Transcript
Examination DD2393 Protocols and Principles of the Internet EP2120 Internetworking Date: 10 January 2011 at 14:00–18:00
a) No help material is allowed - You are not allowed to use dictionaries, books, or calculators! b) c) d) e) f) g)
You may answer questions in English or in Swedish. Please answer each question on a separate page. Please write concise answers! Put a mark in the table on the cover page for each question you have addressed. The grading of the exam will be completed no later than 31 January 2011. After grading, EP2120 exams will be available for inspection at STEX (Q-building) and DD2393 exams will be available for inspection at Delfi (E-building). h) Deadline for written complaints is 21 February 2010. i) Course responsible DD2393 is Olof Hagsand, phone 08-790 6534. j) Course responsible EP2120 is György Dán, phone 08-790 4253.
Important note! Your grade is F in any of these two cases: - if you do not reach at least 10 (ten) points out of 20 for problems 1-4 and - if you reach less than 30 points in total. We advise you to start with problems 1-4.
Part one (Problems 1-4)
IP addressing and IP header (5p) You would like to set up two wireless LANs connected to the Internet at home. The DSL modem you received from the ISP has a single Ethernet port, and assigns public IP addresses obtained via DHCP from the ISP on that port. You also have two identical Wi-Fi (802.11) routers. Each Wi-Fi routers provides Network Address Translation (NAT), has 5 Ethernet interfaces (1 external and 4 internal) and one 802.11 interface. Each WiFi router can be configured with a block of IP addresses, and it assigns IP addresses from the configured block on all of its internal interfaces (i.e., each WiFi router contains a DHCP server). You connect the external Ethernet interface of one Wi-Fi router to the Ethernet port of the DSL modem, and connect the external interface of the second Wi-Fi router to an internal Ethernet port of the first Wi-Fi router. You plan on using at most 13 computers simultaneously in the first wireless network and 31 computers in the second wireless network.
DSL modem
WiFi router 1
WiFi router 2
a) You have to assign an IP address block to WiFi router 1. Give the netmask of the smallest possible block of IP addresses. (1p) You need 13 IP addresses for the computers, 1 IP address for the second Wi-Fi router’s public interface, 1 IP address for the first Wi-Fi router (gateway), plus 1 network and 1 broadcast address. That is a total of 17 IP addresses. Hence you need 5 bits at least. The longest netmask is 255.255.255.224. The computers connected to the second WiFi router do not need to be considered. b) Choose an appropriate block of addresses from a private IP address block of your liking and give the network address of your subnet in CIDR notation! (1p) You can choose from the 10.0.0.0/8, the 172.0.0.0/8 or the 192.168.0.0/16 block. The simplest example is 10.0.0.0/27. c) What is the directed broadcast address of the subnet you choose? (1p) 10.0.0.31 d) What is the purpose (function) of the checksum in the IPv4 header? Why is there no checksum in the IPv6 header? (1p) Its purpose is to detect bit errors in the IPv4 header. The checksum has to be recalculated at every router, which increases the router complexity and the processing time. Furthermore, it does not protect against errors introduced by the routers. e) Explain why most of the fields of the IPv4 header are aligned on 4 byte boundaries. (1p) In order to facilitate fast processing.
Delivery and address resolution (5p) a) Explain the difference between direct and indirect delivery. How does a host decide how it should deliver a datagram? (1p)
Direct delivery is used when the destination is on the same link layer network. Indirect delivery when not. The host calculates its own net address and the destination net address by taking the bitwise AND of the addresses with its netmask. The delivery is direct if the net addresses match. b) There is a subnet with two servers (IP:MAC addresses A:a and B:b) and a router R:r. Datagrams are sent from a remote host to server A through the router, where they are processed. Server B is a replica of server A. Server B detects that server A has crashed. Is it possible to use the Address Resolution Protocol (ARP) to achieve that all datagrams destined to A would be sent to B by the router? If yes, how? (1p) Yes. You can use gratitous ARP to announce the A:b address binding to all hosts on the subnet. All datagrams destined to A will be sent to the MAC address b. Consider the following IPv4 network consisting of 2 bridges and 1 router. Hosts H1 to H6 have one interface each. B1 and B2 are learning bridges. R1 is a router with an appropriate routing table. All ARP caches and the bridges’ learning tables are empty. Assume that ARP snooping is used.
