High School Computer Science

Networks and the Internet网络与互联网

Every time you load a webpage, stream a video, or send a message, data travels across a web of interconnected devices governed by precise rules called protocols. This guide explains how networks are built (LAN, WAN, topologies), how the Internet breaks data into packets and routes them across the globe, how IP addresses and DNS let you reach any machine by name, what TCP/IP and HTTP/HTTPS actually do, how the OSI seven-layer model organises those rules, and how firewalls and encryption keep traffic safe. It closes by untangling the Web from the Internet itself.每当你加载网页、播放视频或发送消息,数据都在由精确规则(协议,protocol)控制的互联设备网络中传输。本指南讲解网络(network,网络)的构建方式(局域网 LAN、广域网 WAN、拓扑结构),互联网(Internet,互联网)如何将数据拆成数据包(packet,数据包)并路由到全球各地,IP地址(IP address,IP地址)和域名系统(DNS,域名系统)如何让你用名字访问任何机器,TCP/IP 和 HTTP/HTTPS 实际上做什么,OSI 七层模型如何组织这些规则,以及防火墙(firewall,防火墙)和加密如何保护流量安全。最后辨析万维网(Web)与互联网本身的区别。

7 sections7 节内容 US CSTA · AP CSP · ON · BC CIS · ABUS CSTA · AP CSP · ON · BC CIS · AB ASCII diagrams · no KaTeXASCII 图示 · 无 KaTeX
Read me first先读这里

How to use this guide如何使用本指南

Networks and the Internet is assessed very differently across the four curricula. AP CSP Big Idea 4 (Computer Systems & Networks, 11–15% of the exam) is the most assessment-heavy: you need to explain packets, protocols, fault tolerance, and the Internet's structure. BC's Computer Information Systems 11/12 stream goes deepest on infrastructure: OSI seven-layer model, TCP/IP four-layer model, WAN/LAN, topologies, and network management. Ontario's university stream (ICS3U/ICS4U) is the lightest — only malware protection (C2.2) is directly assessed; protocol and topology content appears in the Grade 10 open course and the college stream. Alberta CSE covers the Internet only through Web scripting modules; protocol/topology content sits in the separate NET cluster.网络与互联网在四套大纲中的评估方式差异很大。AP CSP 大概念 4(计算机系统与网络,占考试 11–15%)评估最重:需要解释数据包、协议、容错和互联网结构。BC 的 CIS 11/12 方向对基础设施要求最深:OSI 七层模型、TCP/IP 四层模型、WAN/LAN、拓扑结构和网络管理。安大略大学方向(ICS3U/ICS4U)最轻——仅恶意软件防护(C2.2)被直接评估;协议和拓扑内容出现在 10 年级公开课和大专方向中。阿尔伯塔 CSE 仅通过 Web 脚本模块涉及互联网;协议/拓扑内容属于独立的 NET 模块群。

If you are in…如果你在… Focus on these sections重点学习 Lighter / context only较轻 / 仅作背景 Source依据
🇺🇸 US CSTA / AP CSP美国 CSTA / AP CSP §1–§7 in full. AP CSP Big Idea 4 (CSN-1.A through CSN-1.E) covers Internet structure, packets, protocols, and fault tolerance. CSTA 3A-NI-04 to 3A-NI-08 add scalability, security, and tradeoffs.§1 至 §7 完整学习。AP CSP 大概念 4(CSN-1.A 至 CSN-1.E)涵盖互联网结构、数据包、协议和容错。CSTA 3A-NI-04 至 3A-NI-08 增加可扩展性、安全性和权衡。 OSI layer detail in §5 going-deeper is context for AP CSP; the exam tests conceptual understanding of layers, not their names in order.§5 深入中的 OSI 层详情对 AP CSP 为背景知识;考试测试对分层的概念理解,而非各层名称的记忆顺序。 CSTA K-12 and AP CSPCSTA 3A-NI-04 through 3A-NI-08; AP CSP Big Idea 4 (CSN) topics 4.1, 4.2, 4.3CSTA 3A-NI-04 至 3A-NI-08;AP CSP 大概念 4(CSN)主题 4.1、4.2、4.3
🇨🇦 ON Grade 11 — ICS3U安大略 11 年级 — ICS3U §6 (security basics, malware) is the primary assessed content — ICS3U C2.2 directly. §1 (LAN/WAN) and §7 (Web vs Internet) as background literacy.§6(安全基础、恶意软件)是主要评估内容——对应 ICS3U C2.2。§1(LAN/WAN)和 §7(Web 与互联网)作为背景知识。 Protocol depth in §4 and the OSI model in §5 are not assessed in ICS3U/ICS4U university stream — treat as enrichment.§4 的协议深度和 §5 的 OSI 模型在 ICS3U/ICS4U 大学方向不被评估——作为拓展内容。 ON/BC Computer Studies 11-12ICS3U Strand C C2.2; ICS3C C1.4; ICS2O A4ICS3U C 单元 C2.2;ICS3C C1.4;ICS2O A4
🇨🇦 BC — CIS 11 / CIS 12BC — CIS 11 / CIS 12 §1–§7 in full. CIS 11 Content names OSI seven layers, TCP/IP four layers, WAN/LAN, topologies, and "key aspects of network protocols and standards" verbatim. CIS 12 adds deployment, maintenance, and security management.§1 至 §7 完整学习。CIS 11 内容原文命名 OSI 七层、TCP/IP 四层、WAN/LAN、拓扑结构和"网络协议和标准的关键方面"。CIS 12 增加部署、维护和安全管理。 CIS 12 network-device design and remote-access tools are beyond this guide's scope — see the CIS 12 course page.CIS 12 网络设备设计和远程访问工具超出本指南范围——参见 CIS 12 课程页面。 ON/BC Computer Studies 11-12BC CS10 networking Content; CIS 11 network planning / OSI / TCP/IP Content; CIS 12 deployment ContentBC CS10 网络内容;CIS 11 网络规划 / OSI / TCP/IP 内容;CIS 12 部署内容
🇨🇦 AB — CSE scripting / NET cluster阿尔伯塔 — CSE 脚本 / NET 模块群 §7 (the Web, client-server, URLs) maps to CSE1210/CSE1220 (Client-side Scripting 1 & 2) which "introduce Internet computing." §1 (LAN/WAN) and §6 (security) as background literacy for any computing course.§7(Web、客户端-服务器、URL)对应 CSE1210/CSE1220(客户端脚本 1 和 2),它们"介绍互联网计算"。§1(LAN/WAN)和 §6(安全)作为任何计算课程的背景知识。 Protocol and OSI layer detail (§4, §5) are in the NET cluster, not CSE — treat as enrichment for CSE students.协议和 OSI 层详情(§4、§5)属于 NET 模块群,不属于 CSE——对 CSE 学生作为拓展内容。 Alberta CTS Computing ScienceCSE1210, CSE1220 descriptions; NET cluster noteCSE1210、CSE1220 描述;NET 模块群说明
!
If you are cramming the night before如果你在临阵磨枪

Memorise five things: what a packet is and why data travels in packets; what IP addresses and DNS do; the difference between TCP and UDP (reliable vs fast); what HTTP vs HTTPS means; and what a firewall does. Read every cram-cheat box. Skip the OSI seven-layer name list in the going-deeper box unless you are in BC CIS.背熟五件事:什么是数据包以及为什么数据以数据包传输;IP地址和DNS的作用;TCP 与 UDP 的区别(可靠 vs 快速);HTTP 与 HTTPS 的含义;防火墙的作用。读每个速记框,除非你在 BC CIS,否则跳过深入框中的 OSI 七层名称列表。

*
If you are going for the top mark如果你目标顶分

For AP CSP: understand how packets are routed, why the Internet is fault-tolerant (multiple paths), and the tradeoff between reliability (TCP) and speed (UDP). For BC CIS: know all seven OSI layers by name and function, the four TCP/IP layers, and the difference between logical and physical topologies. For all curricula: be able to explain why HTTPS is more secure than HTTP, and what a firewall does.AP CSP 要求:理解数据包如何路由、为什么互联网具有容错性(多路径),以及可靠性(TCP)与速度(UDP)的权衡。BC CIS 要求:按名称和功能熟知 OSI 七层、TCP/IP 四层,以及逻辑拓扑与物理拓扑的区别。所有大纲要求:能解释为什么 HTTPS 比 HTTP 更安全,以及防火墙的作用。

Section 1 · Networks第 1 节 · 网络

What is a Network?什么是网络?

