SlideShare ist ein Scribd-Unternehmen logo

Aspects Strategiques Des Réseaux 2008 2009

Als PPT, PDF herunterladen
Eric Vyncke
Eric Vyncke
Technologie
1 von 108
Veille technologique en TIC Aspects stratégiques des réseaux Eric Vyncke evyncke@cisco.com Derniè re mise à jour: 27 fé vrier 2009
01/30/15 2 References & Misc • Slides on http://mastertic.blogspot.com/ • Contacts – Main job: Cisco Systems as Distinguished Engineer – Email: evyncke@cisco.com – Mobile: +32 475 312458
01/30/15 3 Agenda • Introduction to network • The acronym soup • The impact of security • The impact of IP telephony • The impact of Virtualization • Wrap-up: The Questions to be asked
Introduction to Network
01/30/15 5 Why a Section on Networks? • TIC = Technologie de l’Information et Communication  pas de TIC sans ré seaux  – Connaî tre les technos ré seaux = faire des bons choix  les ré seaux ont impacté le business depuis la fin de 90’s
The Acronyms Soup Or a small touch of technology
01/30/15 7 Importance de la standardisation • peu de domaines ont autant besoin de standards – la communication est un domaine complexe: besoin de spé cifications pré cises – communication entre diverses machines – communication entre divers constructeurs informatiques • plusieurs types de standards: – standards proprié taires: parfois non public, ré servé à un constructeur: SNA d’IBM, NetWare de Novell, DECnet de Digital, Transdata de Siemens Nixdorf, ... • Presque disparus mais encore actifs dans les domaines ‘pre- standard’ • Voix sur IP: SCCP de Cisco, wireless security, … – standards ouverts de jure: OSI de l’ISO, IEEE 802.*, X.25, ... – standards ouverts de facto: TCP/IP, Ethernet, ...
01/30/15 8 Gé né ralité s • les communications sont un domaine complexe et en é volution constante => besoin d’un modè le: – é tablir des spé cifications et les tests – comparer des solutions – é tablir des thé ories • le modè le sera en plusieurs couches simples à vocation pré cise afin de faciliter la compré hension et l’implé mentation
01/30/15 9 ...AN Based on the Span • A lot of acronym ending with ...AN – Area Network • Like – LAN Local Area Network: several 100’s of meters – MAN Metropolitan Area Network: a city, 10’s of km – WAN Wide Area Network: the whole Earth – PAN Personal Area Network: one meter or so – RAN Radio Area Network: from a single antenna
01/30/15 10 ...AN Based on Usage • A lot of acronym ending with ...AN – Area Network • Like – SAN Storage Area Network: • linking servers and hard-disks so that server do not know that disk are not attached
01/30/15 11 Local Area Network: LAN • LAN are usually a layer 2 technology – Using a single media • Most common Ethernet over twisted pair – 10 Mbps, 100 Mbps (= Fast Ethernet), 1 Gbps, 10 Gbps, ... – Standard IEEE 802.3 • Before over a coax cable now over twisted pair and hub/switch • Unique Ethernet address on each Network Interface Card (NIC) – 24 bits unique per vendor: 00-02-8A (Cisco) – 24 bits assigned by vendor: 09-07-CF   48-bits unique global address: 00-02-8A-09-07-CF
01/30/15 12 Ethernet Topologies How to connect more than 2 hosts? • bus topology popular through mid 90s – all nodes in same collision domain (can collide with each other) • today: star topology prevails – active switch in center – each “spoke” runs a (separate) Ethernet protocol (nodes do not collide with each other) switch bus: coaxial cable star
01/30/15 13 Ethernet Hub • Frames are repeated on all ports... • 8 x 100 Mbps ports ~ 15 € A  C A B C D A C A  C A  C
01/30/15 14 Ethernet Switch • Frames are repeated only on destination port – Don’t disturb other machines – While A sends to C, B can simultaneously send to D • 5 x 100 Mbps ports ~ 20 € • High density (8 x 48 ports) => up to 100 € /port A  C A B C D A  C Enterprises always use switches Enterprises always use switches
01/30/15 15 Virtual LAN: VLAN A B C D • Switched can be partitioned in virtual LAN – VLAN#1: ports A & C – VLAN#2: ports B & D • Use to separate traffic for security, ...
01/30/15 16 Going Faster than Ethernet • Ethernet is 1 Gbps (10 Gbps) 109 bit/s 1010 bit/s – 1 CD-ROM 800 MB = 64 108 bits – 1 DVD 4.7 GB = 40 109 bits – Ethernet 1 Gbps transfer • CD-ROM = 6 seconds • DVD = 40 seconds • A very fast hard disk is 800 MB/s write = 6.4 Gbps • Too slow for High Performance Computing – Needs faster 
01/30/15 17 High Performance Computing Low-latency, High-message rate market data environments Real-time analytics Increase accuracy of Reservoir Modeling and Seismic Analysis Deliver large datasets optimally Reduce time to market for new products Better Safety & Product Design through Simulation Expand Research Capabilities Complex Research Problems Greater Industry Outreach Accelerate time to market Molecular Modeling and Protein folding experiments for drug discovery Financial Services Oil & Gas Manufacturing Biotech Academic Research JPMC – 2000+ Servers in Global Deployment Citi – Fixed Income Trading Statoil – Multiple Clusters ONGC ENI Occidental Honda Ferrari – F1 RedBull Racing Airbus Boeing NCSA @ UIUC Stanford Univ MIT Harvard Univ UNC Chapel Hill DE Shaw R&D Cedar Sinai Stanford BioX Scripps Institute Shorten Time for Tape-Out Improve Yield EDA Intel Motorola TSMC Altis Semiconductor
01/30/15 18 Another LAN: Infiniband • Point to point link • Each link can be 2, 4 or 8 Gbps • Links can be aggregated (appearing as one) – 4x => 8, 16 or 32 Gbps – 12x => 24, 48 or 96 Gbps
01/30/15 19 Wide Area Network Services • WAN: transfer of data over 100’s of km • Enterprises cannot build their own network – Too expensive • Service is offered by SP (service provider) – Nation wide: Belgacom, Voo, Mobistar, Telenet – Worldwide: British Telecom, Colt, Verizon, ... • Layer 1: transmit elementary bit • Layer 2 (= Data-Link): transmit a frame (like a packet)
01/30/15 20 WAN: As Layer 1 or 2 Services • Layer 1: leased line = a pair of copper wire with modem • Like from your ADSL router to Skynet/Belgacom • Layer 1: optical fiber • Dark fiberDark fiber (you need to add laser transmitter): just for you, €€€ • Shared fiber (each customer uses a different color for laser): cheaper • Layer 2: point to point link (or star network) where SP handles the layer 1 (modulation) and repeats frame (layer 2) • Used to be the prevalent solution: X.25, Frame Relay • But now reserved for MAN with Ethernet Do we care? Decision based on price for bandwidth Sharing issue? May means less bandwidth
01/30/15 21 3: couche ré seau • permet le transfert de paquets via plusieurs couches de liaison de donné es diffé rentes – Permet de passer de WiFi à ADSL à Internet à Ethernet – Notion de route à suivre – Notion d’adresse ré seau unique au niveau mondial • Exemple: IP (Internet Protocol utilisé sur Internet) A b Zf e
01/30/15 22 Network Layer: IP at Home • IP is the network layer we all use  • Our IP packets traverse multiple data links and media Access Point ADSL Router Your ISP Internet = All other ISP1st data link: wifi 2nd data link: Ethernet 3rd data link: ADSL or Cable Nth data link: Ethernet or ...
01/30/15 23 What is an IP address? • In IPv4, an address is a 32 bit quantity that uniquely identifies a network interface. • In IPv4 there are 232 = 4,294,967,296 unique addresses possible
01/30/15 24 Basic Addressing 64.100.24.1 • IP addresses are written in dotted decimal format. • Four sections are separated by dots. • Each section contains a number between 0 and 255. Dots separate the sections Each section contains a number between 0 and 255
01/30/15 25 IP Addressing at Home Access Point ADSL Router Your ISP Internet = All other ISP I’m 192.168.100. 2 I’m 192.168.100.1 And 192.168.1.2 I’m 192.168.1.1 And 80.123.34.89 • If a node has multiple network interfaces, it typically has multiple IP addresses Network Printer I’m 192.168.1. 3
01/30/15 26 IP Address Hierarchy For Mr. Postman • IP address is divided into two parts to achieve efficient “packet processing” 1. Network-id: Represents the physical network commonly called a “prefix” (often first 24 bits) 2. Host-id: Represents a computer on the network (often last 8 bits) Tasman Dr. 250 Tasman Dr. 260 Tasman Dr. MainSt. 100 Main St. 101 Main St.
01/30/15 27 Can we Automate Addressing? • Defining static IP addresses on each host – Does not scale – Error prone (moving a PC to another network), ... • Dynamic Host Configuration Protocol (DHCP) – DHCP server (Windows or a router) is configured with the list of IP addresses for a network – When a host boots, it ask the DHCP for an IP address (and other information like routing, DNS, ...) Most enterprises use DHCP except for servers keeping the log to see who is using which address Most enterprises use DHCP except for servers keeping the log to see who is using which address
01/30/15 28 What is IPv6? • The current IP is version 4 – Limited address space (32 bits), exhaustion in 2010 • The next IP is version 6 – Addresses are 128-bits wide – No more exhaustion – Else nothing has changed – Already in Windows Vista or Mac OS/X or Linux • Windows XP: ‘ipv6 install’ IPv6 will rule in 2010 at the latest ALL NEW NETWORKS/APPLICATION MUST BE DESIGNED FOR IPV6 IPv6 will rule in 2010 at the latest ALL NEW NETWORKS/APPLICATION MUST BE DESIGNED FOR IPV6
01/30/15 29 IPv4 Address Fractal Map Jan-2000 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 Reserved 079 Reserved 078 Reserved 065 Reserved 086 Reserved 087 Reserved 082 Reserved 081 Reserved 076 Reserved 077 Reserved 066 Reserved 064 ARIN 063 ARIN 060 Reserved 067 Reserved 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 Reserved 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 Reserved 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Reserved 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 Reserved 218 Reserved 212 RIPE 215 US DoD 216 ARIN 219 Reserved 211 APnic 210 APnic 221 Reserved 220 Reserved 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 30 IPv4 Address Fractal Map Jan-2001 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 Reserved 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 Reserved 081 Reserved 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 Reserved 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 Reserved 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 Reserved 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Reserved 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 Reserved 211 APnic 210 APnic 221 Reserved 220 Reserved 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 236 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 31 IPv4 Address Fractal Map Jan-2002 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 Reserved 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 Reserved 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 Reserved 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 Reserved 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 Reserved 220 APnic 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 32 IPv4 Address Fractal Map Jan-2003 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 RIPE 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 ARIN 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 ARIN 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 33 IPv4 Address Fractal Map Jan-2004 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 RIPE 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 ARIN 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 ARIN 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 34 IPv4 Address Fractal Map Jan-2005 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 RIPE 082 RIPE 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 Reserved 088 RIPE 093 Reserved 094 Reserved 075 Reserved 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 35 IPv4 Address Fractal Map Jan-2006 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 Reserved 094 Reserved 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 Reserved 095 Reserved 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 APnic 124 APnic 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 36 IPv4 Address Fractal Map Jan-2007 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 Reserved 094 Reserved 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 Reserved 095 Reserved 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 Reserved 118 Reserved 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 Reserved 119 Reserved 120 Reserved 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 APnic 124 APnic 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 37 IPv4 Address Fractal Map Jan-2008 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 APnic 114 APnic 125 APnic 124 APnic 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Reserved 183 Reserved 184 Reserved 187 LACnic 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 38 IPv4 Address Fractal Map Jan-2009 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Reserved 107 Reserved 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Reserved 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Reserved 183 Reserved 184 ARIN 187 LACnic 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 39 IPv4 Address Fractal Map - Today Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Reserved 107 Reserved 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Reserved 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Reserved 183 Reserved 184 ARIN 187 LACnic 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 40 IPv4 Address Fractal Map Jan-2010 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Next 100 Next 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Next 103 Next 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Next 104 Next 109 Next 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Next 107 Next 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Reserved 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Next 183 Next 184 ARIN 187 LACnic 179 Next 178 Next 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Next 176 Next 177 Next 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 41 IPv4 Address Fractal Map Jan-2011 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Next 050 Next 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Next 100 Next 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Next 103 Next 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Next 104 Next 109 Next 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Next 107 Next 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Next 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Next 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Next 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Next 033 US DoD 032 AT&T 031 Next 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Next 036 Next 027 Next 024 Cable 023 Next 020 CsC 127 Loopback 042 Next 041 AFRNic 038 PSI 037 Next 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Next 182 Next 185 Next 186 LACnic 180 Next 183 Next 184 ARIN 187 LACnic 179 Next 178 Next 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Next 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Next 176 Next 177 Next 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
01/30/15 42 Wide Area Network As a Layer 3 Service • The prevalent solution – Service offered by a Service Provider (SP) – Transfer IP packets from your site to another site • Customers does not care about routing – Looks like the Internet but more € but with quality defined (see later) – Typical technology: MPLS (also called IP service) SP Layer 3 Services SP manages Layer 1: cable Layer 2: Ethernet or ... Layer 3: addressing and routing Easier for enterprise Fixed budget... ... But you loose control
01/30/15 43 Wide Area Network Layer 3 Service or In House Network? SP Layer 3 Services
01/30/15 44 Layer 3 Service Pros and Cons • Pros – Outsource the WAN to SP: no more CAPEX, reduce OPEX – Easier to deploy – Easier international WAN • Specially in weird countries • Cons – Lost of network ownership • Could be impossible for some business – Need to check quality of delivered service (SLA see later) • NB: the cost is not a deal breaker usually
01/30/15 45 What about Congestion? • Congestion: too many packets arriving in atoo many packets arriving in a router/switchrouter/switch – Specially when input throughput > output throughput – Routers/switches will store the peak in memory • Issue: packets wait in queue, longer delay – Memory exhausted?  dropping packets • Issue: packets are lost forever (hence the need of TCP for retransmission) ADSL Router 100 Mbps = 100.000 pps 1 Mbps = 1.000 pps