H1
B1
H3
H2
R1
H6
H4
B2
H5
c) Add the necessary physical (MAC) and logical (IP) addresses, and identify the subnets! Use small letters to denote the MAC addresses and capital letters to denote the IP addresses (e.g., a-A). (1p) We use A:a to F:f for hosts 1-6, and G:g ,H:h and I:i for the West, North and East interfaces of router R1, respectively. d) A process on Host H3 sends 100 bytes via UDP to a process on host H4. Show the contents of the learning tables and the ARP caches after the packet has been delivered. Assume that the process on Host H3 knows the IP address of Host H4. (1p) H1: C-c H3: G-g H4,H5,H6: I-i R1: C-c, D-d B1: g-East, c-South B2: d-North, i-West e) A process on Host H5 sends 100 bytes via UDP to a process on host H2. Assume that the process on Host H5 knows the IP address of Host H2. Show the new contents of the ARP caches and the learning tables. (1p) Only the new entries are shown: H2: H-h R1: E-e, B-b B2: e-East
IP forwarding (5p) a) Which fields of the IPv4 header have to be updated at every router? (1p) The TTL and the checksum. A router has the IPv4 forwarding table shown below. Determine the next-hop address and the outgoing interface for the packets arriving to the router with destination addresses as given in points (b)-(e). Destination Next hop 152.120.0.0/16 83.92.152.0/24 131.42.64.0/20 152.120.128.0/18 152.120.64.240 152.120.192.0/18 152.120.52.193 152.120.253.19/32 152.120.64.240 131.42.64.0/21 131.42.73.1 0.0.0.0/0 83.92.152.2 b) 152.120.190.52 (1p) 152.120.64.240 on m0 c) 131.42.128.12 (1p) 83.92.152.2 on m1 (default) d) 131.42.78.1 (1p) Direct delivery on m2 e) 152.120.254.3 (1p) 152.120.52.193 on m0
Flags U U U UG UG UGH UG UG
Interface m0 m1 m2 m0 m0 m0 m2 m1
UDP and fragmentation (5p) a) Describe the contents of the UDP pseudoheader used for UDP checksum calculation! What is the purpose of the UDP pseudo header when calculating the checksum? (1p) The pseudoheader contains the sender and receiver IP address, the protocol, and the total UDP payload length. It is used together with the UDP header to calculate the optional UDP, The goal is to avoid that a corrupted datagram (to different dst IP address, or protocol) would be delivered to the application by UDP. An application wants to transmit 2788 bytes of data via UDP from host A to host B via an IPv4 network. The UDP header is 8 bytes long. The path consists of two local area networks: the MTU of the first network is 3000 bytes, and the MTU of the second network is 1454 bytes. The path MTU is not known at host A. b) How many IPv4 fragments arrive at host B? Give the fragment sizes, the fragmentation offset and the more fragments (MF) bit of all fragments. (3p) In total 2788+8=2796 bytes of payload have to be transmitted. The path MTU is 1454 bytes. The IPv4 base header is 20 bytes long. The IPv4 payload in every non-last fragment could be 1454-20=1434 bytes, but this is not divisible by 8, so it will have to be 1432 bytes. The last fragment’s length does not have to be divisible by 8, hence it can be up to 1434 bytes long. The payload, offset and MF values are (all in bytes): 1) 1432, 0, 1 2) 1364, 1432, 0 c) What would happen if host A sets the DF bit of the datagram? (1p) The datagram arrives to the router, the router discovers that the datagram is too big, and sends an ICMP Destination unreachable (packet too big) error message to Host A.
