TCP/IP Internal

1
TCP/IP Internal
TCP/IP
2
Learning outcome
TCP/IP

• Application layer
• HTTP, FTP, TELNET, POP3, SMTP, IMAP, DNS
  protocols
• Transport layer
• TCP and UDP
• TCP and UDP segment
• Opening and closing connections
• Flow control
• Reliable data transmission
• Internet layer
• IP , ICMP, ARP and RARP
• IP datagram
• Routing

3
Learning outcome contd
TCP/IP

• Before we have explained how
• Each layer adds header information to the block
  of data passed to it from the previous layer
• And these headers are interpreted and removed by
  corresponding layer at the receiving end
• In this Chapter
• We will look in details at the header information
  constructed at the transport and internet layers
• We will also show how this information is used

4
Reading List for this chapter
TCP/IP

Joe Casad, Teach Teach Yourself TCP/IP, chs. 4-6
or

• William Buchanan, Mastering the Internet, Ch. 4

or

• Julian Moss, understanding TCP/IP (parts 2-4,
  October 1997-March 1998)

and
Liam Proven, understanding TCP/IP details of
IP addressing ( January 2001)
http//www.pcnetworkadvisor.com
5
TCP/IP

• TCP/IP Protocol Suite is a four-layered protocol
  suite. The location of the important protocols
  within the TCP/IP layers is showed below

5
6
The suite of Protocols for TCP/IP
ICMP
7
The application layer
TCP/IP suite

• Handles high-level protocols, issues of
  representation, encoding, and dialog control. 
• The TCP/IP combines all application-related
  issues into one layer, and assures this data is
  properly packaged for the next layer.
• FTP, HTTP, SMNP, DNS ...
• Format of data, data structure, encode
• Dialog control, session management

8
Application Protocols
TCP/IP suite
9
Application Protocols
TCP/IP suite
10
Application Protocols (contd)
TCP/IP suite
11
The transport layer
TCP/IP suite

• Transport layer
• Transport protocols
• UDP
• TCP
• TCP AND UDP segments

12
Transport Protocols in the Internet
TCP/IP suite

• The Internet supports 2 transport protocols

• UDP - User Datagram Protocol
• datagram oriented
• unreliable, connectionless
• No acknowledgment
• simple
• unicast and multicast
• useful only for few applications, e.g.,
  multimedia applications
• used a lot for services
• network management (SNMP), routing (RIP), naming
  (DNS), etc.

• TCP - Transmission Control Protocol
• stream oriented
• reliable, connection-oriented
• complex
• only unicast
• used for most Internet applications
• web (HTTP), email (SMTP), file transfer (FTP),
  terminal (TELNET), etc.

13
User Datagram Protocol
TCP/IP
14
User Datagram Protocol
TCP/IP

• Source port (optional - zero if not used)
• Length - Count of octets including header and
  data (minimum is 8)
• Checksum (optional - zero if not used)

UDP Destination Port
UDP Source Port
UDP Message Length
UDP Checksum
Data . . .
15
User Datagram Protocol
TCP/IP

• IP checksum does not include data
• UDP checksum is only way to guarantee that data
  is correct
• UDP checksum includes pseudo-header

UDP Header
UDP Data
Pseudo Header
16
UDP Pseudo-Header
TCP/IP
Source IP Address
Destination Address
UDP Length
Protocol
Zero
UDP Destination Port
UDP Source Port
UDP Message Length
UDP Checksum
Data . . .
17
Transport Control Protocol
TCP/IP
18
TCP Lingo
TCP/IP

• When a client requests a connection, it sends a
  SYN segment (a special TCP segment) to the
  server port.
• SYN stands for synchronize. The SYN message
  includes the clients ISN.
• ISN is Initial Sequence Number.

19
More...
TCP/IP

• Every TCP segment includes a Sequence Number that
  refers to the first byte of data included in the
  segment.
• Every TCP segment includes a Request Number
  (Acknowledgement Number) that indicates the byte
  number of the next data that is expected to be
  received.
• All bytes up through this number have already
  been received.

20
And more...
TCP/IP

• There are a bunch of control flags
• URG urgent data included.
• ACK this segment is (among other things) an
  acknowledgement.
• RST error - abort the session.
• SYN synchronize Sequence Numbers (setup)
• FIN polite connection termination.

