IB7200 - Connectivity in ICT4D

Total Page:16

File Type:pdf, Size:1020Kb

IB7200 - Connectivity in ICT4D IB7200 - connectivity in ICT4D Lecture 3 DNS - domain name system Mapping name and ipnumbers. Forward: name to number nic.lth.se. IN A 130.235.20.3 Reverse: number to name 3.20.235.130.in-addr.arpa. IN PTR nic.lth.se. DNS lookup Routing protocols Packets need to find way through net Static routing: Each way is added manually. Normally don’t use, gets messy very soon… Instead use dynamic routing Routing info protocol (RIP) Simple, early protocol. Distance vector. (low overhead) Rip v2 better. Never use rip v1. Avoid rip v2 Dynamic routing - OSPF Open Shortest Path First (OSPF) Used inside organisation. Very stable and compatible between vendors. Uses link state algoritm: All routers know the whole topology. Requires more computational power (no problem today) Border Gateway Protocol (BGP) Used between organizations (borders) Between autonomous systems (AS) Each AS has a number 0-65000 Can decide “policy routing” like not allowing traffic from some AS. My ORG Other ORG BGP OSFP AS y AS x Summary Use OSPF internally + BGP externally External AS2 External AS1 BGP BGP OSFP Multicast Send to many on a network. Internet Group Management Protocol (IGMP). Adresses 224.0.0.0 to 239.255.255.255 PIM - protocol independent multicast Within an organisation Multicast Source Discovery Protocol (MSDP) Between organisations IPv6 128 bit addreses. Written in hex. 2001:6b0:1:1d20:214:c2ff:fe3a:5eec/64 64 bit net + 4 bit host Host is normally 12 bit fill + 48 bit mac-addr Each “nibble” (character) is 4 bit KTH has 2001:6b0:1::/48 2001:06b0:0001 ie we have 2^18 networks each with 2^64 hosts… Wireless Local area - WiFi - WLAN 802.11* Metro - WIMAX 802.16 Wide area - GPRS: GSM, UMTS-3G VSAT - slow expensive but necesary in some places. Satellite telephony - slow, expensive 802.11* 802.11b 2.4Ghz, 11mbps, typical 5 mps, ~100 m 802.11g 2.4 Ghz, 54mbps, typical 20 mbps 802.11a 5.3 Ghz, 54mbps, typical 20 mbps 802.11n (draft) 2.4 GHz or 5 GHz, 540 Mbit/s, 200 Mbit/s ~50 meters (~165 ft) Wireless in campus design. Used for point to point Today 802.11 works well. Up to 40 km. Normally shorter. Use redundant links. Directional antennas for longer distances. Sometimes a point-to-multipoint Wireless links Layer3 switch Backup wlan Long distance links AIR-ANT3338 antenna guide + overview http://www.cisco.com/en/US/products/hw/wireless/ps 469/products_data_sheet09186a008008883b.html http://forskningsnett.uninett.no/wlan/radio.html Wimax for backhaul Wimax WLAN subscriber AP Wimax center Wimax WLAN subscriber AP Wimax WLAN subscriber AP ADSL and tunneling. Sometimes you can get ADSL to a campus. Then you can use VPN-boxes like openWRT. Adsl operator vpn Internet Central VPN vpn router vpn Cisco 1841 + HWIC-3G-GSM Wireless Wan High-Speed WAN Interface Linksys 3G WRT54G3G Open source: Linux bridges, routers and firewalls Vyatta - supports open software router “Xorp”. OpenWrt – linux access points (see later) Linux Iptables – filter on IP-level – advanced. Ebtables – filter on briding level. Swedish router ”bifrost” ”Captive portal” for network login. Wireless nets. OpenWrt Linux based. Free software for wireless access points Linkssys, Asus, Netgear etc. Chapter 5. IP Chapter 1. Networking Objectives Section 5.1. IP-Addressing Basics Section 1.1. Business Requirements