IT Extension and Congestion Co

2016-10-27 18:22:26   0  举报





仅支持查看

AI智能生成

IT Extension and Congestion Co是一家专注于信息技术扩展和网络拥塞管理的公司。我们致力于为企业提供高效、稳定和可靠的网络解决方案，以应对日益增长的网络需求和挑战。通过我们的专业团队和先进的技术，我们能够帮助客户优化网络性能，提高数据传输速度，降低延迟，从而提高工作效率和客户满意度。此外，我们还提供网络拥塞管理服务，帮助客户识别和解决网络瓶颈问题，确保网络资源的合理分配和利用。总之，IT Extension and Congestion Co是您在信息技术扩展和网络拥塞管理领域的理想合作伙伴。

Internet

作者其他创作

大纲/内容

HTTP

Client/Server Model

Client

browser determines URL

browser conduct DNS lookup to acquire IP address

DNS replies

Connect to IP address on specific port

Client requests specified file

Server sends file requested

Server release connection

Browser displays file and its content

Server

...

Connection

Non-Persistent(HTTP1.0)

single TCP connection for each client-server request

does not officially require a host header to be included

Total Response Time = 2 * Round Trip Time + File Transmission Time

Persistent(HTTP1.1)

multiple requests can be sent over a single TCP connection

requires a host header as per its specification

Cookies (less likely to be examined)

The web is basically stateless

Restful is a good example without any Cookies or Histories

Why use Cookies?

We need to track user information

IP address may be dynamic as the user may bring his laptop to another place

How Cookies works?

1. User access website, website create a unique ID with entry in database for such ID

2. Website send such ID to user's browser

3. User browser appends such ID to a Cookies file that it manages

4. Next time when the user send a request, the cookie would be added to the header of request

5.The server detects such cookie and performs a specific response

Potential Harzard

Privacy Leak

(less likely to be examined) Web Caches

Goal

satisfy client request without involving original server

Architecture

Client

Proxy Server

1. If object not in cache, fetch on from original server and send back to client

2. If object in cache, check its version/timestamp compared to the one on original server

3. If not latest, send another request to origin server for new version

4. If already latest, immediately send back cache to Browser

Origin Server

Multi Media

Size

Each frame would need 3 bytes (3 int numbers) for each pixel

Multiply by Definition(e.g. 640*480)

Multiply by frames (e.g. 30 frames per second)

Then we have a total bandwidth requirement for such media file (3*640*480*30) bytes/sec

Basic Model

Issues

The browser has to reserve the entire media file until the stream is finished (browser store stream to disk, media player read from disk)

Point to Point Distribution, can only communicate with one point at a time

Does not scale

Streaming Media Protocol

Transport Protocol

TCP

Open Protocol

HTTP

RTP

RTSP

MPEG-4...

Close Protocol

Real Networks' Real Audio

Microsoft's Windows Media

Apple's QuickTime

Multimedia Playback Software

Tasks

Handle transmission errors in conjunction with transport protocols

Decompress the multimedia files

Eliminate jitter

Manage the user interface

Model

1. Browser send metafile request to web server

2. Web server respond metafile response to browser

3. Browser hands off metafile to media player

4. Media player send media request to Media Server

5. Media Server respond with media stream

Streaming Stored Media

Use reliable transport (TCP)

Add F(orward)E(rror)C(orrection) (e.g., parity, add extra packet to help to recover the loss data)

The central idea is the sender encodes the message in a redundant way by using an error-correcting code (ECC)

Interleave media

spreads nearby media samples over different transmissions to reduce the impact of loss

e.g. 2 transmissions, one for odd packets, one for even packets

Loss reduces temporal resolution; doesn't leave a gap

Buffer

multimedia software buffers streamed media sources prior to transmission

Buffering is a defensive mechanism to reduce jitter

Buffering Modes

Pull Server

as long as there is room in the buffer to another block, the media player continues to request additional blocks from the server (goal to keep the buffer as full as possible)

Push Server

media player sends a play request, and the server continuously pushes data to the player, media player uses a FIFO scheme to draw from the buffer, and uses a compensation mechanism when the buffer is not filled to capacity - high and low watermarks trigger starts or stops in the playback

Audio Compression Calculation

Audio CD can represent frequencies up to 22.05kHz

hence Nyquist (sample) rate is 44.1 kHz

Stero channels: 44100 samples/sec, 16 bits/sample = 2*44100*16 = 1,411,200 bits/s

VoIP

technologies

H.323

binary, built over telecommunication insfrasctures, defined a number of features to handle failure

SIP

text based, similar to HTTP, not defined procedures for handling device failure, It is the responsibility of the user-agent to send a re-INVITE to another proxy

H.323 and SIP both support VoIP and multimedia communications

Process

Online video also requires compression in order to achieve efficient transmission

Security

Cryptography

Symmetric Key Algorithms

Data Encryption Standard (DES)

Advanced Encryption Standard (AES)

Cipher Mode

Cipher Block Chaining Mode

However, cipher block chaining has the disadvantage of requiring an entire 64-bit block to arrive before decryption can begin.

