TCP/IP Over Satellite Yi Zhang G Throughput Limitation of Satellite Communications
|
|
- Melina Henderson
- 7 years ago
- Views:
Transcription
1 TCP/IP Over Satellite Yi Zhang G Introduction Satellite communications have numerous advantages over terrestrial data connections including mobility, network topology, and the anywhere and everywhere benefit of global coverage. These advantages come at the price of increased data transit times and low security level. There are two problems in particular handicap satellite links for data applications [1]: Throughput limitation. TCP senders cannot exceed the rate at which the receiver can acknowledge receipt of packets--satellite latency effectively caps standard TCP throughput per session (RFC-793). Security. Transmissions from satellites are available to anyone with a suitable receiver. Separate solutions for each problem have been available for years. Manipulation of TCP header fields with a Performance Enhancing Proxy (PEP) server can fool the end points into increasing the throughput on a satellite connection. Encryption of the data defeats interceptions off the air. However, standard IPsec encryption of the IP packet hides the fields in the TCP header and so prevents an acceleration proxy from changing them. Therefore, an end user had to make a choice and compromise on what is more important, throughput or security. This paper will discuss these two problems in details and give solutions for each problem. 2. Throughput Limitation of Satellite Communications Throughput is not a problem with one-way transmissions, such as media broadcasting, for which the only limit is the capacity of the transponder or relay equipment in the satellite. The sender can transmit at the maximum circuit capacity 100% of the time because: The circuit is dedicated and fully available, There is no need to acknowledge data or correct errors, and The receiver applies no "back pressure" to limit throughput. Transmission Control Protocol (TCP), was designed for entirely different conditions: Low network latency, Maximize bandwidth utilization, Error detection and correction and Congestion avoidance and recovery via flow control mechanism.
2 2.1. Latency[2] The large latency associated with satellite communications originates in the 125 ms required for data packets to travel at the speed of light from the earth s surface to any one of the communication satellites positioned over the equator. This implies a minimum round trip time (RTT) (up and down and back again) between the source and destination of a data session of at least 500 ms, as shown in Figure 1.[2] Unfortunately, as mentioned above, neither client server applications nor the TCP protocols are designed to accommodate these high latencies. Most applications are written without regard for network latency, i.e. as though the client and the server are connected over a high speed Local Area Network (LAN). The TCP protocol was designed for use on terrestrial networks where latencies seldom exceed 250 ms to travel around the world over copper or fiber circuits Slow Start[3] Figure 1Total Round Trip Time using Broadband satellite [2] Note in Figure 2 the TCP header fields called Sequence Number, Acknowledgment Number, and Window. These fields control data flow between two TCP devices, A and B. Also, they are used to implement sliding window scheme that ensures an effective flow control between the end points. Figure 2 TCP header portion
3 TCP senders may transmit all the bytes in the window value. This allows packets to be burst onto the satellite channel in groups. When the window is exausted, the sender must stop until it receives another Acknowledgment Number (with a Window size). In this way, each side of a TCP connection controls the rate at which it receives data; it applies backpressure by reducing its window. A complicating issue with TCP is its flow control mechanism, which misinterprets the long delay from long trips through the atmosphere as evidence of a congested network or packet loss and will not increase the rate at which it sends packets, even though there is no actual congestion or packet loss across the satellite link. More specifically, TCP assumes that all loss and delay are caused by network congestion. As a result, it cuts back the transmission rate by reducing the Window size, and then slowly ramps the send rate back up. Based on following formula [5] the throughput will keep low since the small window size. max window size throughput = RTT 3. TCP Acceleration for Satellite Links: Since TCP is the standard for data communications worldwide over the Internet, satellite operators have developed technologies to make TCP sessions perform better by minimizing the effects of high latency intrinsic to satellite links, which often termed as TCP Acceleration. There are a number of different forms of TCP acceleration. One of most widely used is Performance Enhancing Proxies (PEPs), which all have one important common feature. All PEPs involve techniques that change the TCP header data before and after the satellite link to hide the high latency of the satellite link from the TCP session. One of the techniques using PEP is called TCP spoofing. It will be discussed in details in following section TCP spoofing.