Section 5.2. IP-Address Classes Section 1.2. OSI Protocol Stack Model Section 5.3. ARP and ICMP Section 1.3. Routing Versus Bridging Section 5.4. Network Address Translation Section 5.5. Multiple Subnet Broadcast Section 5.6. General IP Design Strategies Section 5.7. DNS and DHCP Chapter 6. IP Dynamic Routing Section 6.1. Static Routing Section 1.4. Top-Down Design Philosophy Section 6.2. Types of Dynamic Routing Protocols Chapter 2. Elements of Reliability Section 6.3. RIP Section 2.1. Defining Reliability Section 6.4. IGRP and EIGRP Section 2.2. Redundancy Section 6.5. OSPF Section 2.3. Failure Modes Section 6.6. BGP Chapter 3. Design Types Chapter 8. Elements of Efficiency Section 3.1. Basic Topologies Section 8.1. Using Equipment Features Effectively Section 3.2. Reliability Mechanisms Section 8.2. Hop Counts Section 3.3. VLANs Section 8.3. MTU Throughout the Network Section 3.4. Toward Larger Topologies Section 8.4. Bottlenecks and Congestion Section 3.5. Hierarchical Design Section 8.5. Filtering Section 3.6. Implementing Reliability Section 8.6. Quality of Service and Traffic Shaping Section 3.7. Large-Scale LAN Topologies Chapter 9. Network Management Chapter 4. Local Area Network Technologies Section 9.1. Network-Management Components Section 4.1. Selecting Appropriate LAN Technology Section 9.2. Designing a Manageable Network Section 4.2. Ethernet and Fast Ethernet Section 9.3. SNMP Section 4.4. Gigabit and 10 Gigabit Ethernet Section 9.4. Management Problems Section 4.5. ATM Chapter 10. Special Topics Section 4.7. Wireless Section 10.1. IP Multicast Networks Section 4.8. Firewalls and Gateways Section 10.2. IPv6 Section 4.9. Structured Cabling Section 10.3. Security.
Recommended publications
  • "Mutually Controlled Routing with Independent Isps"
    Mutually Controlled Routing with Independent ISPs Ratul Mahajan David Wetherall Thomas Anderson Microsoft Research University of Washington University of Washington and Intel Research Abstract – We present , an Internet routing pro- Our intent is to develop an interdomain routing proto- Wiser tocol that enables ISPs to jointly control routing in a way col that addresses these problems at a more basic level. that produces efficient end-to-end paths even when they We aim to allow all ISPs to exert control over all routes act in their own interests. is a simple extension to as large a degree as possible, while still selecting end- Wiser of BGP, uses only existing peering contracts for mone- to-end paths that are of high quality. This is a difficult tary exchange, and can be incrementally deployed. Each problem and there are very few examples of effective me- ISP selects paths in a way that presents a compromise diation in networks, despite competitive interests having between its own considerations and those of other ISPs. long been identified as an important factor [8]. Done over many routes, this allows each ISP to improve While it is not a priori obvious that it is possible to its situation by its own optimization criteria compared to succeed at this goal, our earlier work on Nexit [28] sug- the use of BGP today. We evaluate using a router- gests that efficient paths are, in fact, a feasible outcome of Wiser level prototype and simulation on measured ISP topolo- routing across independent ISPs in realistic network set- gies. We find that, unlike Internet routing today, tings.
