CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

Similar documents
CSE/EE 461 Lecture 12 TCP. A brief Internet history...

Connections. Topics. Focus. Presentation Session. Application. Data Link. Transport. Physical. Network

User Datagram Protocol

Some slides courtesy David Wetherall. Communications Software. Lecture 4: Connections and Flow Control. CSE 123b. Spring 2003.

Last Class. CSE 123b Communications Software. Today. Naming Processes/Services. Transmission Control Protocol (TCP) Picking Port Numbers.

CSE/EE 461 Lecture 14. Connections. Last Time. This Time. We began on the Transport layer. Focus How do we send information reliably?

Application Service Models

CSE 461 The Transport Layer

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

CSE 461 Module 11. Connections

CSE 461 Connections. David Wetherall

CS419: Computer Networks. Lecture 10, Part 2: Apr 11, 2005 Transport: TCP mechanics (RFCs: 793, 1122, 1323, 2018, 2581)

CSCI-1680 Transport Layer I Rodrigo Fonseca

CSEP 561 Connections. David Wetherall

CSCI-1680 Transport Layer I Rodrigo Fonseca

Lecture 22: TCP & NAT. CSE 123: Computer Networks Alex C. Snoeren

CSE/EE 461 The Network Layer. Application Presentation Session Transport Network Data Link Physical

Outline Computer Networking. Functionality Split. Transport Protocols

CSEP 561 Connections. David Wetherall

Internet Protocols Fall Outline

Internet Protocol. Outline Introduction to Internet Protocol Header and address formats ICMP Tools CS 640 1

CS 43: Computer Networks. 18: Transmission Control Protocol October 12-29, 2018

Lecture 9: Internetworking

CS 455: INTRODUCTION TO DISTRIBUTED SYSTEMS [NETWORKING] Frequently asked questions from the previous class surveys

Telecom Systems Chae Y. Lee. Contents. Overview. Issues. Addressing ARP. Adapting Datagram Size Notes

Introduction to Networking. Operating Systems In Depth XXVII 1 Copyright 2017 Thomas W. Doeppner. All rights reserved.

End-to-End Protocols. End-to-End Protocols

Administrivia. P561: Network Systems Week 5: Transport #1. Homework #1: General s Paradox. General s Paradox Illustrated. Consensus revisited

ECE 4450:427/527 - Computer Networks Spring 2017

TCP/IP Networking. Part 4: Network and Transport Layer Protocols

Transport Layer Marcos Vieira

TCP Overview. Connection-oriented Byte-stream

Introduction to TCP/IP networking

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

Internet transport protocols

EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane

Reliable Byte-Stream (TCP)

EE 122: Transport Protocols. Kevin Lai October 16, 2002

Position of IP and other network-layer protocols in TCP/IP protocol suite

CS 716: Introduction to communication networks th class; 7 th Oct Instructor: Sridhar Iyer IIT Bombay

CSCI-GA Operating Systems. Networking. Hubertus Franke

Introduc)on to Computer Networks

NWEN 243. Networked Applications. Layer 4 TCP and UDP

TCP. TCP: Overview. TCP Segment Structure. Maximum Segment Size (MSS) Computer Networks 10/19/2009. CSC 257/457 - Fall

TCP: Transmission Control Protocol RFC 793,1122,1223. Prof. Lin Weiguo Copyleft 2009~2017, School of Computing, CUC

Different Layers Lecture 20

TCP Review. Carey Williamson Department of Computer Science University of Calgary Winter 2018

Chapter 5 End-to-End Protocols

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

STEVEN R. BAGLEY PACKETS

Computer Network Programming. The Transport Layer. Dr. Sam Hsu Computer Science & Engineering Florida Atlantic University

ICS 351: Networking Protocols

Multiple unconnected networks

UDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data

UDP, TCP, IP multicast

CS Lecture 1 Review of Basic Protocols

CS4700/CS5700 Fundamentals of Computer Networks

Network and Security: Introduction

CS519: Computer Networks. Lecture 2: Feb 2, 2004 IP (Internet Protocol)

COMPUTER NETWORKS CS CS 55201

COMPUTER NETWORKS CS CS 55201

IP : Internet Protocol

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

Islamic University of Gaza Faculty of Engineering Department of Computer Engineering ECOM 4021: Networks Discussion. Chapter 5 - Part 2

ET4254 Communications and Networking 1

Computer Networking Concept

IPv4 Lecture 10a. COMPSCI 726 Network Defence and Countermeasures. Muhammad Rizwan Asghar. August 14, 2017

