T Computer Networks II Introduction Prof. Sasu Tarkoma

Contents Course Outline Carrying out the course Lectures Material

Course Outline 4 credit course During Autumn 2009, we will look at protocols and architectures related to mobility management, session management, authentication, authorization and accounting (AAA) services and quality of service (QoS). The course consists of the lectures and a final exam. The purpose is that the participants actively read the material beforehand and discuss problem areas during the lectures. Networks II lectures start on Monday in T2. Registration happens on this first lecture. Course material will be in English. Lectures will be in English if required.

Course Goals Understand advanced networking techniques Learn state of the art Get a glimpse to near-future technologies and long haul development

Time and Place Time and place: Mondays at 14:15 – 15:45 in T2. Prof. Sasu Tarkoma gives the lecture unless otherwise indicated.

Carrying out the Course The course grade consists of participation to lectures and a final exam. –Mandatory assignment: Wireshark Final exams will be held as follows: – :30-19:30 in T1. Required preliminary knowledge –T Telecommunication Architectures –T Computer Networks –T Information Security Technology

21 Sep 0939Mon14:15- 16:00 T2Introduction 28 Sep 0940Mon14:15- 16:00 T2Mobility protocols 05 Oct 0941Mon14:15- 16:00 T2Transport issues (Dr. Matti Siekkinen) 12 Oct 0942Mon14:15- 16:00 T2NAT (STUN, ICE, TURN) 19 Oct 0943Mon14:15- 16:00 T2Quality of Service 02 Nov 0945Mon14:15- 16:00 T2AAA 09 Nov 0946Mon14:15- 16:00 T2HIP 16 Nov 0947Mon14:15- 16:00 T2HIP II (M.Sc. Miika Komu) 23 Nov 0948Mon14:15- 16:00 T2Internet Router Development using NetFPGA. Network applications of Bloom filters. 30 Nov 0949Mon14:15- 16:00 T2Services and Identity Management 07 Dec 0950Mon14:15- 16:00 T2Summary Lectures

Final Exam :30 – 19:30 T1 Exam will be based on course material –Slides –Articles and standards documents Essay questions

Material General –Rethinking the design of the Internet: the end-to-end arguments vs. the brave new world On Compact Routing for the Internet authored by Dima Krioukov, kc claffy, Kevin Fall, and Arthur Brady. Published in the ACM SIGCOMM Computer Communication Review (CCR), v.37, n.3, 2007.Rethinking the design of the Internet: the end-to-end arguments vs. the brave new world On Compact Routing for the Internet Transport layer –RFC 2960: Stream Control Transmission Protocol RFC 4347: Datagram Transport Layer Security RFC 4340: Datagram Congestion Control Protocol (DCCP) Designing DCCP: Congestion Control Without Reliability (PDF), by Eddie Kohler, Mark Handley, and Sally Floyd. Proc. ACM SIGCOMM 2006.RFC 2960: Stream Control Transmission ProtocolDatagram Transport Layer Security Datagram Congestion Control Protocol (DCCP) Designing DCCP: Congestion Control Without Reliability (PDF) NATs –RFC 3489 STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs). IETF Journal article on ICE Peer-to-peer Communication Across Network Address Translators RFC 3489 IETF Journal article on ICE Peer-to-peer Communication Across Network Address Translators AAA –RFC 2865: Remote Authentication Dial In User Service (RADIUS) RFC 3588: Diameter Base ProtocolRFC 2865: Remote Authentication Dial In User Service (RADIUS) RFC 3588: Diameter Base Protocol QoS –RFC 3272: Overview and Principles of Internet Traffic Engineering RFC 3031: Multiprotocol Label Switching ArchitectureRFC 3272: Overview and Principles of Internet Traffic Engineering RFC 3031: Multiprotocol Label Switching Architecture HIP –RFC 4423: Host Identity Protocol (HIP) Architecture RFC 4423: Host Identity Protocol (HIP) Architecture Services –Amazon's Dynamo. SOSP 2007.Amazon's Dynamo

Assignment Mandatory assignment: packet capture using WireShark Goal: to get hands on experience with protocols Write 2 page report on WireShark protocol analyzer and use it to analyze some traffic (TCP, SCTP, TLS, DTLS, IPsec, HIP, some other) Can be done as pairwork or alone

Contact Points Send Follow course web-page –Results and updates will be posted to the Web Reception –After the lectures –Otherwise send to arrange a meeting –Exam reception will be scheduled after results

Summary of Course As discussed the course focuses on several important features of current networking systems – Mobility, QoS, Security, Privacy We observe that these features were not important for the original Internet architecture They are important now –Mobility, QoS, Security are coming with IPv6 –IPv6 deployment does not look promising Hence, many proposals to solve issues in the current Internet Also many solutions to solve expected problems in the Future Internet

Layered Architecture Internet has a layered architecture Four layers in TCP/IP –Application (L7) –Transport (L4) –Network (L3) –Link layer / physical (L2-L1) We will talk a lot about layering –Benefits, limitations, possibilities (cross-layer) –It is not always clear what is a good layering A lot of interesting networking developments are happening on application layer

Convergence and Divergence Divergence Convergence Wireless / wireline protocols Applications and Services TCP/IP

The Internet has Changed A lot of the assumptions of the early Internet has changed –Trusted end-points –Stationary, publicly addressable addresses –End-to-End We will have a look at these in the light of recent developments End-to-end broken by NATs and firewalls

Network has Value A network is about delivering data between endpoints Data delivery creates value Data is the basis for decision making We have requirements to the network –Timeliness –Scalability –Security –...

