Category: Network

MTU & MSS

Posted on by lechuck park

From Copilot with some prompting
Certainly! Let’s clarify the distinct purposes of MTU (Maximum Transfer Unit) and MSS (Maximum Segment Size):

  1. MTU (Maximum Transfer Unit):
    • Associated with Ethernet, MTU represents the maximum size of an Ethernet frame.
    • When data is transmitted over a network, it is divided into smaller packets (frames). MTU defines the largest size a frame can be.
    • If a frame exceeds the MTU, it will be fragmented by the outgoing network device.
    • MTU optimization aims to efficiently share network bandwidth.
  2. MSS (Maximum Segment Size):
    • Associated with TCP (Transmission Control Protocol), MSS controls the flow of data within a TCP session.
    • It specifies the largest amount of data that can be sent in a single TCP segment.
    • The sender determines how many MSS units are sent at a given time.
    • MSS plays a crucial role in TCP congestion control and affects the TCP window size.

In summary, MTU focuses on frame size in the Ethernet layer, while MSS governs data segmentation and flow control in the TCP layer.

BGP Flow

Posted on by lechuck park

From Gemini with some prompting
Example Presentation Script

  1. BGP Session Overview

Hello everyone. Today, we will delve into the details of the BGP session establishment process. BGP is an internet routing protocol that facilitates the exchange of routing information between different autonomous systems. Establishing a stable BGP session is critical for efficient traffic forwarding across the internet.

  1. TCP Connection Establishment

A BGP session commences with a TCP 3-way handshake on port 179. After establishing a reliable connection, the session proceeds to the Open message exchange phase to negotiate the fundamental parameters for the BGP session.

  1. Open Message Exchange and Keepalive Message Exchange

The Open message exchange establishes BGP parameters such as version, autonomous system number, and Hold Timer. Hold Timer defines the session’s inactivity timeout. Keepalive messages maintain the connection by periodically exchanging messages. If no Keepalive message is received within the Hold Time, the session terminates.

  1. Update Message Transmission and Path Selection

The core of the BGP session lies in the Update message transmission. Update messages contain new, modified, or withdrawn routing information. They include network, next hop, and path attribute information, enabling routing table updates and optimal path selection.

  1. Withdrawal Message and Loop Prevention

Obsolete routing information is announced through Withdrawal messages and subsequently removed from the routing table. AS path information prevents routing loops and allows each AS to control the exchanged routing information.

  1. Conclusion

The BGP session establishment process comprises TCP connection establishment, Open message exchange, Keepalive message exchange, Update message transmission, path selection, Withdrawal message, loop prevention, and policy enforcement. This process ensures a stable BGP session and facilitates efficient routing information exchange.

Load balancing

Posted on by lechuck park

From DALL-E with some prompting

Direct Analysis and Distribution:

Traffic flows directly from a group of users to a group of servers.
This traffic can be distributed based on static information such as TCP/IP headers, user IP/Port, etc., through a “Static hash map.”
Alternatively, “Dynamic Analysis Traffic” can be used to distribute the load based on throughput or service load.
These processes require guidelines on “How to Control” and “How to Analysis.”
Pre-connection Routing Change:

The CDN Load Balance (GLBS) operates differently based on User IP and Request URL.
It controls responses through “nice destination IP return” or “BGP advertisement Routing Control,”
Or distributes traffic through “Response redirect URL.”
All these processes are executed through a Control phase.

Anomaly IP Packet header

Posted on by lechuck park

From Gemini with some prompting
Title: Anomaly Detection (IP Packet Header)

Overview:

The image illustrates the structure of an IP packet header and how to detect anomalous activities based on TCP/IP header information.

Key Elements:

  • IP Address: Identifies the server.
  • TCP/UDP Port: Used to send and receive packets.
  • Service Port Number: Port number used to connect to a specific service.
  • Service Area: IP address range where a specific service is provided.

