Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Air Bud Training Class > Final Study Guide > Flashcards

Final Study Guide Flashcards

1
Q

What areWhy did SDN arise?

A

to make computer networks more programmable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why are computer networks complex/difficult to manage?

A

Diversity of equipment
Proprietary Technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is SDN’s main idea? What does that mean in practice?

A

Separation of tasks. Split the network into the Control Plane and the Data Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the three historical phases of SDN?

A
  1. Active networks
  2. Control and data plane separation
  3. OpenFlow API and network operating systems
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Summarize the Active Networks Phase

A

Took place from mid 1990’s to early 2000’s
Active networks emerged, aimed at opening up network control.
Too ambitious, didn’t focus on security, required knowledge of Java

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is active networking?

A

Network is not just a group of bits, but a computer itself to be interacted with, providing services such as API

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the two types of programmable modelling that are part of Active Networking?

A
  1. Capsule model – carried in‑band in data packets
  2. Programmable router/switch model – established by out‑of‑band mechanisms
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Summarize the Control and data plane separation Phase

A

Lasted from 2001 to 2007
Network reliability, performance, and predictability were key
Spurred innovation for network administrators rather than end users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Summarize the OpenFlow API Phase

A

Took place from 2007 to 2010
Born from interest for network experimentation at a scale
Ensure practicality of real world deployment
Was adopted in the industry, unlike predecessors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the control plane do?

A

The control plane contains the logic that controls the forwarding behavior of routers such as routing protocols and network middlebox configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does the data plane do?

A

The data plane performs the actual forwarding as
dictated by the control plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why separate the control plane and data plane?

A

1: Independent evolution and development
2: Control from high‑level software program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why did the SDN lead to opportunities in various areas, such as data centers, routing, enterprise networks, and research networks?

A

Made network management easier.
More control in path selection.
Improved security.
Allows research networks to coexist with production networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the two primary functions of the network layer?

A

Forwarding and Routing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is forwarding?

A

Determining which output link that packet should be sent through.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is routing?

A

Determining the path from the sender to the receiver across the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Forwarding is a function of what? Hardware or Software?

A

Data Plane, Hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Routing is a function of what?

A

Control Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is the difference between a traditional and SDN approach in terms of coupling of control and data plane?

A

In the traditional approach, the control and data planes are closely coupled.
In the SDN approach, a remote controller computes and distributes the forwarding table, physically far from the router

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Routing is a function of what? Hardware or software?

A

Control Plane, Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the main components of SDN?

A

SDN‑controlled network elements
SDN controller
Network‑control applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What do the SDN‑controlled network elements do?

A

The SDN‑controlled network elements, sometimes called the infrastructure layer, is responsible for the forwarding of traffic in a network based on the rules computed by the SDN control plane.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does the SDN controller do?

A

The SDN controller is a logically centralized entity that acts as an interface between the network elements and the network‑control applications.
Midpoint between Northbound and Southbound

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What do the Network‑control applications do?

A

Manage the underlying network by collecting information about the network elements with the help of SDN controller

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What are the four defining features of an SDN architecture?

A

Flow‑based forwarding
Separation of data plane and control plane
Network control functions
A programmable network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What are the three layers of SDN Architecture?

A

Communication layer
Network‑wide state‑management layer
Interface to the network‑control application layer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What does the Communication layer do?

A

communicating between the controller and the network elements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What does the Network‑wide state‑management layer do?

A

stores information of network‑state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What does the Interface to the network‑control application layer do?

A

communicating between controller and applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What does a ‘northbound’ interface communicate with?

A

Network‑control applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What does a ‘southbound’ interface communicate with?

A

Controlled devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What are the three parts of the OpenDaylight controller architecture?

A

Southbound interface
Northbound interface
Model Driven Service Abstraction Layer (or MD‑SAL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

A few of the main reasons that SDN arose are: a diversity of different network equipment (eg routers, switches, firewalls, etc.) using different protocols that made managing the network difficult, and second a lack of a central platform to control network equipment. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

The main idea behind SDNs is to divide tasks into smaller functions so the code is more modular and easy to manage. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

With SDNs the control plane and data plane have independent evolution and development. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

In the SDN approach, the SDN controller is physically located at each router that is present in a network. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

By separating the control plane and the data plane, controlling the router’s behavior became easier using higher order programs. For example, it is easier to update the router’s state or control the path selection. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

In the SDN approach, ISPs or other third parties can take up the responsibility for computing and distributing the router’s forwarding tables. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Having the software implementations for SDNs controllers increasingly open and publicly available makes it hard to control, since any person could modify the software easily. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

In SDN networks, the SDN controller is responsible for the forwarding of traffic. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

The network-control applications are programs that manage the underlying network with the help of the SDN controller. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

In SDN networks forwarding rules of traffic still have to be based on IP destination and cannot be based on other metrics, packet header info etc. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

SDN-controlled switches operate on the:

A

Data Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

In an SDN Architecture, the northbound interface keeps track of information about the state of the hosts, links, switches and other controlled elements in the network, as well as copies of the flow tables of the switches. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

In SDN networks, the southbound interface is responsible for the communication between SDN controller and the controlled devices. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

In SDN networks, the controller needs to be implemented over a centralized server. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

As IP networks grew in adoption worldwide, what were the challenges that emerged?

A

Handling the ever growing complexity and dynamic nature of networks
Tightly coupled architecture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What does SDN stand for?

A

Software Defined Networking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What are the three planes of functionality for SDN?

A

Data plane
Control plane
Management plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What does the Data Plane Layer do?

A

These are functions and processes that forward data in the form of packets or frames.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What does the Control Plane Layer do?

A

These refer to functions and processes that determine which path to use by using protocols to populate forwarding tables of data plane elements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What does the Management Plane Layer do?

A

These are services that are used to monitor and configure the control functionality, e.g. SNMP‑based tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What are the advantages of SDNs over traditional networks?

A

Shared abstractions
Consistency of same network information
Locality of functionality placement
Simpler integration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What are the three perspectives of the SDN landscape?

A

(a) a plane‑oriented view
(b) the SDN layers
(c) a system design perspective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What are the layers of SDN?

A

Infrastructure
Southbound Interfaces
Network Visualization
Network Operating Systems
Northbound Interfaces
Language-Based Virtualization
Network Programming Languages
Network Applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What is SDN infrastructure made up of?

A

routers, switches and other middlebox hardware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What are SDN Southbound interfaces?

A

These are interfaces that act as connecting bridges between connecting and forwarding elements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is SDN Network virtualization?

A

Interfacing with the physical network components via software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What are SDN Network operating systems?

A

Ease network management and solve networking problems by using a logically centralized controller by way of a network operating system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What is a problem with SDN Northbound interfaces?

