Struktura e Internetit Rrjeti i rrjetave Opcion lidh

Struktura e Internetit : Rrjeti i rrjetave Opcion: lidh cdo ISP aksesi ne nje ISP global tranziti? KLientat dhe providerat ISP kane marreveshje biznesi access net … access net … … access net global ISP access net access net … access net …

Struktura e Internetit : Rrjeti i rrjetave Por duhet te jene disa ISP globale qe te kete konkurence …. access net … access net access net … … ISP A access net ISP B ISP C access net access net … … access net

Struktura e Internetit : Rrjeti i rrjetave Por duhet te jene disa ISP globale qe te kete konkurence …. Dhe keto ISP duhet te nderlidhen Internet exchange point access net … … net access net IXP access net … … ISP A IXP access net ISP B ISP C access net peering link access net … … access net

Struktura e Internetit : Rrjeti i rrjetave … dhe rrjeta rajonale mund te duhen per te lidhur rrjetat e aksesit access net … … access net IXP access net … … ISP A IXP access net ISP B ISP C access net regional net access net … … access net

Struktura e Internetit : Rrjeti i rrjetave … dhe providerat e pembajtjes (psh. , Google, Microsoft, Akamai ) mund te kene rrjetat e veta qe te sjellin sherbimet, permbajtjen prane perdoruesve access net … … access net IXP access net Content provider network IXP access net ISP B access net regional net access net … … access net … … ISP A access net

Struktura e Internetit : Rrjeti i rrjetave Tier 1 ISP IX P Regional ISP access ISP v access ISP Google access ISP IX P Regional ISP access ISP Ne qender: numer i vogel rrjetash te medha mire te lidhura § “tier-1 (rreshti i pare)” ISP komerciale (psh. , Level 3, Sprint, AT&T, NTT), mbulim kombetar e nderkombetar § Rrjetat providerave te permbajtjes (psh, Google): rrjet privat qe lidh qendrat e te dhenave te saj me Internet, shpesh duke tejkaluar Introduction 1 -6

Tier-1 ISP: psh. , Sprint POP: point-of-presence to/from backbone peering … … … to/from customers Introduction 1 -7

Chapter 1: roadmap 1. 1 Cfare eshte Interneti? 1. 2 rrjeti skajor § sistemet fundore, rrjetat e aksesit, linjat 1. 3 rrjeti qendror § transmetimi (kycja) me pakete, kycja me qark, struktura e rrjetave 1. 4 vonesa, humbje, sjellja ne rrjeta 1. 5 shtresat e protokolleve, modelet e sherbimeve 1. 6 rrjetat nen sulm: siguria 1. 7 histori Introduction 1 -8

Si ndodhin humbjet dhe vonesat? Paketat vihen ne rradhe ne buferat e routerave v v Ritmi i paketave ne arrdhje tejkalon (perkohesisht) kapacitetin e linkut te daljes Paketat presin tu vije rradha Pakete qe po transmetohet (vonesa) A B pakete ne rradhe (vonesa) Bufer i lire: paketat ne ardhje humben nese nuk ka bufera te lire Introduction 1 -9

Kater burimet e vonesave te paketave transmetimi A perhapja B Perpunimi ne nyje rradha dnodal = dproc + dqueue + dtrans + dprop dproc: perpunimi ne nyje dqueue: vonesa prej rradhes § Kontroll i gabimeve te biteve § Percakton linkun e daljes § Koha e pritjes ne linkun e daljes per transmetim § Varet nga niveli i bllokimit te ruterit Introduction 1 -10

Kater burimet e vonesave te paketave tranmetim A Perhapje propagation B Perpunim ne nyje (Processing) Rradha (queueing) dnodal = dproc + dqueue + dtrans + dprop dtrans: vonesa e transmetimit: § L: gjatesia e paketes (bits) § R: bandwidth i linkut (bps) dtrans and dprop § dtrans = L/R very different dprop: vonesa e perhapjes: § d: gjatesia e linkut fizik § s: shpejtesia e perhapjes ne mjedis (~2 x 108 m/sec) § dprop = d/s * Check out the Java applet for an interactive animation on trans vs. prop delay Introduction 1 -11

