£43.99

Description

Contents

Foreword xxiii Preface xxv Chapter 1 Introduction And Overview 1 1.1 The Motivation For Internetworking 1 1.2 The TCP/IP Internet 2 1.3 Internet Services 2 1.4 History And Scope Of The Internet 6 1.5 The Internet Architecture Board 7 1.6 The IAB Reorganization 8 1.7 Internet Request For Comments (RFCs) 8 1.8 Internet Growth 9 1.9 Transition To IPv6 12 1.10 Committee Design And The New Version of IP 12 1.11 Relationship Between IPv4 And IPv6 13 1.12 IPv6 Migration 14 1.13 Dual Stack Systems 15 1.14 Organization Of The Text 15 1.15 Summary 16 Chapter 2 Overview Of Underlying Network Technologies 19 2.1 Introduction 19 2.2 Two Approaches To Network Communication 20 2.3 WAN And LAN 21 2.4 Hardware Addressing Schemes 21 2.5 Ethernet (IEEE 802.3) 22 2.6 Wi-Fi (IEEE 802.11) 26 2.7 ZigBee (IEEE 802.15.4) 26 2.8 Optical Carrier And Packet Over SONET (OC, POS) 27 2.9 Point-To-Point Networks 28 2.10 VLAN Technology And Broadcast Domains 28 2.11 Bridging 29 2.12 Congestion And Packet Loss 30 2.13 Summary 31 Chapter 3 Internetworking Concept And Architectural Model 35 3.1 Introduction 35 3.2 Application-Level Interconnection 35 3.3 Network-Level Interconnection 37 3.4 Properties Of The Internet 38 3.5 Internet Architecture 39 3.6 Interconnection Of Multiple Networks With IP Routers 39 3.7 The User's View 41 3.8 All Networks Are Equal 42 3.9 The Unanswered Questions 43 3.10 Summary 43 Chapter 4 Protocol Layering 47 4.1 Introduction 47 4.2 The Need For Multiple Protocols 47 4.3 The Conceptual Layers Of Protocol Software 49 4.4 Functionality Of The Layers 49 4.5 ISO 7-Layer Reference Model 50 4.6 X.25 And Its Relation To The ISO Model 51 4.7 The TCP/IP 5-Layer Reference Model 52 4.8 Locus Of Intelligence 56 4.9 The Protocol Layering Principle 57 4.10 The Layering Principle Applied To A Network 58 4.11 Layering In Mesh Networks 60 4.12 Two Important Boundaries In The TCP/IP Model 62 4.13 Cross-Layer Optimizations 63 4.14 The Basic Idea Behind Multiplexing And Demultiplexing 64 4.15 Summary 66 Chapter 5 Internet Addressing 69 5.1 Introduction 69 5.2 Universal Host Identifiers 69 5.3 The Original IPv4 Classful Addressing Scheme 71 5.4 Dotted Decimal Notation Used With IPv4 72 5.5 IPv4 Subnet Addressing 72 5.6 Fixed Length IPv4 Subnets 75 5.7 Variable-Length IPv4 Subnets 77 5.8 Implementation Of IPv4 Subnets With Masks 77 5.9 IPv4 Subnet Mask Representation And Slash Notation 78 5.10 The Current Classless IPv4 Addressing Scheme 79 5.11 IPv4 Address Blocks And CIDR Slash Notation 82 5.12 A Classless IPv4 Addressing Example 82 5.13 IPv4 CIDR Blocks Reserved For Private Networks 83 5.14 The IPv6 Addressing Scheme 84 5.15 IPv6 Colon Hexadecimal Notation 84 5.16 IPv6 Address Space Assignment 85 5.17 Embedding IPv4 Addresses In IPv6 For Transition 86 5.18 IPv6 Unicast Addresses And /64 87 5.19 IPv6 Interface Identifiers And MAC Addresses 88 5.20 IP Addresses, Hosts, And Network Connections 89 5.21 Special Addresses 90 5.22 Weaknesses In Internet Addressing 94 5.23 Internet Address Assignment And Delegation Of Authority 96 5.24 An Example IPv4 Address Assignment 96 5.25 Summary 98 Chapter 6 Mapping Internet Addresses To Physical Addresses (ARP) 101 6.1 Introduction 101 6.2 The Address Resolution Problem 101 6.3 Two Types Of Hardware Addresses 102 6.4 Resolution Through Direct Mapping 102 6.5 Resolution In A Direct-Mapped Network 103 6.6 IPv4 Address Resolution Through Dynamic Binding 104 6.7 The ARP Cache 105 6.8 ARP Cache Timeout 106 6.9 ARP Refinements 106 6.10 Relationship