Chapter 1: Overview of Internet Review
1.1 What is a computer network
From the point of view of composition:
(1) point: (end system, network application) + router and other network switching equipment
(2) edge: link
(3) protocol: the rules followed by peer-to-peer entities in the communication process Collection: Syntax + Semantics + Timing
From the service point of view:
(1) A communication architecture that can provide communication services for applications (reliable services with connections and unreliable services without connections)
(2) Communication services that work with each other distributed application
1.2 Network edge
(1) Network structure = network edge (applications, hosts) + network core (routers and other network switching devices and links) + access network and communication links
(2) Network edge: the end system running the application (in the end system Application interaction mode)
C/S mode, features: resources are on the server, client is active, easy to manage, inconvenient to expand
P2P mode, features: resources are in each Peer, management is difficult, and scalability is strong
(3) Using network services: TCP , UDP
1.3 Network Core
(1) Network core
Composition: Network switching equipment such as: router + link
Function: Data exchange (global routing + local forwarding)
(2) Data exchange method and comparison
Line exchange (exclusive line): not suitable for computers Communication between
FDM TDM WDM
lines takes a long time, is unreliable, and is not suitable for bursty communication between computers
Packet switching: store and forward mode, statistical multiplexing
VC, Datagram
1.4 Network Access and Physical Media
(1) Links or networks connecting end systems to edge routers
(2) Residential access: point-to-point access
(3) Institutional access: LAN, Ethernet, WLAN
(4) Physical link
-oriented media, Non-guided media
(5) Commonly used media: TP twisted pair, coaxial cable, optical fiber
1.5 Internet network structure and ISP
(1) Approximate hierarchical structure
T-1ISP, T-2 ISP (Regional ISP), Local ISP
(2) Connection between ISPs
POP, peer-to-peer connection, IXP
(3) Content provider network (ICP)
1.6 Packet switching network Delay and Loss in
(1) 4 Causes of Delay
Processing Delay, Queuing Delay, Transmission Delay, Propagation Delay
(2) Traffic Intensity: La/R
Queuing Delay Dependent Traffic Intensity Formula
(3) Loss Causes: Buffer Overflow + Failure to pass the verification
(4) Throughput
Instantaneous throughput
Average throughput
Bottleneck link determines the throughput between hosts
1.7 Protocol level and service model
(1) Why layering: The network is more complicated, and layering is easier to implement Design, debugging, and implementation
(2) Hierarchy: Divide complex network functions into layers with clear functions, and the upper layer uses the services provided by the lower layer to implement the protocol of this layer, thereby providing more complex functions for the upper layer (3) Some terms
and Concept
Entity: A software or hardware module that implements a certain protocol
Service, service access primitive, service access point Connection-
oriented service, connectionless service
Protocol, protocol data unit PDU
service and the relationship between the protocol (difference and connection)
( 4) Internet layered model and the functions of each layer
Application layer: exchange messages according to the application protocol to realize various applications
Transport layer: message segment from process to process
Network Layer: Host-to-Host Packet Transmission
Link Layer: Point-to-Point Frame Transmission
Physical Layer: Bit Sequence and Physical Signal Conversion
(5) Encapsulation and Decapsulation
Large Encapsulation at Source Host Small
Decapsulation and Encapsulation
Target at Intermediate Switching Nodes Large decapsulation of the host
Chapter 2: Application Layer
2.1 Principles of Network Application
(1) Principle + application example + SCOKET programming
(2) Application deployment
1, only concentrated on the end system, without any change to the router at the core of the network
2, the Internet architecture encourages application innovation
3, one of the important reasons for the success of the Internet
(3 ) Application architecture: C/S P2P hybrid
(4) Communication between processes
Same host: defined by the operating system
Different hosts: use the architecture provided by the network to exchange messages
(5) SOCKET
is an integer, used by the OS to mark the application communication relationship Local mark
TCP: local mark of connection
UDP: local mark of end node
(6) process addressing: IP+PORT (in essence, port number is introduced on the transport layer to distinguish applications, TCP and UDP use port numbers in different ways)
(7) Factors considered by the services required by the application (the main indicators of the services provided by the network infrastructure)
loss rate reliability; delay, delay difference (jitter); bandwidth; security
(8)
Service characteristics provided by the transport layer protocol TCP: Reliable byte stream service, connection-oriented, flow control, congestion control
Service characteristics provided by UDP: connectionless and unreliable services
can provide process identification to distinguish different processes
2.2 WEB and HTTP
(1) WEB applications include: HTTP protocol, HTML, CLIENT, SERVER
(2) Terminology: web page, object, reference URL
(3) HTTP protocol:
1, defines the message format, interpretation and timing of communication between C and S
2, HTTP connection: persistent connection 1.0 1.1 non-persistent connection 2.0 3.0
3, round-trip delay RTT and object fetch time
2.3 Email
(1) Composition of email application: user agent + mail server + SMTP
(2) Email message format analysis
header, message body
MIME: email multimedia extension, which can encode and decode multimedia content in emails
(3) email access Protocol
Function: The mail client pulls back the mail sent to itself from the server
Commonly used: IMAP+POP3+http
2.4DNS
(1) The role of DNS: complete the conversion of domain name to IP address (also includes, alias->regular name; mail server name->regular name conversion, etc.) (2) Application-level infrastructure, applications used by other applications (
3
) The concept of DNS: distributed, hierarchical database
(4) The composition of DNS: resolver (local application) + domain name server + DNS protocol
2.5 Video streaming service and CDN
(1) Download playback and streaming playback
(2) The way the server streams to the client
(3) DASH streaming process
1, the client obtains the notice file
2, and the client sends (may be different) according to the situation The server requests content blocks of different video quality
