CIS 656, Fall 2005. All homework is assigned on this page. Homework must be done before / is due on the date stated. Homework to be handed in: Unless stated differently, and unless you make a different arrangement with the TA, homework must be handed in on the day stated, before 1:00 pm, by putting it in the envelope on the door of the Internet Laboratory. That is GITC 4325. If you want a special arrangement for handing in homework, ask the TA. Don't ask Dr Ott. He always says no. I try to assign homework at least 6 days in advance (on Sunday for the next Saturday) but sometimes I do not succeed. Also, sometimes I change my mind. So check this page frequently. Use ``reload'' or ``refresh'', or you will get the version you looked at last time. Students are encouraged to discuss homework at the ``idea'' level (``how would you start on this problem''), but doing homework together and handing in essentially the same copy is absolutely not permitted and leads to reduced credit or worse. --- 09/10/2005 (lecture 2) On my website, CIS 656 General Remarks, read the ``Computer Access at NJIT'' page. Do those excercises that are not old hat to you. Do not hand in. On the same website, read the ``CIS 656 Content'' page. Remember this page: later you need the ``man pages'' listed there. On the same website, read the ``Networking Books'' page. Remember this page: you may need to read RFCs listed there, or books listed there. Read the README file. Look at Forouzan Appendix A (pp 771 - on). (ASCII). Do not memorize! but remember where it is: you may need it later on. Read Forouzan Appendix B (pp 776 - on). (Numbering systems). You have had this as undergraduate. (Also Octal). Read Forouzan pp 783 - 785 (first 3 pages of Appendix C). This is a review of one's complement arithmetic (which you already knew) in the context of checksums (which may be new). Read Forouzan pp 1 - 40 (Ch 1 and 2). Read Forouzan pp 43 - 54 (ethernet). Read Forouzan pp 81 - 95 (Start of ``adressing''). IETF stands for ``Internet Engineering Task Force''. RFC stands for ``Request for Comments''. IETF RFCs can be obtained on the web. Find out how. (For example, first use GOOGLE to find IETF). Get IETF RFC 1700 and read page 1. (The whole RFC is too long and too out-dated to read). Get IETF RFC 3232 and read the whole thing. (2 pages). 1. Use the mechanism described to find out what the content of the ``Frame Type Field'' (see below) in an ethernet frame header is, in case the ethernet frame contains an IP version 4 (IP v4) packet. (The answer is 0800 in hexadecimal, 0000 1000 0000 0000 in binary, 2048 in decimal). To prove you found the answer in the location I want you to know about, copy 5 lines from the page you found: the line with the answer, two lines above it, two lines below it (five lines total). Hand in these 5 lines. Note: What I usually call the ``frame type field'' in the ethernet header, other people sometimes call the ``ether type field''. (And sometimes I do that, too). Forouzan used to call this the ``Length PDU'' field. That was outdated. In the third ed p 46 he calls it the ``length/type'' field. Nowadays it is almost always used as ``frame type'', i.e., as descriptor of the next higher protocol. More about this in class. While doing the homework you may have to search for ``ethernet numbers'' or ``ether type'' or ``frame type''. 2. Do Forouzan p 112 problem 10. Hand in. 3. Do Forouzan p 112 problem 11. Hand in. --- 09/17/2005 (lecture 3): Since I did not cover ``Fragmentation'' yet, do the problems below but do not spend time on the ``fragmentation'' parts of the problems. Read Forouzan pp 55 - 79 (Most of this is ``the other LANs'' that you must be aware of but that are not of further relevance in this course.) Read Forouzan pp 95 - 110. Read Forouzan pp 115 - 128. (CIDR etc). Read Forouzan pp 131 - 155. (In class I called this ``forwarding''). Read the ``Domain Names'' page on this website. Read the ``nslookup and dig'' page on this website. Go to the ``Class projects'' page on this site. Read the ``README'' page. This will give you an idea for the project this semester. (The network will be different). Read the ``Project B network description''. Look at one of the ``Project B network diagrams''. (These are for Spring 2005 Projects. This year's project will be different, but not that different.) Look at the ``Project A example'' pages. Do 1 packet ``by hand''. (More if you like to waste your time!) Do not hand in! Look at the ``Example output 1 for Project B'' page, in particular the packet 3. Make sure you understand ``simple fragmentation''. Other examples are packets 15 and 18 in ``Example output 2 for project B''. Do one of these ``by hand''. Do not hand in! Packet 16 in Example 2 for project B also has fragmentation, but it is not ``simple'': This packet has Strict Source Routing as well as Fragmentation. DSCP (Differentiated Services Code Point) is the first 6 bits of the ToS field. ECT and CE are the first and second bits of the ECN field (the last two bits of the ToS field). Checksums are not checked! Packets 4 and 6 also have fragmentation, but not simple: they