Presentation is loading. Please wait.

Presentation is loading. Please wait.


Similar presentations

Presentation on theme: "MSc WLAN, IP/TCP and COMM NETWORK Topics"— Presentation transcript:

By Prof R A Carrasco School of Electrical ,Electronic and Computer Engineering University of Newcastle Upon Tyne Ext: 7332

References [1] Tanenbaum, Andrew S., Computer Networks, Fourth Edition ed: Pearson Education International, 2003, ISBN: [2] Comer, Douglas E, Computer Networks and Internets with Internet Applications, Third Edition ed: Prentice Hall, 2001, ISBN: [3] Peterson, Larry L. & Davie, Bruce S., Computer Networks, A Systems Approach: Morgan Kaufman Publishers, 2000, ISBN: [4] Halsall, Fred, Data Communications, Computer Networks and Open Systems: Adison-Wesley Publishing, 1995, ISBN: X

3 Internet and Protocols
Advanced Research Projects Agency Network (ARPAnet), 1969. The protocols in the TCP/IP suite either use transport control protocols (TCP) or user datagram protocol (UDP) as the transport protocol. Low level functions such as File Transfer Protocol (FTP), the Internet Terminal Protocol (TELNET) and Electronic Mail ( ), remote logon. IP is responsible for moving packets of data from node to node. IP forwards each packet based on a four byte destination address (the IP number), different organisation, IP operates on a gateway machine. TCP is responsible for verifying the correct delivery of data from client to server. TCP adds support to detect errors or lost data to trigger retransmission until the data is correctly and completely received. Sockets is a name given to the package of subroutines that provide access to TCP/IP on most systems

4 The Internet Protocol was developed to create a Network of Networks (the
Internet). Individual machines are first connected to a LAN (Ethernet or Token Ring). TCP/IP shares the LAN with other users. One device provides the TCP/IP connection between the LAN and the rest of the World. A Network consisting of two or more far-apart LANs is a Wide Area Network (WAN) Typical Network consisting of Switches, Hubs and Routers are intermediary devices between clients and servers

5 The Network Layer in the Internet
The Internet can be viewed as a collection of sub-networks or autonomous systems (AS) that are connected together There is not real structure, but several major backbones exist These are constructed from high-bandwidth lines and fast routers Attached to the backbones are regional networks, and attached to these regional networks are LANs (Universities, companies etc.) The glue that holds the Internet together is the network layer protocol, IP

6 The Network Layer in the Internet
The Internet transmits data by packet switching using a standardised Internet Protocol (IP) IP Datagram The header has a 20-byte fixed part and a variable length optional part It is transmitted in big edian order from left to right with higher-order bit of the version field going first


8 Ethernet hub is a device for connecting multiple twisted pair or fibre Ethernet devices together.

9 [2]
Ethernet bridge connects multiple network segments at the data link layer ( layer 2 ) of the OSI model. D. E. Comer, "Computer Networks and Internets with Internet Applications," Prentice Hall, 2001, pp [2]

10 A router is a computer networking device that forwards data across networks towards their destination, through a process known as routing.

11 Modem is a device that modulates an analogue carrier signal to encode digital information and also demodulate such a carrier signal to decode the transmitted information.


13 Popular Wired LAN Standards
High-Level Data Link Control (HDLC) Ethernet (IEEE 802.3) Token Bus (IEEE 802.4) Token Ring (IEEE 802.5) A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp , pp , pp [1]

A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1] Frame format for bit-oriented protocols. 8 >0 16 address control Data Checksum

Seq P/F Next (a) 1 3 Type (b) Modifier (c) Control Field of An information frame A supervisory frame An unnumbered frame A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

16 PPP- Point to Point Protocol
Bytes Flag Address Control Protocol Payload checksum 1 1 or 2 Variable 2 or 4 The PPP full frame format for unnumbered mode operation

17 Ethernet (IEEE 802.3) Bus Topology
Carrier Sense Multiple Access with Collision Detection (CSMA/CD) 10 Bases denoting 10 Mbit/s

18 Ethernet (IEEE 802.3) Tap Transceiver Drop cable MAC Unit
Protocol Firmware Network Service Drop cable Transceiver Tap

19 Ethernet (IEEE 802.3) PR = Preamble SFD = Start Frame Data
SA FCS TYPE INFORMATION Data frame PR = Preamble SFD = Start Frame Data DA = Destination Address SA = Source Address TYPE = Type of data FCS = Frame Checksum

20 CSMA/CD MAC Protocol Station checks if there is data being currently transmitted (carrier sense) If no data is present, station begins to transmit data If two or more stations begin this process simultaneously, there will be a collision of frames Station monitors its own receiver output and compares with transmitted signal to detect when this occurs (collision detection)

21 CSMA/CD MAC Protocol If a collision is detected, the station aborts the transmission and sends a jamming signal to inform all other stations that a collision has occurred Transmitting stations that have caused the collision wait a randomly generated time interval before reattempting to transmit This avoids step-lock in terms of retransmission causing repeated collisions

22 Capacity Calculations
B delay Time TX - A TX - B T = Transmitted frame length

23 Capacity Calculations
TX-A TX-B 2 Sensing time Time to detect collision Collision interval Time to transfer information a =  / T The maximum propagation delay to frame length ratio The figure above allows a new frame to be transmitted immediately following the previous one, giving a frame rate of 1/T frames/sec

24 Capacity Calculations
If, on average K retries are necessary before the next frame can be transmitted (in a lightly loaded network k=0), then the average time for transmitting one frame, tv, is given by: tv = T +  + 2K = T + (1 + 2K) = T [1 + /T(1 +2K)] = T[1 + a(1+2K)] Where a=/T

25 Capacity Calculations
The utilisation factor, U, of the transmission medium is given by: U = T/tv = 1/(1+a(1+2k)) Let Pt be the probability constant for all stations over all time that any particular station wishes to transmit at the end of a specific 2 collision detection interval Pt = 2 λ ,(where λ is the rate of packets/s)

26 Capacity Calculations
For a successful event, one station transmits, but n-1 stations do not The probability of n successful transmissions p is therefore given by: p = nPt(1 - Pt)n-1 It can be shown by differentiating p with respect to Pt that the maximum value of the probability Pt is: Pt = 1/n Where n is the number of stations

27 Capacity Calculations
Consequently the maximum value of p is given by: pmax= n  1/n(1 – 1/n)n-1 = (1 – 1/n) n-1 If n→∞ then pmax → 1/e where e = 2.718… At the end of a 2 collision detection interval, a further collision occurs with probability 1-p, while a successful transmission occurs with probability P Thus, a sequence of K collision intervals occupying a time 2K sec, occurs with probability: P (k) = p(1-p)K at least one collision occurring

28 Capacity Calculations
The average number of collisions is therefore given by: k= Σk=1 kp(k) = Σk=1 kp(1-p) k-1 From this it can be proven that k=1/p, and we obtain the limiting utilisation: U = T/tv = 1/(1+a(1+2k)) Umax = 1 / (1+a(1+22.718)) = 1/(1+6.44a)

29 Utilisation with different values for the a parameter

30 Ethernet Exercises Problem: A certain Ethernet system has a maximum bus delay of 16 μsec, and operates with a bit rate of 10 Mbit/sec. Each frame is 576 bits in length. Determine the maximum utilisation factor of the medium under collision conditions For the system above, calculate the actual capacity if there are 15 active stations, each with an equal amount of data to transmit

31 Token Ring (IEEE 802.5) Ring Structure SD AC FC DA SA FCS ED FS
INFORMATION Data frame SD AC ED Token frame

32 Token Ring Frame Structures
SD = Start Delimited (1 octet) AC = Access Control (1 octet) FC = Frame Control (1 octet) DA = Destination Address (2/6) FCS = Frame Check (4) ED = End Delimiter (1) FS = Frame Status (1)

33 Trunk Coupling Unit (TCU)
Token Ring MAC Unit Protocol Firmware Network Service Drop cable Ring cable Trunk Coupling Unit (TCU)

34 Token Ring A C B D Free Token A C B D A C B D A C B D
A removes the data frame A generates data frame for station A Busy Token Free Token

35 Capacity Calculations
Empty Ring C = Capacity (bits/sec)  = Propagation time around ring N = Number of stations L = Delay of L bits in each station on the ring (station latency)

