CS6035 Final Review - Summer 2016

Logging benefits/challenges

Benefit - Can see source of malicious activity Challenge - Deciding what to log and what not to log

Describe BGP routing protocol. Relate it to the DV and LS algorithms.

Border Gateway Protocol Description: Used for very large-scale networks Algorithm: Distance Vector Domain: Inter-domain

Explain intra-domain vs inter-domain.

Intra-domain: Within the autonomous system Inter-domain: Across multiple autonomous systems

What features does TCP provide?

Guarantees delivery and is sent as a stream of packets.

Firewall benefits/challenges

Benefit - Takes advantage of NAT infrastructure Challenge - Only examines individual packets (no context)

What are the types of errors that we handle in ARQ protocols and how do we handle them?

Bit Errors - Checksum Lost Packets - ACK will not be sent Out of Order Packets - Detect wrong sequence number, do not send ACK Delayed Packets - Timeout on client side, no ACK from server Duplicate Packets - Only take in first of a sequence number's packets

Describe layer 4 of the protocol layering model. Name it, describe the service provided and where it is commonly implemented. Give examples.

Name: Transport Service: Provides means of transporting datagrams from source to destination with some guarantee of reliability and quality of service Implemented in: Kernelspace Examples: TCP, UDP

How is flow control implemented in TCP?

Sliding window

Explain domain based routing.

When we break up large networks into multiple autonomous systems in order to avoid so many collisions and time populating routing tables.

What is the service provided by IP?

Addressing - Provides an unreliable, connectionless datagram delivery service. Uses unique host and destination addresses to deliver packets. Fragmenting - IP chunks up the datagram into smaller pieces so that whatever link/physical layer it is transmitting through can fit it. Routing - Find a path from a source to a destination through nodes.

Encryption benefits/challenges?

Benefits - Obfuscates sensitive data Challenge - Adds computation cost

Explain circuit switching vs. packet switching. What are the tradeoffs?

In circuit switching, there are dedicated lines between each sender and receiver. Think about how old phone lines used to work with operators at switchboards. In packet switching, there are shared lines with data that gets sent as packets. Circuit switching provides high bandwidth, guaranteed maximum delivery delay, and is more reliable. However, it ties up network resources and is expensive Packet switching allows for multiple senders to share the same line by interleaving packets. This allows for sharing of line capacity, and is more simple/efficient to implement. However, there are issues with with packets like in-order delivery and best-effort delivery.

What is flow control and what specific problem does it address?

The ability to control how much data is sent to a receiver. It solves the problem of overflow on the receiver's side.

Describe "a day in the life of a DNS request". Explain the role of the various types of servers (e.g. local, caching, authoritative, root, TLD)

1. Computer queries the name server it is set up to use. 2. If the name isn't already known, then get the name servers for the ".com" domains. 3. Go to those and ask for the "abc.com" name servers. 4. Go to those and ask for "www.abc.com", and finally return that IP to the original requester.

What types of security threats do we face in networking?

1. Loss of sensitive data - Personal information 2. Loss of resources - DOS attacks, stealing compute cycles 3. Loss of identity - end-point authentication

Explain how DNS can be used as a part of load balancing for application servers.

1. Round Robin - You can respond to DNS requests with different IPs running identical services. 2. Find the closest geographical IP address and provide that to the request.

What is ARP? How does it operate in the context of the 3 different interconnection devices.

Address Resolution Protocol translates between the network layer (3) and the link layer (2) by taking an IP address and giving back the MAC address. Hub: Sent as bits to all devices on subnet Switch: Sent as frame to all devices on subnet Router: It responds with its own MAC to any ARP requests.

Alerting benefits/challenges

Benefit - Be notified of an attack Challenge - Requires systems in place for detecting threats

Intrusion Prevention System (IPS) benefits/challenges

Benefit - Detects and responds to potential threats that firewalls may ignore Challenge - Can be too proactive. Can't keep up with network speed. Potential false-positives

Intrusion Detection System (IDS) benefits/challenges

Benefit - Detects potential threats that the firewall may ignore. Challenge - Can't keep up with network speed.

