19540 - telematics€¦ · tcp transmission control protocol (tcp), fundamental features: –...

19540 - Telematics11th Tutorial - TCP and other Transport layer protocols

Bastian Blywis

Department of Mathematics and Computer ScienceInstitute of Computer Science14. January, 2010

Institute of Computer Science – Telematics Tutorial – 14. January, 2010 1

Outline


TCP

Transmission Control Protocol (TCP), fundamental features:– Transport layer protocol, layer 4– Reliable end-to-end connection– Bidirectional– In-order delivery of data– Stream-oriented, does not preserve message boundaries– “Byte pipe” for higher layer protocols– Multiplexing based on ports


TCP

0 3 7 15 31

Source Port Destination Port

Sequence number

Acknowledgement number

Offset Reserv.URG

ACK

PSH

RST

SYN

FIN

Receiver window

Checksum Pointer

Options Padding

Header

Payload

Figure: TCP Segment


TCP

Closed

Listen

SYNRCVD

SYNSent

Estab-lished

FINWait-1

CloseWait

FINWait-2

LastACK

Closing

TimeWait

Closed

passive OPENcreate TCB

CLOSEdelete TCB

CLOSEdelete TCB

active OPENcreate TCBand SYN

SENDsend SYN

rcv SYNsend SYN, ACK

rcv SYNsend ACK

rcv ACK of SYN---

rcv SYN, ACKsend ACK

CLOSEsend FIN

rcv FINsend ACK

CLOSEsend FIN

rcv FINsend ACK

rcv ACK of FIN---

rcv FINsend ACK

Timeout=2MSLdelete TCB

rcv ACK of FIN---

CLOSEsend FIN

rcv ACK of FIN---

Figure: TCP State Machine


TCP Connection

Host A Host B

SYN, Seq 1023,MSS 1024, Win 4096

Seq 1024, Ack 1Win 4096

SYN, Seq 0, Ack 1024MSS 1024, Win 8192

Seq 1024, Ack 1Data 1024, Win 4096

Seq 2048, Ack 1Data 1024, Win 4096

1. Discuss the exchange of the the firstthree segments between host A and Band the values of the header fields.

2. Host A transmits 7 segments with apayload size of 1024 Byte to host Band closes the connection afterwards.The first two segments carryingpayload are already annotated in themessage sequence chart. Continue tolabel the segments with the values ofthe headers header fields. Pleasenote that one of the segments is lost inthe network. Assume that host Asupports fast retransmit and notimeouts due to the lost segmentoccur in A’s TCP implementation.


TCP Connection

A 3-Way-Handshake (connection establishment)

A→ B: Active connection establishment by sending a synchronization segment (SYN)– Initialization of sequence number counter with value 1023– Each segment of B is allowed to have a size of up to 1024 Byte– A receive buffer of 4096 Bytes is allocated by host A

SYN, Seq 1023,MSS 1024, Win 4096

Seq 1024, Ack 1Win 4096



TCP Connection

B→ A: Passive connection establishment by sending a synchronization segment(SYN-ACK)

– Acknowledgement of SYN=1023 from A with ACK=1024– Initialization of sequence number counter with value 0– Each segment of A is allowed to have a size of up to 1024 Byte– A receive buffer of 8192 Bytes is allocated by host B

SYN, Seq 1023,MSS 1024, Win 4096

Seq 1024, Ack 1Win 4096



TCP Connection

A→ B: Acknowledgement of the SYN-ACK sent by B with an ACK

SYN, Seq 1023,MSS 1024, Win 4096

Seq 1024, Ack 1Win 4096



TCP Connection

Data Transfer

Seq 1024, Ack 1Data 1024, Win 4096

Seq 2048, Ack 1Data 1024, Win 4096

Seq 3072, Ack 2Data 1024, Win 4096

Seq 4096, Ack 2Data 1024, Win 4096

Seq 5120, Ack 2Data 1024, Win 4096

Seq 6144, Ack 2Data 1024, Win 4096

Seq 7168, Ack 2Data 1024, Win 4096

Seq 3072, Ack 2Data 1024, Win 4096

Seq 1, Ack 3072,Win 8192

Seq 1, Ack 3072,Win 7168

Seq 1, Ack 3072,Win 6144

Seq 1, Ack 3072,Win 5120

Seq 1, Ack 3072,Win 4096

Seq 1, Ack 8192,Win 8192


TCP Connection

Connection Termination

Host A Host B

FIN, Seq 8192, Ack 2, Win 4096

Seq 8193, Ack 2, Win 4096

Seq 1, Ack 8193,Win 8192

FIN, Seq 1,Ack 8193, Win 8192


TCP Connection

Notes:– The first three packets are exchanged with header information as defined in

RFC 793 - see page 30.– It’s important to understand that acknowledgements do not use up a sequence

number (only data bytes increase sequence number). Therefore the 3rd packetsend by A uses the same number as the one before (1024).