8 bytes per block, thus 8 times efficient as Feedback Mode does

Feedback Mode

Week 10 Slide 15

Stream Ciphers Mode

In a stream cipher each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream, keystream is insensitive to transmission errors.

Counter Mode

In counter mode, plaintext is not directly encrypted.

But an initialisation parameter plus an arbitrary constant is encrypted, and the resulting ciphertext is XOR'ed with plaintext to generate new ciphertext

Asymetric Key Algorithms

RSA

Impossibility of factoring large numbers

RSA is too slow for encrypting/decrypting large volumes of data, but is widely used for secure key distribution

Diffie-Hellman Public Key Algorithm

1. Encryption Algorithm E and Decryption Algorithm D have to meet: D(E(P))=P

2. It is exceedingly difficult to deduce D from E

3. E cannot be broken by a chosen plaintext attack

Digest

Approaches

Message Digests

Inherently it's a one-way hash function that could only be calculated from message sent

Whenever a receiver receives such plaintext he could hash this text again to compare to the digest as validation

Computing a message digest from plaintext is much faster than encrypting plaintext

Digital Signature (an application of digest)

Create a message digest and encrypt it with the sender's private key

Attach this encrypted digest to message, send out message

When a receiver receives such message, it can thereby de-crypt this digest with the PUBLIC key on the network which corresponds to sender's private key

And rehash this message again, compare the digest to the one de-crypted, if they are equal, then validation is done

the sender cannot repudiate this message (cuz we know that the private key is only owned by sender)

Properties/Advantages of using Digests

easy to compute MD(P) give P

impractical to compute P given MD(P)

given P, impractical to find P' such that MD(P') = MD(P)

a single bit change in P creates a very different message digest.

MD5

SHA-1

Using symmetric keys via an intermediary to ensure non-repudiation

Using public keys as individuals

Features

Sender cannot repudiate contents of the message

Receiver cannot have derived the message themselves

Receiver can verify the claimed identity of the sender

Public Key Management

Certification Authority

X.509

An international standard for certificate expression

Machinery

Substitution Cipher (letter/groups of letters substitution)

Substitution ciphers preserve the order of the plaintext symbols but disguise them.

Transposition cipher (All letters are re-ordered)

Transposition ciphers, in contrast, reorder the letters but do not disguise them.

One time padding

One-time pad (Uses a random bit string as the key, convert the plaintext into a bit string, then XOR the two strings bit by bit )

Authentication

Non-repudiation (Undeniable)

Integrity control

Firewall

Firewalls are positioned at the network boundary, and provide a controlled series of route between the internal and external networks

All inbound and outbound traffic must transit the firewall

Only authorised traffic could pass through the firewall

Firewalls should be immune to penetration themselves

No protection against threats originating via bypass networks

No protection against internal threats

No protection against application payload threats

Wireless Security

Wireless networks are more difficult to secure because of omnidirectional signal propagation

Congestion Control

Distinguishing: Flow Control

Flow control is an issue for point to point traffic, primarily concerned with preventing sender transmitting data faster than receiver can receive it

Congestion control is an issue affecting the ability of the SUBNET to actually carry the available traffic, in a global context, so there could be MULTIPLE senders swarming in to cause congestion.

e.g. Typically the data sent are queued to avoid burst of traffic but if the input data rate is ALWAYS greater than output data rate the queue would be filled and collapse

This lead to a hike on delay as well as a drop on data Goodput (capacity of data to carry over network)

Load Shedding

When Congestion Control fails, we have to make a trade-off: keep only the most important packets

Quality of Service

Reliability/Loss

Examples

Remote Login and Email

Delay

Examples

Video conferencing/Telephony cares both Jitter and Delay

Jitter

Jitter is the variation in packet arrival times(interval)

Packets can be "shuffled" at each hop in order to minimise jitter - slower packets sent first, faster packets wait in a queue

Examples

Voice/Audio Over IP, Jitter Control is extremely important

If a user is watching a video over the network and the transmission time varies randomly between 1 and 2 seconds, the result will be terrible unless the application hides the jitter.

