890 likes | 1.08k Views
Chapter 4 Transport Layer. CIS 81 Networking Fundamentals Rick Graziani Cabrillo College graziani@cabrillo.edu Spring 2010. This Presentation. For a copy of this presentation and access to my web site for other CCNA, CCNP, and Wireless resources please email me for a username and password.
E N D
Chapter 4Transport Layer CIS 81 Networking Fundamentals Rick Graziani Cabrillo College graziani@cabrillo.edu Spring 2010
This Presentation • For a copy of this presentation and access to my web site for other CCNA, CCNP, and Wireless resources please email me for a username and password. • Email: graziani@cabrillo.edu • Web Site: www.cabrillo.edu/~rgraziani
Note • This presentation is not in the order of the book or online curriculum. • This presentation also contains information beyond the curriculum.
Transport Layer TCP UDP • Transport Layer: • Responsible for creating and maintaining a logical connection between the endpoints • What are the two protocols at the transport layer? • TCP – Transmission Control Protocol • UDP – User Datagram Protocol
TCP Header UDP Header What is the application PDU called? or Application Header + data PDU: Data What is the transport PDU called? PDU: Segment
UDP TCP/UDP TCP/UDP TCP • The Layer 4 data stream is a: • Logical connection between the endpoints • Provides transport services • End-to-end service
Reminder of encapsulation/decapsulation Data Link Trailer Data Link Header IP Header TCP Header HTTP Header Data Data Link Trailer Data Link Trailer Data Link Header Data Link Header IP Packet IP Packet Data Link Trailer Data Link Trailer Data Link Header Data Link Header IP Packet IP Packet Data Link Trailer Data Link Trailer Data Link Header Data Link Header IP Packet IP Packet Data Link Trailer Data Link Header IP Header TCP Header HTTP Header Data
Focus on Transport Layer TCP TCP
Transport Layer www.cisco.com TCP Segment TCP Segment TCP Segment • Primary responsibilities: • Tracking the individual communication between applications • Who is the client? Which application? Which process? • Identifying the different applications (HTTP, FTP, etc.) • Segmenting data • Managing each segment • Reassembling the segments TCP Segment
segment segment • What two protocols are at the Transport Layer? • TCP • UDP • IP is a best-effort delivery service. What does that mean? • No guarantees • Best-effort service • “Unreliable service” • TCP/UDP is responsible for extending IP’s delivery service between two end systems.
TCP vs. UDP Streaming media, real-time multiplayer games and voice over IP (VoIP) applications that do not require reliability mechanisms and may even be hindered by them. Why would any application use UDP? What is the “cost” of all this reliability and flow control of TCP? • UDP provides: • Unreliable delivery • No error checking • No flow control • No congestion control • No ordered delivery • No connectionestablishment • Applications • DNS (usually) • DHCP • RTP (Real-Time Protocol) • VoIP • TCP provides: • Reliable delivery • Error checking • Flow control • Congestion control • Ordered delivery • Connection establishment • Applications: • HTTP • FTP • SMTP • Telnet • MSN messenger
HTTP HTTP SMTP FTP Cabrillo Web Server TCP TCP TCP ISP’s Email and FTP Server TCP TCP • A single client may have multiple transport connections with multiple servers. • Notice that TCP is a connection-oriented service (two-way arrow) between the hosts, whereas UDP is a connectionless service (one-way arrow) . (later) TCP TCP TCP
UDP Header TCP Header • Both TCP and UDP use ports (or sockets) numbers to pass information to the upper layers. HTTP is Port 80
The application this TCP segment came from. The application this TCP segment is going to. The application this TCP segment came from. The application this TCP segment is going to.
Application Header + data Port numbers are used to by the sender to tell the receiver which network application it should use for the “Data”. Port Number Application Header + data Port numbers are used by the receiver so it knows which application it should send the “Data” to. Port Number
http://www.iana.org/assignments/port-numbers • The Internet Assigned Numbers Authority (IANA) assigns port numbers.
