lecture 2: communication stack review (from the ...subjects.ee.unsw.edu.au/tele9752/2.pdf · •...

Copyright © Tim Moors 2017 1

TELE9752 Network Operations and Control

Lecture 2: Communication stack review

(from the perspective of NOC)

tele9752V2


Outline

• Layer-independent issues

• Physical Layer

• Link layer

• Network layer

• Transport layer (briefly)

• Application layer (briefly)

tele9752EZ

Very

important

Moderately

important

Very very

very VERY

approximate!


Outline

• Layer-independent issues – Standard options

– Application layer management

– Accessing layers

– Generic protocol functions

– Internet design goals

• Physical layer

• Link layer

• Network layer

• Transport layer (briefly)

• Application layer (briefly)

tele9752NP


Standard options

• Standards are critical for enabling interoperability

• But are developed through multi-vendor negotiations => Often include options that some don't want to

use/implement

What variant of a standard does an implementation

provide? => – IEEE Protocol Implementation Conformance Statements

(PICS)

– RFCs define necessity to implement a feature with

“MUST” “SHOULD” “MAY” clauses [RFC2119]

– Management Information Base (MIB): MODULE-

COMPLIANCE statements [S5 of RFC1904]

tele975201


Extract of 802.1q† PICS

tele9752A5

† This lecture emphasises 802.1q only to minimise the number of protocols used for

examples, e.g. of PICS, priorities, VLANs


Extract of RFC4293 IP MIB ipMIBCompliance2 MODULE-COMPLIANCE

STATUS current

DESCRIPTION

"The compliance statement for systems that implement IP -

either IPv4 or IPv6....

MANDATORY-GROUPS { ipSystemStatsGroup, ipAddressGroup,

ipNetToPhysicalGroup, ipDefaultRouterGroup,

icmpStatsGroup }

GROUP ipSystemStatsHCOctetGroup

DESCRIPTION

"This group is mandatory for systems that have an aggregate

bandwidth of greater than 20MB.

...

OBJECT ipv6IpForwarding

MIN-ACCESS read-only

DESCRIPTION

"An agent is not required to provide write access to this

object."

tele9752D7


Application layer management

• NM functions can use lower (Link to Transport)

layers to deliver info between NMS and devices =>

NM often implemented using application layer

protocols, e.g. – Simple Network Management Protocol (SNMP)

– Command-line interface through telnet

– GUI interface through http

• An alternative to using lower layers is to use a

separate communication system – See slide [4U>

tele9752ZA


Accessing layers

How can NMS access all layers?

A1: Implementation-dependent “hooks” into layers

A2: Management planes

tele9752E3


IEEE 802.1 management

Figure from IEEE 802.1q-2003 tele9752DW


Generic protocol functions

• Loopback [P3>

• Priorities [QM>

• TLV formatting of options [RR>

tele9752PT


Loopback

• Loopback services return what is received back to

the originator.

• Used to test path to/from service -> Fault Mgt [C8>

• e.g.: – Interfaces, e.g. “lo” (rather than eth0)

– Create VLAN loopback to test – see slide [WJ>

– ICMP echo (ping)

– UDP echo port (#7)

– HTTP TRACE method

tele9752P3


Priorities

• Most layers can multiplex multiple types of traffic

• NM traffic should receive priority (lower delay / loss)

over other traffic so that NOC can fix overloaded

network

111 - Network Control

110 - Internetwork Control

101 - CRITIC/ECP

100 - Flash Override

011 - Flash

010 - Immediate

001 - Priority

000 - Routine

Priority Traffic type

7 (highest) Network management

6 Voice

5 Video

4 Controlled load

3 Excellent effort

0 (default) Best effort

2 Spare (undefined)

1 (lowest) Background

IEEE 802.1p

(used in 802.1q)

IPv4

3b of Type of Service field

tele9752QM


Type-Length-Value formatting

• Receiver needs to determine which fields exist in a packet, and may

not recognise all (e.g. newer) fields

– Particularly important for optional fields; format of fixed fields

usually‡ implied by protocol.

