ECE671:Homework41
Homework4assignmentforECE671Posted:03/20/18Due:03/27/18
Note:In all written assignments, please show as much of your work as you can. Even if you get a wrong answer, you can get partial credit if you show your work. If you make a mistake, it will also help the grader show you where you made a mistake.Problem1(20Points):ConsiderthenetworksetupshowninFigure1.SupposethattheISPinsteadassignstheroutertheaddress24.35.112.235andthatthenetworkaddressofthehomenetworkis192.168.100/24.
a. Assignaddressestoallinterfacesinthehomenetwork.b. SupposeeachhosthastwoongoingTCPconnections,alltoport80athost
128.119.50.186.ProvidethesixcorrespondingentriesintheNATtranslationtable.
Figure1
Solution:a) Home addresses: 192.168.100.1, 192.168.100.2, 192.168.100.3 with the
routerinterfacebeing192.168.100.4b) NAT Translation Table
WAN Side LAN Side 24.35.112.235, 4000 192.168.100.1, 3345 24.35.112.235, 4001 192.168.100.1, 3346 24.35.112.235, 4002 192.168.100.2, 3445 24.35.112.235, 4003 192.168.100.2, 3446
24.35.112.235, 4004 192.168.100.3, 3545 24.35.112.235, 4005 192.168.100.3, 3546
Problem2(25Points):QUIC
a. WhatisQUIC’sunderlyingtransportlayerprotocol?WhydidGoogledecidetomakeuseofthistransportprotocol?
b. HowmanyRTTsdoesittakeinthecaseofHTTPoverTCPuntilthefirstbitofagetrequestreachestheserver?HowmanydoesittakeinthecaseofHTTPoverQUIC?
c. WhichprotocolsdoesQUICreplace?d. BothSPDYandQUICsupportmultiplexingofmultipleflowsintooneTCP
session.WhyistherestillheadoflineblockinginthecaseofSPDY?e. DescribeindetailhowQUICachievesreliabletransmission.f. QUICmakesuseofanUUID.What’sthebenefitofemployingthisUUID?
Solution:
a. UDP.Requiredchangeslikemultipath,congestioncontroldifferentfromthestandardTCP,andFECaremucheasiertoimplement
b. 1.5;.5c. ReplacespartofTCP,TLS1.2(completely),andpartofHTTP(/2)d. SPDYstillusesTCPandthuspacketsneedtobeprocessedincorrectorder.
That’snotthecaseforQUIC.Packetlossimpactsonlyindividualflows,thereisHOLblocking.
e. ReliabletransportinQIUCisachievedthroughforwarderrorcorrection(FEC).Currently,thereisa10%overhead,meaningthatforevery10packetssent1canbelost.
f. InTCPa5-tupel(SrcIP,dest.IP,sourceport,destport,proto)isrequiredtoidentifyasession.Theseparameterspartlychangeifamobileclient,e.g.,changesfromWiFitoLTEandthesessioncannotbeeasilyidentified.ThisisdifferentifaUUIDisused.Theflowcanstillbeidentifiedeveniftheclient’sIPaddresshaschanges.
Problem3(20Points):Considerthefollowingnetwork.Withtheindicatedlinkcosts,useDjikstra’sshortest-pathalgorithmtocomputetheshortestpathfromAtoallnetworknodes.Showhowthealgorithmworksbycomputingatablebelow.
ECE671:Homework43
Figure2
St
ep
N’
D(A),p(A) D(B),p(B) D(C),p(C) D(D),p(D) D(E),p(E) D(F),p(F) D(G),p(G) D(H),p(H)
0 1 2 3 4 5 6 7 8 9 Solution:
St
ep
N’
D(A),p(A) D(B),p(B) D(C),p(C) D(D),p(D) D(E),p(E) D(F),p(F) D(G),p(G) D(H),p(H)
0 0, - ∞ ∞ ∞ ∞ ∞ ∞ ∞
A B C D
E F G H
1 A - A, 1 ∞ ∞ A, 4 A, 8 ∞ ∞ 2 AB - - B, 3 ∞ A, 4 B, 7 B, 7 ∞ 3 ABC - - B, 3 C, 4 A, 4 B, 7 C, 5 ∞ 4 ABCD - - - C, 4 A, 4 B, 7 C, 5 D, 4 5 ABCDE - - - - A, 4 B, 7 C, 5 D, 4 6 ABCDEH - - - - - B, 7 C, 5 D, 4 7 ABCDEH
G - - - - - B, 7 C, 5 -
8 ABCDEHGF
- - - - - B, 7 - -
Problem4(20Points):MultiPathTCP
a. ExplainwhytherehasbeenarecentefforttosplitaTCPsessioninoneormoresubflowsthatareroutedoverdifferentpaths?WhywasthisnotconsideredinTCP’soriginaldesign?