A

There is no normalized standard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Each entry of a flow table has which parts?

A

a) a matching rule
b) actions to be executed on matching packets
c) counters that keep statistics of matching packets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

In OpenFlow, what happens when a packet arrives?

A

In an OpenFlow device, when a packet arrives, the lookup process starts in the first table and ends either with a match in one of the tables of the pipeline or with a miss (when no rule is found for that packet).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What are possible actions for a packet in OpenFlow?

A
  1. Forward the packet to outgoing port
  2. Encapsulate the packet and forward it to controller
  3. Drop the packet
  4. Send the packet to normal processing pipeline
  5. Send the packet to next flow table
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What are the main purposes of Southbound Interfaces?

A

The Southbound interfaces or APIs are the separating medium between the control plane and data plane functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What is the current southbound standard for SDNs?

A

OpenFlow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What are three information sources provided by the OpenFlow protocol?

A
  1. Event‑based messages that are sent by forwarding devices to controller when there is a link or port change
  2. Flow statistics are generated by forwarding devices and collected by controller
  3. Packet messages are sent by forwarding devices to controller when they do not know what to do with a new incoming flow
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What are the core functions of an SDN controller?

A

topology, statistics, notifications, device management, along with shortest path forwarding and security mechanisms

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What distinguishes a centralized controller in SDN?

A

In this architecture, we typically see a single entity that manages all forwarding devices in the network, which is a single point of failure and may have scaling issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

What distinguishes a distributed controller in SDN?

A

A distributed network operating system (controller) can be scaled to meet the requirements of potentially any environment ‑ small or large networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

What are the two types of SDN distributed controllers?

A

It can be a centralized cluster of nodes or physically distributed set of elements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

When would a distributed controller be preferred to a centralized controller?

A

Scales more easily, no single point of failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

What does ONOS stand for?

A

Open Networking Operating System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Describe ONOS at a high level

A

There are several ONOS instances running in a cluster. The management and sharing of the network state across these instances is achieved by maintaining a global network view.
To make forwarding and policy decisions, the applications consume information from the view and then update these decisions back to the view.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

How does ONOS achieve fault tolerance?

A

To achieve fault tolerance, ONOS redistributes the work of a failed instance to other remaining instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What does P4 stand for?

A

P4 (Programming Protocol‑independent Packet Processors)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

What is P4?

A

A high‑level programming language to configure switches which works in conjunction with SDN control protocols.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

What are the primary goals of P4?

A

Reconfigurability
Protocol independence
Target independence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What are the two main operations of P4 forwarding model?

A

Configure
Populate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

What does P4’s Configure do?

A

These sets of operations are used to program the parser. They specify the header fields to be processed in each match+action stage and also define the order of these stages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

What does P4’s Populate do?

A

The entries in the match+action tables specified during configuration may be altered using the populate operations. It allows addition and deletion of the entries in the tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

What are the applications of SDN? Provide examples of each application.

A

Traffic Engineering - ElasticTree
Mobility and Wireless - OpenRadio, The Odin Network
Measurement and Monitoring - OpenSketch, OpenSample and PayLess
Security and Dependability - CloudWatcher
Data Center Networking - LIME, FlowDiff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

Which BGP limitations can be addressed by using SDN?

A

SDN can perform multiple actions on the traffic by matching over various header fields, not only by matching on the destination prefix.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

What’s the purpose of SDX?

A

To implement the following:
Application specific peering
Traffic engineering
Traffic load balancing
Traffic redirection through middleboxes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

Describe SDX Architecture

A

In the SDX architecture, each AS the illusion of its own virtual SDN switch that connects its border router to every other participant AS. For example, AS A has a virtual switch connecting to the virtual switches of ASes B and C. Each AS can have its own SDN applications for dropping, modifying, or forwarding their traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

What are the applications of SDX in the domain of wide-area traffic delivery?

A

Application specific peering
Inbound traffic engineering
Wide‑area server load balancing
Redirection through middle boxes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

An OpenFlow switch can function as a router. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

Which plane executes a network policy?

A

Data Plane

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Which type of network can implement load balancing?

A

Both Conventional and SDN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

Which type of network decouples the control and data planes?

A

SDNs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

Middleboxes can only be used in conventional networks. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

What can be implemented as a network application in software-defined networking?

A

Routing
Security Enforcement
Quality of Service Enforcement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

The networking operating system (NOS) is a part of the data plane. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

The physical devices in an SDN network have embedded intelligence and control required to perform forwarding tasks. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

When a packet arrives in an OpenFlow device and it does not match any of the rules in one of the tables, that packet is always dropped. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

The Southbound interfaces are the separating medium between the Network-control Applications and the Control plane functionality. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

OpenFlow enables the communication between the control plane and data plane through event-based messages, flow statistics and packet messages that are sent from forwarding devices to controller. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

One of the disadvantages of an SDN centralized controller architecture is that it can introduce a single point of failure and also scaling issues. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

A distributed controller can be a centralized cluster of nodes or a physically distributed set of elements. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

A distributed controller can only be used in large networks. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

ONOS is an example of a centralized controller platform. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

In order to make forwarding and policy decisions in ONOS, applications get information from the view and then update these decisions back to the view. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

In order to achieve fault tolerance, whenever there is a failure of an ONOS instance, a master is chosen randomly for each of the switches that were controller by the failed instance. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

The purpose of the creation of the P4 language was to offer programmability on the control plane. True or False?

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

P4 acts as an interface between the switches and the controller, and its main goal is to allow the controller to define how the switches operate. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

The P4 model allows the design of a common language to write packet processing programs that are independent of the underlying devices. True or False?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

What are the properties of secure communication?

A

Confidentiality, Integrity, Authentication, Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

How does Round Robin DNS (RRDNS) work?

A

Responds to a DNS request with a list of DNS A Records, which it cycles through in a RR manner.
DNS client can then pick one from this list using its own metric
If request again, a different order

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

What is the goal of Round Robin DNS?

A

To distributed large loads of incoming traffic to several different servers; used by big companies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

How does DNS-based content delivery work?

A

CDN computes the ‘nearest edge server’ and returns its IP address to the DNS client. Basically chooses nearest one in order to deliver content quickly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

How do Fast-Flux Service Networks work?

A

Short TTL, and after it expires, it returns a different set of records rather than the same list of records cycled through

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

What are the main data sources used by FIRE (Finding Rogue Networks) to identify hosts that likely belong to rogue networks?

A

Botnet command and control providers
Drive‑by‑download hosting providers
Phish housing providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

The design of ASwatch is based on monitoring global BGP routing activity to learn the control plane behavior of a network. Describe 2 phases of this system.

