Final Study Guide Flashcards
1
Q
What areWhy did SDN arise?
A
to make computer networks more programmable.
2
Q
Why are computer networks complex/difficult to manage?
A
Diversity of equipment
Proprietary Technologies
3
Q
What is SDN’s main idea? What does that mean in practice?
A
Separation of tasks. Split the network into the Control Plane and the Data Plane
4
Q
What are the three historical phases of SDN?
A
- Active networks
- Control and data plane separation
- OpenFlow API and network operating systems
5
Q
Summarize the Active Networks Phase
A
Took place from mid 1990’s to early 2000’s
Active networks emerged, aimed at opening up network control.
Too ambitious, didn’t focus on security, required knowledge of Java
6
Q
What is active networking?
A
Network is not just a group of bits, but a computer itself to be interacted with, providing services such as API
7
Q
What are the two types of programmable modelling that are part of Active Networking?
A
- Capsule model – carried in‑band in data packets
- Programmable router/switch model – established by out‑of‑band mechanisms
8
Q
Summarize the Control and data plane separation Phase
A
Lasted from 2001 to 2007
Network reliability, performance, and predictability were key
Spurred innovation for network administrators rather than end users
9
Q
Summarize the OpenFlow API Phase
A
Took place from 2007 to 2010
Born from interest for network experimentation at a scale
Ensure practicality of real world deployment
Was adopted in the industry, unlike predecessors
10
Q
What does the control plane do?
A
The control plane contains the logic that controls the forwarding behavior of routers such as routing protocols and network middlebox configurations
11
Q
What does the data plane do?
A
The data plane performs the actual forwarding as
dictated by the control plane
12
Q
Why separate the control plane and data plane?
A
1: Independent evolution and development
2: Control from high‑level software program
13
Q
Why did the SDN lead to opportunities in various areas, such as data centers, routing, enterprise networks, and research networks?
A
Made network management easier.
More control in path selection.
Improved security.
Allows research networks to coexist with production networks
14
Q
What are the two primary functions of the network layer?
A
Forwarding and Routing
15
Q
What is forwarding?
A
Determining which output link that packet should be sent through.
16
Q
What is routing?
A
Determining the path from the sender to the receiver across the network.
17
Q
Forwarding is a function of what? Hardware or Software?
A
Data Plane, Hardware
18
Q
Routing is a function of what?
A
Control Plane
19
Q
What is the difference between a traditional and SDN approach in terms of coupling of control and data plane?
A
In the traditional approach, the control and data planes are closely coupled.
In the SDN approach, a remote controller computes and distributes the forwarding table, physically far from the router
20
Q
Routing is a function of what? Hardware or software?
A
Control Plane, Software
21
Q
What are the main components of SDN?
A
SDN‑controlled network elements
SDN controller
Network‑control applications
22
Q
What do the SDN‑controlled network elements do?
A
The SDN‑controlled network elements, sometimes called the infrastructure layer, is responsible for the forwarding of traffic in a network based on the rules computed by the SDN control plane.
23
Q
What does the SDN controller do?
A
The SDN controller is a logically centralized entity that acts as an interface between the network elements and the network‑control applications.
Midpoint between Northbound and Southbound
24
Q
What do the Network‑control applications do?
A
Manage the underlying network by collecting information about the network elements with the help of SDN controller
25
What are the four defining features of an SDN architecture?
Flow‑based forwarding
Separation of data plane and control plane
Network control functions
A programmable network
26
What are the three layers of SDN Architecture?
Communication layer
Network‑wide state‑management layer
Interface to the network‑control application layer
27
What does the Communication layer do?
communicating between the controller and the network elements
28
What does the Network‑wide state‑management layer do?
stores information of network‑state
29
What does the Interface to the network‑control application layer do?
communicating between controller and applications
30
What does a 'northbound' interface communicate with?
Network‑control applications
31
What does a 'southbound' interface communicate with?
Controlled devices
32
What are the three parts of the OpenDaylight controller architecture?
Southbound interface
Northbound interface
Model Driven Service Abstraction Layer (or MD‑SAL)
33
A few of the main reasons that SDN arose are: a diversity of different network equipment (eg routers, switches, firewalls, etc.) using different protocols that made managing the network difficult, and second a lack of a central platform to control network equipment. True or False?
True
34
The main idea behind SDNs is to divide tasks into smaller functions so the code is more modular and easy to manage. True or False?
True
35
With SDNs the control plane and data plane have independent evolution and development. True or False?
True
36
In the SDN approach, the SDN controller is physically located at each router that is present in a network. True or False?
False
37
By separating the control plane and the data plane, controlling the router’s behavior became easier using higher order programs. For example, it is easier to update the router’s state or control the path selection. True or False?
True
38
In the SDN approach, ISPs or other third parties can take up the responsibility for computing and distributing the router’s forwarding tables. True or False?
True
39
Having the software implementations for SDNs controllers increasingly open and publicly available makes it hard to control, since any person could modify the software easily. True or False?
False
40
In SDN networks, the SDN controller is responsible for the forwarding of traffic. True or False?
False
41
The network-control applications are programs that manage the underlying network with the help of the SDN controller. True or False?
True
42
In SDN networks forwarding rules of traffic still have to be based on IP destination and cannot be based on other metrics, packet header info etc. True or False?
False
43
SDN-controlled switches operate on the:
Data Plane
44
In an SDN Architecture, the northbound interface keeps track of information about the state of the hosts, links, switches and other controlled elements in the network, as well as copies of the flow tables of the switches. True or False?
False
45
In SDN networks, the southbound interface is responsible for the communication between SDN controller and the controlled devices. True or False?
True
46
In SDN networks, the controller needs to be implemented over a centralized server. True or False?
False
47
As IP networks grew in adoption worldwide, what were the challenges that emerged?
Handling the ever growing complexity and dynamic nature of networks
Tightly coupled architecture
48
What does SDN stand for?
Software Defined Networking
49
What are the three planes of functionality for SDN?
Data plane
Control plane
Management plane
50
What does the Data Plane Layer do?
These are functions and processes that forward data in the form of packets or frames.
51
What does the Control Plane Layer do?
These refer to functions and processes that determine which path to use by using protocols to populate forwarding tables of data plane elements
52
What does the Management Plane Layer do?
These are services that are used to monitor and configure the control functionality, e.g. SNMP‑based tools.
53
What are the advantages of SDNs over traditional networks?
Shared abstractions
Consistency of same network information
Locality of functionality placement
Simpler integration
54
What are the three perspectives of the SDN landscape?
