1、Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/20221Transport Layer ProtocolTCP: a connection-oriented, reliable transport protocol Responsibilities To create a process-to-process commu

2、nication使用兩個端點地址（IP端口號）通信To provide a flow-control and error-control mechanism at the transport layerError control: ARQ Window based controlAcknowledgement packetTime-outRetransmission Flow control: sliding window protocol Window based controlTo provide a congestion controlTo provide a connection me

3、chanism for the processes7/15/20222理解TCP的責任提供process-to-process communication在IP層上建立起：可靠的，順序的（reliable, sequential）分組傳輸服務 面向連接的通信Error-control 源端到目的端的流量控制（flow-control ）To prevent a fast source of packets from overwhelming a slow sinkAdaptive bandwidth sharing in the network congestion control7/15/2

4、0223Introduction高層應用的需求：reliability傳輸大量的數據，要求可靠的通信服務自身的可靠性機制弱底層網絡和IP網絡是不可靠、無連接投遞TCPProcess-to-process comm.: same with UDPTo add connection-oriented and reliability features to the services of IP7/15/20224OverviewTransmission Control Protocol，TCPRFC 793，傳輸控制協議IPLANsMANsWANsICMPIGMPARPRARPNetworkLaye

5、rNetworkAccess LayerApplication LayerTCPUDPTransportLayer7/15/20225Process-to-process Communication端口、端點概念與方式與UDP完全一樣連接：TCP上通信雙方抽象的虛電路連接202.115.12.680Port: 80Endpoint: (202.115.12.6, 80)202.115.12.3416250Connection: (202.115.12.6, 80) and (202.115.12.34, 16250)7/15/20226Chapter 10 TCPOverviewTCP ser

6、vicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/20227TCP ServicesStream delivery service（流交付服務）Full-duplex service（全雙工服務）Connection-oriented serviceReliable service7/15/20228理解：Stream Delivery與UDP交付區別：進程把預先定義好邊界的一組報

7、文（用戶數據報）發送給UDPUDP對這些報文中的每一個添加首部，傳遞給IP傳輸UDP和IP都不認為這些數據報之間有任何關系獨立處理每一個數據報7/15/20229TCP Services：Stream Delivery ServiceStream delivery service requires: Sending process can deliver data as a stream of bytesReceiving process can obtain data as a stream of bytesstream of bytes 進程間使用自己認為適宜的任何大小的數據片進行發送或接

8、收（最小1字節）TCP發送進程接收進程TCPStream of byteTCP creates a environment in which the two processes seem to be connected by an “tube” that carriers their data across the Internet 7/15/202210Sending and receiving buffersTCP為什么需要buffer？原因：TCP要為進程構建”tube”“可靠傳輸”差錯控制流量控制發送進程與接收進程產生和消耗數據的速率不一致7/15/202211TCP segments

9、TCP是如何發送“字節流”的？按報文段（segment）傳輸Why？報文段：若干字節構成IP是按分組（Package）處理的（而非字節流），1個segment就封裝在1個Package上述過程對于接收進程是透明的字節流按照報文段傳輸的后果：接收方TCP收到報文段可能失序、損傷、重復，或者丟失！7/15/202212TCP ServicesStream delivery service（流交付服務）Full-duplex service（全雙工服務）Connection-oriented serviceReliable service7/15/202213TCP Services：Full-Du

10、plex Service全雙工：數據可以在同一時間雙向流動每一個TCP都有發送緩存和接收緩存DataACKPiggybacking捎帶Data can flow in both direction at the same time7/15/202214TCP ServicesStream delivery service（流交付服務）Full-duplex service（全雙工服務）Connection-oriented serviceReliable service7/15/202215TCP Services：Connection-Oriented Service建立的是虛連接（virt

11、ual connection），而非物理連接（physical connection）封裝成IP分組的TCP報文段可能走不同的路徑到達目的地接收到的TCP報文段可能：亂序、丟失、損壞、重復而TCP需要向上層按順序交付數據IP網絡7/15/202216TCP ServicesStream delivery service（流交付服務）Full-duplex service（全雙工服務）Connection-oriented serviceReliable service7/15/202217TCP Services：Reliable ServiceReliabilitySequential, w

12、ithout error, and without any part lost or duplicated 如何實現可靠傳輸？ARQ（Automatic Repeat reQuest）基本思路：接收方：must continuously return acknowledgments (ACK) for successfully received data發送方：每一個發送的數據都需要接收方的確認（ACK）發送每一個數據都需要緩存，并啟動定時器，超時重傳7/15/202218Chapter 10 TCPOverviewTCP servicesWindow based control Protoc

