Taxonomy of real time applications Applications Elastic tcp

  • Slides: 24
Download presentation
Taxonomy of real time applications Applications Elastic (tcp, udp) Download mp 3 Real time

Taxonomy of real time applications Applications Elastic (tcp, udp) Download mp 3 Real time Intolerant (remote surgery) Tolerant Nonadaptive Adaptive Rate adaptive (change video b/w) 1/8/2022 CSE 364: Computer Networks Delay adaptive (add delay) page 1

Qo. S Approaches 4 Fine grained - individual application or flows < Intserv <

Qo. S Approaches 4 Fine grained - individual application or flows < Intserv < E. g. for my video chat application 4 Coarse grained - aggregated traffic < Diffserv < E. g. All traffic from CSE (costs $$) 1/8/2022 CSE 364: Computer Networks page 2

Integrated Services 4 IETF - 1995 -97 time frame 4 Service Classes < guaranteed

Integrated Services 4 IETF - 1995 -97 time frame 4 Service Classes < guaranteed < controlled-load (tolerant, adaptive applications) = Simulates lightly loaded link 4 Mechanisms < signaling protocol: signals required service < admission control: rejects traffic that cannot be serviced < Policing: make sure that senders stick to agreement < packet scheduling: manage how packets are queued 1/8/2022 CSE 364: Computer Networks page 3

Flowspec 4 Rspec: describes service requested from network < controlled-load: none < guaranteed: delay

Flowspec 4 Rspec: describes service requested from network < controlled-load: none < guaranteed: delay target 4 Tspec: describes flow’s traffic characteristics < average bandwidth + burstiness: token bucket filter = token rate r and bucket depth B < must have a token to send a byte < must have n tokens to send n bytes < start with no tokens < accumulate tokens at rate of r per second < can accumulate no more than B tokens 1/8/2022 CSE 364: Computer Networks page 4

Per-Router Mechanisms 4 Admission Control < decide if a new flow can be supported

Per-Router Mechanisms 4 Admission Control < decide if a new flow can be supported < answer depends on service class < not the same as policing 4 Packet Processing < classification: associate each packet with the appropriate reservation < scheduling: manage queues so each packet receives the requested service 1/8/2022 CSE 364: Computer Networks page 5

Reservation Protocol 4 4 4 Called signaling in ATM Proposed Internet standard: RSVP Consistent

Reservation Protocol 4 4 4 Called signaling in ATM Proposed Internet standard: RSVP Consistent with robustness of today’s connectionless model Uses soft state (refresh periodically) Designed to support multicast Receiver-oriented Two messages: PATH and RESV Source transmits PATH messages every 30 seconds Destination responds with RESV message Merge requirements in case of multicast Can specify number of speakers 1/8/2022 CSE 364: Computer Networks page 6

RSVP Example (multicast) Sender 1 PATH R Sender 2 R PATH RESV (merged) R

RSVP Example (multicast) Sender 1 PATH R Sender 2 R PATH RESV (merged) R RESV R R Receiver A RESV Receiver B 1/8/2022 CSE 364: Computer Networks page 7

RSVP versus ATM (Q. 2931) 4 RSVP < receiver generates reservation < soft state

RSVP versus ATM (Q. 2931) 4 RSVP < receiver generates reservation < soft state (refresh/timeout) < separate from route establishment < Qo. S can change dynamically < receiver heterogeneity 4 ATM < sender generates connection request < hard state (explicit delete) < concurrent with route establishment < Qo. S is static for life of connection < uniform Qo. S to all receivers 1/8/2022 CSE 364: Computer Networks page 8

Differentiated Services 4 Problem with Int. Serv: scalability, Int. Serv operates in a per-flow

Differentiated Services 4 Problem with Int. Serv: scalability, Int. Serv operates in a per-flow basis 4 Idea: segregate packets into a small number of classes < e. g. , premium vs best-effort 4 Packets marked according to class at edge of network (ND will mark certain packets) 4 Core routers implement some per-hop-behavior (PHB) < Example: Expedited Forwarding (EF) =rate-limit EF packets at the edges < PHB implemented with class-based priority queues or Weighted Fair Queue (WFQ) 1/8/2022 CSE 364: Computer Networks page 9