01/30/15 46 Quality of Service: QoS • QoS is a sense of quality for packet transfer – Packet loss: due to congestion or frame corruption (rare) – Latency (or delay): the time to transfer data from source to destination – Jitter: variation of the delay (see next slide)
01/30/15 Delay Variation—“Jitter” t t Sender Transmits B Receives C B A C B A d1d2 D1 = d1D2 = d2 Jitter
01/30/15 48 How to Guarantee QoS? • Classify & mark – Each IP packet is marked with its priority (precedence) • The is a byte reserved for it in IP packet • By the host • By a network device based on TCP/UDP ports • Enforce – Make different queues: routine, normal, priority, ... – In case of congestion • Drop packets from routine queue • Always process priority packets first – Think about fire trucks in traffic jam
01/30/15 49 Campus Backbone Multimedia Training Servers Order Entry,Order Entry, Finance,Finance, ManufacturingManufacturing Finance Manager Remote Campus QoS in Action Classification Classification Enforcement
01/30/15 50 Service Level Agreement: SLA • This is the contract between – A customer – A provider • About – Penalties (discount) when SLA not met – Quality of service: • Data traffic: packet loss, latency, jitter • Availability: – 99,999% availability is 5 minutes down per year – Maintenance window (scheduled network down) don’t count • Change request: time to establish a new circuit Never forget to put SLA in any service Never forget to put SLA in any service
The Security Impact
01/30/15 52 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it…. Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University
01/30/15 53 Risk Assessment in 2006 In the 2004 CSI/FBI survey (481 US organizations): Over 52% reported security breaches. Reported security incidents totaled losses over $52 million.  in decrease  Highest source of loss was virus – over $15 million alone followed by unauthorized use $10 million. Of the top causes of loss, insider misuse of resources was in top 3. -Source: CSI/FBI 2006 Computer Crime & Security Survey
01/30/15 54 Insiders… “ ” Over 75% of hacking is done by insiders and it’s easy to see why. The person on the inside is on the right side of the firewall—they know the computer systems and they have access to the passwords Neil Barrett, Bull Information Systems, ‘Computer Crime Fighter’—Personal Computer World, Feb 1999
01/30/15 55 Regulations and Compliance... • EU directives on data protection & privacy – Identity Theft legislation, Personal Data Protection (Directive 95/46/EC on the protection of personal data) • Sarbanes Oaxley – Mainly for US companies (listed on Wall Street) – But also for their WW partners • Section 302 requires CEO and CFO to make quarterly and annual certifications regarding company’s internal control over financial reporting. • Section 404 requires management assessment and audit report regarding management’s assessment. • Basel II • Payment Card Industry Data Security Standard: PCI DSS • Even ISO 27001 (or BS 7799)
01/30/15 56 Facts about PCI DSS • Published January 2005 – v1.1 released Sept 7, 2006 – All new audits must use v.1.1 • Impacts ALL who – Process – Transmit – Store: cardholder data • Developed by MasterCard and Visa, endorsed by other brands • Global reach – Account Information Security (AIS) regulation outside of US Payment Card Industry Data Security Standard January 2005
01/30/15 57 The Principles of Security: C I A I C A Confidentiality - Ability to ensure secrecy Availability -Of service -Of data Integrity - Ability to ensure asset/data in not modified security
01/30/15 Attack against Confidentiality telnet foo.bar.org username: dan password: m-y-p-a-s-s-w-o-r-d d-a-n
01/30/15 Attack on Integrity BankCustomer Deposit $1000 in Bob’s Account Deposit $900 in Mallet’s Account and $100 in Bob’s Account
01/30/15 60 Attacks of Integrity: Web Defacing
01/30/15 Denial of Service (DoS) Prevents authorised people from using a service
01/30/15 62 Handling Risk… • Transfer: to an insurance company • Reduce: implement countermeasure(s) – Also called controls • Rejecting/Ignoring: foolish… • Accepting: when cost of CM does not make sense
01/30/15 63 Controls • Administrative controls – Policies, standards, procedures – Screening personnel, education • Technical controls – Access control, encryption, security devices • Physical controls – Facility protection, security guards, locks, monitoring, intrusion detection • All the above to protect company assetsAll the above to protect company assets
01/30/15 64 Technical Control: Access Control • SubjectSubject – Active entity – Request access – E.g.: users, program, process, … • Object:Object: – Passive entity – Contain information or other objects – E.g.: computer, disk, file, … • Access:Access: – Flow of information between subject and object • Access Control:Access Control: – Mechanisms to control the access
01/30/15 65 Access Control Id, Authen, Author, Account • Consecutive steps for access control 1. Identification: who are you ? 2. Authentication: prove it ! 3. Authorization: what can you do ? 4. Accounting/Auditing: what have you done ? (after the object access) • Sometimes called AAAAAA for Authentication, Authorization and Accounting
01/30/15 66 Technical Control: Cryptography • The science of hiding a message Plaintext: Hello Plaintext: Hello Encryption Decryption Ciphertext: %z$*@ Encryption keys
01/30/15 67 Some Words on Cryptography • Encryption/decryption – mathematical functions with 2 parameters • Message (plain text or cipher text) • Key – Strength: linked to function and size of key – Two classes of crypto systems • Symmetric crypto systems: encryption key = decryption key • Asymmetric crypto systems: encryption key decryption≠ key
01/30/15 68 Technical Controls More Words on Crypto • Symmetric cryptosystems – Current minimum key size: 128 bits – Examples: AES (from Belgium), RC4 – Very fast: 1 Gbps – Issue: how can we safely share a key? • Asymmetric cryptosystems – Current minimum key size: 2048 bits – Examples: RSA – Very slow: 100 kbps – No shared key, easy to deploy – Mainly used for signatures (non reputable proof of origin) or for authentication (who you are)
01/30/15 69 Crypto on Networks • IPsec – Used to encrypt all IP packets between two routers/hosts – Virtual Private Network (VPN) • Linking remote branches over the public Internet • Linking a remote user over the public Internet • Secure Session Layer (SSL) – Used to encrypt a single TCP (like HTTP) connection • https://  allows for e-commerce • Also used for remote user over the public Internet Cryptography alone is NEVER ENOUGH to guarantee security! Cryptography alone is NEVER ENOUGH to guarantee security!
01/30/15 70 Technical Controls Perimeter Security and Firewalls • Security often relies on segregation of security domains – Trusted – Untrusted: Internet, … • Trusted domains are protected by a perimeter – Hence the term of security perimeter • When a point of passage between domains is required – Firewall: security policy enforcement
01/30/15 71 Technical Controls Security Perimeter Trusted Zone Untrusted Zone firewall
01/30/15 Technical Controls Usual Firewall Locations Internet intranet Partner XPartner Y HR Network Source: Cisco Systems
01/30/15 73 Technical Controls: Firewalls Deep Packet Inspection • More and more protocols run over HTTP – SOAP (= XML over HTTP) – … • Security policy must be enforced for those new protocols  need to also inspect the payload of HTTP • This is called Deep Packet Inspection
Impact of Voice
01/30/15 75 Why Voice over IP? • Before voice had a separated network • If voice is over IP then – Single network to operate (or to outsource) – Toll by-pass: • Data communication is usually cheaper than voice communication – More functions in phones • Video • User directory – Data and voice applications can merge • Voice mail • Web conferencing • Customer Relation Management systems
01/30/15 76 Voice Payload Voice PayloadRTP Voice PayloadRTPUDP Voice PayloadRTPUDPIP 1. Transform usual voice (analog) in digital with CODEC 2. Cut voice in small chunks 3. Transport those chunks over IP Voice in an IP Packet
01/30/15 77 Analog Audio Source = 0101 G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0 Everything Is Bits Sample Compand Quantize Encode Frame 4000 Hz Analog Signal = Sample 8,000/sec Nyquist Frequency Quantize 256 Steps Using 8 Bits DS0 64 Kbps What Is a CODEC? Analog to Digital Conversion
01/30/15 78 IP Telephony vs. Voice over IP • IP telephony is a super-set of services over IP – Pure Voice over IP transport – Conferencing – Voice mail – ...
01/30/15 79 Network Requirements for Voice • Power over the Ethernet – No need for power cord for the phone • Quality of service – Voice is delay sensitive (< 150 msec) • Other issue – Relationships between • Network department • Voice department
01/30/15 80 The Skype Service • P2P based VoIP software • Founded by the founders of Kazaa • Can be downloaded free at: – http://www.skype.com • Services – Both paid and free services available – Free - Instant Messaging - Voice and Video communication (PC to PC) A typical Skype user interface
01/30/15 81 Skype Architecture Hierarchical P2P architecture but involves a central Skype authority for registration and certification services Skype Architecture: Normal peers, super nodes, and centralized Skype server
01/30/15 82 Should You Use Skype? • If you can answer yes to four questions: – Are you willing to circumvent the perimeter controls of your network? – Do you trust the Skype developers to implement security correctly (being closed-source)? – Do you trust the ethics of the Skype developers? – Can you tolerate the Skype network being unavailable?
Impact of Virtualization
01/30/15 84 What is Virtualization • Separation of location and services – Services can run anywhere – Users cannot see the difference • Corollary – Several services in the same location
01/30/15 85 “[Virtualization is] a technique for hiding the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple logical resources; or it can include making multiple physical resources (such as storage devices or servers) appear as a single logical resource.” Mann, Andi, Virtualization 101 Enterprise Management Associates (EMA) © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85 BRKDCT-1870 14484_04_2008_c2
01/30/15 86 Why Virtualization • Flexibility – Can add a new server/service in less than 1 second – Can move a service to a better server • Being faster, more secure, cheaper • Cost efficiency – Share a physical €€€ server by several application • Green – No need to power 10 servers for 10 services if all 10 services can run on a single server
01/30/15 87 “By 2008, 50% of Today’s Data Centers Will Have Insufficient Power and Cooling Capacity to Meet the Demands of High-Density Equipment” Data Center Trends Days to Deploy Applications Server/Storage Utilization Annual Storage Growth DC Records Retention (Years) DC Power and Cooling Costs Data Center Operations Source: Gartner, 2008 60–180 < 25% 40–400% 7–10 ~ 25–30% > 30%
01/30/15 88 Data Center Virtualization • Enables consolidation or sharing of physical assets to increase utilization  Reduces physical devices and cabling, space, power, and cooling  Enables rapid deployment and redeployment of resources to meet business objectives
01/30/15 89  Consolidation of physical SANs  Improved storage utilization  Greater flexibility Storage Virtualization  Consolidation of physical servers  Improved server utilization  Greater flexibility Server Virtualization Network Virtualization Data Center Virtualization • Consolidation of physical networks • Greater flexibility • Improved capacity utilization OS App Hypervisor OS App OS App OS App OS App Network Virtualization Storage Virtualization Server Virtualization
01/30/15 90 Network Virtualization • The basis of other virtualization – Virtual LAN: sharing an Ethernet switch for several independent LAN – Virtual Private Network (VPN) sharing a WAN infrastructure among several independent WAN
01/30/15 91 Storage Virtualization • Network Attached Storage – Attaching a hard-disk to ONE computer via USB/Network – NOT a real virtualization: computer is aware of the remote disk • Storage Area Network (SAN) – Attaching hard-disk to SEVERAL computers via network – Virtualization because computers are unaware of the disks being remote – Network must be really fast: Infiniband or Fibre Channel
01/30/15 92 Why SAN? • Virtualization allows – Sharing disk – Adding storage easily without disruption – Single place for all storage • Easier to secure • Easier to take back-up – Storage is no more local to the computer • Can move the computer and keep the same disk • Important when the computer becomes virtual
01/30/15 93 Storage Volume Virtualization • Adding more storage requires administrative changes • Administrative overhead, prone to errors • Complex coordination of data movement between arrays Target SAN Fabric Initiator Initiator Target
01/30/15 94 SAN Fabric Storage Volume Virtualization • A SCSI operation from the host is mapped in one or more SCSI operations to the SAN- attached storage • Zoning connects real initiator and virtual target or virtual initiator and real storage • Virtual Volume 2 Virtual Target 1 VSAN_10 Virtual Volume 1 Virtual Target 2 VSAN_20 Virtual Initiator VSAN_30 Virtual Initiator VSAN_30 Initiator VSAN_20 Initiator VSAN_10
01/30/15 95 Server Virtualization • Multiple Computers inside a Computer – Guest OS can be different than host OS – Guest machines are isolated by default CPU m em ory Modified Stripped Down OS with Hypervisor Guest OS App VM CPU m em ory Host OS VM Hypervisor VMware Microsoft Guest OS App Guest OS App Guest OS App
01/30/15 VMware Virtualization Layer Virtual Server Migration • VMotion, aka VM Migration allows a VM to be reallocated on a different Hardware without having to interrupt service. • Downtime in the order of few milliseconds to few minutes, not hours or days • Can be used to perform Maintenance on a server, • Can be used to shift workloads more efficiently VMware Virtualization Layer OS OS Console OS OS App. App. App. CPU m em ory CPU m em ory Console OS Hypervisor Hypervisor
How to Deploy a Network? Or the right questions to be asked?
01/30/15 98 Basic Networking • IPv6 Readiness • Addressing (mainly technical) – Use of DHCP? – Important for mobile user • Routing (mainly technical)
01/30/15 99 Levels of Security • Does the security policy include network? • Risk management: assets, confidentiality requirements – Specific requirements for some business: Basel II, PCI • Which are my security domains? – HR – Sales? – Guests – What about contractors?
01/30/15 100 QoS • Do you need QoS in your network? – Probably for IP telephony • What are my critical application? – ERP? – Emails? – Back-up?
01/30/15 101 High Availability • Availability is usually important • Redundancy – Hot or cold standby? – Redundant links? – Redundant Service Providers? • What are your disaster recovery procedure?
01/30/15 102 Open Standards • Pros – Competition means lower price – Can switch vendors easily • Cons – Having multiple vendors cost a lot of € (training the operators and users) – Lagging (not leading edge) • Be prepared for some compromise – But ask your vendor for commitment to support future standards
01/30/15 103 Future Proof... • Find the balance between – Proven technologies: but obsolete in a few years • Think IPv4 vs. IPv6 – Leading edge technos: but unstable and expensive
01/30/15 104 Operation Cost • Cheap to buy cheap to run≠
01/30/15 105 Outsourcing Network • Pros – Reduces CAPEX – Improves balance sheet • Cons – Your business relies on another party (could go bankrupt or be acquired by competitor) – Less flexibility – Long process cycle • Never forget about SLA in the contract
01/30/15 106 Outsourcing Web Portal • Pros – Learning curve pretty small – Cheaper (CAPEX & OPEX) – More secure (no link to your real data) • Cons – Less control – No access to your life data • No e-business
01/30/15 107 Green Impact • A tornado since early 2008 • Sometime a simple excuse to reduce cost • Power consumption – Faster means more power means more cooling... – Data Center location is no more based on salary but power stability & price – Turn off devices when not in use: RFID, electronics, ... – Reduce consumption => slower device? – SHARE equipment: importance of virtualization
01/30/15 108 End THE END

