What is UDP?
transport layer protocol
connectinoless IP datagram service
By what applicatoins is UDP used?
applications that do not need reliable connections
applications that would have problems with rertansmissions, flow control, congestion control, etc.
Examples for applications using UDP?
DNS
SNMP
RIP
RADIUS
traceroute
tftp
video and audio streaming
What fields are in the UDP header?
source port
destination port
length
checksum
Is UDP reliable?
no
-> no retransmissions
-> no acknowledgement that packets are received…
What is TCP?
protocol for end-to-end host communication
connectoin oriented
reliable
provides flow and congestion control
What does TCP provide to IP?
socket interface (IP, Port) for application layer
e.g. HTTP, FTP, Telnet, ssh, dns, POP3/IMAP,…
What fields are in a TCP header?
Ports
sequence number
acknowledgemnet
TCP header length
6 bit unused
Flags
Window
urgent pointer
options
What are the flags in a TCP header?
urgent flag
ack
psh
rst
syn
fin
How does a connection teardown work?
fin ->
<- ack
<- fin
ack ->
3-way handshake…?
syn, syn ack, ack
-> initiall sequence numbers in the syn
acknowledgement of the next sequence number (after the ones received…)
When does a host close a TCP connection?=
does not want to send data anymore
occurence of a protocol error…
What is flow control?
mechanism to avoid that receiver is overwhelmed (more data that it can handle…)
How is flow control implemented ?
sliding window approach
-> sender may only send certain amount of data (fitting in a window)
-> as soon as ack is received -> window advances to next unacknowledged byte….
What is the flight size?
amount of data that was sent but not yet acknowledged…
How does retransmission work?
when segment is not acknowledged within certain timespan
-> assume segment was lost
-> retransmit beginning from last unacknowledged bytes…
What is congestion cotnrol?
meachanism to avoid ovreloading the network
and fairly distribute the badnwidth on bottlenecks
What is the role of port numbers in UDP and TCP?
used for local addressing on thehosts (addressing of applications)
-> together with IP -> provide socket interface
=> allow for multiple paralell communications on single host by addressing the application as communication partner and not the host itself…
What is represented by the ACK number in TCP?
the sequence number of the next packet the recipient expects
Can TCP selectively retransmit segments?
vanilla TCP not
-> after timeout, retransmits all segments from first unackknowledged sequence number (go back n)
-> exception: TCP SACK (selective acknowledgement)
Difference TCP SACK and vanilla TCP?
TCP receiver buffers out-of-order segments if their sequence numbers are within current window
What is a piggybacked acknowledge?
Instead of sending an individual ACK, the ACK is sent with a TCP segment that also transmits data
How does TCP determine the RTT when a segment was lost and is retransmitted?
when time stamp otion is used -> use timestamp…
Karns algo (all TCP implementations have to use)
values for retransmitted algos cannot be used to estimate RTT and determining value of retransmission time
What happens to TCP retransmission timer when network is becoming congested?
timer value based on estimates for RTT and its deviation
-> increase in RTT leads to larger time values
measured RTT increases -> vlaue of timer increases
What is the idea of AIMD in congestion control?
additive increase multiplicative decrease
increase data rate slowly (linear growth) but decrease with multiple factor a<1 in case of transmission error
Is AIMD a good idea to use in practice?
-> has shown to be too conservative
-> leaves significant part of bandwidth unused
With what was AIMD replaced?
TCP cubic algorithm
-> makes better use of avaialbe bandwidth
-> expecially in fast networks with high RTT
What do congestion algorithms do?
adjust sending rate of TCP sender to current conditions in the network
-> network congested => reduce sending ratet
-> network not congested => increase sending rate
How does TCP keep track of congestion in the network=
congestion window
-> limits number of segments that can be sent without waiting for acknowledgement
Considering flow and congestion control, what is the actual amount of transmitted data without awaiting an acknowledgement?
min (Congestion window, flow window)
What variables are kept for congestion control?
congestion window (cwnd)
slow-start threshold (ssthresh)
How are the initial values set for congestion window and ssthresh?
cwnd: one segment
sstrhesh: 65545 bytes
How does congestion control operate (phases)
two phases
slow start
congestion avoidance
When is the sender in slow start?
cwnd < ssthresh
When is a sender in congestion avoidance?
cwnd > ssthresh
How does congestion control behave in slow start?
wcnd is increased by one for each arrived ack
=> doubling cwnd for each RTT (as each RTT double the amount of segments are sent -> double of ACK received..)
