TCPIP协议原理教学课件：Chapter 10 Transmission ControlProtocol (TCP)

1、Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/20221Transport Layer ProtocolTCP: a connection-oriented, reliable transport protocol Responsibilities To create a process-to-process commu

2、nication使用两个端点地址（IP端口号）通信To provide a flow-control and error-control mechanism at the transport layerError control: ARQ Window based controlAcknowledgement packetTime-outRetransmission Flow control: sliding window protocol Window based controlTo provide a congestion controlTo provide a connection me

3、chanism for the processes7/15/20222理解TCP的责任提供process-to-process communication在IP层上建立起：可靠的，顺序的（reliable, sequential）分组传输服务 面向连接的通信Error-control 源端到目的端的流量控制（flow-control ）To prevent a fast source of packets from overwhelming a slow sinkAdaptive bandwidth sharing in the network congestion control7/15/2

4、0223Introduction高层应用的需求：reliability传输大量的数据，要求可靠的通信服务自身的可靠性机制弱底层网络和IP网络是不可靠、无连接投递TCPProcess-to-process comm.: same with UDPTo add connection-oriented and reliability features to the services of IP7/15/20224OverviewTransmission Control Protocol，TCPRFC 793，传输控制协议IPLANsMANsWANsICMPIGMPARPRARPNetworkLaye

5、rNetworkAccess LayerApplication LayerTCPUDPTransportLayer7/15/20225Process-to-process Communication端口、端点概念与方式与UDP完全一样连接：TCP上通信双方抽象的虚电路连接202.115.12.680Port: 80Endpoint: (202.115.12.6, 80)202.115.12.3416250Connection: (202.115.12.6, 80) and (202.115.12.34, 16250)7/15/20226Chapter 10 TCPOverviewTCP ser

6、vicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/20227TCP ServicesStream delivery service（流交付服务）Full-duplex service（全双工服务）Connection-oriented serviceReliable service7/15/20228理解：Stream Delivery与UDP交付区别：进程把预先定义好边界的一组报

7、文（用户数据报）发送给UDPUDP对这些报文中的每一个添加首部，传递给IP传输UDP和IP都不认为这些数据报之间有任何关系独立处理每一个数据报7/15/20229TCP Services：Stream Delivery ServiceStream delivery service requires: Sending process can deliver data as a stream of bytesReceiving process can obtain data as a stream of bytesstream of bytes 进程间使用自己认为适宜的任何大小的数据片进行发送或接

8、收（最小1字节）TCP发送进程接收进程TCPStream of byteTCP creates a environment in which the two processes seem to be connected by an “tube” that carriers their data across the Internet 7/15/202210Sending and receiving buffersTCP为什么需要buffer？原因：TCP要为进程构建”tube”“可靠传输”差错控制流量控制发送进程与接收进程产生和消耗数据的速率不一致7/15/202211TCP segments

9、TCP是如何发送“字节流”的？按报文段（segment）传输Why？报文段：若干字节构成IP是按分组（Package）处理的（而非字节流），1个segment就封装在1个Package上述过程对于接收进程是透明的字节流按照报文段传输的后果：接收方TCP收到报文段可能失序、损伤、重复，或者丢失！7/15/202212TCP ServicesStream delivery service（流交付服务）Full-duplex service（全双工服务）Connection-oriented serviceReliable service7/15/202213TCP Services：Full-Du

10、plex Service全双工：数据可以在同一时间双向流动每一个TCP都有发送缓存和接收缓存DataACKPiggybacking捎带Data can flow in both direction at the same time7/15/202214TCP ServicesStream delivery service（流交付服务）Full-duplex service（全双工服务）Connection-oriented serviceReliable service7/15/202215TCP Services：Connection-Oriented Service建立的是虚连接（virt

11、ual connection），而非物理连接（physical connection）封装成IP分组的TCP报文段可能走不同的路径到达目的地接收到的TCP报文段可能：乱序、丢失、损坏、重复而TCP需要向上层按顺序交付数据IP网络7/15/202216TCP ServicesStream delivery service（流交付服务）Full-duplex service（全双工服务）Connection-oriented serviceReliable service7/15/202217TCP Services：Reliable ServiceReliabilitySequential, w

12、ithout error, and without any part lost or duplicated 如何实现可靠传输？ARQ（Automatic Repeat reQuest）基本思路：接收方：must continuously return acknowledgments (ACK) for successfully received data发送方：每一个发送的数据都需要接收方的确认（ACK）发送每一个数据都需要缓存，并启动定时器，超时重传7/15/202218Chapter 10 TCPOverviewTCP servicesWindow based control Protoc

