diff options
| -rw-r--r-- | NOTES.md | 2173 | ||||
| -rw-r--r-- | generated/NOTES_CHEATSHEET.md | 125 |
2 files changed, 0 insertions, 2298 deletions
diff --git a/NOTES.md b/NOTES.md deleted file mode 100644 index d752037..0000000 --- a/NOTES.md +++ /dev/null @@ -1,2173 +0,0 @@ -# Chapter 1: Computer Networks and the Internet - Study Notes - -## 1.1 What Is the Internet? - -### Nuts-and-Bolts Description -- **Hosts/End Systems**: Computing devices connected to the Internet (computers, smartphones, servers, IoT devices) -- **Communication Links**: Physical media connecting devices (copper wire, fiber optics, radio) -- **Packet Switches**: Forward packets between networks - - **Routers**: Used in network core - - **Link-layer Switches**: Used in access networks -- **Transmission Rate**: Link capacity measured in bits/second -- **Packets**: Segments of data with headers added -- **ISPs (Internet Service Providers)**: Provide Internet access to end systems -- **Protocols**: TCP/IP are the principal protocols -- **Internet Standards**: Developed by IETF, documented in RFCs - -### Services Description -- Internet as infrastructure providing services to distributed applications -- **Socket Interface**: Rules for programs to send/receive data over the Internet -- Applications run on end systems, not in network core - -### What Is a Protocol? -**Definition**: A protocol defines the format and order of messages exchanged between communicating entities, and the actions taken upon transmission/receipt - -## 1.2 The Network Edge - -### Access Networks -Methods to connect end systems to the edge router: - -#### Home Access -1. **DSL (Digital Subscriber Line)** - - Uses existing telephone lines - - Asymmetric speeds (downstream > upstream) - - Up to 24 Mbps down, 3.5 Mbps up - -2. **Cable Internet** - - Uses cable TV infrastructure - - HFC (Hybrid Fiber Coax) - - Shared broadcast medium - - DOCSIS 3.0: Up to 1.2 Gbps down - -3. **FTTH (Fiber to the Home)** - - Direct optical fiber connection - - Gigabit speeds possible - - PON (Passive Optical Networks) commonly used - -4. **5G Fixed Wireless** - - Wireless connection to home modem - - No physical cabling required - -#### Enterprise Access -- **Ethernet**: Wired LAN technology, 100 Mbps to 10 Gbps -- **WiFi (802.11)**: Wireless LAN, shared transmission up to 100+ Mbps - -#### Wide-Area Wireless -- **4G/5G Cellular**: Mobile device connectivity -- Coverage within tens of kilometers of base station - -### Physical Media - -**Guided Media** (through solid medium): -- **Twisted-Pair Copper**: Cheapest, common in LANs -- **Coaxial Cable**: Higher bandwidth, shared medium -- **Fiber Optics**: High speed, low attenuation, immune to interference - -**Unguided Media** (wireless): -- **Terrestrial Radio**: Short/local/wide area coverage -- **Satellite**: Geostationary (high latency) or LEO - -## 1.3 The Network Core - -### Packet Switching -- **Store-and-Forward**: Entire packet must be received before forwarding -- End-to-end delay for N links: $$d_{end-to-end} = N \frac{L}{R}$$ - - L = packet size (bits) - - R = transmission rate (bps) - - N = number of links - -#### Key Concepts -- **Output Buffer/Queue**: Stores packets waiting for transmission -- **Queuing Delays**: Variable delays based on congestion -- **Packet Loss**: Occurs when buffers overflow -- **Forwarding Tables**: Map destination addresses to outbound links -- **Routing Protocols**: Automatically set forwarding tables - -### Circuit Switching -- Resources reserved for duration of connection -- **Multiplexing Methods**: - - **FDM**: Frequency Division Multiplexing - - **TDM**: Time Division Multiplexing -- Guaranteed bandwidth but potential waste during silent periods - -### Packet vs Circuit Switching -- **Packet Switching Advantages**: - - Better sharing of bandwidth - - Simpler implementation - - More efficient for bursty traffic -- **Circuit Switching Advantages**: - - Guaranteed resources - - Predictable performance - -### Network of Networks -Internet structure evolution: -1. Access ISPs + Global Transit ISP -2. Multiple competing ISPs -3. Regional ISPs + Tier-1 ISPs -4. Add PoPs, multi-homing, peering, IXPs -5. Content-provider networks (Google, etc.) - -## 1.4 Delay, Loss, and Throughput - -### Types of Delay -Total nodal delay: $$d_{nodal} = d_{proc} + d_{queue} + d_{trans} + d_{prop}$$ - -1. **Processing Delay** ($d_{proc}$): Examining packet headers -2. **Queuing Delay** ($d_{queue}$): Waiting in buffer -3. **Transmission Delay** ($d_{trans} = L/R$): Pushing bits onto link -4. **Propagation Delay** ($d_{prop} = d/s$): Signal travel time - - d = distance - - s = propagation speed - -### Traffic Intensity -- **Formula**: $La/R$ - - L = packet size - - a = average packet arrival rate - - R = transmission rate -- If La/R > 1: Queue grows unbounded -- If La/R ≈ 1: Large queuing delays -- If La/R ≈ 0: Small queuing delays - -### Throughput -- **Instantaneous**: Rate at any instant -- **Average**: F/T (F bits in T seconds) -- **Bottleneck Link**: Link with minimum transmission rate determines throughput -- For path with N links: Throughput = min{$R_1, R_2, ..., R_N$} - -## 1.5 Protocol Layers - -### Five-Layer Internet Protocol Stack -1. **Application Layer**: Network applications (HTTP, SMTP, FTP, DNS) - - Unit: Message -2. **Transport Layer**: Process-to-process delivery (TCP, UDP) - - Unit: Segment -3. **Network Layer**: Routing of datagrams (IP) - - Unit: Datagram -4. **Link Layer**: Data transfer between neighboring elements (Ethernet, WiFi) - - Unit: Frame -5. **Physical Layer**: Bits on the wire - -### Encapsulation -- Each layer adds its own header information -- Headers removed at receiving end (de-encapsulation) -- Payload = packet from layer above - -## 1.6 Network Security Threats - -### Types of Attacks -1. **Malware**: Viruses, worms, spyware, botnets -2. **DoS Attacks**: - - Vulnerability attack - - Bandwidth flooding - - Connection flooding - - DDoS: Distributed attacks from multiple sources -3. **Packet Sniffing**: Passive interception of data -4. **IP Spoofing**: Forging source addresses - -### Security Needs -- Cryptography -- Authentication -- Defense mechanisms against various attacks - -## Key Formulas Summary - -| Formula | Description | -|---------|-------------| -| $d_{trans} = L/R$ | Transmission delay | -| $d_{prop} = d/s$ | Propagation delay | -| $d_{nodal} = d_{proc} + d_{queue} + d_{trans} + d_{prop}$ | Total nodal delay | -| $d_{end-to-end} = N(d_{proc} + d_{trans} + d_{prop})$ | End-to-end delay | -| Traffic Intensity = $La/R$ | Queue loading factor | -| Throughput = min{$R_1, R_2, ..., R_N$} | Bottleneck determines throughput | - -## Important Concepts to Remember - -1. **Internet is a network of networks** -2. **Packet switching is more efficient for bursty data** -3. **Layered architecture provides modularity** -4. **Delays accumulate through the network** -5. **Protocols define communication rules** -6. **Security wasn't built into original Internet design** -7. **Edge vs Core**: Applications at edge, switching/routing in core -8. **Encapsulation**: Each layer adds headers -9. **Statistical multiplexing** allows efficient resource sharing -10. **Bottleneck link** determines end-to-end throughput - -# Chapter 2: Application Layer - Study Notes - -## 2.1 Principles of Network Applications - -### Network Application Architectures - -**Two Main Architectures:** - -1. **Client-Server Architecture** - - Always-on server with fixed IP address - - Clients communicate with server, not directly with each other - - Examples: Web, FTP, Telnet, email - - Often uses data centers for scalability - -2. **Peer-to-Peer (P2P) Architecture** - - No always-on server - - Peers communicate directly - - Self-scalability: peers add both demand and capacity - - Examples: BitTorrent, Skype - - Challenges: security, performance, reliability - -### Processes Communicating - -- **Process**: A program running within an end system -- **Socket**: Software interface between application and transport layer (API) -- **Client Process**: Initiates communication -- **Server Process**: Waits to be contacted - -#### Addressing Processes -- **IP Address**: 32-bit identifier for host -- **Port Number**: Identifies receiving process on host -- Common ports: HTTP (80), SMTP (25) - -### Transport Services - -**Four Dimensions of Service:** - -1. **Reliable Data Transfer** - - Guaranteed delivery without errors - - Required for: email, file transfer, Web documents - - Loss-tolerant apps: multimedia streaming - -2. **Throughput** - - Bandwidth-sensitive apps: require minimum throughput - - Elastic apps: can use available throughput (email, file transfer) - -3. **Timing** - - Low delay requirements for real-time apps - - Examples: VoIP, gaming, video conferencing - -4. **Security** - - Encryption, data integrity, authentication - - TLS provides security enhancement for TCP - -### Internet Transport Protocols - -| Protocol | Services | Applications | -|----------|----------|--------------| -| **TCP** | • Connection-oriented<br>• Reliable data transfer<br>• Congestion control<br>• No timing/throughput guarantees | Web (HTTP), Email (SMTP), File Transfer (FTP) | -| **UDP** | • Connectionless<br>• Unreliable<br>• No congestion control<br>• Minimal services | Streaming media, Internet telephony, DNS | - -## 2.2 The Web and HTTP - -### HTTP Overview -- **HyperText Transfer Protocol**: Application layer protocol for the Web -- Client-server model: browsers (clients) and Web servers -- Uses TCP, port 80 -- **Stateless protocol**: Server maintains no client information - -### HTTP Connections - -**Non-Persistent Connections (HTTP/1.0)** -- New TCP connection for each object -- 2 RTTs per object (connection setup + request/response) -- Browser can open parallel connections - -**Persistent Connections (HTTP/1.1)** -- Multiple objects over single TCP connection -- Server leaves connection open after response -- Pipelining: send requests without waiting for responses - -### HTTP Message Format - -**Request Message:** -``` -GET /somedir/page.html HTTP/1.1 -Host: www.someschool.edu -Connection: close -User-agent: Mozilla/5.0 -Accept-language: fr -``` - -Components: -- Request line: method, URL, version -- Header lines: Host, User-agent, etc. -- Entity body (empty for GET) - -**Response Message:** -``` -HTTP/1.1 200 OK -Date: Tue, 18 Aug 2015 15:44:04 GMT -Server: Apache/2.2.3 -Content-Length: 6821 -Content-Type: text/html -(data data data ...) -``` - -**Common Status Codes:** -- 200 OK: Success -- 301 Moved Permanently -- 404 Not Found -- 505 HTTP Version Not Supported - -### Cookies -**Four Components:** -1. Cookie header in HTTP response -2. Cookie header in HTTP request -3. Cookie file on client -4. Backend database at server - -Uses: User identification, shopping carts, recommendations - -### Web Caching -- **Proxy Server**: Caches objects for multiple users -- Reduces response time and bandwidth usage -- **Conditional GET**: Checks if cached object is current - - Uses `If-Modified-Since` header - - Server returns `304 Not Modified` if unchanged - -### HTTP/2 Features -- Reduces HOL blocking through frame interleaving -- Message prioritization -- Server push -- Binary framing -- Single TCP connection for multiple streams - -## 2.3 Electronic Mail - -### Components -1. **User Agents**: Mail clients (Outlook, Gmail app) -2. **Mail Servers**: Store mailboxes, run SMTP -3. **SMTP**: Simple Mail Transfer Protocol - -### SMTP -- Uses TCP port 25 -- Push protocol (sender pushes to receiver) -- 7-bit ASCII restriction -- Commands: HELO, MAIL FROM, RCPT TO, DATA, QUIT - -### Mail Access Protocols -- **IMAP**: Internet Mail Access Protocol - - Maintains folders on server - - Synchronization across devices -- **HTTP**: Web-based email access - -## 2.4 DNS (Domain Name System) - -### Services Provided -1. **Hostname to IP translation** -2. **Host aliasing** (canonical vs alias names) -3. **Mail server aliasing** -4. **Load distribution** (multiple IPs per name) - -### DNS Hierarchy - -``` -Root DNS Servers - ↓ -TLD Servers (.com, .org, .edu) - ↓ -Authoritative DNS Servers - ↓ -Local DNS Server (not in hierarchy, acts as proxy) -``` - -### DNS Resolution -- **Iterative Queries**: Server returns best known server -- **Recursive Queries**: Server handles full resolution -- **DNS Caching**: Reduces query traffic (TTL controls cache duration) - -### DNS Records (Resource Records) -Format: `(Name, Value, Type, TTL)` - -| Type | Name | Value | -|------|------|-------| -| A | Hostname | IP address | -| NS | Domain | Authoritative DNS server | -| CNAME | Alias | Canonical hostname | -| MX | Alias | Mail server hostname | - -## 2.5 P2P File Distribution - -### Distribution Time Comparison - -**Client-Server:** -$$D_{cs} = \max\left\{\frac{NF}{u_s}, \frac{F}{d_{min}}\right\}$$ - -**P2P:** -$$D_{P2P} = \max\left\{\frac{F}{u_s}, \frac{F}{d_{min}}, \frac{NF}{u_s + \sum_{i=1}^{N}u_i}\right\}$$ - -Where: -- F = file size -- N = number of peers -- $u_s$ = server upload rate -- $d_{min}$ = minimum peer download rate - -### BitTorrent -**Key Concepts:** -- **Torrent**: Group of peers sharing a file -- **Tracker**: Tracks participating peers -- **Chunks**: File pieces (typically 256KB) - -**Strategies:** -- **Rarest First**: Request rarest chunks first -- **Tit-for-tat**: Upload to peers providing best download rates -- **Optimistic Unchoking**: Randomly unchoke one peer every 30 seconds - -## 2.6 Video Streaming and CDNs - -### Video Characteristics -- High bit rates (100 kbps to 10+ Mbps) -- Can be compressed to different quality levels -- Stored video vs live streaming - -### DASH (Dynamic Adaptive Streaming over HTTP) -- Multiple encodings at different bit rates -- Client requests chunks based on available bandwidth -- Manifest file lists available versions -- Allows quality switching during playback - -### Content Distribution Networks (CDNs) - -**Two Philosophies:** -1. **Enter Deep** (Akamai): Servers in access ISPs worldwide -2. **Bring Home** (Limelight): Large clusters at IXPs - -**CDN Operation:** -1. DNS redirect to CDN domain -2. CDN DNS returns nearby server IP -3. Client requests content from CDN server - -### Netflix Architecture -- Amazon cloud: Web interface, content processing -- Private CDN: Video distribution from ISP/IXP locations -- Push caching during off-peak hours -- Proprietary DASH implementation - -### YouTube Architecture -- Google's private CDN -- Pull caching strategy -- DNS redirect for load balancing -- HTTP streaming with manual quality selection - -## 2.7 Socket Programming - -### UDP Socket Programming -- Connectionless -- No handshaking -- Unreliable delivery -- Destination address attached to each packet - -**Key Functions:** -- `socket()`: Create socket -- `sendto()`: Send datagram -- `recvfrom()`: Receive datagram -- `bind()`: Assign port to socket - -### TCP Socket Programming -- Connection-oriented -- Three-way handshake -- Reliable, in-order delivery -- Byte stream abstraction - -**Key Functions:** -- Server: `socket()`, `bind()`, `listen()`, `accept()` -- Client: `socket()`, `connect()` -- Both: `send()`, `recv()`, `close()` - -## Important Formulas Summary - -| Formula | Description | -|---------|-------------| -| HTTP Response Time | ≈ 2 RTT + file transmission time | -| Web Cache Hit Rate | 0.2 to 0.7 typical | -| Traffic Intensity | (arrival rate × packet size) / link bandwidth | -| Client-Server Distribution | $D_{cs} = \max\{NF/u_s, F/d_{min}\}$ | -| P2P Distribution | $D_{P2P} = \max\{F/u_s, F/d_{min}, NF/(u_s + \Sigma u_i)\}$ | - -## Key Takeaways - -1. **Application architectures** shape how network apps are structured -2. **HTTP** is stateless but can maintain state via cookies -3. **DNS** provides critical name resolution using distributed hierarchy -4. **P2P** architectures are self-scaling but face management challenges -5. **CDNs** bring content closer to users for better performance -6. **Socket programming** enables network application development -7. **Transport choice** (TCP vs UDP) depends on application requirements - -# Chapter 3: Transport Layer - Study Notes - -## 1. Introduction and Transport-Layer Services - -### Key Concepts -- **Transport layer** provides logical communication between application processes running on different hosts -- Runs only in end systems, not in network routers -- **Segments**: Transport-layer packets -- Two main Internet transport protocols: **TCP** and **UDP** - -### Transport vs Network Layer -- **Transport layer**: Logical communication between *processes* -- **Network layer**: Logical communication between *hosts* - -### Service Models -- **UDP** (User Datagram Protocol) - - Unreliable, connectionless service - - No-frills, minimal service - - Process-to-process delivery + error checking only - -- **TCP** (Transmission Control Protocol) - - Reliable, connection-oriented service - - Provides: reliable data transfer, flow control, congestion control - - Converts IP's unreliable service into reliable transport - -## 2. Multiplexing and Demultiplexing - -### Core Functions -- **Multiplexing**: Gathering data from different sockets, adding headers, passing to network layer -- **Demultiplexing**: Delivering received segments to correct socket - -### Port Numbers -- 16-bit numbers (0-65535) -- **Well-known ports**: 0-1023 (HTTP:80, FTP:21, DNS:53) -- Each segment has source and destination port fields - -### Socket Identification -**UDP Socket**: -- Identified by: (destination IP, destination port) -- Multiple sources can send to same UDP socket - -**TCP Socket**: -- Identified by 4-tuple: (source IP, source port, dest IP, dest port) -- Each TCP connection has unique 4-tuple - -## 3. UDP (User Datagram Protocol) - -### Characteristics -- Connectionless (no handshaking) -- Best-effort delivery -- No congestion control -- Small header overhead (8 bytes vs TCP's 20 bytes) - -### When to Use UDP -- Real-time applications (VoIP, video conferencing) -- DNS queries -- Network management (SNMP) -- Applications needing: - - Fine application-level control - - No connection establishment delay - - No connection state - - Small packet header overhead - -### UDP Segment Structure -``` -[Source Port | Dest Port] (16 bits each) -[Length | Checksum] (16 bits each) -[Application Data] -``` - -### UDP Checksum -- Provides error detection -- 1's complement of sum of all 16-bit words -- End-to-end principle: needed even if link layer has error checking - -## 4. Principles of Reliable Data Transfer - -### Building Blocks for Reliability - -| Mechanism | Purpose | -|-----------|---------| -| **Checksum** | Detect bit errors | -| **Acknowledgments (ACK/NAK)** | Receiver feedback | -| **Sequence numbers** | Detect lost/duplicate packets | -| **Timers** | Detect lost packets via timeout | -| **Retransmission** | Recover from lost packets | -| **Pipelining** | Improve utilization | - -### Protocol Evolution -1. **rdt1.0**: Perfect channel (no errors/loss) -2. **rdt2.0**: Channel with bit errors - - Adds: checksum, ACK/NAK, retransmission -3. **rdt2.1/2.2**: Handles corrupted ACK/NAK - - Adds: sequence numbers -4. **rdt3.0**: Channel with errors AND loss - - Adds: timeout timer - -### Pipelining Protocols - -**Go-Back-N (GBN)**: -- Sender window of N unACKed packets -- Cumulative ACKs -- Retransmit all packets after lost packet -- Receiver discards out-of-order packets - -**Selective Repeat (SR)**: -- Individual ACKs for each packet -- Only retransmit lost packets -- Receiver buffers out-of-order packets -- Window size ≤ half of sequence number space - -### Performance Metrics -- **Utilization** = (L/R) / (RTT + L/R) -- Stop-and-wait has poor utilization on high bandwidth-delay paths -- Pipelining dramatically improves utilization - -## 5. TCP (Transmission Control Protocol) - -### TCP Features -- **Connection-oriented**: 3-way handshake -- **Full-duplex**: Bidirectional data flow -- **Point-to-point**: One sender, one receiver -- **Reliable, in-order byte stream** -- **Flow control** and **congestion control** - -### TCP Segment Structure -Key fields: -- Source/destination ports (16 bits each) -- Sequence number (32 bits): byte-stream number of first byte -- Acknowledgment number (32 bits): next expected byte -- Receive window (16 bits): for flow control -- Header length (4 bits) -- Flags (6 bits): ACK, RST, SYN, FIN, PSH, URG -- Checksum (16 bits) - -### Sequence and ACK Numbers -- **Sequence number**: Byte number of first byte in segment -- **ACK number**: Sequence number of next expected byte -- TCP uses **cumulative acknowledgments** - -### RTT Estimation and Timeout -``` -EstimatedRTT = (1-α) × EstimatedRTT + α × SampleRTT -DevRTT = (1-β) × DevRTT + β × |SampleRTT - EstimatedRTT| -TimeoutInterval = EstimatedRTT + 4 × DevRTT -``` -- α = 0.125, β = 0.25 (recommended) -- Exponential weighted moving average (EWMA) - -### Reliable Data Transfer Mechanisms - -**Fast Retransmit**: -- Triggered by 3 duplicate ACKs -- Retransmit before timeout -- Indicates network still delivering some segments - -**Timeout Doubling**: -- After timeout, double TimeoutInterval -- Limited congestion control mechanism - -### Flow Control -- Prevents sender from overwhelming receiver's buffer -- **Receive window (rwnd)**: Spare room in receive buffer -- Sender ensures: LastByteSent - LastByteAcked ≤ rwnd - -### Connection Management - -**3-Way Handshake** (Connection Establishment): -1. Client → Server: SYN, seq=client_isn -2. Server → Client: SYNACK, seq=server_isn, ack=client_isn+1 -3. Client → Server: ACK, ack=server_isn+1 - -**Connection Termination**: -1. Client → Server: FIN -2. Server → Client: ACK -3. Server → Client: FIN -4. Client → Server: ACK - -**TCP States**: -- CLOSED → SYN_SENT → ESTABLISHED → FIN_WAIT_1 → FIN_WAIT_2 → TIME_WAIT → CLOSED - -## 6. Principles of Congestion Control - -### Costs of Congestion -1. Large queuing delays near link capacity -2. Sender retransmissions for lost packets -3. Unnecessary retransmissions wasting router resources -4. Upstream transmission capacity wasted when packets dropped downstream - -### Approaches to Congestion Control - -**End-to-end congestion control**: -- No explicit network feedback -- Infer congestion from loss/delay -- Used by classic TCP - -**Network-assisted congestion control**: -- Routers provide explicit feedback -- Direct feedback or marking packets -- Examples: ECN, ATM ABR - -## 7. TCP Congestion Control - -### Key Variables -- **cwnd**: Congestion window (sender-side limit) -- **ssthresh**: Slow start threshold -- Sending rate ≈ cwnd/RTT - -### Classic TCP (Reno) Algorithm - -**Three Phases**: - -1. **Slow Start** - - Initial: cwnd = 1 MSS - - Double cwnd every RTT (exponential growth) - - Until: loss event OR cwnd ≥ ssthresh - -2. **Congestion Avoidance** - - Increase cwnd by 1 MSS per RTT (linear growth) - - AIMD: Additive Increase, Multiplicative Decrease - -3. **Fast Recovery** - - Enter on 3 duplicate ACKs - - cwnd = cwnd/2 + 3 MSS - - Exit when missing segment ACKed - -### Loss Event Responses -- **Timeout**: cwnd = 1 MSS, ssthresh = cwnd/2, enter slow start -- **3 Duplicate ACKs**: cwnd = cwnd/2, ssthresh = cwnd/2, enter fast recovery - -### TCP Variations - -**TCP CUBIC**: -- Faster ramp-up to previous loss rate -- Cubic function for window growth -- Default in Linux, ~50% of web servers - -**TCP Vegas**: -- Delay-based congestion detection -- Proactive: detect before loss -- Measure RTT, compare to RTTmin - -**BBR (Bottleneck Bandwidth and RTT)**: -- Build on Vegas ideas -- Used in Google's B4 network -- Deployed on YouTube servers - -### Other TCP Concepts - -**Explicit Congestion Notification (ECN)**: -- Network marks packets to signal congestion -- Receiver echoes to sender via ECE bit -- Sender responds with CWR bit - -**Fairness**: -- TCP connections share bandwidth equally (ideally) -- Issues: different RTTs, parallel connections, UDP traffic - -### Performance Formula -Average throughput ≈ (0.75 × W) / RTT -- W = window size at loss - -## 8. Evolution: QUIC Protocol - -### QUIC Overview -- **Application-layer protocol** over UDP -- Designed for HTTP/3 -- Combines transport + security handshakes - -### Key Features - -**Streams**: -- Multiple streams