this dir | view | cards | source | dark top

Počítačové sítě

01 Paradigms 02 Taxonomy 03 Layers 04 Techniques 05 Routing 06 Transport 07 Internetworking 08 Addressing 09 Protocols

DISCLAIMER: Je to hodně psané tak, abych si to pamatoval já, takže jsem některé věci, které jsem už věděl, považoval za odvoditelné nebo jsou zmíněné v jiné otázkce, vynechal. Nemám na to veřejné repo, případné chyby nahlašujte na libovolný kontakt na webu.

01 Paradigms

A01 Proudové a blokové přenosy Stream and block transmissions
- stream
  - FIFO queue
  - order preserved
  - no division other than individual characters
- block
  - divided into blocks
  - fixed / variable size
  - travel independently - order might not be preserved
  - may contain metadata, e. g. ordinal number
A02 Spojované a nespojované přenosy Connection-oriented and connectionless transmissions
- TCP vs. UDP
- connection-oriented
  - order is preserved
  - connection is created, maintained, terminated
  - stateful - state must be kept in memory
  - resources can be allocated and deallocated
  - error handling
  - other party must exists and be ready
- connectionless
  - stateless
  - other party might not exist, or receive packets
  - lower latency
A03 Přepojování okruhů a paketů Circuit and packet switching
- circuit switching
  - mainly in telecommunications
  - "old" way of doing things
  - dumb endpoints, smart network
  - a communication path is created first, data is then freely sent through the path
  - low latency
  - reserves capacity
  - block and stream both possible
- packet switching
  - more prevalent in computer networks
  - smart endpoints, dumb network
  - packets travel independently
  - more resilient
  - only block transissions, metadata is required
  - shared capacity
A04 Virtuální okruhy a datagramová služba Virtual circuits and datagram service
- virtual circuits
  - connection-oriented way of doing packet switching
  - a path is prepared, packets are marked and follow the same path
  - e. g. ATM
- datagram service
  - connectionless
  - e. g. ethernet
A05 Spolehlivé a nespolehlivé přenosy Reliable and unreliable transmissions
- reliable
  - errors are detected and recovered
  - all data is transmitted
  - higher latency and bandwidth due to overhead and confirmations
  - checksums
- unreliable
  - no confirmation
  - errors are ignored
  - lower latency
  - lower jitter
A06 Garantované a negarantované přenosy Guaranteed and non-guaranteed transmissions
- guaranteed
  - circuit switching
  - is garbage
- non-guaranteed
  - packet switching
  - resources might not be available
A07 Best Effort a Quality of Service Best Effort and Quality of Service
- best effort
  - if loss is inevitable, all data is equal
- quality of service
  - relative = prioritization
  - absolute = guaranteed circuit switching with extra steps, reservations made in advance
A08 Světy telekomunikačních a počítačových sítí Worlds of telecommunication and computer networks
- telecom
  - dumb device, smart network
  - inflexible
  - expensive
  - older
  - central management
  - circuit switching, connection-oriented, reliable, guaranteed
  - afraid to sell unreliable service
  - (this hasn't been true since the 1990s)
  - closed, corporate
- computer
  - smart device, dumb network
  - flexible
  - cheaper
  - newer
  - packets, connectionless, unreliable, non-guaranteed
  - liberalized, based on standards
  - network owners are the users
A09 Hospodaření s dostupnými zdroji Management of available resources
- moore's law - processing doubles every two years - moore's law is slowing down
- disk law - space doubles every year
- gilder's law - transmission triples every year
- eventually gets cheaper to store than to calculate and to fetch than to store

