7 tcp-congestion

Week 7
UDP and TCP
SCTP and Internet Congestion control

Agenda
• TCP
• Connection establishment
• Reliable data transfer
• Connection release
• SCTP
• Congestion control

TCP segment
32 bits
Source port Destination port
THL Reserved Flags
Window
Checksum Urgent pointer
Payload
20 bytes
Sequence number
Optional header extension
Flags :
used to indicate the function of a segment
SYN : used during establishment
FIN : used during connection release
RST : used in case of problems
ACK : if true, means that the Acknowledgement
number inside the segment is valid
Computed over the entire
segment and part of the IP
header
Acknowledgement number
Segment header length

Three-way handshake
ACK(seq=x+1, ack=y+1)
CONNECT.req
CONNECT.ind
SYN+ACK(ack=x+1,seq=y)
CONNECT.resp
Initial sequence number (x)
CONNECT.conf
Initial sequence number (y)
SYN(seq=x)
Connection established
The sequence numbers of all
segments A->B will start at x+1
segments B->A will start at y+1

TCP FSM
Init
?SYN / !SYN+ACK !SYN
?SYN / !SYN+ACK
SYN RCVD SYN Sent
Established
?SYN+ACK / !ACK
?ACK

Simultaneous open
CONNECT.conf
SYN(seq=y)
CONNECT.req
CONNECT.req
SYN(seq=x)
CONNECT.conf
SYN+ACK(seq=y, ack=x+1)
SYN+ACK(seq=x, ack=y+1)

Negotiating options
CONNECT.req
CONNECT.ind
SYN+ACK(ack=x+1,seq=y) Option
CONNECT.resp
Initial sequence number (x)
Option proposed
CONNECT.conf
Initial sequence number (y)
Option accepted
SYN(seq=x),Option
Option accepted
segments A->B will start at x+1
segments B->A will start at y+1

TCP options
• MSS
• Selective acknowledgements
• Timestamps
• Window Scale
• Multipath TCP
• ...

Reliable data
transfer
(seq=123,"abcd")
(seq=127,"ef")
(seq=123,"abcd")
(seq=127,"ef")
(ack=123)
Retransmission timer
(ack=129)
(ack=129)
"abcdef"
unnecessary
retransmission
Retransmission of all
unacked segments
“ef” placed in buffer

Retransmission
timer
• How to compute it ?
• round-trip-time may change frequently
during the lifetime of a TCP connection

Retransmission timer
• Algorithm
• timer = mean(rtt) + 4*std_dev(rtt)
• est_mean(rtt) = (1- )*est_mean(rtt)
+ *rtt_measured
• est_std_dev=(1-)*est_std_dev+
*|rtt_measured - est_mean(rtt)|

RTT measurements
(seq=120,"xyz")
(ack=123)
• Solution (Karn/Partridge)
• Do not measure rtt of retransmitted
segments
(seq=123,"abcd")
(ack=128)
measured rtt
which is the good one ? Timer
(seq=123,"abcd")

With Timestamp option
(seq=120,TS=1, TS echo=7, "xyz")
(ack=123, TS=12, TS echo=1)
(seq=123,TS=3, TS echo=12, "abcd")
(ack=127, TS=17, TS echo=3)
measured rtt
timer
measured rtt
(seq=123,TS=5, TS echo=12, "abcd")

Fast retransmit
(seq=123,"abcd")
(ack=123)
(ack=123)
(ack=123)
(ack=123)
(ack=133)
(seq=123,"abcd")
"abcdefghij"
(seq=127,"ef")
Out of sequence, in buffer
(seq=129,"gh")
(seq=131,"ij")

Selective Acks
• Receiver reports SACK blocks
• Negotiated during establishment
(seq=123,"abcd")
(ack=123)
(seq=127,"ef")
(ack=123,sack:127-128)
(seq=129,"gh")
(ack=123, sack:127-130)
(seq=131,"ij")
(ack=123, sack:127-132)
Lost
(seq=123,"abcd")
(ack=133)
"abcdefghij"
only 123-126 must be
retransmitted

Delayed acks
• Sending an ack per segment is costly
• Tradeoff
• In sequence data segment
• no ack waiting, delay by up to 50msec
• one ack waiting, send immediately
• Out-of-sequence data segment
• send ack immediately

When to send data ?
• When should a segment be sent ?
• After each write system call
• When there is a full segment of data

Nagle algorithm
• A new data segment can be sent if
• This is a full segment (MSS bytes)
• There are no unacknowledged bytes

Observed IP packets
http://www.caida.org/research/traffic-analysis/pkt_size_distribution/graphs.xml

Flow control
(seq=122,"abcd")
(ack=126,rwin=0)
Last_ack=122, swin=100, rwin=4
To transmit : abcdefghijklm
(ack=126,rwin=2)
(seq=126,"ef")
(ack=128,rwin=20)
(seq=128,"ghijklm")
(ack=135,rwin=20)

