# CS 456

# 1. Computer Network and the Internet


## 1.1 What is the Internet

### 1.1.1 A Nuts-and-Bolts Description

Devices connected to the Internet are **host** (equivalently, **end systems**).

End systems are connected together via **communication links** and **packet switches**.  

**Transmission rate** (or **bandwidth**), measured in bits/second, is the rate of data being transmitted over a link.  
**Packets** are packages of information sent over a link.

A _packet switch_ takes a _packet_ arriving on one of its incoming communication links and forward that packet on one of its outgoing communication links.  
Two prominent packet switches are **routers** and **link-layer switches**.  
_Link-layer switches_ are typically used in access networks, while _routers_ are typically used in the network core.

The sequence of communication links and packet switches traversed by a packet from the sending end system to the receiving end system is known as a **route** or **path** through the network.

End systems access the Internet through **Internet Service Providers** (**ISPs**).  
The Internet is all about connecting end systems to each other, so the ISPs that provide access to end systems must also be interconnected.  
Lower-tier ISPs are interconnected through national and international upper-tier ISPs.  
An upper-tier ISP consists of high-speed routers interconnected with high-speed fiber-optic links.

End systems, packet switches, and other pieces of the Internet run **protocols** that control the sending and receiving of information within the Internet.  
Two most important protocols: **Transmission Control Protocol** (**TCP**) and the **Internet Protocol** (**IP**).  
IP specifies the format of the packets.  
The Internet’s principal protocols are collectively known as **TCP/IP**.

**Internet standards** are developed by the Internet Engineering Task Force (IETF).  
To ensure systems and products can inter-operate with each other.  
The IETF standards documents are called **requests for comments** (**RFCs**).

### 1.1.2 A Services Description

Internet in another angle: _an infrastructure that provides services to applications_.  
**Distributed applications**, applications that involve multiple end systems that exchange data with each other.

End systems attached to the Internet provide an **Application Programming Interface** (**API**) that specifies how a program running on one end system asks the Internet infrastructure to _deliver data_ to a _specific destination_ program running on another end system.


### 1.1.3 What is a Protocol?

> A **protocol** defines the _format_ and the _order_ of messages exchanged between two or more communicating entities, as well as the _actions taken_ on the transmission and/or receipt of a message or other event.

## 1.2 The Network Edge

Applications and end systems are at the _edge of the network_.

_Host = end system._

Hosts can be divided into two categories: **clients** and **servers**.

### 1.2.1 Access Networks

_Access network_ -- the network that physically connects an end system to the first router (also known as _edge router_) on a path from the end system to any other distant end system.

#### Home Access: DSL, Cable, FTTH, Dial-up, and Satellite

Two most prevalent types of broadband residential access are **digital subscriber line** (**DSL**) and cable.

When DSL is used, a customer's telco is also its ISP.  
Each customer's DSL modem uses the existing telephone line to exchange data with a **digital subscriber line access multiplexer** (**DSLAM**) located in the telco's local central office (CO).

Residential telephone line carries both data and telephone signals simultaneously (asynchronous):

* A high-speed downstream channel, in the 50 kHz to 1 MHz band
* A medium-speed upstream channel, in the 4 kHz to 50 kHz band
* An ordinary two-way telephone channel, in the 0 to 4 kHz band

---

**Cable Internet access** utilizes cable television company's existing cable television infrastructure.  
Fiber optics connect the cable head end to neighborhood-level junctions, from which traditional coaxial cable is then used to reach individual houses and apartments.  
Both fiber and coaxial cable are employed in this system, it is often referred to as **hybrid fiber coax** (**HFC**).

Cable Internet access requires a cable modem.  
At the cable head end, the **cable modem termination system** (**CMTS**) serves a similar function as a DSLAM -- turning the analog signal sent from the cable modems in many downstream homes back into digital format.  
Cable modems divide the HFC network into two channels, a downstream and an upstream channel, with asynchronous access.

One important characteristic of cable Internet access is that it is a _shared broadcast medium_.  
If several users are simultaneously using the downstream channel, the actual rate at which each user receives its content will be significantly lower than the aggregate cable downstream rate.  
Because the upstream channel is also shared, a distributed multiple access protocol is needed to coordinate transmissions and avoid collisions.

---

**Fiber to the home** (**FTTH**) provides even higher speed.  
The FTTH concept is simple -- provide an optical fiber path from the CO directly to the home.

The simplest optical distribution network is _direct fiber_, with one fiber leaving the CO for each home.  
More commonly, each fiber leaving the central office is actually shared by many homes;
it is not until the fiber gets relatively close to the homes that it is split into individual customer-specific fibers.

Two competing optical-distribution network architectures that perform splitting:

* active optical networks (AONs) -- essentially switched Ethernet
* passive optical networks (PONs)

In a PON, each home has an **optical network terminator** (**ONT**), which is connected by dedicated optical fiber to a neighbourhood splitter.  
Splitter connects to an **optical line terminator** (**OLT**) in the telco's CO.  
In the PON architecture, all packets sent from OLT to the splitter are replicated at the splitter.

---

In locations where DSL, cable, and FTTH are not available, a satellite link can be used to connect a residence to the Internet at speeds of more than 1 Mbps.

Dial-up access over traditional phone lines is based on the same model as DSL -- a home modem connects over a phone line to a modem in the ISP.  
Dial-up access is excruciatingly slow at 56 kbps.

#### Access in the Enterprise (and the Home): Ethernet and WiFi

Wireless LAN access based on IEEE 802.11 technology, more colloquially known as WiFi, is now just about everywhere.

#### Wide-Area Wireless Access: 3G and LTE

3G -- third-generation wireless

LTE -- Long-term Evolution

### 1.2.2 Physical Media

**Bit**: propagates between transmitter/receiver pairs.

**Physical link**: what lies between transmitter & receiver.

For each transmitter-receiver pair, the bit is sent by propagating electromagnetic waves or optical pulses across a **physical medium**.

Physical media fall into two categories:

* **guided media**: the waves are guided along a solid medium         
* **unguided media**: the waves propagate in the atmosphere and in outer space

#### Twisted-Pair Copper Wire

Least expensive and most commonly used guided transmission medium.  
Two insulated copper wires

* Category 5: 100 Mbps, 1 Gbps Ethernet
* Category 6: 10 Gbps

A Wire pair constitutes as a single communication link.

**Unshielded twisted pair** (**UTP**) is commonly used for computer networks within a building.

#### Coaxial Cable

Two concentric copper conductors.  
Bidirectional.  
Can be used as a guided **shared medium**.

Multiple channels on cable; HFC.

#### Fiber Optics

Glass fiber carrying light pulses, each pulse represents a bit.  
High-speed operation, high-speed point-to-point transmission.

Low error rate:

* repeaters spaced far apart
* immune to electromagnetic noise

#### Terrestrial Radio Channels

Bidirectional.

Radio channels carry signals in the electromagnetic spectrum.  
No installation of physical wires, can penetrate walls, provide connectivity to a mobile user, and can potentially carry a signal for long distances.

Propagation environment effects:

* reflection
* obstruction by objects
* interference

#### Satellite Radio Channels

A communication satellite links two or more Earth-based microwave transmitter/receivers, known as ground stations.  
Satellite receives transmission on one frequency band, regenerates the signal using a repeated, and transmits the signal on another frequency.

Two types of satellites used:

* **geostationary satellites**
    * permanently remain above the same spot on Earth
    * end-to-end delay of 280 ms
* **low-earth orbiting** (**LEO**) **satellites**
    * rotate around Earth and may communicate with each other
    * many satellites required to continuously provide coverage to an area

## 1.3 The Network Core

### 1.3.1 Packet Switching

Long messages are broken into smaller chunks of data known as **packets**, of length $L$.  
Each packet travels through communication links and **packet switches** from source to destination.  
Packets are transmitted over each communication link at a rate equal to the _full_ transmission rate of the link, at rate $R$ bits/s.

$$\text{packet transmission delay} = \text{time needed to transmit L-bit packet into link} = \frac{L\text{ (bits)}}{R\text{(bits/sec)}}$$

Link transmission rate = link **capacity** = **link bandwidth**.

#### Store-and-Forward Transmission

The packet switch must receive the _entire_ packet before it can begin to transmit the first bit of the packet onto the outbound link.

End-to-end delay of $N$ links each of rate $R$ is

$$ d_{\text{end-to-end}} = N \frac{L}{R}$$

#### Queuing Delays and Packet Loss

If an arriving packet needs to be transmitted onto a link but the link is busy with the transmission of another packet, the arriving packet suffers **output buffer**'s **queuing delays**.  
Since output buffer is finite in space, **packet loss** will occur -- either the arriving packet or one of the already-queued packets will be dropped.

#### Forwarding Tables and Routing Protocols

When a source end system sends a packet to a destination end system, it includes the destination's IP address in the packet's header.  
The router examines a portion of the packet's destination address and forwards the packet to an adjacent router.  
Each router has a **forwarding table** that maps destination addresses (or portions of the destination addresses) to that router's outbound links.

The Internet has a number of special **routing protocols** that are used to automatically set the forwarding tables.

### 1.3.2 Circuit Switching

An _alternate_ approach to moving data through a network of links and switches.  
Commonly used in traditional telephone networks.

End-to-end resources along a path (buffers, link transmission rate) reserved for the duration of the communication session between the end systems.

Before the sender can send the information, the network must establish a connection between the sender and the receiver.  
This is a _bona fide_ connection for which the switches along the path maintain connection state for that connection.  
This connection is called a **circuit**.  
Circuit segment idle if not used, i.e. no sharing.

A constant transmission rate is reserved, such that the data transfers at the _guaranteed_ constant rate.

#### Multiplexing in Circuit-Switched Networks

A circuit in a link is implemented in two ways:

* **frequency-division multiplexing** (**FDM**)
    * a frequency band is dedicated for the duration of the connection
    * the width of the band is called **bandwidth**
* **time-division multiplexing** (**TDM**)
    * time is divided into frames of fixed duration, and each frame is divided into a fixed number of time slots
    * each circuit gets all of the bandwidth periodically during brief intervals of time

#### Packet Switching Vs. Circuit Switching

Pros of packet switching:

* offers better sharing of transmission capacity
* simpler, more efficient, and less costly to implement
* great for burst-y data
    * resource sharing

Cons of packet switching:

* not suitable for real-time services
* excessive congestion possible: packet delay and loss
    * protocols needed for reliable data transfer, congestion control

### 1.3.3 A Network of Networks

Review slides 33 +

## 1.4 Delay, Loss, and Throughput in Packet-Switched Networks

Packet _queue_ in router buffers, packet arrival rate to link (temporarily) exceeds output link capacity.  
Packets queue, wait for turn.

### 1.4.1 Overview of Delay in Packet-Switched Networks

A packet can suffer from several types of delays at _each_ node along the path.  
The most important delays are:

* **nodal processing delay**, $d_{\text{proc}}$
    * examine the packet's header and determine output link
    * check for bit-level errors in the packet during receiving
    * typically on the order of microseconds or less
* **queuing delay**, $d_{\text{queue}}$
    * time waiting at output link for transmission
    * depends on congestion level of router, typically order of microseconds to milliseconds
* **transmission delay**, $d_{\text{trans}}$
    * amount of time to push all of the packet's bits into the link
    * $L$: _packet length_ in bits
    * $R$: _link bandwidth_ in bps
    * $\frac{L}{R}$
    * typically order of microseconds to milliseconds
* **propagation delay**, $d_{\text{prop}}$
    * time needed to _physically_ propagate from one node to another node
    * $d$: _length of physical link_
    * $s$: propagation speed (in the range from $2 \cdot 10^{8}$ m/s to $3 \cdot 10^{8}$ m/s)
    * $\frac{d}{s}$

Combined, they accumulate to **total nodal delay**, $d_{\text{nodal}}$,
$$d_{\text{nodal}} = d_{\text{proc}} + d_{\text{queue}} + d_{\text{trans}} + d_{\text{prop}}$$

### 1.4.2 Queuing Delay and Packet Loss

$R$: link bandwidth (bps)  
$L$: packet length (bits)  
$a$: _average_ packet arrival rate

The average rate at which bits arrive at the queue is $La$ bits/sec.  
The ratio $\frac{La}{R}$, called **traffic intensity**, plays an important role in estimating the extent of the queuing delay.

