Questions Lesson 1-5
How does a router process advertisements?
1. Process begins when an LS update is received. a. Every Link State Advertisements (LSA) is unpacked, the OSPF protocol checks whether it is a new or a - duplicate LSA, compared to the link-state (LS) DB. - If it is a duplicate, it sends an LS ACK packet back immediately. - If it is new, it updates the LS DB, schedules a Shortest Path First (SPF) algorithm calculation and it determines which interface the LSA needs to be flooded out of. 2. Once the LS update packet has been processed, it prepares new LSAs updates into a new LS update packet and sends it to the next router. 3. After this, the SPF calculations are computed. 4. And finally the Forwarding Information Base (FIB) is updated. The information in the FIB is used to decide which outgoing interface card is the incoming packet forwarded to.
How does a TCP sender limit the sending rate?
A TCP sender cannot send faster than the slowest component, which is either the network or the receiving host. A sender uses ACKs as a pacing mechanism. TCP uses a congestion window which is similar to the receive window used for flow control. It represents the maximum number of unacknowledged data that a sending host can have in transit (sent but not yet acknowledged). TCP uses a probe-and-adapt approach in adapting the congestion window. Under regular conditions, TCP increases the congestion window trying to achieve the available throughput. Once it detects congestion then the congestion window is decreased. LastByteSent - LastByteAcked <= min{cwnd, rwnd} LastByteSent - LastByteAcked represents the number of unacknowledged data. cwnd represents the congestion window rwnd represents the receiver window.
What is a bridge, and how does it "learn"?
A bridge is a Layer2 device which forwards frames to the next node. When a bridge first receives a message, it sends it to all links to learn which are correct. These learned values are stored in a forwarding table. The bridge consults the forwarding table so that it only forwards frames on specific ports, rather than over all ports.
What are the basics of BGP?
A pair of routers, known as BGP peers, exchange routing information over a semi-permanent TCP port connection called a BGP session. To begin a BGP session a router will send an OPEN message to another router. Then the sending and receiving router will send each other announcements from their individual routing tables. A BGP session between a pair of routers in two different ASes is called external BGP (eBGP) session, and a BGP session between routers that belong to the same AS is called internal BGP (iBGP) session. Once a session is established between BGP peers, they exchange BGP messages to provide reachability information and enforce routing policies. We have two types of BGP messages: UPDATE Announcements: These messages advertise new routes and updates to existing routes. They include several standardized attributes. Withdrawals: These messages are sent when a previously announced route is removed. This could be due to some failure or a change in the routing policy. KEEPALIVE: These messages are exchanged to keep a current session going. BGP prefix reachability: In the BGP protocol, destinations are represented by IP Prefixes. Each prefix represents a subnet or a collection of subnets that an AS can reach. Gateway routers running eBGP advertise the IP Prefixes they can reach according to the AS's specific export policy to routers in neighboring ASes. Then, using separate iBGP sessions, the gateway routers disseminate these routes for external destinations, to other internal routers according to the AS's import policy. Internal routers run iBGP to propagate the external routes to other internal iBGP speaking routers. Path Attributes and BGP Routes In addition to the reachable IP prefix field, advertised BGP routes consist of a number of BGP attributes. Two notable attributes are AS-PATH and NEXT-HOP. AS-PATH. Each AS, as identified by the AS's autonomous system number (ASN), that the route passes through is included in the AS-PATH. This attribute is used to prevent loops and to choose between multiple routes to the same destination, the route with the shortest path. NEXT-HOP. This attribute refers to the IP address (interface) of the next-hop router along the path towards the destination. Internal routers use the field to store the IP address of the border router. Internal BGP routers will have to forward all traffic bound for external destinations through the border router. If there is more than one such router on the network and each advertises a path to the same external destination, NEXT-HOP allows the internal router to store in the forwarding table the best path according to the AS routing policy.
How does a router use the BGP decision process to choose which routes to import?
A router receives incoming BGP messages and processes them. It applies the import policies to exclude routes entirely from further consideration. Then the router implements the decision process to select the best routes that reflect the policy in place. The new selected routes are installed in the forwarding table. Finally, the router decides which neighbors to export the route to, by applying the export policy. The decision process is how the router compares routes, by going through the list of attributes in the route advertisements. For each attribute, it selects the route with the attribute value that will help apply the policy. If for a specific attribute, the values are the same, then it goes to the next attribute. Step Attribute Controlled by 1 Highest LocalPref local 2 Lowest AS path length neighbor 3 Lowest origin type neither 4 Lowest MED (Multi-Exit Discriminator) neighbor 5 eBGP-learned over iBGP-learned neither 6 Lowest IGP cost to border router local 7 Lowest router ID (to break ties) neither
What are sockets?
A socket is an endpoint for sending or receiving communication over a network. Sockets are the interface between the application and transport layers.
Describe the two types of multiplexing/demultiplexing.
A socket is one endpoint (IP address & port) of a two-way communication link between two programs running on the network. A socket is bound to a port number so that the TCP layer can identify the application that data is destined to be sent to. Connectionless (UDP): The identifier of a UDP socket is a two-tuple that consists of a destination IP address and a destination port number. The UDP headers of a transport-layer segment include the source port and the destination port (No IP address, that is used in the network layer). When multiplexing, a sender host takes a message from the application layer, appends the UDP headers (source port & destination port) to form a segment and forwards it to the network layer. This is encapsulation. When demultiplexing, the transport layer at the receiving host identifies the correct socket by looking at the destination port in the incoming segment. Note: the host will forward the segments to the same destination process via the same destination socket, even if the segments are coming from different source hosts and/or different source port numbers Connection oriented (TCP): The identifier of a TCP socket is a four-tuple that consists of the source IP address and port number, and the destination IP address and port number. The TCP headers of a transport-layer segment include the source port and the destination port (No IP address, that is used in the network layer), and other bits (like a special connection-establishment bit). A connection is first established before client & server exchange data.
What is Automatic Repeat Request or ARQ?