Multifactor Authentication benefits/challenges

Benefits - No single vulnerability point Challenge - Can be lost or stolen, which locks the user out.

How does CSMA/CA differ from CSMA/CD? Where is it used and why?

CSMA/CD: Random backoff if signal is detected. Send when it is not, and if signal comes through while transmitting then abort. Low utilization networks where the hardware can detect transmission signals (ethernet). CSMA/CA: Random backoff until channel is open, send, and wait for ACK. If sender times out, then there was corruption and you have to resend. Used in WiFi networks where it isn't possible to detect all the collisions.

How does CSMA/CD work? What are the limitations? Why is it more popular than scheduled approaches?

Carrier Sense Multiple Access/Collision Detection Check if there is anything currently transmitting. If no, then transmit. If nothing is detected for the entire send, then it was successful. If not, then abort the transaction. Limitation: Utilization decreases when the channel is being used by many adapters. Hidden terminal problem. More Popular: If the channel is not being utilized, I don't have to wait my turn and can just broadcast.

List and briefly describe the function of sockets calls needed for TCP client and server.

Client: - Socket - Create a new socket - Bind - Attach to a port - Connect - Request a connection to a server - Send - Send datagram - Recv - Receive datagram Server: - Socket - Create a new socket - Bind - Attach to a port - Listen - Detect incoming connections - Accept - Accept an incoming connection - Send - Send a datagram - Recv - Receive a datagram

List and briefly describe the function of sockets calls needed for UDP client and server.

Client: - Socket - Create a new socket - Sendto - Send data to a specific IP and port Server: - Socket - Create a new socket - Recvfrom - Return the data segment and IP/port - Bind - Attach to a specific port

What is ICMP? What role does it play? Explain how it is used to implement popular network tools like ping and traceroute.

Definition: Used by hosts and routers to communicate network-layer information to each other. Role: Error reporting Ping: Sends an ICMP type 8 code 0 message to a host, which sends one back Traceroute: Sends a bad UDP packet with increasing TTL to the destination, continually increasing the TTL until you actually reach the host

Explain Distance Vector vs Link State routing algorithms. What are the differences in terms of capabilities and complexity?

Distance Vector: Each node only knows about its neighbors - Could result in infinite routing loops - Nodes could broadcast incorrect link cost Link State: Each node knows entire network - Can't work on large networks

What is DNS? What purpose does it serve?

Domain Name System provides the IP address of a given domain name.

What is DHCP? How does it operate in the context of the 3 different interconnection devices.

Dynamic Host Configuration Protocol automatically assigns IP addresses to hosts. Host sends a discover, DHCP server offers an address, host requests that address, DHCP ACKs that it has been provided. Hub/Switch: Just forward the data to other nodes Router: Might have to forward to another network

What is congestion control and what problem does it address?

Ensuring that you don't send so much data that it clogs up the network. It solves the problem of decreased network performance with more packets being pushed onto the wire than it can handle.

Explain the difference between a hub (repeater), a switch, and a router in the context of collision and broadcast domains.

Hub: Layer 1 device that takes in bits and outputs them. Same collision and broadcast domain. Switch: Layer 2 device that forwards frames to other subnets. Different collision domain, same broadcast domain. Router: Layer 3 device that forwards IP datagrams. Different collision domains, different broadcast domains.

How is congestion control implemented in TCP?

Increase number of packets being sent until some get lost due to congestion, then you know you are at full capacity

How are IPv4 addresses allocated? Why are they allocated this way?

Internet assigned numbers authority provides a block of addresses to a regional internet registry, who then breaks up that block and assigns it to ISPs or local registries, who then assign IP addresses to devices. Devices then use NAT to give all devices behind their IP address a non-globally-unique address.

What is the difference between MAC and LLC sublayers of the Datalink layer?

