TCP/IP Roaming

TCP/IP Roaming

TCP/IP is the foundation of the Internet Protocol stack, which includes dozens of large and small protocols. This article is mainly related to HTTP, TCP, IP protocol. We often learn that the network model is seven or five layers, in fact, it is generally believed that only four layers can be.

Application Layer ->http Transport Layer ->TCP -------------------------- Internet Layer ->ip -------------------------- Link Layer->ethernet

The application layer, the transport layer, the network layer, the connection layer, this eye looks, very straightforward, is the stratification abstraction, the layer and the layer mutually isolates, this really does not have the problem. However, we can take a different view of the overall understanding of the four layers. What the network is doing is transmitting data, and that four layers are different forms of data at different stages. The application layer is the final form of the data, the transport layer is the byte form of the data, the Internet layer is the binary form of the data, the connection layer is the signal form of the data. It would be interesting to see the world in a different way, and it would be more like a whole to look at the four layers.

When the data is sent through these four layers, the data is used as the body after each layer, and the control information of this layer is added as the header. When the destination is reached, this passes through layer four, each layer will be stripped of the corresponding header, and finally to the receiver of a sender and send the exact same data.

HTTP

HTTP has a lot of articles introduced, this article is not much to say. Just a chat about the HTTP protocol, inside the HTTP protocol is actually a protocol string parser. The HTTP protocol parses the data in a string and parses it into a message consisting of a request line/response line, a request header, and a request body. Why is it a string parser? In fact, a request line, a response line, a header, or even a delimited identity (CRLF) are strings. The body is the data, and HTTP uses the final form of the data to be determined by the protocol user (text, XML, JSON, and so on).

Tcp

The first thing you need to know about TCP is that TCP is a protocol with a lot of knowledge (⊙﹏⊙), and it's a very practical protocol, and many of the reasons why TCP does so are applied to the "truth" in the practice of the network. TCP is a reliable transport protocol, in such a volatile (uneasy) network environment, want to ensure that this is not easy, TCP has a lot of mechanisms to do this. Let's talk a little bit. Reliable transport protocol.

The reliable transmission protocol requires that both sides of the message segment (segment) must be able to arrive without damage, and that the final message segment order of the sender and receiver needs to be consistent. This means that if the message is intact, it will be considered as a qualified message. If the message is damaged or the sender's message segment does not reach the receiver at all, the sender needs to retransmit it. How do I know that the message didn't reach the receiver? The sender initiates a timer, and the timer expires that the message does not reach the receiver.

And since re-transmission requires the receiver to confirm the sender, the confirmation sent to be assured. The simplest confirmation is that one party sends a message segment and the other sends a separate message segment for confirmation, but that is too inefficient. It is better to send your own message section, by the way, to confirm the received message section. In order to finalize the order, the message segment also needs to have the sequence number to identify the order. The above-mentioned points in the TCP protocol are reflected, more directly in the TCP header is reflected.

TCP is also a connection-oriented protocol that establishes a connection through the famous three-time handshake, which disconnects through four waves. This connection is certainly not a physical connection, but a logical connection. The connection also means that both the sender and the receiver are initializing some states to be used to track the sending process, saying that TCP is a stateful protocol, with three handshakes and four waves behind.

TCP provides an end-to-end service that is specific to the application's port. Different from the IP to provide point-to service, if the sending of data compared to express delivery, IP provides the service is, courier accurate to your home, TCP provides the service is not only sent to your home, will express the accurate delivery to the recipient's hand.

In addition to the reliable transmission of TCP, but also to take care of the receiver and the overall situation of the network, which also has flow control and congestion control. The above mentioned mechanism after the text will be a chat, now first look at the TCP header.

TCP Header

Let's go through each of these fields, source port, and destination port represent the destination and source ports.

Sequence number represents the sequence of message segments. Acknowledgment number represents the sender as the receiver has received a segment of the message, and expects to receive the starting sequence of the next segment. TCP will actually transmit the data to look at the byte stream of data, rather than a separate message segment. This can be seen from Sequence number, where Sequence numbers are sent as units of bytes, not as units of the number of message segments.

Data offset as an aligned vacancy, reserved as the reserved bit. Here is the key flag bit.

