Network Engineer Learning Note Chapter 3 Exchange Technology
Main content: 1, line exchange
2, group exchange
3, frame relay exchange
4, cell exchange
First, line exchange
1. Line exchange: means having an actual physical connection between the two stations, which is the connection sequence of the line between the nodes.
2, three states of line communication: line establishment, data transfer, line demolition
3, line exchange disadvantage: Typical user / host data connection state, the line is idle in most of the time, so the data connection efficiency is low; it is fixed to the connection provided by the line switch; The two devices must be transmitted and received with the same data rate, which limits the interconnect communication of various hosts and terminals on the network.
Second, packet switching technology
1 Network load is reduced; the use of priority.
2. Packet exchange and packet exchange main difference: In group switched networks, limit the length of the transmitted data unit. The packet switching system is adapted to larger packets.
3, the technical features of the virtual circuit: a path between the station and the station before data transfer.
4, the advantages of the datagram: avoid call setup status, if a small amount of packets are sent, the datagram is faster; due to its primitive, it is more flexible; the data report is particularly reliable.
5, a few descriptions:
The route exchange is basically a transparent service. Once the connection is established, the fixed data rate is provided to the site, whether it is analog or digital data, can pass this connection from the source to the purpose. In grouping, the analog data must be converted into digital data to transfer.
6, external and internal operations
External virtual circuit, internal virtual circuit. When the user requests the virtual circuit, establish a dedicated route through the network, and all packets use this route.
External virtual circuit, internal dibary. The network handles each packet separately. The packet sent from the same external virtual circuit can be used in different routes. At the point of origin, if you need to be built first, and transfer them sequentially to the destination site.
External Datashers, Internal Datashers. From the perspective of users and network, each packet is handled separately.
External datagram, internal virtual circuit. External users are not connected, it is just sending packets to the network. The network establishes a logical connection to the station between the stations, and can separately maintain an extended time to meet the expected future needs.
Third, frame relay exchange
1, X.25 Features: (1) Call control packets for establishing and terminating virtual circuits and data packets use the same channel and virtual circuit; (2) The third layer realizes multiple multiplexing virtual circuits; (3) The second layer and the third layer include flow control and error control mechanisms.
2, the difference between the frame relay and the X.25: (1) The call control signal is separated from the user data, so that the intermediate node does not have to maintain status table or processing information related to call control; (2) The second layer is not a multi-channel multiplexing and exchange of logical connections in the third layer, so that the entire layer is eliminated; (3) Do not use step-by-step flow control and error control.
3. Four applications of frame relay on high-speed H channels: data block interaction application; file transfer; low rate multiplex; character interactive communication.
Fourth, cell exchange technology
1, ATM cell
The ATM data transfer unit is a fixed length group called cell, which has a cell header and a cell information field. The cell length is 53 bytes, wherein the letter header accounts for 5 bytes, and the information field accounts for 48 bytes.
The main function of the cell head is: the network route of the cell.
2, ATM uses asynchronous time division multiplexing technology ATDM, ATDM adopts queuing mechanism, and it is necessary to be separated and stored in the queue before sending to the media, which requires speed matching and letter. The boundary of the yuan. 3, application independence: mainly in terms of time independent and semantic independence. Time is independent, that is, the application clock and network clock are not associated. Semanticity is independently between cell structure and application protocol data unit, all of which are related to the application is in the information field of cell.
3, ATM cell logo
ATM uses virtual channel mode, with a logical number identifier with a logical channel. For a given multiplexer, the identity is local and changes at any switching part.
The logo of the channel is based on two identifiers, ie the virtual path identifies VPI and the virtual channel identifier VCI. A virtual passage VP contains several virtual channel VCs
4, ATM network structure
Virtual Channel VC: A concept for describing the ATM cell one-way transmission, and the cell is associated with a unique identifier value-virtual channel identifier VCI.
Virtual passage VP: A concept of one-way transmission of ATM cells belonging to a virtual path, and the virtual path is associated with a marking value-virtual path identifier.
Virtual channels and virtual pathpers are used to describe the routes of the ATM cell one-way transmission. Each virtual pathway can be used to accommodate up to 65535 virtual channels, which belong to the cell group of the same virtual channel, and use the same virtual channel identifier VCI, which is part of the cell.
Chapter 4 Network Architecture and Agreement
Main content: 1. Definition of network architecture and agreement
2, open system interconnect reference model OSI
3, TCP / IP protocol set
I. Definition of network architecture and protocol
1. Network Architecture: It is the level of communication between the computers, and the aggregation between the protocols and hierarchies in each layer.
2, Network Protocol: It is a collection of rules that must be observed when exchange information between inter-individual entities that communicate with each other in a computer network and distribution system.
3, syntax: including data format, coding, and signal levels.
4, Semantics: Includes control information for protocol and error processing.
5. Timing: Includes speed matching and sorting.
Second, open system interconnection reference model
1. International Standardization Organization ISO has established a sub-committee in 1979 to study an architecture for open system, and proposes an open system interconnect OSI model, which is a standard main structure that defines a connection heterogeneous computer.
2, OSI Description: OSI uses a layered structured technology, a total of seven layers, physical layers, data link layers, network layers, transport layers, session layers, representations, and application layers.
3, the characteristics of the OSI reference model: is a hierarchical structure of a heterogeneous system interconnect; a standard skeleton that controls the interaction of interconnect systems; defines an abstract structure, not specific implementation; The entity of the layer is the same layer entity; communication between the same layer entity is managed by the protocol management of the layer; the interface between the intercommunications defines the service provided by the primitive operation and the low-level to the upper layer; the public service provided is a connection or no Connected data service; direct data transfer is only implemented at the lowest layer; each layer is completed, modifying the functionality of this layer does not affect other layers.
4, physical layer: Provide the characteristics of mechanical, electrical, functional, and procedures required to establish, maintain, and dismantle the physical link; transmitted non-structured bitstreams and fault detection instructions on physical links.
5. Data Link Layer: Provides data transmission and reception between network layer entities; providing flow control of the data link.
6, network layer: Control the operation of the packet transfer system, routing, support control, network interconnection, etc., its role is to transparently transparently transparent the specific physical transfer.
7. Transportation layer: Provide functions for establishing, maintaining, and removing the transfer connection; selecting the network layer to provide the most appropriate service; providing reliable transparent data transfer between the system, providing end-to-end error recovery and flow control. 8, the session layer: Provide two functions to establish, maintain, and end session connection between two processes; provide management functions for interactive sessions, such as control of three data flow directions, ready-to-use interaction, two alternating and two-way session mode.
9, indicating the layer: represents the application process negotiation data; complete data conversion, formatting, and text compression.
10. Application layer: Provide OSI user services, such as transaction programs, file transfer protocols, and network management.
Third, TCP / IP layers
1, TCP / IP hierarchical model
The Internet uses TCP / IP protocols, such as the OSI reference model, TCP / IP is also a hierarchical model. It is based on the four conceptual hierarchies on the hardware level, namely the network interface layer, the IP layer, the transport layer, and the application layer.
Network interface layer: also known as the data link layer, which is the bottom of TCP / IP. Function: Responsible for receiving IP datagrams and sending to selected networks.
IP layer: Communication between IP layer processing machines. Function: It receives a request from the transport layer and sends a packet with the destination address. Package the packet into the datagram, fill in the data header, use the routing algorithm to decide whether to transfer the datagram to the destination host or pass it to the router, then submit the data to the corresponding network interface to transfer.
Transport layer: It is a communication between the application layer, that is, end-to-end communication. Function: Manage information flow, providing reliable transmission services to ensure that data is not wrong in error.
2, the boundary line of the TCP / IP model
Protocol Address Direction: Taking the address of the high-level and low-level, high-level addressing uses the IP address, low-level addressing uses physical addresses. The protocol software above the application IP layer only uses the IP address, and the network interface layer processes the physical address.
Operating System Direction Line: Distance System and Application. Between the transport layer and the application layer.
3, multiplexing and decomposition
When sending a message, the sender adds information on the packet, selects the protocol, etc. in the packet. All messages are transferred in the network in the form of a frame to form a packet stream. When the receiver receives a packet, refer to additional information to decompose the received packet.
Fourth, IP protocol
1, Internet architecture
A TCP / IP Internet provides three sets of services. The bottom floor provides a basis for services for other layers. A second layer of reliable delivery provides a high-level platform for the application layer. The highest layer is the application layer service.
2, IP protocol: This unreliable, unconnected transfer mechanism is called an Internet protocol.
3, IP protocol three definitions:
(1) IP defines the basic unit and data format of data transfer on TCP / IP Internet.
(2) The IP software completes the route selection function, and select the path to the data transfer.
(3) IP contains a set of unreliable grouping regulations, indicating the rules of packet processing, error information, and group moral education.
4, IP Data Report: The basic transfer unit of the network is an IP datagram, including data headers and data parties.
5, IP Data Unit: Physical Network will include the entire data of the datagram header as data package in one frame.
6. MTU network maximum transfer unit: Different types of physical networks are different from the amount of data that can be transmitted by a physical frame.
7. Recombination of IP datagram: First, by a network recombination; the other is to reorganize after reaching the host. The latter is better, which allows the router to be routed independently, and the router is not required to store or reorganize the segmentation.
8. Survival time: The IP datagram format is provided with a living time field to set the time that the datagnet allows for the time to exist in seconds. If its value is 0, it is deleted from the Internet and sent back to the source site back an error message. 9, IP Data Documentation:
The IP Data Note field is mainly used for network testing or debugging. Includes: Record route options, source routing options, timestamp options, etc.
The route and timestamp options provide a way to monitor or control the router routing datagram.
V. User Data News Agreement UDP
1, UDP protocol function
In order to identify multiple destination addresses on a given host, multiple applications are allowed to work and receive data reports on the same host and can independently perform data reports.
Using UDP protocols include: TFTP, SNMP, NFS, DNS
UDP uses the underlying Internet protocol to transfer packets, providing unreliable connection datagram transfer services as IP. It does not provide packets to confirm, sort, and flow control.
2, UDP report formulation
Each UDP message is divided into two parts: UDP header and UDP data area. The header consists of four 16-bit long (8-byte) fields, indicating the source port, destination port, packet length, and checksum of the message, respectively.
3, hierarchical and encapsulation of the UDP protocol
In the TCP / IP Protocol hierarchy model, UDP is located on the IP layer. The application accesses the UDP layer and then uses the IP layer to transfer the datagram. The header of the IP layer indicates the source host and destination host address, and the header of the UDP layer indicates the source port and destination port on the host.
4, UDP multiplexing, decomposition and port
The multiplexing and decomposition between the UDP software application must be implemented through port mechanisms. Each application must negotiate with the operating system before sending a datagram to obtain the protocol port and the corresponding port number.
UDP Decomposition Action: After receiving the datagram from the IP layer, decompose according to the destination port number of the UDP.
There are two ways to specify the UDP port number: the manager is specified by the management agency as a famous port and dynamic binding.
6. Reliable data streaming TCP
1, TCP / IP reliable transmission service five features: Data stream, virtual circuit connection, buffered transmission, unable data stream, full duplex connection.
2, TCP uses a positive confirmation technology with retransmission functions as the basis for reliable data streaming services.
3. In order to improve the efficiency of the data stream transmission process, the sliding window protocol is introduced on the basis, which allows the sender to send multiple packets before waiting for a confirmation. The sliding window protocol specifies that only the unrecognized grouping is retransmitted, and the number of packets that are not confirmed is the size of the window.
4, TCP function
The TCP defines the data and confirmation information exchanged between the two computers and the confirmation information, and the actions taken by the computer to ensure the correct arrival of the data.
5, TCP connection is a virtual circuit connection, the connection uses a pair of endpoints, the endpoint is defined as an integer (Host, Port) where Host is the host's IP address, and Port is the TCP port number on the host.
6. TCP uses a special sliding window protocol mechanism to solve transmission efficiency and traffic control, and the sliding window mechanism used by TCP solves the end-to-end traffic control, but does not solve the congestion control of the entire network.
7, TCP allows the window to change the window at any time, indicating how many data can be received by the payment value, the notification value increases, the sender is expanded to send the sliding window; the payment value is reduced, the sender reduces the send window.
8, TCP packet format
The packet is divided into two parts: header and data, the header carries the desired identity and control information.
The confirmation number field indicates that the unit wants to receive the serial number of the next byte group;
The value of the sequence number field is the position of the data stream flowing up, that is, the transmission number;
The confirmation number refers to a data stream that flows to the opposite direction to the report paragraph.
9, TCP uses 6 distal code bits to indicate the application destination and content of the report segment.
URG emergency pointer field available; ACK confirmation field is available; PSH request emergency operation; RST connection reset; SYN synchronization sequence number; FIN transmits Founder stream ends. 10, TCP three handshake
In order to establish a TCP connection, two systems need to synchronize their initial TCP serial number ISN. The serial number is used to track the order of communication and ensure that there is no loss when multiple packages are transmitted. The initial number is the start number when the TCP connection is established.
Synchronization is achieved by exchange with a data package with a control bit called SYN with an ISN and a 1 bit.
The handshake can be initiated by one party, and the two-way peer data flow can be initiated, and there is no main relationship.
Chapter 5 Bureau Domain Network Technology
Main content: 1. Definition and characteristics of local area network
2. Various popular local network technology
3. High-speed LAN technology
4, exchange-based local area network technology
5. Wireless LAN technology and metro network technology
First, local area network definition and characteristics
LAN (LOCAL AREA NETWORK) is a communication network that interconnects various communication devices in the small area.
1. Three characteristics of local area network: (1) High data rate at 0.1-100 Mbps (2) short distance 0.1-25km (3) low error rate 10-8-10-11.
2. Three techniques that determine the local area network characteristics: (1) Media (2) for transmitting data (2) for connecting the topology of various devices (3) to share the media control method of resources.