ARQ is a mechanism used in the transport layer to ensure reliability. If the sender has not received an acknowledgement from the remote host regarding a specific segment in a given period of time, it will automatically resend it.
Explain Additive Increase / Multiplicative Decrease (AIMD) in the context of TCP.
Additive Increase Linearly increases the number of packets sent until a packet is lost (timeout) The idea behind additive increase is to increase the window by one packet every RTT (Round Trip Time). So, in the additive increase part of the AIMD, every time the sending host successfully sends a cwnd number of packets it adds 1 packet to cwnd. Also, in practice, this increase in AIMD happens incrementally. TCP doesn't wait for ACKs of all the packets from the previous RTT. Instead, it increases the congestion window size as soon as each ACK arrives. In bytes, this increment is a portion of the MSS (Maximum Segment Size). Increment = MSS × (MSS / CongestionWindow) Multiplicative Decrease Cuts the congestion window in half after a packet is lost to reduce network congestion When the TCP sender detects that a timeout occurred, then it sets the CongestionWindow (cwnd) to half of its previous value. This decrease of the cwnd for each timeout corresponds to the "multiplicative decrease" part of AIMD. For example, suppose the cwnd is currently set to 16 packets. If a loss is detected, then cwnd is set to 8. Further losses would result to the cwnd to be reduced to 4 and then to 2 and then to 1. TCP Reno uses two types of packet loss detection as a signal of congestion. First is the triple duplicate ACKs and is considered to be mild congestion. In this case, the congestion window is reduced to half of the original congestion window. The second kind of congestion detection is timeout i.e. when no ACK is received within a specified amount of time. It is considered a more severe form of congestion, and the congestion window is reset to the Initial Window.
What are advantages and disadvantages of a layered architecture?
Advantages: Modularity Scalability Flexibility to add/delete components (allows for cost effective implementations) Disadvantages: Violation of the goal of layer separation Overhead costs/performance Duplication of functionality
Explain how TCP CUBIC works.
Aggressive scaleup, instead of Additive Increase, up to the previous Wmax where packet loss was experienced, then slows down, if no loss is experienced, it scales up again. TCP CUBIC is RTT-fair because the scaleup time is based on the time elapsed since the last loss event and instead of the usual ACK-based timer used in TCP Reno.
What is an AS?
An Autonomous System (AS) is a group of routers (including the links among them) that operate under the same administrative authority. Each AS implements its own set of policies, makes its own traffic engineering decisions and interconnection strategies, and also determines how the traffic leaves and enters the network. Examples of AS can be ISPs and CDNs.
What is a distributed algorithm?
An algorithm that runs over many systems at the same time. Wikipedia: "Distributed algorithms are a sub-type of parallel algorithm, typically executed concurrently, with separate parts of the algorithm being run simultaneously on independent processors, and having limited information about what the other parts of the algorithm are doing."
What is an example of a link state routing algorithm?
An example of a link state routing algorithm is Dijkstra's algorithm.
Describe each layer of the OSI model.
Application Protocols are specific to each use case (SMTP email, HTTP web). At the application layer, we refer to the packet of information as a message. Presentation The presentation layer plays the intermediate role of formatting the information that it receives from the layer below and delivering it to the application layer. For example, some functionalities of this layer are formatting a video stream or translating integers from big endian to little endian format Session The session layer is responsible for the mechanism that manages the different transport streams that belong to the same session between end-user application processes. For example, in the case of teleconference application, it is responsible to tie together the audio stream and the video stream Transport The transport layer is responsible for the end-to-end communication between end hosts. In this layer, there are two transport protocols, namely TCP and UDP. The services that TCP offers include: a connection-oriented service to the applications that are running on the layer above, guaranteed delivery of the application-layer messages, flow control which in a nutshell matches the sender's and receiver's speed, and a congestion-control mechanism, so that the sender slows its transmission rate when it perceives the network to be congested. On the other hand, the UDP protocol provides a connectionless best-effort service to the applications that are running in the layer above, without reliability, flow or congestion control. At the transport layer, we refer to the packet of information as a segment Network In this layer, we refer to the packet of information as a datagram. The network layer is responsible for moving datagrams from one Internet host to another. A source Internet host sends the segment along with the destination address, from the transport layer to the network layer. The network layer is responsible to deliver the datagram to the transport layer in the destination host. The protocols in the network layer are: 1) The IP Protocol, which we often refer to as "the glue" that binds the Internet together. All Internet hosts and devices that have a network layer must run the IP protocol. The IP protocol defines a) the fields in the datagram, and b) how the source/destination hosts and the intermediate routers use these fields, so the datagrams that a source Internet host sends reach their destination. 2) The routing protocols that determine the routes that the datagrams can take between sources and destinations. Data Link - moves frames from node to node (host/router/l2 switch). It provides link to link reliability Physical The physical layer facilitates the interaction with the actual hardware and is responsible for transferring bits within a frame between two nodes that are connected through a physical link. The protocols in this layer again depend on the link and on the actual transmission medium of the link. One of the main protocols in the data link layer, Ethernet, has different physical layer protocols for twisted-pair copper wire, coaxial cable, and single-mode fiber optics.
Provide examples of popular protocols at each layer of the five-layered Internet model.
Application - HTTP/SMTP/SMB/FTP/DNS Transport - TCP/UDP Network - IP Data Link - Ethernet/WIFI/PPP Physical - Link dependent. For example, twisted-pair copper wire or coaxial for Ethernet. Single mode fiber optics. DSL. See Chapter 1 in Kurose-Ross book.
What is end-to-end congestion control?
As opposed to the previous approach, the network here does not provide any explicit feedback about congestion to the end hosts. Instead, the hosts infer congestion from the network behavior and adapt the transmission rate. This largely aligns with the end-to-end principle adopted in the design of the networks
Explain TCP throughput calculation.
BW < MSS/RTT * 1/p BW == Bandwidth MSS == Maximum Segment Size RTT == Round Trip Time P == probability loss (the network delivers 1 out of every p consecutive packets followed by a single packet loss).
What is the purpose of the router's control plane?
