Name or Student ID: ________________________________

CNT 4007C

Computer Networks Fundamentals

Prof. Ahmed Helmy
Midterm Exam Tuesday October 25th, 2011

Instructions:
1. Write your name and student ID on this page. Also write your name (or last 4 digits
of your ID) at the top of every page.
2. Please read the instructions for each question.
3. The exam is Closed Book and Closed Notes. The formulas you may need are at the end of
this exam paper.
4. Check that your exam is complete with 12 pages (including 1 page formulas at the end).
5. Please note the number of points assigned to each question and budget your time accordingly.
6. The time of the exam is 1 hour and 30 mins (from 8:45pm until 10:15pm).

Name:___________________________________
SID:_____________________________________
Maximum
Page 2

12

Page 3

11 (+2 extra)

Page 4
Page 5

12
11

Page 6

16

Page 7

14

Page 8

Page 9

3 (+8 extra)

Page 10

14

Page 11

(10 extra)

Total

100 (+20 extra)

Score

Exam Model: AJAX1HAY00010011011100101101011000MMDIEZ3RD

Name or Student ID: ________________________________

Q1. (12 points) Write down the best term or terms that correspond to the following
descriptions:
a. A layer that handles reliability and congestion control
Answer: _____Transport layer________________________
b. A layer that handles medium access control for shared channels
Answer: ________Data-link (or MAC) layer_____________________
c. Layers that are processed by a router
Answer: ________physical, data-link and network layers_______________
d. The type of congestion signaling used by TCP
Answer: _____implicit congestion signaling________________________
e. A layer in which peer-to-peer systems and overlay networks are implemented
Answer: _________Application layer____________________
f. The architecture used by DNS
Answer: _______ distributed hierarchical database______________________
g. A layer that encapsulates data into segments
Answer: ______Transport layer_______________________
h. A kind of attack in which multiple machines in multiple places coordinate to prevent a
server from providing a service to clients by overloading the network with traffic or the
server with bogus requests
Answer: ______Distributed Denial of Service (DDoS) Attack_____________
i. A kind of channel sharing where slots are allocated to sources in a specific order prior
to communication
Answer: ______Time Division Multiplexing (TDM)__________________
j. The algorithm used by TCP to obtain a reasonable estimate of the round trip time
Answer: __________Exponential Weighted Moving Average (EWMA)_____

Q2. Answer the following questions on Chapter 1 in the space provided

Name or Student ID: ________________________________

a. (4 points) What kind of multiplexing should be used in the following scenarios:

i.
When the flows are of fixed rate, require guarantees, and the mix of flows
does not exceed the maximum channel capacity.
Answer: ______________Time Division Multiplexing (TDM)_____________
ii.
When the flows are bursty, the mix of flows may exceed the maximum
channel capacity (but the long term average does not), and they require
best effort service.
Answer: __Statistical Multiplexing (or Asynchronous TDM)_______
b. (3 points) What advantages does a circuit-switched network have over a packetswitched network?
Answer: _ A circuit-switched network can guarantee a certain amount of end-toend bandwidth for the duration of a call. Most packet-switched networks today
(including the Internet) cannot make any end-to-end guarantees for bandwidth.
c. (4 points, +2 extra) How would you describe the overall structure of the Internet?
(circle the best answer):
d. Flat
P2P
Landmark-based
Tiered
What advantages does such structure have? (Mention 2 items, 3rd for extra points)
1It allows each tier (or domain/autonomous system) to run its own internal
protocols and provides uniformity by providing standard protocols and
relationships between tiers (or domains)
2It shields the effects of change in one tier/domain from directly affecting
other tiers/domains by keeping the effect local
3It provides more flexibility in adding or removing domains or ISPs than a
non-hierarchical (flat) structure

Name or Student ID: ________________________________

e. (7 points) What are the advantages and disadvantages of having a layered protocol
architecture for the Internet? (mention 3 advantages and 2 disadvantages)
Advantages:
Allows an explicit structure to identify relationships between various pieces of the
complex Internet structure, by providing a reference model for discussion.
Provides a modular design that facilitates maintenance, updating/upgrading of
protocols and implementations (by various vendors) at the various layers of the
stack.
Supports a flexible framework for future advances and inventions (such as mobile
or sensor networks).
Disadvantages: overhead of headers, redundancy of functions (sometimes not
needed) [such as reliability as the transport layer and the link layer, or routing at
the network layer and some link layer protocols (such as ATM)]
Extra explanation: It is true in many cases that the change in one layer does not
affect the change in the other layers, but not always.
Examples of change that did not affect the other layers: change from FDDI to
token ring, to Ethernet at the MAC layer.
Examples of change that affected other layers: wireless vs. wired (performance of
TCP and routing degraded drastically). Introduction of 802.11 for wireless and ad
hoc networks (a change in the physical and MAC layers), does affect in a major
way routing at the network layer and the transport layers. In that case, many of the
protocols needed re-design.
f. (5 points)
a. Why does congestion occur in the Internet when the load is high?
The Internet is a packet switched network using store-and-forward that requires
buffers/queues. It also uses statistical-multiplexing, which means that sometimes
the input to the queue is more than the capacity of the outgoing link, especially
during high loads on the network. When this occurs the queue cannot drain fast
enough, and so it builds up beyond the average queue size, causing excessive
delays and sometimes causing queue overflow and packet loss, and hence
congestion.
b. Is there congestion in the Telephone network? Why ?
The Telephone network is a circuit-switched network, in which a circuit is
established for each connection and is reserved (not shared). It uses TDM for that, in
which time slots are assigned a-priori, and no statistical multiplexing is used. The input to
a switch never exceeds the capacity of the output. Store-and-forward is not used and
hence there are no queues. Admission control is used to control the load on the network
and denies flows/calls that would lead to exceeding the network capacity.

