Integrated services packet networks with mobile hosts Architecture and performance

计算机网络原理习题讲解精编版MQS system office room 【MQS16H-TTMS2A-MQSS8Q8-MQSH16898】ChapterI1. Whatisthedifferencebetweenahostandanendsystem??2. Whatisaclientprogram?Whatisaserverprogram?Doesaserverprogramrequesta ndreceiveservicesfromaclientprogram?3. ,companyaccess,ormobileaccess.4. Dial-upmodems,HFC,,providearangeoftransmissionratesandcommentonwhetherthe transmissionrateissharedordedicated.5. .6. Whatadvantagedoesacircuit-switchednetworkhaveoverapacket-switchednetwork?WhatadvantagesdoesTDMhaveoverFDMinacircuit-switchednetwork?7. 2,000km 8102⨯prop d trans d trans d t =prop d trans d trans d prop d trans d trans d 8105.2⨯=s prop d trans d 6108⨯下列说法中,正确的是()。

A.在较小范围内布置的一定是局域网,币在较大范围内布置的一定是广域网B.城域网是连接广域网而覆盖园区的网络C.城域网是为淘汰局域网和广域网而提出的一种网络技术D.局域网是基于广播技术发展起来的网络,广域网是基于交换技术发展起来的向络 解答:D 。

通常而言,局域网的覆盖范围较小,而广域网的覆盖范围较大,但这并不绝对。

有时候在一个不大的范围内采用广域网,这取决于应用的需要和是否采用单一网络等多种因素。

5g通信移动外国参考文献1. Rappaport, T. S., Shu, F., Sun, S., & Mayzus, R. (2013). Millimeter wave mobile communications for 5G cellular: It will work!. IEEE access, 1, 335-349.2. Andrews, J. G., Buzzi, S., Choi, W., Hanly, S. V., Lozano, A., Soong, A. C., ... & Zhang, J. (2014). What will 5G be?. IEEE Journal on selected areas in communications, 32(6), 1065-1082.3. Boccardi, F., Heath Jr, R. W., Lozano, A., Marzetta, T. L., & Popovski, P. (2014). Five disruptive technology directions for 5G. IEEE Communications Magazine, 52(2), 74-80.4. Al-Fuwaires, M., & Faisal, K. (2018). 5G wireless communication systems: prospects and challenges. Wireless Personal Communications, 98(1), 159-175.5. Szydelko, M., Wysocki, T. A., & Monti, P. (2016). 5G mobile networks evolution: requirements, trends, and challenges. In 2016 8th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT) (pp. 5-10). IEEE.6. Lopez, O., Guijarro, M., Casado, T., & Cano, J. C. (2016). 5G mobile networks: A vision. Current Trends in Communications Engineering, 4(1), 36-43.7. Khan, F. H., Ahmed, R., & Ali, W. (2018). Key enabling technologies for 5G mobile networks: state-of-the-art and research challenges. Journal of Network and Computer Applications, 107, 77-104.8. Boudhir, A., Huq, K., & Bardakjian, A. (2017). A survey of 5G wireless communication technologies and challenges. IEEE Transactions on Retrofitting Evolution, 76(2), 153-202.9. Parkvall, S., Ericson, A., & Furuskar, A. (2017). 5G NR: The next generation wireless access technology. Academic Press. 10. Mellado, M., & López, V. (2017). Cloud-based architecturesfor 5G mobile networks: design principles and requirements. Journal of Network and Computer Applications, 87, 203-217.。

计算机网络(第四版) 习题答案第1 章概述1-3 The performance of a client-server system is influenced by two network factors: the bandwidth of the network (how many bits/sec it can transport) and the latency (how many seconds it takes for the first bit to get from the client to the server). Give an example of a network that exhibits high bandwidth and high latency. Then give an example of one with low bandwidth and low latency.客户-服务器系统的性能会受到两个网络因素的影响：网络的带宽（每秒可以传输多少位数据）和延迟（将第一个数据位从客户端传送到服务器端需要多少秒时间）。