A

Training phase - The system learns control‑plane behavior typical of both types of ASes
Operational phase ‑ Given an unknown AS, it then calculates the features for this AS. It uses the model to then assign a reputation score to the AS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

What are the three main families of features for the Training Phase of ASwatch?

A

Rewiring activity
IP Space Fragmentation and Churn
BGP Routing Dynamics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

What are three classes of features used to determine the likelihood of a security breach within an organization?

A

Mismanagement symptoms
Malicious Activities
Security Incident Reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

Which features are used for Mismanagement Symptoms?

A

Open Recursive Resolvers – misconfigured open DNS resolvers
DNS Source Port Randomization – many servers still do not implement this
BGP Misconfiguration – short‑lived routes can cause unnecessary updates to the global routing table
Untrusted HTTPS Certificates – can detect the validity of a certificate by TLS handshake
Open SMTP Mail Relays – servers should filter messages so that only those in the same domain can send mails/messages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

What are the three sub-types of Malicious Activities?

A

Capturing spam activity
Capturing phishing and malware activities
Capturing scanning activity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

What are the three collections of Security Incident Reports?

A

VERIS Community Database
Hackmageddon
The Web Hacking Incidents Database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

What is the classification by affected prefix?

A

In this class of hijacking attacks, we are primarily concerned with the IP prefixes that are advertised by BGP.
Exact prefix hijacking, sub-prefix, squatting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

What is Exact prefix hijacking?

A

When two different ASes (one is genuine and the other one is counterfeit) announce a path for the same prefix. This disrupts routing in such a way that traffic is routed towards the hijacker wherever the AS‑path route is shortest, thereby disrupting traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

What is Sub‑prefix hijacking?

A

This is an extension of exact prefix hijacking, except that in this case, the hijacking AS works with a sub‑prefix of the genuine prefix of the real AS. This exploits the characteristic of BGP to favor more specific prefixes, and as a result route large/entire amount of traffic to the hijacking AS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

What is Squatting?

A

In this type of attack, the hijacking AS announces a prefix that has not yet been announced by the owner AS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

What is Classification by AS‑Path announcement?

A

In this class of attacks, an illegitimate AS announces the AS‑path for a prefix for which it doesn’t have ownership rights.
Type-0, Type-N, Type-U

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

What is Type‑0 hijacking?

A

This is simply an AS announcing a prefix not owned by itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

What is Type‑N hijacking?

A

This is an attack where the counterfeit AS announces an illegitimate path for a prefix that it does not own to create a fake link (path) between different ASes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

What is Type‑U hijacking?

A

In this attack the hijacking AS does not modify the AS‑PATH but may change the prefix.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

What is Classification by Data‑Plane traffic manipulation?

A

In this class of attacks, the intention of the attacker is to hijack the network traffic and manipulate the redirected network traffic on its way to the receiving AS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

What is a blackholing (BH) attack?

A

When traffic is dropped by a hijacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

What is a man‑in‑the‑middle attack?

A

When traffic is eavesdropped or manipulated before it reaches the receiving AS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

What is an imposture (IM) attack?

A

When traffic is impersonated, e.g. In this case the network traffic of the victim AS is impersonated and the response to this network traffic is sent back to the sender.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

What are the causes or motivations behind BGP attacks?

A

Human error - mistake
Targeted Attack - stealthy
High Impact Attack - obvious

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

Explain the scenario of prefix hijacking.

A
  1. The attacker uses a router to announce the prefix 10.10.0.0/16 that belongs to AS1, with a new origin AS4, pretending that the prefix belongs to AS4.
  2. This new announcement causes a conflict of origin for the ASes that receive it (Multiple Origin AS or MOAS).
  3. As a result of the new announcement, AS2, AS3 and AS5 receive the false advertisement and they compare it with the previous entries in their RIB.
  4. AS2 will not select the route as the best route as it has the same path length with an existing entry.
  5. AS3 and AS5 will believe the new advertisement, and they will update their entries (10.10.0.0/16 with path 4,2,1) to (10.10.0.0/16 with path 4). Therefore AS5 and AS3 will send all traffic for prefix 10.10.0.0/16 to AS4 instead of AS1.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

Explain the scenario of hijacking a path.

A
  1. AS1 advertises the prefix 10.10.0.0/16.
  2. AS2 and AS3 receive and propagate legitimately the path for the prefix.
  3. At AS4, the attacker compromises the update for the path by changing it to 4,1 and propagates it to the neighbors AS3, AS2, and AS5. Therefore it claims that it has direct link to AS1 so that others believe the new false path.
  4. AS5 receives the false path (4,1) “believes” the new false path and it adopts it. But the rest of the ASes don’t adopt the new path because they either have an shorter path already or an equally long path to AS1 for the same prefix. The key observation here is that the attacker does not need not to announce a new prefix, but rather it manipulates an advertisement before propagating it.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

What are the key ideas behind ARTEMIS?

A

A configuration file: where all the prefixes owned by the network are listed here for reference
A mechanism for receiving BGP updates: this allows receiving updates from local routers and monitoring services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

What are the two automated techniques used by ARTEMIS to protect against BGP hijacking?

A

Prefix deaggregation and Mitigation with Multiple Origin AS (MOAS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

What are two findings from ARTEMIS?

A

Outsource the task of BGP announcement to third parties
Filtering is less optimal than outsourcing

136
Q

Explain the structure of a DDoS attack.

A

A Distributed Denial of Service (DDoS) attack is an attempt to compromise a server or network resources with a flood of traffic. To achieve this, the attacker first compromises and deploys flooding servers (slaves). Later, when initiating an attack, the attacker instructs these flooding servers to send a high volume of traffic to the victim. This results in the victim host either becoming unreachable or in exhaustion of
its bandwidth.

137
Q

What is spoofing?

A

IP spoofing is the act of setting a false IP address in the source field of a packet with the purpose of impersonating a legitimate server

138
Q

Describe a Reflection and Amplification attack.

A

A reflection/amplification attack is a combination of the two attacks that allows the attacker to generate an enormous amount of traffic and at the same time keep its identity hidden by spoofing the victim’s IP address.

139
Q

What are the defenses against DDoS attacks?

A

Traffic Scrubbing Services
ACL Filters
BGP Flowspec

140
Q

Explain provider-based blackholing.

A
141
Q

What is blackholing?

A

With this mechanism, all the attack traffic to a targeted DoS destination is dropped to a null location. The premise of this approach is that the traffic is stopped closer to the source of the attack and before it reaches the targeted victim

142
Q

Explain IXP/Provider Based Blackholing

A

The victim AS uses BGP to communicate the attacked destination prefix to its upstream AS, which then drops the attack traffic towards this prefix. Then either the provider (or the IXP) will advertise a more specific prefix and modifying the next‑hop address that will divert the attack traffic to a null interface. The blackhole messages are tagged with a specific BGP blackhole community attribute, usually publicly available, to differentiate it from the regular routing updates.

