10CS64 _ A_C - PESIT South

Transcription

10CS64 _ A_C - PESIT South
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
INTERNAL ASSESSMENT TEST – 2
Date
: 01/04/2015
Subject & Code : Computer Networks-II/10CS64
Name of faculty : Ravi Dixit
Max Marks : 50
Section
: VI- A & VI-C
Time
: 8:30-10:00am
Note: Answer ALL Questions (SOLUTIONS)
1. a
Define Secrete key and public key encryption method?
An encryption system in which the sender and receiver of a message share a single,
common key that is used to encrypt and decrypt the message.
Symmetric-key systems are simpler and faster, but their main drawback is that the two
parties must somehow exchange the key in a secure way. Public-key encryption avoids
this problem because the public key can be distributed in a non-secure way, and the
private key is never transmitted.
The disadvantage of symmetric cryptography is that it presumes two parties have agreed
on a key and been able to exchange that key in a secure manner prior to communication.
A cryptographic system that uses two keys -- a public key known to everyone and a
private or secret key known only to the recipient of the message.
An important element to the public key system is that the public and private keys are
related in such a way that only the public key can be used to encrypt messages and only
the corresponding private key can be used to decrypt them. Moreover, it is virtually
impossible to deduce the private key if you know the public key.
It is also called asymmetric encryption because it uses two keys instead of one key
(symmetric encryption).
B.E, 6th Semester
4
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
b
For RSA encryption of 4 bit message of 1001 and given that a=3, b=11 and x=3.
Find the Public Key, Private Key and the Cipher text.
6
Message, m = 1001 or m=9; a=3, b=11 and x=3
Let n= a.b = 3 . 11 = 33
Public Key:
Find y such that x.y mod (a-1).(b-1) = 1 ; 3.y mod (3-1)(11-1) = 1;
3.y mod 20 = 1 ; y=7
Public Key = { n, y} = {33, 7}
Private Key:
Private Key = { n, x} = {33, 3}
Cipher Text:
c = m x mod n ;
= 9 3 mod 33
Cipher text = 3
2. a
What is the purpose of network management? Explain Management Information
Base (MIB) significance in network management.
B.E, 6th Semester
5
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
Network management refers to the activities, methods, procedures, and tools that
pertain to the operation, administration, maintenance, and provisioning of networked
systems. The functions performed by a network management system can be categorized
into the following five areas: Fault management, Configuration management,
Accounting management, Performance management and Security management
Management Information Base (MIB)
MIBs are a collection of information organized hierarchically which define the
properties of the managed object within the device to be managed (such as a router,
switch, etc.)
Each managed device keeps a database of values for each of the definitions written in
the MIB. As such, it is not actually database but implementation dependent.
Each vendor of SNMP equipment has an exclusive section of the MIB tree structure
under their control and these are accessed using a protocol such as SNMP.
There are two types of MIBs: scalar and tabular. Scalar objects define a single object
instance whereas tabular objects define multiple related object instances grouped in
MIB tables.
The following keywords are used to define a MIB object:
Syntax: - Defines the abstract data structure corresponding to the object type. The SMI
purposely restricts the ASN.1 constructs that can be used to promote simplicity.
Access: - Defines whether the object value may only be retrieved but not modified (read
only) or whether it may also be modified (read-write).
Description: Contains a textual definition of the object type. The definition provides
all semantic definitions necessary for interpretation; it typically contains information of
the sort that would be communicated in any ASN.1 commentary annotations associated
with the object.
MIB Object Identifiers
Each object in the MIB has an object identifier (OID), which the management station
uses to request the object's value from the agent.
An OID is a sequence of integers that uniquely identifies a managed object by defining
a path to that object through a tree-like structure called the OID tree or registration tree.
When an SNMP agent needs to access a specific managed object, it traverses the OID
tree to find the object.
The MIB object identifier hierarchy and format is shown in the above figure.
B.E, 6th Semester
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
b
Give an overview of Domain Name System (DNS)
Domain Name Service (DNS):
DNS is a host name to IP address translation service
DNS is a distributed database implemented in a hierarchy of name servers, an
application level protocol for message exchange between clients and servers
A lookup mechanism for translating objects into other objects
A globally distributed, loosely coherent, scalable, reliable, dynamic database Comprised
of three components:
A “name space:”Servers making that name space available
Resolvers (clients) which query the servers about the name space: It is easier to
remember a host name than it is to remember an IP address.
A name has more meaning to a user than a 4 byte number. Applications such as FTP,
HTTP, email, etc., all require the user to input a destination. The user generally enters a
host name. The application takes the host name supplied by the user and forwards it to
DNS for translation to an IP address.
DNS works by exchanging messages between client and server machines.
A client application will pass the destination host name to the DNS process to get the IP
address.
The application then sits and waits for the response to return.
How DNS Works
B.E, 6th Semester
5
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
Client wants IP for www.amazon.com; 1st approx:
 client queries a root server to find com DNS server
 client queries com DNS server to get amazon.com DNS server
 client queries amazon.com DNS server to get IP address for www.amazon.com
3. a
What is QoS? Give an overview of Integrated QoS method with block diagram
Quality of service (QoS) refers to resource reservation control mechanisms rather than
the achieved service quality.