36 Capacity Calculations
The ring latency is given by: TL =  + (NL)/C The free token is 24 bits (3 bytes) in length, thus the maximum waiting time, if no other station is transmitting, is given by: Tmax,empty = (24/C + TL)

37 Capacity Calculations
Full Ring Consider a full ring, where all stations have data to transmit Each station can only transmit when it has the token If each frame is limited to M bytes, the transmission time is: T = 8M/C The maximum waiting time is: Tmax, Full = (N-1)(T+TL)

38 Capacity Calculations
Exercise A 4Mbit/s ring has 50 stations, each with a latency of 2 bits, the total length of the ring is 2km, and the propagation delay of the cable is 5μs/km Determine the maximum waiting time when the ring is empty, and when all stations are transmitting. A full frame is 64 bytes in length

39 Capacity Calculations
Loaded Ring Traffic load of λi frame/sec T = Time when transmitted on the ring for each frame Tc = time interval elapsed before the free token arrives ti = λiTcT

40 Capacity Calculations
The maximum waiting time experienced by every station on the ring Tc is given by: Tc = TL + ΣNi=1 ti = TL + tc ΛT Where Λ = ΣNi=1 λi Here the parameter Λ represents the gross input to the ring in frame/sec Tc/TL = 1 / (1-U) and U = ΛT

41 Tutorial: Network Systems and Technologies by Professor R. A. Carrasco
1)      Describe the basic differences between a wide area network and a local area network in terms of: a)      Structure b)      Operation 2)      The techniques of passing information from node to node across a broadcast network differ according to the type of configuration employed. Compare the methods used for bus and ring networks. 3)      a) What is a baseband LAN?     What is a broadband LAN? b) What are the advantages of using a star ring architecture in a computer network? What are its disadvantages? 4)      Describe the effects of a complete failure of a node in the operation of the following network configurations: a bus a ring a star 5)      List the seven layers of the CCITT ISO architecture for network communications. a)      Describe their function and justify the existence of each one. b)      Which layers are essential to LAN communications and why?

42 6)      Assuming HDLC protocol
a)      Distinguish between the normal response mode and the asynchronous mode of working. How are they defined in the HDLC frame structure? b)      How is flow control achieved through this frame structure? 7)      Describe the function of the logical link control and medium access control layers as defined in the IEEE 802 standards and indicate their relationship with the lower protocol layers in the ISO seven-layer reference model. 8)      a) Describe the basic differences between circuit switching, message switching and packet switching. b) Give examples of each switching technique. Advantages and disadvantages of switching  techniques. c) For packet switching technique: give an example. How will the network handle stream of packets? 9)      i) Discuss IEEE 802 standards and frame format for CSMA/CD, token bus, token ring, (logical link control), 802.3, and standards. ii) Briefly discuss the comparison of 802.3, and standards. 10)  Imagine two LAN bridges, both connecting a pair of networks. The first bridge is faced with byte frames per second that must be forwarded. The second is faced with byte frames per second. Which bridge do you think will need the faster CPU? Discuss. 11)  Suppose that the two bridges of the previous problem each connected an LAN to an LAN. Would that change have any influence on the previous answer?

43 12) A bridge between an 802. 3 LAN and an 802
12)  A bridge between an LAN and an LAN has a problem with intermittent memory errors. Can this problem cause undetected errors with transmitted frames, or will these all be caught by the frame checksums? 13)  A large FDDI ring has 100 stations and a token rotation time of 40 msec. The token holding time is 10 msec. What is the maximum achievable efficiency of the ring?

44 A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp

45 The Internet uses almost exclusively TCP for layer 4 and IP for layer 3
Clients and servers typically implement all of the seven OSI layers whilst hubs and switches are only aware of MAC addresses Routers are aware of network address (IP addresses), a layer 3 switch is really a fast router Routing protocols differ from routed protocols since they dynamically determine routing and the route taken by one packet can be different to that of another packet taking place in the same transaction. Transmission Control Protocol (TCP) is a transport layer protocol layered on top of IP and below the application layer SMTP, Telnet, FTP, HTTP(web) etc.

46 Transmission Control Protocol (TCP)
(RFC 793) Van Jacobson’s algorithm Karn’s algorithm Nagle’s Algorithm


48 IEEE 802.x, TCP/IP and ISO/OSI Architecture Comparison
Application Transport Network (IP) Ethernet TCP/IP Application Presentation Session Transport Network Data Link Physical ISO/OSI IEEE 802.x IEEE 802.2 IEEE 802.3 IEEE 802.4 IEEE 802.5 IEEE 802.6


50 SMTP (Simple Mail Transfer Protocol)
Simple Mail Transfer Protocol is the de facto standard for transmission across the internet. This is a text based protocol. SMTP uses TCP port 25. FTP (File Transfer Protocol) FTP is used to connect two computers over the internet so that users of one computer can transfer files and perform file commands on the other computer. TELNET (TELe type NETwork) TELNET is a network protocol based on the internet or the local area network (LAN) connections. The term telnet also refers to software which implements the client part of the protocol.

51 DNS (Domain Name System)
Domain Name System ( DNS) stores and associates many types of information with translation of domain names ( computer host names ) to IP addresses. SNMP (Simple Network Management Protocol) SNMP is used by network management system to monitor network attached devices for conditions that warrant administrative attention ( Application Layer, database scheme, date objects) TFTP (Trivial File Transfer Protocol) TFTP is a very simple file transfer protocol ( basic form of TFTP). TFTP is therefore useful for booting computers such as routers which doesn’t have any mass storage devices.

52 ARP (Address Resolution Protocol)
ARP is a protocol used by the internet protocol (IP) specifically IPV4, to map P network addresses to the hardware addresses used by the data link protocol. RARP (Reverse Address Resolution Protocol) RARP is a network layer protocol used t resolve an IP address from a given hardware address. It has been rendered obsolete by BOOTP and modern DHCP ( Dynamic Host Control Protocol ). ICMP (Internet Control Message Protocol) ICMP is one of the core protocols of the internet protocol suite. IGMP (Internet Group Message Protocol) IGMP is a communication protocol used to manage the membership if internet protocol multicast groups.

53 A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp

54 IP The IP is the internetworking protocol that offers a service with the following characteristics: It is connectionless, so units of network layer data protocol ,denominated datagram in the IP context, are dealt with in an individual way from the source host up to the destination host It is not reliable. The data-grams can be lost, duplicated, or disordered, and the network does not detect or report this problem A. S. Tanenbaum, "Computer Networks," Pearson Education, 2003, pp [1]


56 IP Header format The version field keeps track of which version of the protocol the datagram belongs to. Hlen is provided to tell how long the header is in 32-bit words The type of service field allows the host to tell the subnet what kind of service it wants. Various combinations of reliability and speed are possible. The three flag bits allow the host to specify what it cares most about from the net [delay, throughput, reliability] The total length includes everything in the datagram – both header and data

57 IP Header Format The identification field is needed to allow the destination host to determine which datagram a newly arrived fragment belongs to. All the fragments of a datagram contain the same identification value DF = Don’t Fragment MF = More Fragment The fragment offset tells where in the current datagram this fragment belongs The time to live field is a counter used to limit packet lifetimes The protocol field tells it which transport process to give it to, TCP, UDP and some others

58 IP Header Format The header checksum verifies the header only. Checksum is useful to detecting errors generated by bad memory words inside a router The source address and destination address indicate the network number and host numbers The option field was designed to provide an escape to allow subsequent version of the protocol to include information not present in the original design Option Description Security Specifies how secret the datagram is Strict source routing Gives the complete path to be followed Loose source routing Record route Timestamp Gives a list of routers not to be missed Makes each router append its IP address Makes each router append its address and timestamp

59 Fragmentation The IP-level datagram must be encapsulated in a lower network level packet to travel in the network The rules for the fragmentation are as follows: The size of the resulting fragments must be a multiple of an octet so that the data displacement records, offset, within the datagram are done correctly The size of the fragments are freely chosen The gateway must accept datagram with a greater size than that of the network they are connected to. This is so larger datagram can be admitted to the network The host and gateways must handle datagram larger than 576 octets

60 D. E. Comer, "Computer Networks and Internets with Internet Applications," Prentice Hall, 2001, pp [2]





65 ARP Address Resolution Protocol
The IP packet are sent encapsulated in LAN or WAN frame such as Ethernet, token ring or ATM Q. How does the host needs to know the correct Ethernet destination address to put in the frame? EtherDes EtherSour length IP header Payload A. It uses ARP to map from the IP destination address to the Ethernet destination address A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