3. Design a good media access control protocol three basic goals: (1) The protocol is simple (2) obtaining a valid channel utilization (3) to fairness and reason to the users on the Internet.
Second, Ethernet Ethernet IEEE802.3
Ethernet is a total route type LAN, which uses carrier monitor multi-channel access / conflicts to detect CSMA / CD media access control methods.
1, carrier monitor multi-way access
CSMA control scheme: (1) a station to send, first need to listen to the bus to determine if there is a transmission signal of other stations on the media. (2) If the medium is idle, it can be sent. (3) If the media is busy, wait for a period of time to try again.
Adhere to the defense algorithm:
(1) Non-adhered CSMA: If the medium is idle, send; if the medium is busy, wait for a while, repeat the first step. Using random retransmission times to reduce the probability of conflicts, disadvantages: Even if there are several stations with data transmission, the media still may be idle, and the utilization rate is low.
(2) Adhere to CSMA: If the medium is idle, send; if the medium is busy, continue to listen until the media is idle, send it immediately; if the conflict occurs, wait for a random time and repeat the first step. Disadvantages: If there are two or more sites with data to be sent, the conflict is inevitable.
(3) P- insist on CSMA: If the medium is idle, then transmitted in P, and the probability of (1-p) delays a time unit, the time unit is equal to the maximum propagation delay time; if the medium is busy, Continue to listen until the medium is idle, repeat the first step; if the transmission is delayed a time unit, repeat the first step.
2, carrier monitor multi-channel access / conflict test
This protocol is widely used in the local area network, during each frame transmission, while having the ability to detect conflicts, once the conflict is detected, immediately stop sending, and send a string blocking signal to the bus, notify the bus on each station conflict has occurred In this way, the capacity of the channel is not wasted because there is a corrupted frame. Conflict Time: For the baseband bus, equal to twice the maximum propagation delay between any two stations; for broadband bus, conflict detection time is equal to four times the maximum propagation delay time between any two stations.
3, binary retraction algorithm:
(1) For each frame, when the conflict occurs for the first time, set the parameter to L = 2;
(2) A random number in 1-L time slice, 1 time slice is equal to 2A;
(3) When a conflict occurs in the frame, the parameter L is doubled;
(4) Set a maximum number of retransmission, then no longer retransmit, and report an error.
Second, the marker ring network Toke Ring IEEE802.5
1, the labeled work process:
The marker ring network is also known as the entitlement network, which uses a tag along the ring cycle, and when each station does not have a frame transmission, the marked form is 01111111, called the air mark. When a station is to send a frame, you need to wait for an empty tag to pass, and then change it to a busy mark 01111110. It is busy with busy, and the data is sent to the ring. Since the tag is busy, other stations cannot send frames, they must wait. The transmitted frame returns to the send station after a week, and the frame is removed from the ring. At the same time, the busy mark is changed to an empty mark, and it is sent to the back station to obtain the permission of the send frame.
2, the length of the ring is calculated, the formula is: the number of bits on the ring is equal to the propagation delay (5 μs / km) × transmitting medium length × data rate repeater delay. For 1km long, 1Mbps rate, 20 sites, the number of bits stored on the ring is 25 bits.
3, the process of the site receiving frame: When the frame passes the station, the station compares the address of the frame and the address of the site, if the address is in line, then places the frame into the receiving buffer, re-input the station, and the frame Send back to the ring; if the address is not met, you will simply re-import the data.
4, priority strategy
The various sites on the marker ring network can be different priority, and the distributed height algorithm is implemented. The format of the control frame is as follows: p priority, T air, M monitoring bit, reservation bit
Third, fiber distributed data interface FDDI ISO9314
1, FDDI and marking ring media access control standards close, have the following benefits:
(1) The marker ring protocol is high in operation under heavy load conditions, so the FDDI can obtain the same efficiency.
(2) Use similar frame formats, global network network interconnections, and this chapter will discuss this problem in the back network.
(3) It is easy to understand the fddi of IEEE802.5.
(4) The practical experience of IEEE802.5 has accumulated, especially the economy of integrated circuit films, for the manufacturing of FDDI systems and components.
2, FDDI technology
(1) Data encoding: It is expressed as 1 with an optical pulse, and no light energy is expressed as 0. FDDI adopts a new coding technology called 4b / 5b. Each time the four digits are encoded, each four digits are encoded into five symbols, and the existence of light is not to represent each of the five symbols, each bit is 1 or 0. This encoding increases efficiency by 80%. In order to obtain signal synchronization, a secondary encoding method is used, first press 4B / 5B, then use a non-returned zero system called inverted phase, which is similar to differential encoding. (2) Clock offset: FDDI distributed clock scheme, each station with separate clock and elastic buffer. The data clock entering the site buffer is determined according to the clock of the input signal, but the signal clock output from the buffer is determined according to the clock of the station, this scheme makes the number of repeaters in the ring are not subject to clock offset factors. limits.
3, FDDI frame format:
It can be seen that the FDDI MAC frame and the IEEE 802.5 frame are very similar, including: FDDI frame contains the above, is very important for the clock synchronization of high data rate; 16-bit and 48-bit addresses are allowed in the network, than IEEE802 .5 is more flexible; the control frames are also different.
4, FDDI protocol
Two main differences between FDDI and IEEE802.5:
(1) The FDDI protocol specifies that the new tag frame is sent immediately after sending a frame, and IEEE 802.5 specifies the new marker frame when the front edge of the frame is sent to the transmit station.
(2) The capacity allocation scheme is different. Both can be used in a single marker, and the equivalent equivalent access to each site is provided, and it can also be assigned to some sites. IEEE 802.5 uses priority and appointment programs.
5. In order to meet the requirements of the two communication types, FDDI defines two types of communication types and asynchronous communication, defining a target tag loop time TTRT, and each site has the same TTRT value.
Fourth, local area network standard
The IEEE 802 committee was established by the IEEE computer in February 1980. The purpose is to provide a connection standard for digital devices in the LAN, and later expanded to the metro network.
1. Service Access Point SAP
In the reference model, each entity and the same level of the other entity communicate in accordance with the protocol. In one system, communication between the entities and the upper and lower layers communicate over the interface. Use the service access point SAP to define the interface.
2, logical connection control sub-layer LLC
IEEE 802 specifies two types of link services: no LLC (Type 1), information frame is between LLC entities, no need to establish a logical link between the same layer entity, which is neither confirmed, no Flow control or error recovery function.
Connecting LLC (Type 2), any information frame, a logical link must be established between a pair of LLC entities before exchange. In the data transfer mode, the information frame is sent in order, and the error recovery and flow control function are provided.
3, Media Access Control Sublayer Mac
The MAC specified in the IEEE 802 has a CSMA / CD, a tag bus, a marking ring, and the like.
4, service primitive
(1) ISO service primitive type
Request primitives For service users to request certain services from the service provider, such as establishing a connection, sending data, ending the connection, or status report.
Indication primitives to enable service providers to prompt a status to a service user. If a connection request, the input data or the connection ends.
Response primitives To enable service users to respond to previous IndiaCations, such as accepting Indication.
Confirmarion primitives to enable service providers to report success or failure of previous requests.
(2) IEEE802 service primitive type
Compared with the ISO service primitives compared to the ISO's original type and ISO have the same meaning. IEEE 802 does not have a reponse primitive type, and the CONFIRMATION primitive type is defined as a confirmation of the service provider. V. Logical link control protocol
1. IEEE 802.2 is a function, characteristics, and protocol describing the logical link LLC sub-layers in the LAN protocol, describing the interface service specification for the LLC sublayer on network layers, MAC sub-layers, and LLC sub-layer management functions.
2, LLC sublayer interface service specification IEEE802.2 defines three interface service specifications: (1) Network layer / LLC sublayer interface service specification; (2) LLC sub-layer / MAC sublayer interface service specification; (3) LLC Interfacial service specification for sub-layer / LLC sublayer management function.
3. Network layer / LLC sub-interface service specification
Provide two service methods
Uneasceless service: Uncertainty-free data transmission service provides the establishment of a data link level connection and network layer entity can exchange link service data unit LSDU means. The data transmission mode can be a point-to-point mode, multipoint or broadcast. This is a datagram
Connected service: Provides a means of establishing, using, reset, and terminating data link layers. These connections are Point-to-point connections between LSAP, which also provides sequencing, flow control, and error recovery of data link layers, which is a virtual circuit service.
4, LLC sub-layer / MAC sublay interface service specification
This specification illustrates the service requirements of the LLC sub-layer on the MAC sub-layer so that the LLC data unit is exchanged between the local LLC sub-entity.
(1) Service primitives are: ma-data.request, ma-data.indication, ma-data.confirm
(2) LLC protocol data unit structure LLC PDU:
Destination Service Access Point Address field DSAP, one byte, where the seven actual address, one is the address type flag, used to identify the DSAP address as a single address or group address.
Source Service Access Point Address Field SSAP, one byte, where seven actual addresses are used to identify the LLC PDU as command or response to the command / response flag.
Control field, information field.
5, LLC protocol type and class
LLC defines two operations for data communication between service access points: Type I operation, inter-LLC exchange PDU does not need to establish a data link connection, which is not confirmed, and there is no traffic control and error recovery.
Type II operation, between the PDUs of the two LLC exchange band information, must first establish a data link connection, and normal communication includes transmitting a PDU with information from the source LLC to the destination LLC, which is transmitted from the PDU in the opposite direction. confirm.
LLC Type: Class 1, LLC only supports type I operation; second type, LLC supports both type I operations and II operations.
6, the elements of the LLC protocol
Three formats of the control field: with numbered information frame transmissions, with numbered monitoring frame transmission, no number control transmission, no number information transmission.
The number of information frames and band-numbered monitoring frame transfers can only be used for Type II operations.
No numbered control transmission and no number information transmission can be used in type I or II operation, but cannot be used at the same time.
Information frames are used to send data, monitor frames for answering response and flow control.
6. CSMA / CD Media Access Control Protocol
1. Three primitives for MAC services
Ma-Data.Request, Ma-Data.indication, Ma-data.confirm
2, the frame structure of media access control
The MAC frame of the CSMA / CD consists of 8 fields: a preamble; the frame starting a degree sfd; the source and destination address DA, SA of the frame; the field representing the length of the information field; the logical connection control frame LLC; padded field PAD Frame test sequence field FCS.
Precatalog: Includes 7 bytes, each byte 10101010, which is used to make the PLS circuit and the received frame timing to be steady-state synchronization. Frame starting unit: field is a 10101011 sequence, which follows the beginning of a frame after it is followed by the preamble. Frame Check Sequence: Both the sending and reception algorithm use a cyclic redundancy check (CRC) to generate the CRC value of the FCS field.
3, Media Access Control Method
IEEE 802.3 standard provides the functional description of the media access control sub-layer, there are two main functions: data package (transmission and reception), complete frame (frame setting, frame synchronization), addressing (source, and destination address processing) ), Error detection (detection of physical media transmission errors); media access management, completion of media allocation avoid conflicts and resolve dispute processing conflicts.
7. Marking ring media access control protocol
The labeling ring LAN protocol standard includes four parts: logical link control LLC, media access control MAC, physical layer PHY, and transmission media.
1. IEEE802.5 specifies the standards of the three parts of the latter. LLC and MAC are equivalent to the second layer (data link layer) of OSI, PHY is equivalent to the first layer (physical layer) of OSI. LLC uses the service of the MAC sub-layer, providing network layers, MAC control media access, PHY responsibility, and physical media interface.
2, Media Access Control Frame Structure
There are two basic formats: tags and frames. The transmission of frames in IEEE 802.5 is sent from the highest bit starts, while IEEE802.3 and IEEE802.4 are exactly the opposite, and the transmission of frames starts from the lowest position. This point is sent to different protocols. The local area network is interconnected to conversion.
3, Media Access Control Method
(1) Frame transmission: The access system of the physical medium in the ring is controlled by the method of transmitting a marker along the ring. The tagged station has an opportunity to send a frame or a series of frames.
(2) Tag Send: After completing the frame transmission, the station is to see if the address is returned in the SA field. If it is not asked, the station will send the pad, otherwise send the tag. After the marker is sent, the station remains in the transmission state, and all frames transmitted by the station are removed from the ring.
(3) Frame Receive: If the type bit of the frame is represented as a MAC frame, the control bit is explained by all the stations on the ring. If the DA field of the frame matches the single address of the station, the associated group address, or broadcast address, the FC, DA, SA, INFO, and FS fields are cop into the receiving buffer, and then transfer to the appropriate sublayer.
(4) Priority: Access the priority bits PPP and the reservation bit RRR in the control field, making the higher priority priority of the service priority to the ring in the ring.
Eight, fast Ethernet
1, fast Ethernet type
Fast Ethernet is a new IEEE LAN standard that is completed by the original Ethernet standard IEEE802.3 working group in 1995. Quick Ethernet official name is 100Base-T.
Shared Media Fast Ethernet and traditional Ethernet use the same media access control protocol CSMA / CD all media access control algorithm unchanged, just 10 times the relevant time parameters.
Fast Ethernet three standards: 100Base-4,100Base-TX, 100Base-FX
Quick Ethernet products:
Adapter: One side is the bus structure, transfer the data to the host, repeater or hub; pick up the selected medium, can be twisted pair, fiber, or a media independent interface MII, MII is used to connect the outside The transceiver is used, its function is similar to the AUI of the Ethernet.
HUB: The switch for repeaters and swap mechanisms that can be divided into shared mechanisms. Jiu, network based on exchange technology
1, switch network structure
Two main application forms of switching technology are: Folded backbone and high speed server join.
