Computer Networks Lecture - PowerPoint Presentation

1. Computer NetworksLecture 10: Network Layer – Part IIBased on slides from D. Choffnes Northeastern U. and P. Gill from StonyBrook UniversityRevised Autumn 2015 by S. Laki

2. Network Layer2Function:Route packets end-to-end on a network, through multiple hopsKey challenge:How to represent addressesHow to route packetsScalabilityConvergenceApplicationPresentationSessionTransportNetworkData LinkPhysical

3. Intra-domain Routing ProtocolsDistance vectorRouting Information Protocol (RIP), based on Bellman-FordRouters periodically exchange reachability information with neighborsLink stateOpen Shortest Path First (OSPF), based on DijkstraEach network periodically floods immediate reachability information to all other routersPer router local computation to determine full routes33

4. Distance Vector RoutingRIPLink State RoutingOSPFIS-ISOutline4

5. Distance Vector Routing5What is a distance vector?Current best known cost to reach a destinationIdea: exchange vectors among neighbors to learn about lowest cost pathsRouting Information Protocol (RIP)DestinationCostA7B1D2E5F1DV Tableat Node CNo entry for CInitially, only has info for immediate neighborsOther destinations cost = ∞Eventually, vector is filled

6. Distance Vector Routing Algorithm6Wait for change in local link cost or message from neighborRecompute distance tableIf least cost path to any destination has changed, notify neighbors

7. Distance Vector Initialization7Dest.CostNextB2BC7CD∞231ABCD17Node ADest.CostNextA2AC1CD3DNode BDest.CostNextA7AB1BD1DNode CDest.CostNextA∞B3BC1CNode D Initialization: for all neighbors V do if V adjacent to A D(A, V) = c(A,V); else D(A, V) = ∞; …

8. Distance Vector: 1st Iteration8Dest.CostNextB2BC7CD∞231ABCD17Node ADest.CostNextA2AC1CD3DNode BDest.CostNextA7AB1BD1DNode CDest.CostNextA∞B3BC1CNode D… loop: … else if (update D(V, Y) received from V) for all destinations Y do if (destination Y through V) D(A,Y) = D(A,V) + D(V, Y); else D(A, Y) = min(D(A, Y), D(A, V) + D(V, Y)); if (there is a new min. for dest. Y) send D(A, Y) to all neighbors forever 8CD(A,D) = min(D(A,D), D(A,C)+D(C,D))= min(∞, 7 + 1) = 83B5BD(A,C) = min(D(A,C), D(A,B)+D(B,C))= min(7, 2 + 1) = 3D(A,D) = min(D(A,D), D(A,B)+D(B,D))= min(8, 2 + 3) = 52C4B3B

9. Distance Vector: End of 3rd Iteration9Dest.CostNextB2BC3BD4B231ABCD17Node ADest.CostNextA2AC1CD2CNode BDest.CostNextA3BB1BD1DNode CDest.CostNextA4CB2CC1CNode D… loop: … else if (update D(V, Y) received from V) for all destinations Y do if (destination Y through V) D(A,Y) = D(A,V) + D(V, Y); else D(A, Y) = min(D(A, Y), D(A, V) + D(V, Y)); if (there is a new min. for dest. Y) send D(A, Y) to all neighbors forever Nothing changes, algorithm terminatesUntil something changes…

10. 1041ABC50 loop: wait (link cost update or update message) if (c(A,V) changes by d) for all destinations Y through V do D(A,Y) = D(A,Y) + d else if (update D(V, Y) received from V) for all destinations Y do if (destination Y through V) D(A,Y) = D(A,V) + D(V, Y); else D(A, Y) = min(D(A, Y), D(A, V) + D(V, Y)); if (there is a new minimum for destination Y) send D(A, Y) to all neighbors forever 1Node BNode CTimeDCNA4AC1BDCNA5BB1BDCNA1AC1BDCNA5BB1BDCNA1AC1BDCNA2BB1BDCNA1AC1BDCNA2BB1BLink Cost Changes,Algorithm StartsAlgorithm TerminatesGood news travels fast

11. Count to Infinity Problem1141ABC5060Node BNode CTimeDCNA4AC1BDCNA5BB1BDCNA6CC1BDCNA5BB1BDCNA6CC1BDCNA7BB1BDCNA8CC1BDCNA7BB1BNode B knows D(C, A) = 5However, B does not know the path is C  B  AThus, D(B,A) = 6 !Bad news travels slowly

12. Poisoned Reverse1241ABC5060Node BNode CTimeDCNA4AC1BDCNA5BB1BDCNA60AC1BDCNA5BB1BDCNA60AC1BDCNA50AB1BDCNA51CC1BDCNA50AB1BIf C routes through B to get to AC tells B that D(C, A) = ∞Thus, B won’t route to A via C

