Professional Documents
Culture Documents
Study Notes-COMPUTER NETWORKS
Study Notes-COMPUTER NETWORKS
3. Routers 22
4. Switching 25
5. Routing Algorithms 30
6. Basics of Wi-Fi 33
9. IP Addressing 46
The OSI model is a reference tool for understanding data communication between hosts
with the help of seven layers approaches in the communication process.
Each layer performs specific functions to support the layers above it and uses services of
the layers below it.
Physical Layer:
The physical layer coordinates the functions required to transmit a bit stream over a
physical medium.
It deals with the mechanical and electrical specifications of interface and transmission
medium.
It also defines the procedures and functions that physical devices and interfaces have to
perform for transmission to occur.
Ethernet network interface card performs functions at both the physical layer and the data
link layer.
The physical layer defines characteristics of the interface between the devices and the
transmission medium.
It defines the type of transmission medium.
It defines the transmission rate (the number of bits sent each second).
It performs synchronization of sender and receiver clocks.
It is concerned with the connection of devices to the medium.
1. Point-to-point configuration: Two devices are connected together through a
dedicated link.
2. Multipoint configuration: A link is shared between several devices
It is concerned with the physical topology.
It defines the direction of transmission called transmission mode (simplex, half-duplex or
duplex).
It transmits bitstream over the communication channel.
Hardware Used: Repeater and Hub.
Data Unit: Bitstream
Data Link Layer:
The data link layer transforms the physical layer, a raw transmission facility, to a reliable
link.
It is responsible for Node-to-Node delivery.
It makes the physical layer appear error-free to the Network layer.
Network Layer:
The network layer is responsible for source to destination delivery of a packet possibly
across multiple networks (links).
If the two systems are connected to the same link, there is usually no need for a network
layer.
If the two systems are attached to different networks (links) with connecting devices
between networks, there is often a need of the network layer to accomplish source to
destination delivery.
Transport Layer:
The transport layer is responsible for- source to destination (end-to-end) delivery of the
entire message.
The network layer does not recognize any relationship between the packets delivered.
Network layer treats each packet independently, as though each packet belonging to a
separate message, whether or not it does. The transport layer ensures that the whole
message arrives intact and in order.
Session Layer:
Dialog Control: Session layer allows the communication between two processes to take
place either in half-duplex or full-duplex. It allows applications functioning on devices to
establish, manage and terminate a dialog through a network.
Synchronization: The session layer allows a process to add checkpoints
(synchronization points) into a stream of data.
Presentation Layer:
It is responsible for how an application formats data to be sent out onto the network.
It basically allows an application to read and understand the message.
Translation: Different systems use different encoding system, so the presentation layer
provides interoperability between these different encoding methods. This layer at the
sender end changes the information from sender dependent format into a common format.
The presentation layer at the receiver end changes the common format into its receiver
dependent format.
Encryption and Decryption: This layer provides encryption and decryption mechanism to
assure privacy to carry sensitive information. Encryption means the sender transforms the
original information to another form and at the receiver end, the decryption mechanism
reverses the new form of data into its original form.
Compression: This layer uses a compression mechanism to reduce the number of bits to
be transmitted. Data compression becomes important in the transmission of multimedia
such as text, audio and video.
Application Layer:
This layer enables the user, whether human or software, to access the network.
It provides user interfaces and support for services such as electronic mail, remote file
access and transfer shared database management and other types of distributed
information services.
Examples: Telnet, FTP, etc.
Network Virtual Terminal: It is a software version of a physical terminal and allows a
user to log on to a remote host. To do so, the application creates a software emulation of a
terminal at the remote host.
File Transfer, Access and Management: It allows a user to access files, retrieve files,
manage files or control files on a remote computer.
Mail Services: It provides Electronic messaging (e-mail storage and forwarding).
Directory Services: It provides distributed database sources and access for global
information about various objects and services.
Flow and Error Control Techniques Study
Notes
Flow Control: Flow control coordinates that amount of data that can be sent before receiving an
acknowledgement.
Error Control: Error control in the data link layer is based on ARQ (automatic repeat request),
which is the retransmission of data.
The term error control refers to methods of error detection and retransmission.
Everytime an error is detected in an exchange, specified frames are retransmitted. This
process is called ARQ.
To ensure reliable communication, there needs to exist flow control (managing the amount of
data the sender sends), and error control (that data arrives at the destination error free).
Error Detection and ARQ (error detection with retransmissions) must be combined with
methods that intelligently limit the number of ‘outstanding’ (unACKed) frames.
Flow & Error control techniques: Stop-and-Wait ARQ, Go-Back-N ARQ, and Selective
Repeat ARQ
For every frame that is sent, there needs to be an acknowledgment, which takes a similar
amount of propagation time to get back to the sender.
Only one frame can be in transmission at a time. This leads to inefficiency if propagation
delay is much longer than the transmission delay
Advantages of Stop and Wait:
o It's simple and each frame is checked and acknowledged well.
Disadvantages of Stop and Wait:
o Only one frame can be in transmission at a time.
o It is inefficient, if the distance between devices is long. Reason is propagation
delay is much longer than the transmission delay.
o The time spent for waiting acknowledgements between each frame can add
significant amount to the total transmission time.
Many factors including line noise can alter or wipe out one or more bits of a given data
unit.
Reliable systems must have mechanism for detecting and correcting such errors.
Error detection and correction are implemented either at the data link layer or the
transport layer of the OSI model.
Error Detection
Error detection uses the concept of redundancy, which means adding extra bits for
detecting errors at the destination.
Checking function performs the action that the received bit stream passes the checking
criteria, the data portion of the data unit is accepted else rejected.
In this technique, a redundant bit, called parity bit, is appended to every data unit, so that
the total number of 1's in the unit (including the parity bit) becomes even.
If number of 1's are already even in data, then parity bit will be 0.
Some systems may use odd parity checking, where the number of 1's should be odd. The
principle is the same, the calculation is different.
Checksum
There are two algorithms involved in this process, checksum generator at sender end and
checksum checker at receiver end.
