1

“Vision for Trustworthy Computing”, Bill Gates, 15 Jan 2002

“…now, when we face a choice between adding features and resolving security issues, we need to choose security.”

2

Internet Technologies

An example of how the system works*

Assume: FTP is our application example.

Ethernet is the underlying technology at the data link layer.

* Two slides of revision for some of you.

3

Application(say FTP)

TCP

IP

Ethernet Driver

Physical Layer

Ethernet

4

Ethernet IP TCP App. User Ethernet

Header Header Header Header Data Trailer

SS

SS46 to 1500 bytes for Ethernet

IP TCP App. User

Header Header Header Data

TCP App. User

Header Header Data

App. User

Header Data

User

Data

SS

SSSS

SS

SS

SS

SS

SS

5

Original Internet Principles End-to-End Design: Based on the assumption

that end-points can trust one another. To move the functionality

away from the network, and, towards the edges of the system.

Reduces the complexity of the network. Reduces the cost of future upgrades New applications can be added without

modifying the network.

6

Original Internet Principles Packet Switched Communication facility

Different Networks connected through Routers (used essentially for routing only).

Internet communication to continue despite loss of networks or routers.

Cater to distributed management of resources.

7

Original Internet Principles (continued)

Addresses that are simple, hierarchical and that can be overloaded for both naming a node and for routing to it.

Higher level functionality at the edges and dumb network

A single data delivery service (IP) to cater to both connectionless, unreliable datagram service (UDP) as well as to a reliable stream service (TCP).

8

New Environment Untrustworthy end-points

Denial of service attacks Spam e-mails

More demanding applications Requirement for high throughput Requirement for guaranteed delivery (e.g.

audio or streaming video) ISPs view wide BW and/or guaranteed

data transport services as a competitive differentiator.

9

New Environment Islands of wide BW and/or guaranteed

service along with content servers, designed for technologists.

Responses to the new environment: Modify the end-nodes Add functions to the core of the network

Firewalls NATs Traffic Filters

10

The Internet

Internet Characteristics &Architecture

as it exists today

11

Table1:Internet Traffic CharacteristicsFlow Type

% of Flows

% of Bytes

Ave. No. of Units

Ave. No. of Bytes

Web S to C

20.0 34.0 16.5 8270

Web C to S

23.3 3.3 12.5 710

MBONE 0.01 20.0 10,088 6,344,202

DNS 32.0 3.2 __ __

Others 25.7 35.4 __ __

C: client;DNS: Domain Name System;S: Server;MBONE:Multicast BackboneSource: Antonio Rodriquez-Moral, “LIBRA.” Bell Labs Technical Journal, 2(2): 42-

67, Spring 1997.

12

Table2: Routing PersistenceTime % of Total Comments

Seconds NA Used in load balancing

Minutes NA In tightly coupled routers

10s of minutes 9 Changes usually through different cities or Autonomous

Systems

Hours 4 Usually intra network changes

6+hours 19 Usually intra network changes

Days 68 (a) 50% of these routes persist for < 7 days

(b) Other 50% persist for > 7 days

Source: Vern Paxson, “End-to-End Routing Behaviour in the Internet”, IEEE/ACM Transactions on communications, 5(5), October 1997.

13

Table3: Internet Traffic Characteristics

Round Trip Delay (RTT)Most RTTs are within 70-160 msITU-T G.114: limit RTT to 300 ms or less

However…Surveys show some people tolerate large RTTs of 800 ms

Packet LossVery bursty Affects contiguous packets

Order of Packet Arrival Studies underway, but…Paxson study shows

out-of sequence arrival not unusual

Source: Ulyees Black, “Advanced Internet Technologies”, pages 70-71, 1999.

14

Packet Loss Data transmission: masked by TCP Audio/Video: ears and eyes catch it Audio System: G.T23.1 masks a loss

of up to 10% if the loss is random and independent. It uses the previous packet to simulate the lost packet.

But the packet loss in Internet is bursty.

15

Packet Loss Forward Error Correction system: uses

the technology used in mobile wireless system --by sending many copies of the coded voice. If even one copy arrives safely, the operation is effective.

Since UDP is used for audio/video, the out-of-sequence arrival is also a problem.

16

Internet: Example of a small part

HA HB HX

H1R4R3

R2

R1

HNH2

Internet

Ethernet

155 Mbps

SONETT1 Line

Ethernet

45 Mbps

SONET

T1 Line

For point-to-point (relay-type) connections through T1/SONET lines, PPP (Point to Point Protocol) is used.

* SLIP (Serial Line IP) is now rarely used.

17

T Lines Frame: carries 24 channels of 8 bits + 1 bit

for sync.=193 bits T1: 8000 frames per second 1.544 Mbps => DS1 T2: 4 DS1’s 6.312 Mbps => DS2 T3: 7 DS2’s 44.376 45 Mbps => DS3 T4: 6 DS3’s 274.176 Mbps

18

T Lines ANSI – Synchronous Optical Network

SONET ITU-T – Synchronous Digital Hierarchy SDH SONET rates:

OC1 51.84 Mbps OC3 155.520 Mbps OC12 622.080 Mbps OC-24 1.244 Gbps OC-48 2.488 Gbps OC-192 9.953 Gbps

19

RARP

IPICMP

ARP

UDP TCP

BGPRIP OSPF

FTP SMTPTELNETDNS

Physical Layer

PPPETHERNET

20

Ethernet Type ARP 080616 RARP 803516 IP 080016

IP Protocol OSPF 89 UDP 17 TCP 6 ICMP 1

UDP Ports RIP 520 DNS 53

TCP Ports BGP 179 DNS 53 SMTP 25 TELNET 23 FTP 21 HTTP 80 Lotus Notes 1352 HTTP PROXY 8080