Key definitions — memorise these first.核心定义 — 先背这些。
  • Network网络 — two or more devices connected so they can share data and resources. BC Computer Studies 10 Content: "wired and wireless computer networking (network cards, routers, switches, cables, modems, network types)."— 两台或更多设备相互连接以共享数据和资源。BC Computer Studies 10 内容:"有线和无线计算机网络(网卡、路由器、交换机、电缆、调制解调器、网络类型)。"
  • LAN — Local Area Network局域网(LAN) — a network confined to a small geographic area, e.g. one building or campus. Devices connect via Ethernet cable or Wi-Fi. High speed, privately owned.— 局限于较小地理区域(如一栋建筑或校园)的网络。设备通过以太网线缆或 Wi-Fi 连接。速度快,私有。
  • WAN — Wide Area Network广域网(WAN) — a network spanning a large geographic area, linking LANs together. The Internet is the world's largest WAN. BC CIS 11 Content (verbatim): "model-wide area networks (WANs) and local area networks (LANs)."— 跨越大地理区域、将多个局域网连接在一起的网络。互联网是世界上最大的广域网。BC CIS 11 内容(原文):"广域网(WAN)和局域网(LAN)模型。"
  • Network topology拓扑结构 — the arrangement of how devices are connected. Common topologies: bus (all on one cable), star (all connect to a central switch — most common today), ring (each device connects to the next), mesh (every device connects to every other — fault tolerant, used in WANs). CSTA 3A-NI-04: "relationship between routers, switches, servers, topology, and addressing."— 设备连接方式的排布。常见拓扑:总线型(所有设备连一条电缆)、星型(所有设备连接到中央交换机——当今最常见)、环型(每台设备连接到下一台)、网状型(每台设备与其他所有设备连接——容错性强,用于广域网)。CSTA 3A-NI-04:"路由器、交换机、服务器、拓扑结构和寻址之间的关系。"
N
Network topology diagram (ASCII)网络拓扑图(ASCII)

Star topology (most common in modern LANs): all devices connect to one central switch or router.星型拓扑(现代局域网最常见):所有设备连接到一个中央交换机或路由器。

  PC1 ----+
          |
  PC2 ----+---- Switch/Router ---- Internet
          |
  PC3 ----+
          |
 Printer--+

In a star topology, if the central switch fails, all devices lose connectivity — the switch is a single point of failure. In a mesh topology, data can reroute around failed nodes, making it fault-tolerant. CSTA 3A-NI-04 asks you to "evaluate the scalability and reliability of networks" — topology is a key factor.星型拓扑中,若中央交换机故障,所有设备失去连接——交换机是单点故障。在网状拓扑中,数据可以绕过故障节点重新路由,因此具有容错性。CSTA 3A-NI-04 要求你"评估网络的可扩展性和可靠性"——拓扑结构是关键因素。

A school's computers are all connected to one central switch in the building. What type of network is this, and what topology does it use?学校的所有计算机都连接到大楼内一台中央交换机。这是什么类型的网络,使用什么拓扑结构?
§1 · Q1
WAN / mesh topology广域网 / 网状拓扑
LAN / bus topology局域网 / 总线拓扑
LAN / star topology局域网 / 星型拓扑
WAN / star topology广域网 / 星型拓扑
One building = LAN (local area network). All devices connecting to a single central switch = star topology. WAN spans a large geographic area; bus topology uses one shared cable.一栋建筑 = 局域网(LAN)。所有设备连接到单一中央交换机 = 星型拓扑。广域网跨越大地理区域;总线拓扑使用一条共享电缆。
One building = LAN. All devices to one central switch = star. Mesh = every device to every other; bus = one shared cable; WAN = large geographic area.一栋建筑 = 局域网。所有设备连一台中央交换机 = 星型。网状 = 每台设备与其他所有设备连接;总线 = 一条共享电缆;广域网 = 大地理区域。
Which network topology is most fault-tolerant because data can reroute around failed nodes?哪种网络拓扑因数据可以绕过故障节点重新路由而最具容错性?
§1 · Q2
Bus总线型
Star星型
Ring环型
Mesh网状型
Mesh topology connects every device to every other, so if one link fails, data can be rerouted through other paths. This is why the Internet itself uses a mesh-like structure for resilience.网状拓扑将每台设备与其他所有设备连接,因此若某条链路故障,数据可通过其他路径重新路由。这就是互联网本身采用类似网状结构以保证弹性的原因。
Mesh = multiple paths between any two nodes = fault tolerant. Star has one central point of failure. Bus has one shared cable that fails all devices if broken. Ring fails if one device goes down.网状型 = 任意两节点间有多条路径 = 容错。星型有一个中央故障点。总线型有一条共享电缆,断裂则所有设备失连。环型一台设备故障则全线中断。
Section 2 · The Internet and packets第 2 节 · 互联网与数据包

The Internet and How Data Travels互联网与数据的传输方式

Why packets? Why not send the whole file at once?为什么用数据包?为什么不一次性发送整个文件?
  • Packet数据包 — a small chunk of data, typically 1,500 bytes or less, with a header containing the sender's IP address, the destination IP address, the packet number, and total packet count. AP CSP CSN-1.A: "The Internet is a network of networks… data is broken into packets and transmitted."— 一小块数据,通常不超过 1,500 字节,头部包含发送方 IP 地址、目标 IP 地址、数据包编号和总包数。AP CSP CSN-1.A:"互联网是网络的网络……数据被拆分为数据包并传输。"
  • Packet switching分组交换 — each packet can take a different route to the destination. Routers forward each packet along whichever path is fastest at that moment. Packets are reassembled in order at the destination.— 每个数据包可以走不同路径到达目的地。路由器将每个数据包沿当时最快的路径转发。数据包在目的地按序重新组装。
  • Fault tolerance容错性 — because packets can reroute around failed nodes, the Internet continues to work even when some routers go down. AP CSP topic 4.2 (Fault Tolerance) directly assesses this. CSTA 3A-NI-04: "evaluate the scalability and reliability of networks."— 因为数据包可以绕过故障节点重新路由,即使某些路由器宕机,互联网仍能继续工作。AP CSP 主题 4.2(容错)直接评估此内容。CSTA 3A-NI-04:"评估网络的可扩展性和可靠性。"
Why packets beat one big stream: (1) multiple packets can travel simultaneously on different paths — parallel throughput; (2) if one packet is lost, only that packet is retransmitted, not the whole file; (3) bandwidth is shared fairly across many simultaneous users.为什么数据包优于单一大流:(1)多个数据包可同时在不同路径传输——并行吞吐;(2)若某个数据包丢失,只需重传该数据包而非整个文件;(3)带宽可在众多并发用户间公平共享。
WE
How a packet travels across the Internet (ASCII)数据包如何跨互联网传输(ASCII 图)

Sending a 3-packet message from your laptop to a web server.从你的笔记本电脑向 Web 服务器发送一条 3 包消息。

Your Laptop
  |
  | Packets 1, 2, 3 (may take different routes)
  v
Router A ---Pkt1---> Router C ---Pkt1---> Web Server
  |                               ^
  +---Pkt2---> Router B ---Pkt2---+
  |                               |
  +---Pkt3---> Router A ---Pkt3---+
                (direct path)

Web Server: receives Pkt3, Pkt1, Pkt2 (out of order)
            reassembles in order using packet numbers
            sends ACK (acknowledgement) for each packet

Each router reads the destination IP address on the packet header and forwards the packet toward the destination via the best available route. The web server uses the packet-number field to reorder packets even if they arrive out of sequence. This is packet switching in action.每台路由器读取数据包头部的目标 IP 地址,并通过当前最佳可用路由将数据包转发至目的地。Web 服务器利用数据包编号字段对数据包重新排序,即使它们不按顺序到达也没关系。这就是分组交换的实际运作。

Why does the Internet break data into packets instead of sending one continuous stream?为什么互联网将数据拆分为数据包而不是发送一个连续流?
§2 · Q1
Because routers cannot handle large files因为路由器无法处理大文件
Packets can take different routes simultaneously, can be individually retransmitted if lost, and bandwidth is shared fairly数据包可以同时走不同路由,丢失后可单独重传,带宽可公平共享
Packets are encrypted automatically, which improves security数据包会自动加密,从而提高安全性
Packets are cheaper to transmit than streams数据包比流传输更便宜
Packet switching offers three key benefits: parallel routing (packets can travel different paths simultaneously), selective retransmission (only lost packets need to be resent), and fair bandwidth sharing. These make the Internet scalable and resilient.分组交换有三大优势:并行路由(数据包可同时走不同路径)、选择性重传(只需重传丢失的数据包)、带宽公平共享。这些特性使互联网具有可扩展性和弹性。
The reason for packets is parallel routing, selective retransmission, and fair sharing — not router limits, automatic encryption, or cost.使用数据包的原因是并行路由、选择性重传和公平共享——而非路由器限制、自动加密或成本。
Three packets from the same file arrive at a server in the order 3, 1, 2. How does the server reconstruct the original file?同一文件的三个数据包以 3、1、2 的顺序到达服务器。服务器如何重建原始文件?
§2 · Q2
Using the packet-number field in each packet's header to reorder them as 1, 2, 3使用每个数据包头部中的数据包编号字段将其重新排序为 1、2、3
It requests all three packets to be resent in the correct order它请求重新按正确顺序发送全部三个数据包
It uses the file size to guess the correct order它使用文件大小猜测正确顺序
It cannot reconstruct the file if packets arrive out of order如果数据包乱序到达,它无法重建文件
Each packet's header contains a sequence number. The receiving server buffers packets and uses sequence numbers to reassemble them in the correct order, regardless of arrival order. This is a core function of TCP.每个数据包的头部包含序列号。接收服务器缓冲数据包并使用序列号按正确顺序重新组装,无论到达顺序如何。这是 TCP 的核心功能。
Sequence numbers in the packet header enable reordering without resending all packets. The Internet is designed to handle out-of-order packet arrival.数据包头部的序列号使重新排序成为可能,无需重发所有数据包。互联网的设计能够处理乱序到达的数据包。
Section 3 · IP addresses and DNS第 3 节 · IP地址与域名系统