Empfohlen

Cyber security training at ist apr-18
Cyber security training at ist apr-18Cyber security training at ist apr-18
Cyber security training at ist apr-18Sagar Walvekar
 
Basic ISDN
Basic ISDNBasic ISDN
Basic ISDNChris McAndrew
 
Introduction to routers
Introduction to routersIntroduction to routers
Introduction to routersSantosh Kulkarni
 
MODEM INTERNAL AND EXTERNAL
MODEM INTERNAL AND EXTERNAL MODEM INTERNAL AND EXTERNAL
MODEM INTERNAL AND EXTERNAL Vishal Gohel
 
osi
osi osi
osi Leenesh
 
Chandan singh seminar report pdf.......router
Chandan singh seminar report pdf.......routerChandan singh seminar report pdf.......router
Chandan singh seminar report pdf.......routerChandan Singh
 
Router
RouterRouter
RouterThen Murugeshwari
 
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracer
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracerUccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracer
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracerShu Shin
 

Empfohlen

Cyber security training at ist apr-18
Cyber security training at ist apr-18Cyber security training at ist apr-18
Cyber security training at ist apr-18Sagar Walvekar
 
Basic ISDN
Basic ISDNBasic ISDN
Basic ISDNChris McAndrew
 
Introduction to routers
Introduction to routersIntroduction to routers
Introduction to routersSantosh Kulkarni
 
MODEM INTERNAL AND EXTERNAL
MODEM INTERNAL AND EXTERNAL MODEM INTERNAL AND EXTERNAL
MODEM INTERNAL AND EXTERNAL Vishal Gohel
 
osi
osi osi
osi Leenesh
 
Chandan singh seminar report pdf.......router
Chandan singh seminar report pdf.......routerChandan singh seminar report pdf.......router
Chandan singh seminar report pdf.......routerChandan Singh
 
Router
RouterRouter
RouterThen Murugeshwari
 
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracer
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracerUccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracer
Uccn1003 -may10_-_lect02b2_-_lan_basic_in_packet_tracerShu Shin
 
Aruba 207 Series Access Point Data Sheet
Aruba 207 Series Access Point Data SheetAruba 207 Series Access Point Data Sheet
Aruba 207 Series Access Point Data Sheet美兰 曾
 
Router Full Concept pdf
Router Full Concept pdf Router Full Concept pdf
Router Full Concept pdf Vignesh kumar
 
Introduction to modem
Introduction to modemIntroduction to modem
Introduction to modemRiyan Mansoori
 
Trunks
TrunksTrunks
TrunksChris McAndrew
 
Networking
NetworkingNetworking
NetworkingTarun Jaiswal
 
Network modem
Network modemNetwork modem
Network modemOnline
 
Modem
ModemModem
Modemvenaychawda
 
Ch 17
Ch 17Ch 17
Ch 17National American University
 
Usb protocol
Usb protocol Usb protocol
Usb protocol PREMAL GAJJAR
 
Modem | A Quick Preview
Modem | A Quick PreviewModem | A Quick Preview
Modem | A Quick PreviewSyed Shujat Ali
 
Dante Audio Networking Fundamentals
Dante Audio Networking FundamentalsDante Audio Networking Fundamentals
Dante Audio Networking FundamentalsrAVe [PUBS]
 
WORKING OF LAN
WORKING OF LANWORKING OF LAN
WORKING OF LANmyrajendra
 
Presentation on router
Presentation on routerPresentation on router
Presentation on routerIqra university islamabad
 
Ccvp plus module 2
Ccvp plus module 2Ccvp plus module 2
Ccvp plus module 2Le Ngoc Viet
 
Router and routing
Router and routingRouter and routing
Router and routingIran-Gul Mukhlis
 
DTS_4138-timeserver
DTS_4138-timeserverDTS_4138-timeserver
DTS_4138-timeserverArnoud van Mancius
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNAAli Layth
 
USB Universal Serial Bus
USB Universal Serial BusUSB Universal Serial Bus
USB Universal Serial BusVarun Kambrath
 
Ccna pres
Ccna presCcna pres
Ccna presDanish Nauman
 
EIGRP Project Report
EIGRP Project ReportEIGRP Project Report
EIGRP Project ReportZahid Hasan Zinnah
 
On line course
On line courseOn line course
On line courseblandonchevez
 
Veronica
VeronicaVeronica
Veronicaveronicavillamizar
 

Weitere ähnliche Inhalte

Was ist angesagt?

