Computer Network-Chapter Three, Transport Layer

1. Overview of the transport layer

Overview

传输层协议为不同主机上的应用进程之间提供了逻辑通信。

The transport layer protocol is implemented in the end system rather than in the router. At the sending end, the transport layer converts the messages received from the sending application process into transport layer packets, which are called transport layer message segments. The implementation method (possibly) is to divide the application message into smaller blocks, and add a transport layer header to each block to generate a transport layer message segment.

Then, in the sender system, the transport layer passes these segments to the network layer, and the network layer encapsulates them into network layer packets (that is, datagrams) and sends them to the destination.

The network router only acts on the network layer field of the datagram. That is, they do not check the fields encapsulated in the transport layer segment of the datagram. At the receiving end, the network layer extracts the transport layer segment from the datagram and passes the segment upwards to the transport layer. The transport layer processes the received message segment so that the data in the message segment is used by the receiving application process.

The Internet has two protocols, namely TCP and UDP.

Relationship with the network layer

在协议栈中，传输层刚好位于网络层之上。网络层提供了主机之间的逻辑通信，而传输层为运行在不同主机上的进程之间提供了逻辑通信。

Two agreements

Connection-oriented Transmission Control Protocol TCP: Provides a reliable connection with long delay and is suitable for large files

Connectionless User Datagram Protocol UDP: unreliable, small delay, suitable for small files

Addressing and Port

Logical port/software port. The port is the SAP of the transport layer and identifies the application process in the host.

The port number has only local meaning, and the same port of different computers in the Internet is not connected.

The port number has a length of 16 bits, which can represent 65536 different port numbers.

Port numbers are divided into: server port numbers (0-1023, well-known port numbers, some of the most important applications for TCP/IP) (1024-49151, registered port numbers, used by applications without well-known port numbers) , The port number used by the client (49152~65535,: only dynamically selected when the client process is running).

In the network, the socket combination of the sender and the receiver is used to identify the endpoint. The socket uniquely identifies a host in the network and a process on it.

套接字Socket=（主机IP地址，端口号）

Two, multiplexing and demultiplexing

The multiplexing and demultiplexing of the transport layer is to extend the host-to-host delivery service provided by the network layer to provide process-to-process delivery services for applications running on the host.

A process has one or more sockets, which is equivalent to a portal for transferring data from the network to the process and from the process to the network. The work of delivering the data in the transport layer segment to the correct socket is called demultiplexing.

The source host collects data blocks from different sockets, and encapsulates the header information for each data block (this will be used for decomposition in the future) to generate a message segment, and then pass the message segment to the network layer. This is called Multiplexing.

no connection

By assigning port numbers to UDP sockets, we can describe the multiplexing and demultiplexing of UDP.

Assume that host A, a process has UDP port 19157, it wants to send an application data block to another process located in host B, the process has UDP port 46428. The transport layer in host A creates a transport layer segment, which includes application data, source slogan (19157), destination port number (46428), and then the transport layer passes the obtained segment to the network layer. The network layer encapsulates the message segment into an IP datagram and delivers it to the receiving host.

If the message segment reaches the receiving host B, the receiving host transport layer checks the destination port number (46428) in the message segment and delivers the message segment to the socket identified by port number 46428. Host B can run multiple processes, and each process has its own UDP socket and corresponding port number. When arriving at the UDP segment from the network, host B directs (decomposes) each segment to the corresponding socket by checking the destination port number in the segment.

A UDP socket is fully identified by a two-tuple, which contains a destination address and a destination port number. Therefore, if two UDP segments have different source IP addresses or source port numbers, but have the same destination IP address and destination port number, then these two segments will be directed to the same destination socket The same purpose process.

Connection-oriented

A subtle difference between TCP sockets and UDP sockets is that TCP sockets are represented by a four-tuple (source IP address, source port number, destination IP address, destination port number). When a TCP segment arrives at a host from the network, the host uses all 4 values ​​to direct (decompose) the segment to the corresponding socket.

特别与UDP两个具有不同源IP地址或源端口号的到达TCP报文段将被定向到两个不同的套接字，除非TCP报文段携带了初始创建连接的请求。

web server and TCP

Consider a host running a web server, such as an Apache web server running on port 80. When a client (such as a browser) sends segments to the server, the destination port of all segments will be 80. In particular, both the initial connection establishment segment and the segment carrying the HTTP request have a destination port of 80.

However, there is not always a one-to-one correspondence between connection sockets and processes. In fact, today's high-performance Web servers usually only use one process 但是为每个新的客户连接创建一个具有新连接套接字的新线程. For such a server, there may be many connection sockets (with different identities) connected to the same process at any given time.