[2] TCP spoofing is one PEP technique that imitates a terrestrial TCP session by sending false TCP packet acknowledgements, which broke the TCP session into segments [4] (see Figure 3). The satellite modem can contain the spoofing software or an additional device can be deployed at the remote site and at the satellite carrier s Network Operations Center (NOC) (see Figure 1). The spoofing device acknowledges receipt of the data packet locally (from the sender) as if it were the receiver and the TCP session proceeds as though it was occurring just across the LAN, i.e. the TCP flow control mechanism sends packets at the maximum rate supported by the LAN connection. On the other side of the satellite link, the spoofing device/software suppresses the real acknowledgments from the actual receiver. The spoofing devices/software contain storage buffers to allow the transmission of data across the satellite links and deal with lost packets/re-transmissions between the two spoofing points, since the actual sender and receiver think the session is always fine. Other PEP techniques include adjusting packet size, data rates and other TCP parameters
4 to more closely match the characteristics of the satellite carrier protocols. In all cases, values are changed in each TCP packet header in both TCP-PEP devices.[2] Figure 3 TCP Spoofing [4] 4. Security Issue with Satellite Communications Data security concerns have imposed certain criteria for enterprise Wide Area Networks. Virtual Private Networks (VPNs) have become standard requirement for companies using the public Internet to connect their remote sites to the headquarters. [2] 4.1. VPNs VPNs encrypt a company s data traffic when traveling over the public Internet so that the data streams cannot be easily intercepted and viewed. VPNs also authenticate the data to ensure it has not been altered while in transit across the Internet. A VPN between two sites constitutes a private connection (across a public network) through which data can securely pass between hosts at the two sites. VPNs operate in two modes [2], as shown in Figure 4, tunnel and transport. When a data packet enters into a tunnel mode VPN connection, the whole data packet (TCP header and payload) is encrypted and given a new header, thereby the original packet becomes the encrypted payload of a new VPN tunnel packet. In transport mode, only the payload of the original data packet is encrypted; the original TCP packet header becomes the new header and remains unencrypted. Transport mode is fundamentally less secure than tunnel mode because the data header of the original packet is still used, i.e. the source and destination IP addresses of the two hosts are still used, and all the TCP session data remains in clear text in the header when traveling over the Internet.
5 Figure 4 VPN Tunnel Mode vs. VPN Transport Mode Tunnel mode VPNs have become the corporate security standard because of the superior security features [2]. By completely concealing (through encryption) the original data packet header and payload, the packet is impervious to the man in the middle attacks used to intercept, record and retransmit TCP sessions as the packets traverse the public Internet. With the header of the original data packet fully encrypted, no information can be obtained about the original TCP session running between the client and server. In transport mode, only the original payload is encrypted and the header is left unencrypted and subject to the prying eyes of a would be attacker. As such, transport mode VPNs are seldom used because they do not meet companies security criteria for modern wide area networks Problems with VPNs and TCP Acceleration Although these TCP acceleration methods all sound good to improve TCP data rates over satellite, there are problems when you trying to use VPNs and TCP acceleration together [1]. Recall how all the TCP acceleration technologies rely on altering the TCP header of each data packet. Herein lies the problem when combining TCP acceleration and VPNs to deliver secure, high performance data communications over satellite. The conflict arises in the TCP session data in the original packet header. If the data packet enters a VPN in tunnel mode before the TCP acceleration takes place, then two problems arise [2]. First, the original TCP packet is completely encrypted (header and payload) and so the session header data is unavailable to be altered by acceleration. Second, applying TCP acceleration methods to VPN packets would alter the VPN header and/or spoof the VPN acknowledgements and violate the authentication safeguards which require the VPN packet (and headers) remain unchanged in transit between VPN endpoints. The only alternative is to reduce the level of VPN security by utilizing transport mode and leaving the packet headers unencrypted. Even then, some forms of TCP acceleration and VPN transport mode both attempt to alter certain values in the TCP packet header and may not function together at all [2] (Figure 5).
