Active Packets approach
Cisco Nexus 9300 ACI 固定拓扑 spine 交换机产品简介说明书
Data SheetCisco Nexus 9300 ACI Fixed Spine SwitchesProduct OverviewIndustry shifts are redefining IT at all levels. On-premise IT consumption models are shifting to cloud-based services. IT as a Service (IaaS) is supplanted by applications as a service. Separate development and operations are moving toward integrated Development and Operations (DevOps). Device-centric management models are migrating to application-centric management.Business agility requires application agility, so IT teams need to provision applications in hours instead of months. Resources need to scale up (or down) in minutes, not hours. Traditional approaches take a siloed operational view, with no common operational model for the application, network, security, and cloud teams. A common operational model delivers application agility, simplified operations, assured performance, and scale.The Solution: An Application-Centric Approach to Managing Your InfrastructureCisco® Application Centric Infrastructure (ACI) is a holistic architecture with centralized automation and policy-based application profiles. The Cisco ACI fabric is designed from the foundation to support emerging industry demands while maintaining a migration path for architecture already in place. The fabric is designed to support the industry move to management automation, programmatic policy, and dynamic “workload-anywhere” models. The Cisco ACI fabric accomplishes this with a combination of hardware, policy-based control systems, and software closely coupled to provide advantages not possible in other models.The fabric consists of three major components: the Cisco Application Policy Infrastructure Controller (APIC), spine switches, and leaf switches. These three components handle both the application of network policy and the delivery of packets. Organizations can use the ACI-ready Cisco Nexus® 9000 Series Switches as spine or leaf switches to take full advantage of an automated, policy-based, systems management approach. The Cisco Nexus 9300 Series Switches include both spine and leaf switches. For detailed information, please refer here.Switch ModelsThe Cisco Nexus 9336PQ ACI Spine Switch is a 2-Rack-Unit (2RU) spine switch for Cisco ACI that supports2.88 Tbps of bandwidth and 2.3 billion packets per second (bpps) across 36 fixed 40 QSFP+ ports (Figure 1). Cisco Nexus 9300 platform leaf switches are Layer 2 and 3 nonblocking 10 and 40 Gigabit Ethernet switches with up to 2.56 Terabits per second (Tbps) of internal bandwidth.Figure 1.Cisco Nexus 9336PQ SwitchThe Cisco Nexus 9364C ACI Spine Switch is a 2-Rack-Unit (2RU) spine switch for Cisco ACI that supports 12.84 Tbps of bandwidth and 4.3 bpps across 64 fixed 40/100G QSFP28 ports and 2 fixed 1/10G SFP+ ports(Figure 2). Breakout is not supported on ports 1 to 64. The last 16 ports marked in green support wire-rate MACsec encryption 1.Figure 2.Cisco Nexus 9364C SwitchThe Cisco Nexus 9332C is the smallest form-factor 1-Rack-Unit (1RU) spine switch for Cisco ACI that supports 6.4 Tbps of bandwidth and 2.3 bpps across 32 fixed 40/100G QSFP28 ports and 2 fixed 1/10G SFP+ ports(Figure 3). Breakout is not supported on ports 1 to 32. The last 8 ports marked in green support wire-rate MACsec encryption 2.Figure 3.Cisco Nexus 9332C SwitchSpecificationsTable 1 lists the specifications for the Cisco Nexus 9336PQ switch. (Please check Cisco ACI software release notes for feature support information.)Table 1.Cisco Nexus 9300 ACI Spine Switch Specifications1Software is expected in a future release. Please check the latest software update here . 2Software is expected in a future release. Please check the latest software update .●USB: 2 ports●RS-232 serial console ports: 1●Management ports: 1 x10/100/1000BASE-TPower and Cooling ●Power: 1200W AC, 930W DCor 1200W HVAC/HVDC●Input voltage: 100 to 240V*AC or -40V to -72V DC(min-max), -48V to -60V DC(nominal)*Supports input voltage of100-120V for a max output of800W; 200-240V for a maxoutput of 1200W●Frequency: 50 to 60 Hz (AC)●Efficiency: 90% or greater(20 to 100% load)●RoHS compliance: Yes●Hot swappable: Yes●Port-side intake or port-sideexhale options●Typical power: 400W (AC)●Maximum power: 660W (AC)●Power: 1200W AC, 930W DC3 or 1200WHVAC/HVDC●Input voltage: 100 to 240V* AC or -40V to-72V DC (min-max), -48V to -60V DC(nominal)*Supports input voltage of 100-120V for amax output of 800W; 200-240V for a maxoutput of 1200W; PSU redundancy is notsupported when used in 100-120V●Frequency: 50 to 60 Hz (AC)●Efficiency: 90% or greater (20 to 100%load)●RoHS compliance: Yes●Hot swappable: Yes●Port-side intake or port-side exhaleoptions●Typical power: 429W (AC)●Maximum power: 1245W (AC)●Power: 1100W AC, 1100 DC or 1100WHVAC/HVDC●Input voltage: 100 to 240V* AC or -40V to -72V DC (min-max), -48V to -60V DC(nominal)*Supports input voltage of 100-120V for amax output of 800W; 200-240V for a maxoutput of 1200W●Frequency: 50 to 60 Hz (AC)●Efficiency: 90% or greater(20 to 100% load)●RoHS compliance: Yes●Hot swappable: Yes●Port-side intake or port-side exhale options●Typical power: 296W (AC)●Maximum power: 700W (AC)Environme ntal ●Physical (H x W x D): 3.5 x17.5 x 22.5 in. (8.9 x 44.5 x57.1 cm)●Weight: 34.4 lb●Operating temperature: 32 to104°F (0 to 40°C)●Nonoperating (storage)temperature: -40 to 158°F (-40to 70°C)●Humidity: 5 to 95%(noncondensing)●Altitude: 0 to 13,123 ft (0 to4000m)●Physical (H x W x D): 3.38 x 17.37 x22.27 in. (8.59 x 44.13 x 56.58 cm)●Weight: 36.9lb (16.74kg) with powersupplies and fans, 27.4 lb (12.43kg)without power supplies and fans●Operating temperature: 32 to 104°F (0 to40°C)●Nonoperating (storage) temperature: -40to 158°F(-40 to 70°C)●Humidity: 5 to 85% (noncondensing)●Altitude: 0 to 13,123 ft (0 to 4000m)●Physical (H x W x D): 1.7 x 17.3 x 22.9 in.(4.4 x 43.9 x 58.1 cm)●Weight: 25.1lb (11.4kg) with powersupplies and fans, 19 lb (8.6kg) withoutpower supplies and fans●Operating temperature: 32 to 104°F (0 to40°C)●Nonoperating (storage) temperature: -40 to158°F (-40 to 70°C)●Humidity: 5 to 85% (noncondensing)●Altitude: 0 to 13,123 ft (0 to 4000m)Acoustics ●Fan speed at 40%: 64.4 dBA●Fan speed at 70%: 79.6 dBA●Fan speed at 100%: 89.8 dBA ●Fan speed at 40%: 76.7 dBA●Fan speed at 70%: 88.7 dBA●Fan speed at 100%: 97.4 dBA●Fan speed at 50%: 76.4 dBA●Fan speed at 70%: 83.3 dBA●Fan speed at 100%: 92.1 dBAMTBF ●242,000 hours ●257,860 hours ●363,500 hours3 930W-DC PSU is supported in redundancy mode if 3.5W QSFP+ modules or Passive QSFP cables are used & the system is used in 40C ambient temp or less; for other optics or higher ambient temps, 930W-DC is suppor ted with 2 PSU’s innon-redundancy mode only.Cisco Nexus 9300 ACI Spine Switch Deployment ScenariosThe Nexus 9300 ACI spine switch along with Nexus 9300 leaf nodes enable an automated and policy driven ACI architecture. The Cisco Nexus 9300 ACI spine switch offers advanced scalability in the smallest spine switch form factor, and enables connectivity to up-to 64 Cisco Nexus 9300 leaf switches with its high port density of 64 40/100 GbE ports and 12.84 Tbps throughput. The degree of redundancy in leaf-and-spine architectures delivers increased availability with a high level of flexibility in workload placement (Figure 3).Figure 4. Cisco Nexus 9300 Platform in a Leaf-and-Spine ArchitectureSoftware RequirementsFor the latest software release information and recommendations, please refer to the product bulletin athttps:///go/aci and Cisco Feature Navigator.Regulatory Standards ComplianceTable 2 summarizes regulatory standards compliance for the Cisco Nexus 9300 Spine switch.Table 2. Regulatory Standards Compliance: Safety and EMCSupported Optics PluggableFor details on the optical modules available and the minimum software release required for each supported optical module, visithttps:///en/US/products/hw/modules/ps5455/products_device_support_tables_list.html. Ordering InformationTable 3 presents ordering information for the Cisco Nexus 9300 ACI Spine Switch.Table 3. Ordering InformationWarrantyThe Cisco Nexus 9300 switch has a 1-year limited hardware warranty. The warranty includes hardware replacement with a 10-day turnaround from receipt of a Return Materials Authorization (RMA).Service and SupportCisco offers a wide range of services to help accelerate your success in deploying and optimizing the Cisco Nexus 9300 switch in your data center. The innovative Cisco Services offerings are delivered through a unique combination of people, processes, tools, and partners and are focused on helping you increase operation efficiency and improve your data center network. Cisco Advanced Services uses an architecture-led approach to help you align your data center infrastructure with your business goals and achieve long-term value. Cisco SMARTnet®Service helps you resolve mission-critical problems with direct access at any time to Cisco network experts and award-winning resources.Cisco CapitalFlexible payment solutions to help you achieve your objectives.Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.For More InformationFor more information on the Cisco Nexus 9000 Series and for latest software release information and recommendations, please visit https:///go/nexus9000.。
抢红包的利弊英语作文
抢红包的利弊英语作文Here is an essay on the pros and cons of grabbing red packets, with the word count exceeding 1000 words, as requested:Grabbing red packets, a practice deeply rooted in Chinese culture, has become a prevalent phenomenon, especially during the Lunar New Year celebrations. While the act of receiving and exchanging these symbolic gifts can bring joy and a sense of community, it also has its fair share of pros and cons that warrant consideration.On the positive side, the tradition of red packet giving fosters a strong sense of familial and social bonding. These small envelopes, often containing monetary gifts, serve as a tangible expression of affection, goodwill, and the desire to share one's prosperity with loved ones. The act of receiving a red packet can be a heartwarming experience, as it symbolizes the care and support of the giver. This tradition helps to maintain the strong emphasis on family and community that is so deeply ingrained in Chinese culture.Moreover, the distribution of red packets can have a positive economic impact. During the Lunar New Year season, the increased circulation of money through these gifts can provide a much-neededboost to local businesses and the overall economy. Retailers, restaurants, and other service providers often experience a surge in sales and revenue, which can ultimately benefit the broader community.However, the practice of grabbing red packets also comes with its fair share of drawbacks. One of the primary concerns is the potential for excessive materialism and the development of an unhealthy sense of entitlement. In some cases, the desire to accumulate as many red packets as possible can overshadow the true meaning and significance of the tradition. This can lead to a focus on the monetary value of the gifts rather than the underlying sentiment of goodwill and familial connection.Moreover, the competitive nature of red packet grabbing can sometimes breed feelings of resentment and envy among recipients. The perception of "winning" or "losing" based on the amount received can create tension and undermine the spirit of togetherness that the tradition is meant to foster. This can lead to strained relationships and a breakdown in the social fabric that the red packet exchange is intended to strengthen.Another significant drawback is the potential for safety and security risks associated with the handling of cash-filled red packets. In crowded gatherings, the risk of theft or loss increases, andindividuals may become overly preoccupied with protecting their red packet haul rather than enjoying the festivities. This can detract from the overall sense of celebration and community that the Lunar New Year is meant to embody.Furthermore, the practice of grabbing red packets can sometimes lead to a sense of entitlement and a disregard for social etiquette. In some cases, individuals may become overly aggressive or pushy in their efforts to secure as many red packets as possible, disregarding the needs and comfort of others. This can create an unpleasant and chaotic atmosphere, dampening the joy and harmony that the tradition is intended to foster.Despite these drawbacks, it is important to recognize that the practice of red packet giving is a deeply ingrained cultural tradition that holds significant meaning and value for many individuals. The act of giving and receiving these symbolic gifts can serve as a powerful means of strengthening familial and social bonds, as well as fostering a sense of community and shared prosperity.To address the potential negative aspects of red packet grabbing, it is essential to strike a balance between the pursuit of material wealth and the preservation of the tradition's true spirit. Encouraging a more mindful and considerate approach to the exchange of red packets, emphasizing the importance of gratitude, respect, and thegenuine desire to celebrate and connect with loved ones, can help mitigate the risks associated with excessive materialism and competition.Moreover, promoting educational initiatives that highlight the historical and cultural significance of the red packet tradition can help to instill a deeper appreciation for its underlying values. By fostering a greater understanding of the tradition's roots and its role in strengthening social cohesion, individuals may be less inclined to engage in the more problematic aspects of red packet grabbing.In conclusion, the practice of grabbing red packets is a complex and multifaceted phenomenon that encompasses both positive and negative aspects. While the tradition can foster a sense of community, social bonding, and economic benefits, it also carries the potential for excessive materialism, resentment, and the undermining of social etiquette. By striking a balance between the pursuit of material wealth and the preservation of the tradition's true spirit, and by promoting greater awareness and understanding of its cultural significance, the practice of red packet giving can continue to be a cherished and meaningful part of the Lunar New Year celebrations.。
香港中文大学笔试题
香港中文大学笔试题————————————————————————————————作者: ————————————————————————————————日期:清华大学-香港中文大学2008年合作招收金融财务MBA入学试题(笔试部分)注意事项1.本试卷包括英语、逻辑和数学,分别占50%、30%和20%,总分为100分;2.答题时请将答案写在答题纸上,每个题只有唯一正确答案;3.将本试题、答题纸及草稿纸全部留下,考试结束后将被统一收回。