If the client and the server use continuous HTTP, the same server socket exchanges HTTP messages between the client and the server during the entire connection duration. However, if the client and server use non-persistent HTTP, a new TCP connection is created for each pair of request/response and then closed, so a new socket is created for each pair of request/response and then closed . The frequent creation and closing of such sockets will seriously affect the performance of the server.

3. User Datagram Protocol: UDP

Overview

UDP only adds a few functions to the IP datagram service, that is, multiplexing and demultiplexing and error detection.

The main features of UDP:

• UDP is connectionless, reducing overhead and delay before sending data.
• UDP uses best-effort delivery, that is, reliable delivery is not guaranteed.
• UDP is message-oriented and is suitable for network applications that transmit a small amount of data at one time.
• UDP has no congestion control and is suitable for many real-time applications.
• UDP header overhead is small, 8B, TCP, 20B.

As long as the application layer sends UDP packets, UDP will still send it, that is, a complete packet will be sent at a time.

Segment structure

The length field indicates the number of bytes in the UDP message segment (header plus data), because the length of the data field in one UDP segment is different from that in another segment, so a clear length is required. The receiver uses the checksum to check whether there is an error in the segment. In fact, when calculating the checksum, in addition to the UDP message segment, some fields of the IP header are included (ignored here).

When sharing, if the corresponding destination port number is not found, the message is discarded, and an ICMP "port unreachable" error message is returned to the sender.

UDP check

The pseudo-header only appears when the checksum is calculated, and it is neither sent downward nor submitted upward.

17: The protocol field of the IP datagram header of the encapsulated UDP packet is 17.

UDP length: UDP header 8B + data part length (not including pseudo header).

On the sending end:

1. Fill in the pseudo header
2. Fill the checksum field with all 0s
3. Fill the data part with all 0s (UDP datagrams should be regarded as many 4B words concatenated)
4. Pseudo header + header + data part adopts binary complement summation
5. Fill the sum and negation code into the checksum field
6. Remove the pseudo header and send

On the receiving end:

1. Fill in the pseudo header
2. Pseudo header + header + data part adopts binary complement summation
3. If the result is all 1, there is no error, otherwise the datagram is discarded/handed to the application layer to attach an error warning

The reason why UDP provides checksums: It cannot guarantee that all links between source and destination provide error detection. In the case that neither the link-by-link reliability nor the error detection in the memory can be ensured, if the end-to-end data transmission service needs to provide error detection, UDP must provide error detection at the transport layer on an end-to-end basis . This is one in the system design 端到端原则.

Although UDP provides error detection, it cannot do anything about error recovery.

4. Transmission Control Protocol: TCP

Overview

TCP is a connection-oriented (virtual connection) transport layer protocol.

Each TCP connection can only have two endpoints, and each TCP connection can only be point-to-point.

TCP provides reliable delivery services, no errors, no loss, no duplication, and arrival in order.

TCP provides full-duplex communication:

• Sending buffer: data to be sent, data that has been sent but has not yet received confirmation
• Receiving buffer: data that arrives in order but has not been read by the receiving application, data that arrives out of order

TCP is byte-oriented: TCP treats the data delivered by the application as just a series of unstructured byte streams. (Stream: the sequence of bytes flowing into or out of the process)

TCP segment header format

Sequence number: Each byte in the byte stream transmitted in a TCP connection is numbered in sequence. This field represents the sequence number of the first byte of the data sent in this segment.

Acknowledgement number: expect to receive the sequence number of the first data byte of the next message segment from the other party. If the confirmation number is N, it proves that all the data up to the serial number N-1 has been received correctly.

Data offset (header length): How far is the data start of the TCP message segment from the start of the TCP message segment, in units of 4B bits, that is, a value is 4B.

Six flags

• Urgent bit URG: When URG=1, it indicates that there is urgent data in this segment, which is high-priority data and should be transmitted as soon as possible, without queuing in the buffer, and used in conjunction with the urgent pointer field.
• Acknowledgment bit ACK: ACK=1, the acknowledgment number is valid, and ACK must be set to 1 for all message segments transmitted after the connection is established.
• Push bit PSH: When PSH=1, the receiver delivers the receiving application process as soon as possible, and does not wait until the cache is full before delivering it upwards.
• Reset RST: When RST=1, it indicates that there is a serious error in the TCO connection. The connection must be released and the transmission connection must be re-established.
• Synchronization bit SYN: When SYN=1, it indicates a connection request/connection accepted message.
• Termination bit FIN: FIN=1, indicating that the sender of this message segment has finished sending the data, and the connection is required to be released.

Window: refers to the receiving window of the party sending this segment, that is, the amount of data that the other party is allowed to send now.

Checksum: check header + data, add 12B pseudo header when checking, and the fourth field is 6.

