COMMUNICATION NETWORKS
UNIT III
TRANSPORT LAYER
TCP
P.E.IRIN DORATHY
AP/ECE
GCE,TLY
�1. Introduction to transport layer
protocols
2. UDP
3. TCP
4. Services
5. Features
6. TCP connection
7. State transition diagram
8. Flow, error and congestion control
9. Congestion avoidance (DEC bit,RED)
10.QOS
11.Application requirements
�A TCP Connection
1. Connection Establishment
2. SYN Flooding Attack
3. Data Transfer
4. Pushing Data
5. Connection Termination
�A TCP Connection
TCP
is connection-oriented.
establishes virtual path between source &
destination.
All the segments sent over this virtual
path.
Using a single virtual pathway for the entire
message facilitates
the acknowledgment process as well as
retransmission of damaged or lost frames.
�TCP uses the services of IP, a connectionless
protocol, can be connection-oriented.
The point is that a TCP connection is
virtual, not physical.
TCP operates at a higher level. TCP uses the
services of IP to deliver individual segments
to the receiver, but it controls the connection
itself.
If a segment is lost or corrupted, it is
retransmitted.
�Unlike TCP, IP is unaware of this
retransmission.
If a segment arrives out of order,
TCP holds it until the missing segments
arrive;
IP is unaware of this reordering.
Transmission requires three phases:
1. connection establishment,
2. data transfer, and
3. connection termination.
�1. Connection Establishment
TCP transmits data in full-duplex mode.
When two TCPs in two machines are
connected,
they are able to send segments to each
other simultaneously.
This implies that
each party must initialize communication
and
get approval from the other party before any
data are transferred.
�Three-Way Handshaking
The connection establishment in TCP is
called three way handshaking.
an application program, called the client,
wants to make a connection with another
application program, called the server, using
TCP as the transport layer protocol.
�The process starts with the server.
The server program tells its TCP that it is
ready to accept a connection.
This is called a request for a passive open.
Although the server TCP is ready to accept
any connection from any machine in the
world,
it cannot make the connection itself.
�The client program
issues a request for an active open.
A client that wishes to connect to an open
server tells its TCP that it needs to be
connected to that particular server.
TCP can now start the three-way
handshaking process
�Each segment has values for all its header
fields and perhaps for some of its option
fields, too.
only the few fields necessary to understand
each phase.
1. sequence number,
2. acknowledgment number,
3. control flags (only those that are set),
4. window size, if not empty.
��The three steps in this phase
1. The client
sends the first segment, a SYN segment, in
which only the SYN flag is set.
This segment is for synchronization of
sequence numbers.
It consumes one sequence number.
When the data transfer starts, the sequence
number is incremented by 1.
SYN segment carries no real data, but we can
think of it as containing 1 imaginary byte.
��2. The server
sends the second segment, a SYN +ACK
segment, with 2 flag bits set: SYN and ACK.
This segment has a dual purpose.
It is a SYN segment for communication in the other
direction and
serves as the acknowledgment for the SYN
segment.
It consumes one sequence number.
��3. The client
sends the third segment. This is just an ACK
segment.
It acknowledges the receipt of the second
segment with the ACK flag and
acknowledgment number field.
Note that the sequence number in this
segment is the same as the one in the SYN
segment;
ACK segment does not consume any sequence
numbers.
�� Simultaneous Open
Simultaneous Open
A rare situation, called a simultaneous open,
may occur when both processes issue an
active open.
In this case, both TCPs transmit a SYN +
ACK segment to each other, and
one single connection is established between
them.
� Problem
SYN Flooding Attack
The connection establishment procedure in
TCP is susceptible to a serious security
problem called the SYN flooding attack.
This happens when a malicious attacker
sends a large number of SYN segments to a
server,
pretending that each of them is coming from a
different client by faking the source IP
addresses in the datagrams.
�server
assuming that the clients are issuing an active
open,
allocates the necessary resources, such as
creating communication tables and setting timers.
TCP server then sends the SYN +ACK segments
to the fake clients, which are lost.
a lot of resources are occupied without being
used.
number of SYN segments is large, the server
runs out of resources and may crash.
�SYN flooding attack
belongs to a type of security attack known as a
denial-of-service attack,
in which an attacker monopolizes a system
with so many service requests that the system
collapses and denies service to every request.
� solution
Some implementations of TCP have strategies to
alleviate the effects of a SYN attack.
1. Some have imposed a limit on connection
requests during a specified period of time.
2. Others filter out datagrams coming from
unwanted source addresses.
3. One recent strategy is to postpone resource
allocation until the entire connection is set up,
using what is called a cookie.
1. SCTP, the new transport layer protocol uses this
strategy.
�2. Data Transfer
After connection is established, bidirectional
data transfer can take place.
The client and server can both send data and
acknowledgments.
Data travels in the same direction as an
acknowledgment are carried on the same
segment.
acknowledgment is piggybacked with the
data
�In this example, after connection is established
the client sends 2000 bytes of data in two segments.
The server then sends 2000 bytes in one
segment.
The client sends one more segment.