姓名:ﻩﻩ考号身份证号:一、英语部分(50%)PART IStructure and Vocabulary (25×1%=25%)Directions: There are 25 incomplete sentences inthis part.Foreachsentence the re are fourchoices marked A, B, C and D. Choosethe ONE answer thatbest completesthe sentence.Then blackenthe correspondingletter ontheAnswerSheet with a pencil.1. The rats _____bacterial infections ofthe blood.A.develop ﻩﻩB. produceﻩC. stimulateD. induce2. Thefirst, second, andthe thirdprizeswentto Jack, Tom,and Harry_____.A.equallyﻩB. differentlyﻩ C.similarly ﻩﻩ D.respectively3. Morethan85percent of French Canada’s population speaksFrench as a mothertongue and _____to the RomanCatholic faith.A.asceribesﻩB. subsceibes ﻩC.adheres D. caters4. When the work iswell done,a_____of accident freeoperations is established where timelostdue to injuries iskept at aminimum.A.regulation ﻩB.climate ﻩC.circumstanceﻩ D. requirement5. Inorder to preventstress from being set up in the metal, expansion joins arefitted which _____thestressbyallowingthe pipetoexpand or contract freely.A.reclaim B. reconcileﻩﻩ C. rectify ﻩD.relieve6. Dozens ofscientific groupsall overthe worldhave been _____the goalof a practicaland economic way to usesunlight to splitwater molecules.A.pursuing ﻩB.chasingﻩC.reachingD.winning7. Whentraveling,you areadvisedto take travelers’checks, which provide a secure_____to carrying your money in cash.A.substituteB. selection ﻩC.preferenceﻩ D. alternative8. Inever trustedhim becauseI always thought of him as such a_____character.A.Gracious ﻩﻩB. suspiciousﻩ C.uniqueﻩﻩ D. particular9. For example, it haslong been known that totalsleep _____is100percentfataltorats.A.reduction ﻩB. destruction C.deprivationﻩD.restriction10. Manyold people in thecitiesfind themselves unable to get used to therapid_____of city life.A.rateB. speedC. stepﻩD. pace11. The captainofthe ship_____the passengersthat there wasno danger.A. assuredﻩﻩB. ensured ﻩC.secured ﻩﻩD.insured12. The speaker whodoes nothave specificwords in his workingvocabularymay be unable to explain or describe in a_____that can be understood by his listeners.A.case ﻩB. meansﻩﻩC. methodD. way13. Industrial safetydoesnot just happen.Companies with low accidentratesplan theirsafety programs,work hard toorganize them, and continue working tokeep them _____and active.A.AliveB. vividﻩC. mobile ﻩD.diverse14. The key to the industrialization ofspaceis the U.S. spaceshuttle.Withit, astronautswillacquire a workhorse vehicle_____of flying into space and returningmanytimes.A.capable ﻩB. suitableﻩC.efficient ﻩ D. fit15. Thediscussion wasso prolongedandexhausting that_____the speakers stopped forrefreshments.A.at large ﻩB. at intervals ﻩC. at ease ﻩﻩ D.at random16. In no country _____Britain,it has been said, can one experience fourseasons in the course of a single day.A.other thanﻩB.more thanﻩ C.betterthan D.rather than17. So little_____ about physicsthatthelecture was completely beyondme.A.I knew B. did I know ﻩﻩ C. Ihad knownD. had I known18. Concerns were raised_____witnesses might beencouraged to exaggerate theirstories.A.what ﻩﻩB.when ﻩﻩC.which ﻩﻩ D.that19. Itcanbe ready for _____tripin about two weeks.A.new B.another ﻩC. certainD.subsequent20. To drive and _____ within the speed limits _____ necessary in today’s traffic.A.staying/is ﻩ B. to stay/areﻩ C. tostay/isﻩﻩ D. staying/arePART II Reading Comprehension (15×2%=30%)Directions:There are 3 passages inthis part. Each passageis followed by som equestions or unfinishedstatements.For eachof them here are four choices markedA,B, C and D.You should decideonthe bestchoice andblacken thecorresponding letter on theAnswer Sheet with a pencil.Questions21 to 25are based on the following passage:Whilehackerswith motives make headlines,they represent lessthan 20%of allnetwork security breaches.More common are instances ofauthorize dusers accidentally windingupwhere they should notbe and inadvertently deleting or changing data. However,the Internet introduces another concern: some Internet surfers are boundto go where theyhave no businessand,in so dong,threaten to wipe outdatato which they should not have access.Before picking a firewall,companies need to adopt security policies.A security policy states whoor whatis allowed to connect to whomor what. You can groupall users by department orclassification.The better firewallproducts let you dragand drop groups in agraphical userinterface(GUI)environment to define network securityeasily.Two methods are most often usedtogether to establishan Internetfirewall. Theyareapplication andcircuit gateways, as wellas packet filtering. With application andcircuitgateways, all packets areaddressed to a user-level application on a gate-way that relays packetsbetween two points. Wit hmost applicationgateways,additional packet-filter machines arerequired to controland screentraffic between the gatewayand thenetwor ks. A typical configurationincludes two routers with a bastionhost thatservesas the application gateway sitting between them.A drawback to application and circuit gateways is that they slow network performance. This is because eachpacket must be copied andprocessedat least twiceby all the communicationlayers. Packet-filtergateway s,whichactas routers betweentwo nets,are less secure than application gatewaysbut more efficient. They aretransparenttomany protocols andapplications, andthey require no changesin client applicatio ns, nospecific application management orinstallation, and noextra hardware.Using a single,unified packet-filter engine,allnettraffic is processed andthen forwarded or blockedfroma single point ofcontrol. However, most packetfiltersare stateless, understand only low-levelprotocols,andare difficult to configure and verity. In addition,they lack audi tmechanisms. Some packetfilters are implementedinside routers, limitingcomputingpowerand filteringcapabilities. Others areimp lementedas software packages that filter the packets in application-layer proc esses, an inefficient approach that requires multiple datacopies, expensive delays and context switches anddeliverslower throughput.So what’s a network administrator to do? Some vendors are developing firewallsthat overcome manyof these problemsand combine the advantages of applicationgateways andpacket filtering.These efficient, protocol-independent, securefirewall engines are capableofapplication-levelsecurity,user authentication,unified support,and handlingofall protocols, auditing and altering. They are transparentto users andto systemsetup,and include a GUI forsimple and flexible system management andconfiguration.21. The most suitabletitle for this passage is _____.A. Hackersand Our DefenseB.InternetSurfer’s GuideC. Firewall: A Measure of Network SecurityD. InformationTechnology22. According towhat you haveread,theauthor’s probable preference will be_____.A.walling forthe coming of better firewall products.B. finding a combination of bothapplication gatewayand packet filtering approachC. meeting demands ofevery type with better productsD.implementing onebetter approach in the adoptionof a firewall solution23. In choosinga firewallproduct, whatis impliedas the main concernofthe author?A.Management ﻩB.TransparencyC.IndependenceﻩﻩﻩD.Efficiency24. Which of the followingcanbeinferred from thepassage concerningthe networks using application and circuitgateways?A.Secure andspeedyﻩB. Secure but slowC.Insecure and slowﻩD.Insecure but speedy25. For whom is this passage mostlikely written:A. Government officialsﻩB. HackersC. Network administratorsD. Computer experts.Questions 26to30 are based on the followingpassage:Internet is a global network thatconnects other computer networks, together withsoftwareand protocols for controlling the movementof data.TheInternet, often referredtoa s“theNet”,was initiatedin 1969by a groupofuniversitiesandprivate research groups funded by the U.S.Departmentof Defense.It now covers almost everycountryin the world.Itsorganization is informal anddeliberately nonpolitical, anditscontrollers tend toconcentrateon technical aspectsratherthan onadministrativecontrol.The Internet offersusersnumberof basic services includingdata transfer,electronics mail, and theabilitytoaccessinformationin remotetoexchange information and debate specific subjects of interest. In addition, thereareanumber ofhigh-level services. Forexample,MBONEallows thetransmissionof messagesto morethan onedestination.It isusedin videoconferencing.The World Wide Web, known as“the Web”,is another high level Internet service,developed inthe1990s inGeneva. It isa service fordistributing multimediainformation,including graphics, pictures, sounds, andvideo aswellas text. A feature ofthe World WideWeb is that it allows links to other relateddocumentselsewhereon the Internet.Documents for publication on the Web arepresented inaform knownasHTML(hypertext markup language).Thisallows aspecification of the page layout and typography as it will appear on the screen.It alsoallows theinclusion of active linksto other documents. Generally, these appear on thescreen displayas highlightedtext or as additional icons.Typically,the user can use a mouse to “click”ononeof these points toload and view arelateddocument. Many commercial and public organizations now havetheir own Website(specified byan address code)and publish a “homepage”,givinginformation about the organization.Up tothe mid 1990s,themajorusers ofthe Internetwere academicand research organizations.This has begun to change rapidly with individual home users linking in through commercialaccess providersand with agrowing interest bycompanies in usingtheInternet for publicity,sales, and as a medium for electronic publishing.At the sametine,thereareproblems with the flow of information acrossnational borders, bringingin debates about copyright protection, dataprotection,thepublicationof pornography,and ultimately political control andcensorship.26. From the first paragraph, we learn thattheInternet _____.A.was initiatedbythe U.S.DepartmentofDefensein1969B.was onlyable to connect computers into networks intoat its beginningC.has not any kindoforganizationbehind it atallD.worksindependentlyof any governmental control27. Accessto remote information_____.A.isahighlevelservice provided bythe InternetB. is the most notablefeaturewiththe InternetC.isabasic function performed by the InternetD. can onlybe achieved by theInternet28. It can be inferred that the developmentofHTMLprepared the way for_____.A.even farther informationtransferB.onlinecommercial promotionsC.academic usesD. distributing multimedia information29. Which ofthe followingisnot a problembroughtin bythepopularizationofthe Internet?A. Difficultyin inspecting thecontent of publications.B.Difficulty inprotecting copy rightacross national borders.C. Difficulty in promoting salesof superiorproducts.D.The possibilitythatpotentially harmful content maybepublished 30. Thispassage focuses on_____.A. the instructions for theInternet usersB.the historical development of the InternetC.the kinds of datatransferred throughthe InternetD.theproblemsbrought about the InternetQuestions 31to 35 are based onthe following passage:Therelationship between the home and market economies hasgonethoughtwo distinct stages. Earlyindustrialization beginthe processof transferringsomeproduction process (e.g.cloth making, sewingand canningfood) from thehome to the marketplace. Althoughthe home economy couldstillproduce these good, the more importantsecond stagewas evident-the marketplace, and home economy was unable toproduce them, e.g. electricity and electrical appliances the automobile, advanced education, sophisticated medicalcare. In the second stage,thequestionof whetherthe home economywasless efficient in producing thesenew goodsandservice was irrelevant; if the family were to enjoy these fruitsof industrialization,theywould have to beobtainedin the marketplace.The traditionalways oftakingcare of these needs in the home such as innursingthesick,became socially unacceptable(and, inmost seriouscases, probably less successful).Justasthe appearanceoftheautomobile made the use of the horse drawn carriage illegal and then impractical,and theappearance of television changedthe radiofrom asource of entertainment toa source of background music,so mostofthe fruitsofeconomicgrowth did notincreasedflexibilityfor thehomeeconomy in obtainingthese good and services. Instead, economicgrowth brought with it increased consumer reliance onthe market-place. In ordertoconsume thesenew goods andservices, the familyhad to enter themarketplace as wageearners and consumers. The neoclassical(新古典主义的)model that views thefamily as deciding whetherto produce goodsand services directly or topurchase them in the marketplaceis basically amodel of the first stage. Itcannot accuratelybe appliedto thesecond(andcurrent) stage.31. The reason whymany productionprocesseswere taken over by themarketplace was that .A.it was a necessary stepin theprocess of industrializationB. they depend on electricity available onlyto themarketeconomyC. it was troublesometo produce such goods in thehomeD. the marketplace was more efficientwith respectto these processes32. Itcanbe seen from the passage that in the second stage.A.some traditional goodsand service were not successful because theproduction processremained unchangedB. themarket economyprovided goods and services which were not provided by the home economyC.producing traditionalgoodsat home became socially unacceptableD. the question ofwhether new goods and services wereproducedbythehomeeconomybecameirrelevant33. During the second stage,if the family wanted to consumenew services,they hadtoenter the marketplace .A. aswageearnersB. both as manufacturers and consumersC. both as workers andconsumersD. as customers34. Economic growthdid not makeit moreflexible forthe home economy to obtain the new goodsandservicesbecause .A. the family was not efficient in productionB. it was illegal for the home economy to producethemC. it could notsupply thembyitselfD. themarket for thesegoods and serviceswas limited35. The neoclassical model isbasicallyamodel of the first stage, becauseatthis stage .A.the family could relyeither on the homeeconomy or on the marketplaceforthe needed goods andservicesB.manyproduction processeswere beingtransferred to themarketplaceC.consumers relied more andmore on the marketeconomyD. the family could decide how to transferproduction processes to the marketplace二、逻辑部分(15X2%=30%)36. 尽管大多数大学拥有教职员工发明的专利权,但教职员工拥有他们著书或文章的版税。
Chapter-3活性包装
barrier packaging.
Chemical forms of in-pack oxygen scavenging have been introduced to reduce…
These include amines formed rapidly in fish or rancid odors in oil-containing foods. Such
compounds can be present in trace amounts that are significant organoleptically but may not constitute a health hazard.
•Chemical deterioration : food components hydrolysis, industrial chemical oxidation Industrial chemical such as amines , and particularly some printing inks, are oxidized on storage, fried snacks’ oxidation and so on.
dioxide to the beverage.
The presence of an oxygen scavenger is required.(beer and White Wine)
Chemical deterioration:
The flavor of some foods changes on storage because of effects other than oxidation. Tainting is a recurrent problem.
