honestly, I am total not interested in the history of SDN.
so I got 0 in this week’s quiz and skipped it.
the nuts and bolts
the practical facts about a particular thing, rather than theories or ideas about it:
When it came to the nuts and bolts of running a business, he was clearly unable to cope.
How does a DNS query work?
Nslookup (stands for “Name Server Lookup”) is a useful command for getting information from DNS server. It is a network administration tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or any other specific DNS record. It is also used to troubleshoot DNS related problems.
每条查询客户端提供三条信息
- FQDN(fully qualified domain name)
- a specified query type A(address) CNAME, NS etc
- A specified class for the DNS domain name such as IN (Internet)
你有网页example.com的A资源吗?
收到后就解析A资源记录,得到IP记录
DNS CACHE
recursion
The root server directs to the correct TLD server(TLD (top-level domain) name server – the highest level of domain names in the root zone of the Domain Name System of the Internet.) for the actual answer which is then forwarded back to the user.
The length of time the answer stays in the cache is determined by the TTL (time-to-live) set by the owner of the domain who created the record in the first place. Properly built recursive DNS servers will obey this and discard the cache after the TTL expires, but there are still ISPs that improperly ignore this critical information for a variety of reasons.(ISP(Internet Service Provider),互联网服务提供商)
In addition, the client itself can attempt to contact additional DNS servers to resolve a name. When a client does so, it uses separate and additional queries based on referral (转介)answers from servers. This process is known as iteration. For example, if I ask for ‘www.example.com’, an ‘A’ record might not exist. It might actually return a CNAME telling me that I should make another request to find out what the IP address is.
In general, the DNS query process occurs in two parts:
A name query begins at a client computer and is passed to a resolver, the DNS Client service, for resolution.
When the query cannot be resolved locally, DNS servers can be queried as needed to resolve the name.
When it doesn’t work…
As you can see, there is more than meets the eye when it comes to DNS query resolution. If a DNS server does not provide an answer in a timely fashion, it can slow everything down. Until your browser knows the IP address for the URL you entered, it can’t do anything but wait. That’s why it’s important for authoritative DNS servers to be fast. Furthermore, if an authoritative DNS server goes down, then the query will eventually time-out and no answer will be provided. You’ve probably seen that from time-to-time as you perused the Internet clicking on a link for a site that never arrive
If a client queries domain server A looking to resolve www.mydomain.com, and in turn domain server A queries domain server B etc then the result will be stored in a cache on
- the client ( windows only)
- domain server A
- domain server B
If another client needs to resolve the same domain name using server A then server A can respond using the cached result.
八、DNS的记录类型link
域名与IP之间的对应关系,称为"记录"(record)。根据使用场景,"记录"可以分成不同的类型(type),前面已经看到了有A记录和NS记录。
常见的DNS记录类型如下。
(1) A:地址记录(Address),返回域名指向的IP地址。
(2) NS:域名服务器记录(Name Server),返回保存下一级域名信息的服务器地址。该记录只能设置为域名,不能设置为IP地址。
(3)MX:邮件记录(Mail eXchange),返回接收电子邮件的服务器地址。
(4)CNAME:规范名称记录(Canonical Name),返回另一个域名,即当前查询的域名是另一个域名的跳转,详见下文。
(5)PTR:逆向查询记录(Pointer Record),只用于从IP地址查询域名,详见下文。
笑着笑着眼泪就流了下来,东拼西凑拿了满分之后依旧不知道自己第一次选的为什么都错了
一般来说,为了服务的安全可靠,至少应该有两条NS记录,而A记录和MX记录也可以有多条,这样就提供了服务的冗余性,防止出现单点失败。
CNAME记录主要用于域名的内部跳转,为服务器配置提供灵活性,用户感知不到。举例来说,facebook.github.io这个域名就是一个CNAME记录。
$ dig facebook.github.io
…
;; ANSWER SECTION:
facebook.github.io. 3370 IN CNAME github.map.fastly.net.
github.map.fastly.net. 600 IN A 103.245.222.133
上面结果显示,facebook.github.io的CNAME记录指向github.map.fastly.net。也就是说,用户查询facebook.github.io的时候,实际上返回的是github.map.fastly.net的IP地址。这样的好处是,变更服务器IP地址的时候,只要修改github.map.fastly.net这个域名就可以了,用户的facebook.github.io域名不用修改。
由于CNAME记录就是一个替换,所以域名一旦设置CNAME记录以后,就不能再设置其他记录了(比如A记录和MX记录),这是为了防止产生冲突。举例来说,foo.com指向bar.com,而两个域名各有自己的MX记录,如果两者不一致,就会产生问题。由于顶级域名通常要设置MX记录,所以一般不允许用户对顶级域名设置CNAME记录。
TR记录用于从IP地址反查域名。dig命令的-x参数用于查询PTR记录。
$ dig -x 192.30.252.153
…
;; ANSWER SECTION:
153.252.30.192.in-addr.arpa. 3600 IN PTR pages.github.com.
