Manual:Connection oriented communication (TCP/IP)

From MikroTik Wiki
Jump to navigation Jump to search

Connection oriented communication (TCP/IP)

The connection-oriented communication is a data communication mode in which you must first establish a connection with remote host or server before any data can be sent. It is similar with analog telephone network where you had to establish connection before you are able to communicate with a recipient. Connection establishment included operations such as dial number, receive dial tone, wait for calling signal etc.


TCP session establishment and termination

Process when transmitting device establishes a connection-oriented session with remote peer is called a three-way handshake. As the result end-to-end virtual (logical) circuit is created where flow control and acknowledgment for reliable delivery is used. TCP has several message types used in connection establishment and termination process (see Figure 2.1.).

File:Image2001.gif

Connection establishment process

  1. The host A who needs to initialize a connection sends out a SYN (Synchronize) packet with proposed initial sequence number to the destination host B.
  2. When the host B receives SYN message, it returns a packet with both SYN and ACK flags set in the TCP header (SYN-ACK).
  3. When the host A receives the SYN-ACK, it sends back ACK (Acknowledgment) packet.
  4. Host B receives ACK and at this stage the connection is ESTABLISHED.

Connection-oriented protocol services are often sending acknowledgments (ACKs) after successful delivery. After packet with data is transmitted, sender waits acknowledgement from receiver. If time expires and sender did not receive ACK, packet is retransmitted.

Connection termination

When the data transmission is complete and the host wants to terminate the connection, termination process is initiated. Unlike TCP Connection establishment, which uses three-way handshake, connection termination uses four-way messages. Connection is terminated when both sides have finished the shut down procedure by sending a FIN and receiving an ACK.

  1. The host A, who needs to terminate the connection, sends a special message with the FIN (finish) flag, indicating that it has finished sending the data.
  2. The host B, who receives the FIN segment, does not terminate the connection but enters into a "passive close" (CLOSE_WAIT) state and sends the ACK for the FIN back to the host A. Now the host B enters into LAST_ACK state. At this point host B will no longer accept data from host A, but can continue transmit data to host A. If host B does not have any data to transmit to the host A it will also terminate the connection by sending FIN segment.
  3. When the host A receives the last ACK from the host B, it enters into a (TIME_WAIT) state, and sends an ACK back to the host B.
  4. Host B gets the ACK from the host A and closes the connection.


Segments transmission (windowing)

Now that we know how the TCP connection is established we need to understand how data transmission is managed and maintained. In TCP/IP networks transmission between hosts is handled by TCP protocol.

Let’s think about what happens when datagrams are sent out faster than receiving device can process. Receiver stores them in memory called a buffer. But since buffer space are not unlimited, when its capacity is exceeded receiver starts to drop the frames. All dropped frames must be retransmitted again which is the reason for low transmission performance.

To address this problem, TCP uses flow control protocol. window mechanism is used to control the flow of the data. When connection is established, receiver specifies window field (see, TCP header format, Figure 1.6.) in each TCP frame. Window size represents the amount of received data that receiver is willing to store in the buffer. window size (in bytes) is send together with acknowledgements to the sender. So the size of window controls how much information can be transmitted from one host to another without receiving an acknowledgment. Sender will send only amount of bites specified in window size and then will wait for acknowledgments with updated window size.

If the receiving application can process data as quickly as it arrives from the sender, then the receiver will send a positive window advertisement (increase the windows size) with each acknowledgement. It works until sender becomes faster than receiver and incoming data will eventually fill the receiver's buffer, causing the receiver to advertise acknowledgment with a zero window. A sender that receives a zero window advertisement must stop transmit until it receives a positive window. Windowing process is illustrated in Figure 2.2.

File:Image2002.gif

The host A starts transmit with window size of 1000, one 1000byte frame is transmitted. Receiver (host B) returns ACK with window size to increase to 2000. The host A receives ACK and transmits two frames (1000 bytes each). After that receiver advertises an initial window size to 2500. Now sender transmits three frames (two containing 1,000 bytes and one containing 500 bytes) and waits for an acknowledgement. The first three segments fill the receiver's buffer faster than the receiving application can process the data, so the advertised window size reaches zero indicating that it is necessary to wait before further transmission is possible.

The size of the window and how fast to increase or decrease the window size is available in various TCP congestion avoidance algorithms such as Reno, Vegas, Tahoe etc.

Ethernet networking

CSMA/CD

The Ethernet system consists of three basic elements:

  • the physical medium used to carry Ethernet signals between network devices,
  • medium access control system embedded in each Ethernet interface that allow multiple computers to fairly control access to the shared Ethernet channel,
  • Ethernet frame that consists of a standardized set of bits used to carry data over the system.

Ethernet network uses Carrier Sense Multiple Access with Collision detection (CSMA/CD) protocol for data transmission. That helps to control and manage access to shared bandwidth when two or more devices want to transmit data at the same time. CSMA/CD is a modification of Carrier Sense Multiple Access. Carrier Sense Multiple Access with Collision Detection is used to improve CSMA performance by terminating transmission as soon as collision is detected, reducing the probability of a second collision on retry.

