TDC 375-701 Student Name: Mid-term Exam 2009-10-07 * You have the entire class time to finish this exam. * NO calculators, books, mobile devices, etc. allowed. * You may use one 8 1/2" x 11" crib sheet (double sided) for notes. * Beat clear and neat, if I can't read it, its wrong. * Don't panic. 1. Match the best description on the right with the item on the left. (10 points total, partial credit given). _i_ IETF a. A prefix that signifies a default route _e_ 20 b. Evil in the eyes of the end-to-end argument _b_ NAT c. Used to report errors or status/info _j_ 32 d. The loopback prefix _a_ 0.0.0.0/0 e. The minimum size IPv4 header in bytes _h_ 5 f. Made classful addressing/routing obsolete _c_ ICMP g. Used to map layer 2 to/from layer 3 addresses _d_ 127.0.0.1/8 h. Minimum value (in decimal) of IPv4 header length field _g_ ARP i. They care about Internet evolution and TCP/IP _f_ CIDR j. Number of bits used for an IPv4 address 2. If you are assigned the block 192.0.2.0/23, answer the following questions (1 point each, partial credit given): a. What is the first address in the range? 192.0.2.0 b. What is the last address in the range? 192.0.3.255 c. What is the directed broadcast address? 192.0.3.255 d. What is the network (subnet) mask in dotted decimal notation? 255.255.254.0 3. Assume you have 8,000 bytes of application data to send from Host A to Host B. Assume both hosts are attached to the same data link, whose MTU is 576 bytes. Further, assume the following protocol overhead: Ethernet: 18 bytes IP: 20 bytes TCP: 20 bytes a) Compute the minimum number of packets it'll take to send the application data (assume no additional protocol overhead, no returning acknowledgment, errors, retransmissions or other extraneous stuff is necessary). b) Compute the total number of bytes used for protocol overhead for all of the 8,000 data bytes. (2 points, partial credit given). a. 16 packets, 15 @ 576 (58 overhead in each), 1 @ 288 (58 overhead) b. 16 * 58 = 928 bytes total overhead 4. Which best describes the end-to-end argument? Select all that apply (1 point, all or nothing, no partial credit): _x_ Functionality should be moved upward, closer to the application that uses that functionality. ___ Functionality should be moved downward in a layered system, away from the application that uses that functionality. ___ Functionality is best put into a limited number of devices in the network to minimize security attack vectors. ___ Functionality is best put into a limited number of devices in the network to ease network administration. 5. Circle all that is/are true about IPv4 fragmentation (2 points, all or nothing, no partial credit): a Routers must never fragment packets. (b) The IP ID field is used by the receiving host to help put fragments back together. c Routers will copy the total length field from the original packet into each fragment. d Routers will clear the the initial TTL value for each fragment they transmit. (e) Routers must compute a new IP header checksum for each fragment. 6. What technical solution(s) was/were in large part used to help extend the life of IPv4 and alleviate address depletion? Circle all that apply. (2 points, all or nothing, no partial credit): (a) CIDR (b) NAT (with port translation) and RFC 1918 c IPv6 d Sinkholes 7. Fill in the blanks with the best term, value or acronym. (1 point each, partial credit given). IPv4 packets have a field named the ___TTL____, ____8_____ bits in length, that will help prevent packets from looping forever. Each router the packet traverses will adjust this field. So for example, if the field's value is 64 before entering the router, it will be ____63____ when exiting the router. In addition to this field, routers also have to modify the ______checksum________ field at each hop. 8. What exterior inter-domain routing protocol is widely used in the public Internet between autonomous systems (ASes)? An acronym is OK. (1 point). Border Gateway Protocol (BGP) 9. Complete the sentence with the best choice. Circle one. (1 point) ICMP destination unreachable messages are... a best prohibited, because they lead to widescale DoS attacks. b deprecated and obsolete. You should never see them in practice. c used to indicate the receiver is congested. d sent by routers, but never hosts. (e) sent by routers or hosts depending on the event that occurred. f nonexistent. There is no such thing. 10. Shown is the layout of an unlabeled IPv4 header. Each field is marked with a letter. The list below the diagram is partially filled in. Complete the associated field names following the letter in the list (1 point each, partial credit given): 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | a | b | c | d | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | e | f | g | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | h | i | j | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | k | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | l | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | m | n | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ a. __Version___ h. ____TTL_____ b. Internet Header Length (IHL) i. Protocol c. Type of Service j. Header Checksum d. _Total_Length_ k. _Source_Address_ e. Identification l. _estination_Address_ f. Flags m. Options g. _Fragment_Offset_ n. Padding 11. Assume the following is a complete router table for a given router: prefix cost interface next-hop 140.192.0.0/15 100 eth0:0 connected 140.192.0.0/24 200 eth0:1 connected 140.192.2.1/32 100 eth0:2 connected 140.192.128.0/18 50 eth0:3 connected 140.192.130.0/28 150 eth0:4 connected 0.0.0.0/0 500 eth0:4 140.192.130.2 Answer the following questions regarding packets transitting this router. (1 point each, partial credit given): a. A packet destined for 140.192.0.50 will be forwarded out interface ___eth0:1____. b. A packet destined for 140.192.248.3 will be forwarded out interface ___eth0:0____. c. Assume there is no source-address spoofing occurring, should you be able to tell which interface a packet with IP source of 198.64.3.2 came in on? If so, which interface? Yes, eth0:4 d. Assume you are a host on the eth0:3 network and you run a traceroute to 198.68.58.3. What IPv4 address should you expect to see in output of your traceroute besides your own or the destination's? 140.192.130.2 Bonus question (worth 1 extra point to final exam score): From the previous quesiton (d), what is the TTL of the packet that initiated the response to show you that address? 