By control plane functions we refer to: Implementing the routing protocols, Maintaining the routing tables, Computing the forwarding table All these functions are implemented in software in the routing processor, or these functions could be implemented by a remote controller.
What are the benefits of variable-stride versus fixed-stride multibit tries?
By varying the strides we could make our prefix database smaller, and optimize for memory. Some key points about fixed-stride trie: Every element in a trie represents two pieces of information: a pointer and a prefix value. The prefix search moves ahead with the preset length in n-bits (3 in this case) When the path is traced by a pointer, we remember the last matched prefix (if any). Our search ends when an empty pointer is met. At that time, we return the last matched prefix as our final prefix match. Some key points about variable stride: Every node can have a different number of bits to be explored The optimizations to the stride length for each node are all done in pursuit of saving trie memory and the least memory access An optimum variable stride is selected by using dynamic programming
What is congestion control?
Congestion control is a mechanism used to dynamically control the sender's transmission rate to avoid congestion in the network (longer queues, packet drops, etc.).
Convert between different prefix notations (dot-decimal, slash, and masking).
Dot decimal: e.g. of 16-bit prefix: 132.234 Slash notation: Standard notation: A/L (where A=Address, L=Length) e.g.: 132.238.0.0/16 Masking: We can use a mask instead of the prefix length. e.g.: The Prefix 123.234.0.0/16 is written as 123.234.0.0 with a mask 255.255.0.0
What is encapsulation, and how is it used in a layered model?
Each layer adds it own headers to the message when sending a message that will be used by the receiver
What is the main idea behind distance vector routing algorithm?
Each node maintains its own distance vector, with the costs to reach every other node in the network. The neighboring nodes exchange their distance vectors to update their own view of the network. The DV routing algorithm is: iterative (the algorithm iterates until the neighbors do not have new updates to send to each other) asynchronous (the algorithm does not require the nodes to be synchronized with each other) distributed (nodes send information to one another, calculations are not happening in a centralized manner). based on the Bellman Ford Algorithm.
Walk through an example of the distance vector algorithm.
Each node x updates its own distance vector using the Bellman Ford equation: Dx(y) = minv{c(x,v) + Dv(y)} for each destination node y in the network. A node x, computes the least cost to reach destination node y, by considering the options that it has to reach y through each of its neighbor v. So node x considers the cost to reach neighbor v, and then it adds the least cost from that neighbor v to the final destination y. It calculates that quantity over all neighbors v and it takes the minimum.
What are the goals of congestion control?
Efficiency. High throughput, or network utilization. Fairness. Each user should have its fair share (we will assume, equal bandwidth) of the network bandwidth. Low delay. High throughput (with large buffers) would lead to long queues in the network leading to delays. Applications that are sensitive to network delays such as video conferencing will suffer. Thus, we want the network delays to be small. Fast convergence. A flow should be able to converge to its fair allocation fast, so that even short flows will get their fair share of the network.
Explain a round in the EvoArch model.
EvoArch is a discrete-time model that is executed over rounds: Add random nodes in different layers Make connections to lower level nodes based on generality probability Update the node evolutionary values Remove nodes that fall below a certain threshold
How does an AS determine what rules to import/export?
Exporting Routes Deciding which routes to export is an important decision with business and financial implications. Advertising a route for a destination to a neighboring AS, means that this route may be selected by that AS and traffic will start to flow through. Deciding which routes to advertise is a policy decision and it is implemented through route filters; route filters are essentially rules that determine which routes an AS will allow to advertise to other neighboring ASes. Let's look at the different types of routes that an AS (let's call it X) decides whether to export: Routes learned from customers. These are the routes that X receives as advertisements from its customers. Since provider X is getting paid to provide reachability to a customer AS, it makes sense that X wants to advertise these customer routes to as many other neighboring ASes as possible. This will likely cause more traffic towards the customer (through X) and hence more revenue to X. Routes learned from providers. These are the routes that X receives as advertisements from its providers. Advertising these routes doesn't make sense, since X does not have the financial incentive to carry traffic for its provider's routes. These routes are withheld from X's peers and other X's providers, but they are advertised to X's customers. Routes learned from peers. These are routes that X receives as advertisements from its peers. It doesn't make sense for X to advertise to a provider A the routes that it receives from another provider B. Because in that case, these providers A and B are going to use X to reach the advertised destinations without X making revenue. The same is true for the routes that X learns from peers. Importing Routes Similarly as exporting, ASes are selective about which routes to import based, primarily, on which neighboring AS advertises them and what type of business relationship is established. An AS receives route advertisements from its customers, providers and peers. When an AS receives multiple route advertisements towards the same destination, from multiple ASes, then it needs to rank the routes before selecting which one to import. The routes that are preferred first are the customer routes, then the peer routes and finally the provider routes. The reasoning behind this ranking is that an AS wants to ensure that routes towards its customers do not traverse other ASes unnecessarily generating costs, uses routes learned from peers since these are usually "free" (under the peering agreement), and finally resorts to import routes learned from providers as these will add to costs.
What is fast retransmit?
Fast retransmit occurs when the sender retransmits a segment that has not yet timed out, but for which it has received 3 duplicate ACKs
Explain the Spanning Tree Algorithm.
Find the shortest path to the root for each node in a graph. In the initiation, each node tells all other nodes that it is the root. Each node takes all messages from surrounding nodes and decides the root and the path to root based on: Node ID - The root of the configuration has a smaller ID Distance to root node if the roots have equal IDs Both roots IDs are the same and the distances are the same, then the node breaks the tie by selecting the configuration of the sending node that has with the smallest ID In addition, a node stops sending configuration messages over a link (port), when the node receives a configuration message that indicates that it is not the root, e.g. when it receives a configuration message from a neighbor that: a) either closer to the root, or b) it has the same distance from the root, but it has a smaller ID.
What are the examples of a violation of e2e principle?
Firewalls are one example as they operate at lower levels (Network?) and can drop messages between hosts. Network Address Translation (NAT) is another example. A NAT will rewrite source/destination addresses from higher layers (Transport). They prevent direct communication between hosts
What is flow control and why do we need to control it?