combine fragmentation with other complications still to be done in class. The following was an excercise in Fall 2004. I did not modify it yet for this semester: { Go to http://www.clickz.com/stats/big_picture/demographics/article.php/3398361 to find out something about Internet Traffic. What percentage of americans say that the Internet plays an important role in their daily routines? What percentage of the americans are not plugged into the the Internet at all? Can you explain the discrepancy? Hand in your response. (I found this page by typing ``Internet Traffic Patterns'' into Google and then going with the flow). } In Fall 2005: Do, hand in, 1, 2a, 3a,b: 1. Get the URL of the Univ of Adelaide in Australia. Get the IP address of the computer that supports that URL. Hand in that IP address. Does that computer have alias? If yes, give the alias. 2. An IP packet, without IP options, arrives at Router R. It has TL = 2500. (TL: Total Length. TTL: Time to Live.) a. How many header bytes does it have? How many IP data bytes does it have? Leave for until Fragmentation has been covered: { It has TTL = 12 , DF = 0 , M = 0 , Frag_Offset = 0 . The router finds it has to forward the packet, and finds the next LAN has an MTU of 1500 Bytes. b. How many fragments will result? c. For each of these fragments, compute TL, TTL, DF, M, and Frag_Offset. Hand in. } 3. A router has the following two entrees in its forwarding table: ---------------------------------- | 17 | 172.192.128.0 | A0 | eth0 | ---------------------------------- | 24 | 172.192.148.0 | A1 | eth1 | --------------------------------- where A0 and A1 are IP addresses and not equal, and eth0 and eth1 are interfaces on the router and are not equal. We all know that every ``hit'' with the second route also is a hit with the first route. This still works because of the ``longest prefix'' principle. 3a. If the destination IP address of a packets is a hit for both routes, what next hop IP address is used? 3b. Split the first route (set of addresses described in CIDR notation) into a set of routes, in a such a way that we no longer need the ``longest prefix'' principle. (No double hits can occur). Hint1: You must split the first route into 8 disjoint blocks, one of which is the second route. The first route then is replaced by the other 7. I know it is 7 because 24 - 17 = 7. Hint2: Try it first with an example where the difference in the lengths is smaller. Say 1, then 2, then 3, then you have figured it out. --- 09/24/2005 (lecture 4). Read Forouzan pp 159 - 176 (ARP and RARP). Read Forouzan pp 179 - 209 (IP Protocol). If you have not yet done so: Download and install ssh (Secure Shell) into your computer at home. Telnet from your computer at home to a computer at NJIT. SSH from your computer at home to a computer at NJIT. Do: man arp , man netstat , man ifconfig (in microsoft: ipconfig). (In microsoft, ``man'' is called ``help'', but is not as much help as man. Make sure you do all this on afs computers. Plus others, if you want to.) Try to make sense out of these. Do not spend more than 90 minutes on these three together. Do: man ping . Make sense out of the output. (You can do it!). There are (at least) three groups of computers at NJIT you can access: A. afs1 - afs36 (remote and ``on the spot'', in GITC). B. afs48 - afs57 (remote only). C. lafite.njit.edu and mouton.njit.edu (remote only). (You will get access by about ... . There was a delay. It will be soon.) Find out which ones are telnet servers, which ones are ssh servers. Do NOT hand in. (Some are both). Access at least one from each of these groups and do ``ifconfig -a'', ``arp -a'', ``arp -an'', ``netstat -r'', ``netstat -a'', ``netstat -n''. Study the outputs. Do NOT hand in. Now first telnet to one of afs48 - afs57 and then from there to another from afs48 - afs57. Make sure both are sgi machines. Repeat the ``arp'' experiments. Make sure to understand what you see. Do NOT hand in. (Some of these machines do not answer ping on 09/17/05). On one computer from each group, play with ping. Find out how to set the number of data bytes in a ping packet. Find out how to set the number of ping packets in a sequence. Do NOT decrease the time between ping packets below 1 second. Do NOT hand in. 1. For afs4, for afs49, for lafite, find the physical address. (If there is more than one port: the physical address of the port that has a configured IP address). Hand in. If the computer I suggest does not respond to ping, take the next one in the same group. (Add mod N, where N is the number in the group.) 2. For the same computers, find the IP address, the network mask, and the network address. (Really: I should say ``LAN'' or ``subnetwork'' but I often say ``network''.) Hand in. 3. Find out what the time-out algorithm is for the arp caches in the three groups of computers. Hint: do ``arp -a'' or so once every 30 or 40 seconds for 5 or 6 minutes. Hand in a description of the time-out mechanism. Make it BRIEF! AT MOST three sentences should be enough. For some of these computers you may have to do something to force it to change its arp cache. 