上面结果显示,192.30.252.153这台服务器的域名是pages.github.com。
逆向查询的一个应用,是可以防止垃圾邮件,即验证发送邮件的IP地址,是否真的有它所声称的域名。
BGP link
同一个AS自治系统中的两个或多个对等实体之间运行的BGP被称为iBGP(Internal/Interior BGP)。归属不同的AS的对等实体之间运行的BGP称为eBGP(External/Exterior BGP)。在AS边界上与其他AS交换信息的路由器被称作边界路由器(border/edge router),边界路由器之间互为eBGP对端。在Cisco IOS中,iBGP通告的路由距离为200,优先级比eBGP和任何内部网关协议(IGP)通告的路由都低。其他的路由器实现中,优先级顺序也是eBGP高于IGP,而IGP又高于iBGP。
iBGP和eBGP的区别主要在于转发路由信息的行为。例如,从eBGP peer获得的路由信息会分发给所有iBGP peer和eBGP peer,但从iBGP peer获得的路由信息仅会分发给所有eBGP peer。所有的iBGP peer之间需要全互联。
BGP AS pathlink
BGP分为iBGP和eBGP,在AS内和跨AS
AS-Path prepending can be applied to inbound and outbound direction using route-maps.
When a BGP router sends out an update to a neighbor in a different autonomous system (i.e., an external or eBGP neighbor), it adds its own AS number to the front (left side) of the AS path. So the AS path lists all the ASes that need to be traversed to reach the location where the prefix that the path is attached to is advertised from.
AS path的目的是为了防止loop。否则BGP和RIP协议就一样了。他们都是基于距离向量的路由协议。
举个例子,如果A-B-C,B知道A一跳可达,它会告诉C,C就知道自己两跳可达A,但是如果A崩溃了,B会拿C的路由表更新关于A的信息,它会觉得自己三跳可达A,然后C又拿B的路由表更新自己的信息,觉得A四跳可达,如此循环。在RIP中,为了避免这种情况,设置最大跳数为16跳。
在BGP中,它通过在AS-path中看到自己的AS number,得知出现了loop。这样它就会忽略这条信息。(但是,BGP仍将尝试使用越来越长的合法非环路路径,这种情况称为路径搜寻。)
同时AS path可以帮助BGP选出最佳路径。
在路径长度一样额时候,selection of the best path comes down to the MED and the tie breakers in the BGP path selection algorithm.可能会造成AS1后面跟了3个,AS2后面只跟了1个,AS1可以选择prepend its AS path towards AS 10 to make the path longer.
AS1在队首再增加几个自己的号
现在从AS20走的路就会比从AS10走的路要短, 因此AS100-400就会走20、
An alternative is to use a community on the announcements to one ISP that asks that ISP to selectively prepend towards some of their customers or peers or in some regions. The large carriers typically have such communities. Or, when advertising multiple prefixes, prepend only some but not all.
AS path prepending is often done on outgoing BGP updates towards transit ISPs or peers so it can influence incoming traffic. However, it can also be used for incoming BGP updates and thus outgoing traffic. This can be useful when manipulating the local preference is too severe: with a higher local preference, a route with a very long AS path may still be preferred, while a single prepend will divert a good amount of traffic, but if the non-prepended path is really long, the prepended path will still be used.
一般AS number是16位,现在发展出BGP-4指出32位的。
BGP local preferencelink
The LOCAL_PREF (local preference) is the first attribute a Cisco router looks at to determine which route towards a certain destination is the “best” one and deserves a spot in the router’s routing table. If you look at the BGP best path algorithm on Cisco’s website, you’ll see no fewer than 13 steps to make this determination. The algorithm is executed for each prefix in the BGP table—i.e., each of the nearly 600,000 IPv4 and IPv6 prefixes that are currently present in a full BGP feed. This way, the best path towards each destination will be used. Three steps are by far the most important ones.
- Prefer the path with the highest local preference
- Prefer the path with the shortest AS path
- Prefer the path with the lowest multi-exit discriminator (MED)
An important thing to understand about the local preference is that it’s local in the sense that the attribute is only propagated over iBGP sessions (within our AS) and not over eBGP sessions (to external ASes). So when a router learns a prefix from a neighbor in another autonomous system, the update will not contain the LOCAL_PREF attribute. But when the router then propagates the prefix towards BGP neighbors within the local AS, these updates do contain the LOCAL_PREF attribute. As a result, when executing the command show ip bgp, the output will show routes with and without a local
注意,eBGP不更新,iBGP才更新,好了答案有了
Inbound or Outbound is the direction traffic moves between networks. It is relative to whichever network you are referencing. Inbound traffic refers to information coming-in to a network.