Aruba 207 Series Access Point Data Sheet
Aruba 207 Series Access Point Data SheetAruba 207 Series Access Point Data Sheet
Aruba 207 Series Access Point Data Sheet美兰 曾
 
Router Full Concept pdf
Router Full Concept pdf Router Full Concept pdf
Router Full Concept pdf Vignesh kumar
 
Network modem
Network modemNetwork modem
Network modemOnline
 
Dante Audio Networking Fundamentals
Dante Audio Networking FundamentalsDante Audio Networking Fundamentals
Dante Audio Networking FundamentalsrAVe [PUBS]
 
WORKING OF LAN
WORKING OF LANWORKING OF LAN
WORKING OF LANmyrajendra
 
Ccvp plus module 2
Ccvp plus module 2Ccvp plus module 2
Ccvp plus module 2Le Ngoc Viet
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNAAli Layth
 
USB Universal Serial Bus
USB Universal Serial BusUSB Universal Serial Bus
USB Universal Serial BusVarun Kambrath
 

Was ist angesagt? (20)

Aruba 207 Series Access Point Data Sheet
Aruba 207 Series Access Point Data SheetAruba 207 Series Access Point Data Sheet
Aruba 207 Series Access Point Data Sheet
 
Router Full Concept pdf
Router Full Concept pdf Router Full Concept pdf
Router Full Concept pdf
 
Introduction to modem
Introduction to modemIntroduction to modem
Introduction to modem
 
Trunks
TrunksTrunks
Trunks
 
Networking
NetworkingNetworking
Networking
 
Network modem
Network modemNetwork modem
Network modem
 
Modem
ModemModem
Modem
 
Ch 17
Ch 17Ch 17
Ch 17
 
Usb protocol
Usb protocol Usb protocol
Usb protocol
 
Modem | A Quick Preview
Modem | A Quick PreviewModem | A Quick Preview
Modem | A Quick Preview
 
Dante Audio Networking Fundamentals
Dante Audio Networking FundamentalsDante Audio Networking Fundamentals
Dante Audio Networking Fundamentals
 
WORKING OF LAN
WORKING OF LANWORKING OF LAN
WORKING OF LAN
 
Presentation on router
Presentation on routerPresentation on router
Presentation on router
 
Ccvp plus module 2
Ccvp plus module 2Ccvp plus module 2
Ccvp plus module 2
 
Router and routing
Router and routingRouter and routing
Router and routing
 
DTS_4138-timeserver
DTS_4138-timeserverDTS_4138-timeserver
DTS_4138-timeserver
 
MikroTik MTCNA
MikroTik MTCNAMikroTik MTCNA
MikroTik MTCNA
 
USB Universal Serial Bus
USB Universal Serial BusUSB Universal Serial Bus
USB Universal Serial Bus
 
Ccna pres
Ccna presCcna pres
Ccna pres
 
EIGRP Project Report
EIGRP Project ReportEIGRP Project Report
EIGRP Project Report
 

Andere mochten auch

ARQUITECTURA DE COMPUTADORES
ARQUITECTURA DE COMPUTADORESARQUITECTURA DE COMPUTADORES
ARQUITECTURA DE COMPUTADORESvitec
 
Truques Pc Facil
Truques Pc FacilTruques Pc Facil
Truques Pc Facilvitec
 
Predadores Sexuais
Predadores SexuaisPredadores Sexuais
Predadores SexuaisMichele Pó
 
Construção de um computador
Construção de um computadorConstrução de um computador
Construção de um computadorvitec
 
A HistÓria Do Disco RÍgido
A HistÓria Do Disco RÍgidoA HistÓria Do Disco RÍgido
A HistÓria Do Disco RÍgidovitec
 
Aula: Tipos de Interface
Aula: Tipos de InterfaceAula: Tipos de Interface
Aula: Tipos de InterfaceJanynne Gomes
 

Andere mochten auch (9)

On line course
On line courseOn line course
On line course
 
Veronica
VeronicaVeronica
Veronica
 
ARQUITECTURA DE COMPUTADORES
ARQUITECTURA DE COMPUTADORESARQUITECTURA DE COMPUTADORES
ARQUITECTURA DE COMPUTADORES
 
Truques Pc Facil
Truques Pc FacilTruques Pc Facil
Truques Pc Facil
 
Dianita.p
Dianita.pDianita.p
Dianita.p
 
Predadores Sexuais
Predadores SexuaisPredadores Sexuais
Predadores Sexuais
 
Construção de um computador
Construção de um computadorConstrução de um computador
Construção de um computador
 
A HistÓria Do Disco RÍgido
A HistÓria Do Disco RÍgidoA HistÓria Do Disco RÍgido
A HistÓria Do Disco RÍgido
 
Aula: Tipos de Interface
Aula: Tipos de InterfaceAula: Tipos de Interface
Aula: Tipos de Interface
 

Ähnlich wie Aspects Strategiques Des Réseaux 2008 2009

Aspects Stratégiques des Réseaux
Aspects Stratégiques des RéseauxAspects Stratégiques des Réseaux
Aspects Stratégiques des RéseauxEric Vyncke
 
1. Networking Fundamentals.pptx
1. Networking Fundamentals.pptx1. Networking Fundamentals.pptx
1. Networking Fundamentals.pptxMiguel Prado
 
Networking devices
Networking devicesNetworking devices
Networking devicesfrestoadi
 
Chapter 2 [compatibility mode]
Chapter 2 [compatibility mode]Chapter 2 [compatibility mode]
Chapter 2 [compatibility mode]Sĩ Anh Nguyễn
 
Network Topologies, L1-L2 Basics, Networking Devices
Network Topologies, L1-L2 Basics, Networking DevicesNetwork Topologies, L1-L2 Basics, Networking Devices
Network Topologies, L1-L2 Basics, Networking DevicesAalok Shah
 
networking devices -161021181705452555
networking devices -161021181705452555networking devices -161021181705452555
networking devices -161021181705452555mercyzyada1999
 
educational content educational content educational content
educational content educational content educational contenteducational content educational content educational content
educational content educational content educational contentOlajide Kuku
 
Educational-Content-Educational-Content-Educational-Content
Educational-Content-Educational-Content-Educational-ContentEducational-Content-Educational-Content-Educational-Content
Educational-Content-Educational-Content-Educational-ContentOlajide Kuku
 
CCNA BASIC SWITCHING AND SWITCH CONFIGURATION
CCNA BASIC SWITCHING AND SWITCH CONFIGURATIONCCNA BASIC SWITCHING AND SWITCH CONFIGURATION
CCNA BASIC SWITCHING AND SWITCH CONFIGURATIONAswini Badatya
 
Chap.1 ethernet introduction
Chap.1 ethernet introductionChap.1 ethernet introduction
Chap.1 ethernet introduction東原 李
 
The Data Cabling Universe Training Presentation
The Data Cabling Universe Training PresentationThe Data Cabling Universe Training Presentation
The Data Cabling Universe Training PresentationWes Moore
 
Basic switch and switch configuration.pptx
Basic switch and switch configuration.pptxBasic switch and switch configuration.pptx
Basic switch and switch configuration.pptxitwkd
 
CCNA SWITCHING AND CONFIGURATION
CCNA SWITCHING AND CONFIGURATIONCCNA SWITCHING AND CONFIGURATION
CCNA SWITCHING AND CONFIGURATIONShankar Ghorpade
 
Designing Local Area Network
Designing Local Area NetworkDesigning Local Area Network
Designing Local Area Networkzaisahil
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1VISHNU N
 

Ähnlich wie Aspects Strategiques Des Réseaux 2008 2009 (20)

Aspects Stratégiques des Réseaux
Aspects Stratégiques des RéseauxAspects Stratégiques des Réseaux
Aspects Stratégiques des Réseaux
 
1. Networking Fundamentals.pptx
1. Networking Fundamentals.pptx1. Networking Fundamentals.pptx
1. Networking Fundamentals.pptx
 
Networking devices
Networking devicesNetworking devices
Networking devices
 
Chapter 2 [compatibility mode]
Chapter 2 [compatibility mode]Chapter 2 [compatibility mode]
Chapter 2 [compatibility mode]
 
Network Topologies, L1-L2 Basics, Networking Devices
Network Topologies, L1-L2 Basics, Networking DevicesNetwork Topologies, L1-L2 Basics, Networking Devices
Network Topologies, L1-L2 Basics, Networking Devices
 
networking devices -161021181705452555
networking devices -161021181705452555networking devices -161021181705452555
networking devices -161021181705452555
 
educational content educational content educational content
educational content educational content educational contenteducational content educational content educational content
educational content educational content educational content
 
Educational-Content-Educational-Content-Educational-Content
Educational-Content-Educational-Content-Educational-ContentEducational-Content-Educational-Content-Educational-Content
Educational-Content-Educational-Content-Educational-Content
 
CCNA BASIC SWITCHING AND SWITCH CONFIGURATION
CCNA BASIC SWITCHING AND SWITCH CONFIGURATIONCCNA BASIC SWITCHING AND SWITCH CONFIGURATION
CCNA BASIC SWITCHING AND SWITCH CONFIGURATION
 
Internet service
Internet serviceInternet service
Internet service
 
Chap.1 ethernet introduction
Chap.1 ethernet introductionChap.1 ethernet introduction
Chap.1 ethernet introduction
 
The Data Cabling Universe Training Presentation
The Data Cabling Universe Training PresentationThe Data Cabling Universe Training Presentation
The Data Cabling Universe Training Presentation
 
Basic switch and switch configuration.pptx
Basic switch and switch configuration.pptxBasic switch and switch configuration.pptx
Basic switch and switch configuration.pptx
 
CCNA SWITCHING AND CONFIGURATION
CCNA SWITCHING AND CONFIGURATIONCCNA SWITCHING AND CONFIGURATION
CCNA SWITCHING AND CONFIGURATION
 
QSpiders - Dod Model
QSpiders - Dod ModelQSpiders - Dod Model
QSpiders - Dod Model
 
Designing Local Area Network
Designing Local Area NetworkDesigning Local Area Network
Designing Local Area Network
 
NET7.PPT
NET7.PPTNET7.PPT
NET7.PPT
 
CCNA ppt Day 1
CCNA ppt Day 1CCNA ppt Day 1
CCNA ppt Day 1
 
Fair Bluetooth.pdf
Fair Bluetooth.pdfFair Bluetooth.pdf
Fair Bluetooth.pdf
 
Networking
NetworkingNetworking
Networking
 

Kürzlich hochgeladen

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Kürzlich hochgeladen (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Aspects Strategiques Des Réseaux 2008 2009

