remaining - (IPv6, Security, L5) Flashcards
(17 cards)
Why was IPv6 developed and what problems does it solve?
- IPv6 was developed to solve IPv4 address exhaustion.
- It provides a 128-bit address space, supports hierarchical addressing, removes the need for NAT, and improves packet processing with a simplified header and mandatory path MTU discovery.
What notation is used for IPv6 addresses?
IPv6 addresses use hexadecimal notation with eight 4-digit groups separated by colons (e.g., 47CD:1234:4422:AC02:0022:1234:A456:0124). Decimal notation is not used.
What are the two IPv6 address compression rules?
- Leading zero suppression: Remove leading zeros in each group (e.g., 0001 → 1).
- Consecutive zero compression: Replace consecutive 0000 groups with :: once per address (e.g., 47CD:0000:0000:0000:0000:0000:A456:0124 → 47CD::A456:0124).
What is the format of an IPv4-mapped IPv6 address?
Format: ::FFFF:<IPv4-address> (e.g., ::FFFF:128.96.33.81).</IPv4-address>
Embeds IPv4 addresses in IPv6 using the last 32 bits, with the first 96 bits as zeros followed by FFFF.
Why can’t a single routing protocol scale across the entire Internet?
Traffic overhead: Protocols flood updates, overwhelming large networks.
Indirect communication: Routers can’t directly communicate globally.
Administrative boundaries: Independent entities prioritize policies (e.g., revenue) over shortest paths.
What is the difference between intradomain and interdomain routing?
Intradomain (IGP) operates within a single AS using shortest-path metrics, while interdomain (EGP) operates between ASes using policy-based routing.
Why does BGP use path-vector instead of distance-vector or link-state?
Path-vector allows loop prevention and policy control by advertising full AS paths, which DV and LS cannot do.
Why do exterior routing protocols advertise reachability from the receiver’s perspective?
To hide internal topology and enforce routing policies, preventing external entities from learning internal AS structure.
Why do exterior routing protocols avoid using distance-based metrics?
To conceal internal topology and support policy-based routing over technical optimization.
What are the benefits of using web proxies?
They reduce bandwidth and latency via shared caching and enforce access policies like content filtering.
- hide your IP
- bypasses geo-blocks or filters
- faster for cached content
What are the limitations of web proxies?
They are ineffective for encrypted (HTTPS) or dynamic content, and cache misses reduce efficiency for rare content.
- proxy may log your activity
- some services detect and block proxies
- slower if server is overloaded
- may not encrypt data unless HTTPS is used
What is the difference between names and addresses in networking?
Names are human-readable (e.g., www.example.com), while addresses are machine-readable locators (e.g., 192.0.2.1).
How is the DNS hierarchy structured?
Root (.) → TLDs (e.g., .com, .edu) → Second-level domains (e.g., example) → Subdomains (e.g., www)
What is the difference between iterative and recursive DNS queries?
Iterative: DNS server does not resolve the name completely. Instead, it gives the client the next DNS server to contact.
- The client asks a DNS server: “What is the IP of example.com?”
- The server says: “I don’t know, but here’s the address of the .com TLD server.”
- The client then queries that server, and so on, until it gets the final IP.
Recursive: asks a DNS server to resolve the name completely, and the server takes full responsibility for resolving it.
- The client asks the DNS resolver: “What is the IP address of example.com?”
- The resolver queries other DNS servers (root → TLD → authoritative) on your behalf.
- It keeps querying until it gets the final answer and then returns it to the client.
What motivates the use of CDNs and what problems do they solve?
CDNs (Content Delivery Networks) reduce latency and server load for popular content, solving congestion, distant access delays, and origin overload.
Does this:
You → Nearest CDN Server → Content
Instead of:
You → Distant Origin Server → Content (slower)
How do CDNs use DNS to direct clients to replicas?
CDNs map client IPs to nearby replicas via DNS, returning the closest replica IP during name resolution.
How does DNS spoofing redirect users to malicious sites?
Attackers forge DNS responses using guessed transaction IDs and spoofed IPs. Poisoned caches then misdirect users to fake sites until TTL expires.