Cisco’s Traffic Forecast

Trends in Networking TrendChallengesSolutions P2P Growth in traffic, upstream bottlenecks P2P caching Internet BroadcastFlash crowds P2P content distribution, multicast technologies Internet Video-on-Demand Growth in traffic, especially metropolitan area and core Content Delivery Networks (CDNs), increasing network capacity, compression Commercial Video-on- Demand Growth in traffic in the metropolitan area network CDNs, increasing network capacity, compression High-definition contentAccess network IPTV bottleneck, growth in VoD traffic volume in the metropolitan area network CDNs, increasing network capacity, compression

Current State Internet is growing fast (40%+ annual growth) Much of the growth comes from P2P and video delivery There are circa 1 billion Internet users and 3.3 billion mobile phone users Mobile Internet is anticipated to grow rapidly –Many problems with applications and services It is very difficult to change the Internet backbone and large access networks –Overlay solutions –Middleboxes A lot of discussion on Internet architecture –Clean-slate vs. incremental

Looking at the Layers Link Layer / Physical Network –We will look at mobility, security, and QoS on L3 –Mobile IP, network mobility, HIP, NAT Traversal Transport –Basic properties of transport layer protocols TCP variants, DCCP, TLS, dTLS –Mobility and security on L4 Application –Security, identity management Goal: have an understanding of the solutions and tradeoffs on each layer and discussion on the role of layering

Physical Link Network Transport Application Physical Link Network Transport Application PAP, CHAP, EAP, WEP,... IPsec HIP HTTPS, S/MIME, PGP,WS-Security, Radius, Diameter, SAML TLS, SSH,...

Role of Standards On this course, we will talk a lot about standards –IETF is the main standards body for Internet technologies –Instruments: RFCs, Internet drafts –Working groups –IRTF Other relevant standards bodies –W3C, OMA, 3GPP, OMG

Transport Issues Network layer (IP) provides basic unreliable packet delivery between end-points Transport layer needs to provide reliability, congestion control, flow control, etc. for applications TCP variants SCTP DCCP TLS DTLS

Mobility What happens when network endpoints start to move? What happens when networks move? Problem for on-going conversations –X no longer associated with address –Solution: X informs new address Problem for future conversations –Where is X? what is the address? –Solution: X makes contact address available In practice not so easy. Security is needed!

Mobility Micro Macro Global Intra-subnet Intra-domain Inter-domain Cellular IP (1998) TMIP (2001) Hierarchical MIP (1996) Hawaii (1999) Dynamic Mobility Agent (2000) HMIPv6 (2001) MIP (1996) MIPv6 (2001) Time (evolutionary path) Classifying Mobility Protocols

NAT Traversal As mentioned, end-to-end is broken Firewalls block and drop traffic NATs do address and port translation –Hide subnetwork and private IPs How to work with NATs –Tricky: two NATs between communications –NAT and NAPT –One part is to detect NATs –Another is to get ports open IETF efforts –STUN –ICE –TURN –NSIS

QoS By default, there is no QoS support on the Internet IP is unreliable, packet types are handled differently (TCP/UDP/ICMP) No guarantees on TCP flow priority (OS and NW stack issue) IETF work –DiffServ, IntServ, NSIS

Security Features IPSec provides basic security (tunnel,transport) with IKE Solution for autentication, authorization, accounting is needed (AAA) –Radius, Diameter Case: WLAN access network

HIP HIP is a proposal to unify mobility, multi-homing, and security features that are needed by applications Identity-based addressing realizing locator-identity split Change in the networking stack that is not very visible to applications (no IP addresses though!) HIP architecture, HIP implementation for Linux

NetFPGA The NetFPGA is a low-cost platform for teaching networking hardware and router design, and a tool for networking researchers. The NetFPGA offloads processing from a host processor. The host's CPU has access to main memory and can DMA to read and write registers and memories on the NetFPGA. A hardware-accelerated datapath. Four Gigabit ports and multiple banks of local memory installed on the card. Uses Verilog and a cross compilation environment.

Basic Architectural Components of an IP Router Control Plane Datapath per-packet processing Switching Forwarding Table Routing Table Routing Protocols Management & CLI Software Hardware Reference:

Bloom Filters Network applications of Bloom filters x y z

Privacy and Identity Management Privacy and trust matters a lot Single sign-on –Liberty, OpenID, OAuth, GAA,.. Services on the Web –How to achieve scalability –Case: Amazon Dynamo Recent developments

Questions and Discussion