How is cwnd adjusted in the congestoin avoidance phase?
cwnd set by calculating cubic funciton
depending on:
time since last packet loss
cwnd at the time of the pacekt loss
When does a TCP sender assume that a network is congested?
a segment is lost
=> meaning: retransmission timer has timeout
OR
three duplicaete ACKs arrive
How is sstrhresh adjusted in case of timeout and how in case of 3 duplicaet ACKS?
timeout
-> ssthresh to 4/5 fo current value of cwnd
-> cwnd set to onw
=> start from slow-start…
3 duplicate ACKS:
-> perform fast recovery
ssthresh to 4/5 of current cwnd value
cwnd set to new value of ssthresh
What is the idea of fast retransmit?
to avoid waiting for timeout
-> think that 3 duplicate ACKs indicate an error…
What is the basic (important) assumption in TCPs congestion control?
packet loss (only) caused by congestion
What connections does TCP prefer (by giving it larger sending windows)?
connections with small RTT no congestion
What changed in the network so that BBR was invented to replace cubic?
network hardware growing in size and speed
bandwidth increases to gigabit
buffers can grow almost arbitrarily -> memory is cheap
=> BBR to adapt better to altered HW conditions
Why does TCP use things such as loss to do congestion control?
does not know by itself wether network is congested
-> requires “proxy” metric…
What is the characteristic of loss based congestion control, what is an implementation of that?
assumes that each loss is happening due to congestion
TCP Reno -> Sawtooth graph
TCP Cubic
What is the bandwdth delay product?
produt of a links RTT and the links bandwidth
-> RTT * Bandwidth
=> Data that fits on the link…
What is the meaning of the statemen “keep the buffers full”?
Loss based congestion control only begins to work, when buffers are full
-> burrers full -> packets get dropped (loss) -> Congestion control reduces window
-> buffers get emptied -> congestion control thinks, one can increase window -> buffers fill up again…
How does the RTT and Delivery Rate evolve depending on the data in flight?
RTT stays the same until amount in flight equals the BDP
After that, it increases until it reaches BDP + Buff size
=> No more data can be put on the link and hold in the buffers -> Cubic / Reno starts to kick in
Delivery Rate incrases until amount of inflight = BDP (as then, more traffic only means buffers fill up and not that more is delivered)
-> stays the same until BDP + Budd Size is reached, as then drop happens and CUBIC / RENO kicks in
What would be the optimal point in the RTT and delivery rate graph?
max delivery rate and min RTT
=> BDP = amount inflight
=> used in congestion based congestion control (as there, the actual congestrion is tried to estimate…)
Sweet spot congestion based congestion control?
bottleneck link is saturated without sending so much that queues get filled up and RTT increase…
not sending too little so that not full capacity of bottleneck link is used
What parameters does BRR have (it bases its calculations on)?
Rount trip time
Bottleneck bandwidth
Hos is the RTT used in BBR?
BBR runs timer for each segment to measure time until according ACK arrives
-> estimator for the RTT
=> takes minimum value of certain amount of segments as RTT
RTProp -> approximates RTT with measured values of RTT
How is the bottleneck bandwidht used in BBR?
use RTprop to calculate how much data was delivered in what time (based on the sent segments…)
-> maximum delivery rate out of certain time interval as bottleneck bandwidth
What is a problem in RTT and Bandwidth measurement ?
to do as exactly as posisble -> buffers on the link must be empty
-> else, aditional querying delay would be included…
to sample bandwidht -> have to increase sending rate until loss occures -> fill up buffers
negative efects on RTT measurement…
=> impossible to sample both at the same time
-> sampled sequentially…
What is a traffic generator?
program that simulates / generates real looking traffic
ttcp…
What are functions that UDP offers?
