Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2 Transport Layer Advance Features

Similar presentations


Presentation on theme: "Chapter 2 Transport Layer Advance Features"— Presentation transcript:

1 Chapter 2 Transport Layer Advance Features
Departamento de Tecnología Electrónica Some of these slides are copyrighted by: Computer Networking: A Top Down Approach 5th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009. Chapter 2 Transport Layer Advance Features Transport Layer Advanced Features

2 Transport Layer Advanced Features
Chapter 2 outline 2.1 Transport-layer services 2.2 Connection-oriented transport: TCP 2.3 Principles of congestion control 2.4 TCP congestion control 2.5 Transport Layer Secure, TLS 2.6 Stream Control Transmission Protocol Transport Layer Advanced Features

3 Transport Layer Advanced Features
Chapter 2 outline 2.1 Transport-layer services 2.2 Connection-oriented transport: TCP 2.3 Principles of congestion control 2.4 TCP congestion control 2.5 Transport Layer Secure, TLS 2.6 Stream Control Transmission Protocol Transport Layer Advanced Features

4 Transport services and protocols
provide logical communication between app processes running on different hosts transport protocols run in end systems breaks app messages into segments, passes to network layer Transport Layer Advanced Features

5 Internet transport-layer protocols
more than one transport protocol available to apps Internet: TCP and UDP Transport Layer Advanced Features

6 Internet transport-layer protocols
TCP UDP Connection- oriented Non-connection- oriented Reliable Unreliable Segment grouping Unfragmented messages Rcv orders segments User datagram ACKs and timers No ACKs Flow control No flow control Congestion control No congestion control more than one transport protocol available to apps Internet: TCP and UDP Transport Layer Advanced Features

7 Internet transport-layer protocols
Port: identifies application Port numbers: Application protocol Port numbers Transport protocol FTP 20, 21 TCP Telnet 23 SMTP 25 DNS 53 UDP (TCP (*)) TFTP 69 UDP HTTP 80 POP3 110 RIP 520 Transport Layer Advanced Features

8 Transport Layer Advanced Features
Chapter 2 outline 2.1 Transport-layer services 2.2 Connection-oriented transport: TCP 2.3 Principles of congestion control 2.4 TCP congestion control 2.5 Transport Layer Secure, TLS 2.6 Stream Control Transmission Protocol Transport Layer Advanced Features

9 Transport Layer Advanced Features
TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 point-to-point: one sender, one receiver reliable, in-order byte stream: no “message boundaries” pipelined: TCP congestion and flow control set window size send & receive buffers full duplex data: bi-directional data flow in same connection MSS: maximum segment size connection-oriented: handshaking (exchange of control msgs) init’s sender, receiver state before data exchange flow controlled: sender will not overwhelm receiver Transport Layer Advanced Features

10 TCP segment structure source port # dest port # application data
32 bits application data (variable length) sequence number acknowledgement number Receive window Urg data pnter checksum F S R P A U head len not used Options (variable length) URG: urgent data (generally not used) counting by bytes of data (not segments!) ACK: ACK # valid PSH: push data now (generally not used) # bytes rcvr willing to accept RST, SYN, FIN: connection estab (setup, teardown commands) Internet checksum (as in UDP) Transport Layer Advanced Features

11 TCP seq. #’s and ACKs Host A Host B time Client starts active open
Seq=M, SYN=1 Server is in passive open, starts connection and confirms client open Seq=N, ACK=M+1, SYN=1 Client confirms server open Seq=M+1, ACK=N+1 Connection established time Transport Layer Advanced Features

12 Transport Layer Advanced Features
Chapter 2 outline 2.1 Transport-layer services 2.2 Connection-oriented transport: TCP 2.3 Principles of congestion control 2.4 TCP congestion control 2.5 Transport Layer Secure, TLS 2.6 Stream Control Transmission Protocol Transport Layer Advanced Features

13 Principles of Congestion Control
informally: “too many sources sending too much data too fast for network to handle” different from flow control! manifestations: lost packets (buffer overflow at routers) long delays (queueing in router buffers) Transport Layer Advanced Features

14 Causes/costs of congestion: scenario 1
unlimited shared output link buffers Host A lin : original data Host B lout two senders, two receivers one router, infinite buffers no retransmission large delays when congested maximum achievable throughput Transport Layer Advanced Features