4. Suppose we have a (sub)-network 128.235.32.0/21 Which of the following addresses can be the address of a host on that network? Which ones can be the source address in a packet on that network? Which ones can be the destination address in a packet on that network? (Each yes (it can) or no (it can not), with SHORT explanation. Like: ``first difference is in the bit number 27, and 27 < 32''. Or a drawing with arrows and/or circles. Bits are numbered 0 , 1 , ... , 31 . Convince Mr Jain you did not just guess.) (i) 129.235.32.1 (ii) 128.234.32.2 (iii) 128.235.33.3 (iv) 128.235.34.4 (v) 128.235.35.5 (vi) 128.235.35.255 (vii) 128.235.39.254 (viii) 128.235.40.253 (ix) 255.255.255.255 (x) 128.235.39.255 (xi) 128.235.32.0 (xii) 0.0.0.0 (xiii) 224.0.0.1 (xiv) 225.1.2.3 (xv) 0.0.7.7 (Look in Forouzan!) (What did I say in class?) (xvi) 127.0.0.3 (xvii) 172.17.17.17 (Tricky!) (The answer is (No, No, No), explain why.) Hand in. Make it clear and concise. Example: The answer to (xiii) is (No, No, Yes) because 224.0.0.1 is a multicast address. The answer to (ii) is (No, Yes, Yes). It can not be an interface in the (sub)network because there is a difference in the second octet. It can be a source address or destination address because the packet could be in transit through 128.235.32.0/21 . 5. Find out who ``owns'' the IPv4 address space 056/8. (56.0.0.0/8). Do and hand in problems 1 - 5. Go to the afs48 - afs57 group and do ``arp '', where is the name or IP address of one of the other computers in the same group. Sometimes the response is `` ... -- no entry ''. If that happens, ping the machine for which you got no entry, and try ''arp '' again. Make sure you understand what you see. Do NOT hand in. --- From here on homework will be modified. I am still in the process of modifying from last semester. --- 10/01/2005 (Lecture 5) ``midterm 1'' will be on 10/01/2005. ``Everything'', including reading and homework for 10/01. Be on time! The exam will start 9:15 punctually, and you will be somewhat strapped for time. Closed book. Calculator permitted. Cellphones must not only be off but must be in your bag. Or (prefered) outside the room. Laptops must not only be off but must be closed and off your table. Read Forouzan pp 211 - 235 (ICMP) Do: man nslookup , man dig . Try to make sense out of these. Do not spend more than 60 minutes on these two together. I have asked the systems people to give you access to afs49, afs55, and afs57. Telnet only. Even once you have access you may have to log in to one of afs1 - afs36 (any way you want to: keyboard, ssh, telnet, rlogin, ...) and then telnet from there in order to log in to afs49 etc. It may be Tuesday before you have access to afs49 etc. Do the ``afs48 - afs57'' homework you had for 09/24. Do not hand in. By now you have found out that, with ping, afs1 - afs36 give the ``round trip time'' in whole msec (rounded to the nearest integer), while (most of?) the other computers I mentioned in the homework for 09/24 give the RTT in microseconds. (If you did not find out yet: shame on you. Check it now.) 1. Among afs48 - afs57, find two that are up and in the same LAN, then use ping to estimate the data rate (bits/sec) of the link between them. BRIEFLY describe what you measure and what it means. Hand in. 2. Do and hand in problems 2b and 2c for 09/17. --- 10/08/2005 (Lecture 6) Don't forget: Project A is due 10/15. Make sure you have working code by 10/08 or you will get in time trouble. Read Forouzan pp 237 - 252 (IGMP) Read Forouzan pp 255 - 272 (UDP) do man traceroute and make sense out of the output. Go to Google and search for ``traceroute''. You will find a large number of ``public traceroute sites''. Some work as advertised, some don't. www.traceroute.org contains lists of such traceroute sites. (One list for ``every'' country.) Some work as advertised, some don't. Try a few. Find some IP adresses to traceroute to by finding websites for various organizations and topics. Make sure some are on other continents. Some of these addresses you can reach. Some you can not. Think about what that means. Do not hand in. A public traceroute site that works is www.net.princeton.edu/traceroute.html . Try it. Do not hand in. 1. From the Princeton U traceroute site, traceroute to the www site of the Univ of Adelaide. Explain what you see. Hand in the traceroute output and your BRIEF! explanation. 2. Do the same from the Princeton U site to the www site of Stanford U. Hand in the traceroute output and your BRIEF explanation. 3. Try to find a computer in Asia (or European part of Russia) that you can reach using traceroute. Do not hand in. You now have access to three subnetworks in NJIT. One of these contains afs1 - afs36, the second contains afs48 - afs57, the third contains lafite and mouton. 