Computer Networks - Final Exam

December 21, 2018

Duration: 2:15 hours, closed book.

• This is a closed-book exam.

• Please write your answers on these sheets in a readable way, in English or in French.

• Please do not use a red pen.

• You can use extra sheets if necessary (don’t forget to put your name on them).

• The total number of points is 100.

• This document contains 22 pages.

• Good luck!

Last Name (Nom):

First Name (Prénom):
SCIPER No:

2 Communication Systems 2 Computer Science

Division:
2 Other (mention it): . . . . . . . . .

2 Bachelor Year 2 2 Bachelor Year 3

Year:
2 Other (mention it): . . . . . . . . .
Problem 1 (10 points)
For each question, please circle a single best answer.

1. We use the Address Resolution Protocol (ARP) to map:

(a) A DNS name to an IP address.

(b) An IP address to a MAC address.
(c) An IP address to an output link.
(d) A MAC address to an output link.

2. You type in your browser the URL of a web page. What is the minimum number of DNS requests that
your computer may send out as a result?

(a) 0.
(b) 1.
(c) 3.
(d) 4.

3. DNS name www.ethz.ch maps to IP address IPold . This mapping expires today at 22h00. An ETHZ
administrator changes the mapping to IPnew at 21h00. An EPFL end-system makes a DNS request for
www.ethz.ch’s IP address at 21h15. What answer will it receive?

(a) IPold .
(b) IPnew .
(c) Both IPold and IPnew .
(d) I don’t have enough information to answer this question.

4. In the context of a peer-to-peer system like BitTorrent, what information does a distributed hash table
(DHT) store?

(a) Content files.

(b) Which peers host each content file.
(c) Metadata files (e.g., .torrent files).
(d) Pointers to metadata files (e.g., magnet links).

5. Alice wants to send 10 bytes of data to Bob and she has the option to use UDP or TCP. Which one will
cause Alice and Bob to exchange more packets?

(a) UDP.
(b) TCP.
(c) They will cause the same number of packets.
(d) It depends on the network conditions.

2
 6. A Network Address Translator (NAT gateway) changes the following fields of a packet going from the
internal (local area) network to the external (wide area) network:

(a) Source IP address.

(b) Source IP address and source port number.
(c) Destination IP address.
(d) Destination IP address and destination port number.

7. The goal of an intra-domain routing protocol is:

(a) All link-layer switches in the same IP subnet learn the best path to each other.
(b) All IP routers in the same IP subnet learn the best path to each other.
(c) All IP routers in the same Autonomous System (AS) learn the best path to each other.
(d) All IP routers in the Internet learn the best path to each other.

8. An IP router has the following entry in its forwarding table: destination IP prefix P → output link x. IP
prefix P belongs to a different AS than the router. How did the router learn this forwarding entry?

(a) By observing traffic.

(b) By participating in a spanning-tree protocol.
(c) By participating in an intra-domain routing protocol.
(d) Through BGP.

9. If we increase the size of a packet switch’s forwarding table, the packets that traverse the switch may
experience higher:

(a) Transmission delay.

(b) Propagation delay.
(c) Queuing delay.
(d) None of the above.

10. If a packet switch that performs store-and-forward packet switching changes to cut-through packet
switching, the packets that traverse the switch may experience lower:

(a) Propagation delay.

(b) Processing delay.
(c) End-to-end delay.
(d) None of the above.

3
Problem 2 (35 points)
Consider the network in Figure 1, consisting of:

• An end-system that runs both a web server process and a DNS server process. This end-system has two
DNS names: www.epfl.ch and dns.epfl.ch. Both DNS names map to the same IP address.

• A set of other end-systems, which use dns.epfl.ch as their local DNS server. They know
dns.epfl.ch’s IP address, but they don’t know that www.epfl.ch maps to the same IP address.

• IP routers R1 , R2 , and R3 .

