Professional Documents
Culture Documents
FIT9137 All Slides
FIT9137 All Slides
Introduction to Computer
Architecture and Networks
Week 1: Introduction to Computer Architecture
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Some Computer
Equipment
FIT9137
FLUX: Architecture
What does CPU stand for?
FIT9137 5
CPU - Intel Core i7
FIT9137 6
Hard Disk Drives
FIT9137 7
A 250 MB hard disk drive from the 1970s
http://royal.pingdom.com/2008/04/08/the-history-of-computer-data-storage-in-pictures/
FIT9137 8
RAM (memory) chip
FIT9137 9
Computer Motherboard
FIT9137 10
ENIAC
FIT9137 11
Supercomputer
FIT9137 12
Quantum Computer
source: https://www.engineering.unsw.edu.au
FIT9137 13
Some Key People in
Computing
FIT9137
Bill Gates - Microsoft founder
FIT9137 15
Steve Jobs - Apple computer co-founder
FIT9137 16
Ken Thompson and Dennis Ritchie - receiving the 1999
US National Technology Medal for the invention of Unix
FIT9137 17
Larry Ellison - Oracle founder
FIT9137 18
Richard Stallman - Founder of the Free Software
Foundation and creator of the GNU Project
FIT9137 19
Linus Torvalds - Creator of Linux
FIT9137 20
The Computing Environment
FIT9137 21
Anatomy of a Personal Computer
FIT9137 22
Basic components of a PC
• CPU: Central Processing Unit
FIT9137 23
The von Neumann Architecture
• ENIAC was the first general purpose (programmable) electronic
digital computer.
FIT9137 24
The von Neumann Architecture
• The solution : a “stored program computer”
FIT9137 25
How Computers Function
• Computers execute instructions.
CPU Arithmetic/Logic
Instruction Operations
Decoder/Control Unit Control
Signals
Results
FIT9137 26
The Language of Computers
• How is ‘intangible’ software communicated to ‘tangible’ hardware?
FIT9137 27
The Language of Computers
• Series of bits used to represent various data and instructions.
FIT9137 28
The Fetch/Execute Cycle
• Cycle
• A processor can have several states, However, the following are used in conventional
computers
• Fetch
• CPU fetches instructions and data from main memory and stores it in special memory
locations (Registers).
• Decode
• Execute
• The instruction is carried out (executed) on the data and any temporary result is stored
in a register.
FIT9137 29
Interrupts
• Modern computer systems are interrupt driven.
• Program/Software
• Timer
• I/O
• Other Hardware
FIT9137 30
Interrupt and Multiprocessing
• The interrupt mechanism can be used to implement one
of the key features of all modern computer systems –
multiprocessing.
FIT9137 31
Lecture Summary
• Computer Architecture
• Language of Computer
• Fetch/Execution Cycle
FIT9137 32
Lab Week 2 Overview
• Introduction
FIT9137 33
Next week: Introduction to Operating Systems
• Computer Architecture
FIT9137 34
FIT9137
Introduction to Computer
Architecture and Networks
Week 2: Computer Architecture and Operating Systems
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Computer Architecture
and Operating Systems
FIT9137
Today
• Computer architecture
FIT9137 4
Applications
• Think about new types of applications
• Internet of Things
• Forecasting
• Drug discovery
FIT9137 5
Computer Architecture
• Infrastructure architecture
• Application architecture
FIT9137 6
Infrastructure Architecture
• Application /
Programming languages
• Virtual Machine /
Operating System
• Instruction Set
Architecture (ISA) /
Microarchitecture
• Logic / Circuits
FIT9137 7
Application Architecture
FIT9137 8
CSIRAC: Australia’s 1st digital computer
FIT9137 9
Monash Computing Museum
FIT9137 10
History of Operating Systems
FIT9137 11
What is an Operating System (O/S)?
• A typically large piece of software that allows users of computer hardware to:
• Unix/Linux
• Microsoft Windows
• Mac OS
• ….
FIT9137 12
Operating Systems
• Operating systems control the underlying computer
hardware.
• Can also control how the CPU and other computer Application
resources are allocated to individual users or programs. Utilities Software
Operating System
FIT9137 13
Operating Systems (users & files)
• Many modern operating systems (including Unix) are multi-user systems.
• The operating system should provide separate file spaces for different
users (typically called “home directories”) so that files can be kept
separate and private.
FIT9137 14
Operating Systems (processes)
• A multi-user operating system is generally also a multi-tasking
operating system
FIT9137 15
History of Unix
FIT9137 16
History of Unix
FIT9137 17
History of Unix - GNU
• Richard Stallman (often referred to by his
username rms) is the father of the Free
Software Foundation which included the
GNU (GNU’s not UNIX) project.
FIT9137 18
History of Unix - MINIX
• Andrew Tanenbaum (PhD UC Berkeley)
wrote a UNIX clone from scratch called
MINIX in order to support an operating
systems course he was teaching. At the
time AT&T did not permit the teaching of
UNIX V6 internals. Full source code for
MINIX was published as an appendix to
his textbook Operating Systems: Design
and Implementation in 1987.
FIT9137 19
History of Unix - MINIX
PS. Yes - it's free of any minix code, and it has a multi-threaded fs.It is NOT protable (uses 386 task switching
etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(.
FIT9137 20
Unix versus Microsoft Windows
• Almost a religious debate
• Points of comparison:
• Stability
• Security
• Flexibility
• Interface
FIT9137 21
Unix Philosophy
• Programs are tools.
• Like any good tool, they should be specific in function, but usable for many
different purposes.
• Within limits, the output of any program should be usable as the input of
another program.
FIT9137 22
Major Functions of an O/S
• File Management
• Memory Management
• Process Management
FIT9137 23
1. File Management
• The operating system is key to the control of data on secondary storage. Operating systems
typically operate on the concept of a file – a collection of logically related data.
• Unix takes the file concept to an extreme – everything in Unix is treated as a file. (more
about this concept later…)
• The file management system within the operating system should hide any device specific
details from the applications.
FIT9137 24
2. Memory Management
• The operating system is also key to the control of data in primary storage
(main memory).
• The main memory is a finite (small, and usually more expensive) resource
that must be carefully allocated.
FIT9137 25
3. Process Management
• A process is normally defined as “a program in execution”.
FIT9137 26
File Management
FIT9137
File Management
• File management systems allow users to store information in
fundamental units called 'files'. What the file actually represents
is defined by the system and/or the user.
FIT9137 28
O/S File Systems
• A File System is a data structure to serve a particular
application need.
FIT9137 29
Popular File Systems
• Windows:
• Unix:
• UFS (Universal File System) and VxFS (Veritas File System) used
in most UNIX flavors
FIT9137 30
File management in Unix
FIT9137 31
File management in Unix
• O/S maintains a directory structure for each device, to
facilitate location and organization of user files, and
keeps track of free space, allocating space and
reclaiming it as required.
FIT9137 32
Files
• Like any operating system, Unix works on the concept of files, which are stored in a file
system. But the concept of a file in Unix is more profound than in other operating systems:
• In Unix, files are simply a collection of bytes stored on the storage medium. They can
represent any of the following types:
• Ordinary Files
• Directories
• A directory is another type of file in Unix - a special “file” that can contain other
files and other directories.
• Special Files
• Other types of files, eg. files that represent hardware devices like hard drives.
FIT9137 33
Files - naming conventions
• Unix is case-sensitive. In general, most Unix commands are in
lowercase letters (ie. Unix does not like uppercase letters!).
FIT9137 34
Files - naming conventions
• In theory, any name can be used for a file or a directory (with the
exception of the “root directory” which must always be named /).
Unix is also very generous with the length of a filename.
FIT9137 35
Files - naming conventions
• UNIX stores files on the disk in a hierarchical structure.
• The top of the hierarchy is referred to as the root directory and is always named /
file1 file2
files 8
FIT9137 36
The Working Directory
• When working on a UNIX system, you are always
working within a particular directory in the file system.
This is called either the working directory or the current
directory.
FIT9137 37
FLUX: OS functions
Key OS functions are:
1. File management
2. Memory management
3. Process management
• Major functions of OS
• History of Unix
• Unix vs Windows
FIT9137 39
Lab Week 3 Overview
• Basic knowledge
• Linux environment
• Linux commands
FIT9137 40
Next week: Operating Systems Functions
• Memory Management
• Process Management
FIT9137 41
FIT9137
Introduction to Computer
Architecture and Networks
Week 3: Operating Systems Functions
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Today
• Memory Management
• Process Management
FIT9137 3
File Management
FIT9137
Ownership of files
$ ls –l ! Note : the ‘$’ (the prompt) is not part of the command!
FIT9137 5
A special file : /etc/passwd
russel:x:1001:1002:ABM Russel:/home/russel:/bin/tcsh
• There is also a similar file, /etc/group, which holds
information about all the groups in the system.
FIT9137 6
More on Files
• File system is “flat” under Unix kernel (i.e. there is no real distinction
between directories and files under Unix kernel).
• a program is a file.
FIT9137 7
More on Files
FIT9137 8
Using Unix Commands
• The original Unix O/S only allows users to interact with
it via text commands (ie. user types in commands via a
terminal). This is known as the “Command-Line”
interface.
FIT9137 9
Using Unix Commands
• The command-line interface is still popular among advanced Unix
users, because it is generally faster & more flexible.
FIT9137 10
Using Unix Commands
• In the command-line window, commands are typed in
by the user, eg. :
FIT9137 11
A simple command example
• In the diagram, can you identify examples of these?
• a command
• a command output
• a command prompt
FIT9137 12
File types – as shown by ls -l
• Character File type
- regular (ordinary) file
d directory
b buffered special file (e.g. a disk drive)
c unbuffered special file (e.g. a terminal)
l symbolic link
p pipe
s socket
The command ls –l will show things such as file types, permissions, file sizes,
modification dates, etc
The file command returns the type of the content of the given file name :
$ file exercise
exercise: ascii text
FIT9137 13
File permissions
• Three levels of permissions :
• the user
• the user’s group and
• others who have account on the system
FIT9137 14
File permissions
• A total of nine (9) binary bits representing the permissions:
FIT9137 15
Using ls -l to show file permissions
FIT9137 16
File permissions : example using ls -l
Output explanations :
• The permission mode of this file is read and write for the owner, read and write
for the group and read only for others
• There is 1 hard link
• The user-id of the file’s owner is russel
• The group-id of the file is russel
• The size of the file is 17 “blocks” – NB. block size can vary between systems
• The file was last modified on Feb 4 17:25
• The file name is nontes
The option “-l” in the command above is to request the output in long format
There is another option, “-h”, which will make ls display sizes in “human readable” format
(eg. 8K, 555M, 4G, etc)
FIT9137 17
Change file permission (chmod)
FIT9137 18
chmod: Examples
You can also combine the options,
eg. chmod u+x,o+w temp
• ls -l nontes
chmod a=rw notes (set all permissions)
FIT9137 19
File access for processes
• When a process executes, it has four id’s:
• a real user-id
• an effective user-id
• a real group-id
• an effective group-id
FIT9137 20
Real versus Effective user id’s
• Real UID is the UID of the user that created THIS process – ie. the
user who executes/runs the program.
FIT9137 21
File access for processes
• When a process tries to access a file, which of the three (User,
Group, or Others) ownership permission applies
FIT9137 22
setuid and setgid
• A process’ access privileges depend on who executes the process, not
on who owns the executable program itself
• This is safer in general, but not helpful in some (rare, but important) cases.
• In both cases, the real uid and gid are not affected
•
FIT9137 23
Example of using set-uid
• /etc/passwd file stores the encrypted passwords (plus
other info) of all registered users in the system
FIT9137 24
Example of using set-uid
• Let’s examine the permissions of the /usr/bin/passwd
utility:
this means: users cannot directly modify the /etc/passwd file, but can change his/her own password
by using the passwd command. This is required for obvious security reasons...