– The data transfer proceeds as shown in class. The 3rd data packet is lost.Therefore host B sends the acknowledgement (ACK = 3072) multiple times.

– After the third duplicate acknowledgement (see problem statement) host A noticesthe lost packet (fast retransmit) and resends it.

– Connection termination is done as specified in RFC 793 - see page 38. Fourpackets are used. The second and third (both from host A) could have beenmerged. But by using this approach we ensure that data packets of host B that arestill in the network or in its transmission queue can be received by host A.


Basic TCP Features

The original TCP protocol as defined in RFC 793 already specifies several featuresbesides providing a reliable end-to-end connection. Explain the following features resp.properties:

1. Push function

2. Urgent data transport

3. TCP Options

4. Connection reset


Basic TCP Features

1. Push Flag– Problem: TCP can coalesce data to create larger segments to reduce overhead– Problem: TCP does not immediately forward the received data to the application to

reduce context switches between kernel and user space– Solution: Immediate data transfer signaled by push flag– Sender side: “Send now even if segment is small”– Receiver side: “Push data to application”


Basic TCP Features

2. Urgent Flag– Problem: All data in TCP stream has the same priority (it is just one stream)– Problem: Sometimes the application has some urgent signaling information– Solution: Multiplex urgent data in normal TCP stream– Sender side: Creates segment with urgent data followed by regular data– Receiver side: Urgent data is forwarded to the application immediately, rest of data is

processed normally


Basic TCP Features

Urgent data transport feature rarely used– RFC 793, page 17: “The urgent pointer points to the sequence number of the

octet following the urgent data.”– RFC 961, page 6: “Page 17 <of RFC 793> is wrong. The urgent pointer points to

the last octet of urgent data (not to the first octet of non-urgent data).”– RFC 1122, page 84: “Urgent Pointer: RFC-793 Section 3.1. The second sentence

is in error: the urgent pointer points to the sequence number of the LAST octet(not LAST+1) in a sequence of urgent data. The description on page 56 (lastsentence) is correct.”

⇒ most TCP implementations use the definition of RFC 793⇒ most applications make no use of this feature because of the incompatibility of TCPimplementations


Basic TCP Features

3. Options– Problem: TCP feature set is limited– Solution: Extend TCP by options– Connection establishment phase: Support of and intend to use options is signaled

⇒ options are optional, few are implemented and used


Basic TCP Features

Kind Length Meaning Reference

0 - End of Option List RFC 7931 - No-Operation RFC 7932 4 Maximum Segment Size RFC 7933 3 WSOPT - Window Scale RFC 13234 2 SACK Permitted RFC 20185 N SACK RFC 20186 6 Echo (obsoleted by option 8) RFC 10727 6 Echo Reply (obsoleted by option 8) RFC 10728 10 TSOPT - Time Stamp Option RFC 13239 2 Partial Order Connection Permitted RFC 1693

10 3 Partial Order Service Profile RFC 169311 CC RFC 164412 CC.NEW RFC 164413 CC.ECHO RFC 164414 3 TCP Alternate Checksum Request RFC 114615 N TCP Alternate Checksum Data RFC 114616 Skeeter Knowles17 Bubba Knowles18 3 Trailer Checksum Option Subbu, Monroe19 18 MD5 Signature Option RFC 238520 SCPS Capabilities Scott21 Selective Negative Acknowledgements Scott22 Record Boundaries Scott23 Corruption experienced Scott24 SNAP Sukonnik26 TCP Compression Filter Bellovin27 8 Quick-Start Response RFC 478228 4 User Timeout Option RFC 5482

253 N RFC3692-style Experiment 1 RFC 4727254 N RFC3692-style Experiment 2 RFC 4727

Table: List of TCP Options as assigned by IANAInstitute of Computer Science – Telematics Tutorial – 14. January, 2010 18

Basic TCP Features

Number Description Reference

0 TCP Checksum RFC 11461 8-bit Fletchers’s algorithm RFC 11462 16-bit Fletchers’s algorithm RFC 11463 Redundant Checksum Avoidance Kay

Table: TCP Alternate Checksum Numbers as assigned by IANA


Basic TCP Features

4. Reset Flag– Problem: TCP connection has to be reliable but errors can happen

– Bug in TCP implementation– SYN send to closed TCP port

– Solution: Send segment with set reset flag– TCP connection is reset if

– Sequence number is valid– not in LISTEN state


The History of TCP

The original Transmission Control Protocol has gotten many extensions over time.Research when the following extensions got added, name the corresponding RFCs (ifany), and briefly explain the extension:

– Fast Retransmit– Fast Recovery– Congestion Control– Flow Control– Karn’s Algorithm– Nagle’ Algorithm– Selective Acknowledgements– Modification to adapt TCP to networks with high bandwidth-delay products

Name TCP variants that implement these features.