LLC: Logic link control layer. In layer 2. Handles multiplexing to layer 3 and connections. MAC: Media Access Control. Handles reliability, framing, and error checking in layer 2. Tells host when to transmit packets to resolve or avoid collisions.

Describe layer 5 of the protocol layering model. Name it, describe the service provided and where it is commonly implemented. Give examples.

Name: Application Service: Provides an independent platform for applications to exchange data Implemented in: Userspace Examples: DNS, POP, IMAP, SMTP, FTP, DHCP

Describe layer 2 of the protocol layering model. Name it, describe the service provided and where it is commonly implemented. Give examples.

Name: Datalink Service: Node-to-node data transfer via a reliable link. Reliable by detecting and possibly correcting errors in layer 1 (physical layer) Implemented in: Hardware Examples: Ethernet, WiFi

Describe layer 3 of the protocol layering model. Name it, describe the service provided and where it is commonly implemented. Give examples.

Name: Network Service: Provides means of transferring datagrams with no guarantee of reliability Implemented in: Kernelspace Examples: IPv4, IPv6, IPSec

Describe layer 1 of the protocol layering model. Name it, describe the service provided and where it is commonly implemented. Give examples.

Name: Physical Layer Service: Electrical and physical specs of communication Implemented in: Hardware Examples: COAX, USB, DSL

What is NAT? What problem does it solve and how does it do it? What problems does it create for network administration?

Network Address Translation is the solution to running out of IPv4 addresses. We give one IP address to the public-facing router, and then assign a slew of non-globally-unique addresses to all devices hooked up to the router. It creates the problem of being very complex, and also decreases performance since there is a large amount of mapping going on behind the scenes.

Describe OSPF routing protocol. Relate it to the DV and LS algorithms.

Open Shortest Path First Description: Used in large autonomous systems with no limitation Algorithm: Link State Domain: Intra-domain

What are the challenges to providing a voice application service over IP?

Out of order or delayed packets might arrive and need to be reconstructed into a voice signal, and might be corrupted. Data must be sent and processed quickly enough that the receiving party cannot detect the difference.

What are some changes that have been made to HTTP to improve performance?

Parallel Connections - Used to handle multiple requests/responses, new request for content from different servers Persistent Connections - Server can keep the connection open until all content has been delivered using the content length header Pipelining - Don't wait for a response before sending the next message. Similar to sliding window Caching - Keep static content on servers with a high bandwidth so that it can be provided more quickly to satisfy requests.

Describe RIP routing protocol. Relate it to the DV and LS algorithms.

Routing information protocols Description: Used for small networks with maximum number of hops at 15. 16 is considered an infinite distance. Algorithm: Distance Vector Domain: Intra-domain

What are the application protocols for email and what role does each play?

SMTP (stateful): Push messages to other computers and boxes MIME: Supports non-ASCII, binary data like videos or audio IMAP: Retrieve message, leave message on the server. Pulls mail when you ask it to POP3: Retrieve messages, download and delete. Downloads all messages so no more connections are required until the next time you request.

What is a scheduled vs unscheduled MAC? What are the benefits/features of each approach?

Scheduled MAC is when you dedicate equal time/frequency to each node. Unscheduled is when you just allow whoever is broadcasting to go until they are done. Scheduled: - Good: More fair - Bad: Hard to implement - Features: Reserve resources, polling, token passing Unscheduled: - Good: Easier to implement - Bad: Less fair, potential for collisions - Features: Collision detection, random backoff, random access

What is a broadcast domain?

Segment of a network where any node can hear what any other node on the segment is saying

What are the major limitations in the design of SMTP? How are these limitations overcome?

Server responds after every header is received, and no security or authentication was included initially. Authentication was sort of fixed with SPF/DKIM records. SMTP requires messages to be formatted in 7-bit ASCII.

Describe approaches for architecting server applications to improve performance.