per connection -- Independent reliable delivery per stream -- Solves head-of-line blocking - -**Connection Establishment**: -- Faster than TCP+TLS (fewer RTTs) -- All packets encrypted -- Connection and Stream IDs - -**Reliability & Congestion Control**: -- Per-stream reliability -- Based on TCP NewReno -- Application-update timescales - -### Deployment -- Google services (>7% of Internet traffic) -- Chrome browser -- YouTube mobile app - -## Important Formulas Summary - -``` -Utilization = (L/R) / (RTT + L/R) -Sending Rate ≈ cwnd / RTT -TimeoutInterval = EstimatedRTT + 4 × DevRTT -EstimatedRTT = 0.875 × EstimatedRTT + 0.125 × SampleRTT -Average TCP Throughput ≈ (0.75 × W) / RTT -``` - -## Key Takeaways - -1. Transport layer provides process-to-process communication -2. UDP: simple, fast, unreliable; TCP: complex, reliable, controlled -3. Reliable data transfer requires: checksums, ACKs, sequence numbers, timers, retransmission -4. TCP congestion control essential for network stability -5. AIMD provides fairness among TCP flows -6. Modern variations (CUBIC, BBR) improve on classic TCP -7. QUIC represents evolution to application-layer transport protocols - -# Chapter 4: The Network Layer - Data Plane Study Notes - -## Overview and Core Concepts - -The network layer sits at the heart of the protocol stack, with a piece present in every single host and router in the network. This chapter focuses specifically on the **data plane** - the per-router functions that determine how packets arriving on one input link get forwarded to an output link. - -### The Fundamental Distinction: Data Plane vs Control Plane - -Understanding the network layer requires grasping two complementary but distinct components: - -**Data Plane (This Chapter):** Think of this as the actual packet-forwarding machinery. When a packet arrives at a router, the data plane determines which output port to send it through. This happens at nanosecond timescales and is implemented in hardware. The data plane performs the immediate, local decision of "where does this specific packet go right now?" - -**Control Plane (Chapter 5):** This is the network-wide logic that determines the paths packets should take from source to destination. The control plane populates the forwarding tables that the data plane uses. This operates at much longer timescales (seconds) and is typically implemented in software. - -### Forwarding vs Routing: A Critical Distinction - -These terms are often confused, but understanding their difference is essential: - -**Forwarding:** The router-local action of transferring a packet from an input interface to the appropriate output interface. Think of it like going through a single interchange on a highway - you enter from one road and need to quickly decide which exit to take. This happens in nanoseconds using hardware. - -**Routing:** The network-wide process that determines the complete end-to-end path. This is like planning your entire trip from Pennsylvania to Florida before starting - deciding which series of interchanges you'll pass through. Routing algorithms compute the forwarding tables that enable forwarding decisions. - -### Two Approaches to Control Plane Implementation - -**Traditional Approach:** Each router runs its own routing algorithm and communicates with other routers to compute forwarding tables. Routers exchange routing information using protocols like OSPF or BGP. - -**SDN (Software-Defined Networking) Approach:** A physically separate, remote controller computes and distributes forwarding tables to all routers. The controller has a global view of the network and can implement sophisticated policies centrally. - -## Inside a Router: The Hardware Architecture - -A router consists of four main components working together to process packets at line speed: - -### 1. Input Ports -Input ports perform three critical functions: -- **Physical layer termination:** Receiving the electrical/optical signals -- **Link layer processing:** Handling the link-layer protocol with the upstream device -- **Lookup function:** The most crucial task - consulting the forwarding table to determine the output port - -The lookup process must be incredibly fast. With a 100 Gbps link and 64-byte packets, an input port has only 5.12 nanoseconds to process each packet! This is why lookups use specialized hardware like Ternary Content Addressable Memories (TCAMs) that can search millions of entries in constant time. - -### 2. Switching Fabric -The switching fabric connects input ports to output ports - it's essentially a network inside the router. Three main approaches exist: - -**Memory-based switching:** Packets are copied to memory and then to the output port. Limited by memory bandwidth - can only achieve half the memory bandwidth as throughput since each packet must be written and then read. - -**Bus-based switching:** All ports share a single bus. Simple but limited by bus speed - only one packet can cross at a time. - -**Crossbar/Interconnection network:** Multiple paths allow parallel packet transfers. A crossbar with N inputs and N outputs has 2N buses forming a grid. Packets can be transferred in parallel as long as they're going to different outputs. - -### 3. Output Ports -Output ports take packets from the switching fabric and transmit them on the outgoing link. They must handle packet scheduling when multiple packets compete for transmission. - -### 4. Routing Processor -The "brains" of the router - executes routing protocols, maintains routing tables, and computes forwarding tables. In SDN routers, it communicates with the remote controller. Operates in software at millisecond/second timescales. - -## Packet Queuing and Scheduling - -Queuing can occur at both input and output ports, and understanding where and why is crucial for network performance: - -### Input Queuing and HOL Blocking -When the switching fabric can't transfer all arriving packets immediately, input queues form. This creates a problematic phenomenon called **Head-of-Line (HOL) blocking**: a packet waiting at the head of an input queue blocks all packets behind it, even if those packets are destined for free output ports. Studies show this can limit throughput to just 58% of capacity! - -### Output Queuing -Even with a fast switching fabric, output queues form when multiple inputs send to the same output. This is where packets are most commonly dropped when buffers overflow. - -### Buffer Sizing: A Delicate Balance -The traditional rule was: Buffer = RTT × Link_Capacity - -But this has evolved. With many TCP flows, the formula becomes: -Buffer = (RTT × Link_Capacity) / √N - -where N is the number of flows. - -Too little buffering causes packet loss, but too much causes **bufferbloat** - persistent queues that add delay without improving throughput. This particularly affects real-time applications like gaming and video conferencing. - -### Packet Scheduling Disciplines - -**FIFO (First-In-First-Out):** Simplest approach - packets leave in arrival order. - -**Priority Queuing:** Packets classified into priority classes. High-priority packets always transmitted first. Can lead to starvation of low-priority traffic. - -**Round Robin:** Alternates between classes, ensuring all get some service. - -**Weighted Fair Queuing (WFQ):** Each class guaranteed a minimum fraction of bandwidth proportional to its weight. Provides isolation between flows while being work-conserving. - -## The Internet Protocol (IP) - -### IPv4 Datagram Format - -The IPv4 header contains several crucial fields: - -**Version (4 bits):** Identifies IP version (4 for IPv4) - -**Header Length (4 bits):** Needed because of variable-length options field - -**Type of Service (8 bits):** For differentiated services; includes ECN bits - -**Total Length (16 bits):** Total datagram size in bytes (max 65,535) - -**Identification, Flags, Fragment Offset:** For fragmentation (largely deprecated) - -**Time-to-Live (TTL) (8 bits):** Decremented at each router; prevents infinite loops - -**Protocol (8 bits):** Identifies transport protocol (6=TCP, 17=UDP) - -**Header Checksum (16 bits):** Error detection for header only - -**Source/Destination IP Addresses (32 bits each):** The addressing fields - -**Options:** Variable length, rarely used (removed in IPv6) - -### IPv4 Addressing: More Complex Than It Appears - -IPv4 addresses are 32 bits, written in dotted-decimal notation (e.g., 192.168.1.1). - -**Key Insight:** An IP address belongs to an interface, not a host. A router with multiple interfaces has multiple IP addresses. - -### Subnets and CIDR - -A **subnet** consists of interfaces that can reach each other without passing through a router. Devices on the same subnet share a common address prefix. - -**CIDR (Classless Inter-Domain Routing):** Addresses written as a.b.c.d/x where x indicates the number of prefix bits. For example, 192.168.1.0/24 means the first 24 bits are the network prefix. - -This replaced the inflexible classful addressing (Class A, B, C networks) that wasted address space. - -**Longest Prefix Matching:** When multiple forwarding table entries match, routers use the entry with the longest matching prefix. This enables route aggregation while allowing exceptions. - -### Dynamic Host Configuration Protocol (DHCP) - -DHCP enables "plug-and-play" networking through a four-step process: - -1. **DHCP Discover:** New host broadcasts request for DHCP server -2. **DHCP Offer:** Server(s) respond with IP address offers -3. **DHCP Request:** Host selects an offer and requests it -4. **DHCP ACK:** Server confirms the assignment - -The host receives not just an IP address but also subnet mask, default gateway, and DNS server information. - -### Network Address Translation (NAT) - -NAT allows an entire private network to share a single public IP address. The NAT router maintains a translation table mapping internal (IP:port) pairs to external port numbers. - -**Benefits:** -- Conserves IPv4 addresses -- Provides some security through obscurity -- Simplifies internal network management - -**Drawbacks:** -- Violates layering principles (routers shouldn't modify transport-layer information) -- Complicates peer-to-peer connections -- Breaks end-to-end connectivity - -### IPv6: The Next Generation - -IPv6 addresses the limitations of IPv4 with several key improvements: - -**128-bit addresses:** Enough for every grain of sand on Earth! - -**Simplified 40-byte fixed header:** No fragmentation, no checksum, no options in base header - -**Flow labels:** To identify packets needing special handling - -**No fragmentation:** Routers drop oversized packets rather than fragment them - -### Transitioning to IPv6: Tunneling - -Since IPv4 and IPv6 aren't directly compatible, **tunneling** enables coexistence: IPv6 datagrams are encapsulated inside IPv4 datagrams when crossing IPv4-only networks. The IPv6 packet becomes the payload of an IPv4 packet, with protocol number 41 indicating IPv6 inside. - -## Generalized Forwarding and SDN - -Traditional IP forwarding only considers destination addresses. Generalized forwarding extends this to a powerful "match-plus-action" paradigm. - -### OpenFlow: The Match-Plus-Action Abstraction - -Each flow table entry contains: -- **Match fields:** Can include addresses from multiple layers, port numbers, protocol types, etc. -- **Counters:** Track statistics for matched packets -- **Actions:** Forward, drop, modify headers, send to controller - -This enables routers to act as: -- Traditional routers (forward based on IP) -- Switches (forward based on MAC addresses) -- Firewalls (drop based on rules) -- Load balancers (distribute across servers) -- NAT devices (rewrite addresses) - -### The Power of Generalized Forwarding - -Consider these examples: - -**Load Balancing:** Route packets from different sources to the same destination via different paths based on source address. - -**Firewalling:** Only allow packets from specific source networks. - -**Virtual Networks:** Create multiple logical networks over the same physical infrastructure. - -The key insight: by programming flow tables