TLV formatting: Fields formatted as a 3-tuple, indicating:

• Type: Which type of field is being presented?†

• Length: How long (bytes) the field is

– Particularly for variable-length content, e.g. domain names

• Value: The content of the field

Type & Length aid receivers that don't recognise field:

• Type (e.g. IPv6 extension option types) => Can I ignore this field?

Should I return an error?

• Length: How can I locate the next field? † The type is that of the next field for several protocols, e.g. IPv6 options and ISAKMP. That is because of layering: Such protocols

need to indicate which higher-layer protocol is being carried & treat optional fields like higher-layer protocols for consistency.

tele9752RR

‡ SNMP is an exception


TLV examples

• IPv4 options, e.g. Source Routing

• TCP options

• And many more, e.g. ICMP and DHCP options

• SNMP uses TLV to encode:

– list of objects being acted on

– the fixed part of its header (Version, Community & Type

fields)!

+--------+--------+--------+---------//--------+ |10000011| length | pointer| route data | +--------+--------+--------+---------//--------+ Type=131: Loose Source Route

TCP Timestamps Option: +-------+-------+---------------------+---------------------+ |Kind=8 | 10 | TS Value (TSval) |TS Echo Reply (TSecr)| +-------+-------+---------------------+---------------------+ 1B 1B 4B 4B

tele975245


Internet design goals • “The top level goal ... was to develop an effective technique for

multiplexed utilization of existing interconnected networks.”

• Second level goals

– Internet communication must continue despite loss of networks or

gateways.

– The Internet must support multiple types of communications

service.

– The Internet architecture must accommodate a variety of networks.

– The Internet architecture must permit distributed management of

its resources.

– The Internet architecture must be cost effective.

– The Internet architecture must permit host attachment with a low

level of effort.

– The resources used in the internet architecture must be

accountable.

• “these goals are in order of importance” D. Clark: “The Design Philosophy of the DARPA Internet Protocols”, Proc.

SIGCOMM, pp. 106-114 tele9752P2

http://dx.doi.org.wwwproxy0.library.unsw.edu.au/10.1145/52325.52336


Physical Layer

• Choice of medium

• Topology

• Geographical layout

• Separate Phy for NM?

• Time-domain reflectometry

• Vendors of testing

equipment

tele9752PH


Choice of medium

• Cables, e.g. Wire/Fibre – NM affected by accessibility:

• Cost to install • Need access to service -> Topology slide... [6C>

– Wear and tear of connectors • Wireless

– Often RF (e.g. 2.4 and 5GHz ISM bands) but may be freespace optics

– Often broadcast, but can be point-to-point – NM affected by susceptibility to environmental

influences: • Obstructions • Noise levels \_ particularly with omnidirectional • Interference / antennas

tele97522U

http://uluru.ee.unsw.edu.au/~tim/courses/tele9752/id/6C.html


Topology

• Cables that snake past multiple users save on wire,

but hinder Mgr access => often prefer star topology

(e.g. meandering coax -> UTP to wiring closet)

A B C D

1980s

A B C D

Late 1990s

tele97526C


Geographical layout

• Network protocols typically only care about link/node function,

and not about how that function is achieved

• NM needs to consider geographical locations of:

– Links for multiplexing: One physical medium may be

multiplexed (e.g. TDM, WDM or multiple cables in bundle) to

provide multiple logical links, but failures due to medium will be

correlated:

• Can't rely on link “separation” to provide fault tolerance

• Failure of some (not all) such links suggests medium may

not have failed.

– Nodes for power: Power outage might affect all

devices in an area

tele9752GC

e.g. “In the case of the Baltimore tunnel fire … the redundancy of having different service providers was useless since

different service providers lay their fibres through the same geographic location. Therefore, not only logical topology,

but also underlaying physical topologies should be considered carefully when designing networks.”