Flag includes the 6 bits of urgent, Ack, Push, Reset, Syn, Fin. Urgent as an emergency data identifier for a message segment, but how to handle it to the receiving party to decide. Reset is the identification of the connection exception end or port number error for the message segment. The ACK confirmation, SYN Synchronization, fin end are the key identification bits in the three handshake and four waves. Push on behalf of TCP no longer waits for other packets to arrive, immediately to the upper application layer.

The window bit serves as the basis for flow control and is more specific later on.

Check sum is used as the check digit to verify that the message segment is damaged during transmission. Urgent pointer appears at Urgent bit 1 o'clock, pointing to the last byte of the emergency data.

The options are commonly identified with NOP, TS Val (time stamp), ECR (Echo Reply), and MSS. The NOP logo is the one meaning of the bubble directive, which is the placeholder. While TS Val and ECR represent both the sender's timestamp and the receiver's timestamp based on the two timestamps to calculate the RTT round-trip time (round-trip-time) and, of course, the weighted average, the RTT is used to measure the timeout length of the retransmission timer. MSS (Maximum Segment Size) refers to the maximum limit MTU (Maximum transmission Unit) for each data transmission of the connection layer, which is typically 1500 bits, which is more than this amount to be divided into segments, MSS is the largest limit minus the TCP header, the size of the data to be transmitted, typically 1460 bits.

Three-time handshake

Three-time handshake, which can only be initiated by the client to the server. The first time the client sends a SYN of 1, the serial number seq is a sequence number indicating that the client wants to establish a connection. The second service side returns ACK, SYN is 1, the serial number seq is a serial number, the confirmation number for the received serial number plus 1, indicating that the service side also want to establish a connection. The third client sends an ACK of 1, the confirmation number is the received serial number plus 1, confirms again, and then the connection is established.

Why do you have to shake three times? In order to prevent the failure of the message segment to reach the server generated errors. Suppose that the first packet delay sent by the client arrives at the server, and the message should be considered invalid. However, the server mistakenly believes that the client wants to establish a new connection, it sends a confirmation, if there is no third confirmation to establish the connection. The server incorrectly establishes a connection.

What if you shook hands three times and failed the third time? At this point, the server will not give up immediately, the server will also try to resend the confirmation, the default retry 5 times, the interval starts from 1 seconds, and then each time is twice times the previous one. After 5 retries, the connection is discarded without effect.

Wave four times

Four waves, both client and server can be initiated. The first sender sends a fin of 1, an ACK of 1, and a sequence number that indicates the sender wants to end the connection. The second receiver sends an ACK of 1, and the confirmation number is the receive serial number plus 1, indicating that I am not ready to end the connection. The third receiver sends a fin of 1, an ACK of 1, and a serial number for a serial number, indicating that I am ready to end the connection. Fourth time sender, send ACK is 1, confirmation number is received serial number plus 1, indicating confirmation, end connection.

Semi-closed

On the basis of four waves, the sender can send an ACK after receiving the second receiver, which can form the phenomenon that the sender no longer sends the message segment, but still receives the message segment sent by the receiving party. This forms a semi-closing.

At first, I did not have a cold on TCP/IP at all, it is really lazy. Light reading and concept, taste like monotonous. Or hands-on experiments, will have a deeper experience, recommended tcpdump tools. tcpdump How to use dot me. Here are a few pieces of messages that I cut with tcpdump.

Tcpdump the first line of information to be translated:

16:26:13.702723 IP 10.174.73.57.65133 > 120.92.234.238.http:flags[s], seq 37233370769, Win 65535, ↓↓↓↓↓↓↓↓ Send time IP protocol source IP.P ORT to destination Ip.port HTTP protocol flags bit SEQ confirmation number win size options [MSS 1460,nop,wscale 5,nop,nop,ts val 1021470802 ECR 0, Sackok, EOL], length 0 ↓↓ options message segment does not contain the length of the header

In fact, the five segments in the figure, three of which are the TCP three handshake process. Readers can try to find out which of the three is.

There is also a four-time TCP wave:

How TCP is Confirmed

In fact, TCP implements a reliable transport protocol with more details. As mentioned above, a reliable agreement can be used to confirm the received message segment when sending its own message segment. TCP confirms this so that the TCP acknowledgement is delayed, waiting for a message segment to be sent, so that the message segment is confirmed. The latency is typically 200 milliseconds.

For example, TCP uses the method of confirmation. TCP uses a cumulative acknowledgment. In order for the receiver to deliver the correct order to the application layer, only the correct sequence of the message segments is confirmed and then delivered to the upper layer. If the sender receives a confirmation number from the receiving party, it will be considered to be properly received even if the confirmation number is not received in the previous message segment.

TCP also uses selection confirmations (selective acknowledgement). Assuming that the sender sent multiple segments of the message, the initial message segment appeared to be problematic and did not arrive at the receiving party. The sender will simply assume that the initial segment of the message is invalid, and then send several segments of the message to the receiver exactly. In other words, the sent message segment does not receive a direct acknowledgement, and the sender selectively confirms them. The receiving party places the post-outgoing message segment in buffer first. This is the best example of how TCP practices the truth. The turbulence in the network environment generally affects a single segment of the message without affecting a large segment of the message.

Based on the above-mentioned cumulative confirmation and selection confirmation, if the message segment fails, the transmission may receive multiple times for the same segment of the redundancy confirmation, if received three redundancy confirmation, the message segment is considered invalid, TCP will not wait for the timer timeout and retransmission, TCP will directly start the fast retransmission (fast retransmit), direct retransmission. This, in fact, is the time and data volume of two indicators as a measure of retransmission conditions.

Again, it is interesting to practice with tools, and the recommended filter for Wireshark,wireshark is very powerful and useful for network diagnostics. Wireshark will be based on the TCP header sequence number, the analysis of redundant ACK, fast retransmission and other phenomena, specific points I. Wireshark input Tcp.analysis.fast_retransmission In the filter, you can find the fast retransmission of the message segment.

Flow control

Flow control is actually the process of the sender sending and receiving party processing speed matching.

The message segments sent by the TCP connection are placed in the buffer above to wait for the application to be removed. If one end of the message segment continues to be sent, the other end is not processed in time and then the segment is removed, causing a buffer overflow. At this point, we need to carry out the speed matching, flow control. The receiver will rwnd its buffer space to the sender, sending the sender to control the speed, only send the remaining space Rwnd capacity of the message segment. Because of the way TCP is confirmed above, the rwnd capacity that the sender receives does not limit the packets that have been sent without being confirmed, and these segments are likely to be in the receiver's buffer, limiting only the segment of the message that will be sent.

After transferring the data as a data stream, the process above is like moving a window on a data stream as a reference number, so it is named Traffic window. The remaining space is Rwnd, which is the window bit in the TCP header.

Here's another question: if one party receives 0 of the remaining space information, will the party never send the paper again? No, TCP in response to this situation will have a timer (persist timer), which causes the timer to be recorded when the timer is triggered, the party will send an remaining space probe message segment (window probe) to detect whether the message segment can be re-sent. If there is no space left, the timer never terminates, and the cycle of re-remembering and timing out is still done.

In the Wireshark, the remaining space detection message segment and the message segment that notifies the sender that the receiver space is full can be found through Tcp.analysis.zero_window_probe and Tcp.analysis.window_full.

Congestion Control (Congestion-control)

Congestion control very good understanding, TCP if not take care of the overall situation of the network, a brain of the transmission of data, in the very poor network environment will only vicious circle, can be directly paralyzed network. The data is too careful to take advantage of bandwidth resources. Therefore, congestion control is a dynamic equilibrium strategy. Congestion control is actually a finite state machine (FSM) consisting of three States, three of which are slow-start (slow start), congestion avoidance (congestion avoid), fast-recovery.

First, talk about TCP's awareness of congestion before you talk about these three states.

• How does TCP determine network congestion based on its own limited information? As long as there is a time-out retransmission and a fast retransmission caused by 3 redundant ACK, the network is considered congested.
• Network congestion also has a degree of distinction, TCP how to determine the extent of congestion? The time-out retransmission is considered to be highly congested, and fast retransmission is considered to be weak in the congestion level.
• Relative to congestion, how does TCP determine that the network is not congested? As long as the non-redundant ack,tcp is considered to be smooth, no congestion.
• How does TCP determine that congestion is imminent? TCP will record half of the number of packets that cause congestion after each congestion, minimum not less than 2 units (MSS) segment, and this value is used to measure whether the next congestion is imminent.

| No Congestion | Congestion is Weak | Congestion level is strong | ↑ ↑ ↑ ↑ | Normal received ack| to the last half of the congestion | Fast Retransmission | Timeout Retransmission |

With these four understandings, TCP can happily take care of the overall network situation. TCP identifies the amount of message segments that can be sent in CWnd, not to mention that the entire process of congestion control is like moving windows on the data stream, so it is also called a congestion window.

First, slow start.

In the slow-start phase, TCP takes CWnd as 1 as the initial amount, and then each acknowledgment of a message segment, will add 1 to CWnd. In this way, if TCP has maintained the maximum sending segment, the amount of packets sent per RTT,TCP will double. Therefore, in the slow-start phase, TCP refers to a number of levels of growth. The semantics of slow start is that the status of the network is not very clear, first assume that the state is not good, a few sending points, and then more points to explore the network condition.

Second, congestion is avoided.

The state migrates to congestion avoidance when CWnd grows to the point of imminent congestion. As mentioned above, for signs of imminent congestion will maintain a value of Ssthresh (slow start threshold), when CWnd is greater than or equal to Ssthresh, slow start migration to congestion avoidance state. After entering the congestion state, every acknowledgment of a piece of message will be added 1/cwnd to CWnd. In this way, if TCP has maintained the maximum sending segment, the amount of packets sent per RTT,TCP will be added by 1. Therefore, in the congestion avoidance state, TCP is linearly growing. The semantics of congestion avoidance is that it is going to be congested, be careful.

Then, quickly recover.

What if there is a fast retransmission? Whether it is slow-start or congestion avoidance, it is migrated to fast recovery. Since the congestion level is weak, it is appropriate to reduce the CWnd, the CWnd in addition to 2, and maintain the amount of Ssthresh records congestion, the value of CWnd is assigned to Ssthresh. A quick recovery indicates that 3 redundancy ack,tcp based on selection confirmation, that the message segment that caused 3 redundant ACK to arrive successfully, the amount of CWnd plus 3 units (MSS). If you receive a redundant ACK for this message segment, add 1 to CWnd. If a redundant ACK is received for a non-this segment, it indicates that the segment has arrived correctly, assigns the Ssthresh to CWnd, and ends the fast recovery, migrating to the congestion avoidance state. Therefore, in a fast recovery state, the magnitude of TCP growth is between congestion avoidance and slow boot. The semantics of fast recovery is that a little bit of a mistake, no problem steady, back on track, since there is a little trouble, then be careful.

Finally, the state changes.

Now there's a process for fast retransmission. What about the time-out retransmission? If a time-out retransmission occurs, the CWnd is reset to 1 regardless of which state is migrated to the slow boot. In this way, all three states can migrate to each other 22. TCP congestion control is spent in the migration state.

The last of the last,.

More questions

Actually here, the core of TCP has been talked over. But.. Yes, you are not mistaken, TCP has more problems.

Confused window syndrome (silly-window-syndrome) and Nagle algorithm

Flow control takes care of the receiver very well, but it also leads to problems if the receiver keeps telling the sender that the remaining space is rwnd small. Then the sender will always send a small message segment. With respect to TCP header20 bytes, if each content has only one digit byte, so that the network basically is in the Transmission control information, the network utilization is too low. There was a confused window syndrome. In this case, both the sender and the receiver naturally have their own coping options.

For the receiver to generally use the David D Clark's strategy, is "spoofing" the sender, if the remaining space is very small, simply advertise the sender's remaining space is zero, so the sender will no longer send small content. Do not "deceive" the sender until the remaining space exceeds 1 units or the remaining space exceeds half of the buffer.

The Nagle algorithm is used for the sender. is the stop-and-hold protocol for small content. If it is a small content, to see if all the sent small content has been confirmed, are confirmed to send, which formed a stop to send the small content waiting for confirmation of the protocol. Nagle that small content is less than 1 units (MSS) of the amount.

In fact, the Nagle algorithm is not only designed to solve the sender's confused window syndrome, it also reduces congestion. It can combine multiple waiting small content into one datagram to send. This reduces the number of datagrams directly, thus easing congestion.

TCP KeepAlive (keep-alive)

The keepalive of TCP with HTTP long connection is not a meaning, the long connection of HTTP is multiplexing TCP connection, reduce connection delay. While the keepalive of TCP is to check whether the connection is still responding. In general, the server-side to the client through the row keepalive, if the client does not respond, the server side will not waste resources, disconnected. TCP naturally uses timers to achieve keepalive, and the timeout time default is two hours. If the other party is unresponsive, retry 9 times every 75 seconds. Interestingly, if the other party restarts or crashes and resumes, the receiver sets the RST flag (reset) back to the sender after receiving the protection probe segment, and the sender disconnects the connection.

Summarize

The TCP protocol is a reliable protocol that can be achieved by serial number, checksum, timeout retransmission, fast retransmission, and acknowledgement. and also to take care of the receiver and the overall situation of the network, mainly reflected in traffic control and congestion control. It is also a protocol that establishes a connection and requires that the two sides record some state to track the transmission. and provide end-to-end services.

Ip

The most important task of the IP protocol is to seek the path, find the route to the destination and send the past, that is, the IP protocol provides "point-to" service. The IP protocol is not a reliable transport protocol and only tries to send datagrams (digram) to the destination. This also means that the datagram and the packet are independent and stateless. Relative to the TCP protocol is like mutable data, and the IP protocol is like immutable data. In fact, the stateless flow of IP protocols is like responsive programming, specifically to me.

IP protocol pathfinding

Let's talk about how the IP protocol finds its way, and it is impossible for the IP protocol to send datagrams to the destination at once, and must pass through multiple brokers. It is not possible to establish such a connection for everyone on the network if it is required to be sent to the destination at once, requiring a unique connection between the two parties. And this transit station cannot be strong to know the topology of the whole network, it only knows the topology of the surrounding nodes.

This presents the IP pathfinding model. The router acts as a broker, and both hosts and routers have a routing table that indicates the topology of the surrounding routers, just like a map, where datagrams seek to the next router by querying the results of the routing table. The next router is responsible for finding the path to the next router in the same way. In this way, each router is only responsible for the next-hop router (next-hop router). The last IP protocol arrives at the destination via multiple routers. The routing table can be used to find the path not only by the exact destination host number, but also by the network number of the subnet. And of course there is a guaranteed default path.

Subnet is actually a larger granularity than the host Division network, the sub-network pathfinding can greatly reduce the volume of the routing table. The equivalent of increasing the granularity of the division, reducing the cost of maintaining the entire network system.

There are more problems with IP protocol pathfinding. For example, the host can also send the datagram to itself, when the IP address is found itself, the datagram will be handed over to the Ethernet loopback program, the loopback program adds the datagram to the local IP queue and other datagrams.

The host can be set up as a router to forward datagrams, if the host receives a datagram that is not its own IP address, as long as it is set to be forwarded out. But what if we don't find a way to the next jump? The host is going to return an ICMP (Network Control Message Protocol) that represents the error.

ICMP can also be used to redirect, for example, the host wants to send a data to the destination, can be sent to A and B, the results of the search for the next hop to a, the host sent to a. The next hop for a pathfinding is B, sent to B,a to detect the situation, and then sent to the host a redirect ICMP, so that the host's routing table is modified to seek the path to B.

Data sharding (ip-fragmentation)

What happens when the datagram exceeds the MTU? The IP is fragmented compared to the segment of TCP. However, these two steps do not interfere with each other and are completely isolated. After the IP shard, the receiving party receives the datagram, and the shards are re-assembled. IP shards are useful for UDP protocols, and TCP is not much of a use for TCP, which wants to segment itself rather than by IP. IP is not a reliable protocol, if the Shard one of the problems, TCP can not re-flyer a Shard, the natural TCP would prefer to segment themselves to do a heavy flyer segment.

IP Header

The IP protocol is divided into IPv4 and IPv6 versions, the two versions have different headers, and the versions are differentiated in the version area. First IPv4,

Second, IPV6

Here, just pick up a few that reflect the IP service, compared to TCP. The header of the IP protocol does not reflect the characteristics of the IP protocol.

The IPV4 header is typically 20 bytes, and the IPV6 header is typically 40 bytes. The address in IPV4 is 32 bits, while IPV6 is increased to 128 bits. This will be from the address allocation of tension to every gravel on earth can have IP address!

Both TTL and hop limit are the number of routers that the IP protocol can also jump, and if zero, the datagram is discarded and an ICMP notification source host is returned. This is how the Traceroute program collects ICMP implementations that are sent after the datagram is discarded.

IPV4 with identification unique identification datagram (the same as The Shard datagram), Fragment offset identifies the starting position of the Shard. In the IPV6, you can use the more flexible next header, the next header is like a linked list, you can connect multiple "header", expand a number of headers. In addition to the starting position of the Shard, it can also represent the upper layer protocol that can be represented as IPV4 protocol.

Reference

TCP http://coolshell.cn/articles/11609.html

TCP/IP Detailed Volume 1: protocol

Computer network top-down method

TCP/IP Roaming