appropriately, a single physical network can implement sophisticated behaviors that previously required specialized devices. - -## Middleboxes and Network Functions - -Middleboxes perform functions beyond standard forwarding: - -**NAT boxes:** Rewrite addresses for private networks - -**Firewalls:** Filter traffic based on security policies - -**Intrusion Detection Systems:** Inspect packets for malicious patterns - -**Load Balancers:** Distribute requests across servers - -**Performance Enhancers:** Caches, compression, WAN optimizers - -The proliferation of middleboxes has led to **Network Function Virtualization (NFV)** - implementing these functions in software on commodity hardware rather than specialized boxes. - -## Key Architectural Principles - -### The IP Hourglass -The Internet has a "narrow waist" architecture - many protocols above and below, but only one network protocol (IP). This simplicity enabled the Internet's explosive growth by providing a universal interconnection layer. - -### The End-to-End Argument -Core principle: Functions that require end-host knowledge should be implemented at the endpoints, not in the network. The network should provide simple, best-effort packet delivery. This keeps the network core simple and pushes complexity to the edges where it can evolve more easily. - -## Summary and Key Takeaways - -The network layer's data plane represents the high-speed packet forwarding machinery of the Internet. Understanding its operation requires appreciating the interplay between hardware constraints (processing packets in nanoseconds), architectural principles (separation of data and control planes), and practical necessities (address conservation, security, performance optimization). - -The evolution from simple destination-based forwarding to generalized match-plus-action processing, and from distributed control to SDN, shows how the network layer continues to adapt to new requirements while maintaining its core function: moving packets from source to destination across a global internetwork. - -The challenges ahead include completing the IPv6 transition, managing complexity as middlebox functionality proliferates, and balancing the flexibility of programmable networks with the need for predictable, high-performance packet forwarding. - -# Chapter 5: The Network Layer - Control Plane Study Notes - -## Understanding the Control Plane's Role - -The control plane represents the network-wide logic that determines how packets are routed from source to destination across the entire network. While the data plane (Chapter 4) handles the immediate, local decision of forwarding a packet from an input port to an output port at a single router, the control plane takes responsibility for computing the forwarding tables that enable these local decisions to create coherent end-to-end paths. - -Think of the distinction this way: if the data plane is like following driving directions at each intersection, the control plane is like planning the entire route before starting the journey. The control plane must consider the entire network topology, link costs, and policies to determine the best paths between all pairs of hosts. - -## Two Fundamental Approaches to Control - -### Per-Router Control (Traditional Approach) - -In the traditional model, each router runs its own routing algorithm and communicates with other routers to build a consistent view of the network. Every router maintains routing software that exchanges information with neighboring routers, computes optimal paths, and updates its own forwarding table. This distributed approach has been the foundation of Internet routing for decades. - -The key characteristic here is that intelligence is distributed throughout the network. Each router is an autonomous decision-maker that collaborates with others to achieve network-wide routing consistency. Protocols like OSPF and BGP exemplify this approach. - -### Logically Centralized Control (SDN Approach) - -Software-Defined Networking introduces a radically different model where a logically centralized controller computes and distributes forwarding tables to all routers. The routers become simpler forwarding devices, while sophisticated routing logic moves to the controller. - -The term "logically centralized" is important - while the controller appears as a single entity to the network, it's typically implemented as a distributed system for reliability and performance. The controller maintains a global view of the network and can implement complex, network-wide policies more easily than the traditional distributed approach. - -## Routing Algorithms: The Mathematical Foundation - -Before examining specific protocols, we need to understand the fundamental algorithms that compute paths through networks. These algorithms work on a graph abstraction where routers are nodes and links are edges with associated costs. - -### Link-State (LS) Routing Algorithm - -Link-state algorithms operate with complete network knowledge. Every router learns the entire network topology and all link costs, then independently computes the best paths to all destinations using this global information. - -**Dijkstra's Algorithm** serves as the cornerstone of link-state routing. The algorithm builds a shortest-path tree from a source node to all other nodes by iteratively selecting the closest unvisited node and updating distances to its neighbors. Here's how it progresses: - -The algorithm maintains a set N' of nodes whose shortest paths are definitively known. Initially, only the source node is in N'. In each iteration, the algorithm adds to N' the node outside N' that has the smallest known distance from the source. It then updates the distances to that node's neighbors if a shorter path through the newly added node exists. - -The computational complexity is O(n²) for n nodes, though optimized implementations using heap data structures can achieve O(n log n). This efficiency makes link-state routing practical for networks with hundreds or thousands of routers. - -A critical challenge with link-state routing emerges when link costs depend on traffic load. Consider what happens when multiple routers simultaneously recompute routes based on current congestion: they might all shift traffic to previously uncongested links, causing those links to become congested while the originally congested links become idle. This oscillation problem illustrates why modern Internet routing protocols typically use static link costs rather than dynamic, load-sensitive metrics. - -### Distance-Vector (DV) Routing Algorithm - -Distance-vector algorithms take a fundamentally different approach: routers only know the costs to their immediate neighbors and learn about distant destinations through information exchange with those neighbors. This creates an iterative, distributed computation where routing information propagates through the network like ripples on water. - -The algorithm is grounded in the **Bellman-Ford equation**: -``` -dx(y) = min{c(x,v) + dv(y)} -``` - -This equation states that the least-cost path from x to y equals the minimum, over all neighbors v, of the cost to reach v plus v's least-cost to y. Each router maintains a distance vector containing its estimated costs to all destinations and exchanges this vector with neighbors. - -The algorithm's distributed nature makes it remarkably elegant but also creates vulnerabilities. The infamous **count-to-infinity problem** occurs when good news travels fast but bad news travels slowly. If a link cost increases dramatically, routers can create routing loops where they route through each other, each believing the other has a valid path. These loops persist while the routers slowly increment their distance estimates. - -**Poisoned reverse** provides a partial solution: if router Z routes through Y to reach X, then Z tells Y its distance to X is infinity. This prevents Y from routing back through Z to reach X, breaking potential two-node loops. However, loops involving three or more nodes can still occur, revealing the fundamental challenges of distributed algorithms with inconsistent information. - -## Internet Routing Protocols in Practice - -### OSPF: Intra-AS Routing - -Open Shortest Path First (OSPF) implements link-state routing within a single autonomous system (AS). Every OSPF router broadcasts link-state advertisements to all other routers in the AS, enabling each router to construct a complete topology map and run Dijkstra's algorithm independently. - -OSPF includes several sophisticated features that extend beyond basic link-state routing. **Hierarchical routing** allows large autonomous systems to be divided into areas, reducing the routing table size and link-state broadcast overhead. All areas connect through a backbone area, creating a two-level routing hierarchy. **Equal-cost multipath** enables traffic to be split across multiple paths when they have identical costs. **Authentication** ensures that only authorized routers participate in OSPF, protecting against malicious routing updates. - -The protocol handles various network types efficiently, from broadcast networks like Ethernet to point-to-point links. OSPF messages are carried directly over IP (protocol number 89), requiring OSPF to implement its own reliable message delivery mechanisms. - -### BGP: The Internet's Glue - -Border Gateway Protocol (BGP) serves a fundamentally different purpose than OSPF. While OSPF focuses on finding optimal paths within an AS, BGP manages routing between autonomous systems, making it the protocol that literally holds the Internet together. - -BGP operates at a higher level of abstraction than intra-AS protocols. Instead of routers and links, BGP thinks in terms of autonomous systems and AS paths. A BGP route advertisement doesn't just say "you can reach destination X through me" - it provides the complete AS path to that destination, enabling policy-based routing decisions. - -**BGP Route Selection** follows a sophisticated algorithm that prioritizes policy over performance: - -1. **Local preference** allows network administrators to explicitly prefer certain routes based on business relationships or policy requirements -2. **AS-PATH length** provides a distance metric, but only after policy preferences -3. **Hot potato routing** minimizes the cost within the local AS by choosing the egress point closest to the ingress -4. Additional tie-breakers ensure deterministic route selection - -This hierarchy reflects the Internet's economic realities. ISPs have complex business relationships - customer-provider, peer-to-peer, and settlement-free peering arrangements - that must be respected in routing decisions. A provider ISP won't carry transit traffic between two peer ISPs, even if that path is shorter, because there's no economic incentive to do so. - -**BGP Peering Relationships** shape Internet topology. Customer ASes pay provider ASes for connectivity. Peer ASes exchange traffic without payment, but only between their respective customers. These relationships are implemented through selective route advertisement: an AS advertises different routes to different neighbors based on their business relationship. - -## Software-Defined Networking: Revolutionizing Control - -SDN represents a fundamental rethinking of network control, separating the control plane from the data plane and centralizing intelligence in a software controller. - -### The SDN Architecture - -The SDN stack consists of three layers that work together to provide network control: - -**Data Plane Switches** become simpler devices focused solely on packet forwarding based on flow tables. These tables contain match-action rules that can consider multiple header fields across different protocol layers, enabling far more flexible forwarding than traditional destination-based routing. - -**The SDN Controller** serves as the network's brain, maintaining global network state and computing flow tables for all switches. The controller provides a platform for network applications through its northbound API while communicating with switches