Bandwidth

Examples

File Sharing cares about bandwidth at most

Good QoS

Over-provisioning

more than adequate buffer, router CPU, and bandwidth (expensive and not scalable ... yet)

Buffering

buffer received flows before delivery

increases delay, but smooths out jitter, no effect in reliability or bandwidth

Traffic Shaping

regulate the average rate of transmission and burstiness of transmission

Buckets

leaky bucket

token bucket

Resource Reservation

reserve bandwidth, buffer space, CPU in advance

Admission Control (Load Balance)

routers can decide based on traffic patterns whether to accept new flows, or reject/reroute them

Proportional Routing

different traffic types for same destination split across multiple routes

Packet Scheduling

fair queuing, weighted fair queueing

Two Windows (maintained by sender)

Window described by the receiver

Deal with Receiver Capacity

Congestion Window

Deal with Network Capacity

The maximum transmission rate is the minimum of the two windows

Addictive Increase Multiplicative Decrease (AIMD)

A mechanism of congestion control, Slow Start is an improvement over this

TCP Slow Start

When a connection is established, the sender initializes the congestion window to a small initial value of at most four segments, and the use of four segments is an increase from an earlier initial value of one segment based on experience.

The packets will take a round-trip time to be acknowledged. For each segment that is acknowledged before the retransmission timer goes off, the sender adds one segment's worth of bytes to the congestion window.

Plus, as that segment has been acknowledged, there is now one less segment in the network. The upshot is that every acknowledged segment allows two more segments to be sent. The congestion window is doubling every round-trip time.

The corresponding rate is the window size divided by the round-trip time of the connection.

Grows until either a timeout occurs or the receiver's specified window is reached

Window Size 每次加一， Number of packets sent 每次double

DNS and SMTP and CDN

DNS(Domain Name System)

Essence

1. Distributed Database implemented in a hierarchy of many name servers (why not centralized? Poor failure tolerance, traffic load is huge, doesn't scale)

2. Application-layer Protocol that allows a host to query the database in order to resolve names (address/name translation)

p.s. we have multiple layers because it is hard to deal with all services in one server, load is heavy and database is too large

Name Space

Internet is divided into over 250 top-level domains (TLD).

13 root servers globally

Aliasing

relay1.westcoast.enterprise.com aliased to www.enterprise.com

a set of IP addresses is associated with one canonical name

Zones

namespace divided into nonoverlapping zones

each zone contains a part of the DNS tree and also name servers authoritative for that zone

Name Resolution

Host

Browser

Get the query result from OS and route to specific IP address

Operating System

OS delegate to Resolving Name Server -> Root Name Server -> TLD Name Server Authoritative Name Server

Resolving Name Server/Local Name Server

Root Name Server

TLD Name Server

Authoritative Name Server

Optimization

Caching

Once (any) name server learns a mapping, it caches the mapping

Services Provided/Usage/Reason using DNS

Hostname to IP address translation

Host Aliasing

Load Balancing

Why not centralised server?

Single point of failure

Traffic volume

Distant centralised database

Maintenance

Electronic Mail

Host (user agent)

compose, report, display, dispose

Envelope and contents: encapsulation of transport related information

Header and body: header - user agent control info; body for human recipient

Mail Server (message transfer agent)

Receives mails from user agent and collaborates with other Mail Servers via SMTP

Protocols

Multipurpose Internet Mail Extentsions (MIME)

Supports voice, images, and byte streams for mail in browser

SMTP

CDN (Content Distribution Network)

Very good scalability

Avoid congestion and latency

Reliable

Availability

Other Protocols

POP3

POP 3 is a simpler protocol but supports less features and is less secure in typical usage.

Mail is usually downloaded to the user agent computer instead of remaining on the mail server

It is not easy to read mail on multiple computers plus if the user agent computer breaks, all email may be lost permanently

IMAP

IMAP is an improvement over POP3

It has the ability to address mails not by message numbers but by using attributes

Traceroute

Traceroute finds the routers along the path from the host to a destination IP address.

Send a sequence of packets with TTL (time to live) ranging from 1 to n, each router these packets passing through the TTL counter will be subtracted 1, and the router which finds TTL to be 0 will send back a TIME EXCEEDED ICMP packet to the source, so the source thereby determines the IP addresses along the path, as well keeps statistics and timings of the path.

Telnet

Telnet is a protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).

Similar to SSH but without Security Protection

ARP (Address Resolution Protocol)

Problem: Data link layer Network Interface Card (NIC) does not understand IP address, there requires some mechanisms to map IP to corresponding MAC address.

ARP is used for mapping a network address (e.g. an IPv4 address) to a physical address like an Ethernet address (also named a MAC address).

The sender host broadcast packets onto the Ethernet asking for who owns the IP address of the packet it is to send. The corresponding receiver host will respond with its Ethernet address (MAC address), thereby the sender knows which address shall it send this packet to.