13. Distance Vector RoutingRIPLink State RoutingOSPFIS-ISOutline13

14. Each node knows its connectivity and cost to direct neighborsEach node tells every other node this informationEach node learns complete network topologyUse Dijkstra to compute shortest pathsLink State Routing14

15. Flooding Details15Each node periodically generates Link State PacketID of node generating the LSPList of direct neighbors and costsSequence number (64-bit, assumed to never wrap)Time to liveFlood is reliable (ack + retransmission)Sequence number “versions” each LSPReceivers flood LSPs to their own neighborsExcept whoever originated the LSPLSPs also generated when link states change

16. OSPF vs. IS-ISFavored by companies, datacentersMore optional featuresBuilt on top of IPv4LSAs are sent via IPv4OSPFv3 needed for IPv6Favored by ISPsLess “chatty”Less network overheadSupports more devicesNot tied to IPWorks with IPv4 or IPv616OSPFIS-ISTwo different implementations of link-state routing

17. Different Organizational Structure17OSPFIS-ISArea 0Area 1Area 2Area 3Area 4Organized around overlapping areasArea 0 is the core networkOrganized as a 2-level hierarchyLevel 2 is the backboneLevel 2Level 1Level 1-2

18. Network Layer, Control Plane18Function:Set up routes between networksKey challenges:Implementing provider policiesCreating stable pathsApplicationPresentationSessionTransportNetworkData LinkPhysicalBGPRIPOSPFControl PlaneData Plane

19. BGP BasicsStable Paths ProblemBGP in the Real WorldDebugging BGP Path ProblemsOutline19

20. ASs, Revisited20AS-1AS-2AS-3Interior RoutersBGP Routers

21. AS NumbersEach AS identified by an ASN number16-bit values (latest protocol supports 32-bit ones)64512 – 65535 are reservedCurrently, there are ~ 40000 ASNsAT&T: 5074, 6341, 7018, …Sprint: 1239, 1240, 6211, 6242, …ELTE: 2012Google 15169, 36561 (formerly YT), + othersFacebook 32934North America ASs  ftp://ftp.arin.net/info/asn.txt21

22. Inter-Domain Routing22Global connectivity is at stake!Thus, all ASs must use the same protocolContrast with intra-domain routingWhat are the requirements?ScalabilityFlexibility in choosing routesCostRouting around failuresQuestion: link state or distance vector?Trick question: BGP is a path vector protocol

23. BGP23Border Gateway ProtocolDe facto inter-domain protocol of the Internet Policy based routing protocolUses a Bellman-Ford path vector protocolRelatively simple protocol, but…Complex, manual configurationEntire world sees advertisementsErrors can screw up traffic globallyPolicies driven by economicsHow much $$$ does it cost to route along a given path?Not by performance (e.g. shortest paths)

24. BGP Relationships24CustomerProviderCustomer pays providerPeer 1Peer 2Peer 3Peers do not pay each otherPeer 2 has no incentive to route 1 3 CustomerCustomerProvider$

25. Tier-1 ISP Peering25AT&TCenturylinkXO CommunicationsInteliquentVerizon BusinessSprintLevel 3So you want to be a tier 1 network?All you have to do is get all the other tier 1s to peer with you!(not that easy )

26.

27. Peering WarsReduce upstream costsImprove end-to-end performanceMay be the only way to connect to parts of the InternetYou would rather have customersPeers are often competitorsPeering agreements require periodic renegotiation27PeerDon’t PeerPeering struggles in the ISP world are extremely contentious agreements are usually confidentialExample: If you are a customer of my peer why should I peer with you? You should pay me too!Incentive to keep relationships private!

28. Two Types of BGP Neighbors28IGPExterior routers also speak IGPeBGPeBGPiBGPiBGP

29. Full iBGP Meshes29Question: why do we need iBGP?OSPF does not include BGP policy infoPrevents routing loops within the ASiBGP updates do not trigger announcementseBGPiBGP

30. Path Vector ProtocolAS-path: sequence of ASs a route traversesLike distance vector, plus additional informationUsed for loop detection and to apply policyE.g., pick cheapest/shortest pathRouting done based on longest prefix match110.10.0.0/16AS 1AS 2130.10.0.0/16AS 3120.10.0.0/16AS 4AS 530120.10.0.0/16: AS 2  AS 3  AS 4130.10.0.0/16: AS 2  AS 3110.10.0.0/16: AS 2  AS 5

