Post on 23-Jun-2020
19540 - Telematics11th Tutorial - TCP and other Transport layer protocols
Bastian Blywis
Department of Mathematics and Computer ScienceInstitute of Computer Science14. January, 2010
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 1
Outline
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 2
TCP
Transmission Control Protocol (TCP), fundamental features:– Transport layer protocol, layer 4– Reliable end-to-end connection– Bidirectional– In-order delivery of data– Stream-oriented, does not preserve message boundaries– “Byte pipe” for higher layer protocols– Multiplexing based on ports
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 3
TCP
0 3 7 15 31
Source Port Destination Port
Sequence number
Acknowledgement number
Offset Reserv.URG
ACK
PSH
RST
SYN
FIN
Receiver window
Checksum Pointer
Options Padding
Header
Payload
Figure: TCP Segment
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 4
TCP
Closed
Listen
SYNRCVD
SYNSent
Estab-lished
FINWait-1
CloseWait
FINWait-2
LastACK
Closing
TimeWait
Closed
passive OPENcreate TCB
CLOSEdelete TCB
CLOSEdelete TCB
active OPENcreate TCBand SYN
SENDsend SYN
rcv SYNsend SYN, ACK
rcv SYNsend ACK
rcv ACK of SYN---
rcv SYN, ACKsend ACK
CLOSEsend FIN
rcv FINsend ACK
CLOSEsend FIN
rcv FINsend ACK
rcv ACK of FIN---
rcv FINsend ACK
Timeout=2MSLdelete TCB
rcv ACK of FIN---
CLOSEsend FIN
rcv ACK of FIN---
Figure: TCP State Machine
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 5
TCP Connection
Host A Host B
SYN, Seq 1023,MSS 1024, Win 4096
Seq 1024, Ack 1Win 4096
SYN, Seq 0, Ack 1024MSS 1024, Win 8192
Seq 1024, Ack 1Data 1024, Win 4096
Seq 2048, Ack 1Data 1024, Win 4096
1. Discuss the exchange of the the firstthree segments between host A and Band the values of the header fields.
2. Host A transmits 7 segments with apayload size of 1024 Byte to host Band closes the connection afterwards.The first two segments carryingpayload are already annotated in themessage sequence chart. Continue tolabel the segments with the values ofthe headers header fields. Pleasenote that one of the segments is lost inthe network. Assume that host Asupports fast retransmit and notimeouts due to the lost segmentoccur in A’s TCP implementation.
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 6
TCP Connection
A 3-Way-Handshake (connection establishment)
A→ B: Active connection establishment by sending a synchronization segment (SYN)– Initialization of sequence number counter with value 1023– Each segment of B is allowed to have a size of up to 1024 Byte– A receive buffer of 4096 Bytes is allocated by host A
SYN, Seq 1023,MSS 1024, Win 4096
Seq 1024, Ack 1Win 4096
SYN, Seq 0, Ack 1024MSS 1024, Win 8192
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 7
TCP Connection
B→ A: Passive connection establishment by sending a synchronization segment(SYN-ACK)
– Acknowledgement of SYN=1023 from A with ACK=1024– Initialization of sequence number counter with value 0– Each segment of A is allowed to have a size of up to 1024 Byte– A receive buffer of 8192 Bytes is allocated by host B
SYN, Seq 1023,MSS 1024, Win 4096
Seq 1024, Ack 1Win 4096
SYN, Seq 0, Ack 1024MSS 1024, Win 8192
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 8
TCP Connection
A→ B: Acknowledgement of the SYN-ACK sent by B with an ACK
SYN, Seq 1023,MSS 1024, Win 4096
Seq 1024, Ack 1Win 4096
SYN, Seq 0, Ack 1024MSS 1024, Win 8192
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 9
TCP Connection
Data Transfer
Seq 1024, Ack 1Data 1024, Win 4096