port muptiplexing / demultiplexing
error checking
Comparison TCP UDP Characteristics
UDP
simple and lightweight
unreliable
message-oriented
stateless
good choice for time-critical applications
supports unidirectional communication
TCP
complex
reliable → head-of-line blocking
stream-oriented
sending-rate adaption
TCP problems
vulnerable to resource exploitation
congestion control may be too restrictive, e.g. wireless networks
UDP problems
unlimited sending rate may overload network/receiver
What functions does TCP offer?
port multiplexing / demultiplexing
reliable and ordered delivery
stream-orientation
control of sending-rate (avoid overloading the network or the receiver)
Why does TCP use ACKs?
reliable, connection oriented protocol
=> needs a way of determining wether segments arrived…
What means cumulative acknowledgement?
an ack acknowledges all smaller sequence numbers
What is a problem in fast retransmit?
head of line blocking
-> SEQ 3-5 were recieved
-> three ack=2
-> retransmits seq=2 -> others bufferd before this… blocking the head of line…
What is the 3-way handshake used for?
establish initial sequence numbers and window sizes
negotiate options
What might be a vulnerablity in the 3-way handshake?
vulnerable to syn-flood attacks
-> (D)DoS -> flood with 3-way handshakes to all ports
=> mitigation: TCP Syn cookies
How are TCP connections teared down?
4-way handshake
each side needs to close connection -> half open possible
initiator waits for timeout before closing the connection (no packets arriving anymore…)
What are problems of TCP cubic?
congestoin indicated only by packet loss
keeps buffers full
=> vulnerable to random packet loss
=> high latency
What congestion control operatoins points exist ?
applicatoin limited phase -> cannot send more data
=> increases until amount of inflight = BDP
Bandwidth limited
application could send more and bottleneck buffer is not yet full
buffer limited
buffer is full and packets get lost, happens at amount of inflight = BDP + BtlNackBufSize
=> loss based operating poitn in amount inflight = BDP * BtlNckBufSize
=> delay based at point where BDP = amout of inflight (optimal point e.g. BRR tries to find)
What are the main goals of BBR?
keep 1 BDP of data infligt -> full link utilization and no queuing delay
send with bottleneck bandwidth -> no queue can build up
How is BBR implemented? (functionality wise)
continuously monitors network to find minimal RTT and maximum bandwidth
problem: cannot be measured at once
RTprop only if buffers are empty
BtlBw only if link is full utilized and queue starts growing
=> solutoin : alternating measurements
use filters to record those values against a sliding window
What phases does BBR have?
startup
drain
probe bandwidth
probe RTT
How does BBR startup work?
similar to slow start -> double sending rate each RTT
stop after three cnosecutive RTT with less than 25% in delivery rate increase
finds BtlBw in log2(BDP) RTTs
can creaet query up to 2 BDP
How does BBR drain work?
goal: remove during startup build up queqe
-> drasticall reduce sending rate
leave drain when data in flight matches estimated BDP
How does BBR probe banwidth work?
periodically probe for more bandwidth
BtlBw is estimated using max filter of about ten estimated RTTs
sending rate = BtlBe * Pacing gain with pacing gian in [1.25,0.75,1,1,1,1,1,1]
each step takes about one RTT
if no bandwidth available -> sending rate reduced afterwards to remove queue
if bandwidth available -> BtlBw updated and thus sending rate increases
How does BBR Probe RTT work?
probes all 10s -> if RTProb not measured in 10s, enter RTT probe mode
ensure that all queues are empty -> reduce inflight to 4 segmetns for 200ms + RTT
Problem: low delivery rate durign RTT probe -> performance drop…
What are strengths of BBR?
robustness against random packet loss
low delay
does not starve when copeting with other algorithms
What are the key takeaways of BBR?
Takeaways
high potential to improve congestion control
young and immature algorithm
actively researched
What are the key problems of BBR?
RTT unfairness
bottleneck overestimation (inter-flow unfairness)
inter-protocol unfairness
inter-flow synchronization
What is window scaling?
default max window size limits BDP
window sacling option (negotiated during hanshake) allows window sizes up to 4GB
=> but problem remains: max number of unacknowledged data still limited by sequence numbers (32 bit)
What are selective acknowledgements?
allow receiver to acknowledge ranges of segments
=> avoid unnecessary retransmission compared to cumulative ACKS
=> TCP option
What other transport layer protocols exist?