Modbus TCP功能代码流量异常检测方法:基于CUSUM算法说明书
4th National Conference on Electrical, Electronics and Computer Engineering (NCEECE 2015)Anomaly Detection Approach based on Function Code Traffic by UsingCUSUM AlgorithmMing Wan a*, Wenli Shang b, Peng Zeng cShenyang Institute of Automation, Chinese Academy of Sciences, Shenyang, ChinaKey Laboratory of Networked Control System, Chinese Academy of Sciences, Shenyang, Chinaa**************,b**************,c*********Keywords: Anomaly detection; Modbus/TCP; Function code traffic; Cumulative sum;Abstract. There is an increasing consensus that it is necessary to resolve the security issues in today’s industrial control system. From this point, this paper proposes an anomaly detection approach based on function code traffic to detect abnormal Modbus/TCP communication behaviors efficiently. Furthermore, this approach analyzes the Modbus/TCP communication packets in depth, and obtains the function code in each packet. According to the function code traffic change, this approach uses the Cumulative Sum (CUSUM) algorithm for change point detection, and generates an alarm. Our simulation results show that, the proposed approach is very available and effective to provide the security for industrial control system. Besides, we also discuss some advantages and drawbacks when using this approach.IntroductionNowadays, industrial control system has become an important part in many critical infrastructures, for example power, water, oil, gas, transportation, et al. With the development of modern networking, computing and control technologies, the deep integration of industrialization and informationization has been regarded as the inevitable tendency by both academia and industry. Especially, the “Industry 4.0” revolution, defined by Germany, further emphasizes the essential role of the networking technology [1]. However, the incoming networking technology has broken the original closure in industrial control system, and has brought some security problems into industrial control system [2]. Although there are various kinds of security methods in regular IT system, the traditional security methods cannot be applied directly to networked control system [3].There are two general approaches for improving the security in industrial control system. One is the communication control or access control approach, and its typical application is industrial firewall [4]. However, due to the manual rule setting and the real-time performance, this approach has been used to a limited extent. Secondly, the intrusion detection approach in industrial control system [5,6] is effective to identify network attacks, and it can give an alarm when suffering a great destruction. As a bypass approach to monitor the abnormal behaviors, intrusion detection technology has been attracting great interests of industry and researchers. Furthermore, intrusion detection can be into two categories: misuse detection and anomaly detection, and the proposed approach in this paper falls into the latter category.Anomaly detection technology in industrial control system can be divided into three categories [7,8]: statistics-based approach, knowledge-based approach, and machine learning-based approach. By supervising the industrial communication behaviors, these three categories of approaches can detect attacks, alarm and carry out the defensive measures before suffering from kinds of attacks. In the statistics-based approaches, Reference [9] uses the sequential detection model to realize the aberrant communication behaviors in control system. References [10] and [11] use the CUSUM algorithm to implement the communication traffic statistics in industrial control system, and explore the abnormal change point. However, the above statistical analysis only aims at the common industrial communication traffic, and cannot analyze the communication packets in depth according to the industrial communication protocol specification. In this paper, we propose an anomalyapproach based on function code traffic. In accordance with the Modbus/TCP protocol specification, this approach analyzes the Modbus/TCP communication packets in depth, and utilizes the function code traffic to detect abnormal Modbus/TCP communication behaviors. According to the function code traffic change, this approach uses the Cumulative Sum (CUSUM) algorithm for change point detection, and generates an alarm.Modbus/TCP and Vulnerability AnalysisModbus/TCP, regarded as an application layer protocol, is an open industrial communication protocol, and uses a typical master-slave communication mode. Namely, one Modbus master sends a request message to one Modbus slave, and the Modbus slave responds this message in accordanceAs shown in Fig. 1, the Modbus/TCP packet format mainly consists of three parts: MBAP (Modbus Application Protocol) header, Modbus function code and data. Wherein, MBAP header is a special header which is used to identify Modbus application data unit. Function code is a flag field to perform various operations, and is used to inform the slave to operate the corresponding function. The data domain can be regards as the parameters of function code, and indicates the specific data to perform one operation.The vulnerabilities of this protocol are increasingly exposed in recent years [12,13], and can be concluded as follows: firstly, Modbus/TCP lacks the authentication, and any Modbus master can use an illegal IP address and one function code to establish a Modbus session; secondly, Modbus/TCP does not consider the authorization, and any Modbus master can perform any operation by using some invalid function codes; finally, Modbus/TCP is short of the integrity detection, and the communication data may be tampered. For example, the function code can be changed to another illegal function code by one attacker.Anomaly Detection Approach based on Function Code TrafficIt is highly necessary to study on the anomaly detection approach in industrial control system. However, the industrial communication traffic is high-dimensional, and it hard to detect the abnormal communication behaviors. Therefore, we use the function code traffic to execute the anomaly detection, because the function code traffic is simple and single dimensional, and can indirectly reflect the industrial communication behaviors. In our approach, we first capture the industrial communication packets, and extract the Modbus/TCP communication packets. After that, we analyze these Modbus/TCP packets in depth, and get the function code in each packet. From this base, we perform a statistical analysis to form the function code traffic in each specified time interval. Finally, according to the function code traffic, we use the CUSUM algorithm to detect the change point. When one change point appears, the corresponding alarm will be generated. The CUSUM algorithm can be described as follows [14]:Assume the time sequence 1x , 2x ,…,1v x − are independent identically distributed variables withthe Gaussian distribution (0,1)N , and the time sequence v x , 1v x +,…, n x are independent identicallydistributed variables with the Gaussian distribution (,1)N δ, where v (v n <) is an unknown changepoint and the value i x represents the number of function codes in the th i time interval. Suppose thereis no change point, namely v =∞, the statistical value of the log-likelihood ratio is:11max ()2n n i v n i v Z x δ≤<+=−∑ (1) Eq. (1) describes the most ordinary CUSUM statistical value. Suppose h (0h >) is a chosen threshold which may be determined empirically through experiments. If i Z h ≤, 1,2,...,i n =, the former 1n − values are under normal conditions; if n Z h >, anomaly happens and an alarm should begenerated. Similarly, the foregoing judgment also can be understood that if an existing number r satisfies 0(1)2r n i i x r h δ−=−+>∑, where 01r n ≤≤−, then the anomaly happens and an alarm should begenerated.The aforementioned equation illustrates the basic CUSUM algorithm. However, the prerequisite is that we have assumed that {n x } are independent Gaussian random variables. Of course, this is nottrue for network traffic measurements owning to seasonality, trends and time correlations [16]. Therefore, in order to remove such non-stationary behaviors, the work in [15] further improves the basic CUSUM algorithm, and n Z can be calculated by:111120[()]20n n n n n n Z Z x Z αµαµµσ+−−−− =+−− = (2) where α is an amplitude percentage parameter, which intuitively corresponds to the most probable percentage of increase of the mean rate after a change has happened. 2σ is the variance of σ. Meanwhile, the mean n µ can be calculated by using an exponentially weighted moving average(EWMA) of previous measurements:1(1)nn n x µβµβ−=+− (3) where β is the EWMA factor. Thus, the conditions to generate an alarm can be summarized as follow:1, if ;()0, otherwise.n n Z h f Z > =(4) In Eq. (4), 1 indicates that the anomaly in the detected sequence {n x } is identified and an alarm isgenerated. By contrast, 0 indicates that the detected sequence {n x } is normal.However, a disadvantage or flaw exists in the CUSUM algorithm [17]. That is, when the anomaly or attack is over, CUSUM still continues generating the false alarms for a long time. Resulting from accumulation effect of the CUSUM algorithm, the increased amount to n Z caused by the attacktraffic is much greater than the decreasing amount provided by the normal traffic. In order to resolve this issue, our approach uses the following formula to revoke an alarm.2()0, if and v i n n i f Z Z h x ϕµ−=≥< (5)where ϕ is an amplitude and 1ϕ>. Assume an anomalous behavior happens at time v , and i x is the detected mapping request traffic in the th i time interval, i v > . 2v i µ− is the traffic mean of theformer 2v i − time intervals, which can be calculated by Eq. (3). The main idea of Eq. (5) is that when the traffic i x is less than the traffic mean 2v i µ− and n Z h ≥, the alarm will be revoked. In addition, inorder to revoke an alarm more accurately, the condition 2v i i x ϕµ−< can be improved as:201{}i j v i j k j x θϕµ+−−=≥<∑ (6)where θ is a positive integer and 1k θ>>. Eq. (6) describes that when the number satisfies the condition 2v i i x ϕµ−< is larger than θ, the alarm will be revoked. At the same time, after revoking thealarm, we also reset n Z between 0 and h .Performance Evaluations In the simulation experiment, we build a small SCADA system, whose communication is based on Modbus/TCP. As shown in Fig. 2, the whole technological process can be simply depicted as follows: when the valve switches A and B are respectively turned on, materials A and B successively flow into the container through the valve switches A and B to produce material C. When material C in the container reaches the level upper point, the valve switches A and B are turned off, and then the valve switch C is turned on. When material C in the container exhausts and reaches the level lower point, the valve switch C is turned off. Besides, the above-described technological process is repeatedly performed every 5 minutes.Fig.2 Simulation experiment topologyIn order to detect the abnormal communication behaviors, we deploy a monitoring computer on industrial switch to capture the communication packets between the supervisory control layer and the control unit layer. Furthermore, we carry out two experiments: one is under normal condition, and the other is under abnormal condition. Under normal condition, we run the simulation for 120 minutes. Fig. 3(a) shows the communication traffic captured by the monitoring computer per 1 minute, and Fig. 3(b) shows the corresponding function code traffic. From these two figures we can see that, the communication traffic is complex and changed, but the function code traffic varies periodically and can reflect every technological process. Under abnormal condition, we perform two attacks at 30th minute and at 80th minute respectively. Here, the attacker sends 50 Modbus/TCP packets whose function code is to write a coil at 30th minute, and sends the same 30 packets at 80th minute. Besides, we apply our anomaly detection approach to the corresponding function code traffic. Fig. 4(a) plots the communication traffic after the attacks. From this figure we can conclude that the attack traffic is hidden into the normal communication traffic, and we cannot identify the attack behaviors only from the communication traffic. Similarly, Fig. 4(b) plots the alarm points in the function code traffic after the attacks. From this figure we find that the proposed approach can detect the abnormal behaviors and generate alarms when the attacks happen. To sum up the above arguments, our approach is available and effective to identify and diagnose some network anomalies in industrial control system. In other words, compared with the anomaly detection using the communication traffic, our approach is more advantage.Fig.4 Under normal conditionConclusionThis paper aims to propose an anomaly detection approach based on function code traffic, and the basic idea behind the proposed approach is very simple. That is, identifying and detecting the anomalous communication behaviors in industrial control system by judging the function code traffic anomaly. In this paper, we first analyze Modbus/TCP protocol and its vulnerabilities, and then we present the detailed design of our approach, including the CUSUM algorithm. At last, we evaluate our approach in detail by simulation experiment. We show that, our approach is very available and effective to provide the security for industrial control system. Besides, we also discuss some drawbacks of our approach for our future research.AcknowledgementsThis work is supported by the National Natural Science Foundation of China (Grant No. 61501447) and Independent project of Key Laboratory of Networked Control System Chinese Academy of Sciences: Research on abnormal behavior modeling, online intrusion detection and self-learning method in industrial control network.References[1] H. Kagermann, W. Wahlster, J. Helbig, Recommendations for implementing the strategic initiative INDUSTRIE 4.0, Final Report, http://www.plattform-i40.de/finalreport2013, 2013.[2] B. Genge, C. Siaterlis, I. N. Fovino, et al., A cyber-physical experimentation environment for the security analysis of networked industrial control systems, Computer and Electrical Engineering, 38(5) (2012) 1146-1161.[3] C. Shao, L. G. Zhong, An information security solution scheme of industrial control system based on trusted computing, Information and Control, 44(5) (2015) 628-633.[4] S. S. Zhang, W. L. Shang, M. Wan, et al., Security defense module of Modbus TCP communication based on region/enclave rules, Computer Engineering and Design, 35(11) (2014) 3701-3707.[5] A. Carcano, A. Coletta, M. Guglielmi, et al., A multidimensional critical state analysis for detecting intrusions in SCADA systems, IEEE Transactions on Industrial Informatics, 7(2) (2011) 179-186.[6] A. Anoop, M. S. Sreeja, New genetic algorithm based intrusion detection system for SCADA, International Journal of Electronics Communication and Computer Engineering, , 2(2) (2013) 171-175.[7] S. M. Papa, V. S. S. Nair, A behavioral intrusion detection system for SCADA systems, Southern Methodist University, 2013.[8] B. Zhu, S. Sastry, SCADA-specific intrusion detection/prevention systems: a survey and taxonomy, The 1st Workshop on Secure Control Systems (SCS), 2010.[9] A. A. Cardenas, S. Amin, Z. S. Lin, Attacks against process control systems: risk assessment, detection, and response, The 6th ACM Symposium on Information, Computer and Communications Security, Hong Kong, 2011, pp.355-366.[10] Y. G. Zhang, H. Zhao, L. N. Wang, A non-parametric CUSUM intrusion detection method based on industrial control model, Journal of Southeast University(Natual Science Edition), A01 (2012) 55-59.[11] M. Wei, K. Kim, Intrusion detection scheme using traffic prediction for wireless industrial networks, Journal of Communications and Networks, 14(3) (2012) 310-318.[12] N. Goldenberg, A. Wool, Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems, International Journal of Critical Infrastructure Protection, 6(2) (2013) 63-75.[13] T. H. Kobayashi, A. B. Batista, A. M. Brito, et al., Using a packet manipulation tool for security analysis of industrial network protocols, IEEE Conference on Emerging Technologies and Factory Automation. Patras, 2007, pp.744-747.[14] M. Wan, H. K. Zhang, T. Y. Wu, et al., Anomaly detection and response approach based on mapping requests, Security and Communication Networks, 7 (2014) 2277-2292.[15] V. A. Siris, F. Papagalou, Application of anomaly detection algorithms for detecting SYN flooding attacks, 2004 IEEE Global Telecommunications Conference GLOBECOM’04, Dallas, 2004, pp.2050-2054.[16] J. L. Hellerstein, F. Zhang, P. Shahabuddin, A statistical approach to predictive detection, International Journal of Computer and Telecommunications Networking, 35(1) (2001) 77-95. [17] H. H. Takada, U. Hofmann, Application and analyses of cumulative sum to detect highly distributed denial of service attacks using different attack traffic patterns, /dissemination/newsletter7.pdf, 2004.。
中医诊所中药饮片委托代煎制度及流程
中医诊所中药饮片委托代煎制度及流程Traditional Chinese medicine clinics often prescribe herbal decoctions to their patients. However, preparing these decoctions can be time-consuming and requires specialized skills. To streamline the process and ensure quality control, many clinics have adopted the practice ofentrusting the preparation of herbal decoctions to professional herbal pharmacies. This system is commonly known as the "委托代煎制度" (wěituōdàijiān zhìdù) in Mandarin Chinese.The delegation process begins with the selection and prescription of appropriate herbs by the TCM practitionerat the clinic. The prescribed herbs are then recorded along with the patient's information in a standardized form or software system. This helps maintain accurate records and ensures that each patient receives the prescribed treatment.Upon receiving the prescription, the designated pharmacy prepares the herbal ingredients according to standardized procedures. Quality control is a crucial aspect of thisprocess, and reputable pharmacies adhere to strict regulations to ensure that only quality herbs are used in preparing decoctions.Next, the pharmacy will weigh and package the prescribed herbs in individual packets or sachets. These packets are usually labeled with detailed information such as the name of each herb, dosage instructions, batch number, and manufacturing date. Clear labeling helps safeguard against errors in dispensing and facilitates traceability if any issues arise later on.Before dispensing to patients, some pharmacies perform an additional step called "药性调理" (yàoxíng tiáolǐ), which involves adjusting the proportions of certain herbs or adding complementary ingredients for personalized treatment optimization. This step allows for a customized approach based on individual patient needs.The prepared herbal packets are then delivered back to the clinic for distribution to patients. The clinic staff will check that everything is in order before handing them overfor consumption. It is essential to follow good hygiene practices during handling and storage to prevent contamination and maintain product integrity.Patients are usually instructed by their TCM practitioneron how to prepare the decoctions at home. Instructions may include details such as water-to-herb ratios, boiling times, and any additional steps required, such as soaking or simmring. Patients are advised to adhere closely to these instructions for optimal therapeutic effects.In conclusion, the delegation process in Chinese medicine clinics involves the prescription of herbal ingredients by TCM practitioners, followed by the preparation and quality control performed by professional herbal pharmacies. This system ensures efficiency and accuracy in delivering personalized treatments to patients while maintaining high standards of quality and safety.中医诊所中的委托代煎制度及流程在优化传统中药的配制过程中起到了重要作用。
