OMSCS

CS 6250: Computer Networks Exam 2

OMSCS Computer Networks Final Exam Preparation

This document provides a brief summary of the course content covered so far in Computer Networks, in preparation for the final exam, similar to the midterm exam.

Overview

I enrolled in CS 6250 for the Fall 2024 semester with the expectation of gaining a deeper understanding of the fundamentals of networking, incorporating practical implementation challenges. As summarized in the following articles, my understanding improved significantly, leading to good results in the midterm exam. Therefore, I will summarize the content for the final exam as well. The final exam will cover material from Weeks 7 to 12, so I have organized the information up to this point briefly.

CS 6250: Computer Networks
CS 6250 Computer Networks Exam 1

Week 7

Weeks 7 and 8 covered Software-Defined Networking (SDN). Computer networks are challenging to manage due to the diversity of devices on the network and proprietary technologies. SDN aims to simplify network management and accelerate innovation by dividing the network into two planes: the control plane and the data plane. The history of SDN was discussed, encompassing three phases: active networks, the separation of control and data planes, and the OpenFlow API and network operating systems.

A key difference from traditional approaches is the existence of a remote controller that computes and distributes the forwarding tables used by all routers, which is physically separated from the routers.

The components that make up SDN include SDN-controlled network elements like switches in the data plane, the SDN controller in the control plane, and network control applications. The SDN controller consists of three layers: the Communication layer, which handles communication between the controller and network elements; the Network-wide state-management layer, which stores information about the network state; and the Interface to the network-control application layer, which manages communication between the controller and applications. The Communication layer includes a Southbound API, while the Interface to the network-control application layer uses a Northbound API.

Week 8

Week 8 provided a detailed explanation of Software-Defined Networking (SDN). Traditionally, computer networks are divided into three layers: when network policies are defined in the management plane, the control plane applies these policies, and the data plane forwards data accordingly to enforce the policies.

  • Management plane: Services such as SNMP-based tools used for monitoring and configuring control functions.
  • Control plane: The function and process of determining which paths to use by setting the forwarding tables of data plane elements using protocols.
  • Data plane: The function and process of forwarding data in the form of packets or frames.

In SDN, the Management plane corresponds to Network Applications, Programming Languages, and Language-based Virtualization, while the Control plane includes Northbound Interfaces, Network Operating Systems, and Network Hypervisors. The Data plane comprises Southbound Interfaces and Network Infrastructure. OpenFlow is the most widely accepted Southbound API for SDN.

There are centralized and decentralized controllers in SDN, each with unique advantages and challenges. ONOS (Open Networking Operating System) serves as a decentralized SDN control platform. ONOS’s distributed architecture provides scale-out performance and fault tolerance.

P4 (Programming Protocol-independent Packet Processors) is a high-level programming language for configuring switches that work in conjunction with SDN control protocols. The vendor-independent OpenFlow interface allows the control plane to manage devices from different vendors by matching packets based on header fields. However, as the number of header fields increases, it leads to multiple stages in the rule table, prompting the development of more efficient means to analyze packets.

Week 9

Week 9 focused on security topics. When establishing a communication channel between two parties, the important characteristics that should be considered to ensure secure communication are confidentiality, integrity, authentication, and availability.

Round Robin DNS (RRDNS) is used by large websites to distribute the load of incoming requests across multiple servers located in one physical location. It responds to DNS requests with a list of DNS A records, cycling through them in a round-robin manner. Fast-Flux Service Networks (FFSN) utilize this concept. As the name suggests, it is based on the “rapid” changes of DNS responses, with TTL values being lower than those of RRDNS or CDN. One of the main differences between FFSN and other methods is that after the TTL expires, it returns a different set of A records from a larger set of compromised machines.

FIRE – Finding Rogue nEtworks is a system that monitors rogue networks on the Internet, based on a data plane monitoring approach. In data plane monitoring, a malicious entity is flagged only when a sufficient number of blacklisted IPs exist in the network. In contrast, ASwatch is a complementary approach that identifies malicious networks using information solely from the control plane (such as routing behavior). This approach aims to detect malicious networks that are more likely to be operated by cyber actors rather than networks that may be subject to malicious exploitation, often referred to as “bulletproof” networks.