CSc 466/566. Computer Security. 18 : Network Security Introduction

SWITCHING, FORWARDING, AND ROUTING

Introduction to Networks and the Internet

CPSC156a: The Internet Co-Evolution of Technology and Society. Lecture 4: September 16, 2003 Internet Layers and the Web

UNIT IV TRANSPORT LAYER

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

The Netwok 15 Layer IPv4 and IPv6 Part 3

9th Slide Set Computer Networks

Mobile Transport Layer Lesson 02 TCP Data Stream and Data Delivery

Internet Networking recitation #2 IP Checksum, Fragmentation

Lecture 6. Internet Security: How the Internet works and some basic vulnerabilities. Thursday 19/11/2015

6.1 Internet Transport Layer Architecture 6.2 UDP (User Datagram Protocol) 6.3 TCP (Transmission Control Protocol) 6. Transport Layer 6-1

Administrivia CSC458 Lecture 4 Bridging LANs and IP. Last Time. This Time -- Switching (a.k.a. Bridging)

TCP Strategies. Keepalive Timer. implementations do not have it as it is occasionally regarded as controversial. between source and destination

ECE 435 Network Engineering Lecture 10

TCP Adaptive Retransmission Algorithm - Original TCP. TCP Adaptive Retransmission Algorithm Jacobson

CompSci 356: Computer Network Architectures. Lecture 8: Spanning Tree Algorithm and Basic Internetworking Ch & 3.2. Xiaowei Yang

CS457 Transport Protocols. CS 457 Fall 2014

Operating Systems and Networks. Network Lecture 8: Transport Layer. Adrian Perrig Network Security Group ETH Zürich

Operating Systems and Networks. Network Lecture 8: Transport Layer. Where we are in the Course. Recall. Transport Layer Services.

internet technologies and standards

Computer and Network Security

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

CSE/EE 461 Lecture 16 TCP Congestion Control. TCP Congestion Control

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods

Recap. Recap. Internetworking. First mile problem. Internet. End Users. Last mile problem. Direct link networks Packet switching.

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

ICS 451: Today's plan

Configuring Flood Protection

Vorlesung Kommunikationsnetze

Transport Layer (TCP/UDP)

Overview. Internetworking and Reliable Transmission. CSE 561 Lecture 3, Spring David Wetherall. Internetworking. Reliable Transmission

Transcription:

CSE/EE 461 Lecture 13 Connections and Fragmentation Tom Anderson tom@cs.washington.edu Peterson, Chapter 5.2 TCP Connection Management Setup assymetric 3-way handshake Transfer sliding window; data and acks in both directions Teardown symmetric 2-way handshake Client-server model initiator (client) contacts server listener (server) responds, provides service

Three-Way Handshake Opens both directions for transfer Active participant (client) SYN, SequenceNum = x Passive participant (server) SYN +, SequenceNum = y, Acknowledgment = x + 1, Acknowledgment = y + 1 +data TCP Transfer Connection is bi-directional acks can carry response data (client) (server) Seq = x + MSS; Ack = y+1 Seq = x + 2*MSS; Ack = y+1 Seq = y+mss; Ack = x+2mss+1 Seq = x + 3*MSS; Ack = y+mss+1

TCP Connection Teardown Symmetric: either side can close connection Web server Web browser FIN data, data, FIN Half-open connection; data can be continue to be sent Can reclaim connection after 2 MSL Can reclaim connection right away (must be at least 1MSL after first FIN) TCP State Transitions CLOSED Passive open Close LISTEN Close Active open/syn SYN/SYN + Send/ SYN SYN/SYN + SYN_RCVD SYN_SENT SYN + / Close /FIN ESTABLISHED Close /FIN FIN/ FIN_WAIT_1 CLOSE_WAIT FIN/ Close /FIN FIN_WAIT_2 CLOSING LAST_ FIN/ Timeout after two segment lifetimes TIME_WAIT CLOSED

TCP Connection Setup, with States Active participant (client) SYN_SENT SYN, SequenceNum = x Passive participant (server) LISTEN ESTABLISHED SYN +, SequenceNum = y, Acknowledgment = x + 1 SYN_RCVD, Acknowledgment = y + 1 +data ESTABLISHED TCP Connection Teardown FIN_WAIT_1 Web server FIN Web browser FIN_WAIT_2 TIME_WAIT CLOSED FIN CLOSE_WAIT LAST_ CLOSED