Quality of service is the ability to provide different priority to different
applications, users, or data flows, or to guarantee a certain level of performance
to a data flow.

For example, a required bit rate, delay, jitter, packet dropping probability and/or
bit error rate may be guaranteed.

Quality of service guarantees are important if the network capacity is
insufficient, especially for real-time streaming multimedia applications such as
voice over IP, online games and IP-TV, since these often require fixed bit rate
and are delay sensitive, and in networks where the capacity is a limited resource,
for example in cellular data communication.

In the absence of network congestion, QoS mechanisms are not required.

A network or protocol that supports QoS may agree on a traffic contract with the
application software and reserve capacity in the network nodes, for example
during a session establishment phase.
B.E, 6th Semester
10
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering

During the session it may monitor the achieved level of performance, for
example the data rate and delay, and dynamically control scheduling priorities in
the network nodes. It may release the reserved capacity during a tear down
phase.
Integrated services (IntServ):

IntServ or integrated services is an architecture that specifies the elements to
guarantee quality of service (QoS) on networks.

IntServ specifies a fine-grained QoS system, which is often contrasted with
DiffServ's coarse-grained control system.


The idea of IntServ is that every router in the system implements IntServ, and
every application that requires some kind of guarantees has to make an
individual reservation.
Integrated services approach consists of two service classes
1. Guaranteed service class: - defined for applications that cannot tolerate
a delay beyond particular value. Real time applications like voice or video
communications use this type of service
2. Controlled-load service class:- defined for applications that can tolerate some delay
and loss.
The below figure shows four processes providing quality of service
B.E, 6th Semester
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
Traffic shaping
 Traffic shaping provides a means to control the volume of traffic being sent into
a network in a specified period or the maximum rate at which the traffic is sent
(rate limiting).

This control can be accomplished in many ways and for many reasons; however
traffic shaping is always achieved by delaying packets.

Traffic shaping is commonly applied at the network edges to control traffic
entering the network, but can also be applied by the traffic source (for example,
computer or network card) or by an element in the network.

A traffic shaper works by delaying metered traffic such that each packet
complies with the relevant traffic contract.