Analogjia me karvanin 100 km Karvan me Kontrolli/ 10 makina pagesa v v Makinat “perhapen” me shpejtesi 100 km/hr kontrolli do 12 sec per te sherbyer nje makine (koha e transmetimit te nje biti) makina~bit; karvani ~ paketa Pyetje: Sa kohe do qe karvani te rreshtohet perpara kontrollit te dyte? 100 km Kontrolli/ pagesa § Koha per te “shtyre” te gjithe karvanin nga kontroli ne autostrade = 12*10 = 120 sec § Koha e “perhapjes” se makines se fundit nga kontrolli i pare ne ate te dytin: 100 km/(100 km/hr)= 1 hr § Pergjigje: 62 minutes Introduction 1 -12

Analogjia me karvanin(me shume) 100 km Karvani me 10 makina v v v kontroll i takses 100 km kontroll i takses Supozo tani makinat “perhapen” me 1000 km/hr Dhe supozo kontrolli do nje min t’i sherbeje nje makine Pyetje: A do te arrijne makinat ne kontrollin e dyte perpara se te gjithe makinat te jene sherbyer ne kontrollin e pare? § A: Po! Mbas 7 min, makina e pare arrin ne kontrollin e dyte; tre makina jane akoma ne kontrollin e pare. Introduction 1 -13

v v v R: bandwidth i linkut (bps) L: gjatesia e paketes (bits) a: ritmi mesatar i arritjes se paketave average queueing delay Vonesa ne rradhes (e ripare) traffic intensity = La/R ~ 0: vonesa mesatare ne rradhe e vogel La/R -> 1: vonesa mesatare ne rradhe e madhe La/R > 1: me shume “pune” po arrin qe duhet sherbyer, vonesa mesatare infinit! * Check out the Java applet for an interactive animation on queuing and loss La/R ~ 0 La/R -> 1 Introduction 1 -14

Vonesat dhe rruget “reale” te Internetit Si duken vonesat dhe humbjet “reale” te Internetit? v Programi Traceroute: jep matjen e voneses nga burimi ne router gjate rruges ne Internet fillimfund deri ne arritje. Per te gjitha i: v § Dergon tre paketa qe do te arrijne cdo router i ne rrugen drejt arritjes § router i do te ktheje paketa tek derguesi § Derguesi mat intervalin e kohes midis transmetimit dhe pergjigjes. 3 probes Introduction 1 -15

Vonesat dhe rruget “reale” te Internetit traceroute: gaia. cs. umass. edu to www. eurecom. fr 3 matje te voneses nga gaia. cs. umass. edu ne cs-gw. cs. umass. edu 1 cs-gw (128. 119. 240. 254) 1 ms 2 border 1 -rt-fa 5 -1 -0. gw. umass. edu (128. 119. 3. 145) 1 ms 2 ms 3 cht-vbns. gw. umass. edu (128. 119. 3. 130) 6 ms 5 ms 4 jn 1 -at 1 -0 -0 -19. wor. vbns. net (204. 147. 132. 129) 16 ms 11 ms 13 ms 5 jn 1 -so 7 -0 -0 -0. wae. vbns. net (204. 147. 136) 21 ms 18 ms 6 abilene-vbns. abilene. ucaid. edu (198. 32. 11. 9) 22 ms 18 ms 22 ms 7 nycm-wash. abilene. ucaid. edu (198. 32. 8. 46) 22 ms trans-oceanic 8 62. 40. 103. 253 (62. 40. 103. 253) 104 ms 109 ms 106 ms link 9 de 2 -1. de. geant. net (62. 40. 96. 129) 109 ms 102 ms 104 ms 10 de. fr 1. fr. geant. net (62. 40. 96. 50) 113 ms 121 ms 114 ms 11 renater-gw. fr 1. fr. geant. net (62. 40. 103. 54) 112 ms 114 ms 112 ms 12 nio-n 2. cssi. renater. fr (193. 51. 206. 13) 111 ms 114 ms 116 ms 13 nice. cssi. renater. fr (195. 220. 98. 102) 123 ms 125 ms 124 ms 14 r 3 t 2 -nice. cssi. renater. fr (195. 220. 98. 110) 126 ms 124 ms 15 eurecom-valbonne. r 3 t 2. ft. net (193. 48. 50. 54) 135 ms 128 ms 133 ms 16 194. 211. 25 (194. 211. 25) 126 ms 128 ms 126 ms 17 * * * 18 * * Do te thote nuk ka pergjigje (probe e humbur, router nuk pergjigjet) 19 fantasia. eurecom. fr (193. 55. 113. 142) 132 ms 128 ms 136 ms * Do some traceroutes from exotic countries at www. traceroute. org Introduction 1 -16

