TCP/IP Performance over Wireless Networks

(1)

Prentice Hall High Performance TCP/IP Networking, Hassan-Jain

TCP Congestion Control (2)

An example of the Internet congestion algorithm.

Chapter 6

TCP/IP Performance

over Wireless

Networks

Objectives

§Gain a high-level overview of the most widely used wireless networks

§Understand how characteristics of wireless links adversely impact TCP performance

§Learn techniques to enhance TCP/IP performance over wireless networks

§

Wireless networks

§

TCP performance issues over wireless

links

§

Improve TCP performance over wireless

links

§

Evolution of wireless systems

Wireless

Networks

Generic characteristics of Wireless

Networks

§

Similar propagation delay as wireline

networks

§

High error rate

Interference

Atmospheric condition Multipath fading

(2)

Wireless LAN (WLAN)

§

Wireless link layer

§

Operate at 900 MHz/2.4 GHz/5 GHz band

§

Ethernet connectivity to higher layers

Same header

Same checksum Same frame size

WLAN (Cont.)

§

MAC employs CSMA

No Collision Detection (CD)

Loss/error recovery left to higher layers

§

Interconnection with wired networks

Through a router equipped with both wired and wireless interfaces

Through a transparent bridge

Examples of WLAN

§Lucent’s WaveLan 900 MHz or 2.4 GHz 2 Mbps CSMA/CA §IEEE 802.11

An enhancement over WaveLan

GOptional ACK

GWLAN coordination (master host)

1 or 2 Mbps

Examples of WLAN (Cont.)

§

IEEE 802.11a

Operate a 5 GHz band

Bit rate: between 6 and 54 Mbps

§

IEEE 802.11b

Operate a 2.4 GHz band Bit rate: 5.5/11 Mbps

Cellular Communications (CC)

Networks

§

First generation (e.g. AMPS)

Analog

§

Second generation

Digital

Modest bit rate Circuit-switched

Employed TDMA/CDMA for medium control

CC Networks (Cont.)

§

Higher transmission and propagation

delays, compared with WLAN

§

FEC added to each frame

(3)

CC Networks (Cont.)

§

Interconnected to other networks using

Interworking Function (IWF)

§

Fig. 6.1

Examples of CC Systems

§

GSM

Data rate: 9.6 Kbps

240 bits ARQ (selective repeat) Variable throughput and delay

§

IS-136

Data rate: 9.6 Kbps Advanced ARQ (256 bits)

Examples of CC Systems (Cont.)

§

IS-95 (CDMA)

Data rate: 8.6 Kbps 172 bits ARQ Negative ACK

Trade reliability for limited delay variance

TCP

Performance over

Wireless

TCP Performance Issues

§

Inappropriate reduction of congestion

window

TCP backs off upon detection of packet loss Wireless transmission errors not related to network congestion

§

Severe degradation in TCP throughput

TCP Performance Issues (Cont.)

§

Throughput loss

§

WLAN

Frame Error Rate (FER) 22% reduction in WaveLan

§

CC systems

Increased processing delay due to interleaving Widely varying RTT

(4)

Improving TCP

Performance

TCP Enhancement Schemes

§

Splitting TCP Connections

Split TCP connections at wireless gateways Reduce TCP end-to-end path

Significant processing overhead

Wireless TCP and UDP

Splitting a TCP connection into two

connections.

TCP Enhancement Schemes

(cont.)

§

Snooping TCP at BS

Better than split TCP

Confine retransmission to wireless paths only Fig. 6.4

TCP Enhancement Schemes

(Cont.)

§

Notifying the causes of packet loss

Explicit Loss Notification (ELN) Work well together with Snoop TCP

§

Adding selective ACK to TCP

SACK

Combat multiple losses in one RTT

Comparison

§

Things need to consider when assess TCP

enhancement schemes

End-to-end semantics IP payload access Wireless gateway overhead Ease of deployment Table 6.4

(5)

Evolution of

Wireless

Systems

Evolution of Wireless Systems

§

Trends in CC systems

Support high bit rate data service GHSCSD

GGPRS

GEDGE

Third generation CC systems GUMTS

G3G

Trends in WLAN

§

Provide high speeds

§

Support mobility between adjacent

networks

§

Develop more efficient MAC protocols

§

Personal Area Network (PAN)

§

Bluetooth

§

LMDS

TCP/IP over Heterogeneous

Wireless Systems

§Challenges

Multiple systems co-exist

Direct interoperability between different wireless systems

Hierarchical cellular systems §Research projects

Multi-Service Link Layer (MSLL) Wireless Internet Network (WINE) Wireless Adaptation Layer (WAL)

Firewalls

isolates organisation’s internal net from larger Internet, allowing some packets to pass, blocking others.

firewall

administered

network Internetpublic firewall

Firewalls: Why?

prevent denial of service attacks:

❍SYN flooding: attacker establishes many bogus

TCP connections, no resources left for “real” connections.

prevent illegal modification/access of internal data.

❍e.g., attacker replaces CIA’s homepage with

something else

allow only authorized access to inside network (set of authenticated users/hosts)

two types of firewalls:

(6)

Packet Filtering

§internal network connected to Internet via router firewall

§router filters packet-by-packet, decision to forward/drop packet based on:

source IP address, destination IP address TCP/UDP source and destination port numbers ICMP message type

TCP SYN and ACK bits

Should arriving packet be allowed in? Departing packet

let out?

