Lesson 2 - Architecture and Principles Flashcards
Networking today is…
An eclectic mix of theory and practice
Early internet architects…
Set out with clear goals and allowed flexibility in achieving them
The internet has its roots in
ARPANet (1966-67)
First operational ARPANet
Goal was to connect big academic computers together. First operational nodes came online in 1969 at UCLA, SRI, UCSB, and Utah. Around the same time, the National Physical Laboratory in the UK (NPL) came on.
-1971: around 20 nodes and the first host to host protocol.
SatNet
Operated by satellite
TCP/IP
Work began in 1973 to replace original network control protocol with TCP/IP (Transmission Control Protocol/Internet Protocol).
Standardized in late 70s. Included in Berkeley Unix in 1981.
Flag Day = Jan 1, 1983, where ARPANet transitioned to TCP/IP.
of computers on internet took off in
Mid-1990s
Rollout of the DNS
1982
Replaced the hosts.txt file containing all the world’s machine names with a distributed name lookup system.
TCP congestion control
1988 (after the net suffered a series of congestion collapses)
NSF Net, BGP introduced
- BGP provided domain routing.
First major search engine
AltaVista (1995)
P2P file sharing
Emerged around 2000
Problems with IPv4
- Running out of addresses (only has 2^32 32-bit addresses)
- Needs to be allocated hierarchically but currently not very efficiently organized
Goal of Congestion Control
- Match offered load to available capacity
- Problems with today’s algorithms: insufficient dynamic range, don’t work very well over slow/flaky wireless links, don’t work well over very high-speed intercontinental paths
Routing
The process by which nodes on the internet discover paths to take to reach a detination
Some ills of BGP
- (BGP is today’s inter-domain routing protocol)
- Suffers from lack of security, ease of misconfiguration, poor convergence, and non-determinism
What is the glue that holds all the internet service providers together?
BGP
Security problems
We’re reasonably good at encryption and authentication, but not at turning these mechanisms on, and bad at key management, and deploying secure SW and secure communications.
Denial of Service
Internet does a good job of transmitting packets, even if destination doesn’t want. Makes it easy for an attacker to overload servers or network links to prevent victim from doing work. (DDS attacks are particularly common in today’s internet)
Fixing current problems requires…
Changes to basic infrastructure.
-These are difficult, and it’s unclear what process is to achieve consensus on changes.
SDN
(Software-defined networking)
-Makes it easier to solve some of these problems by rolling out new SW tech/protocols
Many of the problems we face today are due to
Original design choices. This doesn’t mean they were right or wrong, but just reflect our understanding at the time as well as the environment and constraints the designers faced.
Fundamental design goal of the internet
Multiplexed utilization of existing interconnected networks.
-Multiplexed: sharing. One fundamental problem was shared use of single communications channel.
Solution to “shared use of single communications channel”
Statistical multiplexing/packet switching
Solution to “interconnected”
Narrow waist
Packet switching
- Info for forwarding traffic is contained in destination address of the datagram or packet (like address on a letter)
- No state
- Revolutionary, and one of the underlying design principles of the internet that has persisted
Best effort service
Very few assumptions made about level of service that the network provides
Circuit switching
Signaling protocol sets up entire path out-of-band
-Dedicated resources for path from recipient to sender
Advantage of statistical multiplexing
Sender never gets a busy signal
Drawbacks of statistical multiplexing
- Variable delay
- Potential for loss or dropped packets
- In contrast, circuit switching provides resource control, better accounting, and reservation of resources.
- Packet switching provides ability to share resources and potentially better resilience properties.
Narrow waist
Goal to interconnect existing networks and hide underlying technologies from applications. Many protocols layered, with IP at the center. Every device must “speak” IP
Layer 1 (bottom)
Physical layer (SONET for optimal networks…)
Layer 2
Link layer, provides p2p connectivity (ethernet is a common link layer protocol)
Layer 3
Network layer, e2e connectivity (IP)
Layer 4
Transport layer, congestion control & reliable transport (TCP, UDP)
Layer 5
Application layer, reliable transport (HTTP, SMTP)
Most critical aspect of interconnection design
Network layer has 1 real protocol in use (IP). This means every device on the network must speak IP.
-Sometimes called “IP over anything” or “anything over IP”
Advantage of narrow waist
Fairly easy to get a device on the network if it runs IP
Drawback of narrow waist
Difficult to make any changes at the network layer, since every device runs IP. People are trying to make changes to this (SDN for example).
