COMP 416

Internet Protocols and Software

Instructor: Zhijun Wang

Lab#1 will be given next week at

PQ604A-C at the class time
Supplementary Materials are available
Today’s contents
• UDP (Chap. 11)
• TCP (Chap.12)
TCP/IP Protocol Suite 1
 Key thinks
• What are the major differences between UDP and
TCP?
• Where are the application domains for UDP and TCP?
• Why does TCP work well?
• What are the disadvantages of UDP and TCP?

TCP/IP Protocol Suite 2

 Chapter 11

User Datagram
Protocol
Objectives

• Be able to explain process-to-process communication

• Know the format of a UDP user datagram
• Understand the operation of UDP
• Know when it is appropriate to use UDP

TCP/IP Protocol Suite 3

Figure 1 Position of UDP in the TCP/IP protocol suite

TCP/IP Protocol Suite 4

Figure 2 UDP versus IP

UDP (User Datagram Protocol) is a connectionless, unreliable transport

protocol. UDP is a simple protocol using a minimum overhead.

TCP/IP Protocol Suite 5

Figure 3 Port numbers

UDP uses port number to identify processes. A port number has 16 bits, the
range is from 0 to 65,535.
The client process defines itself with a port number, called ephemeral port
number which is recommended to be greater than 1023.
The server process also defines itself with a port number which is a
well-known port number in the range 0-1023.

TCP/IP Protocol Suite 6

Figure 4 IP addresses versus port numbers

IP addresses identify devices

Port numbers identify processes

TCP/IP Protocol Suite 7

 Figure 5 ICANN ranges

ICANN: International Corporation for Assigned Names and Numbers

Well-known ports: the ports ranging from 0 to 1023 are assigned

and controlled by ICANN.
Registered ports: the ports ranging from 1024 to 49,151 are not
assigned and controlled by ICANN. They can only be registered
with ICANN to prevent duplication.
Dynamic ports: the ports ranging from 49,152 to 65,535 are neither
controlled nor registered. They can be used as temporary or
private numbers

TCP/IP Protocol Suite 8

Table 1 Well-known ports used with UDP

TCP/IP Protocol Suite 9

 Socket address

Socket address: a combination of IP address and a port number

TCP/IP Protocol Suite 10

 Example 1

An SNMP client residing on a host with IP address 132.23.43.31 sends a

message to an SNMP (Port: 161) server residing on a host with IP
addresses 32.23.2.1. What is the pair of sockets used in this
communication?

Solution: In the client, the socket address is IP address combined with an

ephemeral ports X, (132.23.43.31, X). In the server, the socket address is
(32.23.2.1, 161).

TCP/IP Protocol Suite 11

 Figure 6 User datagram format

UDP packets are called user datagrams and have a fixed-size header of 8
bytes.

Error check for the user datagram

TCP/IP Protocol Suite 12

 Figure 7 Encapsulation and decapsulation

UDP: connectionless service

User datagrams are not numbered
No relationship between different user datagrams even if they
are coming from the same user.

UDP: unreliable service

No flow and error control

TCP/IP Protocol Suite 13

Figure 8 Queues in UDP

There are one outgoing and one incoming queues used for sending
and receiving datagrams.
The queues usually are identified by the port numbers.

TCP/IP Protocol Suite 14

 Applications of UDP

•UDP is suitable for a process that requires simple-response

communication with little concern for flow and error control

•UDP is suitable for a process with internal flow and error-control

mechanism, e.g., Trivial File Transfer Protocol (TFTP).

•UDP is a suitable transport protocol for multicasting.

•UDP is used for management processes such as SNMP.

•UDP is used for route updating protocols such as Routing

Information Protocol (RIP).

TCP/IP Protocol Suite 15

 Congestion Control of UDP

•DCCP: Datagram Congestion Control Protocol

RFC4340: http://www.read.cs.ucla.edu/dccp/rfc4340.txt

TCP/IP Protocol Suite 16

 Chapter 12

Transmission
Control Protocol
Objectives

• Understand the services offered by TCP

• Understand TCP’s flow and error control and congestion control
• Be familiar with the fields in a TCP segment
• Understand the phases in a connection-oriented connection

TCP/IP Protocol Suite 17

TCP FEATURES

• TCP is a connection-oriented protocol (UDP: Connectionless)

• TCP is a reliable transport protocol (UDP : unreliable)
• TCP uses full-duplex communication (UDP : half-duplex)

TCP uses port numbers to identify processes.

A packet in TCP is called a segment.

TCP/IP Protocol Suite 18

Table 1 Well-known ports used by TCP

TCP/IP Protocol Suite 19

Figure 1 Sending and receiving buffers

A circular buffer is used to send and receive data.

The sent bytes are removed from the buffer when they are acknowledged.