[http://www.ittc.ku.edu/resilinets/papers/Sterbenz-Hutchison-Cetinkaya-Jabbar-Rohrer-Scholler-Smith-2012.pdf]

http://en.wikipedia.org/wiki/Howard_Street_Tunnel_fire‎

http://www.ittc.ku.edu/resilinets/papers/Sterbenz-Hutchison-Cetinkaya-Jabbar-Rohrer-Scholler-Smith-2012.pdf
















Separate Phy for NM?

• NM traffic can pass over – Same interfaces that carry payload: “in-band”

– Separate interfaces dedicated to NM: “out-of-band”

• e.g. router may connect to other routers through Ethernet

interfaces but also provide a serial “console” port for NM.

Figure 3-12 from Clemm

tele97524U

Typical console port settings:

9600 b/s

8 data bits

0 parity bits

1 stop bit

Xon/xoff flow control

(not hardware)

Computer port usually COM1


in- vs out-of- band issues 1

• Cost: in-band NM doesn't require extra interfaces, but does require devices to support all layers needed for NM (e.g. link layer WiFi Access Point needs TCP/IP† for SNMP)

• Reliability: – + NM interface may continue working when data

interface fails. – - Separate NM interface increases # of failure

points. • Interference: NM & production traffic might interact e.g.

– Software updates delay production traffic – Transfer of NM measurements affect load which

affects NM measurements. – Well designed network should be able to separate

by traffic class (e.g. priorities <QM], VLANs [QR>, etc)

tele9752HH

† Strictly speaking, UDP/IP


in- vs out-of- band issues 2

Out-of-band benefits:

• Security: NM systems can be physically isolated from

production interfaces, reducing exposure (e.g.

attacker might need physical access to console port)

In-band benefits:

• Performance: NM interfaces probably not as fast as

production interfaces – e.g. 19kb/s console vs GigE

• Recursion?: How do we manage the NM network? – Not difficult, given NM << production, and tightly

controlled

tele9752C4


Time-domain reflectometry (TDR)

Discontinuities in channel properties can reflect signals – Electrical: impedance mismatch

– Optical: change of refractive index

=> Troubleshooting: Transmit a pulse and observe delay

to reflection => location of break

• Determine if cable is terminated, and if not, how long

cable is. If so, is other end powered?

Figures from LinkRunner Quick Reference Guide Representative accuracy (Fluke Etherscope): "Length resolution ± [5% of reading + 1 m (3 ft)], with

open, shorted, with wire map adapter, or terminated with reflection = 20%" tele9752P5


Sample tool: Fluke LinkRunner

• Jacks @ top: 1 for end of cable;

2nd for determining wiring map.

• Lower icons are soft keys

• Determines such things as – (2) cable type; what's on ends

(LinkRunner @ left, ‘switch’ @ right)

– (3) advertised link speed/duplex

– (4) actual link speed/duplex

– Graph: link utilisation over time

• RRP: $500?

http://www.flukenetworks.com/fnet/en-us/products/LinkRunner/Overview.htm tele9752F0

http://www.flukenetworks.com/fnet/en-us/products/LinkRunner/Overview.htm




Cable testing

• From Fluke Linkrunner

tele9752DE


Linkrunner: higher layer features

• Identify machines – Linkrunner on left

– DNS server (IDed from DHCP)

– Router

– Host – (Switch via CDP [N8>; pic on <F0])

• Ping them – Above: Showing # transmitted/received

– Below: Showing delays

tele9752TJ


Vendors of testing equipment

• Fluke Networks [flukenetworks.com],

e.g. – 620 LAN CableMeter

– Etherscope

• Agilent [agilent.com]

• Spirent [spirentcom.com]

• Ixia [ixiacom.com] e.g. Chariot load

tester

• Network General

[networkgeneral.com]