Concerning BGP hijacking attacks, this method involves maliciously executing high-priority advertisements in BGP to achieve the attacker’s intended routing. Mitigation strategies can include prefix deaggregation and remedies through Multiple Origin AS (MOAS).

DDoS attacks target a service with a large volume of access, resulting in service disruption, often conducted through reflection and amplification. Mitigation strategies for DDoS attacks include BGP blackholing, where all attack traffic to the targeted DDoS destination is dropped to a null location.

Week 10

DNS censorship is a large-scale network traffic filtering method where the network implements control and censorship over Internet infrastructure to suppress materials deemed undesirable. DNS injection is one of the censorship techniques where false DNS A record responses are returned.

Methods used for DNS censorship include:

  • Packet Drop: All network traffic sent to a specific set of IP addresses is discarded.
  • DNS Poisoning: Implementations where no response is returned when DNS receives a query to resolve a hostname to an IP address, and incorrect responses are sent to redirect or mislead user requests.
  • Content Inspection: This can be proxy-based or intrusion detection system (IDS)-based content inspection, where network traffic is inspected by proxies or IDS.
  • Blocking with Resets: Individual connections containing requests for undesirable content are blocked by sending TCP resets (RST).
  • Immediate Reset of Connections: In addition to content inspection, blocking rules exist that quickly stop traffic from the source for a short duration, continuously receiving RST packets from the firewall for a specific period.

Augur is a system that detects filtering between hosts using TCP/IP. It defines a global counter that increments for each generated packet, tracking the total number of packets generated by that host. This enables detection of whether filtering exists between hosts.

Week 11

Week 11 focused on multimedia applications. There are various types of multimedia applications, each with different requirements. In streaming stored video, playback begins within a few seconds of receiving data, rather than waiting for the entire file to download first. Additionally, because it is interactive, users can pause, fast forward, skip, or rewind within the video and receive a response within seconds. Live audio and video streaming is similar to streaming stored video but typically involves many simultaneous users who may be located in geographically diverse areas. While it is susceptible to delays, it is not as sensitive as conversational audio and video applications; generally, a delay of up to 10 seconds is acceptable.

Conversational voice and video over IP (VoIP), which stands for “Voice over IP,” refers to telephone services that operate over the Internet rather than traditional circuit-switched telephone networks. These calls and meetings require real-time interaction, making them highly sensitive to delays. Short delays of less than 150 milliseconds are usually not noticeable, but longer delays exceeding 400 milliseconds can lead to frustration as people may end up speaking over each other.

In VoIP, the process is facilitated by methods for encoding voice in digital format, signaling protocols for session establishment, and QoS (Quality of Service) metrics. VoIP protocols include Forward Error Correction (FEC), which adds redundant data to address packet loss, interleaving to mix audio chunks, and error concealment that simply repeats the last packet for lost packets.

In video streaming, content providers encode video at multiple bitrates selected from a predefined set. Specifically, videos are typically divided into segments of the same length, and each of these segments is encoded at multiple bitrates and stored on servers.

Week 12

Week 12 provided an overview of Content Delivery Networks (CDNs). Traditional methods using a single data center face challenges such as geographical distance, a sharp increase in demand for content, and the risk of single points of failure. In contrast, CDNs utilize multiple geographically distributed servers to deliver content from the optimal server to users.

A challenge in content delivery is the potential for congestion in inter-network connections. Protocols like BGP do not efficiently meet the demands of modern Internet use, leading to inefficient routing practices. Other challenges include reduced network reliability due to power outages, natural disasters, and DDoS attacks, as well as the overhead and inefficiency of protocols like TCP, difficulties in scaling resources according to demand, and slow adoption of new protocols due to application limitations.

In the operation of CDNs, DNS plays a crucial role in directing user requests to the optimal server. After selecting a cluster, a server must be chosen, which can be done by selecting the geographically closest cluster or based on real-time network performance. There are also methods that use content-based hashing to map requests for the same content to the same server.

Assigning the same IP address to multiple servers belonging to different clusters is known as IP Anycast. The main goal of IP Anycast is to route clients to the “nearest” server as determined by the routing protocol used for inter-AS routing, which is BGP.

Licensed under CC BY-NC-SA 4.0
© 2024 - 2025 Example Person
Built with Hugo
Theme Stack designed by Jimmy