Download presentation
Presentation is loading. Please wait.
1
Struktura e Internetit : Rrjeti i rrjetave
Opcion: lidh cdo ISP aksesi ne nje ISP global tranziti? KLientat dhe providerat ISP kane marreveshje biznesi access net … global ISP
2
Struktura e Internetit : Rrjeti i rrjetave
Por duhet te jene disa ISP globale qe te kete konkurence …. access net … ISP A ISP B ISP C
3
Struktura e Internetit : Rrjeti i rrjetave
Por duhet te jene disa ISP globale qe te kete konkurence …. Dhe keto ISP duhet te nderlidhen Internet exchange point access net … ISP A IXP IXP ISP B ISP C peering link
4
Struktura e Internetit : Rrjeti i rrjetave
… dhe rrjeta rajonale mund te duhen per te lidhur rrjetat e aksesit access net … ISP A IXP IXP ISP B ISP C regional net
5
Struktura e Internetit : Rrjeti i rrjetave
… dhe providerat e pembajtjes (psh., Google, Microsoft, Akamai ) mund te kene rrjetat e veta qe te sjellin sherbimet, permbajtjen prane perdoruesve access net … ISP A IXP Content provider network IXP ISP B ISP B regional net
6
Struktura e Internetit : Rrjeti i rrjetave
access ISP Regional ISP IXP Tier 1 ISP Google Ne qender: numer i vogel rrjetash te medha mire te lidhura “tier-1 (rreshti i pare)” ISP komerciale (psh., Level 3, Sprint, AT&T, NTT), mbulim kombetar e nderkombetar Rrjetat providerave te permbajtjes (psh, Google): rrjet privat qe lidh qendrat e te dhenave te saj me Internet, shpesh duke tejkaluar tier-1, providerat rajonale Introduction
7
Tier-1 ISP: psh., Sprint … to/from backbone peering to/from customers
POP: point-of-presence Introduction
8
Chapter 1: roadmap 1.1 Cfare eshte Interneti? 1.2 rrjeti skajor
sistemet fundore, rrjetat e aksesit, linjat 1.3 rrjeti qendror transmetimi (kycja) me pakete, kycja me qark, struktura e rrjetave 1.4 vonesa, humbje, sjellja ne rrjeta 1.5 shtresat e protokolleve, modelet e sherbimeve 1.6 rrjetat nen sulm: siguria 1.7 histori Introduction 8
9
Si ndodhin humbjet dhe vonesat?
Paketat vihen ne rradhe ne buferat e routerave Ritmi i paketave ne arrdhje tejkalon (perkohesisht) kapacitetin e linkut te daljes Paketat presin tu vije rradha Pakete qe po transmetohet (vonesa) A Bufer i lire: paketat ne ardhje humben nese nuk ka bufera te lire B pakete ne rradhe (vonesa) Introduction
10
Kater burimet e vonesave te paketave
transmetimi A perhapja B Perpunimi ne nyje rradha dnodal = dproc + dqueue + dtrans + dprop dproc: perpunimi ne nyje Kontroll i gabimeve te biteve Percakton linkun e daljes zakonisht < msec dqueue: vonesa prej rradhes Koha e pritjes ne linkun e daljes per transmetim Varet nga niveli i bllokimit te ruterit Introduction
11
Kater burimet e vonesave te paketave
tranmetim A Perhapje propagation B Perpunim ne nyje (Processing) Rradha (queueing) dnodal = dproc + dqueue + dtrans + dprop dtrans: vonesa e transmetimit: L: gjatesia e paketes (bits) R: bandwidth i linkut (bps) dtrans = L/R dprop: vonesa e perhapjes: d: gjatesia e linkut fizik s: shpejtesia e perhapjes ne mjedis (~2x108 m/sec) dprop = d/s dtrans and dprop very different * Check out the Java applet for an interactive animation on trans vs. prop delay Introduction 11
12
Analogjia me karvanin Makinat “perhapen” me shpejtesi100 km/hr
