Download Document

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
Document related concepts

CAN bus wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

IEEE 1355 wikipedia , lookup

UniPro protocol stack wikipedia , lookup

Internet protocol suite wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

TCP congestion control wikipedia , lookup

Transcript 
Departamento de
Tecnología Electrónica
Some of these slides are
copyrighted by:
Chapter 2
Transport Layer
Advance Features
Computer Networking:
A Top Down Approach
5th edition.
Jim Kurose, Keith Ross
Addison-Wesley, April
2009.
Transport Layer Advanced Features
1
Chapter 2 outline
 2.1 Transport-layer
services
 2.2 Connectionoriented transport:
TCP
 2.3 Principles of
congestion control
 2.4 TCP congestion
control
 2.5 Transport Layer
Secure, TLS
 2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
2
Chapter 2 outline
 2.1 Transport-layer
services
 2.2 Connectionoriented transport:
TCP
 2.3 Principles of
congestion control
 2.4 TCP congestion
control
 2.5 Transport Layer
Secure, TLS
 2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
3
Transport services and protocols
 provide logical communication between app
processes running on different hosts
 transport protocols run in end systems

breaks app messages into segments, passes to
network layer
Host A
Network
Host B
Transport Layer Advanced Features
4
Internet transport-layer protocols
 more than one transport protocol available to apps
 Internet: TCP and UDP
FTP
HTTP
SMTP
DNS
TCP
UDP
IP
TFTP
Application
Transport
Network
Link layer (LLC y MAC)
Physical
Layer
Transport Layer Advanced Features
5
Internet transport-layer
protocols
 more than one
transport
protocol available
to apps

Internet: TCP
and UDP
TCP
UDP
Connection- oriented Non-connectionoriented
Reliable
Unreliable
Segment grouping
Unfragmented
messages
Rcv orders segments User datagram
ACKs and timers
No ACKs
Flow control
No flow control
Congestion control
No congestion control
Transport Layer Advanced Features
6
Internet transport-layer
protocols
 Port: identifies application
 Port numbers:
http://www.iana.org/assignements/port-numbers
Application protocol
Port numbers
Transport protocol
FTP
20, 21
TCP
Telnet
23
TCP
SMTP
25
TCP
DNS
53
UDP (TCP (*))
TFTP
69
UDP
HTTP
80
TCP
POP3
110
TCP
RIP
520
UDP
Transport Layer Advanced Features
7
Chapter 2 outline
 2.1 Transport-layer
services
 2.2 Connectionoriented transport:
TCP
 2.3 Principles of
congestion control
 2.4 TCP congestion
control
 2.5 Transport Layer
Secure, TLS
 2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
8
TCP: Overview
 point-to-point:
 one sender, one receiver
 reliable, in-order byte
stream:

no “message boundaries”
 pipelined:
 TCP congestion and flow
control set window size
 send & receive buffers
socket
door
application
writes data
application
reads data
TCP
send buffer
TCP
receive buffer
RFCs: 793, 1122, 1323, 2018, 2581
 full duplex data:
 bi-directional data flow
in same connection
 MSS: maximum segment
size
 connection-oriented:
 handshaking (exchange
of control msgs) init’s
sender, receiver state
before data exchange
 flow controlled:
 sender will not
socket
door
overwhelm receiver
segment
Transport Layer Advanced Features
9
TCP segment structure
32 bits
URG: urgent data
(generally not used)
ACK: ACK #
valid
PSH: push data now
(generally not used)
RST, SYN, FIN:
connection estab
(setup, teardown
commands)
Internet
checksum
(as in UDP)
source port #
dest port #
sequence number
acknowledgement number
head not
UA P R S F
len used
checksum
Receive window
Urg data pnter
Options (variable length)
counting
by bytes
of data
(not segments!)
# bytes
rcvr willing
to accept
application
data
(variable length)
Transport Layer Advanced Features
10
TCP seq. #’s and ACKs
Host A
Host B
Client starts
active open
Server is in passive open,
starts connection and
confirms client open
Client confirms
server open
Connection
established
Transport Layer Advanced Features
time
11
Chapter 2 outline
 2.1 Transport-layer
services
 2.2 Connectionoriented transport:
TCP
 2.3 Principles of
congestion control
 2.4 TCP congestion
control
 2.5 Transport Layer
Secure, TLS
 2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
12
Principles of Congestion Control
Congestion:
 informally: “too many sources sending too much
data too fast for network to handle”
 different from flow control!
 manifestations:


lost packets (buffer overflow at routers)
long delays (queueing in router buffers)
Transport Layer Advanced Features
13
Causes/costs of congestion: scenario 1
Host A
 two senders, two
receivers
 one router,
infinite buffers
 no retransmission
Host B
lout
lin : original data
unlimited shared
output link buffers
 large delays
when congested
 maximum
achievable
throughput
Transport Layer Advanced Features
14
Causes/costs of congestion: scenario 2
 one router, finite buffers
 sender retransmission of lost packet
Host A
Host B
lin : original
data
l'in : original data, plus
retransmitted data
lout
finite shared output
link buffers
Transport Layer Advanced Features
15
Causes/costs of congestion: scenario 2
(goodput)
= l
out
in
 “perfect” retransmission only when loss:
 always:
l
l > lout
in
 retransmission of delayed (not lost) packet makes
(than perfect case) for same
R/2
l
in
lout
R/2
larger
R/2
lin
a.
R/2
lout
lout
lout
R/3
lin
R/4
R/2
b.
lin
R/2
c.
“costs” of congestion:
 more work (retrans) for given “goodput”
 unneeded retransmissions: link carries multiple copies of pkt
Transport Layer Advanced Features
16
Causes/costs of congestion: scenario 3
 four senders
Q: what happens as l
in
and l increase ?
 multihop paths
 timeout/retransmit
in
Host A
lin : original data
lout
l'in : original data, plus
retransmitted data
finite shared output
link buffers
Host B
Transport Layer Advanced Features
17
Causes/costs of congestion: scenario 3
H
o
s
t
A
l
o
u
t
H
o
s
t
B
Another “cost” of congestion:
 when packet dropped, any upstream transmission
capacity used for that packet was wasted!
Transport Layer Advanced Features
18
Approaches towards congestion control
Two broad approaches towards congestion control:
Network-assisted
congestion control:
End-end congestion
control:
 no explicit feedback from
network
 congestion inferred from
end-system observed loss,
delay
 approach taken by TCP
 routers provide feedback
to end systems
 E.g. single bit indicating
congestion
Transport Layer Advanced Features
19
Chapter 2 outline
 2.1 Transport-layer
services
 2.2 Connectionoriented transport:
TCP
 2.3 Principles of
congestion control
 2.4 TCP congestion
control
 2.5 Transport Layer
Secure, TLS
 2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
20
TCP Congestion Control
Host A
 sender limits
Host B
Host A
Host B
transmission:
timeout
LastByteSent-LastByteAcked 
CongWin
 How does sender
perceive congestion?

X
loss
loss event = timeout or 3
duplicate acks
TCP sender reduces rate
(CongWin) after loss
event
timeout

X
time
lost ACK
scenario
time
Resending a segment
after triple duplicate
ACK
Transport Layer Advanced Features
21
TCP congestion control:
additive increase,
multiplicative decrease (AIMD)
 Approach: increase transmission rate (window size),
Saw tooth
behavior: probing
for bandwidth
congestion window size
probing for usable bandwidth, until loss occurs
 additive increase: increase CongWin by 1 MSS
every RTT until loss detected
 multiplicative decrease: cut CongWin in half after
loss
congestion
window
24 Kbytes
16 Kbytes
8 Kbytes
time
time
Transport Layer Advanced Features
22
TCP Congestion Control: details
 three pases:
 Roughly,
rate =