21
And more...
TCP/IP

• MSS Maximum segment size (A TCP option)
• Window Every ACK includes a Window field that
  tells the sender how many bytes it can send
  before the receiver will have to throw it away
  (due to fixed buffer size).

22
TCP Connection creation
Server
Client
time
TCP 3-way handshake
23
TCP 3-way handshake

• Client I want to talk, and Im starting with
  byte number X1.
• Server OK, Im here and Ill talk. My first
  byte will be called number Y1, and I know your
  first byte will be number X1.
• Client Got it - you start at byte number Y1.

1
2
3
24
TCP Data and ACK

• Once the connection is established, data can be
  sent.
• Each data segment includes a sequence number
  identifying the first byte in the segment.
• Each segment (data or empty) includes a request
  number indicating what data has been received.

25
TCP Fast Retransmit

• Another enhancement to TCP congestion control
• Idea When sender sees 3 duplicate ACKs, it
  assumes something went wrong
• The packet is immediately retransmitted instead
  of waiting for it to timeout

26
Figure 6.12 Fast Retransmit
TCP Fast Retransmit
Fast Retransmit Based on three duplicate ACKs
27
TCP Fast RetransmitExample
Receiver
Sender
MSS 1K
ACK of new data
ACK 2048 WIN 31K
Duplicate ACK 1
ACK 2048 WIN 30K
Duplicate ACK 2
ACK 2048 WIN 29K
Fast Retransmit occurs (2nd packet is
now retransmitted w/o waiting for it to timeout)
Duplicate ACK 3
ACK 2048 WIN 28K
ACK 2048 WIN 27K
ACK 7168 WIN 26K
28
Buffering

• Keep in mind that TCP is (usually) part of the
  Operating System. It takes care of all these
  details asynchronously.
• The TCP layer doesnt know when the application
  will ask for any received data.
• TCP buffers incoming data so its ready when we
  ask for it.

29
TCP Buffers

• Both the client and server allocate buffers to
  hold incoming and outgoing data
• The TCP layer takes care of this.
• Both the client and server announce with every
  ACK how much buffer space remains (the Window
  field in a TCP segment).

30
Send Buffers

• The application gives the TCP layer some data to
  send.
• The data is put in a send buffer, where it stays
  until the data is ACKd.
• it has to stay, as it might need to be sent
  again!
• The TCP layer wont accept data from the
  application unless (or until) there is buffer
  space.

31
ACKs

• A receiver doesnt have to ACK every segment (it
  can ACK many segments with a single ACK segment).
• Each ACK can also contain outgoing data
  (piggybacking).
• If a sender doesnt get an ACK after some time
  limit it resends the data.

32
TCP Segment Order

• Most TCP implementations will accept out-of-order
  segments (if there is room in the buffer).
• Once the missing segments arrive, a single ACK
  can be sent for the whole thing.
• Remember IP delivers TCP segments, and IP is not
  reliable - IP datagrams can be lost or arrive out
  of order.

33
Termination

• The TCP layer can send a RST segment that
  terminates a connection if something is wrong.
• Usually the application tells TCP to terminate
  the connection politely with a FIN segment.

34
FIN

• Either end of the connection can initiate
  termination.
• A FIN is sent, which means the application is
  done sending data.
• The FIN is ACKd.
• The other end must now send a FIN.
• That FIN must be ACKd.

35
App2
App1
...
36
TCP Termination
1
App1 I have no more data for you. App2 OK,
I understand you are done sending. dramatic
pause App2 OK - Now Im also done sending
data. App1 Goodbye, Its been real pleasure
talking to you
2
3
4
37
TCP TIME_WAIT

• Once a TCP connection has been terminated (the
  last ACK sent) there is some unfinished business
• What if the ACK is lost? The last FIN will be
  resent and it must be ACKd.
• What if there are lost or duplicated segments
  that finally reach the destination after a long
  delay?
• TCP hangs out for a while to handle these
  situations.

38
Test Questions

• Why is a 3-way handshake necessary?
• Who sends the first FIN - the server or the
  client?
• Once the connection is established, what is the
  difference between the operation of the servers
  TCP layer and the clients TCP layer?