Well Known Ports (Numbers 0 to 1023) • Reserved for common services and applications • Client: TCP destination port • Server: TCP source port Well Known or Registered Port Number Well Known or Registered Port Number
Well Known or Registered Port Number • Registered Ports (Numbers 1024 to 49151) • Assigned to user processes or applications. • Non-common applications. • Client: TCP destination port • Server: TCP source port • May also be used as dynamic or private port (next). Well Known or Registered Port Number
Private/Dynamic Port Number Well Known or Registered Port Number Well Known or Registered Port Number Private/Dynamic Port Number • Dynamic or Private Ports (Numbers 49152 to 65535) • Also known as Ephemeral Ports • Usually assigned dynamically to client applications when initiating a connection. • Client: TCP source port • Server: TCP destination port • May also include the range of Registered Ports (Numbers 1024 to 49151)
Client Server Telnet
Client TCP Header 1028 23 Data for Telnet Client Server • Client sends TCP segment with: • Destination Port: 23 (Well known port number) • Source Port: 1028 (Dynamic Port assigned by client)
Server TCP Header 23 1028 Data for Telnet Client Server • Server responds with TCP segment with: • Destination Port: 1028 (Dynamic Port assigned by client) • Source Port: 23 (Well known port number)
Notice the difference in how source and destination port numbers are used with clients and servers: Client (initiating Telnet service): • Destination Port = 23 (telnet) • Source Port = 1028 (dynamically assigned) Server (responding to Telnet service): • Destination Port = 1028 (source port of client) • Source Port = 23 (telnet)
49888 49890 • Same client to same server - Two different HTTP sessions • Client: Same destination port • Client: Different source ports to uniquely identify this web session.
49888 49890 C:\Users\rigrazia>netstat -n Active Connections Proto Local Address Foreign Address State TCP 192.168.1.101:49888 198.133.219.25:80 TIME_WAIT TCP 192.168.1.101:49890 198.133.219.25:80 TIME_WAIT C:\Users\rigrazia> Destination Port Connection State Source Port TCP or UDP Source IP Destination IP
192.168.1.101 Destination Port Source Port 198.133.219.25 49888 80 49890 80 80 172.16.5.5 Source Port www.cisco.com What makes each connection unique? How does the server know which source port 49888 is who? • Connection defined by the pair of numbers: • Source IP address, Source port (From Client to Server) • Destination IP address, Destination port (From Server to Client) • Different connections can use the same destination port on server host as long as the source ports or source IPs are different. 49888
TCP or UDP Source IP Destination IP Connection State Source Port Destination Port • Note: When downloading a web document and its objects it is common that there will be several TCP sessions created. netstat –n www.google.com www.cisco.com
Using NetStat • Open a web browser. • Open a command prompt window (Start->Run->cmd) • Enter a URL of your choice. • Type netstat –n in the command window. • Questions: • What is/are the source ports on your client? • What is/are the destination ports on your client? • What would be the source port(s) on the server? • What would be the destination port(s) on the server? • What application layer protocol is being used? How can you tell? • What transport layer protocol is being used? • Trying more at home: • Use netstat to look at other networking applications such as FTP or Telnet.
UDP ? • What do you notice looking at the UDP protocol? • No frills, barebones transport protocol. • Destination and Source Ports • Length and Checksum (used for error checking) • RFC 768 • Connectionless transport • No “handshaking” (no connection establishment) as with TCP (coming) • Unreliable delivery • No error checking • No flow control • No congestion control • No ordered delivery
UDP • source port -- the number of the calling port • destination port -- the number of the called port • UDP length -- the length of the UDP header • checksum -- the calculated checksum of the header and data fields • data -- upper-layer protocol data
UDP Why would an application developer choose UDP rather than TCP? • Finer application-layer control • TCP will continue to resend segments that are not acknowledged. • Applications that use UDP can tolerate some data loss: • Streaming video • VoIP (Voice over IP) • Application decides whether or not to resend entire file: TFTP
UDP Client Server UDP segment Time UDP segment UDP segment UDP segment • No connection establishment • TCP uses a three-way handshake to establish a connection (coming) • UDP does not – it just blasts away the data to the sender. • No delay to establish connection.
UDP Client Server UDP segment Time UDP segment UDP segment UDP segment • No connection state • UDP does not maintain connection state as does TCP (coming) • Used for reliability and flow control. • Server can support more active clients when not maintaining state information • Small packet header overhead • TCP header has 20 bytes of overhead. • UDP header has only 8 bytes of overhead
Note on UDP • Note: Multimedia Applications and UDP • There is an issue (controversy) with multimedia applications over UDP. • UDP offers no congestion control (as we will see with TCP) • Congestion control is needed to prevent the network from entering and staying in a congested state. • If all applications were using UDP, because of congestion, very few UDP packets would be delivered and this would also cause TCP traffic rates to dramatically decrease. • Many applications give you a choice of TCP or UDP.