6 In this paper, two methods are given to solve this conflict. One is TCP optimization and another alternative way is that simply accelerate TCP packet before encrypting. Figure 5 Conflicts Between VPNs and TCP Acceleration in the Satellite Modem 4.3. TCP Optimization: TCP Optimization changes the parameters of transmission to match the operating system of the processor and the type of network connection. These parameters include: window size and path MTU etc. The following sections will discuss these parameters in details Window Size [5] Even if the network has a high bandwidth and the receiver has a large buffer, the throughput achieved by TCP is limited by: throughput = max window size RTT This follows since a TCP source cannot send more than the window size of packets in an RTT time. Using the standard maximum TCP window of 64Kbytes (coded on 16 bits) and a satellite link of RTT 560ms, this limits the throughput to 117 Kbytes/s. To send at higher rates, a window scale option has been added to TCP. It consists in multiplying the old window field by a scale factor coded on 14 bits. This lets TCP use larger windows, up to 2 30 Bytes Path MTU measurement. [6] To reduce the overhead due to the packet header, a large number of data bytes must be sent in a TCP segment. However, large packets will be fragmented if they encounter a network with small MTU (Maximum Transfer Unit) which increases considerably the overhead. This method lets TCP detect the largest packet that can cross the Internet without incurring the cost of fragmentation and reassembly. Also, because
7 the TCP sender increases its window by segments, using large packets yields a faster growth of the throughput. There are also other parameters like initial window size and buffer size [7]. However, one thing need to mention is that there is no single definitive source of this information as any changes that can be made will depend upon the users local environment. Some information is provided by Microsoft[8], Speedguide[9], IETF[10] Accelerating before encrypting[11] Another alternative for improving VPN performance over satellite requires the full encryption of the TCP data stream so that both data and protocol headers are secure. This is particularly important in cases where an enterprise has a predefined technology choice (such as IPSec), vendor procurement or security policy that requires the highest level of VPN security possible. The method used here is to accelerate the TCP before passing the data stream on into the IP layer for encryption. See Figure 6. Figure 6 Accelerating before Encrypting This solution comprises an acceleration or PEP that is operated by the user, rather than embedded within the hub. Again, There are many providers of this technology, some implement a client/server pair as software and hardware, others implement a hardware gateway pair; the solution chosen depends upon the configuration required at the remote site (single PC or LAN). 5. Conclusions: Due to the nature of TCP transmissions, any performance increases achieved by the various acceleration methods are offset by serious compromises in data security. Fundamental incompatibilities arise when one attempts to operate conventional VPN devices over satellite links, due to the nature of TCP acceleration techniques commonly used for broadband satellite connections. VPNs may not function at all, security is compromised through the use of transport mode VPNs, and/or the lack of TCP acceleration can degrade application performance over satellite links so as to be unusable.
8 6. Reference [1] High Performance VPN Solutions Over Satellite Networks, [2] TCP/IP over Satellite: Optimization vs. Acceleration, Todd J. Anderson, PhD, End II End Communications, Inc.-White Paper [3] TCP/IP Performance over Satellite Links, Craig Partridge and Timothy J. Shepard. [4] Cisco Accelerated Internet over Satellite Solution, [5] V. Jacobson, R. Braden, and D. Borman, TCP Extensions for High Performance, May 1992, RFC [6] M. Allman and D. Glover, Enhancing TCP over satellite channels using standard mechanisms, Technical report, NASA Lewis, 1998 [7] TCP/IP Over Satellite, Marc Emmelmann, [8] Speedguide, [9] Microsoft, [10] IETF, [11] Using VPN (Virtual Private Networks) over Satellite,
High Performance VPN Solutions Over Satellite Networks
High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have
More informationVPN over Satellite A comparison of approaches by Richard McKinney and Russell Lambert
Sales & Engineering 3500 Virginia Beach Blvd Virginia Beach, VA 23452 800.853.0434 Ground Operations 1520 S. Arlington Road Akron, OH 44306 800.268.8653 VPN over Satellite A comparison of approaches by
More informationApplication Note. Windows 2000/XP TCP Tuning for High Bandwidth Networks. mguard smart mguard PCI mguard blade