    [Show full text]
  • Technical Impacts of DNS Privacy and Security on Network Service Scenarios
    - Technical Impacts of DNS Privacy and Security on Network Service Scenarios ATIS-I-0000079 | April 2020 Abstract The domain name system (DNS) is a key network function used to resolve domain names (e.g., atis.org) into routable addresses and other data. Most DNS signalling today is sent using protocols that do not support security provisions (e.g., cryptographic confidentiality protection and integrity protection). This may create privacy and security risks for users due to on-path nodes being able to read or modify DNS signalling. In response to these concerns, particularly for DNS privacy, new protocols have been specified that implement cryptographic DNS security. Support for these protocols is being rapidly introduced in client software (particularly web browsers) and in some DNS servers. The implementation of DNS security protocols can have a range of positive benefits, but it can also conflict with important network services that are currently widely implemented based on DNS. These services include techniques to mitigate malware and to fulfill legal obligations placed on network operators. This report describes the technical impacts of DNS security protocols in a range of network scenarios. This analysis is used to derive recommendations for deploying DNS security protocols and for further industry collaboration. The aim of these recommendations is to maximize the benefits of DNS security support while reducing problem areas. Foreword As a leading technology and solutions development organization, the Alliance for Telecommunications Industry Solutions (ATIS) brings together the top global ICT companies to advance the industry’s business priorities. ATIS’ 150 member companies are currently working to address network reliability, 5G, robocall mitigation, smart cities, artificial intelligence-enabled networks, distributed ledger/blockchain technology, cybersecurity, IoT, emergency services, quality of service, billing support, operations and much more.
    [Show full text]
  • Openflow: Enabling Innovation in Campus Networks
    OpenFlow: Enabling Innovation in Campus Networks Nick McKeown Tom Anderson Hari Balakrishnan Stanford University University of Washington MIT Guru Parulkar Larry Peterson Jennifer Rexford Stanford University Princeton University Princeton University Scott Shenker Jonathan Turner University of California, Washington University in Berkeley St. Louis This article is an editorial note submitted to CCR. It has NOT been peer reviewed. Authors take full responsibility for this article’s technical content. Comments can be posted through CCR Online. ABSTRACT to experiment with production traffic, which have created an This whitepaper proposes OpenFlow: a way for researchers exceedingly high barrier to entry for new ideas. Today, there to run experimental protocols in the networks they use ev- is almost no practical way to experiment with new network ery day. OpenFlow is based on an Ethernet switch, with protocols (e.g., new routing protocols, or alternatives to IP) an internal flow-table, and a standardized interface to add in sufficiently realistic settings (e.g., at scale carrying real and remove flow entries. Our goal is to encourage network- traffic) to gain the confidence needed for their widespread ing vendors to add OpenFlow to their switch products for deployment. The result is that most new ideas from the net- deployment in college campus backbones and wiring closets. working research community go untried and untested; hence We believe that OpenFlow is a pragmatic compromise: on the commonly held belief that the network infrastructure has one hand, it allows researchers to run experiments on hetero- “ossified”. geneous switches in a uniform way at line-rate and with high Having recognized the problem, the networking commu- port-density; while on the other hand, vendors do not need nity is hard at work developing programmable networks, to expose the internal workings of their switches.
    [Show full text]
  • Captive Portal Detection Error May Be Triggered If There Is HTTP 302 Response Code Received PRS-325375 While Connecting to IVE
    Pulse Connect Secure Release Notes 8.1 R4 Build 37085: July 2015 Revision 01 Contents Introduction......................................................................................................................... 1 Interoperability and Supported Platforms ............................................................................ 2 Noteworthy changes in 8.1r4 Release ................................................................................ 2 Problems Resolved in 8.1R4 Release ................................................................................ 2 Known Issues in 8.1R3.2 release ....................................................................................... 4 Problems Resolved in 8.1R3.1 Release ............................................................................. 4 Pulse Connect Secure New Features in 8.1R3 ................................................................... 5 Noteworthy changes in this Release................................................................................... 6 Problems Resolved in 8.1R3 Release ................................................................................ 6 Known Issues in this release .............................................................................................. 7 Pulse Connect Secure Access New Features in 8.1R2 Release ........................................ 8 Disable TLS 1.0 ....................................................................................................... 8 New Functionality to create role mapping rules
    [Show full text]
  • Filtering and Identifying Web Activity by User Name
    Wavecrest®TechBrief Filtering and Identifying Web Activity by User Name www.wavecrest.net When a company implements a Web filtering and monitoring solution, it typically wants to filter and monitor the Web traffic flowing through its network by user name versus IP address for various reasons. Some of these reasons include curtailing casual surfing, protecting against security threats, and conserving bandwidth. Furthermore, a company’s Acceptable Use Policy (AUP) is usually based on user names and/or groups of user names. Therefore, the application that enforces and monitors the company’s AUP needs to identify Web activity by user name. IP addresses can be dynamic, and sometimes more than one employee can log on to a computer, and hence, more than one user name will be using the same IP address. Many an IT administrator is tasked with ensuring that the company’s employees are going through the proxy that is in place, so that Web activity can be monitored by user name. To get user names and authenticate users, IT administrators can choose any of the proxy configuration options and authentication methods described below. Depending on the company’s preference, one proxy configuration option may be more favorable than the other. Here, we will discuss applying browser settings manually, pushing out group policies using Active Directory (AD), using a captive portal, and installing client software. We will also touch on the different ways that you can authenticate your Internet users using our CyBlock products. Applying Browser Settings Manually Applying browser settings involves identifying a proxy server which is required if you need user names.