through its southbound API. Modern controllers like OpenDaylight and ONOS are sophisticated distributed systems that provide high availability and scalability while maintaining the abstraction of centralized control. - -**Network Applications** implement the actual control logic, using the controller's APIs to monitor and program the network. A routing application might compute shortest paths, while a firewall application determines which flows to block, and a load balancer distributes traffic across servers. These applications can be developed independently and composed to create sophisticated network behaviors. - -### The OpenFlow Protocol - -OpenFlow provides the critical communication channel between controllers and switches. The protocol enables controllers to: - -- Install, modify, and delete flow table entries -- Query switch statistics and capabilities -- Receive notifications about network events (link failures, new flows) -- Send specific packets out switch ports - -Flow table entries in OpenFlow contain match fields (specifying packet header values), actions (forward, drop, modify headers), and counters (for statistics). This simple abstraction proves remarkably powerful, enabling implementation of routing, switching, firewalling, NAT, and load balancing within a unified framework. - -## Network Management: Keeping Networks Running - -Network management encompasses the tools and protocols that allow administrators to monitor, configure, and troubleshoot networks. - -### The Evolution of Management Approaches - -**SNMP/MIB** has been the workhorse of network monitoring since the 1980s. Devices maintain Management Information Bases (MIBs) containing operational statistics and configuration data. SNMP provides a simple request-response protocol for querying and setting MIB values. While effective for monitoring, SNMP's limitations for configuration management led to the development of newer approaches. - -**NETCONF/YANG** represents the modern approach to network management, particularly configuration management. YANG provides a data modeling language that precisely specifies configuration and operational data structures. NETCONF uses these models to enable transaction-based configuration changes across multiple devices - either all devices are successfully configured, or all changes are rolled back, maintaining network consistency. - -The shift from SNMP to NETCONF reflects the network industry's evolution from device-centric to network-centric management. Modern networks require coordinated configuration across many devices, automated validation of configurations, and programmable interfaces for integration with broader orchestration systems. - -### ICMP: The Network's Diagnostic Tool - -The Internet Control Message Protocol provides essential diagnostic capabilities. While not a routing protocol, ICMP enables critical troubleshooting tools: - -- **Ping** uses ICMP echo request/reply to test connectivity -- **Traceroute** exploits ICMP time-exceeded messages to discover the path packets take through the network -- Error messages inform senders when packets cannot be delivered - -ICMP illustrates an important principle: diagnostic and control capabilities must be built into the network infrastructure itself, not added as an afterthought. - -## Key Insights and Principles - -The control plane embodies several fundamental networking principles: - -**Scalability through hierarchy**: Both OSPF (with areas) and BGP (with autonomous systems) use hierarchical organization to manage complexity. This principle appears throughout network design - hierarchy provides a way to scale systems beyond the limits of flat organizations. - -**Policy versus mechanism**: BGP clearly separates routing mechanism (the protocol for exchanging routes) from routing policy (business relationships and preferences). This separation allows the same mechanism to support diverse economic and political requirements. - -**End-to-end versus hop-by-hop**: While forwarding is inherently hop-by-hop, the control plane must ensure that local decisions create valid end-to-end paths. This coordination challenge underlies much of routing's complexity. - -**Evolution of abstraction levels**: The progression from destination-based forwarding to OpenFlow's generalized match-action rules shows how raising the level of abstraction enables new capabilities. SDN takes this further by abstracting the entire control plane into software. - -**The challenge of distributed systems**: Distance-vector routing's problems (count-to-infinity, routing loops) exemplify the fundamental difficulties of maintaining consistency in distributed systems with delayed and potentially inconsistent information. - -The control plane ultimately represents the intelligence that transforms a collection of switches and links into a coherent network capable of delivering packets from any source to any destination. Whether implemented through distributed protocols or centralized controllers, the control plane must solve the fundamental problem of determining good paths through the network while respecting policy constraints and adapting to failures. The diversity of solutions - from OSPF's link-state flooding to BGP's path-vector approach to SDN's centralized control - reflects both the problem's complexity and the different requirements of various network contexts. - -# Chapter 6: The Link Layer and LANs - Study Notes - -## Overview -The link layer sits between the network layer and physical layer, providing communication services between adjacent nodes along a communication path. Understanding this layer completes our journey down the protocol stack and reveals how packets traverse individual links that make up end-to-end paths. - -## 6.1 Introduction to the Link Layer - -### Key Terminology -- **Node**: Any device running a link-layer protocol (hosts, routers, switches, WiFi access points) -- **Links**: Communication channels connecting adjacent nodes -- **Link-layer frame**: The encapsulation unit that carries network-layer datagrams across individual links - -### Services Provided by the Link Layer - -The link layer provides several essential services that ensure reliable communication between adjacent nodes: - -1. **Framing**: Encapsulates network-layer datagrams within link-layer frames with header fields and data fields. Each protocol specifies its own frame structure. - -2. **Link Access**: Uses Medium Access Control (MAC) protocols to coordinate frame transmissions. For broadcast links with multiple nodes sharing a channel, MAC protocols prevent collisions. - -3. **Reliable Delivery**: Some link-layer protocols guarantee error-free transmission across the link using acknowledgments and retransmissions. This is particularly useful for error-prone links like wireless connections. - -4. **Error Detection and Correction**: Detects bit errors caused by signal attenuation and electromagnetic noise. More sophisticated than transport/network layer checksums, typically implemented in hardware. - -### Link Layer Implementation - -The link layer represents the meeting point of hardware and software in the protocol stack: - -- **Hardware component**: Network adapter (Network Interface Controller/NIC) implements framing, link access, and error detection -- **Software component**: Runs on the host CPU, handles higher-level functions like addressing and activating the controller -- The adapter encapsulates datagrams into frames on the sending side and extracts datagrams from frames on the receiving side - -## 6.2 Error Detection and Correction Techniques - -Error detection adds redundancy to transmitted data, allowing receivers to detect (and sometimes correct) bit errors. The tradeoff is between overhead and reliability. - -### Parity Checks - -**Single Parity Bit**: -- Adds one bit to ensure even (or odd) total number of 1s -- Can detect odd number of bit errors but misses even number of errors -- Vulnerable to burst errors (clustered errors) - -**Two-Dimensional Parity**: -- Arranges data bits in a matrix, computes parity for each row and column -- Can detect AND correct single-bit errors by identifying the error's row and column -- Provides Forward Error Correction (FEC) capability -- Can detect (but not correct) any two-bit error combination - -### Checksumming Methods - -The Internet checksum treats data as sequences of k-bit integers and sums them: -- Simple and fast, suitable for software implementation -- Weaker error detection than CRC -- Used in TCP/UDP (transport layer) due to software implementation requirements - -### Cyclic Redundancy Check (CRC) - -CRC provides robust error detection using polynomial codes: -- Sender and receiver agree on a generator polynomial G -- Sender appends R bits such that the transmitted data is divisible by G -- Receiver divides received data by G; non-zero remainder indicates error -- Can detect all burst errors of fewer than r+1 bits -- Standard generators exist for 8, 12, 16, and 32-bit CRCs -- Implemented in hardware at the link layer for efficiency - -## 6.3 Multiple Access Protocols - -Multiple access protocols coordinate transmissions when multiple nodes share a broadcast channel, preventing collisions and maximizing efficiency. - -### Ideal Characteristics -1. Single active node gets full channel rate R -2. M active nodes each get R/M throughput -3. Decentralized operation (no single point of failure) -4. Simple implementation - -### Channel Partitioning Protocols - -**Time Division Multiplexing (TDM)**: -- Divides time into frames with N time slots -- Each node gets dedicated slot for transmission -- Eliminates collisions but limits each node to R/N rate -- Nodes must wait for their turn even when others are idle - -**Frequency Division Multiplexing (FDM)**: -- Divides R bps channel into N frequencies, each R/N bps -- Similar advantages/disadvantages to TDM - -**Code Division Multiple Access (CDMA)**: -- Assigns unique codes to nodes -- Allows simultaneous transmission with proper decoding -- Used in cellular networks - -### Random Access Protocols - -**Slotted ALOHA**: -- Time divided into slots equal to frame transmission time -- Nodes transmit at slot beginning, retransmit with probability p after collision -- Maximum efficiency: 37% (1/e) when many nodes are active -- Simple and decentralized but wastes significant bandwidth - -**Pure ALOHA**: -- No time synchronization required -- Nodes transmit immediately when frame arrives -- Maximum efficiency: 18% (1/2e) - half of slotted ALOHA -- Even simpler but less efficient - -**Carrier Sense Multiple Access (CSMA)**: -- "Listen before speaking": Check if channel is idle before transmitting -- Collisions still occur due to propagation delay -- More efficient than ALOHA protocols - -**CSMA with Collision Detection (CSMA/CD)**: -- Adds collision detection: stop transmitting when collision detected -- Uses binary exponential backoff for retransmission timing -- Efficiency approaches 1 as propagation delay approaches 0 -- Used in traditional Ethernet - -### Taking-Turns Protocols - -**Polling Protocol**: -- Master node polls each node in round-robin fashion -- Eliminates collisions but introduces polling delay -- Single point of failure (master node) - -**Token Passing**: -- Special token frame circulates among nodes -- Node can only transmit when holding token -- Decentralized and efficient but vulnerable to token loss - -### DOCSIS: Cable Internet Access - -Cable networks use a hybrid approach combining multiple protocols: -- FDM separates upstream/downstream channels -- TDM divides upstream channel into time intervals -- CMTS assigns specific mini-slots to cable modems -- Random access for mini-slot requests with collision detection -- Demonstrates real-world protocol combinations - -## 6.4 Switched Local Area Networks - -Switched LANs use link-layer switches to interconnect hosts, providing better performance than broadcast LANs through intelligent frame forwarding. - -### Link-Layer Addressing - -**MAC Addresses**: -- 48-bit (6-byte) addresses in hexadecimal notation -- Flat structure (unlike hierarchical IP addresses) -- Globally unique, managed by IEEE -- Permanent to the network adapter (like a social security number) -- Broadcast address: FF-FF-FF-FF-FF-FF - -**Why Both MAC and IP Addresses?