TCP/IP Protocol Suite 1
COMP 416COMP 416Internet Protocols and SoftwareInternet Protocols and Software
Instructor: Zhijun Wang
Lab#1 will be given next week at PQ604A-C at the class time
Supplementary Materials are availableToday’s contents• UDP (Chap. 11)• TCP (Chap.12)
TCP/IP Protocol Suite 2
Key thinksKey thinks• What are the major differences between UDP and
TCP?• Where are the application domains for UDP and
TCP?• Why does TCP work well?• What are the disadvantages of UDP and TCP?
TCP/IP Protocol Suite 3
Chapter 11Chapter 11
User DatagramUser DatagramProtocolProtocol
• Be able to explain process-to-process communication• Know the format of a UDP user datagram• Understand the operation of UDP• Know when it is appropriate to use UDP
Objectives
TCP/IP Protocol Suite 4
Figure 1 Position of UDP in the TCP/IP protocol suite
TCP/IP Protocol Suite 5
Figure 2 UDP versus IP
UDP (User Datagram Protocol) is a connectionless, unreliable transportprotocol. UDP is a simple protocol using a minimum overhead.
TCP/IP Protocol Suite 6
Figure 3 Port numbers
UDP uses port number to identify processes. A port number has 16 bits, the range is from 0 to 65,535. The client process defines itself with a port number, called ephemeral portnumber which is recommended to be greater than 1023. The server process also defines itself with a port number which is a well-known port number in the range 0-1023.
TCP/IP Protocol Suite 7
Figure 4 IP addresses versus port numbers
IP addresses identify devicesPort numbers identify processes
TCP/IP Protocol Suite 8
Figure 5 ICANN ranges
ICANN: International Corporation for Assigned Names and Numbers
Well-known ports: the ports ranging from 0 to 1023 are assigned and controlled by ICANN.Registered ports: the ports ranging from 1024 to 49,151 are not assigned and controlled by ICANN. They can only be registered with ICANN to prevent duplication.Dynamic ports: the ports ranging from 49,152 to 65,535 are neither controlled nor registered. They can be used as temporary or private numbers
TCP/IP Protocol Suite 9
Table 1 Table 1 Well-known ports used with UDPWell-known ports used with UDP
TCP/IP Protocol Suite 10
Socket address
Socket address: a combination of IP address and a port number
TCP/IP Protocol Suite 11
Example 1
An SNMP client residing on a host with IP address 132.23.43.31 sends a An SNMP client residing on a host with IP address 132.23.43.31 sends a message to an SNMP (Port: 161) server residing on a host with IP message to an SNMP (Port: 161) server residing on a host with IP addresses 32.23.2.1. What is the pair of sockets used in this addresses 32.23.2.1. What is the pair of sockets used in this communication?communication?
Solution: In the client, the socket address is IP address combined with Solution: In the client, the socket address is IP address combined with an ephemeral ports X, (132.23.43.31, X). In the server, the socket an ephemeral ports X, (132.23.43.31, X). In the server, the socket address is (32.23.2.1, 161).address is (32.23.2.1, 161).
TCP/IP Protocol Suite 12
Figure 6 User datagram format
UDP packets are called user datagrams and have a fixed-size header of 8 UDP packets are called user datagrams and have a fixed-size header of 8 bytes.bytes.
Error check for the user datagram
TCP/IP Protocol Suite 13
Figure 7 Encapsulation and decapsulation
UDP: connectionless serviceUser datagrams are not numberedNo relationship between different user datagrams even if they are coming from the same user.
UDP: unreliable serviceNo flow and error control
TCP/IP Protocol Suite 14
Figure 8 Queues in UDP
There are one outgoing and one incoming queues used for sending and receiving datagrams.The queues usually are identified by the port numbers.
TCP/IP Protocol Suite 15
Applications of UDP
•UDP is suitable for a process that requires simple-response communication with little concern for flow and error control
•UDP is suitable for a process with internal flow and error-control mechanism, e.g., Trivial File Transfer Protocol (TFTP).
•UDP is a suitable transport protocol for multicasting.
•UDP is used for management processes such as SNMP.