The History of TCP

TCP Variant Year RFC

1973 Kahn und Cerf begin research for a reli-able packet-oriented transfer protocol

Original TCP 1981 793 Flow control1983 Widespread adoption, BSD Version 4.2

Nagles’s Algorithm 1984 896 Coalescing of small segmentsKarn’s Algorithm 1987 2988 Improved RTT estimation

TCP/Tahoe 1988 2001,2581 Slow start and congestion avoidance,Jacobson, BSD 4.3

1988 1072 Selective AcknowledgementsTCP Reno 1990 2581 Fast retransmit and recovery, Jacobson,

BSD 4.31992 1323 Window scaling, optimized RTT estima-

tionTCP Vegas 1994 RTT estimation with timestamps, proac-

tiveTCP NewReno 1999 2582 Partial acknowledgments


Compatibility

There are many TCP variants available and used in today’s operating systems.Discuss if and why these variants are (not) fully compatible.


Compatibility

TCP Variants

– Tahoe– Reno– New Reno– Vegas– Westwood, Westwood+– BIC– CUBIC– Scalable TCP– Hybla TCP– Compound TCP

– TCP-Peach– Bandwidth Aware TCP– TCP-LP– HSTCP-LP– High Speed TCP– TCP-Illinois– YeAH-TCP– Fast TCP– H-TCP


Compatibility

– All TCP implementations have to be compatible with the protocol described inRFC 793

– Connection states, protocol procedure– Sequence & acknowledgement numbers– Receiver window– Header flags– Checksum

– Most TCP variants try to improve TCP in particular scenarios– Wireless networks– Networks with high bandwidth-dely-product– Using only the left bandwidth and not a fair amount

– Most often only congestion control algorithm is adapted– Congestion control is a pure sender-side mechanism


Operating System Support

Which TCP variants and features are supported by modern operating systems? Giveexamples.



Linux Congestion Control Algorithms

– Binary Increase Congestion (BIC) control– CUBIC TCP– TCP Westwood+– H-TCP– High Speed TCP– TCP-Hybla congestion control algorithms– TCP Vegas– Scalable TCP– TCP Low Priority– TCP Veno– YeAH TCP– TCP Illinois



Linux TCP Manual Page Exerpt

– tcp abort on overflow– tcp adv win scale– tcp app win– tcp bic– tcp bic low window– tcp bic fast convergence– tcp dsack– tcp ecn– tcp fack– tcp fin timeout– tcp frto– tcp keepalive intvl– tcp keepalive probes

– tcp keepalive time– tcp low latency– tcp max orphans– tcp max syn backlog– tcp max tw buckets– tcp mem– tcp orphan retries– tcp reordering– tcp retrans collapse– tcp retries1– tcp retries2– tcp rfc1337– tcp rmem

– tcp sack– tcp stdurg– tcp synack retries– tcp syncookies– tcp syn retries– tcp timestamps– tcp tw recycle– tcp tw reuse– tcp window scaling– tcp vegas cong avoid– tcp westwood– tcp wmem


Basic and Advanced Congestion Avoidance

Sketch a diagram depicting the behavior of a TCP implementation that experiencescongestion that supports

– no congestion avoidance– slow start and congestion avoidance– fast retransmit and fast recovery



Time

Win

dow

Siz

e

uses full rwndevery RTT

rwnd shrinks dueto segment loss

rwnd increases asduplicates of lostsegments are received

Figure: Without Congestion Aviodance



Time

Win

dow

Siz

e

ssthresh = max (FlightSize / 2, 2*SMSS)

cwnd = SMSS*SMSS/cwndcongestion avoidance

cwnd = cwnd + 1slow start

ssthresh

Figure: Slow Start and Congestion Aviodance



Time

Win

dow

Siz

e

ssthresh = max (FlightSize / 2, 2*SMSS)

cwnd = ssthresh + 3*SMSS"inflating the window"

cwnd = cwnd + 1for each rcvd dup-ack

ACK for "new data" rcvdcwnd = ssthresh"deflating the window"

Figure: Fast Retransmit and Fast Recovery


Congestion Control Continued

Figure: Reno [Source]


http://netlab.caltech.edu/projects/ns2tcplinux/ns2linux-2.29-linux-2.6.16/


Figure: BIC [Source]




Figure: CUBIC [Source]




Figure: H-TCP [Source]



TCP FAQs

– Slow Start Threshold after segment loss

ssthresh = max(FlightSize/2, 2 ∗ SMSS) (1)

FlightSize := amount of outstanding data in the network.