Servers can cache to improve performance TCP clients that aren't actively transmitting for a while can be dropped TCP servers can multithread to handle multiple connections at once UDP servers can multithread to handle multiple incoming packets

What are the protocols for VoIP? What purpose does each serve?

Session Initialization Protocol (SIP) - Call management, setup, and control. Session Description Protocol (SDP) - Describes parameters for voice session. Real-time Transport Protocol (RTP) - Handles data exchanges as a stream of voice packets. Reservation Protocol (RSVP) - Establishes priority and reservations inside of the network.

How is the design of HTTP similar to SMTP? What are the important differences?

Similarities: - Both are used in file transfer, HTTP transfers between web server and client while SMTP transfers between mail server and client - Both use persistent connections when transferring files - Both have headers of column-joined key/values separated by newlines Differences: - HTTP is pull (request/response) while SMTP is mainly push - SMTP requires 7-bit ASCII, while HTTP does not have that restriction - HTTP is stateless and SMTP is stateful

Explain how memory and other resources are allocated and used in your host operating system as each of the sockets calls are used.

Socket - Memory is allocated for send/receive buffers Listen - Memory allocated to hold certain number of connections Accept - Bind resources to the new socket which is open and connected to the client

What is the UDP header format?

Source, Destination, Length, and Checksum (all 2 bytes)

What does it mean to have a statefull protocol vs stateless? Give examples of each.

Statefull protocols record certain parts of the transaction, like the working directory and transport mode in FTP. Stateless protocols treats each requests as an independent session. Statefull - TCP, IMAP Stateless - HTTP, UDP, DNS, POP3

Explain the differences in buffering and message boundaries for UDP vs TCP.

TCP does not have message boundaries, while UDP does. TCP fills up a send buffer, then send the entire message at one time. UDP just sends packet by packet.

Explain the concept of the IP hourglass. Why is it so difficult to deploy a new replacement for IP vs other protocols at other layers?

The application layers are "end-to-end", which means we could effectively swap out the application on either end of the connection and things would still work. The hourglass takes its shape because the range of options for the IP layer is small. Changing the IP layer would require more functionality from underlying networks, require changes to the protocols above and below, and/or create interoperability problems. The physical/link layers can also be swapped out for other mediums easily without impacting other areas of the network.

What is transmission delay vs propagation delay? Why do we care about this? How does it affect network performance?

Transmission delay is the time to push the bits onto the channel, while propagation delay is the time to get the first bit across the wire to the receiver. We care about this because it provides finite values for how much communication can be going on at a given time, and also allows us to more accurately set timeouts. It affects network performance by slowing things down for larger delays, and speeding them up for smaller delays.

Calculate utilization and window size requirements for sliding window protocols under varying conditions (e.g. frame size and propagation delay)

U = dtrans * (windowSize) / (dtrans + RTT) RTT = 2 * dprop To get 100% utilization, packets need to be transmitted for the entire period. A period is the round trip time plus the transmission delay on both ends. U = dtrans * k / (dtrans + RTT) = 1 k is the window size.

What features does UDP provide?

UDP is fast enough to support point-multipoint (sending packets to multiple receivers). UDP can handle error detection with checksum in the header.

How are routing protocols used? What is the interaction with the way IP works?

Used to specify how routers should communicate with each other. They decide how data gets from one location to another, which is in the IP layer.

Why did they get rid of fragmentation in IPv6?

Very time-consuming with the overhead of fragmenting, when you can just have the end-systems do it. Reduces vulnerability to DOS attacks.

Know how to use the TCP state diagram

http://www.cc.gatech.edu/fac/Russell.Clark/Classes/15/3251-spring/tcp-connstates.jpg

What is a collision domain?

Segment of a network where collisions can occur

What is the TCP header format?

Source: 2 bytes Destination: 2 bytes Sequence Number: 4 bytes Ack Number: 4 bytes Special Fields: 2 bytes Window Size: 2 bytes Checksum: 2 bytes Urgent Pointer: 2 bytes Options: X bytes