UDP and TCP Basics Rocky K. C. Chang 18 October 2010

Transport protocols Problem: How to extend the host-to-host packet delivery service to a process-to-process communication channel? Best-effort service provided by IP: drops messages re-orders messages duplicates messages limits message size delivers messages with delay

Transport protocols Expectations from transport layer services: guarantees message delivery delivers messages in order delivers at most one copy of each message supports arbitrarily large messages supports synchronization between sender and receiver allows receiver to apply flow control supports multiple application processes on each host

Transport protocols Different transport protocols provide somewhat different sets of services: User Datagram Protocol (UDP): Mainly provide a demultiplexing service. Transmission Control Protocol (TCP): Provide a reliable byte-stream service Remote Procedure Call (RPC): Provide services to transaction-based applications. Real Time Protocol (RTP): Provide services for transporting real-time data over UDP.

UDP (RFC 768) UDP adds a demultiplexing service to IP. UDP optionally provides error detection but it becomes mandatory for UDP over IPv6. UDP provides the demultiplexing service through UDP ports. Process IDs can also be used if all systems run on the same OS. A process is uniquely identified by (Port number, IP address), which is usually referred to as a socket. A port is usually implemented by a message queue.

UDP (RFC 768) How does a process learn the port for the other party? For a server process, it will know the client’s port whenever the client gets connected. For a client process, one approach to learn server’s port is through the well-known port.

Pseudo-header for UDP When a sender computes the checksum, a pseudo-header is first prepended to the UDP header. Why?

End-to-end issues As shall see later, TCP uses the same sliding window protocol as in go-back-n ARQ to provide transport services. packets +ve ACK packets +ve ACK

End-to-end issues Hop-by-hop issues vs end-to-end issues: Potentially connects many different hosts need explicit connection establishment and termination Potentially long delay in network need to be prepared for arrival of very old packets need to limit packet’s lifetime in the network, in additional to the TTL mechanism. Potentially different buffering capacity at end nodes unable to always allocate enough buffers for the bandwidth-delay product of the “connection.”

End-to-end issues Potentially different network capacity need to accommodate different amounts of buffering, especially at the receiving nodes. Potentially different network capacity need to be prepared for network congestion Potentially different round trip times need highly adaptive timeout mechanism to cater for various round trip time. need to cater for the additional delay resulting from network congestion.

End-to-end reliability and ordered delivery An hop-by-hop approach Reliable A-->B and reliable B-->C and reliable C-- >D ==> reliable A-->D? An end-to-end approach Does it mean that we don’t need the hop-by-hop ARQ? ARQ ARQ ARQ A B C D TCP A B C D

End-to-end argument Question: which networking layer should a function (e.g., reliability and ordered delivery in our case) be implemented? End-to-end argument A function should not be provided in the lower levels of the system unless it can completely and correctly implemented at that level. However, the argument does not exclude providing that function at the lower levels for the purpose of performance enhancement.

TCP (RFC 793) TCP uses connection as its fundamental abstraction. A TCP connection is specified by a pair of sockets, each of which identifies an endpoint. TCP supports full-duplex connections. TCP provides a connection-oriented, reliable, ordered delivery, byte stream service to the upper layer. TCP also provides end-to-end congestion control and flow control services.

TCP (RFC 793) Connection-oriented transport protocol Need to obtain an explicit agreement from the other side before sending data. Don’t be confused with the connection-oriented network protocol. Reliable service through a sliding window mechanism, positive acknowledgment, timing-out and retransmission Accumulative acknowledgment vs selective acknowledgment

TCP (RFC 793) Ordered delivery: receiver delivers ordered data to the application. Byte-stream service: Each byte is identified by a number and a TCP receiver does not understand the relationship among bytes. Byte-stream vs message-based Permit a number of messages to be sent out as a larger message. Flow control on the number of messages is difficult.

TCP connection establishment TCP connection setup is explicit and asymmetric. The one initiates the connection does an active open. The other end does a passive open. It involves a total of three special TCP messages (SYN segments): A three-way handshaking (1.5 round-trip time). Connection establishment timeout TCP client and sender resend a SYN segment with exponential backoff up to a certain time. TCP SYN flooding attacks

TCP connection establishment Information exchange during connection establishment: Initial Sequence Numbers (ISN), which are the first SNs used by the two sides. Why don’t just fix them to, say, 0? The SYN segment also advertises window size (buffer available for receiving data). Each side may optionally announce the Maximum Segment Size (MSS) it expects to receive. If the destination IP address is local, set MSS to the local network’s MTU  40 bytes. Otherwise, usually set MSS to 536 bytes.

