Transcript Document
Departamento de
Tecnología Electrónica
Some of these slides are
copyrighted by:
Chapter 2
Transport Layer
Advance Features
Computer Networking:
A Top Down Approach
5th edition.
Jim Kurose, Keith Ross
Addison-Wesley, April
2009.
Transport Layer Advanced Features
1
Chapter 2 outline
2.1 Transport-layer
services
2.2 Connectionoriented transport:
TCP
2.3 Principles of
congestion control
2.4 TCP congestion
control
2.5 Transport Layer
Secure, TLS
2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
2
Chapter 2 outline
2.1 Transport-layer
services
2.2 Connectionoriented transport:
TCP
2.3 Principles of
congestion control
2.4 TCP congestion
control
2.5 Transport Layer
Secure, TLS
2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
3
Transport services and protocols
provide
logical communication between app
processes running on different hosts
transport protocols run in end systems
breaks app messages into segments, passes to
network layer
Host A
Network
Host B
Transport Layer Advanced Features
4
Internet transport-layer protocols
more than one transport protocol available to apps
Internet: TCP and UDP
FTP
HTTP
SMTP
DNS
TCP
UDP
IP
TFTP
Application
Transport
Network
Link layer (LLC y MAC)
Physical
Layer
Transport Layer Advanced Features
5
Internet transport-layer
protocols
more than one
transport
protocol available
to apps
Internet: TCP
and UDP
TCP
UDP
Connection- oriented Non-connectionoriented
Reliable
Unreliable
Segment grouping
Unfragmented
messages
Rcv orders segments User datagram
ACKs and timers
No ACKs
Flow control
No flow control
Congestion control
No congestion control
Transport Layer Advanced Features
6
Internet transport-layer
protocols
Port: identifies application
Port numbers:
http://www.iana.org/assignements/port-numbers
Application protocol
Port numbers
Transport protocol
FTP
20, 21
TCP
Telnet
23
TCP
SMTP
25
TCP
DNS
53
UDP (TCP (*))
TFTP
69
UDP
HTTP
80
TCP
POP3
110
TCP
RIP
520
UDP
Transport Layer Advanced Features
7
Chapter 2 outline
2.1 Transport-layer
services
2.2 Connectionoriented transport:
TCP
2.3 Principles of
congestion control
2.4 TCP congestion
control
2.5 Transport Layer
Secure, TLS
2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
8
TCP: Overview
point-to-point:
one sender, one receiver
reliable, in-order
stream:
byte
no “message boundaries”
pipelined:
TCP congestion and flow
control set window size
socket
door
send & receive buffers
application
writes data
application
reads data
TCP
send buffer
TCP
receive buffer
RFCs: 793, 1122, 1323, 2018, 2581
full duplex data:
bi-directional data flow
in same connection
MSS: maximum segment
size
connection-oriented:
handshaking (exchange
of control msgs) init’s
sender, receiver state
before data exchange
flow controlled:
sender will not
socket
door
overwhelm receiver
segment
Transport Layer Advanced Features
9
TCP segment structure
32 bits
URG: urgent data
(generally not used)
ACK: ACK #
valid
PSH: push data now
(generally not used)
RST, SYN, FIN:
connection estab
(setup, teardown
commands)
Internet
checksum
(as in UDP)
source port #
dest port #
sequence number
acknowledgement number
head not
UA P R S F
len used
checksum
Receive window
Urg data pnter
Options (variable length)
counting
by bytes
of data
(not segments!)
# bytes
rcvr willing
to accept
application
data
(variable length)
Transport Layer Advanced Features
10
TCP seq. #’s and ACKs
Host A
Host B
Client starts
active open
Server is in passive open,
starts connection and
confirms client open
Client confirms
server open
Connection
established
Transport Layer Advanced Features
time
11
Chapter 2 outline
2.1 Transport-layer
services
2.2 Connectionoriented transport:
TCP
2.3 Principles of
congestion control
2.4 TCP congestion
control
2.5 Transport Layer
Secure, TLS
2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
12
Principles of Congestion Control
Congestion:
informally: “too many sources sending too much
data too fast for network to handle”
different from flow control!
manifestations:
lost packets (buffer overflow at routers)
long delays (queueing in router buffers)
Transport Layer Advanced Features
13
Causes/costs of congestion: scenario 1
Host A
two senders, two
receivers
one router,
infinite buffers
no retransmission
Host B
lout
lin : original data
unlimited shared
output link buffers
large delays
when congested
maximum
achievable
throughput
Transport Layer Advanced Features
14
Causes/costs of congestion: scenario 2
one router,
finite buffers
sender retransmission of lost packet
Host A
Host B
lin : original
data
l'in : original data, plus
retransmitted data
lout
finite shared output
link buffers
Transport Layer Advanced Features
15
Causes/costs of congestion: scenario 2
(goodput)
= l
out
in
“perfect” retransmission only when loss:
always:
l
l > lout
in
retransmission of delayed (not lost) packet makes
(than perfect case) for same
R/2
l
in
lout
R/2
larger
R/2
lin
a.