Flow control is a mechanism used to dynamically control the sender's transmission rate based on the receivers' buffer availability (called receive window) to protect the receiver's buffer. This avoids overflowing the receiver's buffer.
What is a slow start in TCP?
For new connections, to speed up the increase of the congestion window, the source host starts by setting cwnd to 1 packet and doubles it (exponential growth) after each RTT (Round Trip Time) until it reaches a slow start threshold, after which it starts using AIMD. For example, When it receives the ACK for this packet, it adds 1 to the current cwnd and sends 2 packets. Now when it receives the ACK for these two packets, it adds 1 to cwnd for each of the ACK it receives and sends 4 packets
What is hot potato routing?
Hot potato routing is a technique/practice of choosing a path within the network, by choosing the closest egress point based on intra domain path cost (Interior Gateway Protocol/IGP cost). Hot potato routing simplifies computations for the routers as they are already aware of the IGP path costs. It makes sure that the path remains consistent, since the next router in the path will also choose to send the packet to the same egress point. Hot potato routing also effectively reduces the network's resource consumption by getting the traffic out as soon as possible.
What are the ramifications of the hourglass shape of the internet?
IPv4, TCP, and UDP provide a stable framework through which there is an ever-expanding set of protocols at the lower layers (physical and data-link layers), as well as new applications and services at the higher layers. But at the same time, these same protocols have been difficult to replace or even modify significantly. TCP/UDP have a lot of products that depend on them. This acts as a shield for IPv4 which has TCP and UDP as products
What are four reasons for IXPs' increased popularity?
IXPs are interconnection hubs handling large traffic volumes: For some large IXPs (mostly located in Europe), the daily traffic volume is comparable to the traffic volume handled by global Tier 1 ISPs. Important role in mitigating DDoS attacks: As IXPs have become increasingly popular interconnection hubs, they are able to observe the traffic to/from an increasing number of participant ASes. In this role, IXPs can play the role of a "shield" to mitigate DDoS attacks and stop the DDoS traffic before it hits a participant AS. "Real-world" infrastructures with a plethora of research opportunities: IXPs play an important role in today's Internet infrastructure. Studying this peering ecosystem, the end-to-end flow of network traffic, and the traffic that traverses these facilities can help us understand how the Internet landscape is changing. IXPs also provide an excellent "research playground" for multiple applications. Such as security applications. For example BGP blackholing for DDoS mitigation, or applications for Software Defined Networking. IXPs are active marketplaces and technology innovation hubs: IXPs are active marketplaces, especially in North America and Europe. They provide an expanding plethora of services that go beyond interconnection, for example DDoS mitigation, or SDN-based services. IXPs have been evolving from interconnection hubs to technology innovation hubs.
What is Go-back-N?
In Go-back-N, the receiver notifies the sender of a missing packet, by sending an ACK for the most recently received in-order packet. The sender would then send all packets from the most recently received in-order packet, even if some of them had been sent before. The receiver can simply discard any out-of-order received packets. A single packet error can cause a lot of unnecessary retransmissions. To address this, the sender can send at most N segments without waiting for acknowledgements, typically referred to as the window size. As it receives acknowledgement from the receiver, it is allowed to send more packets based on the window size.
What is CIDR, and why was it introduced?
In the earlier days of the Internet, we used an IP addressing model based on classes (fixed length prefixes). With the rapid exhaustion of IP addresses, in 1993, the Classless Internet Domain Routing (CIDR) came into effect. CIDR essentially assigns IP addresses using arbitrary-length prefixes. CIDR has helped to decrease the router table size but at the same time it introduced us to a new problem: longest-matching-prefix lookup.
Walk through an example of the link state routing algorithm.
Initialization step: We note that the algorithm starts with an initialization step, where we initialize all the currently known least-cost paths from u to its directly attached neighbors. We know these costs because they are the costs of the immediate links. For nodes in the network that are not directly attached to u, we initialize the cost path as infinity. We also initialize the set N' to include only the source node u. Iteration step: After the initialization step, the algorithm follows with a loop that is executed for every destination node v in the network. At each iteration, we look at the set of nodes that are not included in N', and we identify the node (say w) with the least cost path from the previous iteration. We add that node w into N'. For every neighbor v of w, we update D(v) with the new cost which is either the old cost from u to v (from the previous iteration) or the known least path cost from source node u to w, plus the cost from w to v, whichever between the two quantities is the minimum. The algorithm exits by returning the shortest paths, and their costs, from the source node u to every other node v in the network.
The switching fabric moves the packets from input to output ports. What are the functionalities performed by the input and output ports?
Input ports: The first function is to physically terminate the incoming links to the router. Second, the data link processing unit decapsulates the packets. Finally, the input ports perform the lookup function, they consult the forwarding table to ensure that each packet is forwarded to the appropriate output port through the switch fabric. Output ports: An important function of the output ports is to receive and queue the packets which come from the switching fabric and then send them over to the outgoing link.
What is an IXP?
Internet Exchange Points (IXPs) are physical infrastructures that provide the means for ASes to interconnect and directly exchange traffic with one another. The ASes that interconnect at an IXP are called participant ASes. The physical infrastructure of an IXP is usually a network of switches that are located either in the same physical location, or they can be distributed over a region or even at a global scale. Typically, the infrastructure has fully redundant switching fabric that provides fault-tolerance, and the equipment is usually located in facilities such as data centers to provide reliability, sufficient power and physical security. The exchange of routes across the IXP is via BGP only.
What is the EvoArch model?
It's an attempt to explain why some protocols survive and others die off. It can also be used to explain the staying power of older, suboptimal protocols. It looks at two things, the number of protocols in an upper layer that depend on a protocol and the amount of competition a protocol has in the same layer.
What are the bottlenecks that routers face, and why do they occur?