Part two (Problems 5-12)
TCP (5p)
a) What is the purpose of TCP flow control? Explain the use of the advertised receiver window in TCP flow control. (1p) The purpose of flow control is to avoid that the sender would overwhelm the receiver with data. In TCP the receiver tells the sender how many more bytes data it is able to receive. This is the advertised receiver window. The sender can never have more than the announced number of bytes unacknowledged data in the network. b) Consider a communication link with 200ms RTT and 50Mbps capacity. Calculate the bandwidth delay product of the link! What is the minimum TCP window size that has to be used in order to be able to fully utilize the link? (1p) BxD = 50Mbps * 0.2s = 10 Mbits=1250Kbytes. This is the minimum window size. c) Consider a long lived TCP flow (a number of segments have already been sent through the connection). A segment is sent at 4:30:40 from the sender to the receiver. The sender does not receive an acknowledgement. At 4:30:48, it retransmits the segment (this is the first retransmission of this segment). In lack of an acknowledgement it retransmits the segment a second time at 4:X:Y. It receives an acknowledgement at 4:31:10. It sends another segment at 4:31:10, and receives the corresponding acknowledgement at 4:31:16. The smoothed RTT (RTTsmooth) was 4 seconds when the first mentioned TCP segment was sent. (i) Give the values of X and Y in the text above. (0.5p) Give the values of the smoothed RTT (RTTsmooth), the variation (RTTvar) and the retransmission timeout (RTO) ii) after the transmission of the first segment (4:30:40), (1p) iii) after the first retransmission (4:30:48), (0.5p) iv) after the reception of the first acknowledgement (4:31:10), (0.5p) v) after the reception of the second acknowledgement (4:31:16) (0.5p) RTTsmooth aRTTsmooth (1 a ) RTTcurrent (a 7 / 8) RTTvar bRTTvar (1 b) | RTTsmooth RTTcurrent | (b 3 / 4) RTO RTTsmooth 4 RTTvar Since the retransmission happened 8 seconds after the segment was sent at 4:30:40, we know that the RTO was 8s at 4:30:40. Given that RTTsmooth was 4s at the same time, we can calculate that RTTvar=1s (Section 2.2. in RFC2988, see above). These are the initial values. At the retransmission (4:30:48) the value of RTTsmooth and RTTvar do not change, but the RTO is doubled to 16s (RFC2988, Section 5.4 to 5.6). Hence the next retransmission happens at 4:31:04, and the RTO is doubled again.. When the acknowledgement arrives at 4:31:10 the sender does not know if the acknowledgment came in response to the original segment or the retransmitted one. Hence the sRTT and the RTTvar are not updated (Karn’s algorithm). Since no RTTsmooth calculation is made the RTO remains unchanged. At 4:31:16 the acknowledgment for the last sent segment arrives and hence the RTTsmooth and the RTTvar are updated (Section 2.3), and based on the new RTTsmooth and RTTvar values the RTO is recalculated. The solution is then the following: X=31, Y=04 (4:31:04) RTTsmooth RTTvar RTO Explanation 4:30:40 4s 1s 8s From the original values 4:30:48 4s 1s 16s Exponential back-off
4:31:10 4:31:16
4s 4.25s
1s 1.25s
32s 9.25s
Karn’s algorithm (no update) Update rule and “collapse” RTO
Application layer (5p) a) Explain what network byte order means. Why is there a need for it? What is it? (1p) Network byte order is the order in which multi-byte words are to be transmitted over the network (e.g., the 32 bit IP address in the IPv4 header). It is needed because there are two commonly used byte orders (LSB and MSB). The network byte order is MSB. b). Consider the definition of an HTTP URL given in rfc1738 httpurl = "http://" hostport [ "/" hpath [ "?" search ]] hpath = hsegment *[ "/" hsegment ] hsegment = *[ uchar | ";" | ":" | "@" | "&" | "=" ] search = *[ uchar | ";" | ":" | "@" | "&" | "=" ] hostport = host [ ":" port ] host = hostname | hostnumber hostname = *[ domainlabel "." ] toplabel domainlabel = alphadigit | alphadigit *[ alphadigit | "-" ] alphadigit toplabel = alpha | alpha *[ alphadigit | "-" ] alphadigit alphadigit = alpha | digit hostnumber = digits "." digits "." digits "." digits port = digits alpha = lowalpha | hialpha digits = 1*digit lowalpha = "a" | "b" | "c" | "d" | "e" | "f" | "g" | "h" | "i" | "j" | "k" | "l" | "m" | "n" | "o" | "p" | "q" | "r" | "s" | "t" | "u" | "v" | "w" | "x" | "y" | "z" hialpha = "A" | "B" | "C" | "D" | "E" | "F" | "G" | "H" | "I" | "J" | "K" | "L" | "M" | "N" | "O" | "P" | "Q" | "R" | "S" | "T" | "U" | "V" | "W" | "X" | "Y" | "Z" digit = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" escape = "%" hex hex unreserved = alpha | digit | safe | extra uchar = unreserved | escape safe = "$" | "-" | "_" | "." | "+" extra = "!" | "*" | "'" | "(" | ")" | "," hex = digit | "A" | "B" | "C" | "D" | "E" | "F" | "a" | "b" | "c" | "d" | "e" | "f"
where “1*digit” means at least one “digit”. Consider the following text: http://130.2-7.Kh1-.3s:10//:&-/?main?label/topic=5 According to the above definition is the above text a valid HTTP URL? Motivate your answer! (2p) No, it is not, for several reasons: (i) a domain label is not allowed to finish with a hypen (ii) the top domain label must begin with a letter (iii) either the hsegment contains an invalid character (?) or the search contains an invalid character (/). c) What is a mail transfer agent (MTA)? Name an application layer protocol that a MTA must support! (1p) A MTA is an application process listening on port 25 that transfers mail messages between computers in order to deliver the mail to its destination. Every MTA must support SMTP. e) What is the purpose of the Real-time Streaming Protocol (RTSP)? What is the relationship between RTSP and the Real-time Transport Protocol (RTP)? (1p) RTSP is a control protocol used to control the delivery of, e.g., multimedia streams. It provides VCR like commands that a client can use to control the media server. RTSP does not deal with the delivery of the data. RTP is a protocol that can be used to deliver the data, for example.