39
TCP Features

• Connection-oriented
• Byte-stream
• app writes bytes
• TCP sends segments
• app reads bytes
• Reliable data transfer

• Flow control keep sender from overrunning
  receiver
• Congestion control keep sender from overrunning
  network

40
Segment Format
41
TCP Segment Fields

• Source Destination Ports
• 16 bit port identifiers for each packet (65536
  ports)
• Sequence number
• The packets unique sequence ID
• Initial number selected at connection time
• Acknowledgement number
• The sequence number of the next packet expected
  by the receiver

42
TCP Segment Fields (contd)

• Window size (flow control)
• Specifies how many bytes may be sent after the
  first acknowledged byte
• Checksum
• Checksums the TCP header and IP address fields
• Urgent Pointer
• Points to urgent data in the TCP data field

43
TCP Segment Fields (contd)

• Header bits
• URG Urgent pointer field in use
• ACK Indicates whether frame contains
  acknowledgement
• PSH Data has been pushed. It should be
  delivered to higher layers right away.
• RST Indicates that the connection should be
  reset
• SYN Used to establish connections
• FIN Used to release a connection

44
TCP Congestion Window

• TCP introduces a second window, called the
  congestion window
• To determine how many bytes it may send, the
  sender takes the minimum of the receiver window
  and the congestion window
• Example
• If the receiver window says the sender can
  transmit 8K, but the congestion window is only
  4K, then the sender may only transmit 4K
• If the congestion window is 8K but the receiver
  window says the sender can transmit 4K, then the
  sender may only transmit 4K

45
Sliding Window Revisited
46
Internet Layer

• Best path determination and packet switching

47
Internet Layer
Application Layer
Transport Layer
ICMP, ARP RARP
Internet Layer
Data-Link Layer
48
IP Datagram

• The Internet layer defines
• A packet format
• Addressing scheme
• And IP (Internet protocol)
• Ensures that any computer on the Internet has a
  unique IP
• The Internet layer adds an IP Header to a packet.
  
• A packet with an IP header is called
• IP datagram
• Header
• Source IP address
• Destination IP address
• Payload size (actual data sent without header)
• And some other stuff

49
Forwarding a Datagram

• Because datagrams are a connectionless
  communication, they are forwarded from node to
  node.
• At each step, the router (node) inspects the
  destination address of the datagram and forwards
  it to the appropriate interface.

50
Simple Datagram Forwarding
51
Datagram Forwarding with a Routing Table
52
Network Address

• From our subnetting discussion, weve already
  seen how the network address can be determined
  from the IP address and the netmask.
• 192.4.10.3 255.255.255.0 192.4.10.0
• With the network address, the router can
  determine the correct next hop.

53
Best-Effort Delivery

• Although IP makes the best-effort of datagram
  delivery, it does not guarantee proper handling
  of
• Datagram duplication
• Delayed or out-of-order delivery
• Corruption of data
• Datagram loss
• Other protocol layers are responsible for error
  handling.

54
IP Datagram Header
55
IP Datagram Header (cont.)

• Vers
• version of IP (4 bits)
• Only 2 permitted
• 0100 for IPv4 and
• 0110 for IPv6
• H. LEN
• Header Length (4 bits)
• length of the header in 32 bit words.
• Service Type
• Information about how data transmission is
  prioritised

56
IP Datagram Header(cont.)

• Total Length (16 bits)
• Total length of the datagram, measured in octets,
  including header and data.
• Identification (16 bits)
• A value assigned to aid in assembly of fragments.
• Identification, Flags and fragment offset
• These values allow datagrams to be fragmented and
  reassembled ant the destination.
• Time to Live (8 bits)
• Maximum time the datagram is allowed to exist in
  the system. Each router that handles the datagram
  decrements the TTL by 1.
• If the value is reaches 0 the datagram is
  discarded and an ICMP message is sent to the
  source host.