66 ARP cont The host broadcasts an APR request packet which contains the IP address of the required station The station which has that IP address replies directly (unicast) returning the correct IP address Now the IP packet can be sent directly to the correct Ethernet address

67 Reverse Address Resolution Protocol (RARP)
Allows a station to determine its IP address from its hardware address A server can be configured to respond to RARP request automatically allocating IP address across the network Not used much nowadays, replaced instead by more powerful auto configuration protocols such as DHCP (Dynamic Host Configuration Protocol) A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

68 Dynamic Host Configuration Protocol DHCP
Allows a client to be configured automatically over the network. Means that machines do not have to have configured by hand New machines can be added to the IP network more easily Less chance of error (for example duplicate IP addresses being configured)

69 Domain Name Service DNS
IP addresses are very difficult to remember DNS translates easier to remember text names into IP address When a host requires a domain name translation it makes the request to its local Domain Name Server A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp ,. [1]

70 Domain Naming Each name in DNS can be split up a series of domains
E.g. uk=domain of the UK academic domain within the UK University domain within UK academic School of computing domain within Newcastle University within UK academic

71 Domain Name Servers Each domain name server is responsible domain
The first request will go to the server which is the local machine domain DNS server can react in 3 different way -DIRECT just send back the correct IP address -RECURSIVE if it doesn’t know the IP address make a request to another DNS server for the IP address then send back the IP address -INDIRECT send back the IP address of another DNS server

72 The change from IPv4 to IPv6 falls primarily into the following categories:
Expanded Addressing Capabilities IP address size from 32 bits to 128 Header format simplification Improved support for extensions and options Flow labelling capability Authentication and privacy capabilities

73 IPv6 extension headers [2] [1]
D. E. Comer, "Computer Networks and Internets with Internet Applications," Prentice Hall, 2001, pp [2] A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

74 Order of extension headers for IPv6

75 Option header formats Hop-by-hop extension IPv6 options header Routing Extension IPv6 header

76 Routing type 0 header

77 Fragment extension IPv6 header
TCP and UDP “pseudo-header” for IPv6

78 Tutorial Sheet:  Network Systems and Technologies   by Prof R. A. Carrasco
1)      What is the principal difference between connectionless communication and connection-oriented communication? 2)      Two networks each provide reliable connection-oriented service. One of them offers a reliable byte stream and the other offers a reliable message stream. Are these identical? If so, why is the distinction mode? If not, give an example of how they differ. 3)      What are two reasons for using layered protocols? 4)      Give two example applications for which connection-oriented service is appropriate. Now give two examples for which connectionless service is best. 5)      Are there any circumstances when a virtual circuit service will (or at least should) deliver packets out of order? Explain. 6)      Datagram subnets route each packet as a separate unit, independent of all others. Virtual circuit subnets do not have to do this, since each data packet follows a predetermined route. Does this observation mean that virtual circuit subnets do not need the capability to route isolated packets from an arbitrary source to an arbitrary destination? Explain your answer. 7)      What does ‘negotiation’ mean when discussing network protocols? Give an example of it.

79 8)      Give three examples of protocol parameters that might be negotiated when a connection is set up.
9)      Discuss the advantages and disadvantages of message switching over circuit switching and performance comparison. 10)  Discuss the advantages/disadvantages of packet switching over circuit switching (and performance comparison) 11)  Discuss the characteristics and medium access control techniques of Broadcast Networks. 12)  Describe the routing functions attributes and their elements. 13)  Describe the following routing strategies: Fixed Routing Flooding Random Routing Adaptive Routing

80 TCP Transmission Control Protocol
Services -Guarantees end to end delivering of packets -Control the flow of data from host to host and host into the network -Multiplexing, the TCP header has a port number which is used to determine which application should receive the packet A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

81 TCP Datagram Format, RFC 793
A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

82 TCP Client Ports Q. If you have a computer running an package, 2 web browsers (e.g. Netscape and IE) how does the compute know when a TCP/IP packet arrives which application should receive the packet? A. Each application sets up its connection using a different port number, when the replies come back from the server the port number is used to send the packet to the current connection.

83 TCP SERVER PORTS The server must respond to client requests
Q. How does the client know which port to send its request to? A. “Well known port numbers” are assigned to particular services

84 TCP Error control The acknowledgment (ack) and sequence number fields are used to guarantee delivery of packets to the destination For each packet sent out an ack must be sent back. If no ack is sent back within a certain time the packet is sent again. Each new packet to be transmitted is allocated a new sequence no. the returning ack no. informs the sender of the next expected sequence no. The sequence no. is used to keep the packets in order

85 TCP flow control The window size field is used by the receiver to control the flow of packets from the sender. If the receiver sets the window size to 400 the sender is only allowed to send 400 bytes before stopping. The receiver can stop the sender by setting the window size to 0

86 TCP congestion control
TCP uses a slow start algorithm to initially limit a new connection’s bandwidth. This is so that the connection does not overload the network infrastructure TCP increases the flow of data into the network until an ack timeout occurs it will then cut back

87 UDP User Datagram Protocol
Services -provides port allocations the same as TCP -does NOT guarantee delivery -does not guarantee sequencing -useful when speed is more important than reliability e.g. Internet telephony A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

88 User Datagram Protocol (UDP), RFC 768
Source Port Destination Port Length Field The Checksum Internet Protocol IP RFC 791, RFC 792, RFC 826 IPv4, IPv6

89 Applications of UDP Appropriate when
- transport layer overhead must be minimized or - data reliability is not crucial - Services such as NFS, DNS, SNMP and Voice over IP (VoIP) use UDP

90 Sockets A socket allows applications to send and receive data.
Socket references TCP sockets UDP sockets Sockets bound to ports TCP ports 1 2 65535 1 2 65535 UDP ports TCP UDP IP A socket allows applications to send and receive data. It allows an application to connect to a network and communicate with other applications on that network Stream sockets use TCP as the end-to-end protocol with IP underneath Datagram sockets use UDP end-to-end with IP underneath A TCP/IP socket is uniquely identified by an Internet address, type of protocol and a port number

91 Relationship of Socket Classes
TcpListener TcpClient Class UdpClient Class .NET Framework Classes Socket Class Underlying Implementation WinSock 2.0 Implementation WinSock was developed by Microsoft and provides standard socket functions. The .NET framework provides higher level classes to simplify programming tasks. The .NET socket class allows access to the underlying sockets interface. TcpListener, TcpClient and UdpClient are higher level .NET socket classes that are implemented using the .NET Socket wrapper class.

92 TCP Sockets The .NET framework provides two classes for TCP: TcpClient and TcpListener .NET uses the EndPoint class and IPEndPoint subclass to represent the TCP channel. Communication with a TCP client is initiated in three steps: Construct an instance of TcpClient Communicate using the socket’s stream Close the connection

93 TCP Client and Echo server in C#
0. using System; //For string, Int32, Console, ArgumentException 1. using System.text; //For Encoding 2. using System.IO; //For IOException 3. using System.Net.Sockets //For TcpClient, NetworkStream, SocketException 4. 5. class TcpEchoClient{ 6. 7. static void Main(string[] args){ 8. 9. if ((args.Length < 2) || (args.Length > 3)) { // Test for correct no of args 10. throw new ArgumentException(“Parameters: <Server> <Word> [<Port>]”); 11. } 12. 13. String server = args[0]; // Server name or IP address 14. 15.// Convert input String to bytes 16. byte[] byteBuffer = Encoding.ASCII.Getbytes(args[1]); 17. 18. //Use port argument if supplied, otherwise default to 7 19. Int servPort = (args.Length == 3) ? Int32.Parse(args[2]) : 7; 20.

94 TCP Client and Echo server in C#
21. TcpClient client = null; 22. NetworkStream netStream = null; 23. 24. try{ 25. // Create socket that is connected to server on specified port 26. client = new TcpClient(server, servPort); 27. 28. Console.WriteLine(“Connected to server… sending echo string”); 29. 30. netStream = client.GetStream(); 31. 32. // Send the encoded string to the server 33. netStream.Write(byteBuffer, 0, byteBuffer.Length); 34. 35. Console.WriteLine(“Sent {0} bytes to server…”, byteBuffer.Length); 36. 37. int totalBytesRcvd = 0; // Total bytes received so far 38. int bytesRcvd = 0; // Bytes received in last read 39.