TCP/IP Protocol Suite 20

 Numbering system

The bytes of data being transferred in each connection are numbered by TCP.
The number starts with a randomly generated number.

The value in the sequence number field of a segment defines the number of the
first data byte contained in that segment.

The value of the acknowledgement field in a segment defines the number of the
next byte a party expects to receive.
The acknowledgement is cumulative.

TCP/IP Protocol Suite 21

 Example 1

Suppose a TCP connection is transferring a file of 3000 bytes.

The first byte is numbered 10001. What are the sequence
numbers for each segment if data is sent in three segments,
each carrying 1000 bytes?

Solution
The following shows the sequence number for each segment:

Segment 1 ➡ Sequence Number: 10,001 (range: 10,001 to 11,000)

Segment 2 ➡ Sequence Number: 11,001 (range: 11,001 to 12,000)
Segment 3 ➡ Sequence Number: 12,001 (range: 12,001 to 13,000)

TCP/IP Protocol Suite 22

Figure 2 TCP segment format

The TCP header includes 20-40 bytes

TCP/IP Protocol Suite 23

Figure 3 Control field

TCP/IP Protocol Suite 24

A TCP CONNECTION
TCP is connection-oriented. A connection-oriented transport
protocol establishes a virtual path between the source and
destination. All of the segments belonging to a message are
then sent over this virtual path.

A connection-oriented transmission requires three phases:

(1) connection establishment
(2) data transfer
(3) connection termination.

TCP/IP Protocol Suite 25

Figure 3 Connection establishment using three-way handshaking

rwnd: receiver window size

TCP/IP Protocol Suite 26

 TCP Connection
Establishment
The server must be ready to accept connections, that is passive open.
The client issues a request for active open.

(1) The client first sends a SYN segment, in which only SYN flag is set.
A SYN segment cannot carry data, but it consumes one sequence number.
The sequence number is called the initial sequence number (ISN).

(2) After the server receives the SYN segment, it sends a SYN+ACK segment back
The segment has 2 flag bits set: SYN and ACK, and also contains receiver window
size which indicates the maximal number of bytes can be sent.
A SYN+ACK segment cannot carry data, but does consume one sequence number.

(3) After receiving SYN+ACK, the client sends an ACK segment to the server.
The ACK segment, if carrying no data, consume no sequence number.

Now the TCP connection has been established.

TCP/IP Protocol Suite 27

 SYN Flooding Attack

The connection establishment procedure in TCP has SYN flooding attack problem.
A malicious attacker sends a large number of SYN segments to a server using faked
IP addresses. The server, assuming that the clients are issuing an active open,
allocates the necessary resources. During the time, a lot of resources are allocated
without being used. Then the server sends the faked clients SYN+ACK segments
which are lost. During this period, the server may run out of resource, and even
crash. Such attacks known as denial of service attack.

Protections: (1) limit the number of connections during a time period

(2) filter out segments from unwanted source address
(3) delay resource allocation until the entire connection is set up

Some materials on denial of service attack are available on supplementary

in course webpage and WebCT.

TCP/IP Protocol Suite 28

Figure 4 Data transfer

After connections
is established,
bidirectional data
transfer can take
place. The
acknowledgement
is piggyback with
data.

TCP/IP Protocol Suite 29

Figure 5 Connection termination using three-way handshaking

TCP/IP Protocol Suite 30

 Three-way handshaking
termination
After sending all data, the client initiates a TCP close command to terminate
connection.

(1) The client first sends a FIN segment, in which the FIN flag is set.
The segment can include the last chunk of data sent by the client or it can be
just a control package.
The FIN segment consumes one sequence number if it does not carry data.

(2) After receiving the FIN segment, the server informs its process of the situation
and send a FIN+ACK segment to confirm the receipt of the FIN segment from the
client and also announce the closing of the connection in the other direction.
The FIN+ACK consumes one sequence number if it does not carry data.

(3) The client sends the last ACK segment to the server.
The ACK segment cannot carry data and consumes no sequence number.

Now the TCP connection has been terminated.

TCP/IP Protocol Suite 31

Figure 6 Half-close

In TCP, one end can stop

sending data while still
receiving data, this called
Half-close.
The client sends FIN segment
To the server, and the server
sends an ACK back. The data
is still sending from the server
to the client. The server sends
a FIN segment when all data
are sent. The client sends an
ACK segment back.
The connection is closed.
This process called four-way
handshaking termination.

TCP/IP Protocol Suite 32

FLOW CONTROL
Flow control regulates the amount of data a source can send before
receiving an acknowledgment from the destination.

TCP uses sliding window protocol for flow control.

In this method, a host uses a window for outbound communication
(sending data). The window span the portion of the buffer containing bytes
received from the process. The bytes inside the window are the bytes that
can be in transit; they can be sent without worrying about
acknowledgement.