(a) a plane‑oriented view
(b) the SDN layers
(c) a system design perspective
55
What are the layers of SDN?
Infrastructure
Southbound Interfaces
Network Visualization
Network Operating Systems
Northbound Interfaces
Language-Based Virtualization
Network Programming Languages
Network Applications
56
What is SDN infrastructure made up of?
routers, switches and other middlebox hardware
57
What are SDN Southbound interfaces?
These are interfaces that act as connecting bridges between connecting and forwarding elements
58
What is SDN Network virtualization?
Interfacing with the physical network components via software
59
What are SDN Network operating systems?
Ease network management and solve networking problems by using a logically centralized controller by way of a network operating system
60
What is a problem with SDN Northbound interfaces?
There is no normalized standard
61
Each entry of a flow table has which parts?
a) a matching rule
b) actions to be executed on matching packets
c) counters that keep statistics of matching packets.
62
In OpenFlow, what happens when a packet arrives?
In an OpenFlow device, when a packet arrives, the lookup process starts in the first table and ends either with a match in one of the tables of the pipeline or with a miss (when no rule is found for that packet).
63
What are possible actions for a packet in OpenFlow?
1. Forward the packet to outgoing port
2. Encapsulate the packet and forward it to controller
3. Drop the packet
4. Send the packet to normal processing pipeline
5. Send the packet to next flow table
64
What are the main purposes of Southbound Interfaces?
The Southbound interfaces or APIs are the separating medium between the control plane and data plane functionality.
65
What is the current southbound standard for SDNs?
OpenFlow
66
What are three information sources provided by the OpenFlow protocol?
1. Event‑based messages that are sent by forwarding devices to controller when there is a link or port change
2. Flow statistics are generated by forwarding devices and collected by controller
3. Packet messages are sent by forwarding devices to controller when they do not know what to do with a new incoming flow
67
What are the core functions of an SDN controller?
topology, statistics, notifications, device management, along with shortest path forwarding and security mechanisms
68
What distinguishes a centralized controller in SDN?
In this architecture, we typically see a single entity that manages all forwarding devices in the network, which is a single point of failure and may have scaling issues.
69
What distinguishes a distributed controller in SDN?
A distributed network operating system (controller) can be scaled to meet the requirements of potentially any environment ‑ small or large networks
70
What are the two types of SDN distributed controllers?
It can be a centralized cluster of nodes or physically distributed set of elements
71
When would a distributed controller be preferred to a centralized controller?
Scales more easily, no single point of failure
72
What does ONOS stand for?
Open Networking Operating System
73
Describe ONOS at a high level
There are several ONOS instances running in a cluster. The management and sharing of the network state across these instances is achieved by maintaining a global network view.
To make forwarding and policy decisions, the applications consume information from the view and then update these decisions back to the view.
74
How does ONOS achieve fault tolerance?
To achieve fault tolerance, ONOS redistributes the work of a failed instance to other remaining instances.
75
What does P4 stand for?
P4 (Programming Protocol‑independent Packet Processors)
76
What is P4?
A high‑level programming language to configure switches which works in conjunction with SDN control protocols.
77
What are the primary goals of P4?
Reconfigurability
Protocol independence
Target independence
78
What are the two main operations of P4 forwarding model?
Configure
Populate
79
What does P4's Configure do?
These sets of operations are used to program the parser. They specify the header fields to be processed in each match+action stage and also define the order of these stages.
80
What does P4's Populate do?
The entries in the match+action tables specified during configuration may be altered using the populate operations. It allows addition and deletion of the entries in the tables
81
What are the applications of SDN? Provide examples of each application.
Traffic Engineering - ElasticTree
Mobility and Wireless - OpenRadio, The Odin Network
Measurement and Monitoring - OpenSketch, OpenSample and PayLess
Security and Dependability - CloudWatcher
Data Center Networking - LIME, FlowDiff
82
Which BGP limitations can be addressed by using SDN?
SDN can perform multiple actions on the traffic by matching over various header fields, not only by matching on the destination prefix.
83
What’s the purpose of SDX?
To implement the following:
Application specific peering
Traffic engineering
Traffic load balancing
Traffic redirection through middleboxes
84
Describe SDX Architecture
In the SDX architecture, each AS the illusion of its own virtual SDN switch that connects its border router to every other participant AS. For example, AS A has a virtual switch connecting to the virtual switches of ASes B and C. Each AS can have its own SDN applications for dropping, modifying, or forwarding their traffic
85
What are the applications of SDX in the domain of wide-area traffic delivery?
Application specific peering
Inbound traffic engineering
Wide‑area server load balancing
Redirection through middle boxes
86
An OpenFlow switch can function as a router. True or False?
True
87
Which plane executes a network policy?
Data Plane
88
Which type of network can implement load balancing?
Both Conventional and SDN
89
Which type of network decouples the control and data planes?
SDNs
90
Middleboxes can only be used in conventional networks. True or False?
False
91
What can be implemented as a network application in software-defined networking?
Routing
Security Enforcement
Quality of Service Enforcement
92
The networking operating system (NOS) is a part of the data plane. True or False?
False
93
The physical devices in an SDN network have embedded intelligence and control required to perform forwarding tasks. True or False?
False
94
When a packet arrives in an OpenFlow device and it does not match any of the rules in one of the tables, that packet is always dropped. True or False?
False
95
The Southbound interfaces are the separating medium between the Network-control Applications and the Control plane functionality. True or False?
False
96
OpenFlow enables the communication between the control plane and data plane through event-based messages, flow statistics and packet messages that are sent from forwarding devices to controller. True or False?
True
97
One of the disadvantages of an SDN centralized controller architecture is that it can introduce a single point of failure and also scaling issues. True or False?
True
98
A distributed controller can be a centralized cluster of nodes or a physically distributed set of elements. True or False?
True
99
A distributed controller can only be used in large networks. True or False?
False
100
ONOS is an example of a centralized controller platform. True or False?
False
101
In order to make forwarding and policy decisions in ONOS, applications get information from the view and then update these decisions back to the view. True or False?
True
102
In order to achieve fault tolerance, whenever there is a failure of an ONOS instance, a master is chosen randomly for each of the switches that were controller by the failed instance. True or False?
False
103
The purpose of the creation of the P4 language was to offer programmability on the control plane. True or False?
False
104
P4 acts as an interface between the switches and the controller, and its main goal is to allow the controller to define how the switches operate. True or False?
True
105
The P4 model allows the design of a common language to write packet processing programs that are independent of the underlying devices. True or False?