13、olFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/202219Window based control Protocol基本協議技術序號（Sequence number）確認（Acknowledgment）超時重傳機制窗口滑動（sliding）擴展（expanding）縮回（shrinking）關閉（closing）7/15/202220TCPNumbering Bytes（給字節編號）To number all data bytes tran

14、smitted in a connection 字節號, 而不是給每個報文段分配編號某個TCP連接上的某個報文段的序號（sequence number） 報文段中第一個數據字節的字節號Numbering is independent in each directionThe numbering starts randomly, NOT from 0選取范圍：0 232-1TCPSendingSending bufferReceiving bufferReceivingDate streamSegmentData7/15/202221練習Imagine a TCP connection is t

15、ransferring a file of 6000 bytes. The first byte is numbered 10010. What are the sequence numbers for each segment if data is sent in five segments with the first four segments carrying 1,000 bytes and the last segment carrying 2,000 bytes?The following shows the sequence number for each segment:Seg

16、ment 1 10,010 (10,010 to 11,009)Segment 2 11,010 (11,010 to 12,009)Segment 3 12,010 (12,010 to 13,009)Segment 4 13,010 (13,010 to 14,009)Segment 5 14,010 (14,010 to 16,009)Sender1301014010100101101012010Seg1Seg2Seg3Seg4Seg57/15/202222報文段的序號報文段的序號 報文段中第一個數據字節的字節號，那么如果報文段不攜帶數據，那么這個報文段是否需要編號？如何編號？原則：需要

17、確認的報文，需要序號7/15/202223Window based control Protocol基本協議技術序號（Sequence number）確認（Acknowledgment）超時重傳機制窗口滑動（sliding）擴展（expanding）縮回（shrinking）關閉（closing）7/15/202224Acknowledgment （確認，ACK）Acknowledgment number（確認號）：對已經收到的字節表示確認Positive ACK（肯定確認）The number of the next data byte a party expects to receiveC

18、umulative ACK（累計確認）例如 TCP報文段中的確認號是：1234，意味著：已經收到了字節號1234的以前的所有字節希望收到了下一個TCP報文段的序號12347/15/202225Discussion例1: a segment with Seq# =X, Data Len=LThen the Seq# of the next segment:例2: a segment with Ack# =XThis means all bytes from the beginning up to X-1 has been receivedFeatures報文的順序關系數據流的位置，更便于流的復原

19、需較大的序號空間（32bit，2324Gbyte）序號不連續，n1n2= RTT（ Round Trip Time，報文往返時間）一種簡單解決方案：the destination TCP （接收方TCP）檢測出重復報文段Sequence numberSimply discard the packet678Receiver124524924Seg(524)假設，TCP報文段定長為400ByteACK(1324)7/15/202256Out-of-Order Segment（失序報文段）CauseTCP uses the services of IP, an unreliable, connect

20、ionless network layer service解決方案：the destination TCP （接收方TCP）檢測出失序的報文段: sequence numberCorrectingTCP does NOT acknowledge an out-of-order segment until it receives all of the segments that precede itIf the acknowledgment is delay, the timer of the out-of-order segment may mature at the source TCP a

21、nd the segment may be resent duplicate segment678Receiver910111213141516678Seg(10)ACK(9)Seg(11)Seg(9)ACK(12)7/15/202257Fast retransmission7/15/202258Lost AcknowledgmentSegment 1Seq: 1201, 200bytesAck: 1601SenderReceiverSegment 2Seq: 1401, 200bytesSegment 3Seq: 1601, 200bytesAck: 1801TimeTimeAcknowle

22、dgmentlostOKOKOK7/15/202259Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/202260Congestion Control（擁塞控制）Congestion：網絡中，路由器接收過多的分組，超過其處理能力時，發生擁塞 分組被丟棄Some packets could be dropped by the

23、 router no ack is sent from the destination TCP發送端會重傳超時定時器會超時 the sender retransmits the lost packetTo create more congestion and more dropping more retransmission and more congestionFinally, the whole system collapses結論：擁塞引起的重傳，會使情況更糟7/15/202261Capacity（網絡容量）：網絡能處理的分組數Throughput（吞吐率）：單位時間內通過網絡的分組數P