143
Q

How do networks assist with blackholing?

A

They provide the blackholing community to be used

144
Q

How do IXPs assist with blackholing?

A

It sends the blackholing messages to the IXP route server when a member connects to the route server. The route server then announces the message to all the connected IXP member ASes, which then drops the traffic towards the blackholed prefix

145
Q

What is DNS censorship?

A

DNS censorship is a large scale network traffic filtering strategy opted by a network to enforce control and censorship over Internet infrastructure to suppress material which they deem as objectionable.

146
Q

What are the properties of GFW (Great Firewall of China)?

A

Locality of GFW nodes (likely on the edge)
Centralized management
Load balancing

147
Q

What are the three steps involved in DNS injection?

A
  1. DNS probe is sent to the open DNS resolvers
  2. The probe is checked against the blocklist of domains and keywords
  3. For domain level blocking, a fake DNS A record response is sent back. There are two levels of blocking domains: the first one is by directly blocking the domain, and the second one is by blocking it based on keywords present in the domain
148
Q

How does DNS injection work?

A

Certain DNS requests are captured, and a fake DNS response is sent instead of what was actually requested

149
Q

What are five DNS censorship techniques?

A

Packet Dropping, DNS Poisoning, Content Inspection, Blocking with Resets, Immediate Reset of Connections

150
Q

What is Packet Dropping?

A

All network traffic going to a set of specific IP addresses is discarded

151
Q

What is DNS Poisoning?

A

When a DNS receives a query for resolving hostname to IP address‑ if there is no answer returned or an incorrect answer is sent to redirect or mislead the user request, this scenario is called DNS Poisoning.
Like packet dropping, but for host names instead of IP addresses

152
Q

What is Proxy-Based Content Inspection?

A

It allows for all network traffic to pass through a proxy where the traffic is examined for content, and the proxy rejects requests that serve objectionable content.

153
Q

What is Blocking with Resets?

A

It sends a TCP reset (RST) to block individual connections that contain requests with objectionable content

154
Q

What is Immediate Reset of Connections?

A

Censorship systems like GFW have blocking rules in addition to inspecting content, to suspend traffic coming from a source immediately, for a short period of time.

155
Q

Which DNS censorship technique is susceptible to overblocking?

A

Packet Dropping

156
Q

What are the strengths and weaknesses of the “packet dropping” DNS censorship technique?

A

Strengths:
Easy to implement
Low cost
Weaknesses:
Maintenance of blocklist
Overblocking

157
Q

What is overblocking?

A

When two sites share an IP address, blocking one risks blocking both, etc

158
Q

What are the strengths and weaknesses of the “DNS poisoning” DNS censorship technique?

A

Stengths:
No overblocking
Weaknesses:
Still hard to maintain probably

159
Q

What are the strengths and weaknesses of the “content inspection” DNS censorship technique?

A

Strengths:
Precise censorship
Flexible
Weaknesses:
Not scalable

160
Q

What are the strengths and weaknesses of the “blocking with resets” DNS censorship technique?

A

Doesn’t say???

161
Q

What are the strengths and weaknesses of the “immediate reset of connections” DNS censorship technique?

A

Also doesn’t say???

162
Q

Our understanding of censorship around the world is relatively limited. Why is it the case? What are the challenges?

A

Difficult to determine where an ISP’s rules are affecting, and which countries are affected by which ISPs
Huge amount of internet usage, need more volunteers
Hard to differentiate natural fluctuations in DNS behavior from malicious behavior
Ethical issues in obtaining this data

163
Q

What are the limitations of main censorship detection systems?

A

Typically rely on volunteer data, makes getting continuous and diverse data difficult

164
Q

What kind of disruptions does Augur focus on identifying?

A

IP‑based disruptions as opposed to DNS‑based manipulations

165
Q

How does Iris counter the lack of diversity while studying DNS manipulation?

A

Iris uses open DNS resolvers located all over the globe

166
Q

What are the steps involved in the global measurement process using DNS resolvers?

A
  1. Performing global DNS queries – Iris queries thousands of domains across thousands of open DNS resolvers. To establish a baseline for comparison, the creators included 3 DNS domains which were under their control to help calculate metrics used for evaluation DNS manipulation.
  2. Annotating DNS responses with auxiliary information – To enable the classification, Iris annotates the IP addresses with additional information such as their geo‑location, AS, port 80 HTTP responses, etc. This information is available from the Censys dataset.
  3. Additional PTR and TLS scanning – One IP address could host several websites via virtual hosting. So, when Censes retrieves certificates from port 443, it could differ from one retrieved via TLS’s Server Name Indication (SNI) extension. This results in discrepancies that could cause IRIS to label virtual hosting as DNS inconsistencies. To avoid this, Iris adds PTR and SNI certificates
167
Q

What are the steps associated with the Iris Counter proposed process?

A
  1. Scanning the Internet’s IPv4 space for open DNS resolvers
  2. Identifying Infrastructure DNS Resolvers
168
Q

What metrics does Iris use to identify DNS manipulation once data annotation is complete? Describe the metrics.

A

Consistency Metrics - Network properties and infrastructure/content are similar when accessed from differing locations
Independent Verifiability Metrics - Externally verified metrics, such as HTTPS Certificate

169
Q

Under what condition do we declare the response from Iris as being manipulated?

A

If neither the Consistency Metric or Independent Verifiability Metric is found to valid

170
Q

How to identify DNS manipulation via machine learning with Iris?

A

Perform Global DNS Queries
Annotate the responses with auxiliary information
Additional PTR and TLS scanning
Clean the Data Set
Evaluate with Consistency Metrics and Independent Verifiability Metrics

171
Q

How is it possible to achieve connectivity disruption using the routing disruption approach?

A

Disrupts the critical routers which send information on which parts of the network are reachable, causing the pathways to no longer be valid

172
Q

How is it possible to achieve connectivity disruption using the packet filtering approach?

A

Blocks packets matching a certain criteria, preventing that information from disseminating through the network

173
Q

Out of the Disruption Approach and Packet Filtering, which is harder to catch?

A

Packet Filtering

174
Q

Explain a scenario of connectivity disruption detection in the case when no filtering occurs.

A
  1. The measurement machine probes the IP ID of the reflector by sending a TCP SYN‑ACK packet. It receives a RST response packet with IP ID set to 6 (IPID (t1)).
  2. Now, the measurement machine performs perturbation by sending a spoofed TCP SYN to the site.
  3. The site sends a TCP SYN‑ACK packet to the reflector and receives a RST packet as a response. The IP ID of the reflector is now incremented to 7.
  4. The measurement machine again probes the IP ID of the reflector and receives a response with the IP ID value set to 8 (IPID (t4)).
175
Q

Explain a scenario of connectivity disruption detection in the case of inbound blocking.