A sliding window is used to make transmission more efficient as well as to

control the flow of data so that the destination does not become
overwhelmed with data.
TCP sliding windows are byte oriented.

TCP/IP Protocol Suite 33

Figure 7 Sliding window

Congestion window size

TCP/IP Protocol Suite 34

 Example 2

What is the value of the receiver window (rwnd) for host A if

the receiver, host B, has a buffer size of 5,000 bytes and 1,000
bytes of received and unprocessed data?

Solution
The value of rwnd = 5,000 − 1,000 = 4,000. Host B can receive
only 4,000 bytes of data before overflowing its buffer. Host B
advertises this value in its next segment to A.

TCP/IP Protocol Suite 35

 Example 3

Figure 8 shows an unrealistic example of a sliding window.

The sender has sent bytes up to 202. We assume that cwnd is 20
(in reality this value is thousands of bytes). The receiver has
sent an acknowledgment number of 200 with an rwnd of 9
bytes (in reality this value is thousands of bytes). The size of the
sender window is the minimum of rwnd and cwnd or 9 bytes.
Bytes 200 to 202 are sent, but not acknowledged. Bytes 203 to
208 can be sent without worrying about acknowledgment.
Bytes 209 and above cannot be sent.

TCP/IP Protocol Suite 36

Figure 8 Example 3

cwnd rwnd

TCP/IP Protocol Suite 37

 Example 4

In Figure below, the sender receives a segment with an

acknowledgment value of 206 and an rwnd of 12. The host has
not sent any new bytes. The value of cwnd is still 20. Show the
new window.

TCP/IP Protocol Suite 38

 Example 4-solution

Solution
The value of rwnd is less than cwnd, so the size of the window
is 12. Figure below shows the new window. Note that the
window has been opened from the right by 7 and closed from
the left by 4; the size of the window has increased.

TCP/IP Protocol Suite 39

ERROR CONTROL
TCP provides reliability using error control, which detects corrupted, lost,
out-of-order, and duplicated segments.
Error control in TCP is achieved through the use of the checksum,
acknowledgment, and time-out.
Error control includes a mechanism for detecting corrupted segments, lost
segments, out-of-order segments and duplicated segments.

Checksum is used to detect the corrupted segments.

TCP/IP Protocol Suite 40

 Acknowledgement
ACK segments do not consume sequence numbers and are not acknowledged.

Rules for generating ACK:

Rule 1: When one end sends data segment to the other end, it must include
an acknowledgement giving the next sequence number it expects to receive.
Rule 2: If the receiver has no data to send, it receives an in-order segment and the
previous one has acknowledged, it delays sending ACK until another segment
arrives or until a period of time has passed. That means there should be no
more than 2 in-order unacknowledged segments in any-time.
Rule 3: When a segment arrives with a sequence number that is expected, and the
previous one is in –order and has not acknowledged, it immediately
sends an ACK.
Rule 4: When a segment arrives is out-of-order number, the receiver immediately
sends an ACK announcing the expected sequence number to be received.
Rule 5: When a missing segment arrives, the receiver sends an ACK to announce
the next sequence number expected.
Rule 6: If a duplicated segment arrives, the receiver immediately sends an ACK to
solve missing ACK case.

TCP/IP Protocol Suite 41

 Retransmission and out-of-order segments

In TCP, the sender starts a retransmission time-out (RTO) for each segment sent.
A retransmission occurs if any of the cases is true:

(1) The retransmission timer expires

(2) Three duplicated ACK segments have arrived

Data may arrive out of order and be temporarily stored by the receiving TCP,
but TCP guarantees that no out-of-order segment is delivered to the process.

TCP/IP Protocol Suite 42

Figure 9 Normal operation for ACK

TCP/IP Protocol Suite 43

Figure 10 Lost segment

TCP/IP Protocol Suite 44

Figure 11 Fast retransmission

TCP/IP Protocol Suite 45

Figure 12 Lost acknowledgment

TCP/IP Protocol Suite 46

Figure 13 Lost acknowledgment corrected by resending a segment

TCP/IP Protocol Suite 47

CONGESTION CONTROL
Congestion control refers to the mechanisms and techniques to keep the
load below the capacity.

Why does TCP work well for Internet?

A protocol must be fair for every user and must be stable for the whole
system.
TCP provides fairness (e.g., max-min, proportional fairness).
However, TCP is not efficient, cannot provide QoS features.

Performance Measurements: delay and throughput

Delay includes the propagation time and processing time.
Throughput is defined as the number of bytes passing through the
networks in a unit time.