  • 1. Veille technologique en TIC Aspects stratégiques des réseaux Eric Vyncke evyncke@cisco.com Derniè re mise à jour: 27 fé vrier 2009
  • 2. 01/30/15 2 References & Misc • Slides on http://mastertic.blogspot.com/ • Contacts – Main job: Cisco Systems as Distinguished Engineer – Email: evyncke@cisco.com – Mobile: +32 475 312458
  • 3. 01/30/15 3 Agenda • Introduction to network • The acronym soup • The impact of security • The impact of IP telephony • The impact of Virtualization • Wrap-up: The Questions to be asked
  • 5. 01/30/15 5 Why a Section on Networks? • TIC = Technologie de l’Information et Communication  pas de TIC sans ré seaux  – Connaî tre les technos ré seaux = faire des bons choix  les ré seaux ont impacté le business depuis la fin de 90’s
  • 6. The Acronyms Soup Or a small touch of technology
  • 7. 01/30/15 7 Importance de la standardisation • peu de domaines ont autant besoin de standards – la communication est un domaine complexe: besoin de spé cifications pré cises – communication entre diverses machines – communication entre divers constructeurs informatiques • plusieurs types de standards: – standards proprié taires: parfois non public, ré servé à un constructeur: SNA d’IBM, NetWare de Novell, DECnet de Digital, Transdata de Siemens Nixdorf, ... • Presque disparus mais encore actifs dans les domaines ‘pre- standard’ • Voix sur IP: SCCP de Cisco, wireless security, … – standards ouverts de jure: OSI de l’ISO, IEEE 802.*, X.25, ... – standards ouverts de facto: TCP/IP, Ethernet, ...
  • 8. 01/30/15 8 Gé né ralité s • les communications sont un domaine complexe et en é volution constante => besoin d’un modè le: – é tablir des spé cifications et les tests – comparer des solutions – é tablir des thé ories • le modè le sera en plusieurs couches simples à vocation pré cise afin de faciliter la compré hension et l’implé mentation
  • 9. 01/30/15 9 ...AN Based on the Span • A lot of acronym ending with ...AN – Area Network • Like – LAN Local Area Network: several 100’s of meters – MAN Metropolitan Area Network: a city, 10’s of km – WAN Wide Area Network: the whole Earth – PAN Personal Area Network: one meter or so – RAN Radio Area Network: from a single antenna
  • 10. 01/30/15 10 ...AN Based on Usage • A lot of acronym ending with ...AN – Area Network • Like – SAN Storage Area Network: • linking servers and hard-disks so that server do not know that disk are not attached
  • 11. 01/30/15 11 Local Area Network: LAN • LAN are usually a layer 2 technology – Using a single media • Most common Ethernet over twisted pair – 10 Mbps, 100 Mbps (= Fast Ethernet), 1 Gbps, 10 Gbps, ... – Standard IEEE 802.3 • Before over a coax cable now over twisted pair and hub/switch • Unique Ethernet address on each Network Interface Card (NIC) – 24 bits unique per vendor: 00-02-8A (Cisco) – 24 bits assigned by vendor: 09-07-CF   48-bits unique global address: 00-02-8A-09-07-CF
  • 12. 01/30/15 12 Ethernet Topologies How to connect more than 2 hosts? • bus topology popular through mid 90s – all nodes in same collision domain (can collide with each other) • today: star topology prevails – active switch in center – each “spoke” runs a (separate) Ethernet protocol (nodes do not collide with each other) switch bus: coaxial cable star
  • 13. 01/30/15 13 Ethernet Hub • Frames are repeated on all ports... • 8 x 100 Mbps ports ~ 15 € A  C A B C D A C A  C A  C
  • 14. 01/30/15 14 Ethernet Switch • Frames are repeated only on destination port – Don’t disturb other machines – While A sends to C, B can simultaneously send to D • 5 x 100 Mbps ports ~ 20 € • High density (8 x 48 ports) => up to 100 € /port A  C A B C D A  C Enterprises always use switches Enterprises always use switches
  • 15. 01/30/15 15 Virtual LAN: VLAN A B C D • Switched can be partitioned in virtual LAN – VLAN#1: ports A & C – VLAN#2: ports B & D • Use to separate traffic for security, ...
  • 16. 01/30/15 16 Going Faster than Ethernet • Ethernet is 1 Gbps (10 Gbps) 109 bit/s 1010 bit/s – 1 CD-ROM 800 MB = 64 108 bits – 1 DVD 4.7 GB = 40 109 bits – Ethernet 1 Gbps transfer • CD-ROM = 6 seconds • DVD = 40 seconds • A very fast hard disk is 800 MB/s write = 6.4 Gbps • Too slow for High Performance Computing – Needs faster 
  • 17. 01/30/15 17 High Performance Computing Low-latency, High-message rate market data environments Real-time analytics Increase accuracy of Reservoir Modeling and Seismic Analysis Deliver large datasets optimally Reduce time to market for new products Better Safety & Product Design through Simulation Expand Research Capabilities Complex Research Problems Greater Industry Outreach Accelerate time to market Molecular Modeling and Protein folding experiments for drug discovery Financial Services Oil & Gas Manufacturing Biotech Academic Research JPMC – 2000+ Servers in Global Deployment Citi – Fixed Income Trading Statoil – Multiple Clusters ONGC ENI Occidental Honda Ferrari – F1 RedBull Racing Airbus Boeing NCSA @ UIUC Stanford Univ MIT Harvard Univ UNC Chapel Hill DE Shaw R&D Cedar Sinai Stanford BioX Scripps Institute Shorten Time for Tape-Out Improve Yield EDA Intel Motorola TSMC Altis Semiconductor
  • 18. 01/30/15 18 Another LAN: Infiniband • Point to point link • Each link can be 2, 4 or 8 Gbps • Links can be aggregated (appearing as one) – 4x => 8, 16 or 32 Gbps – 12x => 24, 48 or 96 Gbps
  • 19. 01/30/15 19 Wide Area Network Services • WAN: transfer of data over 100’s of km • Enterprises cannot build their own network – Too expensive • Service is offered by SP (service provider) – Nation wide: Belgacom, Voo, Mobistar, Telenet – Worldwide: British Telecom, Colt, Verizon, ... • Layer 1: transmit elementary bit • Layer 2 (= Data-Link): transmit a frame (like a packet)
  • 20. 01/30/15 20 WAN: As Layer 1 or 2 Services • Layer 1: leased line = a pair of copper wire with modem • Like from your ADSL router to Skynet/Belgacom • Layer 1: optical fiber • Dark fiberDark fiber (you need to add laser transmitter): just for you, €€€ • Shared fiber (each customer uses a different color for laser): cheaper • Layer 2: point to point link (or star network) where SP handles the layer 1 (modulation) and repeats frame (layer 2) • Used to be the prevalent solution: X.25, Frame Relay • But now reserved for MAN with Ethernet Do we care? Decision based on price for bandwidth Sharing issue? May means less bandwidth
  • 21. 01/30/15 21 3: couche ré seau • permet le transfert de paquets via plusieurs couches de liaison de donné es diffé rentes – Permet de passer de WiFi à ADSL à Internet à Ethernet – Notion de route à suivre – Notion d’adresse ré seau unique au niveau mondial • Exemple: IP (Internet Protocol utilisé sur Internet) A b Zf e
  • 22. 01/30/15 22 Network Layer: IP at Home • IP is the network layer we all use  • Our IP packets traverse multiple data links and media Access Point ADSL Router Your ISP Internet = All other ISP1st data link: wifi 2nd data link: Ethernet 3rd data link: ADSL or Cable Nth data link: Ethernet or ...
  • 23. 01/30/15 23 What is an IP address? • In IPv4, an address is a 32 bit quantity that uniquely identifies a network interface. • In IPv4 there are 232 = 4,294,967,296 unique addresses possible
  • 24. 01/30/15 24 Basic Addressing 64.100.24.1 • IP addresses are written in dotted decimal format. • Four sections are separated by dots. • Each section contains a number between 0 and 255. Dots separate the sections Each section contains a number between 0 and 255
  • 25. 01/30/15 25 IP Addressing at Home Access Point ADSL Router Your ISP Internet = All other ISP I’m 192.168.100. 2 I’m 192.168.100.1 And 192.168.1.2 I’m 192.168.1.1 And 80.123.34.89 • If a node has multiple network interfaces, it typically has multiple IP addresses Network Printer I’m 192.168.1. 3
  • 26. 01/30/15 26 IP Address Hierarchy For Mr. Postman • IP address is divided into two parts to achieve efficient “packet processing” 1. Network-id: Represents the physical network commonly called a “prefix” (often first 24 bits) 2. Host-id: Represents a computer on the network (often last 8 bits) Tasman Dr. 250 Tasman Dr. 260 Tasman Dr. MainSt. 100 Main St. 101 Main St.
  • 27. 01/30/15 27 Can we Automate Addressing? • Defining static IP addresses on each host – Does not scale – Error prone (moving a PC to another network), ... • Dynamic Host Configuration Protocol (DHCP) – DHCP server (Windows or a router) is configured with the list of IP addresses for a network – When a host boots, it ask the DHCP for an IP address (and other information like routing, DNS, ...) Most enterprises use DHCP except for servers keeping the log to see who is using which address Most enterprises use DHCP except for servers keeping the log to see who is using which address
  • 28. 01/30/15 28 What is IPv6? • The current IP is version 4 – Limited address space (32 bits), exhaustion in 2010 • The next IP is version 6 – Addresses are 128-bits wide – No more exhaustion – Else nothing has changed – Already in Windows Vista or Mac OS/X or Linux • Windows XP: ‘ipv6 install’ IPv6 will rule in 2010 at the latest ALL NEW NETWORKS/APPLICATION MUST BE DESIGNED FOR IPV6 IPv6 will rule in 2010 at the latest ALL NEW NETWORKS/APPLICATION MUST BE DESIGNED FOR IPV6
  • 29. 01/30/15 29 IPv4 Address Fractal Map Jan-2000 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 Reserved 079 Reserved 078 Reserved 065 Reserved 086 Reserved 087 Reserved 082 Reserved 081 Reserved 076 Reserved 077 Reserved 066 Reserved 064 ARIN 063 ARIN 060 Reserved 067 Reserved 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 Reserved 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 Reserved 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Reserved 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 Reserved 218 Reserved 212 RIPE 215 US DoD 216 ARIN 219 Reserved 211 APnic 210 APnic 221 Reserved 220 Reserved 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
  • 30. 01/30/15 30 IPv4 Address Fractal Map Jan-2001 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 Reserved 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 Reserved 081 Reserved 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 Reserved 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 Reserved 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 Reserved 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Reserved 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 Reserved 211 APnic 210 APnic 221 Reserved 220 Reserved 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 236 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
  • 31. 01/30/15 31 IPv4 Address Fractal Map Jan-2002 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 Reserved 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 Reserved 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 Reserved 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 Reserved 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 Reserved 220 APnic 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
  • 32. 01/30/15 32 IPv4 Address Fractal Map Jan-2003 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 RIPE 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 ARIN 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 ARIN 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Reserved 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 Reserved 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 Reserved 201 Reserved 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
  • 33. 01/30/15 33 IPv4 Address Fractal Map Jan-2004 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 Reserved 082 RIPE 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 Reserved 067 ARIN 062 RIPE 061 APnic 089 Reserved 088 Reserved 093 Reserved 094 Reserved 075 Reserved 072 Reserved 071 Reserved 068 ARIN 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 Reserved 058 Reserved 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
  • 34. 01/30/15 34 IPv4 Address Fractal Map Jan-2005 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 Reserved 084 Reserved 083 Reserved 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 Reserved 087 RIPE 082 RIPE 081 RIPE 076 Reserved 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 Reserved 088 RIPE 093 Reserved 094 Reserved 075 Reserved 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 Reserved 091 Reserved 092 Reserved 095 Reserved 074 Reserved 073 Reserved 070 Reserved 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 Reserved 124 Reserved 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 Reserved 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 Reserved 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 Reserved 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