Longest prefix matching: As we have seen in previous topics, routers need to look up a packet's destination address to forward it. The increasing number of the Internet hosts and networks has made it impossible for routers to have explicit entries for all possible destinations. Instead routers group destinations into prefixes. But then, routers run into the problem of more complex algorithms for efficient longest prefix matching. Service differentiation. Routers are also able to offer service differentiation which means different quality of service (or security guarantees) to different packets. In turn, this requires the routers to classify packets based on more complex criteria that go beyond destination and they can include source or applications/services that the packet is associated with. Switching limitations. As we have seen, a fundamental operation of routers is to switch packets from input ports to output ports. A way to deal with high-speed traffic is to use parallelism by using crossbar switching. But at high speeds, this comes with its own problems and limitations (e.g. head of line blocking). Bottlenecks about services. Providing performance guarantees (quality of service) at high speeds is nontrivial. As is providing support for new services such as measurements and security guarantees.
What are 2 main challenges with BGP? Why?
Misconfiguration and faults. A possible misconfiguration or an error can result in an excessively large number of updates which in turn can result in route instability, router processor and memory overloading, outages, and router failures Solutions: One way the risk can be reduced is by limiting the routing table size and also by limiting the number of route changes. An AS can limit the routing table size using filtering. Filter specific routes to encourage route aggregation. Limit the number of prefixes advertised from a single source on a per-session basis. Configure default routes into their forwarding tables. Using route aggregation & exporting less specific prefixes where possible. The other way is to limit the number of routing changes, specifically the propagation of unstable routes, by using a mechanism known as flap damping. An AS will track the number of updates to a specific prefix over a certain amount of time. If the tracked value reaches a configurable value, the AS can suppress that route until a later time. Because this can affect reachability, an AS can be strategic about how it uses this technique for certain prefixes. For example, more specific prefixes could be more aggressively suppressed (lower thresholds), while routes to known destinations that require high availability could be allowed higher thresholds.
Is TCP fair in the case where two connections have different RTTs? Explain.
No, because the connections with the smaller RTT will be adjusting its congestion windows faster, because it relies on received ACKs.
What is the Open Shortest Path First (OSPF) protocol?
Open Shortest Path First (OSPF) is a routing protocol which uses a link state routing algorithm to find the best path between the source and the destination router. OSPF was introduced as an advancement of the RIP Protocol. Include authentication of messages exchanged between routers, the option to use multiple same cost paths, and support for hierarchy within a single routing domain. Hierarchy An OSPF autonomous system can be configured hierarchically into areas. Each area runs its own OSPF link-state routing algorithm, with each router in an area broadcasting its link state to all other routers in that area. Within each area, one or more area border routers are responsible for routing packets outside the area. Exactly one OSPF area in the AS is configured to be the backbone area. The primary role of the backbone area is to route traffic between the other areas in the AS. The backbone always contains all area border routers in the AS and may contain non-border routers as well. For packet routing between two different areas, it is required that the packet be sent through an area border router, through the backbone and then to the area border router within the destination area, before finally reaching the destination. Operation First, a graph (topological map) of the entire AS is constructed. Then, considering itself as the root node, each router computes the shortest-path tree to all subnets, by running Djikstra's algorithm locally. The link costs have been pre-configured by a network administrator. The administrator has a variety of choices while configuring the link costs. For instance, he may choose to set them to be inversely proportional to link capacity, or set them all to one. Given set of link weights, OSPF provides the mechanisms for determining least-cost path routing. Whenever there is a change in a link's state, the router broadcasts routing information to all other routers in the AS, not just to its neighboring routers. It also broadcasts a link's state periodically even if its state hasn't changed. Link State Advertisements Every router within a domain that operates on OSPF uses Link State Advertisements (LSAs). LSA communicates the router's local routing topology to all other local routers in the same OSPF area. In practice, LSA is used for building a database (called the link state database) containing all the link states. LSAs are typically flooded to every router in the domain. This helps form a consistent network topology view. Any change in the topology requires corresponding changes in LSAs.
What were originally the design goals of BGP? What was considered later?
Original design goals of the BGP protocol: Scalability: Manage the complications of the internet growth, while achieving convergence in reasonable timescales and providing loop-free paths. Express routing policies: BGP has defined route attributes that allow ASes to implement policies (which routes to import and export), through route filtering and route ranking. Each ASes routing decisions can be kept confidential, and each AS can implement them independently of one another. Allow cooperation among ASes: Each individual AS can make local decisions (which routes to import & export) while keeping these decisions confidential from other ASes. Later considerations: Security: was not included in the original design goals for BGP. But as the complexity and size of the Internet has been increasing, so is the need to provide security measures. We notice an increasing need for protection against malicious attacks, misconfigurations or faults, but also their early detection. These solutions have not been widely deployed or adopted due to multiple reasons that include difficulties to transition to new protocols and lack of incentives.
What kind of relationship does AS have with other parties?
Prevalent forms of business relationships between ASes: Provider-Customer relationship (or transit): This relationship is based on a financial settlement which determines how much the customer will pay the provider, so the provider forwards the customer's traffic to destinations found in the provider's routing table (including the opposite direction of the traffic as well). Peering relationship: In a peering relationship, two ASes share access to a subset of each other's routing tables. The routes that are shared between two peers are often restricted to the respective customers of each one. The agreement holds provided that the traffic exchanged between the two peers is not highly asymmetric. Note: Peering relationships are formed between Tier-1 ISPs but also between smaller ISPs. In the case of Tier-1 ISPs, the two peers need to be of similar size and handle similar amounts of traffic. Otherwise, the larger ISP would lack the incentive to enter a peering relationship with a smaller size ISP. In the case of peering between two smaller size ISPs, the incentive they both have is to save the money they would pay their providers by directly forwarding to each other their traffic, provided that there is a significant amount of traffic that is destined for each other (or each other's customers). While peering allows networks to get their traffic forwarded without cost, provider ASes have a financial incentive to forward as much of their customers' traffic as possible. One major factor that determines a provider's revenue is the data rate of an interconnection. A provider usually charges in one of two ways: Based on a fixed price given that the bandwidth used is within a predefined range. Based on the bandwidth used. The bandwidth usage is calculated based on periodic measurements, e.g., on five min intervals. The provider then charges by taking the 95th percentile of the distribution of the measurements.