R/2
lout
lout
lout
R/3
lin
R/4
R/2
b.
lin
R/2
c.
“costs” of congestion:
more work (retrans) for given “goodput”
unneeded retransmissions: link carries multiple copies of pkt
Transport Layer Advanced Features
16
Causes/costs of congestion: scenario 3
four senders
Q: what happens as l
in
and l increase ?
multihop paths
timeout/retransmit
in
Host A
lin : original data
lout
l'in : original data, plus
retransmitted data
finite shared output
link buffers
Host B
Transport Layer Advanced Features
17
Causes/costs of congestion: scenario 3
H
o
s
t
A
l
o
u
t
H
o
s
t
B
Another “cost” of congestion:
when packet dropped, any upstream transmission
capacity used for that packet was wasted!
Transport Layer Advanced Features
18
Approaches towards congestion control
Two broad approaches towards congestion control:
Network-assisted
congestion control:
End-end congestion
control:
no explicit feedback from
network
congestion inferred from
end-system observed loss,
delay
approach taken by TCP
routers provide feedback
to end systems
E.g. single bit indicating
congestion
Transport Layer Advanced Features
19
Chapter 2 outline
2.1 Transport-layer
services
2.2 Connectionoriented transport:
TCP
2.3 Principles of
congestion control
2.4 TCP congestion
control
2.5 Transport Layer
Secure, TLS
2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
20
TCP Congestion Control
Host A
sender limits
Host B
Host A
Host B
transmission:
timeout
LastByteSent-LastByteAcked
CongWin
How does sender
perceive congestion?
X
loss
loss event = timeout or 3
duplicate acks
TCP sender reduces rate
(CongWin) after loss
event
timeout
X
time
lost ACK
scenario
time
Resending a segment
after triple duplicate
ACK
Transport Layer Advanced Features
21
TCP congestion control:
additive increase,
multiplicative decrease (AIMD)
Approach: increase transmission rate (window size),
probing for usable bandwidth, until loss occurs
additive increase: increase CongWin by 1 MSS
every RTT until loss detected
multiplicative decrease: cut CongWin in half after
loss
Saw tooth
behavior: probing
for bandwidth
congestion window size
congestion
window
24 Kbytes
16 Kbytes
8 Kbytes
time
time
Transport Layer Advanced Features
22
TCP Congestion Control: details
three pases:
Roughly,
rate =
CongWin
Bytes/sec
RTT
When connection begins,
CongWin = 1 MSS
Example: MSS = 500 bytes & RTT
= 200 msec
initial rate = 20 kbps
slow start (SS)
Congestion avoidance (CA):
e.g. AIMD
Fast recovery (FR)
First two are compulsory in
TCP, while the last one is
recommendable
Transport Layer Advanced Features
23
TCP Slow Start
available bandwidth may
Host B
RTT
be >> MSS/RTT
When connection begins,
increase rate
exponentially fast until
first loss event
initial rate is slow but
ramps up exponentially
fast
Host A
time
Transport Layer Advanced Features
24
Congestion avoidance
After 3 dup ACKs:
CongWin is cut in half
window then grows linearly
But after timeout event:
CongWin instead set to 1
MSS;
window then grows
exponentially
to a threshold, then grows
linearly
Philosophy:
3 dup ACKs indicates
network capable of
delivering some segments
timeout indicates a
“more alarming”
congestion scenario
Transport Layer Advanced Features
25
Summary: TCP Congestion Control
When CongWin is below Threshold, sender in slow-start phase,
window grows exponentially.
When CongWin is above Threshold, sender is in congestion-avoidance
phase, window grows linearly.
When a triple duplicate ACK occurs, Threshold set to CongWin/2 and
CongWin set to Threshold.
When timeout occurs, Threshold set to CongWin/2 and CongWin is
set to 1 MSS.
Transport Layer Advanced Features
26
Chapter 2 outline
2.1 Transport-layer
services
2.2 Connectionoriented transport:
TCP
2.3 Principles of
congestion control
2.4 TCP congestion
control
2.5 Transport Layer
Secure, TLS
2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
27
What is network security?
Confidentiality: only sender, intended receiver
should “understand” message contents
sender encrypts message
receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Message integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards)
without detection
Access and availability: services must be accessible
and available to users
Transport Layer Advanced Features
28
Who might need security and why?
Who?
Web browser/server for electronic transactions (e.g., on-line purchases)
on-line banking client/server
DNS servers
routers exchanging routing table updates
other examples?