IP Addresses and DNSIP地址与域名系统

Two questions: where is the device? and what name does it go by?两个问题:设备在哪里?它叫什么名字?
  • IP addressIP地址 — a unique numerical label assigned to every device on a network. IPv4: 32-bit, written as four 0–255 numbers separated by dots, e.g. 192.168.1.1. IPv6: 128-bit, written in hex with colons, e.g. 2001:0db8::1. CSTA 3A-NI-04 expects you to describe "addressing" as part of network scalability.— 分配给网络上每台设备的唯一数字标签。IPv4:32 位,以点分隔四个 0–255 的数字,如 192.168.1.1。IPv6:128 位,以十六进制加冒号书写,如 2001:0db8::1。CSTA 3A-NI-04 要求你将"寻址"描述为网络可扩展性的一部分。
  • DNS — Domain Name System域名系统(DNS) — the Internet's "phone book." Translates human-readable domain names (e.g. google.com) into IP addresses (e.g. 142.250.80.46) that routers can forward packets to. Without DNS you would have to memorise IP addresses for every website.— 互联网的"电话簿"。将人类可读的域名(如 google.com)翻译成路由器可以转发数据包的 IP 地址(如 142.250.80.46)。没有 DNS,你必须记住每个网站的 IP 地址。
  • Public vs private IP公有 IP 与私有 IP — private IP addresses (e.g. 192.168.x.x) are used inside a LAN and are not routable on the public Internet. Your router's public IP is the address the rest of the world sees. NAT (Network Address Translation) maps many private addresses to one public IP.— 私有 IP 地址(如 192.168.x.x)在局域网内使用,不可在公共互联网上路由。你的路由器的公有 IP 是外部世界看到的地址。NAT(网络地址转换)将多个私有地址映射到一个公有 IP。
WE
DNS lookup: step by step (ASCII)DNS 查找:逐步过程(ASCII 图)

What happens when you type www.example.com in your browser?当你在浏览器中输入 www.example.com 时会发生什么?

Browser                 DNS Resolver           Root DNS      .com DNS    example.com DNS
   |                        |                      |             |              |
   |--"www.example.com?"--->|                      |             |              |
   |                        |---"who is .com?"---->|             |              |
   |                        |<---"ask .com DNS"-----|             |              |
   |                        |---"who is example.com?"---------->|              |
   |                        |<---"ask example.com DNS"-----------|              |
   |                        |---"IP of www.example.com?"---------------------->|
   |                        |<---"93.184.216.34"-----------------------------  |
   |<---"93.184.216.34"-----|
   |
   |---TCP connection to 93.184.216.34:80/443 (HTTP/HTTPS)-----> Web Server

The DNS resolver caches the result so future lookups are instant. Your router or ISP typically acts as the DNS resolver. This hierarchical system allows the Internet's ~350 million domain names to be looked up without any single server knowing them all.DNS 解析器会缓存结果,使后续查找即时完成。你的路由器或 ISP 通常充当 DNS 解析器。这种层级系统使互联网约 3.5 亿个域名无需任何单一服务器全部知晓即可被查找。

What is the primary function of DNS (Domain Name System)?域名系统(DNS)的主要功能是什么?
§3 · Q1
Encrypting data as it travels across the Internet在数据通过互联网传输时对其进行加密
Assigning unique IP addresses to each device on a LAN为局域网上的每台设备分配唯一 IP 地址
Translating human-readable domain names into IP addresses that routers can use将人类可读的域名翻译成路由器可使用的 IP 地址
Storing all web pages so they load faster存储所有网页使其加载更快
DNS translates domain names (like google.com) into IP addresses (like 142.250.80.46). Routers forward packets using IP addresses, not domain names — DNS bridges the human-friendly name and the machine-friendly address.DNS 将域名(如 google.com)翻译成 IP 地址(如 142.250.80.46)。路由器使用 IP 地址而非域名转发数据包——DNS 在人类友好的名称和机器友好的地址之间架起了桥梁。
DNS = domain-name to IP translation. Encryption is handled by TLS/HTTPS. IP assignment in a LAN is done by DHCP. Caching is a side effect, not the primary function.DNS = 域名到 IP 的翻译。加密由 TLS/HTTPS 处理。局域网内 IP 分配由 DHCP 完成。缓存是副作用,而非主要功能。
Why did the Internet move from IPv4 to IPv6?为什么互联网从 IPv4 迁移到 IPv6?
§3 · Q2
IPv6 is faster than IPv4 for routing packetsIPv6 在路由数据包时比 IPv4 更快
IPv4's 32-bit address space (~4 billion addresses) was nearly exhausted; IPv6's 128-bit space provides vastly more addressesIPv4 的 32 位地址空间(约 40 亿个地址)几近耗尽;IPv6 的 128 位空间提供了大得多的地址数量
IPv6 automatically encrypts all trafficIPv6 自动加密所有流量
IPv4 could not support wireless networksIPv4 不支持无线网络
IPv4 has 2³² ≈ 4.3 billion addresses. With billions of devices (smartphones, IoT sensors, servers), address space ran out. IPv6's 128 bits gives 2¹²⁸ ≈ 3.4×10³⁸ addresses — enough for every grain of sand on Earth to have trillions of addresses.IPv4 有 2³² ≈ 43 亿个地址。随着数十亿设备(智能手机、物联网传感器、服务器)的出现,地址空间耗尽。IPv6 的 128 位提供 2¹²⁸ ≈ 3.4×10³⁸ 个地址——足以让地球上每粒沙子拥有数万亿个地址。
The primary reason is address exhaustion — IPv4's ~4 billion addresses proved insufficient for the modern Internet. Speed and encryption are not the main drivers.主要原因是地址耗尽——IPv4 约 40 亿个地址对现代互联网而言不够用。速度和加密不是主要驱动因素。
Section 4 · Protocols第 4 节 · 协议

Protocols: TCP/IP, HTTP, and HTTPS协议:TCP/IP、HTTP 与 HTTPS

A protocol is a set of rules that two parties agree to follow when communicating.协议(protocol)是通信双方同意遵守的一套规则。
  • IP — Internet ProtocolIP — 互联网协议 — responsible for addressing and routing. Puts the sender's and destination's IP addresses on each packet. Connectionless — does not guarantee delivery or order.— 负责寻址和路由。在每个数据包上放置发送方和目标的 IP 地址。无连接——不保证送达或顺序。
  • TCP — Transmission Control ProtocolTCP — 传输控制协议 — adds reliability on top of IP. Establishes a connection (3-way handshake: SYN → SYN-ACK → ACK), numbers packets, requires acknowledgement (ACK) for each, retransmits lost packets, reorders out-of-sequence packets. Used for web pages, email, file transfer — anywhere accuracy matters. BC CIS 11 Content (verbatim): "four layers of the Transmission Control Protocol/Internet Protocol (TCP/IP)."— 在 IP 之上增加可靠性。建立连接(三次握手:SYN → SYN-ACK → ACK),对数据包编号,要求每个包的确认(ACK),重传丢失数据包,重新排序乱序数据包。用于网页、电子邮件、文件传输——任何需要准确性的场景。BC CIS 11 内容(原文):"TCP/IP 的四层。"
  • UDP — User Datagram ProtocolUDP — 用户数据报协议 — fast but unreliable; no handshake, no ACK, no retransmission. Used for video streaming and online gaming where speed beats accuracy (a dropped frame is better than a frozen screen).— 快速但不可靠;无握手、无 ACK、无重传。用于视频流和在线游戏,这些场景中速度优先于准确性(丢帧比画面卡顿更好)。
  • HTTP / HTTPSHTTP / HTTPS — HTTP (HyperText Transfer Protocol) is the protocol browsers use to request and receive web pages. HTTPS = HTTP + TLS encryption; data is encrypted end-to-end. CSTA 3A-NI-07: "Compare various security measures, considering tradeoffs between the usability and security of a computing system."— HTTP(超文本传输协议)是浏览器用于请求和接收网页的协议。HTTPS = HTTP + TLS 加密;数据端到端加密。CSTA 3A-NI-07:"比较各种安全措施,考虑计算系统可用性与安全性之间的权衡。"
WE
TCP vs UDP — choosing the right protocol (table)TCP 与 UDP — 选择正确的协议(对比表)

Which protocol to use depends on whether accuracy or speed matters more.选择哪种协议取决于准确性还是速度更重要。