Which services do IXPs provide?
Public peering: The most well-known use of IXPs is public peering service - in which two networks use the IXP's network infrastructure to establish a connection to exchange traffic based on their bilateral relations and traffic requirements. The costs required to set up this connection are - one-time cost for establishing the connection, monthly charge for using the chosen IXP port (those with higher speeds are more expensive) and perhaps an annual fee of membership in the entity owning and operating the IXP. However, the IXPs do not usually charge based on the amount of exchanged volume. They also do not usually interfere with bilateral relations between the participants unless there is a violation of the GTC. Even with the set-up costs, IXPs are usually cheaper than other conventional methods of exchanging traffic (such as relying on third parties which charge based on the volume of exchanged traffic). IXP participants also often experience better network performance and QoS because of reduced delays and routing efficiencies. In addition, many companies that are major players in the Internet space (such as Google) incentivize other networks to connect at IXPs by making it a requirement to peer with them. Private peering: Most operational IXPs also provide a private peering service (Private Interconnects - PIs) that allow direct traffic exchange between two parties of a PI and don't use the IXP's public peering infrastructure. This is commonly used when the participants want a well-provisioned dedicated link capable of handling high-volume, bidirectional and relatively stable traffic. Route servers and Service level agreements: Many IXPs also include service level agreements (SLAs) and free use of the IXP's route servers for participants. This allows participants to arrange instant peering with a large number of co-located participant networks using essentially a single agreement/BGP session. Remote peering through resellers: Another popular service is IXP reseller/partner programs. This allows third parties to resell IXP ports wherever they have infrastructure connected to the IXP. These third parties are allowed to offer the IXP's service remotely, which allows networks that have little traffic to also use the IXP. This also enables remote peering - networks in distant geographic areas can use the IXP. Mobile peering: Some IXPs also provide support for mobile peering - a scalable solution for interconnection of mobile GPRS/3G networks. DDoS blackholing: A few IXPs provide support for customer-triggered blackholing, which allows users to alleviate the effects of DDoS attacks against their network. Free value-added services: In the interest of 'good of the Internet', a few IXPs such as Scandinavian IXP Netnod offer free value-added services like Internet Routing Registry (IRR), consumer broadband speed tests9, DNS root name servers, country-code top-level domain (ccTLD) nameservers, as well as distribution of the official local time through NTP.
Repeaters, hubs, bridges, routers operate on which layers?
Repeaters - Layer 1 (Physical) Hubs - Layer 1 (Physical) Bridges - Layer 2 (Data link) Routers - Layer 3 (Network)
What Is a packet for the transport layer called?
Segment
Explain the TCP connection teardown.
Step 1: Client sends special segment with no data: FIN = 1 Step 2: Server acknowledges the connection closes request: ACK Step 3: Server sends segment to indicate the connection is closed: FIN = 1 Step 4: Client sends acknowledgement to server - And another one some time later in case it is lost: ACK
Explain the TCP Three-way Handshake.
Step 1: TCP Client sends special segment with no data - connection-request: SYN = 1 seq = client_seq (Client initial sequence number, random value) Step 2: Server sends back a special "connection-granted" segment called SYNACK - and allocates buffer & resources: SYN = 1 ack = client_seq + 1 seq = server_seq (Server initial sequence number, random value) Step 3: Client (receives SYNACK segment) sends acknowledgement and allocates buffer & resources: SYN bit set to 0 ack = server_seq + 1 seq = client_seq + 1
What is the Routing Information Protocol (RIP)?
The Routing Information Protocol (RIP) is based on the Distance Vector protocol. The metric for choosing a path could be shortest distance, lowest cost or a load-balanced path. Routing updates between neighbors are done periodically, using RIP advertisements which contain information about sender's distances to destination subnets. Each router maintains a routing table, which contains its own distance vector as well as the router's forwarding table. A routing table has three columns: 1. destination subnet, 2. identification of the next router along the shortest path to the destination, 3. number of hops to get to the destination along the shortest path. A routing table will have one row for each subnet in the AS (administrative space). If a router does not hear from its neighbor at least once every 180 seconds, that neighbor is considered to be no longer reachable (broken link). Routers send request and response messages over UDP, using port number 520, which is layered on top of network-layer IP protocol. RIP is actually implemented as an application-level process. Some of the challenges with RIP include updating routes, reducing convergence time, and avoiding loops/count-to-infinity problems.
What are the differences and similarities of the OSI model and five-layer Internet model?
The application + presentation + session layer of OSI are the same as the application layer in the Internet model. Everything else is the same.
Describe the relationship between ISPs, IXPs, and CDNs.
The basis of the internet ecosystem includes Internet Service Providers (ISPs), Internet Exchange Points (IXPs), and Content Delivery Networks (CDNs). ISPs can be categorized into three tiers or types: access ISPs (or Tier-3), regional ISPs (or Tier-2) and large global scale ISPs (or Tier-1). Tier-1 ISPs operate at a global scale, and essentially form the "backbone" network over which smaller networks can connect, regional ISPs connect to Tier-1 ISPs, and smaller access ISPs connect to regional ISPs. IXPs are interconnection infrastructures, which provide the physical infrastructure, where multiple networks (e.g. ISPs and CDNs) can interconnect and exchange traffic locally. As of 2019, there are approximately 500 IXPs around the world. CDNs are networks that are created by content providers with the goal of having greater control of how the content is delivered to the end-users, and also to reduce connectivity costs. Some example CDNs include Google and Netflix. This ecosystem we just described, forms a hierarchical structure. There is competition at every level of the hierarchy. But, at the same time, competing ISPs need to cooperate to provide global connectivity to their respective customer networks. ISPs deploy multiple interconnection strategies depending on the number of customers in their network and also the geographical location of these networks.
What is BGP?