Application Note Windows 2000/XP TCP Tuning for High Bandwidth Networks mguard smart mguard PCI mguard blade mguard industrial mguard delta Innominate Security Technologies AG Albert-Einstein-Str. 14 12489
More informationUsing Application Layer Technology to Overcome the Impact of Satellite Circuit Latency on VPN Performance
Using Application Layer Technology to Overcome the Impact of Satellite Circuit Latency on VPN Performance Ground Control February 2003 Abstract This paper explains the source of severe throughput degradation
More informationVPN. Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu
VPN Date: 4/15/2004 By: Heena Patel Email:hpatel4@stevens-tech.edu What is VPN? A VPN (virtual private network) is a private data network that uses public telecommunicating infrastructure (Internet), maintaining
More informationTechnical papers Virtual private networks
Technical papers Virtual private networks This document has now been archived Virtual private networks Contents Introduction What is a VPN? What does the term virtual private network really mean? What
More informationHigh Speed Internet Access Using Satellite-Based DVB Networks
High Speed Internet Access Using Satellite-Based DVB Networks Nihal K. G. Samaraweera and Godred Fairhurst Electronics Research Group, Department of Engineering University of Aberdeen, Aberdeen, AB24 3UE,
More informationImproving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008
Improving Effective WAN Throughput for Large Data Flows By Peter Sevcik and Rebecca Wetzel November 2008 When you buy a broadband Wide Area Network (WAN) you want to put the entire bandwidth capacity to
More informationFrequently Asked Questions
Frequently Asked Questions 1. Q: What is the Network Data Tunnel? A: Network Data Tunnel (NDT) is a software-based solution that accelerates data transfer in point-to-point or point-to-multipoint network
More informationThe BANDIT Products in Virtual Private Networks
encor! enetworks TM Version A.1, March 2010 2010 Encore Networks, Inc. All rights reserved. The BANDIT Products in Virtual Private Networks One of the principal features of the BANDIT products is their
More informationImplementing VoIP support in a VSAT network based on SoftSwitch integration
Implementing VoIP support in a VSAT network based on SoftSwitch integration Abstract Satellite communications based on geo-synchronous satellites are characterized by a large delay, and high cost of resources.
More informationWAN Data Link Protocols
WAN Data Link Protocols In addition to Physical layer devices, WANs require Data Link layer protocols to establish the link across the communication line from the sending to the receiving device. 1 Data
More informationMLPPP Deployment Using the PA-MC-T3-EC and PA-MC-2T3-EC
MLPPP Deployment Using the PA-MC-T3-EC and PA-MC-2T3-EC Overview Summary The new enhanced-capability port adapters are targeted to replace the following Cisco port adapters: 1-port T3 Serial Port Adapter
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationTCP and Wireless Networks Classical Approaches Optimizations TCP for 2.5G/3G Systems. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme
Chapter 2 Technical Basics: Layer 1 Methods for Medium Access: Layer 2 Chapter 3 Wireless Networks: Bluetooth, WLAN, WirelessMAN, WirelessWAN Mobile Networks: GSM, GPRS, UMTS Chapter 4 Mobility on the
More informationGuide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols
Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various
More informationBandwidth Aggregation, Teaming and Bonding
Bandwidth Aggregation, Teaming and Bonding The increased use of Internet sharing combined with graphically rich web sites and multimedia applications have created a virtually insatiable demand for Internet
More informationTransport Layer Protocols
Transport Layer Protocols Version. Transport layer performs two main tasks for the application layer by using the network layer. It provides end to end communication between two applications, and implements
More informationProtocols and Architecture. Protocol Architecture.
Protocols and Architecture Protocol Architecture. Layered structure of hardware and software to support exchange of data between systems/distributed applications Set of rules for transmission of data between
More informationMobile Communications Chapter 9: Mobile Transport Layer
Mobile Communications Chapter 9: Mobile Transport Layer Motivation TCP-mechanisms Classical approaches Indirect TCP Snooping TCP Mobile TCP PEPs in general Additional optimizations Fast retransmit/recovery
More informationReadyNAS Remote White Paper. NETGEAR May 2010
ReadyNAS Remote White Paper NETGEAR May 2010 Table of Contents Overview... 3 Architecture... 3 Security... 4 Remote Firewall... 5 Performance... 5 Overview ReadyNAS Remote is a software application that
