Understanding the TCP/IP Transport Layer 479 Figure 9-2 Transport Layer Role in Communication Between Network Devices The transport layer provides the following basic services: ■ Segmenting upper-layer application data ■ Establishing end-to-end operations ■ Sending segments from one end host to another end host ■ Ensuring flow control provided by sliding windows ■ Ensuring reliability provided by sequence numbers and acknowledgments The transport layer assumes that it can use the network as a “cloud,” to send data packets from source to destination. The cloud deals with issues of which of several paths is best for a given route. This starts to illustrate the role that routers perform in this process. TCP/IP is a combination of two individual protocols, TCP and IP. IP is a Layer 3 pro- tocol, a connectionless service that provides best-effort delivery across a network. TCP is a Layer 4 protocol, a connection-oriented service that provides flow control as well as reliability. Pairing the protocols enables them to provide a wider range of services. The TCP/IP protocol suite is made up of many protocols, but TCP and IP are the key ones. TCP/IP is the protocol suite on which the Internet is based. Flow Control As the TCP transport layer protocol sends data segments, it can ensure the integrity of the data. One method of doing this is called flow control. Flow control avoids the problem of a transmitting host overflowing the buffers in the receiving host. Overflows can present serious problems because they can result in the loss of data. Transport layer services enable reliable data transport between hosts and destinations. To obtain such reliable transport of data, a connection-oriented relationship is used 1102.book Page 479 Tuesday, May 20, 2003 2:53 PM 480 Chapter 9: TCP/IP Transport and Application Layer between the communicating end systems. Reliable transport can accomplish the following: ■ Ensure that segments delivered will be acknowledged to the sender ■ Provide for retransmission of any segments that are not acknowledged ■ Put segments back into their correct sequence at the destination ■ Provide congestion avoidance and control Session Establishment, Maintenance, and Termination Overview In the OSI and TCP/IP reference models, multiple applications can share the same transport connection. Transport functionality is accomplished segment by segment. This means that different applications can send data segments on a first-come, first- served basis. Such segments can be intended for the same destination or for different destinations. This setup sometimes is referred to as the multiplexing of upper-layer conversations, as shown in Figure 9-3. Figure 9-3 Multiple Types of Application Layer Data Share the Transport Layer One function of the transport layer is to establish a connection-oriented session with its peer system. For data transfer to begin, both the sending and the receiving applica- tions inform their respective operating systems that a connection will be initiated. One machine initiates a connection that must be accepted by the other. Protocol software modules in the two operating systems communicate by sending messages across the network to verify that the transfer is authorized and that both sides are ready. After all synchronization has occurred, a connection is said to be established and the transfer of data begins. During transfer, the two machines continue to communicate with their protocol software to verify that data is received correctly. Figure 9-4 shows a typical connection between sending and receiving systems. The first handshake requests synchronization. The second and third handshakes acknowledge Application Electronic Mail File Transfer Terminal Session Application Port Data Application Port Data Presentation Session Transport Segments 1102.book Page 480 Tuesday, May 20, 2003 2:53 PM Understanding the TCP/IP Transport Layer 481 the initial synchronization request, as well as synchronize connection parameters in the opposite direction. The final handshake segment is an acknowledgment used to inform the destination that both sides agree that a connection has been established. After the connection is established, data transfer begins. Figure 9-4 Establishing a Connection with a Peer System When data transfer is in progress, congestion can occur for two reasons. First, a high- speed computer might be capable of generating traffic faster than a network can trans- fer it. Second, if many computers simultaneously need to send