2, full duplex Ethernet
The full duplex runs between the exchanger, and between the switch and the server, the link characteristics work together with the switch, which makes the data stream flow in both directions in the link, not all transceivers support it Fully duplex function.
3. The whole duplex is most useful in the following situations:
(1) Between the server and the exchanger. This is the most common configuration of the current full-duplex application.
(2) Between two switches.
(3) Between the two switches away from it.
3, multimedia
Multimedia applications based on video compression algorithms such as MPEG, JPEG, H.261.
Disadvantages: Delayed by the network cache, on the one hand to insert enough cache, on the other hand, can't be too large, so that the video delay that cannot be accepted.
There are four solutions for low latency requirements for video applications:
(1) Using a 10MBPS switch
(2) Using 100Mbps repeater
(3) Exchanger with 100Mbps
(4) Flow control technology
4, Gigabit Ethernet
Gigabit Ethernet also has two standards of copper wire and cable.
Copper wire standard 1000BASE-CX, maximum transmission distance, 25 feet, and use 150 ohm shield twisted pair STP,
The cable standard 1000BASE-SX, 850 nm short wavelength, 300m transmission distance.
1000BASE-LX, 1300 nm wavelength, 550m transmission distance.
Ten, ATM LAN
XI, Wireless LAN
1, IEEE802.11 architecture
The wireless LAN minimum constituent module is the basic service set BSS, which consists of some sites running the same MAC protocol and the same shared media. An extended service set ESS consists of two or more BSS interconnected by a distribution system.
2, based on mobility, wireless LAN defines three sites:
(1) Do not migrate, the location of such a site is fixed or only within the communication range of a communication site of a BSS.
(2) BSS migration, the site migrates from an ESS BSS to another BSS of the same ESS. If data is performed, adding the addressing function is required to identify the new location of the site.
(3) ESS migration, the site migrates from an ESS BSS to another ESS. Service was destroyed.
3, physical media specifications
(1) Infrared: The data rate is 1 Mbps or 2 mbps, and the wavelength is between 850 nm and 950 nm.
(2) Direct sequence extending spectrum: running at 2.4GHzISM band. There are up to 7 channels, each channel has a data rate of 1 Mbps or 2 Mbps.
(3) Frequency beating expansion spectrum: running at 2.4GHzISM band, in research.
4, Media Access Control
One MAC algorithm formed by IEEE 802.11 is called DFWMAC distributed basic wireless Mac, which provides a distributed access control mechanism, which is an optional central access control protocol.
(1) The distributed coordination function sub-layer DCF is used in the MAC layer, and the contention algorithm is used to provide access control for all communication. General asynchronous communication uses DCF.
(2) On the upper side of the MAC layer is the point coordination function PCF, and the central MAC algorithm is used to provide unwarable services.
5, distribution protocol function
The DCF sublayer uses a simple CSMA algorithm. DCF has no conflict testing, in order to ensure the smooth and fairness of the algorithm, a series of delays are equivalent to a priority mechanism. First, a simple delay called inter interular void IFS is considered. Twelve, Metropolitan area network
The Metropolitan Network is a communication structure network that fully supports data, sound and image integrated business transmission in a geographic coverage of 5km-100km. It uses fibers as the main transmission medium with a transmission rate of 100 Mbps or higher. IEEE802.6 distributed queue Dual buses DQDB is the standard of metro network.
Chapter 6 WAN Technology
Main content: 1, public exchange telephone network PSTN
2, integrated business digital network ISDN
3, group switched network X.25
4, frame relay network fr
5, asynchronous transfer mode network ATM
6, Digital Data Network DDN
7, mobile communication and satellite communication network GSM
8, cable modem Cable Modem
9, digital subscriber line XDSL
First, telephone network
Public exchange telephone network PSTN is a communication network that provides telephone communication services to the public. Telephone communication networks provide telephone communication services while providing non-voice data communication services.
1. Computer exchange extension CBX
Number phone: Can establish a comprehensive sound / data workstation
Distributed structure: The reliability of multi-channel or gateway structure with distributed intelligence is improved.
Non-blocking structure: All telephone and equipment have specialized specified ports.
CBX structure: The core is a certain digital switch network. The switch is responsible for operating and exchange of digital signal streams, and the digital switch network consists of some space division and time division. The shape is a primary interface unit that accesses an external or an external accessible interface unit via an interface unit. Typically, the interface unit completes the multi-channel multiplexing function to accommodate multiple input lines. On the other hand, in order to achieve the full duplex operation, the unit should be connected to the switch with the two lines.
Second, point-to-point communication
1. Communication between point-to-point is mainly suitable for both cases: (1) is a variety of local area networks, including many hosts and some networked devices and routers connected to the outside, pass points The rental line and the remote router are connected; (2) Yes, thousands of users are connected to the Internet at home, which is the most important application for point-to-point connections.
2, serial IP protocol (SLIP)
SLIP is developed in 1984, and the agreement text is described as RFC1055.
Working process: When the workstation sends an IP packet, with a special flag byte (OXCO) at the end of the frame, if the same flag byte is contained in the IP packet, add two padding bytes (OXDB, OXDC) After that, if the IP packet contains OXDB, the same padding byte is added.
Existing problems: (1) This protocol does not have any error and error correction functions; (2) only support IP packets; (3) Everyone needs to know the IP address on the other hand, and the setting is not dynamically assigned to IP Address; (4) Does not provide any authentication; (5) Unconducted is an Internet standard.
3, point-to-peer protocol (PPP)
The PPP sets a set of data links from the Internet IETF, which is described in RFC1661.
Main functions: The method of framework can be clearly clear, and the next frame start, frame format also handles error detection; link control protocol LCP is used to start the line, test, optional functional negotiation, and turn off the connection; The negotiation method of the layer optional function is independent of the network layer protocol used, so it is applicable to different network control protocol NCP.
work process:
(1) The PC calls the ISP router via a modem, and then the modem side is in response to a telephone call, and establishes a physical connection. (2) The PC then sends a series of LCP packets to the router, with these packets and their responses to select the PPP parameters used.
(3) When the two parties are consistent, the PC sends a range of NCP packets to configure the network layer (the function of NCP is dynamically assigned IP address) PC is an Internet host, which can send and receive IP packets.
(4) When the PC user completes the transmission, the NCP is not required to disconnect the network layer when the reception function is required, and the IP address is released, and then the LCP is disconnected.
(5) Final PC notification modem disconnects the phone and releases the physical layer connection.
Third, integrated business digital network isDN
Integrated Business Digital Network IsDN is a set of standards developed by the International Telephone Advisory Committee CCITT and national standardized organizations, which will determine the connection of user equipment to the global network, making it easy to handle sound, data, and image communication with digital form. . ISDN provides a variety of service access, providing an open standard interface, providing an end-to-end digital connection, and the user has flexible intelligent control through the public channel, end-to-end signaling.
1, ISDN system structure
NT1: Network terminal device, not only the role of the connector, but it also includes network management, testing, maintenance, and performance monitoring. It is a physical layer device.
NT2: It is a computer exchange extension CBX, NT1, and NT2 connections, and provides a true interface for various, terminals, and other devices.
CCITT defines four reference points for ISDN: R, S, T, U. U> Connect the ISDN switching system and NT1, currently using two-wire copper twisted pair; T reference point is a connector supplied to the user on NT1; S-reference is the interface of ISDN and CBX and ISDN terminals; R reference point It is a connection terminal adapter and a non-ISDN terminal; the R reference point uses many different interfaces.
2, ISDN's function: line exchange, packet exchange, public channel signaling, network operation, and management database and information processing and storage.
(1) Line exchange supports real-time communication and a large amount of information transmission, the rate is 64kbps, in the ISDN environment, the line exchange connection is controlled by the public channel signaling technology.
(2) Packet exchange supports burst communication characteristics like interactive data applications, and the rate is 64kbps.
(3) Public communication order is used to establish, manage, and release line exchange connections, and the ccitt public communication system ccssno.7 is used to exchange signaling.
3, ISDN define two digital-bit channel interfaces between switching devices and user equipment
Basic Rate Interface BRI: 2B D, two 64 kbps of the data of the data and the data of the data and a transmission control signal and data 16 kbps packet switched data channel D channel. 144kbps
One population rate interface PRI: 23B D or 30B D, in North America, European countries
ISDN publicly uses public communication signaling technology to achieve user network access and information exchange. Allows a common channel signaling path to control multiple line exchange connections.
4, ISDN protocol reference model
The ISDN reference model and the ISO / OSI reference difference are multi-channel access interface structure and public channel signaling, which includes a variety of communication modes and capabilities: line exchange connections under public channel signaling control, on the B channel and D channels The group switched communication, the signaling between the user, and the network device, the end-to-end signaling between the user, and implements a variety of modes simultaneously under public signaling.
ISDN network structure pen protocol used for line exchange, including B channels and D channels. The B channel transparently transmits user information, and users can implement end-to-end communication with any protocol; D channel swap control information between users and networks, for call establishment, demolition, and access network devices. The interface between users and ISDNs on the D channel consists of three layers: physical layer, data link layer LAP-D, CCSSNO.7. ISDN network structure and protocol used for low speed packet exchange. It uses a D channel, the local user interface only needs to perform physical layer functions, and the effect is like the DCE of X.25.
Fourth, group exchange network
1, packet switching network work principle
Public packet switched network PSDN has become an important transmission system in a wide area network. Packet exchange is an effective method for performing large capacity data transmission between a distance from a distance, which combines the advantages of line exchange and packet exchange, and divides information into smaller packets for storage, forwarding, dynamic allocation lines. Bandwidth.
Advantages: less error, high line utilization. Working method: Data report, virtual circuit.
Key Features: Since the call control packet and data packets of the virtual circuit establish and remove the virtual circuit are transmitted on the same channel and the same virtual circuit, the result is occupied the channel frequency band; the multiplexing of the virtual circuit occurs in the third layer; the second layer and the first The three floors require flow control and error control mechanisms.
2, public data network (CCITT X.25)
The X.25 actually includes associated set protocols: X.3, X.28, X.29, X.75 protocol, etc.
The X.25 describes the work you need to do with a packet terminal to a packet network. Through virtual circuit it can be responsible for maintaining a multi-user session through a single physical connection, each user session is assigned a logical channel. High priority types and normal priority types are provided.
The interface between the X.25 network and the computer is generally solved by a dedicated device or gateway, a router.
X.3 describes the functionality and control parameters of X.25 PAD; X.28 defines a interaction between terminals and X.25 PAD, providing each user with a regular X.25 network connection; X.29 defines a host and its connected PAD interaction.
X.25 Interconnection Scheme: (1) Using router and gateways to connect X.25 and local LANs, this solution is suitable for networks that have large, multiple protocols; (2) use a microcomputer as a router, install the corresponding The X.25 network card and routing software use the small and medium-sized network; (3) Using the PAD machine, this scheme is only suitable for the environment of the X.25 protocol, which is limited to network interconnection of remote other protocols.
3, X.25 hierarchical protocol
X.25 Hierarchical: Physical layer, data link layer, group layer, these three layers correspond to the bottom three floors of the OSI model.
(1) Physical layer: New products between the site and the link to the link to the packet switched network. Its standard X.21.
(2) Link layer: The standard LAP-B used is a subset of HDLC.
(3) Group layers: Provide external virtual circuit services.
The relationship between the three layers: user data is sent to the third layer of X.25, plus a header containing control information in the third layer, thereby constitutes a packet. Control information is used for the operation of the protocol. The entire X.25 group is then sent to the LAP-B entity, and the LAP-B plus control information in each of the packets, each plus control information, and adds control information in the frame to the protocol operation.
4, virtual circuit service
The packet layer of the X.25 provides virtual circuit services, and the data is transmitted through external virtual circuitry in packet form. The virtual circuit has two types: call virtual circuit, dynamically established virtual circuit through call setup and call clearance; the permanent virtual circuit is a fixed virtual circuit.
The process of virtual circuit implementation:
5, X.25 packet format
User data is divided into multiple blocks, each block plus 24 bits or 32-bit headers forming a data packet.
The header contains 12 virtual circuit numbers, of which 4 digits are group numbers, 8 bits are channel numbers. P (s), P (r) for flow control and error control. M-bit and D bits can be used for flow control and error control can also be used in X.25 full grouping sequences.
Five, frame relay network
The frame relay network is evolved from the X.25 packet switched technology. Since the bit error rate of fiber communication is low, in order to improve the network rate, there are many error correction functions in X.25 packet exchange, so that the frame relay Performance is better than the performance of X.25 group exchange.
1. The main features of the frame relay: medium speed to high speed data interface; standard rate is DS1, ie T1 rate 1.544Mbps; can be used for dedicated and public networks; only transmit data; use variable length packets.
2, comparison of frame relay network and X.25 network
The logical connection of the call control signaling and the user data are separated. Therefore, the intermediate node does not require a status table for each connected call control; the multiplexing and exchange of logical connections occur in the second layer, rather than in the third layer, thereby reducing the hierarchy of processing; node to node No fluid control and error control are responsible for end-to-end flow control and error control by the high-rise.
3, the advantage of frame relay: streamline communication processing. The protocol is reduced to the user-network interface and the internal processing of the network, thereby obtaining a low delay and high throughput performance.
4, the application of the frame in the H channel: interactive data application of big information; large file transfer; low data rate multiplexed; character interactive communication.
5, the protocol structure of the frame relay
There are two separate operating platforms:
(1) Control Platform (C), which involves the establishment and termination of logical connections.
(2) The platform is a user platform (U), responsible for data transmission between users.
The user and the network is the control platform, while the end-to-end is a user platform protocol.
Control Platform: The control platform of frame mode transmission services is similar to a control platform for public channel signals in a packet switched service. Among them, the control signal uses a separate logical channel. Link layers provide reliable data link control services with LAP-D (Q.921), flow control and error control between users (TE) and network (NT) of the D channel. Data Link Services is used to exchange Q.933 control signal messages.
