2025

1 (10p)

In Lecture01 we discussed the relationships between layers in the networking stack (OSI model or
TCP/IP model). Look at slide 21 and 22.
• What is multiplexing?
• What is demultiplexing?

Assume protocol N is IPv4 and protocol N+1 is UDP.
• Looking at the IPv4 header, how do these protocol manage to handle (de)multiplexing?

Multiplexing is the process where a protocol on layer $N$ accepts data from multiple sources at layer $N + 1$ and combines them into a single data stream for transmission.
E.g. multiple applications sending data through a single transport layer protocol (e.g. TCP)

Demultiplexing is the opposite, receiving the data at layer $N$ , splitting this combined stream back into multiple, separate streams and sending them to the correct destination on layer $N + 1$

In IPv4 (L3), multiplexing is achieved using the Protocol field in the IP header, which identifies which transport-layer (L4) protocol (e.g., TCP = 6, UDP = 17) should handle the payload.
At the transport layer, UDP uses source and destination port numbers to multiplex and demultiplex data between multiple application processes.

2 (10p)

In Lecture02 we discussed Ethernet and the way switches forward frames.
• Why and when do Ethernet switches ‘flood’ frames?
• What are the pros of using flooding instead of a ‘routing’ algorithm in Ethernet networks?
• What are the cons?

If a switch does not yet have a mapping of on which port a certain destination lives, then it will flood that packet to all ports, except the one it received the packet from
Flooding also happens for broadcast messages

Then, when a reply comes, the switch can learn the mapping and will not have to flood on subsequent requests (unless the mapping goes stale before the next packet)

Flooding is a much simpler approach than routing, it means that devices do not need to speak a common protocol, nor do switches need to equipped with more resources to run a routing protocol

There are multiple cons to this:

It creates more network overhead, especially in large networks
When the network is not loop free, it can cause broadcast storms
It is less secure, as devices can trick a switch into sending traffic their way by sending a packet with a spoofed MAC

3

A (6p)

In the network above, H5 wants to send a datagram to H2, but its ARP table is initially empty. All
routers have up-to-date routing and forwarding tables, and R2 already knows how to reach H2.
i) Describe the high-level ARP-related steps that take place from H5’s perspective up to the
successful delivery of the datagram. Your answer should focus on ARP-related behavior (e.g.,
broadcasts and replies), not specific IP or MAC addresses.
ii) Can H6 and H1 have the same IP address? What about H3 and H4? Explain your answer briefly.

Since H2 is outside of H5's subnet, it will use it's default gateway to try to reach it
As stated, it's ARP table is empty, thus it will broadcast an ARP request with R2's IP as the target
R2 will send an ARP response containing it's MAC, by which R2 and H5 learn each other's
IP->MAC mapping
H5 can now send the datagram to R2
As the assignment states that R2 already knows how to reach H2, no further ARP related behaviour is needed, and R2 can forward the packet (through R1 -> H2, assuming there are no other links that are not shown)
ii)
H6 and H1 could have the same IP address, since they are in different subnets, they could both be using an address from the IPv4 blocks meant for internal use

H3 and H4 should not have the same address (as they are in the same subnet), unless manually misconfigured by a sysadmin (which would cause issues)
DHCP will not give out an address it already has a lease for
And IPv6 has duplicate address detection to prevent this

If they were to have the same address, they would both reply to ARP requests, leading to packets delivered to the wrong host and therefore connectivity issues

B (4p)

A Linux server has two network interfaces, eth0 and eth1, both connected to the same Ethernet
subnet. Each interface is assigned a unique IP address in the same /24 network, i.e., 192.168.1.10 on eth0 and 192.168.1.20 on eth1. A client, Host A, sends an ARP request on the subnet asking for the MAC address associated with 192.168.1.10. The Linux server responds from both eth0 and eth1, even though only eth0 actually owns 192.168.1.10.

Explain why the Linux server sends two ARP replies in this scenario, and outline the technical
consequence of having multiple MAC addresses associated with the same IP in the client’s ARP
cache.