More informationKey Components of WAN Optimization Controller Functionality
Key Components of WAN Optimization Controller Functionality Introduction and Goals One of the key challenges facing IT organizations relative to application and service delivery is ensuring that the applications
More informationCS268 Exam Solutions. 1) End-to-End (20 pts)
CS268 Exam Solutions General comments: ) If you would like a re-grade, submit in email a complete explanation of why your solution should be re-graded. Quote parts of your solution if necessary. In person
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationNETWORK SECURITY AND PERFORMANCE EVALUATION OF ML- IPsec OVER SATELLITE NETWORKS
NETWORK SECURITY AND PERFORMANCE EVALUATION OF ML- IPsec OVER SATELLITE NETWORKS Abstract Michele Luglio University of Rome Tor Vergata ph: +39 06 7259 7449 email: luglio@uniroma2.it Cesare Roseti University
More informationAccurate End-to-End Performance Management Using CA Application Delivery Analysis and Cisco Wide Area Application Services
White Paper Accurate End-to-End Performance Management Using CA Application Delivery Analysis and Cisco Wide Area Application Services What You Will Learn IT departments are increasingly relying on best-in-class
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationData Communication and Computer Network
1 Data communication principles, types and working principles of modems, Network principles, OSI model, functions of data link layer and network layer, networking components, communication protocols- X
More informationFrame Relay and Frame-Based ATM: A Comparison of Technologies
White Paper and -Based : A Comparison of Technologies Larry Greenstein Nuera Communications VP, Technology, Forum June 1995 June 27, 1995 i TABLE OF CONTENTS 1. PREFACE...1 2. INTRODUCTION...1 3. INTERWORKING
More informationCommunication Networks. MAP-TELE 2011/12 José Ruela
Communication Networks MAP-TELE 2011/12 José Ruela Network basic mechanisms Introduction to Communications Networks Communications networks Communications networks are used to transport information (data)
More informationHyperIP : VERITAS Replication Application Note
QuickTime and a Graphics decompressor are needed to see this picture. HyperIP : VERITAS Replication Application Note Introduction HyperIP is a Linux software application that quantifiably and measurably
More informationIP - The Internet Protocol
Orientation IP - The Internet Protocol IP (Internet Protocol) is a Network Layer Protocol. IP s current version is Version 4 (IPv4). It is specified in RFC 891. TCP UDP Transport Layer ICMP IP IGMP Network
More informationCCNA R&S: Introduction to Networks. Chapter 5: Ethernet
CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.
More informationQuestion: 3 When using Application Intelligence, Server Time may be defined as.
1 Network General - 1T6-521 Application Performance Analysis and Troubleshooting Question: 1 One component in an application turn is. A. Server response time B. Network process time C. Application response
More informationHow Virtual Private Networks Work
How Virtual Private Networks Work Document ID: 14106 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information What Makes a VPN? Analogy: Each LAN Is an IsLANd
More informationHOW PUBLIC INTERNET IS FINALLY READY FOR HD VIDEO BACKHAUL
White Paper HOW PUBLIC INTERNET IS FINALLY READY FOR HD VIDEO BACKHAUL EXPLORING THE CHALLENGES AND OPPORTUNITIES OF DELIVERING MORE CONTENT AT LESS COST Today s broadcasters are faced with an ever- present
More informationClearing the Way for VoIP
Gen2 Ventures White Paper Clearing the Way for VoIP An Alternative to Expensive WAN Upgrades Executive Overview Enterprises have traditionally maintained separate networks for their voice and data traffic.
More informationQuantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking
Quantifying the Performance Degradation of IPv6 for TCP in Windows and Linux Networking Burjiz Soorty School of Computing and Mathematical Sciences Auckland University of Technology Auckland, New Zealand
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationRemote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6
Remote Access VPNs Performance Comparison between Windows Server 2003 and Fedora Core 6 Ahmed A. Joha, Fathi Ben Shatwan, Majdi Ashibani The Higher Institute of Industry Misurata, Libya goha_99@yahoo.com
More informationWAN Performance Analysis A Study on the Impact of Windows 7
A Talari Networks White Paper WAN Performance Analysis A Study on the Impact of Windows 7 Test results demonstrating WAN performance changes due to upgrading to Windows 7 and the network architecture and
More informationWhat is a Firewall? Computer Security. Firewalls. What is a Firewall? What is a Firewall?