Humbja e paketave rradha(ose buffer) e linkut paraardhes ne buffer ka kapacitet te fundem v Paketat qe arrijne kur rradha eshte plot hidhen (ose humben) v Paketat e humbura mund te ritransmetohennga nyja paraardhese, nga burimi ne sistem, ose te mos ritransmetohet v buffer (zona e pritjes) A Paketa qe po transmetohet B paketa qe po arrin ne nje buffer plot eshte humbur * Check out the Java applet for an interactive animation on queuing and loss Introduction 1 -17

Throughput - sjellja v throughput: ritmi (bite/ne njesine e kohes) me te cilen bitet transferohen midis derguesit /marresit § E castit: ritmi ne nje cast te kohes § mesatare: ritmi ne nje periudhe te gjate server, with bite serveri dergon file of F bitsme (ngjashmeri to send leng) to neclient tub link tubcapacity qe mban leng me Rsritem bits/sec Rs bits/sec) link tubcapacity qe mban leng me Rcritem bits/sec Rc bits/sec) Introduction 1 -18

Throughput (vazhdim) v Rs < Rc Sa eshte throughputi mesatar fillimmbarim? Rs bits/sec v Rc bits/sec Rs > Rc Sa eshte throughputi mesatar fillimmbarim? Rs bits/sec Rc bits/sec bottleneck link (linku me i ngushte) Linku ne rrugen fillim-fund qe kufizon throughputin fillim-fund Introduction 1 -19

Throughput: Skenari ne Internet throughput: min per lidhjen fillim-fund (Rc, Rs, R/10) v Ne praktike: Rc ose Rs eshte zakonisht bottleneck v Rs Rs Rs R Rc Rc Rc 10 lidhje (ne menyre te drejte) ndajnelinkun bottleneck R bits/sec Introduction 1 -20

Chapter 1: roadmap 1. 1 what is the Internet? 1. 2 network edge § end systems, access networks, links 1. 3 network core § packet switching, circuit switching, network structure 1. 4 delay, loss, throughput in networks 1. 5 Shtresat e protokollit, Modelet e sherbimit 1. 6 networks under attack: security 1. 7 history Introduction 1 -21

“Shtresat” e Protokollit Rrjetat jane komplekse, Me shume “pjese”: § hoste § routera § linke me mjedise te ndryshme § zbatime § protokolle § hardware, software Pyetje: A ka ndonje shprese per strukture te organizuar te rrjetave? …. Ose se paku diskutimi yne mbi rrjetat? Introduction 1 -22

Organizimi i udhetimit ajror bileta (blerje) bileta (complain) bagzhe (kontrol) bagazhe (claim) porta (hyrje) porta (dalje) ngritja e aeroplanit Ulje e aeroplanit airplane routing v Nje seri hapash Introduction 1 -23

Shtresezimi i funksioneve te fluturimit ticket (purchase) ticket (complain) ticket baggage (check) baggage (claim baggage gates (load) gates (unload) gate runway (takeoff) runway (land) takeoff/landing airplane routing airplane routing Qendrat e ndermjetme te konrollit te trafikut ajror Airport i arritjes Airporti I nisjes lshtresa: cdo shtrese implementon nje sherbim § Nepermjet veprimeve te tij brenda shtreses § Mbeshtetet ne sherbimet e dhena nga shtresa e meposhteme Introduction 1 -24

Pse shtresezim? Duke u marre me sisteme komplekse: v Strukture eksplicite lejon identifikimin, marrdheniet ndermjet pjeseve te sistemit kompleks § reference model reference i shtesezuar per diskutim v Modularizimi lehteson mirembajtjen, updating e sistemeve § Ndryshimi i implementimit te sherbimit te eshte transparent per pjesen tjeter te sistemit § P. sh, ndryshimi i procedurave ne porta nuk ndikon ne pjesen tjeter te sistemit v Shtresezimi i konsideruar i demshem? Introduction 1 -25