请给出一个网络的例子，它具有高带宽和高延迟。

然后再给出另一个网络的例子，它具有低带宽和低延迟。

答：横贯大陆的光纤连接可以有很多千兆位/秒带宽，但是由于光速度传送要越过数千公里，时延将也高。

相反，使用56 kbps调制解调器呼叫在同一大楼内的计算机则有低带宽和较低的时延。

1-4 Besides bandwidth and latency, what other parameter is needed to give a good characterization of the quality of service offered by a network used for digitized voice traffic?除了带宽和延迟以外，针对数字化的语音流量，想要让网络提供很好的服务质量，还需要哪个参数？声音的传输需要相应的固定时间，因此网络时隙数量是很重要的。

收稿日期：2019-07-05中国移动数据中心SDN网络架构及关键技术The Network Architecture and Key T echnologies of China Mobile’s Datacenter Based on SDN提出了一种适用于大规模数据中心的SDN 组网方案及其对应的网络架构和关键技术。

在该组网方案下，引入多POD 组网结构，每个POD 内部署独立的SDN 控制器及转发设备，通过统一的云管理平台集中管理多个POD 。

基于SDN 的大规模数据中心组网方案旨在打破传统云平台和SDN 控制器管理规模性能的限制，满足数十万台服务器的数据中心建设需求。

该方案已成为通信行业SDN 大规模网络的标杆方案，目前已在中国移动私有云数据中心规模商用。

软件定义网络；大规模数据中心；底层网络；路由规划A SDN-based networking solution with its network architecture and key technologies is proposed, which is suitable for large-scale datacenters. Such networking solution introduces a structure with multi-PODs, where the forwarding devices and SDN controllers are independently deployed in each POD. Furthermore, multiple PODs are managed by a unifi ed cloud management platform in the centralized way. The SDN-based large-scale datacenter networking solution aims to break the limitation of the management scale performance of traditional cloud platform and SDN controller, and satisfy the needs of datacenter with hundreds of thousands of servers. This networking solution has become the benchmarking of SDN large-scale network in communication industries. It has been commercialized in the China Mobile’s private cloud datacenter.SDN; large-scale datacenter; underlay network; route planning（中国移动通信有限公司研究院，北京 100053）(China Mobile Research Institute, Beijing 100053, China)【摘 要】【关键词】王瑞雪，熊学涛，翁思俊WANG Ruixue, XIONG Xuetao, WENG Sijun[Abstract][Key words]1 引言为满足通信4.0时代敏捷化、开放化、软件化和虚拟化的网络需求，中国移动提出以NovoNet 为愿景的下一代网络构想，旨在通过网络革新构建一张资源可doi:10.3969/j.issn.1006-1010.2019.07.002 中图分类号：TP915.6文献标志码：A 文章编号：1006-1010(2019)07-0007-06引用格式：王瑞雪,熊学涛,翁思俊. 中国移动数据中心SDN网络架构及关键技术[J]. 移动通信, 2019,43(7): 7-12.全局调度、能力可全面开放、容量可弹性伸缩、架构可灵活调整的新一代网络架构[1-4]，以适应中国移动数字化服务转型发展需要，为“互联网”+发展奠定良好的网络基础。