The first three segments carry both data and
acknowledgment,
but the last segment carries only an
acknowledgment because there are no more data to
be sent.
Note the values of the sequence and
acknowledgment numbers.
��The data segments sent by the client
have the PSH (push) flag set
so that the server TCP knows to deliver data to
the server process as soon as they are
received.
The segment from the server
does not set the push flag.
� Pushing Data
Pushing Data
sending TCP
uses a buffer to store the stream of data coming
from the sending application program.
can select the segment size.
receiving TCP
buffers the data when they arrive and delivers
them to the application program when the
application program is ready or when it is
convenient for the receiving TCP.
This type of flexibility increases the efficiency of
TCP.
�However, on occasion the application program
has no need for this flexibility
For example, consider an application program
that communicates interactively with another
application program on the other end.
The application program on one site wants to
send a keystroke to the application at the other
site and receive an immediate response.
Delayed transmission and delayed delivery
of data may not be acceptable by the
application program.
�TCP can handle such a situation.
The application program at the sending site can
request a push operation.
This means that the sending TCP must not wait for
the window to be filled.
It must create a segment and send it
immediately.
The sending TCP must also set the push bit (PSH)
to let the receiving TCP know that the segment
includes data that must be delivered to the
receiving application program as soon as
possible and not to wait for more data to come.
�Although the push operation can be
requested by the application program, most
current implementations ignore such
requests.
TCP can choose whether or not to use this
feature.
�Urgent Data
TCP is a stream-oriented protocol.
This means that the data are presented from the
application program to TCP as a stream of
bytes.
Each byte of data has a position in the stream.
However, on occasion an application program
needs to send urgent bytes.
This means that the sending application program
wants a piece of data to be read out of order
by the receiving application program.
�As an example,
suppose that the sending application program is sending
data to be processed by the receiving application
program.
When the result of processing comes back, the sending
application program finds that everything is wrong.
It wants to abort the process, but it has already sent a
huge amount of data.
If it issues an abort command (control +C), these two
characters will be stored at the end of the receiving TCP
buffer.
It will be delivered to the receiving application program
after all the data have been processed.
�The solution is to send a segment with the
URG bit set.
The sending application program tells the
sending TCP that the piece of data is urgent.
The sending TCP creates a segment and inserts
the urgent data at the beginning of the segment.
The rest of the segment can contain normal
data from the buffer.
The urgent pointer field in the header defines
the end of the urgent data and the start of
normal data.
�When the receiving TCP receives a segment
with the URG bit set,
it extracts the urgent data from the segment,
using the value of the urgent pointer, and
delivers them,
out of order,
to the receiving application program
�3.Connection Termination
Any of the two parties involved in exchanging
data (client or server) can close the
connection,
although it is usually initiated by the client.
Most implementations today allow two
options for connection termination:
three-way handshaking and
four-way handshaking with a half-close
option
�Three-Way Handshaking
Most implementations today allow three-way
handshaking for connection termination
�1 client TCP
after receiving a close command from the
client process,
sends the first segment,
a FIN segment in which the FIN flag is set.
FIN segment can include
the last chunk of data sent by the client,
or it can be just a control segment
If it is only a control segment,
it consumes only one sequence number.
��8
�2. server TCP,
after receiving the FIN segment,
informs its process of the situation
and sends the second segment,
a FIN +ACK segment,
to confirm the receipt of the FIN segment from the client
and
at the same time to announce the closing of the
connection in the other direction.
This segment can also contain the last chunk of data
from the server.
If it does not carry data, it consumes only one sequence
number.
�888888
�8
3. client TCP
sends the last segment,
an ACK segment,
to confirm the receipt of the FIN segment from
the TCP server.
This segment contains the acknowledgment
number,
which is 1 plus the sequence number received
in the FIN segment from the server.
This segment cannot carry data and consumes
no sequence numbers.
�8
Half-Close
In TCP, one end can stop sending data while still
receiving data.
This is called a half-close.
Although either end can issue a half-close, it is
normally initiated by the client.
It can occur when the server needs all the data
before processing can begin.
A good example is sorting.
When the client sends data to the server to be sorted,
the server needs to receive all the data before sorting
can start.
�This means the client,
after sending all the data, can close the
connection in the outbound direction.
However, the inbound direction must remain
open to receive the sorted data.
The server,
after receiving the data, still needs time for
sorting;
its outbound direction must remain open.
�Figure 23.21 shows an example of a half-close.
The client half-closes the connection by
sending a FIN segment.
The server accepts the half-close by sending
theACK segment.
The data transfer from the client to the server
stops. The server, however, can still send data.
When the server has sent all the processed
data, it sends a FIN segment, which is
acknowledged by an ACK from the client.
��After half-closing of the connection,
data can travel from the server to the client
and acknowledgments can travel from the
client to the server.
The client cannot send any more data to the
server.
The second segment (ACK) consumes no
sequence number.
�Although the client has received sequence
number y - 1 and is expecting y,
the server sequence number is still y - 1.
When the connection finally closes,
the sequence number of the last ACK segment
is still x,
because no sequence numbers are consumed
during data transfer in that direction