Of ARP To Other Protocols 108 6.11 ARP Implementation 108 6.12 ARP Encapsulation And Identification 110 6.13 ARP Message Format 110 6.14 Automatic ARP Cache Revalidation 112 6.15 Reverse Address Resolution (RARP) 112 6.16 ARP Caches In Layer 3 Switches 113 6.17 Proxy ARP 114 6.18 IPv6 Neighbor Discovery 115 6.19 Summary 116 Chapter 7 Internet Protocol: Connectionless Datagram Delivery (IPv4, 119 IPv6) 7.1 Introduction 119 7.2 A Virtual Network 119 7.3 Internet Architecture And Philosophy 120 7.4 Principles Behind The Structure 120 7.5 Connectionless Delivery System Characteristics 121 7.6 Purpose And Importance Of The Internet Protocol 122 7.7 The IP Datagram 122 7.8 Datagram Type Of Service And Differentiated Services 127 7.9 Datagram Encapsulation 129 7.10 Datagram Size, Network MTU, and Fragmentation 130 7.11 Datagram Reassembly 134 7.12 Header Fields Used For Datagram Reassembly 135 7.13 Time To Live (IPv4) And Hop Limit (IPv6) 136 7.14 Optional IP Items 137 7.15 Options Processing During Fragmentation 141 7.16 Network Byte Order 143 7.17 Summary 144 Chapter 8 Internet Protocol: Forwarding IP Datagrams 147 8.1 Introduction 147 8.2 Forwarding In An Internet 147 8.3 Direct And Indirect Delivery 149 8.4 Transmission Across A Single Network 150 8.5 Indirect Delivery 151 8.6 Table-Driven IP Forwarding 152 8.7 Next-Hop Forwarding 153 8.8 Default Routes And A Host Example 155 8.9 Host-Specific Routes 156 8.10 The IP Forwarding Algorithm 157 8.11 Longest-Prefix Match Paradigm 158 8.12 Forwarding Tables And IP Addresses 160 8.13 Handling Incoming Datagrams 161 8.14 Forwarding In The Presence Of Broadcast And Multicast 162 8.15 Software Routers And Sequential Lookup 163 8.16 Establishing Forwarding Tables 163 8.17 Summary 163 Chapter 9 Internet Protocol: Error And Control Messages (ICMP) 167 9.1 Introduction 167 9.2 The Internet Control Message Protocol 167 9.3 Error Reporting Vs. Error Correction 169 9.4 ICMP Message Delivery 170 9.5 Conceptual Layering 171 9.6 ICMP Message Format 171 9.7 Example ICMP Message Types Used With IPv4 And IPv6 172 9.8 Testing Destination Reachability And Status (Ping) 173 9.9 Echo Request And Reply Message Format 174 9.10 Checksum Computation And The IPv6 Pseudo-Header 175 9.11 Reports Of Unreachable Destinations 176 9.12 ICMP Error Reports Regarding Fragmentation 178 9.13 Route Change Requests From Routers 178 9.14 Detecting Circular Or Excessively Long Routes 180 9.15 Reporting Other Problems 181 9.16 Older ICMP Messages Used At Startup 182 9.17 Summary 182 Chapter 10 User Datagram Protocol (UDP) 185 10.1 Introduction 185 10.2 Using A Protocol Port As An Ultimate Destination 185 10.3 The User Datagram Protocol 186 10.4 UDP Message Format 187 10.5 Interpretation Of the UDP Checksum 188 10.6 UDP Checksum Computation And The Pseudo-Header 189 10.7 IPv4 UDP Pseudo-Header Format 189 10.8 IPv6 UDP Pseudo-Header Format 190 10.9 UDP Encapsulation And Protocol Layering 190 10.10 Layering And The UDP Checksum Computation 192 10.11 UDP Multiplexing, Demultiplexing, And Protocol Ports 193 10.12 Reserved And Available UDP Port Numbers 194 10.13 Summary 196 Chapter 11 Reliable Stream Transport Service (TCP) 199 11.1 Introduction 199 11.2 The Need For Reliable Service 199 11.3 Properties Of The Reliable Delivery Service 200 11.4 Reliability: Acknowledgements And Retransmission 201 11.5 The Sliding Window Paradigm 203 11.6 The Transmission Control Protocol 205 11.7 Layering, Ports, Connections, And Endpoints 206 11.8 Passive And Active Opens 208 11.9 Segments, Streams, And