FIT9137 25
Some commonly used Octal (base-8) values for
file permissions
700 ==> /* owner: rwx------ */
400 ==> /* owner: r-------- */
Values of 0-7 can be used
200 ==> /* owner: -w------- */ to indicate if a particular
100 ==> /* owner: --x------ */ bit is “on or “off”
070 ==> /* group: ---rwx--- */
040 ==> /* group: ---r----- */ This sort of “shortcut” is
020 ==> /* group: ----w---- */ commonly used in Unix
010 ==> /* group: -----x--- */ commands
007 ==> /* others: ------rwx */
004 ==> /* others: ------r-- */ a ‘1’ means the
002 ==> /* others: -------w- */ corresponding
001 ==> /* others: --------x */ bit is “on”
Examples :
4 0 0 (4 0 0 == 100 000 000)
chmod 400 file1 ====> r--------
chmod 764 file2 ====> rwxrw-r--
FIT9137 26
Standard Input, Output and Error
• Remember, in Unix, everything is a file…
Every time a shell is started, 3 files are opened automatically :
stdin, stdout, stderr
File Default Device File Descriptor
stdin keyboard 0
stdout screen 1
stderr screen 2
A process can then easily read/write to/from these “files”; this makes I/O
programming relatively easy.
FIT9137 27
Directories (Unix)
FIT9137 28
Example: directory structure (logical vs physical)
123 . \0
247 .. \0
260 b o o k \0
401 m e m o s \0
ben
401 . \0
800 k d \0
kd kh mw c1 810 k h \0
825 m w \0
566 c h a p 1 \0
567 c h a p 2 \0
590 c h a p 3 \0
38
FIT9137 29
Directory permissions (Unix)
• Read permission
• Write permission
• Processes can alter the directory, i.e. create and remove existing files. Note:
write permission on a file is required to modify its contents (this is not
altering the directory so write permission on the directory does not say
anything about this) but not to remove it if the directory has write permission!
• Execute permission
• Allows a user to change into the directory (cd from the shell or chdir as a
system call). In addition, to open a file or execute a program a user must
have execute permission on all the directories leading to the file as specified
in the file’s absolute pathname.
FIT9137 30
Links - Hard Links
• A hard link is a pointer/reference to a file - every file has at least
one hard link to it.
• The link is how the operating system associates a file name with
the address of the actual data on the storage device.
• A file exists until the last hard link to it is removed. When the
last hard link is removed, the space previously used by the file is
marked for re-use.
FIT9137 31
Links – Symbolic Links
symlinks can exist even if the file they pointed to does not exist!
symlinks must be used if a link is to span filesystems
(sometimes referred to as partitions). Hard links cannot be used
on directories, and do not work across different filesystems.
FIT9137 32
Unix ln command examples
FIT9137 33
FLUX: Links
Which statement is true about links?
FIT9137
Memory management
• Physical main memory is finite (and expensive).
Single-processing: 1 process in memory at any one time. Easy to
implement – either it fits or it doesn't.
Multi-processing : multiple processes in memory at the same time.
FIT9137 36
Swapping
• Swapping is a technique used to run more than one
process at once. It allows the computer to rapidly "swap"
its CPU between the process by loading and unloading
them into/from memory. The switching occurs sufficiently
quickly that it gives the user the illusion that the system is
multi-tasking.
FIT9137 37
Virtual Memory
• Virtual Memory is a more complicated technique used to
solve memory management problems. It allows the
computer to separate logical program addresses from
actual physical addresses, using dynamic relocation of
program addresses in memory.
FIT9137 38
Memory Fragmentations
• Allowing multiple processes to reside in memory creates the potential
problem of Memory Fragmentation – sections of memory locations
which are "free", but are not contiguous (ie. the free spaces,
possibly in different sizes, are scattered throughout the
memory), leading to possible memory wastage. This happens
when processes finish running and are removed from memory at
various times.
FIT9137 39
Example : Internal Fragmentation with fixed
partitions (but different sizes)
FIT9137 40
Example : External Fragmentation with variable
sized partitions
Initial state Final state
FIT9137 41
Memory Management – Paging
FIT9137 42
Memory Management – Paging
FIT9137 43
Memory Management – Paging
FIT9137 44
Example : Logical Pages versus Physical Frames
Pages Frames
……..
………. 13
Logical Physical
Address Address
Frame 1 of
14
1 30 14 30 Process A
(Page#) (Page Offset) (Frame#) (Frame Offset)
Frame 2 of
Processs A's Process A 15
Page Table
(simplified view) ……..
1 14
Frame 3 of
2 15 27
Process A
3 27 Frame 4 of
4 28 Process A 28
(Physical
Memory)
FIT9137 45
Page Table
FIT9137 46
Process Table
• The O/S also maintains a Process Table for all the processes. A
Process Table contains entries called Process Control Blocks (PCB).
Each PCB represents one process.
• program counter
• resources in-used/needed
• etc
FIT9137 47
Improving Paging performance by Caching
FIT9137 48
Paging with Cache
Hit ratio = percentage of times a page is found in the cache.
Highly-dependent on the number of registers in the cache.
With caching :
0.8 * (50 + 750) + 0.2 * (50 + 750 + 750) => 950 ns for every
access
FIT9137 49
Page Replacement/Swapping
• If a required page is not in memory then an interrupt
called Page Fault results. This causes the required page
to be loaded (from secondary memory) into main memory,
and the page table updated. Page table indicates whether
page is in memory, using a "valid/invalid" bit entry.
FIT9137 50
Paging Algorithms
ie. O/S would need to keep track
of each memory access with a time-stamp
FIT9137 51
Paging Algorithm Variations
• Some algorithms use a "reference" bit which is set
when page is used, but periodically reset by system.
Not Used Recently (NUR) - modification of LRU, that also looks
at whether page has been modified (in addition to being
accessed).
FIT9137 52
Program Locality
• Why Virtual Memory works:
Programs tend to work within sections
• As the program proceeds, sections change, but at any one time, for
a period of time, programs will work within the same section. This is
the concept of Locality. Eg: a program may spend a lot of time
performing a loop, or accessing consecutive elements of a list,
etc…
• “Working Set”= the minimum number of pages that meets the
locality requirement (ie. the amount of primary memory, measured
in pages, that is required for a program to make effective progress
without excessive page-swapping).
• Some operating systems maintain estimates of the working set for
all running processes.
•
FIT9137 53
The Working Set Model
• As the number of pages allocated to a process decreases,
number of page faults increase. Need to store enough pages
of the process so that the CPU may be used effectively.
FIT9137 54
The Working Set Model
• Idea of working set relies on 'locality of execution' principle - that
only a small number of pages from few modules in program are in
use at one time. The O/S must keep track of current working set.
• loaded on demand,
FIT9137 55
Page Replacement Policy
• Local vs Global Page Replacement Policies
Whenever there is a need to replace pages in memory, what is the range of
pages that the replacement policy is applied to?
• local - replaces pages actually owned by the process
• global - replaces pages from any process
Crucial pages (eg. the actual disk driver, video driver, etc) can be marked as
“locked” so that they are never swapped out.
FIT9137 56
Segmentation
• Segmentation is another approach to memory
management, similar to Paging.
FIT9137 57
Segmentation
• The address mapping for logical to physical addresses is
maintained in a Segment Table (similar to a Page Table).
FIT9137 58
Virtual Memory Technique
• Advantages:
• Process isolations - protect processes from each other. Each process has its
own virtual memory space.
• Less I/O resource, as we load in only the required sections of a user process.
• Disadvantages:
FIT9137 59
Memory Management
FIT9137 60
Process Management
FIT9137
Processes
• A process is a program in execution.
FIT9137 62
Process States
• A process can be in one of 3 main “states” :
Ready: waiting for a processor to become available
Running: instructions are being executed
Blocked: waiting for some event, eg. I/O completion
Eg.
A process might move from the Running state
interrupted to the Ready state once its time on the CPU
NEW has expired or another higher priority process is
scheduled to use the CPU.
start
end
READY RUNNING End
dispatched
wake up wait
Eg.
BLOCKED A process moves from the Running state to the
Blocked state when it is waiting for an event,
such as an I/O completion.
Process States
FIT9137 63
Processes
• The Unix ps (try the –ael option) command can show
information about currently running processes.
FIT9137 64
Process Control Block
• Usually there are more processes than processors. Concurrency achieved by
interleaving processes i.e. allocating each process a fraction of the CPU time.
• When a process is interrupted, its current state must be saved, for it to be resumed
later. This info is stored in a “Process Control Block”, which forms one entry in the
Process Table .
FIT9137 65
Process control block (PCB)
• A PCB exists for every
Identifier
process in the system.
State
Priority
Does this
entry look
• A Process Table contains
Program Counter
PCBs for all the processes.
familiar?
Resources used/required
• Entries in the Process
I/O status Information
Table may be linked
Accounting Information
together to form a list, or
etc ............. stored in an array; each
entry in the list (or in the
array) is for one PCB.
FIT9137 66
FLUX: PCB?
What does PCB stand for?
FIT9137 68
High-Level Scheduler
• If there is not enough memory to hold all processes, high-level
scheduler will swap jobs from disk to memory and vice versa
• etc
FIT9137 69
Low-Level Scheduler
FIT9137 70
Scheduling algorithms
• different algorithms favour different types of processes,
and different criteria may be used to determine the “best”
algorithm
• maximize throughput
FIT9137 71
Pre-emptive Vs Non-Pre-emptive Scheduling
FIT9137 72
Non-pre-emptive scheduling
• Non-pre-emptive algorithms are more applicable to batch
systems. Differ from pre-emptive as processes will only stop
executing when they decide to stop.
FIT9137 73
Pre-emptive Scheduling
• With pre-emptive scheduling, computer uses an inbuilt
clock to ensure no process runs for too long. Pre-
emptive scheduling is more common in interactive
systems, but involves much more overhead. Most
modern O/S’s use pre-emptive scheduling. Eg: an
internal clock creates interrupts 50-100 times/sec. The
O/S dispatcher runs at each clock interrupt to decide on
next process to execute.
FIT9137 74
Pre-emptive scheduling algorithms
• Round Robin :
All processes assigned equal time quantum to run. All ready-
to-run processes are maintained in circular linked-list, and
take turn to use CPU.
FIT9137 75
Round Robin Scheduling
Process 1
Process 2
Process 6 Dispatcher
CPU Process 3
Process 5
Process 4
FIT9137 76
Round Robin problems
• Round Robin does not allow definition of “more
important processes”, ie. priority
FIT9137 77
Other Scheduling Algorithm
• Priority Scheduling:
FIT9137 78
Dynamic Priority Scheduling
• Another variation of priority scheduling is to assign priorities
dynamically, using some formula.
• For instance, based on fraction of the last time quantum used (f),
priority formula could be 1/f (ie. more time used now, lesser priority
later). This would favour interactive users and I/O bound jobs (these
tends to spend more time in blocked states & use less CPU time
quantum, then the 1/f formula will give them higher priorities) rather
than CPU bound jobs.
FIT9137 79
Process Management
• When dealing with multiple processes sharing the same CPU, we must consider
3 important situations:
for example:
User A opens file1 with lock
User B opens file2 with lock
User A wants to open file2 but cannot..
User B wants to open file1 but cannot..
◦
" "Deadlock" situation!
FIT9137 80
Process Management
• In order to implement mutual exclusion, synchronization
and deal with deadlocks, some form of process-
coordination is required.
FIT9137 81
FLUX: Non-pre-emptive scheduling?
• File Management
• Memory Management
• Process Management
FIT9137 85
Lab Week 4 Overview
• Research on commands
FIT9137 86
Next week: Introduction to Computer Networks
FIT9137 87
FIT9137
Introduction to Computer
Architecture and Networks
Week 4: Introduction to Computer Networks
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Three big topics
• Basic concepts of networking
• Network technology
• Network management and design
Networks Types and
Components
FIT9137
Network components
Wireless Local Area
Network (WLAN)
Local Area Network (LAN)
switch
client
server
circuit
router
FIT9137 5
Network components
Client: gives users access to the network
FIT9137 6
Types of networks
Networks within an organisation:
Caulfield
campus
Alfred
Bendigo hospital
Monash Medical
Parkville Centre
campus
City
campuses
Clayton
campus
THE INTERNET
Via Aarnet
Australian
Synchrotron
Berwick
campus
FIT9137 8
The Internet
• A network of networks
• Based on a common,
standard set of protocols
FIT9137
How to transfer messages
FIT9137 11
www.youtube.com
192.168.1.15
packet
packet
packet
216.58.220.142
address
192.168.1.1
203.214.44.94
216.239.46.151
202.158.200.149 209.85.142.94
202.158.200.12
202.158.210.41
Data transmission rates
• Fundamental characteristic of a network:
how many bits per second can it transmit?