13、olFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/202219Window based control Protocol基本协议技术序号（Sequence number）确认（Acknowledgment）超时重传机制窗口滑动（sliding）扩展（expanding）缩回（shrinking）关闭（closing）7/15/202220TCPNumbering Bytes（给字节编号）To number all data bytes tran

14、smitted in a connection 字节号, 而不是给每个报文段分配编号某个TCP连接上的某个报文段的序号（sequence number） 报文段中第一个数据字节的字节号Numbering is independent in each directionThe numbering starts randomly, NOT from 0选取范围：0 232-1TCPSendingSending bufferReceiving bufferReceivingDate streamSegmentData7/15/202221练习Imagine a TCP connection is t

15、ransferring a file of 6000 bytes. The first byte is numbered 10010. What are the sequence numbers for each segment if data is sent in five segments with the first four segments carrying 1,000 bytes and the last segment carrying 2,000 bytes?The following shows the sequence number for each segment:Seg

16、ment 1 10,010 (10,010 to 11,009)Segment 2 11,010 (11,010 to 12,009)Segment 3 12,010 (12,010 to 13,009)Segment 4 13,010 (13,010 to 14,009)Segment 5 14,010 (14,010 to 16,009)Sender1301014010100101101012010Seg1Seg2Seg3Seg4Seg57/15/202222报文段的序号报文段的序号 报文段中第一个数据字节的字节号，那么如果报文段不携带数据，那么这个报文段是否需要编号？如何编号？原则：需要

17、确认的报文，需要序号7/15/202223Window based control Protocol基本协议技术序号（Sequence number）确认（Acknowledgment）超时重传机制窗口滑动（sliding）扩展（expanding）缩回（shrinking）关闭（closing）7/15/202224Acknowledgment （确认，ACK）Acknowledgment number（确认号）：对已经收到的字节表示确认Positive ACK（肯定确认）The number of the next data byte a party expects to receiveC

18、umulative ACK（累计确认）例如 TCP报文段中的确认号是：1234，意味着：已经收到了字节号1234的以前的所有字节希望收到了下一个TCP报文段的序号12347/15/202225Discussion例1: a segment with Seq# =X, Data Len=LThen the Seq# of the next segment:例2: a segment with Ack# =XThis means all bytes from the beginning up to X-1 has been receivedFeatures报文的顺序关系数据流的位置，更便于流的复原

19、需较大的序号空间（32bit，2324Gbyte）序号不连续，n1n2= RTT（ Round Trip Time，报文往返时间）一种简单解决方案：the destination TCP （接收方TCP）检测出重复报文段Sequence numberSimply discard the packet678Receiver124524924Seg(524)假设，TCP报文段定长为400ByteACK(1324)7/15/202256Out-of-Order Segment（失序报文段）CauseTCP uses the services of IP, an unreliable, connect

20、ionless network layer service解决方案：the destination TCP （接收方TCP）检测出失序的报文段: sequence numberCorrectingTCP does NOT acknowledge an out-of-order segment until it receives all of the segments that precede itIf the acknowledgment is delay, the timer of the out-of-order segment may mature at the source TCP a

21、nd the segment may be resent duplicate segment678Receiver910111213141516678Seg(10)ACK(9)Seg(11)Seg(9)ACK(12)7/15/202257Fast retransmission7/15/202258Lost AcknowledgmentSegment 1Seq: 1201, 200bytesAck: 1601SenderReceiverSegment 2Seq: 1401, 200bytesSegment 3Seq: 1601, 200bytesAck: 1801TimeTimeAcknowle

22、dgmentlostOKOKOK7/15/202259Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/202260Congestion Control（拥塞控制）Congestion：网络中，路由器接收过多的分组，超过其处理能力时，发生拥塞 分组被丢弃Some packets could be dropped by the

23、 router no ack is sent from the destination TCP发送端会重传超时定时器会超时 the sender retransmits the lost packetTo create more congestion and more dropping more retransmission and more congestionFinally, the whole system collapses结论：拥塞引起的重传，会使情况更糟7/15/202261Capacity（网络容量）：网络能处理的分组数Throughput（吞吐率）：单位时间内通过网络的分组数P