The sender follows these steps
o The data unit is divided into k sections each of n bits.
o All sections are added together using 1's complement to get the sum.
o The sum is complemented and becomes the checksum.
o The checksum is sent with the data.
The receiver follows these steps
o The received unit is divided into k sections each of n bits.
o All sections are added together using 1's complement to get the sum.
o The sum is complemented.
o If the result is zero, the data are accepted, otherwise they are rejected.
Limitation of checksum:
It is not possible to detect the vertical error from the data which is received at receivers
end.
If noise modify the data in such a way that vertically placed bits can cancel the change
made to them then calculated checksum will always be same as received checksum. Such
errors cannot be detected and they are known as vertical errors.
Error Correction:
If an error is discovered in a data frame, indicating that it has been corrupted in transit, a
NAK frame is returned. NAK frames, which are numbered, tell the sender to retransmit
the last frame sent.
Piggybacking: In bidirectional communications, both parties send & acknowledge data,
i.e. both parties implement flow control. Outstanding ACKs are placed in the header of
information frames, piggybacking can save bandwidth since the overhead from a data
frame and an ACK frame (addresses, CRC, etc) can be combined into just one frame.
To cover retransmission of lost or damaged frames, some features are added to the basic
flow control mechanism of sliding window.
A Sender may send multiple frames as allowed by the window size.
The sending device keeps copies of all transmitted frames, until they have been
acknowledged. .
In addition to ACK frames, the receiver has the option of returning a NAK frame, if the
data have been received damaged. NAK frame tells the sender to retransmit a damaged
frame.
Here, both ACK and NAK frames must be numbered for identification.
ACK frames carry the number of next frame expected.
NAK frames on the other hand, carry the number of the damaged frame itself.
If the last ACK was numbered 3, an ACK 6 acknowledges the receipt of frames 3, 4 and
5 as well.
If data frames 4 and 5 are received damaged, both NAK 4 and NAK 5 must be returned.
Like stop and wait ARQ, the sending device in sliding window ARQ is equipped with a
timer to enable it to handle lost acknowledgements.
Sliding window ARQ is two types: Go-back-n ARQ, and Selective Reject ARQ.
There are two ACK processing methods in sliding windows:
o Selective ACK: The ACK N message acknowledges only the frame with
sequence number N
o Cumulative ACK : The ACK N message acknowledges all frames with sequence
number <= N
Damaged/Error Frame :
o In go-back-n ARQ, The receiver sends the NAK for this frame along with that
frame number, that it expects to be retransmitted.
o After sending NAK, the receiver discards all the frames that it receives, after a
damaged frame.
o The receiver does not send any ACK (acknowledgement) for the discarded
frames.
After the sender receives the NAK for the damaged frame, it retransmits all the
frames onwards the frame number referred by NAK.
Lost frame:
o In go-back-n ARQ, Receiver easily detects the loss of a frame as the newly
received frame is received out of sequence.
o The receiver sends the NAK for the lost frame and then the receiver discards all
the frames received after a lost frame.
o The receiver does not send any ACK for that discarded frames.
o After the sender receives the NAK for the lost frame, it retransmits the lost frame
referred by NAK and also retransmits all the frames which it has sent after the lost
frame.
Lost Acknowledgement :
o In go-back-n ARQ, If the sender does not receive any ACK or if the ACK is lost
or damaged in between the transmission.
o The sender waits for the time to run out and as the time run outs, the sender
retransmits all the frames for which it has not received the ACK.
o The sender identifies the loss of ACK with the help of a timer.
o The ACK number, like NAK number, shows the number of the frame, that
receiver expects to be the next in sequence.
o The window size of the receiver is 1 as the data link layer only require the frame
which it has to send next to the network layer.
o The sender window size is equal to ‘w’. If the error rate is high, a lot of
bandwidth is lost wasted.
Example: Frame 2 has an error, so receiver maintains buffer to store the next frames.
Damaged frames :
o In Selective reject, If a receiver receives a damaged frame, it sends the NAK for
the frame in which error or damage is detected.
o The NAK number, like in go-back-n also indicate the acknowledgement of the
previously received frames and error in the current frame.
o The receiver keeps receiving the new frames while waiting for the damaged frame
to be replaced.
o The frames that are received after the damaged frame are not be acknowledged
until the damaged frame has been replaced.
Lost Frame :
o As in a selective repeat protocol, a frame can be received out of order and further
they are sorted to maintain a proper sequence of the frames.
o While sorting, if a frame number is skipped, the receiver recognise that a frame is
lost and it sends NAK for that frame to the sender.
o After receiving NAK for the lost frame the sender searches that frame in its
window and retransmits that frame.
o If the last transmitted frame is lost then receiver does not respond and this silence
is a negative acknowledgement for the sender.
Lost Acknowledgement :
o In Selective reject, If the sender does not receive any ACK or the ACK is lost or
damaged in between the transmission.
o The sender waits for the time to run out and as the time run outs, the sender
retransmit all the frames for which it has not received the ACK.
o The sender identifies the loss of ACK with the help of a timer.
Routers Study Notes
Router
A router is a hardware component used to interconnect networks. Routers are devices whose primary
purpose is to connect two or more networks and to filter network signals so that only desired information
travels between them. Routers are much more powerful than bridges.
Routers can filter traffic so that only authorized personnel can enter restricted areas. They can permit or
deny network communications with a particular Web site. They can recommend the best route for
information to travel. As network traffic changes during the day, routers can redirect information to take
less congested routes.
Routers operate primarily by examining incoming data for its network routing and transport
information.
Based on complex, internal tables of network information that it compiles, a router then
determines whether or not it knows how to forward the data packet towards its destination.
Routers can be programmed to prevent information from being sent to or received from certain
networks or computers based on all or part of their network routing addresses.
Routers also determine some possible routes to the destination network and then choose the one
that promises to be the fastest.
ICMP uses each test/reply to test whether a destination is reachable and responding. It also handles both
control and error messages but its sole function is to report problems not correct them.