Images and more info from http://www.flukenetworks.com/fnet/en-

us/products/620+LAN+CableMeter/Overview.htm?categorycode=CPTT

http://www.flukenetworks.com/fnet/en-

us/products/EtherScope+Series+II/Overview.htm?categorycode=LANT tele9752WW

flukenetworks.com

agilent.com

spirentcom.com

ixiacom.com

networkgeneral.com

http://www.flukenetworks.com/fnet/en-us/products/620+LAN+CableMeter/Overview.htm?categorycode=CPTT




http://www.flukenetworks.com/fnet/en-us/products/EtherScope+Series+II/Overview.htm?categorycode=LANT




Link layer

• Error coding

• Addresses and filtering

• MAC configuration

• Switches

• Virtual LANs

• Config lecture: [N8>

Link layer discovery (e.g. LLDP)

tele9752QZ


Error monitoring

• Fill link with test data if no more payload to send – More accurate error rate measurement

– Faster fault detection (not just when service is

needed) -> [VR>

– Inapplicable to wireless broadcast? (shared media)

tele9752PJ

For details, see http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=222905

http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=222905


Addresses and filtering

• Link layer addresses (e.g. 48b “Ethernet” address)

tend to be static => use to identify equipment;

inventory management – Can also bootstrap management process: Device

(e.g. networked camera or disk) may be designed

to obtain IP address through DHCP, but NM can

identify it on network by link layer address

• Filtering by destination address: – Nodes usually filter out info sent on shared medium

that is not destined to them (of no interest)

– “promiscuous mode” - receive such info – useful for

sniffing; e.g. Wireshark / Cloudshark

tele9752G6


Network analyzers

tele97523T

Cloudshark example

https://www.cloudshark.org/captures/68bd9a01f144


MAC configuration

• IEEE 802.3 (“Ethernet”): Little – Auto negotiation of speed

– Full or half duplex <F0]?

• IEEE 802.11 (“WiFi”): Lots – Channel

– Modulation (.11a/b/g)

– Data rate

– Preamble length

– RTS threshold

– SSID, password

– Security mode (e.g. WEP vs WPA)

tele975231


‘Switches’

• In TELE9752 “switch” refers to Ethernet switches, not

the more generic meaning used in TELE9751

• Switches aid NM by self-learning – Mgr needn’t

configure.

• Mgr may specify whether to store-and-forward or cut-

through, or error rate threshold for changing mode.

Issues

• Port mirroring [05>

• Spanning Tree Protocol [DM>

tele9752AU


Port mirroring

• Aka Switched Port Analyzer (SPAN) [Cisco] or

Monitor Port [HP]

• Copy all packets from one (VLAN) port to another.

• Useful when want to analyse traffic on a link that

doesn't allow insertion of an analyser (e.g. point-to-

point UTP between host and switch) and don't have

a hub.

tele975205


Spanning Tree Protocol

• Automatically breaks loops

• Can help NM:

– Physical topology can contain loops

• Poor documentation

• Deliberate redundancy for fault tolerance

– Automatically respond to link/node failures

• Introduces other NM issues: configurable parameters

– priority, en/disable, delays between state transitions

Fig 4-4 from Tanenbaum tele9752DM


Virtual LANs (VLANs)

• VLANs allow NM to control membership of broadcast domains (LANs)

– Rather than all ports of a switch belonging to same LAN and routers separating LANs

Why?: • Historically:

– Support mobility (prior to DHCP) – Hosts use broadcast to discover services (e.g.

ARP) (prior to IPv6) • Now:

– Confine broadcast traffic, for secrecy and avoid excess broadcast.

– STP <DM] converges faster for smaller networks – Limit multicast propagation (e.g. load from video)

tele9752QR

VLAN scenario

Copyright © Tim Moors 2017 tele97521W

Slide from Vijay Sivaraman

Assign each switch port to a VLAN.