  • 35. 01/30/15 35 IPv4 Address Fractal Map Jan-2006 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 Reserved 078 Reserved 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 Reserved 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 Reserved 094 Reserved 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 Reserved 095 Reserved 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 Reserved 096 Reserved 117 Reserved 118 Reserved 121 Reserved 122 Reserved 102 Reserved 103 Reserved 098 Reserved 097 Reserved 116 Reserved 119 Reserved 120 Reserved 123 Reserved 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 APnic 124 APnic 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 Reserved 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AfrNIC 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
  • 36. 01/30/15 36 IPv4 Address Fractal Map Jan-2007 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 Reserved 094 Reserved 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 Reserved 095 Reserved 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 Reserved 118 Reserved 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 Reserved 119 Reserved 120 Reserved 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 Reserved 114 Reserved 125 APnic 124 APnic 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 Reserved 180 Reserved 183 Reserved 184 Reserved 187 Reserved 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
  • 37. 01/30/15 37 IPv4 Address Fractal Map Jan-2008 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 Reserved 115 APnic 114 APnic 125 APnic 124 APnic 106 Reserved 107 Reserved 108 Reserved 111 Reserved 112 Reserved 113 Reserved 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 PDN 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 Reserved 174 Reserved 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Reserved 183 Reserved 184 Reserved 187 LACnic 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 Reserved 250 Class E 251 Class E 252 Class E 255 Class E
  • 38. 01/30/15 38 IPv4 Address Fractal Map Jan-2009 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Reserved 107 Reserved 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Reserved 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Reserved 183 Reserved 184 ARIN 187 LACnic 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
  • 39. 01/30/15 39 IPv4 Address Fractal Map - Today Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Reserved 100 Reserved 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Reserved 103 Reserved 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Reserved 104 Reserved 109 Reserved 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Reserved 107 Reserved 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Reserved 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Reserved 183 Reserved 184 ARIN 187 LACnic 179 Reserved 178 Reserved 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Reserved 176 Reserved 177 Reserved 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
  • 40. 01/30/15 40 IPv4 Address Fractal Map Jan-2010 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Reserved 050 Reserved 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Next 100 Next 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Next 103 Next 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Next 104 Next 109 Next 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Next 107 Next 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Reserved 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Reserved 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Reserved 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Reserved 033 US DoD 032 AT&T 031 Reserved 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Reserved 036 Reserved 027 Reserved 024 Cable 023 Reserved 020 CsC 127 Loopback 042 Reserved 041 AFRNic 038 PSI 037 Reserved 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Reserved 182 Reserved 185 Reserved 186 LACnic 180 Next 183 Next 184 ARIN 187 LACnic 179 Next 178 Next 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Reserved 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Next 176 Next 177 Next 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
  • 41. 01/30/15 41 IPv4 Address Fractal Map Jan-2011 Fractalmap:LayoutbyRandallMunroe,TimeSequencebyTonyHain,HighlightedbyJeffApcar 085 RIPE 084 RIPE 083 RIPE 080 RIPE 079 RIPE 078 RIPE 065 ARIN 086 RIPE 087 RIPE 082 RIPE 081 RIPE 076 ARIN 077 RIPE 066 ARIN 064 ARIN 063 ARIN 060 APnic 067 ARIN 062 RIPE 061 APnic 089 RIPE 088 RIPE 093 RIPE 094 RIPE 075 ARIN 072 ARIN 071 ARIN 068 ARIN 049 Next 050 Next 090 RIPE 091 RIPE 092 RIPE 095 RIPE 074 ARIN 073 ARIN 070 ARIN 069 ARIN 101 Next 100 Next 099 ARIN 096 ARIN 117 APnic 118 APnic 121 APnic 122 APnic 102 Next 103 Next 098 ARIN 097 ARIN 116 APnic 119 APnic 120 APnic 123 APnic 105 Next 104 Next 109 Next 110 APnic 115 APnic 114 APnic 125 APnic 124 APnic 106 Next 107 Next 108 ARIN 111 APnic 112 APnic 113 APnic 126 APnic 059 APnic 058 APnic 005 Next 004 L3 003 GE 000 Reserved 056 US Postal 057 SITA 006 US DoD 007 ARIN 002 Next 001 Reserved 055 US DoD 054 Merck 009 IBM 008 L3 013 Xerox 014 Next 048 Prudential 051 UK DSS 052 El duPONT 053 Cap Debis 010 Private 011 US DoD 012 AT&T 015 HP 047 Bell North 046 Next 033 US DoD 032 AT&T 031 Next 030 US DoD 017 Apple 016 DEC 044 Radio 045 Interop 034 Haliburton 035 MERIT 028 US DoD 029 US DoD 018 MIT 019 Ford 043 Inet 040 Eli Lily 039 Next 036 Next 027 Next 024 Cable 023 Next 020 CsC 127 Loopback 042 Next 041 AFRNic 038 PSI 037 Next 026 US DoD 025 UK Defense 022 US DoD 021 US DoD 149 Various 148 Various 150 Various 151 Various 153 Various 152 Various 154 Various 155 Various 147 Various 144 Various 146 Various 145 Various 157 Various 158 Various 156 Various 159 Various 165 Various 164 Various 166 Various 169 Various 170 Various 167 Various 168 Various 171 Various 163 Various 160 Various 162 Various 161 Various 173 ARIN 174 ARIN 143 Various 142 Various 140 Various 141 Various 139 Various 136 Various 138 Various 137 Various 129 Various 128 Various 130 Various 135 Various 134 Various 131 Various 132 Various 133 Various 181 Next 182 Next 185 Next 186 LACnic 180 Next 183 Next 184 ARIN 187 LACnic 179 Next 178 Next 189 LACnic 188 Various 213 RIPE 214 US DoD 217 RIPE 218 APnic 212 RIPE 215 US DoD 216 ARIN 219 APnic 211 APnic 210 APnic 221 APnic 220 APnic 208 ARIN 209 ARIN 222 APnic 223 Next 229 Multicast 228 Multicast 227 Multicast 224 Multicast 230 Multicast 231 Multicast 226 Multicast 225 Multicast 233 Multicast 232 Multicast 237 Multicast 238 Multicast 234 Multicast 235 Multicast 236 Multicast 239 Multicast 207 ARIN 204 ARIN 203 APnic 202 APnic 206 ARIN 205 ARIN 200 LACnic 201 LACnic 245 Class E 246 Class E 244 Class E 247 Class E 243 Class E 242 Class E 240 Class E 241 Class E 192 RIPE 194 RIPE 199 ARIN 198 Various 249 Class E 248 Class E 253 Class E 254 Class E 172 Various 175 Next 176 Next 177 Next 190 LACnic 191 Various 192 Various 195 RIPE 196 AFRnic 197 AFRINic 250 Class E 251 Class E 252 Class E 255 Class E
  • 42. 01/30/15 42 Wide Area Network As a Layer 3 Service • The prevalent solution – Service offered by a Service Provider (SP) – Transfer IP packets from your site to another site • Customers does not care about routing – Looks like the Internet but more € but with quality defined (see later) – Typical technology: MPLS (also called IP service) SP Layer 3 Services SP manages Layer 1: cable Layer 2: Ethernet or ... Layer 3: addressing and routing Easier for enterprise Fixed budget... ... But you loose control
  • 43. 01/30/15 43 Wide Area Network Layer 3 Service or In House Network? SP Layer 3 Services
  • 44. 01/30/15 44 Layer 3 Service Pros and Cons • Pros – Outsource the WAN to SP: no more CAPEX, reduce OPEX – Easier to deploy – Easier international WAN • Specially in weird countries • Cons – Lost of network ownership • Could be impossible for some business – Need to check quality of delivered service (SLA see later) • NB: the cost is not a deal breaker usually
  • 45. 01/30/15 45 What about Congestion? • Congestion: too many packets arriving in atoo many packets arriving in a router/switchrouter/switch – Specially when input throughput > output throughput – Routers/switches will store the peak in memory • Issue: packets wait in queue, longer delay – Memory exhausted?  dropping packets • Issue: packets are lost forever (hence the need of TCP for retransmission) ADSL Router 100 Mbps = 100.000 pps 1 Mbps = 1.000 pps
  • 46. 01/30/15 46 Quality of Service: QoS • QoS is a sense of quality for packet transfer – Packet loss: due to congestion or frame corruption (rare) – Latency (or delay): the time to transfer data from source to destination – Jitter: variation of the delay (see next slide)
  • 47. 01/30/15 Delay Variation—“Jitter” t t Sender Transmits B Receives C B A C B A d1d2 D1 = d1D2 = d2 Jitter
  • 48. 01/30/15 48 How to Guarantee QoS? • Classify & mark – Each IP packet is marked with its priority (precedence) • The is a byte reserved for it in IP packet • By the host • By a network device based on TCP/UDP ports • Enforce – Make different queues: routine, normal, priority, ... – In case of congestion • Drop packets from routine queue • Always process priority packets first – Think about fire trucks in traffic jam
  • 49. 01/30/15 49 Campus Backbone Multimedia Training Servers Order Entry,Order Entry, Finance,Finance, ManufacturingManufacturing Finance Manager Remote Campus QoS in Action Classification Classification Enforcement
  • 50. 01/30/15 50 Service Level Agreement: SLA • This is the contract between – A customer – A provider • About – Penalties (discount) when SLA not met – Quality of service: • Data traffic: packet loss, latency, jitter • Availability: – 99,999% availability is 5 minutes down per year – Maintenance window (scheduled network down) don’t count • Change request: time to establish a new circuit Never forget to put SLA in any service Never forget to put SLA in any service
  • 52. 01/30/15 52 100% Security “ ” The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and is surrounded by nerve gas and very highly paid armed guards. Even then, I wouldn’t stake my life on it…. Gene Spafford—Director, Computer Operations, Audit, and Security Technology (COAST), Purdue University
  • 53. 01/30/15 53 Risk Assessment in 2006 In the 2004 CSI/FBI survey (481 US organizations): Over 52% reported security breaches. Reported security incidents totaled losses over $52 million.  in decrease  Highest source of loss was virus – over $15 million alone followed by unauthorized use $10 million. Of the top causes of loss, insider misuse of resources was in top 3. -Source: CSI/FBI 2006 Computer Crime & Security Survey
  • 54. 01/30/15 54 Insiders… “ ” Over 75% of hacking is done by insiders and it’s easy to see why. The person on the inside is on the right side of the firewall—they know the computer systems and they have access to the passwords Neil Barrett, Bull Information Systems, ‘Computer Crime Fighter’—Personal Computer World, Feb 1999
  • 55. 01/30/15 55 Regulations and Compliance... • EU directives on data protection & privacy – Identity Theft legislation, Personal Data Protection (Directive 95/46/EC on the protection of personal data) • Sarbanes Oaxley – Mainly for US companies (listed on Wall Street) – But also for their WW partners • Section 302 requires CEO and CFO to make quarterly and annual certifications regarding company’s internal control over financial reporting. • Section 404 requires management assessment and audit report regarding management’s assessment. • Basel II • Payment Card Industry Data Security Standard: PCI DSS • Even ISO 27001 (or BS 7799)
  • 56. 01/30/15 56 Facts about PCI DSS • Published January 2005 – v1.1 released Sept 7, 2006 – All new audits must use v.1.1 • Impacts ALL who – Process – Transmit – Store: cardholder data • Developed by MasterCard and Visa, endorsed by other brands • Global reach – Account Information Security (AIS) regulation outside of US Payment Card Industry Data Security Standard January 2005
  • 57. 01/30/15 57 The Principles of Security: C I A I C A Confidentiality - Ability to ensure secrecy Availability -Of service -Of data Integrity - Ability to ensure asset/data in not modified security
  • 58. 01/30/15 Attack against Confidentiality telnet foo.bar.org username: dan password: m-y-p-a-s-s-w-o-r-d d-a-n
  • 59. 01/30/15 Attack on Integrity BankCustomer Deposit $1000 in Bob’s Account Deposit $900 in Mallet’s Account and $100 in Bob’s Account
  • 60. 01/30/15 60 Attacks of Integrity: Web Defacing
  • 61. 01/30/15 Denial of Service (DoS) Prevents authorised people from using a service
  • 62. 01/30/15 62 Handling Risk… • Transfer: to an insurance company • Reduce: implement countermeasure(s) – Also called controls • Rejecting/Ignoring: foolish… • Accepting: when cost of CM does not make sense