True
106
What are the properties of secure communication?
Confidentiality, Integrity, Authentication, Availability
107
How does Round Robin DNS (RRDNS) work?
Responds to a DNS request with a list of DNS A Records, which it cycles through in a RR manner.
DNS client can then pick one from this list using its own metric
If request again, a different order
108
What is the goal of Round Robin DNS?
To distributed large loads of incoming traffic to several different servers; used by big companies
109
How does DNS-based content delivery work?
CDN computes the ‘nearest edge server’ and returns its IP address to the DNS client. Basically chooses nearest one in order to deliver content quickly
110
How do Fast-Flux Service Networks work?
Short TTL, and after it expires, it returns a different set of records rather than the same list of records cycled through
111
What are the main data sources used by FIRE (Finding Rogue Networks) to identify hosts that likely belong to rogue networks?
Botnet command and control providers
Drive‑by‑download hosting providers
Phish housing providers
112
The design of ASwatch is based on monitoring global BGP routing activity to learn the control plane behavior of a network. Describe 2 phases of this system.
Training phase - The system learns control‑plane behavior typical of both types of ASes
Operational phase ‑ Given an unknown AS, it then calculates the features for this AS. It uses the model to then assign a reputation score to the AS.
113
What are the three main families of features for the Training Phase of ASwatch?
Rewiring activity
IP Space Fragmentation and Churn
BGP Routing Dynamics
114
What are three classes of features used to determine the likelihood of a security breach within an organization?
Mismanagement symptoms
Malicious Activities
Security Incident Reports
115
Which features are used for Mismanagement Symptoms?
Open Recursive Resolvers – misconfigured open DNS resolvers
DNS Source Port Randomization – many servers still do not implement this
BGP Misconfiguration – short‑lived routes can cause unnecessary updates to the global routing table
Untrusted HTTPS Certificates – can detect the validity of a certificate by TLS handshake
Open SMTP Mail Relays – servers should filter messages so that only those in the same domain can send mails/messages.
116
What are the three sub-types of Malicious Activities?
Capturing spam activity
Capturing phishing and malware activities
Capturing scanning activity
117
What are the three collections of Security Incident Reports?
VERIS Community Database
Hackmageddon
The Web Hacking Incidents Database
118
What is the classification by affected prefix?
In this class of hijacking attacks, we are primarily concerned with the IP prefixes that are advertised by BGP.
Exact prefix hijacking, sub-prefix, squatting
119
What is Exact prefix hijacking?
When two different ASes (one is genuine and the other one is counterfeit) announce a path for the same prefix. This disrupts routing in such a way that traffic is routed towards the hijacker wherever the AS‑path route is shortest, thereby disrupting traffic.
120
What is Sub‑prefix hijacking?
This is an extension of exact prefix hijacking, except that in this case, the hijacking AS works with a sub‑prefix of the genuine prefix of the real AS. This exploits the characteristic of BGP to favor more specific prefixes, and as a result route large/entire amount of traffic to the hijacking AS
121
What is Squatting?
In this type of attack, the hijacking AS announces a prefix that has not yet been announced by the owner AS.
122
What is Classification by AS‑Path announcement?
In this class of attacks, an illegitimate AS announces the AS‑path for a prefix for which it doesn’t have ownership rights.
Type-0, Type-N, Type-U
123
What is Type‑0 hijacking?
This is simply an AS announcing a prefix not owned by itself
124
What is Type‑N hijacking?
This is an attack where the counterfeit AS announces an illegitimate path for a prefix that it does not own to create a fake link (path) between different ASes.
125
What is Type‑U hijacking?
In this attack the hijacking AS does not modify the AS‑PATH but may change the prefix.
126
What is Classification by Data‑Plane traffic manipulation?
In this class of attacks, the intention of the attacker is to hijack the network traffic and manipulate the redirected network traffic on its way to the receiving AS.
127
What is a blackholing (BH) attack?
When traffic is dropped by a hijacker.
128
What is a man‑in‑the‑middle attack?
When traffic is eavesdropped or manipulated before it reaches the receiving AS
129
What is an imposture (IM) attack?
When traffic is impersonated, e.g. In this case the network traffic of the victim AS is impersonated and the response to this network traffic is sent back to the sender.
130
What are the causes or motivations behind BGP attacks?
Human error - mistake
Targeted Attack - stealthy
High Impact Attack - obvious
131
Explain the scenario of prefix hijacking.
1. The attacker uses a router to announce the prefix 10.10.0.0/16 that belongs to AS1, with a new origin AS4, pretending that the prefix belongs to AS4.
2. This new announcement causes a conflict of origin for the ASes that receive it (Multiple Origin AS or MOAS).
3. As a result of the new announcement, AS2, AS3 and AS5 receive the false advertisement and they compare it with the previous entries in their RIB.
4. AS2 will not select the route as the best route as it has the same path length with an existing entry.
5. AS3 and AS5 will believe the new advertisement, and they will update their entries (10.10.0.0/16 with path 4,2,1) to (10.10.0.0/16 with path 4). Therefore AS5 and AS3 will send all traffic for prefix 10.10.0.0/16 to AS4 instead of AS1.
132
Explain the scenario of hijacking a path.
1. AS1 advertises the prefix 10.10.0.0/16.
2. AS2 and AS3 receive and propagate legitimately the path for the prefix.
3. At AS4, the attacker compromises the update for the path by changing it to 4,1 and propagates it to the neighbors AS3, AS2, and AS5. Therefore it claims that it has direct link to AS1 so that others believe the new false path.
4. AS5 receives the false path (4,1) “believes” the new false path and it adopts it. But the rest of the ASes don’t adopt the new path because they either have an shorter path already or an equally long path to AS1 for the same prefix. The key observation here is that the attacker does not need not to announce a new prefix, but rather it manipulates an advertisement before propagating it.
133
What are the key ideas behind ARTEMIS?
A configuration file: where all the prefixes owned by the network are listed here for reference
A mechanism for receiving BGP updates: this allows receiving updates from local routers and monitoring services
134
What are the two automated techniques used by ARTEMIS to protect against BGP hijacking?
Prefix deaggregation and Mitigation with Multiple Origin AS (MOAS)
135
What are two findings from ARTEMIS?
Outsource the task of BGP announcement to third parties
Filtering is less optimal than outsourcing
136
Explain the structure of a DDoS attack.
