Understanding TCP
connection management
G.Bianchi, G.Neglia, V.Mancuso
TCP connection
Application “Logical” connection Application
(client) only end hosts are aware! (server)
Socket TCP Socket
TCP software TCP software
INTERNET
State variables:
- conn status
- MSS
- windows
-… Connection described by client&server status
buffer space Connection SET-UP duty:
normally 4 to 16 Kbytes 1) initializes state variables
64+ Kbytes possible 2) reserves buffer space
G.Bianchi, G.Neglia, V.Mancuso
Connection establishment:
simplest approach (non TCP)
Connec
tion req
uest
tio n granted
C o nnec
Transm
it data
time
time
G.Bianchi, G.Neglia, V.Mancuso
Delayed duplicate problem
USER BANK
RE Q
ACK
Data
Application:
transactional (sell
duplicat 100000$ stocks)
e
RE Q
ACK
duplicat
What is this? e
Data
Oh my God!
Selling other 100000$
Too late!!!
stocks!!!!!
G.Bianchi, G.Neglia, V.Mancuso
Solution: three way handshake
Tomlinson 1975
SRC DEST
Connec
tion req
uest (seq
= X)
Y , ac k =X)
a n te d (seq=
n gr
Co nnectio
Acknow
ledge +
data (se
q= X, ack=
Y)
time
time
G.Bianchi, G.Neglia, V.Mancuso
Delayed duplicate detection
USER BANK
SE Q X
, AC KX
SEQ Y
Data SE
Q X, ACK
Y Application:
transactional (selling stocks)
duplicat
e
SE Q X
??? What a case: request with
A CK X same indicator X? anyway...
Z,
SEQ
duplicat
Data SE e
What is this? Q X, ACK What is this??? Should be
Not too late: Y
Reject S SEQ X, ACK Z!!!! STOP...
E Q X, A
CK Z
Ah ah! Got the problem!
G.Bianchi, G.Neglia, V.Mancuso
Source port Destination port
32 bit Sequence number
32 bit acknowledgement number
Header 6 bit U A P R S F
length
R
Reserved G
C S S Y I
K H T N N
Window size
checksum Urgent pointer
ÎSYN (synchronize sequence numbers): used
to open connection
ÖSYN present: this host is setting up a connection
ÖSEQ with SYN: means initial sequence number (ISN)
Ödata bytes numbered from ISN+1.
ÎFIN: no more data to send
Öused to close connection
...more later about connection closing...
G.Bianchi, G.Neglia, V.Mancuso
Three way handshake in TCP
SRC DEST
Connec
tion req
uest (SY
N, ISN=
100)
ACTIVE
CK= 101)
OPEN SN=3 50, A
N, I
gr a n ted (SY
ction
C o nne
PASSIVE
Data seg OPEN
ment (s
eq=101,
ACK=3
51)
time
time
Full duplex connection: opened
in both ways
SRC: performs ACTIVE OPEN
DEST: Performs PASSIVE OPEN
G.Bianchi, G.Neglia, V.Mancuso
Initial Sequence Number
ÎShould change in time
ÖRFC 793 (but not all implementations are conforming)
suggests to generate ISN as a sample of a 32 bit counter
incrementing at 4us rate
Îtransmitted whenever SYN (Synchronize
sequence numbers) flag active
Önote that both src and dest transmit THEIR initial sequence
number (remember: full duplex)
ÎData Bytes numbered from ISN+1
Önecessary to allow SYN segment ack
G.Bianchi, G.Neglia, V.Mancuso
Maximum Segment Size - MSS
ÎAnnounced at setup by both ends.
ÎLower value selected.
ÎMSS sent in the Options header of the SYN
segment
Öclearly cannot (=ignored if happens) send MSS in a non SYN
segment, as connection has been already setup
Öwhen SYN has no MSS, default value 536 used
Îgoal: the larger the MSS, the better...
Öuntil fragmentation occurs
Öe.g. if host is on ethernet, sets MSS=1460
Æ1500 max ethernet size - 20 IP header - 20 TCP header
G.Bianchi, G.Neglia, V.Mancuso
MSS advertise
CLIENT (C_MSS) SERVER (S_MSS)
Conn re
quest (C
_MSS, S
Y N, seq=C
_ISN)
If (S_MSS<C_MSS)
S N+1)
N , ack=C _I MSS = S_MSS;
S _I S
N, seq= else MSS = C_MSS;
d (MS S, SY
Use C o nn grante
recv Acknow
MSS ledge (s
eq =C_ISN
+ 1,ack=S
_ISN+1
)
time
time
Does not avoid fragmentation to occur WITHIN the network!!
G.Bianchi, G.Neglia, V.Mancuso
connection closing: Suitable Timeout
settings & Extension
an impossible problem!
to three/four/plus way
CLOSE
handshake do not
TIMEOUT
solve!!
ACK
CLOSE
TIMEOUT
TIMEOUT
OK: he has closed.
I close too: bye bye.
CLOSE
…... CLOSED
G.Bianchi, G.Neglia, V.Mancuso
Connection closing in TCP
since it is impossible problem, use simples
solution (two way handshake)
Application close FIN
Deliver EOF
ÎSince connection full to application
duplex, necessary two ACK of FIN
half-closes (each a two-
way handshake) FIN Application
originating by both close
sides ACK of FIN
Îclose notified with FIN
flag on
ÎFIN segment ACK-ed as
usual
G.Bianchi, G.Neglia, V.Mancuso
Half close
may close one direction only - seldomly used
Application close FIN
EOF to app
Î Supported by
system call ACK of FIN
shutdown
instead of data App write
close App read
Ack of data
FIN App close
EOF to app
ACK of FIN
TIME_WAIT
(30s - 2m)
G.Bianchi, G.Neglia, V.Mancuso
Connection states - Client
G.Bianchi, G.Neglia, V.Mancuso
Connection States - Server
G.Bianchi, G.Neglia, V.Mancuso
Why TIME_WAIT?
ÎMSL (Maximum Segment Lifetime): maximum time a
segment can live in the Internet
Æno timers on IP packets! Only hop counter
ÆRFC 793 specifies MSL=120s, but each implementation has its own
value (from 30s to 120s)
ÎTIME_WAIT state: 2 x MSL
Öallows to “clean” the network of delayed packets
belonging to the connection
Ö2xMSL because a lost FIN_ACK implies a new FIN from
server
Îduring TIME_WAIT conn sock pair reserved
Ömany implementations even more restictive (local port
non reusable)
Öclearly this may be a serious problem when restarting
server daemon (must pause from 1 to 4 minutes…)
G.Bianchi, G.Neglia, V.Mancuso
Source port Destination port
32 bit Sequence number
32 bit acknowledgement number
Header 6 bit U A P R S F
length
R
Reserved G
C S S Y I
K H T N N
Window size
checksum Urgent pointer
ÎRST (Reset)
Ösent whenever a segment arrives and does not apparently
belong to the connection
Ötypical RST case: connection request arriving to port not in use
ÎSending RST within an active connection:
Öallows aborting release of connection (versus orderly release)
Æany queued data thrown away
Æreceiver of RST can notify app that abort was performed at other
end
G.Bianchi, G.Neglia, V.Mancuso