What is a Firewall? Computer Security Firewalls fire wall 1 : a wall constructed to prevent the spread of fire 2 usually firewall : a computer or computer software that prevents unauthorized access to
More informationPerformance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU
Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU Savita Shiwani Computer Science,Gyan Vihar University, Rajasthan, India G.N. Purohit AIM & ACT, Banasthali University, Banasthali,
More informationCOMP 3331/9331: Computer Networks and Applications. Lab Exercise 3: TCP and UDP (Solutions)
COMP 3331/9331: Computer Networks and Applications Lab Exercise 3: TCP and UDP (Solutions) AIM To investigate the behaviour of TCP and UDP in greater detail. EXPERIMENT 1: Understanding TCP Basics Tools
More informationSteelcape Product Overview and Functional Description
Steelcape Product Overview and Functional Description TABLE OF CONTENTS 1. General Overview 2. Applications/Uses 3. Key Features 4. Steelcape Components 5. Operations Overview: Typical Communications Session
More informationWe will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall
Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,
More informationENTERPRISE CONNECTIVITY
ENTERPRISE CONNECTIVITY IP Services for Business, Governmental & Non-Governmental Organizations The success of today s organizations and enterprises highly depends on reliable and secure connectivity.
More information21.4 Network Address Translation (NAT) 21.4.1 NAT concept
21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially
More informationChapter 2 - The TCP/IP and OSI Networking Models
Chapter 2 - The TCP/IP and OSI Networking Models TCP/IP : Transmission Control Protocol/Internet Protocol OSI : Open System Interconnection RFC Request for Comments TCP/IP Architecture Layers Application
More informationSAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG)
SAFE-T RSACCESS REPLACEMENT FOR MICROSOFT FOREFRONT UNIFIED ACCESS GATEWAY (UAG) A RSACCESS WHITE PAPER 1 Microsoft Forefront Unified Access Gateway Overview 2 Safe-T RSAccess Secure Front-end Overview
More informationProtocol Security Where?
IPsec: AH and ESP 1 Protocol Security Where? Application layer: (+) easy access to user credentials, extend without waiting for OS vendor, understand data; (-) design again and again; e.g., PGP, ssh, Kerberos
More informationTransmission Security (TRANSEC) in an IP-based VSAT Architecture. February 2011
Transmission Security (TRANSEC) in an IP-based VSAT Architecture February 2011 As the ability to monitor satellite transmissions grows more sophisticated, the need to implement increased levels of security
More informationRequirements of Voice in an IP Internetwork
Requirements of Voice in an IP Internetwork Real-Time Voice in a Best-Effort IP Internetwork This topic lists problems associated with implementation of real-time voice traffic in a best-effort IP internetwork.
More informationComputer Network. Interconnected collection of autonomous computers that are able to exchange information
Introduction Computer Network. Interconnected collection of autonomous computers that are able to exchange information No master/slave relationship between the computers in the network Data Communications.
More informationOvercoming the Performance Limitations of Conventional SSL VPN April 26, 2006
Overcoming the Performance Limitations of Conventional SSL VPN April 26, 2006 NeoAccel, Inc. 2055 Gateway Place, Suite 240 San Jose, CA 95110 Tel: +1 (408) 274 8000 Fax: +1 (408) 274 8044 Web: www.neoaccel.com
More informationGuideline for setting up a functional VPN
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
More informationAsynchronous Transfer Mode: ATM. ATM architecture. ATM: network or link layer? ATM Adaptation Layer (AAL)
Asynchrous Transfer Mode: architecture 1980s/1990 s standard for high-speed (155Mbps to 622 Mbps and higher) Broadband Integrated Service Digital Network architecture Goal: integrated, end-end transport
More informationIntegrating F5 Application Delivery Solutions with VMware View 4.5
APPLICATION READY SOLUTION GUIDE What s inside: 2 Improving user experience 2 Enhancing security and access control 3 Application Performance and Availability 4 F5 and global configuration diagram 5 More
More informationTHE IMPORTANCE OF TESTING TCP PERFORMANCE IN CARRIER ETHERNET NETWORKS
THE IMPORTANCE OF TESTING TCP PERFORMANCE IN CARRIER ETHERNET NETWORKS 159 APPLICATION NOTE Bruno Giguère, Member of Technical Staff, Transport & Datacom Business Unit, EXFO As end-users are migrating
More informationSCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005
SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems
More informationProtocol Data Units and Encapsulation
Chapter 2: Communicating over the 51 Protocol Units and Encapsulation For application data to travel uncorrupted from one host to another, header (or control data), which contains control and addressing
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More information2. What is the maximum value of each octet in an IP address? A. 128 B. 255 C. 256 D. None of the above
1. How many bits are in an IP address? A. 16 B. 32 C. 64 2. What is the maximum value of each octet in an IP address? A. 128 B. 255 C. 256 3. The network number plays what part in an IP address? A. It
More informationChapter 9. IP Secure
Chapter 9 IP Secure 1 Network architecture is usually explained as a stack of different layers. Figure 1 explains the OSI (Open System Interconnect) model stack and IP (Internet Protocol) model stack.