Sequence Numbers 208 11.10 Variable Window Size And Flow Control 209 11.11 TCP Segment Format 210 11.12 Out Of Band Data 212 11.13 TCP Options 212 11.14 TCP Checksum Computation 214 11.15 Acknowledgements, Retransmission, And Timeouts 216 11.16 Accurate Measurement Of Round Trip Samples 218 11.17 Karn's Algorithm And Timer Backoff 219 11.18 Responding To High Variance In Delay 220 11.19 Response To Congestion 223 11.20 Fast Recovery And Other Response Modifications 225 11.21 Explicit Feedback Mechanisms (SACK and ECN) 227 11.22 Congestion, Tail Drop, And TCP 228 11.23 Random Early Detection (RED) 229 11.24 Establishing A TCP Connection 231 11.25 Initial Sequence Numbers 232 11.26 Closing a TCP Connection 233 11.27 TCP Connection Reset 234 11.28 TCP State Machine 235 11.29 Forcing Data Delivery 236 11.30 Reserved TCP Port Numbers 237 11.31 Silly Window Syndrome And Small Packets 238 11.32 Avoiding Silly Window Syndrome 239 11.33 Buffer Bloat And Its Effect On Latency 242 11.34 Summary 243 Chapter 12 Routing Architecture: Cores, Peers, And Algorithms 247 12.1 Introduction 247 12.2 The Origin Of Forwarding Tables 248 12.3 Forwarding With Partial Information 249 12.4 Original Internet Architecture And Cores 251 12.5 Beyond The Core Architecture To Peer Backbones 253 12.6 Automatic Route Propagation And A FIB 254 12.7 Distance-Vector (Bellman-Ford) Routing 255 12.8 Reliability And Routing Protocols 257 12.9 Link-State (SPF) Routing 258 12.10 Summary 259 Chapter 13 Routing Among Autonomous Systems (BGP) 263 13.1 Introduction 263 13.2 The Scope Of A Routing Update Protocol 263 13.3 Determining A Practical Limit On Group Size 264 13.4 A Fundamental Idea: Extra Hops 266 13.5 Autonomous System Concept 267 13.6 Exterior Gateway Protocols And Reachability 268 13.7 BGP Characteristics 269 13.8 BGP Functionality And Message Types 270 13.9 BGP Message Header 271 13.10 BGP OPEN Message 272 13.11 BGP UPDATE Message 273 13.12 Compressed IPv4 Mask-Address Pairs 274 13.13 BGP Path Attributes 274 13.14 BGP KEEPALIVE Message 276 13.15 Information From The Receiver's Perspective 277 13.16 The Key Restriction Of Exterior Gateway Protocols 278 13.17 The Internet Routing Architecture And Registries 280 13.18 BGP NOTIFICATION Message 280 13.19 BGP Multiprotocol Extensions For IPv6 281 13.20 Multiprotocol Reachable NLRI Attribute 283 13.21 Internet Routing And Economics 284 13.22 Summary 285 Chapter 14 Routing Within An Autonomous System (RIP, RIPng, 289 OSPF, IS-IS) 14.1 Introduction 289 14.2 Static Vs. Dynamic Interior Routes 289 14.3 Routing Information Protocol (RIP) 293 14.4 Slow Convergence Problem 294 14.5 Solving The Slow Convergence Problem 296 14.6 RIP Message Format (IPv4) 297 14.7 Fields In A RIP Message 299 14.8 RIP For IPv6 (RIPng) 299 14.9 The Disadvantage Of Using Hop Counts 301 14.10 Delay Metric (HELLO) 301 14.11 Delay Metrics, Oscillation, And Route Flapping 302 14.12 The Open SPF Protocol (OSPF) 303 14.13 OSPFv2 Message Formats (IPv4) 305 14.14 Changes In OSPFv3 To Support IPv6 310 14.15 IS-IS Route Propagation Protocol 312 14.16 Trust And Route Hijacking 313 14.17 Gated: A Routing Gateway Daemon 313 14.18 Artificial Metrics And Metric Transformation 314 14.19 Routing With Partial Information 315 14.20 Summary 315 Chapter 15 Internet Multicasting 319 15.1 Introduction 319 15.2 Hardware Broadcast 319 15.3 Hardware Multicast 320 15.4 Ethernet Multicast 321 15.5 The Conceptual Building Blocks Of Internet Multicast 321 15.6 The IP Multicast Scheme 322 15.7 IPv4 And IPv6 Multicast