The border routers of the ASes use the Border Gateway Protocol (BGP) to exchange routing information with one another. In contrast, the Internal Gateway Protocols (IGPs), operate within an AS and they are focused on "optimizing a path metric" within that network. Example IGPs include Open Shortest Paths First (OSPF), Intermediate System - Intermediate System (IS-IS), Routing Information Protocol (RIP), E-IGRP.
What is the computational complexity of the link state routing algorithm?
The complexity of the algorithm is in the order of n squared O(n^2). The algorithm searches through n (n+1) / 2 nodes.
When does the count-to-infinity problem occur in the distance vector algorithm?
The count-to-infinity problem occurs in the distance vector algorithm when the cost of a link increases and two nodes think they can get to a third node through each other based on their previous outdated costs. This link cost change took a long time to propagate among the nodes of the network
What are two fundamental problems involving routers, and what causes these problems?
The fundamental problems that a router faces revolve around: Bandwidth and Internet population scaling: These scaling issues are caused by: An increasing number of devices that connect to the Internet, Increasing volumes of network traffic due to new applications, and New technologies such as optical links that can accommodate higher volumes of traffic. Services at high speeds: New applications require services such as protection against delays in presence of congestion, and protection during attacks or failures. But offering these services at very high speeds is a challenge for routers.
What is the main idea behind link state routing algorithm?
The link state routing algorithm looks to determine the shortest paths (determined by the link costs) between a source node and all other nodes in the network. The link costs and the network topology are known to all nodes.
What are the basic components of a router?
The main components of a router are: the input/output ports, the switching fabric, the routing processor.
What tasks occur in a router?
The most time-sensitive tasks: lookup, switching, and scheduling. Lookup: When a packet arrives at the input link, the router looks at the destination IP address and determines the output link by looking at the forwarding table (or Forwarding Information Base or FIB). The FIB provides a mapping between destination prefixes and output links. Switching: After lookup, the switching system takes over to transfer the packet from the input link to the output link. Modern fast routers use crossbar switches for this task. Though scheduling the switch (matching available inputs with outputs) is a difficult task because multiple inputs may want to send packets to the same output. Queuing: After the packet has been switched to a specific output, it will need to be queued (if the link is congested). The queue may be as simple as First-In-First-Out (FIFO) or it may be more complex (e.g. weighted fair queuing) to provide delay guarantees or fair bandwidth allocation. Now, let's look at some less time-sensitive tasks that take place in the router. Header validation and checksum: The router checks the packet's version number, it decrements the time-to-live (TTL) field, and also it recalculates the header checksum. Route processing: The routers build their forwarding tables using routing protocols such as RIP, OSPF, and BGP. These protocols are implemented in the routing processors. Protocol Processing: The routers, in order to implement their functions, need to implement the following protocols: a) The simple network management protocol (SNMP) that provides a set of counters for remote inspection, b) TCP and UDP for remote communication with the router, c) Internet control message protocol (ICMP), for sending error messages, eg when time to live time is exceeded.
What is the end-to-end(e2e) principle?
The principle states that since certain functionality (error detection for example) must be implemented on an end-to-end basis: "functions at the lower levels may be redundant or of little value when compared to the cost of providing them at the higher level." Intelligence and application level features are left to the hosts. This includes things like processing messages and blocking requests. The core of the network (levels 1-3) is very simple. Application level features should not exist in lower layers
What is multiplexing, and why is it necessary?
The sending host will need to gather data from different applications (through different ports), and encapsulate each data chunk with header information (that will later be used in demultiplexing) to create segments, and then forward the segments to the network layer. We refer to this job as multiplexing Multiplexing is the functionality by which multiple applications in the same host can use the network simultaneously. It is provided by the transport layer. Multiplexing is needed to route the traffic coming into the host to the correct application (via sockets). Multiplexing uses sockets (transport protocol, IP address, port) to identify which application (on the local host) is listening to which remote application.
What is Stop and Wait ARQ?
The simplest way to implement ARQ, the sender sends a packet and waits for its acknowledgement from the receiver. The trick is to determine the timeout, too small and you have too many retransmissions, too large, and you add delays. Has a low performance.
List and briefly describe each type of switching. Which, if any, can send multiple packets across the fabric in parallel?
The switching fabric moves the packets from input to output ports, and it makes the connections between the input and the output ports. There are three types of switching fabrics: Memory Input/Output ports operate as I/O devices in an operating system, and they are controlled by the routing processor. When an input port receives a packet, it sends an interrupt to the routing processor and the packet is copied to the processor's memory. Then the processor extracts the destination address and looks into the forward table to find the output port, and finally the packet is copied into that output's port buffer. Bus In this case, the routing processor does not intervene as we saw the switching via memory. When an input port receives a new packet, it puts an internal header that designates the output port, and it sends the packet to the shared bus. Then all the output ports will receive the packet, but only the designated one will keep it. When the packet arrives at the designated output port, then the internal header is removed from the packet. Only one packet can cross the bus at a given time, and so the speed of the bus limits the speed of the router. Crossbar (interconnection network) A crossbar switch is an interconnection network that connects N input ports to N output ports using 2N buses. Horizontal buses meet the vertical buses at crosspoints which are controlled by the switching fabric. Crossbar networks can carry multiple packets at the same time, as long as they are using different input and output ports.
What does the transport layer provide?
The transport layer provides an end-to-end connection between two applications that are running on different hosts (on the same or different networks).
How does poison reverse solve the count-to-infinity problem?
The way it works is that a node a, that uses node b to get a node c, will tell node b that the cost for its path to node c is infinity (Da(c)=infinity). Node b assumes that node a has no path to node c except through node b, so it will never send packets to node c via node a. Poison reverse helps prevent the count-to-infinity problem only for 2 nodes, it does not solve a general count to infinity involving 3 or more nodes that are not directly connected.
Name 4 takeaway observations around network traffic characteristics. Explain their consequences.
