T4b

Transport Layer: TCP/UDP Introduction

Course Information

Instructor: Dr. Markus Buchhorn
Email: markus.buchhorn@anu.edu.au

Layer Stack

The transport layer resides above the network layer (IP) and below the application layer.
The order of layers is as follows:
- Application
- Transport
- Network (IPv4, IPv6)
- Link (Ethernet, WiFi)
- Physical (Cables, Space and Bits)
Each layer deals with different units of data:
- Messages (Application Layer)
- Segments/Datagrams (Transport Layer)
- Packets (Network Layer)
- Frames (Link Layer)
- Bits (Physical Layer)

Focus on Applications and Transport Layer

The network layer's complexities are generally abstracted away from applications.
Applications are mostly unaware of the underlying network links unless performance issues arise.

Transport Layer Functionality

The transport layer uses IP packets for transmission.
It provides functionalities such as reliability, performance optimization, security measures to applications, operating on top of unreliable IP.
Network devices (routers) operate at the network layer and do not interfere with the transport layer's payload, focusing on the 'envelope' of the message.
The transport layer ensures host-to-host communication.

Client/Server Model

Servers offer services.
Clients connect to servers, send requests, and receive replies.
Servers can handle multiple clients simultaneously.
Note that alternative models exist.

Transport Services: Reliability and Communication Types

Common application needs include reliability and different communication types.
Reliability:
- Reliable: Ensures bit-perfect arrival of data by repairing packet loss, mis-ordering, and errors, which may introduce delay.
- Unreliable: Prioritizes performance and simplicity over immediate perfection.
Communication Types:
- Messages: Self-contained commands and responses.
- Byte-stream: Continuous flow of bytes, chunked into segments.

TCP vs. UDP

UDP (User Datagram Protocol):
- Unreliable.
- Messages (Datagrams).
TCP (Transmission Control Protocol):
- Reliable.
- Byte-stream (Streams).
It is possible to build reliable messages on top of TCP.
Using unreliable byte-streams would resemble UDP.
Protocol Numbers:
- TCP is IP Protocol 6.
- UDP is IP Protocol 17.
- ICMP is 1, IGMP is 2, IPv6 encapsulation is 41, and there are 130+ more.

Comparison of UDP and TCP

Feature	UDP	TCP
Connection	Connectionless	Connection-oriented
Data Delivery	Delivers MESSAGES: 0-n times	Delivers BYTES in a stream: once, reliably, in order
Message Size	Fixed message size	Any number of bytes (in a stream)
Flow Control	Don't care about flow control	Flow control (sender/receiver negotiate)
Congestion Control	Don't care about congestion	Congestion control (sender/network negotiate)
Characteristics	Enhanced IP packet	Lifestyle choice – many features

IP Multicast with UDP

UDP is suitable for IP multicast due to its connectionless nature and tolerance for replica packets, which is useful in time-sensitive applications.

Ports

Ports enable process-to-process communication on hosts, enhancing the host-to-host communication provided by IP.
A port is a 16-bit identifier for a process on a host, associated with a network interface.

Well-Known Ports

Ports below 1024 require elevated privileges to open.
Examples:
- 20, 21: ftp (File Transfer Protocol)
- 22: ssh (Secure Shell)
- 25: smtp (Simple Mail Transfer Protocol) - outbound email
- 80: http (Web)
- 110: pop3 (Post Office Protocol version 3) - inbound email
- 143: imap (Internet Message Access Protocol) - inbound email
- 443: https (Secure Web)
Application addresses are typically written as IP:port, e.g., 150.203.56.90:80.
For an extensive list, refer to: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

Port Management

Inetd/xinetd:
- Manages multiple server services.
- Listens to registered ports and protocols (tcp, udp).
- Launches appropriate service on demand.
Port mapping:
- Used by services like remote procedure calls or BitTorrent.
- Listens on a well-known port, accepts connections, and redirects them to a spawned service on another port.
- Services register with a portmapper.

NAT (Network Address Translation)

NAT hides multiple devices behind a single public IP address.
It translates addresses and ports, maintaining a dynamic table for outbound connections and a static table for inbound connections.
Example:
- Internal IP 10.0.0.2:80 is translated to 150.203.56.99:7882.
- Internal IP 10.0.0.4:80 is translated to 150.203.56.99:7884.

Socket Programming

Socket programming involves using an address, a port, and communication needs.
Connections are uniquely identified in the operating system by a 5-tuple:
- Source IP
- Destination IP
- Source Port
- Destination Port
- Protocol

Socket API Primitives

Primitive	Description
SOCKET	Creates an object/descriptor
BIND	Attaches a local address and port (server)
LISTEN [tcp]	Tells network layer to get ready (server)
ACCEPT [tcp]	Opens the door (server)
CONNECT [tcp]	Connects (client)
SEND[tcp] or SENDTO[udp]	Sends data
RECEIVE[tcp] or RECEIVEFROM[udp]	Receives data
CLOSE	Releases the connection/socket

Connection Sequence

Server Preparation:
1. socket()
2. bind()
3. listen() / receivefrom()
4. accept()
Client Initiation:
1. socket()
2. connect()
3. recv()
4. send()
5. recv()
6. send()
7. close()
Finally, the server executes close()
Calls marked with an asterisk (*) may block.