Goals of DARPA design philosophy paper
Sharing, Interconnection, Survivability, Heterogeneity, Distributed Management
Survivability
Networks should continue to work even if some device is failed or compromised.
How to achieve survivability
- Replication (keep state at multiple places in network, so that if any node crashes, there’s a hot standby waiting to take over).
- Fate sharing: it’s acceptable to lose state information for some entity if that entity itself is lost (ex: if a router crashes, its state AKA routing tables are lost too. makes engineering easier)
Heterogeneity
- Supported through TCP/IP protocol stack
- TCP/IP was designed as a monolithic transport
- TCP provided flow control and reliable delivery
- IP provided universal forwarding
- However, these aren’t always needed (DNS doesn’t always need in-order, reliable delivery, streaming doesn’t need every packet delivered)
- Narrow waist allowed proliferation of many different transport protocols, not just TCP
- Best effort service model allows network to lose packets and deliver them out of order and not really provide any quality guarantees.
Advantage of heterogeneity:
makes for a simple design
Drawback of heterogeneity
Makes certain kinds of debugging and network management more difficult
Examples where distributed mgmt has played out
- Addressing registries (ARIN, RIPE [Europe], etc.)
- DNS: allows independently operated network to configure its own routing policy
- BGP: allows each independently operated network to configure its own routing policy
- No single entity needs to be in charge. Allows for organic growth and stable mgmt.
Drawback of Distributed mgmt
- Internet has no owner or single responsible party
- Hard to figure out who or what is causing a problem
- Misconfig in a local network can have global effects
Other 3 design goals discussed by Clart
Cost effectiveness, ease of attachment, accountability
Ease of attachment
Huge success. IP is essentially plug and play. Lesson is that if one lowers the barrier to innovation, people will get creative about the types of devices and applications that can run on top of the internet. Narrow waist also allows for the network to run on a wide range of physical layers.
Accountability
(ability to bill, essentially) was mentioned in early TCP/IP papers but not prioritized. Datagram networks can make it tricky. Phone networks much easier/more precise.
What’s missing from Clark’s paper
Security, Availability, Mobility, Scaling, Probability of other things
End to end argument
Intelligence required to implement a particular application on the communications system should be placed at the end points, rather than in the middle of the network.
- “Dumb network, intelligent endpoints”
- Allowed internet to grow because innovation took place at the edge in apps and services rather than in the middle which can be hard to change
- it is JUST AN ARGUMENT. many things have come to violate it. It’s not a theorem or principle.
- Sometimes constrains us. SDN in some ways reverses many aspects of this end to end argument.
Examples of end-to-end argument
- Error handling and file transfer
- Encryption end-to-end vs. hop/ihop
- Partition of TCP and IP
Things that violate the End-to-end argument
- NAT (machines behind it are not globally addressable)
- VPN tunnels
- TCP splitting (sometimes connections are split at an intermediate node along an end to end path, particularly when the last end to end path is wireless) - sometimes done to improve performance due to the last hop
- Spam filters (why?)
- P2P systems - assembled in chunks
- Caches and in-network aggregation
STUN
- signaling and tunneling through UDP-enabled NAT devices
- device sends an initial outbound packet somewhere simply to create an entry into the NAT table, and we now have a global address and port to which devices can send traffic
- Also possible to statically configure these tunnels or mappings on your NAT device at home.
- Even with these workarounds, it’s clear that NATs are a violation of the end-to-end principle. 2 hosts on the internet cannot communicate directly by default.
Violations of the end-to-end argument
- P2P, video sharing. Add extra layer of complication in communication between 2 end hosts
- NAT device
- Basically, ANYTHING that interferes between the 2 hosts
- Arguments against violating e2e: because it violates the fate-sharing principle, which is one of the founding ideals of the Internet. The idea is that it makes it much more difficult to troubleshoot an issue because it adds additional complexity and state information that is contained away from the network
- Arguments for: Security Engineers would likely argue that NAT is more secure than exposing hosts to the Internet, that proxies are better than giving direct access to websites, etc.
What 2 things support heterogeneity
TCP/IP and “Best Effort”
How do addressing, naming, and routing support distributed management?
Addressing: registries (ARIN, RIPE, etc.)
Naming: DNS
Routing: BGP
Of the following, which were included in Clark’s original paper?
Support for Security Support for Heterogeneity Support for Interconnection Support for Sharing Support for Mobility
Heterogeneity, Interconnection, and Sharing