95 TCP Client and Echo server in C#
40. //Receive the same string back from the server 41. while(totalBytesRcvd < byteBuffer.Length){ 42. if((bytesRcvd = netStream.Read(byteBuffer, totalBytesRcvd, byteBuffer.Length – totalBytesRcvd)) == 0){ 43. Console.WriteLine(“Connection closed prematurely.”); 45. break; 46. } 47. totalBytesRcvd += bytesRcvd; 48. } 49. 50. Console.WriteLine(“Received {0} bytes from server: {1}”, totalBytesRcvd, 51. Encoding.ASCII.Getstring(byteBuffer, 0, totalBytesRcvd)); 52. 53. } catch (Exception e){ 54. Console.WriteLine(e.Message); 55. } finally { 56. netStream.Close(); 57. client.Close(); 58. } } 60.}

96 TCP Client and Echo server in C#
Lines convert the echo string to bytes Line 19 finds the echo server port Lines create the TCP socket Line 30 gets the socket stream Lines send the string to the echo server Line receive the reply from the echo server Lines print the echoed string Lines handle errors Lines close the stream and socket

97 UDP Sockets The .NET framework provides UDP sockets functionality using the class UdpClient. This allows for both sending and receiving UDP packets, and can be used to construct a UDP client and server. The UDP client works in the following way: Construct an instance of UdpClient Communicate using the Send() and Receive() methods of UdpClient Use the Close() method of UdpClient to deallocate the socket.

98 UDP Client and Echo Server in C#
0. using System; //For String, Int32, Console 1. using System.Text; //For Encoding 2. using System.Net; //For IPEndPoint 3. using System.Net.Sockets //For UdpClient, SocketException 4. 5. class UdpEchoClient { 6. 7. static void Main(string[] args) { 8. 9. if((args.Length < 2) || (args.Length > 3)) { // Test for correct no of args 10. throw new System.ArgumentException(“Parameters: <Server> <Word> [<Port>]”); 11. } 12. 13. String server = args[0]; // Server name or IP address 14. 15. // Use port argument if supplied, otherwise default to 7 16. int servPort = (args.Length == 3) ? Int32.Parse(args[2]) : 7; 17. 18. // Convert input String to an array of bytes 19. byte[] sendPacket = Encoding.ASCII.GetBytes(args[1]); 20. 21. // Create a UdpClient instance 22. UdpClient client = new UdpClient();

99 UDP Client and Echo Server in C#
23 try { // Send the echo string to the specified host and port client.Send(sendPacket, sendPacket.Length, server, servPort); 26. Console.WriteLine(“Sent {0} bytes to the server…”, sendPacket.Length); 28. // This IPEndPoint instance will be populated with the remote sender’s endpoint information after the Receive() call IPEndPoint remoteIPEndPoint = new IPEndPoint(IPAddress.Any, 0); 31. // Attempt echo reply receive byte[] rcvPacket = client.Receive(ref remoteIPEndPoint); 34. Console.Writeline(“Received {0} bytes from {1}: {2}”, rcvPacket.Length, remoteIPEndPoint, Encoding.ASCII.Getstring(rcvPacket, 0, rcvPacket.Length)); 37. } catch (SocketException se) { Console.WriteLine(se.ErrorCode + “: “ + se.Message); } 41. client.Close(); } 44. }

100 UDP Client and Echo Server in C#
Lines create the UDP socket Lines send the datagram Lines create a remote IP end point for receiving Lines handle datagram reception Lines print reception results Line 42 closes the socket

101 Voice over IP (VoIP) VoIP is the routing of voice signals over an IP-based network. The analogue voice signal is converted to a digital signal. The digital signal is compressed using a codec (G.7xxx for voice, H.26xx for video) The digital signal is then split into packets by a process called Packetization

102 Voice over IP (VoIP) Advantages:
Incoming calls can be routed to a VoIP phone anywhere on the network Lower cost especially for international calls Disadvantages: Received IP packets can arrive in any order or even be missing resulting in poor QoS. Susceptible to power cuts

103 Voice over IP Protocols
Audio/Video Applications RTSP ENUM Codecs, H.26x SDP H.323 SIP MEGACO/ H.248 DNS RTP RTCP SAP MGCP RSVP TCP UDP IP Network Interface Layer Protocols

104 Protocols supporting VoIP
Multicast IP Real-Time Transport Protocol (RTP) Real-Time Control Protocol (RTCP) Resource Reservation Protocol (RSVP) Real-Time Streaming Protocol (RTSP) Session Description Protocol (SDP) Session Initiation Protocol (SIP) Electronic Numbers (ENUM)

105 Protocols supporting VoIP
Multicast IP efficiently sends data to multiple receivers at the same time on TCP/IP networks. RTP provides end-to-end delivery services for data that requires real-time support. RTCP monitors the QoS and conveys information about each user in the communication session. RSVP requests an appropriate level of service from the network. RTSP controls the delivery of data that has real-time properties. SDP describes a multimedia session for the purposes of session announcement and invitation.

106 Protocols supporting VoIP
SIP establishes a communication session between two end-points. It creates, modifies and terminates sessions between participants. ENUM bridges the gap between telephone numbers and IP addresses.

107 Real-Time Transport Protocol (RTP)
Bits V=2 P X CC M PT Sequence Number Timestamp Synchronisation Source (SSRC) Identifier Contributing Source (CSRC) Identifier (0 to 15 items) 20 ms Voice Sample V = Version (currently 2) CC = CSRC Count. Counts the number of CSRC identifiers in the RTP header CSRC – Identifies contributing sources (conferencing) in the payload. There can only be a maximum of 15 contributing sources. These are inserted by a mixer. SSRC – Identifies synchronisation sources. It is chosen randomly so that two or more synchronisation sources in the same RTP session have the same SSRC identifier.

108 Voice over IP Packet Format
Bits VER IHL Type of service Total Length IPv4 Header 20 octets + Options Padding Identifier Flags Fragment Offset Time to live Protocol Header Checksum Source Address Destination Address Options + Padding Source Port Destination Port UDP Header 8 Octets Length Checksum V=2 P X CC M PT Sequence Number Timestamp Synchronisation Source (SSRC) Identifier RTP Header 12 octets + Identifiers Contributing Source (CSRC) Identifier (0 – 15 items) 20 ms Voice Sample Data 20 octets

109 References “TCP/IP Illustrated, Volume 1, The Protocols”, W. Richard Stevens, Addison-Wesley Professional Computing Series, 1994 “TCP/IP Sockets in C#, Practical Guide for Programmers”, David B. Makofske, Michael J. Donahoo, Kenneth L. Calvert, The Practical Guide Series, Elsevier, 2004 “Voice over IP Technologies, Building the Converged Network”, Mark A. Miller, M&T Books, 2002

110 ALOHA and Packet Broadcasting Channel
Prof. R. A. Carrasco School of Electrical, Electronic and Computer engineering 2006 University of Newcastle-upon-Tyne A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

111 Packet Broadcasting Related Works by Metcalfe and Abransom
1) 1970: N. Abramson, “The ALOHA System – Another alternative for computer communications.”, in Proc. AFIPS Press, vol 37, 1970 2) 1973: R. M. Metcalfe, “Packet communication,” MIT, Cambridge, MA, Rep. MAC TR-114, July 1973. 3) 1977: N. Abramson, “The Throughput of Packet Broadcasting Channels,” IEEE Trans. Commun., vol. COM-25, no. 10, Jan 1977 4) 1985: N. Abramson, “Development of the ALOAHANET,” IEEE Trans. Info. Theory., March 1985

112 IEEE Transactions on Information Theory, March 1985
Development of the ALOHANET

113 ALOHA Project Started In September 1968 Goal
To build computer network in University of Hawaii. To investigate the use of radio communications as an alternative to the telephone system for computer communication. To determine those situations where radio communications are preferable to conventional wire communications

114 Problem Limited Resource: Channel
Intermittent operation typical of interactive computer terminal don’t need point-to-point channels. (FDMA or TDMA) Spread Spectrum is not appropriate to share the channel.