02 Taxonomy

A10 Distribuční sítě a sítě s přepojováním Broadcast and switched networks
- broadcast networks
  - DTV, DAB and co.
  - one broadcaster, many subscribers
  - data is transmitted all the time
- switched networks
  - the internet and co.
  - duplex communication
  - data is sent on request
A12 Páteřní a přístupové sítě Core and access networks
- core
  - small amount of high bandwidth connection
  - redundancy
  - optical fibers
- access
  - connects end users
  - POPs (like rDSLAMs) - (remote subscriber units = RSU)
  - CP - customer premises
  - RSU → CP = metallic cable, passive connection
  - building of access networks is hard
    - earthworks represent 85 % of the cost
    - intentionally oversized and future-proof
A11 Pevná a mobilní telefonní síť Fixed and mobile telephone networks
- fixed
  - now mostly CETIN and others (ex O₂)
  - 2 international, 8 transit, 140 local telephone exchanges
  - 3.8M active CPs in 2001, 700k in 2019 (ČSÚ (2023): 356k homes and 885k businesses)
- mobile
  - mobile switching center (MSC)
  - gateway MSC - to other networks
  - GERAN - GSM EDGE radio access network
  - Base Transceiver Station - BTS - phones connect to it
A13 Překryvné přístupové sítě Overlay access networks
- using existing infrastructure for newer technology
- other frequencies, encapsulation
- original functionality preserved
- fixed telephone, power or cable television wiring
A14 Technologie xDSL xDSL technology
- usage of metallic phone lines
- non-voice frequencies
- passive frequency splitter
- modem
- POP - DSLAM, separate core network
- ADSL - kilometers, 8Mb/1.5Mb
- VDSL - 300 meters, 200Mb/100Mb
A15 Technologie PLC PLC technology
- using electrical network
- higher frequencies above 50/60Hz
- very noisy, unshielded cables
- long haul - maintenance only, very low frequencies and speeds
- last mile - expensive and not used in practice
- last meter - homeplug, behind meter, up to 500Mb/s, usually sucks balls in practice
A16 Technologie DOCSIS DOCSIS technology
- Data Over Cable Service Interface Spec
- coax cables, originally one-way tv broadcasts
- DOCSIS 1.0 - 40/10 → DOCSIS 4.0 10G/6G
- POP = CMTS (cable modem termination system)
- optical to CMTS, coax to CP
A17 Technologie FTTx FTTx technology
- active vs passive splitting
  - passive good enough for access, core network is active
- PON - passive optical network, usually GPON - gigabit
- FTTx
  - Node (used by DOCSIS)
  - Curb
  - Building
  - Home
  - last meter is usually not optical
  - although, (Q)SPF(+) DACs exist, servers might be optical to the device
A18 Datové sítě Data networks
- transmit data (duh) for various different applications (instead of calls, tv)
- dumb network (not smart network)
- private, public, virtual private
- private
  - MVČR - PEGAS network (operated by ČRa - české radiokomunikace)
  - whole network is operated by one entity
  - IZS uses it
- public
  - commertial customers
  - better for smaller subjects
- virtual private
  - shared infrastructure - usually uses a public network
A19 Sítě PAN, LAN, MAN, WAN PAN, LAN, MAN and WAN networks
- PAN - Personal Access Network
  - Bluetooth, Infrared, Wi-Fi direct and co.
  - USB, FireWire
  - connection between your devices, usually peer to peer
  - single person
- LAN - Local Access Network
  - Home, Business network
  - all devices see each other
  - in narrower sense, all connected with L1 and L2
- MAN - Metropolitan Access Network
  - like cities or something
  - like local ISPs, Újezd.net, Czela.net and co?
  - PASNET, MEPNET
  - pass through public spaces
- WAN - Wide Area Network
  - CESNET, the internet
A20 Architektura Internetu, peering a tranzit Internet architecture, peering and transit
- peering - direct connection between two ISPs
- transit - usually paid connection through other ISP's network
- Tier 1 providers
  - like 15 of them
  - the big guys - AT&T, Deutsche Telekom
  - peer with everybody, don't need transit access
- Tier 2 providers
  - peer locally, need transit to rest of internet
- Tier 3 providers