Why?
eavesdrop: intercept messages
actively insert messages into connection
impersonation: can fake (spoof) source address in packet (or any field in
hijacking: “take over” ongoing connection by removing sender or receiver,
packet)
inserting himself in place
denial of service: prevent service from being used by others (e.g., by
overloading resources)
Transport Layer Advanced Features
29
SSL: Secure Sockets Layer
Widely deployed security protocol
Number of variations:
Supported by almost all browsers
and web servers
https
Originally designed by Netscape in
1993
TLS: transport layer security, RFC
2246
Provides
Confidentiality
Integrity
Authentication
SSL
TCP
IP
SSL provides application
programming interface (API) to
applications
C and Java SSL libraries/classes
readily available
Application
Application
with SSL
Transport Layer Advanced Features
30
SSL: general features
Handshake: use of certificates and private
keys to authenticate each other and
exchange shared secret
Key Derivation: use of shared secret to
derive set of keys
Data Transfer: Data to be transferred is
broken up into a series of records
Connection Closure: Special messages to
securely close connection
Transport Layer Advanced Features
31
SSL handshake and key derivation
Host A
Host B
MS = master secret
EMS = encrypted master secret
Transport Layer Advanced Features
32
Key derivation
Use different keys for message authentication
code (MAC) and encryption
Four keys:
Kc = encryption key for data sent from client to server
Mc = MAC key for data sent from client to server
Ks = encryption key for data sent from server to client
Ms = MAC key for data sent from server to client
Takes master secret and (possibly) some
additional random data and creates the keys
Transport Layer Advanced Features
33
Data Transfer and closure
SSL breaks stream in series of records
Each record carries a MAC
Receiver can act on each record as it arrives
length
data
MAC
sequence number into MAC:
MAC = MAC(Mx, sequence||data)
Note: no sequence number field
Use of random numbers
record types, with one type for closure
type 0 for data; type 1 for closure
Transport Layer Advanced Features
34
SSL Record Format
1 byte
content
type
2 bytes
3 bytes
SSL version
length
data
MAC
Data and MAC encrypted
Transport Layer Advanced Features
35
Real
Connection
Host A
Host B
Everything
henceforth
is encrypted
TCP Fin follow
Transport Layer Advanced Features
36
Chapter 2 outline
2.1 Transport-layer
services
2.2 Connectionoriented transport:
TCP
2.3 Principles of
congestion control
2.4 TCP congestion
control
2.5 Transport Layer
Secure, TLS
2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
37
TCP and UDP limitations
TCP limitations:
TCP keeps strict order: head-of-line blocking may be
a problem (data flow blocked until recovering a lost
segment)
Byte-oriented nature of TCP: must use PSH to
ensure data goes to app
No multi-home IP hosts
Relatively vulnerable to some attacks (SYN flooding)
UDP limitations
Not reliable
No data order
No congestion control
Solution: SCTP
Transport Layer Advanced Features
38
Stream Control Transport Protocol
SCTP
Stream Control Transport Protocol, RFC 2960
Initially created by SIGTRAN group for PSTN
SCTP enhancements
Multi-homed host support: redundancy & efficient flow
Multiple flows in one association: solves head-of-line
blocking TCP problem
Host A
Host B
App 1
SCTP Port = 100
App 2
SCTP Port = 200
-------------------------------OS
NI-1
NI-2
-------------------------------OS
NI
NI-3
IP3 = 10.1.61.11
IP2 = 160.15.82.20
IP Network
IP = 128.33.6.12
IP1 = 161.10.8.221
Transport Layer Advanced Features
39
SCTP features
SCTP features
Connection oriented
Concepts
• Endpoints: SCTP endpoint is a list of addresses, same
ports
• Association multiple possible IPs
• {[160.15.82.20, 161.10.8.221, 10.1.61.11:100]}:
[128.33.6.12:200]} (two endpoints, one association – Figure -)
Host A
Host B
App 1
SCTP Port = 100
App 2
SCTP Port = 200
-------------------------------OS
NI-1
NI-2
-------------------------------OS
NI
NI-3
IP3 = 10.1.61.11
IP2 = 160.15.82.20
IP Network
IP = 128.33.6.12
IP1 = 161.10.8.221
Transport Layer Advanced Features
40
SCTP header
SCTP header
First 32 bit words SCTP common header (similar to UDP
header)
Verification tag: distinguish between associations; prevent
from attacks
Chunks: building blocks
Transport Layer Advanced Features
41
SCTP header
SCTP chunks
Blocks with a 32-bit multiple length
Different types
• Control (e.g., INIT, INIT-ACK, COOKIE-ECHO, COOKIEACK – four-way handshake -)
• Data (e.g. DATA)
Transport Layer Advanced Features
42