57
IP Datagram Header (cont.)

• Type
• Protocol (8 bits) Indicates which Transport
  Layer protocol the datagram is passed to.
• UDP or TCP
• Header Checksum (16 bits)
• Checksum is used to verify
• It is recomputed at each router hop.
• Source address (32 bits)
• Destination address (32 bits)

58
More about IP Routing

• Routing - the process of choosing a path over
  which to send packets
• Router - a computer that performs routing
• Routing is one of the Internet Protocols primary
  functions

59
IP Routing (contd)

• Criteria that could (ideally) be used to make
  routing decisions
• Network characteristics
• Network topology
• Network load
• Datagram length
• Type of service requested in the datagrams
  header
• IP routing software
• Normally does not consider most of these factors
• Makes decisions based on fixed assumptions about
  shortest paths

60
Hosts vs. Routers

• Hosts make routing decisions
• Hosts dont typically transfer packets from one
  network to another
• Routers make routing decisions
• Routers typically transfer packets from one
  network to another

61
Direct vs. Indirect Delivery

• Direct delivery - transmit datagram across a
  single physical network to the destination
• Indirect delivery - transmit datagram across
  multiple physical networks (with the aid of
  routers) to the destination
• How does a machine know which method of delivery
  to use?

62
Direct Delivery

• Map the destination IP address to a physical
  address
• Encapsulate the datagram in a physical frame
• Send the frame over the physical network to the
  destination

63
Indirect Delivery

• Encapsulate the datagram in a frame
• Choose a router on the physical network
• Send the frame to that router
• Router forwards the datagram on towards its final
  destination
• How does the host choose a router?
• How does the router forward the datagram?

64
The IP Routing Table

• Routing table - each machine stores information
  about destination networks and how to reach them
• Using only netid portion of the IP address keeps
  routing tables
• Small
• Relatively stable

65
Next-Hop Routing

66
Next-Hop Routing (cont)

• Routing table at machine M contains pairs (N,R)
• N is the IP address of a destination network
• R is the IP address of the next router (R and M
  must share a physical network)
• Routing table size
• Depends on the number of networks in the internet
• Only grows when new networks are added

67
Properties of Next-Hop Routes

• All traffic destined for a given network takes
  the same path
• Only the final router can determine whether a
  host exists or is operational
• Routes are not necessarily symmetric

68
The Internet ControlMessage Protocol

• Abnormal normal communication among routers and
  hosts is sometimes necessary to
• Report errors
• Handle abnormal conditions
• Update routing information
• ICMP

69
ICMP is for Error Reporting

• Errors are reported to a datagrams original
  sender
• It is the senders responsibility to take
  appropriate action

70
ICMP Message Format

• All ICMP messages begin with the same three
  fields
• TYPE (1 octet) - identifies the message
• CODE (1 octet) - information about the subtype
• CHECKSUM (2 octets) - covers the ICMP message
• ICMP error messages always include the header and
  first 64 data bits of the datagram causing the
  problem

71
Mapping IP Addresses to Hardware Addresses (MAC)

• IP Addresses are not recognized by hardware.
• If we know the IP address of a host, how do we
  find out the hardware address ?
• The process of finding the hardware address of a
  host given the IP address is called
• Address Resolution

72
ARP

• The Address Resolution Protocol is used by a
  sending host when it knows the IP address of
  the destination but needs the Ethernet (or
  whatever) address.
• ARP is a broadcast protocol - every host on the
  network receives the request.
• Each host checks the request against its IP
  address - the right one responds.

73
ARP (cont.)

• ARP does not need to be done every time an IP
  datagram is sent - hosts remember the hardware
  addresses of each other.
• Part of the ARP protocol specifies that the
  receiving host should also remember the IP and
  hardware addresses of the sending host.

74
ARP conversation
75
Address Resolution Protocol (ARP)

• Each device on a network maintains its own ARP
  table.
• A device that requires an IP and MAC address pair
  broadcasts an ARP request.
• If one of the local devices matches the IP
  address of the request, it sends back an ARP
  reply that contains its IP-MAC pair.
• If the request is for a different IP network, a
  router performs a proxy ARP.
• The router sends an ARP response with the MAC
  address of the interface on which the request was
  received, to the requesting host.

76
Reverse Address Resolution ProtocolRARP

• The process of finding out the IP address of a
  host given a hardware address is called
• Reverse Address Resolution
• Reverse address resolution is needed by diskless
  workstations when booting (which used to be quite
  common).

77
RARP conversation
78
SUMMARY

• Transport layer
• UDP
• Connectionless
• Unreliable transmission
• Less overheat
• TCP
• CONNECTION ORIENTED
• Reliable Transmission
• More overheat to deal with acks
• Internet layer
• IP
• Connectonless
• IP routing (next-hop using routing table)
• Unreliable
• ICMP (information control message protocol)
• ARP (IP to MAC)
• RARP (MAC TO IP)