** -- Maintains layer independence in network architecture -- MAC addresses are protocol-neutral (not just for IP) -- Prevents unnecessary interrupts from irrelevant frames -- IP addresses change with location; MAC addresses don't - -### Address Resolution Protocol (ARP) - -ARP translates IP addresses to MAC addresses within the same subnet: - -1. **ARP Table**: Each host/router maintains IP-to-MAC mappings with TTL values -2. **ARP Query**: Broadcast request asking for MAC address of specific IP -3. **ARP Reply**: Unicast response with requested MAC address -4. **Plug-and-play**: Tables built automatically without configuration -5. **Scope**: Only works within same subnet (unlike DNS which is global) - -**Sending off-subnet**: Datagrams sent to router's MAC address (default gateway) for forwarding to other subnets - -### Ethernet - -The dominant wired LAN technology, Ethernet has evolved significantly while maintaining backward compatibility. - -**Frame Structure**: -- Preamble (8 bytes): Synchronization and alert -- Destination MAC (6 bytes) -- Source MAC (6 bytes) -- Type field (2 bytes): Identifies network-layer protocol -- Data field (46-1500 bytes): MTU of 1500 bytes -- CRC (4 bytes): Error detection - -**Key Properties**: -- Connectionless: No handshaking between adapters -- Unreliable: No acknowledgments (relies on higher layers for reliability) -- Multiple speeds: 10 Mbps to 100 Gbps -- Full-duplex operation in switched networks -- CSMA/CD often unnecessary in modern switched Ethernet - -### Link-Layer Switches - -Switches provide intelligent forwarding based on MAC addresses, operating transparently to connected hosts. - -**Switch Table**: -- Contains: MAC address, interface, timestamp -- Three forwarding scenarios: - 1. No entry: Broadcast frame to all interfaces except source - 2. Entry matches source interface: Filter (discard) frame - 3. Entry indicates different interface: Forward to that interface - -**Self-Learning**: -- Table starts empty -- Records source MAC addresses from incoming frames -- Ages out entries after timeout period -- Completely plug-and-play - -**Advantages over Hubs**: -- Eliminates collisions (dedicated bandwidth per port) -- Supports heterogeneous link speeds/media -- Enhanced security and management capabilities -- Isolation of malfunctioning nodes - -### Switches vs. Routers - -**Switches (Layer 2)**: -- Pros: Plug-and-play, fast processing, no configuration needed -- Cons: Restricted to spanning tree topology, susceptible to broadcast storms - -**Routers (Layer 3)**: -- Pros: Hierarchical addressing prevents loops, firewall against broadcast storms -- Cons: Require IP configuration, slower per-packet processing - -Typical deployment: Small networks use switches; large networks combine both - -### Virtual LANs (VLANs) - -VLANs create multiple virtual networks over single physical infrastructure: - -**Benefits**: -- Traffic isolation between departments/groups -- Efficient switch utilization -- Simplified user management (software reconfiguration vs. rewiring) - -**Port-Based VLANs**: -- Switch ports grouped into broadcast domains -- Inter-VLAN communication requires routing - -**VLAN Trunking**: -- Special ports carry traffic for all VLANs between switches -- 802.1Q adds 4-byte VLAN tag to frames on trunks -- More scalable than dedicated inter-switch links per VLAN - -## 6.5 Link Virtualization - -Networks can be virtualized to appear as simple link-layer connections to higher layers. - -### Multiprotocol Label Switching (MPLS) - -MPLS adds fixed-length labels between layer-2 and layer-3 headers, enabling: - -**Key Features**: -- Fast forwarding based on labels instead of IP lookup -- Traffic engineering: Multiple paths to same destination -- Ability to override standard IP routing -- Support for Virtual Private Networks (VPNs) -- Fast restoration with pre-computed failover paths - -**Operation**: -- Label-switched routers forward based on MPLS labels -- Labels distributed through signaling protocols (e.g., RSVP-TE) -- Coexists with IP routing infrastructure -- Provides circuit-like behavior in packet networks - -## 6.6 Data Center Networking - -Modern data centers house tens to hundreds of thousands of hosts with sophisticated internal networks. - -### Architecture - -**Hierarchical Design**: -- Hosts (blades) in racks with 20-40 hosts each -- Top of Rack (TOR) switches connect hosts within rack -- Multi-tier switching hierarchy (typically 3 tiers) -- Border routers connect to Internet -- Load balancers distribute external requests - -**Addressing Limitations**: -- Conventional hierarchies create bandwidth bottlenecks -- Host-to-host capacity limited by oversubscription -- 10 Gbps host links may only achieve 2.5 Gbps between racks - -### Solutions and Trends - -**Increased Connectivity**: -- Multiple connections between tier switches (e.g., 4x connectivity) -- Enables multipath routing (ECMP - Equal Cost Multi Path) -- Provides both increased capacity and reliability -- Clos network topologies for scalability - -**Key Trends**: -1. **SDN Control**: Centralized control for massive scale management -2. **Virtualization**: VMs with seamless migration, flat layer-2 addressing -3. **Customization**: In-house hardware/software development -4. **Modularity**: Shipping container-based data centers -5. **Low-latency protocols**: Data center-specific TCP variants, RDMA -6. **Availability zones**: Replicated data centers for fault tolerance - -## 6.7 A Day in the Life of a Web Page Request - -This section provides an integrated view of how protocols work together when fetching a web page, demonstrating the interaction of: - -1. **DHCP**: Obtains IP address and network configuration -2. **ARP**: Resolves IP addresses to MAC addresses -3. **DNS**: Translates domain names to IP addresses -4. **Routing**: Intra-domain (OSPF/RIP) and inter-domain (BGP) protocols -5. **TCP**: Three-way handshake and reliable data transfer -6. **HTTP**: Web page request and response - -The example traces 24 detailed steps showing how multiple protocols collaborate across all layers to complete a seemingly simple task. - -## Key Takeaways - -1. The link layer provides essential services for communication between adjacent nodes, bridging the gap between network and physical layers. - -2. Error detection/correction techniques range from simple parity to sophisticated CRC, with tradeoffs between overhead and reliability. - -3. Multiple access protocols solve the fundamental problem of coordinating access to shared broadcast channels, each with different efficiency and complexity tradeoffs. - -4. Ethernet's success stems from simplicity, backward compatibility, and continuous evolution to higher speeds. - -5. Switches provide intelligent, transparent forwarding using self-learning algorithms, while VLANs enable logical network segmentation. - -6. Modern data centers employ sophisticated multi-tier architectures with extensive redundancy and multipath routing to handle massive scale. - -7. Even simple network operations like fetching a web page involve complex orchestration of numerous protocols across all layers of the stack. - -# Chapter 7: Wireless and Mobile Networks - Study Notes - -## Overview and Key Concepts - -Wireless and mobile networks have transformed how we connect to the Internet, enabling untethered access and location-based services. Understanding these networks requires distinguishing between two fundamental challenges: - -1. **Wireless challenges** - Issues arising from the physical characteristics of wireless communication links -2. **Mobility challenges** - Issues arising from devices changing their point of network attachment - -## 1. Network Elements and Architecture - -### Core Components - -**Wireless Hosts** -- End-system devices running applications (smartphones, tablets, IoT devices) -- May or may not be physically mobile -- Implement full 5-layer protocol stack - -**Wireless Links** -- Connect hosts to base stations or other wireless hosts -- Different technologies offer varying transmission rates and coverage ranges -- Subject to unique physical challenges compared to wired links - -**Base Stations** -- Infrastructure component with no direct wired network counterpart -- Responsible for coordinating transmissions and relaying data -- Examples: Cell towers (cellular), Access Points (WiFi) -- Hosts operate in **infrastructure mode** when connected through base station - -**Network Infrastructure** -- The larger network that wireless devices connect to -- Provides traditional network services (routing, addressing, DNS) - -### Network Taxonomies - -Networks can be classified by hop count and infrastructure presence: - -1. **Single-hop, infrastructure-based** (Most common) - - WiFi networks, 4G LTE networks - - All communication through base station - -2. **Single-hop, infrastructure-less** - - Bluetooth networks - - Direct device-to-device communication - -3. **Multi-hop networks** - - Mobile Ad Hoc Networks (MANETs) - - Vehicular Ad Hoc Networks (VANETs) - -## 2. Wireless Link Characteristics - -### Physical Challenges - -**Path Loss** -- Signal strength decreases with distance -- Electromagnetic radiation attenuates through matter - -**Interference** -- Multiple sources in same frequency band interfere -- Environmental noise (motors, microwaves) -- Example: 2.4 GHz phones interfering with 802.11b - -**Multipath Propagation** -- Signal reflects off objects taking multiple paths -- Causes signal blurring at receiver -- Changes dynamically with moving objects - -### Signal Quality Metrics - -**Signal-to-Noise Ratio (SNR)** -- Measured in decibels (dB) -- Higher SNR = easier signal extraction -- Formula: 20 × log₁₀(signal amplitude/noise amplitude) - -### Modulation and Bit Error Rates - -Key relationships: -- Higher SNR → Lower Bit Error Rate (BER) -- Higher transmission rate → Higher BER (for same SNR) -- Adaptive modulation adjusts to channel conditions - -### Hidden Terminal Problem - -Two scenarios causing undetectable collisions: -1. Physical obstructions preventing stations from hearing each other -2. Signal fading making transmissions too weak to detect but strong enough to interfere - -### CDMA (Code Division Multiple Access) - -Channel partitioning protocol using unique codes: -- Each bit multiplied by a spreading code -- Multiple transmissions can coexist -- Receiver recovers data using sender's specific code -- Requires careful code selection and similar signal strengths - -## 3. WiFi: 802.11 Wireless LANs - -### Standards Evolution - -| Standard | Year | Max Data Rate | Range | Frequency | -|----------|------|--------------|-------|-----------| -| 802.11b | 1999 | 11 Mbps | 30m | 2.4 GHz | -| 802.11g | 2003 | 54 Mbps | 30m | 2.4 GHz | -| 802.11n (WiFi 4) | 2009 | 600 Mbps | 70m | 2.4/5 GHz | -| 802.11ac (WiFi 5) | 2013 | 3.47 Gbps | 70m | 5 GHz | -| 802.11ax (WiFi 6) | 2020 | 14 Gbps | 70m | 2.4/5 GHz | - -### Architecture Components - -**Basic Service Set (BSS)** -- Fundamental building block -- Contains wireless stations and one Access Point (AP) -- Each device has 6-byte MAC address - -**Service Set Identifier (SSID)** -- Human-readable network name -- Assigned by administrator - -**Channels** -- 2.4 GHz band: 11 overlapping channels -- Non-overlapping set: channels 1, 6, 11 -- 5 GHz band: more channels, shorter range - -### Association Process - -**Passive Scanning** -1. AP sends periodic beacon frames (SSID, MAC address) -2. Device scans channels for beacons -3. Device selects AP (typically strongest signal) -4. Association request/response exchange - -**Active Scanning** -1. Device broadcasts probe request -2. APs respond with probe response -3. Device selects AP -4. Association request/response exchange - -### MAC Protocol: CSMA/CA - -**Why not collision detection?