A Distributed Denial of Service (DDoS) attack is an attempt to compromise a server or network resources with a flood of traffic. To achieve this, the attacker first compromises and deploys flooding servers (slaves). Later, when initiating an attack, the attacker instructs these flooding servers to send a high volume of traffic to the victim. This results in the victim host either becoming unreachable or in exhaustion of
its bandwidth.
137
What is spoofing?
IP spoofing is the act of setting a false IP address in the source field of a packet with the purpose of impersonating a legitimate server
138
Describe a Reflection and Amplification attack.
A reflection/amplification attack is a combination of the two attacks that allows the attacker to generate an enormous amount of traffic and at the same time keep its identity hidden by spoofing the victim's IP address.
139
What are the defenses against DDoS attacks?
Traffic Scrubbing Services
ACL Filters
BGP Flowspec
140
Explain provider-based blackholing.
141
What is blackholing?
With this mechanism, all the attack traffic to a targeted DoS destination is dropped to a null location. The premise of this approach is that the traffic is stopped closer to the source of the attack and before it reaches the targeted victim
142
Explain IXP/Provider Based Blackholing
The victim AS uses BGP to communicate the attacked destination prefix to its upstream AS, which then drops the attack traffic towards this prefix. Then either the provider (or the IXP) will advertise a more specific prefix and modifying the next‑hop address that will divert the attack traffic to a null interface. The blackhole messages are tagged with a specific BGP blackhole community attribute, usually publicly available, to differentiate it from the regular routing updates.
143
How do networks assist with blackholing?
They provide the blackholing community to be used
144
How do IXPs assist with blackholing?
It sends the blackholing messages to the IXP route server when a member connects to the route server. The route server then announces the message to all the connected IXP member ASes, which then drops the traffic towards the blackholed prefix
145
What is DNS censorship?
DNS censorship is a large scale network traffic filtering strategy opted by a network to enforce control and censorship over Internet infrastructure to suppress material which they deem as objectionable.
146
What are the properties of GFW (Great Firewall of China)?
Locality of GFW nodes (likely on the edge)
Centralized management
Load balancing
147
What are the three steps involved in DNS injection?
1. DNS probe is sent to the open DNS resolvers
2. The probe is checked against the blocklist of domains and keywords
3. For domain level blocking, a fake DNS A record response is sent back. There are two levels of blocking domains: the first one is by directly blocking the domain, and the second one is by blocking it based on keywords present in the domain
148
How does DNS injection work?
Certain DNS requests are captured, and a fake DNS response is sent instead of what was actually requested
149
What are five DNS censorship techniques?
Packet Dropping, DNS Poisoning, Content Inspection, Blocking with Resets, Immediate Reset of Connections
150
What is Packet Dropping?
All network traffic going to a set of specific IP addresses is discarded
151
What is DNS Poisoning?
When a DNS receives a query for resolving hostname to IP address‑ if there is no answer returned or an incorrect answer is sent to redirect or mislead the user request, this scenario is called DNS Poisoning.
Like packet dropping, but for host names instead of IP addresses
152
What is Proxy-Based Content Inspection?
It allows for all network traffic to pass through a proxy where the traffic is examined for content, and the proxy rejects requests that serve objectionable content.
153
What is Blocking with Resets?
It sends a TCP reset (RST) to block individual connections that contain requests with objectionable content
154
What is Immediate Reset of Connections?
Censorship systems like GFW have blocking rules in addition to inspecting content, to suspend traffic coming from a source immediately, for a short period of time.
155
Which DNS censorship technique is susceptible to overblocking?
Packet Dropping
156
What are the strengths and weaknesses of the “packet dropping” DNS censorship technique?
Strengths:
Easy to implement
Low cost
Weaknesses:
Maintenance of blocklist
Overblocking
157
What is overblocking?
When two sites share an IP address, blocking one risks blocking both, etc
158
What are the strengths and weaknesses of the “DNS poisoning” DNS censorship technique?
Stengths:
No overblocking
Weaknesses:
Still hard to maintain probably
159
What are the strengths and weaknesses of the “content inspection” DNS censorship technique?
Strengths:
Precise censorship
Flexible
Weaknesses:
Not scalable
160
What are the strengths and weaknesses of the “blocking with resets” DNS censorship technique?
Doesn't say???
161
What are the strengths and weaknesses of the “immediate reset of connections” DNS censorship technique?
Also doesn't say???
162
Our understanding of censorship around the world is relatively limited. Why is it the case? What are the challenges?
Difficult to determine where an ISP's rules are affecting, and which countries are affected by which ISPs
Huge amount of internet usage, need more volunteers
Hard to differentiate natural fluctuations in DNS behavior from malicious behavior
Ethical issues in obtaining this data
163
What are the limitations of main censorship detection systems?
Typically rely on volunteer data, makes getting continuous and diverse data difficult
164
What kind of disruptions does Augur focus on identifying?
IP‑based disruptions as opposed to DNS‑based manipulations
165
How does Iris counter the lack of diversity while studying DNS manipulation?
Iris uses open DNS resolvers located all over the globe
166
What are the steps involved in the global measurement process using DNS resolvers?
1. Performing global DNS queries – Iris queries thousands of domains across thousands of open DNS resolvers. To establish a baseline for comparison, the creators included 3 DNS domains which were under their control to help calculate metrics used for evaluation DNS manipulation.
2. Annotating DNS responses with auxiliary information – To enable the classification, Iris annotates the IP addresses with additional information such as their geo‑location, AS, port 80 HTTP responses, etc. This information is available from the Censys dataset.
3. Additional PTR and TLS scanning – One IP address could host several websites via virtual hosting. So, when Censes retrieves certificates from port 443, it could differ from one retrieved via TLS’s Server Name Indication (SNI) extension. This results in discrepancies that could cause IRIS to label virtual hosting as DNS inconsistencies. To avoid this, Iris adds PTR and SNI certificates
167
What are the steps associated with the Iris Counter proposed process?
1. Scanning the Internet’s IPv4 space for open DNS resolvers
2. Identifying Infrastructure DNS Resolvers
168
What metrics does Iris use to identify DNS manipulation once data annotation is complete? Describe the metrics.
Consistency Metrics - Network properties and infrastructure/content are similar when accessed from differing locations
Independent Verifiability Metrics - Externally verified metrics, such as HTTPS Certificate
169
Under what condition do we declare the response from Iris as being manipulated?
If neither the Consistency Metric or Independent Verifiability Metric is found to valid
170
How to identify DNS manipulation via machine learning with Iris?