The term firewall is generic and includes many different kinds of protective hardware and software
devices. Routers comprise one kind of firewall.
Most firewalls operate by examining incoming or outgoing packets for information at OSI level 3, the
network addressing level.
Firewalls can be divided into 3 general categories: packet-screening firewalls, proxy servers (or
application-level gateways), and stateful inspection proxies.
Packet-screening firewalls examine incoming and outgoing packets for their network address
information. You can use packet-screening firewalls to restrict access to specific Web sites or to
permit access to your network only from specific Internet sites.
Proxy servers (also called application-level gateways) operate by examining incoming or
outgoing packets not only for their source or destination addresses but also for information
carried within the data area (as opposed to the address area) of each network packet. The data
area contains information written by the application program that created the packet—for
example, your Web browser, FTP, or TELNET program. Because the proxy server knows how to
examine this application-specific portion of the packet, you can permit or restrict the behaviour of
individual programs.
The Stateful inspection proxies monitor network signals to ensure that they are part of a
legitimate ongoing conversation (rather than malicious insertions)
Switching Study Notes
The following approaches useful when there are multiple devices in the network.
Install a point-to-point connection between each pair of devices, but it is impractical and wasteful
approach when applied to very large network.
For large network, we can go for switching. A switched network consists of a series of interlinked
nodes, called switches.
Switching:
In switching, packets are transferred from source to destination using MAC address.
Types of Switching:
Circuit Switching:
Guaranteed bandwidth
A reliable communication channel between hosts
Low per-packet overhead: No IP (and TCP/UDP) header on each packet
Packet Switching
To overcome the disadvantages of circuit switch. Packet switching concept came into the picture.
In a packet switched network, data are transmitted in discrete units of potentially variable length
blocks called packets.
Each packet contains not only data but also a header with control information (such as priority
codes and source and destination address).
A packet contains three major fields: The header, the message, and redundancy check bits.
The packets are sent over the network node to node.
At each node, the packet is stored briefly, then routed according to the information in its header.
Datagram Approach:
Each packet is treated independently from all others.
It is also called connection-less packet switching.
Each packet treated independently.
Packets can take any practical route in the network.
Packets may arrive out of order. Packets may go missing.
Routers in the internet are packet switches that operate in datagram mode.
Virtual Circuit Approach:
Routing:
Routing is the process of selecting paths in a network along which to send network traffic.
Goals of routing are correctness, simplicity, Robustness, Stability, Fairness and Optimality.
Routing is performed for many kinds of network, including the telephone network, electronic data
networks and transportation networks.
Routing Algorithms can be classified based on the following:
o Static or Dynamic Routing,
o Distributed or Centralized,
o Single path or Multi-path,
o Flat or Hierarchical,
o Intra Domain or Inter-Domain,
o link State or Distance Vector.
Algorithms may be static, the routing decisions are made ahead of time, with information about
the network topology and capacity, then loaded into the routers.
Algorithms may be dynamic, where the routers make decisions based on information they gather,
and the routes change over time, adaptively.
Routing can be grouped into two categories: Nonadaptive routing, and Adaptive routing.
Nonadaptive Routing
Once the pathway to destination has been selected, the router sends all packets for that destination
along that one route.
The routing decisions are not made based on the condition or topology of the network.
Examples: Centralized, Isolated, and Distributed Algorithms
Adaptive Routing
A router may select a new route for each packet (even packets belonging to the same
transmission) in response to changes in condition and topology of the networks.
Examples: Flooding, and Random Walk.
Routing Algorithms
Shortest Path Routing:
Links between routers have a cost associated with them. In general, it could be a function of
distance, bandwidth, average traffic, communication cost, mean queue length, measured delay,
router processing speed, etc.
The shortest path algorithm just finds the least expensive path through the network, based on the
cost function.
Examples: Dijkstra's algorithm
Distance Vector Routing:
In this routing scheme, each router periodically shares its knowledge about the entire network
with its neighbours.
Each router has a table with information about the network. These tables are updated by
exchanging information with the immediate neighbours.
It is also known as Belman-Ford or Ford-Fulkerson Algorithm.
It is used in the original ARPANET, and in the Internet as RIP.
Neighbouring nodes in the subnet exchange their tables periodically to update each other on the
state of the subnet (which makes this a dynamic algorithm). If a neighbour claims to have a path
to a node which is shorter than your path, you start using that neighbour as the route to that node.
Distance vector protocols (a vector contains both distance and direction), such as RIP, determine
the path to remote networks using hop count as the metric. A hop count is defined as the number
of times a packet needs to pass through a router to reach a remote destination.
For IP RIP, the maximum hop is 15. A hop count of 16 indicates an unreachable network. Two
versions of RIP exist version 1 and version 2.
IGRP is another example of a distance vector protocol with a higher hop count of 255 hops.
Periodic updates are sent at a set interval. For IP RIP, this interval is 30 seconds.
Updates are sent to the broadcast address 255.255.255.255. Only devices running routing
algorithms listen to these updates.
When an update is sent, the entire routing table is sent.
The following sequence of steps can be executed in the Link State Routing.
The basis of this advertising is a short packed called a Link State Packet (LSP).
OSPF (Open shortest path first) and IS-IS are examples of Link state routing.
Link State Packet(LSP) contains the following information:
1. The ID of the node that created the LSP;
2. A list of directly connected neighbours of that node, with the cost of the link to
each one;
3. A sequence number;
4. A time to live(TTL) for this packet.
When a router floods the network with information about its neighbourhood, it is said to be
advertising.
1. Discover your neighbours
2. Measure delay to your neighbours
3. Bundle all the information about your neighbours together
4. Send this information to all other routers in the subnet
5. Compute the shortest path to every router with the information you receive
6. Each router finds out its own shortest paths to the other routers by using Dijkstra's
algorithm.
In link-state routing, each router shares its knowledge of its neighbourhood with all routers in the
network.
Link-state protocols implement an algorithm called the shortest path first (SPF, also known as
Dijkstra's Algorithm) to determine the path to a remote destination.
