- •Contents
- •Preface to second edition
- •1 Introduction
- •1.2 Applying technology in an environment
- •1.3 The human role in systems
- •1.4 Ethical issues
- •1.7 Common practice and good practice
- •1.8 Bugs and emergent phenomena
- •1.10 Knowledge is a jigsaw puzzle
- •1.11 To the student
- •1.12 Some road-maps
- •2 System components
- •2.2 Handling hardware
- •2.3 Operating systems
- •2.4 Filesystems
- •2.5 Processes and job control
- •2.6 Networks
- •2.7 IPv4 networks
- •2.8 Address space in IPv4
- •2.9 IPv6 networks
- •3 Networked communities
- •3.1 Communities and enterprises
- •3.2 Policy blueprints
- •3.4 User behavior: socio-anthropology
- •3.5 Clients, servers and delegation
- •3.6 Host identities and name services
- •3.8 Local network orientation and analysis
- •4 Host management
- •4.1 Global view, local action
- •4.2 Physical considerations of server room
- •4.3 Computer startup and shutdown
- •4.5 Installing a Unix disk
- •4.6 Installation of the operating system
- •4.7 Software installation
- •4.8 Kernel customization
- •5 User management
- •5.1 Issues
- •5.2 User registration
- •5.3 Account policy
- •5.4 Login environment
- •5.5 User support services
- •5.6 Controlling user resources
- •5.7 Online user services
- •5.9 Ethical conduct of administrators and users
- •5.10 Computer usage policy
- •6 Models of network and system administration
- •6.5 Creating infrastructure
- •6.7 Competition, immunity and convergence
- •6.8 Policy and configuration automation
- •7.2 Methods: controlling causes and symptoms
- •7.4 Declarative languages
- •7.6 Common assumptions: clock synchronization
- •7.7 Human–computer job scheduling
- •7.9 Preventative host maintenance
- •7.10 SNMP tools
- •7.11 Cfengine
- •8 Diagnostics, fault and change management
- •8.1 Fault tolerance and propagation
- •8.2 Networks and small worlds
- •8.3 Causality and dependency
- •8.4 Defining the system
- •8.5 Faults
- •8.6 Cause trees
- •8.7 Probabilistic fault trees
- •8.9 Game-theoretical strategy selection
- •8.10 Monitoring
- •8.12 Principles of quality assurance
- •9 Application-level services
- •9.1 Application-level services
- •9.2 Proxies and agents
- •9.3 Installing a new service
- •9.4 Summoning daemons
- •9.5 Setting up the DNS nameservice
- •9.7 E-mail configuration
- •9.8 OpenLDAP directory service
- •9.10 Samba
- •9.11 The printer service
- •9.12 Java web and enterprise services
- •10 Network-level services
- •10.1 The Internet
- •10.2 A recap of networking concepts
- •10.3 Getting traffic to its destination
- •10.4 Alternative network transport technologies
- •10.5 Alternative network connection technologies
- •10.6 IP routing and forwarding
- •10.7 Multi-Protocol Label Switching (MPLS)
- •10.8 Quality of Service
- •10.9 Competition or cooperation for service?
- •10.10 Service Level Agreements
- •11 Principles of security
- •11.1 Four independent issues
- •11.2 Physical security
- •11.3 Trust relationships
- •11.7 Preventing and minimizing failure modes
- •12 Security implementation
- •12.2 The recovery plan
- •12.3 Data integrity and protection
- •12.5 Analyzing network security
- •12.6 VPNs: secure shell and FreeS/WAN
- •12.7 Role-based security and capabilities
- •12.8 WWW security
- •12.9 IPSec – secure IP
- •12.10 Ordered access control and policy conflicts
- •12.11 IP filtering for firewalls
- •12.12 Firewalls
- •12.13 Intrusion detection and forensics
- •13 Analytical system administration
- •13.1 Science vs technology
- •13.2 Studying complex systems
- •13.3 The purpose of observation
- •13.5 Evaluating a hierarchical system
- •13.6 Deterministic and stochastic behavior
- •13.7 Observational errors
- •13.8 Strategic analyses
- •13.9 Summary
- •14 Summary and outlook
- •14.3 Pervasive computing
- •B.1 Make
- •B.2 Perl
- •Bibliography
- •Index
10.4. ALTERNATIVE NETWORK TRANSPORT TECHNOLOGIES |
397 |
Labels, or virtual circuit identifiers, are used by the switches to forward traffic along dedicated multiplexed channels. This technology is widely used in backbone networks, where routing is simple, but speed is of the essence. These interlinked switches are often represented as a ‘network cloud’ at the IP layer, concealing the details of transport that doesn’t entirely fit the IP model.