Perform Global DNS Queries
Annotate the responses with auxiliary information
Additional PTR and TLS scanning
Clean the Data Set
Evaluate with Consistency Metrics and Independent Verifiability Metrics
171
How is it possible to achieve connectivity disruption using the routing disruption approach?
Disrupts the critical routers which send information on which parts of the network are reachable, causing the pathways to no longer be valid
172
How is it possible to achieve connectivity disruption using the packet filtering approach?
Blocks packets matching a certain criteria, preventing that information from disseminating through the network
173
Out of the Disruption Approach and Packet Filtering, which is harder to catch?
Packet Filtering
174
Explain a scenario of connectivity disruption detection in the case when no filtering occurs.
1. The measurement machine probes the IP ID of the reflector by sending a TCP SYN‑ACK packet. It receives a RST response packet with IP ID set to 6 (IPID (t1)).
2. Now, the measurement machine performs perturbation by sending a spoofed TCP SYN to the site.
3. The site sends a TCP SYN‑ACK packet to the reflector and receives a RST packet as a response. The IP ID of the reflector is now incremented to 7.
4. The measurement machine again probes the IP ID of the reflector and receives a response with the IP ID value set to 8 (IPID (t4)).
175
Explain a scenario of connectivity disruption detection in the case of inbound blocking.
The scenario where filtering occurs on the path from the site to the reflector is termed as inbound blocking. In this case, the SYN‑ACK packet sent from the site in step 3 does not reach the reflector. Hence, there is no response generated and the IP ID of the reflector does not increase. The returned IP ID in step 4 will be 7 (IPID(t4)) as shown in the figure. Since the measurement machine observes the increment in IP ID value as 1, it detects filtering on the path from the site to the reflector.
176
A censorship technique can use any combination of criteria based on content, source IP and destination IP to block access to objectionable content. True or False?
True
177
DNS injection uses DNS replies to censor network traffic based on the source and destination IP address. True or False?
False
178
With a censorship technique based on packet dropping, all network traffic going to a set of specific IP addresses is discarded. True or False?
True
179
When using DNS Poisoning, all traffic passes through a proxy where it is examined for content, and the proxy rejects requests that serve objectionable content. True or False?
False
180
When using the Blocking with Resets technique, if a client sends a request containing flaggable keywords, only the connection containing requests with objectionable content is blocked. True or False?
True
181
With the Immediate Reset of Connections technique, whenever a request is sent containing flaggable keywords, any subsequent request will receive resets from the firewall for a certain amount of time. True or False?
True
182
One of the obstacles to fully understand DNS censorship is the heterogeneity of DNS manipulation across the globe. True or False?
True
183
It is easy to infer if there is DNS manipulation based on few indications such as inconsistent or anomalous DNS responses. True or False?
False
184
There is a need for methods and tools independent of human intervention and participation in order to achieve the scalability necessary to measure Internet censorship. True or False?
True
185
It is considered safe for volunteers to participate in censorship measurement studies and accessing DNS resolvers or DNS forwarders. True or False?
False
186
Which censorship detection system targets to identify IP-based disruptions as opposed to DNS-based manipulations?
Augur
187
[Iris] The Iris system uses home routers to identify DNS manipulation. True or False?
False
188
[Iris] In order to infer DNS manipulation, Iris relies solely on metrics that can be externally verified using external data sources. True or False?
False
189
[Augur] Assume a scenario where there is inbound blocking. The Measurement Machine sends a SYN-ACK to the reflector, what should happen?
The return IPID from the reflector to the Measurement Machine will increase by 1.
190
Rank these bitrate usages: Browsing FaceBook, Playing Music, Playing Video
Least: Music
Mid: FaceBook
Most: Video
191
What are the characteristics of streaming stored video?
Streamed - Can start without waiting for download to finish
Interactive - Pause, play, etc
Typically stored on a CDN
192
What are the characteristics of streaming live audio and video?
Delay sensitive, but not as much as conversational
Typically many simultaneous users
Delay is okay
193
What are the characteristics of conversational voice and video over IP?
Realtime, highly delay sensitive
Loss-tolerant
194
What does VoIP stand for?
Voice over IP
195
How does the encoding of analog audio work (in simple terms)?
Audio is encoded by taking many (as in, thousands) of samples per second, and then rounding each sample’s value to a discrete number within a particular range
196
What is quantization?
Rounding to a discrete value
197
What are the three major categories of VoIP encoding schemes?
Narrowband, broadband, and multimode (which can operate on either)
198
What are the functions that signaling protocols are responsible for?
1) User location ‑ the caller locating where the callee is.
2) Session establishment ‑ handling the callee accepting,
rejecting, or redirecting a call.
3) Session negotiation ‑ the endpoints synchronizing with each other on a set of properties for the session.
4) Call participation management ‑ handling endpoints joining or leaving an existing session.
199
What are three QoS VoIP metrics?
end‑to‑end delay
jitter
packet loss
200
What kind of delays are included in "end-to-end delay"?
the time it takes to encode the audio
the time it takes to put it in packets,
all the normal sources of network delay that network traffic encounters such as queueing delays,
"playback delay," which comes from the receiver’s playback buffer,
decoding delay, which is the time it takes to reconstruct the signal.
201
How does "delay jitter" occur?
When one packet is delayed 300ms, another 100ms, another 250ms, another 50ms, etc
202
What are the mitigation techniques for delay jitter?
the “jitter buffer” or the “play‑out buffer”
Basically buffer packets and play them at a steady rate
Increases end to end delay or dropped packets, depending on how you optimized
203
What are the three major methods for dealing with packet loss in VoIP protocols?
FEC (Forward Error Correction), interleaving, and error concealment
204
What is FEC (Forward Error Concealment)?
FEC works by transmitting redundant data alongside the main transmission, which allows the receiver to replace lost data with the redundant data. May be more of the same, may be lower quality.
205
What are the downsides of FEC?
The more redundant data transmitted, the more bandwidth is consumed. Also, some of these FEC techniques require the receiving end to receive more chunks before playing out the audio, and that increases playout delay
206
What is interleaving?
Interleaving works by mixing chunks of audio together so that if one set of chunks is lost, the lost chunks aren’t consecutive. The idea is that many smaller audio gaps are preferable to one large audio gap.
207
What are the downsides of interleaving?
The tradeoff for interleaving is that the receiving side has to wait longer to receive consecutive chunks of audio, and that increases latency. Unfortunately, that means this technique is limited in usefulness for VoIP, although it can have good performance for streaming stored audio
208
What is error concealment?
Basically “guessing” what the lost audio packet might be. Similar to audio compression.