中国移动数据中心SDN网络架构及关键技术随着云计算和大数据的快速发展，中国移动数据中心的规模和复杂性也在迅速增加。

为了应对这一挑战，SDN（软件定义网络）技术被引入到数据中心网络中。

本文将探讨中国移动数据中心SDN网络的架构和关键技术。

一、SDN网络架构概述SDN是一种网络架构和技术，通过将网络控制平面与数据平面分离，实现对网络资源的灵活管理和配置。

在中国移动数据中心，SDN网络架构采用了集中式的控制器和分布式的交换机结构。

1. 控制器SDN网络的控制器是整个网络的大脑，负责集中管理和控制网络中的交换机。

在中国移动数据中心，SDN控制器可以根据实际需求来调整网络的流量分配和路径选择，从而提高网络的灵活性和性能。

2. 交换机SDN网络中的交换机负责实际转发数据包。

在中国移动数据中心，交换机被部署在各个服务器和设备之间，通过与控制器的交互，来接收并执行网络策略和配置。

二、SDN网络关键技术1. OpenFlow协议OpenFlow是SDN网络的一种重要协议，用于控制器和交换机之间的通信。

在中国移动数据中心中，使用OpenFlow协议可以实现网络的灵活性和可编程性，同时减少了对交换机的修改和配置。

2. 虚拟化技术在中国移动数据中心的SDN网络中，虚拟化技术起到了至关重要的作用。

通过将物理网络资源划分为多个虚拟网络，可以实现对网络的动态分配和管理。

这种虚拟化技术可以提高数据中心的资源利用率和性能。

3. 多路径技术为了提高中国移动数据中心SDN网络的可靠性和性能，多路径技术被引入到SDN网络中。

通过使用多条路径来传输数据，可以有效地避免网络拥堵和故障，提高网络的吞吐量和可用性。

4. 安全性技术中国移动数据中心SDN网络中的安全性是一个重要的考虑因素。

为了保护网络免受恶意攻击和入侵，采用了各种安全性技术，如访问控制、加密和入侵检测等。

这些安全性技术可以有效地保护数据中心的网络安全。

5. 动态网络管理技术中国移动数据中心的SDN网络需要具备动态管理和配置的能力。

The Solaris TM 8 Operating Environment delivers end-to-end security for business-critical enterprise applications and robust workgroup computing. Easily configured, flexible, and independently certified, security in the Solaris Operating Environment protects your systems and network from unauthorized access and other threats, helping keep your organization open for business.THE SOLARIS OPERATING ENVIRONMENTThe Solaris8Operating Environment is the established OS leader for availability, scalability, and security in the Internet age. In Solaris 8 software,Sun delivers a trustworthy,universal platform to meet the needs of dot-com businesses -- from small startups to large Fortune 1000 enterprises.It’s no surprise that the Solaris Operating Environment is the leading UNIX® environment today. Solaris software was originally designed with the Internet in mind. TCP/IP, the central Internet protocol, has been at the core of Solaris networking for more than 15 years. Through its time-tested design--a small,stable kernel,modular and extensible components, and well-defined interfaces -- Solaris soft-ware delivers rock-solid stability and predictability for business-criti-cal applications. And the Solaris 8 Operating Environment provides complete compatibility with prior versions, so you can be confident that your current applications will continue to run.F IREWALLSFirewalls control the data flow between two networks, according to security policy rules. The Solaris 8 Operating Environment offers built-in firewall functionality,with both the lite-and full-product ver-sions.•SunScreen™ Secure Net 3.1 is a full-featured firewall product that can be deployed throughout an organization to implement a secure business network including extranets, secure intranets,and remote access. It offers affordability, strong cryptography, centralized management, and high availability for screening and encryption.•SunScreen™ 3.1 Lite is a firewall product designed to protect individual servers or very small workgroups. It is built from the same code as the full SunScreen Secure Net3.1product,provides high-speed, dynamic stateful packet-filtering, and includes a subset of the features offered with the full version.V IRTUAL P RIVATE N ETWORKS(VPN S)VPNs represent a cost-effective means of using the Internet to com-municate securely between two or more points. By encrypting and decrypting all traffic between VPN nodes, businesses can send pri-vate information securely over the Internet -- unwanted users are unable to read or modify data. The Solaris Operating Environment supports both the Internet protocol security(IPSec),and Simple Key-Management for Internet Protocols (SKIP) technology for imple-menting and deploying VPNs.IPS ECA key feature of the Solaris 8 Operating Environment security is the IPSec architecture. IPSec is an initiative to add security services to the IP protocol.It secures communication channels and ensures that only authorized parties can communicate on them.Sun’s implementation of IPSec in the Solaris 8 Operating Environ-ment supports shared-secret encryption. 128-bit MD5 and SHA-1 algorithms are available for datagram authentication and integrity; 56-bit DES and168-bit Triple DES algorithms are available for payload encryption. In addition, the Solaris platform also supports ‘manual keying’ today, and there are plans to support IKE functionality, which features automatic certificate exchanges and compatibilityS ECURITY I N THE S OLARIS TM O PERATING E NVIRONMENT•IPSec suite of communication channel security protocols•Shared-secret and public-key encryption;56-bit,128-bit algorithms•APIs that enable application-level specification of IPSec policies •Pluggable authentication modules•Smart card support•Kerberos support for single sign-on•Role-based access