4. For each of these subnetworks, find the network address in ``slash notation''. Hand in, with a SHORT explanation of how you got it. (Name of computer(s) you were logged in to, name of command(s) you used, output you got, plus one sentence.) (Do not do 5 yet: do after IGMP) 5. In the IANA Database, find the IP Multicast Address for NTP (Network Time Protocol). Hand in 5 lines: the line itself, two above, two below. If you want to know more about the Network Time Protocol: Go to the IETF RFC pages and search for NTP. You get 13 matches. The best for your purpose probably are RFC 1129 and RFC 1305. This will not be handled in class. Note that 5 of the 13 RFCs are ``obsoleted''. (Do not do 6 yet: do after IGMP) 6. In the IANA Database, find the ethernet physical multicast address for ``DEC LanBridge Copy packets (All bridges)''. Hand in 5 lines: the line itself, two lines above, two below. 7. Do traceroute between lafite and mouton. Do ping between lafite and mouton. What options do you choose for traceroute and for ping to make the results ``as comparable as you can''? Compare the outputs. Do not hand in. 8. Do traceroute between one of (lafite, mouton) and one of (afs48 - afs57). Do ping between the same two computers. What options do you choose for traceroute and for ping to make the results ``as comparable as you can''? Compare the results. Do not hand in. --- 10/15/2005 (Lecture 7) Project A is due. Hand in the code, by Email, to Mr Choi, hwc1027@njit.edu, before Sat 10/15 1:00 pm. Make sure your code performs well on the examples in my web page. (Class projects). Make sure it runs in afs computers! Make sure it is very simple and not costly in time for Mr Choi and me to follow your directions on how to compile and run your code. No Makefiles etc! Read Forouzan pp 275 - 305. (Start of TCP). SIP Stands for ``Session Initiation Protocol''. I do not plan to cover it in class. It is a ``lightweight'' protocol for setting up sessions, for example VoIP sessions. If you want to read up on it: go to the IETF RFC pages and search for ``SIP''. (Even though it is ``obsoleted'' you might want to start by reading RFC 2543, then read a few of the later ones.) There is an IP Multicast Address associated with SIP. 1. Suppose a SIP Multicast packet moves through an ethernet. What is the physical destination address of the ethernet frame? Hand in. In order to find more homework for you, I went to Google and asked for ``Internet Traffic Patterns''. After a few more clicks I found something on the market share of Firefox. 2. What is the current market share of Firefox (in the browser world)? Hand in. In the process, I saw a few other items that might be of interest to you. Have a look. (Do not hand in.) 3. Do Forouzan p 273 problem 16. Hand in. --- 10/22/2005 (Lecture 8) Read Forouzan pp 305 - 340. (More TCP). 1. Do Forouzan p 252 problem 5. Hand in. 2. Do Forouzan p 341 problem 3. Hand in. (How does the TCP source figure out what is wrong, from the ICMP message? Draw the ICMP error message the source receives, and explain.) --- 10/29/05 (Lecture 9) Read Forouzan Ch 18 (pp 499 - 516) (Telnet). Pay special attention to what it says about Out-of-Band Signalling. Do, and hand in, Forouzan p 341 problem 9. Before 10/29/05 the network for ``project B'' will appear on this website. Start working on project B as soon as possible. You can make a design for your project B code before having seen the specific network: Look at the networks for previous semesters. I recommend you choose a partner for project B now. (Unless you already did.) I plan to cover ``tcpdump'' on 10/29/05. Print ``man tcpdump'' and have a look at it. I do not expect you to understand all of it! Read the pages on ``Snooper Tools'' and on ``tcpdump tutorial'' on this web page. I do not expect you to have a close look at the examples, yet. But feel free if you have the time. It is a good investment. --- 11/05/05 (Lecture 10) Midterm II. Everything covered thus far, including reading, notes, homework. (including homework for 11/05/05). There WILL be questions similar to those from midterm I. There is likely to be a question that involves TCPdump output. There is likely a question that involved ``high performance TCP''. Meta-homework: Get Linux running on your laptop. (E.g. dual boot, with a Linux partition and a microsoft partition). Play with sniffers. E.g. tcpdump on Linux, ethereal, snoop on microsoft. (Only if you feel secure doing this! A CS major should feel secure doing this!) (Do not hand in!) Read Forouzan Ch 19 (pp 519 - 544) (FTP and TFTP) (I will not ask Telnet- or FTP- specific questions on the midterm, but you must know a little bit about both for the homework.) Read the pages on ``Snooper Tools'' and on ``tcpdump tutorial'' and on ``ftp tutorial'' on this web page. Go to a Unix or Solaris or Linux system. Log on and do ``man tcpdump''. Get a printout of ``man tcpdump''. Try to make sense out of it. Keep the copy. (Spend 1 hour on this, not more.) Go to a Unix or Solaris or Linux system. Log on and do ``man ftp''. Get a printout of ``man ftp''. Try to make sense out of it. Keep a copy. (Spend 1 hour on this, not more.) ftp a file over from one computer to another. Do not hand in. I have put two big TCPdump outputs in the CIS656 ``General Pages''. Have a look at both. Most of this is ``websurfing'': I visit port 80 (the http port) at various ``web servers''. Look at the one called ``Big Clean TCPdump'' (without -X). Look at the three way handshake starting