Online Gaming Question: Do the World of Warcraft servers use TCP or UDP? Answer: TCP for game data, UDP for voice chat. Why? Game data – Server and client need make sure all data (moves, actions, etc) reach the other end reliably. Voice chat – Some missing data can be tolerated (up to a point). Retransmission would cause delay.
UDP Checksum (FYI) Client Server UDP segment Time UDP segment UDP segment Cumulative Sum: 1100101011001010 UDP segment 1s complement: 0011010100110101 Final Checksum Total: 1111111111111111 • UDP checksum provides error detection, any changed bits or missing segments. • Simplified explanation (see RFC 1071 for more details): • Sender • UDP adds 16 bit ‘words’ keeping a cumulative sum. • Performs one's complement of the sum of all the 16-bit words in the segment. • Convert 0’s to 1’s and 1’s to 0’s • This result is put in the checksum field of the UDP segment. • Receiver • UDP adds 16 bit ‘words’ keeping a cumulative sum • Adds 1’s (ones) complement • If no errors are introduced into the segment, then the Total at the receiver will be 1111111111111111.
UDP Checksum (FYI) Client Server UDP segment Time UDP segment UDP segment Cumulative Sum: 1100101011001010 UDP segment 1s complement: 0011000100110101 Final Checksum Total: 1111101111111111 What if there is an error? • UDP does nothing to recover the error. • It is up to the application layer protocol (example TFTP) to decide what to do, such as prompt the user to download/upload the entire file again.
TCP • TCP provides reliable delivery on top of unreliable IP • TCP provides: • Reliable delivery • Error checking • Flow control • Congestion control • Ordered delivery • Connection establishment
TCP • source port -- the number of the calling port • destination port -- the number of the called port • sequence number -- the number used to ensure correct sequencing of the arriving data • acknowledgment number -- the next expected TCP octet • HLEN -- the number of 32-bit words in the header • reserved -- set to 0 • code bits -- the control functions (e.g. setup and termination of a session) • window -- the number of octets that the sender is willing to accept • checksum -- the calculated checksum of the header and data fields • urgent pointer -- indicates the end of the urgent data • option -- one currently defined: maximum TCP segment size • data -- upper-layer protocol data
TCP: Connection Establishment • For a connection to be established, the two end stations must synchronize on each other's TCP initial sequence numbers (ISNs). • Sequence numbers : • Track the order of packets • Ensure that no packets are lost in transmission. • The initial sequence number is the starting number used when a TCP connection is established. • Exchanging beginning sequence numbers during the connection sequence ensures that lost data can be recovered.
Three-way Handshake Web Server Client SYN, SEQ=8563 Note: ISNs do not start a 0 or 1. There are several reasons for this including segments that may still be in buffers and also security issues. (Beyond the scope of this presentation.) SYN Received Step 1: • The three-way handshake happens before any data, HTTP Request (GET), is sent by the client. • A TCP clientbegins the three-way handshake by sending a segment with the SYN (Synchronize Sequence Number) control flag set, indicating an initial value in the sequence number field in the header. • The sequence number is the Initial Sequence Number (ISN), is randomly chosen and is used to begin tracking the flow of data from the client to the server for this session.
Three-way Handshake Web Server Client SYN, SEQ=8563 SYN Received SYN, ACK, SEQ=1678ACK=8564 SYN, ACK Received Step 2: • The TCP server needs to acknowledge the receipt of the SYN segment. • Server sends a segment back to the client with: • ACK flag set indicating that the Acknowledgment number is significant. • The value of the acknowledgment number field is equal to the client initial sequence number plus 1. • This is called an expectational acknowledgement – the next byte this host expects to receive (more soon). • SYN flag is set with its own random ISN for the Sequence number
Three-way Handshake Web Server Client SYN, SEQ=8563 SYN Received SYN, ACK, SEQ=1678 ACK=8564 SYN, ACK Received ACK, SEQ=8564 ACK=1679 ACK Received HTTP Request (GET) Step 3: • TCP client responds with a segment containing an ACK that is the response to the TCP SYN sent by the server. • The value in the acknowledgment number field contains one more than the initial sequence number received from the server. • The client can now send application data encapsulated in TCP segment. • HTTP Request (GET)