  - local providers, connect through transits
A21 Intranet, extranet a darknet Intranet, extranet and darknet
- intranet
  - internal resources, only available from the network
- extranet
  - external stuff, for customers, available from the internet
- darknet
  - what
  - why do you mention it here
  - what does it have to do with anything
  - ok like the fact that it is an overlay network is kinda relevant
  - do we talk about onion routing, cool crypto?
  - nah, sex, drugs and rock'n'roll, that's how you teach people about networking
  - also like, Tor isn't the only """darknet""" out there (as in a free decentralised network that doesn't use address-based routing), ever heard of IPFS? Yggdrasil? Those work differently and afaik aren't used for sex, drugs and rock'n'roll as fair as I'm aware

03 Layers

A22 Principy vrstvových modelů Principles of layer models
- decompose a problem into multiple parts
- each layer has different responsibilities
- layers are strictly ordered instead of arbitrary modules
- public interface and responsibilities defined, internals intentionally hidden
A23 Vertikální a horizontální komunikace Vertical and horizontal communication
- horizontal
  - between devices
  - always on the same layer
  - only L1 is actually connected, all others are just an illusion
- vertical
  - translation between layers packing and unpacking
  - only adjacent layers can communicate (not actually) and cannot be skipped
A24 Principy síťových protokolů Principles of network protocols
- set of rules using which devices communicate
- public interface and internal transmission rules
- protocols are within single layer
- are interchangeable, complementary or alternative
- PDU
  - packet, frame, cell
  - header + body + (footer)
- MTU
  - maximum payload size
A25 Síťové modely a architektury Network models and architectures
- model
  - concept of tasks and responsibilities
- architecture
  - particular implementation
- ISO OSI model
  - 7 layers
- TCP/IP architecture
  - 4 layers
A26 Referenční model ISO/OSI ISO/OSI reference model
- layers
  1. physical
  2. link-local
  3. network
  4. transport
  5. session
  6. presentation
  7. application
A27 Úkoly fyzické vrstvy Physical layer tasks
- transmission of individual bits
- management of a shared meduium
- only two adjacent nodes
- modulation, keying, synchronization, timing
- digital to analog
- optical, wireless and metallic
A28 Úkoly linkové vrstvy Data link layer tasks
- sending frames within a single local network
- illusion of direct path between all nodes
- bridges and switches
- physical address unique within network
- frames encoded in stream of bits of L1
- cooperates with L1 on synchronisation and media sharing
A29 Úkoly síťové vrstvy Network layer tasks
- globally unique address
- need to find shortest paths
- maintenance of MTU – fragmentation and defragmentation
- routing between networks, autonomous systems
- address assignment – networks and individual nodes
- direct - ARP&send, indirect - ARP&send to router
A30 Úkoly transportní vrstvy Transport layer tasks
- separation of entities (services) within node
  - unique
  - known in advance
  - sockets
    - dynamically reserved ports
- only happens in nodes, routers implement only L1-L3 (except for NAT lol)
- adaptation
  - guaranteed over best effort
  - connections over connectionless
  - reliable over unreliable
  - streams over blocks
- flow and congestion control
A31 Úkoly relační vrstvy Session layer tasks
- session
- authentication, authorization, encryption
- illusion of synchronousness
- 1L5-nL4, 1L4-nL5
- transactions
A32 Úkoly prezentační vrstvy Presentation layer tasks
- data encoding and decoding
- translation between formats - BE, LE, encodings
- ASN1, BER
- nowadays ProtoBuf, JSON?, GraphQL
A33 Architektura TCP/IP TCP/IP architecture
- L1 - physical/data link
  - handles all necessary for transmission between nodes in a network
- L2 - IP
  - global routing between all nodes
- L3 - TCP/UDP
  - separation of services, adaptation
- L4 - application layer + session and presentation