Kontrolli/ pagesa Karvan me 10 makina 100 km Makinat “perhapen” me shpejtesi100 km/hr kontrolli do 12 sec per te sherbyer nje makine (koha e transmetimit te nje biti) makina~bit; karvani ~ paketa Pyetje: Sa kohe do qe karvani te rreshtohet perpara kontrollit te dyte? Koha per te “shtyre” te gjithe karvanin nga kontroli ne autostrade = 12*10 = 120 sec Koha e “perhapjes” se makines se fundit nga kontrolli i pare ne ate te dytin: 100km/(100km/hr)= 1 hr Pergjigje: 62 minutes Introduction
13
Analogjia me karvanin(me shume)
kontroll i takses Karvani me 10 makina 100 km Supozo tani makinat “perhapen” me 1000 km/hr Dhe supozo kontrolli do nje min t’i sherbeje nje makine Pyetje: A do te arrijne makinat ne kontrollin e dyte perpara se te gjithe makinat te jene sherbyer ne kontrollin e pare? A: Po! Mbas 7 min, makina e pare arrin ne kontrollin e dyte; tre makina jane akoma ne kontrollin e pare. Introduction
14
Vonesa ne rradhes (e ripare)
R: bandwidth i linkut (bps) L: gjatesia e paketes (bits) a: ritmi mesatar i arritjes se paketave average queueing delay traffic intensity = La/R La/R ~ 0: vonesa mesatare ne rradhe e vogel La/R -> 1: vonesa mesatare ne rradhe e madhe La/R > 1: me shume “pune” po arrin qe duhet sherbyer, vonesa mesatare infinit! La/R ~ 0 * Check out the Java applet for an interactive animation on queuing and loss La/R -> 1 Introduction
15
Vonesat dhe rruget “reale” te Internetit
Si duken vonesat dhe humbjet “reale” te Internetit? Programi Traceroute: jep matjen e voneses nga burimi ne router gjate rruges ne Internet fillim-fund deri ne arritje. Per te gjitha i: Dergon tre paketa qe do te arrijne cdo router i ne rrugen drejt arritjes router i do te ktheje paketa tek derguesi Derguesi mat intervalin e kohes midis transmetimit dhe pergjigjes. 3 probes 3 probes 3 probes Introduction
16
Vonesat dhe rruget “reale” te Internetit
traceroute: gaia.cs.umass.edu to 3 matje te voneses nga gaia.cs.umass.edu ne cs-gw.cs.umass.edu 1 cs-gw ( ) 1 ms 1 ms 2 ms 2 border1-rt-fa5-1-0.gw.umass.edu ( ) 1 ms 1 ms 2 ms 3 cht-vbns.gw.umass.edu ( ) 6 ms 5 ms 5 ms 4 jn1-at wor.vbns.net ( ) 16 ms 11 ms 13 ms 5 jn1-so wae.vbns.net ( ) 21 ms 18 ms 18 ms 6 abilene-vbns.abilene.ucaid.edu ( ) 22 ms 18 ms 22 ms 7 nycm-wash.abilene.ucaid.edu ( ) 22 ms 22 ms 22 ms ( ) 104 ms 109 ms 106 ms 9 de2-1.de1.de.geant.net ( ) 109 ms 102 ms 104 ms 10 de.fr1.fr.geant.net ( ) 113 ms 121 ms 114 ms 11 renater-gw.fr1.fr.geant.net ( ) 112 ms 114 ms 112 ms 12 nio-n2.cssi.renater.fr ( ) 111 ms 114 ms 116 ms 13 nice.cssi.renater.fr ( ) 123 ms 125 ms 124 ms 14 r3t2-nice.cssi.renater.fr ( ) 126 ms 126 ms 124 ms 15 eurecom-valbonne.r3t2.ft.net ( ) 135 ms 128 ms 133 ms ( ) 126 ms 128 ms 126 ms 17 * * * 18 * * * 19 fantasia.eurecom.fr ( ) 132 ms 128 ms 136 ms trans-oceanic link * Do te thote nuk ka pergjigje (probe e humbur, router nuk pergjigjet) * Do some traceroutes from exotic countries at Introduction
17
Humbja e paketave rradha(ose buffer) e linkut paraardhes ne buffer ka kapacitet te fundem Paketat qe arrijne kur rradha eshte plot hidhen (ose humben) Paketat e humbura mund te ritransmetohennga nyja paraardhese, nga burimi ne sistem, ose te mos ritransmetohet buffer (zona e pritjes) Paketa qe po transmetohet A B paketa qe po arrin ne nje buffer plot eshte humbur * Check out the Java applet for an interactive animation on queuing and loss Introduction