FIT9137 13
FLUX: How long does it take?
Assume you want to send a 4k movie (50 GByte) to a friend.
How long does it take if you use your home ADSL connection?
1. 5-10 Minutes
2. 10-12 hours
FIT9137 15
How to transfer messages
• Networks run on very diverse and complex hardware
and software:
How can we make sure they all understand each
other?
• Solution:
hierarchical layers of abstraction
each with well-defined tasks and interfaces
formal languages (protocols) within each layer
FIT9137
Layers of Abstraction
Application
(manage user data)
Logical connections
(break up into packets, make
sure they arrive)
Routing
(where should packets go?) 209.85.142.94 203.214.44.94
Hardware
packet
(cables, WIFI etc)
FIT9137 18
Layers of Abstraction
Application
(manage user data)
Transport
(break up into packets, make
sure they arrive)
Network
(where should packets go?) Internet Model
Data link
(computer-to-computer)
Physical
(cables, WIFI etc)
FIT9137 19
Layers of Abstraction
Application
(manage user data)
Interface
Transport
(break up into packets, make
sure they arrive)
Network
(where should packets go?)
Data link
(computer-to-computer)
Interfaces define how
each layer “talks” to the
Physical
(cables, WIFI etc)
one above and below.
FIT9137 20
Layers of Abstraction
Computer 1 Computer 2
Protocol
Application Application
Transport Transport
Network Network
Physical Physical
Application
Ethernet
Network
Data Link
Physical
Transport
(break up into packets, make TCP, UDP
sure they arrive)
Network
(where should packets go?) IP
Data link
(computer-to-computer)
Ethernet
Physical
(cables, WIFI etc) Ethernet, Wi-Fi, …
FIT9137 23
Message Encapsulation
Each layer puts the message in an “envelope” and
adds necessary information for transmission.
packet
Application HTTP www.youtube.com
Transport TCP
Network IP
Physical ?
FIT9137 24
Message Encapsulation
Each layer puts the message in an “envelope” and
adds necessary information for transmission.
packet
Application
Transport
Network
Physical
FIT9137 25
Message Encapsulation
Each layer puts the message in an “envelope” and
packet
adds necessary information for transmission.
Application
Transport
Network ?
Physical
FIT9137 26
https://youtu.be/DGpa7bAVgTo
Message Encapsulation
Protocol Data Unit
(PDU)
HTTP www.youtube.com
• Addresses (sender/
Transport Segment TCP
receiver)
Network Packet IP
• Protocol-specific
Ethernet
• Special start and end
FIT9137 28
Background: Modular Design
Well-defined protocol stack has three characteristics:
1. Low coupling:
Interfaces clearly defined. You can replace/modify a
layer as long as you don’t change the interface.
2. High cohesion:
All related tasks are performed by a single layer.
3. Information hiding:
Keep information internal that other layers don’t need
to know.
FIT9137 29
Reflection
A complex hierarchy must work together perfectly to
ensure messages are delivered quickly, without errors and
to the correct destination.
Is this efficient?
• Flexibility vs efficiency
FIT9137 30
OSI vs the Internet
Open Systems Interconnection Internet Model
Reference Model
Application 7
Introduced in 1984
Presentation 6 Application
Network 3 Network
But important
historical milestone! Data Link 2 Data Link
Physical 1 Physical
FIT9137 31
Standardisation
FIT9137 32
Types of Standards
• Formal standards (“de jure”):
• De-facto standards:
FIT9137 33
Major Standards Bodies
ISO (International Organization for Standardization)
• e.g. ADSL
FIT9137 34
Lecture Summary
• Networks consist of clients, servers, and circuit
infrastructure (switches, routers, cables etc)
FIT9137 35
Lab Week 5 Overview
• Packet sniffing
FIT9137 36
Next week: Physical Layer & Data Link Layer
• Physical:
• How do we turn bits into electrical signals, radio signals, or light pulses?
• How do we turn electrical signals, radio signals, or light pulses into bits?
FIT9137 37
FIT9137
Introduction to Computer
Architecture and Networks
Week 5: Physical Layer / Data Link Layer
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Introduction
Physical Layer:
• directly connects devices (e.g. via cable or radio)
on the same circuit
FIT9137 3
Layers of Abstraction
Transport TCP
Network IP
Physical
FIT9137 5
Fundamentals
FIT9137 6
Transmission Standards
• Remember: we need standards to ensure that two
computers understand each other
FIT9137 7
Today
Physical Layer
• Mainly focus on how to turn bits into a signal and back into bits
FIT9137 8
Digital vs Analog
• Digital data:
• Analog data:
FIT9137 9
Digital vs Analog
• Digital signal:
• Analog signal:
FIT9137 10
Transmission types
FIT9137 11
Digital transmission
FIT9137
Digital transmission
• Digital signals are typically transmitted through copper
cables
+3V
0V
1 0 1 1 0 1
FIT9137 13
Bipolar signalling
• Use positive and negative voltages
NRZI
Manchester
low-to-high in high-to-low in
the middle of a the middle of a
bit bit
FIT9137 16
Analog transmission
of digital data
FIT9137
FLUX: What's that noise?
3. An Australian magpie
FIT9137 18
http://www.windytan.com/2012/11/the-sound-of-dialup-
pictured.html
Telephone Network
• Designed for analog signals: human speech
FIT9137 20
Modems
• Modulator / Demodulator
FIT9137 21
Waves
sine wave 14/03/2015 1:52 pm
!
A wave is an oscillation that travels through a medium,
transferring energy.
Phase
Amplitude
Wavelength ∼ 1 / Frequency
FIT9137 22
Wave characteristics
Amplitude
• Height of the wave
y = A×sin(2π f x + φ)
FIT9137 23
Example
https://www.desmos.com/calculator/80uhiwety4
FIT9137 24
Modulation
• Analog signals are waves
• frequency modulation
• amplitude modulation
FIT9137 25
!
Frequency Modulation
Frequency Shift Keying 14/03/2015 2:46 pm
1 0 0 1 1 0
FIT9137 26
Amplitude Modulation
Amplitude Modulation 14/03/2015 2:53
1 0 0 1 1 0
FIT9137 27
Phase Modulation
Phase Shift Keying 14/03/2015 2:59
1 0 0 1 1 0
FIT9137 28
Increasing the bit rate
• Last three examples: one bit per time unit
FIT9137 29
Amplitude Modulation 4 symbols
4 symbol AM 14/03/2015 3:10 pm
11
10
01
00
00 11 01 00 01 00 10 10 11 01
Two bits per symbol = data rate doubled!
FIT9137 30
FLUX Question: Satellite Transmission
4. With a rocket
FIT9137 31
How many bits per symbol?
• Take the AM example:
very small differences in amplitude can be
difficult to distinguish
FIT9137 32
Bandwidth and Bit Rate
• Bandwidth: difference between highest and lowest
frequency in a range (band) of frequencies
FIT9137 33
POTS Bandwidth
• Need one wave cycle per symbol
FIT9137 34
Example: ADSL
FIT9137 35
ADSL
Asymmetric Digital Subscriber Line
Filter
DSLAM
Split signal into DSL Access
voice and data
Multiplexer
Modem
Modem and switch
Phone
FIT9137 38
Digital transmission of
analog data
FIT9137
Analog to digital
• How can we turn analog (audio) signals into digital
data?
FIT9137 40
ADC using sampling 15/03/2015 4:57 pm
Quantisation 111
Error
110
101
100
011
010
001
101 110 110 111 111 110 101 100 011 010 001 001 001 010 011 100 000
FIT9137 41
ADC quality
• Two parameters to create smoother signal:
FIT9137 42
Advantages of Digital Transmission
• Data compression:
More efficient use of infrastructure
• Encryption:
Secure phone lines
FIT9137 43
Data Link Layer
FIT9137
Two sublayers
Logical Link Control (LLC)
• Handle PDU header (and trailer)
• Error control
• Error detection
FIT9137
MAC Approaches
Contention
• Device waits until the circuit is free before
transmitting
Controlled Access
• Device waits until given permission before
transmitting
FIT9137 47
Contention
Any device can transmit at any time
• “first come first served”
Used in Ethernet
FIT9137 48
Original Ethernet
Topology:
shared bus (multi-point)
FIT9137 49
Ethernet
Physical topology:
Every signal received
on one port is sent out star (point-to-point)
on all other ports bus
Hub
Logical topology:
shared bus (multi-point)
FIT9137 50
FLUX Question: Hubs
1. Physical Layer
3. Network Layer
4. Transport Layer
FK2HL1
FIT9137 51
Controlled Access
message message
message
Controller
FIT9137 52
Controlled Access
message
message
message
Hub Polling /
Token Passing
message
message
token
FIT9137 53
Transmission Techniques
Asynchronous Transmission
• each character (byte) sent independently
Synchronous Transmission
• several bytes sent together in a frame
FIT9137 54
Asynchronous Transmission
Transmit one 7-bit ASCII character at a time
• used for dumb terminals (server-based architecture)
start parity
bit bit
data (7 bit ASCII)
idle
0 1 1 1 0 1 0 0 1 1
+3V
0V
stop bit
= idle
FIT9137 55
Synchronous Transmission
Data sent in a frame
• typically around 1500 bytes
Examples:
• SDLC (IBM 1972), HDLC
• Ethernet
• PPP
FIT9137 56
Ethernet Frame: IEEE 802.3
physical data link layer Frame Check Sequence
CRC-32
layer MAC LLC
preamble
7 1 6 6 2 46-1500 4
10101011
1010101010101010101010101010101010101010101010101010101010101010
FIT9137 57
MAC addresses
MAC address
Unique identifier for a network interface (e.g.
00:23:ae:e7:52:85)
• 6 bytes, stored in hardware
1 1 1 variable length 4 1
01111110 01111110
FIT9137 59
Transparency / bit stuffing
What if the data contains the flag (01111110)?
Let’s send the message /~guidot
insert 0 after
When receiver sees 11111: each 11111
• if next bit is 0: remove it
FIT9137 60
FLUX Question: HDLC addresses
1. Hub polling
2. Contention-based access
FK2HL1
FIT9137 61
Point-to-Point Protocol (PPP)
Developed in early 1990s
• used for dial-up connections (e.g. POTS modems)
• inspired by HDLC
Use today
• PPPoE (PPP over Ethernet) encapsulates a PPP frame inside
an Ethernet frame
layer 3
flag address control
protocol Data FCS flag
FIT9137
ADSL
Asymmetric Digital Subscriber Line
0 4 25
113 kHz 138 1104 KHz
FIT9137 64
ADSL: why asymmetric?
FIT9137 65
FLUX Question: ADSL
Why is the upload bandwidth so much smaller than the
download bandwidth?
FK2HL1
FIT9137 66
ADSL: why asymmetric?
Crosstalk depends on
distance from sender and
distance between wires!
FIT9137 67
Error detection
General idea:
• calculate error-detection value (EDV) and transmit
with the message
Three techniques:
• Parity check
• Checksum
FIT9137 68
Error Correction
now we know there’s an error,
how do we handle it?
