1
“Vision for Trustworthy Computing”, Bill Gates, 15 Jan 2002
“…now, when we face a choice between adding features and resolving security issues, we need to choose security.”
2
Internet Technologies
An example of how the system works*
Assume: FTP is our application example.
Ethernet is the underlying technology at the data link layer.
* Two slides of revision for some of you.
3
Application(say FTP)
TCP
IP
Ethernet Driver
Physical Layer
Ethernet
4
Ethernet IP TCP App. User Ethernet
Header Header Header Header Data Trailer
SS
SS46 to 1500 bytes for Ethernet
IP TCP App. User
Header Header Header Data
TCP App. User
Header Header Data
App. User
Header Data
User
Data
SS
SSSS
SS
SS
SS
SS
SS
5
Original Internet Principles End-to-End Design: Based on the assumption
that end-points can trust one another. To move the functionality
away from the network, and, towards the edges of the system.
Reduces the complexity of the network. Reduces the cost of future upgrades New applications can be added without
modifying the network.
6
Original Internet Principles Packet Switched Communication facility
Different Networks connected through Routers (used essentially for routing only).
Internet communication to continue despite loss of networks or routers.
Cater to distributed management of resources.
7
Original Internet Principles (continued)
Addresses that are simple, hierarchical and that can be overloaded for both naming a node and for routing to it.
Higher level functionality at the edges and dumb network
A single data delivery service (IP) to cater to both connectionless, unreliable datagram service (UDP) as well as to a reliable stream service (TCP).
8
New Environment Untrustworthy end-points
Denial of service attacks Spam e-mails
More demanding applications Requirement for high throughput Requirement for guaranteed delivery (e.g.
audio or streaming video) ISPs view wide BW and/or guaranteed
data transport services as a competitive differentiator.
9
New Environment Islands of wide BW and/or guaranteed
service along with content servers, designed for technologists.
Responses to the new environment: Modify the end-nodes Add functions to the core of the network
Firewalls NATs Traffic Filters
10
The Internet
Internet Characteristics &Architecture
as it exists today
11
Table1:Internet Traffic CharacteristicsFlow Type
% of Flows
% of Bytes
Ave. No. of Units
Ave. No. of Bytes
Web S to C
20.0 34.0 16.5 8270
Web C to S
23.3 3.3 12.5 710
MBONE 0.01 20.0 10,088 6,344,202
DNS 32.0 3.2 __ __
Others 25.7 35.4 __ __
C: client;DNS: Domain Name System;S: Server;MBONE:Multicast BackboneSource: Antonio Rodriquez-Moral, “LIBRA.” Bell Labs Technical Journal, 2(2): 42-
67, Spring 1997.
12
Table2: Routing PersistenceTime % of Total Comments
Seconds NA Used in load balancing
Minutes NA In tightly coupled routers
10s of minutes 9 Changes usually through different cities or Autonomous
Systems
Hours 4 Usually intra network changes
6+hours 19 Usually intra network changes
Days 68 (a) 50% of these routes persist for < 7 days
(b) Other 50% persist for > 7 days
Source: Vern Paxson, “End-to-End Routing Behaviour in the Internet”, IEEE/ACM Transactions on communications, 5(5), October 1997.
13
Table3: Internet Traffic Characteristics
Round Trip Delay (RTT)Most RTTs are within 70-160 msITU-T G.114: limit RTT to 300 ms or less
However…Surveys show some people tolerate large RTTs of 800 ms
Packet LossVery bursty Affects contiguous packets
Order of Packet Arrival Studies underway, but…Paxson study shows
out-of sequence arrival not unusual
Source: Ulyees Black, “Advanced Internet Technologies”, pages 70-71, 1999.
14
Packet Loss Data transmission: masked by TCP Audio/Video: ears and eyes catch it Audio System: G.T23.1 masks a loss
of up to 10% if the loss is random and independent. It uses the previous packet to simulate the lost packet.
But the packet loss in Internet is bursty.
15
Packet Loss Forward Error Correction system: uses
the technology used in mobile wireless system --by sending many copies of the coded voice. If even one copy arrives safely, the operation is effective.
Since UDP is used for audio/video, the out-of-sequence arrival is also a problem.
16
Internet: Example of a small part
HA HB HX
H1R4R3
R2
R1
HNH2
Internet
Ethernet
155 Mbps
SONETT1 Line
Ethernet
45 Mbps
SONET
T1 Line
For point-to-point (relay-type) connections through T1/SONET lines, PPP (Point to Point Protocol) is used.
* SLIP (Serial Line IP) is now rarely used.
17
T Lines Frame: carries 24 channels of 8 bits + 1 bit
for sync.=193 bits T1: 8000 frames per second 1.544 Mbps => DS1 T2: 4 DS1’s 6.312 Mbps => DS2 T3: 7 DS2’s 44.376 45 Mbps => DS3 T4: 6 DS3’s 274.176 Mbps
18
T Lines ANSI – Synchronous Optical Network
SONET ITU-T – Synchronous Digital Hierarchy SDH SONET rates:
OC1 51.84 Mbps OC3 155.520 Mbps OC12 622.080 Mbps OC-24 1.244 Gbps OC-48 2.488 Gbps OC-192 9.953 Gbps
19
RARP
IPICMP
ARP
UDP TCP
BGPRIP OSPF
FTP SMTPTELNETDNS
Physical Layer
PPPETHERNET
20
Ethernet Type ARP 080616 RARP 803516 IP 080016
IP Protocol OSPF 89 UDP 17 TCP 6 ICMP 1
UDP Ports RIP 520 DNS 53
TCP Ports BGP 179 DNS 53 SMTP 25 TELNET 23 FTP 21 HTTP 80 Lotus Notes 1352 HTTP PROXY 8080