2 12. Pick ONE essay questions below. Be as detailed as possible. You won't get penalized for writing too much, but be neat and try to be clear. I am looking for major points or attributes of the topic at hand in order to judge your mastery of it. Draw pictures if you want/need to. Be sure to circle the topic you've selected (10 points, partial credit given). NOTE: I won't attempt to write up a perfect essay for each question. Instead, I will highlight some of the key points that were being sought. I assumed that whatever question you picked you knew something about the subject at hand and so you start at 5 points. That is, you had some rudimentary knowledge of the topic, but nothing outstanding. You picked up a couple points for knowing a bit more than some of the basics and demonstrated that you weren't just reciting some notes. A 9 or 10 is reserved for those that truly demonstrated some advanced mastery of the topic. On the flip side, if you were consistenly wrong or confused, points were subtracted from 5. If you received below a 5 on this part of the exam, its likely that you need to invest significantly more time into this class to grasp some of the major concepts or seek some assistance with me or a tutor. a) Compare and constrast the classful IP addressing scheme and the classless address solutions that have made it obsolete. First 3 (four technically, don't forget about class D and E) can be used to determine the original class hierarchy an IP address falls into. First octet, A is 0-127, B 128-191, C 192-223, D 224-239, E 240-255. Few A nets, but 4 million+ hosts available per. Most orgs would want a Class B, but only a few thousand available. Allocation scheme based on classes very efficient. Ultimately 32-bits was probably just too few bits for an address. Subnetting helped some, but the allocation policies still not adequate. Enter CIDR. Supernetting largely used to form larger than C, but small than B nets together. Addresses allocated more reasonably by RIRs. VLSM used with updated routing protocols. NAT sees widespread use in part due to pressure on allocation policies, but largely by perceived security benefits. b) Explain the issues and challenges in doing packet fragmentation. Discuss how IPv4 performs fragmentation and what sorts of problems may occur in practice with fragmentation? What is a good default packet size for a sender to use? How to discover when a packet is too big? IPv4 routers must do fragmentation when packet is too large for an egress interface MTU, often happens with differing interface MTUs, sometimes due to various protocol overhead (e.g. tunneling, encap hacks). Routers must perform a far amount of extra work fragmenting, creating new packets, link acquisition. End hosts must also go through the trouble of reassembly. Time out issues, lost fragments mean entire datagram has to be retransmitted. Not very efficient if it can be avoided. ICMP unreachable message used to signal packet too big errors. Fields in IPv4 are flags, fragment offset and id. ID field helps track which datagram fragments are associated with. Minimum packet size to support should be 576. In practice, sender's link MTU is often used to calculate largest packet size. This tends to turn out to be 1460 as an MTU 20+20 for IP/TCP) for TCP apps. c) Explain in as much detail as possible the series of events that may occur when a source TCP/IP host boots up, immediately attempts to pull up the home page for www.depaul.edu, but www.depaul.edu has just recently crashed just before the request arrives. Assume the source host is outside of DePaul's network and www.depaul.edu is a single host inside of DePaul's network. Does source client need an addr? L2/L3 broadcast DHCP packet probably, saddr is all 0's, dest is all 1's for DHCP request. Once configured you're probably given a caching DNS server and default gateway minimally. Compare dest addr with local addr and mask (local routing table). ARP for router L2 address. Send DNS query to caching server, send L2 dest to router. Get response, do similiar process for www.depaul.edu. Send TCP SYN. Might timeout or router might realize is not available and send back a host unreachable. d) Dissect the IPv4 datagram format and explain in as much detail the use and purpose of as many fields as you can. IP version(4), header length(4) in word length (e.g. 5 * 4 = 20 bytes). Service type(8) historically for priority and class of service, but not widely implemented. Now used by DiffServ, still not widely used. Total length(16), length of entire IP datagram. Identification(16), primarily used with fragments, but is often a IP datagram counter in some implementations, has been proposed as a ID for research related purposes (e.g. traceback). Flags(3) primarily used with fragmentation. Fragmentation offset(13). TTL(8) decrements. Type(8) next layer protocol. Header checksum(16) a one's complement sum of the 16-bit words in the header. Its mandatory. Source address(32). Destination address(32). Options (varying) and padding (varying to ensure options fit on 32-bit word bondary). Options not widely used, but sometimes seem loose or strict route options. e) Enumerate at least four different types of ICMP messages and explain how they are used. echo-response (and reply), ping for rudimentary connectivity and latency testing. destination unreachable (various codes including host, net, protocol, port, admin prohibited, fragmentation necessary, etc.). Sent by hosts and routers depending on the event to indicate some sort of error in delivering a datagram to a destination. Time-exceeded, TTL expired in transit. Sometimes seen as a result of a traceroute session. Parameter-problem, problem processing a datagram with a pointer to the part of the datagram that caused the problem. Rare, I've never seen them in practice. Optional survey The purpose of this is to identify areas in the remaining weeks where we can make some adjustment to make this course better for you. Your feedback helps and will remain anonymous. This exam was (circle one) easier than I expected about what I expected harder than I expected Overall this class is (circle one) too easy just right too hard What I enjoy most are the lectures the real world stuff guest speakers working in groups on the worksheets other (describe) _________ What I enjoy least is the lectures the real world stuff guest speakers working in groups on the worksheets other (describe) ____________ Regarding the bonus project, circle all that apply Its too easy Its too hard Its fun Its lame I don't have time for it I haven't started yet, but plan to It would be really cool if you could (be nice please ... :-) $Id: midterm.txt,v 1.5 2009/10/12 21:23:03 jtk Exp $