Seq 2048, Ack 1Data 1024, Win 4096
Seq 3072, Ack 2Data 1024, Win 4096
Seq 4096, Ack 2Data 1024, Win 4096
Seq 5120, Ack 2Data 1024, Win 4096
Seq 6144, Ack 2Data 1024, Win 4096
Seq 7168, Ack 2Data 1024, Win 4096
Seq 3072, Ack 2Data 1024, Win 4096
Seq 1, Ack 3072,Win 8192
Seq 1, Ack 3072,Win 7168
Seq 1, Ack 3072,Win 6144
Seq 1, Ack 3072,Win 5120
Seq 1, Ack 3072,Win 4096
Seq 1, Ack 8192,Win 8192
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 10
TCP Connection
Connection Termination
Host A Host B
FIN, Seq 8192, Ack 2, Win 4096
Seq 8193, Ack 2, Win 4096
Seq 1, Ack 8193,Win 8192
FIN, Seq 1,Ack 8193, Win 8192
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 11
TCP Connection
Notes:– The first three packets are exchanged with header information as defined in
RFC 793 - see page 30.– It’s important to understand that acknowledgements do not use up a sequence
number (only data bytes increase sequence number). Therefore the 3rd packetsend by A uses the same number as the one before (1024).
– The data transfer proceeds as shown in class. The 3rd data packet is lost.Therefore host B sends the acknowledgement (ACK = 3072) multiple times.
– After the third duplicate acknowledgement (see problem statement) host A noticesthe lost packet (fast retransmit) and resends it.
– Connection termination is done as specified in RFC 793 - see page 38. Fourpackets are used. The second and third (both from host A) could have beenmerged. But by using this approach we ensure that data packets of host B that arestill in the network or in its transmission queue can be received by host A.
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 12
Basic TCP Features
The original TCP protocol as defined in RFC 793 already specifies several featuresbesides providing a reliable end-to-end connection. Explain the following features resp.properties:
1. Push function
2. Urgent data transport
3. TCP Options
4. Connection reset
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 13
Basic TCP Features
1. Push Flag– Problem: TCP can coalesce data to create larger segments to reduce overhead– Problem: TCP does not immediately forward the received data to the application to
reduce context switches between kernel and user space– Solution: Immediate data transfer signaled by push flag– Sender side: “Send now even if segment is small”– Receiver side: “Push data to application”
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 14
Basic TCP Features
2. Urgent Flag– Problem: All data in TCP stream has the same priority (it is just one stream)– Problem: Sometimes the application has some urgent signaling information– Solution: Multiplex urgent data in normal TCP stream– Sender side: Creates segment with urgent data followed by regular data– Receiver side: Urgent data is forwarded to the application immediately, rest of data is
processed normally
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 15
Basic TCP Features
Urgent data transport feature rarely used– RFC 793, page 17: “The urgent pointer points to the sequence number of the
octet following the urgent data.”– RFC 961, page 6: “Page 17 <of RFC 793> is wrong. The urgent pointer points to
the last octet of urgent data (not to the first octet of non-urgent data).”– RFC 1122, page 84: “Urgent Pointer: RFC-793 Section 3.1. The second sentence
is in error: the urgent pointer points to the sequence number of the LAST octet(not LAST+1) in a sequence of urgent data. The description on page 56 (lastsentence) is correct.”
⇒ most TCP implementations use the definition of RFC 793⇒ most applications make no use of this feature because of the incompatibility of TCPimplementations
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 16
Basic TCP Features
3. Options– Problem: TCP feature set is limited– Solution: Extend TCP by options– Connection establishment phase: Support of and intend to use options is signaled
⇒ options are optional, few are implemented and used
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 17
Basic TCP Features
Kind Length Meaning Reference
0 - End of Option List RFC 7931 - No-Operation RFC 7932 4 Maximum Segment Size RFC 7933 3 WSOPT - Window Scale RFC 13234 2 SACK Permitted RFC 20185 N SACK RFC 20186 6 Echo (obsoleted by option 8) RFC 10727 6 Echo Reply (obsoleted by option 8) RFC 10728 10 TSOPT - Time Stamp Option RFC 13239 2 Partial Order Connection Permitted RFC 1693
10 3 Partial Order Service Profile RFC 169311 CC RFC 164412 CC.NEW RFC 164413 CC.ECHO RFC 164414 3 TCP Alternate Checksum Request RFC 114615 N TCP Alternate Checksum Data RFC 114616 Skeeter Knowles17 Bubba Knowles18 3 Trailer Checksum Option Subbu, Monroe19 18 MD5 Signature Option RFC 238520 SCPS Capabilities Scott21 Selective Negative Acknowledgements Scott22 Record Boundaries Scott23 Corruption experienced Scott24 SNAP Sukonnik26 TCP Compression Filter Bellovin27 8 Quick-Start Response RFC 478228 4 User Timeout Option RFC 5482
253 N RFC3692-style Experiment 1 RFC 4727254 N RFC3692-style Experiment 2 RFC 4727
Table: List of TCP Options as assigned by IANAInstitute of Computer Science – Telematics Tutorial – 14. January, 2010 18
Basic TCP Features
Number Description Reference
0 TCP Checksum RFC 11461 8-bit Fletchers’s algorithm RFC 11462 16-bit Fletchers’s algorithm RFC 11463 Redundant Checksum Avoidance Kay
Table: TCP Alternate Checksum Numbers as assigned by IANA
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 19
Basic TCP Features
4. Reset Flag– Problem: TCP connection has to be reliable but errors can happen
– Bug in TCP implementation– SYN send to closed TCP port
– Solution: Send segment with set reset flag– TCP connection is reset if
– Sequence number is valid– not in LISTEN state
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 20
The History of TCP
The original Transmission Control Protocol has gotten many extensions over time.Research when the following extensions got added, name the corresponding RFCs (ifany), and briefly explain the extension:
– Fast Retransmit– Fast Recovery– Congestion Control– Flow Control– Karn’s Algorithm– Nagle’ Algorithm– Selective Acknowledgements– Modification to adapt TCP to networks with high bandwidth-delay products
Name TCP variants that implement these features.
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 21
The History of TCP
TCP Variant Year RFC
1973 Kahn und Cerf begin research for a reli-able packet-oriented transfer protocol
Original TCP 1981 793 Flow control1983 Widespread adoption, BSD Version 4.2
Nagles’s Algorithm 1984 896 Coalescing of small segmentsKarn’s Algorithm 1987 2988 Improved RTT estimation
TCP/Tahoe 1988 2001,2581 Slow start and congestion avoidance,Jacobson, BSD 4.3
1988 1072 Selective AcknowledgementsTCP Reno 1990 2581 Fast retransmit and recovery, Jacobson,
BSD 4.31992 1323 Window scaling, optimized RTT estima-
tionTCP Vegas 1994 RTT estimation with timestamps, proac-
tiveTCP NewReno 1999 2582 Partial acknowledgments
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 22
Compatibility
There are many TCP variants available and used in today’s operating systems.Discuss if and why these variants are (not) fully compatible.
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 23
Compatibility
TCP Variants
– Tahoe– Reno– New Reno– Vegas– Westwood, Westwood+– BIC– CUBIC– Scalable TCP– Hybla TCP– Compound TCP
– TCP-Peach– Bandwidth Aware TCP– TCP-LP– HSTCP-LP– High Speed TCP– TCP-Illinois– YeAH-TCP– Fast TCP– H-TCP
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 24
Compatibility
– All TCP implementations have to be compatible with the protocol described inRFC 793
– Connection states, protocol procedure– Sequence & acknowledgement numbers– Receiver window– Header flags– Checksum
– Most TCP variants try to improve TCP in particular scenarios– Wireless networks– Networks with high bandwidth-dely-product– Using only the left bandwidth and not a fair amount
– Most often only congestion control algorithm is adapted– Congestion control is a pure sender-side mechanism
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 25
Operating System Support
Which TCP variants and features are supported by modern operating systems? Giveexamples.
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 26
Operating System Support
Linux Congestion Control Algorithms
– Binary Increase Congestion (BIC) control– CUBIC TCP– TCP Westwood+– H-TCP– High Speed TCP– TCP-Hybla congestion control algorithms– TCP Vegas– Scalable TCP– TCP Low Priority– TCP Veno– YeAH TCP– TCP Illinois
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 27
Operating System Support
Linux TCP Manual Page Exerpt
– tcp abort on overflow– tcp adv win scale– tcp app win– tcp bic– tcp bic low window– tcp bic fast convergence– tcp dsack– tcp ecn– tcp fack– tcp fin timeout– tcp frto– tcp keepalive intvl– tcp keepalive probes
– tcp keepalive time– tcp low latency– tcp max orphans– tcp max syn backlog– tcp max tw buckets– tcp mem– tcp orphan retries– tcp reordering– tcp retrans collapse– tcp retries1– tcp retries2– tcp rfc1337– tcp rmem
– tcp sack– tcp stdurg– tcp synack retries– tcp syncookies– tcp syn retries– tcp timestamps– tcp tw recycle– tcp tw reuse– tcp window scaling– tcp vegas cong avoid– tcp westwood– tcp wmem
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 28
Basic and Advanced Congestion Avoidance
Sketch a diagram depicting the behavior of a TCP implementation that experiencescongestion that supports
– no congestion avoidance– slow start and congestion avoidance– fast retransmit and fast recovery
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 29
Basic and Advanced Congestion Avoidance
Time
Win
dow
Siz
e
uses full rwndevery RTT
rwnd shrinks dueto segment loss
rwnd increases asduplicates of lostsegments are received
Figure: Without Congestion Aviodance
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 30
Basic and Advanced Congestion Avoidance
Time
Win
dow
Siz
e
ssthresh = max (FlightSize / 2, 2*SMSS)
cwnd = SMSS*SMSS/cwndcongestion avoidance
cwnd = cwnd + 1slow start
ssthresh
Figure: Slow Start and Congestion Aviodance
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 31
Basic and Advanced Congestion Avoidance
Time
Win
dow
Siz
e
ssthresh = max (FlightSize / 2, 2*SMSS)
cwnd = ssthresh + 3*SMSS"inflating the window"
cwnd = cwnd + 1for each rcvd dup-ack
ACK for "new data" rcvdcwnd = ssthresh"deflating the window"
Figure: Fast Retransmit and Fast Recovery
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 32
Congestion Control Continued
Figure: Reno [Source]
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 33
Congestion Control Continued
Figure: BIC [Source]
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 34
Congestion Control Continued
Figure: CUBIC [Source]
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 35
Congestion Control Continued
Figure: H-TCP [Source]
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 36
TCP FAQs
– Slow Start Threshold after segment loss
ssthresh = max(FlightSize/2, 2 ∗ SMSS) (1)
FlightSize := amount of outstanding data in the network.