3, and the intelligence is displayed on the client side. According to the status of the playback data blocks cached at that time and the network conditions of each server leading to itself, it is decided when to request which blocks from that server. (4)
CDN
1 , a single server, or a server group to provide massive content concurrent services to clients: Poor scalability
2, CDN principle:
2.1: Collaborative service network at the application level (deployed at the application layer like DNS)
2.2: Deploy cache nodes across the entire network , the content is pre-deployed on the CDN cache node
2.3: User requests are redirected to their "nearest node" to request content through domain name resolution
3, the way of cache node placement:
Enter Deep: go deep into each leaf ISP, very close to the customer, the effect Well, the quantity is large, the cost is high, and the management is
difficult
Chapter 3: Transport Layer
3.1 Transport Layer Services
(1) Transport service: enable logical communication between end system applications
(2) Transport protocol: a set of rules that two peer transport layer entities running on the end system should follow when communicating with each other
(3) Difference between transport service and network service
Network service: host-to-host communication
Transmission service: process-to-process communication, more detailed end-to-end
(4) Internet transport layer protocol: TCP, UDP
3.2 Multiplexing and demultiplexing
(1) Multiplexing: the source end (TCP or UDP entity) collects data from multiple upper-layer applications: application messages, encapsulated messages (
2) Demultiplexing: the receiving end sends data to the corresponding port number (combined with IP) Application corresponding to SOCKET
(3) Working principle of multiplexing and demultiplexing: IP PORT
3.3 Connectionless transmission protocol UDP
(4) Necessity of UDP:
1. Applications have high requirements for real-time performance but not high requirements for reliability.
2. Or some applications require reliability, but based on TCP, the application cannot bear the delay paid by TCP to achieve reliability. Greater than cost, based on UDP to achieve reliability at the application layer: QUIC
has a small overhead: 8B header
Transactional applications: applications completed in one interaction
(5) UDP message (connectionless, so called UDP datagram) format
UDP message Calculation of text checksum: the sum with carry rollback, and then make a supplement
Checksum: the sum of the check range and the checksum (with carry rollback) is all 1
3.4 Principle of reliable data transmission
(1) The way of protocol evolution explains how to carry out RDT
1, add some assumptions, a simple protocol can provide reliable data transmission
2, remove some assumptions at a time, the protocol entity needs to make corresponding changes so that RDT can be performed
(2) technical mechanism
verification And, forward confirmation, reverse confirmation
Sequence number: check for duplication, out of order, gap
only positive confirmation mechanism
Detect retransmission and timeout retransmission: process loss (sliding window)
(3) Utilization rate: unit time * % time For the delivery of valid data
(4) Stop waiting technology: when the link bandwidth delay product (capacity) is high, the channel utilization rate is low
Pipeline technology: without the confirmation of the other party, multiple PDUs can be sent continuously
GBN: sending window Greater than 1, receive window = 1
SR: send window greater than 1, receive window greater than 1
3.5 Connection-oriented transport layer protocol: TCP
(1) TCP service characteristics
point-to-point; reliable sequence-preserving byte stream; pipeline; buffer; full-duplex; connection-oriented; flow control; congestion control
(2) TCP segment structure
1, the role of each field
2, when the connection is established Negotiate the starting sequence number of both parties, random or related to the clock,
place the data on the old connection to affect the data on the new connection
3, the sequence number is the offset of the first byte in the byte stream
4, confirm: yes The last byte received sequentially + 1, for that byte and beyond
(3) RTT time estimation and retransmission timeout estimation
Moving average calculation: average round-trip delay
moving average calculation: current round-trip delay sampling value and average value The standard deviation of
RTO = average value + 4 standard deviation
(4) Fast retransmission: In the case of no timeout, the other party receives three repetitions of a segment (a total of 4) ACK
(5) Flow control
purpose: prevent flooding Receiver
means: Feedback and pass the size of the receiving window to the sender
(6) TCP connection management
Connection establishment: 3-way handshake, confirmation of the initial sequence number selected by both parties, ready buffer
connection: resource preparation, control variable setting , Get ready for communication
Connection teardown: symmetrical, there are 2 army problems Imperfect (There is no perfect solution to release the connection, use a timer to make do, heartbeat)
Connection status and its transition
3.6 Congestion Control Principles
(1) The concept of congestion, what is congestion, and why does congestion occur? The
transmission speed exceeds the processing capacity of links and nodes, resulting in high queuing delay and high packet loss rate. Congestion window/RTT
(2) Congestion performance: large delay and large packet loss. Generally speaking, the throughput will not increase or decrease as the injection rate increases, and the acceleration will deteriorate
(3) Purpose: to restore to the non-congested state, and try to transmit as fast as possible without congestion (large throughput) + small delay
(4 ) Congestion control means
End-to-end congestion control: Traditional TCP uses this method
Network-assisted congestion control, ATM network flags and carry congestion information, feedback to the host, upgrade TCP ECN
3.7 TCP congestion control principle
(1) Traditional TCP congestion control principle
Congestion detection: three redundant ACKs (slight congestion), timeout (congestion, there is a possibility of misjudgment, but the probability is small)
Congestion control mechanism: AIMD slow start, conservative strategy after timeout
(2 ) Two algorithms for TCP congestion control
Tahoe: (3 ACKs and timeouts are regarded as congestion, initially 1, slow start exponential growth, when congestion occurs, half of the current window size is used as a warning value, and the latest window becomes When it is 1, it starts to slow start, and when it reaches the warning value, the congestion avoidance state starts to increase linearly)