04 Techniques

B01 Fyzická přenosová média Physical transmission media
- non ideal
- attenuation, distortion, interference
- guided - metallic and optical, unguided - wireless
- have limited bandwidth
B02 Analogové a digitální přenosy Analog and digital transmissions
- analog
  - directly measuring values
  - they always change
  - impact in a chain gets worse
- digital
  - analog values interpreted as 0 or 1
  - can be "perfect" by setting good thresholds
B03 Tvary a vlastnosti křivek Shapes and properties of waveforms
- square
  - an infinite sum of sines - some will be truncated
- triangle
- sine
  - amplitude
  - frequency
  - phase
- sawtooth
B04 Přenosy v základním pásmu Baseband transmissions
- frequency of changes in data ~ frequency of changes in carrier
- unmodulated
- usually square
B05 Principy a příklady linkových kódů Principles and examples of line codes
- unipolar, bipolar NRZ, RZ, manchester, transition-coding (USB2)
- redundant coding, bit stuffing, scrambling, block coding
- objective: reduce DC and enable synchronisation and clock recovery
B06 Problémy synchronizace, DC komponenty a disparity Synchronization, DC component and disparity issues
- synchronisation
  - we need a clock to determine when to read a 1 or 0 - bit period
  - running a separate clock is impractical
  - clocks are inaccurate
  - clock recovery is needed from the signal
- DC component and disparity
  - how much the signal is offset from 0 on average
  - cannot be reliably transmitted over a long distance
  - mean amplitude has to be kept as close to 0 as possible
B07 Techniky zajištění synchronizace Synchronization techniques
- explicit clock
  - only in buses within a single device, I²C
- self-clocking
  - direct recovery - redundant coding
    - each bit period contains a transition
  - indirect recovery
    - clock is derived from multiple bits of data
    - long runs of same value avoided
    - bit stuffing, block coding
  - anisochronous
    - clock is sent at different time to data
B08 Redundantní kódování, bit stuffing, scrambling Redundant coding, bit stuffing, scrambling
- redundant coding
  - manchester
  - each bit contains transition
- bit stuffing
  - after a successive run of n same values, opposite value is injected and automatically removed
- scrambling
  - sequence of data is combined with PRNG sequence or pattern
  - QR codes
B09 Blokové kódování Block coding
- blocks of bits are encoded as longer blocks
- multiple different blocks mean the same thing
- some blocks may be omitted - for instance with long runs or DC disparity
- 4/5b
  - 100Mb ethernet
  - DC balanced with scrambler
- 8/10b
  - 1G, HDMI, SATA, USB3
  - DC balanced
    - max 5 consecutive equal bits
    - running disparity not more than ± 2
B10 Přenosy v přeloženém pásmu Passband transmissions
- amplitude, frequency and phase modulation
  - for analog signals
- keying - digital modulation
  - ASK, FSK, PSK
  - QAM - ASK+PSK
B11 Kvadraturní amplitudová modulace Quadrature Amplitude Modulation
- combination of ASK and PSK
- ex. 16QAM
  - 3 states of amplitude, 12 of phase
  - only 16 out of possible 36 used
  - Gray code used – change to neighbouring segment causes only one bit flip
B12 Zajištění transparence Ensuring transparency
- transparency - distinguishing data from control commands
- separate path/escaping
B13 Techniky framingu a zapouzdření Framing and encapsulation techniques
- framing
  - separation of bits into individual frames
  - start flag + end flag
  - start flag + length
  - start flag + implicit end - absence of carrier
  - line coding
  - block counting
- encapsulation
  - combining payloads with headers and footers
B14 Techniky stuffingu Stuffing techniques
- character/bit/byte
- marking data with special symbols
- escaping and framing
- flag occurrences in data
B15 Znakově orientované protokoly Character-oriented data link protocols
- use non-printable ASCII characters
- positive escaping using DLE data link escape
- Start of Header, Start of Text, End of Text
- DLE is escaped by doubling
- for instance Serial Line Internet Protocol
B16 Bitově orientované protokoly Bit-oriented data link protocols
- special sequence of bits marks frames
- N ones = flag, N-1 ones, zero is added
- High Level Data Link Control, HLDC
B17 Bytově orientované protokoly Byte-oriented data link protocols
- escaping bytes, flag bytes, synchronisation bytes
- e. g. Ethernet