  • 63. 01/30/15 63 Controls • Administrative controls – Policies, standards, procedures – Screening personnel, education • Technical controls – Access control, encryption, security devices • Physical controls – Facility protection, security guards, locks, monitoring, intrusion detection • All the above to protect company assetsAll the above to protect company assets
  • 64. 01/30/15 64 Technical Control: Access Control • SubjectSubject – Active entity – Request access – E.g.: users, program, process, … • Object:Object: – Passive entity – Contain information or other objects – E.g.: computer, disk, file, … • Access:Access: – Flow of information between subject and object • Access Control:Access Control: – Mechanisms to control the access
  • 65. 01/30/15 65 Access Control Id, Authen, Author, Account • Consecutive steps for access control 1. Identification: who are you ? 2. Authentication: prove it ! 3. Authorization: what can you do ? 4. Accounting/Auditing: what have you done ? (after the object access) • Sometimes called AAAAAA for Authentication, Authorization and Accounting
  • 66. 01/30/15 66 Technical Control: Cryptography • The science of hiding a message Plaintext: Hello Plaintext: Hello Encryption Decryption Ciphertext: %z$*@ Encryption keys
  • 67. 01/30/15 67 Some Words on Cryptography • Encryption/decryption – mathematical functions with 2 parameters • Message (plain text or cipher text) • Key – Strength: linked to function and size of key – Two classes of crypto systems • Symmetric crypto systems: encryption key = decryption key • Asymmetric crypto systems: encryption key decryption≠ key
  • 68. 01/30/15 68 Technical Controls More Words on Crypto • Symmetric cryptosystems – Current minimum key size: 128 bits – Examples: AES (from Belgium), RC4 – Very fast: 1 Gbps – Issue: how can we safely share a key? • Asymmetric cryptosystems – Current minimum key size: 2048 bits – Examples: RSA – Very slow: 100 kbps – No shared key, easy to deploy – Mainly used for signatures (non reputable proof of origin) or for authentication (who you are)
  • 69. 01/30/15 69 Crypto on Networks • IPsec – Used to encrypt all IP packets between two routers/hosts – Virtual Private Network (VPN) • Linking remote branches over the public Internet • Linking a remote user over the public Internet • Secure Session Layer (SSL) – Used to encrypt a single TCP (like HTTP) connection • https://  allows for e-commerce • Also used for remote user over the public Internet Cryptography alone is NEVER ENOUGH to guarantee security! Cryptography alone is NEVER ENOUGH to guarantee security!
  • 70. 01/30/15 70 Technical Controls Perimeter Security and Firewalls • Security often relies on segregation of security domains – Trusted – Untrusted: Internet, … • Trusted domains are protected by a perimeter – Hence the term of security perimeter • When a point of passage between domains is required – Firewall: security policy enforcement
  • 71. 01/30/15 71 Technical Controls Security Perimeter Trusted Zone Untrusted Zone firewall
  • 72. 01/30/15 Technical Controls Usual Firewall Locations Internet intranet Partner XPartner Y HR Network Source: Cisco Systems
  • 73. 01/30/15 73 Technical Controls: Firewalls Deep Packet Inspection • More and more protocols run over HTTP – SOAP (= XML over HTTP) – … • Security policy must be enforced for those new protocols  need to also inspect the payload of HTTP • This is called Deep Packet Inspection
  • 75. 01/30/15 75 Why Voice over IP? • Before voice had a separated network • If voice is over IP then – Single network to operate (or to outsource) – Toll by-pass: • Data communication is usually cheaper than voice communication – More functions in phones • Video • User directory – Data and voice applications can merge • Voice mail • Web conferencing • Customer Relation Management systems
  • 76. 01/30/15 76 Voice Payload Voice PayloadRTP Voice PayloadRTPUDP Voice PayloadRTPUDPIP 1. Transform usual voice (analog) in digital with CODEC 2. Cut voice in small chunks 3. Transport those chunks over IP Voice in an IP Packet
  • 77. 01/30/15 77 Analog Audio Source = 0101 G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0G.711 Pulse Code Modulation (PCM) is the DS0 Everything Is Bits Sample Compand Quantize Encode Frame 4000 Hz Analog Signal = Sample 8,000/sec Nyquist Frequency Quantize 256 Steps Using 8 Bits DS0 64 Kbps What Is a CODEC? Analog to Digital Conversion
  • 78. 01/30/15 78 IP Telephony vs. Voice over IP • IP telephony is a super-set of services over IP – Pure Voice over IP transport – Conferencing – Voice mail – ...
  • 79. 01/30/15 79 Network Requirements for Voice • Power over the Ethernet – No need for power cord for the phone • Quality of service – Voice is delay sensitive (< 150 msec) • Other issue – Relationships between • Network department • Voice department
  • 80. 01/30/15 80 The Skype Service • P2P based VoIP software • Founded by the founders of Kazaa • Can be downloaded free at: – http://www.skype.com • Services – Both paid and free services available – Free - Instant Messaging - Voice and Video communication (PC to PC) A typical Skype user interface
  • 81. 01/30/15 81 Skype Architecture Hierarchical P2P architecture but involves a central Skype authority for registration and certification services Skype Architecture: Normal peers, super nodes, and centralized Skype server
  • 82. 01/30/15 82 Should You Use Skype? • If you can answer yes to four questions: – Are you willing to circumvent the perimeter controls of your network? – Do you trust the Skype developers to implement security correctly (being closed-source)? – Do you trust the ethics of the Skype developers? – Can you tolerate the Skype network being unavailable?
  • 84. 01/30/15 84 What is Virtualization • Separation of location and services – Services can run anywhere – Users cannot see the difference • Corollary – Several services in the same location
  • 85. 01/30/15 85 “[Virtualization is] a technique for hiding the physical characteristics of computing resources from the way in which other systems, applications, or end users interact with those resources. This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple logical resources; or it can include making multiple physical resources (such as storage devices or servers) appear as a single logical resource.” Mann, Andi, Virtualization 101 Enterprise Management Associates (EMA) © 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 85 BRKDCT-1870 14484_04_2008_c2
  • 86. 01/30/15 86 Why Virtualization • Flexibility – Can add a new server/service in less than 1 second – Can move a service to a better server • Being faster, more secure, cheaper • Cost efficiency – Share a physical €€€ server by several application • Green – No need to power 10 servers for 10 services if all 10 services can run on a single server
  • 87. 01/30/15 87 “By 2008, 50% of Today’s Data Centers Will Have Insufficient Power and Cooling Capacity to Meet the Demands of High-Density Equipment” Data Center Trends Days to Deploy Applications Server/Storage Utilization Annual Storage Growth DC Records Retention (Years) DC Power and Cooling Costs Data Center Operations Source: Gartner, 2008 60–180 < 25% 40–400% 7–10 ~ 25–30% > 30%
  • 88. 01/30/15 88 Data Center Virtualization • Enables consolidation or sharing of physical assets to increase utilization  Reduces physical devices and cabling, space, power, and cooling  Enables rapid deployment and redeployment of resources to meet business objectives
  • 89. 01/30/15 89  Consolidation of physical SANs  Improved storage utilization  Greater flexibility Storage Virtualization  Consolidation of physical servers  Improved server utilization  Greater flexibility Server Virtualization Network Virtualization Data Center Virtualization • Consolidation of physical networks • Greater flexibility • Improved capacity utilization OS App Hypervisor OS App OS App OS App OS App Network Virtualization Storage Virtualization Server Virtualization
  • 90. 01/30/15 90 Network Virtualization • The basis of other virtualization – Virtual LAN: sharing an Ethernet switch for several independent LAN – Virtual Private Network (VPN) sharing a WAN infrastructure among several independent WAN
  • 91. 01/30/15 91 Storage Virtualization • Network Attached Storage – Attaching a hard-disk to ONE computer via USB/Network – NOT a real virtualization: computer is aware of the remote disk • Storage Area Network (SAN) – Attaching hard-disk to SEVERAL computers via network – Virtualization because computers are unaware of the disks being remote – Network must be really fast: Infiniband or Fibre Channel
  • 92. 01/30/15 92 Why SAN? • Virtualization allows – Sharing disk – Adding storage easily without disruption – Single place for all storage • Easier to secure • Easier to take back-up – Storage is no more local to the computer • Can move the computer and keep the same disk • Important when the computer becomes virtual
  • 93. 01/30/15 93 Storage Volume Virtualization • Adding more storage requires administrative changes • Administrative overhead, prone to errors • Complex coordination of data movement between arrays Target SAN Fabric Initiator Initiator Target
  • 94. 01/30/15 94 SAN Fabric Storage Volume Virtualization • A SCSI operation from the host is mapped in one or more SCSI operations to the SAN- attached storage • Zoning connects real initiator and virtual target or virtual initiator and real storage • Virtual Volume 2 Virtual Target 1 VSAN_10 Virtual Volume 1 Virtual Target 2 VSAN_20 Virtual Initiator VSAN_30 Virtual Initiator VSAN_30 Initiator VSAN_20 Initiator VSAN_10
  • 95. 01/30/15 95 Server Virtualization • Multiple Computers inside a Computer – Guest OS can be different than host OS – Guest machines are isolated by default CPU m em ory Modified Stripped Down OS with Hypervisor Guest OS App VM CPU m em ory Host OS VM Hypervisor VMware Microsoft Guest OS App Guest OS App Guest OS App
  • 96. 01/30/15 VMware Virtualization Layer Virtual Server Migration • VMotion, aka VM Migration allows a VM to be reallocated on a different Hardware without having to interrupt service. • Downtime in the order of few milliseconds to few minutes, not hours or days • Can be used to perform Maintenance on a server, • Can be used to shift workloads more efficiently VMware Virtualization Layer OS OS Console OS OS App. App. App. CPU m em ory CPU m em ory Console OS Hypervisor Hypervisor
  • 97. How to Deploy a Network? Or the right questions to be asked?
  • 98. 01/30/15 98 Basic Networking • IPv6 Readiness • Addressing (mainly technical) – Use of DHCP? – Important for mobile user • Routing (mainly technical)
  • 99. 01/30/15 99 Levels of Security • Does the security policy include network? • Risk management: assets, confidentiality requirements – Specific requirements for some business: Basel II, PCI • Which are my security domains? – HR – Sales? – Guests – What about contractors?
  • 100. 01/30/15 100 QoS • Do you need QoS in your network? – Probably for IP telephony • What are my critical application? – ERP? – Emails? – Back-up?
  • 101. 01/30/15 101 High Availability • Availability is usually important • Redundancy – Hot or cold standby? – Redundant links? – Redundant Service Providers? • What are your disaster recovery procedure?
  • 102. 01/30/15 102 Open Standards • Pros – Competition means lower price – Can switch vendors easily • Cons – Having multiple vendors cost a lot of € (training the operators and users) – Lagging (not leading edge) • Be prepared for some compromise – But ask your vendor for commitment to support future standards
  • 103. 01/30/15 103 Future Proof... • Find the balance between – Proven technologies: but obsolete in a few years • Think IPv4 vs. IPv6 – Leading edge technos: but unstable and expensive
  • 104. 01/30/15 104 Operation Cost • Cheap to buy cheap to run≠
  • 105. 01/30/15 105 Outsourcing Network • Pros – Reduces CAPEX – Improves balance sheet • Cons – Your business relies on another party (could go bankrupt or be acquired by competitor) – Less flexibility – Long process cycle • Never forget about SLA in the contract
  • 106. 01/30/15 106 Outsourcing Web Portal • Pros – Learning curve pretty small – Cheaper (CAPEX & OPEX) – More secure (no link to your real data) • Cons – Less control – No access to your life data • No e-business
  • 107. 01/30/15 107 Green Impact • A tornado since early 2008 • Sometime a simple excuse to reduce cost • Power consumption – Faster means more power means more cooling... – Data Center location is no more based on salary but power stability & price – Turn off devices when not in use: RFID, electronics, ... – Reduce consumption => slower device? – SHARE equipment: importance of virtualization