Reno algorithm: (at the beginning, the slow start increases exponentially, when 3 redundancy is triggered, set the warning value to half of the current one, and set the current window The size becomes the latest warning value +3MSS, and then starts to increase linearly
(3) Follow-up: New Reno, Sack, ECN, CUBIC, BBR
Chapter 4: Network Layer Data Plane
4.1 Introduction to the functions of the network layer
(1) Main services and functions of the network layer Service
: Provide host-to-host segment transmission services to the transport layer
Function 1-global routing function, function of the control plane; determine the path from source to destination
function 2-local forwarding function , data plane function: enter from one port of the router, and flow out from another port. The above
two functions cooperate with each other to transmit the datagram from the source to the target host, thereby realizing the switching function of the network core. Flow table
(2) Two ways to realize network layer functions
1, traditional way:
control plane and data plane are vertically integrated on each device (router)
control plane function: routing protocol entity distributes calculation
of routing table data plane function That: IP group forwarding according to the routing table
2, SDN general forwarding mode The control plane and the data plane are separated, the centralized calculation of the sdn controller is
realized on different devices , and the flow table is issued to realize the control plane function . The sdn packet switch follows the flow table Forward incoming packets to realize data plane functions
(3) Some important indicators of services provided by the network layer: bandwidth; delay, delay difference; packet loss or not, packet loss rate
4.2 Traditional router structure and working principle
(1) Two major functions of the router
Routing protocol: The result forms a routing table (forwarding table)
Forwarding packets: Use the forwarding table to forward packets and exchange
(2) Form
input ports: Line terminals implement physical layer functions, and link protocol entities implement link Layer function, network layer function realizes distributed packet forwarding; longest prefix matching Switching
structure: memory-based, bus-based, Crossbar-based
Output port three-level function
1, network layer can realize packet scheduling: FIFO, RR , WFQ
2. Scheduling supports the transmission of priority groups such as multimedia packets.
3. Network layer, link layer and physical layer entity protocol processing, the bits corresponding to the frame formed by the grouping form a physical signal and sent to the
router for processing: control each part Coordination
4.3 Internet network layer protocol
(1) The service model provided by the IP network: best effort,
including meanings: packet loss, disorder, unreliability, (possibly including duplication)
(2) The network layer constitutes
IP protocol, routing protocol, ICMP protocol, etc.
Forwarding table
(3 ) IP datagram format
The role of each field: the packet has an ID, and the header needs to be verified.
Fragmentation and reassembly
1. The overall size of a packet exceeds the MTU of the forwarding link, so it needs to be sliced
2 and reassembled to the target host
(4) IP addressing
IP address: the identification of the host or router and network interface
Subnet: the communication between devices in a subnet has two characteristics
1, the communication does not need the router
2, the subnet prefix is the same, and
the address hierarchy supports routers and others The unit is the subnet, not the host IP (costly)
IP address classification: ABCDE
special IP address: loopback address,
subnet mask and CIDR
(5) NAT (intranet mapping external network)
(6) DHCP protocol: Internet hosts obtain IP, mask, default gateway
(7) Route aggregation:
1. The subnet reachability information of continuous subnet prefixes can be aggregated, reducing the number of externally transmitted routes and reducing the burden of route calculation 2. Support
approximate route aggregation, which corresponds to the longest prefix match
(8) IPV6
1, IPV6 format (fixed header length 40B), address 128bits
2, change of IPV6
3, migration from IPV4 to IPV6: tunnel
4.4 Universal Forwarding and SDN
(1) Advantages of the separation of the control plane and the data plane in the SDN method
1, the control logic is implemented on the controller, and the network is programmable, which can realize various complex network functions, new functions (one-time deployment, continuous upgrade), and convenient management
2 , forming a development ecosystem (controller, packet switch, network application, and collaboration under an open framework)
3. SDN packet switches perform packet forwarding according to the calculated flow table, general purpose, and easy to upgrade
(2) Working principle of packet switches
1, Pattern matching + action (action is not only forwarding, but also multicasting, flooding, modifying fields and blocking)
2. Incoming grouping, according to the multi-field match flow table, and acting on the grouping according to the action of the entry
3, if multiple flows On table matching, judge according to the priority
4, and count
Chapter 5 Network Layer Control Plane
routing algorithm
(1) Routing target: calculate a better path from the source to the destination based on the collected routing information (topology, link cost, etc.), and a path with a lower cost. The path between hosts = the route between subnets = the route between
routers Path
Because the IP address is composed of layers,
the path has the goal to calculate the collection tree of routing nodes.
Routing principles: complete and correct, simple, robust, stable and fair, and optimal
(2) Routing classification
Static and dynamic (adaptive)
local and global (
3) LS algorithm: global routing algorithm, working principle
1, each node collects neighbor information and generates LS; LS floods all ASs
2, nodes collect each LS status group to form a network topology
3, according to the shortest path algorithm Calculate the optimal path to other nodes (Dijsla algorithm)
(4) DV algorithm: local routing algorithm, working principle i
1, each node maintains the next hop and cost value 2 to all other nodes
, neighbors Regularly exchange DV 3 between nodes
, according to Bellman-Ford iteratively generate the cost of all targets and the corresponding next hop Distributed
algorithm, there are loop problems and infinite convergence problems
(5) Hierarchical routing
1, a plane to solve routing Problem: The amount of calculation, transmission, and storage of routing information is too large, it does not have scalability, and it does not meet the different management requirements of different network operators
.