Metering may be implemented with for example the leaky bucket or token
bucket algorithms
Admission Control
It is a network function that computes the resource(bandwidth and buffers)
requirements of new flow and determines whether the resources along the path to be
followed are available.
Before sending packet the source must obtain permission from admission control.
Admission control decides whether to accept the flow or not.
Flow is accepted if the QoS of new flow does not violate QoS of existing flows QoS
can be expressed in terms of maximum delay, loss probability, delay variance, or other
performance measures. QoS requirements: Peak, Average., Minimum Bit rate,
Maximum burst size, Delay, Loss requirement
Network computes resources needed like “Effective” bandwidth QoS & Resource
Allocation, VPN, MPLS
If flow accepted, network allocates resources to ensure QoS delivered as long as source
conforms to contract
B.E, 6th Semester
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
3. Resource reservation protocol
The Resource ReSerVation Protocol (RSVP) is a Transport layer protocol designed to
reserve resources across a network for an integrated services Internet.
RSVP does not transport application data but is rather an Internet control protocol, like
ICMP, IGMP, or routing protocols.
RSVP provides receiver-initiated setup of resource reservations for multicast or unicast
data flows with scaling and robustness.
RSVP can be used by either hosts or routers to request or deliver specific levels of
quality of service (QoS) for application data streams or flows.
RSVP defines how applications place reservations and how they can relinquish the
reserved resources once the need for them has ended.
RSVP operation will generally result in resources being reserved in each node along a
path.
RSVP is not itself a routing protocol and was designed to interoperate with current and
future routing protocols.
RSVP by itself is rarely deployed in telecommunications networks today, but the traffic
engineering extension of RSVP, or RSVP-TE, is becoming more widely accepted
nowadays in many QoS-oriented networks.
4. Packet scheduling
Packet scheduling refers to the decision process used to choose which packets should be
serviced or dropped.
Buffer management refers to any particular discipline used to regulate the occupancy
of a particular queue.
At present, support is included for drop-tail (FIFO) queueing, RED buffer management,
CBQ (including a priority and round-robin scheduler), and variants of Fair Queueing
including, Fair Queueing (FQ) and Deficit Round-Robin (DRR).
B.E, 6th Semester
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
4
a. Give an overview of Leaky Bucket approach for traffic shaping
Leaky Bucket Traffic Shaping
The algorithm is used to control the rate at which data is injected into a network,
smoothing out "burstiness" in the data rate.
A leaky bucket provides a mechanism by which bursty traffic can be shaped to present a
steady stream of traffic to the network, as opposed to traffic with erratic bursts of lowvolume and high-volume flows.
A leaky bucket interface is connected between a packet transmitter and the
Network
No matter at which rate the packets enter the traffic shaper, the outflow is
regulated as a constant rate.
When a packet arrives, the interface decides whether that packet should be queued or
discarded, depending on the capacity of the buffer.
Incoming packets are discarded once the bucket becomes full.
This method directly restricts the maximum size of burst coming into the system.
Packets are transmitted as either fixed-size packets or variable-size packets.
Leaky bucket scheme is modeled by two main buffers, one buffer forms a queue of
incoming packets and other one receives authorizations.
Leaky-bucket traffic-shaper algorithm is summarized as follows.
Begin leaky-Bucket Algorithm
1. define for the algorithm
= rate at which packets with irregular rate arrive at the main buffer
g = rate at which authorization grants at the grant buffer
w = size of the grant buffer and can be dynamically adjusted
2. Every 1/g seconds, a grant arrives.
3. Over each period of 1/g seconds, i grants can be assigned to the first i incoming
packets, where i< = w, and packets exit from the queue one at a time every 1/g
seconds, totaling i/g seconds.
4. If more than w packets are in the main buffer, only the first w packets are assigned
B.E, 6th Semester
5
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
grants at each window time of 1/g, and the rest remain in the main queue to be
examined in the next 1/g interval.
5. If no grant is in the grant buffer, packets start to be queued
b. Explain Weighted Fair Queueing method applied in traffic scheduling
Weighted fair queuing (WFQ) is a data packet scheduling technique allowing
different scheduling priorities to statistically multiplexed data flows.
B.E, 6th Semester
5
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
WFQ is a generalization of fair queuing (FQ).
Both in WFQ and FQ, each data flow has a separate FIFO queue.
WFQ addresses the situation in which different users have different requirements.
Each user flow has its own buffer and each user flow also has weight.
Here weight determines its relative bandwidth share. The WFQ is depicted in the Figure