control•Access control lists•Interoperable with a broad range of server andprocessor offerings•Advanced services offer enhanced integrity andsecuritywith Public Key Infrastructure(PKI)products,in a future release.IPSec is implemented following Internet Engi-neering Task Force(IETF)specifications,ensuring that servers running the Solaris Operating Envi-ronment will operate seamlessly with systems from other vendors adhering to IETF standards. And because the Solaris Operating Environment runs on both Sun SPARC™ processors and Intel Architecture-based platforms, you have the free-dom to choose the platform that best suits your needs.Solaris software includes APIs that enable appli-cation-level specification of IPSec policies, enabling your application developers to dictate security policies independently of system admin-istrators. In addition, because IPSec operates at the Internet protocol (IP) level, you can use it to restrict access to applications that are not com-pletely secure.With these powerful capabilities, you can imple-ment many security approaches in the Solaris 8 Operating Environment, such as:•Restricting ISP Internet services so that only specific services are accessible to users.•Securing communications between the tiers of multitier enterprise applications, so that even those with physical network access cannot view data they are not authorized to see.•Establishing VPNs to enable remote offices and users to communicate securely over the Internet to the home office. An advantage of IPSec is that security arrangements can be handled without requiring changes to individual computers.IPSEC AND SECURE SOCKETS LAYER (SSL) To some extent IPSec and SSL are two approaches to the same problem of end-to-end authentication and encryption. However, the basic approaches are different.•SSL implements its functionality above the kernel, and does not require any changes to the operating system. SSL operates on top of the TCP layer. Applications that want to use SSL must be rewritten to use this functionality. Virtually all leading Web browsers available today offer built-in SSL functionality.•IPSec was designed to operate without requiring changes to an application or its APIs.IPSec operates below the TCP layer, and is transparent to the applications and their APIs.IPSec is a very strong, network-level protocol. It can protect against a variety of threats, such as sniffing, spoofing, flooding, and hijacking. How-ever, it blocks hosts that don’t support it or oth-erwise have a security association with the initiating host. For Web traffic, where the major-ity of traffic does not require security of any kind, IPSec may need too much overhead.IPSec is well suited for VPNs and extranets.SSL is well accepted and widely used on the Web. SSL offers better control over which security mea-sures are used, and can automatically apply encryption and integrity protection to the data it carries.SKIPSKIP secures the network at the IP packet level --any networked application gains the benefits of encryption, without requiring modification. SKIP is unique in that it offers“on-the-fly”encryption. An Internet host can send an encrypted packet to another host without requiring a prior message exchange to set up a secure channel. Some of the advantages of SKIP include:•No connection setup overhead.•High-availability;encryption gateways that fail can reboot and resume decrypting packets instantly, without having to renegotiate existing connections.•Allows unidirectional IP (for example, IP broadcast via satellite or cable).•Scalable multicast key distribution.•Gateways can be configured in parallel to perform instant failover.STRONG USER AUTHENTICATIONIn a business-critical environment, you need to ensure that only authorized users can access spe-cific systems and services. Solaris 8 software pro-vides a flexible set of facilities for strong user authentication that can be used out of the box or can be integrated into applications as service-specific security features.S UN E NTERPRISE A UTHENTICATION M ECHANISM™1.0S OFTWARESun Enterprise Authentication Mechanism soft-ware provides a distributed, enterprise-wide authentication mechanism for single sign-onthat reduces the number of times each user must go through a login sequence.Sun Enterprise Authentication Mechanism soft-ware allows one computer to prove its identity to another across an insecure network through an exchange of encrypted messages. Once identity is verified, Sun Enterprise Authentication Mecha-nism software provides the two computers with encryption keys for a secure communication ses-sion.Note that Kerberos clients are bundled with the Solaris 8 Operating Environment, and