18
Throughput - sjellja throughput: ritmi (bite/ne njesine e kohes) me te cilen bitet transferohen midis derguesit /marresit E castit: ritmi ne nje cast te kohes mesatare: ritmi ne nje periudhe te gjate server, with file of F bits to send to client link capacity Rs bits/sec serveri dergon bite (ngjashmeri me leng) ne tub tub qe mban leng me ritem Rs bits/sec) tub qe mban leng me ritem Rc bits/sec) link capacity Rc bits/sec Introduction
19
bottleneck link (linku me i ngushte)
Throughput (vazhdim) Rs < Rc Sa eshte throughputi mesatar fillim-mbarim? Rc bits/sec Rs bits/sec Rs > Rc Sa eshte throughputi mesatar fillim-mbarim? Rs bits/sec Rc bits/sec Linku ne rrugen fillim-fund qe kufizon throughputin fillim-fund bottleneck link (linku me i ngushte) Introduction
20
Throughput: Skenari ne Internet
throughput: min per lidhjen fillim-fund (Rc,Rs,R/10) Ne praktike: Rc ose Rs eshte zakonisht bottleneck Rs Rs Rs R Rc Rc Rc 10 lidhje (ne menyre te drejte) ndajnelinkun bottleneck R bits/sec Introduction
21
Chapter 1: roadmap 1.1 what is the Internet? 1.2 network edge
end systems, access networks, links 1.3 network core packet switching, circuit switching, network structure 1.4 delay, loss, throughput in networks 1.5 Shtresat e protokollit, Modelet e sherbimit 1.6 networks under attack: security 1.7 history Introduction 21
22
“Shtresat” e Protokollit
Rrjetat jane komplekse, Me shume “pjese”: hoste routera linke me mjedise te ndryshme zbatime protokolle hardware, software Pyetje: A ka ndonje shprese per strukture te organizuar te rrjetave? …. Ose se paku diskutimi yne mbi rrjetat? Introduction
23
Organizimi i udhetimit ajror
bileta (blerje) bagzhe (kontrol) porta (hyrje) ngritja e aeroplanit airplane routing bileta (complain) bagazhe (claim) porta (dalje) Ulje e aeroplanit Nje seri hapash Introduction
24
Shtresezimi i funksioneve te fluturimit
ticket (purchase) baggage (check) gates (load) runway (takeoff) airplane routing Airporti I nisjes Airport i arritjes Qendrat e ndermjetme te konrollit te trafikut ajror ticket (complain) baggage (claim gates (unload) runway (land) ticket baggage gate takeoff/landing lshtresa: cdo shtrese implementon nje sherbim Nepermjet veprimeve te tij brenda shtreses Mbeshtetet ne sherbimet e dhena nga shtresa e meposhteme Introduction
25
Pse shtresezim? Duke u marre me sisteme komplekse:
Strukture eksplicite lejon identifikimin, marrdheniet ndermjet pjeseve te sistemit kompleks reference model reference i shtesezuar per diskutim Modularizimi lehteson mirembajtjen, updating e sistemeve Ndryshimi i implementimit te sherbimit te eshte transparent per pjesen tjeter te sistemit P.sh, ndryshimi i procedurave ne porta nuk ndikon ne pjesen tjeter te sistemit Shtresezimi i konsideruar i demshem? Introduction
26
Internet protocol stack
zbatim: zbatime me mbeshtetje nga rrjeti FTP, SMTP, HTTP transport: trnsmetim te dhenash proces-proces TCP, UDP rrjet: routing i datagrameve nga burimi ne destinacion IP, routing protocols link: transferim te dhenash midis elemente komshinj ne rrjet Ethernet, (WiFi), PPP fizik: bits “ne tel” zbatim transport rrjet link fizik Introduction
27
ISO/OSI modeli i referimit