If $\frac{La}{R} > 1$, the queuing delay will approach infinity!  
More bits arrive into the queue than the bits can be transmitted from the queue.

If $\frac{La}{R} \sim{>} 1$, average queuing delay large.

If $\frac{La}{R} \sim 0$, average queuing delay small.

#### Packet Loss

Queue capacity is finite, packet delays do not approach infinity as the traffic intensity approaches 1.  
Instead, a router will **drop** the packet, resulting in a **packet loss**.

The fraction of lost packets increases as the traffic intensity increases.

Lost packet _may_ be retransmitted by previous node, by source end system, or not at all.

### 1.4.3 End-to-End Delay

`traceroute` program: provides delay measurement from source to router along path towards destination.  
For all $i$:

* sends three packets that will reach router $i$ on path towards destination
* router $i$ will return packets to sender
* sender times the interval between transmission and reply

### 1.4.4 Throughput in Computer Networks

**throughput**: rate (bits/time unit) at which bits transferred between sender/receiver

* **instantaneous**: rate at a given point in time
* **average**: rate over longer period of time

The node with the lowest throughput is the **bottleneck link**.

## 1.5 Protocol Layers and Their Service Models

The Internet is a complicated system with many pieces: hosts, routers, links of various media, applications, protocols, hardware, and software.

### 1.5.1 Layered Architecture

A layered architecture allows us to discuss a well-defined, specific part of a large and complex system.  
Modularization eases maintenance, updating of system (change of implementation of layer's service transparent to rest of system).

The ability to change the implementation of a service without affecting other components of the system is another important advantage of layering.

Each layer implements a service (provide to the layer above) via its own internal-layer actions, while relying on services provided by layer below.

#### Protocol Layering

Each protocol belongs to one of the layers.  
Interested in the **services** that a layer offers to the layer above -- the so-called **service model** of a layer.

A protocol layer can be implemented in software, in hardware, or both.

Application-layer protocols are almost always implemented in software in the end systems; so are transport-layer protocols.

When taken together, the protocols of the various layers are called the **protocol stack**.

#### Internet Protocol Stack

* **Application**
    * supporting network applications
        * FTP, SMTP, HTTP
    * distributed over multiple hosts
        * packet of information exchanged amongst hosts is a **message**
* **Transport**
    * process data transfer
        * TCP, UDP
    * a transport-layer packet is a **segment**
* **Network**
    * routing of **datagrams** (network-layer packets) from source to destination
        * IP, routing protocols
* **Link**
    * data transfer between neighbouring network elements
        * Ethernet, 802.11 (WiFi), PPP
    * link-layer packets is a **frame**
* **Physical**
    * bits "on the wire"

#### The ISO/OSI Model

* **Application**
* **Presentation**
    * allow applications to interpret meaning of data
        * e.g. encryption, compression, machine-specific conventions
* **Session**
    * synchronization, checkpointing, recovery of data exchange
* **Transport**
* **Network**
* **Link**
* **Physical**

### 1.5.2 Encapsulation

![encapsulation](Assets/network-1.24.png)

Routers only implements Network, Link, and Physical layers.  
Link-layer switches only implement Link and Physical layers; unable to recognize IP addresses.  
Host implements all 5 layers.

At each layer, a packet has two types of fields: header fields and a **payload field**.  
The payload is typically a packet from the layer above.

The process of encapsulation can be more complex than that described above.  
For example, a large message may be divided into multiple transport-layer segments (which might themselves each be divided into multiple network-layer datagrams).  
At the receiving end, such a segment must then be reconstructed from its constituent datagrams.

## 1.6 Networks Under Attack

Fields in network security:

* how bad guys can attack computer networks
* how we can defend networks against attacks
* how to design architectures that are immune to attacks

Internet not originally designed with (much) security in mind.  
Original vision,
> a group of mutually trusting users attached to a transparent network

Internet protocol designers playing "catch-up".  
Security considerations in _all_ layers.

#### The bad guys can put malware into your host via the Internet

Malware can get in the host from:

* **virus**: self-replicating infection by receiving/executing object (e.g., email attachment)
* **worm**: self-replicating infection by passively receiving object that gets itself executed

**Spyware** can record keystrokes, websites visited, upload info to collection site, etc.

Infected hosts can be enrolled in **botnet**, used for spam and **distributed** DoS (**DDoS**) attacks.

#### The bad guys can attack servers and network infrastructure

**Denial-of-service** (**DoS**) **attacks**: renders a network, host, or other piece of infrastructure unusable by legitimate traffic by overwhelming resource with bogus traffic.

Steps of attack:

1. Select target
2. Break into hosts around the network
3. Send packets to target from compromised hosts

In a DDoS attack, the attacker controls multiple sources and has each source blast traffic at the target.

Most DoS attacks fall into one of three categories:

* _Vulnerability attack_
    * exploits vulnerable applications
* _Bandwidth flooding_
    * prevent legitimate packets from reaching the server
* _Connection flooding_
    * establishes a large number of half-open or fully open TCP connections, preventing new legitimate connections

#### The bad guys can sniff packets

**packet sniffer**: a passive receiver that records a copy of every packet passing transmitted in a network.  
Sniffed packets contain sensitive information!

Some of the best defences against packet sniffing involves cryptography.

#### The bag guys can masquerade as someone you trust

The ability to inject packets into the Internet with a false source address is **IP spoofing**, and is but on of many ways in which one user can masquerade as another user.

To solve this problem, need _end-point authentication_.  
A mechanism to determine with certainty if a message from originates from where it should be.

## 1.7 History of Computer Networking and the Internet

### 1.7.1  The Development of Packet Switching: 1961 - 1972

* 1961: Kleinrock -- queuing theory shows effectiveness of packet-switching
* 1964: Baran -- packeting-switching in military nets
* 1967: ARPAnet conceived by Advanced Research Projects Agency
* 1969: first ARPAnet node operational
* 1972
    * ARPAnet public demo
    * NCP (Network Control Protocol) first host-host protocol
    * first email program
    * ARPAnet has 15 nodes

### 1.7.2 Proprietary Networks and Internetworking: 1972 - 1980

* 1970: ALOHAnet satellite network in Hawaii
* 1974: Cerf and Kahn - architecture for interconnecting networks
    * minimalism, autonomy -- no internal changes required to interconnect networks
    * best effort service model
    * stateless routers
    * decentralized control
* 1976: Ethernet at Xerox PARC
* late 70s
    * proprietary architectures: DECnet, SNA, XNA
    * switching fixed length packets (ATM precursor)
* 1979: ARPAnet has 200 nodes

Cerf and Kahn's internetworking principles define today's Internet architecture.

### 1.7.3 A Proliferation of Networks: 1980 - 1990

* 1982: SMTP email protocol defined
* 1983
    * deployment of TCP/IP
    * DNS defined for name-to-IP-address translation
* 1985: FTP protocol defined
* 1988: TCP congestion control

New national networks: CSnet, BITnet, NSFnet, Minitel.

100,000 hosts connected to confederation of networks.

### 1.7.4 The Internet Explosion: 1990s

* early 1990s: ARPAnet decommissioned
* 1991: NSF lifts restrictions on commercial use of NSFnet (decommissioned, 1995)
* early 1990s: Web
    * hypertext
    * HTML, HTTP
    * 1994: Mosaic, later Netscape
    * late 1990s: commercialization of the Web
* late 1990s to 2000s
    * more killer apps: instant messaging, P2P file sharing
    * network security to forefront
    * estimated 50 million hosts, 100+ million users
    * backbone links running at Gbps

### 1.7.5 The New Millennium

* 2005 to present
    * ~5B devices attached to Internet (2016)
        * includes smartphones and tablets
    * aggressive deployment of broadband access
    * increasing ubiquity of high-speed wireless access
    * emergence of online social network
    * service providers (Google, Microsoft) create their own networks
        * bypass Internet, providing "instantaneous" access to search, video content, email, etc.
    * e-commerce, universities, enterprises running their services in "cloud" (e.g. Amazon EC2)

# 2. Application Layer

## 2.1 Principles of Network Applications

Core of network app. dev. is writing programs that run on _different_ end systems that communicate over the network.

Network-core devices (e.g. routers or link-layer switches) _do not_ run user applications due to lower level function.

### 2.1.1 Network Application Architectures

Network architecture is fixed and provides a specific set of services to applications.  
The **application architecture** is designed by the application developer and dictates how the application is structured over the various end systems.  
Two predominant architectural paradigms:

* Client-server
    * server
        * always-on
        * permanent IP address
        * data centers for scaling
    * client
        * communicate with server
        * may be intermittently connected
        * may have dynamic IP addresses
        * do not communicate directly with each other
* Peer-to-peer (P2P)
    * no always-on server
    * arbitrary end systems directly communicate
    * peers request service from other peers, provide service in return to other peers
        * self-scalability -- new peers bring new server capacity, as well as new service demands
    * peers are intermittently connected and change IP addresses
        * complex management
    * three major challenges
        1. ISP Friendly. Residential ISPs bandwidth has more downstream than upstream, thus distributing content can put stress on the ISPs
        2. Security
        3. Incentives. Success depends on convincing users to volunteer bandwidth, storage, and computation resources to the applications.

### 2.1.2 Process Communicating

**Process**: program running within a host

* within same host, two processes communicate using **inter-process communication** (defined by OS)
* processes in different hosts communicate by exchanging **messages**

#### Client and Server Processes

**Client process**: process that initiates communication.

**Server process**: process that waits to be contacted.

Aside: applications with P2P architectures have client processes & server processes.

#### The Interface Between the Process and the Computer Network

Process sends/receive messages to/from its **socket**, a software interface.

![socket diagram](Assets/network-2.3.png)

#### Addressing Processes

Process must have **identifier** to receive messages.  
Host device has unique 32-bit IP address.  
_Identifier_ includes both **IP address** and **port numbers** associated with the process on host.

Example port numbers:

* HTTP server: 80
* Mail server (via SMTP): 25

### 2.1.3 Transport Services Available to Applications

A socket is the interface between the application process and the transport-layer protocol.  
The app pushes messages through the socket;
the transport-layer protocol has the responsibility of getting the messages to the socket of the receiving process.

What are the services that a transport-layer protocol can offer to applications?

#### Reliable Data Transfer

i.e. Data integrity

If a protocol provides a guaranteed data delivery service (i.e. data is delivered correctly and completely), it is said to provide **reliable data transfer**.  
Some apps _require_ 100% reliable data transfer.

Another potential service is process-to-process reliable data transfer.

If reliable data transfer not provided, this may be acceptable for **loss-tolerant applications**.

#### Throughput

Apps with throughput requirements are said to be **bandwidth-sensitive applications**.  
e.g., multimedia applications.

**Elastic applications** can make use of as much, or as little, throughput as happens to be available; although more throughput is always better.  
e.g., email, file transfer.

#### Timing

Real-time applications require tight timing constraints on data delivery in order to be effective.  
e.g., virtual environments, interactive games.

For non-real-time applications, no tight constraints on end-to-end delays (but lower delay is better).

#### Security

Transfer protocol can encrypt all data transmitted by the sending process, and in the receiving host, the protocol can decrypt the data before delivering them to the receiving process.  
i.e. provides confidentiality.

A transport protocol can also provide services such as data integrity and end-point authentication.

### 2.1.4 Transport Services Provided by the Internet

#### TCP Services

Provides:

* Connection-oriented
    * setup required between client and server processes before sending application messages
    * creates a **TCP connection** between sockets of the two processes
    * connection is full-duplex (messages can be sent from both sides at the same time)
* Reliable data transfer
    * data will not be missing or duplicate bytes during transfer
* Congestion control
    * throttles a sending process when the network overloaded
* Flow control
    * sender will not overwhelm receiver

Not provided:

* Timing
* Minimum throughput guarantee
* Security (albeit there is **Secure Socket Layer**, **SSL**)

#### UDP Services

* No-frills, lightweight, provides minimal services
* _Unreliable_ data transfer

Not provided:

* Flow control
* Congestion control
* Timing
* Throughput guarantee
* Security
* Connection setup

#### Securing TCP

* TCP & UCP
    * no encryption, e.g., clear text passwords sent into socket traverse Internet in clear text
* SSL
    * provides encrypted TCP connection
    * data integrity
    * end-point authentication
* SSL is at application layer
    * apps use SSL libraries, that "talk" to TCP
* SSL socket API
    * encrypts clear text

### 2.1.5 Application-Layer Protocols

An **application-layer protocol** defines:

* Type of messages exchanged
    * e.g., request, response
* Message syntax
    * what fields in messages & how fields are delineated
* Message semantics
    * meaning of information in fields
* _Rules_ for when and how processes send & response to messages

Open protocols:

* defined in RFCs
* allows for interoperability
* e.g., HTTP, SMTP

Proprietary protocols:

* e.g., Skype

## 2.2 The Web and HTTP

Web page consists of **objects**, e.g., HTML file, images, Java applet, etc.  
Each page consists of **base HTML-file** which includes _several referenced objects_.  
Each object addressable by **URL**.