115 Approach Packet Broadcasting Channels
Each user transmits its packets over the common broadcast channel. Key innovation of ALOHANET. There are basically two types of ALOHA systems --Synchronized or slotted and --Unsynchronized or unslotted

116 System Design 1968, they decided main approach (Packet Broadcasting) for design simplicity. Frequency Band: two 100KHz bandwidth channels at MHz and MHz. TCU (Terminal Control Unit): Formatting of the ALOHA packets. Retransmission protocol. A Terminal attached TCU by means of RS232. Half duplex mode. (too expensive memory)

117 History 1971: start operation in University of Hawaii.
: build additional TCUs. 1972: connect to ARPANET using satellite channel. (56kbps) 1973: Metcalfe’s doctorial dissertation about packet broadcasting. 1973: PACNET, international satellite networks. (9600 bits/s) 1973 ~ : Many researches about “packet broadcasting”. 1976: slotted ALOHA. 1984: unslotted ALOHA in the UHF band by Motorola.

118 Strategic Theoretical Realities
An appreciation of the basic capacity of the channels and the matching of that capacity to the information rate of the signals. In data network, distinguish between the average data rate and the burst data rate Network design: to handle different kinds of signals from different source. Deals with the problem of scaling for large system. Packet broadcasting channel is more scalable than point-to-point channel or switching. Theoretical analysis give good guide to design network, but the converse also is true.  The operation of a real network can be a valuable guide to the selection of theoretical problems.

119 Packet Switching and Packet Broadcasting
Packet switching can provide a powerful means of sharing communication resources. But it employ point-to-point channels and large switches for routing. By use of packet broadcasting Elimination of routing and switches. System simplicity Some channels are basically broadcast channel. (satellite, ..) Needs unified presentation of packet broadcasting theory.

120 Packet Broadcasting Channel
Each user transmits packets over the common broadcast channel completely unsynchronized. Loss due to the overlap. How many users can share a channel?

121 Recovery of Lost Packets
Positive Acknowledgements. Transponder Packet Broadcasting. Carrier Sense Packet Broadcasting. Packet Recovery Codes

122 ALOHA Systems and Protocols
We assume that the start time of packets/s that are transmitted is a Poisson point process An average rate of λ packets Let Tp denote the time duration of a packet The normalised channel traffic G is defined G=λTp It also called the offered channel traffic

123 ALOHA Capacity Errors reduce the ALOHA Capacity Random noise errors
Errors caused by packet overlap. Statistical Analysis: S: Channel Throughput G: Channel Traffic Throughput is maximum 1/2e when channel traffic equals 0.5.

124 ALOHA Capacity Meaning of the result ALOHA: 9600 bits/s
Terminal: 5bits/s 9600 X 1/2e = about 1600 bits/s The channel can handle the traffic of over 300 active terminals and each terminal will operate at a peak data rate 9600 bits/s

125 Slotted ALOHA Channel Capacity
Each user can start his packet only at certain fixed instants. Statistical Analysis It increase the throughput

126 Mixed Data Rates Unslotted ALOHA: Variable Packet Lengths
 = Long Packet Length/ Short Packet Length G1 = Short Packet Traffic G2 = Long Packet Traffic Total channel throughput can undergo a significant decrease.

127 Slotted ALOHA: Variable Packet Rates
Assume ALOHA used by n users with different channel traffic.

128 ALOHA Meaning of the result
In a lightly loaded slotted ALOHA channel, a single user can transmit data at rates above the limit 1/e. : Excess Capacity. Important for the network consisting of many interactive terminal users and small number of users who send large but infrequent files.

129 Question 1 In a pure ALOHA system, the channel bit rate is 2400bits/s. Suppose that each terminal transmits a 100-bit message every minute on average. i) Determine the maximum number of terminals that can use the channel ii) Repeat (i) if slotted ALOHA is used

130 Question 2 An alternative derivation for the
throughput in a pure ALOHA system may be obtained from the relation G=S+A, where A is the average (normalised) rate of retransmission. Show that A=G(1-e-2G ) and then solve for S.

131 Question 3 Consider a pure ALOHA system that is operating with a throughput S=0.1 and packets are generated with a Poisson arrival rate λ. Determine: The value of G The average number of attempted transmissions to send a packet.

132 Question 4 Consider a CSMA/CD system in which the
transmission rate on the bus is 10 Mτbits/s. The bus is 2 Km and the propagation delay is 5 μs/Km. Packets are 1000 bits long. Determine: i) The end-to-end delay d. ii) The packet duration Tp iii) The ratio d/Tp iv) The maximum utilization of the bus and the maximum bit rate.

133 MSc Telecommunications Questions by Professor R. A. Carrasco
Describe the evolution of the Internet and protocols for a communication network. Explain the concept of a hub, bridge, router and modem for local area networks. Explain the concept and protocols of Ethernet (IEEE 802.3), Token Bus (IEEE 820.4) and Token Ring (IEEE 802.5) Describe how you can determine the utilisation for IEEE and prove Give advantages and disadvantages of a wireless LAN Describe the criteria for LAN design Explain the architecture for IEEE 802.x, TCP/IP and ISO/OSI Describe the OSI and TCP/IP model Explain each feature of the IP datagram Explain the Internet classes and give an example of how to design an IP address for a network

134 Explain the concept of ARP, RARP, DHCP and DNS
Explain IPv4 and IPv6 and how they differ Explain TCP, TCP Client Ports, TCP Server Ports, Error Control, Flow Control and Congestion Control Describe UDP Explain the concept of TCP sockets and what their relation is with the different socket classes Repeat for UDP Give advantages and disadvantages of Voice over IP (VoIP) Explain VoIP protocols and how they are related to each other Give an overview of the IEEE 802 and IEEE working group Give an example of an IEEE WLAN architecture and explain stations and access points Explain how to determine the channel utilisation expression to evaluate the performance of IEEE b

135 Describe the concept of a fragment burst
Make comparisons between WiMax, WLAN and Bluetooth For security in communication networks, describe private and public key cryptography for Internet browsers. Why is the ALOHA project important in a broadcasting system? Explain how to determine the ALOHA capacity and channel throughput

136 Wireless LANs Advantages Increased mobility of users
Increased flexibility and fluidity, including ad-hoc networks Instant networking Availability of LAN technology A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

137 Wireless LANs Disadvantages Higher Cost Lower Performance
Lower Reliability (Variable Channel Characteristics) Multiple Standards Poor Inherent Security

138 LAN Design







145 IEEE 802.11 Wireless LAN Draft Standard
Professor R. A. Carrasco A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

146 Introduction IEEE Draft 5.0 is a draft standard for Wireless Local Area Network (WLAN) communication. This tutorial is intended to describe the relationship between and other LANs, and to describe some of the details of its operation. It is assumed that the audience is familiar with serial data communications, the use of LANs and has some knowledge of radios.

147 802.11 Data Frame Bytes 2 2 6 6 6 2 6 0-2312 4 Frame Control Address 1
Check- sum Duration Address 2 Address 3 Seq Address 4 Data Bits 2 2 4 1 1 1 1 1 1 1 1 To DS From DS Re- try Version Type Subtype MF Pwr More W O Frame Control

148 Contents Glossary of 802.11 Wireless Terms Overview
Media Access Control (MAC) Frequency Hopping and Direct Sequence Spread Spectrum Techniques Physical Layer (PHY) Security Performance Inter Access Point Protocol Implementation Support Raytheon Implementation

149 Glossary of 802.11 Wireless Terms
Station (STA): A computer or device with a wireless network interface. Access Point (AP): Device used to bridge the wireless-wired boundary, or to increase distance as a wireless packet repeater. Ad Hoc Network: A temporary one made up of stations in mutual range. Infrastructure Network: One with one or more Access Points. Channel: A radio frequency band, or Infrared, used for shared communication. Basic Service Set (BSS): A set of stations communicating wirelessly on the same channel in the same area, Ad Hoc or Infrastructure. Extended Service Set (ESS): A set BSSs and wired LANs with Access Points that appear as a single logical BSS.

150 Glossary of 802.11 Wireless Terms, cont.
BSSID & ESSID: Data fields identifying a stations BSS & ESS. Clear Channel Assessment (CCA): A station function used to determine when it is OK to transmit. Association: A function that maps a station to an Access Point. MAC Service Data Unit (MSDU): Data Frame passed between user & MAC. MAC Protocol Data Unit (MPDU): Data Frame passed between MAC & PHY. PLCP Packet (PLCP_PDU): Data Packet passed from PHY to PHY over the Wireless Medium.