Indicators of Anomalous Activity:

  • Unknown IP: Packets coming from unknown IP addresses.
  • Foreign IP: Packets coming from overseas IP addresses.
  • Unused Port: Packets sent to unused ports.
  • TCP/UDP Port == 0: Packets with TCP/UDP port number 0.
  • IP/TCP Checksum == 0: Packets with IP/TCP checksum 0.
  • Unused IP Protocol: Packets using unused protocols.
  • Too Large (IP.ttl): Packets with excessively large TTL values.
  • Too Many (TCP Syn): Excessive number of SYN packets.
  • Too Many (IP. fragmented): Excessive number of fragmented packets.

OSPF Link STATE

Posted on by lechuck park

From DALL-E with some prompting
The image provides an overview of the OSPF Link State Advertisements (LSAs) and their contents:

The LSA Header includes general information about the LSA, such as its age, type, the router that generated it, and data integrity checks.

LSA Type 1 (Router LSA): This LSA type is used by routers to determine the best paths to other routers within the same area. It contains information about the router’s interfaces, connected routers (with Router ID), and the status and cost of each link.

LSA Type 2 (Network LSA): Generated by the Designated Router, it describes the routers attached to a multi-access network segment. It includes the network mask and a list of all routers on that network, facilitating the exchange of segment-specific router information.

LSA Type 3 (Summary LSA): Used by Area Border Routers (ABRs) to share internal network addresses between areas, summarizing the routing information and containing the network mask of the summarized routes along with the metric cost to reach them.

In essence, LSA Type 1 helps routers within the same area determine optimal routing paths. LSA Type 2 is used to exchange information about network segments and the routers connected to them. LSA Type 3 is for sharing summarized internal network addresses between different OSPF areas.

TCP/IP 5 tuple

Posted on by lechuck park

From DALL-E with some prompting
The image summarizes how to use the 5-tuple network criteria to check additional information and detect abnormal packet patterns. The 5-tuple includes the IP Protocol, Source IP, Source Port, Destination IP, and Destination Port, which helps to identify network communication sessions. Additional insights such as location tracking through ASN or GEO, whether a server IP is static, anonymous client IP, access to unused ports, and the usage of specific ports can be leveraged to analyze network traffic and identify security threats. This information, along with application protocols, can be utilized by network administrators to detect strange packets or unusual network activities.

OSPF & BGP

Posted on by lechuck park

from DALL-E with some prompting
The image is an illustrative diagram explaining the interaction between two key protocols used in networking: OSPF (Open Shortest Path First) and BGP (Border Gateway Protocol).

  • In the center, we have a network labeled “AS (Autonomous System)” which is a collection of connected IP routing prefixes under the control of one or more network operators that presents a common, clearly defined routing policy to the internet.
  • Within the AS, the diagram shows a smaller network with purple lines connecting different nodes (routers), representing the OSPF protocol. OSPF is an interior gateway protocol used within an AS that distributes routing information between routers belonging to a single Autonomous System. The key features listed are:
    • “Sharing Link State (broadcast)” which means OSPF routers send link state advertisements to share the state of each directly connected link.
    • “with a Bandwidth” indicates that OSPF takes bandwidth into account when calculating the best route.
    • “Find Short Path (Dijkstra)” refers to OSPF using Dijkstra’s algorithm to find the shortest path through the network based on the cumulative cost of reaching each node.
  • On the right side of the diagram, there’s a larger network outlined in red, with blue lines connecting to a central node. This represents the BGP protocol, which is used between different ASes, especially at the borders. The features listed for BGP are:
    • “Border (of the AS) Gateway” which is the point where an AS connects to another AS.
    • “Sharing Routing Table between Border Gateways” means that BGP is responsible for exchanging routing information between autonomous systems, allowing them to see each other’s networks and determine the best paths.

The diagram uses solid lines to denote direct connections and dashed lines for indirect connections. The interplay between OSPF and BGP is critical for the overall functioning of the internet, with OSPF managing routes within an AS and BGP managing routes between ASes.