A

The scenario where filtering occurs on the path from the site to the reflector is termed as inbound blocking. In this case, the SYN‑ACK packet sent from the site in step 3 does not reach the reflector. Hence, there is no response generated and the IP ID of the reflector does not increase. The returned IP ID in step 4 will be 7 (IPID(t4)) as shown in the figure. Since the measurement machine observes the increment in IP ID value as 1, it detects filtering on the path from the site to the reflector.

176
Q

A censorship technique can use any combination of criteria based on content, source IP and destination IP to block access to objectionable content. True or False?

A

True

177
Q

DNS injection uses DNS replies to censor network traffic based on the source and destination IP address. True or False?

A

False

178
Q

With a censorship technique based on packet dropping, all network traffic going to a set of specific IP addresses is discarded. True or False?

A

True

179
Q

When using DNS Poisoning, all traffic passes through a proxy where it is examined for content, and the proxy rejects requests that serve objectionable content. True or False?

A

False

180
Q

When using the Blocking with Resets technique, if a client sends a request containing flaggable keywords, only the connection containing requests with objectionable content is blocked. True or False?

A

True

181
Q

With the Immediate Reset of Connections technique, whenever a request is sent containing flaggable keywords, any subsequent request will receive resets from the firewall for a certain amount of time. True or False?

A

True

182
Q

One of the obstacles to fully understand DNS censorship is the heterogeneity of DNS manipulation across the globe. True or False?

A

True

183
Q

It is easy to infer if there is DNS manipulation based on few indications such as inconsistent or anomalous DNS responses. True or False?

A

False

184
Q

There is a need for methods and tools independent of human intervention and participation in order to achieve the scalability necessary to measure Internet censorship. True or False?

A

True

185
Q

It is considered safe for volunteers to participate in censorship measurement studies and accessing DNS resolvers or DNS forwarders. True or False?

A

False

186
Q

Which censorship detection system targets to identify IP-based disruptions as opposed to DNS-based manipulations?

A

Augur

187
Q

[Iris] The Iris system uses home routers to identify DNS manipulation. True or False?

A

False

188
Q

[Iris] In order to infer DNS manipulation, Iris relies solely on metrics that can be externally verified using external data sources. True or False?

A

False

189
Q

[Augur] Assume a scenario where there is inbound blocking. The Measurement Machine sends a SYN-ACK to the reflector, what should happen?

A

The return IPID from the reflector to the Measurement Machine will increase by 1.

190
Q

Rank these bitrate usages: Browsing FaceBook, Playing Music, Playing Video

A

Least: Music
Mid: FaceBook
Most: Video

191
Q

What are the characteristics of streaming stored video?

A

Streamed - Can start without waiting for download to finish
Interactive - Pause, play, etc
Typically stored on a CDN

192
Q

What are the characteristics of streaming live audio and video?

A

Delay sensitive, but not as much as conversational
Typically many simultaneous users
Delay is okay

193
Q

What are the characteristics of conversational voice and video over IP?

A

Realtime, highly delay sensitive
Loss-tolerant

194
Q

What does VoIP stand for?

A

Voice over IP

195
Q

How does the encoding of analog audio work (in simple terms)?

A

Audio is encoded by taking many (as in, thousands) of samples per second, and then rounding each sample’s value to a discrete number within a particular range

196
Q

What is quantization?

A

Rounding to a discrete value

197
Q

What are the three major categories of VoIP encoding schemes?

A

Narrowband, broadband, and multimode (which can operate on either)

198
Q

What are the functions that signaling protocols are responsible for?

A

1) User location ‑ the caller locating where the callee is.
2) Session establishment ‑ handling the callee accepting,
rejecting, or redirecting a call.
3) Session negotiation ‑ the endpoints synchronizing with each other on a set of properties for the session.
4) Call participation management ‑ handling endpoints joining or leaving an existing session.

199
Q

What are three QoS VoIP metrics?

A

end‑to‑end delay
jitter
packet loss

200
Q

What kind of delays are included in “end-to-end delay”?

A

the time it takes to encode the audio
the time it takes to put it in packets,
all the normal sources of network delay that network traffic encounters such as queueing delays,
“playback delay,” which comes from the receiver’s playback buffer,
decoding delay, which is the time it takes to reconstruct the signal.

201
Q

How does “delay jitter” occur?

A

When one packet is delayed 300ms, another 100ms, another 250ms, another 50ms, etc

202
Q

What are the mitigation techniques for delay jitter?

A

the “jitter buffer” or the “play‑out buffer”
Basically buffer packets and play them at a steady rate
Increases end to end delay or dropped packets, depending on how you optimized

203
Q

What are the three major methods for dealing with packet loss in VoIP protocols?

A

FEC (Forward Error Correction), interleaving, and error concealment

204
Q

What is FEC (Forward Error Concealment)?

A

FEC works by transmitting redundant data alongside the main transmission, which allows the receiver to replace lost data with the redundant data. May be more of the same, may be lower quality.

205
Q

What are the downsides of FEC?

A

The more redundant data transmitted, the more bandwidth is consumed. Also, some of these FEC techniques require the receiving end to receive more chunks before playing out the audio, and that increases playout delay

206
Q

What is interleaving?

A

Interleaving works by mixing chunks of audio together so that if one set of chunks is lost, the lost chunks aren’t consecutive. The idea is that many smaller audio gaps are preferable to one large audio gap.

207
Q

What are the downsides of interleaving?

A

The tradeoff for interleaving is that the receiving side has to wait longer to receive consecutive chunks of audio, and that increases latency. Unfortunately, that means this technique is limited in usefulness for VoIP, although it can have good performance for streaming stored audio

208
Q

What is error concealment?

A

Basically “guessing” what the lost audio packet might be. Similar to audio compression.

209
Q

What developments lead to the popularity of consuming media content over the Internet?

A

One, the bandwidth for both the core network and last‑mile access links have increased tremendously over the years.
Two, the video compression technologies have become
more efficient. This enables to stream high‑quality video without using a lot of bandwidth.
Finally, the development of Digital Rights Management culture has encouraged content providers to put their content on the Internet.

210
Q

Provide a high-level overview of adaptive video streaming.

A

1: Video content is created at a high quality
2: It is compressed with an algorithm
3: It is secured with DRM and hosted on a server
4: Content providers duplicate it using CDNs
5: The end users download, decode, and render

211
Q

What are two ways to achieve efficient video compression?

A

Spatial redundancy or temporal redundancy - the former compression in the context of a single image, the latter compression in the context of different frames

212
Q

What are the four steps of JPEG compression?