FIT9137
Two approaches
FIT9137 70
Automatic Repeat Request (ARQ)
Stop and Wait
Sender Receiver
sender waits for
ACKnowledgement frame A
ACK
frame B frame B
Negative ACK
frame B
ACK
FIT9137 71
sender does
Continous ARQ
not wait for Sender Receiver
ACK
frame A
frame B
ACK B
frame D
NAK C
frame C
ACK D
ACK C
FIT9137 72
Forward Error Correction (FEC)
FIT9137 73
FEC
Transmit additional information
• allows receiver to detect error (like CRC)
Examples
• Hamming code (used e.g. in error correcting memory)
FIT9137
Transmission Efficiency
FIT9137 77
Factors affecting Efficiency
Base transmission rate of the circuit
Errors
• error rate of circuit
Protocol overhead
• how many bits added for error checking, frame
delimiters etc.
• total bits: 1 start bit, 7 data bits, 1 parity bit, 1 stop bit
FIT9137 79
Optimum Frame Size
acceptable range
efficiency
large frames:
increased error rate
small frames:
high protocol overhead
frame size
FIT9137 80
Summary
Physical Layer
• Digital transmission of digital data: square waves, NRZ, Manchester encoding, used e.g. in
Ethernet. Analog transmission of digital data: modulation (AM, FM, PSK), used e.g. in ADSL
or WiFi. Digital transmission of analog data: sampling, used e.g. in digital telephone
networks
Errors
• detection: parity, checksum, CRC
Efficiency
• protocols add overhead (e.g. flags, CRC)
FIT9137 81
Lab Week 5 Overview
• Modulation Encoding
FIT9137 82
Next week: LANs & WLANs
Local Area Networks
• roles of LANs in organizations
• major components of LANs
Wireless LANs
• how does MAC work with radio waves
FIT9137 83
FIT9137
Introduction to Computer
Architecture and Networks
Week 6: Local Area Networks and Wireless LAN
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Today
LAN
• LAN components: devices, software
• Service sets
• WLAN design
FIT9137 3
What is a LAN?
A network of computers that are directly connected to
each other
• limited area (e.g. one building, or even one room)
Examples
• a Monash lab
FIT9137
Why use a LAN?
Information sharing
• files accessible to all users
• database servers
Resource sharing
• shared hardware, e.g printers
Advantages:
• reduced cost (only pay for number of licenses used)
FIT9137
LAN Types
Dedicated Server LAN
• network contains servers and clients
FIT9137 10
Dedicated Server LAN
print
server
intranet http,
email
gateway
router
file
server
FIT9137 11
Peer-to-peer LANs
print
server
FIT9137 12
Comparison
Dedicated P2P
FIT9137
Basic LAN components
Client computer
Network interface
card (NIC)
Network
operating
system Switch
(NOS) Server
NOS
Network cable NIC
FIT9137 15
Network interface card (NIC)
Implements physical and data link layer
• includes unique data link layer address (MAC address)
FIT9137 16
FLUX question: Newest?
1
2
3 4
FK2HL1
FIT9137 17
FLUX question: Most expensive?
1
2
3 4
FIT9137 18
Network Cables
FIT9137 19
Network Cables
Name Data Rate Cables
FIT9137 20
Network Operating Systems
Software to access and control the LAN
• Server NOS provides network management tools and
network services
FIT9137 21
NOS Server Software
Handles network functions
• full protocol stack (data link, network, transport, application
layers)
Examples
• Linux
• used to be separate OS
FIT9137 23
Ethernet,
Hubs and Switches
FIT9137
Ethernet
Dominant LAN technology
• Standardised as IEEE 802.3
Physical layer
• Originally 10Mbps over shared media coaxial cable
FIT9137 25
Ethernet
Topology:
shared bus (multi-point)
FIT9137 26
Ethernet
Physical topology:
Every signal received
on one port is sent out star (point-to-point)
on all other ports
Hub
Logical topology:
shared bus (multi-point)
FIT9137 27
Ethernet
max 100m
Hub
max 100m
Multi-hub design
(100BASE-T Ethernet)
FIT9137 28
Ethernet MAC (recap)
Collisions
• are not avoided, but tolerated and detected
FIT9137 29
Ethernet MAC
Media Access Control: CSMA/CD
• Carrier Sense (CS):
listen on bus, only transmit if no other signal is "sensed"
FIT9137 30
Problems with Shared Ethernet
Half-duplex
• only one device can send at a time
Broadcasting
• all frames are delivered to all devices, not just
destination
FIT9137 31
Switched Ethernet
FIT9137
Switched Ethernet
Network switch
• looks like hub
FIT9137 33
Switch Forwarding Table
MAC Port
A A
B
0
1
B
A to B B to A
C 2
FIT9137 34
FLUX Question: Switch vs Router
What is the difference between a forwarding table and a routing
table? (several correct answers, you can click several times)
1. A forwarding table uses the MAC address, a routing table uses the
IP address
FIT9137
FK2HL1 35
Modes of Switch Operations
Cut through switching
• transmit as soon as destination address has been read
• no collisions possible
Optic fiber
• Still more expensive than copper
FK2HL1
1. It can only use cut-through switching.
FIT9137 39
Improving LAN
performance
FIT9137
Improving LAN performance
Throughput
• common measure for LAN performance
FIT9137 42
Improving Server Performance
Software improvements
• fine tune network and NOS parameters, e.g.
Hardware improvements
• add second server (load balancing)
RAID
• Redundant Array of Inexpensive Disks
FIT9137 45
Network Segmentation
Split into two Add second
LANs NIC
Add router to
connect LANs
FIT9137 46
Reducing Network Demand
Move files to clients
• e.g. heavily used software packages
FIT9137 47
FLUX Question: Server in LAN?
Should file servers be part of the same LAN as clients? (multiple
answers possible)
FIT9137
Why WiFi?
Wireless LANs
• eliminate cables (heritage buildings, rented
apartments, …)
Basic setup
• WLAN NICs connect to Access Points (APs) using
radio frequencies
FIT9137 50
WLAN Technology
Wi-Fi (or “Wireless Ethernet”)
• IEEE 802.11 family of standards
• Latest: 802.11ax
Data rates
• 802.11a/g: up to 54 Mbps
• 802.11b: up to 11 Mbps
• 802.11ax: 1 Gbps+
FIT9137 52
Antennas
Omnidirectional
• transmits in all directions
Directional
• project signal in one direction
signal
Signal strength
noise spike
error
signal-to-noise noise floor
ratio (SNR) (average noise
level)
noise
Distance
FIT9137 54
WLAN Radio Frequencies
Most WLANs use the 2.4GHz and/or 5GHz range
• high frequencies allow for large bandwidth
WLAN channels
• Networks in the same area should not use the same
frequencies
FIT9137 55
WLAN channels (802.11n)
2.4 GHz Wi-Fi channels (802.11b,g WLAN) 24/04/2015 5:10 pm
1 2 3 4 5 6 7 8 9 10 11 12 13 14 Channel
2.412 2.417 2.422 2.427 2.432 2.437 2.442 2.447 2.452 2.457 2.462 2.467 2.472 2.484 Center Frequency
(GHz)
22 MHz
2.4GHZ band
• 2.4000-2.4835 GHz
FIT9137 56
FLUX Question: Neighbours’ channels
Which neighbour do you need to convince to change channels?
1 2
channel 1
channel 6
4
3
channel 6 your house channel 11
FIT9137 57
FLUX Question: Neighbours’ channels
Which neighbour do you need to convince to change channels?
1 2
channel 1
channel 6
4 channel 11
3
channel 6 your house channel 1
FIT9137 58
802.11 Data Link Layer
Recap: Ethernet frame (802.3)
6 6 2 46-1500 4
WLAN frame
2 2 6 6 6 2 6 2 0-2312 4
FIT9137 59
CSMA/CA Media Access Control
All devices in a WLAN share the medium
• use the same channel (frequency band)
CSMA/CA
• Carrier Sense, Multiple Access
• Collision Avoidance
FIT9137 60
Why is WLAN different?
sense carrier -
don't send
FIT9137 61
Why is WLAN different?
"hidden
node
problem"
FIT9137 62
Why is WLAN different?
"hidden
collision!
node
problem"
FIT9137 63
Two solutions: ARQ + Controlled Access
FIT9137 64
802.11 Carrier Sense
no wait until
medium
idle? transmission ends
inter-frame
spacing time yes
no
still idle?
still idle? no
yes
yes
transmit frame
FIT9137 65
Inter Frame Space (IFS)
If medium available:
• need to wait certain time to make sure medium is idle
FIT9137 66
802.11 ARQ
Hidden node problem
• collision detection not reliable
What if no ACK?
• we may not sense a carrier (too far away)
FIT9137
Basic Service Set (BSS)
Independent BSS
• ad-hoc network
FIT9137 69
Basic Service Set (BSS)
Infrastructure BSS
• all devices communicate with one Access Point (AP)
• AP connects to LAN
devices can
15% roam between
overlap different APs
FIT9137 71
Extended Service Set (ESS)
Extends range of mobility
• set of infrastructure BSSs
FIT9137 72
Extended Service Set (ESS)
FIT9137 73
WLAN Design
More challenging than Ethernet LAN
• expected to work in every corner of a building
Site survey
• measure signal strength with temporary APs
Access Point
use similar table to
estimate number of
APs and overlap
44
FIT9137 75
FLUX Question: Walls
FK2HL1
Why are walls a problem for Wireless LAN?
FIT9137 76
Attenuation
Walls can introduce
significant attenuation.
• 3db means signal strength
halves
Source: http://www.liveport.com/wifi-signal-attenuation
FIT9137 77
Planning Example
150m
6 1 6 11 6 1
1 11 1 6 1 11
100m
11 6 1 align coverage
areas to ensure
minimum overlap
6 1 11 select channels to
avoid interference
11 6 1
50m
FIT9137 78
Multi-Storey Building WLAN
CHAPTER 6 WIRED AND WIRELESS LOCAL AREA NETWORKS
APs on different floors do not interfere with one another (Figure 6.10). Because floors
FIT9137 79
WLAN Security
FIT9137
Why WLAN Security is important
FIT9137 81
Open WLAN
No authentication, no encryption
• e.g. Monash guest-wireless
FIT9137 82
captured from a different
computer, without log-in!
Open WLAN
No authentication, no encryption
• e.g. Monash guest-wireless
FIT9137 85
Open WLAN
No authentication, no encryption
• e.g. Monash guest-wireless
FIT9137 86
Why WLAN Security is important
It's much easier to eavesdrop
• radio waves travel through walls and leave the office /
building / campus
FIT9137 88
Cracking WEP
FIT9137 89
Types of WLAN Security
Wired Equivalent Privacy (WEP)
• NIC and AP have a shared key ("password")
• two modes:
FIT9137 90
WPA2 KRACK
WPA2 was hacked!
• Vulnerability discovered in 2016
FIT9137 91
Google WiFi sniffing
https://youtu.be/ZjfQhb4AkEE
FIT9137 92
FLUX Question: Was Google wrong?
Google stored results from WiFi sniffing. This included
unencrypted, personal data from unprotected WLANs.
What do you think about this?
FIT9137
Improving WLAN performance
FIT9137 95
Improving WLAN circuit capacity
Find best place for APs
• few walls between AP and devices
• not in a closet
Remove interference
• other wireless devices operating in same frequencies
(Bluetooth, cordless phones, clickers)
FIT9137 97
Summary
LANs
• enable sharing of information and resources
• dedicated server vs peer to peer
• NOS provides services such as directory, files, printers
Ethernet
• CSMA/CD
Switched Ethernet
• full-duplex connections up to 10Gbps over copper
LAN performance
• identify and remove bottlenecks
Wireless LANs
• similar to wired Ethernet: hub with shared medium
• roaming in ESS
Security
• important because easy to eavesdrop
FIT9137 98
Lab Week 7 Lab Overview
• War-Walking
• Assignment 1
FIT9137 99
Next week
• establishing connections
FIT9137 100
FIT9137
Introduction to Computer
Architecture and Networks
Week 7: Network and Transport Layers (Part 1)
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Network / Transport
Transport Layer:
• establish end-to-end channel
FIT9137 3
Layers of Abstraction
FIT9137
Addressing applications
111.119.8.38:80
http://www.nasa.gov
FIT9137 8
One address per layer
Application Layer
• URL (e.g. http://www.csse.monash.edu)
Port numbers
• IANA maintains official list of port numbers
IP addresses
• IANA and 5 RIRs allocate blocks of addresses, local registries re-
distribute to customers
MAC addresses
• Unique addresses allocated by hardware manufacturers
FIT9137 10
Addressing devices
192.168.1.15
192.168.1.1 216.58.220.142
202.158.200.149
216.239.46.151
203.214.44.94
202.158.200.12
202.158.210.41
209.85.142.94
• Example:
130.194.66.43
10000010 11000010 01000010 00101011
Network
Monash (Monash)
University Subnet
LAN
(LAN) Host
Analogy:
• network = post code
• subnet = street
FIT9137 13
Network Classes
Previously used hierarchy:
• Class A: /8 (e.g. IBM, MIT, AT&T, Apple, …)
• Class C: /24
Example:
• Monash would buy a Class B network, and then be
able to create 256 Class C subnets inside
Now: classless
• e.g. /22, which can also be written as 255.255.252.0
FIT9137 14
FLUX Question: Classes
Why was the restriction to 3 classes (A,B,C) a problem for
the network?