05 Routing

B18 Směrovací a forwardovací tabulky Routing and forwarding tables
- routing table
  - used to calculate route
  - used to find shortest path
  - destination, interface, gateway, metric
- forwaring table
  - used for individual packets
  - should be fast and easy to resolve where to send each packet
B19 Obvyklé a alternativní přístupy směrování Common and alternative routing approaches
- hop by hop
- shortest path
- destination-based
- content-independent
- stateless
B20 Klasifikace směrovacích přístupů Classification of routing approaches
- adaptive - dynamic
  - centralised, decentralised
- non-adaptive - static
  - flooding
  - fixed directory
  - random walk
B21 Fixní (statické) a náhodné směrování Fixed directory and random walk routing
- fixed directory
  - predetermined and preconfigured set of rules
- random walk
  - send packet in random direction, not back
B22 Záplavové směrování a techniky řízené záplavy Flooding and controlled flooding techniques
- send packets in all directions
- hop counting - hop number set to some constant, decremented on each hop, dropped when zero is reached
- sequence number, checksum remembering
- spanning tree generation
- reverse path forwarding
  - drop packet if source path wouldn't have been used to send packet to source address
B23 Centralizované směrování Centralized routing
- single route server
- other devices only have forwarding tables and ask route server for directions
B24 Metoda zpětného učení Backward learning method
- remember where packets come from for different source addresses
- send in those directions, if unknown, flood
B25 Metoda zdrojového směrování Source routing method
- source finds entire route, routers follow it
- uses flooding to find path, when discovery packet reaches destination, is sent back with the path written down, found path is remembered and used
B26 Směrování distance-vector Distance-vector routing
- learn routes from neighbours
- metric is lowest metric from neighbours + metric to that neighbour
- learns good routes fast, bad routes stay for long
B27 Problém count to infinity Count to infinity problem
- in a network of nodes A-B-C-D, if A-B is disconnected, B wants to update its path to A, asks C, C doesn't know B can't access A so tells B its cost of 2, B updates to 3, C updates to 4, B to 5...
- solutions
  - small infinity - counting doesn't take long, but long paths are never discovered
  - split horizon - path is never advertised to node it was learned from
  - poisoned reverse - as split horizon, but with infinite cost instead of not at all
  - triggered updates - updates sent immediately before asking anyone
B28 Protokol RIP Protocol RIP
- very old
- uses distance-vector with infinity of 16
- only 25 routing records
- updates every 30 seconds, unavailable if no update within 180
B29 Směrování link-state Link-state routing
- each router has complete information
- update is sent immediately and to everyone
- OSPF
B30 Srovnání distance-vector a link-state Distance-vector and link-state comparison
- link-state
  - calculation is not incremental, fast convergence
  - mistakes don't influence rest of the network
  - each node has full information, can make own decisions
- distance-vector
  - each node has partial information
  - nodes don't need that much memory
  - slower convergence
B31 Hierarchické směrování a směrovací domény Hierarchical routing and routing domains
- routing in a big system is still hard, decomposition is needed
- autonomous systems in internet (usually ISP)
- hierarchical routing
  - RIP or OSPF inside, Path-Vector routing BGP outside (full path is sent and kept instead of just the cost)

06 Transport

B32 End-to-end komunikace a de/multiplexing End-to-end communication and de/multiplexing
- L1-L3 treat nodes and atomic
- nodes contain services and programs that all need to communicate
- ⇒ sockets
- L4 is handled only by end devices, devices on the way don't care
- some mechanism in the node (OS) gives the data to each service by the port
B33 Srovnání protokolů TCP a UDP Comparison of TCP and UDP protocols
- UDP
  - very simple
  - only port numbers, otherwise unreliable, unguaranteed etc.
  - low latency
  - connectionless
  - only E2E, no adaptation
- TCP
  - very complex
  - connection oriented, reliable, but still best effort
  - adaptation
B34 Bytový stream TCP TCP byte streams
- illusion of byte stream
- sending side has a buffer, only when the buffer is full (or if otherwise instructed) is a segment constructed and sent
- individual segments are numbered
B35 Navazování spojení Establishing connections
- three way handshake
- SYN, ACKSYN, ACK
- also initial sequence number is agreed upon
B36 Zajištění spolehlivosti Ensuring reliability
- error detection and correction
- correction is expensive and not used in practice
- ⇒ error detection + retransmission
B37 Kontrola parity a kontrolní součty Parity bits and checksums
- parity bits
  - of each byte
  - of particular groups of bits in message
  - odd parity vs even parity
- checksum
  - sum of all bytes in packet
  - either sum is checked or two's complement is utilised and zero is checked
B38 Cyklické redundantní součty Cyclic Redundancy Check
- bits of message are coefficients of polynomial in GF(2)
- gets divided by generator polynomial
- remainder makes check value
- very easy to implement in hardware
  - fixed scheme - fixed polynomial, only XOR gates are needed
  - generic scheme - polynomial set using and gates
B39 Potvrzovací strategie Automatic repeat requests
- stop-and-wait
- go-back-N
- selective repeat
B40 Jednotlivé potvrzování Stop-and-Wait ARQ
- wait for confirmation on each packet
B41 Kontinuální potvrzování s návratem Go-Back-N ARQ
- when a retransmission happens, start over from the point of retransmission
- doesn't need a buffer on the receiving side
B42 Kontinuální potvrzování se selektivním opakováním Selective Repeat ARQ
- only retransmit lost segments
- needs a buffer on both sides
B43 Metoda posuvného okénka Sliding window method
- buffer of unacked sent messages kept on sending side
  - buffer moves when last message is acked
- buffer of unprocessed received on receiving side
  - buffer moves when first message in line is received (others might be waiting)
- stop-and-wait - window size is 1 x 1
- go-back-N - window size is N x 1
- selective repeat - window size is N x M
B44 Problém řízení toku Flow control
- ensuring slower recipients are not overwhelmed
- sliding window method in TCP
B45 Předcházení zahlcení sítě Congestion control
- ensuring network on the way is not overwhelmed
- feedback techniques
  - ICMP source quench (not used in practice)
  - TCP sliding window or slow start (if congestion detected, use stop-and-wait)
- forward techniques
  - traffic shaping = delay
  - traffic policing = drop
B46 Možnosti zajištění QoS Quality of Service techniques
- relative QoS
  - types of traffic given prioroties, in case of congestion, low priority dropped/delayed first
- absolute QoS
  - reserved in advance
B47 Principy řešení DiffServ Principles of DiffServ
- classes of priorities
- forgotten Type of service IP header field
- all routers must cooperate
B48 Principy řešení IntServ Principles of IntServ
- part of available capacity is detached and reserved
B49 Mechanismus client buffering Client buffering mechanism
- intentional delay to control and reduce jitter