•UDP is used for route updating protocols such as Routing Information Protocol (RIP).
TCP/IP Protocol Suite 16
Congestion Control of UDP
•DCCP: Datagram Congestion Control Protocol
RFC4340: http://www.read.cs.ucla.edu/dccp/rfc4340.txt
TCP/IP Protocol Suite 17
Chapter 12Chapter 12
TransmissionTransmissionControl ProtocolControl Protocol
• Understand the services offered by TCP• Understand TCP’s flow and error control and congestion control• Be familiar with the fields in a TCP segment• Understand the phases in a connection-oriented connection
Objectives
TCP/IP Protocol Suite 18
TCP FEATURES
• TCP is a connection-oriented protocol (UDP: Connectionless)
• TCP is a reliable transport protocol (UDP : unreliable)• TCP uses full-duplex communication (UDP : half-duplex)
TCP uses port numbers to identify processes. A packet in TCP is called a segment.
TCP/IP Protocol Suite 19
Table 1 Table 1 Well-known ports used by TCPWell-known ports used by TCP
TCP/IP Protocol Suite 20
Figure 1 Sending and receiving buffers
A circular buffer is used to send and receive data. The sent bytes are removed from the buffer when they are acknowledged.
TCP/IP Protocol Suite 21
Numbering system
The bytes of data being transferred in each connection are numbered by TCP.The number starts with a randomly generated number.
The value in the sequence number field of a segment defines the number of the first data byte contained in that segment.
The value of the acknowledgement field in a segment defines the number of the next byte a party expects to receive. The acknowledgement is cumulative.
TCP/IP Protocol Suite 22
Suppose a TCP connection is transferring a file of 3000 bytes. The first byte is numbered 10001. What are the sequence numbers for each segment if data is sent in three segments, each carrying 1000 bytes?
Example 1
SolutionThe following shows the sequence number for each segment:
Segment 1 ➡ Sequence Number: 10,001 (range: 10,001 to 11,000)
Segment 2 ➡ Sequence Number: 11,001 (range: 11,001 to 12,000)
Segment 3 ➡ Sequence Number: 12,001 (range: 12,001 to 13,000)
TCP/IP Protocol Suite 23
Figure 2 TCP segment format
The TCP header includes 20-40 bytes
TCP/IP Protocol Suite 24
Figure 3 Control field
TCP/IP Protocol Suite 25
A TCP CONNECTION
TCP is connection-oriented. A connection-oriented transport TCP is connection-oriented. A connection-oriented transport protocol establishes a virtual path between the source and protocol establishes a virtual path between the source and destination. All of the segments belonging to a message are destination. All of the segments belonging to a message are then sent over this virtual path. then sent over this virtual path.
A connection-oriented transmission requires three phases: A connection-oriented transmission requires three phases: (1) connection establishment(1) connection establishment(2) data transfer(2) data transfer(3) connection termination.(3) connection termination.
TCP/IP Protocol Suite 26
Figure 3 Connection establishment using three-way handshaking
rwnd: receiver window size
TCP/IP Protocol Suite 27
TCP Connection Establishment
(2) After the server receives the SYN segment, it sends a SYN+ACK segment back The segment has 2 flag bits set: SYN and ACK, and also contains receiver window size which indicates the maximal number of bytes can be sent.A SYN+ACK segment cannot carry data, but does consume one sequence number.
The server must be ready to accept connections, that is passive open.The client issues a request for active open.
(1) The client first sends a SYN segment, in which only SYN flag is set.A SYN segment cannot carry data, but it consumes one sequence number. The sequence number is called the initial sequence number (ISN).
(3) After receiving SYN+ACK, the client sends an ACK segment to the server. The ACK segment, if carrying no data, consume no sequence number.
Now the TCP connection has been established.
TCP/IP Protocol Suite 28
SYN Flooding Attack
The connection establishment procedure in TCP has SYN flooding attack problem. A malicious attacker sends a large number of SYN segments to a server using fakedIP addresses. The server, assuming that the clients are issuing an active open,allocates the necessary resources. During the time, a lot of resources are allocated without being used. Then the server sends the faked clients SYN+ACK segmentswhich are lost. During this period, the server may run out of resource, and even crash. Such attacks known as denial of service attack.