### 2.2.1 Overview of HTTP

**HTTP** - **HyperText Transfer Protocol**  
Web's application layer protocol.

Implements client/server model:

* Client
    * requests, receives (using HTTP) and displays Web objects
* Server
    * sends (using HTTP) objects in response to requests

Uses _TCP_:

* client initiates TCP connection (creates socket) to server, default port 80
* server accepts TCP connection from client
* HTTP messages exchanged between browser and web server
* TCP connection closed

HTTP is a **stateless** protocol.  
Server maintains no info about past client requests.

Protocols that maintain "state" are complex!

* Past history (state) must be maintained
* If server/client crashes, their views of "state" may be inconsistent, must be reconciled

### 2.2.2 Non-Persistent and Persistent Connections

HTTP uses persistent connections by default.

#### HTTP with Non-Persistent Connections

Each TCP connection is closed after the server sends the object (and only _one_ object).  
For each connection, TCP buffers must be allocated and TCP variables must be kept in both the client and server; possibly significant burden on server.

Modern browsers can open multiple (5 to 10) TCP connections in _parallel_, and each connection handles one request-response transaction.

**Round-trip time** (**RTT**): time it takes for a small packet to travel from client to server and then back to client.  
This time includes: packet-propagation delays, packet queuing delays, and packet-processing delays.

"Three-way handshake":

1. One RTT to initiate TCP connection
2. One RTT for HTTP request and first few bytes of HTTP response to return
3. Message transmission time

$$\text{Non-persistent HTTP response time} = 2 \text{RTT} + \text{message transmission time}$$

#### HTTP with Persistent Connections

Server leaves TCP connection open after sending response.  
_Subsequent_ requests and responses between the same client and server sent over the _same_ open connection.

**Pipelining**: requests for objects made back-to-back, without waiting for replies to pending requests.

TCP connection closed after a configurable timeout interval.

Response time is as little as one RTT and transmission per object.

### 2.2.3 HTTP Message Format

Two types of messages:

* request
* response

#### HTTP Request Message

Written in ASCII.  
First line is **request line**; three fields: method, URL, and HTTP version.  
Subsequent lines are **header lines**.  
Some requests are followed by an **entity body**.

Method types:

* `GET`
    * requests an object specified in the URL field
* `POST`
    * request with user data input (from form fields) in the entity body
* `HEAD`
    * requests without the response object
* `PUT`
    * uploads an object in entity body to path specified in URL field
* `DELETE`
    * deletes an object specified in the URL field

![general format of HTTP request](Assets/network-2.8.png)

Example:

```
GET /somedir/page.html HTTP/1.1
Host: www.someschool.edu
Connection: close
User-agent: Mozilla/5.0
Accept-language: fr
```

#### HTTP Response Message

Written in ASCII.  
First line is **status line**; three fields: protocol version, status code, and corresponding status message.  
Rest are the same as request message.

Common status codes and messages:

* `200 OK`: request succeeded and information is returned in the response
* `301 Moved Permanently`: requested object has been permanently moved
    the new URL is specified in `Location` header of the response message.
* `400 Bad Request`: generic error code indicating that the request cannot be understood by the server
* `404 Not Found`: requested document does not exist on this server
* `505 HTTP Version Not Supported`: requested HTTP protocol version is not supported by the server

![general format of HTTP response](Assets/network-2.9.png)

Example:

```
HTTP/1.1 200 OK
Connection: close
Date: Tue, 09 Aug 2011 15:44:04 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 09 Aug 2011 15:11:03 GMT
Content-Length: 6821
Content-Type: text/html

(data data data data data ...)
```

### HTTP/2

RFC 7540, 7541

Introduces a new, non-backwards-compatible **binary framing layer**.

Decreasing latency to improve page load speed by considering:

* data compression of HTTP headers
* multiplexing multiple async requests/responses (**streams and frames**) over a single TCP connection
* HTTP/2 Server PUSH
* stream prioritization

Fixes **Head-Of-Line blocking** in HTTP/1.x

* a performance-limiting phenomenon that occurs when a line of packets is held up by the first packet

#### Binary Framing

![http/2 binary framing](Assets/network-binary-framing.png)

#### Headers Compression

![http/2 headers compression](Assets/network-headers-compression.png)


#### Multiplexing Requests/Responses

![http/2 multiplexing](Assets/network-multiplexing-requests-responses.png)

Break down an HTTP message into independent frames, interleave them, and then reassemble them on the other end

* Interleave multiple requests in parallel without blocking on any one
* Interleave multiple responses in parallel without blocking on any one
* Single connection to deliver multiple requests and responses in parallel
* Resolve the header-of-line blocking problem in HTTP/1.x and eliminates the need for multiple connections to enable parallel processing and delivery of request and responses

_Applications faster, simpler, and cheaper to deploy_.

#### Server PUSH

![http/2 server PUSH](Assets/network-server-PUSH.png)

Pushed resources can be cached by the client, reused across different pages, multiplexed alongside other resources, prioritized by the server, declined by the client.

Server push streams are initiated via `PUSH_PROMISE` frames (HTTP headers of the promised resource) which signal the server's intent to push the described resources.

Once the client receives a `PUSH_PROMISE` frame it can decline the stream (`RST_STREAM` frame) if it wants to (e.g., the resource is already in cache).

### 2.2.4 User-Server Interaction: Cookies

HTTP server is stateless, but it is often desirable to identify users;
to restrict user access or serve content as a function of the user identity.  
Thus, cookies (RFC 6265) are used.

Four components of a cookie:

1. cookie header line of HTTP response message
2. cookie header line in next HTTP request message
3. cookie file kept on user's host, managed by user's browser
4. back-end database at server

What cookies can be used for:

* authorization
* shopping carts
* recommendations
* user session state

How to keep "state":

* protocol endpoints: maintain state at sender/receiver over multiple transactions
* cookies: HTTP messages carry state

_Aside_, cookies and privacy:

* cookies permit sites to learn about you; user supplies personal info to sites

### 2.2.5 Web Caching

A **Web cache** -- also called a **proxy server** -- is a network entity that satisfies HTTP requests on the behalf of an origin Web server.

* user sets browser: Web accesses via cache.
* browser sends all HTTP requests to cache
    * object in cache: cache returns object
    * else cache request object from origin server, then returns object to client

Cache acts as _both_ client and server!  
Server for original requesting client.  
Client to origin server.

Cache typically installed by ISP.

Reasons for caching:

* reduces response time for client request
* reduce traffic on an institution's access link
* Internet dense with caches: enables "poor" content providers to effectively deliver content
    * **Content Distribution Networks** (**CDNs**)

### 2.2.6 The Conditional GET

Goal: don't send object if cache has up-to-date cached version

* no object transmission delay
* lower link utilization

Cache: specifies date cached copy in HTTP request with `If-modified-since: <date>`.  
Server: response contains no object if cached copy is up-to-date: `HTTP/1.0 304 Not Modified`.

## 2.3 File Transfer: FTP

Not in slides?

### 2.3.1 FTP Commands and Replies

## 2.4 Electronic Mail in the Internet

Three major components:

* User agents
    * a.k.a. "mail reader"
    * composing, editing, reading mail messages
    * outgoing, incoming messages stored on server
* Mail servers
    * **mailbox**
        * contains incoming messages for users
    * **message queue**
        * queue of outgoing (to be sent) mail messages
* SMTP
    * protocol between mail servers to send email messages

### 2.4.1 SMTP

Uses TCP to reliably transfer email messages from client to server; port 25.

Direct transfer: sending server to receiving server.

Three phases of transfer:

1. Handshaking
2. Transfer of messages
3. Closure

Command/Response interaction (like HTTP):

* **commands**: ASCII text
* **response**: status code and phrase

Messages must be in 7-bit ASCII.

SMTP uses _persistent_ connections.  
SMTP server uses `CRLF.CRLF` to determine end of message.

### 2.4.2 Comparison with HTTP

HTTP: pull (mostly) protocol  
SMTP: push protocol

Both have ASCII command/response interactions, status codes.

HTTP: each object encapsulated in its own response message.  
SMTP: multiple objects sent in multi-part message (MIME RFC 1341).

### 2.4.3 Mail Message Format

SMTP: protocol for exchanging email messages.  
RFC 822: standard for text message format,

* Header lines
    * e.g., To:, From:, Subject:
    * different from SMTP MAIL FROM, RCPT TO commands
* Body
    * the "message"
    * ASCII characters only

RFC 1341: Multipurpose Internet Mail Extensions (MIME)

### 2.4.4 Mail Access Protocols

SMTP: delivery/storage to receiver's server.

Mail access protocol: retrieval from server

* **POP**: Post Office Protocol (RFC 1939)
    * authorization, download
* **IMAP**: Internet Mail Access Protocol (RFC 1730)
    * more features, including manipulation of stored messages on server
* **HTTP**: gmail, Hotmail, etc.

#### POP3

Authorization phase

* client commands
    * `user`: declare username
    * `pass`: password
* server reponses
    * `+OK`
    * `-ERR`

Transaction phase, client:

* `list`: list message numbers
* `retr`: retrieve message by number
* `dele`: delete
* `quit`

POP3 "download-and-keep": copies of messages on different clients.  
POP3 is _stateless_ across sessions.

#### IMAP

Keeps all messages in one place: at server.

Allows user to organize messages in folders.

Keep user state across sessions:

* names of folders and mappings between message IDs and folder name

## 2.5 DNS - The Internet's Directory Service

**Hosts** have 

* **IP address** (32-bit) -- used for addressing datagrams
* **name** -- used by humans

### 2.5.1 Services Provided by DNS

**Domain Name System** is a,

1. _distributed_ database
    * implemented in hierarchy of many **DNS servers** (_name servers_)
2. application-layer protocol
    * hosts, name servers to communicate to _resolve_ names (address/name translation)
    * note: core Internet function, implemented as application-layer protocol
    * complexity at network's "edge"

DNS services:

* hostname to IP address translation
* host aliasing
    * canonical, alias names
* mail server aliasing
* load distribution
    * replicated Web servers
        * many IP addresses correspond to one name

### 2.5.2 Overview of How DNS Works

Question: why not centralize DNS?

* single point of failure
    * if the DNS server crashes, so does the entire Internet
* traffic volume
    * one server needs to handle all DNS queries
* distant centralized database
    * cannot be close to all querying clients, thus delays
* maintenance
    * need to keep records for all Internet hosts, thus needs to be frequently updated to account for new hosts

Answer: does _not_ scale!

#### A Distributed, Hierarchical Database

![DNS hierarchy of servers](Assets/network-2.19.png)

Three classes of DNS servers in the hierarchy:

* **Root DNS servers**
    * contacted by local name server that can not resolve name
    * root name server:
        * contacts authoritative name server if name mapping not known
        * gets mapping
        * returns mapping to local name server
* **Top-level domain (TLD) servers**
    * responsible for top-level domains (e.g., com, org)
    * com top-level domain maintained by Verisign Global Registry Services
    * edu top-level domain maintained by Educause
* **Authoritative DNS servers**
    * each organization with publicly accessibly hosts on the Internet must provide publicly accessible DNS records that map the names of those hosts to IP addresses
    * can be maintained by organization or server provider

**Local DNS server**: not strictly belong to the hierarchy but still central to the DNS architecture.  
Each ISP has one, also called "default name server".  
When host makes DNS query, query is sent to its local DNS server:

* has local cache of recent name-to-address translation pairs (but may be out of date)
* acts as proxy, forwards query into hierarchy

Example interaction of various DNS servers
![interaction of various DNS servers](Assets/network-2.21.png)

**Iterated query**: contacted server replies with name of server to contact.

**Recursive query**: puts burden of name resolution on contacted name server.

![recursive queries in DNS](Assets/network-2.22.png)

#### DNS Caching

Once (any) name server learns mapping, it _caches_ mapping

* cache entries timeout after some time (TTL; Time To Live)
* TLD servers typically cached in local name servers
    * thus root name servers not often visited

Cached entries may be out-of-date!