There is no hop-count limit. (For an IP datagram, the maximum time to live ensures that loops are
avoided.)
Only when changes occur, It sends all summary information every 30 minutes by default. Only
devices running routing algorithms listen to these updates. Updates are sent to a multicast
address.
Updates are faster and convergence times are reduced. Higher CPU and memory requirements to
maintain link-state databases.
Link-state protocols maintain three separate tables:
1. Neighbour table: It contains a list of all neighbours, and the interface each neighbour is
connected off of. Neighbours are formed by sending Hello packets.
2. Topology table (Link- State table): It contains a map of all links within an area,
including each link’s status.
3. Routing table: It contains the best routes to each particular destination
Flooding Algorithm:
Where, μ = Mean number of arrivals in packet/sec, 1/μ = The mean packet size in the bits, and c
= Line capacity (bits/s).
The Optimality Principal: This simple states that if router J is on the optimal path form router I to router
k, then the optimal path from J to K also falls along this same path.
Current WiFi systems support a peak physical-layer data rate of 54 Mbps and typically provide indoor
coverage over a distance of 100 feet.
WiFi offers remarkably higher peak data rates than do 3G systems, primarily since it operates over a
larger 20 MHz bandwidth, but WiFi systems are not designed to support high-speed mobility.
WiFi interfaces are now also being built into a variety of devices, including personal data assistants
(PDAs), cordless phones, cellular phones, cameras, and media players.
WiFi is Half Duplex: All WiFi networks are contention-based TDD systems, where the access point and
the mobile stations all vie for use of the same channel. Because of the shared media operation, all Wi-Fi
networks are half duplex.
There are equipment vendors who market Wi-Fi mesh configurations, but those implementations
incorporate technologies that are not defined in the standards. Channel Bandwidth: The Wi-Fi standards
define a fixed channel bandwidth of 25 MHz for 802.11b and 20 MHz for either 802.11a or g networks.
Wi-Fi - IEEE Standards: The 802.11 standard is defined through several specifications of WLANs. It
defines an over-the-air interface between a wireless client and a base station or between two wireless
clients.
Specifications:
802.11 − This pertains to wireless LANs and provides 1- or 2-Mbps transmission in the 2.4-GHz
band using either frequency-hopping spread spectrum (FHSS) or direct-sequence spread spectrum
(DSSS).
802.11a − This is an extension to 802.11 that pertains to wireless LANs and goes as fast as 54
Mbps in the 5-GHz band. 802.11a employs the orthogonal frequency division multiplexing
(OFDM) encoding scheme as opposed to either FHSS or DSSS.
802.11b − The 802.11 high rate WiFi is an extension to 802.11 that pertains to wireless LANs
and yields a connection as fast as 11 Mbps transmission (with a fallback to 5.5, 2, and 1 Mbps
depending on strength of signal) in the 2.4-GHz band. The 802.11b specification uses only DSSS.
Note that 802.11b was actually an amendment to the original 802.11 standard added in 1999 to
permit wireless functionality to be analogous to hard-wired Ethernet connections.
802.11g − This pertains to wireless LANs and provides 20+ Mbps in the 2.4-GHz band.
Wi-Fi Concepts: There are two general types of Wi-Fi transmission: DCF (Distributed Coordination
Function) and PCF (Point Coordination Function). DCF is Ethernet in the air. It employs a very similar
packet structure, and many of the same concepts. There are two problems that make wireless different
then wired.
These problems demand that a DCF Wi-Fi be a CSMA/CA network (Collision Avoidance) rather than a
CSMA/CD network (Collision Detect). The results are the following protocol elements,
Positive Acknowledgement. Every packet sent is positively acknowledged by the receiver. The
next packet is not sent until receiving a positive acknowledgement for the previous packet.
Channel clearing. A transmission begins with a RTS (Request to Send) and the destination or
receiver responds with a CTS (Clear to Send). Then the data packets flow. For the channel is
cleared by these two messages.
Channel reservation: Each packet has a NAV (Network Allocation Vector) containing a number
X. The channel is reserved to the correspondents (the sender and receiver of this packet) for an
additional X milliseconds after this packet. Once you have the channel, you can hold it with the
NAV. The last ACK contains NAV zero, to immediately release the channel.
TELNET is client-server application that allows a user to log onto remote machine and
lets the user to access any application program on a remote computer.
TELNET uses the NVT (Network Virtual Terminal) system to encode characters on the
local system.
On the server (remote) machine, NVT decodes the characters to a form acceptable to the
remote machine.
TELNET is a protocol that provides a general, bi-directional, eight-bit byte oriented
communications facility.
Many application protocols are built upon the TELNET protocol
Telnet services are used on PORT 23.
FTP is the standard mechanism provided by TCP/IP for copying a file from one host to
another.
FTP differs form other client-server applications because it establishes 2 connections
between hosts.
Two connections are: Data Connection and Control Connection.
Data Connection uses PORT 20 for the purpose and control connection uses PORT 21 for
the purpose.
FTP is built on a client-server architecture and uses separate control and data connections
between the client and the server.
One connection is used for data transfer, the other for control information (commands
and responses).
It transfer data reliably and efficiently.
This is a protocol used mainly to access data on the World Wide Web (www).
The Hypertext Transfer Protocol (HTTP) the Web's main application-layer protocol
although current browsers can access other types of servers
A respository of information spread all over the world and linked together.
The HTIP protocol transfer data in the form of plain text, hyper text, audio, video and so
on.
HTTP utilizes TCP connections to send client requests and server replies.
it is a synchronous protocol which works by making both persistent and non persistent
connections.
To identify an entity, TCP/IP protocol uses the IP address which uniquely identifies the
connection of a host to the Internet.
DNS is a hierarchical system, based on a distributed database, that uses a hierarchy of
Name Servers to resolve Internet host names into the corresponding IP addresses required
for packet routing by issuing a DNS query to a name server.
However, people refer to use names instead of address. Therefore, we need a system that
can map a name to an address and conversely an address to name.
In TCP/IP, this is the domain name system.
