Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Congestion Control and Firewall

    Enviado por

    XXX
    151 visualizações33 páginas

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    PPT, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    151 visualizações33 páginas

    Congestion Control and Firewall

    Enviado por

    XXX

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 33

    Congestion and Congestion

    Control

    1
    Congestion
    • Congestion : two or more nodes would
    simultaneously try to transmit packets
    to one node, there is a high probability
    that the number of packets would
    exceed the packet handling Capacity of
    network

    • Congestion control : Process of


    maintaining the number of packets in
    a network below a certain level.
    2
    Congestion

    3
    Causes of Congestion
    • Finite queue Length.
    • Slow processor speed.
    • Limited bandwidth.
    • Limitation of Link capability.
    • Non-uniformity of arrival of packets.

    4
    Principles of Congestion Control
    • Open Loop
    • Attempt to solve the problem by good
    design but does not works at run time.

    • Closed Loop
    • Based on the principle of feedback loop.
    Monitor the system to detect when and
    where the congestion occurs, adjust the
    system operation to correct the
    problem.
    5
    Congestion Control Methods

    1. Warning Bit
    2. Choke packets
    3. Load Shedding
    4. Jitter control
    5. Overprovision
    6. Buffering
    7. Traffic Shaping
    8. Resource Allocation
    9. Packet Scheduling
    6
    1. Warning Bit
    • Special bit in the packet header is set by
    the router to warn the source when the
    congestion is detected.

    • This bit is send to the sender in the ACK.

    • Sender monitors the number of ACK


    packets it receives with the warning bit
    set and adjust its transmission rate
    accordingly.
    7
    2. Choke Packets
    • Router sends the choke packet back to
    the source in alarming situation.

    • Choke Packets contains destination


    address, so the source will not generate
    any more packets along the path.

    8
    2. Choke Packets

    9
    3. Load Shedding
    • Random Early Detection (RED) is a
    proactive approach in which router
    discards packets before the buffer
    becomes completely full.

    • Each time a packet comes, it computes


    the average queue length. If it is greater
    than upper threshold, congestion is
    assumed to be serious and the packet
    is discarded.
    10
    Jitter Control
    • Jitter is a variation in delay for packets
    belonging to the same flow.

    11
    4. Jitter Control
    • Jitter is a variation in delay for packets
    belonging to the same flow.

    • Router checks the arriving packets to see


    how much the packet is behind and
    ahead of the schedule. This information is
    stored in the packet and updated on each
    hop.

    • If packet is ahead of the schedule, it is


    held and if it is a behind schedule, router
    tries to get it out the door quickly. 12
    Quality of Service

    13
    Methods

    • Overprovision
    • Buffering
    • Traffic Shaping
    • Leaky Bucket Algorithm
    • Token Bucket Algorithm
    • Resource Reservation
    • Packet Scheduling

    14
    5. Overprovision

    • Over provisioning of
    • Router capacity
    • Buffer space
    • Bandwidth.

    • Very Expensive

    15
    6. Buffering

    • Wait until buffer becomes full and


    Smoothen the output stream.
    16
    7. Traffic Shaping

    • Smooth out the traffic on the server


    rather on the client side.

    • Two algorithms
    • Leaky Bucket Algorithm
    • Token Bucket Algorithm

    17
    7A. Leaky Bucket Algorithm

    18
    7B. Token Bucket Algorithm

    19
    Difference
    • LB discards packets while TB discards
    tokens.

    • In LB, a packet can be transmitted if the


    bucket is not full. In TB, A packet can only
    be transmitted of there are enough tokens to
    cover its length in bytes.

    • LB sends the packets at an average rate and


    TB It allows for large bursts to be sent faster
    by speeding up the output. 20
    8. Resource Reservation

    • Once the route is fixed, all resources


    are allocated to that route.

    • Three types of resource are reserved:


    • Bandwidth
    • Buffer space
    • CPU cycles

    21
    9. Packet Scheduling

    22
    Firewall

    23
    Firewall

    • Packet Filter
    • Application Level Firewalls
    • Circuit Level Firewalls

    24
    Firewall
    • A firewall examines all traffic routed
    between the two networks to see if it
    meets certain criteria (as defined by local
    security policy). If it does, it is routed
    between the networks otherwise it is
    blocked.

    • It may be hardware device or software


    program running on secure host
    computer. They can be a part of router.
    25
    Firewall
    • A firewall will be kept at junction point or
    gateway between the two networks.

    • Firewall can also manage public access to


    private networked resources such as host
    applications.

    • Firewall technology generally falls into two


    classes : Network level and application
    level.
    26
    Types of Firewall
    • Packet Filters.
    • Application level firewalls.
    • Circuit level firewalls.

    27
    1. Packet Filters
    • Each packet is compared to a set of
    criteria before it if forwarded. Criteria
    includes Source and destination IP
    address, port numbers and protocol used
    and TCP ACK flag.

    • Packet filters extracts the information it


    needs from the packet header and all
    rules are checked one after another.

    28
    1. Packet Filters
    • Router with packet filtering capability is
    called as Screening Router.

    • Such routers has two modules –


    Inspection module which checks the
    header information and State evaluation
    module which checks ACK flag.

    29
    1. Packet Filters
    • Advantages
    • Low cost
    • Low impact on network performance.

    • Disadvantages
    • They cannot hide the network topology.
    • Can not support all Internet applications.
    • Vulnerable to attacks at protocol higher
    than the network layer protocol.
    30
    2. Application level Firewalls
    • These are also known as proxies and they
    are application specific. They can filter the
    packets at the application layer.

    • The user contacts the gateway using a


    TCP/IP application such as telnet or FTP
    and gateway asks the user for the name of
    the remote host to be accessed.

    31
    2. Application level firewalls
    • When the user responds and provides a valid
    user ID and authentication information, the
    gateways contacts the application on the
    remote host and relays TCP segments
    containing the application data between two
    endpoints.

    • These are more secure than packet filters.


    They are easy to configure and can hide
    private network topology. It also supports
    user level authentication.

    32
    3. Circuit level firewalls
    • They works at the session layer.
    Information passed to the remote
    computer through a circuit level gateway
    appears to have originated from the
    gateway.

    • These are relatively inexpensive and have


    the advantage of hiding information about
    the private network they protect.

    33

    Você também pode gostar