Feature特性 TCPTCP UDPUDP
Connection连接3-way handshake before data数据传输前三次握手None (fire and forget)无(发送即忘)
Delivery guarantee送达保证Yes — ACK + retransmit是——ACK + 重传No
Ordering排序Yes — reorders packets是——重新排序数据包No
Speed速度Slower (overhead)较慢(开销大)Faster较快
Use cases使用场景HTTP/HTTPS, email, file transferHTTP/HTTPS、电子邮件、文件传输Video streaming, VoIP, online gaming视频流、VoIP、在线游戏

AP CSP CSN-1.C: "The Internet is designed to be fault tolerant … using redundant paths … through a process called packet switching." TCP's retransmission handles the reliability layer; IP handles the routing layer. HTTP is built on TCP — every web page request is a reliable TCP connection.AP CSP CSN-1.C:"互联网被设计为通过使用冗余路径的分组交换过程来实现容错。" TCP 的重传处理可靠性层;IP 处理路由层。HTTP 建立在 TCP 之上——每个网页请求都是一个可靠的 TCP 连接。

A video-calling app drops a few frames per second to maintain low latency. Which transport protocol is most likely being used, and why?一个视频通话应用为保持低延迟每秒丢弃几帧。最可能使用哪种传输协议,为什么?
§4 · Q1
UDP — because speed is prioritised over guaranteed delivery; a dropped frame is acceptableUDP——因为速度优先于送达保证;丢帧是可接受的
TCP — because all packets must arrive in orderTCP——因为所有数据包必须按序到达
HTTP — because it is a web-based applicationHTTP——因为这是一个基于 Web 的应用
IP only — no transport protocol is needed仅 IP——不需要传输协议
UDP is used for real-time audio/video because it is faster — no handshake, no waiting for retransmissions. A dropped frame appears as a brief glitch; waiting for a TCP retransmission would freeze the video for longer.UDP 用于实时音频/视频,因为它更快——无握手、无等待重传。丢帧表现为短暂卡顿;等待 TCP 重传会导致视频卡顿更长时间。
Real-time video/audio uses UDP for speed. TCP guarantees order and delivery but adds latency. HTTP is application-layer; IP alone has no reliability mechanism.实时视频/音频使用 UDP 以获取速度。TCP 保证顺序和送达但增加延迟。HTTP 是应用层;仅 IP 没有可靠性机制。
What does HTTPS add over plain HTTP?HTTPS 在 HTTP 基础上增加了什么?
§4 · Q2
Faster packet routing更快的数据包路由
Guaranteed packet delivery保证数据包送达
TLS encryption so data cannot be read by eavesdroppers in transitTLS 加密,使传输中的数据不被窃听者读取
A separate IP address for the server服务器的独立 IP 地址
HTTPS = HTTP + TLS (Transport Layer Security). TLS encrypts the data between browser and server so that anyone intercepting the packets (e.g. on a public Wi-Fi) sees only ciphertext, not your password or credit card number.HTTPS = HTTP + TLS(传输层安全)。TLS 加密浏览器与服务器之间的数据,使任何截获数据包的人(如在公共 Wi-Fi 上)只看到密文,而非你的密码或信用卡号。
HTTPS adds TLS encryption — not faster routing, not delivery guarantees (those come from TCP), and not a new IP address. The S stands for Secure.HTTPS 增加了 TLS 加密——而非更快路由、送达保证(那来自 TCP)或新 IP 地址。S 代表 Secure(安全)。
Section 5 · The OSI model第 5 节 · OSI 分层模型

The Layered / OSI Model分层模型 / OSI 参考模型

Why layers? Each layer handles one job and talks only to the layers immediately above and below it.为什么分层?每层只做一件事,只与紧邻的上下层通信。
  • BC CIS 11 Content (verbatim): "seven layers of the Open System Interconnection (OSI) reference model; 'interoperability' in the functioning of the Internet; four layers of the Transmission Control Protocol/Internet Protocol (TCP/IP)."BC CIS 11 内容(原文):"OSI 参考模型的七层;互联网运作中的'互操作性';TCP/IP 的四层。"
  • Mnemonic for OSI layers 7→1: All People Seem To Need Data Processing (Application, Presentation, Session, Transport, Network, Data Link, Physical). Layer 7 is closest to the user; Layer 1 is the physical wire.OSI 七层(7→1)记忆口诀:应用、表示、会话、传输、网络、数据链路、物理。第 7 层最靠近用户;第 1 层是物理线路。
  • The TCP/IP model (4 layers) collapses OSI's 7 into: Application (= OSI 5+6+7), Transport (= OSI 4), Internet (= OSI 3), Network Access / Link (= OSI 1+2).TCP/IP 模型(4 层)将 OSI 7 层合并为:应用层(= OSI 5+6+7)、传输层(= OSI 4)、网络层 / 互联网层(= OSI 3)、网络接入层 / 链路层(= OSI 1+2)。
WE
OSI seven layers with examples (ASCII table)OSI 七层及示例(ASCII 表格)

What each layer does, and which protocols/hardware live there.每层的功能,以及对应的协议/硬件。

Layer | Name              | Job                            | Examples
------+-------------------+--------------------------------+-------------------
  7   | Application       | User-facing services           | HTTP, HTTPS, DNS, FTP
  6   | Presentation      | Data format / encryption       | TLS/SSL, JPEG, MP3
  5   | Session           | Opening/closing sessions       | NetBIOS, RPC
  4   | Transport         | End-to-end delivery, ports     | TCP, UDP
  3   | Network           | Routing between networks       | IP, ICMP, routers
  2   | Data Link         | Frame delivery on one link     | Ethernet, Wi-Fi (802.11), MAC
  1   | Physical          | Bits on the wire / air         | Cables, fibre, radio waves

A helpful analogy: sending a letter by courier. Layer 7 = the letter's content (your message). Layer 4 = the envelope (addressing recipient and sender). Layer 3 = the postal sorting office (routing by postcode). Layer 1 = the van's wheels on the road (physical transport). Each layer adds a header when sending and strips it when receiving — called encapsulation and decapsulation.一个有用的比喻:快递寄信。第 7 层 = 信的内容(你的消息)。第 4 层 = 信封(注明收件人和发件人地址)。第 3 层 = 邮件分拣中心(按邮政编码路由)。第 1 层 = 货车在路上的车轮(物理运输)。每层发送时添加头部信息,接收时去除——称为封装解封装

At which OSI layer does IP (Internet Protocol) operate?IP(互联网协议)在哪个 OSI 层运行?
§5 · Q1
Layer 1 — Physical第 1 层——物理层
Layer 4 — Transport第 4 层——传输层
Layer 7 — Application第 7 层——应用层
Layer 3 — Network第 3 层——网络层
IP operates at Layer 3 (Network layer). It handles addressing (IP addresses) and routing packets between different networks. TCP/UDP operate at Layer 4 (Transport); HTTP operates at Layer 7 (Application).IP 在第 3 层(网络层)运行。它处理寻址(IP 地址)和在不同网络间路由数据包。TCP/UDP 在第 4 层(传输层)运行;HTTP 在第 7 层(应用层)运行。
Layer 3 = Network = IP (routing). Layer 4 = Transport = TCP/UDP. Layer 7 = Application = HTTP/DNS. Layer 1 = Physical = cables/radio waves.第 3 层 = 网络层 = IP(路由)。第 4 层 = 传输层 = TCP/UDP。第 7 层 = 应用层 = HTTP/DNS。第 1 层 = 物理层 = 电缆/无线电波。
The TCP/IP model has four layers. Which OSI layers does the TCP/IP "Application" layer correspond to?TCP/IP 模型有四层。TCP/IP 的"应用层"对应哪些 OSI 层?
§5 · Q2
OSI layers 5, 6, and 7 (Session, Presentation, Application)OSI 第 5、6、7 层(会话层、表示层、应用层)
OSI layers 1 and 2 (Physical and Data Link)OSI 第 1、2 层(物理层、数据链路层)
OSI layer 4 only (Transport)仅 OSI 第 4 层(传输层)
OSI layer 3 only (Network)仅 OSI 第 3 层(网络层)
The TCP/IP Application layer collapses OSI's Session (5), Presentation (6), and Application (7) into one layer. This simplification is why TCP/IP has 4 layers rather than 7.TCP/IP 应用层将 OSI 的会话层(5)、表示层(6)和应用层(7)合并为一层。这种简化是 TCP/IP 只有 4 层而非 7 层的原因。
TCP/IP Application = OSI 5+6+7. TCP/IP Transport = OSI 4. TCP/IP Internet = OSI 3. TCP/IP Link = OSI 1+2.TCP/IP 应用层 = OSI 5+6+7。TCP/IP 传输层 = OSI 4。TCP/IP 网络层 = OSI 3。TCP/IP 链路层 = OSI 1+2。
Going deeper — interoperability and open standards BC CIS 11/12深入 — 互操作性与开放标准 BC CIS 11/12

