IT Extension and Congestion Co

HTTP

Client/Server Model

Client

browser determines URL

browser conduct DNS lookup to acquire IP address

DNS replies

Connect to IP address on specific port

Client requests specified file

Server sends file requested

Server release connection

Browser displays file and its content

Server

...

Connection

Non-Persistent(HTTP1.0)

single TCP connection for each client-server request

does not officially require a host header to be included

Total Response Time = 2 * Round Trip Time + File Transmission Time

Persistent(HTTP1.1)

multiple requests can be sent over a single TCP connection

requires a host header as per its specification

Cookies (less likely to be examined)

The web is basically stateless

Restful is a good example without any Cookies or Histories

Why use Cookies?

We need to track user information

IP address may be dynamic as the user may bring his laptop to another place

How Cookies works?

2. Website send such ID to user's browser

3. User browser appends such ID to a Cookies file that it manages

5.The server detects such cookie and performs a specific response

Potential Harzard

Privacy Leak

(less likely to be examined) Web Caches

Goal

satisfy client request without involving original server

Architecture

Proxy Server

Origin Server

Multi Media

Size

Each frame would need 3 bytes (3 int numbers) for each pixel

Multiply by Definition(e.g. 640*480)

Multiply by frames (e.g. 30 frames per second)

Then we have a total bandwidth requirement for such media file (3*640*480*30) bytes/sec

Basic Model

Issues

Does not scale

Streaming Media Protocol

Transport Protocol

TCP

Open Protocol

RTP

RTSP

MPEG-4...

Close Protocol

Real Networks' Real Audio

Microsoft's Windows Media

Apple's QuickTime

Multimedia Playback Software

Tasks

Handle transmission errors in conjunction with transport protocols

Decompress the multimedia files

Eliminate jitter

Manage the user interface

Model

1. Browser send metafile request to web server

2. Web server respond metafile response to browser

3. Browser hands off metafile to media player

4. Media player send media request to Media Server

5. Media Server respond with media stream

Streaming Stored Media

Use reliable transport (TCP)

The central idea is the sender encodes the message in a redundant way by using an error-correcting code (ECC)

Interleave media

spreads nearby media samples over different transmissions to reduce the impact of loss

Loss reduces temporal resolution; doesn't leave a gap

Buffer

multimedia software buffers streamed media sources prior to transmission

Buffering is a defensive mechanism to reduce jitter

Buffering Modes

Pull Server

Push Server

Audio Compression Calculation

Audio CD can represent frequencies up to 22.05kHz

hence Nyquist (sample) rate is 44.1 kHz

VoIP

technologies

H.323

SIP

H.323 and SIP both support VoIP and multimedia communications

Process

Online video also requires compression in order to achieve efficient transmission

Security

Cryptography

Symmetric Key Algorithms

Data Encryption Standard (DES)

Advanced Encryption Standard (AES)

Cipher Mode

Cipher Block Chaining Mode

Feedback Mode

Week 10 Slide 15

Stream Ciphers Mode

Counter Mode

Asymetric Key Algorithms

RSA

Impossibility of factoring large numbers

Diffie-Hellman Public Key Algorithm

1. Encryption Algorithm E and Decryption Algorithm D have to meet: D(E(P))=P

2. It is exceedingly difficult to deduce D from E

3. E cannot be broken by a chosen plaintext attack

Digest

Approaches

Message Digests

Inherently it's a one-way hash function that could only be calculated from message sent

Whenever a receiver receives such plaintext he could hash this text again to compare to the digest as validation

Computing a message digest from plaintext is much faster than encrypting plaintext

Digital Signature (an application of digest)

Create a message digest and encrypt it with the sender's private key

the sender cannot repudiate this message (cuz we know that the private key is only owned by sender)

Properties/Advantages of using Digests

easy to compute MD(P) give P

impractical to compute P given MD(P)

a single bit change in P creates a very different message digest.

MD5

SHA-1

Using symmetric keys via an intermediaryto ensure non-repudiation

Using public keys as individuals

Features

Sender cannot repudiate contents of the message

Receiver cannot have derived the message themselves

Receiver can verify the claimed identity of the sender

Public Key Management

Certification Authority

X.509

An international standard for certificate expression

Machinery

Substitution Cipher (letter/groups of letters substitution)

Substitution ciphers preserve the order of the plaintext symbols but disguise them.