Logically split switch into multiple switches

Assign port 10 to multiple VLANs – “trunk port”


Associating frames with VLANs

Frames on trunk ports must be associated with particular VLANs

Explicit tags: Ethertype of 0x8100 => 802.1q header follows

Implicit association: use existing protocol fields (e.g. IP address); sensitive to higher layers & absence of encryption

+--+--+------+---+---+----+------+---------+-----+---+

|DA|SA|0x8100|Pri|CFI|VLAN|Len/Ty| (Data) |(Pad)|CRC|

|6B|6B| | 3b|1b | 12b| 16b | 0-1500B |0-46B| 4B|

+--+--+------+---+---+----+------+---------+-----+---+

tele9752DU


VLAN configuration

Switches can be configured using:

• Protocols: GARP VLAN Registration Protocol

(GVRP, 802.1q S 11.2) or Cisco's VLAN Trunking

Protocol (VTP)

• Other management interfaces, e.g. SNMP/IOS

tele9752R5


VLANs for Ethernet loop-back <P3]?

1

2

25 26

site B site A

Question: As network manager, you often install (VLAN-capable) Ethernet switches at remote sites. You want to be sure that you can, at any time, test from site A if the link to a remote site B is working or not. How to do this without having to leave a host at each site?

Slide based on one from Vijay Sivaraman

Answer:

At site A: • config vlan 2000 add ports 1, 25: adds ports 1 and 25 to vlan 2000

• config vlan 2001 add ports 2, 25: note that port 25 is now a trunk port

At site B: • config vlan 2000 add ports 3, 26

• config vlan 2001 add ports 4, 26

• Connect port 1 and port 2 using Ethernet cable

Now ping from PC1 to PC2:

• frame goes A1 -> A25 -> B26 -> B3 (on Vlan 2000)

• Out B3 over Ethernet cable, back to B4, then B4 -> B26 -> A25 -> A2 over Vlan 2001

tele9752WJ

3 4


Network layer

• Addressing

• Routing – Metrics

– Source routing

• ICMP – ping

– traceroute

– ICMP may be blocked

tele97529C


Addressing

• Each interface (on host or router) needs a unique

address and a mask – DHCP currently used to issue addresses to hosts

• IPv6 hosts can autoconfigure, including

constructing a link-local address from their Link

Layer address

– Addressing plan typically manually created by Mgr.

• Hosts may discover local router through DHCP or

IPv6 Neighbor Discovery

For more on IPv6 autoconfiguration, see

F. Donzé: "IPv6 Autoconfiguration", Internet Protocol Journal, 7(2)

tele9752A0


Routing metrics

• Routing protocols automate determination of

“shortest” path, but Mgr must specify link costs,

accounting for – link performance

– monetary cost

– policies

Fault Management: May want routers to record multiple

(not just the shortest) paths to destination s.t. ready

when needed (after failure) without computation

delay

Link-state protocols are better suited to this

tele97522Z


Source routing

• Mgr may want to test path as seen by user

• Can achieve with loose source routing: Route to

user, and from there to destination.

But source routing is often blocked since it can

facilitate source address spoofing:

• With source routing (Replies typically invert source

route): Reply to fake source address passes attacker

who can continue exchange (e.g. TCP 3-way

handshake)

• Without source routing: Reply goes to faked

address (not attacker) so attacker can't continue

exchange. See pp. 383-4 of Stevens TCP/IP Illustrated vol. 1 for an example of using source routing for troubleshooting tele9752J4

Copyright © Tim Moors 2017

29/07/08

46

Performance measurement tools

Check for response, from one end:

• ping [3E>

Determine path: traceroute [HC>

• pathping under Windows: runs traceroute, then pings each

node on path.