BC CIS 11 Content names "International Organization for Standardization (ISO) in the creation of open standards for networking" and "'interoperability' in the functioning of the Internet." The OSI model is an ISO standard (ISO/IEC 7498-1). Interoperability means that a Mac, a Windows PC, and an Android phone can all send data to each other because they all implement the same open standards at each layer. Without open standards, every manufacturer would use proprietary protocols and devices from different vendors would be unable to communicate — similar to how locked-down app ecosystems restrict cross-platform data sharing. Open standards at the network layer are why the Internet is global rather than a patchwork of incompatible corporate networks.BC CIS 11 内容提到"ISO 在创建网络开放标准方面的作用"和"互联网运作中的'互操作性'"。OSI 模型是 ISO 标准(ISO/IEC 7498-1)。互操作性意味着 Mac、Windows PC 和 Android 手机都可以相互发送数据,因为它们在每一层都实现了相同的开放标准。没有开放标准,每个制造商都会使用专有协议,不同厂商的设备将无法通信——类似于封闭的应用生态系统如何限制跨平台数据共享。网络层的开放标准是互联网成为全球性而非一堆不兼容企业网络的原因。

Section 6 · Network security第 6 节 · 网络安全基础

Network Security Basics网络安全基础

Three questions: who can enter? is the data readable? is the device clean?三个问题:谁可以进入?数据可读吗?设备干净吗?
  • Firewall防火墙 — a hardware or software system that monitors and controls incoming and outgoing network traffic based on rules. It blocks unauthorised connections while allowing legitimate traffic. CSTA 3A-NI-06: "Recommend security measures to address various scenarios."— 根据规则监控和控制进出网络流量的硬件或软件系统。它阻止未授权连接,同时允许合法流量。CSTA 3A-NI-06:"推荐安全措施以应对各种场景。"
  • Encryption in transit传输加密 — data is scrambled using a key so that anyone intercepting the packets sees only ciphertext. TLS (used by HTTPS) is the standard. CSTA 3A-NI-07: "Compare various security measures, considering tradeoffs between the usability and security of a computing system."— 使用密钥对数据进行加密,使截获数据包的任何人只看到密文。TLS(HTTPS 使用)是标准做法。CSTA 3A-NI-07:"比较各种安全措施,考虑可用性与安全性之间的权衡。"
  • Malware恶意软件 — software designed to disrupt, damage, or gain unauthorised access. Types: virus (attaches to files), worm (self-replicates across the network without a host file), Trojan (disguised as legitimate software), ransomware (encrypts your files and demands payment), spyware (secretly monitors you). Ontario ICS3U C2.2 (verbatim): "describe procedures to safeguard data and programs from malware (e.g., viruses, Trojan horses, worms, spyware, adware, malevolent macros)."— 旨在破坏、损害或获取未授权访问的软件。类型:病毒(附着于文件)、蠕虫(无需宿主文件自行在网络中复制)、木马(伪装成合法软件)、勒索软件(加密你的文件并索要赎金)、间谍软件(秘密监视你)。安大略 ICS3U C2.2(原文):"描述保护数据和程序免受恶意软件(如病毒、木马、蠕虫、间谍软件、广告软件、恶意宏)侵害的程序。"
  • Key security tradeoff关键安全权衡 — stronger security often reduces usability (e.g., multi-factor authentication is more secure but slower). CSTA 3A-NI-08: "Explain tradeoffs when selecting and implementing cybersecurity recommendations."— 更强的安全性通常降低可用性(如多因素认证更安全但更慢)。CSTA 3A-NI-08:"解释选择和实施网络安全建议时的权衡。"
WE
System protection plan (worked example)系统保护计划(综合例题)

Ontario ICS3U C2.2 asks students to "devise a thorough system protection plan." Here is a layered defence for a school network.安大略 ICS3U C2.2 要求学生"制定全面的系统保护计划"。以下是学校网络的分层防护方案。

Threat威胁 Defence measure防御措施 Tradeoff权衡
Unauthorised external access未授权外部访问Firewall — block all non-whitelisted ports防火墙——封锁所有非白名单端口May block legitimate services; needs configuration可能阻止合法服务;需要配置
Password theft on shared Wi-Fi在共享 Wi-Fi 上的密码窃取HTTPS / TLS encryption in transitHTTPS / TLS 传输加密Slight performance overhead轻微性能开销
Virus / worm infection病毒 / 蠕虫感染Anti-malware software + patch management反恶意软件 + 补丁管理Ongoing cost; may slow system during scans持续成本;扫描时可能降低系统速度
Account compromise账户泄露Multi-factor authentication (MFA)多因素认证(MFA)Extra step for users; less convenient用户需多一步;便利性降低
Data loss from ransomware勒索软件导致的数据丢失Regular offline backups定期离线备份Storage cost; recovery takes time存储成本;恢复需要时间

CSTA 3A-NI-05: "Give examples to illustrate how sensitive data can be affected by malware and other attacks." The table above maps each attack vector to a concrete defence, satisfying CSTA 3A-NI-06 (recommend measures) and 3A-NI-08 (explain tradeoffs).CSTA 3A-NI-05:"举例说明敏感数据如何受到恶意软件和其他攻击的影响。"上表将每种攻击向量映射到具体防御措施,满足 CSTA 3A-NI-06(推荐措施)和 3A-NI-08(解释权衡)。

Which type of malware self-replicates across a network without needing to attach to a host file?哪种恶意软件无需附着于宿主文件即可在网络中自我复制?
§6 · Q1
Virus病毒
Worm蠕虫
Trojan木马
Spyware间谍软件
A worm self-replicates and spreads across the network on its own — no host file needed. Ontario ICS3U C2.2 lists worms among the malware types students must know. A virus needs to attach to a file; a Trojan disguises itself as legitimate software; spyware secretly monitors the user.蠕虫自我复制并独立在网络中传播——无需宿主文件。安大略 ICS3U C2.2 将蠕虫列为学生必须了解的恶意软件类型之一。病毒需要附着于文件;木马伪装成合法软件;间谍软件秘密监视用户。
Worm = self-replicates across network without a host file. Virus = attaches to files. Trojan = disguised as legitimate software. Spyware = secretly monitors.蠕虫 = 无需宿主文件在网络中自我复制。病毒 = 附着于文件。木马 = 伪装成合法软件。间谍软件 = 秘密监视。
A school IT department is deciding whether to require multi-factor authentication (MFA) for all students. Which statement best describes the security tradeoff?学校 IT 部门正在决定是否要求所有学生使用多因素认证(MFA)。哪项陈述最能描述安全权衡?
§6 · Q2
MFA makes the network faster because it uses a second layerMFA 因使用第二层而使网络更快
MFA eliminates all security threatsMFA 消除所有安全威胁
MFA reduces security because it adds complexityMFA 因增加复杂性而降低安全性
MFA increases security (harder to compromise) but reduces usability (extra step per login)MFA 提高安全性(更难被攻破)但降低可用性(每次登录需额外步骤)
MFA requires a second proof of identity (e.g. a one-time code texted to your phone) making account compromise much harder — but every login takes an extra step. CSTA 3A-NI-07 asks you to compare security measures "considering tradeoffs between the usability and security of a computing system."MFA 要求第二种身份证明(如发送到手机的一次性验证码),使账户泄露更难——但每次登录需要额外步骤。CSTA 3A-NI-07 要求你比较安全措施,"考虑计算系统可用性与安全性之间的权衡"。
MFA improves security but reduces convenience — classic security-usability tradeoff. It does not eliminate all threats (phishing, physical theft) and has nothing to do with network speed.MFA 提高安全性但降低便利性——经典的安全性与可用性权衡。它不能消除所有威胁(网络钓鱼、物理盗窃),也与网络速度无关。
Section 7 · The Web vs. the Internet第 7 节 · 万维网与互联网

The Web vs. the Internet万维网与互联网的区别

The Internet ≠ the Web. The Internet is the infrastructure; the Web is one service running on it.互联网 ≠ 万维网。互联网是基础设施;万维网是运行在它之上的一种服务。
  • The Internet互联网 — a global network of networks that uses the TCP/IP protocol suite to route packets. It carries many services: the Web, email (SMTP), file transfer (FTP), video calls (VoIP), online gaming, IoT devices.— 使用 TCP/IP 协议套件路由数据包的全球网络的网络。它承载多种服务:万维网、电子邮件(SMTP)、文件传输(FTP)、视频通话(VoIP)、在线游戏、物联网设备。
  • The World Wide Web万维网 — a system of interlinked hypertext documents (web pages) accessed via HTTP/HTTPS. Invented by Tim Berners-Lee in 1989 as one application running over the Internet. Uses URLs to identify resources, HTML to structure pages, and HTTP to transfer them.— 通过 HTTP/HTTPS 访问的相互链接的超文本文档(网页)系统。由 Tim Berners-Lee 于 1989 年发明,作为运行在互联网上的一种应用。使用 URL 标识资源,HTML 构建页面,HTTP 传输它们。
  • Client-server model客户端-服务器模型 — a client (e.g. your browser) sends a request to a server (e.g. a web server). The server processes the request and sends back a response (e.g. an HTML page). AB CSE1210 and CSE1220 introduce "Internet computing through the use of … Web-specific markup languages" — that is the client-server Web model.客户端(如你的浏览器)向服务器(如 Web 服务器)发送请求。服务器处理请求并返回响应(如 HTML 页面)。AB CSE1210 和 CSE1220 通过"Web 专用标记语言"介绍"互联网计算"——即客户端-服务器 Web 模型。
  • URL anatomyURL 解析 https://www.example.com:443/path?q=1#section: https = protocol, www.example.com = domain name (DNS resolves to IP), 443 = port (default for HTTPS), /path = resource path on the server, ?q=1 = query string, #section = fragment (in-page anchor).https://www.example.com:443/path?q=1#sectionhttps = 协议,www.example.com = 域名(DNS 解析为 IP),443 = 端口(HTTPS 默认端口),/path = 服务器上的资源路径,?q=1 = 查询字符串,#section = 片段(页内锚点)。
WE
A browser loading a web page — full journey (ASCII)浏览器加载网页——完整流程(ASCII 图)