24、acket delay, Throughput VS. network load7/15/202262Router queues7/15/202263Congestion Control端点（主机）上的TCP是无法准确知道网络因何原因或者在何处发生拥塞TCP本身没有提供拥塞控制拥塞对于端点而言，表现为：TCP传输延迟增加，导致超时重传TCP应该在网络出现拥塞时，必须减慢发送速率（或停止传输） 拥塞控制问题： TCP如何发现网络的拥塞呢？In flow control，发送窗口由接收方直接控制Sender window = Receiver window网络中拥塞，发送窗口还要取决于网络的拥塞情

25、况TCP assumes（关键假设）The cause of a lost segment is due to congestion in the network7/15/202264Congestion Window（拥塞窗口）Sender window = Min rwnd, cwndrwnd: receivers advertised window （接收方宣告窗口） a receiver-side limit流量控制cwnd: congestion window（拥塞窗口） a sender-side limit（反映了网络的拥塞状况）拥塞控制7/15/202265TCP中的几个窗口接

26、收方宣告窗口（ rwnd ）：接收方通过反馈告诉发送方的允许传输的数据量（单位：可以是字节，也可以是报文段）拥塞窗口（ cwnd ）：发送方为了进行拥塞控制而限制自己传输的数据量实际发送窗口的大小Min rwnd, cwnd哪个窗口值小，那种控制就起作用拥塞窗口如何确定拥塞策略7/15/202266Congestion Control AlgorithmsSlow start（慢启动） congestion avoidance（拥塞避免）以及拥塞检测慢启动：指数增大拥塞避免：加法增大拥塞检测：乘法减小Fast retransmit/Fast recovery（快速重传和快速恢复）To dete

27、ct and repair loss based on incoming duplicate ACKsTCP assumes3 or more duplicate ACKs a segment has been lost参考文献Van Jacobson，Congestion Avoidance and Control，SIGCOMM88RFC2001，TCP Slow Start, Congestion Avoidance, Fast Retransmit, and Fast Recovery AlgorithmsRFC 2581，TCP Congestion ControlWilliam S

28、tallings，高速网络与互联网络性能与服务质量（第二版），第12章TCP通信量控制，电子工业出版社，20037/15/202267Slow start（慢启动）建立一条新的TCP连接以后，执行慢启动：初始状态cwnd1（1个最大报文段MSS）发送方只允许发送1个TCP报文段（因为发送窗口1）等待ACK每收到1个ACK，发送窗口向右滑动1个报文段的长度cwnd1 发送方连续发送2个报文段直到发送窗口大小（Ws）ssthresh（慢启动阈值）慢启动过程实际上是发送TCP在TCP连接建立初期试探网络的拥塞状况，以避免因一次发送过多的报文段而引起网络的拥塞012345678sender091011

29、12131415161245678ACK13ACK2ACK3注：慢启动实际并不慢，每过1个RTT，cwnd就翻倍，呈2的指数增长7/15/202268Congestion avoidance（拥塞避免）在慢启动阶段，拥塞窗口以指数形式增长，要避免发生拥塞，当拥塞窗口达到某个值后，必须减慢拥塞窗口的增长规律当发送窗口大小ssthresh时，发送方进入拥塞避免阶段在这个阶段中，只有当窗口中所有报文都确认后，拥塞窗口1实质上：每收到1个ACK，cwndcwnd1/ cwnd当RTT较大时，可以认为是每隔一个RTT，拥塞窗口cwnd1 加性增加（Addictive Increase）拥塞避免直到出现重

30、传超时定时器超时，即发生拥塞7/15/202269拥塞检测推测拥塞：超时重传ssthresh（慢启动阈值）设置为当前cwnd（拥塞窗口）的一半即ssthresh cwnd / 2cwnd（拥塞窗口）= 1重新执行慢启动012345678sender091011121314151612456783ssthreshcwnd68317/15/202270快速重传和快速恢复如果不是超时，而是连续收到3个ACK，处理方式是：ssthresh（慢启动阈值）设置为当前cwnd（拥塞窗口）的一半cwnd当前阈值开始拥塞避免阶段为什么这样做？连续收到3个ACK，说明1个报文段可能丢失了，但后面的几个报文段又安全

31、到达7/15/202271TCP拥塞策略小结7/15/202272拥塞举例Number of transmitted segmentsCongestion window size( in segments)SlowstartCongestion avoidance7/15/202273Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package

32、7/15/202274TCP TimerRetransmission timer（重传超时定时器）The waiting time for an ack of a segmentTo control a lost or discarded segmentPersistence timer（持久）To deal with the zero window-size advertisementThe waiting time for an ack with a non-zero window sizeKeepalive timer（保活）To prevent a long idle connecti