More informationMOBILITY AND MOBILE NETWORK OPTIMIZATION
MOBILITY AND MOBILE NETWORK OPTIMIZATION netmotionwireless.com Executive Summary Wireless networks exhibit uneven and unpredictable performance characteristics which, if not correctly managed, can turn
More informationThe Impact of QoS Changes towards Network Performance
International Journal of Computer Networks and Communications Security VOL. 3, NO. 2, FEBRUARY 2015, 48 53 Available online at: www.ijcncs.org E-ISSN 2308-9830 (Online) / ISSN 2410-0595 (Print) The Impact
More informationNETWORK LAYER/INTERNET PROTOCOLS
CHAPTER 3 NETWORK LAYER/INTERNET PROTOCOLS You will learn about the following in this chapter: IP operation, fields and functions ICMP messages and meanings Fragmentation and reassembly of datagrams IP
More informationInternet Working 5 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004
5 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004 1 43 Last lecture Lecture room hopefully all got the message lecture on tuesday and thursday same
More informationVPN Technologies: Definitions and Requirements
VPN Technologies: Definitions and Requirements 1. Introduction VPN Consortium, January 2003 This white paper describes the major technologies for virtual private networks (VPNs) used today on the Internet.
More informationComparing Mobile VPN Technologies WHITE PAPER
Comparing Mobile VPN Technologies WHITE PAPER Executive Summary Traditional approaches for encrypting data in transit such as IPSec and SSL are intended for wired networks with high speed, highly reliable
More informationWhat is Network Latency and Why Does It Matter?
What is Network Latency and Why Does It Matter? by O3b Networks This paper is presented by O3b Networks to provide clarity and understanding of a commonly misunderstood facet of data communications known
More information1.264 Lecture 37. Telecom: Enterprise networks, VPN
1.264 Lecture 37 Telecom: Enterprise networks, VPN 1 Enterprise networks Connections within enterprise External connections Remote offices Employees Customers Business partners, supply chain partners Patients
More informationCase Study for Layer 3 Authentication and Encryption
CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client
More informationOther VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer
Other VPNs TLS/SSL, PPTP, L2TP Advanced Computer Networks SS2005 Jürgen Häuselhofer Overview Introduction to VPNs Why using VPNs What are VPNs VPN technologies... TLS/SSL Layer 2 VPNs (PPTP, L2TP, L2TP/IPSec)
More informationAn Introduction to VoIP Protocols
An Introduction to VoIP Protocols www.netqos.com Voice over IP (VoIP) offers the vision of a converged network carrying multiple types of traffic (voice, video, and data, to name a few). To carry out this
More informationComputer Networks CS321
Computer Networks CS321 Dr. Ramana I.I.T Jodhpur Dr. Ramana ( I.I.T Jodhpur ) Computer Networks CS321 1 / 22 Outline of the Lectures 1 Introduction OSI Reference Model Internet Protocol Performance Metrics
More informationICS 153 Introduction to Computer Networks. Inst: Chris Davison cbdaviso@uci.edu
ICS 153 Introduction to Computer Networks Inst: Chris Davison cbdaviso@uci.edu 1 ICS 153 Introduction to Computer Networks Course Goals Understand the basic principles of computer networks Design Architecture
More informationLecture Objectives. Lecture 07 Mobile Networks: TCP in Wireless Networks. Agenda. TCP Flow Control. Flow Control Can Limit Throughput (1)
Lecture Objectives Wireless and Mobile Systems Design Lecture 07 Mobile Networks: TCP in Wireless Networks Describe TCP s flow control mechanism Describe operation of TCP Reno and TCP Vegas, including
More informationRARP: Reverse Address Resolution Protocol
SFWR 4C03: Computer Networks and Computer Security January 19-22 2004 Lecturer: Kartik Krishnan Lectures 7-9 RARP: Reverse Address Resolution Protocol When a system with a local disk is bootstrapped it
More informationTCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) Internet Protocol (IP)
TCP over Multi-hop Wireless Networks * Overview of Transmission Control Protocol / Internet Protocol (TCP/IP) *Slides adapted from a talk given by Nitin Vaidya. Wireless Computing and Network Systems Page
More informationNetwork Considerations for IP Video