计算机网络英文缩写词汇
计算机网络英文缩写词汇Computer Network AbbreviationsIntroduction:In the world of computer networking, various abbreviations and acronyms are commonly used to represent complex technical terms and concepts. These abbreviations not only save space in written communication but also enhance efficiency in daily networking operations. In this article, we will explore and explain some of the most commonly used computer network abbreviations and their meanings. Let's dive in!1. OSI - Open Systems Interconnection:The Open Systems Interconnection (OSI) model is a conceptual framework that standardizes the functions of a communication system into seven distinct layers. These layers, from the physical layer to the application layer, provide a systematic approach to understanding and developing network protocols.2. TCP/IP - Transmission Control Protocol/Internet Protocol:Transmission Control Protocol/Internet Protocol (TCP/IP) is the set of protocols used for the internet and most private networks. TCP controls the transmission of data, while IP handles the routing of packets between network devices. TCP/IP is the foundation for network communication across various platforms and devices.3. LAN - Local Area Network:A Local Area Network (LAN) refers to a network of computers and devices connected in a limited geographical area, such as an office building or a school. LANs enable the sharing of resources and facilitate communication between devices within the network.4. WAN - Wide Area Network:In contrast to LAN, a Wide Area Network (WAN) covers a larger geographical area, typically spanning multiple locations and utilizing public or private telecommunication services. WANs connect LANs over long distances and often rely on routers and leased lines.5. VPN - Virtual Private Network:A Virtual Private Network (VPN) extends a private network across a public network, such as the internet. By encrypting data and creating secure connections, VPNs enable users to access a private network remotely, ensuring confidentiality and data integrity.6. DNS - Domain Name System:The Domain Name System (DNS) translates domain names into their corresponding IP addresses. DNS plays a crucial role in web browsing, as it allows users to access websites using easy-to-remember domain names instead of numeric IP addresses.7. DHCP - Dynamic Host Configuration Protocol:Dynamic Host Configuration Protocol (DHCP) automatically assigns IP addresses and network configuration parameters to devices on a network.DHCP helps simplify network administration by eliminating the manual configuration of IP addresses for each device.8. FTP - File Transfer Protocol:File Transfer Protocol (FTP) is a standard network protocol used to transfer files between a client and a server on a computer network. FTP provides a secure and efficient method for uploading, downloading, and managing files over a network.9. HTTP - Hypertext Transfer Protocol:Hypertext Transfer Protocol (HTTP) is the protocol used for transferring hypertext, such as web pages, over the internet. HTTP enables the communication between web servers and clients, allowing users to access and interact with websites.10. IP - Internet Protocol:Internet Protocol (IP) is the principal communication protocol used for transmitting data across interconnected networks. IP provides the addressing scheme and routing functionality that allows data packets to be delivered between devices on different networks.Conclusion:In this article, we have explored some of the key abbreviations used in computer networking. Understanding these abbreviations is essential for effective communication and collaboration in the networking field. By familiarizing yourself with these abbreviations, you will be better equippedto navigate the world of computer networks and stay up to date with the latest industry developments.。
CIT- 100 Tracking and Tracing Spoofed IP Packets to Their Sources
Tracking and Tracing Spoofed IP Packets to Their SourcesAlaaeldin A. Aly, College of IT, aly@uaeu.ac.aeEzedin Barka, College of IT, ebarka@uaeu.ac.a eU.A.E. University, Al-Ain, P.O. Box: 17555, U.A.E.AbstractAs the Internet becomes increasingly important as a business infrastructure, the number ofattacks on it, especially denial of service (DoS) attacks grows. A DoS attack is an attempt by aperson or a group of pe rsons to cripple an online service. Consequently, there are currently alot of efforts being made to come up with mechanisms to detect and mitigate such attacks.Research on IP traceback has been rather active since the late 1999 DOS attacks. Severalapproaches have been proposed to trace IP packets to their origins. This paper examines thecurrent best practices and the most promising research approaches in a search for near-termand long-term solutions to the traceback problem. However, it is clear that technicalapproaches alone can never offer a complete solution to the problem. Along with the proposedtechnical solutions, the policy implications and issues brought by the technology arediscussed.This paper discusses a variety of methods that can help determine if received packets havespoofed source addresses. Our approach that depends on analyzing routers' log files is alsodiscussed.1.INTRODUCTIONAlthough access control technologies such as firewalls, are commonly used to prevent network attacks, they cannot prevent some specific attacks, including TCP SYN flooding. Consequently, more companies are deploying intrusion detection systems (IDS). The IDSs detect network attacks; however, they don't let us identify the attack source. This is especially problematic with Denial of Service (DoS) attacks, for example, because the attacker doesn't need to receive packets from the target host and thus can remain hidden. Several efforts are in progress in many different research and business places around the world to develop source-identification technologies to trace packets even when an attacker fakes its IP address.The purpose of IP traceback is to identify the true IP address of a host originating attack packets. Normally, we can do this by checking the source IP address field of an IP packet. Because of a sender can easily fake this information, however, it can hide its identity. If we can identify the true IP address of the attack host, we can also get information about the organization, such as its name, and the network's administrator email address, from which the attack originated. Existing IP traceback methods can be categorized as proactive or reactive tracing. The proactive tracing detects attacks when packets are in transit while the reactive tracing starts after an attack is detected.Existing IP traceback methods can be categorized as proactive or reactive tracing. The proactive tracing prepares information for tracing when packets are in transit. If packets tracing is required, the attack victim (target) can refer to this information to identify the attack source. Two proactive methods – packet marking [1] and messaging [2] – have been studied and reviewed. In packet matching [1], packets store information about each router they pass as they travel through the network. The recipient of the marked packet can use this router information to follow the packet's path to its source. Routers must be able to mark packets, however, without disturbing normal packet processing. In messaging approaches [2], routers create and send messages containing information about the forwarding nodes a packet travels through. The approach relies on the Internet control message protocol (ICMP).The reactive tracing starts tracing after an attack is detected. Most of the methods trace the attack path from the target to its source (origin). The challenges are to develop effective traceback algorithms and packet-matching techniques. Various proposals attempt to solve these problems. Among those studied techniques are hop-by-hop tracing, hop-by-hop tracing with an overlay network [3], IPsec authentication [4], and traffic pattern matching [5]. In hop-by-hop tracing, a tracing tool logs into the router closest to the attached host and monitoring the incoming packets. If the tool detects the spoofed packet, it logs into upstream routers and monitors packets. If the spoofed flooding attack is still occurring, the tool can detect the spoofedpacket again on one of the upstream routers. This procedure is repeated recursively on t h e upstream routers until the tool reaches the attack's actual source IP address.In hop-by-hop tracing, the more hops there are, the more tracing processes will likely be required. To decrease the number of hops required for tracing, hop-by-hop tracing with an overlay network is being used [3]. With the IPsec authentication [4], when the IDS detects an attack, the Internet key exchange (IKE) protocol establishes IPsec security associations (SAS) between the target host and some routers in the administrative domain. The last technique being surveyed is the traffic pattern matching in which the trace is done by comparing traffic patterns observed at the entry and exit points of the network with the Internet map [5]. A survey has been done to investigate the DDoS vulnerabilities and IP spoofing as mentioned in [6, 7, 8, 9, 10].In this paper, we will develop our own approach to trace suspected packets to their sources. In our approach, routers log data about traversing packets as well as information about ot her nodes in the packet's path. A distributed management approach will be developed to enable tracing across networks with different access polices. Our approach is a reactive and it relies on hop-by-hop tracing. In our reactive approach, forwarding nodes such as routers log information about traversing packets on the Internet and then use the log data to trace each packet from its final destination to its source, hop-by-hop. Information about the packets remains in forwarding nodes as packets traverse allowing us to trace even a single attack packet to its source.2.METHODS OF IP TRACEBACKThe purpose of IP traceback is to identify the true IP address of a host originating attack packets. Normally, we can do this by checking the source IP address field of an IP packet. Because a sender can easily forge this information, however, it can hide its identity. If we can identify the true IP address of the attack host, we can also get information about the organization, such as its name and the network administrat or's e-mail address, from which the attack originated. With IP traceback technology, which traces an IP packet's path through the network, we can find the true IP address of the host originating the packet. To implement IP traceback in a system, a network administrator updates the firmware on the existing routers to the traceback support version, or deploys special tracing equipment at some point in the network.Existing IP traceback methods can be categorized as proactive or reactive tracing.2.1Hop-by-Hop IP TracebackThe most common and basic method in use today for tracking and tracing attacks is hop-by-hop traceback. This method is only suitable for tracing large, continuous packet flows that are currently in progress, such as those generated by ongoing denial-of-service (DoS) packet flood attacks. In a DoS flood attack, the source IP addresses are typically spoofed (i.e., they are forged addresses inserted into the source address field of a packet to disguise the true IP address of the machine that originated the packets), so tracing is required to find the true origin of the attack.For example, assume that the victim of a flood attack has just reported the attack to their ISP. First, an ISP administrator identifies the ISP’s router that is closest to the victim’s machine. Using the diagnostic, debugging, or logging features available on many routers, the administrator can characterize the nature of the traffic and determine the input (ingress) link on which the attack is arriving. The administrator then moves on to the upstream router (i.e., the router one previous hop away that is carrying attack packets toward the victim). The administrator repeats the diagnostic procedure on this upstream router, and continues to trace backwards, hop-by-hop, until the source of the attack is found inside the ISP’s administrative domain of control (such as the IP address of a customer of the ISP) or, more likely, until the entry point of the attack into the ISP’s network is identified. The entry point is typically an input link on a router that borders another provider’s network. Once the entry point into the ISP’s network is identified, the bordering provider carrying the attack traffic must be notified and asked to continue the hop-by-hop traceback. Often there is little or no economic incentive for such cooperation.2.2Ingress FilteringMuch of the attacks on the Internet by attackers is accomplished using attack packets with spoofed source addresses. The occurrence of packets with spoofed source addresses, and their ability to transit the Internet,can be greatly limited through cooperative efforts by ISPs, using a basic packet filtering approach called network ingress filtering.For example, assume that an ISP provides Internet connectivity to a customer network and assigns the customer a fixed set of IP addresses. Assume that the connectivity is provided via the ISP’s router R. To limit IP source address spoofing, the ISP places an ingress (input) filter on the input link of router R, which carries packets from the customer network into the ISP’s network and onto the Internet. The ingress filter is set to forward along all packets with source addresses that belong to the known set of IP addresses assigned to the customer network by the ISP, but the filter discards (and optionally logs as suspicious) all packets that contain source IP addresses that do not match the valid range of the customer’s known IP addresses. Hence, packets with source addresses that could not have legitimately originated from within the customer network will be dropped at the entry point to the ISP’s network.The widespread use of ingress filtering by all service providers would greatly limit the ability of an attacker to generate attack packets utilizing a broad range of spoofed source addresses, making tracking, and tracing the attacker a much easier task. Any attacker located within the customer network, in our example above, would either have to generate packets that carry the attacker’s legitimate source address or (at worst) spoof a source add ress that lies within the set of IP addresses assigned to the customer network. So, even in the worst case, an attack originating within the customer network in our example can be traced to some machine in that customer network, simply by reading the source address on the attack packet. With the help of the administrator of the customer network, the search for the attacker can then proceed in a greatly narrowed search space.3.SPOOFED PACKETS DETECTION METHODSDetection methods can be classified as those requiring router support, active host-based methods, passive host-based methods, and administrative methods. Administrative methods are the most commonly used methods today. When an attack is observed, security personnel at the attacked site contact the security personnel at the supposed attack site and ask for corroboration. This is extremely inefficient and generally fruitless. An automated method of determining the whether packets are likely to have been spoofed is clearly needed. This section describes a number of such methods.3.1Routing methodsBecause routers (or IP level switches) can know which IP addresses originate with which network interface, it is possible for them to identify packets that should not have been received by a particular interface. For example, a border router or gateway will know whether addresses are internal to the network or external. If the router receives IP packets with external IP addresses on an internal interface, or it receives IP packets with an internal IP address on an ext ernal interface, the packet source is most likely spoofed. In the wake of recent denial-of-service attacks involving spoofed attack packets, ISPs and other network operators have been urged to filter packets using the above-described method. Filtering inbound packets, known as ingress filtering, protects the organization from outside attacks. Similarly, filtering outbound packets prevents internal computers from being involved in spoofing attacks. Such filtering is known as egress filtering. It is interesting to note that if all routers were configured to use ingress and/or egress filtering, attacks would be limited to those staged within an organization or require an attacker to subvert a router. Internal routers with a strong notion of inside/outside can also detect spoofed packets. However, certain network topologies may contain redundant routes making this distinction unclear. In these cases, host based methods (discussed in section 4.2) can be used at the router. A number of IP addresses are reserved by the IANA for special purposes. These are listed in table 1. The addresses in the first group are private addresses and should not be routed beyond a local network. Seeing these on an outside interface may indicate spoofed packets. Depending on the particular site, seeing these on an internal address would also be suspicious. The other addresses in table 1 are special purpose, local only addresses and should never be seen on an outer interface.Many firewalls look for the packets described in this section. Typically they are dropped when received.Because firewalls have been a popular security product, research into routing methods has been active. Most all research has been in this area. Routers can also take a more active role in detecting spoofed packets. A number of advanced router projects have dealt with this and spoofed packet traceback.These are discussed in section 6. We have proposed a number of proactive methods that can be used to detect and prevent spoofed packets.One limitation of routing met hods is that they are effective only when packets pass through them. An attacker on the same subnet as the target could still spoof packets. When the attacker is on the sameEthernet subnet as the target, both the source IP address and the Ethernet MAC would be spoofed. If the spoofed source address was an external address, the MAC would be that of the router. This implies that other techniques are required.3.2Non-routing methodsComputers