OSPF, RIP, IGRP
Routing between AS's, resolved by Exterior Gateway Protocol: BPG
Routing to the gateway, there is a gateway (through the internal gateway protocol to pass through each AS, and the routing between the AS gateways depends on the external gateway protocol) to route to the target gateway, and to the inside of the target AS, use the internal routing of the AS to solve 3, hierarchical
routing Advantages
Scale problem: the number of subnets of each AS is limited, and the cost of routing calculation and transmission is small
Management problem: different ASs can adopt their own protocols
(6) Routing protocol classification
1, interior gateway protocol IGP
RIP; OSPF: AS internal support Hierarchical routing, supporting multiple costs at the same time; IGPR
2, Exterior Gateway Protocol EGP; BGP
ICMP protocol
Function: including error, echo request and response
message types include echo, Tracert, etc.
Chapter 6: Data Link Layer and Local Area Networks
6.1 Introduction
(1) Link layer services: point-to-adjacent node data in frames
1, framing, link access control (link access control)
2, reliable data transfer between adjacent nodes (some , such as wireless network)
3, flow control
4, error detection, error correction
5, full duplex and half duplex
(2) The connection mode of network nodes in the link layer
1, point-to-point mode: it is more suitable for wide area network, and the networking is complicated, but the function of the link layer is simple
2, the multi-point connection mode: it is more suitable for local area and convenient for networking, but it needs to be solved MAC problem, complex
6.2 Error detection and error correction
(1) Error detection principle: between D and EDC conforms to a certain agreed error
control coding relationship, source coding, target
parity check
CRC
1, generator polynomial agreed by the sender and receiver: G, r times
2, The sender performs CRC encoding on the data D according to G: shift left by r bits, divide by G to get the remainder
3, shift D to the left by r to +R, transmit
4 together, and the receiver decodes: shift D to the left by r to +R, can it be divisible by G
6.3 Multiple Access Protocols
(1) Necessity of MAC: multi-point connection network coordinates the use of shared channels by each node
(2) MAP
1, channel division
TDMA, FDMA, CDMA
2, RAY: random access protocol
3, round-robin protocol: token protocol
6.4 Link Layer Addressing
(1) MAC address
Format: 48-bit flat address, marking a specific network card
Assignment: IEEE
(2) The difference between MAC address and network layer address
Different levels,
MAC is an address plane, marking different sites of a physical network
IP is a level , can be aggregated, easy to calculate the route
(3) ARP protocol
Purpose: Conversion of IP address to MAC address within the scope of the physical network
Working principle: broadcast query, unicast response
6.5 Ethernet
(1) IEEE802.3 standard, link layer and corresponding physical layer
(2) Frame structure of Ethernet network: leading terminal part, destination address first
(3) Features of upward service: no connection, unreliable
because it is more reliable Yes, it is inefficient to do reliable work on the link layer
(4) Access control technology: CSMA/CD, exponential backoff
(5) Coding: Manchester coding + 4b5b coding + 8b10b coding, physical layer technology
(6) WLAN media access control technology : CSMA/CA
6.6HUB and switch
(1) Problems with the HUB connection method:
1. Physical layer equipment, signal shaping and amplification
2. One port enters, and all ports are in a collision domain
3. Cannot isolate conflicts
(2) The working principle of the switch
is selective forwarding : SW
self-learning: Learning the binding relationship between MAC address and switch port
Traffic isolation: Selective forwarding and forwarding
Dedicated access: Switch port directly solves the host
(3) The difference between routers and switches: 2-layer work, 3-layer work
Chapter 7: Multimedia network applications
Network applications involving multimedia such as audio and video
CBR: Encoding at a fixed speed
VBR: Video encoding rate changes with time
Multimedia: audio
(1) PCM process of uncompressed coding: sampling, quantization and coding
(2) Sampling: fixed frequency sampling analog audio signal
Telephone: 8000 samples/sec
CD music: 44,100 samples/sec
(3) Quantization coding: Each adopts quantized encoding
such as: 2^8 = 256 possible quantization, quantization error
Each quantization value is represented by several bits
such as: 8bits
(4) Audio: low bit rate
People are sensitive to audio quality
Multimedia network: 3 Application type
1, streaming, storing audio and video
1, storage (data generated on the server, non-real-time):
data previously produced and stored
can be transmitted at a faster speed than normal audio and video playback, which means that it can be transmitted at the client 2. Streaming
(one-way): before downloading the entire file,
the network bandwidth is sufficient and the server has stored it (on the contrary, real-time audio and video cannot)
(1) 'eg, YouToBe
(2) Streaming Features of stored audio and video: streaming, interactivity, continuous playback
(3) Network requirements: average bandwidth > playback bandwidth, delay 10s can accept
changes in path bandwidth, cache smooth throughput changes, but in essence, in the long run, the path Average throughput > Bandwidth required for playback
(4) Technologies used: caching, prefetching, adaptive bandwidth quality and CDN
2, IP interactive audio/video
(1) Interactive audio: Internet telephony VoIP
(2) Interactive video : Skype, WeChat
(3) Features: real-time data generation, streaming, dual (multi) directions
(4) Requirements for the network:
bandwidth requirements, delays should be less than 150ms, human-human interaction characteristics limit the delay tolerance and
jitter is small, for loss Not very sensitive
(5) Technologies used: adaptive playback, FEC, error concealment
3, streaming, real-time audio and video
(1) network video live broadcast, network broadcast: eg, live events
(2) 2 implementation methods: network layer Multicast, application layer multicast
(3) Real-time data generation, streaming, one-way (many users), live broadcast platform supports interaction
(4) Requirements for the network: bandwidth requirements, delay 10s acceptable
(5) Use technology and stream Similar to traditional storage video technology
Initial cache, adaptive bandwidth, CDN distribution Streaming
storage video
Challenge
(1) Continuous playback limit: Once the client starts playing, the consumption rate = original speed
1, when it is time to play a certain frame, the frame’s The data should be received
2, otherwise it will be useless when it arrives in the future
3, but the network delay is changing (jitter), and some frames may be delayed, so the client needs to cache
the first frame received instead of releasing it immediately, but Play it after a period of delay
(2) Other challenges:
customer interaction behavior: pause, forward, rewind, jump within the video,
video packets may be lost, retransmission (requires time cost)
(3) The role of buffering:
1, the receiving end Changes in end-to-end delay: A certain frame arrives late, as long as there is still data in the buffer, it can be played continuously; at the cost of increasing the overall playback delay, you can compensate for delay changes
2. Compensate for end-to-end bandwidth fluctuations: Instantaneous path throughput < playback bit rate, incoming rate < consumption rate, as long as there is still data in the buffer, it can be played continuously; condition: average path throughput > = playback bandwidth (4
) Streaming video technology: UDP streaming, HTTP streaming, adaptive HTTP streaming
(5) all require client buffering: because the network delay is changing, the average throughput of the path is changing
(6) Client buffering and playback delay: Compensate for network delay and delay jitter, increase playback delay in exchange for playback continuity
Streaming multimedia technology: DASH
DASH: Dynamic, Adaptive Streaming over HTTP
(1) Server:
Divide video files into multiple blocks
and store each block independently , encoded in different code rates (8-10)
goods list: provide URLs of different blocks
(2) client:
first obtain the goods list,
periodically measure the bandwidth from the server to the client to query
the goods list, and request a block at a time, The HTTP header specifies the byte range
. If the bandwidth is sufficient, select the video block with the highest bit rate. At
different moments in the session, you can switch and request different encoding blocks.
(3) Advantages of DASH Dynamically
estimate bandwidth and current cache conditions, DASH can usually do To continuous playback
Reduce the burden on the server and have strong scalability
Content Distribution Networks (Content Distribution Network)
(1) Challenge: How can the server stream video content to millions of users through the network at the same time
(2) Option 1: Single, large super Service Center
1. There are many hops on the path from the server to the client, and the bandwidth of the bottleneck link is small, which leads to pauses. 2. The
"Twenty-Eight Law" determines that the network is flooded with multiple copies of the same video at the same time, and the efficiency is low.
3. A single point of failure , Performance bottleneck
4, Congestion of surrounding network
Comments: Quite simple, but this method is not scalable
(3) Option 2: Deploy cache nodes on the entire network through CDN, store service content, provide services to users nearby, and improve user experience
enter deep: Put CDN servers deep into many access networks
1, closer to users, large in number, away from users, difficult to manage
bring homr: Deploy in a few (about 10) key locations, such as installing server clusters near POPs and
using leased lines will Server clusters are connected to
CDN content replication strategy
(1) It is not necessary to replicate all content to all cache nodes
(2) Content replication strategy determines what content is stored in cache nodes
(3) Non-hot content will be replaced (replacement strategy) , to make room for
Voice-over-IP(VoIP)
Overview:
(1) VoIP: Transmit real-time audio generated on the network. Application requirements:
1. The delay should not be too large, <400ms or it will affect the interactive
application processing, and the delay cannot be increased too much. UDP is used (the transport layer does not add too much Delay)
2, a small amount of loss is allowed, but if there is too much loss, you will not be able to hear clearly, EFC
3, too much jitter, pitch change, (requires buffering, continuous playback; needs to be sorted by number)
(2) Services provided by IP: best effort For (loss; delay; jitter)
(3) What work should be done on the application layer to combat network problems, so that VoIP can run well because all
IP packets are used, and the network layer is not optimized for certain types of applications.
Problem 1: Loss
The delay area is full, and the error check fails.
The delay is too large (exceeding the manual playback delay), and the playback time is missed . It is not feasible to
use TCP1 .
The timeout retransmission mechanism will increase the overall delay and affect real-time performance.
The generated data is generated in real time.
The application layer uses encoding or masking partial loss, and it does not matter if the loss is less than 1-10%.