    [Show full text]
  • 9 Caching Proxy Server
    webXaccelerator: Owner's Guide by Luis Soltero, Ph.D., MCS Revision 1.06 February 10, 2010 (v1.2.3.10-RELEASE) Copyright © 2010 Global Marine Networks, LLC Table of Contents 1 Quick Start..............................................................................................................................................5 2 Introduction.............................................................................................................................................8 3 Initial Installation and Configuration......................................................................................................9 3.1 Connections.....................................................................................................................................9 3.2 Power-up..........................................................................................................................................9 3.3 Power-down...................................................................................................................................10 3.4 Web Administrator........................................................................................................................10 3.5 LAN Setup.....................................................................................................................................10 3.6 WAN Setup....................................................................................................................................11 3.7 WAN2 (Backup WAN) Setup........................................................................................................13
    [Show full text]
  • Tunneled Internet Gateway Wi-Fi Access for Mobile Devices in High-Security Environments Table of Contents
    WHITE PAPER TUNNELED INTERNET GATEWAY Wi-FI ACCESS FOR MOBILE DEVICES IN High-SECURitY ENVIRONMENTS TABLE OF CONTENTS THE ChALLENGE: Wi-FI ACCESS FOR MOBILE DEVICES IN high-SECURitY ENVIRONMENTS 3 ARUBA TUNNELED INTERNET GATEWAY SOLUtiON 3 HOW thE TUNNELED INTERNET GATEWAY WORKS 3 APPENDIX 5 TOPOLOGY DIAGRAMS 8 ABOUT ARUBA NETWORKS, INC. 9 WHITE PAPER TUNNELED INTERNET GATEWAY THE CHALLENGE: WI-FI ACCESS FOR MOBILE HOW THE TUNNELED INTERNET GATEWAY WORKS DEVICES IN HIGH-SECURITY ENVIRONMENTS Summary Since the debut of the iPhone in 2007, the private sector The Tunneled Internet Gateway is enabled through software has seen a proliferation of personal mobile devices used in configuration to any new or existing controller-based Aruba the workplace. Government customers, while slower to WLAN. Mobile users connect their devices to the Internet adopt commercially available mobile devices in the gateway SSID, creating an encrypted session with an Aruba workplace, recognize the cost and productivity advantages Mobility Controller deployed in the restricted network. and are looking for ways to increase their usage and speed- up adoption. The controller maintains logical separation between Internet sessions and restricted sessions using a Common Criteria Many civilian and military organizations have already begun EAL4+ validated firewall, then routes Internet traffic through large-scale acquisitions of commercial off-the-shelf (COTS) an additional encrypted data tunnel to a router attached to a mobile devices for distribution to relevant personnel. The commercial Internet service provider. The result is a secure, February 2013 purchase by the U.S. Department of Defense simple and low-cost network overlay with strong separation of 630,000 Apple iOS-based mobile devices is just one between restricted and Internet data.