Measure throughput between two ends

• netperf http://netperf.org/netperf/

• ttcp

Mean Opinion Scores of voice/video

• Estimates mean opinion of human users, based on

throughput, loss, delay, perception and more

And many many more tools! tele97527T

http://netperf.org/netperf/


ICMP

• The Internet Control Message Protocol (ICMP)

augments IP by providing: – Error reporting, e.g. unreachable errors

– Configuration info, e.g. router/neighbor discovery

– Testing facilities: echo request/reply

• Used in NM tools: – Ping (slide coming [3E>)

– Traceroute (slides coming [HC>[VP>)

[RFC4560 defines a MIB that allows NM to execute

ping/traceroute on remote devices [JD> ]

• May receive unusual treatment (slides [ZE> [LG>)

tele97525K


Ping

• Send ICMP echo request messages to destination;

expect echo reply; repeat periodically

• Measures response (loss) rate & delay (RTT)

DIY: Windows/Linux “ping” (ping6 for IPv6)

Principle can be applied to checking response time for

other protocols, which may be necessary if ICMP is

blocked...

– http://hping.org/ generalises ping to other

protocols

– Monitoring services, e.g. pingdom.com

tele97523E

http://hping.org/


How traceroute works

• Repeatedly send probes with differing TTLs => expire different

distances into network

– Often repeat 3 times for each TTL – multiple measurements

of delay; in case firewall only reports error occasionally [ZE>

– Usually TTL increments from 1 until meet stopping criteria

• Stopping criteria: port unreachable or max probes (e.g. 30)

• Types of probes:

– ICMP: Could do (Windows “tracert” uses ICMP echo), but

many routers literally follow RFC792: “no ICMP messages

are sent about ICMP messages”; also different from normal

traffic – could follow different path

– Unix “traceroute”: UDP – send to unlikely port number; vary

port number with each probe s.t. unlikely @ receiver that

multiple probes all reach apps (no unreachable response)

tele9752HC

Path from UNSW to www.irtf.org

Copyright © Tim Moors 2017 tele9752VP

$ traceroute www.irtf.org

traceroute to www.irtf.org (192.150.187.18), 30 hops max, 38 byte packets

1 eebu4s1.uwn.unsw.EDU.AU.92.171.149.in-addr.arpa (149.171.92.2) 14.624ms 0.775ms 1.040ms

2 129.94.255.181 (129.94.255.181) 0.436ms 0.409ms 0.384ms

3 gig2-2.nswrnosbb.nswrno.net.au (138.44.1.37) 0.582ms 0.563ms 0.527ms

4 vlan948.gbe3-0.sccn1.broadway.aarnet.net.au (192.231.212.49) 1.450ms 0.805ms 0.758ms

5 pos1-0.sccn1.seattle.aarnet.net.au (192.231.212.34) 157ms 156ms 157ms

6 Abilene-PWAVE-1.peer.pnw-gigapop.net (198.32.170.43) 166ms 165ms 166ms

7 snvang-sttlng.abilene.ucaid.edu (198.32.8.10) 174ms 173ms 173ms

8 losang-snvang.abilene.ucaid.edu (198.32.8.94) 180ms 180ms 180ms

9 hpr-lax-gsr1--abilene-LA-10ge.cenic.net (137.164.25.2) 190ms 190ms 190ms

10 dc-lax-dc1--lax-hpr1-ge.cenic.net (137.164.22.12) 181ms 181ms 181ms

11 dc-sac-dc1--lax-dc1-pos.cenic.net (137.164.22.127) 190ms 190ms 189ms

12 dc-oak-dc2--csac-dc1-ge.cenic.net (137.164.22.110) 201ms 201ms 201ms

13 dc-oak-dc1--oak-dc2-ge.cenic.net (137.164.22.124) 192ms 193ms 192ms

14 dc-svl-dc1--oak-dc1-10ge.cenic.net (137.164.22.30) 192ms 193ms 193ms

15 ucb--svl-dc1-egm.cenic.net (137.164.23.66) 194ms 194ms 193ms

16 fast4-0-0.inr-667-eva.Berkeley.EDU (128.32.0.99) 203ms 203ms 204ms

17 router2-fast0-0-0.ICSI.Berkeley.EDU (169.229.0.30) 195ms 195ms 195ms

18 www.irtf.org (192.150.187.18) 195ms 195ms 194ms

3 delay measurements for each hop

Delays vary with link congestion

Large increase in delay as packets

pass over the Pacific Ocean Separate networks


Transport layer

• Main choices: basic UDP vs reliable TCP – NM traditionally over UDP because quick access to

some info often better than delayed access to all

info [P6>.