31. 31Path-Vector RoutingExtension of distance-vector routingSupport flexible routing policiesAvoid count-to-infinity problemKey idea: advertise the entire pathDistance vector: send distance metric per dest dPath vector: send the entire path for each dest d321d“d: path (2,1)”“d: path (1)”data trafficdata traffic

32. 32Flexible PoliciesEach node can apply local policiesPath selection: Which path to use?Path export: Which paths to advertise?ExamplesNode 2 may prefer the path “2, 3, 1” over “2, 1”Node 1 may not let node 3 hear the path “1, 2”231

33. BGP Operations (Simplified)33Establish session on TCP port 179Exchange active routesExchange incremental updatesAS-1AS-2BGP Session

34. Four Types of BGP MessagesOpen: Establish a peering session. Keep Alive: Handshake at regular intervals. Notification: Shuts down a peering session. Update: Announce new routes or withdraw previously announced routes. announcement = IP prefix + attributes values34

35. BGP AttributesAttributes used to select “best” pathLocalPrefLocal preference policy to choose most preferred routeOverrides default fewest AS behaviorMulti-exit Discriminator (MED)Specifies path for external traffic destined for an internal networkChooses peering point for your networkImport RulesWhat route advertisements do I accept?Export RulesWhich routes do I forward to whom?35

36. Shortest AS Path != Shortest Path36SourceDestination??4 hops4 ASs9 hops2 ASs

37. Hot Potato Routing37DestinationSource??Pick the next hop with the shortest IGP route

38. 38Importing RoutesFrom ProviderFrom PeerFrom PeerFrom CustomerISP Routes

39. 39Exporting RoutesTo CustomerTo PeerTo PeerTo ProviderCustomers get all routesCustomer and ISP routes only$$$ generating routes

40. Modeling BGP40AS relationshipsCustomer/providerPeerSibling, IXPGao-Rexford modelAS prefers to use customer path, then peer, then providerFollow the money!Valley-free routingHierarchical view of routing (incorrect but frequently used)P-PC-PP-PP-CP-PP-C

41. AS Relationships: It’s Complicated41GR Model is strictly hierarchicalEach AS pair has exactly one relationshipEach relationship is the same for all prefixesIn practice it’s much more complicatedRise of widespread peeringRegional, per-prefix peeringsTier-1’s being shoved out by “hypergiants”IXPs dominating traffic volumeModeling is very hard, very prone to errorHuge potential impact for understanding Internet behavior

42. Other BGP Attributes42AS_SETInstead of a single AS appearing at a slot, it’s a set of AsesCommunitiesArbitrary number that is used by neighbors for routing decisionsExport this route only in EuropeDo not export to your peersUsually stripped after first interdomain hopWhy?PrependingLengthening the route by adding multiple instances of ASNWhy?

43. Transport Layer43Function:Demultiplexing of data streamsOptional functions:Creating long lived connectionsReliable, in-order packet deliveryError detectionFlow and congestion controlKey challenges:Detecting and responding to congestionBalancing fairness against high utilizationApplicationPresentationSessionTransportNetworkData LinkPhysical

44. UDPTCPCongestion ControlEvolution of TCPProblems with TCPOutline44

45. The Case for Multiplexing45Datagram networkNo circuitsNo connectionsClients run many applications at the same timeWho to deliver packets to?IP header “protocol” field8 bits = 256 concurrent streamsInsert Transport Layer to handle demultiplexingPacketNetworkData LinkPhysicalTransport

46. Demultiplexing Traffic46Endpoints identified by <src_ip, src_port, dest_ip, dest_port>NetworkTransportApplicationP1P2P3P4P6P7P5Host 1Host 2Host 3Unique port for each applicationApplications share the same networkServer applications communicate with multiple clients

47. Layering, Revisited47ApplicationTransportNetworkData LinkPhysicalHost 1RouterHost 2PhysicalLowest level end-to-end protocol Transport header only read by source and destinationRouters view transport header as payloadApplicationTransportNetworkData LinkPhysicalNetworkData LinkLayers communicate peer-to-peer

48. User Datagram Protocol (UDP)48Simple, connectionless datagramC sockets: SOCK_DGRAMPort numbers enable demultiplexing16 bits = 65535 possible portsPort 0 is invalidChecksum for error detectionDetects (some) corrupt packetsDoes not detect dropped, duplicated, or reordered packetsDestination Port01631Payload LengthSource PortChecksum

49. Uses for UDP49Invented after TCPWhy?Not all applications can tolerate TCPCustom protocols can be built on top of UDPReliability? Strict ordering?Flow control? Congestion control?ExamplesRTMP, real-time media streaming (e.g. voice, video)Facebook datacenter protocol