From typing a URL to seeing the page — every layer is involved.从输入 URL 到看到页面——每一层都参与其中。

You type: https://www.example.com/index.html

Step 1  DNS lookup: "www.example.com" -> 93.184.216.34
Step 2  TCP 3-way handshake:  Browser --SYN-->  Server
                              Browser <-SYN-ACK- Server
                              Browser --ACK-->   Server
Step 3  TLS handshake: exchange certificates, agree on encryption key
Step 4  HTTP request (encrypted):
        GET /index.html HTTP/1.1
        Host: www.example.com
Step 5  HTTP response (encrypted):
        HTTP/1.1 200 OK
        Content-Type: text/html
        [HTML body]
Step 6  Browser parses HTML, requests CSS/JS/images (repeat steps 4-5)
Step 7  Browser renders page on screen

Notice: DNS (Layer 7, Application) resolves the name. TCP (Layer 4, Transport) guarantees delivery. TLS (Layer 6, Presentation in OSI terms) encrypts. IP (Layer 3, Network) routes. Ethernet/Wi-Fi (Layer 2, Data Link) delivers the frame on the local link. Every OSI layer contributes to one page load.注意:DNS(第 7 层,应用层)解析名称。TCP(第 4 层,传输层)保证送达。TLS(OSI 第 6 层,表示层)加密。IP(第 3 层,网络层)路由。以太网/Wi-Fi(第 2 层,数据链路层)在本地链路上传送帧。每个 OSI 层都参与一次页面加载。

Which of the following is the most accurate statement about the relationship between the Internet and the Web?以下哪项最准确地描述了互联网与万维网的关系?
§7 · Q1
The Web and the Internet are two different names for the same thing万维网和互联网是同一事物的两个名称
The Internet is a service that runs on top of the Web互联网是运行在万维网之上的一种服务
The Web is one application (HTTP/HTTPS hypertext documents) that runs over the Internet infrastructure万维网是运行在互联网基础设施之上的一种应用(HTTP/HTTPS 超文本文档)
The Web includes all Internet services such as email and file transfer万维网包含电子邮件和文件传输等所有互联网服务
The Internet is the global network infrastructure (TCP/IP, routers, cables). The Web is one application that runs over that infrastructure, using HTTP/HTTPS to transfer hypertext documents. Email, FTP, VoIP, and online gaming are other applications that also run over the same Internet infrastructure — none of them are "the Web."互联网是全球网络基础设施(TCP/IP、路由器、电缆)。万维网是运行在该基础设施上的一种应用,使用 HTTP/HTTPS 传输超文本文档。电子邮件、FTP、VoIP 和在线游戏是运行在同一互联网基础设施上的其他应用——它们都不是"万维网"。
Web ≠ Internet. The Web (HTTP/HTML) is one service on the Internet. The Internet also carries email, FTP, VoIP, etc. The Internet came before the Web (ARPANET 1969; Web 1989).万维网 ≠ 互联网。万维网(HTTP/HTML)是互联网上的一种服务。互联网还承载电子邮件、FTP、VoIP 等。互联网早于万维网(ARPANET 1969;万维网 1989)。
In the URL https://school.ca/grades?term=1, what does https specify?在 URL https://school.ca/grades?term=1 中,https 指定什么?
§7 · Q2
The protocol used to transfer the resource (HTTP with TLS encryption)用于传输资源的协议(带 TLS 加密的 HTTP)
The domain name of the server服务器的域名
The path to the resource on the server服务器上资源的路径
The query string parameters查询字符串参数
The part before :// is the scheme / protocol. https means HTTP with TLS encryption. The domain is school.ca; the path is /grades; the query string is term=1.:// 之前的部分是协议方案https 表示带 TLS 加密的 HTTP。域名是 school.ca;路径是 /grades;查询字符串是 term=1
URL structure: scheme://domain/path?query#fragment. The scheme (https) is the protocol. Domain = school.ca. Path = /grades. Query = term=1.URL 结构:协议://域名/路径?查询#片段。协议(https)是方案。域名 = school.ca。路径 = /grades。查询 = term=1。
Exam Tactics考试策略

Exam Strategy and Common Pitfalls考试策略与常见陷阱

Distinguish terms precisely精确区分术语
  • Internet vs Web.互联网与万维网。 Examiners penalise conflating these. The Internet is the global TCP/IP network; the Web is the HTTP/HTTPS hypertext system running over it. Email, FTP, and online gaming are also Internet services — none of them are "the Web."考官会扣分于混淆这两者。互联网是全球 TCP/IP 网络;万维网是运行在其上的 HTTP/HTTPS 超文本系统。电子邮件、FTP 和在线游戏也是互联网服务——它们都不是"万维网"。
  • LAN vs WAN.局域网与广域网。 LAN = one building/campus, privately owned. WAN = spans large distances, connects LANs. The Internet is a WAN (the largest WAN). State both the geographic scope and ownership when asked to distinguish them.局域网 = 一栋建筑/校园,私有。广域网 = 跨越大距离,连接多个局域网。互联网是一个广域网(最大的广域网)。被问到区别时,同时陈述地理范围和所有权。
  • Protocol vs topology.协议与拓扑结构。 A protocol is a set of communication rules (TCP, HTTP). A topology is the physical or logical arrangement of devices (star, mesh). They are different dimensions of network design — mixing them up is a common error.协议是一套通信规则(TCP、HTTP)。拓扑结构是设备的物理或逻辑排布方式(星型、网状型)。它们是网络设计的不同维度——混淆它们是常见错误。
Packets, protocols, and layers (§2–§5)数据包、协议与分层(§2–§5)
  • Explain packets with three benefits.用三个优势解释数据包。 When asked why the Internet uses packet switching, state all three: (1) parallel routing, (2) selective retransmission of lost packets only, (3) fair bandwidth sharing. One-line answers lose marks.被问到互联网为何使用分组交换时,说出全部三个优势:(1)并行路由,(2)仅重传丢失的数据包,(3)带宽公平共享。只写一行会丢分。
  • TCP vs UDP — always state the use case.TCP 与 UDP——始终陈述使用场景。 For any protocol comparison question, name the protocol, state whether it is reliable or fast, and give a concrete use case (TCP: web pages; UDP: video streaming). Three elements per protocol answer.对于任何协议比较题,命名协议,说明是可靠还是快速,并给出具体使用场景(TCP:网页;UDP:视频流)。每个协议答案包含三要素。
  • OSI layer numbers matter (BC CIS).OSI 层编号很重要(BC CIS)。 For BC CIS exams, know all seven layer names and numbers. For AP CSP, understand the conceptual purpose of layering (each layer does one job, hides complexity from layers above) rather than memorising all seven names.对于 BC CIS 考试,熟记全部七层的名称和编号。对于 AP CSP,理解分层的概念目的(每层做一件事,向上层隐藏复杂性),而非死记全部七层名称。
Security (§6) — always name the tradeoff安全(§6)——始终说明权衡
  • Name the malware type correctly.正确命名恶意软件类型。 Virus ≠ worm ≠ Trojan. On Ontario ICS3U C2.2 questions, be specific: a worm self-replicates across the network; a Trojan disguises itself; ransomware encrypts files for payment. Vague use of "virus" for all malware loses marks.病毒 ≠ 蠕虫 ≠ 木马。在安大略 ICS3U C2.2 题目中要具体:蠕虫在网络中自我复制;木马伪装自身;勒索软件加密文件索取赎金。将所有恶意软件笼统称为"病毒"会丢分。
  • Security recommendation format (CSTA 3A-NI-06 to 3A-NI-08).安全建议格式(CSTA 3A-NI-06 至 3A-NI-08)。 For full marks: state the threat, the recommended measure, and the tradeoff (e.g., "Implement MFA — reduces account compromise but adds a login step for every user"). The tradeoff is what CSTA 3A-NI-08 specifically tests.要得满分:陈述威胁、推荐措施和权衡(如"实施 MFA——降低账户泄露风险,但每个用户每次登录需额外步骤")。权衡正是 CSTA 3A-NI-08 专门测试的内容。
Answer hygiene作答规范
  • Use the correct technical term, not synonyms.使用正确的技术术语,而非同义词。 "Packet" not "chunk." "Protocol" not "rule." "Topology" not "layout." "Client-server" not "request-response pair" (unless the question uses that phrasing). Examiners mark against a mark scheme that expects precise vocabulary."数据包"而非"块"。"协议"而非"规则"。"拓扑结构"而非"布局"。"客户端-服务器"而非"请求-响应对"(除非题目使用该措辞)。考官依据要求精确词汇的评分标准给分。
  • Draw the diagram if the question allows.如果题目允许,画出图示。 A star topology question almost always earns more marks from a labelled sketch (central switch + labelled device nodes + arrows) than a paragraph. An OSI table (layer number | name | example protocol) is worth more than prose for a "name the layers" question.拓扑结构题几乎总是从标注的草图(中央交换机 + 标注的设备节点 + 箭头)获得比段落更多的分数。OSI 表格(层编号 | 名称 | 示例协议)对于"命名各层"的题目比段落更值分。
Active Recall主动复习