Diff. Serv (cont) 4 Assured Forwarding (AF) < customers sign service agreements with ISPs

Diff. Serv (cont) 4 Assured Forwarding (AF) < customers sign service agreements with ISPs < edge routers mark packets as being “in” or “out” of profile < core routers run RIO: RED with in/out 1/8/2022 CSE 364: Computer Networks page 10

Chapter 8: Security 4 Outline < Encryption Algorithms < Authentication Protocols < Message Integrity

Chapter 8: Security 4 Outline < Encryption Algorithms < Authentication Protocols < Message Integrity Protocols < Key Distribution < Firewalls 1/8/2022 CSE 364: Computer Networks page 11

Overview 4 Cryptography functions < Secret key (e. g. , DES) < Public key

Overview 4 Cryptography functions < Secret key (e. g. , DES) < Public key (e. g. , RSA) < Message digest (e. g. , MD 5) 4 Security services < Privacy: preventing unauthorized release of information < Authentication: verifying identity of the remote participant < Integrity: making sure message has not been altered 1/8/2022 CSE 364: Computer Networks page 12

Secret Key (DES) 1/8/2022 CSE 364: Computer Networks page 13

Secret Key (DES) 1/8/2022 CSE 364: Computer Networks page 13

Public Key (RSA) 4 Encryption & Decryption c = memod n m = cdmod

Public Key (RSA) 4 Encryption & Decryption c = memod n m = cdmod n 1/8/2022 CSE 364: Computer Networks page 16

Message Digest 4 Cryptographic checksum < just as a regular checksum protects the receiver

Message Digest 4 Cryptographic checksum < just as a regular checksum protects the receiver from accidental changes to the message, a cryptographic checksum protects the receiver from malicious changes to the message. 4 One-way function < given a cryptographic checksum for a message, it is virtually impossible to figure out what message produced that checksum; it is not computationally feasible to find two messages that hash to the same cryptographic checksum. 4 Relevance < if you are given a checksum for a message and you are able to compute exactly the same checksum for that message, then it is highly likely this message produced the checksum you were given. 1/8/2022 CSE 364: Computer Networks page 18

Authentication Protocols 4 Three-way handshake Client Server Clien t. Id, E ( , C

Authentication Protocols 4 Three-way handshake Client Server Clien t. Id, E ( , C HK) Y E(y + , CHK ) ) SHK , K S ( E 1/8/2022 CSE 364: Computer Networks page 19

4 Trusted third party (Kerberos) 1/8/2022 CSE 364: Computer Networks page 20

4 Trusted third party (Kerberos) 1/8/2022 CSE 364: Computer Networks page 20

4 Public key authentication A B E(x , Pu blic B ) x 1/8/2022

4 Public key authentication A B E(x , Pu blic B ) x 1/8/2022 CSE 364: Computer Networks page 21

Message Integrity Protocols 4 Digital signature using RSA < special case of a message

Message Integrity Protocols 4 Digital signature using RSA < special case of a message integrity where the code can only have been generated by one participant < compute signature with private key and verify with public key 4 Keyed MD 5 < sender: m + MD 5(m + k) + E(k, private) < receiver = recovers random key using the sender’s public key = applies MD 5 to the concatenation of this random key message 4 MD 5 with RSA signature < sender: m + E(MD 5(m), private) < receiver = decrypts signature with sender’s public key = compares result with MD 5 checksum sent with message 1/8/2022 CSE 364: Computer Networks page 22

Key Distribution 4 Certificate < special type of digitally signed document: =“I certify that

Key Distribution 4 Certificate < special type of digitally signed document: =“I certify that the public key in this document belongs to the entity named in this document, signed X. ” < the name of the entity being certified < the public key of the entity < the name of the certified authority < a digital signature 4 Certified Authority (CA) < administrative entity that issues certificates < useful only to someone that already holds the CA’s public key. 1/8/2022 CSE 364: Computer Networks page 24

Key Distribution (cont) 4 Chain of Trust < if X certifies that a certain

Key Distribution (cont) 4 Chain of Trust < if X certifies that a certain public key belongs to Y, and Y certifies that another public key belongs to Z, then there exists a chain of certificates from X to Z < someone that wants to verify Z’s public key has to know X’s public key and follow the chain 4 Certificate Revocation List 1/8/2022 CSE 364: Computer Networks page 25

Firewalls 4 Filter-Based Solution < example ( 192. 13. 14, 1234, 128. 7. 6.