datagrams to a single destination, that destination can experience congestion, although no single source caused the problem. When datagrams arrive too quickly for a host or gateway to process, they temporarily are stored in memory. If the traffic continues, the host or gateway eventually exhausts its memory and must discard additional datagrams that arrive. Instead of allowing data to be lost, the transport function can issue a “not ready” indi- cator to the sender. Acting like a stop sign, this indicator signals the sender to stop sending data. When the receiver can handle additional data, the receiver sends a “ready” transport indicator, which is like a go signal. When it receives this indicator, the sender can resume segment transmission. At the end of data transfer, the sending host sends a signal that indicates the end of the transmission. The receiving host at the end of the data sequence acknowledges the end of transmission, and the connection is terminated. Sender Synchronize Connection Established Negotiate Connection Synchronize Acknowledge Data Transfer (Send Segments) Receiver 1102.book Page 481 Tuesday, May 20, 2003 2:53 PM 482 Chapter 9: TCP/IP Transport and Application Layer Three-Way Handshake TCP is connection-oriented, so it requires connection establishment before data transfer begins. For a connection to be established or initialized, the two hosts must synchronize on each other’s initial sequence numbers (ISNs). Synchronization is done in an exchange of connection-establishing segments that carry a control bit called SYN (for synchro- nize) and the ISNs. Segments that carry the SYN bit also are called SYNs. Hence, the solution requires a suitable mechanism for picking an initial sequence number and a slightly involved handshake to exchange the ISNs. The synchronization requires each side to send its own initial sequence number and to receive a confirmation of it in an acknowledgment (ACK) from the other side. Each side also must receive the other side’s INS and send a confirming ACK. The sequence follows: 1. A→B SYN—My initial sequence number is X, the ACK number is 0, and the SYN bit is set, but the ACK bit is not set. 2. B→A ACK—Your sequence number is X+1, my initial sequence number is Y, and the SYN and ACK bits are set. 3. A→B ACK—Your sequence number is Y+1, my sequence number is X+1, and the ACK bit is set, but the SYN bit is not set. This exchange, shown in Figure 9-5, is called the three-way handshake. Figure 9-5 Three-Way Handshake 1102.book Page 482 Tuesday, May 20, 2003 2:53 PM Windowing 483 A three-way handshake is an asynchronous connection mechanism, which is necessary because sequence numbers are not tied to a global clock in the network; therefore, TCP protocols can have different mechanisms for picking the ISN. The three-way hand- shake addresses a lot more issues than just the sequence numbers. Other issues that are addressed include window size, MTU, and any network latency to expect. The receiver of the first SYN has no way of knowing whether the segment was an old delayed one, unless it remembers the last sequence number used on the connection (which is not always possible), so it must ask the sender to verify this SYN. Windowing In the most basic form of reliable, connection-oriented data transfer, data packets must be delivered to the recipient in the same order in which they were transmitted. The protocol fails if any data packets are lost, damaged, duplicated, or received in a differ- ent order. The basic solution is to have a recipient acknowledge the receipt of each data segment. If the sender must wait for an acknowledgment after sending each segment, as shown in Figure 9-6, throughput is low. Therefore, most connection-oriented, reliable proto- cols allow more than one frame or segment to be outstanding at a time. Because time is available after the sender finishes transmitting the data packet and before the sender finishes processing any received acknowledgment, the interval is used for transmitting more data. The number of data packets that the sender is allowed to have outstanding without having received an acknowledgment is known as the window. Figure 9-6 Window Size of 1 1102.book Page 483 Tuesday, May 20, 2003 2:53 PM 484 Chapter 9: TCP/IP Transport and Application Layer TCP uses expectational acknowledgments, meaning that the acknowledgment number refers to the octet that is expected next. Windowing refers to the fact that the window size is negotiated dynamically during the TCP session. Windowing