    [Show full text]
  • Anyconnect Captive Portal Detection and Remediation
    Contents Introduction Prerequisites Requirements Components Used Background Information Captive Portal Remediation Requirements Captive Portal Hotspot Detection Captive Portal Hotspot Remediation False Captive Portal Detection AnyConnect Behavior Captive Portal Incorrectly Detected with IKEV2 Workarounds Disable the Captive Portal Feature Introduction This document describes the Cisco AnyConnect Mobility Client captive portal detection feature and the requirements for it to function correctly. Many wireless hotspots at hotels, restaurants, airports, and other public places use captive portals in order to block user access to the Internet. They redirect HTTP requests to their own websites that require users to enter their credentials or acknowledge terms and conditions of the hotspot host. Prerequisites Requirements Cisco recommends that you have knowledge of the Cisco AnyConnect Secure Mobility Client. Components Used The information in this document is based on these software versions: ● AnyConnect Version 3.1.04072 ● Cisco Adaptive Security Appliance (ASA) Version 9.1.2 The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Background Information Many facilities that offer Wi-Fi and wired access, such as airports, coffee shops, and hotels, require users to pay before they obtain access, agree to abide by an acceptable
    [Show full text]
  • Virtually Eliminating Router Bugs
    Virtually Eliminating Router Bugs Eric Keller∗ Minlan Yu∗ Matthew Caesar† Jennifer Rexford∗ ∗ Princeton University, Princeton, NJ, USA † UIUC, Urbana, IL, USA [email protected] {minlanyu, jrex}@cs.princeton.edu [email protected] ABSTRACT 1. INTRODUCTION Software bugs in routers lead to network outages, security The Internet is an extremely large and complicated dis- vulnerabilities, and other unexpected behavior. Rather than tributed system. Selecting routes involves computations across simply crashing the router, bugs can violate protocol se- millions of routers spread over vast distances, multiple rout- mantics, rendering traditional failure detection and recovery ing protocols, and highly customizable routing policies. Most techniques ineffective. Handling router bugs is an increas- of the complexity in Internet routing exists in protocols im- ingly important problem as new applications demand higher plemented as software running on routers. These routers availability, and networks become better at dealing with tra- typically run an operating system, and a collection of proto- ditional failures. In this paper, we tailor software and data col daemons which implement the various tasks associated diversity (SDD) to the unique properties of routing proto- with protocol operation. Like any complex software, routing cols, so as to avoid buggy behavior at run time. Our bug- software is prone to implementation errors, or bugs. tolerant router executes multiple diverse instances of routing software, and uses voting to determine the output to publish 1.1 Challenges in dealing with router bugs to the forwarding table, or to advertise to neighbors. We de- sign and implement a router hypervisor that makes this par- The fact that bugs can produce incorrect and unpredictable allelism transparent to other routers, handles fault detection behavior, coupled with the mission-critical nature of Inter- and booting of new router instances, and performs voting in net routers, can produce disastrous results.
    [Show full text]
  • IEEE Workshop on Open-Source Software Networking (OSSN) CALL for PAPERS
    IEEE Workshop on Open-Source Software Networking (OSSN) CALL FOR PAPERS SEOUL, KOREA – June 6 2016 http://opennetworking.kr/ossn The IEEE International Workshop on Open-Source Software Networking (OSSN 2016) will be held on June 6, 2016 in Seoul Korea along with the 2nd IEEE International Conference on Network Softwarization (NetSoft 2016, sites.ieee.org/netsoft). The OSSN workshop aims to provide a venue for sharing experiences on developing and operating open-source software-centric networking tools and platforms. It intends to cover various aspects for open-source collaboration community of professionals from academia and industry. Full and short (work-in-process) papers are solicited to discuss experiences on development, deployment, operation, and experimental studies around the overall lifecycle of open-source software networking. Topics of Interest Authors are invited to submit papers that fall into any topics related with open-source software networking. Topics of interest include, but are not limited to, the following: • SDN (Software Defined Networking): ONOS, Open Daylight, Ryu, … • NFV (Network Function Virtualization): OPNFV, OpenMano, … • Switching: Open vSwitch, Open Switch, Open Network Linux, Indigo, … • Routing: Click, Zebra, Quagga, XORP, VyOS, Project Calico, … • Wireless: OpenLTE, OpenAirInterface, … • Cloud and Analytics: OpenStack Neutron, Docker networking, Hadoop, Spark, … • Monitoring and Messaging: Catti, Nagios, Zabbix, Zenoss, Ntop, Kafka, RabbitMQ, … • Security and Utilities: Snort, OpenVPN, Netfilter, IPtables, Wireshark, NIST Net, … • Development and Simulation: NetFPGA, GNU radio, ns-3, … Paper Submission Authors are invited to submit only original papers (written in English) not published or submitted for publication elsewhere. Full papers can be up to 6 pages while short (work-in-progress) papers are up to 4 pages.