Firewalls 4 Filter-Based Solution < example ( 192. 13. 14, 1234, 128. 7. 6. 5, 80 ) (*, *, 128. 7. 6. 5, 80 ) < default: forward or not forward? < how dynamic? < stateful 1/8/2022 CSE 364: Computer Networks page 26

Proxy-Based Firewalls 4 Problem: complex policy 4 Example: web server 4 Solution: proxy 4

Proxy-Based Firewalls 4 Problem: complex policy 4 Example: web server 4 Solution: proxy 4 Design: transparent vs. classical 4 Limitations: attacks from within 1/8/2022 CSE 364: Computer Networks page 27

Denial of Service 4 Attacks on end hosts < SYN attack 4 Attacks on

Denial of Service 4 Attacks on end hosts < SYN attack 4 Attacks on routers < Christmas tree packets < pollute route cache 4 Authentication attacks 4 Distributed Do. S attacks 1/8/2022 CSE 364: Computer Networks page 28

TCP 18 v TCP TCP TCP socket bindTCP 18 v TCP TCP TCP socket bind
q TCP 18 IT COOKBOOK TCP TCP TCPq TCP 18 IT COOKBOOK TCP TCP TCP
TCP 1 n TCP TCP TCP socket bindTCP 1 n TCP TCP TCP socket bind
TCP Congestion Control TCP Tahoe TCP Reno TCPTCP Congestion Control TCP Tahoe TCP Reno TCP
q TCP 1 IT COOKBOOK TCP TCP TCPq TCP 1 IT COOKBOOK TCP TCP TCP
Elastic Potential Energy Questions Elastic Potential Energy ElasticElastic Potential Energy Questions Elastic Potential Energy Elastic
Elastic Potential Energy Questions Elastic Potential Energy ElasticElastic Potential Energy Questions Elastic Potential Energy Elastic
Taxonomy What is taxonomy Taxonomy is the branchTaxonomy What is taxonomy Taxonomy is the branch
TAXONOMY Taxonomy Taxonomy The discipline of classifying organismsTAXONOMY Taxonomy Taxonomy The discipline of classifying organisms
Classification and Taxonomy Modern Classification Taxonomy n TaxonomyClassification and Taxonomy Modern Classification Taxonomy n Taxonomy
Taxonomy Classification of Living Organisms Taxonomy Taxonomy TheTaxonomy Classification of Living Organisms Taxonomy Taxonomy The
Taxonomy Taxonomy An Introduction Taxonomy is the classificationTaxonomy Taxonomy An Introduction Taxonomy is the classification
Taxonomy Classifying organism Taxonomy Taxonomy is a fieldTaxonomy Classifying organism Taxonomy Taxonomy is a field
Taxonomy Biology 8A Taxonomy Learning Objectives Define taxonomyTaxonomy Biology 8A Taxonomy Learning Objectives Define taxonomy
Taxonomy of network applications Applications Real time TolerantTaxonomy of network applications Applications Real time Tolerant
TCP 8 TCP TCP EquationBased Congestion Control httpTCP 8 TCP TCP EquationBased Congestion Control http
TCP continued Discussion TCP Throughput TCP will mostTCP continued Discussion TCP Throughput TCP will most
TCP continued Discussion TCP Throughput TCP will mostTCP continued Discussion TCP Throughput TCP will most
TCP 10 TCP purpose TCP provides reliable dataTCP 10 TCP purpose TCP provides reliable data
Real Homes Real Community Real Commitment Real EstateReal Homes Real Community Real Commitment Real Estate
GET REAL Real Expectations Real Role Models RealGET REAL Real Expectations Real Role Models Real
The Elastic Wave Equation Elastic waves in infiniteThe Elastic Wave Equation Elastic waves in infinite
Low 2 Q Elastic Measurements 1 Hydrogen ElasticLow 2 Q Elastic Measurements 1 Hydrogen Elastic