Protections: (1) limit the number of connections during a time period (2) filter out segments from unwanted source address (3) delay resource allocation until the entire connection is set up
Some materials on denial of service attack are available on supplementaryin course webpage and WebCT.
TCP/IP Protocol Suite 29
Figure 4 Data transfer
After connections is established, bidirectional data transfer can take place. The acknowledgement is piggyback with data.
TCP/IP Protocol Suite 30
Figure 5 Connection termination using three-way handshaking
TCP/IP Protocol Suite 31
Three-way handshaking termination
(2) After receiving the FIN segment, the server informs its process of the situation and send a FIN+ACK segment to confirm the receipt of the FIN segment from the client and also announce the closing of the connection in the other direction.The FIN+ACK consumes one sequence number if it does not carry data.
After sending all data, the client initiates a TCP close command to terminate connection.
(1) The client first sends a FIN segment, in which the FIN flag is set.The segment can include the last chunk of data sent by the client or it can bejust a control package. The FIN segment consumes one sequence number if it does not carry data.
(3) The client sends the last ACK segment to the server. The ACK segment cannot carry data and consumes no sequence number.
Now the TCP connection has been terminated.
TCP/IP Protocol Suite 32
Figure 6 Half-close
In TCP, one end can stop sending data while stillreceiving data, this called Half-close.The client sends FIN segmentTo the server, and the serversends an ACK back. The data is still sending from the serverto the client. The server sendsa FIN segment when all data are sent. The client sends anACK segment back. The connection is closed.This process called four-wayhandshaking termination.
TCP/IP Protocol Suite 33
FLOW CONTROL
Flow control regulates the amount of data a source can send before Flow control regulates the amount of data a source can send before receiving an acknowledgment from the destination. receiving an acknowledgment from the destination.
TCP uses sliding window protocol for flow control.TCP uses sliding window protocol for flow control.In this method, a host uses a window for outbound communication In this method, a host uses a window for outbound communication (sending data). The window span the portion of the buffer containing bytes (sending data). The window span the portion of the buffer containing bytes received from the process. The bytes inside the window are the bytes that received from the process. The bytes inside the window are the bytes that can be in transit; they can be sent without worrying about can be in transit; they can be sent without worrying about acknowledgementacknowledgement..
A sliding window is used to make transmission more efficient as well as to A sliding window is used to make transmission more efficient as well as to control the flow of data so that the destination does not become control the flow of data so that the destination does not become overwhelmed with data.overwhelmed with data.TCP sliding windows are byte oriented.TCP sliding windows are byte oriented.
TCP/IP Protocol Suite 34
Figure 7 Sliding window
Congestion window size
TCP/IP Protocol Suite 35
What is the value of the receiver window (rwnd) for host A if the receiver, host B, has a buffer size of 5,000 bytes and 1,000 bytes of received and unprocessed data?
Example 2
SolutionThe value of rwnd = 5,000 − 1,000 = 4,000. Host B can receive only 4,000 bytes of data before overflowing its buffer. Host B advertises this value in its next segment to A.
TCP/IP Protocol Suite 36
Figure 8 shows an unrealistic example of a sliding window. The sender has sent bytes up to 202. We assume that cwnd is 20 (in reality this value is thousands of bytes). The receiver has sent an acknowledgment number of 200 with an rwnd of 9 bytes (in reality this value is thousands of bytes). The size of the sender window is the minimum of rwnd and cwnd or 9 bytes. Bytes 200 to 202 are sent, but not acknowledged. Bytes 203 to 208 can be sent without worrying about acknowledgment. Bytes 209 and above cannot be sent.
Example 3
TCP/IP Protocol Suite 37
Figure 8 Example 3
cwnd rwnd
TCP/IP Protocol Suite 38
In Figure below, the sender receives a segment with an acknowledgment value of 206 and an rwnd of 12. The host has not sent any new bytes. The value of cwnd is still 20. Show the new window.