151 Overview, IEEE 802, and 802.11 Working Group
IEEE Project 802 charter: Local & Metropolitan Area Networks 1Mb/s to 100Mb/s and higher 2 lower layers of 7 Layer OSI Reference Model IEEE Working Group scope: Wireless connectivity for fixed, portable and moving stations within a limited area Appear to higher layers (LLC) the same as existing 802 standards Transparent support of mobility (mobility across router ports is being address by a higher layer committee)

152 Overview, IEEE 802.11 Committee
Committee formed in 1990 Wide attendance Multiple Physical Layers Frequency Hopping Spread Spectrum Direct Sequence Spread Spectrum Infrared 2.4GHz Industrial, Scientific & Medical shared unlicensed band 2.4 to GHz with FCC transmitted power limits 2Mb/s & 1Mb/s data transfer 50 to 200 feet radius wireless coverage Draft 5.0 Letter Ballot passed and forwarded to Sponsor Ballot Published Standard anticipated 1997 Next November 11-14, Vancouver, BC Chairman - Victor Hayes,

153 Overview, 802.11 Architecture
ESS Existing Wired LAN AP AP STA STA STA STA BSS BSS Infrastructure Network STA STA Ad Hoc Network Ad Hoc Network BSS BSS STA STA

154 Overview, Wired vs. Wireless LANs
802.3 (Ethernet) uses CSMA/CD, Carrier Sense Multiple Access with 100% Collision Detect for reliable data transfer has CSMA/CA (Collision Avoidance) Large differences in signal strengths Collisions can only be inferred afterward Transmitters fail to get a response Receivers see corrupted data through a CRC error

155 802.11 Media Access Control Carrier Sense: Listen before talking
Handshaking to infer collisions DATA-ACK packets Collision Avoidance RTS-CTS-DATA-ACK to request the medium Duration information in each packet Random Backoff after collision is determined Net Allocation Vector (NAV) to reserve bandwidth Hidden Nodes use CTS duration information

156 802.11 Media Access Control, cont.
Fragmentation Bit Error Rate (BER) goes up with distance and decreases the probability of successfully transmitting long frames MSDUs given to MAC can be broken up into smaller MPDUs given to PHY, each with a sequence number for reassembly Can increase range by allowing operation at higher BER Lessens the impact of collisions Trade overhead for overhead of RTS-CTS Less impact from Hidden Nodes

157 802.11 Media Access Control, cont
Beacons used convey network parameters such as hop sequence Probe Requests and Responses used to join a network Power Savings Mode Frames stored at Access Point or Stations for sleeping Stations Traffic Indication Map (TIM) in Frames alerts awaking Stations

158 802.11 Protocol Stack Logical Link Control 802.11 Infrared 802.11 FHSS
Upper Layers Logical Link Control Data Link Layer MAC Sub- layer 802.11 Infrared 802.11 FHSS 802.11 DSSS 802.11a OFDM 802.11b HR-DSSS 802.11g OFDM Physical Layer

159 Performance of IEEE802.11b MPDU MAC Header 30 Bytes CRC 4 Bytes Data
DIFS Backoff PLCP Preamble PLCP Header SIFS PLCP Preamble Ack 14 Bytes Header MPDU

160 Performance of IEEE802.11b Successful transmission of a signal frame
PLCP = physical layer convergence protocol preamble Header transmission time (varies according to the bit rate used by the host SIFS = 10 sec (Short Inter Frame Space) is the MAC acknowledgement transmission time (10 sec if the selected rate is 11Mb/sec, as the ACK length is 112 bits

161 Performance of IEEE802.11b DIFS =
= is the frame transmission time, when it transmits at 1Mb/s, the long PLCP header is used and = If it uses 2, 5.5 or 11 Mb/s, then = (Short PLCP header)

162 Performance of IEEE802.11b For bit rates greater than 1Mb/s and the frame size of 1500 Bytes of data (MPDU of total 1534 Bytes), proportion p of the useful throughput measured above the MAC layer will be: So, a signal host sending long frames over a 11Mb/s radio channel will have a maximum useful throughput of 7.74Mb/s

163 Performance of IEEE802.11b If we neglect propagation time, the overall transmission time is composed of the transmission time and a constant overhead Where the constant overhead

164 Performance of IEEE802.11b The overall frame transmission time experienced by a single host when competing with N – 1 other hosts has to be increased by time interval tcont that accounts for the time spent in contention procedures

165 Performance of IEEE802.11b So the overall transmission time Where
is the propagation of collision experienced for each packet successfully acknowledged at the MAC

166 Performance of IEEE802.11b Consider how the situation in which N hosts of different bit rate compete for the radio channel. N-1 hosts use the high transmission rate R = 11Mb/s and one host transmits at a degraded rate R = 5.5, 2, or 1Mb/s Where is the data frame length in bits

167 Performance of IEEE802.11b The MAC layer ACK frame is also sent at the rate that depends on the host speed, thus we denote by and the associated overhead time Let be the overall transmission time for a “fast” host transmitting at rate R

168 Performance of IEEE802.11b Similarly, let Ts be the corresponding time for a “slow” host transmitting at rate T: We can express the channel utilization of the slow host as where

169 Performance of IEEE802.11b Study: The UDP traffic & TCP traffic.
Flows in IEEE WLANs

170 Frequency Hopping and Direct Sequence Spread Spectrum Techniques
Spread Spectrum used to avoid interference from licensed and other non-licensed users, and from noise, e.g., microwave ovens Frequency Hopping (FHSS) Using one of 78 hop sequences, hop to a new 1MHz channel (out of the total of 79 channels) at least every 400milliseconds Requires hop acquisition and synchronization Hops away from interference Direct Sequence (DSSS) Using one of 11 overlapping channels, multiply the data by an 11-bit number to spread the 1M-symbol/sec data over 11MHz Requires RF linearity over 11MHz Spreading yields processing gain at receiver Less immune to interference

171 Physical Layer Preamble Sync, 16-bit Start Frame Delimiter, PLCP Header including 16-bit Header CRC, MPDU, 32-bit CRC FHSS 2 & 4GFSK Data Whitening for Bias Suppression 32/33 bit stuffing and block inversion 7-bit LFSR scrambler 80-bit Preamble Sync pattern 32-bit Header DSSS DBPSK & DQPSK Data Scrambling using 8-bit LFSR 128-bit Preamble Sync pattern 48-bit Header

172 802.11 Physical Layer, cont. Antenna Diversity
Multipath fading a signal can inhibit reception Multiple antennas can significantly minimize Spacial Separation of Orthoganality Choose Antenna during Preamble Sync pattern Presence of Preamble Sync pattern Presence of energy RSSI - Received Signal Strength Indication Combination of both Clear Channel Assessment Require reliable indication that channel is in use to defer transmission Use same mechanisms as for Antenna Diversity Use NAV information

173 A Fragment Burst Fragment Burst RTS A CTS ACK ACK ACK B NAV C NAV D

174 Security Authentication: A function that determines whether a Station is allowed to participate in network communication Open System (null authentication) & Shared Key WEP - Wired Equivalent Privacy Encryption of data ESSID offers casual separation of traffic

175 Performance, Theoretical Maximum Throughput
Throughput numbers in Mbits/sec: Assumes 100ms beacon interval, RTS, CTS used, no collision Slide courtesy of Matt Fischer, AMD

176 Background for broadband wireless technologies
UWB – Ultra Wide Band High speed wireless personal area network Wi-Fi – Wireless fidelity Wireless technology for indoor environment (WLANS) broader range that WPANs WiMAX – Worldwide Interoperability for Microwave Access Wireless Metropolitan Area Networks (WMANs) For outdoor coverage in LOS and NLOS environment Fixed and Mobile standards 3G – Third generation Wireless Wide Area Networks (WMANs) are the broadest range wireless networks High speed data transmission and greater voice capacity for mobile users Bluetooth - A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1]

177 What is WiMax? A. S. TanenBaum, "Computer Networks," Pearson Education, 2003, pp [1] WiMAX is an IEEE802.16/ETSI HiperMAN based certificate for equipments fulfilling the interoperability requirements set by WiMAX Forum. WiMAX Forum comprises of industry leaders who are committed to the open interoperability of all products used for broadband wireless access. The technique or technology behind the standards is often referred as WiMAX

178 What is WiMax? Broadband is thus a Broadband Wireless Access (BWA) technique WiMax offers fast broadband connections over long distances The interpretability of different vendor’s product is the most important factor when comparing to the other techniques.