15 Causes/costs of congestion: scenario 2
one router, finite buffers sender retransmission of lost packet Host A lout lin : original data l'in : original data, plus retransmitted data Host B finite shared output link buffers Transport Layer Advanced Features

16 Causes/costs of congestion: scenario 2
l in out = always: (goodput) “perfect” retransmission only when loss: retransmission of delayed (not lost) packet makes larger (than perfect case) for same l in out > l in l out R/2 lin lout b. a. c. R/4 R/3 “costs” of congestion: more work (retrans) for given “goodput” unneeded retransmissions: link carries multiple copies of pkt Transport Layer Advanced Features

17 Causes/costs of congestion: scenario 3
four senders multihop paths timeout/retransmit l in Q: what happens as and increase ? l in Host A lout lin : original data l'in : original data, plus retransmitted data finite shared output link buffers Host B Transport Layer Advanced Features

18 Causes/costs of congestion: scenario 3
Host A lout Host B Another “cost” of congestion: when packet dropped, any upstream transmission capacity used for that packet was wasted! Transport Layer Advanced Features

19 Approaches towards congestion control
Two broad approaches towards congestion control: End-end congestion control: no explicit feedback from network congestion inferred from end-system observed loss, delay approach taken by TCP Network-assisted congestion control: routers provide feedback to end systems E.g. single bit indicating congestion Transport Layer Advanced Features

20 Transport Layer Advanced Features
Chapter 2 outline 2.1 Transport-layer services 2.2 Connection-oriented transport: TCP 2.3 Principles of congestion control 2.4 TCP congestion control 2.5 Transport Layer Secure, TLS 2.6 Stream Control Transmission Protocol Transport Layer Advanced Features

21 TCP Congestion Control
Host A Seq=92, 8 bytes data ACK=100 loss timeout lost ACK scenario Host B X time Host A timeout Host B time X resend 2nd segment sender limits transmission: LastByteSent-LastByteAcked  CongWin How does sender perceive congestion? loss event = timeout or 3 duplicate acks TCP sender reduces rate (CongWin) after loss event Resending a segment after triple duplicate ACK Transport Layer Advanced Features

22 TCP congestion control: additive increase, multiplicative decrease (AIMD)
Approach: increase transmission rate (window size), probing for usable bandwidth, until loss occurs additive increase: increase CongWin by 1 MSS every RTT until loss detected multiplicative decrease: cut CongWin in half after loss Saw tooth behavior: probing for bandwidth congestion window size time Transport Layer Advanced Features

23 TCP Congestion Control: details
Roughly, When connection begins, CongWin = 1 MSS Example: MSS = 500 bytes & RTT = 200 msec initial rate = 20 kbps three pases: slow start (SS) Congestion avoidance (CA): e.g. AIMD Fast recovery (FR) First two are compulsory in TCP, while the last one is recommendable rate = CongWin RTT Bytes/sec Transport Layer Advanced Features

24 Transport Layer Advanced Features
TCP Slow Start available bandwidth may be >> MSS/RTT When connection begins, increase rate exponentially fast until first loss event initial rate is slow but ramps up exponentially fast Host A Host B one segment RTT two segments four segments time Transport Layer Advanced Features

25 Transport Layer Advanced Features
Congestion avoidance After 3 dup ACKs: CongWin is cut in half window then grows linearly But after timeout event: CongWin instead set to 1 MSS; window then grows exponentially to a threshold, then grows linearly Philosophy: 3 dup ACKs indicates network capable of delivering some segments timeout indicates a “more alarming” congestion scenario Transport Layer Advanced Features

26 Summary: TCP Congestion Control
When CongWin is below Threshold, sender in slow-start phase, window grows exponentially. When CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly. When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold. When timeout occurs, Threshold set to CongWin/2 and CongWin is set to 1 MSS. Transport Layer Advanced Features

27 Transport Layer Advanced Features
Chapter 2 outline 2.1 Transport-layer services 2.2 Connection-oriented transport: TCP 2.3 Principles of congestion control 2.4 TCP congestion control 2.5 Transport Layer Secure, TLS 2.6 Stream Control Transmission Protocol Transport Layer Advanced Features