A

Step 1: Transform it into color components (Cb, Cr) and brightness component (y) matrices
Step 2: For each matrix, subdivide and apply the Discrete Cosine Transformation
Step 3: Compress the matrix of the coefficients using a
pre‑defined Quantization table
Step 4: Perform a lossless encoding based on the subdivision results

213
Q

Explain video compression and temporal redundancy using I-, B-, and P-frames.

A

Encode the first image (i-frame), then encode the difference between that and the next frame (p-frame), or the next and previous frame (b-frame)

214
Q

Why is video compression unable to use P-frames all the time?

A

Because there may be a cut to a new scene, and therefore the transposition between the two frames would not make sense

215
Q

What is the difference between constant bitrate encoding and variable bitrate encoding (CBR vs. VBR)?

A

CBR - output size of video is fixed over time
VBR - It varies based on scene quality. Image quality is better, more expensive

216
Q

Which protocol is preferred for video content delivery - UDP or TCP? Why?

A

TCP, as it has an implicit reliability promise

217
Q

What was the original vision of the application-level protocol for video content delivery, and why was HTTP chosen eventually?

A

Original vision was have everything be server-side with a unique protocol, ie you hit pause, the server stops transmission
Http was chosen because this would have required specialized hardware, cheaper to use Http

218
Q

Summarize how progressive download works.

A

As the client watches video, it has a playout buffer, which depletes. When it reaches a threshold, ie 10 seconds left, it requests more video, further filling the buffer. This prevents unnecessary downloads while keeping things seemless

219
Q

How to handle network and user device diversity relative to videos?

A

Videos are usually stored in short segments at different bitrates, and an appropriate bit rate is sent depending on network capacity, and can switch if that capacity changes

220
Q

How does the bitrate adaptation work in DASH?

A

A video in DASH is divided into chunks and each chunk is encoded into multiple bitrates. Each time the video player needs to download a video chunk, it calls the bitrate adaptation function, say f. The function f that takes in some input and outputs the bitrate of the chunk to be downloaded

221
Q

What are the goals of bitrate adaptation?

A

Low or zero re‑buffering
High video quality
Low video quality variations
Low startup latency

222
Q

What are the different signals that can serve as an input to a bitrate adaptation algorithm?

A

Network Throughput
Video Buffer

223
Q

Explain buffer-filling rate and buffer-depletion rate calculation.

A

In order to have a stall‑free streaming, clearly the buffer‑filling rate should be greater than the buffer‑depletion rate
C(t)/R(t)> 1 or C(t)> R(t).

224
Q

What steps does a simple rate-based adaptation algorithm perform?

A

Estimation
Quantization

225
Q

Explain the problem of bandwidth over-estimation with rate-based adaptation.

A

While the buffer is full, if the quality drops, that is not necessarily reflected immediately and a higher quality (and higher delay) bitrate is requested until it catches up and buffers

226
Q

When streaming stored multimedia applications, the user must first download the entire content before it can start playing. True or False?

A

False

227
Q

With streaming stored multimedia applications, the user can pause, fast forward, skip ahead the audio/video. True or False?

A

True

228
Q

What common application/usage is the least sensitive to network delays?

A

File Transfer

229
Q

What common application/usage is the least tolerant to packet losses? Assume there is no packet retransmission.

A

File Transfer

230
Q

Consider packet loss with VoIP application. Using TCP instead of UDP for VoIP applications results in __________ packet loss.

A

Less

231
Q

Consider end-to-end delay with VoIP application. Using TCP instead UDP for VoIP applications results in __________ end-to-end delay.

A

More

232
Q

Available bandwidth is one of the QoS metrics for VoIP applications. True or False?

A

False

233
Q

A longer jitter buffer reduces the number of packets that are discarded because they were received too late, but that adds to the end-to-end delay. True or False?

A

True

234
Q

A shorter jitter buffer will not add to the end-to-end delay as much, but that can lead to more dropped packets, which reduces the speech quality. True or False?

A

True

235
Q

Network conditions such as buffer sizes, queueing delays, network congestion levels have an impact on packet jitter. True or False?

A

True

236
Q

In VoIP applications, we have a harsher definition for packet loss, as we consider a packet to be lost if it never arrives or if it arrives after its scheduled playout. True or False?

A

True

237
Q

With Forward Error Correction we also transmit redundant data that can be used for reconstructing the stream at the receiver’s side. This approach to error recovery can lead to more bandwidth consumption. True or False?

A

True

238
Q

With interleaving we mix chunks of audio together so we avoid scenarios where consecutive chunks are lost. This approach can lead to increased latency. True or False?

A

True

239
Q

Which transport-level protocol is preferred for video content delivery?

A

TCP

240
Q

What are the characteristics of a good quality of experience from the user’s perspective?

A

Low or zero re-buffering
High video quality
Low video quality variations
Low start up latency

241
Q

With throughput-based rate adaption, our goal is to have a buffer-filling rate that is greater than the buffer-depletion rate. True or False?

A

True

242
Q

With rate-based adaption, when the bandwidth changes rapidly, the player takes some time to converge to the right estimate of the bandwidth, which can lead to overestimation of the future bandwidth. True or False?

A

True

243
Q

What are the three drawbacks to using the traditional approach of having a single, publicly accessible web server?

A

1: Users are worldwide; what if somebody far away wants it?
2: What if the same thing is requested again and again? Can be wasteful
3: What if the single server has an outage?

244
Q

What is a CDN?

A

Content Distribution Network - Network of geographically distributed servers with copies of content

245
Q

What are the six major challenges that Internet applications face?

A

Peering point congestion
Inefficient routing protocols
Unreliable networks
Inefficient communication protocols
Scalability
Application limitations and slow rate of change adoption

246
Q

What are the major shifts that have impacted the evolution of the Internet ecosystem?

A

Shift to a focus on large scale content delivery
Topological Flattening of providers thanks to IXPs and ASes in addition to ISPs

247
Q

Compare the “enter deep” and “bring home” approach to CDN server placement.

A

Enter Deep - Create many, many CDNs in order to minimize geographic distances from recipients to content
Bring Home - Fewer but larger clusters in IXPs, easier to manage but larger delays

248
Q

What is the role of DNS in the way CDN operates?

A

When a user makes a request, the users’ local DNS queries the CDN, which returns an appropriate IP address for a content server with the content to the LCDN.

249
Q

What are the two main steps in CDN server selection?

A

The first step consists of mapping the client to a cluster.
In the next step, a server is selected from the cluster.

250
Q

What is the simplest approach to selecting a cluster? What are the limitations of this approach?

A

Pick the geographically closest one. If you’re using a remote LDNS, it can pick the wrong one. There can also be routing inefficiencies.

251
Q

What metrics could be considered when using measurements to select a cluster?

A

Network-level, ie delay or available bandwidth
Application-level, ie re-buffering ratio and avg bitrate

252
Q

How are the metrics for cluster selection obtained?