DNS in the Internet: DNS is protocol that can be used in different platforms.
Domain name space is divided into three categories.
Generic Domain: The generic domain defines registered hosts according, to their generic
behaviour. Each node in the tree defines a domain which is an index to the domain name
space database.
Country Domain: The country domain section follows the same format as the generic
domain but uses 2 characters country abbreviations (e.g., US for United States) in place
of 3 characters.
Inverse Domain: The inverse domain is used to map an address to a name.
Overview of Services
LAN Technologies (Ethernet) Study Notes
Ethernet LANs consist of network nodes and interconnecting media. The network nodes fall into two
major classes:
Data terminal equipment (DTE) : Devices that are either the source or the destination of data
frames. DTEs are typically devices such as PCs, workstations, file servers, or print servers that,as
a group, are all often referred to as end stations.
Data communication equipment (DCE) : Intermediate network devices that receive and
forward frames across the network. DCEs may be either standalone devices such as repeaters,
network switches, and routers, or communications interface units such as interface cards and
modems.
Addressing: LAN data transmissions classified into one of three categories: Unicast, Multicast, and
Broadcast.
Unicast: Addressing is one-to-one, where one computer sends a frame to another computer. Even
though many stations can receive the same data, they should ignore it since it is not addressed to
them. With unicast transmissions, a single packet is sent from the source to a destination on a
network. The source-node addresses the packet by using the network address of the destination
node. The packet is then forwarded to the destination network and the network passes the packet
to its final destination.
Multicast: Addressing is one-to-many, where one computer is sending a frame to many other
computers. This can be done via a list of addresses, or some masking scheme that selects a subset
of addresses. With a multicast transmission, a single data packet is copied and forwarded to a
specific subset of nodes on the network. The source node addresses the packet by using a
multicast address.
Broadcast: Addressing is one-to-all, where one computer sends data to all computers connected
to the LAN. Broadcasts are found in LAN environments. Broadcasts do not traverse a WAN
unless the Layer 3 edge-routing device is configured with a helper address (or the like) to direct
these broadcasts to a specified network address.
LAN Topologies: There are 4 types of LAN topologies are available. (i) Bus, (ii) Ring, (iii) Star, and (iv)
Mesh. Bus: A bus topology consists of devices connected to a common, shared cable.
Ring: Connecting computers to a cable that forms a loop is referred to as setting up a ring topology.
Star: Connecting computers to cable segments that branch out from a single point, or hub, is referred to
as setting up a star topology.
Mesh: A mesh topology connects all computers in a network to each other with separate cables.
LAN Technologies
LAN Protocols function at the lowest two layers of the OSI reference model between the physical
layer and the data link layer.
The IEEE 802.3 standard defines Ethernet protocols for (Open Systems Interconnect) OSI’s
Media Access Control (MAC) sublayer and physical layer network characteristics.
The IEEE 802.2 standard defines protocols for the Logical Link Control (LLC) sublayer.
Media contention occurs when more than one network device has data to send at the same time.
The following two methods are used to access the network media where multiple devices cannot
talk on the network simultaneously.
o CSMA/CD : This network uses Ethernet technology.
o Token Passing : It uses Token Ring technology.
The CSMA/CD method is internationally standardized in IEEE 802.3 and ISO 8802.3
CSMA/CD is a type of contention protocol.
Standard Ethernet networks use CSMA/CD to physically monitor the traffic on the line at
participating stations.
It is a set of rules determining how network devices respond when two devices attempt to use a
data channel simultaneously (called a collision).
If no transmission is taking place at the time, the particular station can transmit.
If two stations attempt to transmit simultaneously, this causes a collision, which is detected by all
participating stations.
o The stations that collided attempt to transmit again after a random time interval.
o If another collision occurs, the time intervals from which the random waiting time is
selected are increased step by step. This is known as Binary exponential back off.
IEEE Standards
The term Ethernet refers to the family of local-area network (LAN) products covered by the IEEE
802.3 standard that defines what is commonly known as the CSMA/CD protocol.
A standard for a 1-persistent CSMA/CD LAN.
It operates at 10 Mbps using carrier sense multiple access collision detect (CSMA/CD) to run
over coaxial cable.
It covers the physical layer and MAC sublayer protocol.
3 Ethernet uses Manchester Phase Encoding (MPE) for coding the data bits on the outgoing
signal.
In Ethernet, both the data link and the physical layers are involved in the creation and
transmission of frames.
The physical layer is related to the type of LAN cabling and how the bits are transmitted and
received on the cable.
The hardware address, or MAC address is transmitted and stored in Ethernet network devices
in Canonical format i.e. Least significant Bit (LSB) first called as little endian.
The data link layer is divided into sublayers, the Logical Link Control (LLC) and the Media
Access Control layers (MAC).
The frames created by these layers contain several fields that are processed by Network Interface
Cards (NICs) in the sending and receiving devices.
Three data rates are currently defined for operation over optical fiber and twisted-pair cables:
Ethernet Specifications:
IEEE 802.3 Frame Format: Maximum 802.3 frame size is 1518 bytes and the minimum size is
64
bytes.
Preamble field: Establishes bit synchronization and transceiver conditions so that the PLS
circuitry synchs in with the received frame timing.
Start Frame Delimiter: Sequence 10101011 in a separate field..
Destination address: Hardware address (MAC address) of the destination station (usually 48 bits
i.e. 6 bytes).
Source address: Hardware address of the source station (must be of the same length as the
destination address, the 802.3 standard allows for 2 or 6 byte addresses).
Length: Specifies the length of the data segment, actually the number of LLC data bytes.
Pad: Zeros added to the data field to 'Pad out' a short data field to 46 bytes.
Data: Actual data which is allowed anywhere between 46 to 1500 bytes within one frame.
FCS: Frame Check Sequence to detect errors that occur during transmission.
Propagation Delay: Time taken for a signal to travel from the transmitter to the receiver
Transmission Delay (Time): Time taken to put the bits on the transmission media.