Name or Student ID: ________________________________

Q3. Answer the following questions on Chapter 2 in the space provided

a. (6 points) Give three reasons (arguments) against having one DNS server.
With one DNS server we have the following drawbacks: (3 are enough)
1. Single point of failure: if the DNS server crashes, so does the entire Internet
2. Traffic concentration: the single server would have to handle all DNS queries
for all HTTP requests and email messages for hundreds of millions of hosts.
3. Delayed responses: since the single server can only be close to a very few
hosts, most of the hosts will have to travel large distances (and experience
propagation delay), and traverse many links (some of which maybe congested) to
reach the server.
4. Book-keeping and updates (maintenance): the DNS server would have to keep
track of every new host or every removed host in the Internet. This doesnt scale.
b. (3 points) Discuss a mechanism to improve DNS performance and explain how
the performance can improve.
Using DNS caching is one way to improve DNS performance, first by reducing
the delay required to get the address resolution (since the cache servers are now
closer to the requesting hosts), and by reducing the overall load of DNS going to
the higher level DNS servers.

c. (2 points) While browsing the web you click on a link. The IP address for the
associated URL is not cached in your local host. The DNS lookup passes through
n DNS servers before your host receives the IP address; the successive visits incur
an RTT of RTT1, ... RTTn. The web page associated with the link contains one
small object. Let RTT0 denote the RTT between the local host and the server
containing the object. Assuming zero transmission time of the object, how much
time passes between the click and receiving the object?
The total amount of time to get the IP address is
RTT1 + RTT2 + + RTTn .
Once the IP address is known, RTT0 elapses to set up the TCP connection and
another RTT0 elapses to request and receive the small object. The total response
time is
D =2RTT0 + RTT1 + RTT2 + + RTTn

Name or Student ID: ________________________________

d. (6 points) Referring to the previous problem in c, assume that the time for that
question is D. Suppose the HTML file references three small objects on the same
server. Neglecting transmission times, how much time elapses between the click
and receiving all the objects with:
i.
Non-persistent HTTP with no parallel TCP connections?
________
D + 6RTT0
_________________________________________________________________
ii.

Non-persistent HTTP with parallel connections?

______
D + 2RTT0
_________________________________________________________________
iii.

Persistent HTTP?

______
D + RTT0
_________________________________________________________________

e. (9 points) Mention three different architectures for peer-to-peer (p2p) networks

(or overlays) in the Internet. Give example of a real p2p network for each
architecture. Briefly describe how the queries propagate in each of the
architectures.
1. Centralized directory of resources/files, as in Napster. The query is sent to the
server that maintains all information and hence the query is answered through
local lookups in the servers database, with minimum overhead on the network.
2. Fully distributed, non-centralized architecture, as in Gnutella, where all peers and
edges form a flat overlay (without hierarchy). Search and query is more
involved and incurs high overhead with flooding (or broadcast).
3. Hierarchical overlay, with some nodes acting as super nodes (or cluster heads), or
nodes forming loose neighborhoods (sometimes referred to as loose hierarchy, as
in BitTorrent or Skype).
Avoids flooding to search for resources during queries. The query is send from
the requesting peer to its cluster head, then from the cluster head to the other
cluster heads. Each cluster head keeps track of the resources in its cluster.