Flashcards闪卡

0 / 14 flipped0 / 14 已翻
LAN vs WAN局域网与广域网
LAN = Local Area Network — one building/campus, private. WAN = Wide Area Network — spans large distances, connects LANs. The Internet is the largest WAN.LAN = 局域网——一栋建筑/校园,私有。WAN = 广域网——跨越大距离,连接多个局域网。互联网是最大的广域网。
What is a packet?什么是数据包?
A small chunk of data (typically ≤1,500 bytes) with a header containing source IP, destination IP, sequence number, and total packet count. Data is broken into packets for transmission.一小块数据(通常 ≤1,500 字节),头部包含源 IP、目标 IP、序列号和总包数。数据被拆分为数据包进行传输。
Star topology星型拓扑
All devices connect to a central switch/router. Most common in modern LANs. Single point of failure: if the switch fails, all devices lose connectivity.所有设备连接到中央交换机/路由器。现代局域网最常见。单点故障:若交换机故障,所有设备失去连接。
Mesh topology — why fault tolerant?网状拓扑——为何容错?
Every device connects to every other. Multiple paths exist between any two nodes — if one link fails, data reroutes. The Internet uses a mesh-like structure for this reason.每台设备与其他所有设备相连。任意两节点间有多条路径——某条链路故障时数据重新路由。互联网正因此采用类似网状结构。
DNS域名系统
Domain Name System — translates human-readable domain names (e.g. google.com) into IP addresses routers can use. The Internet's "phone book." Hierarchical and distributed.域名系统——将人类可读的域名(如 google.com)翻译成路由器可使用的 IP 地址。互联网的"电话簿"。层级化且分布式。
TCP vs UDPTCP 与 UDP
TCP: reliable, ordered, connection (3-way handshake), ACK + retransmit. Used for HTTP, email, files. UDP: fast, connectionless, no ACK. Used for video streaming, VoIP, gaming.TCP:可靠、有序、面向连接(三次握手)、ACK + 重传。用于 HTTP、电子邮件、文件。UDP:快速、无连接、无 ACK。用于视频流、VoIP、游戏。
What does HTTPS add over HTTP?HTTPS 在 HTTP 基础上增加什么?
TLS (Transport Layer Security) encryption. Data between browser and server is encrypted end-to-end — eavesdroppers on the network see only ciphertext, not passwords or card numbers.TLS(传输层安全)加密。浏览器与服务器之间的数据端到端加密——网络上的窃听者只看到密文,而非密码或卡号。
OSI Layer 3 and Layer 4OSI 第 3 层和第 4 层
Layer 3 = Network: IP — addresses and routes packets between networks. Layer 4 = Transport: TCP/UDP — end-to-end delivery, ports, reliability (TCP) or speed (UDP).第 3 层 = 网络层:IP——在网络间寻址和路由数据包。第 4 层 = 传输层:TCP/UDP——端到端传输、端口、可靠性(TCP)或速度(UDP)。
OSI 7 layers (7→1)OSI 七层(7→1)
7 Application · 6 Presentation · 5 Session · 4 Transport · 3 Network · 2 Data Link · 1 Physical. Mnemonic: All People Seem To Need Data Processing.7 应用层 · 6 表示层 · 5 会话层 · 4 传输层 · 3 网络层 · 2 数据链路层 · 1 物理层。记忆口诀:应用表示会话传网数物。
Firewall防火墙
Hardware or software that monitors and controls network traffic based on rules. Blocks unauthorised connections; allows legitimate traffic. Tradeoff: may block legitimate services if misconfigured.根据规则监控和控制网络流量的硬件或软件。阻止未授权连接;允许合法流量。权衡:配置错误可能阻止合法服务。
Worm vs virus vs Trojan蠕虫 vs 病毒 vs 木马
Virus: attaches to a host file; spreads when file is shared. Worm: self-replicates across network — no host file needed. Trojan: disguised as legitimate software; does not self-replicate. ON ICS3U C2.2.病毒:附着于宿主文件;文件共享时传播。蠕虫:在网络中自我复制——无需宿主文件。木马:伪装成合法软件;不自我复制。安大略 ICS3U C2.2。
Internet vs Web互联网与万维网
Internet = global TCP/IP network infrastructure (cables, routers, protocols). Web = one application on the Internet using HTTP/HTTPS to transfer hypertext documents. Email, FTP, VoIP are other Internet services — not "the Web."互联网 = 全球 TCP/IP 网络基础设施(电缆、路由器、协议)。万维网 = 互联网上的一种应用,使用 HTTP/HTTPS 传输超文本文档。电子邮件、FTP、VoIP 是其他互联网服务——不是"万维网"。
Client-server model客户端-服务器模型
Client sends a request (e.g. browser sends HTTP GET). Server processes and sends a response (e.g. HTML page). AB CSE1210/1220 introduce "Internet computing" via this model. Used by every website.客户端发送请求(如浏览器发送 HTTP GET)。服务器处理并返回响应(如 HTML 页面)。AB CSE1210/1220 通过此模型介绍"互联网计算"。每个网站都使用此模型。
IPv4 vs IPv6IPv4 与 IPv6
IPv4: 32-bit, ~4.3 billion addresses, written as 4 decimal octets (e.g. 192.168.1.1). IPv6: 128-bit, ~3.4×10³⁸ addresses, written in hex with colons. Moved to IPv6 because IPv4 addresses were nearly exhausted.IPv4:32 位,约 43 亿个地址,以 4 个十进制数字书写(如 192.168.1.1)。IPv6:128 位,约 3.4×10³⁸ 个地址,以十六进制加冒号书写。迁移到 IPv6 是因为 IPv4 地址几近耗尽。
Mixed Practice综合练习

