TCP/IP Performance over Wireless Networks

Transcription

1 TP ongestion ontrol (2) hapter 6 n example of the congestion algorithm. TP/IP Performance over Wireless Networks Objectives ontents Gain a high-level overview of the most widely used wireless networks Understand how characteristics of wireless links adversely impact TP performance Learn techniques to enhance TP/IP performance over wireless networks Wireless networks TP performance issues over wireless links Improve TP performance over wireless links Evolution of wireless systems Generic characteristics of Wireless Networks Wireless Networks Similar propagation delay as wireline networks High error rate Interference tmospheric condition Multipath fading 1

2 Wireless LN (WLN) WLN (ont.) Wireless link layer Operate at 900 MHz/2.4 GHz/5 GHz band Ethernet connectivity to higher layers Same header Same checksum Same frame size M employs SM No ollision Detection (D) Loss/error recovery left to higher layers Interconnection with wired networks Through a router equipped with both wired and wireless interfaces Through a transparent bridge Examples of WLN Examples of WLN (ont.) Lucent s WaveLan 900 MHz or 2.4 GHz 2 Mbps SM/ IEEE n enhancement over WaveLan G Optional K G WLN coordination (master host) 1 or 2 Mbps IEEE a Operate a 5 GHz band it rate: between 6 and 54 Mbps IEEE b Operate a 2.4 GHz band it rate: 5.5/11 Mbps ellular ommunications () Networks First generation (e.g. MPS) nalog Second generation Digital Modest bit rate ircuit-switched Employed TDM/DM for medium control Networks (ont.) Higher transmission and propagation delays, compared with WLN FE added to each frame Interleaving (of frames) implemented 2

3 Networks (ont.) Examples of Systems Interconnected to other networks using Interworking Function (IWF) Fig. 6.1 GSM Data rate: 9.6 Kbps 240 bits RQ (selective repeat) Variable throughput and delay IS-136 Data rate: 9.6 Kbps dvanced RQ (256 bits) Examples of Systems (ont.) IS-95 (DM) Data rate: 8.6 Kbps 172 bits RQ Negative K Trade reliability for limited delay variance TP Performance over Wireless TP Performance Issues TP Performance Issues (ont.) Inappropriate reduction of congestion window TP backs off upon detection of packet loss Wireless transmission errors not related to network congestion Severe degradation in TP throughput Throughput loss WLN Frame Error Rate (FER) 22% reduction in WaveLan systems Increased processing delay due to interleaving Widely varying RTT Disruptions caused by link resets 3

4 TP Enhancement Schemes Improving TP Performance Splitting TP onnections Split TP connections at wireless gateways Reduce TP end-to-end path Significant processing overhead Wireless TP and UDP Splitting a TP connection into two connections. TP Enhancement Schemes (cont.) Snooping TP at S etter than split TP onfine retransmission to wireless paths only Fig. 6.4 TP Enhancement Schemes (ont.) omparison Notifying the causes of packet loss Explicit Loss Notification (ELN) Work well together with Snoop TP dding selective K to TP SK ombat multiple losses in one RTT Things need to consider when assess TP enhancement schemes End-to-end semantics IP payload access Wireless gateway overhead Ease of deployment Table 6.4 4

5 Evolution of Wireless Systems Evolution of Wireless Systems Trends in systems Support high bit rate data service G HSSD G GPRS G EDGE Third generation systems G UMTS G 3G Trends in WLN TP/IP over Heterogeneous Wireless Systems Provide high speeds Support mobility between adjacent networks Develop more efficient M protocols Personal rea Network (PN) luetooth LMDS hallenges Multiple systems co-exist Direct interoperability between different wireless systems Hierarchical cellular systems Research projects Multi-Service Link Layer (MSLL) Wireless Network (WINE) Wireless daptation Layer (WL) Firewalls Firewalls: Why? firewall isolates organisation s internal net from larger, allowing some packets to pass, blocking others. administered network firewall public prevent denial of service attacks: flooding: attacker establishes many bogus TP connections, no resources left for real connections. prevent illegal modification/access of internal data. e.g., attacker replaces I s homepage with something else allow only authorized access to inside network (set of authenticated users/hosts) two types of firewalls: application-level packet-filtering 5

6 Packet Filtering Should arriving packet be allowed in? Departing packet let out? internal network connected to via router firewall router filters packet-by-packet, decision to forward/drop packet based on: source IP address, destination IP address TP/UDP source and destination port numbers IMP message type TP and K bits Packet Filtering: Examples Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23. ll incoming and outgoing UDP flows and telnet connections are blocked. Example 2: lock inbound TP segments with K=0. Prevents external clients from making TP connections with internal clients, but allows internal clients to connect to outside. Filters packets on application data as well as on IP/TP/UDP fields. Example: allow select internal users to telnet outside. pplication gateways host-to-gateway telnet session application gateway gateway-to-remote host telnet session router and filter 1. Require all telnet users to telnet through gateway. 2. For authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections 3. Router filter blocks all telnet connections not originating from gateway. IP spoofing: router can t know if data really comes from claimed source if multiple apps. need special treatment, each has own app. gateway. client software must know how to contact gateway. e.g., must set IP address of proxy in Web browser Limitations of firewalls and gateways filters often use all or nothing policy for UDP. tradeoff: degree of communication with outside world, level of security many highly protected sites still suffer from attacks. Mapping: before attacking: case the joint find out what services are implemented on network Use ping to determine what hosts have addresses on network Port-scanning: try to establish TP connection to each port in sequence (see what happens) nmap ( mapper: network exploration and security auditing Mapping: countermeasures record traffic entering network look for suspicious activity (IP addresses, ports being scanned sequentially) ountermeasures? 6

7 Packet sniffing: broadcast media promiscuous NI reads all packets passing by can read all unencrypted data (e.g. passwords) e.g.: sniffs s packets Packet sniffing: countermeasures all hosts in organisation run software that checks periodically if host interface in promiscuous mode. one host per segment of broadcast media (switched Ethernet at hub) src: dest: payload src: dest: payload ountermeasures? IP Spoofing: can generate raw IP packets directly from application, putting any value into IP source address field receiver can t tell if source is spoofed e.g.: pretends to be IP Spoofing: countermeasures ingress filtering G routers should not forward outgoing packets with invalid source addresses (e.g., datagram source address not in router s network) G great, but ingress filtering can not be mandated for all networks src: dest: payload src: dest: payload ountermeasures? Denial of service (DOS): flood of maliciously generated packets swamp receiver Distributed DOS (DDOS): multiple coordinated sources swamp receiver e.g., and remote host -attack Denial of service (DOS): countermeasures filter out flooded packets (e.g., ) before reaching host: throw out good with bad traceback to source of floods (most likely an innocent, compromised machine) ountermeasures? 7

8 Social Issues nonymous R ers Privacy Freedom of Speech opyright Users who wish anonymity chain requests through multiple anonymous r ers. Freedom of Speech Possibly banned material: 1. Material inappropriate for children or teenagers. 2. Hate aimed at various ethnic, religious, sexual, or other groups. 3. Information about democracy and democratic values. 4. ccounts of historical events contradicting the government's version. 5. Manuals for picking locks, building weapons, encrypting messages, etc. (a) Three zebras and a tree. (b) Three zebras, a tree, and the complete text of five plays by William Shakespeare. Steganography 8