at time 11:45:19.651265 . What is the IP address of the client? What is the Ip address of the server? What is the name of the client? (hawking.internetlab.lab)? What is the name of the server (Use nslookup or dig). Who sends the first data? (client ot server?) Do not hand in. Find the end of the flow that starts at time 11:45:19.651265 . Hint: Use your editor to look for the pattern " F ", then (this is essential!) check IP addresses and Port number to check you have the right end of a flow (or end of a pair of flows). The first FIN is at time 11:45:20.757458 . The Ack follows and indeed acknowledges the FIN. (Compare sequence numbers and Ack_Seq number). But then: jackpot! While hawking nicely closes, and the yahoo server nicely acknowledges the FIN, it never bothers to send a FIN itself. (Use an editor: the port 38413 is never seen again!) 1. Find the start of a flow that starts at time 11:45:20.645806 . Does this flow use TCP Timestamps? SACK? Explain your answer. For that flow, find the end. (End starts at time 11:48:40.400130 . Earlier FINs end other flows: look at IP addresses and port numbers!) Find the other packets in this final handshake. Give (TCPdump) timestamps of these packets. Is this a three-way or a four-way handshake? (Explain your answer: just counting packets is not enough). Hand in. 2. Find the packet with TCPdump Timestamp 11:45:25.847996. Describe what packet got lost, when TCPdump sees the re-transmission. (Use the editor to make sure you look at packets of the right flow). Hand in. Look at the file ``Big Clean TCPdump with -X''. (The one with the hexadecimal dumps). Choose a couple of packets at random and decode the headers. (IP, TCP or UDP, etc. headers only). 3. Go to the packet with TCPdump timestamp 11:45:25.761499 . Decode the IP and TCP headers of that packet, and of the other two packets in the same handshake. Hand in. Note: in an exam you will probably not have the header printed like in this case! I will probably give you ONLY the hex dump. Next stretch from ---- to ---- feel free to use as excercise, do not hand in: too much! ---- Look at the tcpdump outputs in the ``tcpdump examples and homework'' pages in my ``CIS 656 Spring 2005'' pages. Play with the files. Get them in the formats you like best. Do not hand in. Note that the packet with tcpdump timestamp 16:23:02.187258 (packet 6) has tcp timestamps (forward and return) 621284438, 630600818. Compare with packets before and after. Do not hand in. Look through the tcp options in the packets ``5, 6, 7, 8''. What do you find out? Do not hand in. Look at the ttls in the same packets. Does that make sense? Do not hand in. 1. Completely reconstruct (ethernet headers, ARP packets, padding, but not pre-amble or CRC) the packets with tcpdump time-stamps 16:23:02.184419 , 16:23:02.184461 . (Packets 1 and 2). Hand in. I explained in class why for one you see the padding and for the other you don't. Describe the packets as you see them (in terms of the fields you learned about in class). 2. For the ``ftp control channel'' in the tcpdump outputs, find the packets in the ``final handshake''. How man are there? Hand in the tcpdump timestamps (not the tcp timestamps!) of these packets. 3. Compare the tcpdump timestamps with the tcp timestamps. Based on that information, what are the units of time franklin uses in its tcp timestamps? What are the units of time hawking uses in its tcp timestamps? Hand in. Give a BRIEF! explanation. 4. Find the login and password I use in the Internet Laboratory. Hand in the part of the tcpdump output that tells you what they are, with a BRIEF! explanation. (Use Forouzan pp 771 - 775). Try to reconstruct the file I ftp-ed over from franklin to hawking. (or just the first few and last few characters). Do not hand in. (Students in CIS 656: Only if you really want to. This is likely to take too much time for this week.) ----- --- 11/12/05 I neglected to assign homework for 11/12/2005. My apologies. I assume you worked on project B. -- 11/19/05 Starting 11/19/05 class will meet 9:00 - 12:15 Sat am. Same room. I have given an extension for project B. It is due Wednesday evening November 23: BEFORE Thanksgiving. By Email to Mr Choi. hwc1027@njit.edu . Mr Choi will do the grading over Thanksgiving. I corrected a typo in my program for project B. The example file has changed. Do refresh or reload. I will add examples and/or modify current ones: Do refresh or reload on a regular basis. Also look at the example files for previous semesters, to see pretty much all the special situations that can occur. For 11/19/05: Read Forouzan Chapter 13 (SCTP). Read Forouzan pp 385 - 421 (Start of Routing: RIP and OSPF) There is a setup with a Source S, a Router R1, a Router R2, and a Destination D. Distances are 2 km from S to R1, 4000 km from R1 to R2, 2 km from R2 to D. Data rates are 100 Mbits/sec between S and R1 and also between R2 and D, and 6 Mbit/sec between R1 and R2. (Full Duplex: the speed listed in both directions simultaneously>) There is a TCP flow between S and D. S sends data packets to D, and D sends acknowledgements back. S sends a ``very, very large'' file. Data packets are 20 IP Hdr Bytes, 20 TCP Hdr Bytes, and 1460 data bytes. Acknowledgements are 20 IP Hdr Bytes and 20 TCP Hdr Bytes. You can disregard DLL headers. (You shouldn't, but in this homework it is OK :-) ). D does not do Delayed acknowledgements: it sends an acknowledgement for every data packet as soon as it has the last bit of the data packet. Processing times everywhere are ``infinitely small'' (fast!) (compared with even the smallest transportation times). 