179 The IEEE 802.16 Standards The IEEE 802.16 standards family
- broadband wireless wideband internet connection - wider coverage than any wired or wireless connection before Wireless system have the capacity to address broad geographic areas without the expensive wired infrastructure For example, a study made in University of Oulu state that WiMax is clearly more cost effective solution for providing broadband internet connection in Kainuu than xDSL

180 The IEEE 802.16 Standards The IEEE 802.16 standards family
- broadband wireless wideband internet connection - wider coverage than any wired or wireless connection before Wireless system have the capacity to address broad geographic areas without the expensive wired infrastructure For example, a study made in University of Oulu state that WiMax is clearly more cost effective solution for providing broadband internet connection in Kainuu than xDSL

181 The IEEE 802.16 Standards 802.16, published in April 2002
- A set od air interfaces on a common MAC protocol - Addresses frequencies 10 to 66 GHz - Single carrier (SC) and only LOS 802.16a, published in January 2003 - A completed amendment that extends the physical layer to the 2 to 11 GHz both licensed and lincensed-exempt frequencies - SC, 256 point FFT OFDM and 2048 point FFT OFDMA - LOS and NLOS , published in July 2004 - Revises and replaces , a and REVd. - This announcements marks a significant milestone in the development of future WiMax technology - P /Corl published on

182 IEEE 802.16: Broadband Wireless MAN Standard (WiMAX)
An wireless service provides a communications path between a subscriber site and a core network such as the public telephone network and the Internet. This wireless broadband access standard provides the missing link for the "last mile" connection in metropolitan area networks where DSL, Cable and other broadband access methods are not available or too expensive.

183 Comparison Overview of IEEE 802.16a
IEEE and WiMAX are designed as a complimentary technology to Wi-Fi and Bluetooth. The following table provides a quick comparison of a with to b Parameters 802.16a (WiMax) (WLAN) (Bluetooth) Frequency Band 2-11GHz 2.4GHz Varies Range ~31miles ~100meters ~10meters Data transfer rate 70 Mbps 11 Mbps – 55 Mbps 20Kbps – 55 Mbps Number of Users Thousands Dozens

184 Protocol Structure -IEEE 802.16: Standard (WiMAX)
IEEE Protocol Architecture has 4 layers: Convergence, MAC, Transmission and physical, which can be map to two OSI lowest layers: physical and data link

185 Internet Security Prof. R. A. Carrasco
School of Electrical, Electronic and Computer Engineering University of Newcastle-upon-Tyne

186 Overview Internet security is the practice of protecting and preserving private resources and information on the Internet. Computer and network security are challenging topics among executives and managers of computer corporations. Together, network security and a well-implemented security policy can provide a highly secure business solution.

187 Introduction Elements of Networking Security:
Orange Book Security Levels & Firewalls Passwords Encryption, Authentication & Integrity Developing a Site Security Policy Violation Response Other Security Resources Conclusions

188 Elements of Networking Security: Orange Book Security Levels & Firewalls
Understand the need & outline a security policy relevant to any company. Each business has a different threshold of well-being, different: assets/culture/technology infrastructure requirements for storing/sending/communicating information Many strong tools available to secure a computer network: Software applications, hardware products These alone do not comprise a security policy, but are essential elements

189 Elements of Networking Security: Orange Book Security Levels & Firewalls
Protection tools evolved over last 2 decades Protect network at many levels A well-guarded enterprise deploys many different security measures Elements of security Physical Security: controlling access to most sensitive components e.g network administration, access to server room Operating System Security (OSS) Used in UNIX and Microsoft Windows NT C2 level: discretionary acces control file, control-file, directory read and write permission, and auditing and authentication controls.

190 Orange Book Security Levels
There are 7 levels of computer OSS in the Trusted Computer Standards Evaluation Criteria or Orange Book. Levels are used to evaluate protection for hardware, software, and stored information. System is additive - higher ratings include the functionality of the levels below. definition centres around access control, authentication, auditing, and levels of trust

191 Orange Book Security Levels
D1: no security C1: lowest level of security File and directory read & write controls and authentication, root is insecure & auditing (system logging) is not available C2 features an auditing function records all security-related events & provides stronger protection on key system files, password file. B-rated: multilevel security, such as secret, top secret, and mandatory access control B2:every object & file is labelled, labels change dynamically depending on what is being used. B3: includes system hardware, terminals connect using trusted paths & specialised system hardware A1: highest level of security Mathematically design verified large amounts of processing power & disk space.

192 Firewalls In theory firewalls allow authorised communications between internal & external networks Properly implemented, are very effective at keeping out unauthorised users & stopping unwanted activities on an internal network. Protect and facilitate network at a number of levels allow , file transfer protocol (FTP) & remote login as desired, whilst limiting access to the internal network. Provide authorisation mechanism assures only specified users or applications can gain access address translation: masks name & address of a machine e.g. messages for anyone in technical support department have their address translated to encryption and virtual private network (VPN) capabilities. Deployed in a network to segregate different servers & networks controlling access within the network e.g. separating the accounting and payroll server from the rest of the network to allow certain individuals to access the information. Performance degradation: as a system is busy checking/rerouting data packets, latency is increased.

193 Elements of Networking Security: Passwords
Password Mechanisms identify and authenticate users as they access a computer system A password can be compromised: Eavesdroppers can listen for a username password & gain access over a public network A potential intruder can attack the access gateway, entering an entire dictionary of words (or license plates or any other list) against a password field. Users may loan their password to a co-worker or inadvertently leave out a list of system passwords Password technologies & tools to make a network more secure. Useful in ad hoc remote access situations, one-time password generation assumes that a password will be compromised. Before leaving the internal network, a list of passwords that will work only one time against a given username is generated. When logging into the system remotely, a password is used once and then will no longer be valid.

194 Elements of Networking Security: Passwords
Password Aging & Policy Enforcement users required to create new passwords every so often passwords must be a minimum number of characters and a mix of letters & numbers Smart cards provide extremely secure password protection Unique passwords, based on a challenge-response scheme, are created on a small credit-card device The password is then entered as part of the log-on process and validated against a password server, which logs all access to the system Expensive to implement.

195 Elements of Networking Security: Passwords
Single sign-on overcomes the ultimate irony in system security: as a user gains more passwords, these become less secure, not more, and the system opens itself up for unauthorised access. Many company computer networks require users to have different passwords to access different parts of the system As users acquire more passwords (some have more than 50) they cannot help but write them down or create easy-to-remember passwords. A single sign-on system is a centralised access control list which determines who is authorised to access different areas of the computer network & a mechanism for providing the expected password A user need only remember a single password to sign onto the system.

196 Elements of Networking Security: Good password procedures
Do not use your login name in any form (as is, reversed, capitalised, doubled, etc.). Do not use your first, middle, or last name in any form or use your spouse’s or children’s names. Do not use other information easily obtained about you. This includes license plate numbers, telephone numbers, social security numbers, the make of your automobile, the name of the street you live on, etc. Do not use a password of all digits or all the same letter. Do not use a word contained in English or foreign language dictionaries, spelling lists, or other lists of words. Do not use a password shorter than six characters. Do use a password with mixed-case alphabetics. Do use a password with non-alphabetic characters (digits or punctuation). Do use a password that is easy to remember, so you don’t have to write it down.

197 Elements of Networking Security: Encryption, Authentication & Integrity
the coding of data through an algorithm or transform table into apparently unintelligible garbage used on both data stored on a server or as data is communicated through a network a method of ensuring privacy of data and that only intended users may view the information Many forms: The digital encryption standard (DES) has been endorsed by the National Institute of Standards and Technology (NIST) since 1975 and is the most readily available encryption standard. One major drawback with DES is that it is subject to U. S. export control; programs that deploy DES technology are generally not available for export from the United States.

198 Elements of Networking Security: Encryption, Authentication & Integrity
Rivest, Shamir, and Adleman (RSA) encryption is a public-key encryption system, is patented technology in the United States, and thus is not available without a license. the DES algorithm was published before the patent filing, and RSA encryption may be used in Europe and Asia without a royalty. growing in popularity considered quite secure from brute force attacks. Emerging encryption mechanism is pretty good privacy (PGP) allows users to encrypt information stored on their system as well as to send and receive encrypted provides tools and utilities for creating, certifying, and managing keys PGP should not be confused with privacy enhanced mail (PEM), a protocol standard.