07 Internetworking

C01 Cíle internetworkingu Internetworking objectives
- connecting devices in smaller or larger networks
- merging smaller units into larger ones
- dividing larger units into smaller ones
C02 Aktivní a pasivní síťové prvky Active and passive network elements
- active
  - router
  - switch
  - bridge
  - hub
  - repeater
  - transmitters
- passive
  - wire
  - server rack (wtf)
  - patch panels (why tho)
  - structured cabling (gfy)
C03 Propojování napříč vrstvami Interconnection across layers
- TODO: I have actually absolutely no clue what this question is about :(
C04 Principy propojování na L1 Internetworking principles at L1
- all devices share one medium
- individual bits are transmitted
- collision avoidance is needed
- hub
  - simple repeater
  - transmits bit by bit as they are received
  - all devices must use same speed
  - no filtering is done
  - very low latency
  - very simple hardware
C05 Přístupová metoda CSMA/CD Collisions and CSMA/CD access method
- carrier sensing media access / collision detection
- devices start trying to transmit immediately when the medium is unoccupied
- many can start at the same time, they detect collision and start jamming so the others notice too
- wait for random! amount of time and try again
- collision has to be propagated through entire segment
C06 Principy propojování na L2 Internetworking at principles L2
- devices don't share a medium anymore
- frames are transmitted
- filtering and forwarding is limited
- packets are buffered, collisions don't propagate
- packets are sent only to relevant destinations using backwards learning
C07 Filtrování a cílené předávání Filtering and forwarding at L2
- filering
  - local communication within a segment is not sent to other segments
- forwarding
  - each segment receives only data intended for that segment
C08 Činnost linkového rozhraní Network controller operation at L2
- L3 packet is encapsulated into L2 frame
- L2 dest. address need to be determined using ARP and co.
- L2 is forwarded through the network to recipient
- all recipients are reachable
- switches and bridges are not visible to the end nodes
- bridges and switches are promiscuous - receive and consider all traffic
- end nodes are non-promiscuous - drop frames with unknown addresses
C09 Mechanismus Store&Forward Store&Forward mechanism
- each frame is received in its entirety, buffered and then forwarded
- allows detecting and dropping damaged frames
- has higher latency
- allows segments with different rates to be connected
C10 Mechanismus Cut-Through Cut-Through mechanism
- each frame is buffered only until its fate is determined, then forwarding is started right away
- requires segments to be the same rate
C11 Segmentace a mikrosegmentace sítě Network segmentation and microsegmentation
- segmentation - separation into L1 segments
  - connected using split-Ts
- microsegmentation
  - each segment contains only one device
  - only used solution nowadays
  - no collisions happen and full duplex communication is possible
C12 Srovnání přepínačů a mostů Comparison of switches and bridges
- bridge
  - older style of device
  - connects few larger segments
  - mainly does filtering
  - can be implemented on the CPU level
- switch
  - newer style of device
  - connects many smaller segments, usually microsegments
  - mainly does forwarding
  - usually has specialised hardware
C13 Principy propojování na L3 Internetworking at L3
- connecting all devices globally
- connecting many network into one internetwork
- not all clients are connected, but rachability is done through routers
- limitation of broadcast domains
C14 Činnost síťového rozhraní na L3 Network interface operation at L3
- routing table is consulted
  - either local route is found, packet is directly sent over L2 to recipient
  - or packet is sent to gateway router for given address
- packet contains address of final destination
C15 Pravidla 80:20 a 20:80 80:20 and 20:80 rules
- originally 80 % of all traffic was local, 20 % was to other networks
- with the internet 80 % is to the internet and only 20 % is local
- technologies had to adapt - VLANs and L3 switches
C16 L2 a místní a cílený L3 broadcast L2 and local and targeted L3 broadcasts
- L2 broadcast - FF:FF:FF:FF:FF
  - sent by flooding from all switches
  - all bits are 1
- L3 local broadcast - 255.255.255.255
  - automatically sent to L2 broadcast in the local network
  - all bits are 1
- L3 targeted broadcast - 192.168.1.244
  - all bits of the network part are 1
  - routed normally at first and turned into broadcast when it reaches recipient network
C17 Směrovače a L3 přepínače Routers and L3 switches
- routers
  - they route
  - have routing tables
  - commonly also do NAT, DHCP, DNS resolving, firwall etc.
  - other physical interfaces
- L3 switches
  - switches that can understand L3 packets and forward according to simple rules
  - designed for speed and throughput
  - don't have much additional features
  - from 20:80 environments
C18 Využití L4 a L7 přepínačů Usage of L4 and L7 switches
- switches that additionally read L4 and L7 information
- L4 switches
  - send different applications to different nodes
- L7 switches
  - understand L7
  - different HTTP hosts to different servers
- distribution and load balancing
- transparent caching
- traffic prioritization, blocking and limitation
C19 Principy a koncepty sítí VLAN Principles and concepts of VLAN networks
- using same L1 and L2 infrastructure for multiple networks
- separating geographically close nodes into separate networks - local vlans
- connecting geographically separate nodes into a single network - end-to-end vlans
- limiting broadcast domain
- security
- easier management
C20 Logický model VLAN sítě Logical model of VLAN network
- switches and routers must understand VLANs
  - are connected with VLAN-aware segments
- packets sent to end nodes are normal - end nodes can be simple
  - VLAN-unaware segments
- VLAN ids and optional names
C21 Přístupové a trunkovací porty Access and trunk ports
- access port
  - has one specified VID
  - outgoing packets are stripped of VLAN id and sent to end node
  - incoming packets get tagged with VID of port
- trunk port
  - has a selection of allowed VIDs
  - packets with selected VIDs are forwarded, others not
  - can have native VID, packets without VID are assigned this VID
C22 Konfigurace VLAN sítí Configuration of VLAN networks
- static - configured manually
- dynamic
  - using MAC addresses
  - 802.1X authentication
  - MVRP for trunk port configuration
C23 Tagování 802.1q Dot1q 802.1q Dot1q tagging
- TPDI = 0x8100
- TCI - 12-bit VID
- adding and removing tags requires CRC
C24 Směrování ve VLAN sítích Routing in VLAN networks
- VLAN-unaware router
  - needs physical interface for each VLAN
  - garbage, doesn't scale well
- VLAN-aware router
  - has virtual interfaces for VLANs and routes between them
  - "router on a stick" - router connected with only one physical wire but many VLANs
C25 Princip a typy firewallů Types and principles of firewalls
- network-based
- host-based
- dedicated device/software solution
- prohibited unless permitted/permitted unless prohibited
C26 Demilitarizovaná zóna a aplikační brány Demilitarized zones and application gateways
- two firewalls, outside ↔ DMZ and DMZ ↔ inside
- no packets can go outside ↔ inside, only via DMZ
- application servers with services for outside users are placed in DMZ
- application gateway receives request and makes own request to internal server on behalf of the outside user or the other way round
C27 Realizace demilitarizovaných zón Deployment of demilitarized zones
- dual firewall
  - much more secure
  - firewalls can be from different vendors
- single firewall
  - less secure
  - three network interfaces
  - single point of failure
- integrated DMZ
  - software based solution in the node separating inside and outside
- DMZ host - fake DMZ
C28 Paketové filtry a ACL Packet filters and ACL lists
- set of L3 rules that allow/disallow forwarding of packets
- normal ACL uses only source address
- stateless vs. stateful