TCP/IP Protocol Suite 48

Figure 14 Router queues

The routers/switches have queues-buffers that hold packets before and

after processing.
If the rate of the packet arrival is higher than the packet processing rate,
the input queues may overflow.
If the packet depart rate is less than the packet processing rate, the
output queue may be overflowed.
Some packets in the overflowed queues are dropped, indicating congestion
in the Internet.

TCP/IP Protocol Suite 49

Figure 15. Packet delay and throughput vs. network load

TCP/IP Protocol Suite 50

 Figure 16 Slow start, exponential increase

Window size=
min (rwnd, cwnd)

TCP has a slow start phase. In this phase, the size of the congestion window
increases exponentially until it reaches a threshold.

Start  cwnd=20 MSS: maximum segment size.

After 1 RTT  cwnd=21
After 2 RTTs  cwnd =22
….
TCP/IP Protocol Suite 51
 Figure 17 Congestion avoidance, additive increase

After the cwnd reaches the threshold, the size of the congestion
window increases additively until the congestion is detected

Start  cwnd=1
After 1 RTT  cwnd=2
After 2 RTTs  cwnd =3
….
TCP/IP Protocol Suite 52
 Congestion detection

In today’s Internet, only way the sender can guess that congestion has occurred
is the need to retransmit a segment. There are two cases:
(1) The retransmission timer expires
(2) Three duplicated ACK segments have arrived

When the congestion is detected by timer expiration, most TCP implementations

reacts:
(1) It sets the maximal value of the threshold to the half of the current window
size.
(2) It sets the cwnd to be 1
(3) It starts a slow start phase again

If the congestion is detected by three ACKs, most TCP implementations reacts:

(1) It sets the maximal value of the threshold to the half of the current window
size.
(2) It sets cwnd to the value of the threshold
(3) It starts the congestion avoidance phase

TCP/IP Protocol Suite 53

Figure 18 TCP congestion policy summary

TCP/IP Protocol Suite 54

Figure 19 Congestion example

congestion detected

reduced to half

cwnd=1
cwnd=threshold=6
RTT: round trip time

TCP/IP Protocol Suite 55

 Summary
1. UDP and TCP
Both are transport layer protocol, use port numbers to identify processes
UPD is connectionless and unreliable protocol, has no error, flow and
congestion control
TCP is connection oriented and reliable protocol, has error, flow and
congestion control
2. Socket address = IP address + port number
3. UDP and TCP header information
4. TCP connection establishment, sequence number, acknowledgment,
window size
5. TCP termination
6. TCP flow, error and congestion control

TCP/IP Protocol Suite 56

 Excises:
1. The following is a dump of a UDP header in hexadecimal format
06 32 00 0D 00 1C E2 17
(a) What are the source and destination ports?
(b) What is the total length of the user datagram?
(c) What is the length of the data?
2. In a TCP connection, the initial sequence number at a client site is 2171.
The client opens the connection, sends only one segment carrying 1000
bytes of data, and closes the connection. What is the value of the
sequence number in each of the following segments sent by the client?
(a) The SYN segment.
(b) The data segment
(c) The FIN segment

TCP/IP Protocol Suite 57

 Excises-cont.-I
3. In a connection, the value of cwnd is 3000 and the value of rwnd is 5000.
The host has sent 2000 bytes, in which 1000 bytes have been
acknowledged. What is the window size? How many more bytes can be
sent?
4. A client sends 16 bytes to a server. Calculate the efficiency (ratio of useful
bytes to the total byes) of this transmission at the transport level if the
client uses:
(a) UDP (b) TCP.
5. TCP opens a connection using initial sequence number (ISN) of 14,534.
The other party opens the connection with an ISN 21732. Show the three
TCP segments during the connection establishment.

TCP/IP Protocol Suite 58

 Excises-cont.-II
6. A window holds bytes 2001 to 5000. The next byte to be sent is 3001. Draw
a figure to show the situation of the window after the following events.
(a) An ACK segment with the acknowledgement number 2500 and
window size advertisement 4000 is received.
(b) A segment carrying 1000 bytes is sent.

TCP/IP Protocol Suite 59

 Solutions of the
Excises:
1. (a) Source port is 0632=1586, destination port is 000D=13
(b) The total length of the user datagram is 001C=28 bytes
(c) The length of the data is 28-8=20 byte

2. (a) 2171 (b) 2172 (c) 3172

3. The window size=3000.
The bytes can be sent: 3000-(2000-1000)=2000.

4. (a) The total packet length = 16+8=24 bytes, efficiency=16/24=66.7%.

(b) The total packet length =16+20=36 bytes, efficiency=16/36=44.4%.

TCP/IP Protocol Suite 60

Solutions of the Excises-cont. I

5.

TCP/IP Protocol Suite 61

 Solutions of the Excises-cont. II

6.

TCP/IP Protocol Suite 62