TCP/IP 2: Details of Operation

* Last week, covered TCP/IP basics. This week:
  * Connection Startup and Teardown
  * Connection State, Timeouts, Seq Numbers
  * TCP Options
  * Connection Reset
  * OS Interfaces and Queued Connections
  * SYN Cookies
  * RTO, RTT and SRTT
  * Retransmit strategy

Connection Startup

* Three-way startup handshake:
  * SYN ->
  * <- SYN/ACK
  * ACK ->

* Could overlap SYN

* Could piggyback data on ACK

Connection Teardown

* Four-way Handshake
  * FIN ->
  * <- ACK
  * <- FIN
  * ACK ->

Connection State, Timeouts, Seq Numbers

* p. 617 sec 13.5.1: Epic TCP state diagram

* All kinds of timeouts
  * Some static in kernel
  * Some per-connection
  * Most set using 1985 logic

* Sequence number issues:
  * Randomish ISN selection
  * Stale connections

TCP Options

* MSS (not PMTU, but hard limit)

* SACK


Connection Reset

* Implementations send RST (+ ACK + PSH)
  * When they don't recognize something
  * When they want an abort

* RST interacts badly with lots of timeouts

OS Interfaces and Queued Connections

* Berkeley sockets API is an awkward mess
  * "Berkeley Abstraction"
  * Weird corners

* OS will queue incoming active connections
  until a server can get to them

SYN Cookies

* Interesting attack: Flood victim with SYNs and use
  up all their resources

* Response: Make SYN ACKs stateless using sequence number
  as storage; only allocate afterward

RTO, RTT and SRTT

* Have to estimate RTT (SRTT) to set RTO

* Standard estimator is exp moving avg (1-pole IIR lowpass)
  * Maybe estimate variance separately
  * Always set a minimum in the estimate

* Opportunities to fast retransmit, do better estimators,
  etc.

Conclusions

* Trying to get the details of TCP right has been an engineering
  kludgefest

* Much of it is to deal with problems of networks that no longer
  exist---especially low-throughput nets

* "You are not expected to understand this."