計算機網路(Computer Networks)

九十三學年度第二學期(April 23, 2005)

計算機網路(Computer Networks)

期中考參考解答 (Solutions of Midterm Exam)

1. TFTFF

1. Circuit Switching: A type of communications in which a dedicatedchannel (or circuit) is established for the duration of a transmission. The most ubiquitous circuit-switching network is the telephone system, which links together wire segments to create a single unbroken line for each telephone call. In circuit-switched networks, the resources needed along a path to provide for communication between the end systems are reserved for the duration of the communication session.

Packet Switching: Refers to protocols in which messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original message. In packet-switched networks, these resources are not reserved; a session’s messages use the resources on demand, and as a consequence, may have to wait for access to a communication link.

1. Packet Switching: Packet switching is not suitable for real-time services because of its variable and unpredictable end-to-end delays (due primarily to variable and unpredictable queuing delays). However, it offers better sharing of bandwidth than circuit switching and it is simpler, more efficient, and less costly to implement than circuit switching.

Circuit Switching: Circuit-switching systems are ideal for communications that require data to be transmitted in real-time. Once the network establishes a dedicated end-to-end connection between two hosts, the transfer is at fixed rate with almost no delay (other than propagation delay). However, the capacity is dedicated for duration of connection even if no data are being transferred and may cause low utilization (especially for data transfer). That’s why it is not a good idea to use circuit switching for data transfer.

1. Packet Switching. There are two broad classes of packet-switched networks: datagram networks and virtual-circuit networks.…We’ll call any network that forwards packets according to virtual-circuit numbers a virtual-circuit network.(1.3.2)Virtual Circuit Network transmits data by packets. A virtual-circuit identifier(VC ID) will be assigned to a VC when a VC is first established between source and destination. Any packet that is part of the VC has the VC ID in its header. Each packet switch has a table that maps VC IDs to outbound links. When a packet arrives to a packet switch, the switch examines the packet’s VC ID, indexes its table, and forwards the packet to the designated outbound link.

3.

1. see textbook 1.6
2. , , , ,

(s)

4.

1. Napster uses a centralized directory server and always locates content when it is present in some participating peer. Gnutella uses a fully distributed architecture, but only locates content in nearby peers in the overlay network.
2. Each peer is either a group leader or assigned to a group leader.TCP connection between peer and its group leader.TCP connections between some pairs of group leaders.Group leader tracks the content in all its children.

KaZaA borrows ideas from both Napster and Gnutella, resulting in a powerful P2P file-sharing system, which, as of this writing, contributes more traffic to the Internet than any other application. (P.141)

The KaZaA architecture exploits the heterogeneity of the peers by designating a small fraction of the more powerful peers as group leaders, which form the top tier of a hierarchical overlay network. As compared to the Gnutella design, with a flat overlay and limited-scope flooding, the hierarchical design allows for significantly more peers to be checked for a match, without creating an excessive quantity of query traffic.(P.143)

5.

1. Non-persistent connection: Each TCP connection is closed after the server sends the object—the connection does not persistent for other objects. Note that each TCP connection transports exactly one request message and one response message. Suppose there is a page which consists of a base HTML file and 10 JPEG images, and that all 11 of these objects reside on the same server. When a user requests the Web page, 11 TCP connections are generated.

Persistent connection: With persistent connections, the server leaves the TCP connection open after sending a response. Subsequent requests and responses between the same client and server can be sent over the same connection. In particular, an entire Web page (a base HTML file and 10 JPEG images) can be sent over a single persistent TCP connection. Typically, the HTTP server closes a connection when it isn’t used for a certain time.

1. Non-persistent connections have some shortcomings. First, a brand-new connection must be established and maintained for each request object. For each of these connections, TCP buffers must be allocated and TCP variables must be kept in both the client and server. This can place a serious burden on the Web server, which may be serving requests from hundreds of different clients simultaneously.Second, each object suffers a delivery delay of two RTTs—one RTT to establish the TCP connection and one RTT to request and receive an object. Persistent connections improve the delivery delay.

6.

A single point of failure. If the DNS server crashes, so does the entire Internet!

Traffic volume. A single DNS server would have to handle all DNS queries.

Distant centralized database.

Maintenance. The single DNS server would have to keep records for all Internet hosts. Not only would this centralized database be huge, but it would have to be updated frequently to account for every new hosts.

1. Authoritative DNS servers: organization’s DNS servers, providing authoritative hostname to IP mappings for organization’s servers (e.g., Web and mail).

Can be maintained by organization or service provider

Local name servers: Does not strictly belong to hierarchy of servers but is nevertheless central to the DNS architecture.