• Congestion control part of TCP, but being added to

UDP replacements (e.g. DCCP) – Important when downloading bulky NM info, e.g.

traffic flow statistics

• SCTP fixes many TCP flaws (e.g. vulnerability to

DOS attacks) and motivated for telco NOC.

• Transport Layer Security (TLS) between

application and Transport provides secrecy &

authentication services, e.g. https and ssh tele9752WU


netstat shows transport protocol state

$ netstat

Active Internet connections (w/o servers)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 alpha400.ee.unsw.e:smtp 190-49-181-211.sp:20260 ESTABLISHED

tcp 0 0 alpha400.ee.unsw.e:smtp reverse.68.70.184.:4429 ESTABLISHED

tcp 0 0 alpha400.ee.unsw.e:pop3 eo4.ee.unsw.EDU.AU:1680 TIME_WAIT

tcp 0 0 alpha400.ee.unsw.e:smtp 10-96-21-190.adsl.:4437 ESTABLISHED

tcp 0 0 alpha400.ee.unsw.e:http 149.171.87.41:4299 ESTABLISHED

tcp 0 0 alpha400.ee.unsw.ed:ssh adpg.ee.unsw.EDU.:34348 ESTABLISHED

tcp 0 55 alpha400.ee.unsw.e:smtp 230.73.41.59.broa:52781 LAST_ACK

udp 0 0 alpha400.ee.unsw.:47631 maestro.ee.unsw.:domain ESTABLISHED



tele9752AV


netstat shows statistics from MIBs $ netstat -s

Ip:

1081899150 total packets received

2840 with invalid headers

0 forwarded

428851599 incoming packets discarded

279188500 incoming packets delivered

104189345 requests sent out

112 outgoing packets dropped

596 dropped because of missing route

552 fragments dropped after timeout

568 reassemblies required

8 packets reassembled ok

552 packet reassembles failed

2 fragments received ok

8 fragments created

Icmp:

12696571 ICMP messages received

7 input ICMP message failed.

ICMP input histogram:

destination unreachable: 12679288

timeout in transit: 3965

echo requests: 12011

echo replies: 1307

12894165 ICMP messages sent

0 ICMP messages failed

ICMP output histogram:

destination unreachable: 12882154

echo replies: 12011

Tcp:

375343 active connections openings

765775 passive connection openings

590 failed connection attempts

115903 connection resets received

20 connections established

56984968 segments received

36639810 segments send out

366075 segments retransmited

3 bad segments received.

110695 resets sent

tele9752KA


Application layer

• Networked printers sometimes (e.g. <3T] & 149.171.36.91)

use SNMP to monitor status (of jobs & consumables)

• Trivial FTP (TFTP) [RFC1350] – Bare-bones FTP: read/write files, no directory

listings, authentication etc

– Simple to implement => traditionally used in router

bootloaders

– Insecure => suitable only for private networks, e.g.

out-of-band management <4U]

• whois: text-based Q&A protocol to access info

(particularly owner & tech support contact) for DNS

domains, IP address blocks, Autonomous System #s

Unix client, or web, e.g.: http://who.is/ tele9752J3

http://who.is/

http://who.is/


Uses of ASN.1

H.323 videoconferencing uses H.245 control channel

for signalling, which defines messages using ASN.1

X.509 digital certificates for security

ZigBee uses ASN.1 to define test cases

Others: http://www.itu.int/ITU-T/asn1/uses/index.htm

tele9752W0

http://www.itu.int/ITU-T/asn1/uses/index.htm





H.245 uses ASN.1

H.245 conveys capabilities of multimedia terminals, e.g. resolution of video encoding