User Platform: The user platform protocol for transmitting information between users is that LAP-F is defined by Q.922 (which is the LAP-D Q.921 enhancement version).
6, the core function of LAP-D
(1) The delimitation, combination and transparency of the frame; (2) Multi-purpose / multi-channel decomposition of the frame; (3) Check the sail to ensure that the length of the frame before the zero manuscript and the zero rejection It is an integer multiple of bytes; (4) Check the frame to ensure that its length meets the requirements; (5) Detect transmission error; (6) conflict control function (LAP-F new function).
7, the call control of the frame relay
Call control scheme selection:
(1) Switch Access (Switch Access) is connected to the switching network, while the local exchange does not provide frame processing functions, in which case, it is necessary to provide exchange access from the user's termination device to the network frame processor.
(2) Integrated Access (Intergrade Access) The user receives a frame relay network or a switched network, where the local exchange provides a frame processing function because the user can direct the frame processor directly logically.
Frame relays and X.25 are supported on a link utilizing multiple connections, called a data link connection, each connection has a unique data link connection identifier DLCI. The steps involved in the data transfer are as follows: (1) establish a logical connection between the two endpoints, and specify the value of the unique data link identifies DLCI; (2) Exchange the data frame; (3) Release the logical connection. Call control logical connection DLCI = 0, the information field of its frame contains call control packets, at least four packet types: Setup, connection (Connect), release (Release), and release completion (Release COMPLETE).
8, user data transmission
The LAP-F frame format is similar to LAP-D and LAP-B, but there is a significant difference, that is, there is no control field. That means: (1) there is only one type of frame, that is, the user data frame, no control frame. (2) It is impossible to use the Inband signal. Logical connections can only be used to transmit user data. (3) It is impossible to perform flow control and error control because there is no sequence number.
Sixth, ATM network
1, ATM protocol reference model
User Face: Provides transmission of user information. Control Face: Responsible for call control and connection control. Management: Responsible for network maintenance and complete operation. Face Management: Execute management functions related to the entire system. Layer Management: Processing and Maintenance.
Physical layer: Mainly transmitted information; ATM layer: mainly complete exchange, routing and multiplexing; ATM adaptation layer AAL: Mainly responsible for matching higher level information.
(1), physical layer: composition, physical media sublayer, and transmission assembly sub-layer.
The physical media sublayer supports pure and media-related bit functions. The transmission aggregation sublayer converts the ATM cell stream into a bit transmitted on a physical medium, such as the format (SDH, PDH, cell-based format), and cell delimitation, and the like to match the frame in the transmission system.
(2), the ATM layer: The basic function is to generate a cell, it does not care about the content of the carrier, and has nothing to do with the service. The main functions have multiplexed, multiplexed decomposition, cell VPI, VCI conversion, and generation and removal, flow control.
(3), ATM adaptation layer: composed of two sub-layers, segmentation and recombinant sub-layer (SAR), segment high-level information units into ATM cells, or recombine the ATM cells into a high layer Information unit; aggregate sublayer (CS) is related to the service, the functionality that can be completed has a letter identity and clock recovery.
Credit type
(1) Empty cell (physical layer): In order to enable the rate of the alternate flow in the physical layer to insert or remove the rate of the physical layer with the rate of payment of the transmission system.
(2) Effective cell: There is no cell that is wrong or has been corrected by the head devotees.
(3) Invalid cell (physical layer): The cell has been wrong and has not been corrected by the head devotees.
(4) The specified cell (ATM layer): Use the ATM layer service to provide a service providing service.
(5) Non-designated cell (ATM layer): The cell has not been specified
2, ATM layer
The cell structure: byte is sent in the increment order, starting from the first byte, the bit in the byte is sent in the down order, starting from the 8th bit. GFC total flow control; PT payload type,; CLP cell loss priority; HEC cell header error control.
ATM layer primitive
ATM-DATA-REQUEST: AAL requests to transmit an ATM-SDU associated with this original to its peer entity.
ATM-DATA-INDICATION: Indicates AAL and primitives related ATM-SDU available.
3, ATM physical layer
Transmissioning a messenger (1) Cell head protection mechanism, the generated polynomial x8 x2 x 1 (2) cell boundary mechanism, three states of search, pre-synchronization, and synchronization. (3) Mix, this is an additional mechanism to deal with malicious users and counterfeit, using X43 1 self-sync mixer randomly, the cell head is not mixed. (4) The cell decoupling, the data rate of the cell should be below the available transmission capacity. (5) Matching the transmission system.
Physical media sublayer: Providing bit transfer capacity, transmission function is related to the media used, including line coding, regeneration, equalization, electro-optical conversion.
Physical layer
PH-DATA-REQUEST: The ATM layer requests to transfer the SDU related to the original Lord to its peer entity.
PH-DATA-INDICATION: Indicates the SDU associated with the original Lord.
4, ATM adaptation layer
AAL Service Category: Class A Line Simulation AAL1 type, Class B VBR Video AAL2 type, Class C File Transfer AAL5 Type, D-Class No Connection Bills ALL3 / 4 Type.
The sub-layer of AAL includes: a gathering sub-layer CS and segmentation and recombinant sub-layer SAR.
The CS is responsible for the information unit from the user plane for segmentation to restructuring these packets to the original state. The main function is to provide AAL service in AAL-SAP.
SAR will come to 48-bytes of vectors from the cells of the messenger layer, or put the cell information field content from the ATM layer into a high-level information unit.
7. Data data network DDN
1. Digital DB DDN is a digital transmission network that provides a semi-permanent connection dedicated circuit using a digital channel.
2, my country's DDN provides 2.4kbps-2.408MBPS medium high-rate point-to-point and points to multi-point dedicated circuits, users to transmit errand ratios than 10-6
3, DDN composition: Composed of local transmission systems, multiplexing and cross-connect systems, local transmission and synchronization systems, network management systems, etc.
4, according to the responsibility and geographic area of formation, operation, management and maintenance, can be divided into three levels: local network, first-level trunk network, secondary trunk network. It can also be divided into three levels: core layer, access layer, and user access layer.
Eight, mobile communication
1. Mobile communication network composition: mobile communication exchange MTX, base station BS, mobile station MS and trunk composed of local and station. Wireless transmission is used between mobile stations and base stations, mobile stations and turns. Base Station and Mobile Communication Switching Bureau, the mobile communication switch and the wired network PSTN generally adopted information transmission.
2. Global Mobile Communication System GSM is a complete digital mobile communication standard system. It is the second-generation digital cellular mobile system developed by the European Posts and Telecommunications Management Committee CEPT in 1982.
3, GSM composition: network subsystem NSS, base station subsystem BSS and mobile station MS three parts. The main function of the mobile station enters the communication network through wireless access to the communication network, completes various controls and processing to provide calling or called communication, providing human-computer interfaces between users or to other terminal devices to connect adaptation devices, etc. . The information required by user registration and management is provided through the user identity module SIM card to the communication network.
The base station subsystem contains all ground infrastructure of the GSM wireless communication section. Divided into three parts: base station controller BSC, base station transceiver BTS, and operation maintenance center OMC-R network subsystem by mobile switch MSC, home location register HLR, Access Shelving Register VLR, Authentication Center AUC, Device Identification Register EIR Operation Maintenance Center OMC-S and German Thick Flow Location Service Center SC.
The MSC is a functional entity for controlling and switching traffic in its coverage zone, and is also an interface entity between the GSM network and other communication networks, responsible for call control, mobility management, and wireless resource management within the entire MSC zone.
4, wireless software application protocol WAP
WAP is based on the HTTP / HTML protocol used by the Internet. The communication protocol established for the characteristics of wireless mobile communications is a communication tool that is low-sized display interface, low power, small memory, and CPU computing power. , Delayed, and more unreliable wireless mobile communication networks modified protocols.
WAP adopts a client server structure, providing a flexible and powerful programming model. The WAP gateway played the role of the protocol translation, which is a bridge between the mobile network and the Internet.
WAP Title: Wireless Application Environment WAE Application Layer Protocol, Wireless Session Protocol WSP Conference Layer Protocol, Wireless Transaction Protocol WTP Transaction Layer Protocol, Wireless Transfer Security Protocol WTLS Security Layer Protocol, Wireless Darar WDP Transport Layer Protocol, Wireless Vector Other applications and services
5, personal communication business / personal communication network
Personal communication characteristics:
Nine, satellite communication system
1, according to the spatial track position can be divided into: still track Geo system, unsatisfactory stationary track Meo; can be divided into: global satellite mobile communication and regional satellite mobile communication systems. Leo height is generally around 500km-1500km, and the MEO height usually refers to about 5000km-15000km, GEO is a track of 35768km high equals.
2, satellite communication system composition: space division system, communication earth station, tracking telemetry and instruction score system, monitoring management system.
3, the structure of the satellite communication network has two main: star and web shape.
4. International Telecommunications Alliance ITU's World Radio Administrative Conference WARC specifies the frequency allocation principles for space usage. Very high frequency wave segment UHF400 / 200MHz; L band 1.6 / 1.5GHz is mainly used for mobile satellite communication, maritime satellite business; C-band 6.0 / 4.0GHz, mainly used for fixed satellite business and special satellite business, VSAT network, etc .; X-band 8.0 /7.0GHz, mainly used in fixed satellite business; KU band 14.0 / 11.0GHz, mainly used for VSAT network, satellite TV broadcast, mobile satellite communication, etc .; KA band 30.0 / 20.0GHz, mainly used for VSAT networks, satellite TV broadcasts.
Ten, Cable Modem cable modem
Cable Modem implements two-way and high-speed data transmission by using coaxial cables like transmitting cable TV.
1. Work mode:
Similar to the phone modem, Cable Modem modulates and demodulates the data signal. However, Cable Modem includes many features designed in today's high-speed Internet business. The data from the network to the user is called "downstream", and the data from the user to the network is called "upflow". From a user's point of view, Cable Modem is a 64/256 orthogonal amplitude modulation QAM RF RF receiver that transmits data at a rate of 30 to 40 mbit / s in a 6MHz cable channel. A Cable Modem in a local area can be shared by 16 users.
2, Cable Modem and OSI model
(1) Physical layer: divided into subsequent stream and upload
The channel of the data stream is based on North American digital video norms include the following features:
64 and 256 orthogonal quasios qam; interspersed with other signals with other signals; variable length cross support, including delay sensitive and delayed non-sensitive data services; continuous serial bitstream, There is no default frame, providing a completely separated upload data of the physical layer and the media access control layer MAC is a shared channel, including the following characteristics:
QPSK and 16QAM format; data rate from 320kbit / s to 10 Mbit / s; flexible and programmable Cable Modem under CMTS; time division multiple multiplexing; support fixed length frame and variable length protocol data unit PDU .
Data Link Layer: MCNS Mac (MPEG Frame), IEEE802.2
Ten, digital subscriber line
Digital User Line DSL is a modem technology that uses existing twisted telephone lines to deliver high bandwidth data to provide users with services.
The term XDSL covers many similar but competing DSL forms, including non-true DSL (ADSL), single-line DSL (SDSL), and high data rate DSL (HDSL), adaptive rate DSL (Radsl), and very high-speed DSL (VDSL) .
1, asymmetric digital subscriber line ADSL
It provides a downlink bandwidth (from NSP switches to customer location) than the uplink bandwidth (from customer location to switch). ADSL transmits data to users at a rate higher than 6Mbps / s, and can transmit data simultaneously in two aspects at a rate higher than 640 kbit / s.
2, ADSL business structure
Composition: Compose by the user terminal device CPE and the support device located in the ADSL access point POP. The network access provider NAP is responsible for managing the second layer of network core, and the network service provider NSP is responsible for managing the network core part of the third layer.
To Subtending: You can connect several DSL access multiplexers DSLAMS to enhance the utilization of the ATM pipe. DSL Access Reader DSLAMS is locally interconnected or connected to a local access set point LAC, and the LAC can provide ATM service guidance, PPP tunnel, and a third layer of access to local content or cache content.
3, ADSL technology
ADSL relies on advanced digital signal processing technology and creative algorithms to compress a lot of information to a twin-concupping telephone line for transmission.
Chapter 7 Network Interconnect Technology
Main content: 1. LAN interconnection
2, network interconnection principle
3, no connection network interconnection, various routing algorithms and protocols
4, core router architecture system
First, local area network interconnection
1. The purpose of the network interconnection: It is to connect multiple networks to each other to achieve sharing and collaborative work in greater information exchange resource.
2. LAN interconnection method: From the distance from the distance, local local area network interconnection and remote local area network interconnection, LAN-LAN and LAN-WAN-LAN; distinguishes from the media used in the interconnection, there is a coaxial cable or thick cable ( COAXIAL CABLE, various non-shielded twisted pair UTP (UNSHIELDED Twisted Pair) and shielded twisted pair STP (Shielded Twisted Pair), single mode or multimode fiber, etc. (Optical fiber).
3, LAN interconnection division:
Physical layer (repeater REPEATER): Use the repeater to copy bit signals between different cable segments, working on the OSI physical layer, interconnect with type network segments, only to the role of the amplification signal, drive long distance communication. Also known as hubs (HUB) can be divided into ordinary, superimposed combined and high-end intelligence.
Bridge (Bridge): Use the bridge to store, forward frames, and work in the OSI data link layer, more accurately, should be located in the MAC layer, which interconnect the LAN, using the same MAC and MAC address, And storage, forwarding functions for information exchange between local area networks. From the application, local bridges and remote bridges, backbone bridges; distributing the transparent bridge and source address path selection bridge from the frame forward function. The basic functions of transparent bridge TB have learning and filtration, frame forwarding, and branching cerebral algorithm. (1) The network bridge is sent to the information forwarding table when the network bridge is forwarded, and the packet is accurately forwarded to the bridge in accordance with the MAC address and bridge corresponding relationships learned in the table. However, when the bridge does not learn to the MAC address, the frame is sent to all the interfaces other than the receiving port, which causes a large number of broadcast frames when the bridge is just started, called the Broadcast Storm.