* if name host changes IP address, may not be known Internet-wide until all TTLs expire

Update/Notify mechanism proposed IETF standard, RFC 2136.

### 2.5.3 DNS Records and Messages

DNS: distributed database storing **resource records** (**RRs**).  
Format:
$$\left(\texttt{Name}, \texttt{Value}, \texttt{Type}, \texttt{TTL}\right)$$

TTL is the time to live of the RR;
it determines when a resource should be removed from a cache.

$\texttt{Type}$ determines meaning of $\texttt{Name}$ and $\texttt{Value}$:

* $\texttt{Type = A}$
    * $\texttt{Name}$ is hostname
    * $\texttt{Value}$ is IP address
* $\texttt{Type = NS}$
    * $\texttt{Name}$ is domain
    * $\texttt{Value}$ is hostname of authoritative name server for this domain
* $\texttt{Type = CNAME}$
    * $\texttt{Name}$ is alias name for some "canonical" (the real) name
    * $\texttt{Value}$ is canonical name
* $\texttt{Type = MX}$
    * $\texttt{Value}$ is name of mailserver associated with $\texttt{Name}$

#### DNS Messages

**Query** and **reply** messages, both with same **message format**.

![DNS message format](Assets/network-2.23.png)

Message header

* **identification**
    * 16 bit number for query, reply to query uses same number
* **flags**
    * query or reply
    * recursion desired
    * recursion available
    * reply is authoritative

#### Inserting Records into the DNS Database

1. Register domain at a **registrar**
    * registrar: a commercial entity that verifies the uniqueness of the domain name
2. Provide names and IP addresses of primary and secondary authoritative DNS servers
    * for each, server, a Type NS and Type A record are entered into TLD
    * e.g. `(networkutopia.com, dns1.networkutopia.com, NS)` and `(dns1.networkutopia.com, 212.212.212.1, A)`

#### Attacking DNS

DDoS attacks

* bombard root server with traffic
    * not successful to date
    * traffic filtering
    * local DNS servers cache IPs of TLD servers, allowing root server bypass
* bombard TLD servers
    * potentially more dangerous

Redirect attacks

* man-in-middle
    * intercept queries
* DNS poisoning
    * send bogus replies to DNS servers, which caches

Exploit DNS for DDoS

* send queries with spoofed source address: target IP
* requires amplification

## 2.6 P2P Applications

No always-on server.  
Arbitrary hosts directly communicate.  
Peers are intermittently connected and change IP addresses.

### 2.6.1. P2P File Distribution

#### File Distribution Time: Client-Server

Server transmission: must sequentially upload $N$ file copies:

* time to send one copy: $\frac{F}{u_{s}}$
* time to send $N$ copies: $\frac{NF}{u_{s}}$

Client: each client must download file copy:

* $d_{\min}$ is min. client download rate
* min. client download time: $\frac{F}{d_{\min}}$

Time to distribute $F$ to $N$ clients using client-server approach:
$$D_{\text{C-S}} \geq \max\left\{\frac{NF}{u_{s}}, \frac{F}{d_{\min}}\right\}$$

#### File Distribution Time: P2P

Server transmission: must upload at least one copy:

* time to send one copy: $\frac{F}{u_{s}}$

Client: each client must download file copy:

* min. client download time: $\frac{F}{d_{\min}}$

Clients: as aggregate must download $NF$ bits

* max upload rate (limiting max download rate) is $u_{s} + \sum_{i}^{N}u_{i}$

Time to distribute $F$ to $N$ clients using P2P approach:
$$D_{\text{P2P}} \geq \max\left\{\frac{F}{u_{s}}, \frac{F}{d_{\min}}, \frac{NF}{u_{s} + \sum_{i}^{N}u_{i}}\right\}$$

#### P2P File Distribution: BitTorrent

File divided into 256 Kb chunks.  
Peers in torrent send/receive file chunks.

**Tracker**: tracks peer participating in swarm.

**Swarm**: group of peers exchanging chunks of a file.

---

* Peer joining swarm
    * has no chunks, but will accumulate them over time from other peers
    * registers with tracker to get list of peers, connects to subset of peers ("neighbors")
* While downloading, peer uploads chunks to other peers
* Peer may change peers with whom it exchange chunks
* **Churn**: peers may come and go
* Once peer has entire file, it may leave or remain in torrent

Requesting chunks:

* at any given time, different peers have different subsets of file chunks
* periodically, peer asks each peer for list of chunks they have
* peer requests missing chunks from peers, rarest first

Sending chunks: tit-for-tat

* peer sends chunks to 4 peers that are sending chunks at highest rate
    * other peers are choked by peer
    * re-evaluate top 4 every 10 seconds
* every 30 seconds, randomly select another peer, starts sending chunks
    * "optimistically unchoke" this peer
    * newly chosen peer may join top 4

### 2.6.2 Distributed Hash Tables (DHTs)

## 2.7 Video Streaming and Content Distribution Networks (CDNs)

Challenges:

* Scale - how to reach ~1B users
* Heterogeneity
    * different users have different capabilities (e.g., wired vs. mobile; bandwidth rich vs. bandwidth poor)

Solution: distributed, application-level infrastructure.

### Multimedia: Video

Video: sequence of images displayed at a constant rate.

Digital image: array of pixels;
each pixel represented by bits..

Coding: use redundancy _within_ and _between_ images to decrease number of bits used to encode image

* spatial (within image)
    * instead of sending $N$ values of same color, send only two values: color value and number of repeated values ($N$)
* temporal (from one image to next)
    * instead of sending complete frame at $i+1$, send only differences from frame $i$

**CBR**: constant bit rate: video encoding rate fixed.

**VBR**: variable bit rate: video encoding rate changes as amount of spatial, temporal coding changes.

### Streaming Multimedia: DASH

**DASH**: **D**ynamic, **A**daptive, **S**treaming over **H**TTP.

Server:

* divides video file into multiple chunks
* each chunk stored, encoded at different rates
* _manifest file_: provides URLs for different chunks

Client:

* periodically measures server-to-client bandwidth
* consulting manifest, requests one chunk at a time
    * choose maximum coding rate sustainable given current bandwidth
    * can choose different encoding rates at different points in time (depending on available bandwidth at time)

"_Intelligence_" at client: client determines

* _when_ to request chunk (so that buffer starvation, or overflow does not occur)
* _what encoding rate_ to request (higher quality when more bandwidth available)
* _where_ to request chunk (can request from URL server that is "close" to client or has high available bandwidth)

### Content Distribution Network

Challenge: how to stream content (selected from millions of videos) to hundreds of thousands of _simultaneous_ users?

Option I: single, large "mega-server"

* single point of failure
* point of network congestion
* long path to distant clients
* multiple copies of video sent over outgoing link

... quite simply: this solution _doesn't scale_.

Option II: store/server multiple copies of videos at multiple geographically distributed sites (_CDN_)

* _enter deep_: push CDN servers deep into many access networks
    * close to users
* _bring home_: smaller numbers (10's) of larger clusters in POPs near (but not within) access networks

Compared with the "enter deep" CDN server placement strategy, the "bring home" strategy typically results in:
	
* lower maintenance and management overhead
* higher delay and lower throughput to end users

CDN: stores copies of content at CDN nodes.  
Subscriber requests content from CDN,

* directed to nearby copy (1), retrieves content
* or to different copy (2) if network path (1) congested

_OTT challenges_ ("over the top"): coping with a congested Internet,

* from which CDN node to retrieve content?
* viewer behavior in presence of congestion?
* what content to place in which CDN node?

## 2.8 Socket Programming: Creating Network Applications

Goal: learn how to build client/server applications that communicate using sockets.

Socket: door between application process and end-end-transport protocol.

Two socket types for two transport services:

* **UDP**: unreliable datagram
* **TCP**: reliable, byte stream-oriented

### 2.8.1 Socket Programming with UDP

No "connection" between client & server,

* no handshaking before sending data
* sender explicitly attaches IP destination address and port number to each packet
* receiver extracts sender IP address and port number from received packet

Transmitted data may be _lost_ or received _out-of-order_.

### 2.8.2 Socket Programming with TCP

Client must contact server,

* server process must first be running
* server must have created socket (door) that welcomes client's contact

Client contacts server by:

* creating TCP socket, specifying IP address, port number of server process
* _when client creates socket_: client TCP establishes connection to server TCP
* when contacted by client, _server TCP creates new socket_ for server process to communicate with that particular client
    * allows server to talk with multiple clients
    * source port numbers used to distinguish clients

# 3. Transport Layer

## 3.1. Transport-Layer Services

Provide **logical communication** between app processes running on different hosts.

Transport protocol run in end systems

* send side: breaks app messages into **segments**, passes into network layer
* receiving side: reassembles segments into messages, passes into application layer

More than one transport protocol available to applications,

* Internet: UDP and TCP

### 3.1.1 Relationship Between Transport and Network Layers

Network layer: logical communication between hosts.

Transport layer: logical communication between processes

* relies on, enhances, network layer services

### 3.1.2 Overview of the Transport Layer in the Internet

**UDP** (User Datagram Protocol): unreliable, unordered delivery

* no-frills extension of "best-effort" IP
    * "best effort" to deliver segments between communicating hosts, _but it makes no guarantees_

**TCP** (Transmission Control Protocol): reliable, in-order delivery

* congestion control
* flow control
* connection setup

Services not available:

* delay guarantees
* bandwidth guarantees

## 3.2 Multiplexing and De-multiplexing

**Multiplexing** at sender: handle data from multiple sockets, add transport header.

**De-multiplexing** at receiver: use header info to deliver received segments to correct sockets.  

**How de-multiplexing works**  
Host receives IP datagrams,

* each datagram has source IP address, destination IP address
* each datagram carries one transport-layer segment
* each segment has source, destination port number (16 bits each)

Host use _IP addresses & port numbers_ to direct segment to appropriate socket.

TCP/UDP segment format:

```text
<------------32 bits------------>
---------------------------------
| source port # |  dest port #  |
---------------------------------
|                               |
|      other header fields      |
|                               |
---------------------------------
|                               |
|          application          |
|             data              |
|          (payload)            |
|                               |
---------------------------------
```

Port numbers ranging from 0 to 1023 are called **well-known port numbers** and are restricted.  
e.g., HTTP uses 80, FTP uses 21

### Connectionless Multiplexing and De-multiplexing

Recall:

* created socket has host-local port number
* when creating datagram to send into UDP socket, must specify
    * destination IP address
    * destination port number

When host receives UDP segment:

* checks destination port number in segment
* direct UDP segment to socket with that port number

IP datagram with _same destination port number_, but different source IP address and/or source port numbers will be directed to _same socket_ at destination.

### Connection-Oriented Multiplexing and De-multiplexing

TCP socket identified by a 4-tuple:

1. source IP address
2. source port number
3. destination IP address
4. destination port number

Demux: receiver uses all four values to direct segment to appropriate socket.

Server host may support many _simultaneous_ TCP sockets: each socket identified by its own 4-tuple.  
i.e. Per-connection socket!

### Web Servers and TCP

Web servers have _different_ sockets for each connection client (even if the dest IP and port number are the same).  
Non-persistent HTTP will have different socket for each request.

All segments will have destination port 80.

## 3.3 Connectionless Transport: UDP

UDP, defined in RFC-768, is a minimal transport protocol, performs:

* multiplexing/demultiplexing function
* some light error checking

If application uses UDP, then it is almost _directly_ talking with IP.  
UDP takes messages from the application process, attaches source and destination port number fields for the multiplexing/demultiplexing service, adds two other small fields, and passes the resulting segment to the network layer.  
The network layer encapsulates the transport-layer segment into an IP datagram and then makes a _best-effort_ attempt to deliver the segment to the receiving host.  
If the segment arrives at the receiving host, UDP uses the destination port number to deliver the segment's data to the correct application process.