b. Figure3illustratesthesessionsetupfortwosubflowsofamultipathTCPsession.Intheblankpartsofthisfigurefilloutthemessagesthatareexchangedbetweenthetwoendnodes.Also,brieflyexplainwhythismethodforlinkingsubflowsisrequired.
c. FillouttheblanksinFigure4andexplainwhymultipathTCPmakesuseoftwolevelsofsequencenumbers.
d. WhatistheshortcomingofmultipathTCPincomparisontoQUICwhenitcomestopacketlosses?
e. Explainwhathappensinthecaseofi)afastretransmit,ii)timeoutexpiration,andiii)oflossofasubflow.
Figure3
SYN,Portsrc=1234,Port
dst=80
_______________________________
ACK
______________________________
MyToken=5678 YourToken=6543
MyToken=6543
ECE671:Homework45
Figure4
Solution:
a. Mobiledevicesandserversindatacentershavemorethanonenetworkinterface(multi-homing)anddatacanberoutedviadifferentpath.Inaddition,ISPstendtoroutedataovermultiplepaths.ThiswasnotthecaseinthebeginningoftheInternetwheretheonlydeviceswithmorethanoneinterfacewererouters.
b. EndnodesneedawaytoidentifytowhichmultipathTCPsessionsubflowsbelong.Thisisachievedbytheusageoftokens.ThetokeninformationisexchangedviaoptionsintheSYNmessages.
Dseq=0,seq=123,"a"
DSeq=1,seq=456,"b"
Dseq=__,seq=____,"c" Dack=__,ack=____
Dack=__,ack=____
Dack=__,ack=___
c. Gapsinsequencenumbersareoftennottoleratedbymiddleboxes.Therefore,eachsubflowusestwosequencenumbers.DseqisusedasthesubflowsequencenumberandSeqastheregularsequencenumberofthemultipathTCPflow.
d. EvenmultipathTCPhastodealwiththeheadoflineblockingissue.Datacanonlybepassedtotheapplicationifalllostsegmentshavebeenretransmitted.ThisisnotthecaseforQUIC.Inaddition,multipathTCPdoesnotprovidea
SYN,Portsrc=1234,Portdst=80+Option[Token=5678] SYN+ACK+Option[Token=6543]
ACK
SYN,Portsrc=1235,Portdst=80
+Option[Token=6543]
MyToken=5678 YourToken=6543
MyToken=6543 YourToken=5678
Dseq=0,seq=123,"a"
DSeq=1,seq=456,"b"
DSeq=2,seq=124,"c" DAck=1,ack=124
DAck=3,ack=125
DAck=2,ack=457
ECE671:Homework47
forwarderrorcorrectionmechanism,whichisbeneficialforvideoandaudiotransmissions.
e. i)Fastretransmitisperformedonthesamesubflowastheoriginaltransmission;ii)upontimeoutexpiration,reevaluatewhetherthesegmentcouldberetransmittedoveranothersubflow,iii)Uponlossofasubflow,alltheunacknowledgeddataareretransmittedonothersubflows.
Problem5(15Points):Firewall(P25)Completethefilterandconnectiontableshownbelowforastatefulfirewallthatisasrestrictiveaspossiblebutaccomplishesthefollowing:(Keepinmindthatruleshigherupinthetablehavehigherpriority!Thefirstrowshowsanexampleforarulethatallowsallinternaluserstoestablishhttpsessionswithexternalhosts.)
a. Allowallinternaluserstoestablishansmtpsessiontoamailserverat130.120.110.10.
b. Allowexternaluserstosurfthecompany’swebsiteat128.112.32.23andaccessanotherserverat128.112.32.24viassh
c. Otherwiseallinboundandoutboundtrafficshouldbeblocked
Action Source Address
Dest address Protocol Source
port Dest port
allow * * TCP * 80
Solution:Filtertable:
Action Source Address
Dest address Protocol Source
port Dest port
Flag bit
allow * * TCP * 80 any
allow * * TCP 22 > 1023 ACK
Allow * 128.112.32.23 TCP * 80 Any
Allow 128.112.32.23 * TCP 80 * Any
Allow * 128.112.32.24 TCP * 22 All