1. Compute the ``basic RTT'' in case you send 1 data packet while there is no other load on the system. Give the answer in nsec accurate. (nano secs: 10^(-12) secs) 2. Suppose there is no loss in this sytem. What window size (For convenience: in packets) would you recommend D advertises to S? Suppose this flow is the only one in the system. 3. Assume there IS loss (Teenagers with a motor bike with unshielded sparcplugs cause some loss due to elecromagnetic noise, and there is a hole in the shielding of some coaxial cable carrying the packets). The loss probability p is small, say less than one in 5 million. How large must the buffers in R1 and in R2 be to make sure we make efficient use of the data links? Note: a packet ``in the process of arriving'' does not yet use buffer space. A packet ``in the process of leaving'' no longer takes buffer space. 4. In case 3 above, how large must the advertised window be to make good use of that larger buffer? (After a packet drop, the new cwnd is NOT half the old cwnd, but half the ``flightsize'' of just before the loss. ``flightsize'' (in the source) is the number of data bytes ``sent but not yet acknowledged''.) (Often, flightsize = min(cwnd, advertised window).) 5. Now the loss increases. (The teenagers are having a dragrace?) Roughly, at what value of p do you noticeably start seeing the situation that the bottleneck link has ``underflow'' (goes unused a non-trivial part of the time) because the cwnd is too small? In problem 5 I only expect a ``reasonable approximation''. (In fact, there is no sharp p* for which you can say ``p* is OK but larger is too large''. There IS a p* for which you can say ``drop probability < p*/10 is fine and drop probability > 10p* is bad''. In between there is a gradual transition.) Hand in. Make sure you explain what you do, why you think your answer is correct. That is more important than the correct numbers. You will get credit for a wrong answer with a clear, logical, defense. None for a correct answer with a pointless story. Do refresh or reload on a regular basis! --- Model solution for the problem above (you must make a drawing of this system!): (Please check my arithmetic! I had no time for a second pass.) Datapackets are 1500 Bytes = 12000 bits. Acknowledgements are 40 Bytes = 320 bits 1. The delay from S to D: (12000/100,000,000 + 2/200,000) +(12000/6,000,000 + 4000/200,000) +(12000/100,000,000 + 2/200,000) = 24/100,000 + 2/100,000 + 200/100,000 + 2000/100,000 = 2226/100,000 sec = 22.26/1000 sec = 22.26 msec. The delay from D to S is (320/100,000,000 + 2/200,000) +(320/6,000,000 + 4000/200,000) +(320/100,000,000 + 2/200,000) = 640/100,000,000 + 2000/100,000,000 + 2,000,000/100,000,000 + 5333.33/100,000,000 = 2,007,973.33/100,000,000 = 20.079,733,333 msec. The total ``Basic RTT'' is 42.339,733,333 msec = 42,339.733,333 microseconds = 42,339,733.333 nanoseconds. 2. The throughput equals the (Effective Window Size)/RTT. The highest thput we can achieve is 6,000,000 bits/sec. As long as the RTT stays at 42.339 msec that means we need an effective window of .042,339,733,333 x 6,000,000 bits = 254,038.4 bits = 31,754.8 Bytes. Since there are only 1460 databytes in a packet, that is 31,754.8/1460 = 21.749,863 Data Packets. I would recommend a window size of 22 packets, that is, 22 x 1460 = 32,120 Bytes. If it is indeed true that there is no processing delay, this would mean that in the buffer in R1 toward R2 every time just before a packet is ``done being sent'' a new packet is ``done being received from S''. If you think that actually there is some processing delay, you could make the window 23 packets, or even (a little bit) larger. This may increase delay somewhat, but increases the garantee that a thput of 6,000,000 bits/sec is achievable. If we choose a max window size of Wmax > 21 we must have space for at least W - 21 packets in the buffer in R1. (For safety: a little bit more). 3. Now there is occasional loss. (But fairly rare). We want to: Make the buffer in R1 large enough, and the max Window Wmax large enough, so that when the Window is fully utilized (Wmax - 21 packets in the buffer) there is no buffer overflow yet, AND if at that time there is a loss, the resulting halving of cwnd does not lead to buffer underflow (starvation of the link). So B = Buffersize \geq Wmax - 21 (preferably a bit larger: packets in a flow are not always perfectly evenly spaced), and Wmax - 21 \geq 21. Wmax > 42 , B > 21. Actually, there is atrade-off here. By increasing Wmax to higher than about 22, we increase the delay of just about all packet. But we prevent loss of throughput in the periods of recovery just after a packet loss. If loss is really rare, it is better to take the lower delay and very occasional temporary loss of thput. If loss is not so rate may be better to accept the higher delay,m to prevent loss of thput. 