DNS (5p) The following is an example of a zone file for bind similar to the one used in the lab course: $ORIGIN dd2393.edu. $TTL 86400 @ IN SOA dns.dd2393.edu. 2011011001 10800 3600 604800 3600 ) IN NS a IN A a IN A b IN A dns IN A a IN AAAA b IN AAAA _http._tcp IN SRV 0 2 80 www IN CNAME ftp IN CNAME
hostmaster.dd2393.edu. (
dns.dd2393.edu. 192.0.1.5 192.0.1.6 192.0.1.7 192.0.1.2 2001:6b01::56 2001:6b01::58 www.dd2393.edu. a b
Answer the following questions: a) Given the zone file above, assume a query is made to resolve www.dd2393.edu. Which IP address(es) may the query return? Give all possibilities, both IPv4 and IPv6. (1p) A query for 'www' resolves to 'a' according to the 'CNAME'/alias entry. 'a' in turn resolves to 192.0.1.5 or 192.0.1.6 if an 'A' record is requested (IPv4), and 2001:6b01::56 if an AAAA record is requested (IPv6). b) Suppose a stub resolver makes a query for the A record of b.dd2393.edu. Assume the stub resolver has a configured resolving nameserver at 193.23.4.56 and that it in turn uses the root server 198.41.0.4. The entry is not cached. Which messages are typically sent and between which servers in order to make a full DNS resolve from name to address using the zone file above? Indicate message type (query/response) and source and destination IP address for each DNS message. The purpose of the exercise is to show how resolving works and the role of the different servers. You do not need to provide details of the message contents. (3p) The typical resolving scenario is as follows: The stub resolver makes a recursive query to the resolving nameserver. The resolving nameserver then makes iterative queries to advertizing nameservers until an authorative reply is found via a series of delegations. The iterative queries first go to the root name-server, then to an authoritative nameserver for 'edu.' and then to dns.dd2393.edu(being the (only) authoritative nameserver for dd2393.edu. When an authoritative reply has been received by the resolving nameserver, it replies to the original query py a DNS update to the stub-resolver. The question demanded explicit messages and IP addresses. Assume that the address of the stub-resolver is 'S' and that the address of a nameserver of 'edu.' is 'E'. Then, the sequence of DNS messages could be as follows: 1. DNS query: S -> 193.23.4.56 # recursive query: stub resolver -> resolving ns 2. DNS query: 193.23.4.56 -> 198.41.0.4 # iterative query: resolving ns -> root nameserver. 3. DNS update: 198.41.0.4 -> 193.23.4.56# delegation to edu. 4. DNS query: 193.23.4.56 -> E # iterative query: resolving ns -> edu nameserver. 5. DNS update: E -> 193.23.4.56# delegation to dd2393.edu.
6. DNS query: 193.23.4.56 -> 192.0.1.2 # iterative query: resolving ns -> dd2393.edu nameserver. 7. DNS update: 192.0.1.2 -> 193.23.4.56# authoritative update resolving b.dd23932.edu to the A record 192.0.1.7. 8. DNS update: 193.23.4.56 -> S # update resolving the original query and completing the recursive query. c) It is common to lower the TTL in the zone files when large changes will be made. What is the reason for this? (1p) When changes will be made in the zone file, the TTL is lowered in advance prior to the change. This has to be in sufficiently time in advance (approximately equal to the original TTL). When the change is made, all cached entries have the the lower TTL. Along with the change, the TTL is increased again to the original. Now, caches will timeout faster and will get the changed information within the lower TTL setting. That is, the TTL is lowered in advance of a change in order to make the change more synchronized in time.
