We consider resource allocation in a packet-switched network (or Internet) consisting of multiple links and switches (or routers). This simple approach to queuing pushes all responsibility for congestion control and resource allocation to the edges of the network.
Fair Queuing
This weight logically specifies how many bits to transmit each time the router serves that queue, effectively controlling the percentage of link bandwidth that flow gets. This is exactly what is proposed as part of the Differentiated Services architecture described in a later section.
TCP Congestion Control
- Additive Increase/Multiplicative Decrease
- Slow Start
- Fast Retransmit and Fast Recovery
- TCP CUBIC
Eventually a timeout occurs, but during that time there are no packets in transit, meaning the source will not receive any ACKs to "monitor" the transmission of new packets. Given enough lost packets—for example, as occurs during the initial slow-start phase—the sliding window algorithm eventually blocks the sender until it times out.
Advanced Congestion Control
Active Queue Management (DECbit, RED, ECN)
First, RED calculates an average queue length using a weighted moving average similar to the average used in the original TCP timeout calculation. If the average queue length is between the two thresholds, the newly incoming packet is dropped with a probability P.
Source-Based Approaches (Vegas, BBR, DCTCP)
The goal of TCP Vegas is to keep the "right" amount of extra data on the network. Whenever the ActualRate falls below the shaded area (ie becomes too far from the ExpectedRate), TCP Vegas reduces the congestion window because it fears that there are too many packets stored on the network.
Quality of Service
- Application Requirements
- Integrated Services (RSVP)
- Differentiated Services (EF, AF)
- Equation-Based Congestion Control
The fact that it never actually needs a token pool doesn't mean it's an inaccurate description, but it does mean we've failed to pass some useful information to the network - the fact that stream A is actually very consistent in its bandwidth needs. On the other hand, if the new delay request were to be less than 50ms, the router should first check if it can accept it. request; if so, I would send the request up.
Perspective: Software-Defined Traffic Engineering
Is it possible to achieve the best of both worlds: compliance with TCP congestion control for the sake of fairness, while maintaining a smooth transmission speed for the sake of the application. One lesson to be learned from systems like B4 is that the line between traffic engineering and congestion control (as well as between traffic engineering and routing) is blurred.
SEVEN
END-TO-END DATA
Problem: What Do We Do with the Data?
Presentation Formatting
- Taxonomy
- Markup Languages (XML)
In contrast, in a system using a canonical intermediate form, each host only needs to know how to switch between its own representation and a single other representation—the external one. Although we have discussed the presentation formatting problem from the perspective of RPC—that is, how one encodes primitive data types and composite data structures so that they can be sent from a client program to a server program—the same basic problem occurs in other settings.
Multimedia Data
- Lossless Compression Techniques
- Image Representation and Compression (GIF, JPEG)
- Video Compression (MPEG)
- Transmitting MPEG over a Network
- Audio Compression (MP3)
To a first approximation, an I-frame is simply the compressed JPEG version of the corresponding frame in the video source. As mentioned above, I-frames are roughly equal to the compressed JPEG version of the source frame. GOPHdr specifies the number of frames in the GOP, as well as timing information for the GOP (ie, when to play the GOP, relative to the start of the video).
Perspective: Big Data and Analytics
Apart from the analyzes themselves, which are well beyond the scope of this book, the interesting questions are (1) what actionable data can we collect and (2) which aspects of the network are most promising to monitor. A second is In-band Network Telemetry (INT), a framework to collect and report network status directly in the data plane. In the INT architecture, packets contain header fields that are interpreted by network devices as "telemetry instructions".
EIGHT
NETWORK SECURITY
Problem: Security Attacks
Trust and Threats
For example, if you are transmitting a message over WiFi on an open campus, you would likely recognize an eavesdropper who can intercept the message as a threat (and adopt some of the methods discussed in this chapter as a countermeasure), but if you are transmitting a message over a fiber-optic link between two machines in a locked data center, you may believe that this channel is secure and therefore take no additional steps. This means that many of the tools described in this chapter can be considered patches. If there was to be a complete transformation of the Internet, the integration of security would probably be the most important factor.
Cryptographic Building Blocks
- Principles of Ciphers
- Secret-Key Ciphers
- Public-Key Ciphers
- Authenticators
If we think of keys as defining a communication channel between participants, then another difference between public-key and secret-key ciphers is channel topology. A similar concept applies to authenticators, with the added challenge that message corruption is likely. The recipient calculates a digest of the plaintext portion of the message and compares it to the digest of the decrypted message.
Key Predistribution
- Predistribution of Public Keys
- Predistribution of Secret Keys
- Diffie-Hellman Key Exchange
If Alice and Bob's computers are owned by the same company, then the system administrator can configure Bob with Alice's public key. Then Bob can send you a message claiming that Alice's key is x and—since you already know Bob's public key—you can authenticate the message as if it came from Bob. There can be any number of certificates in the universe that prove you own the public key corresponding to that private key.