Addresses 323 15.8 Multicast Address Semantics 326 15.9 Mapping IP Multicast To Ethernet Multicast 327 15.10 Hosts And Multicast Delivery 328 15.11 Multicast Scope 328 15.12 Host Participation In IP Multicasting 329 15.13 IPv4 Internet Group Management Protocol (IGMP) 330 15.14 IGMP Details 331 15.15 IGMP Group Membership State Transitions 332 15.16 IGMP Membership Query Message Format 333 15.17 IGMP Membership Report Message Format 334 15.18 IPv6 Multicast Group Membership With MLDv2 335 15.19 Multicast Forwarding And Routing Information 337 15.20 Basic Multicast Forwarding Paradigms 339 15.21 Consequences Of TRPF 341 15.22 Multicast Trees 342 15.23 The Essence Of Multicast Route Propagation 343 15.24 Reverse Path Multicasting 344 15.25 Example Multicast Routing Protocols 345 15.26 Reliable Multicast And ACK Implosions 347 15.27 Summary 349 Chapter 16 Label Switching, Flows, And MPLS 353 16.1 Introduction 353 16.2 Switching Technology 353 16.3 Flows And Flow Setup 355 16.4 Large Networks, Label Swapping, And Paths 355 16.5 Using Switching With IP 357 16.6 IP Switching Technologies And MPLS 357 16.7 Labels And Label Assignment 359 16.8 Hierarchical Use Of MPLS And A Label Stack 359 16.9 MPLS Encapsulation 360 16.10 Label Semantics 361 16.11 Label Switching Router 362 16.12 Control Processing And Label Distribution 363 16.13 MPLS And Fragmentation 364 16.14 Mesh Topology And Traffic Engineering 364 16.15 Summary 365 Chapter 17 Packet Classification 369 17.1 Introduction 369 17.2 Motivation For Classification 370 17.3 Classification Instead Of Demultiplexing 371 17.4 Layering When Classification Is Used 372 17.5 Classification Hardware And Network Switches 372 17.6 Switching Decisions And VLAN Tags 374 17.7 Classification Hardware 375 17.8 High-Speed Classification And TCAM 375 17.9 The Size Of A TCAM 377 17.10 Classification-Enabled Generalized Forwarding 378 17.11 Summary 379 Chapter 18 Mobility And Mobile IP 381 18.1 Introduction 381 18.2 Mobility, Addressing, And Routing 381 18.3 Mobility Via Host Address Change 382 18.4 Mobility Via Changes In Datagram Forwarding 383 18.5 The Mobile IP Technology 383 18.6 Overview Of Mobile IP Operation 384 18.7 Overhead And Frequency Of Change 384 18.8 Mobile IPv4 Addressing 385 18.9 IPv4 Foreign Agent Discovery 386 18.10 IPv4 Registration 387 18.11 IPv4 Registration Message Format 388 18.12 Communication With An IPv4 Foreign Agent 388 18.13 IPv6 Mobility Support 389 18.14 Datagram Transmission, Reception, And Tunneling 390 18.15 Assessment Of IP Mobility And Unsolved Problems 391 18.16 Alternative Identifier-Locator Separation Technologies 395 18.17 Summary 396 Chapter 19 Network Virtualization: VPNs, NATs, And Overlays 399 19.1 Introduction 399 19.2 Virtualization 399 19.3 Virtual Private Networks (VPNs) 400 19.4 VPN Tunneling And IP-in-IP Encapsulation 401 19.5 VPN Addressing And Forwarding 402 19.6 Extending VPN Technology To Individual Hosts 404 19.7 Using A VPN With Private IP Addresses 404 19.8 Network Address Translation (NAT) 405 19.9 NAT Translation Table Creation 407 19.10 Variant Of NAT 409 19.11 An Example Of NAT Translation 409 19.12 Interaction Between NAT And ICMP 411 19.13 Interaction Between NAT And Applications 411 19.14 NAT In The Presence Of Fragmentation 412 19.15 Conceptual Address Domains 413 19.16 Linux, Windows And Mac Versions Of NAT 413 19.17 Overlay Networks 413 19.18 Multiple Simultaneous Overlays 415 19.19 Summary 415 Chapter 20 Client-Server Model Of Interaction 419 20.1 Introduction 419 20.2 The Client-Server Model 