Practice Quiz综合测验

A student connects their laptop to a school printer and server all through one central switch. Which network type and topology does this describe?一名学生通过一台中央交换机将笔记本电脑连接到学校打印机和服务器。这描述了哪种网络类型和拓扑结构?
Q1
WAN / mesh广域网 / 网状型
WAN / bus广域网 / 总线型
LAN / ring局域网 / 环型
LAN / star局域网 / 星型
One building/campus = LAN. All devices through one central switch = star topology. CSTA 3A-NI-04: "relationship between routers, switches, servers, topology, and addressing."一栋建筑/校园 = 局域网。所有设备通过一台中央交换机 = 星型拓扑。CSTA 3A-NI-04:"路由器、交换机、服务器、拓扑结构和寻址之间的关系。"
One building = LAN (not WAN). One central switch = star (not mesh, ring, or bus).一栋建筑 = 局域网(非广域网)。一台中央交换机 = 星型(非网状、环型或总线型)。
A 10 MB file is sent as 7,000 packets. Packet 4,532 is lost in transit. What happens next?一个 10 MB 的文件被拆分为 7,000 个数据包发送。数据包 4,532 在传输中丢失。接下来会发生什么?
Q2
Only packet 4,532 is retransmitted; the rest of the file is unaffected只重传数据包 4,532;文件其余部分不受影响
All 7,000 packets are retransmitted from the beginning全部 7,000 个数据包从头重传
The file transfer fails permanently文件传输永久失败
The receiver reconstructs the missing packet from the other packets接收方从其他数据包重建丢失的数据包
TCP tracks sequence numbers and sends acknowledgements (ACK) for each packet. If packet 4,532 is not acknowledged, only that packet is retransmitted — selective retransmission is one of TCP's key advantages over sending one continuous stream.TCP 追踪序列号并对每个数据包发送确认(ACK)。若数据包 4,532 未被确认,只重传该数据包——选择性重传是 TCP 相较于连续流传输的关键优势之一。
TCP uses selective retransmission — only the missing packet is resent. This is one of the three key reasons the Internet uses packet switching.TCP 使用选择性重传——只重传丢失的数据包。这是互联网使用分组交换的三大关键原因之一。
You type https://school.ca. In what order do the following steps occur: (A) TCP 3-way handshake, (B) DNS lookup, (C) TLS handshake, (D) HTTP GET request?你输入 https://school.ca。以下步骤的发生顺序是什么:(A)TCP 三次握手,(B)DNS 查找,(C)TLS 握手,(D)HTTP GET 请求?
Q3
A → B → C → DA → B → C → D
D → C → B → AD → C → B → A
B → A → C → DB → A → C → D
C → B → A → DC → B → A → D
DNS resolves the domain name to an IP first (B). Then TCP establishes the connection with a 3-way handshake (A). TLS is negotiated over the TCP connection (C). Finally the HTTP GET request is sent encrypted (D).DNS 先将域名解析为 IP(B)。然后 TCP 通过三次握手建立连接(A)。TLS 在 TCP 连接上进行协商(C)。最后发送加密的 HTTP GET 请求(D)。
Order: DNS (need IP to connect) → TCP handshake (connection) → TLS handshake (encryption setup) → HTTP request (application data).顺序:DNS(需要 IP 才能连接)→ TCP 握手(建立连接)→ TLS 握手(加密设置)→ HTTP 请求(应用数据)。
Which CSTA standard (verbatim) asks students to "Evaluate the scalability and reliability of networks, by describing the relationship between routers, switches, servers, topology, and addressing"? 🇺🇸 CSTA哪个 CSTA 标准(原文)要求学生"通过描述路由器、交换机、服务器、拓扑结构和寻址之间的关系,评估网络的可扩展性和可靠性"?🇺🇸 CSTA
Q4
3A-NI-05
3A-NI-04
3A-NI-07
3B-NI-03
CSTA 3A-NI-04 (verbatim): "Evaluate the scalability and reliability of networks, by describing the relationship between routers, switches, servers, topology, and addressing." This is the primary networks-and-topology standard at Level 3A.CSTA 3A-NI-04(原文):"通过描述路由器、交换机、服务器、拓扑结构和寻址之间的关系,评估网络的可扩展性和可靠性。"这是 3A 级最主要的网络与拓扑标准。
3A-NI-04 = scalability/reliability/topology. 3A-NI-05 = sensitive data and malware. 3A-NI-07 = compare security measures. 3B-NI-03 = network functionality issues.3A-NI-04 = 可扩展性/可靠性/拓扑结构。3A-NI-05 = 敏感数据与恶意软件。3A-NI-07 = 比较安全措施。3B-NI-03 = 网络功能问题。
BC CIS 11 Content (verbatim) names which two network models? 🇨🇦 BC CISBC CIS 11 内容(原文)命名了哪两种网络模型?🇨🇦 BC CIS
Q5
OSI (seven layers) and TCP/IP (four layers)OSI(七层)和 TCP/IP(四层)
HTTP and HTTPSHTTP 和 HTTPS
LAN and WAN only仅局域网和广域网
IPv4 and IPv6IPv4 和 IPv6
BC CIS 11 Content (verbatim): "seven layers of the Open System Interconnection (OSI) reference model" and "four layers of the Transmission Control Protocol/Internet Protocol (TCP/IP)." Both models are named explicitly — BC CIS is the most protocol-depth curriculum of the four.BC CIS 11 内容(原文):"OSI 参考模型的七层"和"TCP/IP 的四层"。两种模型均被明确命名——BC CIS 是四套大纲中协议深度最大的。
BC CIS 11 specifically names OSI (7 layers) and TCP/IP (4 layers) verbatim in its Content standards. HTTP/HTTPS, LAN/WAN, and IPv4/IPv6 are also covered but are not "the two network models" the standard points to.BC CIS 11 在内容标准中原文明确命名 OSI(7 层)和 TCP/IP(4 层)。HTTP/HTTPS、LAN/WAN 和 IPv4/IPv6 也有涉及,但不是该标准指向的"两种网络模型"。
Ontario ICS3U C2.2 directly assesses which of the following? 🇨🇦 ON ICS3U安大略 ICS3U C2.2 直接评估以下哪项?🇨🇦 ON ICS3U
Q6
The OSI seven-layer modelOSI 七层模型
Packet switching and TCP/IP分组交换和 TCP/IP
Star and mesh network topologies星型和网状网络拓扑
Procedures to safeguard data from malware and a system protection plan保护数据免受恶意软件侵害的程序和系统保护计划
ICS3U C2.2 (verbatim): "describe procedures to safeguard data and programs from malware (e.g., viruses, Trojan horses, worms, spyware, adware, malevolent macros), and devise a thorough system protection plan." Networking protocol depth is absent from the ICS3U university stream.ICS3U C2.2(原文):"描述保护数据和程序免受恶意软件(如病毒、木马、蠕虫、间谍软件、广告软件、恶意宏)侵害的程序,并制定全面的系统保护计划。"ICS3U 大学方向不涉及网络协议深度内容。
Ontario ICS3U/ICS4U university stream does not cover OSI, TCP/IP, packet switching, or topologies at an assessed level. Only C2.2 (malware + protection plan) is directly assessed for Networks in ICS3U.安大略 ICS3U/ICS4U 大学方向不将 OSI、TCP/IP、分组交换或拓扑结构列为评估级别内容。ICS3U 中网络部分仅 C2.2(恶意软件 + 保护计划)被直接评估。
Self-check自查

Readiness Checklist准备就绪清单

Tick each item when you can do it cold, without notes, on a first attempt.能在无笔记、首次尝试下完成,再勾选每一项。

0 / 11 mastered已掌握 0 / 11
Next Steps后续单元

What This Feeds Into本单元的去向

Networks and the Internet underpins three major downstream areas. First, the cybersecurity and ethics unit (Unit 12) extends the security concepts in §6: you will go from understanding what a firewall does to evaluating legal, ethical, and societal implications of computing security decisions. Second, AP CSP Big Idea 4 (Computer Systems & Networks, 11–15% of the exam) is the most direct assessment of this unit's content — if you are aiming for AP CSP, this guide is required reading. Third, the web-scripting pathway (AB CSE1210/1220; any school teaching HTML/CSS/JavaScript) builds directly on the client-server and HTTP foundations in §7.网络与互联网为三大下游领域奠定基础。第一,网络安全与伦理单元(第 12 单元)扩展了 §6 中的安全概念:你将从理解防火墙的作用,进阶到评估计算安全决策的法律、伦理和社会影响。第二,AP CSP 大概念 4(计算机系统与网络,占考试 11–15%)是对本单元内容最直接的评估——若你以 AP CSP 为目标,本指南是必读材料。第三,Web 脚本路径(AB CSE1210/1220;任何教授 HTML/CSS/JavaScript 的学校)直接建立在 §7 中客户端-服务器和 HTTP 基础之上。

Within High School Computer Science.在 HS Computer Science 内部。

Unit 12 (Cybersecurity, Ethics and Society) is the natural continuation of §6 (Network Security Basics) — CSTA 3A-NI-05 through 3A-NI-08 and the malware taxonomy all feed directly into that unit. Unit 10 (Data, Databases and the Web) pairs with §7 of this guide: understanding how HTTP carries data between browser and server is a prerequisite for understanding web forms, APIs, and database queries. The Boolean Logic unit (Unit 9) connects at Layer 2 (Data Link) — understanding that all data is ultimately bits on a wire ties number systems to physical networking.第 12 单元(网络安全、伦理与社会)是 §6(网络安全基础)的自然延伸——CSTA 3A-NI-05 至 3A-NI-08 以及恶意软件分类法都直接延伸至该单元。第 10 单元(数据、数据库与 Web)与本指南的 §7 配套:理解 HTTP 如何在浏览器与服务器之间传输数据,是理解网络表单、API 和数据库查询的前提。布尔逻辑单元(第 9 单元)在第 2 层(数据链路层)相连——理解所有数据最终都是线路上的比特,将数字系统与物理网络联系起来。

AP and downstream connections.AP 及下游连接。

No AP CSA networks guide exists in this repo (AP CSA focuses on Java OOP and does not assess network protocols). The primary AP feeder is AP CSP Big Idea 4 (CSN). If you are on the AP CSP track, focus on §2 (packets), §4 (TCP/IP, HTTP), and §6 (security tradeoffs) — these map to the CSN Learning Objectives CSN-1.A through CSN-1.E that appear on the AP CSP exam. BC CIS students heading into network administration or IT programs will find §5 (OSI model) the most directly applicable, as it maps verbatim to the CIS 11 Content standards.本仓库中不存在 AP CSA 网络指南(AP CSA 专注于 Java 面向对象,不评估网络协议)。主要的 AP 衔接是 AP CSP 大概念 4(CSN)。若你在 AP CSP 轨道上,重点学习 §2(数据包)、§4(TCP/IP、HTTP)和 §6(安全权衡)——这些对应出现在 AP CSP 考试中的 CSN 学习目标 CSN-1.A 至 CSN-1.E。计划进入网络管理或 IT 专业的 BC CIS 学生会发现 §5(OSI 模型)最直接适用,因为它与 CIS 11 内容标准原文对应。

DINGRUI SCHOLARS

High School Computer Science · Networks and the Internet · v1高中计算机科学 · 网络与互联网 · v1