33、on between two TCPThe waiting time for some data from a clientTime-waited timerTo be used during connection termination7/15/202275Retransmission Timer功能：处理重传超时发送方可以重传报文段某些报文段在传输过程中可能丢失或者被丢弃（ lost or discarded ）The waiting time for an ack of a segmentUsage（如何使用重传超时定时器）When TCP sends a segment, it cre

34、ates a retransmission timer for that segmentIf an ack is received for that segment before time-out, the timer is destroyedOtherwise the segment is retransmitted and the timer is reset关键问题： 重传超时（RTO）时间如何确定？7/15/202276重传超时时间RTT (Round-Trip Time)：报文段传输的往返时延从发送一个报文到收到这个报文的时间重传超时时间取值一般是基于RTT的例如（一种简单算法）：R

35、etransmission timer = 2 x RTTInternet的上的RTT不同TCP连接具有各自不同的路径长度，时延差异大同一个TCP连接，发送方从发送报文段到收到确认的时间随网络的拥塞状况而改变分组经过路由器，路由器产生的时延取决于通信量结论：分组的传输时延无法预先确定重传超时时间无法实现预测，是动态变化的7/15/202277Internet上的100个Packet的往返传输时间图7/15/202278RTT的测量In TCP, there can be only be one RTT measurement in progress at any timeTCP报文段和它的确认

36、并非11对应某个TCP报文段的RTT是该报文段到达终点并被确认所需的时间，虽然这个确认可能包含对其它报文段的确认平滑RTTSInternet中测量的RTTM起伏大初始：没有数值第一次测量后：RTTS= RTTM其它任何测量后： RTTS = ( 1- ) x RTTS + x RTTM, = 1/87/15/202279RTT偏差（RTTD）初始：没有数值第一次测量后： RTTD = RTTM / 2其它任何测量后：RTTD = ( 1-) x RTTD +|RTTS-RTTM|一般取值为1/47/15/202280重传超时RTO初值：初始值其它任何测量后：RTO = RTTS + 4RTTD

37、7/15/202281Karns algorithm解决的问题：发送方无法准确判断在启动重传后收到ACK所确认的报文段（原始？重传？）不对重传的报文段更新RTT但需要采用时延补偿技术（针对重传）指数退避Internetworking with TCP/IP Volume 1: Principles, Protocols, and Architectures, Chapter 13 7/15/202282指数退避原则：每产生一次重传，RTO数值就加倍7/15/202283Persistence Timer（坚持定时器）功能： To deal with the loss of non-zero w

38、indow size advertisement 当发送方窗口关闭后，直到收方发送一个确认来宣告非零窗口值如果该确认丢失，双方将陷入死锁UsageWhen the sending TCP receives an ack with a window size of zero, it starts a persistence timerIf an ack with a non-zero window size is not received from the receiver before time-out, then send a probe segment （发送探测报文段）探测报文段有序号，

39、但不需要确认The value of the timer is set to the value of the retransmission timerThe sender continues sending the probe segment and doubling and resetting the value of the timer until the value reaches a threshold (usually 60 s)TCP中，不对ACK确认7/15/202284Keepalive Timer功能：To prevent a long idle connection be

40、tween two TCPUsageEach time the server hears from a client, it resets this timerThe time-out is usually 2 hoursIf the server does not hear from the client after 2 hours, it sends a probe segmentIf there is no response after 10 probe, each of which is 75 s apart, then the server assumes that the clie

41、nt is down and terminates the connection7/15/202285Time-waited TimerUsageWhen TCP closes a connection, it does not consider the connection really closed. The connection is held in limbo （过渡期） for a time-waited periodThe value for this timer is usually 2 times the expected lifetime of a segment ( Max

42、imum Segment Lifetime, MSL)2 minutes: an engineering choice7/15/202286Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/202287Segment（0 40 bytes）控制字段Segment标识应用进程差错控制以字节为单位流控同UDPInitial se

43、quence number7/15/202288初始序号（ISN）在建立连接时，通信双方的TCP各自随机产生初始序号例：假设站点A的TCP向站点B发起建立连接，其ISN2367，意味着：A的第1个TCP报文段的序号为2367第1个TCP报文段用于建立连接，数据长度0A的第2个TCP报文段的序号为2368第2个TCP报文段用于建立连接，数据长度0A的第3个TCP报文段的序号为2369，第3个TCP报文段携带数据，长度0问题：假设第3个TCP报文段数据长度1000，那么A的第4个TCP报文段的序号是多少？236910003369TCP中，建立连接阶段的控制报文段有序号，但数据部分为07/15/20