Stream Control Transmission Protocol (SCTP)
Multipath TCP (MPTCP)
Quick UDP Internet Connections (QUIC)
What is SCTP and what are its problems?
TCP/UDP hybrid -> reliable, optional ordering, message oriented
permits reliable unordered delivery
other featueres: mutihoming, 4-way-handhake
problems:
require changes in application implementations
lack of support in middleboxes (NAT; firewalls,…)
What is multipath TCP and what are its problems?
can use multiple interfaces/links simultaneously
goal: improve resource utilization, throughput and reliablility
mimics standared TCP, even offers fallback mode
What is QUIC?
UDP based protocol that implements reliabilit, congestion control, multiple streams, encryption, etc.
goal: reduce latency (compared to TCP+TLS)
mimics UDP (middlebox support)
What is the effect of the psh flag?
receiver: directly forward segment to higher layer, even when buffer is not full yet…
sender: send segment, even when buffer is not full yet
Why does it make sense to set the PSH flag in ttcp?
wantso to measure throughput and thus, directly using the segments to measure things makes sense (no buffering, as it could influence the measurements)
What is NIC offloading?
offload processing of packets / segments etc from the CPU to the NIC (network interface card)
e.g. calculation of checksums…
=> advantages: e.g. in Gigabit ethernet, most of CPU workload would be made up of tcp traffic handling
=> also, PCI traffic gets reduced
What is generic receive offloading?
maximum length of packet capped due to MTU
=> reduce computational overhead caused by packet processing by aggregating multiple smaller packets into a bigger one…
Disadvantages of NIC offloading?
additional piece of hardware -> potential vulnerability that requires management and uodates…
hardware limitations -> resource starvatino as less ressources avaliable than main sysetm
probably proprietary hardware… -> effort to integrate it
NIC can become obsolete quickly as technology progresses… => performance advances of main system render NIC obsolete…
How does OS finterprinting with nmap work?
send several TCP and UDP packets
-> chosen in such a way, that responses from different OS change and thus alow to compare response pattern to database of OS response patterns known before…
-> e.g. options support, IP ID sampling, initial window size check…
What is the difference between nmap normal scan and stealth scan?
normal scan: open full conecitons (finish 3-way handshake) and then reset it
stealth scan: only send syn flag and receive syn ack
=> answers:
syn,ack -> port opened
rst -> port closed
no response / icmp unreachable -> port filtered (or assumed to be filtered by nmap at least…)
What are the different use-cases of stealt and normal nmap scan?
stealt: requires sudo privileges and is faster / may not be logged due to no complete handshake
normal : should usually only do if no root privileges, as higher chance of being logged and slower
What is the option net.ipv4.tcp_no_metrics_save used for?
TCP saves by default several connection metrics -> cache when closing connection for next conneciton…
=> do not store them if one wants to measure things / create graphs to not have the measurement influenced by earlier conections…
Why is it enough to actiate BBR only on one pc to measure ts performanceß
=> contestion control is in general performed on the sending host…
How is RTProp calculated?
RTProp = minimum RTT over a certain time window
-> as the RTT does decrease with coongestion, the actual RTT is the smallest value measured…
BtlBw = maximum deilivery rate over a time window
as the bandwidht gets reduced when the network is congested, the real bottleneck bandwisht is the maximum measured value…
BRR calcualte delivery ratge
delta delivered / delta time
How does BBR reacht to changes in RTT and BtlBw?
RTT:
BDP as product of RTProp and BtlBw -> linear correlated to both…
Bandwidth
BDP linear correlated -> if change in bottleneck link -> affects BDP only as long as it remains bottleneck…
What happens when you have a lossy netwrork and use TCP Cubic?
highly reduced bandwidht -> as always multiplicative decrease…
Does OSPF exchange LSA with all routers ?
no -> only with designated router (elected during hello with largest priority)
-> handles building routing table and sharing with individual routers in area
-> minimize communicatoin overhead…
Zuletzt geändertvor 2 Jahren