CongWin
Bytes/sec
RTT
 When connection begins,
CongWin = 1 MSS


Example: MSS = 500 bytes & RTT
= 200 msec
initial rate = 20 kbps


slow start (SS)
Congestion avoidance (CA):
e.g. AIMD
Fast recovery (FR)
 First two are compulsory in
TCP, while the last one is
recommendable
Transport Layer Advanced Features
23
TCP Slow Start
 available bandwidth may
Host B
RTT
be >> MSS/RTT
 When connection begins,
increase rate
exponentially fast until
first loss event
 initial rate is slow but
ramps up exponentially
fast
Host A
time
Transport Layer Advanced Features
24
Congestion avoidance
 After 3 dup ACKs:
 CongWin is cut in half
 window then grows linearly
 But after timeout event:
 CongWin instead set to 1
MSS;
 window then grows
exponentially
 to a threshold, then grows
linearly
Philosophy:
 3 dup ACKs indicates
network capable of
delivering some segments
 timeout indicates a
“more alarming”
congestion scenario
Transport Layer Advanced Features
25
Summary: TCP Congestion Control

When CongWin is below Threshold, sender in slow-start phase,
window grows exponentially.

When CongWin is above Threshold, sender is in congestion-avoidance
phase, window grows linearly.

When a triple duplicate ACK occurs, Threshold set to CongWin/2 and
CongWin set to Threshold.

When timeout occurs, Threshold set to CongWin/2 and CongWin is
set to 1 MSS.
Transport Layer Advanced Features
26
Chapter 2 outline
 2.1 Transport-layer
services
 2.2 Connectionoriented transport:
TCP
 2.3 Principles of
congestion control
 2.4 TCP congestion
control
 2.5 Transport Layer
Secure, TLS
 2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
27
What is network security?
Confidentiality: only sender, intended receiver
should “understand” message contents
 sender encrypts message
 receiver decrypts message
Authentication: sender, receiver want to confirm
identity of each other
Message integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards)
without detection
Access and availability: services must be accessible
and available to users
Transport Layer Advanced Features
28
Who might need security and why?
 Who?





Web browser/server for electronic transactions (e.g., on-line purchases)
on-line banking client/server
DNS servers
routers exchanging routing table updates
other examples?
 Why?





eavesdrop: intercept messages
actively insert messages into connection
impersonation: can fake (spoof) source address in packet (or any field in
packet)
hijacking: “take over” ongoing connection by removing sender or receiver,
inserting himself in place
denial of service: prevent service from being used by others (e.g., by
overloading resources)
Transport Layer Advanced Features
29
SSL: Secure Sockets Layer

Widely deployed security protocol




Number of variations:


Supported by almost all browsers
and web servers
https
Originally designed by Netscape in
1993
TLS: transport layer security, RFC
2246
Provides



Confidentiality
Integrity
Authentication
SSL
TCP
IP
SSL provides application
programming interface (API) to
applications
 C and Java SSL libraries/classes
readily available

Application
Application
with SSL
Transport Layer Advanced Features
30
SSL: general features
 Handshake: use of certificates and private
keys to authenticate each other and
exchange shared secret
 Key Derivation: use of shared secret to
derive set of keys
 Data Transfer: Data to be transferred is
broken up into a series of records
 Connection Closure: Special messages to
securely close connection
Transport Layer Advanced Features
31
SSL handshake and key derivation
Host A
Host B
 MS = master secret
 EMS = encrypted master secret
Transport Layer Advanced Features
32
Key derivation
 Use different keys for message authentication
code (MAC) and encryption
 Four keys:




Kc = encryption key for data sent from client to server
Mc = MAC key for data sent from client to server
Ks = encryption key for data sent from server to client
Ms = MAC key for data sent from server to client
 Takes master secret and (possibly) some
additional random data and creates the keys
Transport Layer Advanced Features
33
Data Transfer and closure
 SSL breaks stream in series of records
 Each record carries a MAC
 Receiver can act on each record as it arrives
length
data
MAC
 sequence number into MAC:
 MAC = MAC(Mx, sequence||data)
 Note: no sequence number field
 Use of random numbers
 record types, with one type for closure
 type 0 for data; type 1 for closure
Transport Layer Advanced Features
34
SSL Record Format
1 byte
content
type
2 bytes
3 bytes
SSL version
length
data
MAC
Data and MAC encrypted
Transport Layer Advanced Features
35
Real
Connection
Host A
Host B
Everything
henceforth
is encrypted
TCP Fin follow
Transport Layer Advanced Features
36
Chapter 2 outline
 2.1 Transport-layer
services
 2.2 Connectionoriented transport:
TCP
 2.3 Principles of
congestion control
 2.4 TCP congestion
control
 2.5 Transport Layer
Secure, TLS
 2.6 Stream Control
Transmission Protocol
Transport Layer Advanced Features
37
TCP and UDP limitations
 TCP limitations:
 TCP keeps strict order: head-of-line blocking may be
a problem (data flow blocked until recovering a lost
segment)
 Byte-oriented nature of TCP: must use PSH to
ensure data goes to app
 No multi-home IP hosts
 Relatively vulnerable to some attacks (SYN flooding)
 UDP limitations
 Not reliable
 No data order
 No congestion control
 Solution: SCTP
Transport Layer Advanced Features
38
Stream Control Transport Protocol
 SCTP
 Stream Control Transport Protocol, RFC 2960
 Initially created by SIGTRAN group for PSTN
 SCTP enhancements
 Multi-homed host support: redundancy & efficient flow
 Multiple flows in one association: solves head-of-line
blocking TCP problem
Host A
Host B
App 1
SCTP Port = 100
App 2
SCTP Port = 200
-------------------------------OS
NI-1
NI-2
-------------------------------OS
NI
NI-3
IP3 = 10.1.61.11
IP2 = 160.15.82.20
IP Network
IP = 128.33.6.12
IP1 = 161.10.8.221
Transport Layer Advanced Features
39
SCTP features
 SCTP features
 Connection oriented
 Concepts
• Endpoints: SCTP endpoint is a list of addresses, same
ports
• Association  multiple possible IPs
• {[160.15.82.20, 161.10.8.221, 10.1.61.11:100]}:
[128.33.6.12:200]} (two endpoints, one association – Figure -)
Host A
Host B
App 1
SCTP Port = 100
App 2
SCTP Port = 200
-------------------------------OS
NI-1
NI-2
-------------------------------OS
NI
NI-3
IP3 = 10.1.61.11
IP2 = 160.15.82.20
IP Network
IP = 128.33.6.12
IP1 = 161.10.8.221
Transport Layer Advanced Features
40
SCTP header
 SCTP header
 First 32 bit words  SCTP common header (similar to UDP
header)
 Verification tag: distinguish between associations; prevent
from attacks
 Chunks: building blocks
Transport Layer Advanced Features
41
SCTP header
 SCTP chunks
 Blocks with a 32-bit multiple length
 Different types
• Control (e.g., INIT, INIT-ACK, COOKIE-ECHO, COOKIEACK – four-way handshake -)
• Data (e.g. DATA)
Transport Layer Advanced Features
42
Related documents
TCP/IP Configuration
TCP/IP Configuration
CLIENT SERVER ARCHITECTURE
CLIENT SERVER ARCHITECTURE
Midterm Review - UTK-EECS
Midterm Review - UTK-EECS
How the Internet Works
How the Internet Works
Prof. Chi ZHANG Transport Mechanisms for High
Prof. Chi ZHANG Transport Mechanisms for High
Syllabus - V-SECT
Syllabus - V-SECT
Proposed Differentiated Services on the Internet
Proposed Differentiated Services on the Internet
Part I: Introduction
Part I: Introduction
Powerpoint
Powerpoint
Question 1: Question 2: Question 3: Question 4:
Question 1: Question 2: Question 3: Question 4:
Wireless Communications and Networks
Wireless Communications and Networks