Example 4
TCP/IP Protocol Suite 39
Example 4-solution
SolutionThe value of rwnd is less than cwnd, so the size of the window is 12. Figure below shows the new window. Note that the window has been opened from the right by 7 and closed from the left by 4; the size of the window has increased.
TCP/IP Protocol Suite 40
ERROR CONTROL
TCP provides reliability using error control, which detects corrupted, lost, TCP provides reliability using error control, which detects corrupted, lost, out-of-order, and duplicated segments. out-of-order, and duplicated segments. Error control in TCP is achieved through the use of the checksum, Error control in TCP is achieved through the use of the checksum, acknowledgment, and time-out. acknowledgment, and time-out. Error control includes a mechanism for detecting corrupted segments, lost Error control includes a mechanism for detecting corrupted segments, lost segments, out-of-order segments and duplicated segments.segments, out-of-order segments and duplicated segments.
Checksum is used to detect the corrupted segments.Checksum is used to detect the corrupted segments.
TCP/IP Protocol Suite 41
Acknowledgement
Rules for generating ACK:
Rule 1: When one end sends data segment to the other end, it must include an acknowledgement giving the next sequence number it expects to receive.Rule 2: If the receiver has no data to send, it receives an in-order segment and the previous one has acknowledged, it delays sending ACK until another segment arrives or until a period of time has passed. That means there should be no more than 2 in-order unacknowledged segments in any-time.Rule 3: When a segment arrives with a sequence number that is expected, and the previous one is in –order and has not acknowledged, it immediately sends an ACK. Rule 4: When a segment arrives is out-of-order number, the receiver immediately sends an ACK announcing the expected sequence number to be received.Rule 5: When a missing segment arrives, the receiver sends an ACK to announce the next sequence number expected.Rule 6: If a duplicated segment arrives, the receiver immediately sends an ACK to solve missing ACK case.
ACK segments do not consume sequence numbers and are not acknowledged.
TCP/IP Protocol Suite 42
Retransmission and out-of-order segments
In TCP, the sender starts a retransmission time-out (RTO) for each segment sent.A retransmission occurs if any of the cases is true:
(1) The retransmission timer expires(2) Three duplicated ACK segments have arrived
Data may arrive out of order and be temporarily stored by the receiving TCP, but TCP guarantees that no out-of-order segment is delivered to the process.
TCP/IP Protocol Suite 43
Figure 9 Normal operation for ACK
TCP/IP Protocol Suite 44
Figure 10 Lost segment
TCP/IP Protocol Suite 45
Figure 11 Fast retransmission
TCP/IP Protocol Suite 46
Figure 12 Lost acknowledgment
TCP/IP Protocol Suite 47
Figure 13 Lost acknowledgment corrected by resending a segment
TCP/IP Protocol Suite 48
CONGESTION CONTROL
Congestion control refers to the mechanisms and techniques to keep the Congestion control refers to the mechanisms and techniques to keep the load below the capacity.load below the capacity.
Why does TCP work well for Internet?Why does TCP work well for Internet?
A protocol must be fair for every user and must be stable for the whole A protocol must be fair for every user and must be stable for the whole system. system. TCP provides fairness (e.g., max-min, proportional fairness).TCP provides fairness (e.g., max-min, proportional fairness).However, TCP is not efficient, cannot provide QoS features.However, TCP is not efficient, cannot provide QoS features.
Performance Measurements: delay and throughputPerformance Measurements: delay and throughputDelay includes the propagation time and processing time.Delay includes the propagation time and processing time.Throughput is defined as the number of bytes passing through the Throughput is defined as the number of bytes passing through the networks in a unit time.networks in a unit time.
TCP/IP Protocol Suite 49
Figure 14 Router queues
The routers/switches have queues-buffers that hold packets before andafter processing. If the rate of the packet arrival is higher than the packet processing rate, the input queues may overflow. If the packet depart rate is less than the packet processing rate, the output queue may be overflowed.Some packets in the overflowed queues are dropped, indicating congestionin the Internet.
TCP/IP Protocol Suite 50
Figure 15. Packet delay and throughput vs. network load
TCP/IP Protocol Suite 51
Figure 16 Slow start, exponential increase
TCP has a slow start phase. In this phase, the size of the congestion window increases exponentially until it reaches a threshold.