A

Actively: ie the LDNS will ping the clusters and see how quickly they respond
Passively: Keep track of how operations from the same IP address have performed prior

253
Q

Explain the distributed system that uses a 2-layered system.

A

A coarse‑grained global layer operates at larger time scales (timescale of a few tens of seconds (orminutes)). This layer has a global view of client qualitymeasurements. It builds a data‑driven prediction model of video quality.
A fine‑grained per‑client decision layer that operates at the millisecond timescale. It makes actual decisions upon a client request. This is based on the latest (but possibly stale) pre‑computed global model and up‑to‑date per‑client state.

254
Q

What are the challenges of the distributed system using a 2-layered system?

A

It needs to have data for different subnet‑cluster pairs. Thus, some of the clients deliberately need to be routed to sub‑optimal clusters.

255
Q

What are the strategies for server selection? What are the limitations of these strategies?

A

Assign one randomly - could end up picking one with a higher workload
Use least-loaded server - not all servers have all the content at all time, so you could get one which currently doesn’t have it, leading to a longer wait while it is copied over

256
Q

What is consistent hashing? How does it work?

A

The main idea behind consistent hashing is that servers and the content objects are mapped to the same ID space. For instance, imagine we map the servers to the edge of a circle (say uniformly). Server 1, Item 4, Item 8, Server 12, Item 13. Server 12 is responsible for Items 4 and 8, but not 13. If a Server leaves, the next Server takes over its responsibilities.

257
Q

Why would a centralized design with a single DNS server not work?

A

They are consisting of variable characters and thus it’s difficult for routers to process them.

258
Q

What are the main steps that a host takes to use DNS?

A
  1. The user host runs the client side of the DNS application
  2. The browser extracts the hostname www.someschool.edu (Links to an external site.) and passes it to client side of the DNS application.
  3. DNS Client sends a query containing the hostname of DNS
  4. DNS Client eventually receives a reply which included IP address for the hostname
  5. As soon as the host receives the IP addresses, it can initiate a TCP connection to the HTTP server located at that port at that IP
259
Q

What are the services offered by DNS, apart from hostname resolution?

A

Mail server/Host aliasing
Load distribution

260
Q

What is the structure of the DNS hierarchy?

A

Distributed Hierarchical Database: Each node can have multiple children

261
Q

Why does DNS use a hierarchical scheme?

A

Would be too much traffic otherwise, would have a single point of failure otherwise, allows for many transactions with many clients to happen concurrently

262
Q

What are the layers of the DNS hierarchy?

A

Root DNS servers
Top level domain (TLD) Servers
Authoritative servers
Local DNS servers

263
Q

What is the difference between iterative and recursive DNS queries?

A

In the iterative query process, the querying host is referred to a different DNS server in the chain, until it can fully resolve the request.
Whereas in the recursive query process, the querying host and each DNS server in the chain queries the next server and delegates the query to it.

264
Q

What is DNS caching?

A

The idea of DNS Caching is that, in both iterative and recursive queries, after a server receives the DNS reply of mapping from any host to IP address, it stores this information in the Cache memory before sending it to the client

265
Q

What is a DNS resource record?

A

The DNS servers store the mappings between hostnames and IP addresses as resource records (RRs). These resource records are contained inside the DNS reply messages. A DNS resource record has four fields: (name, value, Type, TTL). The TTL specifies the time (in sec) a record should remain in the cache. The name and the value depend on the type of the resource record.

266
Q

What are the most common types of resource records?

A

A, NS, CNAME, MX
TYPE=A: the name is a domain name and value is the IP address of the hostname. (abc.com, 190.191.192.193, A)
TYPE=NS: the name is the domain name, and the value is the appropriate authoritative DNS server that can obtain the IP addresses for hosts in that domain. (abc.com, dns.abc.com, NS)
TYPE=CNAME: the name is the alias hostname, and the value is the canonical name, (abc.com, relay1.dnsserver.abc.com, CNAME)
TYPE=MX: the name is the alias hostname of a mail server, and the Value is the canonical name of the email server. (abc.com, mail.dnsserver.abc.com, MX)

267
Q

Describe the DNS message format.

A

ID, Flags, Question, Answer, Authority, Additional
The first field is an ID that is an identifier for the query and it allows the client to match queries with responses.
The flags section have multiple fields. For example, a field allows to specify if the DNS message is a query or response. Another field specifies if a query is recursive or not.
The question section contains information about the query that is being made for example the host-name that is being queried, the type of the query (A, MX, etc).
In the answer section, and if the message is a reply, we will have the resource records for the hostname that was originally queried.
In the authority section, we have resource records for more authoritative servers.
The additional section contains other helpful records. For example, if the original query was for an MX record, then the answer section will contain the resource record for the canonical hostname of the mail server, and the additional section will contain the IP address for the canonical hostname

268
Q

What is IP Anycast?

A

The main goal of IP anycast is to route a client to the “closest” server, as determined by BGP (Border Gateway Protocol), a routing protocol used for inter‑AS-routing.

269
Q

What is HTTP Redirection?

A

Essentially, when a client sends a GET request to a server, say A, it can redirect the client to another server, say B, by sending an HTTP response with a code 3xx and the name of the new server.

270
Q

Having a single server for providing Internet content has what disadvantages?

A

Single point of failure.
Bandwidth waste in high demand for the same content.
Scalability issues.
Potentially big geographic distance between Internet hosts/users and the server.

271
Q

One of the advantages of using CDNs is that the routing protocols they use take important aspects into consideration, such as congestion, latency, etc., in order to best deliver the content to the Internet users. True or False?

A

False

272
Q

There are several factors that can make a CDN network unreliable, such as misconfigured routers, power outages, malicious attacks or natural disasters. True or False?

A

True

273
Q

As the Internet evolves, the topology of the ISPs has become flatter, and the number of IXPs increases as the time progresses due to the services they offer and the lower costs for the ISPS. True or False?

A

True

274
Q

The major drawback of the “Enter Deep” approach is that, if one server is lost, that geographic area will experience a higher delay and lower throughput. True or False?

A

False

275
Q

When using CDN servers for content delivery, there is more overhead than when using the traditional approach. True or False?

A

True

276
Q

For a CDN to deliver content to an Internet user, a cluster is mapped to a client first and then a server within that cluster is selected. True or False?

A

True

277
Q

Terei Pyrope is a cool character. True or False?

A

True

278
Q

By using consistent hashing for server selection, in the case of a server failure, the objects that the server was responsible for can be taken care of by a random server within the same ID space. True or False?

A

False

279
Q

When using DNS caching, what would happen if a host A makes a request for a domain that was just previously queried by another host?

A

The local DNS server will immediately answer the host with the IP address.