130.194.40.13
130.194.76.191
Gateway routers
130.194.66.61
130.194.40.22
130.194.66.43
FIT9137 16
MAC address
IPv4 address
subnet mask
IP version 6
IPv4 addresses: 32 bits
• In theory 4,294,467,295 addresses
IPv6
• “new” version of the IP protocol (from 1998…)
FIT9137 19
IP version 6
2128=
340,282,366,920,938,463,463,374,607,431,768,211,456
(340 undecillion)
IPv6 addresses
FIT9137 20
IP version 6
340,282,366,920,938,463,463,374,607,431,768,211,456
A bit excessive?
• At least 7 addresses for every atom of every person
on earth
Required!
• The huge space is used to create hierarchies
• This makes it easy to assign whole subnets
FIT9137 21
IP version 6 address space
Typical allocation:
Company / Interface ID
IANA + RIR Organisation (16 bits) (64 bits)
FIT9137 24
Dynamic Addressing IPv4
Dynamic Host Configuration Protocol (DHCP)
• Send broadcast to DHCP server to get an address
and subnet mask
FIT9137 25
Dynamic Addressing IPv6
/23 /32 /48 /64
Auto-configure address
• Advertised prefix + self-generated interface ID
DNS Servers
• Implement a distributed database of names
FIT9137 28
DNS
root
ask z.au
Root Zone
Top-Level Domain
.org
.com
.org
.org
.edu
.edu .au .monash (TLD)
ask edns-396.unimelb.edu.au
unimelb
124.47.170.46
www.unimelb.edu.au?
FIT9137 29
DNS
root Root Zone
Top-Level Domain
.org
.com
.org
.org
.edu
.edu .au .monash (TLD)
unimelb
FIT9137 30
Address resolution: Data Link Layer
How to find the MAC address for an IP address:
00:23:ae:e7:52:85
1.2.3.5
1.2.3.6
1.2.3.4
Who has 1.2.3.5?
broadcast
message
1.2.3.1
Address
Who Resolution
has 1.2.3.5? Protocol
(ARP)
FIT9137 31
TCP:
a reliable end-to-end
channel
FIT9137
Transmission Control Protocol (TCP)
Connection-oriented
• A virtual circuit is established between two devices
Reliable
• Errors are detected and corrected
FIT9137 34
TCP segment size
Two approaches:
• use “reasonable” MTU, accept that IP sometimes
needs to fragment
FIT9137 36
TCP:
session management
FIT9137
TCP Header
0 32
number of first
source port destination port
data byte
number of data
byte that I sequence number
receive
acknowledgement number
SYN
flags ACK
…
window size
options
FIT9137 38
Establishing a session
Three-way handshake:
• Client sends a SYN package with random sequence
number A
FIT9137 39
Recap: Continous ARQ
Sender Receiver
frame A
frame B
ACK A
frame C frame C
ACK B
frame D
NAK C
frame C
ACK D
ACK C
FIT9137 40
TCP ARQ
No NAKs!
• Data Link Layer discards frames that have errors
FIT9137 41
Ending a session
Four-way handshake:
• Computer A (client or server!) sends a FIN packet
FIT9137 42
TCP session
Client Server
3185 | 0 SYN
3-way
734 | 3186 SYN, ACK
handshake
3186 | 735 ACK
FIT9137
User Datagram Protocol (UDP)
Connectionless
• Each packet ("datagram") sent individually
• No virtual circuit
Small header
• 8 bytes (compared to 20 bytes for TCP)
Use cases
• Applications that send very small messages (e.g. DNS,
DHCP)
FIT9137
Quality of Service (QoS)
• Availability?
• Emergency calls?
FIT9137 48
Net Neutrality
What it means:
• All Internet traffic should be treated equally
FIT9137 49
Last Week Tonight with John Oliver (HBO), June 1 2014
https://youtu.be/fpbOEoRrHyU
Tom Wheeler, FCC Chairman, February 26, 2015
https://youtu.be/vfVR0C2HHSI
https://youtu.be/EZldPT7gFGU
Robert Kahn, co-inventor of TCP/IP
https://youtu.be/t3uTKs9XZyk
FLUX Question: Net Neutrality
FIT9137 54
Net Neutrality
Controversial!
• Telcos blocking e.g. Skype or IM over 3G/4G/5G
• IPv4 vs IPv6
Transport
• TCP: Reliable end-to-end channel using segmenting and
ARQ
• Wireshark - TCP
• Subnets
FIT9137 57
Next week
Routing
• How to get a packet from one edge of the network to
another through multiple hops
FIT9137 58
FIT9137
Introduction to Computer
Architecture and Networks
Week 8: Network and Transport Layers (Part 2)
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Today
Routing
• how routers determine the path to a destination
address
FIT9137 3
TCP parameters
TCP implements segmentation
• large application layer messages are split into
segments
FIT9137 4
TCP segment size
Two approaches:
• use “reasonable” MTU, accept that IP sometimes
needs to fragment
FIT9137 6
Routing
FIT9137
Recap: Subnets
130.194.76.192 Backbone
130.194.76.253 network
130.194.40.13
130.194.76.191
How do routers
know where
Gateway to send
routers
packets?
130.194.66.61
130.194.40.22
130.194.66.43
FIT9137 8
Routers
Routers connect networks
• Internet is a network of networks!
FIT9137 10
Routing example
Dest. Next Dest. Next
A A A C
dest: H
A G D G G G
H E H H
K E K C
Dest. Next
default C
C D
Dest. Next
default F
B E F
Dest. Next Dest. Next
A C A D
K G F G D H
H F H H
dest: A
K B K E
FIT9137 11
Types of routing
Centralized
• All clients connect to central computer, which makes
the routing decisions
Decentralized
• Each device makes its own decisions
FIT9137 12
Types of decentralised routing
Static routing
• Network manager prepares fixed routing tables
• Manually updated when the network changes
FIT9137 13
Dynamic Routing
FIT9137
FLUX Question: Router administration
Routers are typically managed by logging in via SSH and then
configuring the router using command line tools.
What are the risks of this approach?
FK2HL1
3. None, because SSH is a secure protocol.
4. When you modify the routing table, you risk locking yourself out.
FIT9137 15
Types of decentralised routing
Static routing
• Network manager prepares fixed routing tables
• Manually updated when the network changes
Dynamic routing
• Routers exchange information to build routing
tables dynamically
• Initial tables can be set up by network managers
FIT9137 16
Dynamic routing algorithms
Distance vector
• Exchange information about distance to destination,
choose shortest route
Link state
• Exchange information about quality of links, choose
fastest route
0
1 0 1
3 C D
2 3 2
Network G
Distance: 1 hop
Direction: interface 1 Network K
0 Distance: 2 hops
Direction: interface 0
B 2 E 1 F
K Interface number H
FIT9137 18
RoutingDest.Information
Dist. Interf. Protocol
Dest. Dist. Interf. (RIP)
A 0 0 C 0 0
A B 0 1 G 0 1 G
E 0 2 H 0 2
D 0 3 F 0 3
K 1 1 A 1 0
G 1 C3 B D1 0
H 1 3 E 1 0
F 1 3 K 2 0
B E F
Dest. Dist. Interf.
A 0 0
All routers send their routing
C 0 1
tables to all other routers. H
EK 0 2
K 0 3 Tables converge after some time.
FIT9137 19
Routing Information Protocol (RIP)
• Avoids loops
FIT9137 20
RIP demo
FIT9137
Link-state routing protocols
Routers exchange information about connectivity
• not just routing table (best routes)
FIT9137 23
Dijkstra's Shortest Path Algorithm
A ∞ tentative distance ∞ G
5 5
0 ∞
C 5 D metric
2 (lower=better)
1 1 2
20
∞ ∞ ∞
B 1 E 1 F
5
5
K H
∞ ∞
FIT9137 24
Dijkstra's Shortest Path Algorithm
A 5 ∞ G
5 5
0 5
C 5 D
2
1 1 2
20
1 1 ∞
B 1 E 1 F
5
5
K H
∞ ∞
FIT9137 25
Dijkstra's Shortest Path Algorithm
A 5 ∞ G
5 5
0 5
C 5 D
2
1 1 2
20
1 1 ∞
B 1 E 1 F
5
5
K H
∞ ∞
FIT9137 26
Dijkstra's Shortest Path Algorithm
A 5 ∞ G
5 5
0 5
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
∞ ∞
FIT9137 27
Dijkstra's Shortest Path Algorithm
A 3 ∞ G
5 5
0 5
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
6 ∞
FIT9137 28
Dijkstra's Shortest Path Algorithm
A 3 ∞ G
5 5
0 4
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
6 7
FIT9137 29
Dijkstra's Shortest Path Algorithm
A 3 ∞ G
5 5
0 4
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
6 7
FIT9137 30
Dest. Route
Dijkstra's Shortest
A B Path Algorithm
K B
A 3 G E 9 G
H E
5 5
0 4
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
6 Shortest Path First (SPF) tree 7
FIT9137 31
Open Shortest Path First (OSPF)
Widely used in large enterprise networks
• OSPFv1 1987, OSPFv2 1991/1998, OSPFv3 for IPv6
1999
FIT9137
FIT9137 34
Dynamic routing algorithms
Distance vector
• Exchange information about distance to destination,
choose shortest route
Link state
• Exchange information about quality of links, choose
fastest route
FIT9137 36
Autonomous Systems
Networks operated by a single organisation
• e.g. Monash University’s or your ISP’s network
Interior routing
• for routing packets within an AS
Exterior routing
• for routing packets between different AS
FIT9137 37
Internet Architecture
Interior routing
AS1
OSPF
BGP AS3
BGP
Border router BGP BGP
AS4
RIP BGP
AS2 BGP
BGP
OSPF
AS5
AS6
FIT9137 38
FLUX Question: OSPF for the Internet?
FIT9137 39
Putting it all together
(demo)
FIT9137
Summary
Recap: TCP Segmentation
• congestion control makes TCP adapt to the network
conditions
IP Routing
• routers determine next hop of a packet through the network
• Routing Table
FIT9137 43
Next week: Application Layer
FIT9137 44
FIT9137
Introduction to Computer
Architecture and Networks
Week 9: Application Layer
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
The
Application Layer
contains software that enables the
user to perform useful work.
FIT9137
Today
• Application Architectures
• Electronic Mail
FIT9137 4
Recap:
Layers and Protocols
FIT9137
Layers of Abstraction
Transport Transport
Network Network
Physical Physical
Network Packet IP
Physical Bit
FIT9137 8
FLUX Question: Routing
FK2HL1
FIT9137 9
Architectures
FIT9137
Application Architectures
client
Presentation logic
The user interface. Controls the application.
server
Data storage
Where the data is kept, e.g. files or data base.
FIT9137 11
Server-based Architecture
client
“dumb” terminal Client sends keystrokes to the
server, displays text according to
server’s instructions.
Problems:
Server can become a bottleneck.
Upgrade expensive and “lumpy”.