UDP performs no handshaking before sending segment, hence _connectionless_.  
_Best-effort_ service; segments may be lost or arrive out-of-order.

Uses of UDP:

* streaming multimedia (loss tolerant, rate sensitive)
* DNS
* SNMP
* NFS

Reasons to use UDP over TCP:

* Finer application-level control over what data is sent, and when
    * UDP will package the data inside a UDP segment and _immediately_ pass the segment to the network layer
    * TCP has congestion control that throttles transport-layer
    * TCP also continue to resend a segment until the receipt of the segment has been acknowledged by the destination, regardless of how long reliable delivery takes; poor for real-time applications
* No connection establishment
    * TCP uses a three-way handshake before it starts to transfer data
        * HTTP uses TCP since reliability is critical for Web pages with text.  
        But, the TCP connection-establishment delay in HTTP is an important contributor to the delays associated with downloading Web documents
    * UDP blasts away without any formal preliminaries; no delay to establishing connection
        * DNS is much faster this way
* No connections state
    * TCP maintains connection state in the end systems.  
        * connection state includes receive and send buffers, congestion-control parameters, and sequence and acknowledgment number parameters
    * UDP maintains no state and keeps track of no parameters
    * A server devoted to a particular application can support many more active clients when the application runs over UDP rather than TCP
* Small packet overhead
    * UDP has 8 bytes for headers in each segment
    * TCP has 20 bytes for headers in each segment

Ways to achieve data reliability with UDP:

* reliability built into an application
    * e.g. add acknowledgment and retransmission mechanisms
* application-specific error recovery

### 3.3.1 UDP Segment Structure

As defined in RFC 768:

```text
<------------32 bits------------>
---------------------------------
| source port # |  dest port #  |
---------------------------------
|    length     |   checksum    |
---------------------------------
|                               |
|          application          |
|             data              |
|          (message)            |
|                               |
---------------------------------
```

4 headers, each is 2 bytes long.

The `length` field specifies the number of bytes in the UDP segment (header _plus_ data).  
An explicit length value is needed since the size of the data field may differ from one UDP segment to the next.

### 3.3.2 UDP Checksum

Goal: detect "errors" (e.g., flipped bits) in transmitted segment.

Sender:

* treat segment contents, including header fields, as sequence of 16-bit integers
    * sums them up with _wraparound_
* checksum: addition (one's complement sum) of segment contents
* sender puts checksum value into UDP `checksum` field

Receiver:

* compute checksum of received segment
* check if computed checksum equals `checksum` field value
    * NO - error detected
    * YES - no error detected... but maybe errors nonetheless? (i.e. `checksum` value corrupted)

![checksum example](Assets/network-checksum-example.png)

## 3.4 Principles of Reliable Data Transfer

One of the "top-ten" problems in network: **reliable data transfer** (**rdt**) in a general context.  
Problem of implementing rdt occurs in transport, link, and application layers.

![Intro to rdt](Assets/network-rdt-intro.png)

* `rdt_send()`
    * called from above, (e.g., by app.)
    * passed data to deliver to receiver upper layer
* `udt_send()`
    * called by rdt, to transfer packet over unreliable channel to receiver
* `rdt_rcv()`
    * called when packet arrives on rcv-side of channel
* `deliver_data()`
    * called by **rdt** to deliver data to upper

**directional data transfer** is similar to **unidirectional data transfer**, other than control info will flow on both directions.

### 3.4.1 Building a Reliable Data Transfer Protocol

Use **finite state machines** (**FSMs**) to specify sender, receiver.

![rdt FSM intro](Assets/network-rdt-fsm-intro.png)

#### Reliable Data Transfer over a Perfectly Reliable Channel: `rdt 1.0`

Underlying channel perfectly reliable:

* no packet loss
* no bit errors

Separate FSMs for sender, receiver.

![rdt 1.0 FSM](Assets/network-rdt-1.0.png)

The sending side of `rdt` accepts data from the upper layer via the `rdt_send(data)` **event**, creates a packet containing the data (via the action `make_pkt(data)`) and sends the packet into the channel.  
`rdt_send(data)` event comes from a _procedure_ call by _upper-layer application_.

On the receiving side, `rdt` receives a packet from the underlying channel via the `rdt_rcv(packet)` **event**, removes the data from the packet (via the action `extract (packet, data)`) and passes the data up to the upper layer (via the action `deliver_data(data)`).  
`rdt_rcv(packet)` event comes from a _procedure_ call by _lower-layer protocol_.

#### Reliable Data Transfer over a Channel with Bit Errors: `rdt 2.0`

Underlying channel may flip bits in packet:

* `checksum` to detect errors

Recovering from errors:

* **positive acknowledgment** (ACK)
* **negative acknowledgment** (NAK)

So, **ARQ** (**Automatic Repeat reQuest**) **protocols**!  
Additional protocol capabilities required in ARQ protocols:

* error detection
* receiver feedback
* retransmission

![rdt 2.0 FSM](Assets/network-rdt-2.0.png)

Note: when sender is in the wait-for-ACK-or-NAK state, it _cannot_ get more data from upper layer.  
Hence, protocols such as `rdt 2.0` are known as **stop-and-wait** protocols.

What happens if ACK/NAK corrupted?

* Sender doesn't know what happened at receiver
* Cannot retransmit; possible duplicate

Possibly solutions for handling corrupted ACKs or NAKs:

1. Introduce a new type of sender-to-receiver packet
    * "what did you say?"
    * might be a difficult solution
2. Add enough checksum bits to allow the sender not only to detect, but also to recover from, bits errors
3. Sender to resend the current data packet when it receives a garbled ACK or NAK
    * introduces **duplicate packets**

Handling duplicate packets:

* Sender retransmits current packet if ACK/NAK corrupted
* Sender adds **sequence number** to each packet
* Receiver discards (doesn't deliver up) duplicate packet

`rdt 2.1` sender FSM:

* Sequence number added to packet
* Two sequence numbers (0, 1) will suffice
* Must check if received ACK/NAK corrupted
* Twice as many states
    * state must remember whether expected packet should have sequence number of 0 or 1

![rdt 2.1 sender FSM](Assets/network-rdt-2.1-sender.png)

`rdt 2.1` receiver FSM:

* Must check if received packet is duplicate
    * state indicates whether 0 or 1 is expected packet sequence
* Note: receiver _cannot_ know if its last ACK/NAK received OK at sender

![rdt 2.1 receiver FSM](Assets/network-rdt-2.1-receiver.png)

`rdt 2.2`: a NAK-free protocol:

* Uses ACKs only
* Instead of NAK, receiver sends ACK for last packet received OK
    * receiver must _explicitly_ include sequence number of packet being ACKed
* Duplicate ACKs at sender results in same action as NAK: retransmit current packet

`rdt 2.2` sender FSM:

![rdt 2.2 sender FSM](Assets/network-rdt-2.2-sender.png)

`rdt 2.2` receiver FSM:

![rdt 2.2 receiver FSM](Assets/network-rdt-2.2-receiver.png)

#### Reliable Data Transfer over a Lossy Channel with Bit Errors: `rdt 3.0`

Underlying channel can also lose packets:

* checksum, sequence numbers, ACKs, retransmissions not enough

Approach: sender waits "reasonable" amount of time for ACK,

* retransmits if no ACK received in this time
* if packet (or ACK) just delayed (not lost):
    * retransmission will be duplicate, handled by sequence numbers
    * receiver must specify sequence number of packet being ACKed
* requires **countdown timer**

How long must the sender wait to be certain that something has been lost?

* at least as long as a round-trip delay between the sender and receiver, along with packet process time
    * which may include buffering at intermediate routers
* difficult to estimate worst-case maximum delay
* waiting for a worst-case delay could mean a long wait until error recovery is initiated

![rdt 3.0 sender](Assets/network-rdt-3.0-sender.png)

`rdt 3.0` also known as **alternating-bit protocol** due to packet sequence number being either 0 or 1.

![rdt 3.0 operation](Assets/network-rdt-3.0-operation.png)

### 3.4.2 Pipelined Reliable Data Transfer Protocols

`rdt 3.0` is correct, but poor performance.  
e.g.: 1 Gbps link, 15 ms prop. delay, 8000 bit packet:

$$D_{\text{trans}} = \frac{L}{R} = \frac{8000~\text{bits}}{10^9~\text{bits/sec}} = 8~\text{microseconds}$$

$U_{\text{sender}}$: **utilization** -- fraction of time sender busy sending:
$$U_{\text{sender}} = \frac{L/R}{RTT + L/R} = \frac{0.008}{30.008} = 0.00027$$

If $RTT=30$ msec, 1 KB packet every 30 msec -> 33 kB/sec throughout over 1 Gbps link!  
Network protocol limits use of physical resources.

**Pipelining**: sender allows multiple, "in-flight", yet-to-be-acknowledged packets

* range of sequence numbers must be increased
* buffering at sender and/or receiver
* two generic forms of pipelined protocols:
    * Go-Back-N
    * Selective Repeat

![rdt stop-and-wait vs pipelining](Assets/network-stop-and-wait-vs-pipelining.png)

### 3.4.3 Go-Back-N (GBN)

Characteristics:

* sender can have up to $N$ un-ACKed packets in pipeline
* receiver only sends **cumulative ACK**
    * does not ACK packets if there's a gap
* sender has timer to oldest un-ACKed packet
    * when the timer expires, retransmit _all_ un-ACKed packets

#### GBN Sender

* k-bit sequence number in packet header
* "window" of up to $N$ consecutive unack'ed packets allowed

![GBN sender's view](Assets/network-3.19.png)

`ACK(n)`: ACKs all packets up to, including sequence number $n$ -- "cumulative ACK"

* may receive duplicate ACKs

Timer for oldest in-flight packet.  
`timeout(n)`: retransmit packet $n$ and all higher sequence number packets in window.

![GBN sender FSM](Assets/network-3.20.png)

Responds to three types of events:

1. Invocation from above
    * when `rdt_send()` called from above, sender checks to see if window is full
        * if not full, a packet is created and sent, and variables are appropriately updated
        * if full, returns the data back to the upper layer, an implicit indication that the window is full
    * real implementation would include a sending buffer
2. Receipt of an ACK
3. A timeout event

#### GBN Receiver

ACK-only: always send ACK for correctly-received packet with highest **in-order** sequence number,

* may generate duplicate ACKs
* need only remember `expectedseqnum`

For out of order packets,

* discard: _no receiver buffering!_
* re-ACK packet with highest in-order sequence number

![GBN receiver FSM](Assets/network-3.21.png)

#### GBN Example

![GBN example](Assets/network-3.22.png)

### 3.4.4 Selective Repeat (SR)

Characteristics:

* sender can have up to $N$ un-ACKed packets in pipeline
* receiver sends **individual ACK** for each packet
    * buffer packets as needed, for eventual in-order delivery to upper layer
* sender maintains timer for each un-ACKed packet
    * when timer expires, retransmit only that un-ACKed packet
* sender window:
    * $N$ consecutive sequence numbers
    * limited sequence numbers of sent, unACKed packets

![SR views](Assets/network-3.23.png)

#### SR Sender Events and Actions

* data received from above
    * if next available sequence number in window, send packet
* `timeout(n)`
    * resent packet $n$, restart timer
* `ACK(n)` in [`sendbase`, `sendbase + N`]
    * mark packet $n$ as received
    * if $n$ smallest unACKed packet, advance window base to next unACKed sequence number

#### SR Receiver Events and Actions

* packet $n$ in [`rcvbase`, `rcvbase + N - 1`]
    * send `ACK(n)`
    * out-of-order: buffer
    * in-order: deliver (also deliver buffered, in-order packets), advance window to next not-yet-received packet
* packet $n$ in [`rcvbase - N`, `rcvbase - 1`]
    * `ACK(n)`
* otherwise
    * ignore

#### SR Example

![SR operation](Assets/network-3.26.png)

#### SR Gone Wrong

_Problem_:  
The lack of synchronization between sender and receiver windows has important consequences when we are faced with the reality of a finite range of sequence numbers!

![SR dilemma](Assets/network-3.27.png)

_Solution_:  
Window size must be _less than or equal to half_ the size of the sequence number space for SR protocols.