The TIME_WAIT State We wait 2MSL (two times the maximum segment lifetime of 60 seconds) before completing the close Why? might have been lost and so FIN will be resent Could interfere with a subsequent connection TCP Handshake in an Uncooperative Internet TCP Hijacking if seq # is predictable, attacker can insert packets into TCP stream many implementations of TCP simply bumped previous seq # by 1 attacker can learn seq # by setting up a connection Solution: use random initial sequence # s weak form of authentication Client Malicious attacker SYN, SequenceNum = x SYN +, y, x + 1 fake web page, y+mss, y+1 HTTP get URL, x + MSS web page, y + MSS Server

TCP Handshake in an Uncooperative Internet TCP SYN flood server maintains state for every open connection if attacker spoofs source addresses, can cause server to open lots of connections eventually, server runs out of memory Malicious attacker SYN, SequenceNum = x SYN, p SYN, q SYN, r SYN, s SYN +, y, x + 1 Server TCP SYN cookies Solution: SYN cookies Server keeps no state in response to SYN; instead makes client store state Server picks return seq # y = that encrypts x Gets +1 from sender; unpacks to yield x Client SYN, SequenceNum = x SYN +,, x + 1, + 1 Server

IP Fragmentation Both TCP and IP fragment and reassemble packets. Why? IP packets traverse heterogeneous nets Each network has its own max transfer unit Ethernet ~ 1400 bytes; FDDI ~ 4500 bytes P2P ~ 532 bytes; ATM ~ 53 bytes; Aloha ~ 80bytes Path is transparent to end hosts can change dynamically (but usually doesn t) IP routers fragment; hosts reassemble Fragmentation Example Different networks may have different frame limits (MTUs) Ethernet 1.5K, FDDI 4.5K Don t know if packet will be too big beforehand IPv4: fragment on demand and reassemble at destination IPv6: network returns error message so host can learn limit H1 H2 H3 Network 2 (Ethernet) R1 H4 Fragment? Network 3 (FDDI) H5 H6

Fragment Fields Fragments identified by (src, dest, id) Offset gives start, length Flags More Fragments (MF) Don t Fragment (DF) 0 4 8 16 19 31 Version HLen TOS Length Identifier for Fragments Flags Fragment Offset TTL Protocol Checksum Source Address Destination Address Options (variable) Data Pad (variable) Fragment Considerations Relating fragments to original datagram provides: Tolerance of loss, reordering and duplication Ability to fragment fragments Consequences of fragmentation: Loss of any fragments causes loss of entire packet possibility of congestion collapse! Need to time-out reassembly when any fragments lost Complicates router hardware => slow path Limits sending speed? To avoid duplicates confusion: 2^16/MSL ~ 500 pkts/sec Better to avoid fragmenting if at all possible!

How can TCP choose segment size? Pick LAN MTU as segment size? LAN MTU usually larger than WAN MTU => Most Internet traffic would be fragmented Pick smallest MTU across all networks in Internet? Most traffic is local! Local file server, web proxy, DNS cache,... Increases packet processing overhead Discover MTU to each destination? Path MTU discovery Path MTU Discovery Path MTU is the smallest MTU along path Packets less than this size don t get fragmented Hosts send packets with DF (don t fragment) set Routers return ICMP packet to source if too large similar to TTL exceeded Binary search to find largest MTU that doesn t fragment separately for each destination subnet Source TCP uses as segment size Destination TCP reassembles

Layering Revisited IP layer transparent packet delivery Implementation decisions affect higher layers (and vice versa) Fragmentation => reassembly overhead path MTU discovery Packet loss => congestion or lossy link? link layer retransmission Reordering => packet loss or multipath? router hardware tries to keep packets in order FIFO vs. active queue management IP Packet Header Limitations Fixed size fields in IPv4 packet header source/destination address (32 bits) limits to ~ 4B unique public addresses; about 800M allocated NATs map multiple hosts to single public address IP ID field (16 bits) limits to 65K fragmented packets at once in practice, fewer than 1% of all packets fragment Type of service (8 bits) unused until recently; needed to express priorities TTL (8 bits) limits maximum Internet path length to 255; typical is 30 Length (16 bits) Much larger than most link layer MTU s; path MTU discovery

TCP Packet Header Limitations Fixed size fields in TCP packet header seq #/ack # -- 32 bits (can t wrap within MSL) T1 ~ 6.4 hours; OC-192 ~ 3.5 seconds source/destination port # -- 16 bits limits # of connections between two machines (NATs) ok to give each machine multiple IP addresses header length limits # of options receive window size -- 16 bits (64KB) rate = window size / delay Ex: 100ms delay => rate ~ 5Mb/sec

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback