COMP30023 – Computer Systems
Transmission Control Protocol
Dr Lachlan Andrew
© University of Melbourne 2021
Acknowledgement
• The slides are based on slides prepared by Chris Culnane based on material developed previously by: Michael Kirley, Zoltan Somogyi, Rao Kotagiri, James Bailey and Chris Leckie.
• Some of the images included in the notes were supplied as part of the teaching resources accompanying the text books listed in lecture 1.
© 2021 University of Melbourne 2
Recap – Transport Layer
• Provides services to the Application (or Session) layer using services from the Network layer.
• The Transport layer entities (the hardware or software which actually does the work e.g. OS kernel, processes, NIC) can exist in multiple locations.
• Services provide “logical” communication channels between processes running on different hosts:
– Connection-oriented
• = Connection establishment, data transfer, connection release (TCP) • Like phone call
– Connectionless:datatransfer(UDP)
• Like text messages
© 2021 University of Melbourne 3
Summary
• Introduction to Transmission Control Protocol (TCP)
– Connecting – Sending
– Closing
© 2021 University of Melbourne 6
Transport service primitives
Primitive Packet Sent
Meaning
• Primitives: core functions which allow interface with
LISTEN (none) Block until something tries to connect
transport services (in particular TCP)
CONNECT CONNECTION REQ Actively attempt to establish a connection
SEND
DATA
Send information
RECEIVE
(none)
Block until DATA packet arrives
DISCONNECT
DISCONNECTION REQ
This sides wants to release the connection
© 2021 University of Melbourne 7
Connection establishment issues
• Remember that TCP is a connection orientated protocol running over a connectionless network layer (IP)
• When networks can lose, store and duplicate packets, connection establishment can be complicated
– congestednetworksmaydelayacknowledgements
– incurringrepeatedmultipletransmissions
– any of which may not arrive at all or out of sequence – delayed duplicates
time
© 2021 University of Melbourne 8
TCP – Overview
• The Transmission Control Protocol provides a protocol by which applications can transmit IP datagrams within a connection-oriented framework, thus increasing reliability.
– TCP transport entity manages TCP streams and interfaces to the IP layer
– TCPentityacceptsuserdatastreams,andsegmentstheminto pieces <64Kb (often 1460 bytes in order to fit the IP and TCP headers into a single Ethernet frame), and sends each piece as a separate IP datagram
• Recipient TCP entities reconstruct the original byte streams from the encapsulation
© 2021 University of Melbourne 9
TCP – Service Model
• Example:
– (a)Four512-bytesegmentssentasseparateIPdatagrams
– (b)The2048bytesofdatadeliveredtotheapplicationinasingle READ call
© 2021 University of Melbourne 10
TCP – Service Model
• The sender and receiver both create sockets
– Akerneldatastructure,namedbythe5-tupleofIPaddressandport
number of sender and receiver, and the protocol
– ForTCPservicetobeactivated,connectionsmustbeexplicitly established between a socket at a sending host (src-host, src-port) and a socket at a receiving host (dest-host, dest-port)
• Example:
– 2sockets on port 80
© 2021 University of Melbourne 11
Features of TCP connections
• TCP connections are:
– Fullduplex-datainbothdirectionssimultaneously
– Endtoend-exactpairsofsendersandreceivers
– Bytestreams,notmessagestreams-messageboundariesarenot preserved
– Buffercapable-TCPentitycanchoosetobufferpriortosendingor not depending on the context
• PUSH flag - indicates a transmission is not to be delayed, and should interrupt the receiving application
• URGENT flag - indicates that transmission should be sent immediately (priority above data in progress), and that the receiver should send it to the application out-of-band
© 2021 University of Melbourne 12
TCP Properties
• Data is exchanged between TCP entities in segments – eachhasa20–60byteheader,pluszeroormoredatabytes
• TCP entities decide how large segments should be, given two constraints:
– IPpayload<65,515byte
– MaximumTransferUnit(MTU)-generally1500bytes
• Sliding window protocol
– Initialuse:reliabledatadeliverywithoutoverloadingthereceiver – Nowalsotiedcloselywithcongestioncontrol
– Describednextweek
© 2021 University of Melbourne 13
TCP – Header
For sliding window
© 2021 University of Melbourne 14
TCP – Important Headers
Name
Description
Source port
Sending port
Destination port
Receiving port
Sequence Number
If SYN=1: initial sequence number
if SYN=0: is accumulated sequence number of the first data byte of this segment
Acknowledgement number
If ACK=1: next sequence number that the sender of the ACK is expecting
Data offset
Size of the TCP Header (20-60 bytes)
Flags
Single bit flags (SYN, ACK, RST, FIN, etc.)
Window size
Size of receive window – how much data the sender of this segment is willing to receive
© 2021 University of Melbourne 15
Three-way handshake
• Goals of reliable connection establishment:
– Ensureone(andonlyone)connectionisestablished,evenifsome
set-up packets get lost
– Establishinitialsequencenumbersforslidingwindow
• Three-way handshake:
– Aproposedsolution,whichavoidsproblemsthatcanoccurwhen both sides allocate same sequence numbers by accident (e.g. after host/router crash) (cf. Tomlinson, 1975).