Transmission speed of 2Mbps means 2 × 106 bits can be transmitted in 1 second
Processing Delay: Time taken to execute protocols. (check for errors and send Acks etc.)
Round Trip Delay: Round trip delay is defined as the time between the first bit of the message
being put onto the transmission medium, and the last bit the acknowledgement being received
back by the transmitter. It is the sum of the all the delays detailed above. The round trip delay is
a critical factor in the performance of packet switched protocols and networks. Indeed, it has
been stated that a good algorithm for estimating the round trip delay is at the heart of a good
packet switch protocol.
Ethernet Efficiency
Let tprop denote the maximum time it takes signal energy to propagate between any two adapters.
Let ttrans be the time to transmit a maximum-size Ethernet frame (approximately 1.2 msecs for a 10
Mbps Ethernet).
Token Ring (IEEE 802.5):
Token Ring and FDDI, on the other hand, transmit the MAC address with the Most Significant
Bit (MSB) first, orBig-Endian, This is known as Non-Canonical
If the first bit of the token reaches the sender before the transmission of the last bit, then error situation
araises. To avoid this situation, the following condition should hold.
Propagation delay + transmission of n-bits (1-bit delay in each node) > transmission of the
token time
Modes of Operation
1. Listen Mode: In this mode the node listens to the data and transmits the data to the next node. In
this mode there is a one-bit delay associated with the transmission.
2. Transmit Mode: In this mode the node just discards the any data and puts the data onto the
network.
3. By-pass Mode: In this mode reached when the node is down. Any data is just bypassed. There is
no one-bit delay in this mode.
It is the first version of Internet Protocol to be widely used and accounts for most of today’s
Internet traffic.
IPv4:
It is classless.
Source and destination addresses are 128 bits (16 bytes) in length.
IPSec is mandatory and end to end.
Packet flow identification for QoS handling by routers is included in the IPv6 header using the
flow label field.
Fragmentation is not done by routers, only the sending host.
The header does not include a checksum.
All optional data is moved to IPv6 extension headers.
ARP request frames are replaced with multicast neighbor solicitation messages.
IGMP is replaced with Multicast Listener Discovery (MLD) messages.
ICMP router discovery is replaced with ICMPv6 Router solicitation and router advertisement
messages and is required.
There are no IPv6 broadcast addresses. Instead, a link-local scope all-nodes multicast address is
used.
Does not require manual configuration or DHCP.
Uses host address resource records in the Domain Name System to map host names to IPv6
addresses.
Uses pointer resource records in the IPv6 ARPA DNS domain to map IPv6 addresses to host
names.
Must support a 1280 byte packet size ( without fragmentation)
There are currently five different field length pattern in use, each defining a class of address.
An IP address is 32 bit long. One portion of the address indicates a network (Net ID) and the
other portion indicates the host (or router) on the network (i.e., Host ID).
To reach a host on the Internet, we must first reach the network, using the first portion of the
address (Net ID). Then, we must reach the host itself, using the 2nd portion (Host ID).
For Class A: First bit of Net ID should be 0 like in the following pattern
Masking is a process that extracts the address of the physical network from an IP address.
Masking can be done whether we have subnetting or not. If we have not subnetted the network,
masking extracts the network address form an IP address. If we have subnetted, masking extracts
the subnetwork address form an IP address.
Masks without Subnetting: To be compatible, routers use a mask even, if there is no
subnetting.
Boundary Level Masking: If the masking is at the boundary level (the mask numbers are either
255 or 0), finding the subnetwork address is very easy. Follow these 2 rules
The bytes in IP address that corresponds to 255 in the mask will be repeated in the
subnetwork address.
The bytes in IP address that corresponds to 0 in the mask will change to 0 in the
subnetwork address.
Non-boundary Level Masking: If the masking is not at the boundary level (the mask numbers
are not just 255 or 0), finding subnetwork address involves using the bit-wise AND operator,
follow these 3 rules
The bytes in IP address that corresponds to 255 in the mask will be repeated in the
subnetwork address.
The bytes in the IP address that correspond to 0 in the mask will be changed to 0 in the
subnetwork address.
As we can see, 3 bytes are ease {, to determine. However, the 4th bytes needs the bit-wise AND
operation.
Notation: x.y.z.w/n, where n denotes the mask value inside the given network.
UDP is a connection less protocol. UDP provides a way for application to send encapsulate IP datagram
and send them without having to establish a connection.
Datagram oriented
Unreliable, connectionless
Simple
Unicast and multicast
Useful only for few applications, e.g., multimedia applications
Used a lot for services: Network management (SNMP), routing (RIP), naming (DNS), etc.
UDP transmitted segments consisting of an 8 byte header followed by the payload. The two parts serve to
identify the end points within the source and destinations machine. When UDP packets arrives, its
payload is handed to the process attached to the destination ports.
TCP provides full transport layer services to applications. TCP is reliable stream transport port-to-port
protocol. The term stream in this context, means connection-oriented, a connection must be established
between both ends of transmission before either may transmit data. By creating this connection, TCP
generates a virtual circuit between sender and receiver that is active for the duration of transmission.
Flag bits
URG: Urgent pointer is valid If the bit is set, the following bytes contain an urgent message in the
sequence number range “SeqNo <= urgent message <= SeqNo + urgent pointer”
ACK: Segment carries a valid acknowledgement
PSH: PUSH Flag, Notification from sender to the receiver that the receiver should pass all data
that it has to the application. Normally set by sender when the sender’s buffer is empty
RST: Reset the connection, The flag causes the receiver to reset the connection. Receiver of a
RST terminates the connection and indicates higher layer application about the reset
SYN: Synchronize sequence numbers, Sent in the first packet when initiating a connection
FIN: Sender is finished with sending. Used for closing a connection, and both sides of a
connection must send a FIN.
Each machine supporting TCP has a TCP transport entity either a library procedure, a user process or port
of kernel. In all cases, it manages TCP streams and interfaces to the IP layer. A TCP entities accepts the
user data stream from local processes, breaks them up into pieces not exceeding 64 K bytes and sends
each piece as separate IP datagrams.