Transposition cipher (All letters are re-ordered)

One time padding

Authentication

Non-repudiation (Undeniable)

Integrity control

Firewall

All inbound and outbound traffic must transit the firewall

Only authorised traffic could pass through the firewall

Firewalls should be immune to penetration themselves

No protection against threats originating via bypass networks

No protection against internal threats

No protection against application payload threats

Wireless Security

Wireless networks are more difficult to secure because of omnidirectional signal propagation

IT Extensions

Congestion Control

Distinguishing: Flow Control

e.g. Typically the data sent are queued to avoid burst of traffic but if the input data rate is ALWAYS greater than output data rate the queue would be filled and collapse

This lead to a hike on delay as well as a drop on data Goodput (capacity of data to carry over network)

Load Shedding

Quality of Service

Reliability/Loss

Examples

Remote Login and Email

Delay

Video conferencing/Telephony cares both Jitter and Delay

Jitter

Jitter is the variation in packet arrival times(interval)

Packets can be \"shuffled\

Bandwidth

File Sharing cares about bandwidth at most

Good QoS

Over-provisioning

Buffering

buffer received flows before delivery

Traffic Shaping

regulate the average rate of transmission and burstiness of transmission

Buckets

leaky bucket

token bucket

Resource Reservation

Admission Control (Load Balance)

Proportional Routing

different traffic types for same destination split across multiple routes

Packet Scheduling

Two Windows (maintained by sender)

Window described by the receiver

Deal with Receiver Capacity

Congestion Window

Deal with Network Capacity

The maximum transmission rate is the minimum of the two windows

Addictive Increase Multiplicative Decrease (AIMD)

TCP Slow Start

The corresponding rate is the window size divided by the round-trip time of the connection.

Grows until either a timeout occurs or the receiver's specified window is reached

Window Size 每次加一， Number of packets sent 每次double

DNS and SMTP and CDN

DNS(Domain Name System)

Essence

2. Application-layer Protocol that allows a host to query the databasein order to resolve names (address/name translation)

Name Space

Internet is divided into over 250 top-level domains (TLD).

13 root servers globally

Aliasing

relay1.westcoast.enterprise.comaliased to www.enterprise.com

a set of IP addresses is associated with one canonical name

Zones

namespace divided into nonoverlapping zones

each zone contains a part of the DNS tree andalso name servers authoritative for that zone

Name Resolution

Host

Browser

Get the query result from OS and route to specific IP address

Operating System

OS delegate to Resolving Name Server -> Root Name Server -> TLD Name Server Authoritative Name Server

Resolving Name Server/Local Name Server

Root Name Server

TLD Name Server

Authoritative Name Server

Optimization

Caching

Services Provided/Usage/Reason using DNS

Hostname to IP address translation

Host Aliasing

Load Balancing

Why not centralised server?

Single point of failure

Traffic volume

Distant centralised database

Maintenance

Electronic Mail

Host (user agent)

Envelope and contents: encapsulation of transport related information

Header and body: header - user agent control info; body for human recipient

Mail Server (message transfer agent)

Receives mails from user agent and collaborates with other Mail Servers via SMTP

Protocols

Multipurpose Internet Mail Extentsions (MIME)

SMTP

CDN (Content Distribution Network)

Very good scalability

Avoid congestion and latency

Reliable

Availability

Other Protocols

POP3

POP 3 is a simpler protocol but supports less features and is less secure in typical usage.

Mail is usually downloaded to the user agent computer instead of remaining on the mail server

IMAP

IMAP is an improvement over POP3

It has the ability to address mails not by message numbers but by using attributes

Traceroute

Traceroute finds the routers along the path from the host to a destination IP address.

Telnet

Telnet is a protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).

Similar to SSH but without Security Protection

ARP (Address Resolution Protocol)

ARP is used for mapping a network address (e.g. an IPv4 address) to a physical address like an Ethernet address (also named a MAC address).