TCP Operation

If you are reading this the odds are that you are already familiar with TCP infamous "Three way handshake or SYN/ACK sequence. Unfortunately that is where TCP education ends for many networkers. Despite its age TCP is a relatively complex protocol and well worth knowing intimately. This article aims to help you become more comfortable in examining TCP sequence in great details.

TCP is a protocol we use when we want reliability or connection oriented transport, We have two options at transport layer; The option of reliability in which we use TCP and unreliability in which we use UDP for, when i say we use, i am really refering to what the application author is really using. TCP is the one that is often chosen; it is part of the name "TCP/IP" protocol suite mainly because applications often want reliable connection.

SYN = Synchronize

FIN = Finish

ACK = Acknowledgment

The very first thing I would like to do is to go over the different name and purpose of the TCP Headers: TCP has the following headers

Source, Dest Port - Often there is going to be a random source port and well known destination port.

Sequence Number -The sequence number indicates that particular segment of TCP that we are sending.

Ack Number - For connection oriented transport we want reliability, so we acknowledge the

segments that are received, we use the ACK number field in order to pull that off.

Data Offset - This specifies the size of the TCP header.

Reserved - Reserved bit for future use, This should be set to Zero.

Flag - These are a very important field of the TCP header, Currently there are nine flags (please, Click Here for TCP flags) each is one bit in size, help with the explicit congestion notification, and allows us to set the SYN flag to start and FIN flag to finish.

Window Size - This gives us the size of the received window; It specifies the number of the window size units. By default, we use bytes that the sender of the segment is currently willing to recieve, Notice there is a window size that the receiving device is willing to process.

Checksum - This is used for error checking.

Urgent Pointer - If this particular flag is set, Then the 16bit field we use is an offset from our Sequence number - indicating the last urgent data byte.

Option - A good example for option is MSS (maximum segment size).

Padding - This is used to ensure that TCP header ends and data begins on a 32 bit boundary.

If you going to have a protocol that is connection oriented, you need a way to set up that connection. That is where the SYN flag is going to be utilized specifically, SYN will be utilized for the famous three way handshake, You might wonder why the three way handshake is famous on TCP operations. Unfortunately it is because of the tremendous number of exploits that have been developed in order to take advantage of it, For example, one of the famous exploits is a “SYN Denial of Service Attack”, or SYN flood. A device literally runs software that just attacks a receiving machine with these SYN requests and never completes the third step. The process takes place by a sending device initiating a connection by requesting a SYN to the receiving device and when the receiving device responds with ACK for that particular segment, the sending device again will send another SYN request and never complete the third step and continue this process indefinitely.

CONNECTION TERMINATION

The connection termination in TCP operations takes place with a Four Way Handshake because it has to be an independent termination between the receiving and the sending devices. The process starts with the device that needs to terminate the connection sending a FIN request. Then the receiving device will send ACK for the requested FIN. Finally, the receiving device will send FIN request then the sending device will send ACk for that particular FIN so it ends up being a four ways handshake.

Host A FIN -=>

<=-ACK Host B

<=-FIN Host B

Host A ACK -=>

WINDOWING

How much data a particular TCP device can receive is going to be dictated by what received window information is sent. An interesting problem that can result on a network is called GLOBAL SYNCHRONIZATION. The best way to describe the global synchronization is to imagine a bar graph with the absolute maximum the devices can send represented by a horizontal line. When data is being sent everything is working. When it reaches the peak due to the congestion, All traffic will back off and after some time it will resume. This process will go on and on consequently, the more bandwidth will be wasted as a result of the maximum size, To prevent the global synchronization there is a QOS solution called WRED (Waited Random Early Detection), what this does is it randomly throw unimportant packet away when close to congestion point.

LATENCY

Here things are connection oriented, so we always tend to have one machine waiting on another machine so that communication can take place one of the challenge is there are plenty of things that can delay the segments as the network is functioning.

Processing Delay, Routers and other devices takes some amount of time literally dealing with deciphering the segments,

Propagation Delay, We can only send TCP segment from point A to point B at a certain speed. There is some delay that is going to take place as that signal travels from point A to point B.

Queuing Delay – A particular segment is being placed in to the que of the router, all of these adds up to latency.

Some of the above delays are fixed and variable delays the ones we as a network engineers tend to care about is the variable delays like the queuing.

BANDWIDTH DELAY PRODUCT

How Much Data can be on a particular segment at any given time, Bandwidth Delay Product will show us how much stuff is out there on the pipe that has not yet being acknowledged. To get the Bandwidth delay product take the link capacity typically in Bps multiply that by the end to end delay in Seconds.

BWDP = Bps * E to E delay in Seconds

If we end up on a network that has a large Bandwidth delay product it is commonly called LFN Long Fat Network ( a network that has High bandwidth capabilities but also High delay capabilities great example will be a satellite connection High bandwidth but also high end to end delivery time).

MSS (Maximum Segment Size) / PMTUD

The largest amount of data specified in bytes that a TCP device willing to receive in a TCP segments. Obviously the goal here is to set it small enough so we can avoid IP-Fragmentation, as fragmentation will present all kind of problem for us as a network engineers.

Fragmentation is bad for two reasons:

- Overhead &

- Because there is a lot of network attack that uses IP-fragmentation as a way in to your network.

So what will happen in MSS is that we will have a devices that are connected in particular network medium with a technique that sets the maximum segment size using what is known as MTU (Maximum Transmission unit), with the right MTU value the device won't exceeds the allowed size, these devices will each announce their maximum segment size in their connection orientation.

**MTU is one great way to avoid fragmentation

PMTUD

Path MTU Discovery is a standard technique for determining MTU. This is how it works, in IPV4 network let’s say we have one end point in phoenix AZ and another end point device way over in Washington DC and we have all the different routers in between, the idea here is we want reduce IP fragmentation in the entire path end to end, notice MSS will have a challenge with that because it is being set to the local link. But with PMTUD the end point in Phoenix AZ sends a particular segment with the DF (don’t Fragment) bit set, that if any router in between needs to fragment it (of course it can) it will return an ICMP packet back specifically ICMP Type 3 Code 4 which says fragmentation is needed, so the device in phoenix will have to set MTU small enough to go ahead and get by that particular device.

The big problem here is a lot of devices in between the end points are controlled by the service providers. Due to the security reasons they will kill ICMP messages, in fact a lot if service providers might be stopping packets incoming that are marked as at IP layer with DF (don’t fragment).

PMTUD is sometimes a problem itself to get it working, That is where we apply the MSS Clamping procedure where we are going to control the size of stuff that is sent utilizes that TCP option of MSS, Often referred to as MSS clamping is the solution utilizing in that environment.

In IPV6 there is no DF packet we sent, PMTUD works in IPV6 by initially assuming the PMTU is the same as the local MTU through which it is sending traffic, then similar to how IPV4 works any device along the way whose MTU is smaller than the packet will drop the packet and send back an ICMP v6 packet 2 Big message containing the MTU.