4. Now loss increases. Loss probability is p. So the cwnd ``typically'' is around \sqrt{2/p} packets. (Because there is no delayed acknowledgement.) Let's see what happens if p is such that \sqrt{2/p} = 22, i.e. p/2 = 1/484 , i.e. p = 1/242 ~ 1/250 = .004. In that situation (very) roughly half the time the cwnd is less than 22 packjets: there is noticeable loss in thput. (We still need a Wmax > 22 and B > Wmax - 21, possibly Wmax 45 or so, or less). So a p ~ .004 is already large enough to cause noticeable loss in thput. If p = .0004 we would get a cwnd which (roughly, and if the Wmax were to allow it) half the time is less than 70 and half the time is more than 70, so a cwnd of less than 22 would be pretty rare. so for p = .0004 or smaller, the thput would be less than, but pretty close to, 6,000,000 bits/sec. (Data and headers together.) Warning: I made you do this excercise to make you think through the material you saw in class. In actuality you would never (?) optimize a buffersize for the situation of a single flow. --- No class on 11/26/2005. Have a great Thanksgiving. --- 12/03/05 Read Forouzan the remainder of Chapter 14 (Routing). Read Forouzan Chapter 27 (IPv6 etc). Do and hand in the following problem: Router R0 has 2 interfaces: hme0 on network N0, and hme1 on N1. R0 has 4 neighboring (directly reachable) routers: R1 and R2 on N0, R3 and R4 on N1. R0, R1, R2, R3, R4, and also R5, R6, etc (more routers, not directly reachable from R0) use RIP1. There also are more networks. At some point R0 has the following Routing/Forwarding Table (not all networks are listed!): Network N0 N1 N2 N3 N4 N5 N6 N7 N8 N9 distance (hops) 1 1 2 2 2 5 6 6 7 6 output interface 0 1 0 0 0 1 0 1 0 1 Next Router DD DD R1 R1 R2 R3 R1 R4 R1 R4 Now R0 receives from R1 the following RIP1 update: Network N0 N1 N2 N3 N4 N5 N6 N8 N9 N10 distance 1 2 1 1 2 4 6 5 4 4 A. What is the new Routing/Forwarding Table of R0 ? (list only the networks you know about). B. Suppose the routers use RIP1 with Poison Reverse. Suppose R0 had sent a RIP1 update to R1 BEFORE receiving the update above. What would that RIP1 update have looked like? C. In A, what would the resulting routing/forwarding table in R0 have looked like if R1 had advertised distance 16 to N6? Or distance 16 to N9? Hand in responses to A, B, and C. Make sure your answer is clear and concise and has just enough explananation to convince Mr Choi you understand what you are doing. And not more than that. There is a very high probability there will be a similar question on the final. --- 04/02/05 (Lecture 10) Midterm 2. Forouzan Chapters 1 - 12 (pp 1 - 344), all classnotes including 03/26, all homeworks including for 04/02. Make sure to understand FTP as in Ch 19, but do not memorize details. Do Forouzan p 341 problem 9. Hand in. --- 04/09/05 (Lecture 11) Starting 04/09/05 we will meet every Saturday from 9:00 am until 12:15 pm. Be on time! Have breakfast before class! No parties Friday night! Project B is due. Read Forouzan Ch 13 (pp 345 - 382) (SCTP) Read Forouzan pp 385 - 398. (RIP). Internet II is an association of universities, research labs, etc. that has built a ``very high data rate'' network. NJIT is a member. Internet II is connected to the ``ordinary'' (commercial) Internet. The Pittsburgh Supercomputer Centre and the San Diego Supercomputer Centre both are member of Internet II. Suppose the Pittsburgh SCC has a file of half a Terabyte (500 GBytes, 5 x 10^{11} Bytes) that must be sent to the San Diego SCC. ``Internet II'' has promised to make sure the connection has a data rate of at least 400 Mbits/sec asvailabe for this transport. In preparation of the transfer, the sysad people in the SCCs have measured the RTT between the two SCCs and found it is close to 100 Msec. Questions: a. How large must the send buffer in the Pittsburgh SCC be (in Bytes) to make it possible to utilize the data rate of 400 Mbit/sec? b. How large must the receive buffer in the San Diego SCC be (in Bytes) to make it possible to utilize the data rate of 400 Mbit/sec? c. What must the window scale shift (I prefer to call it shift, instead of factor) the San Diego SCC uses at least be to make it possible to utilize the data rate of 400 Mbit/sec? d. If the two sysad groups do things right, how long will it take to transmit this file? (Assume the Internet II people are on the dot with their estimate.) e. If the San Diego sysad person sits on the beach too long and forgets to modify the window scale shift (keeps it at zero), how long will it take, at least, to transfer the file? d. How often will the TCP sequence number in Pittsburgh rotate back to the original value (to the initial seqence number)? e. At the data rate the SCCs expect to achieve, how much time does it take for the TCP sequence number to rotate? Hand in. (Don't forget the factor 8 between bits and Bytes! :-) ) (I had almost asked this question instead of problem 4 