Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transport Layer Advanced Features1 Chapter 2 Transport Layer Advance Features Some of these slides are copyrighted by: Computer Networking: A Top Down.

Similar presentations


Presentation on theme: "Transport Layer Advanced Features1 Chapter 2 Transport Layer Advance Features Some of these slides are copyrighted by: Computer Networking: A Top Down."— Presentation transcript:

1 Transport Layer Advanced Features1 Chapter 2 Transport Layer Advance Features Some of these slides are copyrighted by: Computer Networking: A Top Down Approach 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April Departamento de Tecnología Electrónica

2 Transport Layer Advanced Features2 Chapter 2 outline r 2.1 Transport-layer services r 2.2 Connection- oriented transport: TCP r 2.3 Principles of congestion control r 2.4 TCP congestion control r 2.5 Transport Layer Secure, TLS r 2.6 Stream Control Transmission Protocol

3 Transport Layer Advanced Features3 Chapter 2 outline r 2.1 Transport-layer services r 2.2 Connection- oriented transport: TCP r 2.3 Principles of congestion control r 2.4 TCP congestion control r 2.5 Transport Layer Secure, TLS r 2.6 Stream Control Transmission Protocol

4 Transport Layer Advanced Features4 Transport services and protocols r provide logical communication between app processes running on different hosts r transport protocols run in end systems m breaks app messages into segments, passes to network layer

5 Transport Layer Advanced Features5 Internet transport-layer protocols r more than one transport protocol available to apps m Internet: TCP and UDP

6 Transport Layer Advanced Features6 Internet transport-layer protocols r more than one transport protocol available to apps m Internet: TCP and UDP TCPUDP Connection- orientedNon-connection- oriented ReliableUnreliable Segment groupingUnfragmented messages Rcv orders segmentsUser datagram ACKs and timersNo ACKs Flow controlNo flow control Congestion controlNo congestion control

7 Transport Layer Advanced Features7 Internet transport-layer protocols r Port: identifies application r Port numbers: Application protocolPort numbersTransport protocol FTP20, 21TCP Telnet23TCP SMTP25TCP DNS53UDP (TCP (*)) TFTP69UDP HTTP80TCP POP3110TCP RIP520UDP

8 Transport Layer Advanced Features8 Chapter 2 outline r 2.1 Transport-layer services r 2.2 Connection- oriented transport: TCP r 2.3 Principles of congestion control r 2.4 TCP congestion control r 2.5 Transport Layer Secure, TLS r 2.6 Stream Control Transmission Protocol

9 Transport Layer Advanced Features9 TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 r full duplex data: m bi-directional data flow in same connection m MSS: maximum segment size r connection-oriented: m handshaking (exchange of control msgs) init’s sender, receiver state before data exchange r flow controlled: m sender will not overwhelm receiver r point-to-point: m one sender, one receiver r reliable, in-order byte stream: m no “message boundaries” r pipelined: m TCP congestion and flow control set window size r send & receive buffers

10 Transport Layer Advanced Features10 TCP segment structure source port # dest port # 32 bits application data (variable length) sequence number acknowledgement number Receive window Urg data pnter checksum F SR PAU head len not used Options (variable length) URG: urgent data (generally not used) ACK: ACK # valid PSH: push data now (generally not used) RST, SYN, FIN: connection estab (setup, teardown commands) # bytes rcvr willing to accept counting by bytes of data (not segments!) Internet checksum (as in UDP)

11 Transport Layer Advanced Features11 TCP seq. #’s and ACKs Host AHost B Seq=M, SYN=1 Seq=N, ACK=M+1, SYN=1 Seq=M+1, ACK=N+1 Client starts active open Client confirms server open Server is in passive open, starts connection and confirms client open time Connection established

12 Transport Layer Advanced Features12 Chapter 2 outline r 2.1 Transport-layer services r 2.2 Connection- oriented transport: TCP r 2.3 Principles of congestion control r 2.4 TCP congestion control r 2.5 Transport Layer Secure, TLS r 2.6 Stream Control Transmission Protocol

13 Transport Layer Advanced Features13 Principles of Congestion Control Congestion: r informally: “too many sources sending too much data too fast for network to handle” r different from flow control! r manifestations: m lost packets (buffer overflow at routers) m long delays (queueing in router buffers)

14 Transport Layer Advanced Features14 Causes/costs of congestion: scenario 1 r two senders, two receivers r one router, infinite buffers r no retransmission r large delays when congested r maximum achievable throughput unlimited shared output link buffers Host A in : original data Host B out