    [Show full text]
  • The Dawn of Open-Source Routing
    VYATTA, INC. | Release Notes Vyatta Release 2.0 February 2007 Document Part No. A0-0081-10-02 Vyatta Suite 160 One Waters Park Drive San Mateo, CA 94403 vyatta.com VYATTA, INC. | Release Notes Contents • New in This Release • Behavior Changes • Upgrade Notes • Resolved Issues • Known Issues New in This Release • IPsec VPN. This release introduces support for IPsec VPN. This IPsec VPN implementation allows small to large enterprises and enterprise branch offices to deploy a high-performance, robust, integrated routing and security solution for site-to-site secure communications. Vyatta’s implementation employs standard cryptographic and hash algorithms and is interoperable with other standards-based IPsec VPN products. • Bug fixes. A number of issues have been resolved with Release 2.0. A summary list of these is provided in the “Resolved Issues” section, which begins on page H2. Behavior Changes There are no behavior changes in this release. Upgrade Notes Release 1.1.2 can be upgraded to Release 2.0 using an ordinary package upgrade. Release 2.0 configuration files are not compatible with configuration files from Release 1.0.3 and earlier. Therefore, existing configurations from Release 1.0.x must be migrated to the new release. Users are strongly urged to consult the Release 2.0 upgrade procedure available in the Subscription Knowledge Base located on the Vyatta Customer Care Center web site (http://www2.vyatta.com/support) for instructions on how to most easily migrate existing Release 1.0.x configurations to Release 2.0. /..1 VYATTA,
    [Show full text]
  • Open Source Software for Routing a Look at the Status of Open Source Software for Routing
    APNIC 34 Open Source Software for Routing A look at the status of Open Source Software for Routing Martin Winter OpenSourceRouting.org 1 Who is OpenSourceRouting Quick Overview of what we do and who we are www.opensourcerouting.org ‣ Started late summer 2011 ‣ Focus on improving Quagga ‣ Funded by Companies who like an Open Source Alternative ‣ Non-Profit Organization • Part of ISC (Internet System Consortium) 2 Important reminder: Quagga/Bird/… are not complete routers. They are only the Route Engine. You still need a forwarding plane 3 Why look at Open Source for routing, Why now? Reasons for Open Source Software in Routing 1 Popular Open Source Software Overview of Bird, Quagga, OpenBGPd, Xorp 2 Current Status of Quagga Details on where to consider Quagga, where to avoid it 3 What Open Source Routing is doing What we (OpenSourceRouting.org) do on Quagga 4 How you can help Open Source needs your help. And it will help you. 5 4 Reasons why the time is NOW A few reasons to at least start thinking about Open Source Could be much cheaper. You don’t need all the Money features and all the specialized hardware everywhere. All the current buzzwords. And most of it started SDN, with Open Source – and is designed for it. Does Cloud, .. your vendor provide you with the features for new requirements in time? Your Missing a feature? Need a special feature to distinguish from the competition? You have access Features to the source code. Not just one company is setting the schedule on Support what the fix and when you get the software fix.
    [Show full text]