Question 2: Delay
All delays: the transmission of each link, propagation delay, application layer buffering and processing
strategies : The necessary network delay cannot be reduced, and the delay cannot be artificially increased at the application layer: processing, buffering
1, using UDP instead of TCP
2, the playback delay introduced, so that the overall delay is best limited within 400ms
to ensure maximum continuity In case of playback, minimize playback delay
Problem 3: Jitter
Reason: Packet delay is different, different paths, some links are retransmitted
Consequences: There is a difference in delay between packets, and the interval between packets changes; even first send and then arrive -> direct playback effect is poor (modulation, incomprehensible)
Measures:
1. Time stamp and serial number at the sending end, sorting at the receiving end Sequence
number + 1, the sequence number does not increase when no data is sent during the silent period
Timestamp +, the timestamp still increases
by 2 during the silent period, introduce buffering at the receiving end, introduce Playback delay eliminates (absorbs) jitter (fixed or adaptive)
(4) VoIP architecture
(1), the speaker's audio: divided into burst period and silent period
Conversation burst period: 64kbps
only generates packets in the conversation burst period for
20msec to produce a data block, 8000B/sec: 160B/20mes
2, Add an application layer header 3 to each piece of voice data
, and the application message (header + voice data) is encapsulated in a UDP or TCP segment
4. During the session burst period, the application program sends a segment every 20ms
(2) Adaptive playback delay
(5) Voip: recover from packet loss
Challenge: recover from packet loss, within a given small tolerable delay
1, utilize retransmission: each ACK/NCK will take ~1RTT
2, other options: Forward Error Correction (FEC)
sends enough bits to allow recovery from loss without retransmission
Simple FEC
1, for each group of n data blocks, use the XOR of n blocks of data to create a redundant block
2, send n+1 data blocks, increase the bandwidth by about 1/n
3, at most one piece of data in a group is lost case, the lost data block can be reconstructed without retransmission
Another FEC scheme
1, piggybacking low-quality code stream
2, passing the low-quality code rate as redundant information
3, eg, PCM code stream 64kbps, redundant code GSM rate 13kbps
Discontinuous loss: the receiver can cover up the
loss Optimization method: (n-1) st and (n-2) nd low bit rate data blocks can also be added
Interleaving conceals loss
1, audio data block is divided into small units, eg, 4 5msec data blocks (each 20ms data block)
2, packet contains small units of different data blocks
3, if packet is lost, still has each original data block The vast majority of small units
4, no redundant information, but increased playback delay
A protocol for real-time interactive applications
(1) ### Real-Time Protocol (RTP)
RTP specifies the packet structure used to carry audio and video data
RFC 3550
RTP packet provides (load type identification, packet sequence number, time stamp)
RTP runs on the end system
RTP packet encapsulation Interoperability in the UDP segment
: If two VoIP applications run on RTP, they can work together
(2) RTP runs on UDP.
The RTP library provides a transport layer interface, extending UDP
1, port number, IP address
2, Load type identification
3, packet sequence number
4, time stamp
(3) RTP and QoS
1, RTP does not provide any mechanism for on-time interaction and other QoS guarantees
2, RTP encapsulation can only be seen in the end system to
provide best-effort service , there is no extra effort to ensure that RTP packets can reach the destination on time
(4) Real-Time Control Protocol (RTCP)
1, working with RTP
2, each participant of the RTP session periodically sends RTCP control packets to all other participants
3. Each RTCP packet contains a report from the sender and/or receiver
4. The feedback information is used to control performance (the sender may adjust its transmission according to the feedback)
(5) SIP: Session Initiation Protocol
SIP target
1, all phones Calls, video conferencing can be carried out through the Internet
2. The user is marked by name or email address instead of phone number
3. You can connect to the called party, no matter whether the called party is roaming or not, and no matter what SIP
service the called party is currently using
. 1. To establish a call, SIP provides mechanism
For the calling party, let the called party know that someone wants to establish a call with him
. The calling party and the called party negotiate the media type and specific encoding parameters.
End the call
2. Determine the IP address currently used by the called party.
Map the naming mark to the current IP address. The IP address used by the called party
3, call management:
add a new media stream type during the session,
change the encoding during the session,
invite other parties to join the session
, transfer and maintain the session
(6) ### SIP proxy
1, SIP server additionally One function is: proxy
2, Alice sends an invite message to her own proxy server
Including address: SIP: [email protected]
The proxy is responsible for routing the SIP message to the called party, it may need to go through multiple proxies
3, Bob goes through the same The SIP proxy set sends a response message and returns
4. The proxy gets Bob's SIP response message and returns it to Alice (including Bob's IP address)
5. The SIP proxy is analogous to local DNS server +TCP setup
(7) H.323
1, H.323 is another signaling protocol for real-time and interactive communication
. H.323 is a complete and vertically integrated protocol family for multimedia conferences.
3. SIP is a single protocol that needs to cooperate with the RTP protocol, but not necessarily. It can also be used in combination with other protocols and services. 4. H.323
comes from ITU
5, and SIP comes from IETF: it borrows a lot of concepts from the HTTP protocol (SIP protocol has Web style, H.323 has telecom style)
6, SIP adopts KISS principle: Keep it simple and stupid
Multimedia Network Support
Application layer vs network layer supports multimedia applications
(1), the previous sections: an effective method of developing network media services on a best-effort network
1, the network does not make any changes, and works at the application layer of the edge system
2, application layer technology : Client caching, prefetching, adaptive media quality, adaptive playback, loss masking
3, application layer system level method: CDN distribution network media content
(2) network layer mechanism: support multimedia applications (provide effective support for network multimedia)
Current Status of Network Layer Mechanism Deployment
(1) It has not been widely used, and different ISP network deployments are different
(2) Reason 1: Application or application infrastructure + best-effort service: good enough
(3) Reason 2: The deployment mechanism at the network level is complicated, and the network It is not very cost-effective to add complex functions.
1. The charging model of the Internet makes ISPs unwilling to invest too much.
2. If ISPs invest more, ICP and service operators will benefit more. It is difficult for ISPs to get a share of the pie.
3. A single ISP deploys some networks Layer features, but if other ISPs are not deployed, the multimedia effect will not be good
(4) Network mechanism
1, bandwidth expansion
2, differentiated services – services (marking, scheduling, supervision) obtained by class packets in routers
3, Qos guarantee for each connection , when established, reserve network resources (such as bandwidth) to ensure end-to-end performance
. Hard guarantee: The performance of the connection is definitely guaranteed.
Soft guarantee: There is a relatively high possibility of performance guarantee.