These challenges revolve around lookup speed, memory, and update time: Measurement studies on network traffic had shown a large number (in the order of hundred thousands, 250,000 according to a measurement study in the earlier days of the Internet) of concurrent flows of short duration. This already large number has only been increasing. This has a consequence that a caching solution would not work efficiently. The important element while performing any lookup operation is how fast it is done (lookup speed). A large part of the cost of computation for lookup is accessing memory. An unstable routing protocol may adversely impact the update time in the table: add, delete or replace a prefix. Inefficient routing protocols increase this value up to additional milliseconds. An important trade-off is memory usage. We have the option to use expensive fast memory (cache in software, SRAM in hardware) or cheaper but slower memory (e.g., DRAM, SDRAM).
Explain the forwarding (or switching) function of a router.
This is the router's action to transfer a packet from an input link interface to the appropriate output link interface. Forwarding is typically implemented in hardware.
How does a host infer congestion?
Through packet delay. As networks congest, queues in the router buffers build up. As packet round trip times increase (estimated based on ACKs) can be an indicator of congestion in the network, but packet delays tend to be variable, so it is not an straight forward indicator. Through packet loss. As the network congests, routers start dropping packets. Packets can be lost due to other reasons such as routing errors, hardware failure, TTL expiry, error in the links, or flow control problems. Early implementations of TCP used packet loss as a signal for congestion.
How does a route server work?
To handle the volume of BGP sessions, IXP replaces bilateral BGP sessions (two-way BGP sessions between two ASes) with a multilateral BGP peering session using a Route Server (RS). A Route Server (RS) Collects and shares routing information from its peers or participants that connects with Executes its own BGP decision process and also re-advertise the resulting information (I.e. best route selection) to all RS's peer routers. A typical routing daemon maintains a Routing Information Base (RIB) which contains all BGP paths that it receives from its peers - the Master RIB. The router server also maintains AS-specific RIBs to keep track of the individual BGP sessions they maintain with each participant AS. RSes maintain two types of route filters: a) Import filters are applied to ensure that each member AS only advertises routes that it should advertise, b) Export filters which are typically triggered by the IXP members themselves to restrict the set of other IXP member ASes that receive their routes. Example steps: In the first step, AS X advertises a prefix p1 to the RS which is added to the route server's AS X specific RIB. The route server uses the peer-specific import filter, to check whether AS X is allowed to advertise p1. If it passes the filter, the prefix p1 is added to the Master RIB. The route server applies the peer-specific export filter to check if AS X allows AS Z to receive p1, and if true it adds that route to the AS Z-specific RIB. Now, RS advertises p1 to AS Z with AS X as the next hop.
What is the purpose of the Spanning Tree Algorithm?
To remove loops from a graph and provide the shortest path from each node to the root node. Removing loops prevents broadcast storms
What is transmission control and why do we need to control it?
Transmission control is a mechanism in the transport layer to control the transmission rate. It is used to determine and adapt the transmission rate given the changing host and network conditions. UDP lets the application developers implement the mechanisms for transmission control, while TCP handles it for the user, and deals with issues like fairness in using the network.
What are the differences between UDP and TCP?
UDP Connectionless (no three way handshake), Unreliable (Best effort, no delivery guarantee, no congestion control). Provides very basic functionality and relies on the application-layer to implement the remaining. Offers less delays and better control over sending data. No congestion control or similar mechanisms No connection management overhead The UDP header is 64 bits long, composed of: Source port, destination port Length (of UDP segment, header + data) Checksum (1s complement of the sum of: source port, destination port, length and application data). TCP Connection oriented Reliable (TCP guarantees an in-order delivery of the application-layer data without any loss or corruption), flow control, congestion control.Provides some strong primitives with a goal to make end-to-end communication more reliable and cost-effective.
When would an application layer protocol choose UDP over TCP?
UDP Highest throughput, more control when sending data, for applications more sensitive to delays, but can handle data loss. Ex. App layer protocols: NFS, SNMP, RIP, DNS, streaming data, internet telephony TCP Delivery guarantee Ex. App layer protocols: SMTP, HTTP, FTP, streaming data, internet telephony
Why do we need multibit tries?
Unibit trie requires a large number of memory accesses for lookup.
What are the two main protocols within the transport layer?
User datagram protocol (UDP) Transmission Control Protocol (TCP)
What is prefix expansion, and why is it needed?
We expand a given prefix to more prefixes. We ensure that the expanded prefix is a multiple of the chosen stride length. At the same time we remove all lengths that are not multiples of the chosen stride length. We end up with a new database of prefixes, which may be larger (in terms of actual number of prefixes) but with fewer lengths. So, the expansion gives us more speed with an increased cost of the database size. When we expand our prefixes, there may be a collision, i.e. when an expanded prefix collides with an existing prefix. In that case the expanded prefix gets dropped.
What is the difference between forwarding and routing?
We refer to forwarding as the action of transferring a packet from an incoming link to an outgoing link within a single router. By routing we refer to how routers work together using routing protocols to determine the good paths over which the packets travel from the source to the destination node.
What is network-assisted congestion control?
We rely on the network layer to provide explicit feedback to the sender about congestion in the network. For instance, routers could use ICMP source quench to notify the source that the network is congested. However, under severe congestion, even the ICMP packets could be lost, rendering the network feedback ineffective
Is TCP fair in the case where two connections have the same RTT? Explain.
Yes, because both connections will be adjusting their congestion windows at a similar pace.
What is the difference between iBGP and eBGP?
iBGP & eBGP protocols are used to disseminate routes for external destinations. eBGP is used for sessions between border routers of neighboring ASes and iBGP is used for sessions between internal routers of the same AS. The eBGP speaking routers learn routes to external prefixes and they disseminate them to all routers within the AS. This dissemination is happening with iBGP sessions. The dissemination of routes within the AS is done by establishing a full mesh of iBGP sessions between the internal routers. Each eBGP speaking router has an iBGP session with every other BGP router in the AS, so that it can send updates about the routes it learns (over eBGP)
What is the difference between iBGP and IGP-like protocols (RIP or OSPF)?
iBGP is not another IGP-like protocol (e.g. RIP or OSPF). IGP-like protocols are used to establish paths between the internal routers of an AS based on specific costs within the AS. In contrast, iBGP is only used to disseminate external routes within the AS.