Urgent pointer: It is meaningful when URG=1, indicating the number of bytes of urgent data in this segment.

TCP connection management

Three stages of TCP connection transmission:连接建立、数据传送、连接释放

The establishment of TCP connection adopts the client-server method. The application process that actively initiates the connection establishment is called the client, and the application process that passively waits for the connection establishment is called the server.

TCP connection establishment

Suppose a process running on a host (client) wants to establish a connection with a process on another host (server). The client application process first informs the client TCP that he wants to establish a connection with a process on the server The TCP in the client will use the following steps to establish a TCP connection with the TCP in the server:

1. The client sends a connection request segment without application layer data.
   SYN=1,, seq=x (random)

2. The server allocates buffers and variables for the TCP connection, and returns an acknowledgment segment to the client, allowing the connection and no application layer data.
   SYN=1, ACK=1, seq=y (random), ack=x+1

3. The client allocates buffers and variables for the TCP connection, and returns a confirmation to the server, which can carry data.
   SYN=0, ACK=1, seq=x+1, ack=y+1

TCP connection release

Either of the two processes participating in a TCP connection can terminate the connection. After the connection is over, the "resources" (cache and variables) in the host will be released.

1. The client sends a connection release segment, stops sending data, and actively closes the TCP connection.
   FIN=1, seq=u
2. The server sends back an acknowledgment segment, and the connection from the client to the server in this direction is released (half-closed state).
   ACK=1, seq=v, ack=u+1
3. The server sends out the connection release segment after sending the data, and actively closes the TCP connection.
   FIN=1, ACK=1, seq=w, ack=u+1
4. The client sends back an acknowledgment segment, and then waits for the 2MSL (the longest segment lifetime) set by the time waiting timer, and then the connection is completely closed.

SYN flood attack

The SYN flooding attack occurs on the fourth layer of OSI. This method uses the characteristics of the TCP protocol, which is the three-way handshake. The attacker sends TCP SYN, SYN is the first packet in the TCP three-way handshake, and when the server returns an ACK, the attacker does not reconfirm it, then the TCP connection is in a suspended state, which is the so-called Semi-connected state.

If the server fails to receive the reconfirmation, it will repeatedly send an ACK to the attacker. This will waste the resources of the server even more. The attacker sends a very large number of these TCP connections to the server. Since each of them cannot complete the three-way handshake, on the server, these TCP connections will consume CPU and memory due to the suspended state.

TCP reliable transmission

The transport layer uses TCP to achieve reliable transmission.

The network layer provides best-effort delivery and unreliable transmission.

mechanism:校验，序号，确认，重传

• Check: Same as UDP check, add pseudo header
• Sequence number: TCP message segment, each segment has a sequence number field. One byte occupies one sequence number The sequence number field refers to the sequence number of the first byte of a message segment.
• Confirmation: The confirmation number sent by the receiving end to confirm that it has been received. TCP uses cumulative acknowledgment by default
• Retransmission: The TCP sender does not receive the confirmation within the specified time and must retransmit the sent message segment. (Retransmit after timeout). TCP uses an adaptive algorithm to dynamically change the retransmission time RTTs (weighted average round-trip time)

TCP flow control

TCP uses a sliding window mechanism to achieve flow control.

During the communication process, the receiver dynamically adjusts the sender's sending window size according to the size of its receiving buffer, that is, the receiving window rwnd (the receiver sets the window field of the message segment to notify the sender of rwnd), and the sender sends The window takes the minimum value of the receiving window rwnd and the congestion window cwnd.

TCP congestion control

Receiving window: the receiver will notify the sender according to the value set by the receiving buffer, reflecting the receiver’s capacity

Sending window: The window value set by the sender according to the network congestion estimated by itself, reflecting the current network capacity.

A transmission round: the time when a batch of message segments are sent and their acknowledgments are received.

Slow start

When a TCP connection starts, it is usually initially set to a smaller value of MSS (Maximum Segment Size). The TCP sending rate starts slowly, but increases exponentially during the slow start period.

Congestion avoidance

Once in the congestion avoidance state, the value of cwnd is approximately half of the value when the congestion was encountered last time. TCP cannot double the value of cwnd after each RTT. Instead, it adopts a more conservative method. Each RTT only increases the value of cwnd by one MSS.

Quick recovery

In fast recovery, for the missing segment that caused TCP to enter the fast recovery state, the value of cwnd is increased by one MSS for each redundant ACK received. Finally, when an ACK for the lost segment arrives, TCP enters the congestion avoidance state after reducing cwnd. If a timeout event occurs, the fast recovery moves to the slow start state after performing the same actions as in the slow start and congestion avoidance.

When a packet loss event occurs, the value of cwnd is set to 1 MSS, and the value of ssthresh is set to half of the ewnd value.