Technology: Marking, scheduling, supervision, call admission
network management
Real-world examples of network management
(1) Aircraft control system, DCS control system
(2) Device management function
1, monitoring the operating status of each component of the system (input)
the management personnel query the equipment (query, regularly)
when the equipment is abnormal
2, according to the status and The goal is to interfere with the operation of the system and issue execution actions (output)
(3) The ultimate goal: to monitor the operating status of each device and ensure the normal operation of the system
Examples of network management functions
(1) Monitor the network card failure of the host or router (the frame error sent by the network card increases)
(2) Automatically monitor the activity of the host
(3) Monitor traffic: the traffic
of a certain network segment increases, and the server can be moved to another network segment
If the traffic on a certain network segment exceeds the limit value, upgrade the bandwidth before the user perceives it
(4) Rapid changes in the routing table, configuration problems, and repair before the problem occurs on the network
(5) SLA monitoring: drop rate, delay, throughput , reaching the lower limit alarm
(6) Intrusion detection: attack behavior, detection and alarm
5 major functions of network management
(1) Performance management
1, performance (utilization, throughput) quantification, measurement, reporting, analysis and control of the performance of different network components
2, the components involved: individual components (network card, protocol entity), end-to-end path
( 2) Fault management: record, detect and respond to faults
1, performance management is long-term monitoring of equipment performance
2, fault management: sudden and intensive performance degradation, emphasizing the response to faults
(3) Configuration management: tracking device configuration, Manage device configuration information
(4) Account management: define, record and control user and device access to network resources,
limit usage, charge for usage, and assign resource access rights
(5) Security management: define security policies and control the use of network resources
The essence of network management ·
(1) Essence: remote (distributed) monitoring (query, periodic reporting, and abnormal asynchronous reporting) and control
(2) Examples: group and branch
1, branch periodic report, output and other information
2, branch actively report abnormality
3, Headquarters text branch: report information (indicators)
4. The headquarters issues instructions to make the branch act
cyber security
what is security security
(1) Confidentiality: Only the sender and the designated receiver can understand the content of the transmitted message. The
sender encrypts the message and
the receiver decrypts the message
(2) Authentication: The sender and the receiver need to confirm the identity of the other party
(3) Message integrity: The sender and receiver need to confirm that the message has not been changed during transmission or afterwards
(4) Access control and service availability: The service can be accessed and is available to users
encryption principle
encryption term
m=Kb(Ka(m)); m: plaintext, Ka(m) ciphertext, using Ka for encryption
Symmetric Key Encryption
The sender and the receiver share the same secret key (symmetric)
Simple symmetric encryption scheme: replace one letter with another
Encryption key: mapping relationship between 26 letters and 26 letters
###AES
encrypts every 128bits
Cipher block chain
(1) Cipher block: If the input block is repeated, the same ciphertext block will be obtained
(2) Cipher block chain: Input m(i) in the i-th round, XOR with the previous round of password c(i-1)
public key encryption algorithm
Requirements:
1. Kb-(Kb+(m))=m: kb-private key, kb+public key
2, Godin public key Kb+, derived private key Kb-computationally infeasible
pre-knowledge
a mod n + b mod n = (a+b) mod n
a mod n - b mod n = (ab) mod n
a mod n * b mod n = (a*b) mod n
thus:
(a mod n)^d mod n = a^d mod n
##RSA
RSA : Ready
(1) Message: It is a bit pattern
(2) The bit pattern can be uniquely represented by an integer
(3) Therefore, encrypting a message is equivalent to encrypting an integer
RSA: Create a public/private key pair
(1) Choose two very large prime numbers p,q
(2) Calculate n=pq, z=(p-1)(q-1)
(3) Choose an e (requires e<n) and z have no common Factor, mutual prime
(4) Choose d so that ed-1 is exactly divisible by z (that is, ed mod z =1)
(5) Public key (n, e), private key (n, d)
RSA encryption and decryption
(1) Given (n, e) and (n, d) obtained according to the appeal algorithm
(2) Encrypted message m(<n), encryption algorithm
c = m^e mod n
(3) For the received encrypted message To decrypt the text c, calculate
m = c^d mod n
(4)
Digital signatures
Digital signatures are similar to handwritten signatures
(1) The sender digitally signs the document, provided that he is the owner/creator of the document
(2) Verifiability, unforgeability: The recipient can prove to others that the sender must be
(3) Simple digital signature of message m The
sender signs m with its private key, and creates a digitally signed Kb-(m)
message digest to
make the long message public The operation of the secret key encryption algorithm takes a lot of time
Goal: a fixed-length, easy-to-calculate fingerprint uses the hash function H for m to obtain a fixed-length message digest H(m)
Characteristics of the hash function
1, many pairs 1
2 , the result is a fixed length of
3, given a message digest x, it is computationally infeasible to reversely calculate the original message
Public key certification center (CA)
(1) certification authority (CA): bind a public key with the entity E that owns it
(2) E (person, router) registers his public key with CA (out-of-band ), E provides to CA, the proof of his own identity "proof of identity"
CA creates a certificate, bundles E entity information and his public key
Certificate includes E's public key, and is signed by CA (used by CA My own private key is encrypted) – CA says this is E’s public key
(3) When A gets B’s public key
1, obtains B’s certificate certificate
2, and uses CA’s public key to verify B’s certificate
. The premise is Previously, it was necessary to reliably obtain the public key of the CA, and the certificate of the CA. The
CA certificate was obtained out-of-band: the public key CA certificate that is brought with the installation system or directly trusted
is generally used to sign your own public key
security email with your own private key. (Application layer)
Confidentiality
A needs to send a confidential message m to B
A:
generate a random symmetric key, Ks
encrypts the message with Ks (for efficiency)
encrypts Ks with B's public key and
sends Ks(m) And Kb+(Ks) to B
B:
Use your own private key to decrypt Ks
Use Ks to decrypt Ks(m) to get the message
Integrity and Authenticity
A Digitally sign the document (sign the hash of the message with your own private key)
send the message (in plain text) and digitally sign it
Confidentiality, authenticity and message integrity
A uses 3 keys: its own private key, B's public key, and newly generated symmetric key
TCP connection security TLS (Transport-layer security)
TLS key generation
(1) Use the same key in multiple encryption operations: insecure
Use different keys for: message authentication (MAC) and encryption
(2) 4keys
Kc = encryption key from client to server Key
Mc = MAC key from client to server
Ks = encryption key from server to client
Ms = MAC key from server to client
(3) The key has a key derivation function (KDF) export function to export
KDF to create a key Input: master key MS + (possibly) some additional random data
Break the fixed correspondence between master key MS and 4Keys
t-tls: encrypted data
(1) stream encryption, the MAC of integrity verification can only be at the end, Then the integrity check can be performed only after all the data has been transmitted
(2) For example: for instant messaging (long duration), how to perform integrity check on all bytes before the terminal displays these characters?