Presentation logic
server
Application / business logic
Data access logic
Data storage
FIT9137 12
Client-based Architecture
client
Presentation logic
Application / business logic
Data access logic
Problems:
All data must travel back and forth
between server and client.
server
Data storage
FIT9137 13
Client-Server Architecture
client
Presentation logic
Application / business logic
server
Data access logic
Data storage
FIT9137 14
Thin-Client Architecture
client
Presentation logic
Advantage:
Only one server needs updating.
server
Data access logic
Data storage
FIT9137 15
Multi-Tier Architecture
client
Presentation logic
server
Multi-tier
Application / business logic
architecture
server
Data access logic
Data storage
FIT9137 16
Peer-To-Peer Architecture
Presentation logic
client
Application / business logic
Data access logic
Data storage
All computers act as both
clients and servers.
Use local logic to access data stored on
another computer.
Presentation logic
client
Application / business logic
Data access logic
Data storage
FIT9137 17
FLUX question: Google Drive
Monash pays Google to provide vital services such as email,
calendars, and Google Drive, a cloud-based file storage.
1. Client-based
2. Thin client-server
3. Server-based
4. Client-server
FK2HL1
FIT9137 18
World Wide Web
FIT9137
What is HTTP?
What is HTML?
HTTP <html>…</html>
Internet
HTTP www.youtube.com
HyperText Transfer Protocol (HTTP)
• Defines how web browsers talk to web servers
• Hypertext:
A document containing links to other documents
FIT9137 21
FIT9137 22
Request - Response-Cycle
Response
HTTP <html>…</html>
Internet
Request
HTTP www.youtube.com
Basic HTTP session
client: GET /~guidot/test.html HTTP/1.1 Request line
Host: www.csse.monash.edu
Req. header
HTTP/1.1 200 OK
Response
server:
Date: Thu, 05 Mar 2015 08:30:48 GMT status
Server: Apache/1.3.26 (Unix)
Transfer-Encoding: chunked Response
Content-Type: text/html header
<html>
<body>
<h1>Guido Tack</h1> Response
<img src="images/guido3.jpg"> body
</body>
</html>
FIT9137 25
Date: Thu, 05 Mar 2015 08:30:48 GMT
Server: Apache/1.3.26 (Unix)
Basic HTTP session
Transfer-Encoding: chunked
Content-Type: text/html
<html>
<body>
<h1>Guido Tack</h1>
<img src="images/guido3.jpg">
</body
</html>
FIT9137 26
<img src="images/guido3.jpg">
Basic HTTP session
</body>
</html>
JFIFHH@ICC_PROFILE0appl mntrRGB
…
FIT9137 27
HTTP Methods
• GET:
Retrieve specified URL from server
• HEAD:
Retrieve only header for specified URL
• POST:
Add data specified in request body to specified URL
E.g. add a message to a web forum, or an item to a
shopping cart. Also retrieves document.
Request body
FIT9137 31
Adding state to HTTP
• Two approaches:
HTTP HTTP
GET /index.html
GET /index.html HTTP <html>…</html>
FIT9137 32
HTML
• HyperText Markup Language
• Example:
<html>
tag
<body>
link to other asset
<h1>ABM Russel</h1>
<img src=“images/russel.jpg">
<a href="http://www.w3c.org">W3C</a>
</body>
</html> link to other page
FIT9137 33
HTML + CSS
• Separation of structure and layout:
FIT9137 34
Electronic Mail
FIT9137
Electronic Mail
FIT9137 36
http://www.computerhistory.org/revolution/the-web/20/377/2329
SMTP Hi! How are you?
SMTP Hi! How are you?
alice@hotmail.com
smtp.live.com
Internet
smtp.gmail.com
bob@gmail.com
POP OK 2 messages
POP LIST
SMTP
alice@hotmail.com
smtp.live.com
Internet
SMTP
smtp.gmail.com
bob@gmail.com
POP/IMAP
Email Protocols
• Simple Mail Transfer Protocol (SMTP)
Hi Russel!
This is just a test.
Cheers, Body
Alice
.
250 2.0.0 Ok: queued as 85D5312004D
QUIT
221 2.0.0 Bye
FIT9137 41
MIME
• Multi-Purpose Internet Mail Extensions
FIT9137 42
MIME Example
--Apple-Mail=_DC544A01-B885-421C-B475-2DBBCF2DEE37
Content-Transfer-Encoding: base64 Represent image data
Content-Disposition: inline;
filename=guido3.jpg
as plain text!
Content-Type: image/jpeg;
name="guido3.jpg"
Content-Id: <B073584A-EAF2-4A30-9ACC-1368C9C2E846@iiNet>
/9j/4AAQSkZJRgABAQEASABIAAD/4gVASUNDX1BST0ZJTEUAAQEAAAUwYXBwbAIgAABtbnRyUkdC
IFhZWiAH2QACABkACwAaAAthY3NwQVBQTAAAAABhcHBsAAAAAAAAAAAAAAAAAAAAAAAA9tYAAQAA
AADTLWFwcGwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtk
c2NtAAABCAAAAvJkZXNjAAAD/AAAAG9nWFlaAAAEbAAAABR3dHB0AAAEgAAAABRyWFlaAAAElAAA
ABRiWFlaAAAEqAAAABRyVFJDAAAEvAAAAA5jcHJ0AAAEzAAAADhjaGFkAAAFBAAAACxnVFJDAAAE
vAAAAA5iVFJDAAAEvAAAAA5tbHVjAAAAAAAAABEAAAAMZW5VUwAAACYAAAJ+ZXNFUwAAACYAAAGC
ZGFESwAAAC4AAAHqZGVERQAAACwAAAGoZmlGSQAAACgAAADcZnJGVQAAACgAAAEqaXRJVAAAACgA
AAJWbmxOTAAAACgAAAIYbmJOTwAAACYAAAEEcHRCUgAAACYAAAGCc3ZTRQAAACYAAAEEamFKUAAA
ABoAAAFSa29LUgAAABYAAAJAemhUVwAAABYAAAFsemhDTgAAABYAAAHUcnVSVQAAACIAAAKkcGxQ
TAAAACwAAALGAFkAbABlAGkAbgBlAG4AIABSAEcAQgAtAHAAcgBvAGYAaQBpAGwAaQBHAGUAbgBl
AHIAaQBzAGsAIABSAEcAQgAtAHAAcgBvAGYAaQBsAFAAcgBvAGYAaQBsACAARwDpAG4A6QByAGkA
cQB1AGUAIABSAFYAQk4AgiwAIABSAEcAQgAgMNcw7TDVMKEwpDDrkBp1KAAgAFIARwBCACCCcl9p
Y8+P8ABQAGUAcgBmAGkAbAAgAFIARwBCACAARwBlAG4A6QByAGkAYwBvAEEAbABsAGcAZQBtAGUA
aQBuAGUAcwAgAFIARwBCAC0AUAByAG8AZgBpAGxmbpAaACAAUgBHAEIAIGPPj/Blh072AEcAZQBu
AGUAcgBlAGwAIABSAEcAQgAtAGIAZQBzAGsAcgBpAHYAZQBsAHMAZQBBAGwAZwBlAG0AZQBlAG4A
IABSAEcAQgAtAHAAcgBvAGYAaQBlAGzHfLwYACAAUgBHAEIAINUEuFzTDMd8AFAAcgBvAGYAaQBs
AG8AIABSAEcAQgAgAEcAZQBuAGUAcgBpAGMAbwBHAGUAbgBlAHIAaQBjACAAUgBHAEIAIABQAHIA
FIT9137
bwBmAGkAbABlBB4EMQRJBDgEOQAgBD8EQAQ+BEQEOAQ7BEwAIABSAEcAQgBVAG4AaQB3AGUAcgBz 43
Two-tier vs Three-tier mail
• Two-tier:
• Client-server architecture
• Three-tier:
• Thin client accesses web application
FIT9137 44
HTTP
SMTP <html>…</html>
Hi! How are you?
IMAP FETCH
HTTP
HTTP GET
Hi! /mail.html
How are you? www.hotmail.com
alice@hotmail.com
SMTP Hi! How are you?
IMAP OK FETCH COMP
Internet
smtp.hotmail.com
smtp.gmail.com
bob@gmail.com
Estimates:
between 50% and 70% of all emails are spam
FK2HL1
FIT9137 47
Telnet / SSH
FIT9137
Telnet session
FIT9137 49
Telnet in Wireshark
FIT9137 50
Telnet in Wireshark
t
c
r
e
p
u
s
FIT9137 51
Secure Shell (SSH)
FIT9137 52
Other Applications
FIT9137
File Transfer Protocol (FTP)
• Enables access to a file server over the network
FIT9137 54
Instant Messaging (IM)
• Examples: WhatsApp, Facebook Messenger, Tencent
QQ, Google Hangouts, Skype, Twitter…
• Client-Server application
FIT9137 57
Lab Week 10 Lab Overview
• SMTP
• Analysis HTTP
FIT9137 58
Next week
Network Security
- type of threats
- encryption
- intrusion prevention
FIT9137 59
FIT9137
Introduction to Computer
Architecture and Networks
Week 10: Computer and Network Security
FIT9137
Unit Topics
FIT9137 2
Today: Network Security
3 Goals
Availability Confidentiality
Integrity
FIT9137 3
Today: Network Security
• medical records
• private photos
• internal emails
FIT9137 4
Today: Network Security
Make sure data has not been altered or destroyed
• messages are received as sent:
no duplication, insertion, modification, reordering!
• non-repudiation:
cannot deny having sent or received a message
Integrity
FIT9137 5
Today: Network Security
Provide continuous
Availability operation of services
• ATM network
• Stock trading
• Emergency services
• Moodle assignment
submission
FIT9137 6
3 Goals
Availability Confidentiality
Integrity
FIT9137 7
Authentication
Ensure that
• the communicating entities are who they claim to be
• ATM PIN
• Biometric passports
FIT9137 8
Access Control
Ensure that
• only authorised entities can access systems and
applications
Relies on authentication!
Examples
• Swipe cards
1. Yes, always.
2. No.
3. I don’t know.
FK2HL1
FIT9137 10
Threats
potential adverse occurrences
that may cause harm
FIT9137
Types of Threats
Availability / business continuity
• loss or reduction of network service
Intrusion
• unauthorised access to company resources
FIT9137 12
Malware - malicious software
Potential targets
• identity theft
FIT9137 13
Malware - malicious software
Viruses
• spread when infected files are accessed
Worms
• special type of virus that spreads without human
intervention
FIT9137 14
FLUX Question: Malware
Have you been the target of a malware attack?