the Ker-beros server is freely downloadable as part of the Solaris Admin Pack. Sun Enterprise Authentica-tion Mechanism software may be purchased sep-arately, for users of previous versions of the Solaris Operating Environment.P LUGGABLE A UTHENTICATION M ODULES(PAM S) PAMs provide a uniform means for third-party applications, as well as the Solaris Operating Environment itself,to access user authentication facilities. You can easily construct PAMs to sup-port your site-specific authentication require-ments (for example, an interface with a bio-metric scanning device such as a palm scanner for user identification).As current authentication mechanisms evolve, and as new authentication mechanisms are introduced, system entry services such as login, rlogin, and telnet must continually be custom-ized to incorporate these changes.However,with PAM framework, multiple authentication tech-nologies can be added without changing any of the login services, thereby preserving existing system environments. PAM can be used to inte-grate login services with systems based on differ-ent authentication technologies, such as RSA, DCE, Kerberos, S/Key, or smart cards. Thus, PAM enables networked machines to seamlessly inter-act in an environment where multiple security mechanisms are in place.P UBLIC K EY I NFRASTRUCTURE(PKI)PKI is an authentication mechanism that is used for verifying the identities of parties in Internet transactions. It can also be used for nonrepudia-tion purposes so that users can protect them-selves in online transactions.With a PKI,businesses can use an insecure public network, such as the Internet, to securely and privately exchange data.This is enabled through the use of a public and a private cryptographic pair that is obtained and shared through a trusted authority, commonly called certificate authority. The public key infrastructure provides for both a digital certificate that can identify indi-viduals or organizations, and directory services that can store or revoke certificates.S MART C ARD S UPPORTSmart cards can offer a tremendous enhance-ment to your security architecture. Smart card functionality,including authentication,personal information storage, and Java™ applet manage-ment enable you to implement smart card solu-tions to your applications and business environ-ment. The Solaris Operating Environment smart card feature implements the OCF 1.1 standard, and supports out-of-the-box support for smart card authentication at login.Smart cards provide basic public key infrastructure to manage user access; users are authenticated at login (using CDE), and when challenged by applications. The Solaris 8 Operating Environment supports three smart card features: Schlumberger Cyberflex Access Card, Dallas Semiconductor iButton (Java technology-based), and Schlumberger Micro Payflex.A CCESS C ONTROLBesides UNIX permission mechanisms, the Solaris Operating Environment enhances access control through access control lists (ACLs) and role-based access control (RBAC).A CCESS C ONTROL L ISTS(ACL S)ACLs provide a listing of users and their associ-ated access rights, providing fine-grain access control for every file. File access can be con-trolled not only on a group basis, but also on a per-user basis. ACLs are implemented for both the Solaris User File System (UFS) and the Net-work File System (NFS), and adhere to the POSIX 1003.6 specification.R OLE-B ASED A CCESS C ONTROL(RBAC)RBAC helps protect against vulnerabilities caused by human error. RBAC is an alternative to the tra-ditional superuser model of root access to UNIX systems,with its“all-or-nothing”approach.RBAC lets you assign rights to individual,trusted users and delegate what specific operations they canperform. This may include access to such resources as serial port, file, log, printer management, user login control, system shutdown,and the right to execute certain programs. Users are authenticated before any role is assumed so that all privileged activities can be logged and associated with a person. With RBAC, superuser func-tions are divided into multiple roles—root password access does not provide unlim-ited access to the system.A UDITINGAuditing helps system administrators track security-related events, including many dif-ferent types of access attempts. If a viola-tion occurs, an audit log can help deter-mine the cause and source of problems. The Solaris platform includes two methods for auditing: UNIX system logs, and Con-trolled Access Protection Profile (CAPP) at Evaluation Assurance Level 4 (EAL4) audit-ing.