UDP Details

UDP adds ports, payload length, and a checksum to IP.
Its header includes source port, destination port, length, and checksum.

TCP Details

TCP segments carry chunks of a byte-stream, without preserving message boundaries.
The sender's transport layer packetizes data on write() calls, with multiple writes forming one packet or vice-versa based on buffering.
The receiver unpacks the byte-stream, and applications read() the stream in order, without loss.

TCP Segment Format

The header comprises source port, destination port, sequence number, acknowledgement number, header length, flags (CWR, ECE, URG, ACK, PSH, RST, SYN, FIN), window size, checksum, urgent pointer, and options.
It includes ports, reliability, performance, acknowledgement.
Start and stop bits reside in the header, not the payload.

TCP Reliability

TCP provides a reliable, bidirectional byte-stream using sequence numbers and acknowledgements.
Sequence numbers:
- N-bit counter that wraps (e.g., …,253, 254, 255, 0, 1, 2…).
- Represents a byte count (pointer) in a stream.
- Can wrap quickly on high-speed links ( $2^{32} = 4$ GB).
- Timestamps can also be used.
- Does not start from zero (for security).
Acknowledgements:
- Indicate which byte is expected (bytes received).
- Cumulative ACK.

TCP and Payload Length

Payload length can be calculated from the increase in Seq #
Losses are easily detectable.
TCP is full-duplex, utilizing two simplex paths.
It Piggybacks control information on data segments in reverse direction, or sends just feedback if no data is available.

TCP Connection Establishment (3-Way Handshake)

TCP is full-duplex, requiring both paths to start together.
It Synchronizes Sequence numbers in both directions.
Connecting: Receiving transport layer checks if anything is listen()ing on that port.
- If not, it sends a ReSeT.
- Transport layer ACKnowledges and SYNs its own #.
- Originator ACKs that SYN/ACK.

TCP Disconnection

Both sides need to end together, ideally, to flush buffers.
Disconnecting: One side initiates close(), triggering a FIN(alise).
- The other side ACKs and FINs too.
- If FIN is lost, it is resent.

Socket States

State	Description
LISTEN	Accepting connections
ESTABLISHED	Connection up and passing data
SYN_SENT	Waiting for reply from remote endpoint
SYN_RECV	Session requested by remote, for a listen()ing socket
LAST_ACK	Closed; remote shut down; waiting for a final ACK
CLOSE_WAIT	Remote shut down; kernel waiting for application to close() socket
TIME_WAIT	Socket is waiting after close() for any packets left on the network
CLOSED	Socket is being cleared
CLOSING	Our socket shut; remote shut; not all data has been ACK’ed
FIN_WAIT1	We sent FIN, waiting on ACK
FIN_WAIT2	We sent FIN, got ACK, waiting on their FIN

Netstat Example

The netstat -n command shows network connections.
The output includes protocol, local address, foreign address, and state.
It displays what's happening on the machine, listing listening ports, established connections, and various states of TCP and UDP connections.

TCP Sliding Windows

TCP aims for both reliability and throughput.
It starts with ARQ (Automatic Repeat Request) – stop-and-wait, where a single segment outstanding can be a problem on high delay networks.
If one-way-delay is 50ms, then round-trip-time (RTT) = $2d = 100$ ms.
A Single segment per RTT = 10 segments/s.
With a typical packet size of 1000 bytes (10,000 bits), the throughput is approximately 100kb/s.
Increasing bandwidth alone doesn't improve throughput.

TCP Sliding Windows: Optimizing Throughput

Allow $W$ bytes to be 'outstanding' (unACKed) per RTT to fill a pipeline/conveyor-belt with segments.
Set up a 'window' of $W$ bytes.
$W = 2 * Bandwidth * delay$ (roughly).
At 100Mb/s, with a one-way-delay of 50ms, $W = 10$ Mb (~1MB).
Assuming 1000-byte segments, W = 1000 segments are out there somewhere!

Sliding Window Approach

Sender buffers up $W$ segments until they are ACKed.
If the window isn't full, a segment is sent.
When a segment is ACKed, the window slides, making space available.

ARQ (Automatic Repeat Request) - If(lost) then:

Receiver buffers just a single segment.
If it’s the next one in sequence, ACK it, everyone happy.
If it’s not, drop it.
Let sender retransmit what I’m actually waiting for.
Sender has a single timer. After timeout, resend (all) from (first) ACK-less.
Really simple, but somewhat inefficient(!)
Need to understand more about loss and performance behaviours.

TCP Implementations

There is no single TCP implementation.
This doesn’t impact the network, only hosts, so you can do what you want… – Maybe, maybe not…
Many years of various optimisations, experiments, algorithms, … suited to various circumstances.
And as vulnerabilities have been found and mitigated (and found and …)