209
What developments lead to the popularity of consuming media content over the Internet?
One, the bandwidth for both the core network and last‑mile access links have increased tremendously over the years.
Two, the video compression technologies have become
more efficient. This enables to stream high‑quality video without using a lot of bandwidth.
Finally, the development of Digital Rights Management culture has encouraged content providers to put their content on the Internet.
210
Provide a high-level overview of adaptive video streaming.
1: Video content is created at a high quality
2: It is compressed with an algorithm
3: It is secured with DRM and hosted on a server
4: Content providers duplicate it using CDNs
5: The end users download, decode, and render
211
What are two ways to achieve efficient video compression?
Spatial redundancy or temporal redundancy - the former compression in the context of a single image, the latter compression in the context of different frames
212
What are the four steps of JPEG compression?
Step 1: Transform it into color components (Cb, Cr) and brightness component (y) matrices
Step 2: For each matrix, subdivide and apply the Discrete Cosine Transformation
Step 3: Compress the matrix of the coefficients using a
pre‑defined Quantization table
Step 4: Perform a lossless encoding based on the subdivision results
213
Explain video compression and temporal redundancy using I-, B-, and P-frames.
Encode the first image (i-frame), then encode the difference between that and the next frame (p-frame), or the next *and* previous frame (b-frame)
214
Why is video compression unable to use P-frames all the time?
Because there may be a cut to a new scene, and therefore the transposition between the two frames would not make sense
215
What is the difference between constant bitrate encoding and variable bitrate encoding (CBR vs. VBR)?
CBR - output size of video is fixed over time
VBR - It varies based on scene quality. Image quality is better, more expensive
216
Which protocol is preferred for video content delivery - UDP or TCP? Why?
TCP, as it has an implicit reliability promise
217
What was the original vision of the application-level protocol for video content delivery, and why was HTTP chosen eventually?
Original vision was have everything be server-side with a unique protocol, ie you hit pause, the server stops transmission
Http was chosen because this would have required specialized hardware, cheaper to use Http
218
Summarize how progressive download works.
As the client watches video, it has a playout buffer, which depletes. When it reaches a threshold, ie 10 seconds left, it requests more video, further filling the buffer. This prevents unnecessary downloads while keeping things seemless
219
How to handle network and user device diversity relative to videos?
Videos are usually stored in short segments at different bitrates, and an appropriate bit rate is sent depending on network capacity, and can switch if that capacity changes
220
How does the bitrate adaptation work in DASH?
A video in DASH is divided into chunks and each chunk is encoded into multiple bitrates. Each time the video player needs to download a video chunk, it calls the bitrate adaptation function, say f. The function f that takes in some input and outputs the bitrate of the chunk to be downloaded
221
What are the goals of bitrate adaptation?
Low or zero re‑buffering
High video quality
Low video quality variations
Low startup latency
222
What are the different signals that can serve as an input to a bitrate adaptation algorithm?
Network Throughput
Video Buffer
223
Explain buffer-filling rate and buffer-depletion rate calculation.
In order to have a stall‑free streaming, clearly the buffer‑filling rate should be greater than the buffer‑depletion rate
C(t)/R(t)> 1 or C(t)> R(t).
224
What steps does a simple rate-based adaptation algorithm perform?
Estimation
Quantization
225
Explain the problem of bandwidth over-estimation with rate-based adaptation.
While the buffer is full, if the quality drops, that is not necessarily reflected immediately and a higher quality (and higher delay) bitrate is requested until it catches up and buffers
226
When streaming stored multimedia applications, the user must first download the entire content before it can start playing. True or False?
False
227
With streaming stored multimedia applications, the user can pause, fast forward, skip ahead the audio/video. True or False?
True
228
What common application/usage is the least sensitive to network delays?
File Transfer
229
What common application/usage is the least tolerant to packet losses? Assume there is no packet retransmission.
File Transfer
230
Consider packet loss with VoIP application. Using TCP instead of UDP for VoIP applications results in __________ packet loss.
Less
231
Consider end-to-end delay with VoIP application. Using TCP instead UDP for VoIP applications results in __________ end-to-end delay.
More
232
Available bandwidth is one of the QoS metrics for VoIP applications. True or False?
False
233
A longer jitter buffer reduces the number of packets that are discarded because they were received too late, but that adds to the end-to-end delay. True or False?
True
234
A shorter jitter buffer will not add to the end-to-end delay as much, but that can lead to more dropped packets, which reduces the speech quality. True or False?
True
235
Network conditions such as buffer sizes, queueing delays, network congestion levels have an impact on packet jitter. True or False?
True
236
In VoIP applications, we have a harsher definition for packet loss, as we consider a packet to be lost if it never arrives or if it arrives after its scheduled playout. True or False?
True
237
With Forward Error Correction we also transmit redundant data that can be used for reconstructing the stream at the receiver’s side. This approach to error recovery can lead to more bandwidth consumption. True or False?
True
238
With interleaving we mix chunks of audio together so we avoid scenarios where consecutive chunks are lost. This approach can lead to increased latency. True or False?
True
239
Which transport-level protocol is preferred for video content delivery?
TCP
240
What are the characteristics of a good quality of experience from the user’s perspective?
Low or zero re-buffering
High video quality
Low video quality variations
Low start up latency
241
With throughput-based rate adaption, our goal is to have a buffer-filling rate that is greater than the buffer-depletion rate. True or False?
True
242
With rate-based adaption, when the bandwidth changes rapidly, the player takes some time to converge to the right estimate of the bandwidth, which can lead to overestimation of the future bandwidth. True or False?
True
243
What are the three drawbacks to using the traditional approach of having a single, publicly accessible web server?
1: Users are worldwide; what if somebody far away wants it?
2: What if the same thing is requested again and again? Can be wasteful
3: What if the single server has an outage?
244
What is a CDN?
Content Distribution Network - Network of geographically distributed servers with copies of content
245
What are the six major challenges that Internet applications face?
Peering point congestion
Inefficient routing protocols
Unreliable networks
Inefficient communication protocols
Scalability
Application limitations and slow rate of change adoption
246
What are the major shifts that have impacted the evolution of the Internet ecosystem?
Shift to a focus on large scale content delivery
Topological Flattening of providers thanks to IXPs and ASes in addition to ISPs
247
Compare the “enter deep” and “bring home” approach to CDN server placement.
Enter Deep - Create many, many CDNs in order to minimize geographic distances from recipients to content
Bring Home - Fewer but larger clusters in IXPs, easier to manage but larger delays
248
What is the role of DNS in the way CDN operates?