(2) The expansion tree protocol is to overcome the problem of online bridges in the network bridge due to the non-network layer function of the network bridge. IEE 802.1 defines the branched tree protocol STP, and the entire network routing is defined as a tree structure that is not looped.
(3) Source address path selection bridge SRB is mainly used for marking ring IEEE802.5 tag ring LAN. Translation Bridge SRT is selected using a Packaging Bridge (Translation Bridging) and the Translation Bridging and Source Address Path when interconnecting different local area networks.
Router: Use the router to store, forward the group, work in the OSI network layer, it needs to handle the data packet or network address of the network layer, determine the forwarding of the data packet, it is to determine the integrity of information communication in the bridge routing.
Gateway: Using the protocol converter to provide a high-level interface, working at the application layer.
Second, the network interconnection principle
1. Requirements for network interconnections: Provide a link between networks, at least one physical and link control link; provide path selection and delivery between the processes of different networks; providing each user using the network record and Keep status information; there is no need to modify the network structure of the original network when providing the above service.
2, network interconnection function classification: basic functions, referring to network interconnect, even if the same network interconnects are the functionality of network interconnections, it includes transmission addressing and path selection between different networks, etc. . Extended features referring to the functions required to provide different service levels when providing different service levels, including protocol conversion, segmentation combinations, and error detection. 3, facing the connection mode: Connect to two DTEs on the same subnet to create a logical network connection. 4, no connection mode: corresponding to the datagram mechanism of the packet switched network, and the connection operation corresponds to the virtual circuit mechanism.
Third, no connection network interconnection
1, IP provides connectionless or datagram service advantages: no connection interconnect network equipment flexibility, low requirements; no connection network can provide strong service; no connection network service is the most applicable to no connection transport layer protocol .
2, no connection network interconnection design Main problems: routing, datagram life cycle, segmentation and restructuring, error correction and flow control.
Recombination: A reorganization method is to reorganize at the destination station, which is the efficiency of dividing the data into the network. Another reorganization method is to reorganize the intermediate router, and the following questions are also the following question: the router requires a large-capacity buffer, and the buffer may not be sufficient, and all segments of a datagram must use the same route, limit. Dynamic route is used.
In the IP datagram, including the following: Data Unit Number (ID), Data Length, Offset, and MORE FLAG. The function of IP segmentation in the router: OFFSET = 0 is the beginning of the entire data, more-flag = 0 is the end of the entire datagram.
(1) Establish two new datagrams, their head is the head newspaper (2) of the original datagram, with 64-bit as boundary, dividing the original data report into two parts, the same length, put them into new Datasystem. The first part must be a 64-bit multiple.
(3) Set the length of the first new datagram to the inserted data, set more-flag to 1, OFFSET constant.
(4) Set the length of the second new datagram to the inserted data, set more-flag to 0, OFFSET is set to the first part of the data length divided by 8.
Lifecycle: One is to set a lifecycle for the first paragraph that came. If there is no completion in the life cycle, then the segment that has arrived is revoked; the second is the life cycle of the datagram, it In the head of each segment, if the restructuring work is not completed within the dataset lifecycle, the received segment will be revoked.
Fourth, the route selection of IP datagram
1, direct transfer and indirect transmission
Direct delivery transfer a datagram from a machine through a single physical network to the destination site, which is the basis for all Internet communications. Direct delivery is only available when two machines are connected to the same underlying physical transmission system. Otherwise, only indirect transmission is used, the sender sends data to a router and then transmitted.
2, IP routing selection table
Routing tables stores each destination site and how to reach the destination site. In order to use the least information as much as possible, the information hidden principle is adopted.
The size of the selection table of the routing table depends only on the number of networks in the Internet, which is independent of the number of hosts connected to the web. IP routing software only needs to maintain information about the network address of the target, and the information of the host address is independent.
Keeping the routing table as small as possible is to unify multiple items to a default.
3, ICMP error and control message agreement
(1) In order to report an error in the Internet or provide an accident information, a special packet mechanism is designed in TCP / IP, namely the Internet Control Packet Protocol ICMP, which is part of IP.
(2) ICMP mechanism: ICMP packets are placed in the data section of an IP datagram via the Internet. Allows the router to send errors or control messages to other routers or hosts. ICMP is an error reporting mechanism that provides a method of reporting an error to the initial source site for a router that occurs an error.
(3) ICMP packet format: consisting of three fields, the packet type field of an 8-bit integer is used to identify packets, one 8-bit code field provides further information about the type of packet, and a 16-bit check And fields.
(4) ICMP packet type: Retall request / answer packet (return request / answer, timestamp request / answer, address request / answer), error report (including host unreachable report, timeout report, parameter error report), control Packets (source suppression packets, redirect packets).
V. Routing algorithm
1, distance vector routing V-D,
2, link status routing or shortest path priority algorithm (SPF), requires each participating router to have a complete topology, only need to complete two tasks: responsible for detecting all adjacent router status; periodically to other The router passes the link status information. Its advantage: Each router uses the same raw state data independently calculates the route, does not depend on the middle machine.
Six, internal gateway agreement
The two routers in a self-government system are interiicted to each other, using the Internal Gateway Protocol (IGP), and the Autonomous Gateway Protocol (EGP) to communicate.
1. Routing Information Protocol (RIP) uses V-D algorithms, distance vector routing algorithm, divided into two types, and passive two categories, only router work in active mode, the host must use passive mode. Working in the router of the active mode for listening, and updating its route based on the notified notification. Broadcasting a message in a proactive way to run a RIP. Rip supports the point-to-point connection and both the broadcast network. The RIP packet is transmitted through UDP and IP. The RIP process uses UDP 520 ports to send and receive.
RIP packet format: 32 bits of header, command word is 1 indicating the or all of the routing information of the request portion. The command word is 2 indicates a response, including the network address and distance value of the sender routing selection table.
2, IGRP, running frequency is relatively low, update every 90 seconds; each item of routing contains four metrics, delay, bandwidth, reliability, load; protective measures to use conservative prevention loop, choose more Path routing and means for processing the default router, etc.
3, open the shortest path priority agreement OSPF
Advantages: Calculating fast, loop convergence; supporting accurate metrics, can also support multiple degree models; support multiple paths to a destination site; distinguishes different external routes. Is based on link state routing algorithm SPF.
OSPF packet newspaper header format: 24 8-bit group header, a total of five types of packet type, type 1, Hello; 2, database description of topology; 3, link status request; 4, link status update; 5 , Link status confirmation.
Two functions of Hello packets: detect whether the link status is available; in the broadcast type and non-broadcast network, select the designated network router and backup.
Seven, external gateway agreement
1. If the router of the two switched routing information, if the router belongs to two autonomous systems, it is called an external neighboring station. A protocol to notify information to other autonomous systems to other autonomous systems is referred to as an external gateway protocol (EGP)
2, EGP has three functions: it supports the neighboring station hunting mechanism, allowing a router to request another router to agree to exchange the achievable information; the router continuously tests whether its neighboring has a response; EGP neighboring station cycle transmits routing update packets Information about networks.
3, EGP defines 9 packet types, which allows two ways to survive whether the neighbors are survived: one is active mode, the router sends hello packets and polling packets periodically, and waits for the neighborhood response. Another passive manner, the router relies on the neighboring station to send hello packets and polling packets, and uses the status field information of the deliver to determine whether the neighboring is known to survive.
Chapter 8 Network Operating System
Main content: 1, network operating system function
2, popular network operating system
First, the function of the network operating system
1. Network Operating System NOS is a collection of software and related procedures for network users to provide network resources to all computers on the network.
2, LAN NOS has two basic requirements: (1) Allow resources on the local area network to be shared; (2) To make the existing PC operating system continue to run without any changes. NOS has two components, mainly to control the operation of the server, manage the file stored on the server. The second composition, running in the customer system, enables customers to access the network and online resources.
3, in NetWare: The first part is a mechanism for the PC and network interface card, using the IPX / SPX interconnect packet switching / sequential packet switching interface protocol to communicate; the second part is referred to as an interpreter or redirector.
Second, the NetWare series
1, NetWare has two parts: NetWare's outer layer (shell) and NetWare core composition.
2, NetWare's outer layer (shell) called DOS Requester in NetWare4. It has two related functions: Connect the application and desktop operating system, decide to transfer commands from the application to the local operating system; communicate with the network interface card NIC, enable commands and data packages into energy, such as Ethernet, marking ring network Receive and send it on standard networks. 3, NetWare will introduce NOS for the first time, called the system fault (SFT System Fault Tolerant)
4, NetWare support two important components of the autonomy of transport layer protocols in the NetWare structure, which opens the data link layer interface ODI and STREAMS modules. ODI provides a standard interface for a variety of transport layer protocols, which enables multiple transport layer protocols to share the same network card without conflicting. The Streams module provides an interface on the high-level, on the one hand, providing a general interface for its underlying protocol to the NetWare transmitted data request, and an interface is provided upwards to NetWare itself.
5. The NetWare workstation communicates with the file server with the Shell and IPX / SPX communication protocols.
Netx. COM sends a command to the IPX to send DOS's file request to the file server, or transfer back redirection from the file server.
Net. The COM program transmits the request of the workstation to DOS and NetWare.
IPX. COM sends network information to the file server, which is a procedure for workstation and server communication.
Third, Windows NT
1. Windows NT servers are optimized into a file, printer, and application servers, while processing various transactions from a small working group to the enterprise network.
2, Windows NT Server Advantages: Server performance, support 4 CPUs in full version, OEM has implemented 32 CPUs in a symmetrical multi-processing environment; 256 RAS inbound access; disk fault support, RAID level Data protection; IIS service; administrative wizard; support for Apple Customer; Other Network Services (DHCP, DNS, WINS); Windows NT Directory Services.
3, Microsoft Networks include: Windows NT, Windows95, Windows for Workgroup, Lan Manager
4, Windows NT network structure: including I / O Manager Components, NDIS Compatible NIC drivers, NDIS4.0, transport protocols, transfer driver interface TDI, file system drivers.
Chapter 9 Network Management
Main content: 1. LAN management technology
2, network management functions and protocols
3, network management system
4, network daily management and maintenance
I. LAN management technology
Network management is managed by the configuration, running status, and billing of the computer network. It provides monitoring, coordination, and testing various network resources and good network operations, and provides security management and billing.
1. Network management includes three aspects:
(1) Understand the network: Identify the hardware situation of the network object, the topology of the difference LAN, determine the interconnection of the network, determine the user load and positioning.
(2) Network operation: Configure the network, selecting a network protocol is an important part of configuring the network; configuring web server; network security control.
(3) Network maintenance: It mainly includes fault detection and exclusion, discovery fault, tracking fault, troubleshooting, record fault solution; network check; network upgrade, mainly including user licenses upgrade, server operating system upgrade, server hardware upgrade.
2. LAN management tool
NetWare Management Tools: Syscon Tools
Windows NT Management Tools: Service Manager, Performance Monitor
Second, network management functions
1. Five functions of network management
Configuration Management: Automatic access to configuration management There is definition, but the device is more important for configuration information; the third category is some auxiliary information for management; automatic backup and related technologies; configuration consistency check; user operation recording function. Performance management: Filter, merge network events, effectively discover, positioning network failures, giving troubleshooting suggestions and tired tools, forming a complete set of fault discovery, alarm and processing mechanism.
Trouble management: Collection, analyze the performance data of network objects, monitor the performance of network objects, and analyze network line quality.
Safety management: Combined with user authentication, access control, data transmission, storage, confidentiality and integrity mechanism to ensure the security of the network management system itself. Safety management is divided into three parts, first is the security of network management itself, which is safe to manage network objects. Billing management:
Second, network management protocol
1. IAB initially developed a development strategy for Internet management, in fact, using SGMP as a temporary management solution. Later evolved into SNMP, Simple Network Management Agreement.
2, SNMP Simple Network Management Protocol Management Service Provided by OSI Layer 3 Network Layer
Advantages: The management information structure (SMI) and management information library (MIB) associated with SNMP is very simple, so that SNMP is based on SGMP, while SGMP has accumulated a lot of operation experience.
SNMP is designed in accordance with the principle of simple and easy implementation.
3, CMIS / CMIP Public Management Information Services and Public Administration Information Protocol: It is the network protocol cluster provided on the OSI application layer, and CMIS / CMIP provides the functions required to support a complete network management scheme.
CMIS provides the CMIP interface used by the application, as well as two ISO application protocols: contact control service elements ACSE and remote operation service elements Rose, where ACSE establishes and closes contact between applications, and Rose processing between applications Request / response interaction.
4. CMOT Public Administration Information Services and protocols are CMIS services implemented on TCP / IP protocols, which is a transitional solution. The CMOT did not directly use the reference model to represent the layer implementation, but as required to use another protocol in the representation layer, the lightweight representation protocol (LPP), which provides the current most commonly used transport layer protocol TCP and UDP interface.
5. LMMP LAN Personal Management Protocol, in the IEEE 802 logic link controls public management information services and protocol Cmol on the LLC, which does not rely on network transmission of any particular network layer protocol.
Third, simple network management protocol SNMP
1, SNMP overview:
Designing four concepts and targets: keeping the software costs of management agents as low as possible; to maximize remote management features to make full use of Internet resources; architecture must have room for expansion; keep SNMP independence, no Depending on specific computers, gateways, and network transport protocols.
Provide four types of management operations: get operations to extract specific network management information; get-next operation provides powerful management information extraction capabilities through traversal activities; SET operations are used to control management information; trap is used to report important event.
