"TCP/IP detailed" reading notes

TCP/IP Overview

TCP/IP is generally considered to be a four-layer protocol:

1. Link layer. Also known as the data Link layer or network interface layer, including device drivers and network interface cards, which work together with the physical interface details of the cable.
2. Network layer. Handles the grouping of activities in the network, such as the routing of packets, the protocols of the network layer include the IP Protocol, the ICMP protocol (Internet Internet Control Message Protocol), the IGMP Protocol (Internet Group Management Protocol).
3. Transport layer. It mainly provides end-to-end communication for applications on two hosts, including TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
4. Application layer. Handle specific application details.

The protocols at different levels in the TCP/IP protocol family are as follows:

Each interface on the Internet must have a unique IP address, 5 classes of different IP address formats and return as follows:

When the application transmits data with TCP, the data is fed into the protocol stack and then passes through each layer one at a time until it is sent to the network as a stream of bits, each of which adds some header information to the received data.

Link Layer

There are three main purposes of the link layer:

1. Sending and receiving IP data for IP modules;
2. Send ARP request and accept ARP reply for ARP module;
3. The outer RARP sends RARP requests and accepts RARP responses.

Loop-Back interface

The loopback interface allows client programs and server programs running on the same host to communicate through TCP/IP, and the IP address 127.0.0.1 is assigned to this interface and is named localhost.

The loopback address of the destination address is still the transport layer and all the process of the network layer, but when the IP datagram leaves the network layer and returns it to itself, this simplifies the design because the loopback interface can be thought of as a link layer below the network layer. The network layer transmits a datagram to the loopback interface as if it were routed to the other link layer, except that the loopback interface returns it to the IP input queue.

Mtu

Ethernet has a limit on the length of the data frame, and the maximum value is 1500. This feature of the link layer is called the MTU (maximum transmission unit). If the length of the IP layer datagram is larger than the MTU of the link layer, then the IP layer needs to be fragmented, with each piece smaller than the MTU.

If the communication between the two hosts passes through multiple networks, then the link layer of each network may have different MTU. The minimum MTU in the two communication host paths is called the Path MTU. Routing in two directions is not necessarily symmetric, so the path MTU is not necessarily consistent in two directions.

IP protocol

IP is the most important protocol in the family of TCP/IP protocols. All TCP, UDP, ICMP, and IGMP data are transmitted in an IP datagram format.

IP provides unreliable, non-connected data services. Unreliable means that it does not guarantee that IP datagrams will successfully reach their destination; No connection means that IP does not maintain any status information about subsequent datagrams, and the processing of each datagram is independent of each other.

IP datagram Format

As shown in the IP datagram format, the general IP header is 20 bytes unless the option field is included.

The total Length field refers to the length of the entire IP datagram, which is 16 bits long, so the maximum length of the IP datagram is 65535 bytes.

The last field is any option, which is a variable-length optional information in the datagram, such as record paths, timestamps, and so on, which are rarely used.

IP route Selection

IP routing is simple, for the host, if the destination host is directly connected to the source host or on a shared network, then the IP datagram is sent directly to the destination host, otherwise the host Jiubao datagram is sent to a default router, which is forwarded by the router to the datagram.

The IP layer can be configured as a function of a router or as a host. The IP layer has a routing table in memory that it searches for once when it receives a datagram and sends it. When the datagram comes from a network interface, IP first checks whether the destination IP address is one of the native IP addresses or the IP broadcast address. If so, the datagram is sent to the Protocol module specified by the IP Header Protocol field for processing. If the purpose of the datagram is not these addresses, if the IP layer is set as the function of the router, then the datagram is forwarded, otherwise the datagram is discarded.

IP routing is hop-on, IP does not know the full path to any destination, and all IP routing provides the IP address of the next-station router for datagram transmissions only. IP routing mainly accomplishes these functions:

1. Search the routing table for a table that can match the destination IP address exactly.
2. Search the routing table for a table that matches the destination network number.
3. Search the routing table for the table labeled "Default".

If none of the above steps are successful, the datagram cannot be transmitted.

Subnet addressing

All hosts now require support for subnet addressing. Not the IP address as a simple network number and a host number, but the host number is divided into a sub-network number and a host number.

The host uses the subnet mask to determine how many bits of IP address are used for the subnet number, and how many bits are used for the host number. The subnet mask is a 32-bit value, and a bit with a value of 1 is left to the network number and subnet number, and the bit for 0 is left to the host number.

Given the IP address and subnet mask, the host can determine the purpose of the IP datagram is: (1) The host on the Web, (2) The host of other subnets in the network, (3) the host on the other network.

Icmp

ICMP (Internet Control Message Protocol) is a component of the IP layer that transmits error messages and other information that needs attention, and ICMP packets are usually used by the IP layer or higher-level protocols (TCP or UDP), and some ICMP packets return error messages to the user process. ICMP is transmitted internally within the IP datagram.

One rule of ICMP is that the ICMP error message must include the datagram IP header that generated the error message, and must include at least the first 8 bytes following the IP header. This includes the header of the UDP, and the system that receives the ICMP can associate the error message with a particular user process based on the source port number.

Ping

The purpose of the PING program is to test whether another host is up to the table. The program sends an ICMP echo request message to the host and waits to return an ICMP echo reply. The ping program can also detect the round-trip time for this host. Most TCP/IP implementations support the ping service directly in the kernel, which is not a user process.

The ping program calculates the round-trip time by storing the requested time value in the ICMP packet data. When the answer returns, the time value stored in the ICMP message is subtracted from the current time, which is both the round-trip time.

Traceroute

The Traceroute program allows us to see the routes that IP datagrams have passed from one host to another, and the Traceroute program lets us use the IP Source routing option.

The traceroute procedure is that it sends an IP datagram with a TTL field of 1 to the destination host. The first router that handles this datagram decrements the TTL value by 1, discards the datagram, and returns a time-out ICMP message. This gives you the first router address for the path. The traceroute program then sends a datagram with a TTL of 2, so that we can get the address of the second router. Continue this process until the data is reported to the destination host.

The Traceroute program sends a UDP datagram to the destination host, but it chooses an impossible value as the UDP port number, which causes the UDP module of the destination host to generate a "Port unreachable" error ICMP message, so that it can distinguish whether the received ICMP message is timed out or the port unreachable. To decide when to end.

Udp

UDP is a simple transport-layer protocol for datagrams. The application must be concerned about the length of the IP datagram, and if it exceeds the MTU, it will shard the IP datagram.

UDP header

The fields of the UDP header are as follows:

The port number represents the sending process and the receive process, the TCP port number is viewed by TCP, and the UDP port number is viewed by UDP, and the TCP port number and UDP port number are independent of each other.

The maximum length of an IP datagram is 65535 bytes, which is limited by the IP header 16-bit total Length field. Removing the 20-byte IP header and the 8-byte UDP header, the maximum length of user data in a UDP datagram is 65507 bytes.

IP Shard

IP compares the MTU to the datagram length and shards if needed. Shards can occur on the original send-side host or on an intermediate router. Once a copy of the IP datagram is fragmented, it is only re-assembled at the destination. The re-assembly is done by the IP layer of the destination, which is designed to make the Shard and reassembly process transparent to the transport layer.

The identity field in an IP datagram contains a unique value that is copied to each slice when the datagram is fragmented. The flag field uses one of the bits to represent "more slices", except for the last piece, each of the other constituent datagrams is reported to the bit 1. The Slice offset field refers to the position at which the slice is offset from the beginning of the original datagram.

Because the IP layer itself does not have a time-out retransmission mechanism, even if only a piece of data will be re-transmission of the entire datagram. If the datagram is fragmented by an intermediate router, rather than the start-up system, then the start-up system cannot know how the datagram is fragmented. So to avoid sharding.

It is important to note that the header of any transport layer appears only in the 1th piece of data.

Tcp

TCP provides a connection-oriented, reliable byte-stream service. TCP provides reliability in the following ways:

• The application data is partitioned into the data blocks that TCP considers most appropriate to send.
• After TCP sends a segment, it initiates a timer, and if it fails to receive a confirmation in time, it will resend the message segment.
• When TCP receives data from the other end of the TCP connection, an acknowledgment is sent.
• TCP will maintain the checksum of its header and data.
• TCP re-sorts the received data and gives the received data to the application tier in the correct order.
• The receiving end of TCP discards duplicate data.
• TCP can also provide traffic control.

TCP Header

The data format for the TCP header is as follows:

The sequence number is used to identify the data byte stream that is sent from the TCP send side to the TCP receiver, which represents the first bytes of data in this segment, and TCP counts each byte as needed. Confirm that the sequence number contains the next sequence number that is expected to be received at the end of the send acknowledgement, confirming that the last successfully received data byte sequence number plus 1.

The traffic control for TCP is provided by each end of the connection by the declared window size, which is the byte that receives the correct expected receive. The window size is a 16-bit field, so the maximum window size is 65535 bytes, and the new Window enlargement option allows the value to vary proportionally to provide a larger window.

Flow control

TCP uses the sliding window protocol to control the flow of traffic. This protocol allows the sender to send multiple packets in succession before stopping and waiting for confirmation, which can speed up the transmission of data.

When using the TCP Sliding window protocol, the receiver does not have to confirm each received packet, the ACK is cumulative, and they indicate that the receiver has received a correct number of bytes minus 1 for the acknowledgment.

After the application reads the data from the TCP buffer, TCP sends an ACK when needed, and it does not confirm any new data, just to increase the right edge of the window, so it is called a window update.

The dynamic nature of the sliding window is summarized as follows:

1. The sender does not have to Fan Song a full-window-sized data.
2. A message segment from the receiving party confirms the data and slides the window to the right.
3. The size of the window can be reduced, but the right edge of the window does not want to move.
4. The receiver does not have to wait for the window to be filled before sending an ACK.

TCP needs to support an algorithm called slow start that works by observing that the rate at which the new packet enters the network should be the same as the rate at which the other end returns confirmation. Slow start adds another window to the sender's TCP: Congestion window, the congestion window is initialized to 1 segments, and each time an ACK is received, the Congestion window adds a message segment. The sender takes the congestion window with the minimum value in the notification window as the sending upper limit. The Congestion window is the traffic control used by the sender, and the advertisement window is the traffic control used by the receiver.

Timeout and retransmission

For each connection, TCP manages 4 different timers:

1. The retransmission timer is used when you want to receive confirmation from the other end.
2. Adhere to the timer to keep the window size information constantly flowing.
3. The keepalive timer can detect when the other end of an idle connection crashes or restarts.
4. The 2MSL timer measures when a connection is in the TIME_WAIT state.

TCP retries at a certain interval after the peer Ack timeout, and eventually discards and sends a reset signal after multiple retries are still timed out. The time interval for each retry is a multiply-multiply relationship called exponential Backoff, up to a maximum value, such as a retransmission interval that increases by 1 time times to 64 seconds each time it is re-transmitted.

The most important part of TCP timeouts and re-crosses is the measurement of round-trip time (RRT) for a given connection. Because routers and network traffic change, we think that this time may change frequently, and TCP should track these changes and change its time-out accordingly.

When TCP receives an out-of-sequence message segment, an ACK is immediately required, and the repeated ACK is intended to let the other party know that a segment of the message has been received. The sending end does not know the ACK is caused by a missing message segment, or because only a few message segments of the reordering, if a series of received 3 or more than 3 duplicate ACK, it is very likely that a message segment is lost, so the sender will retransmit the lost data message segment, without waiting for timeout timer overflow, This is the fast retransmission algorithm.

"TCP/IP detailed" reading notes