** -- Hardware limitations (can't transmit and receive simultaneously) -- Hidden terminal problem makes detection ineffective - -**CSMA/CA Operation** -1. If channel idle: wait DIFS, then transmit -2. If channel busy: random backoff using binary exponential backoff -3. Transmit entire frame when counter reaches zero -4. Wait for acknowledgment -5. Retransmit if no ACK received - -**Timing Intervals** -- **SIFS** (Short Inter-frame Spacing): Before ACK transmission -- **DIFS** (Distributed Inter-frame Space): Before data transmission - -### Collision Avoidance: RTS/CTS - -Optional reservation scheme for hidden terminals: -1. Sender sends short RTS (Request to Send) -2. AP broadcasts CTS (Clear to Send) -3. Other stations hear CTS and remain silent -4. Sender transmits DATA frame -5. AP sends ACK - -Benefits: -- Mitigates hidden terminal problem -- Short RTS/CTS collisions less costly than DATA collisions - -### 802.11 Frame Structure - -Key differences from Ethernet: -- **Four address fields** (vs. two in Ethernet) - - Address 1: Immediate receiver MAC - - Address 2: Immediate sender MAC - - Address 3: Router interface MAC (for internetworking) - - Address 4: Used in ad hoc mode -- **Sequence number field** for retransmission detection -- **Duration field** for channel reservation -- **Frame control field** with type/subtype information - -### Advanced Features - -**Rate Adaptation** -- Dynamically adjusts modulation based on channel conditions -- Falls back on failed transmissions -- Increases rate after successful transmissions - -**Power Management** -- Devices alternate between sleep/wake states -- Power-management bit signals sleep mode -- Wake before beacon frame (every 100ms) -- Can sleep 99% of time when inactive - -## 4. Cellular Networks: 4G LTE and 5G - -### 4G LTE Architecture - -**Key Network Elements** - -**Mobile Device (User Equipment - UE)** -- Has IMSI (International Mobile Subscriber Identity) -- SIM card stores subscriber information -- Implements full protocol stack - -**Base Station (eNode-B)** -- Manages radio resources in cell -- Handles device authentication -- Creates device-specific tunnels -- Coordinates with neighboring base stations - -**Home Subscriber Server (HSS)** -- Database in home network -- Stores subscriber information -- Used for authentication - -**Serving Gateway (S-GW)** -- Router in data path -- Endpoint for base station tunnel - -**Packet Data Network Gateway (P-GW)** -- Interface to Internet -- Provides NAT addresses -- Endpoint for S-GW tunnel - -**Mobility Management Entity (MME)** -- Control-plane element -- Manages authentication -- Sets up data path tunnels -- Tracks device location - -### LTE Protocol Stack - -**Link Layer Sublayers:** - -1. **Packet Data Convergence Protocol (PDCP)** - - IP header compression - - Encryption/decryption - -2. **Radio Link Control (RLC)** - - Fragmentation/reassembly - - ARQ-based reliable delivery - -3. **Medium Access Control (MAC)** - - Transmission scheduling - - Forward error correction - -### Radio Access Network - -**OFDM (Orthogonal Frequency Division Multiplexing)** -- Combines frequency and time division -- 0.5ms time slots on multiple frequencies -- Dynamic slot allocation for varying rates -- Opportunistic scheduling based on channel conditions - -### Network Attachment Process - -1. **Base Station Attachment** - - Device finds synchronization signals - - Obtains channel configuration - - Establishes control signaling - -2. **Mutual Authentication** - - MME mediates between device and HSS - - Both network and device verify identity - -3. **Data Path Configuration** - - MME establishes tunnels - - Base station ↔ S-GW tunnel - - S-GW ↔ P-GW tunnel - -### Power Management - -**Discontinuous Reception (Light Sleep)** -- Entered after ~100ms inactivity -- Scheduled wake times for monitoring - -**Idle State (Deep Sleep)** -- Entered after 5-10 seconds inactivity -- Less frequent monitoring -- May move cells without notification -- Requires paging for wake-up - -### 5G Networks - -**Key Improvements over 4G:** -- 10× peak bitrate -- 10× lower latency -- 100× traffic capacity - -**Frequency Bands:** -- FR1: 450 MHz - 6 GHz -- FR2 (Millimeter wave): 24 GHz - 52 GHz - -**5G Standards:** -1. **eMBB** (Enhanced Mobile Broadband) - Higher speeds -2. **URLLC** (Ultra Reliable Low-Latency) - 1ms latency target -3. **mMTC** (Massive Machine Type) - IoT focus - -**Millimeter Wave Characteristics:** -- Much higher data rates -- Shorter range -- Susceptible to atmospheric interference -- Requires dense base station deployment - -## 5. Mobility Management Principles - -### Device Mobility Spectrum - -From network layer perspective: -1. **No mobility** - Power down between moves -2. **Same access network** - No network-layer changes -3. **Handover required** - Change access network while maintaining connections -4. **Roaming** - Move between provider networks - -### Key Concepts - -**Home Network** -- Subscriber's primary network -- Contains permanent identity/address -- Central coordination point - -**Visited Network** -- Network device roams to -- Provides temporary address -- Coordinates with home network - -### Routing Approaches - -**Direct Use of IP Infrastructure** -- Advertise specific routes via BGP -- Problem: Scalability (billions of devices) - -**Indirect Routing** -1. Correspondent sends to permanent address -2. Home network intercepts datagram -3. Tunnels to visited network -4. Visited network delivers to device - -Advantages: -- Transparent to correspondent -- Centralized control - -Disadvantages: -- Triangle routing inefficiency - -**Direct Routing** -1. Correspondent queries home network for location -2. Tunnels directly to visited network - -Advantages: -- Eliminates triangle routing - -Disadvantages: -- Requires location protocol -- Complex handover updates - -## 6. Mobility Management Implementation - -### 4G/5G Handover Process - -**Steps:** -1. Source base station selects target -2. Target pre-allocates resources -3. Device informed of handover -4. Device begins using target base station -5. Tunnels reconfigured via MME -6. Source releases resources - -**Key Features:** -- Fast execution through pre-allocation -- Local changes when possible -- Transparent to higher layers - -### Mobile IP - -**Architecture Similarities to 4G/5G:** -- Home/foreign networks -- Home agent (like HSS) -- Foreign agent (like MME) -- Indirect routing with tunnels - -**Three Main Components:** -1. Agent discovery protocols -2. Registration with home agent -3. Datagram forwarding rules - -## 7. Impact on Higher Layers - -### Transport Layer (TCP) Challenges - -**Problem:** TCP can't distinguish between: -- Congestion loss (reduce rate) -- Bit error loss (no congestion) -- Handover loss (temporary) - -**Solutions:** - -1. **Local Recovery** - - Fix errors at wireless link - - 802.11 ARQ, FEC in 4G/5G - -2. **TCP Sender Awareness** - - Distinguish loss types - - Invoke congestion control selectively - -3. **Split-Connection** - - Separate wireless and wired connections - - Optimize each segment independently - -### Application Layer Considerations - -**Challenges:** -- Bandwidth scarcity -- Variable connection quality - -**Opportunities:** -- Location-aware applications -- Context-aware services -- Ubiquitous computing - -## Key Takeaways - -1. Wireless networks face unique physical challenges requiring specialized link-layer protocols - -2. WiFi uses CSMA/CA with optional RTS/CTS to handle hidden terminals and avoid collisions - -3. Cellular networks provide comprehensive mobility support through home/visited network architecture - -4. Indirect routing through home networks enables transparent mobility but causes triangle routing - -5. Handover mechanisms allow seamless transitions between access points while maintaining connections - -6. Transport and application layers must adapt to wireless characteristics for optimal performance - -7. 5G promises dramatic improvements through millimeter wave frequencies and new architectures - -Understanding these principles provides the foundation for designing and optimizing wireless and mobile network applications in our increasingly connected world. - -# Chapter 8: Security in Computer Networks - Study Notes - -## Overview and Core Security Concepts - -Network security addresses the fundamental challenge of enabling secure communication between parties (like Alice and Bob) over an inherently insecure medium where attackers (like Trudy) can intercept, modify, or forge messages. The field encompasses protecting both the communication itself and the network infrastructure from various attacks. - -### Four Pillars of Secure Communication - -**1. Confidentiality** -- Ensures only the sender and intended receiver can understand message contents -- Achieved through encryption, transforming plaintext into unintelligible ciphertext -- Protects against eavesdropping attacks where attackers intercept and read messages - -**2. Message Integrity** -- Guarantees the message hasn't been altered during transmission -- Protects against tampering, whether malicious or accidental -- Implemented using cryptographic hash functions and message authentication codes - -**3. End-point Authentication** -- Confirms the identity of communicating parties -- Prevents impostor attacks where someone pretends to be another party -- Critical for establishing trust before exchanging sensitive information - -**4. Operational Security** -- Protects organizational networks from compromise -- Includes firewalls, intrusion detection systems, and network monitoring -- Defends against worms, denial-of-service attacks, and unauthorized access - -## Cryptography Fundamentals - -### Symmetric Key Cryptography - -In symmetric key systems, both parties use the same secret key for encryption and decryption. Think of this like having a single key that both locks and unlocks a box - whoever has the key can both secure and access the contents. - -**How Block Ciphers Work:** -- Messages are divided into fixed-size blocks (typically 64 or 128 bits) -- Each block is encrypted independently using the shared key -- Modern ciphers like AES use complex transformations that scramble data through multiple rounds -- The key determines the specific transformations applied - -**Cipher Block Chaining (CBC):** -CBC addresses a critical vulnerability in basic block encryption. If you encrypt identical plaintext blocks with the same key, they produce identical ciphertext blocks - potentially revealing patterns to attackers. CBC solves this by: -1. Using an Initialization Vector (IV) - a random value for the first block -2. XORing each plaintext block with the previous ciphertext block before encryption -3. This creates a chain where each block depends on all previous blocks - -### Public Key Cryptography - -Public key systems use mathematically related key pairs - a public key anyone can know and a private key kept secret. This solves the key distribution problem inherent in symmetric systems. - -**RSA Algorithm Mechanics:** -RSA's security relies on the computational difficulty of factoring large prime numbers. The process involves: -1. Selecting two large prime numbers (p and q) -2. Computing n = p × q (the modulus) -3. Creating public key (e) and private key (d) that are mathematical inverses -4. Encryption: c = m^e mod n -5. Decryption: m = c^d mod n - -The mathematical relationship ensures that only the private key can decrypt what the public key encrypts, and vice versa. - -## Message Integrity and Digital Signatures - -### Cryptographic Hash Functions - -Hash functions produce fixed-size "fingerprints" of messages. A cryptographic hash must be: -- **One-way**: Cannot reverse the hash to find the original message -- **Collision-resistant**: Computationally infeasible to find two different messages with the same hash -- **Avalanche effect**: Small changes in input create large changes in output - -### Message Authentication Codes (MACs) - -MACs provide integrity without encryption: -1. Sender concatenates message with shared secret key -2. Computes hash of concatenation -3. Appends MAC to message -4. Receiver recomputes MAC and compares - -This proves both