This is a consequence of the strong vs weak host model

The weak model (which Linux uses by default) entails the following:

A host accepts and routes datagrams that have a destination which is not that of the physical interface, as long as the address is present on the host

Since the ARP request is received on both interfaces, eth0 will reply since it actually owns the address, and eth1 will reply, since the address is present on the host

These dual responses can cause a host to alternate between using eth0's and eth1's MAC (whichever response arrives first after a request), leading to unpredictable traffic paths (also known as ARP flux)

4

A (3p)

Refer to the network above. All switches in this network have empty MAC tables. STP has been
disabled on the switches in the network. A broadcast frame is sent by host H4.
i) How will this broadcast be handled by SW3?
ii) How will it be handled by SW1 and SW2?
iii) Is there any impact in the network performance? Explain why/why not

i)
Since all switches have empty MAC tables, SW3 will flood this packet to every interface, except the one H4 is connected to
ii)
SW1 and SW2 will do the same: forward to every port except the one it was received from
iii)
Yes, this will cause a broadcast storm, which can take bandwidth and hinder normal network traffic
In a worst case scenario it can bring the whole network to a halt

B (1p)

You are a network administrator. How can you influence which STP switch becomes the root bridge?
Choose one.
a. Lower switch priority compared to these of the other switches in the network.
b Change the BPDU to a lower value than that of the other switches in the network.
c Configure all the interfaces on the switch as root ports.
d Assign an IP address to the switch that is lower than the IPs of the other switches in the network.
e Any of the above would work

Root bridge is selected based on lowest priority and MAC

Thus only option A would work

C (2p)

Which TWO timing parameters of STP contribute to the time it takes for a switched network to converge after a topology change occurs? Explain why.

The two parameters that influence this are:

Max age: after max age expires, without receiving an updated BPDU (bridge protocol data unit), the switch will assume a topology change and start recomputation
Forward delay: Each port waits for Forward Delay in Listening and Learning states to avoid temporary loops during topology changes

D (2p)

Apart from misconfigured timing parameters, what can be two other causes of STP convergence
delays in your opinion?

Larger networks will take longer to converge
When a network has a lot of traffic, it will take longer for the BPDU messages to propagate
(Low-power) switches might get overloaded with high traffic, therefore not having resources for BPDU processing
Faulty switches, ports, cables, ... can disrupt STP operations by unexpectedly dropping packets or whole links going down

5

A

⚠ Switch to EXCALIDRAW VIEW in the MORE OPTIONS menu of this document. ⚠ You can decompress Drawing data with the command palette: 'Decompress current Excalidraw file'. For more info check in plugin settings under 'Saving'

Excalidraw Data

Text Elements

Agg.
Edge
Core
Pod
End nodes
More pods ...

B (10p)

• the total number of pods that can be supported?
• the number of edge switches per pod?
• the number of aggregation switches per pod?
• the number of core switches ?
• the maximum number of servers that can be supported by this Fat Tree?

K ports on a switch means K pods can be supported, so 6
Every pod has K/2 edge switches, so 3
Every pod has K/2 agg. switches, so 3
(k/2)^2 core switches, so 9
The maximum number of servers (end nodes) is
6 pods x 9 end nodes per pod = 54

6

A (5p)

Explain the steps an IPv6 node takes from the moment it gets connected to the network to the
moment it has a unique global unicast address.

Node gets connected
Use SLAAC to configure link local based on MAC address, or a random value
Use DAD to check if the address is already in use, if so try again, if not continue
Sends router solicitation to all routers multicast, or waits for periodic router advertisement (on all nodes multicast)
Node receives RA with:
1. Router link-local IPv6
2. Destination: all nodes multicast for periodic, or unicast to node's link-local if in response to an RS
3. Contains:
  1. Prefix and prefix timers
  2. Other timers
Host processes RA
1. Learns prefix
2. Add router to list
Use SLAAC again to now configure global IPv6
1. Router prefix + MAC/random
Use DAD again to check if this is already in use
1. Only need to check within the network, since only those devices use your router's prefix
If not in use, then we have our unique global address, if it is in use, then try again with a new random value

B (3p)

IPv6 is simpler than a IPv4 header. Choose three ways in which this simplicity is achieved.

IPv4 headers use a bigger Option field size than IPv6 headers.
Instead of the IPv4 Fragmentation field, IPv6 headers use the Fragment Offset field.
IPv6 uses an extension header in the place of the IPv4 Fragmentation field.
IPv6 headers do not use the IPv4 Checksum field.
IPv6 headers have a fixed length, unlike IPv4.

IPv6 uses an extension header in the place of the IPv4 fragmentation field
There is indeed a separate IPv6-Frag header
IPv6 headers do not use a checksum field
Leave error checking to higher layers like TCP
Fixed header length
Next header field indicates whether another one should be expected

C (2p)

How is a Neighbor Solicitation message used in IPv6?

Neighbour solicitation messages are used for:

Determine which neighbours exist in the network, and what their IP/MAC is
Determining the reachability of neighbours based on NA (or other traffic)
Detect duplicate addresses, if someone responds with an NA to a NS of an address you would like to use, that means it's already in use

7

Two 802.11g access points are placed close to each other. Each AP belongs to a different organization (A and B), having its own IP address block. Each AP has a distinct SSID.

A (3p)

By accident both APs operate on channel 11.
• Will the 802.11 protocol break down in this situation?