•UNIX system logs (syslog) keep track of login events, resource usage, quotas, and more. Many system facilities use syslogs to record or alert the system administrator to important events. Shell scripts or wrappers can also be written to syslog databases to cover specific situations.•CAPP EAL4auditing–previously called C2 auditing– can produce detailed audit reports by user, event, and class. In addition,with CAPP EAL4it is possible to log any event that a system adminis-trator deems security relevant. In the Solaris platform, CAPP EAL4 auditing includes the Basic Security Mode (BSM) functionality, which enables event logging down to the system call level. Should a security infraction occur, the Solaris Operating Environment auditing capabilities ensure system administrators a detailed account of relevant activity.S OLARIS F INGERPRINT D ATABASEThis SunSolve SM service enables you to ver-ify the integrity of files distributed with theSolaris Operating Environment,such as the/bin/su executable file, Solaris softwarepatches, and unbundled products such asSPARC compilers.Solaris Fingerprint Database ensures thatyou are using a true file in an official binarydistribution, and not an altered versionthat can compromise system security. Ifyou suspect someone has changed yoursystem without your authorization, youcan use the Solaris Fingerprint Database tocheck files for alteration or damage.S UN E NTERPRISE™N ETWORK S ECURITYS ERVICESun Enterprise Network Security Service isa flexible Java technology-based securitysolution that permits organizations toaudit and secure their systems and net-works in a modern, heterogeneous, corpo-rate intranet. The software provides youwith a network service daemon that shouldbe installed on each host in your network;these daemons can then be linked togetherin a hierarchy of trust. This hierarchy maybe used for the distribution and executionof digitally-signed packets containing Java,script, or binary code, which may be usedto proactively check and fix host securityissues in a bulk, batch-oriented manner.Execution requests are also digitallysigned, replay attacks are prevented, andnetwork communications are secured byACLs, PAMs, and security modules.S UN B LUE P RINTS™P ROGRAMDue to the general nature of the SolarisOperating Environment, changes may berequired in some environments in order toprovide additional security against unau-thorized access and modification.Sun Blue-Prints books are available that discuss theSolaris Operating Environment subsystemsand related security issues.Systems running Solaris software are alsoshipped with a wide variety of network ser-vices, most of which are activated bydefault. For security reasons, it is in thebest interest of each system(and its owner)to have all nonessential services deacti-vated. Properly deactivated network ser-vices eliminate any current or future threatof system penetration,control,or disablingvia the network service. The Solaris plat-form has a simple procedure to identify anddisable a service determined to be unnec-essary. For details, refer to the followingSun BluePrints books:•Solaris Operating EnvironmentMinimization for Security: A Simple,Reproducible, and Secure ApplicationInstallation Methodology•Solaris Operating Environment Security•Solaris Operating Environment NetworkSettings for SecurityINTEGRATED, END-TO-END SECURITYIn today’s Internet age, “anytime, any-where” access to information, electroniccommerce, Web-based applications, andother mission-critical solutions creates newchallenges for the data center when itcomes to ensuring privacy and limiting theenterprise’s exposure to business risks.TheSolaris 8 Operating Environment providesintegrated features that deliver the end-to-end security you need in order to safelydeploy these powerful new solutions inyour complex enterprise computing envi-ronment -- whether you need the agility ofa dot-com startup, the predictability of abusiness-critical application, or both.FOR MORE INFORMATIONTo learn more about security and theSolaris Operating Environment,please visitour Web site at /security.©2001Sun Microsystems,Inc.All rights reserved.Sun,Sun Microsystems,the Sun logo,Java,Solaris,SunScreen,Sun BluePrints,Sun Enterprise,Sun Enterprise Authentication Mechanism,and We’re the dot in .com are trademarks or registered trademarks of Sun Microsystems,Inc.in the United States and other countries.All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International,Inc.in the United States and other countries.Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems,scape is a trademark or registered trademark of Netscape Communications Corporation.UNIX is a registered trademark in the United States and other countries,exclusively licensed through X/Open Company,rmation subject to change without notice.。