When a user makes a request, the users' local DNS queries the CDN, which returns an appropriate IP address for a content server with the content to the LCDN.
249
What are the two main steps in CDN server selection?
The first step consists of mapping the client to a cluster.
In the next step, a server is selected from the cluster.
250
What is the simplest approach to selecting a cluster? What are the limitations of this approach?
Pick the geographically closest one. If you're using a remote LDNS, it can pick the wrong one. There can also be routing inefficiencies.
251
What metrics could be considered when using measurements to select a cluster?
Network-level, ie delay or available bandwidth
Application-level, ie re-buffering ratio and avg bitrate
252
How are the metrics for cluster selection obtained?
Actively: ie the LDNS will ping the clusters and see how quickly they respond
Passively: Keep track of how operations from the same IP address have performed prior
253
Explain the distributed system that uses a 2-layered system.
A coarse‑grained global layer operates at larger time scales (timescale of a few tens of seconds (orminutes)). This layer has a global view of client qualitymeasurements. It builds a data‑driven prediction model of video quality.
A fine‑grained per‑client decision layer that operates at the millisecond timescale. It makes actual decisions upon a client request. This is based on the latest (but possibly stale) pre‑computed global model and up‑to‑date per‑client state.
254
What are the challenges of the distributed system using a 2-layered system?
It needs to have data for different subnet‑cluster pairs. Thus, some of the clients deliberately need to be routed to sub‑optimal clusters.
255
What are the strategies for server selection? What are the limitations of these strategies?
Assign one randomly - could end up picking one with a higher workload
Use least-loaded server - not all servers have all the content at all time, so you could get one which currently doesn't have it, leading to a longer wait while it is copied over
256
What is consistent hashing? How does it work?
The main idea behind consistent hashing is that servers and the content objects are mapped to the same ID space. For instance, imagine we map the servers to the edge of a circle (say uniformly). Server 1, Item 4, Item 8, Server 12, Item 13. Server 12 is responsible for Items 4 and 8, but not 13. If a Server leaves, the next Server takes over its responsibilities.
257
Why would a centralized design with a single DNS server not work?
They are consisting of variable characters and thus it’s difficult for routers to process them.
258
What are the main steps that a host takes to use DNS?
1. The user host runs the client side of the DNS application
2. The browser extracts the hostname www.someschool.edu (Links to an external site.) and passes it to client side of the DNS application.
3. DNS Client sends a query containing the hostname of DNS
4. DNS Client eventually receives a reply which included IP address for the hostname
5. As soon as the host receives the IP addresses, it can initiate a TCP connection to the HTTP server located at that port at that IP
259
What are the services offered by DNS, apart from hostname resolution?
Mail server/Host aliasing
Load distribution
260
What is the structure of the DNS hierarchy?
Distributed Hierarchical Database: Each node can have multiple children
261
Why does DNS use a hierarchical scheme?
Would be too much traffic otherwise, would have a single point of failure otherwise, allows for many transactions with many clients to happen concurrently
262
What are the layers of the DNS hierarchy?
Root DNS servers
Top level domain (TLD) Servers
Authoritative servers
Local DNS servers
263
What is the difference between iterative and recursive DNS queries?
In the iterative query process, the querying host is referred to a different DNS server in the chain, until it can fully resolve the request.
Whereas in the recursive query process, the querying host and each DNS server in the chain queries the next server and delegates the query to it.
264
What is DNS caching?
The idea of DNS Caching is that, in both iterative and recursive queries, after a server receives the DNS reply of mapping from any host to IP address, it stores this information in the Cache memory before sending it to the client
265
What is a DNS resource record?
The DNS servers store the mappings between hostnames and IP addresses as resource records (RRs). These resource records are contained inside the DNS reply messages. A DNS resource record has four fields: (name, value, Type, TTL). The TTL specifies the time (in sec) a record should remain in the cache. The name and the value depend on the type of the resource record.
266
What are the most common types of resource records?
A, NS, CNAME, MX
TYPE=A: the name is a domain name and value is the IP address of the hostname. (abc.com, 190.191.192.193, A)
TYPE=NS: the name is the domain name, and the value is the appropriate authoritative DNS server that can obtain the IP addresses for hosts in that domain. (abc.com, dns.abc.com, NS)
TYPE=CNAME: the name is the alias hostname, and the value is the canonical name, (abc.com, relay1.dnsserver.abc.com, CNAME)
TYPE=MX: the name is the alias hostname of a mail server, and the Value is the canonical name of the email server. (abc.com, mail.dnsserver.abc.com, MX)
267
Describe the DNS message format.
ID, Flags, Question, Answer, Authority, Additional
The first field is an ID that is an identifier for the query and it allows the client to match queries with responses.
The flags section have multiple fields. For example, a field allows to specify if the DNS message is a query or response. Another field specifies if a query is recursive or not.
The question section contains information about the query that is being made for example the host-name that is being queried, the type of the query (A, MX, etc).
In the answer section, and if the message is a reply, we will have the resource records for the hostname that was originally queried.
In the authority section, we have resource records for more authoritative servers.
The additional section contains other helpful records. For example, if the original query was for an MX record, then the answer section will contain the resource record for the canonical hostname of the mail server, and the additional section will contain the IP address for the canonical hostname
268
What is IP Anycast?
The main goal of IP anycast is to route a client to the “closest” server, as determined by BGP (Border Gateway Protocol), a routing protocol used for inter‑AS-routing.
269
What is HTTP Redirection?
Essentially, when a client sends a GET request to a server, say A, it can redirect the client to another server, say B, by sending an HTTP response with a code 3xx and the name of the new server.
270
Having a single server for providing Internet content has what disadvantages?
Single point of failure.
Bandwidth waste in high demand for the same content.
Scalability issues.
Potentially big geographic distance between Internet hosts/users and the server.
271
One of the advantages of using CDNs is that the routing protocols they use take important aspects into consideration, such as congestion, latency, etc., in order to best deliver the content to the Internet users. True or False?
False
272
There are several factors that can make a CDN network unreliable, such as misconfigured routers, power outages, malicious attacks or natural disasters. True or False?
True
273
As the Internet evolves, the topology of the ISPs has become flatter, and the number of IXPs increases as the time progresses due to the services they offer and the lower costs for the ISPS. True or False?
True
274
The major drawback of the “Enter Deep” approach is that, if one server is lost, that geographic area will experience a higher delay and lower throughput. True or False?
False
275
When using CDN servers for content delivery, there is more overhead than when using the traditional approach. True or False?