Routing I (5p)
B 10.0.1.0/24
10.0.4.0/24 .1 .2
.1
.1
.1 .1
.2
D
10.0.6.0/24
10.0.3.0/24
A .1
10.0.5.0/24 .3
.2
10.0.2.0/24
.2
E
.2 .2
C In the IPv4 network depicted in the figure all routers A-E run RIPv2 and all link metrics are 1. The addresses of the IPv4 networks and the associated interface addresses are given in the figure. Note that the letters A-E do not denote addresses. Assume an initial state for all routers, where only the addresses of the directed connected networks are present in the routing tables. The destinations in the network are the /24 prefixes. Assume also that all RIP implementations support Equal-cost-multi-path (ECMP). All routers implement split-horizon and poison reverse. Express routes as 'destination, metric, next-hop'. If the destination is a directly connected network, the route is given as 'destination, metric, -'. a) What is the initial routing state of E? (1p) 10.0.6.0/24, 1, - # north interface 10.0.5.0/24, 1, - # west interface b) Assume that router B starts by sending a RIP response to its neighbors. What is the routing state of E after it has received the initial distance-vector from B? (1p)
10.0.6.0/24, 1, - # north interface 10.0.5.0/24, 1, - # west interface 10.0.1.0/24, 2, 10.0.5.1 10.0.3.0/24, 2, 10.0.5.1 10.0.4.0/24, 2, 10.0.5.1 c) Assume that the second event that happens in the network is that router E sends RIP responses to its neighbors. Which RIP response messages does E send, and which distance-vectors do they contain? You should indicate source and destination address of each RIP message, on which interface they are sent out (and to where) and which distancevector (destination, metric tuples) are contained in each message. (2p) On the north interface, E sends a RIP response message with src address 10.0.6.2 and destination address 224.0.0.9. Alternatively, if the link between D and E is point-to-point, the destination address may be 10.0.6.1. The distance-vector of this message using split-horizon with poison reverse is: 10.0.5.0/24, 2 10.0.1.0/24, 3 10.0.3.0/24, 3 10.0.4.0/24, 3 (10.0.6.0/24, 16 # RIP implementations may announce this network but it is not necessary since all connected routers have this as a directly connected network: it is accepted both tohave this route and to omit it) On the south interface, E sends a RIP response message with src address 10.0.5.3 and destination address 224.0.0.9. The distance-vector of this message using split-horizon with poison reverse is: 10.0.6.0/24, 2 10.0.1.0/24, 16 10.0.3.0/24, 16 10.0.4.0/24, 16 (10.0.5.0/24, 16 # Same comment as above) d) Are there any ECMP routes in E after the routing state has converged? If so, which routes (destination, metric, nexthop)? (1p) Yes, the following two routes are ECMP routes from E: 10.0.4.0/24, 2, 10.0.5.1 10.0.4.0/24, 2, 10.0.6.1 10.0.3.0/24, 2, 10.0.5.1 10.0.3.0/24, 2, 10.0.5.2
Routing II (5p)
Regard again the network in exercise 8. Assume the routers instead run a link-state routing protocol. Assume also that the router-ids (A-E) are also destinations, that is, they indicate a host (/32) address. Show the steps of Dijkstra's algorithm for computing the shortest path to all destinations in the network from the perspective of router E. The first step is given below. Continue with the remaining steps until all destinations are in the permanent set. Permanent set E-0
Tentative set 10.0.5.0/24 - 1 10.0.6.0/24 - 1