Authentication Protocols
- Originality and Timeliness Techniques
- Public-Key Authentication Protocols
- Secret-Key Authentication Protocols
It then sends Bob a digitally signed message with his original timestamp and a new session key encrypted with Bob's public key. The second and third messages include the new session key and Alice's identifier, encrypted together with Bob's master key. In Needham-Schroeder, the KDC's reply to Alice serves two roles: it gives her the means to prove her identity (only Alice can decipher the reply), and it gives her a kind of secret-key certificate or "ticket" to present to Bob—a session key and Alice's identifier encrypted with Bob's master key.
Example Systems
- Pretty Good Privacy (PGP)
- Secure Shell (SSH)
- Transport Layer Security (TLS, SSL, HTTPS)
- IP Security (IPsec)
- Wireless Security (802.11i)
- Firewalls
The bigger lesson is that we should avoid rigid thinking about the right layer to implement a particular feature - the answer changes over time as the network evolves - requiring holistic/cross-layer analysis to get the design right. [Next one]. These formats are not very interesting because they only provide a framework: the exact form of the keys and authentication data depends on the key generation technique, the cipher and the authentication mechanism used. One of the most serious problems for firewalls is their vulnerability to exploitation of bugs in machines within the firewall.
Perspective: Blockchain and a Decentralized Internet
Instead of requiring users to place trust in a separate set of identity providers, Blockstack's identity protocol instead asks users to trust that the majority of decision nodes in the blockchain (called miners) will maintain the order of writing (called transactions). Names are registered in a two-step process: one to bind the client's public key to the salted hash of the name, and one to reveal the name itself. Once a name is registered, only the owner of the name's private key can transfer or revoke the name, or update the routing status.
NINE
APPLICATIONS
Problem: Applications Need Their Own Protocols
Traditional Applications
- Electronic Mail (SMTP, MIME, IMAP)
- World Wide Web (HTTP)
- Web Services
We begin our discussion of applications by focusing on two of the most popular—the World Wide Web and e-mail. One of the more interesting ones is , which allows the client to conditionally request a web page - the server returns the page only if it has been modified since the time specified in this address bar. Defining an application protocol in this architecture consists of defining a document structure (ie state representation).
Multimedia Applications
- Session Control and Call Control (SDP, SIP, H.323)
- Resource Allocation for Multimedia Applications
Detailed information required to receive the session (eg, multicast address to which data will be sent, transport protocol to be used, port numbers, encoding scheme). With the widespread adoption of Voice over IP (ie, supporting telephony-like applications over IP networks) and IP-based videoconferencing, SIP is now one of the most important members of the Internet protocol suite. This means that you have to do some session checking first, to exchange information about the codecs supported by the two phones.
Infrastructure Applications
- Name Service (DNS)
- Network Management (SNMP, OpenConfig)
The relevance of a zone is that it corresponds to the basic implementation unit of DNS - the name server. As another example, you might want to keep track of the load on various nodes (ie, the number of packets sent or received) to determine whether new routers or links need to be added to the network. The MIB defines the specific pieces of information - the MIB variables - that you can retrieve from a network node.
Overlay Networks
- Routing Overlays
- Peer-to-Peer Networks
- Content Distribution Networks
Note that as we move logically through the "ID space", the message is actually transmitted from node to node over the underlying Internet. It does not show the actual value contained in this entry - the IP address of the next routing node. The last mile. The connection connecting the server to the Internet can be overloaded by too many requests, even if the total bandwidth of that connection is quite high.
Perspective: The Cloud is the New Internet
At the same time, if some pages become extremely popular, it is conceivable that all servers in the system could be responsible for serving them. To remind yourself why the cloud formation of the Internet is important, see Perspective: Feature Velocity. This site contains source text for Computer Networks: A Systems Approach, now available under the Creative Commons (CC BY 4.0) license.
Read the Book
Initially, we will play an editorial role (curating and creating words) for the returned submissions, but our plan is to share ownership of the project with others who are committed to its success.
Releases and Editions
The community is invited to contribute corrections, improvements, updates and new material under the same conditions. We hope that open sourcing this material will make it widely available and serve as an attractor for new content: updating what already exists, expanding it to cover new topics, and supplementing the text with additional learning collateral. New content in development is checked into the branch until it can be merged into master without breaking self-consistency.
Build the Book
Kaufmann (Elsevier) plans to publish a 6th edition of their textbook based on a fork of v6.0, but going forward open source releases found here will not necessarily be in sync with any future published editions.
How to Contribute
The CLA is pretty straightforward: it states that (a) you have the right to contribute what you contribute, and (b) what you contribute is available to everyone else under the same CC BY terms as the existing content. If you'd like to contribute and are looking for something that needs attention, you can view the current project board. We'd also like to expand the set of topics/chapters beyond the original set inherited from 5th edition, so if you have ideas we'd love to hear from you.
Join Us