2, SNMP management control framework and implementation
SNMP defines the relationship between management processes and management agents, which is called a community. Software, which is managed by SNMP, using SNMP communication, using SNMP, communicating, using SNMP.
SNMP's application entity operates on the management object in the Internet Management Information Library MIB. SNMP packets are always from each application entity, including the common names where the application entity is located. Such a message is called "message with identity", and the Community name is used when the management process and management agent exchange management information packets. Management information packets include: common name, data.
SNMP implementation: SNMP uses a tree naming method in its MIB to name each management object instance. Most of the management information in SNMP exists in a table, a table corresponds to an object class, each element corresponding to an object instance of the class.
3, the SNMP protocol is a asynchronous request / response protocol, is a non-contacted protocol, a symmetrical protocol, without a master relationship. SNMP design is based on unconnected user datagram protocol UDP. The interaction process of the four basic protocols is the request management process to the management agent, and the response is sent by the management agent to the management process. Only TRAP is unresponsive, and there is a management proxy order to send the management process.
The protocol data unit PDU between the SNMP protocol entity has only two different structural and modes, and a PDU format is used in most operations, while the other is in TRAP operation as TRAP protocol data units.
4, Trap operation is a kind of operation of capturing incidents and reporting, in fact, almost all network management systems and management protocols have this mechanism.
Fourth, network management system
1, hp -open view
You cannot handle the failure of other objects caused by a network object failure, does not have the ability to understand all network objects in the network. It is also not possible to distinguish the fault of the service with the fault area of the device. Performance wheel and state polling is completely separated, which causes a network object response performance polling failed but does not trigger a alarm.
2, IBM-NET VIEW
It is not possible to return the fault event. It cannot find the intrinsic relationship of the relevant fault card, so for an invalid device, even an important router will result in a large number of fault cards and a series of similar alarms. Does not have the ability to manage dispersion objects in the event of the entire network structure. Performance polling and state polling is also completely separated, which will result in a delay of the fault response.
3, Sun-Sunnet Manager
Is the first important UNIX-based network management system.
4, CABLETRON SPECTRUM
It is an scalable, intelligent network management system that uses object-oriented methods and customer server architectures. Spectrum is constructed above an artificial intelligence, an IMT (Inductive Modeling Technology). It is a system with the only three network management software with processing network objects.
The SPECTRUM server provides two types of polling: automatic polling and manual polling.
Spectrum provides a variety of forms of alarms, including pop-up windows, alarm sound, etc.
Spectrum automatically discovers topology, but relatively slow.
V. Network Daily Management and Maintenance
1, VLAN management
2, the management of WAN access
3, network fault diagnosis and exclusion
Physical failure:
Logic fault:
Router failure:
Host failure:
4, network management tool
Connectivity test procedure PING:
Routing Tracking Program TraceRoute: Tracert in Windows
MIB variable browser:
Chapter 10 Network Security and Information Security
Main content: 1, cryptography, identification
2, access control, computer virus
3, network security technology
4, safety service and security mechanism
5, information system security architecture framework
6. Information system security assessment guidelines
First, cryptography
1. Cryptography is to take the information of the data confidentiality, the information on the storage or transmission of information to prevent the third party from stealing the information.
2. Symmetric key cryptographic system (private key cryptographic system): The same key is encrypted and decrypted in the traditional password system. Common algorithms are: des, IDEA
3, encryption mode Classification: (1), sequence password: Vocabulary with excellent performance through a limited state machine, use this sequence encrypted information stream to encrypt ciphertext.
(2), group password: In the believes of complex functions, the principle that it will be introduced by simple functions, using simple loop functions and correspondence, etc., and use nonlinear operations.
4, asymmetric key cryptographic system (public key cryptographic system): Encryption and decryption in modern cryptographic system adopts different keys.
Realized process: Two keys, K and K 'each communication, typically publicly open (referred to as public key) when performing confidential communication, and retains the decryption key K' (referred to as private key) The common algorithm is: RSA
Second, identification
Identify whether the identity of a communication participant is reliably verifies that the process consistent with the identity of his claim is generally implemented through a complex identity authentication agreement.
1, password technology
Identity certification mark: PIN protection memory card and challenge response card
Category: Shared Key Certification, Public Key Certification and Zero Knowledge Certification
(1) The idea of shared key certification is from the development of users through password certification.
(2) The appearance of the public key algorithm is
2, session key: refers to the key used during a session, generally generated by the machine, and the session key is often valid for a certain period of time when practical use, does not really limit it in a session. During the process.
Signature: Use the private key to the transformation of the express text information is called signature
Package: Transformations of the public key to clear text information are called packages
3, Kerberos Identification: It is an identity authentication system that uses a symmetrical key encryption algorithm to achieve a credible third-party key distribution center. The client needs to submit its own credentials to the server to prove that their identity is generated by KDC to communicate with the client and server side in a certain stage. The credentials include the identity information of the client and server side and the temporary encryption key used in the next stage, and there is also an identity authenticator information that the client has session key. The role of identity authentication information is to prevent attackers from using the same credentials again in the future. Time tag is a detection playback attack.
4, digital signature:
The encryption process is C = EB (DA (M)) user A first encrypts DA (M) with its own confidential algorithm (decryption algorithm DA), and then uses B public algorithm (encryption algorithm EB) to encrypt EB ( DA (m)).
The decryption process is M = EA (DB (c)) User B first decrypts DB (c) with its own confidentiality algorithm (decryption DB), and then use A to use a public algorithm (encryption algorithm EA) once Decrypt EA (DB (c)). Only A can generate ciphertext C, B is unable to rely or modify, so A is a DA (M) that is not depested is called a signature.
Third, access control
Access control refers to the process of determining which main body access is given, determine, and implement access rights. The data being accessed is collectively referred to as the object.
1. The access matrix is the most common access control security model representing the security policy. The visitor stores the permissions of the access object to the corresponding intersection in the matrix.
2. Access Control Table (ACL) Each visitor stores access to access, including specific objects and operational permissions he enacted. The reference monitor determines whether to grant the visitor's corresponding operation permission based on the authentication access table provided by the authentication access table.
3, coarse granular access control: can control the access control of the host object
Fine-grained access control: Access control to file or even record
4, firewall role: prevent undesirable, unauthorized communication into and out protected internal networks, control the security policy of strengthening internal networks through boundaries.
Firewall Classification: IP Filter, Line Filtration and Application Layer Agent
Router filtering means firewall, double hole signaling method firewall, mainframe filter firewall, subnet filtering firewall
5, the advantages of filtering the router: the structure is simple, using hardware to reduce costs; the upper level protocol and application transparency, no need to modify existing applications. Disadvantages: The particle size of the authentication and control is too thick and cannot be used as a user-level authentication. Only the hidden dangers of the host IP attack; the access control is only controlled to the IP address port level, cannot be refined to Documents and other specific objects; from the perspective of system management. 6. Advantages of a proxy server: it is its user-level authentication, logging and account management. Disadvantages: To provide comprehensive security guarantees, we must establish a corresponding application layer gateway for each service, which greatly limits the adoption of new applications.
7. VPN: Virtual private network, is a logically virtual subnet that is physically distributed in different locations through public backbone, especially Internet.
8, VPN mode: Direct mode VPN uses IP and addressing to establish direct control of transmitting data on VPN. Data encryption, using user identity, not based on IP address. Tunnel mode VPN is a transmission packet using IP frames as a tunnel.
9. IPsec is a protocol for VPNs made by IETF. Composed of three parts: Package safety load ESP is mainly used to process encryption of IP packets and provide support for authentication. The identification header (AP) only involves the identification does not involve encryption, and the Internet key exchange IKE is mainly managed to manage key exchange.
Fourth, computer virus
1. Computer virus classification: operating system type, housing type, intrusive type, source type
2, computer virus failure process: The initial virus program is parasitic in a program on the media, in a stationary state, once the program is booted or called, it is activated, turned into a dynamic virus with infectious ability, when infection conditions are met The virus invades the memory. With the development of the job process, it diffuses to other job modules and transmitted to other software. When the condition is met, it exhibits the virus in a specific approach by the performance module or the destruction module.
V. Network security technology
1. The link layer is responsible for establishing a point-to-point communication, the network layer is responsible for finding the diameter, and the transport layer is responsible for establishing an end-to-end communication channel.
2. The physical layer can use certain techniques on the communication line to make it impossible to deal with the loop or easily detected. The data link layer can be encrypted and decrypted using a communication security machine.
3, IP layer security
In terms of IP encrypted transport channel technology, IETF has specified an IP Security Working Group IPSec to develop IP security protocol IPSP and the corresponding Internet Key Management Protocol IKMP standard.
(1) IPsec uses two mechanisms: certification header AH, in advance, who and data integrity; security content package ESP, implement communication confidentiality. August 1995 Internet Engineering Leading Group IESG approved the RFC of IPSP as a recommended standard for the Internet standard series. At the same time, it also specifies the use of safety hash algorithm SHA instead of MD5 and replaced DES with Ternary DES.
4, transport layer security
(1) The transfer layer gateway is generated between the two communication nodes to transmit the TCP connection and control, which is generally referred to as transport layer security. The most common transport layer security technology has SSL, SOCKS, and Safety RPC.
(2) In Internet Programming, the generalized process letter IPC mechanism is usually derived with different levels of security protocols. The more popular two IPC programming interfaces are BSD Sockets and transport layer interface TLI.
(3) Safety Conditioning Protocol SSL
Establish, SSL version 3, SSLV3 in December 1995, based on reliable transmission service TCP / IP. SSL uses a public key mode to identify, but a large number of data transfer still uses a symmetric key mode. SSL can support multiple identity authentication, encryption and inspection algorithms through both parties.
SSL negotiation protocol: Used to exchange version number, encryption algorithm, identity authentication, and switch key SSLV3 provides a DEFFIE-HELLMAN key exchange algorithm, RSA-based key exchange mechanism, and another key switch to implement on Frotezza CHIP. Support. SSL Recording Layer Protocol: It involves segmentation, compressed data authentication and encryption SSLV3 provided by the application, and provides support for the MD5 and SHA and data encrypted by data authentication, and is used to authenticate and encrypt data. The key can be negotiated with the SSL's handshake protocol.
The work process of the SSL negotiating layer: Before the client communicates with the Servers; after the service received the greetings, sent back a greeting. After the greeting is completed, the version number, session mark, encryption algorithm set and compression algorithm of the SSL protocol used by both parties are identified.
SSL recording layer work procedure: Receive the upper layer of data, segment them; then use the compression method of the negotiation layer to compress, compressed recording is encrypted with the agreed stream encryption or block encryption, and then send out the transport layer .
5, application layer security
6, WWW application security technology
(1) Solving the WWW application security program requires combination of universal Internet security technology and techniques specifically for WWW. The former is mainly referring to firewall technology, which includes improving HTTP protocols based on the characteristics of WWW technology or using techniques for techniques such as proxy servers, inserts, middleware.
(2) HTTP is currently three versions: http0.9, http1.0, http1.1. HTTP0.9 is the earliest version, which only defines the most basic simple requests and simple answers; HTTP1.0 is more perfect, and it is also a wide range of versions; HTTP1.1 has added a large number of header fields, and HTTP1.0 There is no strictly defined part of the further instructions.
(3) HTTP1.1 provides a password-based authentication method, and all Web servers can support access control through "Basic Authentication". In an identity authentication, the maximum weakness of the basic authentication method is used in a clear text, and the summary authentication method is added, and the mouth is not transmitted, but the password is passed through the hash function transform to pass its summary.
(4) Improvements for HTTP protocols are also secure HTTP protocol SHTTP. The latest version of SHTTP1.3 is based on HTTP1.1, providing data encryption, identity authentication, data complete, and preventing denial and other capabilities.
(5) Dec-web
The WAND server is a dedicated web server that supports DCE, which can communicate with three customers: the first is a normal browser of the local security agent SLP. The second is to support the SSL browser. This browser sends a request to a security gateway, and the SDG will convert the request to a safe RPC call to Wand. After receiving the result, turn it into an SSL answer, send back Go to the browser. The third is a normal browser that does not have any safety mechanisms, and the WANS also accepts its direct HTTP request, but there is no protection at this time.
Six, safety services and safety and mechanisms
1. ISO7498-2 describes five optional security services, 8-specific security mechanisms, and five universal security mechanisms.
2,5 optional security services: authentication, access control, data confidentiality, data integrity, and prevention.
3, 8 safety mechanisms: encryption mechanism, data integrity mechanism, access control mechanism, data integrity mechanism, authentication mechanism, communication service filling mechanism, routing control mechanism, notary mechanism, can be implemented at the appropriate level of the OSI reference model .
4, 5 universal safety mechanisms: trusted functions, safety labels, event detection, security audit tracking, security recovery.
5, information system security assessment guidelines
(1) Trusted Computer System Evaluation Guidelines TCSEC: It is made by the National Computer Security Center in 1983, also known as oranges. (2) Information Technology Safety Evaluation Guidelines ITSEC: As mentioned in 1989 in 1989, commonly known as white paper.
(3) General Safety Assessment Guidelines CC: The NIST and the National Security Bureau of NSA, European Safety Agency, and the National Standard Technology Research Institute, jointly proposed.
(4) Computer Information System Security Level Classification Guidelines: my country National Quality and Technical Supervision Bureau issued national standards in 1999.
6, trusted computer system assessment criterion
TCSec is divided into 4 categories: D, C1, C2, B1, B2, B3, A1
D-class, safety protection is not lacking, not without safety protection, just too weak.
C1, autonomous security level,
C2, controlled access protection,
B1 level, structured protection
B3 level, security domain
A1, verify the design level.