Each ISP (residential ISP, company, university) has one.Also called “default name server”. When a host connects to an ISP, the ISP provides the host with the IP addresses of one or more of its local DNS servers. A host’s local DNS server is typically “close to” the host. When a host makes a DNS query, query is sent to its local DNS server, which acts as a proxy, forwarding query into hierarchy.

7.

1. Sender sends one packet, and then waits for receiver response. The sender will not send a new piece of data until it is sure that the receiver has correctly received the current packet.
2. One fatal flaw:If ACK/NAK corrupted, the sender doesn’t know what happened at the receiver. The sender can’t just retransmit because the packet ispossible duplicate.

Solution: To handle duplicates, the sender adds sequence number to each packet. The sender retransmits current packet if ACK/NAK is garbled or corrupted. The receiver discards (doesn’t deliver up) duplicate packet according to the sequence number.

1. 略

8.

1. SampleRTT: measured time from segment transmission until ACK receipt.SampleRTT will vary, but we want estimated RTT “smoother”. Thus we average several recent measurements, not just current SampleRTT.

EstimatedRTT = (1- )*EstimatedRTT + *SampleRTT

Exponential weighted moving average (EWMA)

This weighted average puts more weight on recent samples than on old samples.

Typical value:  = 0.125

Setting the Timeout Value:

EstimtedRTT plus “safety margin”

Because of large variation in EstimatedRTT -> larger safety margin

First estimate of how much SampleRTT deviates from EstimatedRTT:

DevRTT = (1-)*DevRTT +*|SampleRTT-EstimatedRTT|

(typically,  = 0.25)

Then set timeout interval:

TimeoutInterval = EstimatedRTT + 4*DevRTT

1. See textbook P.251 Figure 3.38

TCP DoS攻擊

TCP DoS攻擊，主要是由於攻擊主機發送大量的或不正常的TCP網路封包，造成被攻擊的目標主機當機、重新啟動，或是目標網段的交通壅塞，以致於該主機無法繼續進行某項服務。主要有三種攻擊途徑：

1. Land攻擊：利用特殊的TCP封包傳送至目標主機，使其因無法判別而當機或被迫重新啟動。當封包的來源和目的主機的IP位址和埠號都相同的時候（經過偽造spoofed的封包），則會造成主機的損毀，或是當機[3]。Land攻擊是利用TCP通訊協定中，定義規則與作業系統之間漏洞所造成的攻擊手法，而由於與作業系統相關，許多新版本的OS（或經過修補patch後）都已經免疫於此種攻擊手法（見附圖1）。
2. Teardrop攻擊：在IP層中定義的封包分割和重組的規則為：「分割後的封包的大小必須小於傳輸介面（interface）的MTU（maximum transfer unit，最大傳送單位），並且符合以8 byte為單位的倍數。」Teardrop攻擊就是利用這種分割重組間的漏洞而產生的攻擊方式。正常的TCP封包片段應該是一個個以互相接續的方式傳入目標主機，再由主機的IP層將其重組回原資料段。但如果有經過刻意製造的不正常封包序列（如封包大小改變等），則有可能會造成某些作業系統的當機或暫停服務。
3. TCP SYN攻擊：此種攻擊主要是利用TCP連結時的三向交握訊息（three way handshake）來造成的。當攻擊者惡意地送出許多TCP SYN封包給被攻擊端，而沒有後續連結的封包傳出時，被攻擊端的SYN queue會因為儲存太多正在等待連結的資訊而超過其容許量，因而導致暫停服務。這就是TCP SYN攻擊手法。

1. The TIME_WAIT state lets the TCP client resend the final acknowledgement in case the ACK is lost.

9.

1. Flow control makes sure that neither side of a connection overwhelms the other side by sending too many packets too fast. The Internet implements the flow-control service by using sender and receiver buffers in the communicating end systems. The Internet’s congestion-control service helps prevent the Internet from entering a state of gridlock. When a packet switch becomes congested, its buffers can overflow and packet loss can occur. The Internet avoids this problem by forcing end systems to decrease the rate at which they send packets into the network during periods of congestion.
2. Even in the idealized scenario, we’ve already found one cost of a congested network—large queuing delays are experienced as the packet-arrival rate nears the link capacity.

Two senders, two receivers

One router, infinite buffers

No retransmission

Throughput and delay as a function of host sending rate.

While operating at an aggregate throughput of near C may be ideal from a throughput standpoint, it is far from ideal from a delay point.

1. Additive-increase: Increase CongWin by 1 MSS every RTT in the absence of loss events: probing

Multiplicative-decrease: cut CongWin in half after loss event

A TCP sender additively increases its rate when it perceives that the end-end path is congestion-free, and multiplicatively decreases its rate when it detects that the path is congested. …

1. Dynamically adjustable. Consider congestion control in TCP. When the timer expires at the sender, the threshold is set to half of the current value of the congestion window. And so on…