True
276
For a CDN to deliver content to an Internet user, a cluster is mapped to a client first and then a server within that cluster is selected. True or False?
True
277
Terei Pyrope is a cool character. True or False?
True
278
By using consistent hashing for server selection, in the case of a server failure, the objects that the server was responsible for can be taken care of by a random server within the same ID space. True or False?
False
279
When using DNS caching, what would happen if a host A makes a request for a domain that was just previously queried by another host?
The local DNS server will immediately answer the host with the IP address.
280
What is the type of the following resource record: (amazon.com, dns.amazon.com, ?, TTL)?
NS
281
IP Anycast assigns the same IP address to multiple servers in order to deliver content from CDNs by using the closest server to a client based on BGP path length. True or False?
True
282
HTTP redirection can only be used in order to share the load of content requests among servers. True or False?
False
283
What is packet classification?
Forwarding based on more than just longest prefix matching
284
Describe how an OpenFlow Switch works
Switch receives a packet
Switch determines highest priority matching rule
Perform action associated with highest rule
Increment internal counter
285
In the SDN approach, how is a forwarding table updated?
A remote controller computes and distributes forwarding tables that are used by each router
286
Which layers belong to the Management Plane?
Network Applications
Programming Languages
Language-Based Virtualization
287
Which layers belong to the Control Plane?
Northbound Interface
Network Operating System
Network Hypervisor
288
Which layers belong to the Data Plane?
Southbound Interface
Network Infrastructure
289
In simple terms, what do the Southbound interfaces do?
Act as connectors between control and data plane
290
In simple terms, what does the Network operating systems (NOS) do?
Provides abstractions, acts as a centralized controller for the SDN
291
In simple terms, what do the Northbound interfaces do?
This is still being determined/custom software
292
What are some examples of Network programming languages?
Pyretic, Frenetic, Merlin, Nettle, Procera, FML, etc
293
What do Network applications implement?
Control plane logic
294
In ONOS, how do instances relate to each other?
Each instance has a "master". If an instance fails, an "election" is held for each child to find a new master.
295
What is the purpose of Traffic Engineering, an application of SDNs?
Optimizing the traffic flow so as to minimize power consumption
296
What's an example of Traffic Engineering?
ElasticTree
297
What is the purpose of Mobility and Wireless, an application of SDNs?
Connecting to mobile networks, ie WLans
298
What are two examples of Mobility and Wireless?
OpenRadio, Odin Network
299
What is the purpose of Measurement and Monitoring, an application of SDNs?
Keep better metrics to respond to change in network conditions
300
What are three examples of Measurement and Monitoring?
OpenSketch, OpenSample and PayLess
301
What is the purpose of Security and Dependability, an application of SDNs?
Make the network more secure
302
What's an example of Security and Dependability?
CloudWatcher
303
What is the purpose of Data Center Networking, an application of SDNs?
Identifying issues and troubleshooting, real‑time monitoring of networks, etc
304
What are two examples of Data Center Networking?
LIME, FlowDiff
305
At a high level, what is the purpose of an SDX?
To maintain an illusion of sorts of an independent SDN, while still benefitting from an IXP
306
What is "Integrity" in the context of internet security?
Message/content has not been modified
307
What is the goal of DNS abuse?
To keep malicious actions undetectable for longer
308
What does FIRE stand for?
Finding Rogue Networks
309
ASwatch uses information from which plane? To do what?
Control Plane, Identify Malicious Networks
310
What is Rewiring activity?
Frequent changes in provider, using lesser known providers, etc
311
What is IP Space Fragmentation and Churn?
Malicious ASes use very small BGP prefixes
312
What is BGP Routing Dynamics?
Monitoring whether the announcements (updates/withdrawals) follow normal patterns
313
What is a Man In The Middle Attack?
When something is manipulated before it reaches its destination AS
314
What is the difference between a Targeted Attack and a High Impact Attack?
High Impact Attacks are meant to be noticed, Targeted Attacks are meant to be discrete
315
What is the goal of ARTEMIS?
To safeguard a network's own prefixes against malicious BGP hijacking attempts
316
What is Prefix deaggregation?
When you announce a more specific prefix than a targeted prefix, redirecting traffic to the new one you just announced.
317
What is Mitigation with Multiple Origin AS (MOAS)?
Have third party networks/providers do BGP announcements for a targeted network
318
What does "DDoS" Attack stand for?
Distributed Denial-of-Service (DDoS) attack
319
What are Traffic Scrubbing Services?
Incoming traffic is diverted to a "scrubber", where "clean" and "unclean" traffic are separated. Clean traffic is sent to the destination.
320
What are ACL Filters?
Blocklists provided by ISPs/IXPs to prevent unwanted traffic
321
What is BGP Flowspec?
Sets up rules for how ASes/BGP lets traffic in, which can mitigate DDoS attacks.
322
Why is blackholing considered effective?
It drops the traffic nearer to the sender, saving "energy" for the targeted site
323
What is the downside of blackholing?
All traffic, including valid traffic, is dropped
324
In VoIP, what is Signaling?
Setting up calls, managing them, tearing them down
325
Most of the time, VoIP uses which protocol?
UDP
326
How does the client know about the different encoding bitrates that are available, and how does it know about the URL of each of the video segments?
It receives a manifest file over HTTP with all of the metadata
327
What is the challenge of, "Peering point congestion"?
Little business/financial incentive to prioritize the "middle" between end users and hosts where peers connect
328
What is the challenge of, "Inefficient routing protocols"?
BGP was not designed for modern infrastructures
329
What is the challenge of, "Unreliable networks"?
Outages, DDoS attacks, anything that prevents access
330
What is the challenge of, "Inefficient communication protocols"?
TCP was not designed for modern internet, distance is a bottleneck, it's hard to update TCP protocols
331
What is the challenge of, "Scalability"?
Accounting for situations where usage shoots up, ie viral video
332
What is the challenge of, "Application limitations and slow rate of change adoption"?
It's hard to update protocols and processes since so many services/applications can only use the old one
333
What overall change does the proliferation of IXPs/usage of CDNs lead to?
More local traffic
334
What are the three different network protocols that can be used for server selection?
DNS, HTTP Redirection, IP Anycast
335
What is the point of Load Distribution?
Distribute traffic across different servers
336
What's the typical pattern for DNS queries?
One recursive, then however many iterative it takes
337
What are the three data plane traffic manipulation techniques?
Dropped (blackholing)
Man-in-the-middle
Impersonation