(3) Solution: Divide the byte stream into individual records
1, each record CS carries the MAC and hash of the record (using Mc)
2, the receiving end can check the integrity of each arriving record
(4 ) The attacker may modify the TCP header, such as modifying the serial number in the header. The solution is to put the serial number into the MAC
TLS encryption suite
(1) "Cipher suite": key generation algorithm, encryption algorithm, MAC algorithm, digital Signature algorithm (does not bind a specific algorithm)
IPSec: Security at Network Layer
IPSec Protocol: Location
(1) In 2 networks (host or router)
(2) Above IP, below the transport layer protocol
(3) Send entity encrypted datagram load, the load can be:
1, all loads of the original IP can be IPSec Payload
2, TCP segments, UDP datagrams, ICMP messages, OSPF messages, etc.
(4) Lower level, all data from the sending entity to other receivers can be hidden
(5) Carpet coverage (IP load ( Such as TCP segment) is encrypted, authenticated, and integrity checked)
2 modes of IPSec
(1) Transmission mode
1, between hosts
2, only the datagram payload is encrypted and authenticated (head plaintext)
(2) Tunnel mode
1, between routers
2, the entire datagram is encrypted and authenticated
3, encrypted data The report is encapsulated in a new datagram, the new IP header
4, and there is a tunnel between the two routers, connecting the two networks: VPN
IPSecSummary
(1) IKE exchange messages are used for: negotiation algorithm (cipher suite), generation and exchange of keys, generation of SPI, automatic establishment of SA
(2) AH or ESP protocol
1, AH provides integrity, source authenticity
2, ESP (Compared to AH) Provide additional confidentiality
(3) IPSec pair can be a secure peer relationship between 2 network entities
1, 2 routers/firewalls
2, 1 router/firewall, and the other is an end system
3,
#Firewall between the two end systems
isolates the internal network of the organization from the Internet, allows certain groups to pass through (in and out) according to the rules, or blocks certain groups
The need for a firewall
(1) Prevent denial of service attack
SYN flooding: attackers establish many fake TCP connections. For real users, their access is denied because the server's resources are exhausted
(2) Prevent illegal modification/access to unauthorized content (eg attacker replaces CIA's homepage)
(3) Only authenticated users are allowed to access internal network resources
(4) 2 types of firewalls
1, stateless packet filter
2, stateful packet filter
3, application gateway
Stateless Packet Filtering: Example
Example 1: Block incoming and outgoing data packets: as long as the IP protocol field = 17, and the source/destination port number = 23 Result:
All incoming and outgoing UDP flows, as well as Telnet connection packets on TCP are blocked.
Example 2: Blocking access to the intranet TCP segment: its ACK=0
result: prevent external clients from actively establishing TCP connections with internal hosts, but allow internal network clients to actively establish TCP connections with external servers;
Stateful packet filters: track the state of each TCP connection
(1) Track TCP connection establishment (SYN), teardown (FIN); and then allow the corresponding subsequent packets to pass through
(2) The inactive connection on the firewall will time out, and the corresponding packet will no longer be allowed to pass through the firewall
IDS: Intrusion Detection System
(1) Packet filtering:
1, check the TCP/IP header field
2, do not check the correlation between session packets
(2) IDS: intrusion detection system
1, in-depth packet inspection: check the content of the packet
2, check between packets Relevance to determine whether it is a harmful packet
Port scanning, network mapping, Dos attack
Wireless Links and Mobile Networks
wireless link
Wireless link characteristics
The important difference from the wired link is:
(1) Attenuated signal strength: the attenuation (path loss) of the wireless electromagnetic wave signal when passing through the object (even in open space)
1, is inversely proportional to the square of the distance, and the object material The nature and frequency are related
2, and in the wired guided medium, the signal strength of any 2 points does not change so much
(2) Interference from other signal sources
1, standard wireless network frequency (eg, 2.4GHz) and other equipment such as Cordless phones share the frequency band, mutual interference
2, electromagnetic noise (motors) interference in the environment
(3) CDMA
### Wireless Local Area Network
IEEE 802.11 Wireless LAN
WIFI4, WIFI5, WIFI6
1, the difference: bandwidth, frequency, range and physical coding technology Difference
2, commonality: use CSMA/CA medium access control mode in the shared wireless channel, and both have base station mode and ad hoc mode