24、acket delay, Throughput VS. network load7/15/202262Router queues7/15/202263Congestion Control端點（主機）上的TCP是無法準確知道網絡因何原因或者在何處發生擁塞TCP本身沒有提供擁塞控制擁塞對于端點而言，表現為：TCP傳輸延遲增加，導致超時重傳TCP應該在網絡出現擁塞時，必須減慢發送速率（或停止傳輸） 擁塞控制問題： TCP如何發現網絡的擁塞呢？In flow control，發送窗口由接收方直接控制Sender window = Receiver window網絡中擁塞，發送窗口還要取決于網絡的擁塞情

25、況TCP assumes（關鍵假設）The cause of a lost segment is due to congestion in the network7/15/202264Congestion Window（擁塞窗口）Sender window = Min rwnd, cwndrwnd: receivers advertised window （接收方宣告窗口） a receiver-side limit流量控制cwnd: congestion window（擁塞窗口） a sender-side limit（反映了網絡的擁塞狀況）擁塞控制7/15/202265TCP中的幾個窗口接

26、收方宣告窗口（ rwnd ）：接收方通過反饋告訴發送方的允許傳輸的數據量（單位：可以是字節，也可以是報文段）擁塞窗口（ cwnd ）：發送方為了進行擁塞控制而限制自己傳輸的數據量實際發送窗口的大小Min rwnd, cwnd哪個窗口值小，那種控制就起作用擁塞窗口如何確定擁塞策略7/15/202266Congestion Control AlgorithmsSlow start（慢啟動） congestion avoidance（擁塞避免）以及擁塞檢測慢啟動：指數增大擁塞避免：加法增大擁塞檢測：乘法減小Fast retransmit/Fast recovery（快速重傳和快速恢復）To dete

27、ct and repair loss based on incoming duplicate ACKsTCP assumes3 or more duplicate ACKs a segment has been lost參考文獻Van Jacobson，Congestion Avoidance and Control，SIGCOMM88RFC2001，TCP Slow Start, Congestion Avoidance, Fast Retransmit, and Fast Recovery AlgorithmsRFC 2581，TCP Congestion ControlWilliam S

28、tallings，高速網絡與互聯網絡性能與服務質量（第二版），第12章TCP通信量控制，電子工業出版社，20037/15/202267Slow start（慢啟動）建立一條新的TCP連接以后，執行慢啟動：初始狀態cwnd1（1個最大報文段MSS）發送方只允許發送1個TCP報文段（因為發送窗口1）等待ACK每收到1個ACK，發送窗口向右滑動1個報文段的長度cwnd1 發送方連續發送2個報文段直到發送窗口大小（Ws）ssthresh（慢啟動閾值）慢啟動過程實際上是發送TCP在TCP連接建立初期試探網絡的擁塞狀況，以避免因一次發送過多的報文段而引起網絡的擁塞012345678sender091011

29、12131415161245678ACK13ACK2ACK3注：慢啟動實際并不慢，每過1個RTT，cwnd就翻倍，呈2的指數增長7/15/202268Congestion avoidance（擁塞避免）在慢啟動階段，擁塞窗口以指數形式增長，要避免發生擁塞，當擁塞窗口達到某個值后，必須減慢擁塞窗口的增長規律當發送窗口大小ssthresh時，發送方進入擁塞避免階段在這個階段中，只有當窗口中所有報文都確認后，擁塞窗口1實質上：每收到1個ACK，cwndcwnd1/ cwnd當RTT較大時，可以認為是每隔一個RTT，擁塞窗口cwnd1 加性增加（Addictive Increase）擁塞避免直到出現重

30、傳超時定時器超時，即發生擁塞7/15/202269擁塞檢測推測擁塞：超時重傳ssthresh（慢啟動閾值）設置為當前cwnd（擁塞窗口）的一半即ssthresh cwnd / 2cwnd（擁塞窗口）= 1重新執行慢啟動012345678sender091011121314151612456783ssthreshcwnd68317/15/202270快速重傳和快速恢復如果不是超時，而是連續收到3個ACK，處理方式是：ssthresh（慢啟動閾值）設置為當前cwnd（擁塞窗口）的一半cwnd當前閾值開始擁塞避免階段為什么這樣做？連續收到3個ACK，說明1個報文段可能丟失了，但后面的幾個報文段又安全

31、到達7/15/202271TCP擁塞策略小結7/15/202272擁塞舉例Number of transmitted segmentsCongestion window size( in segments)SlowstartCongestion avoidance7/15/202273Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package

32、7/15/202274TCP TimerRetransmission timer（重傳超時定時器）The waiting time for an ack of a segmentTo control a lost or discarded segmentPersistence timer（持久）To deal with the zero window-size advertisementThe waiting time for an ack with a non-zero window sizeKeepalive timer（保活）To prevent a long idle connecti

33、on between two TCPThe waiting time for some data from a clientTime-waited timerTo be used during connection termination7/15/202275Retransmission Timer功能：處理重傳超時發送方可以重傳報文段某些報文段在傳輸過程中可能丟失或者被丟棄（ lost or discarded ）The waiting time for an ack of a segmentUsage（如何使用重傳超時定時器）When TCP sends a segment, it cre

34、ates a retransmission timer for that segmentIf an ack is received for that segment before time-out, the timer is destroyedOtherwise the segment is retransmitted and the timer is reset關鍵問題： 重傳超時（RTO）時間如何確定？7/15/202276重傳超時時間RTT (Round-Trip Time)：報文段傳輸的往返時延從發送一個報文到收到這個報文的時間重傳超時時間取值一般是基于RTT的例如（一種簡單算法）：R

35、etransmission timer = 2 x RTTInternet的上的RTT不同TCP連接具有各自不同的路徑長度，時延差異大同一個TCP連接，發送方從發送報文段到收到確認的時間隨網絡的擁塞狀況而改變分組經過路由器，路由器產生的時延取決于通信量結論：分組的傳輸時延無法預先確定重傳超時時間無法實現預測，是動態變化的7/15/202277Internet上的100個Packet的往返傳輸時間圖7/15/202278RTT的測量In TCP, there can be only be one RTT measurement in progress at any timeTCP報文段和它的確認

36、并非11對應某個TCP報文段的RTT是該報文段到達終點并被確認所需的時間，雖然這個確認可能包含對其它報文段的確認平滑RTTSInternet中測量的RTTM起伏大初始：沒有數值第一次測量后：RTTS= RTTM其它任何測量后： RTTS = ( 1- ) x RTTS + x RTTM, = 1/87/15/202279RTT偏差（RTTD）初始：沒有數值第一次測量后： RTTD = RTTM / 2其它任何測量后：RTTD = ( 1-) x RTTD +|RTTS-RTTM|一般取值為1/47/15/202280重傳超時RTO初值：初始值其它任何測量后：RTO = RTTS + 4RTTD

37、7/15/202281Karns algorithm解決的問題：發送方無法準確判斷在啟動重傳后收到ACK所確認的報文段（原始？重傳？）不對重傳的報文段更新RTT但需要采用時延補償技術（針對重傳）指數退避Internetworking with TCP/IP Volume 1: Principles, Protocols, and Architectures, Chapter 13 7/15/202282指數退避原則：每產生一次重傳，RTO數值就加倍7/15/202283Persistence Timer（堅持定時器）功能： To deal with the loss of non-zero w

38、indow size advertisement 當發送方窗口關閉后，直到收方發送一個確認來宣告非零窗口值如果該確認丟失，雙方將陷入死鎖UsageWhen the sending TCP receives an ack with a window size of zero, it starts a persistence timerIf an ack with a non-zero window size is not received from the receiver before time-out, then send a probe segment （發送探測報文段）探測報文段有序號，

39、但不需要確認The value of the timer is set to the value of the retransmission timerThe sender continues sending the probe segment and doubling and resetting the value of the timer until the value reaches a threshold (usually 60 s)TCP中，不對ACK確認7/15/202284Keepalive Timer功能：To prevent a long idle connection be

40、tween two TCPUsageEach time the server hears from a client, it resets this timerThe time-out is usually 2 hoursIf the server does not hear from the client after 2 hours, it sends a probe segmentIf there is no response after 10 probe, each of which is 75 s apart, then the server assumes that the clie

41、nt is down and terminates the connection7/15/202285Time-waited TimerUsageWhen TCP closes a connection, it does not consider the connection really closed. The connection is held in limbo （過渡期） for a time-waited periodThe value for this timer is usually 2 times the expected lifetime of a segment ( Max

42、imum Segment Lifetime, MSL)2 minutes: an engineering choice7/15/202286Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/202287Segment（0 40 bytes）控制字段Segment標識應用進程差錯控制以字節為單位流控同UDPInitial se

43、quence number7/15/202288初始序號（ISN）在建立連接時，通信雙方的TCP各自隨機產生初始序號例：假設站點A的TCP向站點B發起建立連接，其ISN2367，意味著：A的第1個TCP報文段的序號為2367第1個TCP報文段用于建立連接，數據長度0A的第2個TCP報文段的序號為2368第2個TCP報文段用于建立連接，數據長度0A的第3個TCP報文段的序號為2369，第3個TCP報文段攜帶數據，長度0問題：假設第3個TCP報文段數據長度1000，那么A的第4個TCP報文段的序號是多少？236910003369TCP中，建立連接階段的控制報文段有序號，但數據部分為07/15/20