receiving a packet can determine if the packet is spoofed by a number of active and passive ways. We use the term active to mean the host must perform some network action to verify that the packet was sent from the claimed source. Passive methods require no such action, however an active method may be used to validate cases where the passive method indicates the packet was spoofed.3.3Active MethodsActive methods either make queries to determine the true source of the packet (reactive), or affect protocol specific commands for the sender to act upon (proactive). These methods have an advantage over routing methods in that they do not require cooperation between ISPs and can be effective even when the attacker is on the same subnet as the target. Active methods require a response from the claimed source. Only if the spoofed host is active (i.e. connected to the network and receiving and processing packets) can it be probed.A host that is heavy firewalled and cannot respond to probes is effectively inactive. Because inactive hosts are commonly used as source addresses in spoofed packets, if these packets are seen in an attack, it is likely they are spoofed. When hosts will not respond to any probes, passive methods will be required for corroboration.TTL methodsAs IP packets are routed across the Internet, the time-to-live (TTL) field is decremented. This field in the IP packet header is used to prevent packets from being routed endlessly when the destination host can not be located in a fixed number of hops. It is also used by some networked devices to prevent packets from being sent beyond a host’s network subnet. The TTL is a useful value for detecting spoofed packets. Its use is based on several assumptions, which, from our network observations, appear to be true.?IP Identification NumberAs discussed in the section on Bounce Scanning, the sending host increments the Identification Number (ID) in the IP header with each packet sent. Because this is a value that is easily probed and changes in its value are predictable, we can use it to determine if a packet is spoofed. Unlike TTL values, IP ID numbers can be used to detect spoofed packets even when the attacker and the target are on the same subnet.If we send probe packets to the claimed source and we receive a reply, the ID values should be near the value of questionable packets recently received from the host. Also, the ID values observed in the probe should be greater than the ID values in the questionable packets. If not the packets were likely not sent by the claimed source. If the host associated with the claimed source is very active, the ID values may change rapidly. To be effective, the probes must be done very close in time to receipt of the questionable packets..OS FingerprintingThe above techniques illustrate aspects of the more general task of OS fingerprinting where a series of various probes are used to identify the operating system of a particular host. Active fingerprinting refers to direct probing of a computer, while passive fingerprinting refers to monitoring traffic and comparing it to expected norms for different OSs. We can perform a limited passive fingerprint as we observe network traffic from a particular host, then by comparing this to an active OS fingerprint, we can determine if the two are likely to be the same OS. If not we can infer the packets are spoofed.TCP Specific MethodsFlow ControlThe TCP header includes a window size field. This is used to communicate the maximum amount of data the recipient can currently receive. This can also be interpreted as the maximum amount of data the sender can transmit without an acknowledgement from the recipient. This is the TCP flow control method. If the window size is set to zero, the sender should not send more data. If the packets we are receiving are spoofed, then the sender will never see the recipient’s ACK-packets. This implies that the sender will not respond to flow control. If the recipient does not send any ACK-packets, the sender should stop after the initial window size is exhausted. If it does not, it is likely the packets are spoofed. One way of implementing this check is to always send an initial window size that is extremely small. If packets received exceed this threshold, we can infer the packets are spoofed. Because spoofing replies with the correct sequence number to multiple TCP packets may be challenging, most spoofed TCP connections do not progress past the first ACK-packet. This implies that the best chance to detect spoofed packets requires it bedone in the handshake. Fortunately the TCP handshake requires the host sending the initial SYN wait for the returned SYN-ACK prior to sending its first ACK packet. By setting the window size in the SYN-ACK to zero, we can we can determine if the sender is receiving (and responding to) our packets. If the sender sends an ACK-packet with any data, we know the true source is not responding to our packets, and were likely a spoofed packet.Packet RetransmissionTCP uses sequence numbers to determine which packets have been acknowledged. An ACK-packet communicates to the recipient that all packets it has sent, up to and including the packet with the sequence number in the packet have been successfully received. When a packet is received with an ACK-number that is less than the minimum expected, or greater than the max expected, the packet is dropped and as a way to resynchronize the connection, a reply with the minimum expected ACK-number is sent. We can exploit these replies to probe for spoofed packets. By sending a probe packet, spoofed to be from the internal host, with an ACK number greater than the minimum expected, we can induce a resynchronization ACK from the host being probed. If the probe receives a RST in reply, we can infer the connection was spoofed. A concern with this method is that it may lead to an ACK-storm as both sides a ttempt to resynchronize. This method is best performed on a firewall where the probe reply could be captured. This will prevent the internal host from seeing the reply, and will prevent an ACK-storm.TracerouteTraceroute is a widely used network tool to discover the route from the site traceroute is executed on to another. When used to detect spoofed packets, it may tell you the number of hops to the true source. Unfortunately it is very slow and generally fails when the site being checked is behind a firewall. If the firewall blocks the probing UDP packets (or the ICMP replies), the traceroute program will know only the number of hops to the firewall. However, when the firewall is more hops away from the monitored site than the true site, traceroute will return a hop count greater than expected of the questionable packet. In this case, traceroute can be useful as a detector. Because of its performance, traceroute is a poor general technique for spoofed packet detection. However, in cases where the attacker is nearer the target than the true source site’s firewalls, and the firewall will not allow probes to succeed, traceroute or similar techniques should be considered.The issues with traceroute introduce a different method of spoofed packet detection base only on previously observed packets. Because the TTL and ID fields are set by the true source, we can learn the expected values for a particular host. Such passive methods are discussed in the next section.3.4Passive MethodsPassive methods are a logical extens ion of the reactive methods discussed earlier. Where observed data will have a predictable value, not relative to some prior packet, we can learn what values are to be expected and consider packets with unexpected values suspicious. Because TTL values are a function of a host’s OS, the packet’s protocol, and the network topology, all which are reasonably static, TTLs can be used as a basis for passive detection. Conversely, IP ID numbers, which generally have a strong relation to prior packets, do not make good candidates for the basis of a passive system. The next section describes several different passive methods and how they could be used to detect spoofed packets.Passive TTL MethodsBy recording, over a period of time, the TTL values of distinct source IP address/protocols we can learn which values are expected from particular hosts. We believe that these are reliable, predictable values of a given IP address/protocol. (See section 7 for experimental validation of this.) This will give us a reasonable basis for identifying suspicious packets from previously observed hosts. Our implementation of this compares observed packets to the expected TTL values for that packet. If the values were anomalous, the packet would be flagged as suspicious. In many cases, we will receive packets from hosts not previously encountered. These will have no entry in the table. Without further information we will not be able to know if the packet’s TTL values are suspicious. How to flag such packets should be left up to the particular application.However, by taking advantage of the fact that similar IP addresses are commonly the same number of hops away from a monitoring point, we can expand the above method to predict values for previously unseen packets. In addition to learning IP address/protocol to TTL relations we can also learn IP subnet to TTL relations. The predictability based on subnets is not expected to be as high as specific IP address/protocols, but will provide additional information. Rather than use passive methods alone, by using them incombination with reactive methods we can construct an efficient spoofed packet detection system. The reactive method can be initiated only when the packet seems suspicious. This minimizes the amount of probing required, and allows us to test packets using a number of methods. The specifics or our implementation are described in sections 5 and 7. One of the strengths of passive TTL methods is that they are resistant to network routing attacks. These occur when packets intended for a particular host are routed to another host posing as the first. Such an attack is not strictly packet spoofing because the packets are coming from the effective IP address of the sender. However, if the network distance between the two hosts has changed, we will identify these packets as spoofed. This allows passive spoofed packet detection to also act as a routing change detector.OS IdiosyncrasiesWe have identified a number of other features that can be used to find suspicious (possibly spoofed) packets. These include the expected source port for a TCP or UDP communication, expected ID values for certain packets, and type of service (ToS) or differential service code point (DSCP) values. The TCP window size has also been observed to be highly predic table given the source. Other useful features are likely. Basically, any that is specific to a particular host, OS, NIC, etc. is a potential identifier for that host. How useful a particular feature is depends on how predictable a particular feature is and how likely another computer will generate the same value as the claimed source. Features with values common to many computers will tend to generate false negatives while those that vary significantly will tend to generate false positives.4.THE PROPOSED APPROACHDenial-of-service (DOS) attacks are a pressing problem in today’s Internet. Their impact is often more serious than network congestion due to their targeted and concentrated nature. In a distributed DOS (DDOS) attack, the attacker uses a number of compromised slaves to increase the transmission power and orchestrate a coordinated flooding attack. Particularly, DDOS attacks with hundreds or thousands of compromised hosts, often residing on different networks, may lead to the target system overload and crash.Because the current Internet routing infrastructure has few capabilities to defend against IP spoofing and DDoS attacks, we need to design a new defense mechanism against these attacks. In particular, our proposed approach is to defend against these attacks and should satisfy the following properties:•Fast response: The proposed approach should be able to rapidly respond and defend against attacks. Every second of Internet service disruption causes economic damage. We would like to immediately block the attack.•Scalable: Some attacks, such as TCP hijacking, involve only a small amount of packets. However, many DDoS attacks are large scale and involve thousands of distributed attackers and an even larger number of attack packets. A good defense mechanism must be effective against low packet count attacks but scalable to handle much larger ones.•Victim filtering: Almost all DDoS defense schemes assume that once the attack path is revealed, upstream routers will install filters in the network to drop attack traffic. This is a weak assumption because such a procedure may be slow, since the upstream ISPs have no motivation to offer this service to non-customer hosts and networks.•Efficient: The proposed approach should have very low processing and state overhead for both the routers in the Internet and, to a lesser degree, the victims of the attacks.•Support incremental deployment: The proposed approach is only useful and practical if it providesa benefit when only a subset of routers implement it. As an increasing number of routers deploythe scheme, there should be a corresponding increase in performance.Also, the deployment of the solution should not leak proprietary information about an ISP’s internal network, as some ISPs keep their network topology secret to retain a competitive advantage.CONCLUSIONIP traceback has several limitations, such as the problem with tracing beyond corporate firewalls. To accomplish IP traceback, we need to reach the host where the attack originated. It is difficult, however, to trace packets through firewalls into corporate intranets the last-traced IP address might be the firewall's address. Knowing the IP address of the organization's network entry point, however, allows us to obtain information about the organization where the attacker's host is located, such as the organization's name and。
计算机网络英语期末复习试题及答案
《计算机网络英语》期末复习试题及答案一选择题1.A ( ) protocol is used to move a datagram over an individual link.A application-layerB transport-layerC network-layerD link-layer2.The units of data exchanged by a link-layer protocol are called ( ).A datagramsB framesC segmentsD messages3.Which of the following protocols is not a link-layer protocol? ( )A EthernetB PPPC HDLCD IP4.In the following four descriptions, which one is not correct? ( )A link-layer protocol has the node-to-node job of moving network-layer datagrams over a single link in the path.B The services provided by the link-layer protocols may be different.C A datagram must be handled by the same link-layer protocols on the different links in the path.D The actions taken by a link-layer protocol when sending and receiving frames include error detection, flow control and random access.5.Which of the following services can not offered by a link-layer protocol? ( )A congestion controlB Link AccessC Error controlD Framing6.( ) protocol serves to coordinate the frame transmissions of the many nodes when multiple nodes share a single broadcast link.A ARPB MACC ICMPD DNS7.In the following four descriptions about the adapter, which one is not correct? ( )A The adapter is also called as NIC.B The adapter is a semi-autonomous unit.C The main components of an adapter are bus interface and the link interface.D The adapter can provide all the link-layer services.8.Consider CRC error checking approach, the four bit generator G is 1011, and suppose that the data D is 10101010, then the value of R is( ).A 010B 100C 011D 1109.In the following four descriptions about random access protocol, which one is not correct? ( )A In slotted ALOHA, nodes can transmit at random time.B In pure ALOHA, if a frame experiences a collision, the node will immediately retransmit it with probability p.C The maximum efficiency of a slotted ALOHA is higher than a pure ALOHA.D In CSMA/CD, one node listens to the channel before transmitting.10.In the following descriptions about MAC address, which one is not correct? ( )A The MAC address is the address of one node’s adapter.B No two adapters have the same MAC address.C The MAC address doesn’t change no matter where the adapter goes.D MAC address has a hierarchical structure.11.The ARP protocol can translate ( ) into ( ). ( )A host name, IP addressB host name, MAC addressC IP address, MAC addressD broadcast address, IP address12.The value of Preamble field in Ethernet frame structure is ( )A 10101010 10101010……10101010 11111111B 10101011 10101011……10101011 10101011C 10101010 10101010……10101010 10101011D 10101010 10101010……10101010 1010101013.There are four steps in DHCP, the DHCP server can complete ( ).A DHCP server discoveryB DHCP server offersC DHCP requestD DHCP response14.In CSMA/CD, the adapter waits some time and then returns to sensing the channel. In the following four times, which one is impossible? ( )A 0 bit timesB 512 bit timesC 1024 bit timesD 1028 bit times15.The most common Ethernet technologies are 10BaseT and 100BaseT. “10” and “100”indicate( ).A the maximum length between two adaptersB the minimum length between two adaptersC the transmission rate of the channelD the transmission rate of the node16.The principal components of PPP include but not( ).A framingB physical-control protocolC link-layer protocolD network-layer protocol17.In the following four options, which service can not be provided by switch? ( )A filteringB self-learningC forwardingD optimal routing18.In the following four services, which one was be required in PPP? ( )A packet framingB error detectionC error correctionD multiple types of link19.The ability to determine the interfaces to which a frame should be directed, and then directing the frame to those interfaces is( ).A filteringB forwardingC self-learningD optimal routing20.In ( ) transmission(s), the nodes at both ends of a link may transmit packets at the same time.A full-duplexB half-duplexC single-duplexD both full-duplex and half-duplex21.Consider the data D is 01110010001, if use even parity checking approach, the parity bit is( ①), if use odd parity checking approach, the parity bit is( ②). ( )A ①0 ②1B ①0 ②0C ①1 ②1D ①1 ②022.In the following four descriptions about parity checks, which one is correct? ( )A Single-bit parity can detect all errors.B Single-bit parity can correct one errors.C Two-dimensional parity not only can detect a single bit error, but also can correct that error.D Two-dimensional parity not only can detect any combination of two errors, but also can correct them.23.MAC address is ( ) bits long.A 32B 48C 128D 6424.Wireless LAN using protocol ( ).A IEEE 802.3B IEEE 802.4C IEEE 802.5D IEEE 802.1125.The following protocols are belonging to multiple access protocols except for ( ).A channel partitioning protocolsB routing protocolsC random access protocolsD taking-turns protocols26.Which of the following is not belonging to channel partitioning protocols? ( )A CSMAB FDMC CDMAD TDM27.In the following four descriptions about CSMA/CD, which one is not correct? ( )A A node listens to the channel before transmitting.B If someone else begins talking at the same time, stop talking.C A transmitting node listens to the channel while it is transmitting.D With CSMA/CD, the collisions can be avoided completely.28.