## 3.5 Connection-Oriented Transport: TCP

### 3.5.1 The TCP Connection

**Connection-oriented** because two processes send preliminary segments to each other to establish the parameters of the ensuing data transfer ("hand-shaking").

Intermediate network elements do _not_ maintain TCP connection state.  
The connection state resides in the two end systems.

Features:

* provides **full-duplex service**
    * both sides can send segments simultaneously
* **point-to-point**
    * a single sender and a single receiver

**3-way handshake**

> The client first sends a special TCP segment;
> the server responds with a second special TCP segment;
> and finally the client responds again with a third special segment.  
> The first two segments carry no payload; the third of these segments may carry a payload.

During handshake, process sets aside **send buffer** and **receive buffer**.  
TCP, from time to time, will send chunks of data from the send buffer.

**Maximum segment size** (**MSS**): maximum amount of data that can be grabbed and placed in a segment.  
TCP/IP header is typically of 40 bytes in length;
both Ethernet and PPP link-layer protocols have an MSS of 1,500 bytes.  
Note: MSS is the maximum amount of _application-layer_ data in the segment, not the maximum size of the TCP segment including headers.

**Maximum transmission unit** (**MTU**): length of the largest link-layer frame that can be sent by the local sending host.  
We want to ensure a TCP segment (when encapsulated in an IP datagram) along with TCP/IP headers fit into a _single_ link-layer frame.

TCP pairs each chunk of client data with a TCP header, thereby forming TCP segments.  
The segments are passed down to the network layer, where they are separately encapsulated within network-layer IP datagrams.  
The IP datagrams are then sent into the network.

### 3.5.2 TCP Segment Structure

![tcp segment structure](Assets/network-tcp-segment-structure.png)

#### Sequence Numbers and Acknowledgment Numbers

**Sequence Number**:

* byte stream "number" of first byte in segment's data
* e.g., suppose a 500,000 bytes file with MSS of 1000 bytes; TCP constructs 500 segments, first segment assigned sequence number 0, second segment assigned number 1000, etc.

**Acknowledgment Number**:

* sequence number of next byte expected from other side
* TCP only acknowledges bytes up to the first missing byte in the stream, TCP provides **cumulative acknowledgments**

Question: how receiver handles out-of-order segments?  
Answer: TCP spec doesn't say; up to implementor.

![seq number and ack number example](Assets/network-3.31.png)

### 3.5.3 Round-Trip Estimation and Timeout

TCP uses a timeout/retransmit mechanism to recover from lost segments.

Question: how to set TCP timeout value?  
It should be longer than RTT, but RTT varies.  
If too short: premature timeout, unnecessary retransmissions.  
If too long: slow reaction to segment loss.

#### Estimating the Round-Trip Time

`SampleRTT`: measured time from segment transmission until ACK receipt, ignoring retransmissions.  
Most implementation takes one measurement at a time; i.e. `SampleRTT` estimated for only one of the transmitted but _currently_ unacknowledged segments, so a new value approximately once every RTT.

`SampleRTT` will vary, want estimated RTT to be "smoother", so average several _recent_ measurements, not just current.

$$\text{EstimatedRTT} = (1 - \alpha)\cdot\text{EstimatedRTT} + \alpha \cdot \text{SampleRTT}$$

* Exponential weighted moving average
* Influence of past sample decrease exponentially fast

Typically $\alpha = 0.125$.

`DevRTT`: measures variability of the RTT via an estimate of how much `SampleRTT` typically deviates from `EstimatedRTT`

$$\text{DevRTT} = (1 - \beta)\cdot\text{DevRTT} + \beta\cdot|\text{SampleRTT} - \text{EstimatedRTT}|$$

Note: `DevRTT` is an exponential weighted moving average (EWMA) of the difference between `SampleRTT` and `EstimatedRTT`.

#### Setting and Managing the Retransmission Timeout Interval

Timeout interval should be `EstimatedRTT` plus "safety margin".  
Large variation in `EstimatedRTT` $\rightarrow$ larger safety margin.

$$\text{TimeoutInterval} = \text{EstimatedRTT} + 4\cdot\text{DevRTT}$$

`TimeoutInterval` updated when `EstimatedRTT` is updated.

### 3.5.4 Reliable Data Transfer

Internet's network-layer server (IP service) is _unreliable_.  
No guarantees of datagram delivery, in-order delivery, nor integrity of data in the datagram.

Simplified TCP sender:

```
/* Assume sender is not constrained by TCP flow or congestion control, that than MSS in size, and that data transfer is in one direction only. */

NextSeqNum = InitialSeqNumber
SendBase = InitialSeqNumber

loop (forever) {
    switch(event)
        event: data received from application above
            create TCP segment with sequence number NextSeqNum 
            if (timer currently not running)
                start timer
            pass segment to IP 
            NextSeqNum = NextSeqNum + length(data)
            break;
            
        event: timer timeout
            retransmit not-yet-acknowledged segment with
                smallest sequence number
            start timer
            break;
            
        event: ACK received, with ACK field value of y 
            if (y > SendBase) {
                SendBase = y
                if (there are currently any not-yet-acknowledged segments)
                    start timer 
            }
            break;
}
```

#### Sample Scenarios

**Scenario 1**

Host A sends one segment to Host B.  
Suppose that this segment has sequence number 92 and contains 8 bytes of data.  
After sending this segment, Host A waits for a segment from B with acknowledgment number 100.  
Although the segment from A is received at B, the acknowledgment from B to A gets lost.  
In this case, the timeout event occurs, and Host A retransmits the same segment.  
Of course, when Host B receives the retransmission, it observes from the sequence number that the segment contains data that has already been received.  
Thus, TCP in Host B will discard the bytes in the retransmitted segment.

![scenario 1](Assets/network-3.34.png)

**Scenario 2**

Host A sends two segments back to back.  
The first segment has sequence number 92 and 8 bytes of data, and the second segment has sequence number 100 and 20 bytes of data.  
Suppose that both segments arrive intact at B, and B sends two separate acknowledgments for each of these segments.  
The first of these acknowledgments has acknowledgment number 100;
the second has acknowledgment number 120.  
Suppose now that neither of the acknowledgments arrives at Host A before the timeout.  
When the timeout event occurs, Host A resends the first segment with sequence number 92 and restarts the timer.  
As long as the ACK for the second segment arrives before the new timeout, the second segment will not be retransmitted.

![scenario 2](Assets/network-3.35.png)

**Scenario 3**

Host A sends the two segments, exactly as in the second example.  
The acknowledgment of the first segment is lost in the network, but just before the timeout event, Host A receives an acknowledgment with acknowledgment number 120.  
Host A therefore knows that Host B has received _everything_ up through byte 119;
so Host A does not resend either of the two segments.

![scenario 3](Assets/network-3.36.png)

#### Doubling the Timeout Interval

The first concerns the length of the timeout interval after a timer expiration.  
In this modification, whenever the timeout event occurs, TCP retransmits the not-yet-acknowledged segment with the smallest sequence number, as described above.  
But each time TCP retransmits, it sets the next timeout interval to _twice_ the previous value, rather than deriving it from the last `EstimatedRTT` and `DevRTT`.

This modification provides a limited form of congestion control.

#### Fast Retransmits

One of the problems with timeout-triggered retransmissions is that the timeout period can be relatively long.

When a segment is lost, this long timeout period forces the sender to delay resending the lost packet $\to$ increasing the end-to-end delay.  
Fortunately, the sender can often detect packet loss well before the timeout event occurs by noting so-called duplicate ACKs.

![TCP ACK generation recommendation table](Assets/network-table-3.2.png)

Because a sender often sends a large number of segments back to back, if one segment is lost, there will likely be many back-to-back duplicate ACKs.  
If the TCP sender receives three duplicate ACKs for the same data, it takes this as an indication that the segment following the segment that has been ACKed three times has been lost.  
In the case that three duplicate ACKs are received, the TCP sender performs a **fast retransmit**, retransmitting the missing segment before that segment's timer expires.

Code replacement:

```
event: ACK received, with ACK field value of y
    if (y > SendBase) {
        SendBase=y
        if (there are currently any not yet acknowledged segments)
            start timer
    }
    else { /* a duplicate ACK for already ACKed segment */
        increment number of duplicate ACKs received for y
        if (number of duplicate ACKS received for y == 3) /* TCP fast retransmit */
            resend segment with sequence number y
    }
    break;
```

#### Go-Back-N or Selective Repeat?

A proposed modification to TCP, the so-called **selective acknowledgment** [RFC 2018], allows a TCP receiver to acknowledge out-of-order segments selectively rather than just cumulatively acknowledging the last correctly received, in- order segment.  
When combined with selective retransmission -- skipping the retransmission of segments that have already been selectively acknowledged by the receiver -- TCP looks a lot like the SR protocol.  
Thus, TCP's error-recovery mechanism is a hybrid of GBN and SR protocols!

### 3.5.5 Flow Control

TCP has a **flow-control service** to its applications to eliminate the possibility of the sender overflowing the receiver's buffer.  
Note: not the same as **congestion control**, from congestion within the IP network.

The sender maintain a variable called the **receive window**, denoted `RcvBuffer` and typically default sized 4096 bytes (many systems auto-adjust `RcvBuffer`).  
The receive window is used to give the sender an idea of how much free buffer space is available at the receiver.  
TCP is full-duplex $\to$ the sender at each side of the connection maintains a distinct receive window.  

The _receiver_ defines the following variables:

* `LastByteRead`
    * the number of the last byte in the data stream read from the buffer by the application process
* `LastByteRcvd`
    * the number of the last byte in the data stream that has _arrived from the network_ and has been placed in the receive buffer

![receive window](Assets/network-3.38.png)

TCP is not permitted to overflow the allocated buffer, we must have

$$\text{LastByteRcvd} - \text{LastByteRead} \leq \text{RcvBuffer}$$

The receive window, denoted `rwnd`, is set to the amount of spare room in the buffer

$$\text{rwnd} = \text{RcvBuffer} - [\text{LastByteRcvd} - \text{LastByteRead}]$$

The _sender_ defines the following variables:

* `LastByteSent`
* `LastByteAcked`

So, $\text{LastByteSent} - \text{LastByteAcked}$ is the amount of unacknowledged data that sender has sent into the connection, so we have that

$$\text{LastByteSent} - \text{LastByteAcked} \leq \text{rwnd}$$

### 3.5.6 TCP Connection Management

Suppose a process running in one host (client) wants to initiate a connection with another process in another host (server).  
The client first informs the client TCP that it wants to establish a connection to a process in the server.  
The TCP in the client then proceeds to establish a TCP connection with the TCP in the server in the following manner (three-way-handshake):

1. The client-side TCP first sends a special TCP segment to the server-side TCP.  
   This special segment contains no application-layer data, but the `SYN` bit is set to 1.  
   Client randomly chooses an initial sequence number (`client_isn`) and puts this number in the sequence number field of the initial `TCP SYN` segment.
2. The server extracts the TCP SYN segment from the datagram, allocates the TCP buffers and variables to the connection, and sends a connection-granted segment to the client TCP.  
   This connection-granted segment also contains no application-layer data, however does contain three important pieces of information in the segment header.  
   First, the `SYN` bit is set to 1.  
   Second, the acknowledgment field of the TCP segment header is set to `client_isn + 1`.  
   Last, the server chooses its own initial sequence number (`server_isn`) and puts this value in the sequence number field of the TCP segment header.  
   The connection-granted segment is referred to as a **SYNACK segment**.
3. Upon receiving the SYNACK segment, the client also allocates buffers and variables to the connection.  
   The client host then sends the server yet another segment;
   this last segment acknowledges the server's connection-granted segment (the client does so by putting the value `server_isn + 1` in the acknowledgment field of the TCP segment header).  
   The `SYN` bit is set to 0, since the connection is established.  
   May carry client-to-server data in the segment payload.

When a connection ends, the "resources" (buffers and variables) in the hosts are deallocated.  
Client issues a close command, sending a special TCP segment to the server with `FIN` bit set to 1.  
When server receives the segment, it sends the client an acknowledgment segment in return.  
The server then sends its own shutdown segment, which has the `FIN` bit set to 1.  
Finally, the client acknowledges the server's shutdown segment.  
At this point, all the resources in the two hosts are now deallocated.