15 Transport Layer Advanced Features15 Causes/costs of congestion: scenario 2 r one router, finite buffers r sender retransmission of lost packet finite shared output link buffers Host A in : original data Host B out ' in : original data, plus retransmitted data

16 Transport Layer Advanced Features16 Causes/costs of congestion: scenario 2 r always: (goodput) r “perfect” retransmission only when loss: r retransmission of delayed (not lost) packet makes larger (than perfect case) for same in out = in out > in out “costs” of congestion: r more work (retrans) for given “goodput” r unneeded retransmissions: link carries multiple copies of pkt R/2 in out b. R/2 in out a. R/2 in out c. R/4 R/3

17 Transport Layer Advanced Features17 Causes/costs of congestion: scenario 3 r four senders r multihop paths r timeout/retransmit in Q: what happens as and increase ? in finite shared output link buffers Host A in : original data Host B out ' in : original data, plus retransmitted data

18 Transport Layer Advanced Features18 Causes/costs of congestion: scenario 3 Another “cost” of congestion: r when packet dropped, any upstream transmission capacity used for that packet was wasted! HostAHostA HostBHostB o u t

19 Transport Layer Advanced Features19 Approaches towards congestion control End-end congestion control: r no explicit feedback from network r congestion inferred from end-system observed loss, delay r approach taken by TCP Network-assisted congestion control: r routers provide feedback to end systems m E.g. single bit indicating congestion Two broad approaches towards congestion control:

20 Transport Layer Advanced Features20 Chapter 2 outline r 2.1 Transport-layer services r 2.2 Connection- oriented transport: TCP r 2.3 Principles of congestion control r 2.4 TCP congestion control r 2.5 Transport Layer Secure, TLS r 2.6 Stream Control Transmission Protocol

21 Transport Layer Advanced Features21 TCP Congestion Control r sender limits transmission: LastByteSent-LastByteAcked  CongWin r How does sender perceive congestion? m loss event = timeout or 3 duplicate acks  TCP sender reduces rate ( CongWin ) after loss event Host A timeout Host B time X resend 2 nd segment Host A Seq=92, 8 bytes data ACK=100 loss timeout lost ACK scenario Host B X Seq=92, 8 bytes data ACK= 100 time Resending a segment after triple duplicate ACK

22 Transport Layer Advanced Features22 TCP congestion control: additive increase, multiplicative decrease (AIMD) r Approach: increase transmission rate (window size), probing for usable bandwidth, until loss occurs m additive increase: increase CongWin by 1 MSS every RTT until loss detected m multiplicative decrease: cut CongWin in half after loss time congestion window size Saw tooth behavior: probing for bandwidth

23 Transport Layer Advanced Features23 TCP Congestion Control: details r Roughly,  When connection begins, CongWin = 1 MSS m Example: MSS = 500 bytes & RTT = 200 msec m initial rate = 20 kbps r three pases: m slow start (SS) m Congestion avoidance (CA): e.g. AIMD m Fast recovery (FR) r First two are compulsory in TCP, while the last one is recommendable rate = CongWin RTT Bytes/sec

24 Transport Layer Advanced Features24 TCP Slow Start r available bandwidth may be >> MSS/RTT r When connection begins, increase rate exponentially fast until first loss event r initial rate is slow but ramps up exponentially fast Host A one segment RTT Host B time two segments four segments

25 Transport Layer Advanced Features25 Congestion avoidance r After 3 dup ACKs:  CongWin is cut in half m window then grows linearly r But after timeout event:  CongWin instead set to 1 MSS; m window then grows exponentially m to a threshold, then grows linearly  3 dup ACKs indicates network capable of delivering some segments  timeout indicates a “more alarming” congestion scenario Philosophy:

26 Transport Layer Advanced Features26 Summary: TCP Congestion Control  When CongWin is below Threshold, sender in slow-start phase, window grows exponentially.  When CongWin is above Threshold, sender is in congestion-avoidance phase, window grows linearly.  When a triple duplicate ACK occurs, Threshold set to CongWin/2 and CongWin set to Threshold.  When timeout occurs, Threshold set to CongWin/2 and CongWin is set to 1 MSS.