• Link-layer switches S1 , S2 , and S3 (plus others that are not explicitly shown).

Figure 1: The Network Topology used in Problem 2

4
Question 1 (10 points):
Allocate an IP prefix to each IP subnet and an IP address to each end-system and IP router network interface,
following these rules:

• All IP addresses must be allocated from 100.0.0.0/16.

• Each IP subnet must be allocated the smallest possible IP prefix and must have one broadcast IP address.

• Each end-system and each IP router (but not link-layer switch) interface has an IP address.

Please explain how you compute each IP prefix and fill in Table 1 in the next page.

5
Subnet number IP prefix Interfaces and IP addresses Broadcast IP address
Example: 10.1.1.0/24 x: 10.1.1.0 10.1.1.255
behind router R, y: 10.1.1.1
interface i z: 10.1.1.2

Table 1: Allocation of IP prefixes and IP addresses for the network in Figure 1

6
Question 2 (5 points):
IP routers R1 , R2 , and R3 participate in a least-cost path routing algorithm, which has converged.
Show the forwarding table of R1 and R2 . You do not need to optimize the routes, i.e., you do not need to merge
routes so as minimize the number of entries in each table.

a) Router R1 :

Destination IP prefix Output link

b) Router R2 :

Destination IP prefix Output link

7
Question 3 (10 points):
All link-layer switches have just been rebooted, and all end-system caches are initially empty. Then, the user
of desktop A visits web page www.epfl.ch/index.html, which contains only one image, image.png.

State all the packets that are transmitted or forwarded by all end-systems and IP routers until A’s user
can view the web page. For example, if a packet follows the path A → R1 → R2 → C1, then you should
state it 3 times: when it is transmitted by A, forwarded by R1 , and forwarded by R2 .

Answer by filling in Table 2. When you want to refer to the IP address of interface x, write “x”. When you
want to refer to the MAC address of interface x, write “x”. If a field is not applicable, indicate that with a “–”.
To repeat a field from the above cell, write ”.

Source Dest Source Dst Transp. Src Dst

# Application & Purpose
MAC MAC IP IP prot. Port Port
ex x y w v UDP 5000 6000 HTTP GET image.png
1 MAC of a MAC of h IP of a IP of t TCP 9000 80 HTTP GET index.html
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

Table 2: Packets transmitted or forwarded by all end-hosts and IP routers in Question 3

8
Question 4 (5 points):
Show the forwarding table of each link-layer switch right after the last packet you stated above has arrived
at its destination. Assume that no other traffic was exchanged.

a) Switch S1 :

Destination MAC address Output link

b) Switch S2 :

Destination MAC address Output link

c) Switch S3 :

Destination MAC address Output link

9
Question 5 (5 points):
Suppose there is a firewall between S1 and R1 . Fill the firewall table (use as many rows and columns
as necessary) such that end-systems B1 . . . B999 can access the web pages hosted by www.epfl.ch but
end-system A cannot. Allow the minimum amount of traffic that accomplishes this goal.

10
Problem 3 (20 points)
In the context of this problem, Alice wants to communicate with Bob and achieve some security properties.
Persa is an adversary.

Question 1 (4 points):
Consider the scenario where Persa is sitting on the communication channel between Alice and Bob. Alice
sends a message m to Bob. In each scenario, explain why or why not authenticity (the message is indeed
coming from Alice) is guaranteed.

Scenarios:
+


a. Alice sends m, H KB , m .
+


b. Alice sends m, H KA , m .

where:
+ +
• KA and KB are Alice’s and Bob’s public keys, respectively.

• H is a cryptographic hash function that is known to everyone.

11
Question 2 (5 points):
Consider the scenario where Persa is sitting on the communication channel between Alice and Bob. Alice
uses the following protocol to send a sequence of messages m1 , m2 , ..., mN to Bob:

• Alice sends m1 .

• Alice sends m2 .

• ...