in midterm 2.) --- 04/16/05 (Lecture 12) Read Forouzan pp 398 - 432 (OSPF and BGP). Read Forouzan pp 689 - 722 (IPv6 and ICMP v6). Do Forouzan p 382 problem 5. (The chunks are NOT in the order in which they ``should have arrived''.) Hand in. In the problem due 04/09: If the two supercomputer centers indeed succeed in maintaining almost exactly 400 Mbits/sec almost all the time, at a RTT of of 100msec: f. How many bytes are there, almost all the time, in the send buffer in Pittsburgh, that have been sent but have not been acknowledged yet? g. How much ``unused space'' is there, almost all the time, in the receive buffer in San Diego? Hand in. Answers could be: ``almost exactly x Bytes'', or ``roughly y Bytes'' or ``at least z Bytes'' or ``at most u Bytes'' or ... etc. Make sure your answer contains a CLEAR and CONCISE explanation in CLEAR and CONCISE english and based on a CLEAR and CONCISE and LOGICAL argument. The correct answer not supported by a clear and correct explanation will not get credit. --- 04/23/05 (Lecture 13) Read Forouzan pp 457 - 468 (BOOTP and DHCP) Read Forouzan pp 471 - 495 (Domain Name System) I plan to have a ``make-up exam'' on Sat 04/23/05, NOT during class time. (Probably 2:00 pm - 3:00 pm or so). Details will be provided. --- 04/30/05 (Lecture 14) There is homework (create your own web page in the afs directory) I should have assigned but did not. Please do it soon after May 13! See below. Read Forouzan pp 437 - 454 (Multicast Routing) Read Forouzan pp 499 - 516 (Telnet) Do Forouzan p 433 problem 14. Hand in. Do Forouzan p 433 problem 16. Only: Pretend you send a RIP Routing Advertisement to Router B while you are using Split Horizon. Then pretend you send a RIP Routing Advertisement to Router B while you are using Poison Reverse. (Use the layout and format I used in class: no need to mimmick actual RIP packets.). Hand in. And that's it! --- 05/07/05 (Final Exam) --- There is homework I should have given but never did: Create your own web page in the afs system. Please do it (unless you already did!) In your afs home directory (for me that is maan-2152 ott>: pwd /afs/cad.njit.edu/u/o/t/ott create a directory called public_html and cd there: maan-2153 ott>: cd public_html /afs/cad/u/o/t/ott/public_html In that directory, create an html file index.html . In my case that would be /afs/cad.njit.edu/u/o/t/ott/public_html/index.html . Once you are in ``your'' version of public_html you can create your version of index.html using emacs or vi or any other editor. Go to Google and find an html tutorial to help you create a .html file. (For example index.html ). Or just copy and modify my example, below: (in my directory) /afs/cad.njit.edu/u/o/t/ott/public_html/CIS656/CIS656.S.05 maan-2160 CIS656.S.05>: ls -lt total 302 -rw-r--r-- 1 ott 30 22399 Apr 26 18:19 #Assignments.txt# drwxr-xr-x 2 ott 30 2048 Apr 26 13:42 Exams -rw-r--r-- 1 ott 30 8770 Apr 18 15:53 Model_solutions.txt -rw-r--r-- 1 ott 30 2142 Apr 18 14:24 index.html -rw-r--r-- 1 ott 30 8655 Apr 18 14:21 Model_solutions.txt~ -rw-r--r-- 1 ott 30 21677 Apr 12 15:59 Assignments.txt -rw-r--r-- 1 ott 30 21631 Apr 12 15:53 Assignments.txt~ -rw-r--r-- 1 ott 30 2070 Apr 4 10:36 index.html~ -rw-r--r-- 1 ott 30 3784 Mar 31 22:29 handshakes_resolved.txt drwxr-xr-x 2 ott 30 2048 Mar 31 15:54 Project -rw-r--r-- 1 ott 30 1811 Mar 27 15:35 handshakes.txt -rw-r--r-- 1 ott 30 2379 Mar 27 13:05 midterm_2.txt drwxr-xr-x 2 ott 30 2048 Mar 25 15:22 TCPdumps -rw-r--r-- 1 ott 30 1770 Mar 25 12:00 ftp_short -rw-r--r-- 1 ott 30 4065 Mar 13 14:19 ftp_tutorial.txt -rw-r--r-- 1 ott 30 537 Mar 8 19:53 schedule.txt -rw-r--r-- 1 ott 30 1126 Feb 18 15:43 traceroute_njit.txt -rw-r--r-- 1 ott 30 1385 Feb 18 15:41 traceroute_stanford.txt -rw-r--r-- 1 ott 30 3663 Feb 18 15:07 ping.txt -rw-r--r-- 1 ott 30 3863 Feb 16 12:55 snoopers.txt -rw-r--r-- 1 ott 30 321 Feb 12 18:09 SSRR.txt -rw-r--r-- 1 ott 30 289 Feb 12 17:42 Max_Packet_Size.txt -rw-r--r-- 1 ott 30 388 Feb 11 17:13 Grading.txt -rw-r--r-- 1 ott 30 5199 Jan 15 14:11 README.txt -rw-r--r-- 1 ott 30 7377 Jan 15 13:55 nslookup.txt -rw-r--r-- 1 ott 30 2529 Jan 15 13:26 arp.txt -rw-r--r-- 1 ott 30 3263 Jan 15 13:26 types.txt -rw-r--r-- 1 ott 30 2289 Jan 15 13:25 domain_names.txt maan-2161 CIS656.S.05>: more index.html : CIS 656, Spring 2005 In the spring of 2005, CIS 656-102 and CIS 656-104 will be Saturday 9:15 am - 12:10 pm.
For the time being, see General CIS656 pages for information on CIS 656 in the spring of 2005.
If you want to start reading: read the ``CIS 656 Content'' page for advice on what to read.
See Schedule Spring 2005 for the schedule of class sessions and exams.
Students who want to can read the files on Domain Names, nslookup, and ping (below) before classes start.
The URL to see this web page is web.njit.edu/~ott (etc). --- Homework for the summer (after May 13) Read Forouzan Ch 20, 21, 22, 23, 24, 25, 26, 28. On your own computer, get a sniffer going. (tcpdump, ethereal, snoop, ...). Monitor your own traffic. See it makes sense. (Get your own computer if you did not have one.) Keep Forouzan (do not sell your copy) and use it to look up things.