28 What is network security?
Confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users Transport Layer Advanced Features 28

29 Who might need security and why?
Web browser/server for electronic transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples? Why? eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources) Transport Layer Advanced Features 29

30 SSL: Secure Sockets Layer
Widely deployed security protocol Supported by almost all browsers and web servers https Originally designed by Netscape in 1993 Number of variations: TLS: transport layer security, RFC 2246 Provides Confidentiality Integrity Authentication SSL provides application programming interface (API) to applications C and Java SSL libraries/classes readily available Application SSL TCP IP with SSL Transport Layer Advanced Features

31 Transport Layer Advanced Features
SSL: general features Handshake: use of certificates and private keys to authenticate each other and exchange shared secret Key Derivation: use of shared secret to derive set of keys Data Transfer: Data to be transferred is broken up into a series of records Connection Closure: Special messages to securely close connection Transport Layer Advanced Features

32 SSL handshake and key derivation
SSL hello certificate KB+(MS) = EMS MS = master secret EMS = encrypted master secret Transport Layer Advanced Features

33 Transport Layer Advanced Features
Key derivation Use different keys for message authentication code (MAC) and encryption Four keys: Kc = encryption key for data sent from client to server Mc = MAC key for data sent from client to server Ks = encryption key for data sent from server to client Ms = MAC key for data sent from server to client Takes master secret and (possibly) some additional random data and creates the keys Transport Layer Advanced Features

34 Data Transfer and closure
SSL breaks stream in series of records Each record carries a MAC Receiver can act on each record as it arrives length data MAC sequence number into MAC: MAC = MAC(Mx, sequence||data) Note: no sequence number field Use of random numbers record types, with one type for closure type 0 for data; type 1 for closure Transport Layer Advanced Features

35 Transport Layer Advanced Features
SSL Record Format content type SSL version length MAC data 1 byte 2 bytes 3 bytes Data and MAC encrypted Transport Layer Advanced Features

36 Transport Layer Advanced Features
Real Connection handshake: ClientHello handshake: ServerHello handshake: Certificate handshake: ServerHelloDone handshake: ClientKeyExchange ChangeCipherSpec handshake: Finished application_data Alert: warning, close_notify Everything henceforth is encrypted TCP Fin follow Transport Layer Advanced Features

37 Transport Layer Advanced Features
Chapter 2 outline 2.1 Transport-layer services 2.2 Connection-oriented transport: TCP 2.3 Principles of congestion control 2.4 TCP congestion control 2.5 Transport Layer Secure, TLS 2.6 Stream Control Transmission Protocol Transport Layer Advanced Features

38 TCP and UDP limitations
TCP limitations: TCP keeps strict order: head-of-line blocking may be a problem (data flow blocked until recovering a lost segment) Byte-oriented nature of TCP: must use PSH to ensure data goes to app No multi-home IP hosts Relatively vulnerable to some attacks (SYN flooding) UDP limitations Not reliable No data order No congestion control Solution: SCTP Transport Layer Advanced Features 38

39 Stream Control Transport Protocol
SCTP Stream Control Transport Protocol, RFC 2960 Initially created by SIGTRAN group for PSTN SCTP enhancements Multi-homed host support: redundancy & efficient flow Multiple flows in one association: solves head-of-line blocking TCP problem Transport Layer Advanced Features 39

40 Transport Layer Advanced Features
SCTP features SCTP features Connection oriented Concepts Endpoints: SCTP endpoint is a list of addresses, same ports Association  multiple possible IPs {[ , , :100]}: [ :200]} (two endpoints, one association – Figure -) Transport Layer Advanced Features 40

41 Transport Layer Advanced Features
SCTP header SCTP header First 32 bit words  SCTP common header (similar to UDP header) Verification tag: distinguish between associations; prevent from attacks Chunks: building blocks Transport Layer Advanced Features 41

42 Transport Layer Advanced Features
SCTP header SCTP chunks Blocks with a 32-bit multiple length Different types Control (e.g., INIT, INIT-ACK, COOKIE-ECHO, COOKIE-ACK – four-way handshake -) Data (e.g. DATA) Transport Layer Advanced Features 42


Download ppt "Chapter 2 Transport Layer Advance Features"

Similar presentations


Ads by Google