Permanent set changes are indicated with a plus-sign: the complete set is the union of all entries in the left column. The tentative set is complete within each step. The steps below illustrates one sequence of steps, other alternatives are possible. Next-hops are given for ECMP routes. Step 2: 10.0.5.0/24 is added to the permanent set and it neighbors (B, C) are added to the tentative set + 10.0.5.0/24, 1 10.0.6.0/24, 1 B, 1 # no extra cost since B is local address C, 1 Step 3: 10.0.6.0/24 is added to the permanent set + 10.0.6.0/24, 1 B, 1 C, 1 D, 1 Step 4: B is added to the permanent set + B, 1
C, 1 D, 1 10.0.1.0/24, 2 10.0.3.0/24, 2 10.0.4.0/24, 2
Step 5: C is added to the permanent set + C, 1
D, 1 10.0.1.0/24, 2 10.0.3.0/24, 2, 10.0.5.1 10.0.3.0/24, 2, 10.0.5.2 10.0.4.0/24, 2 10.0.2.0/24, 2
Step 6: D is added to the permanent set + D, 1
10.0.1.0/24, 2 10.0.3.0/24, 2, 10.0.5.1 10.0.3.0/24, 2, 10.0.5.2 10.0.4.0/24, 2, 10.0.5.1 10.0.4.0/24, 2, 10.0.6.1
10.0.2.0/24, 2 Step 7: 10.0.1.0/24 is added to the permanent set + 10.0.1.0/24, 2 10.0.3.0/24, 2, 10.0.5.1 10.0.3.0/24, 2, 10.0.5.2 10.0.4.0/24, 2, 10.0.5.1 10.0.4.0/24, 2, 10.0.6.1 10.0.2.0/24, 2 A, 2
Step 8: 10.0.3.0/24 is added to the permanent set + 10.0.3.0/24, 2, 10.0.5.1 10.0.4.0/24, 2, 10.0.5.1 + 10.0.3.0/24, 2, 10.0.5.2
10.0.4.0/24, 2, 10.0.6.1 10.0.2.0/24, 2
A, 2 Step 9: 10.0.4.0/24 is added to the permanent set 10.0.4.0/24, 2, 10.0.5.1 10.0.2.0/24, 2 10.0.4.0/24, 2, 10.0.6.1 A, 2 Step 9: 10.0.2.0/24 is added to the permanent set 10.0.2.0/24, 2 A, 2 Step 10: A is added to the permanent set A, 2 A, 2 The permanent set (the shortest path tree) is thus: A,2 B, 1 C, 1 D, 1 E, 0 10.0.1.0/24, 2 10.0.2.0/24, 2 10.0.3.0/24, 2, 10.0.5.1 10.0.3.0/24, 2, 10.0.5.2 10.0.4.0/24, 2, 10.0.5.1 10.0.4.0/24, 2, 10.0.6.1 10.0.5.0/24, 1 10.0.6.0/24, 1
Autoconfiguration (5p)
An interface on a host using router advertisments (RA) has the following IPv6 addresses: 2002:82ed:deda:b:227:10ff:febf:7ea4/64 2002:82e5:801a:b:227:10ff:febf:7ea4/64 fe80::227:10ff:febf:7ea4/64
Answer the following questions: a) Which is the MAC address of the interface and which addressing scope do the three addresses have, respectively? (1p) The implementation seems to use mac-derived addresses. The MAC addresses is therefore 02:27:10:bf:7e:a4. b) How do you ensure that two hosts on the same link do not use the same IPv6 address? (1p)
By probing for addresses. A self-constructed address is seen as tentative until it has been verified that no others use this address (this is called duplicate address detection). In IPv4 this is done by sending an ARP for the claimed address. In IPv6 it is done by the neighbor discovery protocol by sending a neighbor solicitation message. If no other host answers to such a query, the address can be used. c) Using router-advertisments (instead of DHCP) for obtaining IPv6 addresses is challenged by many. Provide the primary arguments for using the RA method and for not using RA, respectively. (3p) The advantage with RA is that it is lightweight and easy to configure. You can configure a router which you most porobably need to do anyway. You do not need to setup a separate DHCP server. The disadvantage is that the subnet-masks and nexthops provided by RA is not enough autoconfiguration for virtually any host. Most hosts need at least a nameserver, for example. Therefore you need to setup a DHCP server anyway. And once you have setup a DHCP server, you may just as well do all your autoconfiguration in the DHCP server instead of spreading this configuration between the DHCP server and the routers.