• Alice sends mN .

• Alice sends H (K, m1 ) , H (K, m2 ) , ..., H (K, mN ).

where:

• K is a symmetric key, shared between Alice and Bob.

• H is a cryptographic hash function that is known to everyone.

Bob wants to ensure that the messages were (a) indeed sent by Alice and (b) they were sent by Alice in the
order in which he received them. Does this protocol guarantee each of these? Explain why or why not.

12
Question 3 (6 points):
Consider the scenario where Persa is NOT on the communication channel between Alice and Bob:

Alice — honest switch — Bob

|
Persa

where the switch is honest in the sense that it always forwards packets to the destination specified by the sender.
Alice sends a message to Bob. Bob knows Alice’s true IP address. In each scenario, explain why or why
not authenticity (the message is indeed coming from Alice) is guaranteed.

Scenarios:

a. Alice sends the message to Bob using UDP.

b. Alice sends the message to Bob using TCP: she establishes a TCP connection to Bob, sends her message
using the connection, then closes the connection.

13
(Lab) Question 4 (5 points):
What is an SSH fingerprint and what is it useful for?

14
Problem 4 (35 points)
Assume the following for all the questions in this problem:

• The maximum segment size is MSS = 1 byte.

• The round trip time (RTT) is the same in both directions.

• Each TCP receiver sends an ACK every time it receives a data segment.

• Each TCP sender’s retransmission timeout is fixed and equal to 2 × RTT .

When you complete the diagram in Question 1, the following information should be visible:

- All the segments (including the ACKs) exchanged between the communicating end-hosts.

- The sequence numbers of all data segments.

- The acknowledgment numbers of all ACKs.

- The state of the TCP sender’s congestion-control algorithm.

- The status of the TCP sender’s congestion window and its size (cwnd) in bytes.

- The value of the TCP sender’s congestion threshold (ssthresh) in bytes.

- If your answer includes any dropped segments or ACKs, mark them clearly.

- If your answer includes any timeouts, mark them clearly and indicate the duration of each timeout and
the sequence number of the data segment that timed out.

15
Question 1 (10 points):
In this question, Fast Retransmit/Fast Recovery are DISABLED.

Alice establishes a TCP connection to Bob and then sends 12 bytes of data.
The 3rd, 5th, 6th, 8th, 9th, and 10th segment sent by Bob (counting from the SYN ACK) is dropped.
No other segment, sent by Alice or Bob, is dropped or corrupted.

Show all the segments sent by Alice and Bob, including connection setup (not connection teardown), by
completing the diagram in Figure 2 in the next page.

16
 Sequence number diagram
State of the
cwnd ssthresh
congestion control Sequence Acknowledgement
[bytes] [bytes]
algorithm for Alice number number
Alice Bob

Figure 2: Sequence diagram to be completed for Question 1.

17
Question 2 (10 points):
In this question, Fast Retransmit/Fast Recovery are ENABLED.

When a TCP sender receives 3 duplicate ACKs, she takes that as a hint that a segment was lost, and she
retransmits the oldest unacknowledged segment.

(a) Describe a scenario where this mechanism makes the sender retransmit a segment unnecessarily. Draw
a small diagram to illustrate your scenario.

(b) When the sender enters Fast Recovery, she sets her congestion window to cwnd=ssthresh+3. Why
does the sender inflate its congestion window (why does it not set cwnd=ssthresh)? Why does it do it by
3?

18
Question 3 (15 points):
(a) How does TCP’s congestion control algorithm guess that there is network congestion and that the sender
should decrease her congestion window? Answer in one short sentence.

(b) A network architect proposes to make the packet queues of all packet switches/routers very very large,
in order to ensure almost 0 packet loss. How would this affect TCP’s congestion control algorithm? Do you
think it would do its job better or worse? Justify your answer.

19
Scratch Paper

20
21
Figure 3: The Network Topology used in Problem 2

22