– Senderandreceiversexchangeinformationaboutwhichsequencing strategy each will use, and agree on it before transmitting segments
© 2021 University of Melbourne 16
Three-way handshake
• Normal operation,
• Simultaneous connection attempts.
– Two simultaneous connection attempts results in only one connection (uniquely identified by end points).
• At end, Host 1 and Host 2 have agreed on respective sequence numbers
© 2021 University of Melbourne 18
Synchronisation
• SYN is used for synchronization during connection establishment
– SendingSYNorFINcausessequencenumbertobeincrementedby 1
• Sequence Number – first byte of this segments payload
– Offsetbyarandomnumber–initialvalueisarbitrary,offsetwillbe
reflected in both Sequence and Acknowledgement numbers
• Acknowledgement Number – next byte the sender expects to receive
– Bytesreceivedwithoutgaps–amissingsegmentwillstopthis incrementing, even if later segments have been received
© 2021 University of Melbourne 19
Wireshark Example
• Request for single image file: http://static.bbci.co.uk/weather/0.5.284/images/icons/indiv idual_56_icons/en_on_light_bg/1.gif, HTTP (connection:close)
© 2021 University of Melbourne 20
Wireshark Example
104.83.244.56
© 2021 University of Melbourne 21
TCP Synchronization Recap
• SYN bit is used to establish a connection – Connection request has SYN=1, ACK=0
– Connection reply has SYN=1, ACK=1
• SYN is used in both CONNECTION_REQUEST and CONNECTION_ACCEPTED, ACK bit distinguishes between the two
• After connection setup:
– Sequence Number –first byte of this segment payload (1 + data sent
• Offset by a random number – initial value is arbitrary, offset will be reflected in both Sequence and Acknowledgement numbers
– Acknowledgement Number – next byte the sender expects to receive (data successfully received + 1)
• Bytes received without gaps – a missing segment will stop this incrementing, even if later segments have been received
prior to this segment)
© 2021 University of Melbourne 22
TCP Retransmission
• Each segment sent has an associated retransmission timer (RTO)
– Initialisedwithadefaultvalueandupdatedbasedonnetwork performance
– IfthetimerexpiresbeforeanACKisreceivedthesegmentisresent
• Receiver receives segment with a sequence number higher
than expected (i.e. segment has been lost)
– ReceiversendsACKwithsequencenumberitisexpecting(i.e.the next byte it expects – also implies data it has received)
– Thisisaduplicateofthepreviouslysentacknowledgement (DupACK)
– Afterreceiving3DupACKsthesenderresendsthelostsegment,this is known as fast retransmission
© 2021 University of Melbourne 23
TCP Closing
• The FIN flag is used to signify a request to close a connection
• Each FIN is directional, once acknowledged no further data can be
sent from the sender to the receiver
– Data can continue to flow in the other direction
– E.g. client could send FIN after making request, but before receiving the response
– Sender of FIN will still retransmit unacknowledged segments
• Typically requires 4 segments to close, 1 FIN and 1 ACK for each
direction
– Can be optimised: Host A send FIN request, Host B responds with ACK of Host A FIN request, and sends FIN request of its own, Host A send ACK of Host B’s FIN request and connection is closed
© 2021 University of Melbourne 24
TCP Closing
• The RST flag is used to signify a hard close of a connection – Basicallystatesthesenderisclosingtheconnectionandwillnot
listen for any further messages
– Sent in reply to a packet sent to a 5-tuple with no open connection
• e.g., to invalid data being sent or a crashed process that left a remote socket open, that the OS is now cleaning up
• Can be used to close a connection, but FIN is greatly preferred because it is an orderly shutdown of the connection, as opposed to a reset
© 2021 University of Melbourne 25
And finally...
• Google’s QUIC has shown that there is demand for a new transport protocol
– Why is it only now being deployed?
– Why does it run on top of UDP?
• Although the transport layer is supposed to be “end to end”, there are many “middleboxes” that inspect and modify transport layer protocols
– Firewalls, NAT (later lecture), intrusion detection systems, load balancers
• These all accept TCP and UDP, but typically drop all other transport layer protocols.
• Stream Control Transport Protocol is a carefully designed protocol that achieves many of the goals of QUIC, but it hasn’t been widely deployed because of these middleboxes.
© 2021 University of Melbourne
26
(This time is final for sure...)
• SYN Flooding
– Popularattackinthe90’stodenialofserviceaserver
– Rememberbacktothearbitrary(random)initialSequencenumber
– ThisrequirestheservertorememberaninitialSequencenumber for each received SYN request
– AnattackerwouldmakeinitialSYNrequeststhennotsendthe appropriate ACK, causing the server to gradually fill up its queue with sequence numbers for now defunct connections
– OnesolutionwasSYNCookies
• Rather than store the sequence number it is derived from connection information and a timer that creates a stateless SYN queue using cryptographic hashing
• Incurs performance cost in validating SYN Cookies, but preferable to being unresponsive – typically only enabled when under attack
© 2021 University of Melbourne 27