![tcp states](Assets/network-tcp-states.png)

#### The SYN Flood Attack

This TCP connection management protocol sets the stage for a classic DoS attack known as the **SYN flood attack**.  
In this attack, the attacker(s) send a large number of TCP SYN segments, without completing the third handshake step.  
With this deluge of SYN segments, the server's connection resources become exhausted as they are allocated (but never used!) for half-open connections;
legitimate clients are then denied service.  
Such SYN flooding attacks were among the first documented DoS attacks [CERT SYN 1996].  
An effective defense known as **SYN cookies** [RFC 4987] are now deployed in most major operating systems.

## 3.6 Principles of Congestion Control

Congestion:

* informally: "too many sources sending too much data too fast for _network_ to handle"
* different from flow control
* manifestations:
    * lost packets (buffer overflow at routers)
    * long delays (queuing in router buffers)

### 3.6.1 The Causes and the Costs of Congestion

#### Scenario I: Two Senders, a Router with Infinite Buffers

* two hosts (A and B) each have a connection that shares a single hop between source and destination
* suppose Host A is sending data into the connection at an average rate of $\lambda_{\text{in}}$ bytes/s
    * each unit of data is sent into the socket only once
* simply, data is encapsulated and sent; no error recovery (e.g., retransmission), flow control, or congestion control
* host B also sends at $\lambda_{\text{in}}$ bytes/s
* packets from Hosts A and B pass through a router and over a shared outgoing link of capacity $R$.  
  The router has buffers that allow it to store incoming packets when the packet-arrival rate exceeds the outgoing link's capacity

![scenario 1](Assets/network-3.44.png)

> Even in this (extremely) idealized scenario, we've already found one cost of a congested network -- large queuing delays are experienced as the packet- arrival rate nears the link capacity.

#### Scenario II: Two Senders and a Router with Finite Buffers

* packets will be dropped when arriving to an already-full buffer
* assume that each connection is reliable
* if a packet containing a transport-level segment is dropped at the router, the sender will eventually _retransmit_ it
* rate at which the application sends original data into the socket by $\lambda_{\text{in}}$ bytes/s
* rate at which the transport layer sends segments (containing original data and retransmitted data) into the network will be denoted $\lambda_{\text{in}}'$ bytes/s
    * also referred to as **offered load** to the network

application-layer input $=$ application-layer output: $\lambda_{\text{in}} = \lambda_{\text{out}}$  
transport-layer input includes _retransmission_: $\lambda_{\text{in}}' > \lambda_{\text{in}}$

![scenario 2](Assets/network-3.46.png)

**Idealization: perfect knowledge** (Graph a)

Sender sends only when router buffers available.  
No loss occurs and $\lambda_{\text{in}}' = \lambda_{\text{in}}$ and throughput = $\lambda_{\text{in}}$

**Idealization: known loss** (Graph b)

Packets can be lost, dropped at router due to full buffers.  
Sender only resends if the packet is _known_ to be lost.

Offered load, $\lambda_{\text{in}}' = \frac{R}{2}$.  
The rate at which data are delivered to the receiver application is $\frac{R}{3}$.  
Thus, out of the $0.5R$ units of data transmitted, $0.333R$ bytes/s (on average) are original data and $0.166R$ bytes/ s (on average) are retransmitted data.

> Cost of a congested network -- the sender must perform retransmissions in order to compensate for dropped (lost) packets due to buffer overflow.

**Realistic: duplicates** (Graph c)

Packets can be lost, dropped at router due to full buffers.  
Sender times out prematurely, sending two copies, both of which are delivered.
The receiver needs but one copy of this packet and will discard the retransmission.

The throughput versus offered load when each packet is assumed to be forwarded (on average) twice by the router.  
Since each packet is forwarded twice, the throughput will have an asymptotic value of $\frac{R}{4}$ as the offered load approaches $\frac{R}{2}$.

> Cost of a congested network -- unneeded retransmissions by the sender in the face of large delays may cause a router to use its link bandwidth to forward unneeded copies of a packet.

#### Scenario III: Four Senders, Routers with Finite Buffers, and Multihop Paths

* four hosts transmit packets, each over overlapping two-hop paths
* each host uses a timeout/retransmission mechanism to implement a reliable data transfer service
    * all hosts have the same value of $\lambda_{\text{in}}$
    * all router links have capacity $R$ bytes/s

Question: what happens as $\lambda_{\text{in}}$ and $\lambda_{\text{in}}'$ increase?  
Answer: as $\lambda_{\text{in}}'$ increases, all arriving packets from other host at upper queue are dropped and throughput $\to 0$.

![scenario 3](Assets/network-3.48.png)

> Cost of dropping a packet due to congestion -- when a packet is dropped along a path, the transmission capacity that was used at each of the upstream links to forward that packet to the point at which it is dropped ends up having been wasted.

### 3.6.2 Approaches to Congestion Control

At the broadest level, we can distinguish among congestion-control approaches by whether the network layer provides any explicit assistance to the transport layer for congestion-control purposes:

* _End-to-end congestion control_
    * no explicit feedback from network
    * congestion inferred from end-system observed loss, delay
    * approach taken by TCP
* _Network-assisted congestion control_
    * router provide feedback to end systems
        * single bit indicating congestion (SNA, DECbit, TCP/IP ECN, ATM)
        * explicit rate for sender to send at
    * congestion information is typically fed back from the network to the sender in one of two ways
        * direct feedback may be sent from a network router to the sender (this typically takes the form of a **choke packet**)
        * second form of notification occurs when a router marks/updates a field in a packet flowing from sender to receiver to indicate congestion. Upon receipt of a marked packet, the receiver then notifies the sender of the congestion indication. Note that this latter form of notification takes at least a full round-trip time

## 3.7 TCP Congestion Control

Each sender limit the rate at which it sends traffic into its connection as a function of perceived network congestion.  
If a TCP sender perceives that there is little congestion on the path between itself and the destination, then the TCP sender increases its send rate; 
if the sender perceives that there is congestion along the path, then the sender reduces its send rate.

TCP congestion-control mechanism operating at the sender keeps track of an additional variable, the **congestion window**.  
The congestion window, denoted `cwnd`, imposes a constraint on the rate at which a TCP sender can send traffic into the network such that

$$\text{LastByteSent} - \text{LastByteAcked} \leq \min\{\text{cwnd}, \text{rwnd}\}$$

`cwnd` is dynamic, function of perceived network congestion.

The sender sends `cwnd` bytes of data into the connection; 
at the end of the RTT the sender receives acknowledgments for the data.  

$$\text{TCP sending rate} \approx \frac{\text{cwnd}}{\text{RTT}}~\text{bytes/s}$$

TCP uses acknowledgments to trigger (or clock) its increase in congestion window size, TCP is said to be **self-clocking**.

Guiding principles for TCP congestion control:

* A lost segment implies congestion, and hence, the TCP sender's rate should be decreased when a segment is lost.
* An acknowledged segment indicates that the network is delivering the sender's segments to the receiver, and hence, the sender's rate can be increased when an ACK arrives for a previously unacknowledged segment.
* Bandwidth probing.

Approach: sender increases transmission rate (window size), probing for usable bandwidth, until loss occurs:

* _additive increase_: increase `cwnd` by 1 MSS every RTT until loss detected
* _multiplicative decrease_: cut `cwnd` in half after loss

**TCP congestion-control algorithm** has 3 major components:

1. slow start
2. congestion avoidance
3. fast recovery

#### Slow Start, Congestion Avoidance, Fast Recovery

When connection begins, increase rate exponentially until first loss event:

* initially `cwnd` = 1 MSS
* double `cwnd` every RTT
* done by incrementing `cwnd` for every ACK received

Initial rate is slow but ramps up exponentially fast.

Loss is indicated by timeout:

* `cwnd` set to 1 MSS
* window then grows exponentially to threshold, then grows linearly

Loss indicated by 3 duplicate ACKs: TCP RENO

* duplicate ACKs indicate network capable of delivering some segments
* `cwnd` is cut in half, window then grows linearly

TCP Tahoe always sets `cwnd` to 1 (timeout or 3 duplicate acknowledgments).

Question: when should the exponential increase switch to linear?  
Answer: when `cwnd` gets to $\frac{1}{2}$ of its value before timeout.

Implementation:

* variable `ssthresh`
* on loss event, `ssthresh` is set to $\frac{1}{2}$ of `cwnd` just before loss event

![tcp congestion control fsm](Assets/network-3.52.png)

#### TCP Throughput

W: window size (measured in bytes) where loss occurs

* average window size (number of  in-flight bytes) is $\frac{3}{4}W$
* average throughput is $\frac{3}{4}W$ per RTT

$$\text{Average TCP Throughput} = \frac{3}{4}\frac{W}{RTT}~\text{bytes/s}$$

#### TCP Over High-Bandwidth Paths

The throughput of a TCP connection as a function of the loss rate (L), the round-trip time (RTT), and the maximum segment size (MSS):

$$\text{Average throughput of a connection} = \frac{1.22 \cdot \text{MSS}}{\text{RTT} \sqrt{\text{L}}}$$

### 3.7.1 Fairness

Goal: if $K$ TCP sessions share same bottleneck link of bandwidth $R$, each should have average rate of $\frac{R}{K}$.

Why TCP is fair:

* additive increase gives slope of 1, as throughout increases
* multiplicative decrease decreases throughput proportionally

![tcp is fair](Assets/network-tcp-fairness.png)

#### Fairness and UDP

* multimedia apps often do not use TCP
    * do not want rate throttled by congestion control
* instead use UDP
    * send audio/video at constant rate, tolerate packet loss

#### Fairness and Parallel TCP Connections

* application can open multiple parallel connections between two hosts
    * web browsers do this
* e.g., link of rate $R$ with 9 existing connections:
    * new app asks for 1 TCP, gets rate $\frac{R}{10}$
    * new app asks for 11 TCP, gets $\frac{R}{2}$

## Explicit Congestion Notification (ECN)

Network-assisted congestion control:

* two bits in IP header (ToS feld) marked by _network router_ to indicate congestion
* congestion indication carried to receiving host
* receiver (seeing congestion indication in IP datagram) ) sets ECE bit on receiver-to-sender ACK segment to notify sender of congestion

# 4. Network Layer: The Data Plane

## 4.1 Overview of Network Layer

Transport segment from sending to receiving host.  
On sending side encapsulates segments into datagrams.  
On receiving side, delivers segments to transport layer.  
Network layer protocols in _every_ host, router.  
Router examines header fields in all IP datagrams passing through it.

### Two Key Network-Layer Functions

1. **Forwarding**
    * move packets from router's input to appropriate router output
    * analogy: process of getting through single interchange
2. **Routing**
    * determine route taken by packets from source to destination (_routing algorithms_)
    * analogy: process of planning trip from source to destination

### Data Plane, Control Plan

**Data Plane**

* Local, per-router function
* Determines how datagram arriving on router input port is forwarded to router output port
* Forwarding function

**Control Plane**

* Network-wide logic
* Determines how datagram is routed among routers along end-end path from source host to destination host
* Two control-plane approaches:
    * _traditional routing algorithms_
        * implemented in routers
    * _software-defined networking_ (SDN)
        * implemented in (remote) servers

### Per-Router Control Plane

Individual routing algorithm components in _each and every router_ interact in the control plane.

### Logically Centralized Control Plane

A distinct (typically remote) controller interact with local control agents (CAs).

### Network Service Model

Question: what _service model_ for "channel" transporting datagrams from sender to receiver?