Internet

Packet Filtering: Examples

§Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23.

All incoming and outgoing UDP flows and telnet connections are blocked.

§Example 2: Block inbound TCP segments with ACK=0.

Prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside.

Application gateways

§Filters packets on application data as well as on

IP/TCP/UDP fields.

§Example: allow select internal users to telnet outside.

host-to-gateway telnet session

gateway-to-remote host telnet session

application

gateway router and filter

1. Require all telnet users to telnet through gateway. 2. For authorized users, gateway sets up telnet connection to

dest host. Gateway relays data between 2 connections 3. Router filter blocks all telnet connections not originating

from gateway.

Limitations of firewalls and gateways

§IP spoofing: router can’t know if data “really” comes from claimed source

§if multiple apps. need special treatment, each has own app. gateway.

§client software must know how to contact gateway.

e.g., must set IP address of proxy in Web browser

§filters often use all or nothing policy for UDP.

§tradeoff: degree of communication with outside world, level of security

§many highly protected sites still suffer from attacks.

Internet security threats

Mapping:

before attacking: “case the joint” – find out what services are implemented on network

Use pingto determine what hosts have addresses on network

Port-scanning: try to establish TCP connection to each port in sequence (see what happens) nmap (http://www.insecure.org/nmap/) mapper: “network exploration and security auditing” Countermeasures?

Internet security threats

Mapping: countermeasures

record traffic entering network

look for suspicious activity (IP addresses, ports being scanned sequentially)

(7)

Internet security threats

Packet sniffing:

broadcast media

promiscuous NIC reads all packets passing by can read all unencrypted data (e.g. passwords) e.g.: C sniffs B’s packets

A B C src:B dest:A payload Countermeasures? Internet Prentice Hall High Performance TCP/IP Networking, Hassan-Jain

Internet security threats

Packet sniffing: countermeasures

all hosts in organisation run software that checks periodically if host interface in promiscuous mode.

one host per segment of broadcast media (switched Ethernet at hub)

A B C src:B dest:A payload Internet Prentice Hall High Performance TCP/IP Networking, Hassan-Jain

Internet security threats

IP Spoofing:

can generate “raw” IP packets directly from application, putting any value into IP source address field

receiver can’t tell if source is spoofed e.g.: C pretends to be B A B C src:B dest:A payload Countermeasures? Internet Prentice Hall High Performance TCP/IP Networking, Hassan-Jain

Internet security threats

IP Spoofing: countermeasures

ingress filtering

Grouters should not forward outgoing packets with invalid source addresses (e.g., datagram source address not in router’s network)

Ggreat, but ingress filtering can not be mandated for all networks A B C src:B dest:A payload Internet

Internet security threats

Denial of service (DOS):

flood of maliciously generated packets “swamp” receiver

Distributed DOS (DDOS): multiple coordinated sources swamp receiver

e.g., C and remote host SYN-attack A

A B C SYN SYN SYN SYN SYN

Internet security threats

Denial of service (DOS): countermeasures

filter out flooded packets (e.g., SYN) before reaching host: throw out good with bad traceback to source of floods (most likely an innocent, compromised machine)

A B C SYN SYN SYN SYN SYN

(8)

Social Issues

§

Privacy

§

Freedom of Speech

§

Copyright

Anonymous Remailers

§

Users who wish anonymity chain

requests through multiple anonymous

remailers.

Freedom of Speech

§ Possibly banned material:

1. Material inappropriate for children or teenagers. 2. Hate aimed at various ethnic, religious, sexual, or

other groups.

3. Information about democracy and democratic values. 4. Accounts of historical events contradicting the

TCP/IP Performance over Wireless Networks

TCP Congestion Control (2)

An example of the Internet congestion algorithm.

Chapter 6

TCP/IP Performance

over Wireless

Networks

Objectives

Contents

§

Wireless networks

§

TCP performance issues over wireless

links

§

Improve TCP performance over wireless

links

§

Evolution of wireless systems

Wireless

Networks

Generic characteristics of Wireless

Networks

§

Similar propagation delay as wireline

networks

§

High error rate

Wireless LAN (WLAN)

§

Wireless link layer

§

Operate at 900 MHz/2.4 GHz/5 GHz band

§

Ethernet connectivity to higher layers

WLAN (Cont.)

§

MAC employs CSMA

§

Interconnection with wired networks

Examples of WLAN

Examples of WLAN (Cont.)

§

IEEE 802.11a

§

IEEE 802.11b

Cellular Communications (CC)

Networks

§

First generation (e.g. AMPS)

§

Second generation

CC Networks (Cont.)

§

Higher transmission and propagation

delays, compared with WLAN

§

FEC added to each frame

CC Networks (Cont.)

§

Interconnected to other networks using

Interworking Function (IWF)

§

Fig. 6.1

Examples of CC Systems

§

GSM

§

IS-136

Examples of CC Systems (Cont.)

§

IS-95 (CDMA)

TCP

Performance over

Wireless

TCP Performance Issues

§

Inappropriate reduction of congestion

window

§