420 20.3 A Trivial Example: UDP Echo Server 420 20.4 Time And Date Service 422 20.5 Sequential And Concurrent Servers 423 20.6 Server Complexity 425 20.7 Broadcasting Requests 426 20.8 Client-Server Alternatives And Extensions 426 20.9 Summary 428 Chapter 21 The Socket API 431 21.1 Introduction 431 21.2 Versions Of The Socket API 432 21.3 The UNIX I/O Paradigm And Network I/O 432 21.4 Adding Network I/O to UNIX 432 21.5 The Socket Abstraction And Socket Operations 433 21.6 Obtaining And Setting Socket Options 438 21.7 How A Server Accepts TCP Connections 439 21.8 Servers That Handle Multiple Services 440 21.9 Obtaining And Setting The Host Name 441 21.10 Library Functions Related To Sockets 442 21.11 Network Byte Order And Conversion Routines 443 21.12 IP Address Manipulation Routines 444 21.13 Accessing The Domain Name System 444 21.14 Obtaining Information About Hosts 446 21.15 Obtaining Information About Networks 447 21.16 Obtaining Information About Protocols 447 21.17 Obtaining Information About Network Services 447 21.18 An Example Client 448 21.19 An Example Server 453 21.20 Summary 460 Chapter 22 Bootstrap And Autoconfiguration (DHCP, NDP or IPv6-ND) 463 22.1 Introduction 463 22.2 History Of IPv4 Bootstrapping 464 22.3 Using IP To Determine An IP Address 464 22.4 DHCP Retransmission And Randomization 465 22.5 DHCP Message Format 465 22.6 The Need For Dynamic Configuration 468 22.7 DHCP Leases And Dynamic Address Assignment 469 22.8 Multiple Addresses And Relays 469 22.9 DHCP Address Acquisition States 470 22.10 Early Lease Termination 471 22.11 Lease Renewal States 472 22.12 DHCP Options And Message Type 473 22.13 DHCP Option Overload 474 22.14 DHCP And Domain Names 474 22.15 Managed And Unmanaged Configuration 474 22.16 Managed And Unmanaged Configuration For IPv6 475 22.17 IPv6 Configuration Options And Potential Conflicts 476 22.18 IPv6 Neighbor Discovery Protocol (NDP) 477 22.19 ICMPv6 Router Solicitation Message 478 22.20 ICMPv6 Router Advertisement Message 478 22.21 ICMPv6 Neighbor Solicitation Message 479 22.22 ICMPv6 Neighbor Advertisement Message 480 22.23 ICMPv6 Redirect Message 480 22.24 Summary 481 Chapter 23 The Domain Name System (DNS) 485 23.1 Introduction 485 23.2 Names For Computers 486 23.3 Flat Namespace 486 23.4 Hierarchical Names 487 23.5 Delegation Of Authority For Names 488 23.6 Subset Authority 488 23.7 Internet Domain Names 489 23.8 Top-Level Domains 490 23.9 Name Syntax And Type 492 23.10 Mapping Domain Names To Addresses 493 23.11 Domain Name Resolution 495 23.12 Efficient Translation 496 23.13 Caching: The Key To Efficiency 497 23.14 Domain Name System Message Format 498 23.15 Compressed Name Format 501 23.16 Abbreviation Of Domain Names 501 23.17 Inverse Mappings 502 23.18 Pointer Queries 503 23.19 Object Types And Resource Record Contents 504 23.20 Obtaining Authority For A Subdomain 505 23.21 Server Operation And Replication 505 23.22 Dynamic DNS Update And Notification 506 23.23 DNS Security Extensions (DNSSEC) 506 23.24 Multicast DNS And Service Discovery 507 23.25 Summary 508 Chapter 24 Electronic Mail (SMTP, POP, IMAP, MIME) 511 24.1 Introduction 511 24.2 Electronic Mail 511 24.3 Mailbox Names And Aliases 512 24.4 Alias Expansion And Mail Forwarding 513 24.5 TCP/IP Standards For Electronic Mail Service 514 24.6 Simple Mail Transfer Protocol (SMTP) 515 24.7 Mail Retrieval And Mailbox Manipulation Protocols 517 24.8 The MIME Extensions For Non-ASCII Data 519 24.9 MIME Multipart Messages 521 24.10 Summary 522 Chapter 25 World Wide Web (HTTP) 525 25.1 Introduction 525 25.2 Importance Of The Web 525 25.3 Architectural Components 526 25.4 Uniform Resource Locators 526 25.5 An Example HTML Document 527 25.6 Hypertext Transfer Protocol 528 25.7 HTTP GET Request 528 25.8 Error Messages 529 25.9 Persistent Connections 530 25.10 Data Length And Program Output 530 25.11 Length Encoding And Headers 531 25.12 Negotiation 532 25.13 Conditional Requests 533 25.14 Proxy Servers And Caching 533 25.15 Caching 534 25.16 Other HTTP Functionality 535 25.17 HTTP, Security, And E-Commerce 535 25.18 Summary 536 Chapter 26 Voice And Video Over IP (RTP, RSVP, QoS) 539 26.1 Introduction 539 26.2 Digitizing And Encoding 539 26.3 Audio And Video Transmission And Reproduction 540 26.4 Jitter And Playback Delay 541 26.5 Real-time Transport Protocol (RTP) 542 26.6 Streams, Mixing, And Multicasting 544 26.7 RTP Encapsulation 544 26.8 RTP Control Protocol (RTCP) 545 26.9 RTCP Operation 545 26.10 IP Telephony And Signaling 546 26.11 Quality Of Service Controversy 549 26.12 QoS, Utilization, And Capacity 550 26.13 Emergency Services And Preemption 551 26.14 IntServ And Resource Reservation 551 26.15 DiffServ And Per-Hop Behavior 553 26.16 Traffic Scheduling 553 26.17 Traffic Policing And Shaping 555 26.18 Summary 556 Chapter 27 Network Management (SNMP) 559 27.1 Introduction 559 27.2 The Level Of Management Protocols 559 27.3 Architectural Model 561 27.4 Protocol Framework 562 27.5 Examples of MIB Variables 564 27.6 The Structure Of Management Information 564 27.7 Formal Definitions Using ASN.1 565 27.8 Structure And Representation Of MIB Object Names 566 27.9 MIB Changes And Additions For IPv6 571 27.10 Simple Network Management Protocol 571 27.11 SNMP Message Format 574 27.12 An Example Encoded SNMP Message 577 27.13 Security In SNMPv3 579 27.14 Summary 580 Chapter 28 Software Defined Networking (SDN, OpenFlow) 583 28.1 Introduction 583 28.2 Routes, Paths, And Connections 583 28.3 Traffic Engineering And Control Of Path Selection 584 28.4 Connection-Oriented Networks And Routing Overlays 584 28.5 SDN: A New Hybrid Approach 586 28.6 Separation Of Data And Control 586 28.7 The SDN Architecture And External Controllers 588 28.8 SDN Across Multiple Devices 589 28.9 Implementing SDN With Conventional Switches 590 28.10 OpenFlow Technology 592 28.11 OpenFlow Basics 592 28.12 Specific Fields In An OpenFlow Pattern 593 28.13 Actions That OpenFlow Can Take 594 28.14 OpenFlow Extensions And Additions 595 28.15 OpenFlow Messages 598 28.16 Uses Of OpenFlow 599 28.17 OpenFlow: Excitement, Hype, And Limitations 599 28.18 Software Defined Radio (SDR) 600 28.19 Summary 601 Chapter 29 Internet Security And Firewall Design (IPsec, SSL) 605 29.1 Introduction 605 29.2 Protecting Resources 606 29.3 Information Policy 607 29.4 Internet Security 607 29.5 IP Security (IPsec) 608 29.6 IPsec Authentication Header 608 29.7 Security Association 610 29.8 IPsec Encapsulating Security Payload 611 29.9 Authentication And Mutable Header Fields 612 29.10 IPsec Tunneling 613 29.11 Required Security Algorithms 613 29.12 Secure Socket Layer (SSL and TLS) 614 29.13 Firewalls And Internet Access 614 29.14 Multiple Connections And Weakest Links 614 29.15 Firewall Implementation And Packet Filters 615 29.16 Firewall Rules And The 5-Tuple 615 29.17 Security And Packet Filter Specification 617 29.18 The Consequence Of Restricted Access For Clients 618 29.19 Stateful Firewalls 618 29.20 Content Protection And Proxies 619 29.21 Monitoring And Logging 620 29.22 Summary 620 Index 681

Back