Hinweis der Redaktion

  1. &amp;lt;number&amp;gt;
  2. &amp;lt;number&amp;gt; Transcript: Okay, so that&amp;apos;s sort of our vision of how to put solutions together, how far have we gotten, we&amp;apos;ve got solutions defined as verticals and horizontals. So there&amp;apos;s actually seven different verticals that we have defined and we&amp;apos;re working on more. Let me pick a couple of examples here. Let&amp;apos;s say in the EDA space, so when we say we have a solution, one of the things we have is a customer facing deck. So it&amp;apos;s easy for you folks to go, our EDA deck for example has all the scripts, but we also have people that have implemented this or put the deck together. So it&amp;apos;s very targeted to the customer set. And if you look at the benefits, actually across all the markets, shorten time to tape-out, improve yield, reduce time to market for new products in the manufacturing space. One of the really exciting things about high-performance computing is the benefits are directly tied to a customer&amp;apos;s revenue. It&amp;apos;s not often that we can go and tell a customer, Customer we have a solution if you implement this, you can improve your top line. This is a very fundamental powerful solution, a message that Cisco can bring when you sort of couple it together with the integrated solution, we believe this is extremely valuable. Sorry, I lost my train of thought there, but one of the things -- I used to work at Goldman Sachs for many years. One of the things that&amp;apos;s very valuable for an IT individual who gets this kind of message is to go to the business and say I&amp;apos;ve got this message. So your IT contacts are going to love the fact that you&amp;apos;re bringing them this kind of a message. So when you think about the customers in your space, please think about who fits into one of these buckets. And even I would argue -- even if they don&amp;apos;t buy a lick of this stuff. The fact that you can go in and show that you understand this space, show that you understand the business problem that they have. And the fact that you have a solution that ties into their top line is a powerful message that you can leverage for any of your products. And as you can see here in each of these spaces, we&amp;apos;ve called out specific customers that have implemented this.
  3. &amp;lt;number&amp;gt;
  4. &amp;lt;number&amp;gt;
  5. &amp;lt;number&amp;gt; If not, the information regarding which host is where is going to increase dramatically.
  6. &amp;lt;number&amp;gt;
  7. &amp;lt;number&amp;gt;
  8. &amp;lt;number&amp;gt;
  9. &amp;lt;number&amp;gt;
  10. &amp;lt;number&amp;gt;
  11. &amp;lt;number&amp;gt;
  12. &amp;lt;number&amp;gt;
  13. &amp;lt;number&amp;gt;
  14. &amp;lt;number&amp;gt;
  15. &amp;lt;number&amp;gt;
  16. &amp;lt;number&amp;gt;
  17. &amp;lt;number&amp;gt;
  18. &amp;lt;number&amp;gt;
  19. &amp;lt;number&amp;gt;
  20. &amp;lt;number&amp;gt;
  21. &amp;lt;number&amp;gt;
  22. &amp;lt;number&amp;gt;
  23. &amp;lt;number&amp;gt;
  24. &amp;lt;number&amp;gt; The Payment Card Industry is a consortium of multiple credit card companies. In essence, PCI is different than legal regulatory compliance because it was created by the card brands, not legislature. This makes the standard much easier to read and understand (it’s 12 pages in total), and is more detailed than the government standards. Important is that it applies to more than just processing credit cards. It also applies to 3rd party hosting companies, information storage companies, etc. PCI is NOT specific to retail only – it’s applicable to ANY industry that touches credit cards – i.e.. Most of them! This is not US specific, it is global. However, the fines and enforcement have not reached outside the US – yet. Each card brand – VISA, MC, Discover, etc have their own security programs. This includes the PCI standard, but has the process of reporting security breach, assessment questions, programmatic information, etc. They all are built upon the PCI standard though. To date: less than 25% Level 1 merchants are compliant. The other 75% have submitted their initial Report on Compliance.
  25. Unauthorized access to data Confidentiality Password theft
  26. Data corruption Data is tampered in transit Data is altered to change the eventual outcome
  27. &amp;lt;number&amp;gt;
  28. Preventing authorized people from using a service Using up all of the resources SYN attacks Finger attacks Mailbombing Killing the service Ping o’ death udp attacks
  29. &amp;lt;number&amp;gt; l
  30. &amp;lt;number&amp;gt;
  31. &amp;lt;number&amp;gt;
  32. &amp;lt;number&amp;gt;
  33. &amp;lt;number&amp;gt; However, although IT has been an enabler that has driven significant increases in productivity, the data center, where IT systems and data are housed, may now be an inhibitor to business growth. Several factors are now coming into play that limit, and in some cases prevent, IT’s ability to meet business objectives. What can be seen is that there are a mixture of factors that singly, or in combination can significantly limit business top- and bottom-line growth. DAYS TO DEPLOY APPLICATIONS Delays in deploying new applications reduce productivity and can reduce the window of opportunity for competitive advantage. In many cases this is due to limitations with: Space power and cooling or limitations with acquiring or deploying storage and server assets. SERVER / STORAGE UTILIZATION Server and storage assets are often aligned with applications or business units that often leads to duplicated, siloed resources that are significantly underutilized and cannot be easily shared. It should be noted that assets that are underutilized need the same power as those that have higher utilization. This has a direct affect on a business’ ability to respond to changing business conditions to achieve top-line growth, and also affects the bottom-line as under-utilized assets consume space, power and cooling that could be used for new applications. ANNUAL STORAGE GROWTH Storage is growing at anywhere between 40% and 400%, often driven by new regulatory mandates such as Sarbanes-Oxley, Gramm-Leach-Bliley, which demand longer and more stringent data retention. This places greater stress on the data center environment, especially if storage infrastructure is siloed and under-utilized as spare capacity cannot be easily shared… DC POWER &amp; COOLING COSTS Modern data center technologies such as multicore CPU servers and blade servers require more power and generate more heat, and moving to new technologies can significantly impact data center power and cooling budgets. Additionally, Under-utilized assets – servers and storage –require power and cooling at 100%. As more and more infrastructure is added, it is little wonder that power and cooling is now becoming a significant portion of IT budgets. This is also starting to impact DC operational budgets that are now an increasing part of the overall IT budget (&amp;gt;30%) and rising. Branch office Although branch offices are not data center, branch offices typically have mini-IT infrastructure – typically 6 servers – to deliver application services and consequently share many common challenges with the data center: long deployment cycles, under-utilized assets, data management and security &amp; compliance challenges, and inconsistent back-up and restore. The problems posed by these demands has been largely driven by ad-hoc acquisition of applications and systems in reaction to prevailing market conditions that has lead to an Accidental Architecture of IT systems and organizational alignments. This plus developments in newer, data center technologies, such as high performance servers with multi-core technologies, are now driving data center obsolescence as they simply cannot accommodate modern data center technologies, nor modern application trends…
  34. &amp;lt;number&amp;gt;
  35. &amp;lt;number&amp;gt; Transcript: So at the end of the day, this presentation, we&amp;apos;ll focus on network virtualization from a data center front-end standpoint on the server virtualization itself and on the storage virtualization of the backend. So to give you a broad perspective. So just pull your seatbelts, and let&amp;apos;s go to the journey.
  36. &amp;lt;number&amp;gt; Transcript: Another key concept when dealing with designs for VMware is migration. So everybody knows about VMotion. So this is a key concept because it has certain implications when you&amp;apos;re planning for the network. So first of all, what does VMotion do? It allows you to move a VM, virtual machine, from an ESX host to another ESX host while the client is still performing transaction to the VM and so the client doesn&amp;apos;t notice any disruption. There are different advantages of having this technology in place. You can take a server into maintenance mode so that you can change hardware, fix things. And prior to doing that, you want the VM to automatically go to another host so that users will still be able to perform transactions and eventually you can do whatever you need to do on the host. So that&amp;apos;s one use of it. The other use has to do with the fact that you can create a pool of machines and then you can run a VM on the most appropriate machine. So if you specify the resource requirements of a given VM, then when you launch the VM, you can make sure it&amp;apos;s going to be started on the most appropriate hardware based on how much CPU is being utilized, how much memory is available. And then it&amp;apos;s all done for you by technology which is called DRS, the Dynamic Resource Scheduler. On top of that, you can move that VM over time to the machine that has the best resources available. So that can change over time and you don&amp;apos;t want the users to see that the machine is moving and so that happens behind the curtains. So that is migration. Now there are two different key types of migrations and this is something to keep in mind because it has significant implications on which kind of network you&amp;apos;re planning for. So there&amp;apos;s the regular migration which is the migration of a powered-off VM which is you basically say, I want to associate a VM with a given ESX host. And that VM is going to be started off of a different ESX host. Then there is the other concept of VM which requires its own license which is the VMotion migration which is the migration of a VM that is powered on while the user is performing interactions with this VM. So the aspect that poses most quote, unquote, challenges for us is the VMotion migration because basically, you have to guarantee that during the migration, there&amp;apos;s no interruption of service to the VM that is moving. Author’s Original Notes: Explain the requirements, similar CPUs, etc…