50. UDP – already discussedTCPCongestion ControlEvolution of TCPProblems with TCPOutline50

51. OptionsTransmission Control Protocol51Reliable, in-order, bi-directional byte streamsPort numbers for demultiplexingVirtual circuits (connections)Flow controlCongestion control, approximate fairnessDestination Port01631Sequence NumberSource PortAcknowledgement NumberAdvertised WindowUrgent PointerFlagsChecksumWhy these features?4HLen

52. Connection Setup52Why do we need connection setup?To establish state on both hostsMost important state: sequence numbersCount the number of bytes that have been sentInitial value chosen at randomWhy?Important TCP flags (1 bit each)SYN – synchronization, used for connection setupACK – acknowledge received dataFIN – finish, used to tear down connection

53. Three Way Handshake53Each side:Notifies the other of starting sequence numberACKs the other side’s starting sequence numberClientServerSYN <SeqC, 0>SYN/ACK <SeqS, SeqC+1>ACK <SeqC+1, SeqS+1>WhySequence # +1?

54. Connection Setup Issues54Connection confusionHow to disambiguate connections from the same host?Random sequence numbersSource spoofingKevin MitnickNeed good random number generators!Connection state managementEach SYN allocates state on the serverSYN flood = denial of service attackSolution: SYN cookies

55. Connection Tear Down55Either side can initiate tear downOther side may continue sending dataHalf open connectionshutdown()Acknowledge the last FINSequence number + 1What happens if 2nd FIN is lost?ClientServerFIN <SeqA, *>ACK <*, SeqA+1>ACKDataFIN <SeqB, *>ACK <*, SeqB+1>

56. Sequence Number Space56TCP uses a byte stream abstractionEach byte in each stream is numbered32-bit value, wraps aroundInitial, random values selected during setup. Why?Byte stream broken down into segments (packets)Size limited by the Maximum Segment Size (MSS)Set to limit fragmentationEach segment has a sequence numberSegment 8Segment 9Segment 1013450149501605017550

57. Bidirectional Communication57Each side of the connection can send and receiveDifferent sequence numbers for each directionClientServerData (1460 bytes)Data/ACK (730 bytes)Data/ACK (1460 bytes)Seq.Ack.Seq.Ack.12323146114617537532921Data and ACK in the same packet231

58. Flow Control58Problem: how many packets should a sender transmit?Too many packets may overwhelm the receiverSize of the receivers buffers may change over timeSolution: sliding windowReceiver tells the sender how big their buffer isCalled the advertised windowFor window size n, sender may transmit n bytes without receiving an ACKAfter each ACK, the window slides forwardWindow may go to zero!

59. Flow Control: Sender Side59Sequence NumberSrc. PortAcknowledgement NumberWindowUrgent PointerFlagsChecksumHLPacket SentDest. PortSrc. PortAcknowledgement NumberWindowUrgent PointerFlagsChecksumHLPacket ReceivedDest. PortSequence NumberACKedSentTo Be SentOutside WindowWindowMust be buffered until ACKed

60. Sliding Window Example601234567567TimeTimeTCP is ACK ClockedShort RTT  quick ACK  window slides quicklyLong RTT  slow ACK  window slides slowly

61. Observations61Throughput is ~ w/RTTSender has to buffer all unacknowledges packets, because they may require retransmissionReceiver may be able to accept out-of-order packets, but only up to buffer limits

62. What Should the Receiver ACK?ACK every packetUse cumulative ACK, where an ACK for sequence n implies ACKS for all k < nUse negative ACKs (NACKs), indicating which packet did not arriveUse selective ACKs (SACKs), indicating those that did arrive, even if not in orderSACK is an actual TCP extension6262

63. Sequence Numbers, Revisited6332 bits, unsignedWhy so big?For the sliding window you need…|Sequence # Space| > 2 * |Sending Window Size|232 > 2 * 216Guard against stray packetsIP packets have a maximum segment lifetime (MSL) of 120 secondsi.e. a packet can linger in the network for 2 minutes

64. Silly Window Syndrome64Problem: what if the window size is very small?Multiple, small packets, headers dominate dataEquivalent problem: sender transmits packets one byte at a timefor (int x = 0; x < strlen(data); ++x) write(socket, data + x, 1); HeaderDataHeaderDataHeaderDataHeaderData

65. Nagle’s Algorithm65If the window >= MSS and available data >= MSS: Send the dataElif there is unACKed data: Enqueue data in a buffer until an ACK is receivedElse: send the dataProblem: Nagle’s Algorithm delays transmissionsWhat if you need to send a packet immediately?int flag = 1;setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (char *) &flag, sizeof(int));Send a full packetSend a non-full packet if nothing else is happening