An example Client Server LISTEN SYN, SequenceNum = SYN_SENT x y socket() socket(), bind(), listen() connect() LISTEN SYN, SequenceNum = SYN_SENT accept() x y , SYN_RCVD SYN + ACK, SequenceNum = x + 1 Acknowledgment = ESTABLISHED connect()returns ACK, Acknowledgment = write() y ESTABLISHED + 1 accept()returns data read()returns

TCP connection termination TCP connection termination is explicit and symmetric: Each side has to close the connection independently. At most four FIN segments are needed. By closing the connection, it means that no more data will be sent, but can still receive data. A connection in the TIME_WAIT state cannot move to the CLOSED state until it has waited for 2Maximum Segment Lifetime (MSL).

An example Client Server close() FIN_WAIT_1 FIN, SequenceNum = x CLOSE_WAIT ACK x + 1 close() LAST_ACK FIN_WAIT_2 FIN, SequenceNum = y TIME_WAIT ACK y + 1 CLOSED CLOSED

TCP state transition diagram CLOSED LISTEN SYN_RCVD SYN_SENT ESTABLISHED CLOSE_WAIT LAST_ACK CLOSING TIME_WAIT FIN_WAIT_2 FIN_WAIT_1 Passive open Close Send/ SYN SYN/SYN + ACK SYN + ACK/ACK ACK /FIN FIN/ACK ACK + FIN/ACK Timeout after two segment lifetimes Active open /SYN

TCP state transition diagram The transition from LISTEN to SYN_SENT is legal but is not supported in practice. The transition from SYN_RCVD back to LISTEN is valid only of the SYN_RCVD state was entered from the LISTEN state, not from the SYN_SENT state. Other extraneous state transitions will be discussed in the TCP security paper.

Reset segments A TCP reset segment (RST) is generated when a connection request for a nonactive port is received. For the same error, UDP sends an ICMP port unreachable message. An application may also send a RST segment to abort a connection. Any queued data is thrown away. The RST segment is not acknowledged. Why?

Simultaneous open and close SYN K SYN _SENT SYN J SYN _SENT SYN _RCVD SYN _RCVD SYN K, ACK J+1 SYN J, ACK K+1 ESTABLISHED ESTABLISHED FIN_WAIT_1 FIN J FIN K FIN_WAIT_1 CLOSING CLOSING ACK K+1 ACK J+1 TIME_WAIT TIME_WAIT

TCP segments 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | | Sequence Number | | Acknowledgment Number | |Header | |U|A|P|R|S|F| | |length | Reserved |R|C|S|S|Y|I| Advertised Window | | | |G|K|H|T|N|N| | | Checksum | Urgent Pointer | | Options | Padding | | data |

TCP segments Data field is optional. SN, AN, and advertised window are all involved in the sliding window algorithm. SN refers to the number of the first data byte or the special segment, e.g., SYN, FIN. Flags: special segment indication Examine the AN if the ACK flag is on. The TCP header is not of fixed length due to the options (MSS, timestamp, window scale, etc).

TCP segments The checksum covers the header and the payload, i.e., end-to-end checksum. A pseudo-header is first prepended to the TCP header before computing the checksum. Both urgent pointer and PUSH can be used to serve as a signal to the receiver about the “record boundary.” The receiving process needs to be notified when the URG bit or PUSH bit is set. These mechanisms serve as end-of-record markers.

TCP segments TCP options The PUSH bit can also be used to allow the sending process to send whatever bytes in the buffer (for interactive applications). TCP options Selective acknowledgement (SACK) option (RFCs 1072, 2018, and 2883) TCP MD5 signature option (RFC 2385) TCP extensions for high performance: window scaling and timestamp (RFC 1323) MSS announcement (RFC 793)

Summary UDP and TCP are the two primary transport protocols provided in the Internet today. SCTP and DCCP Similar to IP at the network layer, UDP provides a connectionless, transport-layer service (demultiplexing and error detection). TCP provides connection-oriented, reliable, ordered delivery, byte stream service to the upper layer, and end-to-end congestion control and flow control services.

References J. Saltzer, D. Reed, and D. Clark, “End-to-end arguments in system design,” web.mit.edu/Saltzer/www/publications/ endtoend/ANe2ecomment.html. D. Clark, V. Jacobson, J. Romkey, and H. Salwen, “An analysis of TCP processing overhead,” IEEE Commun. Mag., vol. 27, no. 6, June 1989. A special issue on TCP Performance in Future Networking Environments. IEEE Commun. Mag., vol. 39, no. 4, Apr. 2001.