Name or Student ID: ________________________________

Q4. Answer the following questions on Chapter 3 in the space provided

a. (3 points) Describe why an application developer might choose to run an
application over UDP rather than TCP. Give examples of such applications.
An application developer may not want its application to use TCPs congestion
control, which can throttle the applications sending rate at times of congestion.
Often, designers of IP telephony and IP videoconference applications choose to run
their applications over UDP because they want to avoid TCPs congestion control.
Also, some applications do not need the reliable data transfer provided by TCP.
b. (5 points) Complete the graph below, showing the various phases of network congestion

Normalized Goodput

Network Congestion Phases

(I)

(II)

(III)

Load
I.
II.
III.

no congestion: the goodput increases linearly with the load

moderate congestion: [extra: parts of the network are congested leading to wasted goodput due to some
retransmissions and routing control overhead to alleviate congestion]
severe congestion (congestion collapse): much of the network is congested. [extra: The more the
network attempts to recover (via re-transmissions are re-routing) the more the load increases on the
network and the more severe the congestion becomes. This chair reaction causes the goodput to drop
dramatically approaching zero.]

c. (6 points) Where does TCP operate on the above graph? Explain for the various
phases of TCP; slow start, congestion avoidance (due to timeout), fast retransmitfast recovery triggered by duplicate ACKs.
Slow Start: the load starts from CongWin=1 (at the beginning of phase I), then ramps up quickly
(exponential growth of CongWin) until a loss is experienced (in phase II or beginning of phase III).
Congestion Avoidance: After the loss, if a timeout occurs, TCP goes down to CongWin=1 (at the
beginning of phase I) then ramps up to roughly half the load the led to the loss (half way in phase I).
In congestion avoidance CongWin increases linearly, which means the load increases slowly towards
the end of phase I and into phase II, until another loss occurs.
Fast Recovery: In fast retransmit fast recovery (due to duplicate acks), the load is cut in half (half way
into phase I), then slow (linear) increase towards phase II (as in congestion avoidance).

Name or Student ID: ________________________________

d. (6 points) One objective for the network design is to maximize the throughput (or
goodput), but that comes at an expense. What is that expense? Suggest a way
(metric) to measure network performance in a way that balances the tradeoff
between the goodput and the above expense. Show the optimal operating point for
that new metric on the graph below.
Expense: _____Increase in delay due to queue buildup in the network/routers.
Such increase becomes exponential if the load exceeds a certain point/threshold
(usually around 70% or 80% load)
Metric: ________Network power = Goodput/Delay or Throughput/Delay
Since we want to increase the goodput or throughput and minimize the delay the
network power captures such a tradeoff and maximizing it would establish the
balance we are looking for.

Optimal operating point

Name or Student ID: ________________________________

e. (3 points) In the ATM ABR rate control, if the explicit feedback indicates
congestion, then the equation for reduction is rate = rate rate * RDF. Someone
suggested that this may not be aggressive enough during severe congestion and
that multiplicative decrease should be used by having rate = rate * . What do
you think of this argument? Do you agree, or disagree, and why?
rate = rate rate * RDF = rate * (1 RDF) = rate *
hence, the 2 equations give the same effect and the difference is in the way the
parameter RDF is set hence, I disagree
[Extra: The rate of response will be reversed (as compared to part a above), i.e.,
when is high (close to 1) the response will be slow, but when is low (closer to
0) then the response is fast.]
f. (8 points extra) Stop-and-wait protocol is used for flow control over a link that is
2km long, with 10Mbps capacity, and 10% packet error rate. Packet length is
1000bits.
i.
What is the utilization of this protocol?
1 p
For stop-and-wait: u
, where p=0.1 is the frame error probability
(1 2a)
transmission delay=1000/107=100sec, propagation delay=2.103/2.108=10sec
Tprop
propagationDelay
=10/100=0.1
a

transmissionDelay
Trans
Utilization u=0.9/(1+0.2)=0.75=75%
ii.

Assume that the capacity is increased from 10Mbps to 100Mbps (with

everything else being the same), what is the new utilization?

Transmission delay=1000/108=10, and a=1

Utilization u=0.9/(1+2)=0.3=30%
iii.

Suggest 3 ways to bring the utilization close to what it was with the
10Mbps (you cannot suggest reducing the capacity to 10Mbps!).

1- Increase the frame/packet length by 10 fold to 10,000 bits.

2- Reduce the length of the link by 10 fold (from 2km to 200m)
3- Use a sliding-window mechanism Go back N or selective reject. For example,
if we use selective repeat with window w=3, we get u=3*0.3=0.9=90%.

Name or Student ID: ________________________________

Q5. Answer the following questions in space provided:

a. (3 points) In a rate-based congestion control mechanism, the rate increase is done
according to the relation rate = rate + MaxRate * Inc, and the rate decrease is done
according to the relation rate = rate * Dec, where Inc is the increase factor and Dec is the
decrease factor. If x1 > x2, both x1 and x2 < 1, which of the following rate factors would
result in the slowest reaction to network dynamics:
AInc = x1, Dec = x1
BInc = x1, Dec = x2
CInc = x2, Dec = x1
DInc = x2, Dec = x2
Answer: (write A, B, C, or D) C
b. (5 points) TCP attacks: explain the basic TCP SYN flood attack and suggest a solution.
In the TCP SYN flood attack, the attacker sends many TCP SYN (handshake)
messages to the server. When the server receives the message it opens a TCP
socket, allocates buffer and resources at it end and then sends SYN ACK. The
attacker can just stop at this stage and not continue the handshakes 3rd step. The
state will eventually timeout at the server side and be removed, but that takes tens
of seconds. If enough of these illegitimate (half-connections) are established at a
short time, this may consumer the server resources and it ends up crashing or
overloaded that it cannot serve legitimate users. This is a denial of service attack.
One solution to this problem is to not reserve resources to the TCP connection
until the handshake is established/completed as in TCP legitimate users. This is
done using a cookie and hash function that aids the server in establishing the
correct sequence number for the connection at a later point (when the handshake
is completed).
c. (6 points) Why may TCPs performance degrade over wireless links?
modifications for TCP to improve its performance over wireless networks.

Propose

TCP cannot differentiate between losses due to congestion and losses due to bit
error. A loss would lead TCP to cut down its window size (thinking it would help
alleviate congestion in the network) where in fact there may not be congestion. So
the end result is performance degradation of TCP.
Explicit Congestion Notification (ECN) provides TCP with an indication of
congestion, so when a packet is lost and there is no notification of congestion it is
likely to be due to BER on the wireless links.
TCP can be modified to take advantage of this explicit notification in the
following way. The receiver side would have to be modified to include the ECN
bit in the acks. The sender side would check the ECN field in the acks. So long as
ECN bits are included in the acks, TCP could acts as the basic TCP (i.e., cut back
window size with loss of packets). If, on the other hand, loss occurs while ECN
bits are not observed in the acks, then no window cut is performed by the sender.
Another modification could be to have the sender cut back its window size (say
by half) when it observes ECN bits in the acks. Note that there may be confusion
in case these explicit notification mechanisms are deployed partially in the
Internet.

10

Name or Student ID: ________________________________

d. (10 points extra) DNS security: attacks on DNS

I. Mention three possible attacks on DNS.
A. Pg. 145 in the book
1- DDoS bandwidth-flooding attack: attacker sends DNS root servers a flood of
many ICMP packets, attempting to overwhelm these servers, thereby blocking
legitimate requests to the DNS root servers.
2- A similar DDoS attack can be carried out against top-level domain servers.
3- Interception of DNS responses and providing wrong resolution/addresses.
4- DNS queries can be directed at certain victims using address spoofing in the
request.
(only 3 attacks are needed for full grade)
II. Mention possible responses to reduce the effect of such attacks.
B. 1- Packet filters (preventing ICMP packets) in front of DNS servers solve the
problem of DDoS bandwidth-flooding attack on root severs. Also local DNS
servers cache addresses of top-level domain servers, which obviates the need for
them to contact the DNS root servers.
2- Local DNS servers caching responses to queries alleviates the effect of DDoS
attacks on top-level domain servers.
3, 4- Attacks 3 & 4 above have not had a big effect as they are hard to implement
and require packet interception and server throttling.

11

Name or Student ID: ________________________________

Useful formulae: [Note that you may not need all of these formulae. Use as needed]
Utilization:
Tprop
propagationDelay
- a

transmissionDelay
Trans
Dis tan ce
- propagationDelay
, S=2x108m/s
S
1 p
- For stop-and-wait: u
, where p is the probability that a frame is in error.
(1 2a)
Utilization for sliding-window mechanisms with window of w:
w(1 p)
1 p
- Go back N: u
, if w fills the pipe, or u
otherwise
(1 2a)(1 p wp)
1 2ap
-

Selective repeat: u (1 p) , if w fills the pipe, or u

TCP:
-

w(1 p)
otherwise
(1 2a)

slow start CongWin+=1 per ACK,

congestion avoidance CongWin+=1 per RTT,
EstimatedRTT(k)= (1-)*EstimatedRTT(k-1) + *SampleRTT(k), 0<<1
DevRTT= (1-)*DevRTT+ *|SampleRTT EstimatedRTT|, 0< <1
TimeoutInterval = EstimatedRTT + 4*DevRTT

ATM ABR rate-based congestion control:

-

Increase: Rate = max(MCR, min[ER,Rate + PCR x RIF])

Decrease: Rate = max(MCR, min[ER,Rate Rate x RDF])

Probability distributions and stochastic processes:

-

Geometric distribution: x is the number of Bernoulli experiments until success,

Pr[X=k]=qk-1p, E(X)=1/p

Binomial distribution: x is the number of successes in n Bernoulli experiments/trials

nk
k
n!
, E[X]=np
P( X k ) nk q p , nk
(n k )!k!

Poisson Distribution: Pr[X=k]= (k/k!) e-,E[X]=Var[X]=

Exponential distribution: f(x)=e-x, F[x]=1-e-x, Pr[X>x]=1-F[x]=e-x, E[X]=1/

12