280
Q

What is the type of the following resource record: (amazon.com, dns.amazon.com, ?, TTL)?

A

NS

281
Q

IP Anycast assigns the same IP address to multiple servers in order to deliver content from CDNs by using the closest server to a client based on BGP path length. True or False?

A

True

282
Q

HTTP redirection can only be used in order to share the load of content requests among servers. True or False?

A

False

283
Q

What is packet classification?

A

Forwarding based on more than just longest prefix matching

284
Q

Describe how an OpenFlow Switch works

A

Switch receives a packet
Switch determines highest priority matching rule
Perform action associated with highest rule
Increment internal counter

285
Q

In the SDN approach, how is a forwarding table updated?

A

A remote controller computes and distributes forwarding tables that are used by each router

286
Q

Which layers belong to the Management Plane?

A

Network Applications
Programming Languages
Language-Based Virtualization

287
Q

Which layers belong to the Control Plane?

A

Northbound Interface
Network Operating System
Network Hypervisor

288
Q

Which layers belong to the Data Plane?

A

Southbound Interface
Network Infrastructure

289
Q

In simple terms, what do the Southbound interfaces do?

A

Act as connectors between control and data plane

290
Q

In simple terms, what does the Network operating systems (NOS) do?

A

Provides abstractions, acts as a centralized controller for the SDN

291
Q

In simple terms, what do the Northbound interfaces do?

A

This is still being determined/custom software

292
Q

What are some examples of Network programming languages?

A

Pyretic, Frenetic, Merlin, Nettle, Procera, FML, etc

293
Q

What do Network applications implement?

A

Control plane logic

294
Q

In ONOS, how do instances relate to each other?

A

Each instance has a “master”. If an instance fails, an “election” is held for each child to find a new master.

295
Q

What is the purpose of Traffic Engineering, an application of SDNs?

A

Optimizing the traffic flow so as to minimize power consumption

296
Q

What’s an example of Traffic Engineering?

A

ElasticTree

297
Q

What is the purpose of Mobility and Wireless, an application of SDNs?

A

Connecting to mobile networks, ie WLans

298
Q

What are two examples of Mobility and Wireless?

A

OpenRadio, Odin Network

299
Q

What is the purpose of Measurement and Monitoring, an application of SDNs?

A

Keep better metrics to respond to change in network conditions

300
Q

What are three examples of Measurement and Monitoring?

A

OpenSketch, OpenSample and PayLess

301
Q

What is the purpose of Security and Dependability, an application of SDNs?

A

Make the network more secure

302
Q

What’s an example of Security and Dependability?

A

CloudWatcher

303
Q

What is the purpose of Data Center Networking, an application of SDNs?

A

Identifying issues and troubleshooting, real‑time monitoring of networks, etc

304
Q

What are two examples of Data Center Networking?

A

LIME, FlowDiff

305
Q

At a high level, what is the purpose of an SDX?

A

To maintain an illusion of sorts of an independent SDN, while still benefitting from an IXP

306
Q

What is “Integrity” in the context of internet security?

A

Message/content has not been modified

307
Q

What is the goal of DNS abuse?

A

To keep malicious actions undetectable for longer

308
Q

What does FIRE stand for?

A

Finding Rogue Networks

309
Q

ASwatch uses information from which plane? To do what?

A

Control Plane, Identify Malicious Networks

310
Q

What is Rewiring activity?

A

Frequent changes in provider, using lesser known providers, etc

311
Q

What is IP Space Fragmentation and Churn?

A

Malicious ASes use very small BGP prefixes

312
Q

What is BGP Routing Dynamics?

A

Monitoring whether the announcements (updates/withdrawals) follow normal patterns

313
Q

What is a Man In The Middle Attack?

A

When something is manipulated before it reaches its destination AS

314
Q

What is the difference between a Targeted Attack and a High Impact Attack?

A

High Impact Attacks are meant to be noticed, Targeted Attacks are meant to be discrete

315
Q

What is the goal of ARTEMIS?

A

To safeguard a network’s own prefixes against malicious BGP hijacking attempts

316
Q

What is Prefix deaggregation?

A

When you announce a more specific prefix than a targeted prefix, redirecting traffic to the new one you just announced.

317
Q

What is Mitigation with Multiple Origin AS (MOAS)?

A

Have third party networks/providers do BGP announcements for a targeted network

318
Q

What does “DDoS” Attack stand for?

A

Distributed Denial-of-Service (DDoS) attack

319
Q

What are Traffic Scrubbing Services?

A

Incoming traffic is diverted to a “scrubber”, where “clean” and “unclean” traffic are separated. Clean traffic is sent to the destination.

320
Q

What are ACL Filters?

A

Blocklists provided by ISPs/IXPs to prevent unwanted traffic

321
Q

What is BGP Flowspec?

A

Sets up rules for how ASes/BGP lets traffic in, which can mitigate DDoS attacks.

322
Q

Why is blackholing considered effective?

A

It drops the traffic nearer to the sender, saving “energy” for the targeted site

323
Q

What is the downside of blackholing?

A

All traffic, including valid traffic, is dropped

324
Q

In VoIP, what is Signaling?

A

Setting up calls, managing them, tearing them down

325
Q

Most of the time, VoIP uses which protocol?

A

UDP

326
Q

How does the client know about the different encoding bitrates that are available, and how does it know about the URL of each of the video segments?

A

It receives a manifest file over HTTP with all of the metadata

327
Q

What is the challenge of, “Peering point congestion”?

A

Little business/financial incentive to prioritize the “middle” between end users and hosts where peers connect

328
Q

What is the challenge of, “Inefficient routing protocols”?

A

BGP was not designed for modern infrastructures

329
Q

What is the challenge of, “Unreliable networks”?

A

Outages, DDoS attacks, anything that prevents access

330
Q

What is the challenge of, “Inefficient communication protocols”?

A

TCP was not designed for modern internet, distance is a bottleneck, it’s hard to update TCP protocols

331
Q

What is the challenge of, “Scalability”?

A

Accounting for situations where usage shoots up, ie viral video

332
Q

What is the challenge of, “Application limitations and slow rate of change adoption”?

A

It’s hard to update protocols and processes since so many services/applications can only use the old one

333
Q

What overall change does the proliferation of IXPs/usage of CDNs lead to?

A

More local traffic

334
Q

What are the three different network protocols that can be used for server selection?

A

DNS, HTTP Redirection, IP Anycast

335
Q

What is the point of Load Distribution?

A

Distribute traffic across different servers

336
Q

What’s the typical pattern for DNS queries?

A

One recursive, then however many iterative it takes

337
Q

What are the three data plane traffic manipulation techniques?

A

Dropped (blackholing)
Man-in-the-middle
Impersonation

Air Bud Training Class (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions