Network Protocols: Design and Analysis-TCP Revisited

Network Protocols:

Design and Analysis

Polly Huang EE NTU

http://cc.ee.ntu.edu.tw/~phuang [email protected]

Agenda

• connection setup and teardown

• flow control

• congestion control theory

• congestion control practice (in TCP)

• loss recovery

• security

Agenda

• security

– TCP hijacking

– DDoS mitigation

• performance

– delayed ACKs

– T/TCP

Connection Hijacking

• Problem: connection hijacking

– some systems authenticate based on TCP

connections and source IP addresses

=> if you can steal a running TCP connection,

you’re in

TCP Distributed Denial of Service

• Problem: lots of people have too much time on the

ir hands

– and lots of people don’t have secure computers

 bad people take over computers (zombies) and have th em all ask you at once

• mitigation: SYN cookies

• rather than make a new TCB for a new (probably bogu s) connection, encode the info in the ISN on the SYN-A CK

• when you get the ACK, recreate the missing state

• but, sadly, there are other forms of DDoS…

Agenda

• security

– TCP hijacking

– DDoS mitigation

• performance

– delayed ACKs

– T/TCP

Delayed ACKS

• Problem: it’s a lot of work to ACK every TCP segment

– especially if it’s just a few bytes – and the ACKs are tiny

• Approach: delay sending ACKs

– send if you get two full segments – or after at most 500ms

• Side-effect:

– slow-start grows per ACK, not per ACKed segment, so it’s 1, 2, 3, 3, 5…, not 1, 2, 4, 8…

T/TCP

• Problem: TCP 3WH is expensive for very short connections

– (like RPC or web requests)

• Approach: Transaction TCP

– send SYN+ACK+data in first packet – reply with SYN+ACK+FIN+data – then ACK+FIN

• Limitations

– have to cache of ISN info, and may have to fall back to 3WH sometimes

Problem: High BW Connections

• How many packets to keep in flight?

– must be > bw*delay product

– 10Mb/s * 100ms rtt = 1Mb ~ 100kB – 1Gb/s * 100ms rtt = 100Mb ~ 10MB!

• Sequence number wraparound time vs. Link speed:

• 1.5Mbps: 6.4 hours • 10Mbps: 57 minutes • 45Mbps: 13 minutes • 100Mbps: 6 minutes

TCP Extensions for

“Long, Fat Pipes”

• timestamp option + PAWS (Protection Against W

rapped Sequences)

– endpoints swap timestamps on each pkt – allows better RTT estimation

– provides effectively larger sequence space (reject packe ts with old timestamps)

• window scaling

– multiplicative factor on wnd – to keep the pipe full

Fast TCP

• How fast can TCP go? Need new protocol?

– shown at >1Gb/s

• but requires some care

– must have enough buffers. why? handle receiving data out of order and b

w-delay product implies large amount of data in flight

– must not have too much loss. why? some versions of TCP can only recov

er from one loss in each RTT of data (even with SACK you’re limited to a few losses/rtt)

– must not be dominated by connection set-up costs. why? with small amou

nts of data (<10kB), 3wh and slow-start will dominate – see PSC web site (mentoned on mailing list) for details