below.
If buffer 1 has weight 1 and buffer 2 has weight 3, then when both buffers are
nonempty, buffer 1 will receive 1/(1+3)=1/4 of the bandwidth and buffer 2 will
receive ¾ of the bandwidth.
For an n-queue system, queue i ϵ {1 ... n} is assigned a weight ωi. The outgoing link
capacity s is shared among the flows with respect to their allocated weights. Each flow i
is guaranteed to have a service rate of at least
B.E, 6th Semester
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
Given a certain available bandwidth, if a queue is empty at a given time, the unused
portion of its bandwidth is shared among the other active queues according to their
respective weights.
5
Write Short notes on:
a.
VPN
A virtual private network (VPN) is a network that uses a public telecommunication
infrastructure, such as the Internet, to provide remote offices or individual users with
secure access to their organization's network.
A virtual private network can be contrasted with an expensive system of owned or
leased lines that can only be used by one organization.
The goal of a VPN is to provide the organization with the same capabilities, but at a
much lower cost.
A VPN works by using the shared public infrastructure while maintaining privacy
through security procedures and tunneling protocols such as the Layer Two
Tunneling Protocol (L2TP).
In effect, the protocols, by encrypting data at the sending end and decrypting it at the
receiving end, send the data through a "tunnel" that cannot be "entered" by data that is
not properly encrypted.
An additional level of security involves encrypting not only the data, but also the
originating and receiving network addresses.
VPNs provides privacy by using tunneling protocols and security procedures
VPN provides the following capabilities
 Extended geographical communication
 Reduced operational cost
B.E, 6th Semester
10
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
 Enhanced organizational management
 Enhanced network management
There are two types of VPNs
 Remote Access VPN
 Site-to-Site VPN
b.
MPLS
Remote Access VPN
Remote access tunneling is a user to LAN connection.
 Organization users are connected to a private network from various remote locations by
using remote access VPN.
 Remote access VPNs use encrypted connections between the organizations private
network and remote users through a third party that provider service.
 Tunneling uses mainly the point to point protocol in remote access VPN.
 To communicate over internet PPP helps by carrying other internet protocols as
 IPsec, L2F, PPTP and L2TP.
Site-to-Site VPN
Site to site tunneling is used to connect multiple fixed sites of an organization over a public
network. It can be classified as either intranet or extranet
1. Internet : it is used to connect various remote site LANS of an organization into
a private network
B.E, 6th Semester
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
2. Extranet: it allows two organizations to work in a shared environment through a
tunnel built to connect them.
b. MPLS
Multiprotocol Label Switching (MPLS) refers to a mechanism which directs and transfers data
between Wide Area Networks (WANs) nodes with high performance, regardless of the content
of the data.
MPLS makes it easy to create "virtual links" between nodes on the network, regardless of the
protocol of their encapsulated data.
It is a highly scalable, data-carrying mechanism.
In an MPLS network, data packets are assigned labels.
Packet-forwarding decisions are made solely on the contents of this label, without the need to
examine the packet itself. This allows one to create end-to-end circuits across any type of
transport medium, using any protocol.
The primary benefit is to eliminate dependence on a particular Data Link Layer technology, such
as ATM, frame relay, SONET or Ethernet, and eliminate the need for multiple Layer 2 networks
to satisfy different types of traffic. MPLS belongs to the family of packet-switched networks.
MPLS operates at an OSI Model layer that is generally considered to lie between traditional
definitions of Layer 2 (Data Link Layer) and Layer 3 (Network Layer), and thus is often referred
to as a "Layer 2.5" protocol.
It was designed to provide a unified data-carrying service for both circuit-based clients and
packet-switching clients which provide a datagram service model.
B.E, 6th Semester
USN
1 P E
PESIT Bangalore South Campus
Hosur road, 1km before Electronic City, Bengaluru -100
Department of Computer Science & Engineering
1) Ingress LSR: This performs initial packet processing and applies the first label to
create a new label.
2) Core LSR: This swaps the incoming label with the corresponding next hop label given by a
forwarding table.
3) Egress LSR: This pops the label from the packet. When an IP packet enters into an MPLS
domain an ingress LSR processes its information and matches it to a Forward Equivalence Class
(FEC).
The QoS parameters also define which queueing and discarding policy are to be used.
Two protocols are used to exchange information among routers, and they are,
Intra domain Routing Protocol (OSPF): This is used to exchange routing information.
Label Distribution Protocol: This assigns labels to each packet.
B.E, 6th Semester