( ) provides a mechanism for nodes to translate IP addresses to link-layer address.A IPB ARPC RARPD DNS29.A MAC address is a ( )address.A physical-layerB application-layerC link-layerD network-layer30.Which of the following is correct? ( )A No two adapters have the same MAC address.B MAC broadcast address is FF-FF-FF-FF-FF-FF.C A portable computer with an Ethernet card always has the same MAC address, no matter where the computer goes.D All of the above31.In the following four descriptions, which one is not correct? ( )A ARP resolves an IP address to a MAC address.B DNS resolves hostnames to IP addresses.C DNS resolves hostnames for hosts anywhere in the Internet.D ARP resolves IP addresses for nodes anywhere in the Internet.32.In the LAN, ( )protocol dynamically assign IP addresses to hosts.A DNSB ARPC DHCPD IP33.DHCP protocol is a four-step process: ①DHCP request. ②DHCP ACK. ③DHCP server discovery. ④DHCP server offer(s). The correct sequence is ( )A ①②③④B ③②①④C ③④①②D ①④③②34.In the Ethernet frame structure, the CRC field is ( )bytes.A 2B 4C 8D 3235.In the Ethernet frame structure, the Data field carries the ( ).A IP datagramB segmentC frameD message36.In the following four descriptions, which one is not correct? ( )A Ethernet uses baseband transmission.B All of the Ethernet technologies provide connection-oriented reliable service to the network layer.C The Ethernet 10Base2 technology uses a thin coaxial cable for the bus.D The Ethernet 10BaseT technology uses a star topology.37.Ethernet’s multiple access protocol is ( ).A CDMAB CSMA/CDC slotted ALOHAD token-passing protocol38.In the following four descriptions about CSMA/CD, which one is not correct? ( )A An adapter may begin to transmit at any time.B An adapter never transmits a frame when it senses that some other adapter is transmitting.C A transmitting adapter aborts its transmission as soon as it detects that another adapter is also transmitting.D An adapter retransmits when it detects a collision.39.Which of the following descriptions about CSMA/CD is correct? ( )A No slots are used.B It uses carrier sensing.C It uses collision detection.D All of the above.40.The Ethernet 10BaseT technology uses( )as its physical media.A fiber opticsB twisted-pair copper wireC coaxial cableD satellite radio channel41.For 10BaseT, the maximum length of the connection between an adapter and the hub is ( )meters.A 100B 200C 500D 1042.A ( )is a physical-layer device that acts on individual bits rather than on frames.A switchB hubC routerD gateway43.A hub is a ( )device that acts on individual bits rather than on frames.A physical-layerB link-layerC network-layerD ransport-layer44.A switch is a( )device that acts on frame.A physical-layerB link-layerC network-layerD transport-layer45.In the following four descriptions, which one is not correct? ( )A Switches can interconnect different LAN technologies.B Hubs can interconnect different LAN technologies.C There is no limit to how large a LAN can be when switches are used to interconnect LAN segments.D There is restriction on the maximum allowable number of nodes in a collision domain when hubs are used to interconnect LAN segments.46.The ability to determine whether a frame should be forwarded to some interface or should just be dropped is ( ).A filteringB forwardingC self-learningD optimal routing47.Which of the following devices is not a plug and play device? ( )A hubB routerC switchD repeater48.Which of the following devices is not cut-through device? ( )A hubB routerC switchD repeater49.In the following four descriptions, which one is not correct? ( )A Switches do not offer any protection against broadcast storms.B Routers provide firewall protection against layer-2 broadcast storms.C Both switches and routers are plug and play devices.D A router is a layer-3 packet switch, a switch is a layer-2 packet switch.50.Which device has the same collision domain? ( )A HubB SwitchC RouterD Bridge51.IEEE802.2 protocol belong to ( )layerA networkB MACC LLCD physical52.IEEE802.11 protocol defines ( )rules.A Ethernet BusB wireless WANC wireless LAND Token Bus53.In data link-layer, which protocol is used to share bandwidth? ( )A SMTPB ICMPC ARPD CSMA/CD54.When two or more nodes on the LAN segments transmit at the same time, there will be a collision and all of the transmitting nodes well enter exponential back-off, that is all of the LAN segments belong to the same( ).A collision domainB switchC bridgeD hub55.( )allows different nodes to transmit simultaneously and yet have their respective receivers correctly receive a sender’s encoded data bits.A CDMAB CSMAC CSMA/CDD CSMA/CA56.Because there are both network-layer addresses (for example, Internet IP addresses) and link-layer addresses (that is, LAN addresses), there is a need to translate between them. Forthe Internet, this is the job of ( ).A RIPB OSPFC ARPD IP57.PPP defines a special control escape byte, ( ). If the flag sequence, 01111110 appears anywhere in the frame, except in the flag field, PPP precedes that instance of the flag pattern with the control escape byte.A 01111110B 01111101C 10011001D 1011111058.The device ( ) can isolate collision domains for each of the LAN segment.A modemB switchC hubD NIC59.In the following four descriptions about PPP, which one is not correct? ( )A PPP is required to detect and correct errors.B PPP is not required to deliver frames to the link receiver in the same order in which they were sent by the link sender.C PPP need only operate over links that have a single sender and a single receiver.D PPP is not required to provide flow control.60.In the PPP data frame, the( ) field tells the PPP receivers the upper-layer protocol to which the received encapsulated data belongs.A flagB controlC protocolD checksum61.PPP’s link-control protocols (LCP) accomplish ( ).A initializing the PPP linkB maintaining the PPP linkC taking down the PPP linkD all of the above62.The PPP link always begins in the ( ) state and ends in the ( ) state. ( )A open, terminatingB open, deadC dead, deadD dead, terminating63.For( ) links that have a single sender at one end of the link and a single receiver at the other end of the link.A point-to-pointB broadcastC multicastD all of the above64.With ( )transmission, the nodes at both ends of a link may transmit packets at the same time.A half-duplexB full-duplexC simplex(单工)D synchronous65.With ( ) transmission, a node can not both transmit and receive at the same time.A half-duplexB full-duplexC simplex(单工)D synchronous66.Which of the following functions can’t be implemented in the NIC? ( )A encapsulation and decapsulationB error detectionC multiple access protocolD routing67.Which of the following four descriptions is wrong? ( )A The bus interface of an adapter is responsible for communication with the adapter’s parent node.B The link interface of an adapter is responsible for implementing the link-layer protocol.C The bus interface may provide error detection, random access functions.D The main components of an adapter are the bus interface and the link interface. 68.For odd parity schemes, which of the following is correct? ( )A 011010001B 111000110C 110101110D 00011011069.( )divides time into time frames and further divides each time frame into N time slots.A FDMB TMDC CDMAD CSMA70.With CDMA, each node is assigned a different ( )A codeB time slotC frequencyD link71.Which of the following four descriptions about random access protocol is not correct? ( )A A transmission node transmits at the full rate of the channelB When a collision happens, each node involved in the collision retransmits at once.C Both slotted ALOHA and CSMA/CD are random access protocols.D With random access protocol, there may be empty slots.72.PPP defines a special control escape byte 01111101. If the data is b1b201111110b3b4b5, the value is( )after byte stuffing.A b1b20111110101111110b3b4b5B b1b20111111001111101b3b4b5C b5b4b30111111001111101b2b1D b5b4b30111110101111110b2b173.MAC address is in ( ) of the computer.A RAMB NICC hard diskD cache74.Which of the following is wrong? ( )A ARP table is configured by a system administratorB ARP table is built automaticallyC ARP table is dynamicD ARP table maps IP addresses to MAC addresses75.NIC works in ( )layer.A physicalB linkC networkD transport76.In LAN, if UTP is used, the common connector is( ).A AUIB BNCC RJ-45D NNI77.The modem’s function(s) is(are) ( ).A translates digital signal into analog signalB translates analog signal into digital signalC both translates analog signal into digital signal and translates digital signal into analog signalD translates one kind of digital signal into another digital signal78.( )defines Token-Ring protocol.A IEEE 802.3B IEEE 802.4C IEEE 802.5D IEEE 802.279.( )defines Token-Bus protocol.A IEEE 802.3B IEEE 802.4C IEEE 802.5D IEEE 802.280.( ) defines CSMA/CD protocol.A IEEE 802.3B IEEE 802.4C IEEE 802.5D IEEE 802.281.The computer network that concentrated in a geographical area, such as in a building or on a university campus, is ( )A a LANB a MANC a WAND the Internet82.The MAC address is ( ) bits long.A 32B 48C 128D 25683.Which of the following four descriptions about MAC addresses is wrong? ( )A a MAC address is burned into the adapter’s ROMB No two adapters have the same addressC An adapter’s MAC address is dynamicD A MAC address is a link-layer address84.Which of the following four descriptions about DHCP is correct? ( )A DHCP is C/S architectureB DHCP uses TCP as its underlying transport protocolC The IP address offered by a DHCP server is valid foreverD The DHCP server will offer the same IP address to a host when the host requests an IP address85.The ( )field permits Ethernet to multiplex network-layer protocols.A preambleB typeC CRCD destination MAC address86.For 10BaseT, the maximum length of the connection between an adapter and the hub is ( ) meters.A 50B 100C 200D 50087.An entry in the switch table contains the following information excepts for ( )A the MAC address of a nodeB the switch interface that leads towards the nodeC the time at which the entry for the node was placed in the tableD the IP address of a node二、阅读理解The central processing unit (CPU) is the heart of the computer systems. Among other things, its configuration determines whether a computer is fast or slow in relation to other computers. The CPU is the most complex computer system component, responsible for directing most of the computer system activities based on the instructions provided. As one computer generation has evolved to the next, the physical size of the CPU has often become smaller and smaller, while its speed and capacity have increased tremendously. Indeed, these changes have resulted in microcomputers that are small enough to fit on your desk or your lap.The CPU comprises the control unit and the arithmetic / logic unit (ALU).The control unit is responsible for directing and coordinating most of the computer systems activities. It determines the movement of electronic signals between main memory and the arithmetic/logic unit, as well as the control signals between the CPU and input/output devices. The ALU performs all the arithmetic and logical (comparison) functions — that is, it adds, subtracts, multiplies, divides, and does comparisons. These comparisons, which are basically “less than”, “greater than”, and “equal to”, can be combined into several common expressions, such as “greater than or equal to”. The objective of most instructions that use comparisons is to determine which instruction should be executed next.Tell whether the following statements are true(T) or false(F) according to the passage A.(根据上文的内容判断下列句子的正误)1. With the development of computer, the physical size of the CPU has often become bigger and bigger. ( )2. The movement of electronic signals between main memory and the ALU as well as the control signal between the CPU and input /output devices are controlled by the control unit of the CPU. ( )3. The CPU comprises the control unit and memory. ( )4. The control unit performs all the arithmetic and logical (comparison) functions5. The central processing unit (CPU) is the heart of the computer systems. ( )三、翻译下面的文章。
具体讲解接口的定义(国外英文资料)
Understanding Interface Definitions: A Guide to Interactions in the DigitalWorldWhat Exactly Is an Interface?Types of Interfaces1. Hardware Interfaces:2. Software Interfaces:3. User Interfaces (UI):User interfaces are the visual and interactive aspects of a device or application that allow users to engage with it. A welldesigned UI can make the difference between a pleasantuser experience and a frustrating one. Examples include the screens on your smartphone, the dashboard of your car, or the control panel on a microwave.The Importance of StandardizationStandardization is key to the effectiveness of interfaces. Standards ensure that different systems can work together regardless of their origin or manufacturer. Organizationslike the International Organization for Standardization (ISO) and the Institute of Electrical and Electronics Engineers (IEEE) play a crucial role in establishing these standards.In ConclusionThe Nuances of Interface Definitions: Exploring the Technical TapestryThe Anatomy of a Software APIEndpoints: These are the specific URLs where the API can be accessed. Endpoints serve as addresses for different services or data that the API provides.Methods: APIs use methods such as GET, POST, PUT, and DELETE to perform operations. These methods define the type of action that can be executed through the API, such as retrieving data or updating it.Parameters: These are the variables that are passed to the API to specify certain actions or filter data. Parameters can be required or optional and are crucial for customizing API responses.Data Formats: APIs exchange data in various formats, such as JSON (JavaScript Object Notation) or XML (eXtensible Markup Language). The choice of format affects the efficiency and readability of the data being transferred.The Role of Protocols in Interface CommunicationTCP/IP: These protocols govern the fundamental architecture of the internet, ensuring that data packets are sent from the correct source to the correct destination.The Challenge of Interface DesignCreating an effective interface is both an art and a science. It requires a deep understanding of user needs, technical capabilities, and design principles. Key considerations include:Usability: An interface must be intuitive and userfriendly. It should minimize the learning curve and provide a seamless experience for the user.Security: Interfaces often handle sensitive data, so they must be designed with security in mind. This includes encryption, authentication, and access control measures.The Future of InterfacesAs technology advances, so too do interfaces. We're witnessing the rise of new interface types, such as: Augmented Reality (AR) Interfaces: AR interfaces overlay digital information onto the physical world, offering a new way to interact with data and environments.In the everevolving landscape of technology, the role of interfaces remains constant—they are the essential translators that enable different parts of our digital world to speak the same language. Understanding their nuances is not just a technical pursuit; it's a journey into the very fabric of our interconnected future.The Subtleties of Interface Definitions: Unveiling the Interconnected WebThe Philosophy Behind Interface DesignInterface design is not merely a technical endeavor; it's an exercise in philosophy. It requires a thoughtful approach that considers the following principles:Consistency: Users should be able to apply what they've learned from one part of an interface to another. Consistency in design helps build a sense of familiarity and trust with the technology.Feedback: Interfaces must provide clear and timely feedback to users. Whether it's a visual cue or a confirmation message, feedback is essential for guiding user actions and building confidence.The Impact of Cultural Differences on Interface DesignWhen designing interfaces for a global audience, cultural differences cannot be overlooked. What may be a standard interaction pattern in one culture could be confusing or even offensive in another. Considerations include:Language: Interfaces must be adaptable to different languages, not just in terms of translation but also in terms of layout, as some languages read from right to left or have different typographical conventions.Symbols and Icons: Visual elements can vary in meaning across cultures. Designers must ensure that icons and symbols are universally understood or culturally adapted.Color: Colors carry different connotations in various cultures. Interface designers must be mindful of color choices to avoid unintended messages.The Intersection of Accessibility and Interface DesignAccessibility is a cornerstone of inclusive interface design. It ensures that people with disabilities can use technology effectively. Key aspects of accessible interface design include:Screen Reader Compatibility: Visual interfaces must be designed with screen readers in mind, using proper HTML tags and ARIA (Accessible Rich Internet Applications) attributesto convey information to users with visual impairments.Contrast and Font Size: Sufficient contrast and adjustable font sizes are critical for users with visual impairments, ensuring that content is readable and accessible.The Evolution of Interface Design: From Static to Dynamic The evolution of interface design has moved from static pages to dynamic, responsive systems. This shift has introduced new challenges and opportunities:Adaptive Interfaces: These interfaces learn from user interactions and adapt over time to better serve individual preferences and needs. This personalization can significantly enhance the user experience.Realtime Data: Modern interfaces often incorporate realtime data streams, providing users with uptothesecond information. Designing for realtime data requires careful consideration of performance and user attention.In the grand tapestry of interface design, each thread represents a choice made designers to create a more connected, accessible, and userfriendly world. As we continue to refine our understanding of interface definitions, we edge closer to a future where technology seamlessly integratesinto our lives, enhancing our experiences and broadening our horizons.。
CCIE路由交换-转发MPLS数据包Forwarding+MPLS+Packets
MPLS VPNs and Packet Forwarding
– 只有出口路由器理解VPN标签,为了送到对应的CE – 在入口PE和出口PE之间需要建立端到端的LSP tunnel – BGP下一跳必须是IGP(或者静态)的路由
• LDP labels will be assigned to addresses in the global routing table. LDP标签分配给IGP路由条目
– BGP next hops should not be announced as BGP routes. – LDP labels are not assigned to BGP routes.
谢谢观看
THANKS
FOR WATCHING
主讲人: PPTZYG
the top label, and the packet reaches the egress PE router. The top label is removed. • 出口PE路由器查找VPN标签,并把包转发给客户路由器The egress PE router performs a lookup on the VPN label
and forwards the packet toward the CE router.
VPN PHP
• PHP行为在最后一跳P设备上对LDP标签进行剥离(对VPN标签没有PHP) • 在出口路由器PE上仅仅进行VPN标签的查找,加速了查找速度 • IP lookup is performed only once—in the ingress PE router.
VPN Label Propagation (Cont.)