10.4 Alternative network transport technologies
10.4.1Medium sharing
There are two main strategies for sharing media.
•Deterministic sharing: every host is given a predictable chance to send data at a basic minimum rate, e.g. token rings. This concept is easy to predict and sell, and so has often been adopted in commercial technologies.
•Non-deterministic sharing: any host has only a finite chance of being able to send a message – there is no minimum rate, e.g. Ethernet. This method uses the assumption that most LANs are only lightly loaded, so that the probability of transmission is usually high.
These are reflected in the prevalent technologies and each has its usage. Being somewhat simplistic, one might say that well below capacity non-deterministic sharing is the most efficient way of sharing available resources, but as we approach saturation it fails badly and a deterministic approach is required. This is simply because it is easy to share when everyone has plenty; but when competition for resources gets tough, some kind of enforcement of sharing is required.
10.4.2Token rings
There are several kinds of token rings, including the now defunct Fiber Distributed Data Interface (FDDI). Token ring LANs are widely used in IBM networks. The basic idea is that all hosts are arranged in a ring and that packets circulate unidirectionally around the ring. In order to avoid collisions, a control packet (called the token) is circulated around the ring and a host can only begin transmitting if it has received the token. The host can then transmit for a maximum amount of time and it must then pass on the token to the next host. As data are transmitted, all hosts look to see if the packets were intended for them, i.e. anyone can receive all of the time.
10.4.3Ethernet
Ethernet technology was developed by Xerox, Intel and DEC in 1976, at the Palo Alto Research Center (PARC) [103]. In the Ethernet bus approach, every host is connected to a common cable or bus. Ethernet naturally supports broadcasting, since all hosts share the same channel, but it also means that packets can collide and must contend for transmission over each cable segment. This is called
398 |
CHAPTER 10. NETWORK-LEVEL SERVICES |
CSMA/CD, or Carrier Sense Multiple Access/Collision Detect. A collision occurs when two hosts attempt to send signals simultaneously.
The naming convention for Ethernet is:
•10Base-T = 10 Mbps, over two twisted-pair cables.
•100Base-T2 = 100 Mbps, over two twisted-pair cables.
•100Base-T4 = 100 Mbps, over four-twisted pair cables.
•1000Base-LX/FX/SX = 1000 Mbps, long wavelength over optical fiber cable.
The latter is nicknamed Gigabit Ethernet.
Ethernet collisions occur when two hosts try to send data at the same time. To give all hosts an equal opportunity to use the shared line, there is a Maximum Transmission Unit (MTU) or Ethernet frame size of 1500 bytes, which limits the time that a host can use the line.
Before sending a frame, the interface checks to see if its receiver sees any existing transmission, if so it waits until the coast is clear. As the speed (bit rate) of Ethernet transmission increases and LANs grow in size, the finiteness of the speed of light becomes noticeable and it is increasingly likely for two hosts to start sending at the same time, at different parts of a cable, before detecting each others’ signal. When this occurs, there is a ‘collision’ and a burst of noise is transmitted to inform all hosts of a collision: both hosts must stop and retry after a short wait.
•An interface can only detect a collision while it is transmitting itself, so we must be careful to prevent the sending of packets that are too short. (If incoming power is greater than outgoing power, there must be a collision.)
•Each bit is encoded by a single wavelenth λ of electromagnetic waves in Ethernet’s Manchester bit-encoding. If packets are long enough then they must fill up the physical size of the cable, because the combined wavelength N λ is larger than the cable size. Thus hosts will not be able to avoid seeing one another’s transmissions at some time during the transmission. We should therefore use a minimum packet size to be certain of detecting all collisions.
Suppose we have a cable segment of length L. The worst case scenario is when two hosts A and B at opposite ends of the cable start transmitting, just as the signal arrives from A to B. In order to detect a collision, a signal must then have travelled a distance of L to the collision point, and then the noise burst must travel back the same distance to be detected by A, before the message finished transmitting. Thus:
N λ ≥ 2L
or in terms of bit-rate (frequency) f ,
N ccopper ≥ 2f L,
where ccopper is the speed of light in copper or fiber, which are both of the order 2 × 108 meters per second. The left-hand side is the distance occupied
10.4. ALTERNATIVE NETWORK TRANSPORT TECHNOLOGIES |
399 |
by N bits, or wavelengths of the bit signal, and the right-hand side is the distance of the round-trip. There are two variables to fix N or L. The Ethernet standard chooses to fix the minimum size of frames to be 512 bits (64 bytes), giving a maximum length of about 5000 meters for 10Mbs Ethernet; this is usually halved to 2500 meters to allow a wide margin for error. Any small data payloads are padded out with zeros. At gigabit speeds, even larger MTUs are required to extend the length limits of the cables; even so, they cannot be very long.