Start cwnd=20 MSS: maximum segment size.After 1 RTT cwnd=21
After 2 RTTs cwnd =22 ….
Window size=min (rwnd, cwnd)
TCP/IP Protocol Suite 52
Figure 17 Congestion avoidance, additive increase
After the cwnd reaches the threshold, the size of the congestion window increases additively until the congestion is detected
Start cwnd=1After 1 RTT cwnd=2After 2 RTTs cwnd =3 ….
TCP/IP Protocol Suite 53
Congestion detection
In today’s Internet, only way the sender can guess that congestion has occurred
is the need to retransmit a segment. There are two cases:(1) The retransmission timer expires(2) Three duplicated ACK segments have arrived
When the congestion is detected by timer expiration, most TCP implementations reacts:
(1) It sets the maximal value of the threshold to the half of the current window size.
(2) It sets the cwnd to be 1(3) It starts a slow start phase again
If the congestion is detected by three ACKs, most TCP implementations reacts:
(1) It sets the maximal value of the threshold to the half of the current window size.
(2) It sets cwnd to the value of the threshold(3) It starts the congestion avoidance phase
TCP/IP Protocol Suite 54
Figure 18 TCP congestion policy summary
TCP/IP Protocol Suite 55
Figure 19 Congestion example
RTT: round trip time
congestion detected
reduced to half
cwnd=1cwnd=threshold=6
TCP/IP Protocol Suite 56
1. UDP and TCP
Both are transport layer protocol, use port numbers to identify processes
UPD is connectionless and unreliable protocol, has no error, flow and congestion control
TCP is connection oriented and reliable protocol, has error, flow and congestion control
2. Socket address = IP address + port number
3. UDP and TCP header information
4. TCP connection establishment, sequence number, acknowledgment, window size
5. TCP termination
6. TCP flow, error and congestion control
Summary
TCP/IP Protocol Suite 57
1. The following is a dump of a UDP header in hexadecimal format
06 32 00 0D 00 1C E2 17
(a) What are the source and destination ports?
(b) What is the total length of the user datagram?
(c) What is the length of the data?
2. In a TCP connection, the initial sequence number at a client site is 2171. The client opens the connection, sends only one segment carrying 1000 bytes of data, and closes the connection. What is the value of the sequence number in each of the following segments sent by the client?
(a) The SYN segment.
(b) The data segment
(c) The FIN segment
Excises:
TCP/IP Protocol Suite 58
3. In a connection, the value of cwnd is 3000 and the value of rwnd is 5000. The host has sent 2000 bytes, in which 1000 bytes have been acknowledged. What is the window size? How many more bytes can be sent?
4. A client sends 16 bytes to a server. Calculate the efficiency (ratio of useful bytes to the total byes) of this transmission at the transport level if the client uses:
(a) UDP (b) TCP.
5. TCP opens a connection using initial sequence number (ISN) of 14,534. The other party opens the connection with an ISN 21732. Show the three TCP segments during the connection establishment.
Excises-cont.-I
TCP/IP Protocol Suite 59
6. A window holds bytes 2001 to 5000. The next byte to be sent is 3001. Draw a figure to show the situation of the window after the following events.
(a) An ACK segment with the acknowledgement number 2500 and window size advertisement 4000 is received.
(b) A segment carrying 1000 bytes is sent.
Excises-cont.-II
TCP/IP Protocol Suite 60
1. (a) Source port is 0632=1586, destination port is 000D=13
(b) The total length of the user datagram is 001C=28 bytes
(c) The length of the data is 28-8=20 byte
2. (a) 2171 (b) 2172 (c) 3172
3. The window size=3000. The bytes can be sent: 3000-(2000-1000)=2000. 4. (a) The total packet length = 16+8=24 bytes, efficiency=16/24=66.7%. (b) The total packet length =16+20=36 bytes, efficiency=16/36=44.4%.
Solutions of the Excises:
TCP/IP Protocol Suite 61
Solutions of the Excises-cont. I
5.
TCP/IP Protocol Suite 62
Solutions of the Excises-cont. II
6.