Network Next Hop Metric LocPrf Weight Path
192.0.2.0/24 1.1.1.1 20 0 1010 1011 286 4040 i
2.2.2.2 20 0 2020 1011 4040 i
3.3.3.3 10 100 0 2020 702 4040 i
4.4.4.4 0 90 0 4040 i
5.5.5.5 265 0 5050 1011 4040 i
6.6.6.6 80 0 6060 4040 i
7.7.7.7 10 100 0 7070 3356 3356 4040 i
The default value for the local preference is 100. This also means that a route that has no local preference value is treated as if it had a local preference of 100. So in the example above, all the routes except for the fourth and the sixth share the highest local preference value of 100. So these five prefixes are carried over to the following steps in the path selection algorithm, while the fourth and sixth routes are no longer considered because they have a lower LOCAL_PREF value.
网络层
计算机网络中的"细腰"原文是thin waist, 有的资料中也叫narrow waist.“细腰"是一个比喻说法, 看看下图左半边 (题注什么的先不用管).左半边图描述了Internet的七层分层结构 (有的资料也会将其分为五层或有其它不同分法).左半边图中中间一层常被称为"network layer”. 这一层只有IP (Internet Protocol) 这一个协议, 所以形象上很"细".
它们仅仅能通过IP与下面的层通讯, 这种设计可以用"anything over IP (一切基于IP)“描述.同样的, 在network layer下面的physical layer等等层内容也十分丰富.它们也只能通过IP与上面的层通讯, 这种设计对应地被描述为"IP over anything (IP兼顾一切)”.
于是, 由于当中这一层由于只包含IP, 又起到承上启下的作用, 所以人们形容这一层为"细腰".
作者:P Yao
链接:https://www.zhihu.com/question/21685157/answer/94970237
packet switching(分组交换)
分组(又称消息、或消息碎片)在节点间单独路由,不需要在传输前先建立通信路径。
在分组交换中,一个系统可以将数据组装到报文中使用一条通信链路与多台机器通信。不仅链路是可以共享的,而且每个报文可以独立于其他报文进行路由。这是分组交换最主要的优势。
原来中途是可以换路不重建的,哦对,是虚链路必须走一定的路
802.11 wireless medium access control(介质访问控制)
信道划分MAC协议:时间、频带、码片划分
TDMA、 FDMA、 CDMA
随机访问MAC协议:
ALOHA, S-ALOHA, CSMA, CSMA/CD
CSMA/CD应用于以太网
CSMA/CA应用802.11无线局域网
轮转访问MAC协议:
主结点轮询;令牌传递
蓝牙、 FDDI、令牌环网
原文链接:https://blog.csdn.net/qq_20233867/article/details/78451799
以下来自Wikipedia
RTS/CTS (Request to Send / Clear to Send) is the optional mechanism used by the 802.11 wireless networking protocol to reduce frame collisions introduced by the hidden node problem. Originally the protocol fixed the exposed node problem as well, but modern RTS/CTS includes ACKs and does not solve the exposed node problem.
The RTS frame contains five fields, which are:
Frame Control
Duration
RA (Receiver Address)
TA (Transmitter Address)
FCS
The CTS frame contains four fields, which are:
Frame Control
Duration
RA (Receiver Address)
FCS
The ACK frame contains four fields, which are:
Frame Control
Duration
RA (Receiver Address)
FCS
RA – Receiver Address indicating the MAC address of the station that shall receive frame.
TA – Transmitter Address indicating the MAC address of the station which has transmitted frame.
FCS – Frame Check Sequence.
This protocol was designed under the assumption that all nodes have the same transmission ranges, and does not solve the hidden terminal problem. The RTS/CTS frames can cause a new problem called the exposed terminal problem in which a wireless node that is nearby, but is associated with another access point, overhears the exchange and then is signaled to back off and cease transmitting for the time specified in the RTS.
RTS/CTS is an additional method to implement virtual carrier sensing in carrier sense multiple access with collision avoidance (CSMA/CA). By default, 802.11 relies on physical carrier sensing only, which is known to suffer from the hidden node problem.
The RTS/CTS packet size threshold is 0–2347 octets. Typically, sending RTS/CTS frames does not occur unless the packet size exceeds this threshold. If the packet size that the node wants to transmit is larger than the threshold, the RTS/CTS handshake gets triggered. Otherwise, the data frame gets sent immediately.