Other limits on the size of Ethernet segments come from the physical properties of cables, i.e. signal attenuation. The Ethernet standard allows for a maximum of four repeaters (amplifiers), so the average length of each segment above can be divided by the number of repeaters needed to get the signal across this maximum length.
10.4.4Digital Subscriber Line (DSL)
DSL includes variations such as ADSL, RADSL, SDSL, HDSL, VDSL, and is a family of multiplexing transmission methods that uses the existing telecommunications infrastructure. Asymmetric DSL (ADSL) is asymmetric in that it has a higher download capacity than upload capacity. This is an arbitrary decision, derived from observed usage. SDSL is a symmetric version of this. RADSL is a Rate Adaptive DSL that adds some prioritization to traffic types.
DSL technologies employ improved transceiver technology to transmit data more efficiently over copper wires. They are sometimes referred to as last-mile technologies because they are used only for connections from a telephone exchange or cable television operator to the end user. They are not routable. DSL can transmit at rates limited only by the physical properties of the cable, whereas telephone modem channels are restricted by the bandwidth of filters designed to give a clear voice signal.
10.4.5Integrated Services Digital Network (ISDN)
This is an international communications standard for sending voice, video and data over digital telephone lines or normal telephone wires. ISDN allows multiple devices to share a single line and supports data transfer rates of 64 Kbps and has never really taken off. ISDN was more widely deployed in Europe, but has quickly lost ground to cable and telephone DSL solutions.
10.4.6Fiber: SONET/SDH
After the break up of AT&T, the newly formed Bellcore began to work on the Synchronous Optical Network (SONET). Later the International Telecommunications Union (ITU) joined the effort and renamed the standards slightly, calling the standard not SONET but the Synchronous Digital Hierarchy (SDH). In SDH-speak STM-n is a SONET optical carrier OC-3n or Synchronous Transport Signal STS-3n for the electrical (copper) version.
400 |
|
CHAPTER 10. NETWORK-LEVEL SERVICES |
|||
|
|
|
|
|
|
|
STS-1 / OC-1 |
|
– |
51.84 Mbps |
|
|
STS-3 / OC-3 |
|
STM-1 |
155.52 Mbps |
|
|
STS-12 /OC-12 |
|
STM-4 |
622.08 Mbps |
|
|
|
|
|
|
|
10.4.7T1 and E1
The old U.S. designations for high speed telephone lines include T1 - 1.544 Mbps, T3 - 44.736 Mbps. Corresponding European standards are called E1, E3 etc. These lines are copper wire cables that can be used with various protocols, including ISDN and DSL. They are usually leased lines, owned by telecom companies.
10.5 Alternative network connection technologies
We have focused mainly on the Ethernet so far, because it is the most widely deployed networking technology (apart from the telephone system). A number of other technologies are in widespread use and warrant a brief description, if only for cultural or historical reasons.
10.5.1X.25
X.25 is a nickname for a layered packet switching technology that was widely used in the 1970s and 1980s. In OSI layer 1, the physical layer, it employs several standards such as V.35, RS232 and X.21. At layer 2 it uses an implementation of the ISO HDLC standard called Link Access Procedure Balanced (LAPB) and provides error correction between two connected devices. Layer 3 is referred to as the X.25 Packet Layer Protocol (PLP) and is primarily concerned with network routing functions and the multiplexing of simultaneous logical connections over a single physical connection. X.25 offers virtual circuits. Today it has been replaced by lighter weight protocols such as Frame Relay.
10.5.2Frame Relay
Frame Relay was designed in the 1980s and deployed in the 1990s as a second generation X.25. Like X.25 and ATM, it uses the idea of virtual circuits. Frame relay was designed for transmission over media with much lower error rates than before. Frame Relay implements a virtual circuit without flow control or error recovery. If errors are detected in a Frame Relay packet, the packet must simply be dropped. Frame Relay offers a rudimentary Quality of Service functionality.
10.5.3Asynchronous Transfer Mode (ATM)
ATM is a technology introduced in the 1980s and embraced by the telephone companies as a way of creating a network infrastructure that resembled existing telephone infrastructure. It was thought that ATM might one day replace both