3. Yes: ransomware/adware
(worm installed itself that showed unwanted ads or asked for
money to unlock computer)
4. No
5. Other FK2HL1
FIT9137 15
Example: Stuxnet
Targeted cyber-sabotage attack
• delay Iranian Uranium enrichment
FIT9137 16
Example: Stuxnet
1. Availability
2. Integrity
3. Confidentiality
4. Authentication
FK2HL1
FIT9137 18
Example: Carbanak
https://youtu.be/wUU8bAVgx80
FIT9137 19
Security Holes
Flaws in network software
• permit unintended access to the network
Zero-day exploits
• hole that is exploited before anybody knows about it
FIT9137 20
Denial of Service
Flood a server with messages
• server may crash under the load
FIT9137 21
TCP SYN Flood
Send lots of TCP SYNs
• remember 3-way handshake:
client sends SYN
sever sends SYN/ACK
client sends ACK
FIT9137 22
TCP SYN Flood
Bot under our
control
Client, requesting
data
FIT9137 23
ICMP Flood
Send broadcast ping requests with fake source
• you need control of a computer in a large LAN
FIT9137 24
ICMP Flood
Bot under our
control
Client, requesting
data
ping -s 1000 -fb 10.0.0.255
FIT9137 25
Baidu-GitHub Attack
http://arstechnica.com/security/2015/03/github-battles-largest-ddos-in-sites-history-targeted-at-anti-censorship-tools/
FIT9137 26
Baidu-GitHub Attack Two targets:
github.com/greatfire
Client github.com/cn-nytimes
Insert malicious
HTTP OK
JavaScript
HTTP OK
HTTP GET
HTTP OK Baidu server
GitHub server
FIT9137 27
Intrusion
Casual intruders
• limited knowledge ("trying doorknobs"), e.g. using neighbours'
WLAN
Criminals ("crackers")
• breaking into computers for espionage, fraud etc
Employees
• use their legitimate access to the internal network
FIT9137
Countermeasures: Physical Security
FIT9137 30
Countermeasures: Malware
Anti-virus software
• checks disk files, emails and running programs
OS updates
• fix security bugs that enable malware to enter a
system
FIT9137 32
Countermeasures: DoS/DDoS
Traffic filtering
• e.g. never reply to broadcast pings
Traffic limiting
• when too many packets are coming in, limit the traffic
• this may filter legitimate packets, but may keep the service
accessible
FIT9137 33
Firewalls
Prevent intrusion by securing the perimeter
• no unauthorised access to machines inside your network
Firewall
• can be router, special purpose computer, or client software
Main types
• packet-level firewalls (packet filters)
• application-level firewalls
FIT9137 34
Packet-level firewall
Examines headers of every packet passing through
• defines rules to determine which packets are
acceptable
FIT9137 35
Application-level firewall
Examines application-layer packet contents
• can scan for known attacks on application-layer
server software
Compared to packet-level
• more computationally expensive
FIT9137 36
DMZ
De-Militarized Zone
• A part of a company network that is accessible from
the Internet
FIT9137 37
DMZ
FIT9137 38
Example: iptables
Implements packet-level filtering in the Linux kernel
• configure using the iptables command
Intrusion prevention
• after 5 incorrect logins, add IP to firewall for an hour
FIT9137 41
Example: fail2ban
detected
intrusion
attempts
firewall rules:
DROP packets
from intruders
simulated
attack
FIT9137 42
Encryption
FIT9137
Encryption
Our only tool to ensure confidentiality and integrity!
• disguise information using mathematical rules
Strength of an encryption
• if key is random and same length as the message, it is
provably impossible to recover the message without
the key
'gB^ca^t2el8rLLP]eCKb`AsS_Xr^_?O
MySecretKey MySecretKeyMySecretKey
This is a message I want to send
(ciphertext - key) % 255
FIT9137 45
Symmetric Encryption
Data Encryption Standard (DES)
• developed by US government and IBM
Other standards
• 3DES (triple DES): effectively 168 bit key
FIT9137 46
FLUX Question: Brute Force
The 56 bit DES encryption standard was broken by a $10,000 machine
in less than a day with a brute force attack (trying all possible keys).
How long, do you think, would it take to break a key with 100 bits
using the same hardware?
1. A month
2. A year
3. 10,000 years
• chicken-and-egg problem…
• From their own secret key and the other’s public key,
they can generate a shared secret!
FIT9137 48
Diffie-Hellman, Paint Analogy
Alice Bob
base colour
secret colours
FIT9137 49
Diffie-Hellman, Paint Analogy
Alice Bob
base colour
secret colours
difficult to
“unmix”, so
Alice still mix base and secret
doesn’t know to make public colour
Bob’s secret
mix contains mix contains
base + both public colours are
base + both
secrets exchanged
secrets
FIT9137 50
Public-Key Cryptography
Key exchange
• Alice and Bob can create a shared secret by
exchanging only publicly available information
Maths
• we need a mathematical operation that is hard to
reverse (to “unmix”)
FIT9137 51
Maths
1. Alice and Bob agree on a value g=5 (can be public) and
prime modulo p=23
FIT9137 53
Asymmetric Encryption
Also known as Public Key Encryption (PKE)
• uses pair of public and private keys
Characteristics
• longer keys than symmetric (512 bits to 2048 bits)
• digital signatures
FIT9137
Transport Layer Security (TLS)
can be used by
POP, IMAP, any other… HTTPS
other application HTTP
TLS
Transport (TCP)
add security layer
Network (IP)
between TCP and
application Data Link (Ethernet)
Physical
FIT9137 57
SSL/TLS
SSL (Secure Sockets Layer)
• originally developed by Netscape
TLS
• IETF standardised successor to SSL as TLS 1.0
(1999)
FIT9137 58
How TLS works
FIT9137 59
Authenticating web servers
How do we know this is really the
Monash server?
FIT9137 61
WannaCry
Ransomware attack, May 2017
FIT9137
WannaCry ransomware
Attack started on 12 May 2017
• Targets computers running Windows
• Who is to blame?
FIT9137 65
Summary
Security is important
• billions of dollars at stake
Goals
• confidentiality, integrity, availability
Countermeasures to threats
• physical security
• firewalls
• encryption
FIT9137 66
Lab Week 11 Lab Overview
• Encrypting Files
• Firewalls/DMZ
FIT9137 67
Next week
Backbone networks
- how to connect LANs
- lease lines
FIT9137 68
FIT9137
Introduction to Computer
Architecture and Networks
Week 11: Backbones, MANs and WANs
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Today
Backbone networks
• Connecting LANs
• Based on switches
• Virtual LAN
FIT9137 3
Backbone Networks
FIT9137
Backbone Networks
High speed links between LANs
• owned and operated by the company
Technology
• high-speed physical layer (often optical fibre)
FIT9137 5
Switched Backbone
Floor Ethernet Switch
(Access Layer)
Building Distribution
Switch
(Distribution Layer)
Precinct Switch
Precinct Router
(Core Layer)
(Core Layer)
FIT9137 6
Switched Backbones
Access +
distribution
in one rack
FIT9137 7
Switched Backbones
FIT9137 8
Switched Backbones
Rack-mounted switched
backbone
+ easy access for
maintenance and
upgrades
FIT9137 9
Rack-mounted switches
patch
cables
switches
Monash
communications
cabinet,
Bldg. H level 6
FIT9137 10
Rack-mounted switches
FIT9137 11
Rack-mounted switches
FIT9137 12
Backbone
FIT9137 13
FLUX Question: Large Subnets
What is a disadvantage of large switched backbones?
FIT9137 15
Virtual LANs
FIT9137
Virtual LANs (VLANs)
One switch - multiple subnets
• subnets configured in software (switch OS)
FIT9137 17
Multi-switch VLAN
Multi-switch VLAN-Based Subnets
…:aa:00:03
…:aa:00:50
VLAN ID: 20 IP: 179.58.20.1
VLAN ID: 10 IP: 179.58.10.1
VLAN ID: 30 IP: 179.58.30.1 …:aa:00:03
VLAN ID: 30
VLAN tag 10 IP: 179.58.30.7
trunk
Internal Network
179.58.0.0/24 VLAN ID: 20
IP: 179.58.20.11
…:aa:00:50
Internal Network
179.58.0.0/24 VLAN ID: 20
IP: 179.58.20.11
Internal Network
179.58.0.0/24 VLAN ID: 20
IP: 179.58.20.11
Limited broadcasting
• compared to switch-only backbones
Efficient
• faster, cheaper, easier to configure than routing
FIT9137 21
How does it work?
Switches insert 802.1Q tag
preamble
7 1 6 6 4 2 46-1500 4
• tag contains VLAN ID + priority code
Switch configuration
• network admin defines which VLANs span which
switches, and how switches are connected (trunks)
FIT9137 22
FLUX Question: QoS
Which of the following would benefit from the priority code in
802.1Q?
FIT9137
When use a WAN?
Connecting campuses
• need reliable, high-speed circuits
• packet switched
FIT9137 26
Dedicated Circuits
Leased full duplex circuits
• creates point-to-point link between locations
Providers
• common carriers (e.g. Telstra, Optus)
CSU/DSU
Common
Carrier Network
CSU/DSU
LAN LAN
FIT9137 28
T-Carrier Services
US standard for leased dedicated circuits
• introduced in 1961 for telephone services
Units
• T-1 (1.544 Mbps) = 24 simultaneous 64kbps channels,
each channel can carry a phone call
“Hierarchy”
• OC-1 = 51.84 Mbps
FIT9137 30
WAN Packet Switched Services
Ethernet or other
packet-switched LAN
LAN protocol
PAD
Point-of-
presence
Common (POP)
Carrier Network
PAD
FIT9137 31
Packet-switched WAN
No dedicated circuit
• carrier operates a packet-switched network
Connectionless vs connection-oriented
• similar to UDP vs TCP
FIT9137 33
Packet-switched standards
X.25
• oldest packet-switched standard (slow, up to 2Mbps)
Frame Relay
• unreliable connection (no error control)
• encapsulates packets
“Carrier Ethernet”
• same technology as in LAN
FIT9137 35
Virtual Private
Networks
FIT9137
Virtual Private Networks
Use Internet as the Packet Switched Network
• easily available
• flexible
LAN LAN
FIT9137 38
Types of VPNs
Intranet VPN
• connect LANs of the same organisation
Extranet VPN
• connect different organisations (e.g. a company with its
customers)
Access VPN
• allows employees to access company intranet over the Internet
FIT9137 40
VPN Demo
FIT9137 41
VPNs to “teleport” your IP address
VPNs to “teleport” your IP address
• companies want to restrict access to services based
on location
FIT9137 42
VPNs to “teleport” your IP address
VPNs to “teleport” your IP address
• companies want to restrict access to services based
on location
FIT9137 43
VPNs to “teleport” your IP address
VPNs to “teleport” your IP address
• companies want to restrict access to services based on
location
Encapsulating
Security
Payload
Addressed to destination
VPN gateway
LAN
192.168.10.68
FIT9137 45
IPsec - Internet Protocol Security
192.168.10.20
LAN
PPP IP UDP ESP IP TCP HTTP www.youtube.com
LAN
192.168.10.68
FIT9137 46
IPsec - Internet Protocol Security
192.168.10.20
LAN
LAN
192.168.10.68
FIT9137 47
VPN
Advantages Disadvantages
FIT9137 48
MAN/WAN Design
Evaluate demand
• required data rates
Design practices
• Start with flexible packet switching service (possibly VPN)
MAN/WAN
• Metro Ethernet very competitive compared to leased lines
FIT9137 50
Summary
Backbone networks
• core, distribution, access layers
• VLAN
MAN/WAN
• dedicated circuit, packet-switched, VPN
VPN
• create secure “tunnels” through the Internet
FIT9137 51
Lab Week 11 Lab Overview
• Virtual LANs
FIT9137 52
Next week
The Internet
FIT9137 53
FIT9137
Introduction to Computer
Architecture and Networks
Week 12: The Internet
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 2
Recap
We've seen all the technology!
• LANs are built using circuits and switches (Ethernet)
FIT9137 3
Today
How to access the Internet
• DSL, wireless technologies, NBN
FIT9137
FLUX Question: Internet Survey
How do you access the Internet?
(multiple answers possible)
1. ADSL
2. Cable modem
3. 3G/4G/LTE/5G
4. NBN
5. Only at Monash
FK2HL1
FIT9137 6
ADSL
Recall ADSL
• asymmetric: much more bandwidth for download
than for upload (crosstalk!)