message integrity and sender authentication since only someone with the secret key could generate the correct MAC. - -### Digital Signatures - -Digital signatures provide non-repudiation - proof that a specific party signed a document: -1. Signer computes hash of message -2. Encrypts hash with private key (this is the signature) -3. Receiver decrypts signature with signer's public key -4. Compares with independently computed hash - -Unlike MACs, digital signatures can be verified by anyone with the public key, providing legal-strength proof of origin. - -## Authentication Protocols - -### The Challenge of Live Authentication - -Authentication protocols must prove that a party is currently present, not just replaying old credentials. The evolution of authentication protocols shows common pitfalls: - -**Protocol Evolution:** -- **ap1.0**: Simply claiming identity - trivially defeated by imposters -- **ap2.0**: Checking source IP address - defeated by IP spoofing -- **ap3.0**: Sending password - vulnerable to eavesdropping -- **ap3.1**: Encrypting password - still vulnerable to replay attacks -- **ap4.0**: Using nonces (one-time values) - provides replay protection - -The nonce-based approach ensures "liveness" - the responding party must be present to encrypt the fresh nonce value. - -## Secure Communication Protocols - -### TLS (Transport Layer Security) - -TLS secures TCP connections through three phases: - -**1. Handshake Phase:** -- Client and server negotiate encryption algorithms -- Server provides certificate for authentication -- Client generates and securely sends session keys -- Both parties exchange nonces to prevent replay attacks - -**2. Key Derivation:** -- Four keys are generated from master secret: - - Encryption keys for each direction - - MAC keys for each direction -- Separate keys for different purposes enhance security - -**3. Data Transfer:** -- Data is divided into records -- Each record gets a MAC for integrity -- Record + MAC is encrypted -- Sequence numbers prevent reordering attacks - -### IPsec and VPNs - -IPsec provides network-layer security, creating encrypted tunnels through the public Internet. Key concepts: - -**Security Associations (SAs):** -- Logical connections between IPsec endpoints -- Define encryption algorithms, keys, and parameters -- Unidirectional - bidirectional communication needs two SAs - -**IPsec Packet Structure:** -The "enchilada" structure encapsulates and protects original packets: -1. Original IP packet is encrypted with ESP trailer -2. ESP header added (contains SPI for SA identification) -3. MAC computed over entire package -4. New IP header added for tunnel endpoints - -## Wireless Security - -### 802.11 (WiFi) Security - -WiFi security has evolved through multiple generations: - -**WEP (Deprecated):** -- Had fundamental cryptographic flaws -- Easily broken with publicly available tools - -**WPA2:** -- Uses four-way handshake for mutual authentication -- Derives unique session keys for each connection -- Employs AES encryption for data protection - -**Key Components:** -1. **Discovery**: AP advertises capabilities -2. **Authentication**: Device and server prove identities using shared secret -3. **Key Distribution**: Session keys sent to AP -4. **Encrypted Communication**: All data encrypted with session keys - -### 4G/5G Cellular Security - -Cellular networks use similar principles with added complexity for roaming: - -**Authentication and Key Agreement (AKA):** -1. Device requests attachment through visited network -2. Home network generates authentication tokens -3. Mutual authentication using shared SIM key -4. Session keys derived for encrypting air interface - -**5G Enhancements:** -- Home network can provide authentication directly -- Device identity encrypted with public key cryptography -- Support for IoT devices without pre-shared keys - -## Operational Security - -### Firewalls - -Firewalls control access between networks using three approaches: - -**1. Packet Filters:** -- Examine packet headers (IP addresses, ports, protocols) -- Make allow/drop decisions based on rules -- Simple but limited to header information - -**2. Stateful Filters:** -- Track TCP connections in connection table -- Understand context of packets within connections -- Prevent sophisticated attacks like connection hijacking - -**3. Application Gateways:** -- Examine application-layer data -- Can authenticate users, not just IP addresses -- Act as intermediaries, relaying approved traffic - -### Intrusion Detection Systems - -IDS systems detect malicious activity through two methods: - -**Signature-based Detection:** -- Compare traffic against database of known attack patterns -- Highly accurate for known attacks -- Cannot detect novel attacks - -**Anomaly-based Detection:** -- Learn normal traffic patterns -- Alert on statistical deviations -- Can detect unknown attacks -- Higher false positive rate - -## Key Security Principles to Remember - -1. **Defense in Depth**: Multiple layers of security provide redundancy when one layer fails - -2. **Principle of Least Privilege**: Grant minimum necessary access rights - -3. **Security vs. Usability Tradeoff**: Stronger security often reduces convenience - -4. **Evolution of Attacks**: Security is an arms race - protocols must constantly evolve - -5. **Weakest Link**: Systems are only as secure as their most vulnerable component - -6. **Key Management**: The security of any cryptographic system ultimately depends on protecting keys - -7. **Trust Relationships**: Security often relies on trusting certain entities (like Certificate Authorities) - -Understanding these concepts provides the foundation for implementing secure network communications and protecting against the ever-evolving landscape of cyber threats. The combination of cryptographic primitives, authentication protocols, and operational security measures creates a comprehensive security posture for modern networks. diff --git a/generated/NOTES_CHEATSHEET.md b/generated/NOTES_CHEATSHEET.md deleted file mode 100644 index c9e7230..0000000 --- a/generated/NOTES_CHEATSHEET.md +++ /dev/null @@ -1,125 +0,0 @@ -Computer Networks Final Exam Cheatsheet - -Use this as a fast recall guide. Focus on bolded terms, key formulas, and contrasts. - -1) Internet Basics -- Protocol = message formats + order + actions -- Edge vs Core: apps at edge; switches/routers in core -- Packet switching: statistical multiplexing, store-and-forward -- Circuit switching: reserved resources (FDM/TDM) -- Delay types: d_proc + d_queue + d_trans(L/R) + d_prop(d/s) -- Traffic intensity ρ = (L·a)/R → keep ρ < 1 -- Bottleneck link determines end-to-end throughput - -2) Layers and Encapsulation -- Layers: App, Transport, Network, Link, Physical -- Units: msg, segment, datagram, frame, bits -- Encapsulation: each layer adds header; strip on receive - -3) Application Layer -- Arch: Client–Server (always-on server) vs P2P (self-scaling) -- HTTP: stateless; persistent vs non-persistent; cookies add state -- DNS: hierarchical (root→TLD→authoritative); records A, NS, CNAME, MX -- Email: SMTP push, IMAP access; typically over TCP -- Web cache: proxy reduces RTT/bw; conditional GET uses If-Modified-Since/ETag -- Streaming/DASH: client adapts bitrate; manifests; CDNs - -4) Transport -- UDP: simple, no conn, best-effort; checksum -- Reliable transfer building blocks: checksum, seq#, ACK/NAK, timer, retransmit -- Pipelining: GBN (cum ACK, retransmit from loss), SR (selective ACK/buffer) -- TCP: byte-stream, seq/ACK numbers (cumulative), flow control (rwnd) -- RTT/Timeout: EstRTT=0.875·EstRTT+0.125·Sample; DevRTT EWMA; TO=EstRTT+4·Dev -- Fast retransmit: on 3 dup ACKs -- Congestion control: AIMD; slow start (exp), avoidance (lin), fast recovery -- Throughput approx: (0.75·W)/RTT; sending rate ≈ cwnd/RTT -- Variants: CUBIC (default Linux), BBR (model-based), Vegas (delay-based) -- QUIC: UDP-based, integrated TLS, streams, faster startup, no HOL - -5) Network Layer (Data Plane) -- Forwarding vs routing: local vs global -- Longest prefix match; FIB lookup fast (TCAM) -- IPv4 header key fields: TTL, Protocol, Src/Dst, checksum -- Subnet/CIDR: a.b.c.d/x; route aggregation -- DHCP: discover→offer→request→ack -- NAT: private net uses one public IP; pros/cons (breaks E2E) -- IPv6: 128-bit, fixed 40B header; no fragmentation; extension headers -- Tunneling: IPv6-in-IPv4 during transition -- Queues: HOL blocking at inputs; buffer sizing ≈ BDP/√N; bufferbloat -- Schedulers: FIFO, priority, RR, WFQ - -6) Network Layer (Control Plane) -- Link-state (Dijkstra): global view; flood LSAs; OSPF -- Distance-vector (Bellman-Ford): neighbor exchange; count-to-infinity; poisoned reverse -- BGP: interdomain, policy-first; attributes: LOCAL_PREF, AS_PATH, MED; hot-potato -- SDN: centralized controller, match-action (OpenFlow), stats, events -- NETCONF/YANG: model-driven config; SNMP for monitoring - -7) Link Layer and LANs -- Services: framing, link access, error detection/correction -- Error detection: parity (weak), checksum (software), CRC (strong) -- Multiple access: - - TDM/FDM/CDMA (partitioning) - - Slotted/Pure ALOHA (random) - - CSMA/CD (wired); CSMA/CA (Wi‑Fi) -- Ethernet: frame = preamble | dst | src | type | data (≥46) | CRC -- Switches: self-learning MAC table; no loops → STP or use routing -- VLANs: port-based segmentation; 802.1Q tag on trunks -- MPLS: labels for fast fwd/TE/VPNs -- Data centers: multi-tier/Clos, ECMP, SDN control, load balancers - -8) Wireless and Mobile -- Wireless impairments: path loss, interference, multipath -- SNR↑ → BER↓; higher rate → needs higher SNR -- Hidden terminals; RTS/CTS mitigates -- 802.11 MAC: CSMA/CA with DIFS/backoff/SIFS/ACK; rate adaptation; power save -- Cellular LTE/5G: eNodeB/gNodeB; core (MME/HSS, SGW/PGW); tunnels; OFDM; handover -- Mobility: home vs visited nets; indirect (triangle) vs direct routing; Mobile IP - -9) Security -- Goals: Confidentiality, Integrity, Authentication, Availability -- Symmetric crypto: AES; block vs stream; CBC with IV -- Public key: RSA basics; use for key exchange + signatures -- Hash/MAC: cryptographic hash; HMAC for integrity/auth -- Digital signatures: sign hash with priv key; verify with pub key -- TLS: handshake (certs, key exchange), key derivation, record MAC+encrypt -- IPsec: SAs, ESP/AH, tunnel vs transport -- Operational: firewalls (packet/stateful/app), IDS (sig/anomaly), defense-in-depth - -Key Formulas and Quick Facts -- d_trans = L/R; d_prop = d/s; d_nodal = d_proc + d_queue + d_trans + d_prop -- Traffic intensity ρ = (L·a)/R → if ρ ≥ 1 queues blow up -- Throughput path = min link rate; BDP = R·RTT (bits in flight) → needed window/buffer -- TCP timers: EstRTT, DevRTT, TO = EstRTT + 4·DevRTT -- TCP cwnd sawtooth: avg ≈ 0.75·Wmax - -Typical Exam Comparisons -- Packet vs circuit switching -- TCP vs UDP; GBN vs SR; CSMA/CD vs CSMA/CA -- OSPF (LS) vs RIP (DV); BGP purpose vs OSPF -- NAT pros/cons; IPv4 vs IPv6 headers -- Web cache pros; conditional GET -- Firewall types; IDS methods; TLS vs IPsec - -Pitfalls and Gotchas -- Confuse propagation vs transmission delay -- RTT vs one-way; BDP units (bits!) -- HTTP persistent reduces RTTs; cookies add state to stateless HTTP -- Longest prefix match chooses most specific route -- CRC detect/correct: detect bursts ≤ r bits; not correction by itself -- Wi‑Fi cannot do collision detection (half-duplex radios, hidden nodes) - -Numbers to Remember -- Ethernet min frame 64B; MTU 1500B -- Wi‑Fi interframe: SIFS < DIFS; slot times vary by PHY -- Common ports: HTTP 80/443, SMTP 25/587, DNS 53, IMAP 143/993 -- IPv4 TTL decrement each hop; typical speed in fiber ≈ 2e8 m/s - -Last‑Minute Checklist -- Can you compute d_trans, d_prop, BDP, TCP window/throughput? -- Can you explain cookies, DNS hierarchy, and conditional GET? -- Can you run Dijkstra step-by-step and do longest prefix match? -- Do you know TCP handshake/flags, congestion control phases? -- Can you compare OSPF vs BGP and explain policy in BGP? -- Do you remember CSMA/CA timing and RTS/CTS sequence? -- Can you outline TLS handshake and IPsec tunnel structure? |