Sockets
A socket is one end of an inter-process communication channel. The two processes each establish their
own socket. The system calls for establishing a connection are somewhat different for the client and the
server, but both involve the basic construct of a socket.
3. Send and receive data. There are a number of ways to do this, but the simplest is to use
the read() and write() system calls.
The steps involved in establishing a socket on the server side are as follows:
Two processes can communicate with each other only if their sockets are of the same type and in the
same domain.
There are two widely used address domains, the unix domain, in which two processes which share a
common file system communicate, and the Internet domain, in which two processes running on any two
hosts on the Internet communicate. Each of these has its own address format.
The address of a socket in the Unix domain is a character string which is basically an entry in the file
system.
The address of a socket in the Internet domain consists of the Internet address of the host machine (every
computer on the Internet has a unique 32 bit address, often referred to as its IP address). In addition, each
socket needs a port number on that host. Port numbers are 16 bit unsigned integers. The lower numbers
are reserved in Unix for standard services.
For example, the port number for the FTP server is 21. It is important that standard services be at the
same port on all computers so that clients will know their addresses. However, port numbers above 2000
are generally available.
Socket Types
There are two widely used socket types, stream sockets, and datagram sockets.
Stream sockets treat communications as a continuous stream of characters, while datagram sockets have
to read entire messages at once. Each uses its own communications protocol. Stream sockets use TCP
(Transmission Control Protocol), which is a reliable, stream oriented protocol, and datagram sockets use
UDP (Unix Datagram Protocol), which is unreliable and message oriented. A second type of connection
is a datagram socket. You might want to use a datagram socket in cases where there is only one message
being sent from the client to the server, and only one message being sent back. There are several
differences between a datagram socket and a stream socket.
1. Datagrams are unreliable, which means that if a packet of information gets lost somewhere in the
Internet, the sender is not told (and of course the receiver does not know about the existence of
the message). In contrast, with a stream socket, the underlying TCP protocol will detect that a
message was lost because it was not acknowledged, and it will be retransmitted without the
process at either end knowing about this.
2. Message boundaries are preserved in datagram sockets. If the sender sends a datagram of 100
bytes, the receiver must read all 100 bytes at once. This can be contrasted with a stream socket,
where if the sender wrote a 100 byte message, the receiver could read it in two chunks of 50 bytes
or 100 chunks of one byte.
3. The communication is done using special system calls sendto() and receivefrom() rather
than the more generic read() and write().
4. There is a lot less overhead associated with a datagram socket because connections do not need to
be established and broken down, and packets do not need to be acknowledged. This is why
datagram sockets are often used when the service to be provided is short, such as a time-of-day
service.
Warning Bit: A special bit in the packet header is set by the router to warn the source when congestion is
detected. The bit is copied and piggy-backed on the ACK and sent to sender.
The sender mentions the number of ACK (acknowledgment) packets, it receives with the warning bit set
and adjusts its transmission rate accordingly.
Choke Packets: A choke packet is control packet generated at congested node and transmitted to restrict
traffic flow.
The source, one receiving the choke packet must reduce its transmission rate by a certain percentage.
Load Shedding: When buffers become full routers simply discard packets. Which packet is chosen to be
the victim depends on the application and on the error strategy used in data link layer.
Random Early Discarded (RED): This is a proactive approach in which the router discards one or more
packets before the buffer becomes completely full. Each time a packet arrives, the RED algorithm
computes the average queue length.
Traffic Shaping
Another method to congestion control is to shape the traffic before it enters the network.
It controls the rate at which packets are sent (not just how many). Used in ATM and integrated
services networks.
At connections setup time, the sender and carrier negotiate a traffic pattern (shape).
Two traffic shaping algorithms are as follows
1. Leaky Bucket
2. Token Bucket
The leaky bucket enforces a constant output rate (average rate) regardless of the burstiness of the input.
Does nothing when input is idle.
When packets are of the same size (as in ATM cells), the host should inject one packet per clock tick onto
the network. But for variable length packets, it is better to allow a fixed number of bytes per tick.
C+ρs= Ms
Network security problems can be divided roughly into four intervened areas:
In the physical layer, wiretapping can be foiled by enclosing transmission lines in sealed tubes
containing argon gas at high pressure. Any attempt to drill into a tube will release some gas,
reducing the pressure and triggering an alarm (used in some military systems).
In the data link layer, packets on a point-to-point line can be encoded.
In the network layer, firewalls can be installed to keep packets in/out.
In the transport layer, the entire connection can be encrypted.
Network security starts with authenticating, commonly with a username and password since this requires
just one detail authenticating the username i.e., the password this is some times teamed one-factor
authentication.
Using this model require us to
Cryptography
It is a science of converting a stream of text into coded form in such a way that only the sender and
receiver of the coded text can decode the text. Nowadays, computer use requires automated tools to
protect files and other stored information. Uses of network and communication links require measures to
protect data during transmission.
Symmetric/Private Key Cryptography (Conventional/Private key/Single key)
Symmetric key algorithms are a class of algorithms to cryptography that uses the same cryptographic key
for both encryptions of plaintext and decryption of ciphertext. The may be identical or there may be a
simple transformation to go between the two keys.
In symmetric private key cryptography, the following key features are involved
Advantage of Secret key algorithm: Secret Key algorithms are efficient: it takes less time to encrypt a
message. The reason is that the key is usually smaller. So it is used to encrypt or decrypt long messages.
Disadvantages of Secret key algorithm: Each pair of users must have a secret key. If N people in
the world want to use this method, there needs to be N (N-1)/2 secret keys. For one million people to
communicate, a half-billion secret keys are needed. The distribution of the keys between two parties can
be difficult.
Asymmetric/Public Key Cryptography
Public key cryptography refers to a cryptographic system requiring two separate keys, one of which is a
secret/private and one of which is public although different, the two parts of the key pair are
mathematically linked.
Public Key: A public key, which may be known by anybody and can be used to encrypt
messages and verify signatures.