TerminalCapabilitySet ::=SEQUENCE {

sequenceNumber SequenceNumber,

protocolIdentifier OBJECT IDENTIFIER,

multiplexCapability MultiplexCapability OPTIONAL,

capabilityTable SET SIZE (1..256) OF CapabilityTableEntry

OPTIONAL, ... }

CapabilityTableEntry ::=SEQUENCE { capabilityTableEntryNumber CapabilityTableEntryNumber,

capability Capability OPTIONAL }

Capability ::=CHOICE {

nonStandard NonStandardParameter,

receiveVideoCapability VideoCapability,

transmitVideoCapability VideoCapability,

...

receiveAudioCapability AudioCapability,

transmitAudioCapability AudioCapability, ...

tele9752F2

VideoCapability ::=CHOICE {

nonStandard NonStandardParameter,

h261VideoCapability H261VideoCapability,

h262VideoCapability H262VideoCapability,

...

H261VideoCapability ::=SEQUENCE {

qcifMPI INTEGER (1..4) OPTIONAL, -- units 1/29.97 Hz

cifMPI INTEGER (1..4) OPTIONAL, -- units 1/29.97 Hz temporalSpatialTradeOffCapability BOOLEAN,

maxBitRate INTEGER (1..19200), -- units of 100 bit/s

...


X.509 certificates use ASN.1

Defined using ASN.1 in RFC 2459: Certificate ::= SEQUENCE {

tbsCertificate TBSCertificate,

signatureAlgorithm AlgorithmIdentifier,

signatureValue BIT STRING }

TBSCertificate ::= SEQUENCE {

version [0] EXPLICIT Version DEFAULT v1,

serialNumber CertificateSerialNumber,

signature AlgorithmIdentifier,

...}

Version ::= INTEGER { v1(0), v2(1), v3(2) }

CertificateSerialNumber ::= INTEGER

AlgorithmIdentifier ::= SEQUENCE {

algorithm OBJECT IDENTIFIER,

parameters ANY DEFINED BY algorithm

OPTIONAL } tele9752KC


Encoding of web browser cert.

Firefox 5: Tools - Options - Advanced - View Certificates Select VeriSignClass3PublicPrimaryCertificationAuthority-G5

& export as DER (Distinguished Encoding Rules [J6>)

View with hex editor

Note Little Endian format: 1st byte of pair shown last,

e.g. 8230 = 30 82 = type 30 length 82...

8230 d304 8230 bb03 03a0 0102 0202 1810

d1da 269e e87d 4abb 5821 cccd 3b6b 304a serial # 18 da d1 9e 26 7d e8 bb 4a 21 58 cd cc 6b 3b 4a

060d 2a09 4886 f786 010d 0501 0005 8130

...

Bonus mark on offer if you can explain the full decoding

tele9752NV

Things to think about

• Critical thinking: With management/NOC functions

occurring in many layers, why haven’t management

planes <DW] “taken off”?

• Engineering methods: • Many engineered systems use compliance statements to

state adherence to standards (e.g. building codes)

• Links to other areas: • Modern modules with embedded electronics often include

diagnostics (e.g. automotive On-Board Diagnostics)

• Independent learning: • Try searching for techniques for troubleshooting protocols

that you know, e.g. WiFi and TCP

CopyriCopyright © Tim Moors

2017

Tele9752!!!!

https://www.google.com.au/webhp?q=troubleshoot+wifi

https://www.google.com.au/webhp?q=diagnose+tcp+problems


The end

• Next week: What gets managed and how it is

presented.

lecture 2: communication stack review (from the ...subjects.ee.unsw.edu.au/tele9752/2.pdf · •...

Documents