is a flow-control mechanism requiring that the source device receive an acknowledgment from the desti- nation after transmitting a certain amount of data. To govern the flow of data between devices, TCP uses a flow-control mechanism. The receiving TCP device reports a “window” to the sending TCP device. This window specifies the number of octets, starting with the acknowledgment number, that the receiving TCP device currently is capable of receiving. For example, with a window size of 3, the source device can send three octets to the destination. It then must wait for an acknowledgment. If the destination receives the three octets, it sends an acknowledgment to the source device, which now can transmit three more octets. If the destination does not receive the three octets—for example, because of overflowing buffers—it does not send an acknowledgment. Because the source does not receive an acknowledgment, it knows that the octets should be retransmitted and that the transmission rate should be slowed. TCP window sizes are variable during the lifetime of a connection. Each acknowledg- ment contains a window advertisement that indicates the number of bytes that the receiver can accept. TCP also maintains a congestion-control window, which is nor- mally the same size as the receiver’s window but is cut in half when a segment is lost (for example, there is congestion). This approach permits the window to be expanded or contracted as necessary to manage buffer space and processing. A larger window size controls the permissible number of octets that can be transmitted. If the sender sends three octets, it is expecting an ACK of 4. If the receiver can handle a window size of only two octets , it drops packet 3, specifies 3 as the next octet, and specifies a new window size of 2. The sender sends the next two octets but still specifies its own window size of 3 (for example, it still can accept three octets from the receiver). The receiver replies by requesting octet 5 and specifying a window size of 2. Acknowledgment Reliable delivery guarantees that a stream of data sent from one machine is delivered through a data link to another machine without duplication or data loss. Positive acknowledgment with retransmission is one technique that guarantees reliable delivery of data. Positive acknowledgment requires a recipient to communicate with the source, sending back an acknowledgment message when it receives data. The sender keeps a record of each data packet (TCP segment) that it sends and expects an acknowledgment. 1102.book Page 484 Tuesday, May 20, 2003 2:53 PM Windowing 485 The sender also starts a timer when it sends a segment, and it retransmits a segment if the timer expires before an acknowledgment arrives. Figure 9-7 shows the sender transmitting data packets 1, 2, and 3. The receiver acknowl- edges receipt of the packets by requesting packet 4. Upon receiving the acknowledgment, the sender sends packets 4, 5, and 6. If packet 5 does not arrive at the destination, the receiver acknowledges with a request to resend packet 5. The sender resends packet 5 and then receives an acknowledgment to continue with the transmission of packet 7. Figure 9-7 Window Size of 3 TCP provides sequencing of segments with a forward reference acknowledgment. Each datagram is numbered before transmission, as shown in Figure 9-8. At the receiving station, TCP reassembles the segments into a complete message. TCP must recover from data that is damaged, lost, duplicated, or delivered out of order by the Internet com- munication system. This is achieved by assigning a sequence number to each octet transmitted and requiring a positive acknowledgment (ACK) from the receiving TCP. If the ACK is not received within a timeout interval, the data is retransmitted. At the receiver, the sequence numbers are used to correctly order segments that might be received out of order and to eliminate duplicates. Damage is handled by adding a checksum to each segment transmitted, checking it at the receiver, and discarding damaged segments. 