08 Addressing

D01 Principy adresování na L2 Principles of addressing at L2
- addresses must be unique within network
- also broadcast addresses are useful
- but it's easier for them to be unique globally
- EUI-48 and EUI-64
- addresses burned by manufacturer
D02 Adresy EUI-48 a EUI-64 EUI-48 and EUI-64 addresses
- divided into 3-byte OUI assigned to manufacturers
- EUI-48 → EUI-64, FF:FE inserted in the middle
- 64 only used by firewire, 48 by BT, WiFi, Ethernet...
- last two bits of first byte (they are first in the packet, because endianness)
  - individual/group
  - universal/local
D03 Principy adresování na L3 Principles of addressing at L3
- address must be globally unique
- hierarchy in addresses is desirable, so networks can be routed as a whole
- network part + node part
D04 IPv4 adresy a jejich třídy IPv4 addresses and their classes
- four bytes, decimal numbers separated by dots
- originally divided into classes, A, B, C, D, E (only D,E kept now)
- the number of ones at the start of the address determine Class
  - first bit 0 = Class A - /8 network
  - first bits 10 = Class B - /16 network
  - first bits 110 = Class C - /24 network
  - first bits 1110 = Class D - multicast
  - first bits 1111 = Class E - reserved
D05 Speciální IPv4 adresy Special IPv4 addresses
- 0.0.0.0 - self
- 127.0.0.0/8 - lolpback, lolcalhost
- 0.0.0.x - address in this Class C network (similar for A, B) (this isn't actually in use??)
- 10.0/8 - reserved for local use
- 172.16.0.0/11 - reserved for local use
- 192.168.0.0/16 - reserved for local use
- 169.254.0.0/16 - link-local addresses
D06 IPv4 multicast IPv4 multicast
- class D addresses
- 224.0/24 - static multicast
- 224.0.1.0 - 238.255.255.255 - global multicast
- 239.0.0.0 - 239.255.255.255
- 00:00:5E OUI, 23 bits taken from IP
D07 Řešení nedostatku IPv4 adres IPv4 address space exhaustion
- subnetting and supernetting
- cidr
- IPv6
- NAT/PAT
D08 Subnetting a supernetting Subnetting and supernetting
- subnetting
  - large blocks of Class A and B are split into smaller subnets
  - routes not visible to the open internet
  - nodes within subnet must understand, others don't
- supernetting
  - give subjects multiple Class C networks istead of 1 larger one
  - routing tables get too big
  - netmask added to routing tables, non-class prefixes routed by same router
D09 Mechanismus CIDR CIDR mechanism
- abandon classes altogether
- each network can have any prefix, denoted by netmask or the number of ones in it after a slash /24 = 255.255.255.0
- routing tables contain CIDR of target network, routing independent of how addresses are assigned
D10 Hierarchie registrátorů Hierarchy of registries
- IANA > RIR > NIR > LIR
- for instance IANA > RIPENCC > CESNET > CUNI
D11 Koncepty privátních IP adres a NAT Private IPv4 addresses and NAT concepts
- still not enough addresses and network people are notoriously scared of number 6
- devices inside of a network get private addresses which get translated by a router/firewall
- static
  - each public address corresponds to one private one
  - this solves nothing
- dynamic
  - public addresses are only allocated on demand - when a connection is made
  - this is still insufficient
- PAT (NAPT)
D12 Doručování datagramů při aktivním NAT Forwarding of datagrams with NAT enabled
- packet is sent with private srcIP and final dstIP
- when passing through the router, it replaces srcIP with the public IP
- recipient sends response, dstIP is public
- dstIP gets translated to private in router
- packet reaches its destination
D13 Charakter NAT/PAT vazeb Nature of NAT/PAT bindings
- Cone PAT - each IPp:portp corresponds to one IPs:ports
- symmetric NAT - different IPp:portp also for destination IP:port pair
D14 Doručování datagramů při aktivním PAT Forwarding of datagrams with PAT enabled
- srcIP:port private, dstIP:port final
- srcIP:port assigned new public pair
- response sent back to public pair
- public pair resolved using table back to private
D15 Varianty PAT kuželů Variants of PAT cones
- full - once NAT is opened, anyone can send packets to it
- ip restricted - only packets from contacted IPs are accepted
- port restricted - only packets from contacted IPs and ports are accepted
- symmetric NAT - each recipient ip:port pair has own NAT pair
D16 Problémy NAT/PAT Issues of NAT/PAT
- it sucks
- absolute garbage
- this technology should have never existed
- entirely smallbrain
- setback of overall human progress by at least half a year
- NAT can go die in hell
- performance hits, not all communication protocols supported
- implicit firewall that cannot be turned off in some cases
D17 Cíle IPv6 adres a vztah k IPv4 adresám Goals of IPv6 addresses and relationship to IPv4
- 4 times the length IPv6 = IPv4^4
- drop broadcasts, add anycasts
- other features
- autoconfiguration addresses
- more hierarchy levels
D18 Struktura a zápis IPv6 adres Structure and notation of IPv6 addresses
- 8 groups of four hexadecimal digits
- leading zeros may be ommited
- one block of consecutive zeroes can be replaced by two colons
- mixed notation with embedded ipv4
D19 Unicastové IPv6 adresy IPv6 unicast addresses
- global unicast
- unicast local address ULA
  - not globally routable, reserved only within site
  - fc00::/7
  - fc00::/8 reserved
  - fd00::/8 in use, databases exist
  - for instance fd00:ec2::/32 used by AWS for internal services like DNS
- link local
  - fe80::/10, autoconf based on MAC
- Site local
  - previous attempt, replaced by ULA, unused

D20 Principy adresování na L4 Principles of addressing at L4

ports
individually for each protocol (TCP/UDP)
unique, abstract, implicit, static

Unique within a given node
Static = fixed and known in advance
– So that we are able to determine the address of the recipient
Abstract = independent on a particular platform
Implicit = independent on the current situation

both src port and dst port

D21 Porty a jejich číslování Ports and their numbering
- 0-1023 well known reserved ports
- 1024-49ksomething user ports
- 49ksomething-65535 dynamic ports
D22 Principy adresování na L7 Principles of addressing at L7
- URI
  - generic naming system for all objects in the universe
  - URL
    - for web resources
  - URN
    - for other resources, doi, isbn and co
- něco něco železničářskej diagram