Example services for individual datagrams:

* guaranteed delivery
* guaranteed delivery with less than 40 msec delay

Example services for a flow of datagrams:

* in-order datagram delivery
* guaranteed minimum bandwidth to flow
* restrictions on changes in inter-packet spacing

## 4.2 What's Inside a Router

![router architecture](Assets/network-router-architecture.png)

### Input Port Functions

![input port processing](Assets/network-4.7.png)

Line termination: _physical layer_

* bit-level reception

Link layer: _data link layer_

* e.g., Ethernet

Lookup, forwarding, queuing: _decentralized switching_

* goal: complete input port processing at "line speed"
* queuing: if datagrams arrive faster than forwarding rate into switch fabric
* using header field values, lookup output port using forwarding table in input port memory ("match plus action")
* **destination-based forwarding**: forward based only on destination IP address (traditional)
* **generalized forwarding**: forward based on any set of header field values

#### Destination-Based Forwarding

Longest prefix matching

> when looking for forwarding table entry for given destination address, use _longest_ address prefix that matches destination address


| Destination Address Range | Link Interface |
|---|---|
| `11001000 00010111 00010*** ********` | 0 |
| `11001000 00010111 00011000 ********` | 1 |
| `11001000 00010111 00011*** ********` | 2 |
| otherwise | 3 |

Often performed using ternary content addressable memories (TCAMs),

*  **content addressable**: present address to TCAM: retrieve address in one clock cycle, regardless of table size
* Cisco Catalyst: can up ~1M routing table entries in TCAM

#### Switching Fabric

Transfer packet from input buffer to appropriate output buffer.

_Switching rate_: rate at which packet can be transfer from inputs to outputs

* often measured as multiple input/output line rate
* $N$ inputs: switching rate $N$ times line rate desirable

Three types:

1 **_Memory_**

Simplest, earliest routers were computers.  
Switching done under direct control of the CPU (routing processor).

> An input port with an arriving packet first signaled the routing processor via an interrupt.  
> The packet was then copied from the input port into processor memory.  
> The routing processor then extracted the destination address from the header, looked up the appropriate output port in the forwarding table, and copied the packet to the output port's buffers.

If the memory bandwidth is $B$ packets per second being written into, or read from, memory, then the overall forwarding throughput must be less than $B/2$

Two packets cannot be forwarded at the same time, even if they have different destination ports, since only one memory read/write over the shared system bus can be done at a time.

Many modern routers switch via memory.  
A major difference is that the lookup of the destination address and the storing of the packet into the appropriate memory location are performed by processing on the input line cards.

2 **_Bus_**

An input port transfers a packet directly to the output port over a shared bus, without intervention by the routing processor.

> The input port prepends a switch-internal label (header) to the packet indicating the local output port to which this packet is being transferred and transmitting the packet onto the bus.  
> The packet is received by _all_ output ports, but only the port that matches the label will keep the packet.  
> The label is then removed at the output port, as this label is only used within the switch to cross the bus.

If multiple arriving packets, but wait one by one.  
Throughput is the speed of the bus.

3 **_Crossbar_**

Interconnection network consisting of $2N$ buses that connect $N$ input ports and $N$ output ports.  
Crosspoint opened or closed by the switch fabric controller.

> When a packet arrives from port A and needs to be forwarded to port Y, the switch controller closes the crosspoint at the intersection of buses A and Y.

Capable of forwarding multiple packets in parallel.  
However, if two packets from two different input ports are destined at the same output port, then one will have to wait at the input.

![types of switching fabrics](Assets/network-4.8.png)

#### Input Port Queuing

Fabric slower than input ports combined $\to$ queuing may occur at input queues.  
_Queuing delay and loss due to input buffer overflow!_

_Head-of-the-Line (HOL) blocking_: queued datagram at front of queue prevents others in queue from moving forward.

![HOL blocking](Assets/network-hol-blocking.png)

### Output Ports

![output ports](Assets/network-output-ports.png)

_Buffering_ required when datagrams arrive from fabric faster than transmission rate.

> Datagram (packets) can be lost due to congestion, lack of buffers.

_Scheduling discipline_ chooses among queued datagrams for transmission.

> Priority scheduling - who gets best performance.

#### Output Port Queuing

Buffering when arrival rate via switch exceeds output line speed.  
Queuing (delay) and loss due to output port buffer overflow!

![output port queuing](Assets/network-output-port-queuing.png)

### How much buffering

RFC 3439 rule of thumb: average buffering equal to "typical" RTT times link capacity C
$$\text{RTT} \cdot \text{C}$$

Recent recommendation: with $N$ flows, buffering equal to
$$\frac{\text{RTT}\cdot\text{C}}{\sqrt{N}}$$

### Scheduling Mechanism

_Scheduling_: choose next packet to send on link.

_FIFO scheduling_: send in order of arrival to queue.

_Discard policy_: what to discard when full queue?

* *tail drop*: drop arriving packet
* *priority*: drop/remove on priority basis
* *random*: drop/remove randomly

#### Scheduling Policies: Priority

> Send highest priority queued packet

Multiple _classes_, with different priorities.  
Class may depend on marking or other header info, e.g. IP source/dest, port numbers, etc.

## 4.3 IP: Internet Protocol

![internet network layer](Assets/network-internet-network-layer.png)

![IP datagram format](Assets/network-ip-datagram-format.png)

### IP Fragmentation, Reassembly

Network links have _MTU_ (_max transfer size_) - largest possible link-level frame.  
Different link types $\to$ different MTUs.

Large IP datagram divided ("fragmented") within net

* one datagram becomes several datagrams
* "reassembled" only at final destination
* IP header bits used to identify, order related fragments

_Example_: 4000 bytes datagram, MTU = 1500 bytes.  
3 fragments, since 4000 bytes datagram = 20 bytes of IP headers and 3980 bytes of IP payload.

| fragment | bytes | ID | offset | flag |
|---|---|---|---|---|
| 1st | 1480 bytes in the data field of the IP datagram | 777 | offset = 0 (meaning the data should be inserted beginning at byte 0) | flag = 1 (meaning there is more) |
| 2nd | 1480 bytes of data | 777 | offset = 185 (meaning the data should be inserted beginning at byte 1480. Note that $185 \cdot 8 = 1480$) | flag = 1 (meaning there is more) |
| 3rd | 1020 bytes ($= 3980 - 1480 - 1480$) of data  | 777 | offset = 370 (meaning the data should be inserted beginning at byte 2960. Note that $370 \cdot 8 = 2960$) | flag = 0 (meaning this is the last fragment) |

### IP Addressing: Introduction

_IP address_: 32-bit identifier for host, router _interface_.

_Interface_: connection between host/router and physical link

* router's typically have multiple interfaces
* host typically has one or two interfaces (e.g., wired Ethernet, wireless 802.11)

IP addresses associated with _each_ interface.

Wired Ethernet interfaces connected by Ethernet switches.  
Wireless WiFi interfaces connected by WiFi base station.

#### Subnets

* IP address
    * subnet part - high order bits
    * host part - low order bits
* _what is a subnet?_
    * device interfaces with same subnet part of IP address
    * can physically reach each other _without intervening router_

Network consisting of 3 subnets:
![subnet example](Assets/network-subnet-example.png)

Network consisting of 3 routers interconnecting 6 subnets:
![subnet example two](Assets/network-subnet-example1.png)

### IP Addressing: CIDR

_CIDR_: Classless InterDomain Routing

* subnet portion of address of arbitrary length
* address format: _a.b.c.d/x_, where x is number bits in subnet portion of address


$$\overbrace{11001000~00010111~0001000}^{\text{subnet part}}\overbrace{0~00000000}^{\text{host part}}$$
$$\text{200.23.16.0/23}$$

### IP Addresses: How To Get One?

* Hard-coded by system admin in a file
    * Windows: Control Panel -> Network -> Configuration -> TCP/IP -> Properties
    * UNIX: /etc/rc.config
* _DHCP_: Dynamic Host Configuration Protocol
    * dynamically get address from as server
    * "plug-and-play" because DHCP's ability to automate the network-related aspects of connecting a host into a network


Q: how does _network_ get subnet part of IP address?  
A: gets allocated portion of its provider ISP's address space, like follows

\begin{align*}
&\text{ISP's block} &\overline{11001000~00010111~00010000}~00000000 ~ 200.23.16.0/23 \\
& \\
&\text{Organization 0} &\overline{11001000~00010111~0001000}0~00000000 ~ 200.23.16.0/23 \\
&\text{Organization 1} &\overline{11001000~00010111~0001001}0~00000000 ~ 200.23.18.0/23 \\
&\text{Organization 2} &\overline{11001000~00010111~0001010}0~00000000 ~ 200.23.20.0/23 \\
&\ldots \\
&\text{Organization 7} &\overline{11001000~00010111~0001111}0~00000000 ~ 200.23.30.0/23
\end{align*}

Q: how does an ISP get block of addresses?  
A: _ICANN_: [Internet Corporation for Assigned Names and Numbers](http://www.icann.org)

* allocates addresses
* manages DNS
* assigns domain names, resolves disputes

#### DHCP

Goal: allow host to _dynamically_ obtain its IP address from network server when it joins network

* can renew its lease on address in use
* allows reuse of addresses (only hold address while connected/"on")
* support for mobile users who want to join network

Overview:

* host broadcasts "_DHCP discover_" message [optional]
* server responds with "_DHCP offer_" message [optional]
* host requests IP address with "_DHCP request_" message
* server sends address with "_DHCP ack_" message

DHCP can return more than just allocated IP address on subnet:

* address of first-hop router for client
* name and IP address of (local) DNS server
* network mask (indicating network vs. host portion of address)

#### Hierarchical Addressing

![network-hierarchical-addressing-aggregate](Assets/network-hierarchical-addressing-aggregate.png)

![network-hierarchical-addressing-specific](Assets/network-hierarchical-addressing-specific.png)

### NAT: Network Address Translation

![network address translation](Assets/network-nat.png)

Motivation: local network uses just one IP address as far as outside world is concerned

* range of addresses not needed from ISP: just one IP address for all devices
* can change addresses of device in local network without notifying outside world
* can change ISP without changing addresses of devices in local network
* devices inside local net not explicitly addressable, visible by outside world (a security plus)

Implementation: NAT router must

* _outgoing datagrams: replace_ (source IP address ,port #) of every outgoing datagram to (NAT IP address, new port #)
    * remote clients/servers will respond using (NAT IP address, new port #) as destination address
* _remember (in NAT translation table)_ every (source IP address, port #) to (NAT IP address, new port #) translation pair
* _incoming datagrams: replace_ (NAT IP address, new port #) in destination fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table

Example:
![NAT example](Assets/network-nat-example.png)

More on NAT:

* 16-bit port-number field
    * 60k simultaneous connections with a single LAN-side address
* NAT is controversial
    * routers should only process up to layer 3
    * address shortage should be solved by IPv6
    * violates end-to-end argument
        * NAT possibility must be taken into account by app designers (e.g., P2P apps)
    * NAT traversal: what if client wants to connect to server behind NAT?

### IPv6

#### IPv6: Motivation

Initial motivation: 32-bit address space soon to be completely allocated.

Additional motivation:

* header format helps speed processing/forwarding
* header changes to facilitate QoS

#### IPv6 Datagram Format

* fixed-length 40 byte header
* no fragmentation allowed

![IPv6 datagram format](Assets/network-ipv6-datagram-format.png)

_priority_: identify priority among datagrams in flow.  
_flow label_: identify datagrams in same "flow" ("flow" is not a well defined concept)
_next header_: identify upper layer of protocol for data (e.g., to TCP or UDP)

Other changes from IPv4:

* _checksum_: removed entirely to reduce processing time at each hop
* _options_: allowed, but outside of header, indicated by "Next Header" field
* _ICMPv6_: new version of ICMP
    * additional message types, e.g., "Packet Too Big"
    * multicast group management functions

#### Transition from IPv4 to IPv6

* not all routers can be upgraded simultaneously
    * no "flag days"

Q: how will network operate with mixed IPv4 and IPv6 routers?
A: _tunneling_: IPv6 datagram carried as _payload_ in IPv4 datagram among IPv4 routers

Example:
![IPv6-IPv4 tunneling example](Assets/network-tunneling-example.png)

#### IPv6: Adoption

Google: 8% of clients access services via IPv6.  
NIST: $\frac{1}{3}$ of all US government domains are IPv6 capable.

## 4.4 Generalized Forward and SDN

Each router contains a **flow table** that is computed and distributed a _logically centralized_ routing controller.

### OpenFlow Data Plane Abstraction

* _flow_: defined by header fields
* generalized forwarding: simple packet-handling rules
    * **Pattern**: _match_ values in packet header fields
    * **Actions: for matched packet**: drop, forward, modify, matched packet or send matched packet to controller
    * **Priority**: disambiguate overlapping patterns
    * **Counters**: #bytes and #packets

Flow table in a router (computed and distributed by controller) define router's match+action rules!

Review slides 62 and onwards.

# 5. Network Layer: The Control Plane