7. Evaluation of the safety operation cost of the growth
In order to determine the security strategy and solution of the network: First, the risk should be assessed, that is, the potential cost of determining the chance and hazard of invasion; secondly, the growth of the safety operation should be assessed.
Safety operation costs have the following points:
(1) The convenience of users
(2) The complexity of management
(3) Influence on existing systems
(4) Support for different platforms
Chapter 11 INTERNET
Main content: 1, internet architecture
2, Internet connection method
3, Internet address
4, Internet domain name system
5, the Internet address is extension
First, the Internet architecture
1. Autonomous System: The original Internet core system is developed during the internet right. But this architecture has the following problems:
This system cannot adapt to the Internet to extend to any number of outlets;
Many outlets consist of multiple local area networks, with multiple multi-router interconnects, because a core router is connected to a network at each outlet, the core router only knows a network in that outlet;
A large Internet is an independent organization's interconnection set, and the routing architecture must provide independent control routing and access to each organization, so you must construct a single protocol mechanism. The internet consisting of the outlet, at the same time, each outlet is another autonomous system.
Second, Internet connection method
1. Connect your computer to a local area network, the server of this LAN is a host of the Internet.
Condition: You must connect to a network connected to the Internet, you need to network adapter cards and ODI or NDIS drivers, you also need to run TCP / IP on your local computer if you are Windows system also requires Winsock support.
2, use the Serial Interface Protocol (SLIP) or Click Protocol (PPP), enter an Internet by phone dialing method
Host
Conditions: Need a modem MODEM, TCP / IP software, and SLIP or PPP software, if it is also a Windows system, Winsock support is required.
3. Get the online service system that provides Internet services via phone dialing.
Condition: A modem MODEM, standard communication software and a online service account.
4. Users choose to connect methods: the target and needs of the network; network infrastructure within the user; user pays the ability of Internet networking costs; the need for Internet security services. Third, the Internet address
In the TCP / IP protocol, it is specified to assign a 32-bit number of each host as the host IP address. Each IP address consists of two parts, that is, the network identity NetID and host identify the hostID.
The hierarchy of the IP address has two important features: First, each host assigns a unique address; second, the distribution of the Iiz Number Number must be unified worldwide, but the host identification number can be allocated local allocation, no need to globally.
1, Class A: 1.0.0.1 to 126.255.255.254 There may be 126 networks, 167,7216 host parts (224 -2)
2, Class B: 128.0.0.1 to 191.255.255.254 There may be 16384 networks, 65,536 hosts
3. Class C: 192.0.0.1 to 223.255.255.254 There may be 2097,152 networks, 256 hosts
4, D: True to broadcast to multiple destination addresses 224-239
5, E class: used to retain the address 240-255
RFC1918 uses 10.0.0. To 10.255.255.255, 127.16.0.0 to 172.31.255.255, 192.168.0.0 to 192.168.255.0.0 to 192.168.255.0.0-92.168.255.0.0-92.168.255.0.0-92.168.255.0-92.168.255.0.0 to 192.168.255.0.0-92.168.255.0.0-92.168.255.0.0-92.168.255.0.0 to 192.168.255.0.0-92.168.255.0.0 to 192.168.255.255 as reserved addresses, used as internal addresses, can not be directly connected to public Internet.
Fourth, Internet address mapping
Map the IP address of a computer to the process of the physical address.
The commonly used address analysis algorithm has three types:
1, the watch method: Place the address mapping relationship in some tables in memory, when the address is resolved, by the surfactant result. Used in WAN.
2, similar form calculation method: Map address by simple Boolean and arithmetic operation. Used to configure the network.
3. Message exchange method: The computer exchange information through the network to obtain the mapping address. Used for static addressing.
The TCP / IP Protocol group contains an address resolution protocol (ARP). The ARP protocol defines two types of basic messages. One type of message is a request message, and the other is a response message.
5. Expansion of Internet address space
1, IPv6 still supports no connection transmission; allows the sender to select the data report size; request the sender to indicate the maximum number of times before the data is reached. Larger address space; flexible header format; enhanced options; support resource allocation; support protocol expansion.
2, IPv6 Data Date: IPv6 data There is a fixed basic header 40 bytes after it can allow multiple expansion headers, or no extended header, the extended header is data.
IPv4 Datasheet Format: Includes the part of the datagram header and the data area. Header: version number, IHL, service level, data unit length, identification, tag, segment offset, life, user protocol, header check, source address, destination address, option padding, data.
3, the basic header includes version number, data stream tag, payload length, next header, hopping limit, source address, destination address.
4, IPv4 and IPv6 Comparison: Cancel the header length field, the data report length field is replaced by the PayLoad length field; the source address and destination address field size increases to each field accounted for 16 eight groups, 128 bits; segmentation information from basic The fixed field of the header moves the extended header; the survival time field is changed to the hop limit field; the service type field is changed to the data streak sign number field; the protocol field is changed to indicate the next header type field.
5, IPv6 has three basic address types, unicast addresses, indicating a computer or router, and the datagram selection one shortest path arrives at the destination station; the cluster address (Cluster) is the destination station is a shared network address A collection of computers, the datagram selects a shortest path to the group, then passed to a nearest member of the group; multicast, the destination station is a set of computers, which can be used in different places, Data report through hardware multicast Or broadcast to each member of the group. 6. If you start 80 bits of any address, then 16 bits are all 1 or all zero, then its low 32 bits are an IPv4 address.
Chapter 12 Enterprise Network and Intranet
Main content: 1. Composition and management of enterprise network computing
2, enterprise network open system integration technology
3, intranet definitions and elements
4, intranet application and establishment
I. Background and challenges of corporate network calculations
Enterprise.com is an important information infrastructure that connects to various departments of the enterprise and connects to the corporate, providing business communication, office automation, management, production and sales and automatic control services. Intranet is based on TCP / IP protocol, using Global Network WWW tools, using security measures to prevent external invasion, serving the company, and has internal networks connected to intranet features.
1. Factors that drive enterprise network calculations: user needs, this is basic power; advanced and practical information technology; rapidly changing markets.
2, two models can be used: one is a scalable model, that is, the same software calculated by the enterprise network can run on different platforms within the enterprise; the other is the integrated model, that is, the software on different platforms. Integration.
Second, the composition and characteristics of enterprise network calculation
1. Composition of enterprise network computing: client / server calculation; distributed database; data warehouse; network and communication; network and system management; various network applications.
2, the characteristics of enterprise network calculation: support client / server calculation; support management capacity and facilities; distribution data management; internationalization and localization; functional communication facilities; system flexibility; distributed resources Management; development tools and development methods.
Third, open system
Open system: It is an implementation of an interface, service, protocol, and format of interface, service, protocol, and format for interface, service, and replacement of the entire system. Its application and components can be used in different manufacturers. Other the same replacement.
1. Two Features of the Open System: The norms used by the open system are manufacturers neutral, or have nothing to do with the manufacturers; the open system allows different manufacturers of products to include the entire system.
2, dedicated system: It uses the specification to be dedicated, not the manufacturer neutral; the dedicated system does not allow product replacement by different manufacturers; its components allow for a license manufacturer product replacement.
3, Factors that drive open system development: function, availability, complexity, price.
Fourth, enterprise network open system integration technology
1. FRAMWORK is the development and operational environment of the application. It is actually a combination of lifting and operating systems. More famous products have CICS, Windows, UNIX.
2, COSE specializes in its own open system environmental specification, main technologies include MOTIF, standard API interfaces for window management, and SQL for database management.
3, information system and network calculation mainly implement network range data management, communication and network management, the main technologies are: RDAs for communication between data in data management, remote data access; communication service DCE distributed computing environment, RPC remote Process call, OSI open system interconnect; management service, DME distribution management environment, SNMP simple network management protocol.
V. Open system environment Application Portable Frame 6, intranet definition and feature
1, intranet is based on Internet TCP / IP protocol, using the Global Network WWW tool, which uses security measures to prevent external invasion, serving the company, and has an enterprise internal network that connects the Internet.
2, intranet composition: network, email, internal global network, email address list, newsgroup newsgroups, chat chat, ftp, telnet, gopher.
Chapter 13 TCP / IP Network
Main content: 1. Basic principle of TCP / IP implementation
2, Windows NT platform network
3, Unix platform networking and Linux network networking
First, TCP / IP implementation basic principle
1, TCP / IP implementation:
The TSR resident memory program is a program that is running on DOS before Windows. Disadvantages, you cannot dynamically allocate memory, TSR requires dynamic link library DLL help to allow Windows programs to access the network. Currently only used TSR methods in the DOS environment.
The DLL dynamic link library is a 16-bit Windows program log library, which is only called when the procedure is used. Disadvantages, they cannot communicate directly with NIC, they rely on Windows schedulers.
The VXD virtual appliance is implemented in Windows 32-bit protection methods for implementing some key parts, such as video, mouse, and communication port drivers. It is a WindWOS and DOS programs that can be thoroughly accessed through a hardware interrupt method in response to communication in the network.
2, network configuration basic parameters: network adapter card basic parameters, I / O port address, memory address, and interrupt number IRQ. Network information related to Microsoft, host ID, workgroup name, WINS server address, DHCP server address; related to TCP / IP network information, IP address, subnet mask, hostname, domain name, domain name server, default gateway IP address .
Second, the TCP / IP network of Windows NT platform
Third, the UNIX platform TCP / IP network
1. Several steps to establish UNIX network: design physical and logical network structure; assign IP addresses; install network hardware; to configure network interfaces for each host; set up service programs or static routes.
2, the acquisition and allocation of the IP address: may be implemented by / etc / hosts file, DNS or other domain system.
3, the network card configuration: ifconfig command can set the network card IP address, subnet mask, broadcast address, network card enable status and other option parameters. Ifconfig interface [family] address Up Option, where Interface is the specified network card name, you can use NetStat-i to check the chip type of the current system network card. Loopback network card usually called LO0 It is a virtual hardware that is used to make the route of the internal network package,
4. Route configuration: Route Configure Static Routing, Route [-f] OP [Type] Destination Gateway Hop-Count, OP parameter If adding is Add a routing entry, if Delete is deleted a routing entry.
5, the ROUTED standard route daemon, only supports RIP, which uses HOP as a distance count unit. Routed has two ways of operation: server mode and quiet mode. Both modes are listening to the broadcast package, but only server mode can release their routing information, usually only the multi-NIC machine is set to server mode, if not, it is quiet mode.
6, Gated a better routing daemon, Gated profile has a big change after joining BGP in the syntax of /etc/gated.conf, Gated can control broadcast routing, broadcast address, trust strategy, distance vector, etc. .
Fourth, Linux network installation and configuration
1. Handmade network hardware configuration: When the system starts automatically detects the network card, there are two shortcomings: one is not correct to check all the NIC, especially some cheap network cards, the second is that the core program will not automatically detect more than one NIC, this is to enable the user to control the mountains on the specified port. If you use more than two network cards, the automatic detection network card will fail.
Manually configure, one way to modify or add information in the /Drivers/neet/space.c file of the source program source code, and then recompile the kernel. Another method provides this information to the kernel program during system startup. When the LILO system can pass through the Append parameters in the lilo.conf file to the kernel.
2, manual TCP / IP network configuration
Set the host name: Hostname Name, IP configuration for the interface: ifconfig interface ip-address
The meaning of Route Add -Net 202.112.58.0 -NET, because Route can process the route to the network, and can process routes from a single host. Tell it through NET to tell a network representative, telling it to this address with Host. If you are convenient, you can define the network name in / etc / networks, and the network name directly after ROUTE can be used.
Route Add Default GW 2-2.112.58.254 Network Name Default is a shorthand of 0.0.0.0, indicating the default path, does not need to add this name to the / etc / networks file.
3, edit Hosts with networks files
If you don't plan to use DNS or NIS to perform address parsing, you must put all host names in the HOSTS file. Along with the Hosts file, there is a / etc / networks file, which establishes mapping between the name of the network and the network number.
4, compile the kernel
The order is as follows: CD / USR / SRC / Linux make config
In the new Linux core version, in addition to the above Make config command, the core configuration has increased the character state in the form of the character state to configure the Make Colormenu, and the graphical configuration interface command to run in the X window system. Make Xconfig
V. Advanced TCP / IP application configuration
1. Network configuration file: In Linux, through /tc/rc.d/rc.inet1 and /etc/rc.d/rc.inet2 two files, / etc / rc.d / rc.inet1 is mainly The basic TCP / IP interface configuration is made through the ifconfig and route commands, mainly composed of two parts, the first part is the configuration of the return interface, the second part is the configuration of the Ethernet interface. /etc/rc.d/rc.inet2 is mainly used to start some network monitoring processes, inetd portmapper, etc.
2, name service and parser configuration
Running NAMED: Most UNIX machines that provide domain name services called Named It is a server program to provide domain name services to customers or other name servers. It gets information from profile /etc/named.boot, and various data files containing domain named address maps, the latter is called "zone file" zone file. NAMED contains the main article named.hosts.
Chapter 14 Internet and Intranet Information Services
Main content: 1. Service and management of Global Information Network
2, dynamic web file and CGI technology
3, event web file and Java technology
4, FTP service configuration and management and wide area information service WAIS
The WWW server contains information organization into a hypertext, which is text, subdirectories, or information pointers. WWW browser programs provide users with a user interface based on hypertext transfer protocol HTTP. WWW server data file is described by Hypertext Markup Language HTML. HTML uses the universal resource access address URL to represent hyper media links and points to other network resources within text. First, Global Information Network
1. Definition of the Global Information Network: The Global Information Network (WWW) is based on the combination of information discovery techniques and hypertext technologies based on client / server.
2. Hypertext documents contain some commands that use the text of the text, the chapter itself, etc., allowing the browsing program format to be a text type to get the best screen display.