Private Key: A private key, known only to the recipient, used to decrypt messages and sign
(create) signatures. It is symmetric because those who encrypt messages or verify the signature
cannot decrypt messages or create signatures. It is computationally infeasible to find decryption
key knowing only algorithm and encryption key. Either of the two related keys can be used for
encryption, with the other used for decryption (in some schemes).
Bob encrypts a plaintext message using Alice's public key using encryption algorithm and sends
it over communication channel.
On the receiving end side, only Alice can decrypt this text as she only is having Alice’s private
key.
Advantages of public key algorithm:
1. Remove the restriction of a shared secret key between two entities. Here each entity can create a
pair of keys, keep the private one, and publicly distribute the other one.
2. The no. of keys needed is reduced tremendously. For one million users to communicate, only two
million keys are needed.
The disadvantage of the public key algorithm: If you use large numbers the method to be effective.
Calculating the cipher text using the long keys takes a lot of time. So it is not recommended for large
amounts of text.
A keyed function of a message sender of a message m computers MAC (m) and appends it to the
message.
Verification: The receiver also computers MAC (m) and compares it to the received value.
Security of MAC: An attacker should not be able to generate a valid (m, MAC (m)), even after seeing
many valid messages MAC pairs, possible of his choice.
MAC from a block cipher can be obtained by using the following suggestions
RSA Algorithm
RSA is an algorithm for public-key cryptography RSA (Rivest Shamir Adleman) algorithm was publicly
described in 1977.
The extended Eucledian algorithm can efficiently find the solution to this problem.
RSA Algorithm
DES is a block cipher--meaning it operates on plaintext blocks of a given size (64-bits) and returns
ciphertext blocks of the same size. Thus DES results in a permutation among the 264 possible
arrangements of 64 bits, each of which may be either 0 or 1. Each block of 64 bits is divided into two
blocks of 32 bits each, a left half-block L and a right half R. (This division is only used in certain
operations.)
Authentication protocols
Authentication: It is the technique by which a process verifies that its communication partner is who it is
supposed to be and not an imposter. Verifying the identity of a remote process in the face of a malicious,
active intruder is surprisingly difficult and requires complex protocols based on cryptography.
The general model that all authentication protocols use is the following:
An initiating user A (for Alice) wants to establish a secure connection with a second user B (for
Bob). Both and are sometimes called principals.
Starts out by sending a message either to or to a trusted key distribution centre (KDC), which is
always honest. Several other message exchanges follow in various directions.
As these messages are being sent, a nasty intruder, T (for Trudy), may intercept, modify, or
replay them in order to trick and When the protocol has been completed, is sure she is talking to
and is sure he is talking to. Furthermore, in most cases, the two of them will also have established
a secret session key for use in the upcoming conversation.
In practice, for performance reasons, all data traffic is encrypted using secret-key cryptography, although
public-key cryptography is widely used for the authentication protocols themselves and for establishing
the (secret) session key.
1. Have the initiator prove who she is before the responder has to.
2. Have the initiator and responder use different keys for proof, even if this means having two
shared keys, and .
3. Have the initiator and responder draw their challenges from different sets.
Assume that and already know each other's public keys (a nontrivial issue).
Digital signatures: For computerized message systems to replace the physical transport of paper and
documents, a way must be found to send a “signed” message in such a way that
Secret-key signatures: Assume there is a central authority, Big Brother (BB), that knows everything and
whom everyone trusts.
If later denies sending the message, how could prove that indeed sent the message?
First points out that will not accept a message from unless it is encrypted with.
Then produces, and says this is a message signed by which proves sent to.
Is asked to decrypt and testifies that is telling the truth.
Can check all recent messages to see if was used in any of them (in the past hour).
The timestamp is used throughout, so that very old messages will be rejected based on the
timestamp.
Public-key signatures: It would be nice if signing documents did not require a trusted authority (e.g.,
governments, banks, or lawyers, which do not inspire total confidence in all citizens).
Another new standard is the Digital Signature Standard (DSS) based on the EI Gamal public-key
algorithm, which gets its security from the difficulty of computing discrete logarithms, rather than
factoring large numbers.
Message digest
It is easy to compute.
No one can generate two messages that have the same message digest.
To sign a plain text, first computer, and performs, and then sends both and to.
When everything arrives, applies the public key to the signature part to yield, and applies the
well-known to see if the so computed agrees with what was received (in order to reject the forged
message).
Firewall:
A firewall is a network security device that monitors incoming and outgoing network traffic and
decides whether to allow or block specific traffic based on a defined set of security rules.
A firewall can be hardware, software, or both.
Types of firewalls
Packet-filtering firewalls operate at the router and compare each packet received to a set of
established criteria (such as allowed IP addresses, packet type, port number, etc.) before being
either dropped or forwarded.
Multilayer inspection firewalls combine packet filtering with circuit monitoring, while still
enabling direct connections between the local and remote hosts, which are transparent to the
network. They accomplish this by relying on algorithms to recognize which service is being
requested, rather than by simply providing a proxy for each protected service.
Circuit-level gateways monitor the TCP handshaking going on between the local and remote
hosts to determine whether the session being initiated is legitimate -- whether the remote system
is considered "trusted." They don't inspect the packets themselves, however.
Stateful inspection firewalls, on the other hand, not only examine each packet, but also keep
track of whether or not that packet is part of an established TCP session. This offers more
security than either packet filtering or circuit monitoring alone, but exacts a greater toll on
network performance.
Cryptography
Keys:
Cryptography
Symmetric Key Cryptography: When a single key is used for both encryption and decryption of
the data. Example: Diffie Hellman KEy Exchange Algorithm.
Asymmetric Key Cryptography: when different keys are used for both encryption and decryption
of the data.
Choose two prime NO g and n (and) x and y be the secret of both senders and receiver
respectively.
Calculate R1= gxmodn at receiver's end.
Calculate R2= gymodn at sender end.
Both will exchange the keys at their end with each other. Then the new calculated key will be
{KAB= gxymodn}
RSA Algorithm
Digital Signature
Confidentiality to data
Authentication of user