199 Elements of Networking Security: Encryption, Authentication & Integrity
Encryption mechanisms rely on keys or passwords The longer the password, the more difficult the encryption is to break DES relies on a 56-bit key length, and some mechanisms have keys that are hundreds of bits long There are two kinds of encryption mechanisms used - private key and public key Private-key: the same key is used to encode and decode the data Public-key: one key is used to encode the data and another to decode it Named after a unique property of this type of encryption mechanism: one of the keys can be public without compromising the privacy of the message or the other key. A trusted recipient, or a remote office network gateway, keeps a private key to decode data as it comes from the main office VPNs employ encryption to provide secure transmissions over public networks such as the Internet.

200 Elements of Networking Security: Encryption, Authentication & Integrity
Authentication is making sure users are who they say they are Integrity is knowing that the data sent has not been altered along the way Of course, a message modified in any way would be highly suspect and should be completely discounted. Digital signatures used to maintain message integrity performs both an authentication and message integrity function a block of data at the end of a message that verifies to the authenticity of the file. If any change is made to the file, the signature will not verify Available in PGP and when using RSA encryption. Kerberos: an add-on system used with any existing network. validates a user through its authentication system and uses DES when communicating sensitive information

201 Developing a Site Security Policy
Rule 1: that which is not expressly permitted is prohibited A security policy should deny access to all network resources and then add back access on a specific basis Goal: define the organisation's expectations for proper computer & network use & to define procedures to prevent and respond to security incidents Specific aspects of the organisation must be considered & agreed upon by the policy-making group A military base may have very different security concerns from those of a university Even departments within the same organisation will have different requirements

202 Developing a Site Security Policy
Who will make the network site security policy??? joint effort by a representative group of decision-makers, technical personnel, and day-to-day users from different levels within the organization. Decision-makers: power to enforce the policy Technical personnel: advise on the ramifications of the policy Day-to-day users: have a say in how usable the policy is. A site security policy that is unusable, un-implementable, or unenforceable is worthless. Developing a security policy comprises identifying the organisational assets identifying the threats assessing the risk implementing the tools and technologies available to meet the risks developing a usage policy. Auditing procedure: reviews network and server usage Policy should be communicated to everyone who uses the computer network.

203 Developing a Site Security Policy: Identifying organisational assets
Create a list of things to be protected, which is easily & regularly updated: Hardware - CPUs, boards, keyboards, terminals, workstations, personal computers, printers, disk drives, communication lines, terminal servers, routers Software - source programs, object programs, utilities, diagnostic programs, operating systems, communication programs Data - during execution, stored on-line, archived off-line, backups, audit logs, databases, in transit over communication media Documentation - on programs, hardware, systems, and local administrative procedures

204 Developing a Site Security Policy:Assessing the risk
The loss from people within the organisation is significantly greater than that from intruders. Risk analysis: what must be protected, from what it must be protected, and how to protect it. Possible risks to a network include the following: unauthorised access unavailable service, corruption of data, or a slowdown due to a virus disclosure of sensitive information, especially that which gives someone else a particular advantage, or theft of information such as credit card information Weight the risk against the importance of the resource allows site policy makers to determine how much effort should be spent protecting the resource. Security analysis tool for auditing networks (SATAN): a tool that hackers use in order to find system weaknesses. Discover weaknesses before the fact, protective action implemented to fend off certain attacks.

205 Developing a Site Security Policy: Auditing & review
To determine if there is a violation of a security policy: use tools that are included in computers and networks Most operating systems store numerous bits of information in log files: Examine log files on a regular basis Compare lists of currently logged in users and histories Users typically log in & out at the same time each day. An account logged in outside the normal time may be being used by an intruder. Accounting records can be used to determine usage patterns unusual accounting records UNIX "syslog" utility: checked for unusual error messages from system software A large number of failed login attempts in a short period of time may indicate someone trying to guess passwords. Operating system commands that list currently executing processes can be used to detect users running programs they are not authorised to use, as well as to detect unauthorized programs that have been started by an intruder.

206 Violation Response Planning responses for different violation scenarios Define actions based on the type of violation and have solutions ready based on the anticipated kind of user violating the computer security policy. Answers to the following questions should be a part of a company's site security plan: What outside agencies should be contacted, by whom? Who may talk to the press? When to contact law enforcement and investigative agencies? If a connection is made from a remote site, is the system manager authorised to contact that site? What are our responsibilities to our neighbours and other Internet sites? Whenever a site suffers an incident that may compromise computer security, the strategies for reacting may be influenced by two opposing pressures.

207 Violation Response There are two different strategies: Protect & Proceed or Pursue & Prosecute. Protect & Proceed – used if a site is vulnerable Protects & preserves site facilities Provide normality to users as quickly as possible Attempt to interfere with intruder’s processes, prevent further access & begin immediate damage assessment & recovery. Shuts down facilities, closes off access to network. Unless intruders are identified, they can revisit the site via a different path. Pursue & Prosecute - opposite philosophy

208 Violation Response: Protect & proceed
if assets are not well protected if continued penetration could result in great financial risk if there is no possibility or willingness to prosecute if user base is unknown if users are unsophisticated and their work is vulnerable if the site is vulnerable to lawsuits from users, e.g., if their resources are undermined

209 Violation Response: Pursue & prosecute
if assets and systems are well protected if good backups are available if the risk to the assets is outweighed by the disruption caused by the present and potential future penetrations if this is a concentrated attack occurring with great frequency and intensity if the site has a natural attraction to intruders and consequently regularly attracts intruders if the site is willing to incur the financial (or other) risk to assets by allowing the perpetrator to continue if intruder access can be controlled if the monitoring tools are sufficiently well developed to make the pursuit worthwhile

210 Violation Response: Pursue & prosecute
if the support staff is sufficiently clever and knowledgeable about the operating system, related utilities, and systems to make the pursuit worthwhile if management is willing to prosecute if the system administrators know what kind of evidence would lead to prosecution if there is established contact with knowledgeable law enforcement if there is a site representative versed in the relevant legal issues if the site is prepared for possible legal action from its own users if their data or systems become compromised during the pursuit

211 Violation Response: Capturing lessons learned
Once you believe that a system has been restored to a safe state: possibility that holes and even traps could be lurking system should be monitored for items that may have been missed during the clean-up stage. It would be prudent to utilise some of the tools previously mentioned These tools do not replace continual system monitoring and good systems administration procedures A security log can be most valuable during this phase of removing vulnerabilities.

212 Violation Response: Capturing lessons learned
There are two considerations here, keep logs of: Procedures that have been used to make the system secure again. This should include command procedures (e.g., shell scripts) that can be run on a periodic basis to recheck the security. Important system events. These can be referenced when trying to determine the extent of the damage of a given incident. Write a report after an incident describing the incident method of discovery correction procedure monitoring procedure a summary of lessons learned

213 Other Security Resources
Books Chapman, D. Brent and Elizabeth D. Zwicky. Building Internet Firewalls. O'Reilly and Associates, Inc., 1995. Garfinkel, Simson. PGP—Pretty Good Privacy. O'Reilly and Associates, Inc., 1995. Garfinkel, Simson and Gene Spafford. Practical UNIX Security. O'Reilly and Associates, Inc., 1991. Siyan, Karanjit and Chris Hare. Internet Firewalls and Network Security. New Riders Publishing, 1995. Vacca, John. Internet Security Secrets. IDG Books, 1996. Security newsgroups & mailing lists available on the USENET news system:

214 Other Security Resources
The Bugtraq list discusses security holes & software bugs To subscribe, send to In the body of the message include the following line: subscribe bugtraq-list firstname lastname. Computer Emergency Response Team (CERT) is an organisation that helps Internet users identify and rectify damage done to their system by hackers and crackers. To subscribe to the CERT advisory mailing list, send to and put the following in the body of the message: subscribe cert firstname lastname. CERT also maintains a CERT–TOOLS list for the purpose of exchanging information on tools and techniques that increase the secure operation of Internet systems. To subscribe, send to and put the following in the body of the message: subscribe cert-tools firstname lastname.

215 Glossary CERT: computer emergency response team
CPU: central processing unit DES: digital encryption standard DOD: U.S. Department of Defence FTP: file transfer protocol NIST: National Institute of Standards and Technology OSS: operating system security PEM: privacy enhanced mail PGP: pretty good privacy RFC: request for comment SATAN: security analysis tool for auditing networks VPN: virtual private network

Download ppt "MSc WLAN, IP/TCP and COMM NETWORK Topics"

Similar presentations

Ads by Google