switching 1964: Baran - packet-

switching in military nets

1972: ARPAnet public demonstration NCP (Network Control Protocol)

first host-host protocol-

1961-1972: Early packet-switching principles

Introduction 1-77

1967:ARPAnet conceived

by Advanced ResearchProjects Agency

1969: first ARPAnet nodeoperational

ARPAnet has 15 nodes

Internet History


78/82

1970:ALOHAnet satellitenetwork in Hawaii

1974: Cerf and Kahn -architecture for interconnectingnetworks

Cerf and Kahns internetworkingprinciples:

minimalism, autonomy - nointernal changes required tointerconnect networks

best effort service model

1972-1980: Internetworking, new and proprietary nets

Introduction 1-78

ate70s: proprietary

architectures: DECnet, SNA,XNA

late 70s: switching fixed lengthpackets (ATM precursor)

1979:ARPAnet has 200 nodes

stateless routers decentralized control

define todays Internet architecture

Internet History


79/82

1983: deployment of

TCP/IP 1982: smtp e-mailprotocol defined

new national networks:

Csnet, BITnet, NSFnet,Minitel 100,000 hosts

1980-1990: new protocols, a proliferation of networks

Introduction 1-79

1983: DNS defined forname-to-IP-addresstranslation

1985: ftp protocol

defined 1988: TCP congestion

control

connected to

confederation ofnetworks

Internet History


80/82

Early 1990s:ARPAnetdecommissioned

1991: NSF lifts restrictions oncommercial use of NSFnet(decommissioned, 1995)

Late 1990s 2000s:

more killer apps: instantmessaging, P2P file sharing network security to forefront

1990, 2000s: commercialization, the Web, new apps

Introduction 1-80

early 1990s: Web hypertext [Bush 1945, Nelson

1960s] HTML, HTTP: Berners-Lee 1994: Mosaic, later Netscape late 1990s: commercialization

of the Web

es . m on os ,

million+ users backbone links running at

Gbps

Internet History


81/82

2007: ~500 million hosts

Voice, Video over IP P2P applications: BitTorrent

Introduction 1-81

,

PPLive (video) more applications: YouTube,

gaming wireless, mobility

Introduction: Summary


82/82

Covered a ton of material! Internet overview

whats a protocol? network edge, core, accessnetwork

You now have: context, overview,

feel of networking more depth, detail to

follow!

Introduction 1-82

packet-switching versus

circuit-switching Internet structure

performance: loss, delay,throughput

layering, service models security history

c1 1page per sheet

Documents