44、2289Control Field控制域（6bit）用于：Flow controlConnection establishment and terminationThe mode of data transfer in TCPURGACKPSHRSTSYNFINURG: Urgent pointer is validRST: Reset the connectionACK: Acknowledgment is validSYN: Synchronize sequence numbersPSH: Request for pushFIN: Terminate the connection7/15/

45、202290校驗和7/15/202291緊急指針與緊急（帶外）數據緊急數據：不需要接收進程按序讀取緊急指針：只有當控制域中的URG置位時，才有效指向帶外數據的最后一個字節帶外數據（out-of-band data，urgent data）發送端TCP立即創建報文段帶外數據位于數據域的首部接收端TCP：不在數據流中排隊，直接遞交上層提供快速傳遞數據的功能URGTCP HeaderTCP Data帶外(緊急)數據7/15/202292Option（自學）選項Option單字節Single-byte多字節Multiple-byte無操作No operation最大報文段長度Max segment s

46、ize選項結束End of option窗口比例因子Window scale factor時間戳TimestampRFC 13237/15/202293Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/202294ConnectionConnection連接由1對端點標識: (IP1，port1), (IP2，port2)連

47、接數量受機器內存容量限制一個機器上某個TCP端口號可被多個連接共享面向連接的傳輸包括以下幾個操作：連接建立連接拆除連接復位TCPApp 1App 3TCPApp 2App 3ServerClient 2TCPApp 1Client 1App 27/15/202295連接建立（Connection Establishment）Active open（主動打開）發起建立連接，ClientPassive open（被動打開）接受連接，Server被動打開方一般先于主動打開方啟動，但不發起連接建立過程，而是在某個端口上等待主動方的連接請求TCP連接的任意一方都可以主動打開連接7/15/2022963-

48、way HandshakingSegment 1: SYNseq : 1200, ack : -, wnd: -ClientServerSegment 2: SYN+ACKseq : 4800, ack : 1201, wnd: 1024Segment 3: ACKseq : 1201, ack : 4801, wnd: 4096Waits for apassive openRequests forAn active open包含初始序號(同步序號)，不包括確認號，也沒定義宣告窗口對第一次握手進行確認，同時定義宣告窗口確認第二次握手，定義宣告窗口；可以在第三個報文段中發送數據Data can

49、be sent with the 3rd packetProcedure startswith server7/15/2022973-way HandshakingSYN報文段不攜帶任何數據，但消耗一個序號SYNACK報文段不攜帶任何數據，但消耗一個序號ACK報文段如果不攜帶任何數據，就不消耗序號7/15/202298連接拆除（Connection Termination）通信是雙向的，但連接終止是單向進行的連接拆除的發起方只能關閉自己的發送方向，而TCP的另一端可以繼續發送數據半關閉不能發送數據，可接收數據，可發送確認接收方向由對方拆除TCPATCPB發送方向接收方向發送方向接收方向7/15

50、/2022994-way HandshakingSegment 1: FINSeq: 2500, ack: -Segment 2: ACKSeq: 7000, ack: 2501Segment 4: ACKSeq: 2501, ack: 7001Procedure startswith clientSegment 3: FINSeq: 7000, ack: 2501Clients wishto close theconnectionServers ack.to clientsrequestClients ack.to serversrequestServers wishto close the

51、connectionClientServer7/15/2022100連接復位（Connection Resetting）Resetting：異常情況引起的斷開連接表示連接已破壞快速關閉連接，無確認一方發出RST1的報文，并立即中止連接（雙向）收到RST1報文的一方，也立即中止連接（雙向）CasesThe TCP on one side may annul （取消） the connection requested to a nonexistent portOne TCP may want to abort （異常終止）the connection due to an abnormal situ

52、ationThe TCP on one side may destroy the connection because the other side is idle for a long time7/15/2022101Close/FINFIN/ACKActive open/SYNState Transition DiagramFIN WAIT-2CLOSINGTIME-WAITLAST ACKFIN/ACKACK/-FIN/ACKACK/-Close/FINFIN+ACK/ACKSYN/SYN+ACK(simultaneous open)RST/-Send/SYNClose/FINClose/FINACK/-SYN/SYN+ACKFIN/ACKSYN+ACK/ACKRST/-Close/-Active open/SYN(Time-out)ACK/-Time-out/RSTClos