Computer Networks

Tutorial #14 - Suggested Solutions

  1. What information can the network manager obtain from the ping command? Give at least 3 answers. What does ping actually do?
    The best description of ping comes from its man page on Unix: Ping is a tool for network testing, measurement and management. Its basic purpose is to discover the round trip time (RTT) between "here" and "there" on the Internet. It can take a great number of command-line options (which, unfortunately, are different on different flavours of Unix!) to customise its behaviour: no of packets sent, rate of sending, size of packets, etc.
    It (again from the man page): utilizes the ICMP protocol's ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. to do its work.
    An intelligent network manager can use ping to discover the following (and probably lots more besides):
    • Whether a remote host is reachable - if an ECHO_RESPONSE is received, it's obvious that a path exists both to and from the remote host.
    • Whether the remote host is "up", since an ECHO_REQUEST is handled by the operating system software on the remote host.
    • A rough idea of the current load on the network, since the ping software displays the elapsed time between the sending the ECHO_REQUEST and receiving the ECHO_RESPONSE. If repeated pings (eg, one second intervals - the default on many ping implementations) are sent, the manager can observe the variability of the delay times. The delay time reflects both the distance to the remote host and also the amount of time that packets are waiting in buffers on intermediate routers, which is a function of link load.
    • When repeated pings are sent, the manager can observe if any packets are being lost in the network: - the packet loss rate. This obviously reflects congestion somewhere in the network.
    • Most ping implementations allow the user to set the size of the ECHO_REQUEST packets - some network problems will only show up for bigger packets.
    • Many ping implementations allow the user to flood ping a remote host - ie, send ECHO_REQUEST packets as fast as physically possible. This is used to stress test a network, and is not something you would want to do very often. It can, however, reveal problems which only appear as loads increase.
    • Finally, packet losses can (to some extent) be localised by repeated pings of routers "further out", if the network manager knows the topology of the network. For example, if I ping a router 10 times and get no packet losses, then I ping the "next further out" router and get 50% packet losses, I can make a reasonable guess at which link is causing the losses.
    NB: The man page also wisely notes: Ping should be used primarily for manual fault isolation. Because of the load it can impose on the network, it is unwise to use ping during normal operations or from automated scripts. When using ping for fault isolation, it should first be run on the local host, to verify that the local network interface is up and running. Then, hosts and gateways further and further away should be "pinged".
  2. What does the traceroute command do? How does it do it?
    It does what its name suggests - discovers the route a datagram would take through the Internet. It is a very powerful tool! From the man page: The Internet is a large and complex aggregation of network hardware connected together by gateways. The traceroute command tracks the route packets follow from gateway to gateway. The command uses the IP protocol "time to live" field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to a particular host. Note that in this unit we have not discussed the inner workings of IP in any detail, so students may not be aware of the "time to live" field in IP packets. This is not a problem - we only want them to know what traceroute does, not how.
    NB: (quoting again from man pages) This program is intended for use in network testing, measurement and management. It should be used primarily for manual fault isolation. Because of the load it could impose on the network, you should not use traceroute during normal operations or from automated scripts.
  3. The following are some (highly edited) entries from the standard Unix MIB definition, in file /etc/mib.txt. 
    ipForwarding OBJECT-TYPE ::= { ip 1 }
icmpInEchos OBJECT-TYPE ::= { icmp 8 }
tcpMaxConn OBJECT-TYPE ::= { tcp 4 }
    What are the numeric OBJECT IDENTIFIERS of the objects ipForwarding, icmpInEchoes and tcpMaxConn.
    You have to look at the lecture notes to see the OBJECT IDENTIFIER name tree, but it's pretty simple when that's in front of you: 
    	ipForwarding ::= 1.3.6.1.2.1.4.1
    You could also write this as: { 1 3 6 1 2 1 4 1 }, or even mix them up, thus: { 1 3 6 1 2 1 ip ipForwarding(1) } Note that the value of this variable tells you whether this piece of equipment is a router (ipForwarding == 1) or not ( == 0)
    The others are similarly easy: 1.3.6.1.2.1.5.8 (or one of the other legal syntax variations. Note that this one (icmpInEchos) tells you how many pings this system has received.
    The last one (tcpMaxConn - the number of simultaneous TCP connection permitted on this system) is 1.3.6.1.2.1.6.4
    Note that the MIB entries mentioned in the question are relative to the location of the MIB in the name tree.
  4. One interesting aspect of the ASN.1/BER is the way in which OBJECT IDENTIFIERS are encoded. In general, the integers which specify the OBJECT IDENTIFIER are simply encoded in BER as a SEQUENCE of single byte values. However, the first two integers (let's call them a and b) are encoded in a compact form, taking only a single byte, of the form 40a + b. So, for the Internet, the first two integers are 1.3, therefore they are encoded as the single byte value 43. Can you imagine a reason why this is done? What does it say about the values of these first two integers?
    One would expect that the integers which make up an OBJECT IDENTIFIER would be encoded in one byte each. However, the designers of BER were (for not entirely obvious reasons) keen on efficiency, and the chosen encoding saves one byte which doesn't need to be transmitted. This seems totally ridiculous nowadays - perhaps it was different in the days of 300bps data links.
    The implication which this encoding has, since a single byte cannot have a value greater than 255, is that there can never be more than 6 "top level" organisations in the global name space. Currently there's only 3 (ISO, CCITT, Joint ISO-CCITT), and there's no suggestion that there'll ever be more. Further, there can never be more than 15 divisions in any of the second level portions of the name space.
  5. Marshall T. Rose[1] espouses the fundamental axiom of network management, which is: The impact of adding management to managed nodes must be minimal, reflecting a lowest common denominator. Discuss.
    This is one of the fundamental ideas of management. For example, if I buy a router, what I basically want it to do is route. That is, its job is to forward packets. It should not spend an appreciable portion of its time running management software (ie, SNMP) - that is, the impact of adding management should be minimal. This applies whether talking about CPU cycles, memory, network bandwidth (in bits per second) or whatever.
[Previous Tutorial] [Tutorial Index] [Next Tutorial]
Phil Scott