“An easy mistake to make is to simply use cwnd, rather than FlightSize, which insome implementations may incidentally increase well beyond rwnd.”, RFC 2581
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 37
TCP FAQs
Confusion about the meaning of half-open– Half-open connection: “An established connection is said to be ”half-open” if one
of the TCPs has closed or aborted the connection at its end without theknowledge of the other, or if the two ends of the connection have becomedesynchronized owing to a crash that resulted in loss of memory.”, RFC 793
– Embryonic state: After A sends a SYN to B (embryonic connection for A) and afterB send SYN-ACK to A (embryonic connection for B)
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 38
TCP FAQs
Sender Maximum Segment Size (SMSS)– Largest segment that the sender can transmit– Based on network MTU, path MTU discovery or RMSS– Does not include TCP/IP headers and options
Receiver Maximum Segment Size (RMSS)– Largest size of segments the receiver will accept– Signaled by MSS option– Defaults to 536 bytes– Does not include TCP/IP headers and options
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 39
TCP FAQs
The initial value of cwnd
cwndinitial = max(2 ∗ SMSS)bytes (2)
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 40
TCP FAQs
Congestion window size increase– Slow start: increment cwnd by at most SMSS bytes for each ACK received that
acknowledges new data.– Congestion avoidance: cwnd is incremented by 1 full-sized segment per round-trip
time (RTT).
Slow start ends when cwnd exceeds ssthresh (or, optionally, when it reaches it) orwhen congestion is observed.
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 41
TCP Slow Start and Congestion Avoidance
TCP implementation with:– An initial slow start threshold of 8 kB– Maximum segment size is set to 1 kB– Receiver window is 16 kB fixed– Fast retransmit and fast recovery are not supported
Due to congestion, timeouts occur after the 8th, the 11th, and the 17th transmission.
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 42
TCP Slow Start and Congestion Avoidance
2 4 6 8 10 12 14 16 18RTT / Number of Transmissions
Win
dow
Siz
e [
kB]
2
4
6
8
10
12
14
16
Figure: Slow Start and Congestion Avoidance
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 43
TCP Limitations
TCP is a reliable transport protocol but reliability can decrease throughput andincrease delay.
1. The maximum payload size of a TCP segment is limited to 65495 Byte. Explainthis value.
2. Consider a communication channel with a data rate of 1 GBit/s and a delay of10 ms. What is the maximum throughput a TCP connection can achieve? Howefficient is the TCP connection?
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 44
TCP Limitations
– TCP segments are usually sent as payload in IP datagrams– Total-Length-Field of the IP header represents the size of the IP header and IP
payload– Field is 16 bit, thus the maximum value is 65535– Headers of TCP and IP usually have a size of 20 Bytes each (options are used
very seldom)– Maximum TCP payload size of 65535− 2 ∗ 20 = 65495 Byte is a good choice to
prevent IP fragmentation– Payload is usually much smaller, due to limitation of lower layers protocols (see
MTU)
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 45
TCP Limitations
Maximum throughput:
1. The window size is restricted to 65535 Byte
2. At least all 65535 Byte an acknowledgement is required
3. A transmission of 65535 Byte takes at least 20 ms
4. Per second, 50 ∗ 65535 Byte can be transmitted
5. The maximum throughput is 50 ∗ 65, 535 ∗ 8 = 26, 214, 000 Bit/s
Efficiency: 26,214,0001∗109 = 0.0262, 14 ≈ 2.6%
For this reason, the congstion window has to be scaled to larger sizes to achieve ahigher efficiency within modern networks.
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 46
TCP Security
List and explain attacks on the TCP protocol and how you can detect or prevent these.Hint: Watch the following conference talk. Link
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 47
TCP Security
Attacks:– TCP Session Hijacking– TCP Reset– SYN Flood– RTT Timer manipulation– Shrew attacks
Prevention:– Sequence number randomization– SYN Cookies– Encryption on higher layers– Watch ARP cache
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 48
TCP Security
# netstat -atn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3930 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3316 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):4147 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3854 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1500 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3931 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):2325 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1652 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1499 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1710 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1125 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1913 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):2445 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3929 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1119 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):4602 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3518 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1529 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1551 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1502 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3122 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1311 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3529 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3856 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):4714 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1680 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3286 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1120 SYN_RECV
tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):1651 SYN_RECV
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 49
Alternative Layer 4 Protocols
Next tutorial session. . .
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 50
The Last SlideTM
Thank you for your attention.Questions?
Institute of Computer Science – Telematics Tutorial – 14. January, 2010 51