• up to 24 Mbps
New developments
• VDSL: eliminate crosstalk in the DSLAM (like noise-
cancelling headphones), up to 100 Mbps
FIT9137 9
Wireless Internet
Long Term Evolution
• upgrade path for mobile operators from 2G/GPRS over 3G/UMTS to 4G
LTE Advanced
• fully satisfies 4G standard set by ITU-T
5G
• Multiplexing technologies
FIT9137 10
22.5
7.5
15
30
0
Mbps
South Korea
Hong Kong
FIT9137
Japan
Switzerland
Sweden
Netherlands
Ireland
Czech Republic
Singapore
Finland
United States
Belgium
Israel
Norway
Romania
Denmark
United Kingdom
Austria
Canada
Taiwan
Russia
Hungary
Germany
Poland
Slovakia
Portugal
Turkey
Uruguay
United Arab Emirates
Argentina
Mexico
Malaysia
Chile
China
Indonesia
Ecuador
Peru
South Africa
Colombia
Brazil
Panama
Costa Rica
Philippines
Vietnam
India
Venezuela
Paraguay
Bolivia
World Ranking of Internet Access Speed
11
NBN
Australia is building a National Broadband Network
• Fibre optic backbone (Gigabit Passive Optical
Network - GPON)
FIT9137 12
Passive Optical Networks
Use unpowered optical
splitters
• cheaper to deploy
• downstream traffic
broadcast to all
customers
retail
service
providers
owned by ISPs
121 points of
interconnect
owned and
operated by
NBN
network
termination
device
https://www.accc.gov.au/regulated-infrastructure/
communications/national-broadband-network-nbn/nbn-
wholesale-market-indicators-report/march-quarter-2020-
report
FIT9137 15
NBN
Australia is building a National Broadband Network
• Fibre optic backbone (Gigabit Passive Optical
Network - GPON)
• Customer connection:
FIT9137 16
Speedtest Global Index
Source: https://www.speedtest.net/global-index
FIT9137 17
The IPv4 problem
FIT9137
The IPv4 problem
Number of people accessing the Internet:
• current estimates: 2.8 billion
FIT9137 19
The IPv4 problem
Possible solutions:
• Move to IPv6 (but that’s not possible yet as a general
solution)
Port Dest
192.168.1.10
3528 192.168.1.10:123
S:192.168.1.10:123 156.45.12.32
192.168.1.1
S:156.45.12.32:3528
D:192.168.1.10:123
NAT firewall
router
192.168.1.11
private network
FIT9137 21
NAT in practice
Every WiFi modem/router does NAT
• ISP assigns you a single IPv4 address
Advantages
• Partially solves IPv4 address problem
FIT9137 22
Problems with NAT
Hosts have private IP
• you cannot (easily) run a server
FIT9137 24
The IPv6 transition
FIT9137
DNS and IPv6
What
should www.google.com map to?
;; QUESTION SECTION:
;www.google.com. IN ANY
IPv4 record
;; ANSWER SECTION:
www.google.com. 27 IN A 203.13.161.91
www.google.com. 3 IN AAAA 2404:6800:4006:801::2004
IPv6 record
FIT9137 26
Dual stack systems
Preferred
One device running IPv4 and IPv6 simultaneously
mechanism for
transition!
• routers: deal with both IPv4 and IPv6 traffic
Requirements
• clients and servers must be connected to dual-stack
routers
• Any IPv6 device in the router’s network can send IPv6 traffic
to the router, which will forward it to another router using IPv4
FIT9137 28
6to4
IPv6 IPv6
tunnelled in “island”
IPv4
IPv4
Internet 6to4 relay
IPv6
Internet
29
FIT9137
The Structure of the
Internet
FIT9137
Internet Structure
The network of ISPs
• We’ve seen how you connect to an ISP
Hierarchy of ASs
• Each ISP operates an AS
FIT9137 31
Internet Structure
Tier 3 ISP
Internet
Tier 3 ISP Exchance Point
Tier 2 ISP Tier 1 ISP
Tier 2 ISP
IXP
Tier 3 ISP
Tier 2 ISP Tier 2 ISP
Tier 2 ISP
Tier 2 ISP
Tier 2 ISP Tier 2 ISP
IXP
Tier 3 ISP Tier 2 ISP
Tier 2 ISP
Tier 3 ISP Tier 3 ISP
Tier 2 ISP
Tier 3 ISP
Tier 3 ISP Peers
Tier 3 ISP Tier 3 ISP
Tier 3 ISP
Tier 3 ISP
Tier 3 ISP
FIT9137 32
Peering
Tier-1 ISPs
• Large ISPs with large WANs
• connect at an IXP
IXP
• provides the hardware for several ISPs to connect
1. Hubs:
FK2HL1
all peers need to talk to each other
2. Switches:
peers need a layer-2 connection
3. Routers:
the traffic must be routed from one ISP to the other
4. NAT Firewalls:
the network addresses must be translated from one ISP to
the other
FIT9137 34
Inside an IXP
FIT9137 35
Inside an IXP
Logical Topology: Partial Mesh between peering ISPs
FIT9137 36
Inside an IXP
Physical Topology: star
FIT9137 37
Who owns the Internet?
We already know:
• Network of Autonomous Systems owned by
individual organisations
FIT9137 38
Internet Governance
No single organisation governs the Internet
ISOC (Internet Society)
• Internet Architecture Board (IAB)
FIT9137
The problem
The Internet has grown
FIT9137 41
The problem
The Internet has grown
• not only the number of hosts, but also their distance
FIT9137 43
DNS-based load balancing
Inside Monash network:
• PING www.google.com (216.58.220.132)
64 bytes from 216.58.220.132: time=13.752 ms
From Germany:
• PING www.google.com (173.194.112.176)
64 bytes from 173.194.112.176: time=1.43 ms
From France:
• PING www.google.com (74.125.21.105)
64 bytes from 74.125.21.105: time=104 ms
FIT9137 44
Dedicated Load Balancer
FIT9137 45
Content Caching
Store web data closer to users
• replicate web pages etc. in caches
CDNs
• operate servers in multiple locations
FIT9137 47
CDN explained by Akamai
https://youtu.be/IHEFubEQbMo
FIT9137 48
CDNs and Peering
Get close to your customers
• improves user experience (fast page load times)
FIT9137 49
The Internet of the
(near) Future
FIT9137
It’s all IP
Integration
• 4G mobile networks are IP-only
http://www.ted.com/talks/danny_hillis_the_internet_could_crash_we_need_a_plan_b
FIT9137 52
Mobile
Mobile access is growing fast
2019:
> 60 ExaBytes / month
2014:
<20 ExaBytes / month
FIT9137 54
Internet of Things
Connect all devices
• home automation (lights, heating)
• environmental sensors
• medical sensors
• machine-to-machine communication
FIT9137 55
https://www.ted.com/talks/marco_annunziata_welcome_to_the_age_of_the_industrial_internet
Security in the IoT
“The S in IoT stands for Security”
• IoT devices target mass market and need to be cheap
FIT9137 57
Dyn DDoS attack
Attack target: Dyn DNS servers
• Result: no DNS requests were answered
FIT9137 59
Summary
Access
• DSL, WiMax, 4G/5G, NBN
Organisation
• hierarchy of ISPs
• peering at IXPs
CDN
• deliver content efficiently by putting servers "close to the edge"
Future
• fast, mobile, everywhere (IoT, interplanetary)
FIT9137 60
FIT9137
Introduction to Computer
Architecture and Networks
Week 12: Revision & Review
Amin Sakzad and ABM Russel
FIT9137
Unit Topics
FIT9137 3
Unit Structure
FIT9137 4
Two Topics
FIT9137 5
Subnets
FIT9137
Network Classes
Previously used hierarchy:
• Class A: /8 (e.g. IBM, MIT, AT&T, Apple, …)
• Class C: /24
Example:
• Monash would buy a Class B network, and then be
able to create 256 Class C subnets inside
Now: classless
• e.g. /22, which can also be written as 255.255.252.0
FIT9137 7
Subnets
130.194.76.192 Backbone
130.194.76.253 network
130.194.40.13
130.194.76.191
Gateway routers
130.194.66.61
130.194.40.22
130.194.66.43
FIT9137 8
MAC address
IPv4 address
subnet mask
Routing
FIT9137
Layers of Abstraction
FIT9137 13
Recap: Subnets
130.194.76.192 Backbone
130.194.76.253 network
130.194.40.13
130.194.76.191
How do routers know
Gateway
where torouters
send
packets?
130.194.66.61
130.194.40.22
130.194.66.43
FIT9137 14
Routers
Routers connect networks
• Internet is a network of networks!
FIT9137 16
Routing example
Dest. Next Dest. Next
A A A C
dest: H
A G D G G G
H E H H
K E K C
Dest. Next
default C
C D
Dest. Next
default F
B E F
Dest. Next Dest. Next
A C A D
K G F G D H
H F H H
dest: A
K B K E
FIT9137 17
Types of routing
Centralized
• All clients connect to central computer, which makes
the routing decisions
Decentralized
• Each device makes its own decisions
FIT9137 18
Types of decentralised routing
Static routing
• Network manager prepares fixed routing tables
• Manually updated when the network changes
FIT9137 19
Dynamic Routing
FIT9137
Types of decentralised routing
Static routing
• Network manager prepares fixed routing tables
• Manually updated when the network changes
Dynamic routing
• Routers exchange information to build routing
tables dynamically
• Initial tables can be set up by network managers
FIT9137 21
Dynamic routing algorithms
Distance vector
• Exchange information about distance to destination,
choose shortest route
Link state
• Exchange information about quality of links, choose
fastest route
0
1 0 1
3 C D
2 3 2
Network G
Distance: 1 hop
Direction: interface 1 Network K
0 Distance: 2 hops
Direction: interface 0
B 2 E 1 F
K Interface number H
FIT9137 23
RoutingDest.Information
Dist. Interf. Protocol
Dest. Dist. Interf. (RIP)
A 0 0 C 0 0
A B 0 1 G 0 1 G
E 0 2 H 0 2
D 0 3 F 0 3
K 1 1 A 1 0
G 1 C3 B D1 0
H 1 3 E 1 0
F 1 3 K 2 0
B E F
Dest. Dist. Interf.
A 0 0
All routers send their routing
C 0 1
tables to all other routers. H
EK 0 2
K 0 3 Tables converge after some time.
FIT9137 24
Routing Information Protocol (RIP)
• Avoids loops
FIT9137 25
Link-state routing protocols
Routers exchange information about connectivity
• not just routing table (best routes)
FIT9137 26
Dijkstra's Shortest Path Algorithm
A ∞ tentative distance ∞ G
5 5
0 ∞
C 5 D metric
2 (lower=better)
1 1 2
20
∞ ∞ ∞
B 1 E 1 F
5
5
K H
∞ ∞
FIT9137 27
Dijkstra's Shortest Path Algorithm
A 5 ∞ G
5 5
0 5
C 5 D
2
1 1 2
20
1 1 ∞
B 1 E 1 F
5
5
K H
∞ ∞
FIT9137 28
Dijkstra's Shortest Path Algorithm
A 5 ∞ G
5 5
0 5
C 5 D
2
1 1 2
20
1 1 ∞
B 1 E 1 F
5
5
K H
∞ ∞
FIT9137 29
Dijkstra's Shortest Path Algorithm
A 5 ∞ G
5 5
0 5
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
∞ ∞
FIT9137 30
Dijkstra's Shortest Path Algorithm
A 3 ∞ G
5 5
0 5
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
6 ∞
FIT9137 31
Dijkstra's Shortest Path Algorithm
A 3 ∞ G
5 5
0 4
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
6 7
FIT9137 32
Dijkstra's Shortest Path Algorithm
A 3 ∞ G
5 5
0 4
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
6 7
FIT9137 33
Dest. Route
Dijkstra's Shortest
A B Path Algorithm
K B
A 3 G E 9 G
H E
5 5
0 4
C 5 D
2
1 1 2
20
1 1 2
B 1 E 1 F
5
5
K H
6 Shortest Path First (SPF) tree 7
FIT9137 34
Open Shortest Path First (OSPF)
Widely used in large enterprise networks
• OSPFv1 1987, OSPFv2 1991/1998, OSPFv3 for IPv6
1999
Link state
• Exchange information about quality of links, choose
fastest route
FIT9137
Autonomous Systems
Networks operated by a single organisation
• e.g. Monash University’s or your ISP’s network
Interior routing
• for routing packets within an AS
Exterior routing
• for routing packets between different AS
FIT9137 38
Internet Architecture
Interior routing
AS1
OSPF
BGP AS3
BGP
Border router BGP BGP
AS4
RIP BGP
AS2 BGP
BGP
OSPF
AS5
AS6
FIT9137 39
Exam
All lecture topics are examinable
– 2 hours and 15 mins exam
– 50% of total marks for unit
– Out of 100 marks
FIT9137 40
Exam Preparation
Mock exam on Moodle
• roughly same length as real exam
Additional consultation
• in week 13-15 (please check Moodle)
• by email at abm.russel@monash.edu
FIT9137 41
THANK YOU!
I really enjoyed teaching this unit.
FIT9137 42