网络安全探针 英文
网络安全探针英文A network security probe, commonly referred to as a network security sensor or security probe, is a crucial component in ensuring the safety and protection of computer networks from potential threats and attacks. Its primary function is to detect and monitor the network for any suspicious or malicious activity, allowing network administrators to take appropriate action to mitigate risks and safeguard the network's integrity.A network security probe operates by continuously examining and analyzing network traffic, looking for any signs of abnormal behavior or patterns that could indicate a security breach or unauthorized access. It monitors network packets and performs deep packet inspection to identify potential threats such as viruses, malware, intrusions, or other forms of cyber attacks.These security probes are equipped with powerful algorithms and intelligent scanning capabilities that help distinguish between legitimate network traffic and suspicious or malicious activity. They utilize various techniques like anomaly detection, signature-based detection, and behavior-based analysis to identify potential threats. By comparing network traffic patterns and behaviors against known attack patterns or predefined rules, the security probe can quickly identify and prioritize security incidents. When a security probe detects a potential threat, it generates alerts or notifications to the network administrator or a security operations center (SOC). These alerts provide detailed information about the nature of the threat, its severity, and suggested actions to be taken to address the issue. The security probe can also initiateautomatic responses, such as blocking or isolating the affected devices or network segments to prevent further damage.Network security probes play a vital role in maintaining a secure network environment. They provide real-time visibility into network traffic, enabling administrators to monitor network behavior continuously. By identifying and responding to security incidents promptly, they help prevent data breaches, information theft, and network downtime.In conclusion, network security probes are essential components in ensuring network security. Their ability to detect and analyze network traffic enables network administrators to quickly identify potential threats and take appropriate action. By continuously monitoring the network, they provide a proactive approach to network security and play a significant role in safeguarding the integrity of computer networks.。
无线网络教学资料-rr--ch00--wireless_tcp_cuiyong
1/error rate (in bytes)
The throughput is inversely proportional to the error rate
CS 80240333
CUI Yong
14
Hidden and exposed station problems
Throughput suffers
CS 80240333
CUI Yong
13
Impact of random errors
1600000
Nitin H. Vaidya ASSET’99
1200000
800000
bits/sec
400000 0
Exponential error model 2 Mbps wireless full duplex link No congestion losses
Once one session develops, the other one is shut down The overturn can happen at any time randomly
The main cause of this problem
The hidden station problem The exposed node problem The exponential back-off scheme in the MAC layer
making the interfering range the same as the communication range
CS 80240333
CUI Yong
16
Method and system for active fabric management usi
专利名称:Method and system for active fabricmanagement using unicast reachabilitymonitoring发明人:Tal Rusak,Kenneth James Duda申请号:US15184708申请日:20160616公开号:US09876700B2公开日:20180123专利内容由知识产权出版社提供专利附图:摘要:A method for active network fabric management. The method includes receiving a probe packet by a termination beacon, where the probe packet is associated with astream, the stream is identified using an origin beacon identification (ID) for an origin beacon, a stream source IP address, a stream destination IP address, an L2 origin interface, and a TTL value or an IP Hop value. The method further includes generating, after receiving the probe packet and after the expiration of a probe rate request (PRR) refresh timer, a rate control packet (RCP) by the termination beacon where the RCP includes a PRR for the stream, and sending the RCP to the origin beacon using an origin beacon IP address, where the origin beacon IP address is different than the stream source IP address.申请人:Arista Networks, Inc.地址:Santa Clara CA US国籍:US代理机构:Chamberlain Hrdlicka更多信息请下载全文后查看。
思科安全 CISCO SECURITY
© 2003, Cisco Systems, Inc. All rights reserved.
4
Cisco Security Agent (CSA): Behavioral Protection From Attacks
Configuration Reports, Events
Policy Updates
Alerts
CSA Mgmt Console
Server Agent
SNMP Manager Custom Programs Local File
© 2003, Cisco Systems, Inc. All rights reserved.
Agent
Management Server
Example: Trojan Horse detection, Network Worm propagation, automatic application recognition
Correlation on Manager • Higher accuracy • Fewer “False Negative” events Example: Distributed “Ping Scans”, Network Worm propagation
Backdoor.IRC.RPCBot.D
• Event correlation at the management console across the network to give high alert of potential WORM or VIRUS • With the addition of the PROFILER, event correlation is enhanced and custom policies generated
丛林法则新西兰大龙虾
丛林法则新西兰大龙虾The Jungle Law of New Zealand's Giant Lobster。
New Zealand's giant lobster, also known as the spiny rock lobster, is a magnificent creature that has beenliving in the country's coastal waters for millions of years. These lobsters are highly sought after by seafood lovers and fishermen alike, and their population is carefully monitored to ensure their sustainability.In the wild, these lobsters abide by the jungle law the law of the strongest. They are solitary creatures that live in crevices and caves along the rocky coastline, and they fiercely defend their territory against any intruders. Their sharp spines and powerful claws make them formidable opponents, and they are not afraid to use them to protect themselves.Despite their fierce reputation, these lobsters are also known for their intelligence and adaptability. Theyhave a highly developed sense of smell and can detect the slightest changes in their environment. They are also able to change their color to blend in with their surroundings, making them almost invisible to predators.The life cycle of the New Zealand giant lobster is also fascinating. They start their lives as tiny larvae thatdrift with the ocean currents for several months before settling on the rocky seabed. As they grow, they shed their hard exoskeletons and grow new ones, a process known as molting. During this time, they are vulnerable to predators and must hide in crevices until their new shell hardens.Mating for these lobsters is a complicated affair. The males must first attract a female by waving their antennae and making a series of clicking sounds. If the female is interested, she will approach the male and allow him to deposit his sperm packets on her abdomen. She will then carry these packets until she is ready to release them, at which point she will lay her eggs and attach them to her abdomen.Once the eggs hatch, the larvae will drift with the ocean currents for several months before settling on the rocky seabed and beginning their life cycle anew.In recent years, the New Zealand giant lobster has faced some challenges due to overfishing and habitat destruction. However, the government has implemented strict regulations to protect their population and ensure their sustainability. These regulations include size limits, fishing quotas, and closed fishing areas during the breeding season.In conclusion, the New Zealand giant lobster is a fascinating creature that embodies the jungle law of the wild. Their fierce nature and adaptability have allowed them to survive for millions of years, and their uniquelife cycle is a testament to their resilience. As humans, it is our responsibility to protect these magnificent creatures and ensure that they continue to thrive for generations to come.。
Packet routing in dynamically changing networks A reinforcement learning approach
Justin A. Boyan
School of Computer Science Carnegie Mellon University
Pittsburgh, PA 15213
hbLaoevtuenQdtxof(osdrp; yenn)oddbeiendtnhboeydtewimaxy'esotqfhuxaet'usean.1eniogUdhpbeooxnr
estimates it takes to deliver a packet P node y, including any time that P would sending P to y, x immediately gets back
Now at Brown University, Department of Computer Science
O6,ur7]\,Qle-raoruntsinagr"oaultgionrgitphomli,cryelwatheidchtobcaelratnaciensdmisitnriibmuitzeindgptahcekenturmoubteinr goaf l\ghooriptsh"mas packet will take with the possibility of congestion along popular routes. It does this by experimenting with di erent routing policies and gathering statistics about which decisions minimize total delivery time. The learning is continual and online, uses only local information, and is robust in the face of irregular and dynamically changing network connection patterns and load. The experiments in this paper were carried out using a discrete event simulator to model the transmission of packets through a local area network and are described in detail in 5].
计算机网络第4章
帧中继网络
– 体系结构 – 用户数据传输 – 呼叫控制
3 Chapter 4 Frame Relay
分组交换网络
基本技术与20世纪70年代网络采用的技术基 本上是相同的
实现长途数据通信少数有效的技术之一 帧中继和ATM是分组交换方式的变种 被直接应用到了因特网上 优点:
第二部分 高速网络
简要论述一些高速网络技术(包括 广域网技术和局域网技术),这些技术 是构成当代信息网络的基础。
第4章:帧中继 第5章:异步转移模式 第6章:高速局域网
1 Chapter 4 Frame Relay
第4章
帧中继
2 Chapter 4 Frame Relay
内容介绍
分组交换网络
19 Chapter 4 Frame Relay
帧中继网络的背景(续)
设计目的是消除X.25加于端用户系统和分组 交换网上的很多额外开销 – 逻辑连接的复用和交换发生在第2层而非第 3层,因此省去了整个一层的处理 – 没有逐跳的流量控制和差错控制 – 呼叫控制信令在一个单独的逻辑链接上与 用户数据分开传送(带外信令)
可以实现数据率的转换 在通信量变得很大时,分组仍然被接收,
但是它交付时延会增加(电路交换网中 一些呼叫会被阻塞) 可以使用优先级
9 Chapter 4 Frame Relay
与电路交换相比的缺点
一个分组通过每个分组交换网结点时会 产生额外的时延(传输、处理和排队时 延)
抖动: 分组时延的变化,某些实时应用 不希望存在抖动
28 Chapter 4 Frame Relay
帧中继呼叫控制
数据传输包括以下几个阶段:
– 在两个端点之间建立一个逻辑连接,并且 给这个连接分配一个唯一的DLCI
物联网的实现问题
a r X i v :1102.3204v 1 [c s .I T ] 15 F eb 2011One Packet Suffices –Highly Efficient PacketizedNetwork Coding With Finite MemoryBernhard HaeuplerRLE,CSAILMassachusetts Institute of TechnologyEmail:haeupler@Muriel M´e dardRLEMassachusetts Institute of TechnologyEmail:medard@Abstract —Random Linear Network Coding (RLNC)has emerged as a powerful tool for robust high-throughput multicast.Projec-tion analysis,a recently introduced technique,shows that the dis-tributed packetized RLNC protocol achieves (order)optimal and perfectly pipelined information dissemination in many settings.In the original approach to RNLC intermediate nodes code together all available information.This requires intermediate nodes to keep considerable data available for coding.Moreover,it results in a coding complexity that grows linearly with the size of this data.While this has been identified as a problem,approaches that combine queuing theory and network coding have heretofore not provided a succinct representation of the memory needs of network coding at intermediates nodes.This paper shows the surprising result that,in all settings with a continuous stream of data,network coding continues to perform optimally even if only one packet per node is kept in active memory and used for computations.This leads to an extremely simple RLNC protocol variant with drastically reduced requirements on computational and memory resources.By extending the projection analysis,we show that in all settings in which the RLNC protocol was proven to be optimal its finite memory variant performs equally well.In the same way as the original projection analysis,our technique applies in a wide variety of network models,including highly dynamic topologies that can change completely at any time in an adversarial fashion.I.I NTRODUCTIONRandom linear network coding (RLNC)has been shown to robustly achieve network capacity in multicast scenarios [1].It is asymptotically optimal rate-wise even in the presence of erasures when the erasures are globally known [2]or not [3],[4].For distributed packet networks with unknown or changing topologies a packetized RLNC protocol was suggested [3],[5].This RLNC protocol has been intensely studied,mostly under the name of algebraic gossip [6]–[10].Recently,this line of work cumulated in the introduction of projection analysis [11],a general technique that provides tight optimal bounds for all network models considered up to this point.None of the above works takes into account the memory required at nodes that participate in the dissemination with no intent on collecting all data.They also do not consider the size of the data upon which coding takes place.While this has been identified as an important problem,the solutions offered so far [12]–[15]are very restricted.In this paper we consider network coding with very limited ac-tive memory.We show the surprising result that,in all settings with a continuous stream of data,network coding continuesto perform optimally even if only one packet per node is kept in active memory.We introduce two extremely simple and efficient RLNC variants that use only minimal memory and computational resources.By extending the projection analysis,we give a general technique to obtain tight performance guarantees on these variants.In the same way as the projection analysis our technique applies in a wide variety of network and communication models including highly dynamic topologies that change completely at every time in an adversarial fashion.In all these settings the (order)optimal performance guarantees we obtain for the new protocols matches the best guarantees known for the full-blown RLNC protocol.We provide ex-amples for relaxations of classical expansion parameters like isoperimetry that give tighter capacity characterizations for (these)dynamic networks.II.R ELATED W ORKIn this section we summarize related work that addresses the question of reducing coding buffer sizes:The impact of finite memory was first considered in [12].The paper takes a fairly involved Markov chain approach to model the evolution of the degrees of freedom at a single intermediate node.Its analysis is restricted to communication along a simple path and the field size,q ,is assumed to be unbounded,which evades the question of likelihood of an unhelpful transmission.In general networks [3]and [8]use queuing approaches of the Jackson Networks type but their analysis track degrees of freedom rather than actual packets and does not explicitly consider memory.References [13],[14]show that it suffices for a node to keep only the coset space of the intersection of the data received at the node and of all the spaces representing the data received by its neighbors.How-ever,that work requires feedback and establishes sufficiency of the coset space,not necessity.Moreover,the coset space is in many cases of the same order as the entire space we seek to transmit and the results do not hold under variable network topologies,which would lead to variable coset spaces.The use of network coding for spatial buffer multiplexing in multi-hop networks is considered in [15].It analyzes large networks with reduced size packet buffers and shows that asymptotically the network acts as a shared buffer if the length of flow paths and the number of flows through each node are both polynomially large.III.M ULTICAST IN D YNAMIC N ETWORKSIn this section we briefly review the many-to-many multicast problem and the dynamic network model considered in this paper.We refer to[11]for an extensive discussion of the generality of the approach taken here,the various network and communication models it applies to and how these models encompass and generalize models given in prior literature. The many-to-many multicast problem is a typical distributed information dissemination problem.Some information is known to a subset of nodes in a network and through com-municating with each other all nodes(or a different subset of recipients)are supposed to learn about all information. In many modern networks like P2P-networks,or(wireless) ad-hoc meshes protocols have to deal with unknown,highly unstable or dynamic network topologies.We formalize this by assuming a dynamic network consisting of n nodes.The topology for every time t is specified by a graph G(t) which is chosen by a fully adaptive adversary that knows the complete network state including which node knows what. For simplicity we assume that the adversary decides on a topology before the nodes(randomly)generate their packets for the current round.This requirement can be dropped[10]. Nodes have no knowledge of the topology and decide on a packet to send.Whether a packet gets delivered to the neighbor(s)of a node depends on the communication model. At time t=0the adversary distributes k messages each to at least one node.We assume that the messages m1,..., m k are l dimensional vectors over afinitefield F q,where q is a sufficiently large prime or prime power.We are interested in analyzing the stopping time of a protocol,i.e.,the expected time until all recipients know all messages.All our results hold with exponentially high probability.IV.T HE RLNC P ROTOCOLSIn this section we review RLNC,the packetized network coding protocol[3],[5],and introduce two variants that use only afinite amount of active memory:the accumulator FM-RLNC(from[12])and the recombinator FM-RLNC.Every packet used by the protocols has the form( µ, m), where m= k i=1µi m i∈F l q is a linear combination of the messages,and µ=(µ1,...,µk)∈F k q is the vector of the coefficients.Each node u keeps a set of active packets.If a node u knows message m i initially we assume(e i,m i)to be an active packet of u,here e i is the i th unit vector in F k q. Whenever a node u is supposed to send out a packet,it chooses a random vector from the span of its active packets.Every node that is interested in decoding keeps all received packets until their coefficient vectors span the full space F k q.Gaussian elimination can then be used to reconstruct all messages. The protocols solely differ in