Before we discuss a little more about CSMA/CD we need to understand what is collision, collision domain and network segment. A collision is the result of two devices on the same Ethernet network attempting to transmit data at the same time. The network detects the "collision" of the two transmitted packets and discards both of them.

If we have one large network solution is to break it up into smaller networks – often called network segmentation. It is done by using devices like routers and switches - each of switch ports create separate network segment which result in separate collision domain. A collision domain is a physical network segment where data packets can "collide" with each other when being sent on a shared medium. Therefore on a hub, only one computer can receive data simultaneously otherwise collision can occur and data will be lost.

File:Image2003.gif

Hub (called also repeater) is specified in Physical layer of OSI model because it regenerates only electrical signal and sends out input signal to each of ports. Today hubs do not dominate on the LAN networks and are replaced with switches.

Carrier Sense – means that a transmitter listens for a carrier (encoded information signal) from another station before attempting to transmit.

Multiple Access – means that multiple stations send and receive on the one medium.

Collision Detection - involves algorithms for checking for collision and advertises about collision with collision response – “Jam signal”.

When the sender is ready to send data, it checks continuously if the medium is busy. If the medium becomes idle the sender transmits a frame.

Look at the Figure 2.4 bellow where simple example of CSMA/CD is explained.

File:Image2004.gif


  1. Any host on the segment that wants to send data “listens” what is happening on the physical medium(wire) an is checking whether someone else is not sending data already.
  2. Host A and host C on shared network segment sees that nobody else is sending and tries to send frames.
  3. Host A and Host C are listening at the same time so both of them will transmit at the same time and collision will occur. Collision results in what we refer to as "noise" - a change in the voltage of the signals in the line (wire).
  4. Host A and Host B detect this collision and send out “jam” signal to tell other hosts not to send data at this time. Both Host A and Host C need to retransmit this data, but we don't want them to send frames simultaneously once again. To avoid this, host A and host B will start a random timer (ms) before attempting to start CSMA/CD process again by listening to the wire.

Each computer on Ethernet network operates independently of all other stations on the network.


Half and Full duplex Ethernet

Ethernet standards such as Ethernet II and Ethernet 802.3 are passed through formal IEEE (Institute of Electrical and Electronics Engineers) standardization process. The difference is that Ethernet II header includes Protocol type field whereas in Ethernet 802.3 this field was changed to length field. Ethernet is the standard CSMA/CD access method. Ethernet supports different data transfer rates Ethernet (10BaseT) – 10 Mbps, Fast Ethernet (100Base-TX) – 100 Mbps Gigabit Ethernet (1000Base-T) – 1000 Mbps through different types of physical mediums (twisted pairs (Copper), coaxial cable, optical fiber). Today Ethernet cables consist of four twisted pairs (8 wires). For example, 10Base-T uses only one of these wire pairs for running in both directions using half-duplex mode.

Half-duplex data transmission means that data can be transmitted in both directions between two nodes, but only one direction at the same time. Also in the Gigabit Ethernet is defined (Half-duplex) specifications, but it isn’t used in practice.

Full-duplex data transmission means that data can be transmitted in both directions using different twisted pairs for each of direction at the same time. Full Duplex Ethernet, collisions are not possible since data is transmitted and received on different wires, and each segment is connected directly to a switch. Full-duplex Ethernet offers performance in both directions for example, if your computer supports Gigabit Ethernet (full duplex mode) and your gateway (router) also support it then between your computer and gateway 2Gbps aggregated bandwidth is available.

Simple network communication example

ARP protocol operation

Address Resolution Protocol (ARP) is a protocol for mapping an Internet Protocol (IP) address of host in the local network to the hardware address (MAC address). The physical/hardware address is also known as a Media Access Control or MAC address. Each network device maintains ARP tables (cache) that contain list of MAC address and its corresponding IP address. MAC addresses uniquely identify every network interface in the network. IP addresses are used for path selection to destination (in the routing process), but frame forwarding process from one interface to another occur using MAC addresses.

When host on local area network wants to send IP packet to another host in this network, it must looks for Ethernet MAC address of destination host in its ARP cache. If the destination host’s MAC address is not in ARP table, then ARP request is sent to find device with corresponding IP address. ARP sends broadcast request message to all devices on the LAN by asking the devices with the specified IP address to reply with its MAC address. A device that recognizes the IP address as its own returns ARP response with its own MAC address. Figure 2.5 shows how an ARP looks for MAC address on the local network.

File:Image2005.gif


Commands that displays current ARP entries on a PC (linux, DOS) and a MikroTik router (commands might do the same thing, but they syntax may be different):

For windows and Unix like machines: arp – a displays the list of IP addresses with its corresponding MAC addresses

ip arp print – same command as arp – a but display the ARP table on a MikroTik Router.


[ Top | Back to Content ]