3. Web Task: Yes, use a starting URL to get a web document on a web server, explain this HTML, and display the document content to the user's environment to make it to maximize the effect.
4, browser classification: line mode and graphical interface.
Lynx is a line mode browser that browsses in the HTML connection, supports bookmarks and table features in HTML connections. Features: In the interaction state, you can publish the article to the newsgroup; in non-interactive state, HTML can be filtered as plain text.
Midaswww is based on the X-Windows system browsing program, supports more embedded graphics.
MOSAIC is an embedded GIF and XBM graphics, other video images.
The NetScape page takes the way to display the document edge, enhance the interaction effect.
MicroFT Explorer
5. Web server, currently three UNIX-based web server utilities.
NCSA Web is written in C language, small program, fast speed, can be run separately as a service process, or it can be set in inetd.
CERN HTTPD is a web server written in early C language. It is the main feature to provide Proxy proxy and cache functions.
Plexus httpd is written in Perl, scalability, easy to use and update, but the overhead is large when action.
Second, the establishment of Global Information Network Services
1. Compile the web service program: Get the source package; edit the modification of the corresponding makefile; set the selection, modify the src / config.h header; Run the make Compile command in each directory. Modify three configuration files, support / makefile, compile three items: HTTPD service, Support support, CGI-BIN interface program.
2. Configure web system services: Includes in three profiles, web system configuration files httpd.conf; web resource document profile SRM.CONF; web service access control profile Access.conf, and how to expand the document MIME type.
3. Some of the HTTP profiles are used: regardless of case; the notes started to the notes; one instruction defines a row; ignoring excess security and reliability, just think is a space.
4, system configuration file httpd.conf
When configuring, you need to select the operating mode of HTTPD (running separately or running under inetd), whether service access control is performed. Then use httpd.conf.dist to modify each variable.
5, document profile SRM.CONF
Specify the path of the documentation and interface programs for web services.
6, service access control configuration file access.conf
Define access to web users. The default definition is that users can browse all documents that the web server can provide.
7. Access control strategy: There are currently two ways to control access to the document directory. Access Control Profiles in the whole process, a single directory access control file.
8. Extended Document MIME Type: Mime.Types file defines the type of file that HTTPD cannot directly process. Variables confoding / addtype / default type can be defined by SRM.CONF to define new types. Third, WWW service management
1, expand WWW service function
The CGI interface program can perform an external program through the WWW service. External program receives user input: transfer to WAIS, SQL and other servers; return the query to the WWW service in the form of an HTML document or URL; CGI interface can be written in a variety of programming languages, or write it yourself,
2, WWW service and CGI interaction technology
The WWW service is divided into two parts: the interface program receives user input; output information from the interface program to WWW service.
The interface program receives the user input in three ways: environment variables, the WWW service is set to the environment variable set by the interface program when transmitting the browser's request to the interface program. Standard input, more query parameters, especially in receiving the user's FORM table input mode to POS. Command parameters, HTML
CGI interface program output: The execution of the CGI interface program is passed to the WWW service in the form of standard output. The output contains header information describing the data type, one partition, followed by actual document data.
Third, FTP service configuration and management
1. The FTP transfer service is mainly used to store large quantities of network utilities, common tools and technical documents, as well as some famous FTP images. Data types: ASCII, PostScript, SGML, executable code, image, sound, video animation.
2. The FTP service exchanges through the information between the FTP server and the FTP client. Data uploads data from the FTP client to the FTP server. Data Download FTP Client Gets Data from the FTP service.
3, FTP server provides two types of access
Internal User FTP: There are accounts for accounts on the host. Once the user enters the correct account and the password, you can access the document in the entire file system and can be arbitrarily data to the list of write permissions.
Anonymous FTP: Anonymous FTP is the public information service of the Internet, and the access range is limited to an anonymous FTP area (the subfold system defined by the FTP server). Users only need to log in with anonymous / ftp, enter your own email as a password to access and download the information provided.
4, FTP contains two parts: the server, response customer request, transfer document; file system, server document scan, calling. The FTP server name is usually ftpd or in.ftpd.
5, FTP mode: Usually ftpd is running under the system super service inetd process. Use the TCP's 21st port. Basic transmission mode: flow mode, block mode, compression method three kinds
6, FTP configuration, add the appropriate row in the Inetd configuration file (/etc/inetd.conf) to ftp stream TCP NOWAIT ROOT / ETC / FTPD. Restart inetd after each update configuration, and restart inetd.
7. After configuring the FTP under inetd, you need to set the user FTP in the host / etc / passwd, because the ftpd first checks if the FTP user exists before allowing the user anonymous to access the FTP, if there is no existence, the ftpd refuses an anonymous user access.
Fourth, establish an FTP server
1, FTP system service and its directory configuration
.company /: Store the company's own information
.pub /: Public Software Directory
.IN-COMING /: Anonymous FTP User Upload Directory
.usr /, bin /, etc /: directory occupied by FTP system
(1) Setting the directory of FTP Server: (2) Modify Password and Group file content and access
(3) Set the directory in FTP Server
2, establish a mirror system
File Server Mirror System (Mirror Sites) completes local image of the remote anonymous FTP server resource. Specify remote FTP server addresses, login names, and passwords in the mirror description file, you need to image remote FTP servers, file storage paths and permission control code on the local FTP server, and the system can use the FTP protocol according to the mirror description file. Automatically log in to the remote FTP server, enter the corresponding directory, get a list of files in this directory, compare the list of files in the local directory. The popular mirror software is Mirror-2.3, which is program written in the Perl language, followed by the FTP protocol, running its host and the remote host, by directory and file structure.
3, the REAMME file is used to describe the individual files and subdirectories. Includes the following: System Administrator email address, easy to help; basic information of this service; basic information of copyright; hot point perspective; statement.
4. The statistical log wu-ftpd system defines the format of the access log file, and the FTP access log statistics tool has XFerstats, IISstat, etc.
5, access control
The WU-FTP Access Control Profile is ftpaccess, ftphosts, ftpusers, ftpgroups, etc. According to user access control, CPU load control, user group control, automatically display status information, record system usage, file access shortcut, and control file load.
User Access Control: You can define multiple categories to control users' access by fptAccess. Category Definitions are combined by user types and host addresses. There are three types of user types: anonymous, anonymous FTP, only access to the FTP system directory; guest, user uses an account and password to access part of the file system; Real, the system itself can access the entire file system.
6. Send a prompt information to the user: Wu-ftp has four ways to enter the system's user prompt information, they are: banner, display a prompt file to the user when logging in; Message can be prompted at an appropriate time User, generally prompting when user login or user is transferred to a directory; readme can prompt the user readme file has been updated. SHUTDWON Close FTP service has two ways: using a shutdown command in ftpaccess; use ftpshut tool
7, some management tools
FTPSHUTD is accessed on the system when the system will be turned off; and close the service.
FTPWHO Shows how many people currently have users currently access and up to most accessible, and some other user usage.
FTPCount shows the number of users of each category currently accessing the FTP service, as well as the maximum number of access.
Fftpmail is an email with an FTP interface.
V. Dynamic Web Documentation and CGI Technology
1, three basic forms of web documentation
Static Document: It is a file stored in the web server. The static document is determined by the author when writing, and its content will not change. It is a typographic language. The main advantages are simple, reliable, good performance; main drawbacks, poor flexibility, when information changes, the document must be redesigned.
Dynamic Document: It is created when the browser accesses the web server, and has no predefined format. The content is always changed, and you have to create a new document each time. It can be used to show information on the weather forecast, stock market. The main disadvantages create costs, long access, and will not change again after the browser gets a replicated document.
Activity documentation: It is not completely generated by the server, and an activity document includes a computing and display program. This document can constantly change as long as the user program remains. The activity document itself does not contain the software required to run, most support software on the browser. The main drawback is to create and run such document costs, poor security. 2. Implementation of dynamic documentation
There are three characteristics of the server that handles dynamic documents: the server must extends, the request from the browser can perform an application that creates a document, and returns the generated activity document to the browser; must write one for each dynamic document Application; server uses setup information to distinguish dynamic documentation and static documentation.
3, universal gateway interface CGI
Building a dynamic web document is widely used by the General Gateway Interface CGI. The CGI standard illustrates how the server interacts with the application to implement a dynamic document, which is called the CGI program.
CGI is an interface program between servers and HTML files responsible for handling data exchange between HTML files and non-HTML programs running in the server.
The CGI can be a compiled program, or a batch file, or any executable binaries. In the CGI-BIN subdirectory of the web server, CGI must be required to open access to the CGI-bin directory. There are two ways to implement interactive queries: one is based on file-based queries; the other is to use from.
6. Active web documentation and Java technology
7. Wide area information services
1. Wide Area Information Service WAIS (Wide Area Information Search) is a network information query system that can be fully indexed with the keyword to obtain the information of the server database and obtain the information obtained.
2, WAIS operating mode, using clients and server methods. Operation mode, Standalone and inetd methods. Includes three parts, customer software, server software, and indexes.
3, WAIS data has mainly 8 files, where xx.src is used for client server description, xx.dct, xx.inv is used to query.
4. On the Unix machine, there are Waisserch and Xwais. There is WinWais on the PC. These client programs and servers use Z39.50 standard protocols, on different platforms, as long as they follow these protocols and communicate with WaisServer.
5. The Freewais system consists: its software consists of three parts: index settters, servers, and customer access programs. Its work process:
(1) The index setter reads the data from the database and establishes an index, and it creates a list for the words that appear in the document and record the appearance of the word in a table.
(2) The server uses an existing index to retrieve according to the query criteria specified by the user. The server first disks out a user's natural language query condition, uses each word as a keyword, finds a document containing these words, and gives a score to alert the user's cost of each document. The higher the score, the higher the case.
(3) The client program forms a retrieval rule via the Z39.50 standard protocol, displays the game of the server, and allows the user to view the content of a document. The type of document includes ASCII text, binary information, sound file, post script file, HTML file, JPEG, GIF file.
Chapter 15 Network App
Main content: 1. New mode of networked economy
2, Internet service platform
3, collaborative work supported by computer
4, e-commerce
5, distance education and telemedicine
First, 21st century network development trend
1, Moore Law: It is proposed by Intel's founder Moore proposed in the 1970s, its expression D (t) = d (T0) 2 (T-T0) / 1.5. The number of integrated circuit devices per 18 months has doubled.
2, Mangkaw's law: It is proposed by Ethernet inventor Mangkaw in the early 1990s, its expression is network value = N (n-1) / 2. N is the number of users. The value of any communication network is to grow in a square number in the network, that is, n users may have the number of connections. Thereby, the square growth of the PC capable of pulling into the network can thereby detrimentally. Second, the new model of networking economy
1, Internet protocol and WWW technology have two important standards for Internet
2, the requirements of the IP service platform: network security, service expansion, platform expansion, network management, interoperability, efficient implementation, access, internationalization and localization of various facilities, commercial application, mobile service, Openness and easy use.
3. Use the network middleware to implement an IP service platform is a way to work. The middleware is located under the application layer above the network, providing a public basis for the application to share structures, frameworks, and public functions.
4, middleware can be divided into three categories: communication middleware, consisting of protocols and architectures, support fundamental object-oriented distribution systems and distribution calculations. Security middleware, including authentication, access control, data confidentiality and integrity, and encryption. Integrated middleware, integrated computing platforms, and various applications of enterprise ranges.
Third, the cooperation work supported by computer
1, CSCW (Computer Supported Cooperative Work) is the technical field of studying a group of geographical dispersion by means of computer and its network technical support, coordinating and collaboration to complete a task.
2, CSCW includes collaborative working architecture, group collaboration mode and model research, support the relevant technical research of mass work, development and other parts of application system.
3, CSCW system architecture:
CSCW can be divided into four-layer structural model: the first layer is an open system interconnect environment, providing an open communication network support environment to ensure effective information exchange during collaborative work. The second layer is to solve the main mechanisms and tools required for collaborative work. The third layer collaborative work application interface, provides a programming interface API, the interface HCI, interpersonal interface IPI. The fourth layer of various CSCW applications, for a variety of collaborative work applications, providing the needs of collaborative support tools and clipping and integration, collaborative application systems.
4, groups: refers to people to provide an interface to a shared environment to support the computer application system for them to complete a general target or task.
Fourth, e-commerce
1. E-commerce EC: It is a modern commercial business method to meet the needs of enterprises, commerce and consumers to achieve reduced cost, improve product and service quality, and improve service transmission speed. E-commerce exchanges information, products, and services through computer networks.
2, e-commerce characteristics: 2P 3C
Based on computer networks; trading partners are coordinated and collaborative; focusing on trade or business; computerization; profits.
3. Framework for e-commerce: Social regulations policy and privacy and electronic text, multimedia and network protocols are two very important pillars.
4. Type of e-commerce:
5. The process of e-commerce:
6, the composition principle of e-commerce: e-commerce is the participants in the trade chain. In the computer information network environment, based on CA certification and information security guarantee, negotiate, sales, pay, trade, trade, customers The process of all-round processing.
V. Distance education
1. Distance education: refers to another teaching model that is compared with the traditional classroom, and has another teaching model that is facing students' face-to-face teaching. It has correspondence teaching, radio and television teaching, and network distance teaching.
2. Distance Education Features: Time and Space of Access Method; Sharing of Education Information; Bidirectional Interaction of Teaching Mode; Self-learning Model
3, network remote teaching form: remote access; remote experience; remote counseling; remote sharing; virtual publication; virtual class; computer support for collaborative learning.
4. The remote teaching system includes two parts: courseware development systems and teaching operation systems. Six, telemedicine
1. Working modes or services of telemedicine systems can be divided into two categories: asynchronous non-real-time and synchronous real-time. The former is a medical consultation or consultation through email letters, and the latter has a long-range real-time consultation and even surgical guidance through video conferencing systems.