Network Address Translation (5p)
An IPv4 host H is connected to a private, internal network. The private network is connected to the global Internet via a NAT box N. N has an internal interface and an external interface. H has address 10.2.2.2 and N has 10.1.1.1 on the internal network. N has address 193.2.3.4 on the external interface. a) Suppose H initiates a bit-torrent transfer where one external peer has global IP address 9.3.4.5. Show the source and destination addresses and ports of the initial SYN segment and its reply as it passes through N. That is, show src and dst address and ports inside and outside N, for both outgoing and returning segments. Propose a dynamic NAT port binding. (2p) Inside outgoing: srcaddr/port: 10.2.2.2/X1 # X1 ephemeral port dstaddr: 9.3.4.5/12540 # 12540 is an example bittorrent destination port Outside outgoing: srcaddr/port: 193.2.3.4/X2 # NAT keeps a binding 10.2.2.2/X1 <-> 193.2.3.4/X2 dstaddr: 9.3.4.5/12540 Outside incoming: srcaddr/port: 9.3.4.5/12540 dstaddr: 193.2.3.4/X2 Inside incoming: srcaddr/port: 9.3.4.5/12540 dstaddr: 10.2.2.2/X1 b) Which IPv4 and TCP header fields change (are rewritten by N) in the outgoing and incoming segments respectively? Be precise!(1p) Outgoing: IP header: src ip address, header checksum TCP header: src port address, TCP checksum Incoming: IP header: dst ip address, header checksum TCP header: dst port address, TCP checksum c) Outline the differences between a symmetric and full-cone NAT with respect to NAT traversal. (2p)
Full-cone NAT has no filtering, that is, any external socket (address/port pair) may use the NAT bindings. A symmetrical NAT has strict filtering so that only the external socket accessed when establishing the binding may use it. For NAT traversal, it means that full-cone NATs are possible to use by external hosts others than the one involved when establishing the binding. This can be made by first sending a datagram to a well-known external host A. The source address/port of the datagram that reached A can be communicated to other external hosts which in turn can send datagrams with the address/port as destinations. The NAT will then let these datgrams traverse the NAT. For symmetrical NATs, this approach is not possible since no other external hosts will be allowed thorugh the NAT.
Mobility (5p)
Mobile host
AP1
?
AP2
Internet Assume a mobile host moves from one Wi-fi 802.11 access point (AP1) to another (AP2) as illustrated in the figure. There is no Mobile-IP support. The access points are (on their 'wired' side) connected either via an L2 Ethernet bridge, or via an L3 IPv4 router. In the figure, the L2 or L3 box is indicated with a question mark. In both cases, the mobile host obtains its address by a DHCP server via the access points. In the exercises below, describe how the mobile node obtains its new IP address (if any) and how incoming and outgoing internet traffic (eg a connected web-browser running on the mobile) is affected during the hand-over. Note that you need only consider addressing and packet transfer, not security or other related issues. a) The access points are connected by a bridged L2 network and share the same IPv4 network.(1.5p) When the mobile node M moves from AP1 to AP2, the mac-address and IP-address of M stay the same. However, incoming traffic will continue to go to AP1 until the L2 bridge has learnt that M is reachable via AP2 instead. This traffic will be lost. The L2 bridge will learn M's new port (to AP2) when M sends its first packet via AP2. This means that in this scenario, applications will continue with the same connections, although there will most probably be an interval of lost incoming packets. If the applications are based on TCP, this will trigger retransmissions and fast retransmit with typically relatively small effects on the end-user. b) The access points are connected by an IPv4 L3 router which routes traffic between separate IPv4 sub-networks. (1.5p) When M moves from AP1 to AP2, the IP address must change (mac-address stay the same). The network supports DHCP, so it is probable that M can obtain a new address via DHCP. The retrieving of a new address is OS-dependent and may involve manual configuration by the user. When the new IP address, sub-mask, next-hop, etc, has been retrieved to M, the applications of M have to handle the new situation. Most modern applications will (such as web-browsers) detect that the old TCP connections are stale and will re-establish new connections using the new IP address. Other less flexible applications need to be restarted.
All packets sent to the old address will be lost. This means that the effects on users are relatively large involving re-establishment of new connections and loss of all traffic to the old address. c) Describe how the routed case (case b above) could be improved by using Mobile-IP (IP Mobility) as defined in RFC 3344. (2p) In the mobile-IP case, M has a home-address with which it communicates with the external hosts, while a new care-of address is obtained via DHCP (typically). This means that the applications may continue uninterrupted as in case (a). The mechanism of hand-over is different though, since M (or the router in the foreign-agent case) registers with the home agent, and the home agent re-establishes the data delivery tunnel to the new network (M or the router). During this interval, datagrams forwarded in the old tunnel (to the sub-network of AP1) will be lost. As in case (a) however, the effects of the applications are relatively small.