27 Transport Layer Advanced Features27 Chapter 2 outline r 2.1 Transport-layer services r 2.2 Connection- oriented transport: TCP r 2.3 Principles of congestion control r 2.4 TCP congestion control r 2.5 Transport Layer Secure, TLS r 2.6 Stream Control Transmission Protocol

28 Transport Layer Advanced Features28 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection Access and availability: services must be accessible and available to users

29 Transport Layer Advanced Features29 Who might need security and why? r Who? m Web browser/server for electronic transactions (e.g., on-line purchases) m on-line banking client/server m DNS servers m routers exchanging routing table updates m other examples? r Why? m eavesdrop: intercept messages m actively insert messages into connection m impersonation: can fake (spoof) source address in packet (or any field in packet) m hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place m denial of service: prevent service from being used by others (e.g., by overloading resources)

30 Transport Layer Advanced Features30 SSL: Secure Sockets Layer r Widely deployed security protocol m Supported by almost all browsers and web servers m https m Originally designed by Netscape in 1993 r Number of variations: m TLS: transport layer security, RFC 2246 r Provides m Confidentiality m Integrity m Authentication r SSL provides application programming interface (API) to applications r C and Java SSL libraries/classes readily available Application SSL TCP IP Application with SSL

31 Transport Layer Advanced Features31 SSL: general features r Handshake: use of certificates and private keys to authenticate each other and exchange shared secret r Key Derivation: use of shared secret to derive set of keys r Data Transfer: Data to be transferred is broken up into a series of records r Connection Closure: Special messages to securely close connection

32 Transport Layer Advanced Features32 SSL handshake and key derivation r MS = master secret r EMS = encrypted master secret SSL hello certificate K B + (MS) = EMS

33 Transport Layer Advanced Features33 Key derivation r Use different keys for message authentication code (MAC) and encryption r Four keys: m K c = encryption key for data sent from client to server m M c = MAC key for data sent from client to server m K s = encryption key for data sent from server to client m M s = MAC key for data sent from server to client r Takes master secret and (possibly) some additional random data and creates the keys

34 Transport Layer Advanced Features34 Data Transfer and closure r SSL breaks stream in series of records m Each record carries a MAC m Receiver can act on each record as it arrives lengthdataMAC r sequence number into MAC: m MAC = MAC(M x, sequence||data) m Note: no sequence number field r Use of random numbers r record types, with one type for closure m type 0 for data; type 1 for closure

35 Transport Layer Advanced Features35 SSL Record Format content type SSL version length MAC data 1 byte 2 bytes3 bytes Data and MAC encrypted

36 Transport Layer Advanced Features36 handshake: ClientHello handshake: ServerHello handshake: Certificate handshake: ServerHelloDone handshake: ClientKeyExchange ChangeCipherSpec handshake: Finished ChangeCipherSpec handshake: Finished application_data Alert: warning, close_notify Real Connection TCP Fin follow Everything henceforth is encrypted

37 Transport Layer Advanced Features37 Chapter 2 outline r 2.1 Transport-layer services r 2.2 Connection- oriented transport: TCP r 2.3 Principles of congestion control r 2.4 TCP congestion control r 2.5 Transport Layer Secure, TLS r 2.6 Stream Control Transmission Protocol

38 Transport Layer Advanced Features38 TCP and UDP limitations r TCP limitations: m TCP keeps strict order: head-of-line blocking may be a problem (data flow blocked until recovering a lost segment) m Byte-oriented nature of TCP: must use PSH to ensure data goes to app m No multi-home IP hosts m Relatively vulnerable to some attacks (SYN flooding) r UDP limitations m Not reliable m No data order m No congestion control r Solution: SCTP

39 Transport Layer Advanced Features39 Stream Control Transport Protocol r SCTP m Stream Control Transport Protocol, RFC 2960 m Initially created by SIGTRAN group for PSTN r SCTP enhancements m Multi-homed host support: redundancy & efficient flow m Multiple flows in one association: solves head-of-line blocking TCP problem

40 Transport Layer Advanced Features40 SCTP features r SCTP features m Connection oriented m Concepts Endpoints: SCTP endpoint is a list of addresses, same ports Association  multiple possible IPs {[ , , :100]}: [ :200]} (two endpoints, one association – Figure -)

41 Transport Layer Advanced Features41 SCTP header r SCTP header m First 32 bit words  SCTP common header (similar to UDP header) m Verification tag: distinguish between associations; prevent from attacks m Chunks: building blocks

42 Transport Layer Advanced Features42 SCTP header r SCTP chunks m Blocks with a 32-bit multiple length m Different types Control (e.g., INIT, INIT-ACK, COOKIE-ECHO, COOKIE- ACK – four-way handshake -) Data (e.g. DATA)


Download ppt "Transport Layer Advanced Features1 Chapter 2 Transport Layer Advance Features Some of these slides are copyrighted by: Computer Networking: A Top Down."

Similar presentations


Ads by Google