1102.book Page 485 Tuesday, May 20, 2003 2:53 PM 486 Chapter 9: TCP/IP Transport and Application Layer Figure 9-8 TCP Sequence and Acknowledgment TCP Transmission Control Protocol (TCP) is a connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP proto- col stack. In a connection-oriented environment, a connection is established between both ends before transfer of information can begin. TCP is responsible for breaking messages into segments, reassembling them at the destination station, resending any- thing that is not received, and reassembling messages from the segments. TCP supplies a virtual circuit between end-user applications. These protocols use TCP: ■ File Transfer Protocol (FTP) ■ Hypertext Transfer Protocol (HTTP) ■ Simple Mail Transfer Protocol (SMTP) ■ Domain Name System (DNS) Figure 9-9 shows the TCP segment format. Figure 9-9 TCP Segment Format I sent # 10. I received # 10. Now send # 11. Source Des. Seq. Ack. 1028 23 10 1 Source Des. Seq. Ack. 1028 23 11 2 Source Des. Seq. Ack. 23 1028 1 11 Source Port Destination Port Sequence Number Acknowledgment Numbers … 1102.book Page 486 Tuesday, May 20, 2003 2:53 PM Windowing 487 The following list defines the fields in the TCP segment shown in Figure 9-9: ■ Source Port—Number of the calling port ■ Destination Port—Number of the called port ■ Sequence Number—Number used to ensure correct sequencing of the arriving data ■ Acknowledgment Number—Next expected TCP octet ■ HLEN—Number of 32-bit words in the header ■ Reserved—Set to 0 ■ Code Bits—Control functions (such as setup and termination of a session) ■ Window—Number of octets that the sender is willing to accept ■ Checksum—Calculated checksum of the header and data fields ■ Urgent Pointer—Indication of the end of the urgent data ■ Options—One option currently defined—maximum TCP segment size ■ Data—Upper-layer protocol data UDP User Datagram Protocol (UDP), the segment format for which is shown in Figure 9-10, is the connectionless transport protocol in the TCP/IP protocol stack. UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery. This simplicity is evident when comparing the UDP segment format with that of TCP. Error processing and retransmission must be handled by upper-layer protocols. For example, if a TFTP download gets interrupted for some reason, the human operator can just retry until it is successfully done. Figure 9-10 UDP Segment Format The following list defines the fields in the UDP segment shown in Figure 9-10: ■ Source Port—Number of the calling port ■ Destination Port—Number of the called port ■ Length—Number of bytes, including header and data ■ Checksum—Calculated checksum of the header and data fields ■ Data—Upper-layer protocol data 1102.book Page 487 Tuesday, May 20, 2003 2:53 PM 488 Chapter 9: TCP/IP Transport and Application Layer UDP uses no windowing or acknowledgments; therefore, application layer protocols provide reliability. UDP is designed for applications that do not need to put sequences of segments together. These protocols use UDP: ■ Trivial File Transfer Protocol (TFTP) ■ Simple Network Management Protocol (SNMP) ■ Dynamic Host Configuration Protocol (DHCP) ■ Domain Name System (DNS) TCP and UDP Port Numbers Both TCP and UDP use port numbers to pass information to the upper layers. The combination of an IP address and a port number is referred to as a socket. Port numbers are used to keep track of different conversations crossing the network at the same time. Application software developers agree to use well-known port numbers that are con- trolled by the Internet Assigned Numbers Authority (IANA). For example, any conver- sation bound for the FTP application uses the standard port numbers 20 (for the data) and 21 (for control), as shown in Figure 9-11. Conversations that do not involve an application with a well-known port number are assigned port numbers randomly from within a specific range above 1023. Some ports are reserved in both TCP and UDP, but applications might not be written to support them, as shown in Table 9-1. Port num- bers have the assigned ranges shown in this table. Figure 9-11 Port Numbers F T P T e l n e t S M T P D N S T F T P S N M P 21 Application Layer Transport Layer Port Numbers 23 TCP UDP 25 53 69 161 1102.book Page 488 Tuesday, May 20, 2003 2:53 PM . TCP Segment Format I sent # 10 . I received # 10 . Now send # 11 . Source Des. Seq. Ack. 10 28 23 10 1 Source Des. Seq. Ack. 10 28 23 11 2 Source Des. Seq. Ack. 23 10 28 1 11 Source Port Destination Port Sequence Number Acknowledgment Numbers … 11 02. book. table. Figure 9 -11 Port Numbers F T P T e l n e t S M T P D N S T F T P S N M P 21 Application Layer Transport Layer Port Numbers 23 TCP UDP 25 53 69 16 1 11 02. book Page 488 Tuesday, May 20 , 20 03 2: 53 PM . header and data ■ Checksum—Calculated checksum of the header and data fields ■ Data—Upper-layer protocol data 11 02. book Page 487 Tuesday, May 20 , 20 03 2: 53 PM 488 Chapter 9: TCP/IP Transport and