IEEE 802.11 RTS/CTS mechanism could help solve exposed node problem as well, only if the nodes are synchronized and packet sizes and data rates are the same for both the transmitting nodes. When a node hears an RTS from a neighboring node, but not the corresponding CTS, that node can deduce that it is an exposed node and is permitted to transmit to other neighboring nodes.[1] If the nodes are not synchronized (or if the packet sizes are different or the data rates are different) the problem may occur that the exposed node will not hear the CTS or the ACK during the transmission of data of its neighbor
为什么是降低了througput
DoS
无状态出包过滤?
CDN 
UDP
我没get到它怎么恢复丢失
UDP居然能恢复包,应该指的是上层,buffer越大恢复丢包的允许时间越长orz
Key Terms
- Software Defined Networking (SDN): A new networking paradigm whereby the behavior of a network is controlled by a single high-level software program. The general term for network architectures whereby the control plane (software that controls network behavior) and the data plane (the devices that forward traffic) are separate from one another.
- Control plane: The functions in the network that control the behavior of the network (e.g., network paths, forwarding behavior). Typically, the control plane is instantiated as a single, high-level software controller.
- Data plane: The functions in the network that are responsible for forwarding (or not forwarding) traffic. Typically, the data plane is instantiated as forwarding tables in routers, switches, firewalls, and middleboxes.
- Active networks: A collection of network architecture projects in the 1990s that shared many of the same goals as software-defined networking.
- Network virtualization: The notion of instantiating many distinct logical networks on top of a single, shared physical network infrastructure.
When something takes shape, it develops or starts to appear in such a way that it becomes fairly clear what its final form will be.
By Friday night, when we held our regular board meeting, a plan was taking shape.
Definition-What does Legacy Network mean?
A legacy network is the generic name assigned to any old network, which is rarely used today and not part of the TCP/IP protocol suite.
Legacy networks are mostly proprietary to individual vendors. With the advent of TCP/IP as a common networking platform in the mid-
1970s, most legacy networks are no longer used.
Ad hoc 同时也包含有负面的评价,表明所形容的事物是一个权宜之计、不周密的计划或者是一个即兴举办的活动。
Ad-Hoc(点对点)模式:ad-hoc模式就和以前的直连双绞线概念一样,是P2P的连接,所以也就无法与其它网络沟通了。
A middlebox or network appliance is a computer networking device that transforms, inspects, filters, or otherwise manipulates traffic for purposes other than packet forwarding.[1] Common examples of middleboxes include firewalls, which filter unwanted or malicious traffic, and network address translators, which modify packets’ source and destination addresses.
The following are examples of commonly deployed middleboxes:
- Firewalls filter traffic based on a set of pre-defined security rules defined by a network administrator. IP firewalls reject packets “based purely on fields in the IP and Transport headers (e.g. disallow incoming traffic to certain port numbers, disallow any traffic to certain subnets etc.)”[1] Other types of firewalls may use more complex rulesets, including those that inspect traffic at the session or application layer.[4]
- Intrusion detection systems monitor traffic and collect data for offline analysis for security anomalies. Because IDSs unlike firewalls do not filter packets in real-time, they traditionally are capable of more complex inspection than firewalls which must make an accept/reject decision about each packet as it arrives.[5]
- Network address translators replace the source and/or destination IP addresses of packets that traverse them. Typically, NATs are deployed to allow multiple end hosts to share a single IP address: hosts “behind” the NAT are assigned a private IP address and their packets destined to the public Internet traverse a NAT which replaces their internal, private address with a shared public address.[6]
- WAN optimizers improve bandwidth consumption and perceived latency between dedicated endpoints.[7] Typically deployed in large enterprises, WAN optimizers are deployed near both sending and receiving endpoints of communication; the devices then co-ordinate to cache and compress traffic that traverses the Internet.
- Load balancers provide one point of entry to a service, but forward traffic flows to one or more hosts that actually provide the service.
历史
原来那么牛逼的概念都是一点点发展衍生出来的
traffic scrubbing
What GitHub relied on to counter the attack in February 2018 was scrubbing services, a common DDoS mitigation technique. Using this method, the traffic destined for a particular IP address range is redirected to datacentres, where the attack traffic is “scrubbed” or cleaned
VirtualBox console terminal: connects to Mininet VM. This is the one created when you started up the VM. You can’t copy and paste from this page to the console terminal, so it’s a bit of a pain. Minimize this NOW, if you haven’t already done so. Once you’ve used it to set up networking, it won’t be needed.
SSH terminal: connects to Mininet VM. Created by using putty on Windows or SSH on OS X / Linux, as described in the previous section. Copy and paste should work on this terminal.
xterm terminal: connects to a host in the virtual network. Will be labeled at the top with the name of the host.