Network Considerations for IP Video H.323 is an ITU standard for transmitting voice and video using Internet Protocol (IP). It differs from many other typical IP based applications in that it is a real-time
More informationSIP Forum Fax Over IP Task Group Problem Statement Version 1.0
SIP Forum Fax Over IP Task Group Problem Statement Version 1.0 T.38: Problems with the Transition While the T.38 protocol, approved by the ITU T in 1998, was designed to allow fax machines and computer
More informationVirtual Private Networks: IPSec vs. SSL
Virtual Private Networks: IPSec vs. SSL IPSec SSL Michael Daye Jr. Instructor: Dr. Lunsford ICTN 4040-001 April 16 th 2007 Virtual Private Networks: IPSec vs. SSL In today s society organizations and companies
More informationAn enhanced TCP mechanism Fast-TCP in IP networks with wireless links
Wireless Networks 6 (2000) 375 379 375 An enhanced TCP mechanism Fast-TCP in IP networks with wireless links Jian Ma a, Jussi Ruutu b and Jing Wu c a Nokia China R&D Center, No. 10, He Ping Li Dong Jie,
More informationCisco Application Networking for Citrix Presentation Server
Cisco Application Networking for Citrix Presentation Server Faster Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address
More informationCSE 3461 / 5461: Computer Networking & Internet Technologies
Autumn Semester 2014 CSE 3461 / 5461: Computer Networking & Internet Technologies Instructor: Prof. Kannan Srinivasan 08/28/2014 Announcement Drop before Friday evening! k. srinivasan Presentation A 2
More informationComponent 4: Introduction to Information and Computer Science
Component 4: Introduction to Information and Computer Science Unit 7: Networks & Networking Lecture 1 This material was developed by Oregon Health & Science University, funded by the Department of Health
More informationTCP Offload Engines. As network interconnect speeds advance to Gigabit. Introduction to
Introduction to TCP Offload Engines By implementing a TCP Offload Engine (TOE) in high-speed computing environments, administrators can help relieve network bottlenecks and improve application performance.
More informationVisualizations and Correlations in Troubleshooting
Visualizations and Correlations in Troubleshooting Kevin Burns Comcast kevin_burns@cable.comcast.com 1 Comcast Technology Groups Cable CMTS, Modem, Edge Services Backbone Transport, Routing Converged Regional
More informationSession Hijacking Exploiting TCP, UDP and HTTP Sessions
Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationProcedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address
Objectives University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab.4 Basic Network Operation and Troubleshooting 1. To become familiar
More informationAKAMAI WHITE PAPER. Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling
AKAMAI WHITE PAPER Delivering Dynamic Web Content in Cloud Computing Applications: HTTP resource download performance modelling Delivering Dynamic Web Content in Cloud Computing Applications 1 Overview
More informationThe Data Replication Bottleneck: Overcoming Out of Order and Lost Packets across the WAN
The Data Replication Bottleneck: Overcoming Out of Order and Lost Packets across the WAN By Jim Metzler, Cofounder, Webtorials Editorial/Analyst Division Background and Goal Many papers have been written
More informationAnalysis of TCP Performance Over Asymmetric Wireless Links
Virginia Tech ECPE 6504: Wireless Networks and Mobile Computing Analysis of TCP Performance Over Asymmetric Kaustubh S. Phanse (kphanse@vt.edu) Outline Project Goal Notions of Asymmetry in Wireless Networks
More informationFor the purpose of setting up a home network, all you need to worry about are two major categories of components:
Access Points, Routers, and Hubs In the first lesson, you learned about the world of wireless standards -- what frequencies are used, distances involved, and other general topics. In this lesson, you learn
More informationEncrypting Network Traffic
Encrypting Network Traffic Mark Lomas Computer Security Group University of Cambridge Computer Laboratory Encryption may be used to maintain the secrecy of information, to help detect when messages have
More informationVMWARE WHITE PAPER 1
1 VMWARE WHITE PAPER Introduction This paper outlines the considerations that affect network throughput. The paper examines the applications deployed on top of a virtual infrastructure and discusses the
More information