No, the 802.11 protocol will not break down

While this situation is not optimal, due to both APs contesting for bandwidth in the same channel, the protocol itself will still work.

The APs will receive all frames, but they will only handle the ones actually addressed to them

It will just result in a worse experience for both APs

B (3p)

What will happen if when two stations, one belonging to organization A and one belonging
to organisation B and each associated with the corresponding AP, attempt to transmit at the
same time.

Depending on the distance of the sending devices, we might run into the hidden terminal problem, where the frames only collide at the receiver(s), while both senders do not hear one another

If the senders are closer to one another DCF will be used to sense the medium, this will prevent most collisions

The fact that the devices do not belong to the same organisation is not something they know, nor does it matter in this context, they have to use the same medium regardless

C (4p)

Suppose that one AP operates on channel 1 and one one channel 11.
• How do you answers change?

When used channels are >25 MHz apart, they can function at the same time

Therefore:
a) Nothing changes, except better performance since now APs only receive frames actually meant for them
b) Since they are no longer contesting for the same medium, they will be able to send at the same time

8

Pasted image 20251019144012.png

A (3p)

Iteration	D1	D2	D3	D4	D6
0	inf	4	inf	3	2
1	inf	4	3	3	2
2	5	4	3	3	2
3	5	4	3	3	2
4	5	4	3	3	2
5	5	4	3	3	2

B (3p)

Iteration	D1	D2	D3	D4	D6
0	inf	inf	inf	inf	inf
1	inf	4	inf	3	2
2	7	4	12	3	2
3	7	4	5	3	2
4	7	4	5	3	2

C

Draw a simple graph (from scratch) in which the three shortest edges belong to the minimum
spanning tree (MST).

A -- 1 -- B
| |
1 10
| |
C -- 1 -- D

The side with weight 10 can never be part of the MST, thus the three shortest sides will form the MST

D

Draw a simple graph (from scratch) in which not all of the three shortest edges belong to the
minimum spanning tree (MST).

A -- 1 -- B
| /
1 1
| /
C /

Only 2 of the three shortest edges will make an MST

9

Pasted image 20251019145545.png

A

Refer to the above OSPF network topology.
i) Explain the role of Area 0. Is this topology OSPF-compliant as is? Justify your answer.
ii) What is the consequence if router R5 (in Area 3) needs to reach a network in Area 1?
iii) Propose a solution without physically re-cabling. Name one disadvantage of this solution

i) No this is not OSPF compliant, as all areas should connect to the backbone (area 0)

ii) Router 5 will not be able to reach area 1, since all traffic must go through area 0, and it itself is not connected to area 0

iii) One could use either a virtual link to still connect area 3 to the backbone
A downside of the virtual link, is that it increases complexity, and makes area 3 reliant on the functioning of area 2

B

Name three key differences between the OSPF table (Link-State Database, or LSDB) and the routing table. In addition, explain the distinct purpose each table serves in the operation of a router.

The LSDB contains the link states/network topology, it does not contain actual routes. Even nodes not used in any routes will be in here
The LSDB is used to calculate the routes that will populate the routing table, it is never directly used to decide where to forward packets
The LSDB will be identical on all routers, while the routing table will differ on each router

The LSDB is used to populate the routing table, based on Dijkstra
The routing table is then used to actually determine where to forward a packet to

10

A (4p)

In Lecture 12 we discussed the security of the BGP protocol.
• Explain what BGP prefix hijacking is.
• Explain what BGP black-holing is

Prefix hijacking is the act of advertising a prefix that is not your own, thereby having traffic for said prefix forwarded to you. You then decide what happens to this traffic, e.g. forward it somewhere, or drop it. This can be malicious or accidental

Black-holing is the act of dropping traffic that has been forwarded to you. This can be malicious, but also has uses, such as discarding traffic in case of a DDoS

B (3p)

You are the network engineer in charge of an AS that has prevent and mitigate/solve these types of incidents.
• Identify two proactive measures you could take to avoid black-holing and/or hijacking

Use available PKI infrastructure to confirm whether an AS advertising a prefix (the one at the end of the path) actually owns it
Set policies to only allow certain prefixes from each peer, so in the case they (or one of their own peers) advertise a new prefix (maliciously or accidentally) you do not accept it

C (3p)

Identify two reactive measures (to solve/mitigate) you could take once you have observed
blackholing and/or hijjacking.

If the peer in question (the one advertising the prefix) is a trusted peer (which should usually be the case) notify them, but in the meantime set your policies to not accept this prefix
If all prefixes by this AS are also available through another path, you could consider removing the entire peering. This can be temporary or permanent, and can be a good idea if accidents happen repeatedly