44、2289Control Field控制域（6bit）用于：Flow controlConnection establishment and terminationThe mode of data transfer in TCPURGACKPSHRSTSYNFINURG: Urgent pointer is validRST: Reset the connectionACK: Acknowledgment is validSYN: Synchronize sequence numbersPSH: Request for pushFIN: Terminate the connection7/15/

45、202290校验和7/15/202291紧急指针与紧急（带外）数据紧急数据：不需要接收进程按序读取紧急指针：只有当控制域中的URG置位时，才有效指向带外数据的最后一个字节带外数据（out-of-band data，urgent data）发送端TCP立即创建报文段带外数据位于数据域的首部接收端TCP：不在数据流中排队，直接递交上层提供快速传递数据的功能URGTCP HeaderTCP Data带外(紧急)数据7/15/202292Option（自学）选项Option单字节Single-byte多字节Multiple-byte无操作No operation最大报文段长度Max segment s

46、ize选项结束End of option窗口比例因子Window scale factor时间戳TimestampRFC 13237/15/202293Chapter 10 TCPOverviewTCP servicesWindow based control ProtocolFlow controlError controlTCP timersCongestion controlSegmentConnectionTCP operationTCP package7/15/202294ConnectionConnection连接由1对端点标识: (IP1，port1), (IP2，port2)连

47、接数量受机器内存容量限制一个机器上某个TCP端口号可被多个连接共享面向连接的传输包括以下几个操作：连接建立连接拆除连接复位TCPApp 1App 3TCPApp 2App 3ServerClient 2TCPApp 1Client 1App 27/15/202295连接建立（Connection Establishment）Active open（主动打开）发起建立连接，ClientPassive open（被动打开）接受连接，Server被动打开方一般先于主动打开方启动，但不发起连接建立过程，而是在某个端口上等待主动方的连接请求TCP连接的任意一方都可以主动打开连接7/15/2022963-

48、way HandshakingSegment 1: SYNseq : 1200, ack : -, wnd: -ClientServerSegment 2: SYN+ACKseq : 4800, ack : 1201, wnd: 1024Segment 3: ACKseq : 1201, ack : 4801, wnd: 4096Waits for apassive openRequests forAn active open包含初始序号(同步序号)，不包括确认号，也没定义宣告窗口对第一次握手进行确认，同时定义宣告窗口确认第二次握手，定义宣告窗口；可以在第三个报文段中发送数据Data can

49、be sent with the 3rd packetProcedure startswith server7/15/2022973-way HandshakingSYN报文段不携带任何数据，但消耗一个序号SYNACK报文段不携带任何数据，但消耗一个序号ACK报文段如果不携带任何数据，就不消耗序号7/15/202298连接拆除（Connection Termination）通信是双向的，但连接终止是单向进行的连接拆除的发起方只能关闭自己的发送方向，而TCP的另一端可以继续发送数据半关闭不能发送数据，可接收数据，可发送确认接收方向由对方拆除TCPATCPB发送方向接收方向发送方向接收方向7/15

50、/2022994-way HandshakingSegment 1: FINSeq: 2500, ack: -Segment 2: ACKSeq: 7000, ack: 2501Segment 4: ACKSeq: 2501, ack: 7001Procedure startswith clientSegment 3: FINSeq: 7000, ack: 2501Clients wishto close theconnectionServers ack.to clientsrequestClients ack.to serversrequestServers wishto close the

51、connectionClientServer7/15/2022100连接复位（Connection Resetting）Resetting：异常情况引起的断开连接表示连接已破坏快速关闭连接，无确认一方发出RST1的报文，并立即中止连接（双向）收到RST1报文的一方，也立即中止连接（双向）CasesThe TCP on one side may annul （取消） the connection requested to a nonexistent portOne TCP may want to abort （异常终止）the connection due to an abnormal situ

52、ationThe TCP on one side may destroy the connection because the other side is idle for a long time7/15/2022101Close/FINFIN/ACKActive open/SYNState Transition DiagramFIN WAIT-2CLOSINGTIME-WAITLAST ACKFIN/ACKACK/-FIN/ACKACK/-Close/FINFIN+ACK/ACKSYN/SYN+ACK(simultaneous open)RST/-Send/SYNClose/FINClose/FINACK/-SYN/SYN+ACKFIN/ACKSYN+ACK/ACKRST/-Close/-Active open/SYN(Time-out)ACK/-Time-out/RSTClos