prezantim: lejon zbatimet te interpretojne kuptimin e te dhenave, p.sh., enkriptimi, kompresimi, konvencione specifike te makines sesion: sinkronizim, kontroll, recovery of data exchange Internet stack “nuk I ka” keto shtresa! Keto sherbime, nese kerkohen, duhet te implementohenne zbatime Jane te nevojshme? zbatim prezantim sesion transport rrjet link fizik Introduction
28
Enkapsulimi source destination application transport network link
message M application transport network link physical segment Ht M Ht datagram Ht Hn M Hn frame Ht Hn Hl M link physical switch destination network link physical Ht Hn M Ht Hn Hl M M application transport network link physical Ht Hn M Ht M Ht Hn M router Ht Hn Hl M Introduction
29
Chapter 1: roadmap 1.1 what is the Internet? 1.2 network edge
end systems, access networks, links 1.3 network core packet switching, circuit switching, network structure 1.4 delay, loss, throughput in networks 1.5 protocol layers, service models 1.6 networks under attack: security 1.7 history Introduction 29
30
Siguria e Rrjetave Fusha e sigurise se rrjetave:
Si munden te keqinjte te sulmojne rrjetat e kompjuterave Si mund t’i mbrojme rrjetat nga sulmet Si te projektohen arkitektura qe jane imune ndaj sulmeve Interneti nuk eshte projektuar fillimisht me (shume) siguri ne mendje Vizioni origjinal: “nje grup perdoruesish qe besojne njeri-tjetrin te lidhur me nje rrjet transparent” Projektuesit e protokolleve te Internet duke u pershtatur kushteve Konsiderata sigurie ne te gjitha shtresat! Introduction
31
Te keqinjte: fut malware ne hoste nepermjet Internetit
malware mund te futet ne host nga: virus: infektim qe vete replikohet duke marre/ekzekutuar objekte (psh., attachment) krimb: infektim qe vete replikohet duke marre ne menyre pasive objekte qe vete ekzekutohen spyware malware mund te regjistroje keystrokes, web site te vizituara, upload info tek faqja e mbledhjes Hostet e infektuara mund te futen ne botnet, te perdorura per spam. Sulmet DDoS Introduction
32
Te keqinjte: sulm servareve, infrastruktures se rrjetit
Denial of Service (DoS) (Mohim sherbimi): sulmuesit bejne resurset (server, bandwidth) te pamunduara per trafikun ligjitim duke mbingarkuar me trafik te rreme 1. zgjidh target 2. Thyerje ne hostet ne rrjet target 3. Dergo paketa ne target nga hostet e komprementuara Introduction
33
Te keqinjte mund pergjojne paketat
paket “sniffing”: broadcast media (shared ethernet, wireless) promiscuous network interface reads/records all packets (e.g., including passwords!) passing by A C src:B dest:A payload B wireshark software used for end-of-chapter labs is a (free) packet-sniffer Introduction
34
Te keqinjte mund perdorin adresa te rreme
IP spoofing: dergo paketa me adrese burimi te rreme A C src:B dest:A payload B … lots more on security (throughout, Chapter 8) Introduction
35
Introduction: summary
covered a “ton” of material! Internet overview what’s a protocol? network edge, core, access network packet-switching versus circuit-switching Internet structure performance: loss, delay, throughput layering, service models security history you now have: context, overview, “feel” of networking more depth, detail to follow! Introduction
Similar presentations