“An easy mistake to make is to simply use cwnd, rather than FlightSize, which insome implementations may incidentally increase well beyond rwnd.”, RFC 2581


TCP FAQs

Confusion about the meaning of half-open– Half-open connection: “An established connection is said to be ”half-open” if one

of the TCPs has closed or aborted the connection at its end without theknowledge of the other, or if the two ends of the connection have becomedesynchronized owing to a crash that resulted in loss of memory.”, RFC 793

– Embryonic state: After A sends a SYN to B (embryonic connection for A) and afterB send SYN-ACK to A (embryonic connection for B)


TCP FAQs

Sender Maximum Segment Size (SMSS)– Largest segment that the sender can transmit– Based on network MTU, path MTU discovery or RMSS– Does not include TCP/IP headers and options

Receiver Maximum Segment Size (RMSS)– Largest size of segments the receiver will accept– Signaled by MSS option– Defaults to 536 bytes– Does not include TCP/IP headers and options


TCP FAQs

The initial value of cwnd

cwndinitial = max(2 ∗ SMSS)bytes (2)


TCP FAQs

Congestion window size increase– Slow start: increment cwnd by at most SMSS bytes for each ACK received that

acknowledges new data.– Congestion avoidance: cwnd is incremented by 1 full-sized segment per round-trip

time (RTT).

Slow start ends when cwnd exceeds ssthresh (or, optionally, when it reaches it) orwhen congestion is observed.


TCP Slow Start and Congestion Avoidance

TCP implementation with:– An initial slow start threshold of 8 kB– Maximum segment size is set to 1 kB– Receiver window is 16 kB fixed– Fast retransmit and fast recovery are not supported

Due to congestion, timeouts occur after the 8th, the 11th, and the 17th transmission.


TCP Slow Start and Congestion Avoidance

2 4 6 8 10 12 14 16 18RTT / Number of Transmissions

Win

dow

Siz

e [

kB]

2

4

6

8

10

12

14

16

Figure: Slow Start and Congestion Avoidance


TCP Limitations

TCP is a reliable transport protocol but reliability can decrease throughput andincrease delay.

1. The maximum payload size of a TCP segment is limited to 65495 Byte. Explainthis value.

2. Consider a communication channel with a data rate of 1 GBit/s and a delay of10 ms. What is the maximum throughput a TCP connection can achieve? Howefficient is the TCP connection?


TCP Limitations

– TCP segments are usually sent as payload in IP datagrams– Total-Length-Field of the IP header represents the size of the IP header and IP

payload– Field is 16 bit, thus the maximum value is 65535– Headers of TCP and IP usually have a size of 20 Bytes each (options are used

very seldom)– Maximum TCP payload size of 65535− 2 ∗ 20 = 65495 Byte is a good choice to

prevent IP fragmentation– Payload is usually much smaller, due to limitation of lower layers protocols (see

MTU)


TCP Limitations

Maximum throughput:

1. The window size is restricted to 65535 Byte

2. At least all 65535 Byte an acknowledgement is required

3. A transmission of 65535 Byte takes at least 20 ms

4. Per second, 50 ∗ 65535 Byte can be transmitted

5. The maximum throughput is 50 ∗ 65, 535 ∗ 8 = 26, 214, 000 Bit/s

Efficiency: 26,214,0001∗109 = 0.0262, 14 ≈ 2.6%

For this reason, the congstion window has to be scaled to larger sizes to achieve ahigher efficiency within modern networks.


TCP Security

List and explain attacks on the TCP protocol and how you can detect or prevent these.Hint: Watch the following conference talk. Link


http://bork.informatik.uni-erlangen.de/pub/ccc/25c3/video_h264_720x576/25c3-2909-en-tcp_denial_of_service_vulnerabilities.mp4

TCP Security

Attacks:– TCP Session Hijacking– TCP Reset– SYN Flood– RTT Timer manipulation– Shrew attacks

Prevention:– Sequence number randomization– SYN Cookies– Encryption on higher layers– Watch ARP cache


TCP Security

# netstat -atn

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN

tcp 0 0 (MY-SERVER-IP):80 (ATTACKER-IP):3930 SYN_RECV






























Alternative Layer 4 Protocols

Next tutorial session. . .


The Last SlideTM

Thank you for your attention.Questions?


19540 - telematics€¦ · tcp transmission control protocol (tcp), fundamental features: –...

Documents