Internet protocol stack v zbatim: zbatime me mbeshtetje nga rrjeti § FTP, SMTP, HTTP v transport: trnsmetim te dhenash proces-proces § TCP, UDP v rrjet: routing i datagrameve nga burimi ne destinacion § IP, routing protocols v link: transferim te dhenash midis elemente komshinj ne rrjet zbatim transport rrjet link fizik § Ethernet, 802. 111 (Wi. Fi), PPP v fizik: bits “ne tel” Introduction 1 -26

ISO/OSI modeli i referimit prezantim: lejon zbatimet te interpretojne kuptimin e te dhenave, p. sh. , enkriptimi, kompresimi, konvencione specifike te makines v sesion: sinkronizim, kontroll, recovery of data exchange v Internet stack “nuk I ka” keto shtresa! v § Keto sherbime, nese kerkohen, duhet te implementohenne zbatime § Jane te nevojshme? zbatim prezantim sesion transport rrjet link fizik Introduction 1 -27

Enkapsulimi source message segment Ht M datagram Hn Ht M frame M Hl Hn Ht M application transport network link physical switch destination M Ht M Hn Ht Hl Hn Ht M M application transport network link physical Hn Ht Hl Hn Ht M M network link physical Hn Ht M router Introduction 1 -28

Chapter 1: roadmap 1. 1 what is the Internet? 1. 2 network edge § end systems, access networks, links 1. 3 network core § packet switching, circuit switching, network structure 1. 4 delay, loss, throughput in networks 1. 5 protocol layers, service models 1. 6 networks under attack: security 1. 7 history Introduction 1 -29

Siguria e Rrjetave v Fusha e sigurise se rrjetave: § Si munden te keqinjte te sulmojne rrjetat e kompjuterave § Si mund t’i mbrojme rrjetat nga sulmet § Si te projektohen arkitektura qe jane imune ndaj sulmeve v Interneti nuk eshte projektuar fillimisht me (shume) siguri ne mendje § Vizioni origjinal: “nje grup perdoruesish qe besojne njeri-tjetrin te lidhur me nje rrjet transparent” § Projektuesit e protokolleve te Internet duke u pershtatur kushteve § Konsiderata sigurie ne te gjitha shtresat! Introduction 1 -30

Te keqinjte: fut malware ne hoste nepermjet Internetit v malware mund te futet ne host nga: § virus: infektim qe vete replikohet duke marre/ekzekutuar objekte (psh. , e-mail attachment) § krimb: infektim qe vete replikohet duke marre ne menyre pasive objekte qe vete ekzekutohen v spyware malware mund te regjistroje keystrokes, web site te vizituara, upload info tek faqja e mbledhjes v Hostet e infektuara mund te futen ne botnet, te perdorura per spam. Sulmet DDo. S Introduction 1 -31

Te keqinjte: sulm servareve, infrastruktures se rrjetit Denial of Service (Do. S) (Mohim sherbimi): sulmuesit bejne resurset (server, bandwidth) te pamunduara per trafikun ligjitim duke mbingarkuar me trafik te rreme 1. zgjidh target 2. Thyerje ne hostet ne rrjet 3. Dergo paketa ne target nga hostet e komprementuara target Introduction 1 -32

Te keqinjte mund pergjojne paketat paket “sniffing”: § broadcast media (shared ethernet, wireless) § promiscuous network interface reads/records all packets (e. g. , including passwords!) passing by C A src: B dest: A v payload B wireshark software used for end-of-chapter labs is a (free) packet-sniffer Introduction 1 -33

Te keqinjte mund perdorin adresa te rreme IP spoofing: dergo paketa me adrese burimi te rreme C A src: B dest: A payload B … lots more on security (throughout, Chapter 8) Introduction 1 -34

Introduction: summary covered a “ton” of material! v v v v Internet overview what’s a protocol? network edge, core, access network § packet-switching versus circuit-switching § Internet structure performance: loss, delay, throughput layering, service models security history you now have: v v context, overview, “feel” of networking more depth, detail to follow! Introduction 1 -35