09 Protocols

D23 Vlastnosti protokolu IPv4 IPv4 protocol features
- connectionless, stateless, unreliable
- L3, globally routable
D24 Struktura IPv4 datagramu Structure of IPv4 datagrams
- header and body
D25 Položky IPv4 hlavičky IPv4 header fields
- 4 bits of type (static 4)
- Type of Service (forgotten, used for DiffServ)
- header checksum
- src, dst addr
- L4 protocol type
- optional options
- TTL
- IHL header length
- total length
- fragmentation identificatio, flags and offset
D26 Položka TTL a nástroj TraceRoute TTL header field and TraceRoute tool
- originally actual time in seconds, nowadays hop count
- starts at some value, decreased in each hop
- tracepath sends pings with TTL starting at 1
- when TTL is exceeded, ICMP Time Exceeded is sent
- router then reveals its identity
- when time runs out, we know there is a router that doesn't want to speak
D27 IPv4 kontrolní součet IPv4 header checksum
- normal checksum, no CRC, only header
- whole header should add up to 0
- no message sent on fail, what if src address was damaged
D28 IPv4 doplňky hlavičky IPv4 header options
- other options
- option type, length and data
- copied flag, class and number
- some options for source routing
D29 Principy IPv4 fragmentace Principles of IPv4 fragmentation
- anyone in the path can fragment
- fragmentation sucks
- packets identified by identifier (generated only when first fragmentation occurs) and offset
- fragmentation can happen multiple times
D30 IPv4 varianty detekce MTU IPv4 MTU detection strategies
- no limit
- by asking nearest L2 - good for routers
- minimum possible, 68 or 576 bytes
- path discovery - trying along the whole path
D31 IPv4 Path MTU Discovery IPv4 Path MTU Discovery
- sending pings of different sizes with Don't Fragment flag set
- might not be accurate - paths change
D32 Proces IPv4 fragmentace Process of IPv4 fragmentation
- ip header gets copied and modified
- non-copy options get dropped
- length and checksum is recalculated
D33 IPv4 fragmentační hlavičky IPv4 fragmentation headers
- identification
- frag offset
- frag flags
  - first fixed 0
  - don't fragment
  - more fragments follow
D34 Proces IPv4 defragmentace Process of IPv4 defragmentation
- reassembly using offsets, identification and buffer
- if some time elapses and not all frags arrive, packet is discarded with ICMP Time Exceeded
D35 Problémy IPv4 de/fragmentace IPv4 de/fragmentation issues
- makes stateless protocol stateful
- much more complicated than IPv4 without it
- needs buffers
- and timers
- and such
D36 Protokol ICMPv4 ICMPv4 protocol
- auxiliary protocol for IPv4
- is L3, but is encapsulated in IPv4, so is kinda L4
- service messages, errors
D37 Struktura ICMPv4 zprávy Structure of ICMPv4 messages
- message type, message code, whole packet checksum, additional fields according to type - always present, but might be empty
D38 Příklady ICMPv4 zprávy Examples of ICMPv4 messages
- echo req 8, reply 0
- destination unreachable
  - network unreachable
  - host unreachable
  - port unreachable
- time exceeded
  - ttl exceeded
  - fragment reassembly too slow
D39 Protokol ARP ARP protocol
- as universal as possible protocol for translation between network addresses and hardware addresses
D40 Struktura ARP zprávy Structure of ARP messages
- hw addr type and length, protocol addr type and length, sender and target hardware and protocol address
D41 ARP dotazy a cachování ARP queries and cache
- packet gets created without target hw address
- target receives packet over broadcast, swaps addresses, adds own, sends back over unicast
- reponses should be cached (routers longer than nodes)
D42 Reverzní ARP protokol Reverse ARP protocol
- very old
- not great
- there has to be a server that replies in each network, ARP itself is L3
D43 Protokol DHCP DHCP protocol
- for assigning IP addreses, netmasks and other information to newcomers to the network
- operates at L7, UDP ports 67 and 68
D44 DHCP alokační strategie DHCP allocation strategies
- static - preconfigured addreses by administrator given to devices automatically
- automatic - addresses generated from pool, devices can keep them forever
- dynamic - devices lease addresses for a limited time
D45 Chování DHCP klienta DHCP client behavior
- allocation - when first coming to the network
- reallocation - offering to change its address when needed
- renewal - ½ of lease time, ask if we can keep the address
- rebinding - .8 of lease time, ask new server if wee can keep address
- release - the address is released back to the pool
D46 Rozdíly IPv6 oproti IPv4 Differences between IPv6 and IPv4
- larger addresses
- no fragmentation on the way
- higher minimum MTU - 1280
- QoS support
- no header checksum
D47 Struktura IPv6 paketu Structure of IPv6 packets
- header chain, last header points to "this is the last header"
- optional body
D48 Položky IPv6 hlavičky IPv6 header fields
- version (6)
- flow identifier
- next header field
- src addr
- dst addr
- payload length
- hop limit
- traffic class for qos
D49 Koncept IPv6 toků Concept of IPv6 flows
- identification of group of related packets (for QoS for instance) without the need for L4 information
D50 IPv6 rozšiřující hlavičky IPv6 extension headers
- fragmentation
- ?
D51 Principy IPv6 fragmentace Principles of IPv6 fragmentation
- only sender fragments
- fragmentation extension header
- fragmentation may fragment some headers
D52 IPv6 Path MTU Discovery IPv6 Path MTU Discovery
- same as v4, but ICMPv6 Packet Too Big also contains MTU that caused the problem
D53 Formát ICMPv6 zprávy Format of ICMPv6 messages
- type, code, checksum, body