what packets are kept active. In the regular RLNC protocol each node v has unlimited memory and simply keeps all received packets active.The FM-RLNC variants,on the other hand,only keep s active packets. Therefore,whenever a new packet is received it is not stored but simply combined with the s stored packets.We introduce two possible ways of doing so.The accumulator FM-RLNC scheme adds random linear combinations of the incoming packets to the stored s active packets.The recombinator FM-RLNC scheme creates the new s packets as uniform random samples from the span of the stored and new packets.Note that for s=1both approaches are equivalent.Note also that the shift register scheme from[12]does in general not perform well in dynamic settings,which is why we do not consider it here.plexity ComparisonWe briefly show the improved computational and memory complexity of the two FM-RLNC variants in comparison to the standard RLNC protocol.The RLNC protocol described in Section IV keeps all received packets in memory,even if they are already in the span of the stored packets.To avoid storing and frequently accessing these redundant packets it is often better to maintain the span of the received packets via a non-redundant basis.This is done by keeping only innovative packets,that increase the dimension of the span.This comes at the cost of an additional rank computation of a k×k matrix for every received packet(which can be partially reused by storing an orthogonal basis instead). More importantly the RLNC protocol still requires each node to have k memory,enough to store all packets in the system. Even worse,at every time a packet is generated all k packets need to be accessed,which results in k cache-unfriendly IO-operations per sent packet.The FM-RLNC protocols drastically reduce this complexity. Both require only space for s packets in their active memory and need only s(IO-)operations per packet sent out.Both protocols access the s packets for each received packet but differ slightly in their operations on these packets.While the recombinator requires O(s2)operations,the accumulator FM-RLNC protocol needs performs only one addition for each of the s packets.For s=O(1)this is a drastic reduction of the O(k)RLNC complexity.Beyond this,another important advantage of the FM-RLNC variants is that the number of active packets is so small that they can be entirely kept in fast(cache)ing only afinite amount of memory and extremely simple arithmetic furthermore opens many possibilities to implement coding directly in hardware,e.g., in routers,switches or sensors.V.E XTENDING THE P ROJECTION A NALYSISIn this section we show how the projection technique from [11]can be extended to analyze the FM-RLNC protocols.It is clear that every packet with coefficient vector µalso contains the linear combination of the messages specified by µ.Throughout the rest of this paper,we thus solely concentrate on the spreading of the coefficient vectors.The technique from [11]can be understood as analyzing this spreading process by tracking q k projections of it;one along each direction in F k q: Definition5.1:A node A knows about µ∈F q if its coefficient subspace of all its active packets is not orthogonal to µ,i.e., if there it has an active packet with coefficient vector c such that c, µ =0.Each such projection behaves like a1/q-faulty one-message flooding process:Lemma5.2:If a node u knows about a vector µand transmits a packet to node v then v knows about µafterwards with probability at least1−1/q for the RLNC protocols and at least(1−1/q)(1−1/q s)>1−2/q for both FM-RLNC protocols.Proof:Since node u knows µone of its active packets has a coefficient vector that is non-perpendicular to µ.This packet gets randomly mixed into the packet that is send out by u which is therefore non-perpendicular to µwith probability 1/q.If this is the case,then node v learns µif it uses the RLNC protocol.If it uses a FM-RLNC protocol then the received packet gets randomly mixed into each of the s active packets and the probability that all these packets are perpendicular to µis q−s.Remark:Note that it is highly unlikely,but nevertheless possi-ble,that a direction gets lost completely.While this probability is often negligible in practice,it can be completely avoided if the sources of the k messages keep the packets associated with these messages unchanged as active packets.This also avoids the possibility of a node with s<k active packets receiving more packets than it can store in the beginning.Therefore, throughout the rest of this paper,we use the assumption that no vector from F k q gets completely forgotten.Looking at the inverse dependence on q in Lemma5.3suggests a simple way to get around the problem of nodes forgetting a vector µ,namely choosing q large enough.For example,if q is polynomial in both the running time of the protocol and n then a union bound shows that the probability that a vector µgets ever forgotten is at most1/poly(n).Unfortunately,an inverse polynomially failure probability for each vector is not sufficient tofinish the proof as before with a union bound over the exponentially many vectors in F q.Indeed,it is clear that for s<k a node has to forget many vectors to be able to learn others.Thus,instead proving as before that at some point each vector µis known by all nodes we show that after a long enough time each vector knew µ(and then forgot it). This time at which a node knows a vector µcan in principle be different for every node.We prove the simpler but stronger statement that,for each µ,there is with exponentially high probability one point in time at which all nodes know it.Even so the last step and the two union bounds seem very crude it turns out that,averaged over the exponentially many vectors, our bounds are spot on in the worst case and lead to simple proofs of(order)optimal convergence times.The same is true for our choice of q.Wefirst want to mention that choosing q=poly(n)is a reasonable choice for the field size which leads to practical coefficients sizes that are logarithmic in n.Indeed,in all prior work[7]–[9],except for[11],coefficients of this size are required.Secondly we have a strong lower bound that logarithmic size coefficients are necessary if one wants to keep onlyfinitely many active packets per node.The following lemma shows the sharp threshold result that even slightly sub-logarithmic coefficient sizes lead to exponentially long running times in adversarial dynamic networks.The lemma holds in all communication models in which nodes can only communicate with their neighbors and the proof also nicely demonstrates the power of an adaptive adversary:Lemma5.4:For any q,with log q=o(log nbefore the FM-RLNC protocol succeeds.l +k)time to spread k messages if the(directed)graph G is (strongly)l-vertex-connected at any point of time.Proof:Wefix a vector µ∈F k g(with µ= 0)and analyze how knowledge of it spreads through the network.The vector µis known to at least one node in the beginning,namely any node who knows about message i where i is a non-zerocomponent in µ.We define a round as a success if all nodes that are connected to a node that knows about µlearn about µand no node forgets µ.If this does not happen,we define the round as a failure.We furthermore count a round as r failuresif r nodes forget about µ.We want to prove that the probability for a failure is at most q−1+o(1).For this,we set q=nω(1),which leads toa coefficient size only slightly larger than O(log n).Lemma5.3states that the probability for one node to forget µis atmost1/q.The probability for r nodes to forget µis thus atmost n r (q−s)r<(n/q)r<q−r(1−o(1)).If no node forgot µ, then the only possibility for a failure is that at least one nodefailed to learn about µ.Lemma5.2bounds this probabilityfor one node by2/q and a simple union bound over all nodes shows that the probability for at least one node to fail this way is at most2n/q=q−(1−o(1)).The l-connectivity of the network guarantees that every suc-cessful round results in either all nodes knowing µor in atleast l more nodes learning about it.Any failure,on the other hand,can only decrease the number of nodes that know µby one.Thus if we we run the FM-RLNC protocol for5(nl +k)each vector was known to each node at least once.Therefore, if each recipient keeps all packets that are streamed through it,the coefficient vectors span the full space F k q and the node will be able to decode.l )and,if all messages start in one node v,it isalso clear that at least k rounds are needed,since at each round only one packet is formed by v.The lemma thus shows,that FM-RLNC achieves an optimal,perfectly pipelined[11] information spreading in always connected networks,even if only one packet is stored per node.In the same manner,most proofs in[11]can be extended to the FM-RLNC protocol.Next,we do this for Lemma6.4of [11],that characterizes the stopping time for the synchronous broadcast model by its isoperimetric expansion,which is tight for most regular graphs.Emphasizing the applicability in a dynamic setting we show here that the proof does not just extend to the FM-RLNC setting but also to a much more flexible and weaker notion of isoperimetry for dynamic graphs which we introduce next:Definition6.2(Relaxed Isoperimetry):For a graph G and a subset S let h G(S)be the union of S and the(directed) neighborhood of S,i.e.,the nodes inmin(|min(|H(G)+ k)steps to spread k messages in a dynamic network G.Proof:We extend the proof of Lemma6.4.in[11]to the FM-RLNC setting and the relaxed notion of isoperimetry. For sake of space we only sketch the proof here.The analysis concentrates again on the spreading of one vector µand is done in phases of∆rounds.We use the same definition ofsuccesses and(multi-)failures for phases as in Lemma6.1. Choosing q in the same way also leads to the same proba-bilities for failures and successes.Note,that,in a successful phase,the number of nodes that know about µincreases by at least a factor of1+O(H)(or the number of nodes that do not know µdecreases by the same factor).Thus,taking integrality into account,it is easy to see that a net of T=O(log(nH) A similar result can be proven for the asynchronous BROAD-CAST model[11]in which at every round one node gets selected at random to broadcast its packet to its neighbors.To cover a very different model for ourfinal example we choose a result on the performance of RLNC in the asynchronous single transfer model from[11].In this model,the adversary adaptively chooses a probability distribution over edges in each round from which the single transaction for the next round is then sampled.While for the RLNC protocol coding with binary coefficient(i.e.,q=2)works Lemma5.4shows that this is not possible usingfinite memory.The next lemma demonstrates another way to circumvent this lower bound: using logarithmically many active packets suffices.In the same way as done for Lemma6.3,we replace the min-cut criterion by the weaker min-average-cut,i.e.,a sufficient average cut over eachfinite time window of length∆=O(1)for each subset individually.Lemma6.4:In a dynamic network G with min-average-cut at least C,the asynchronous single transfer FM-RLNC protocol that uses binary coefficients(i.e.,q=2)and keeps only s=Ω(log n)active packets spreads n messages with probability at least1−2−n in order optimal O(n。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
Active NetworksState-of-the-artAntonio Salueña<saluena@lut.fi>BackgroundActive Networks is about programming the network infrastructure as support of customised communication servicesActive = dynamic programmability andcontrolCustomisation = user/consumer centricnetwork and servicesExpected major impact: rapid service creation and deployment3Programmable Networks OPENSIG -Programmable Networks in telecom oriented approachOpening up the switchesModelling communication hardware using open programmable network interfacesEmphasis on service creation with QoSOpen interfaces allow service providers to manipulate the network via middleware toolkits IEEE P1520 Project follows this approach (standardise programming interfaces for IP routers, ATM switches & mobile networks)AN ApproachesIntegrated (in-band or Encapsulation)capsule-based approach -packets may contain both data and active code to be executed at nodeDiscrete (out-of-band or Programmable Switch/Router)active code downloaded out-of-band from code libraries/caches5AN ArchitectureActive Packets approachActive code is carried by packetsNo active code resides on nodesNodes allow computation up to 7 layer Active code executed on the data of the same packet or changes state of the node Most of the early AN implementations follow this approach Active PacketsSmart PacketsPrograms completely self-contained and fit entirely in one packetno need for persistent state in router programs cannot be more then ~1KbOperating environment provides security executable code is dangerousActive Network Encapsulation Protocol (ANEP)Smart Packet encapsulated within ANEP packet ANEP packet encapsulated within IP packet Active Code Highlevel –Sprocket (much like C)Lowlevel –Spanner (assembler)7Active PacketsActive IP OptionUses IP option field to embed program fragments in an IP datagram Two optionsprogram fragments language queryActive Code –TCLProcessing is done by striped-down TCL interpreterBackward compatible Limited to IP protocolAN ArchitectureActive Nodes approachPackets contain :identifiers or references to predefined set of functionsfunction parameters payloadActive code (functions) resides on nodes Better security and performance9Active NodesANTS (Active Node Transfer System)Network is viewed as distributed programming system Packets replaced by capsulescapsule include ref to the forwarding routine to be used to process it at noderelated capsule types form a code groupcode group is transferred as unit related code groups form a protocolCode distribution mechanismcode loaded and cached at nodesome “well-known” routines available at every node Java-based prototypeAN ArchitectureActive Packets and Nodes ApproachActive Packets can carry only simple and restricted code Complex code resides in Active Nodes Usually this architecture allow user to choose actual approach11Active Packets and Nodes SwitchWareActive Packetssame as in active packets archProgramming Language for Active Networks (PLAN) –lightweight, restricted language PLAN programs can call Switchlets Switchletsroutines which resides on the nodecan be dynamically loaded Active Router Infrastructure Active Packets and Nodes NetScriptDelegated agents to program and control intermediate network device/nodeVirtual Network Engine (VNE)Virtual Link (VL)VNE + VL = NetScript Virtual Network (NVN)NetScript language to program NVNVirtual machine to process scriptsActive Packets = NetScripts packets Active Nodes = VNEFocus on network programmabilityThreat network as a single programmable abstraction13AN R&DDARPAmore then 50 projectsEURESCOMP926: CASPIANIST FAIN (Future Active IP Network)EURESCOM P926: CASPIANConstructing a dynamic service environment using policies (for mobility, QoS and management aspects) Study suitability of AN as flexible, policy driven service environment and to develop active nodesParticipants:BT, KPN, Telefonica, OTE, Elisa, VTT, Broadcom, Lancaster University15EURESCOM P926: CASPIAN Six individual experimental projects active server interoperability (all partners)studies active network interoperability at the node level active router control (Lancaster Uni,Broadcom)developing differentiated services and route control interfaces on IP network elements. These control interfaces may be compatible with IEEE P1520active support for mobility (Elisa)developing a set of active nodes capable of mobile active overlay. User devices (PCs with a slightly modified mobile IP installed) will have all of their traffic routed through the nearest active nodes connected to the InternetEURESCOM P926: CASPIAN Cont.active email service (Telefonica, OTE)studying active anti-spam filtering and active attachment conversion composition of heterogeneous active services (KPN)studying how individuals can compose their own services from the components developed by the project management of active services (BT, KPN)implements active service management, utilizing policy based management techniques for service deployment and access17CASPIAN ArchitectureDivide programmability according to requirements Active routerOSI layer-3 functionsembedded scripts or programs, from trusted sources low memory and computational power Active Server application layer active networking many specialized nodesnode supporting active caching require high-performance I/O transcoding node requires efficient maths operationsCASPIAN Active Route Control Build programmable routerin the spirit of IEEE P.1520 element control provide layer-3 support to active servicesDefine programmable abstraction and interfaces enabling control of routing and scheduling Two levels of “active networking”“L” interfaces for fine grained configuration uploading active code (i.e. switching between MPLS and DiffServ QoS management)References1. E. Prigent, T. Braun. Active and Programmable IP Network. BroadcomCommunicate Vol. 5, No.2, 2000.<http://www.broadcom.ie/knowledgebase/communicate/vol5/iss2/pdf s/ActiveProgrammable-IP.pdf>.2.Psounis, K.: Active Networks: Applications, Security, Safety, andArchitectures. IEEE Communications Surveys. 1999.</pubs/surveys>.3.Campbell, A.T. et al. A Survey of Programmable Networks. ACMSIGCOMM Computer Communication Review, April 1999.</genesis/papers/ccr99.ps.gz>.4.Tennenhouse D. L. et al. A survey of active network research. IEEECommunications Magazine, Vol. 35, No. 1, 1997.</publications/ieeecomms97.html>.5.IEEE P1520 Standardisation Project. </>.6.DARPA: Active Networks Projects.</ito/research/anets/>.19。