TCP flow control
• Performance function of window size
• Throughput ~= window/rtt
• TCP window : 16 bits field
rtt 1 msec 10 msec 100 msec
Window
8 Kbytes 65.6 Mbps 6.5 Mbps 0.66 Mbps
64 Kbytes 524.3 Mbps 52.4 Mbps 5.2 Mbps
• RFC1323 Window scale extension

Connection release
FIN(seq=x)
DISCONNECT.req (A-B)
DISCONNECT.ind(A-B)
ACK(ack=x+1)
DISCONNECT.conf(A-B)
ACK(ack=y+1)
DISCONNECT.req(B-A)
DISCONNECT.conf(A-B)
outgoing connection closed
DISCONNECT.ind(B-A)
FIN(seq=y)
Time WAIT
Maintain state for this
connection during twice MSL
to be able to retransmit ACK
if a segment is received from
the other entity
incoming connection closed
incoming connection closed
outgoing connection closed
State can be removed
Last sent data : x-1
Last sent data : y-1

Abrupt release
RST(seq=x)
DISCONNECT.req (abrupt)
DISCONNECT.ind(abrupt)
Connection closed
Connection closed
Last sent data : x
• Data segments can be lost during such an abrupt release
• No entity needs to wait in TIME_WAIT state after such a release
• anyway, any segment received when there is no state causes the
transmission of a RST segment

TCP connection
release
SYN RCVD
FIN Wait1
?FIN/!ACK
CLOSE Wait
Established
FIN Wait2
!FIN
LAST-ACK
Closing
TIME Wait
?ACK
Closed
Timeout[2MSL]
?FIN/!ACK
?ACK
!FIN
?ACK
?FIN/!ACK
!FIN

TCP limitations
• Service
• Only supports bytestream service
• Extensibility
• Limited space for options
• Security
• Various issues like Denial of Service
attacks

TCP establishment
SYN(Src=C,seq=x)
CONNECT.ind
SYN+ACK(Dest=C,ack=x+1,seq=y)
ACK(Src=A,seq=x)
CONNECT.req

DoS attack
• Attacker sends 1000s of SYNs
SYN(Src=A,seq=x)
CONNECT.ind
CONNECT.ind
SYN+ACK(Dest=A,ack=x+1,seq=y)
SYN(Src=B,seq=x)
SYN+ACK(Dest=B,ack=x+1,seq=z)

TCP Security
• 20th century security
• Server trusts Alice but not Bob
• Server accepts all TCP connections
from Alice's IP address without
asking a password
• Server always asks a password
from Bob's IP address

TCP Security
• Can Bob create a fake TCP connection
by spoofing Alice's IP when she is away
?
SYN(seq=x)
CONNECT.req
CONNECT.ind
CONNECT.res
p
CONNECT.conf

TCP Security
• Bob's view of the transfer
SYN(Src=A,seq=x)
SYN+ACK(Dst=A,ack=x+1,seq=y)
Data(Src=A,seq=x+1)

SYN Cookies
SYN(seq=x)
CONNECT.req
CONNECT.ind
CONNECT.conf
No state created
y=Hash(IPClient,PortClient,Secret)
Verify that
ack=1+Hash(IPClient,PortClient,Secret)
State is created
• Stateless passive opener

SCTP connection
establishment

TCP Congestion
Control
• Congestion detection
• Packet loss
• Explicit Congestion Notification
• Congestion control
• Additive Increase Multiplicative
Decrease

Additive Increase
• No congestion ?
• All acks move window
• Additive increase
• Increment cwnd by on MSS every rtt
Cwnd
Time

• HowF toa sspeteed urp ithne cgrrowetha osf thee
congestion window at connection
startup ?
• Slow-start
• Double cwnd every rtt Cwnd
Slow-start
exponential increase of cwnd
Time
Max window

Multiplicative
• How to detdecte cocngresetioan ?se
• Three duplicate acks
• mild congestion for TCP
• cwnd/2 and restart additive increase
• Expiration of retransmission timer
• severe congestion
• Reset cwnd at 1 MSS
• Perform slow-start until half previous cwnd
and then continue with congestion
avoidance

Cwnd
Mild congestion
Fast retransmit
Threshold
Fast retransmit
Threshold
Slow-start
Congestion avoidance
linear increase of cwnd

Severe congestion
Cwnd
Time
Timer expiration
Threshold
Timer expiration
Threshold
Slow-start
Congestion avoidance
linear increase of cwnd

7 tcp-congestion

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to 7 tcp-congestion

Similar to 7 tcp-congestion (20)

More from Olivier Bonaventure

More from Olivier Bonaventure (20)

Recently uploaded

Recently uploaded (20)

7 tcp-congestion

Editor's Notes