Transport Layer

The next layer shown in Figure 1.1 is the transport layer. It uses a two-octet port number from the application layer to deliver the datagram or segment to the cor-rect application layer protocol at the destination IP address. There are two com-monly used transport layer protocols: Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). In addition, there are two uncommon

trans-port protocols: Stream Control Transmission Protocol (SCTP) and Datagram Congestion Control Protocol (DCCP), which are beginning to be used on the Internet. There is also Transport Layer Security (TLS) which provides security on top of TCP. These protocols are introduced in the following sections.

1.2.4.1 Transmission Control Protocol

Transmission Control Protocol (TCP) [7] provides reliable, connection-oriented transport over IP. A TCP connection between two hosts over an IP network is sometimes known as a socket. TCP is a client/server protocol. Servers “listen”

on a specifi c port number for an incoming request to open a socket. A client sends a request to open a new socket to the server on the well-known port. The combination of the source IP address, source port, destination IP address, and destination port identifi es the socket connection. As such, it is possible for two hosts to have multiple TCP connections open between them.

TCP uses sequence numbers and positive acknowledgments to ensure that each block of data, called a segment, has been received. Lost segments are re-transmitted until they are successfully received. Figure 1.2 shows the message exchange to establish and tear down a TCP connection. A TCP server listens on a well-known port for a TCP ^SYN (synchronization) message to open the connec-tion. The ^SYN message contains the initial sequence number the client will use during the connection. The server responds with an ^ACK message to acknowledge the ^SYN with an acknowledgment number, and then follows up with its own ^SYN message containing its own initial sequence number. Often, these two messages are combined into one ^SYN-ACK message that does both functions. The client completes the three-way handshake with an ^ACK or a ^DATA packet with the ^AK fl ag set to the server acknowledging the server’s sequence number. Now that the con-nection is open, either client or server can send data in ^DATA packets (segments).

The connection is closed when either side sends a ^FIN packet that receives an ^ACK. This exchange is shown in Figure 1.2.

TCP sends data in units called segments. The maximum segment size (MSS) is negotiated between the hosts during the handshake, and is usually based on the maximum transmission unit (MTU) of the local network. In gen-eral, the larger the segment size the more effi cient the transport, except when packet loss is present when smaller segments can result in fewer retransmissions.

A typical MTU value for the Internet is 1,500 octets.

TCP uses cumulative acknowledgements for reliability. The recipient sends

ACK packets including the next sequence number it expects to receive. If a sender does not receive an ^ACK within a certain time period, the segment is resent. An example is shown in Figure 1.3.

TCP also has built in fl ow control. Flow control is used by a receiver to slow down the rate of transmission to allow the receiver to properly process or buffer incoming segments. TCP uses a sliding window for end-to-end control.

Senders can only send the number of octets in the window before waiting for an

ACK. A receiver can reduce the size of the window in ^ACK messages, even setting it to 0 to cause the sender to stop sending. Once the receiver has caught up, another ^ACK can be sent to increase the window size and resume the fl ow of seg-ments. This is shown in Figure 1.4.

Figure 1.2 TCP handshake example.

Figure 1.3 TCP reliability example.

TCP also has built in congestion control. TCP uses a slow-start algorithm to attempt to avoid congestion. When congestion occurs, TCP uses a fast re-transmit and a fast recovery. The details of how these algorithms work can be found in any good TCP/IP reference such as [4].

TCP adds a 20-octet header fi eld to each packet, and is a stream-oriented transport. An application using TCP to send messages must provide its own framing or separation between messages. Error segments are detected by a check-sum covering both the TCP header and payload.

1.2.4.2 Transport Port Numbers

Ports numbers are used by the transport layer to multiplex and demultiplex mul-tiple connections on a single host. Otherwise a pair of hosts could only have a single connection between them. Also, messages for different protocols can be separated by using different port numbers. Often these port numbers are associ-ated with a specifi c protocol. Others are registered to a particular protocol. Ports are a 16 bit integer. Ports in the range ⁰ to ¹⁰²⁴ are called well-known ports.

Ports in the range of ¹⁰²⁴ through ⁴⁹¹⁵¹ are known as registered ports. Ports in the range of ⁴⁹¹⁵² through ⁶⁵⁵³⁵ are known as dynamic, private, or ephemeral ports. For example, Web servers use the well known port of ⁸⁰, SIP uses the reg-istered ports of ⁵⁰⁶⁰ and ⁵⁰⁶¹, while RTP usually uses a dynamic port.

1.2.4.3 User Datagram Protocol

User Datagram Protocol (UDP) [8] provides unreliable transport across the In-ternet. It is a best-effort delivery service, since there is no acknowledgment of

Figure 1.4 TCP fl ow control example.

sent datagrams. Most of the complexity of TCP is not present, including se-quence numbers, acknowledgments, and window sizes. UDP does detect data-grams with errors with a checksum. It is up to higher layer protocols to detect this datagram loss and initiate a retransmission if desired.

UDP does not provide congestion control or fl ow control—if any of these functions are needed, they must be built into the application layer protocol.

UDP is best suited for short, single packet exchanges such as DNS or routing queries. It is also good for real-time, low latency transports protocols such as SIP and RTP.

UDP adds an 8 octet header fi eld to datagrams. Applications and protocols that use UDP must do their own framing—they must break up information into individual UDP packets. For a message oriented protocol, this typically means one message or request per UDP datagram.

1.2.4.4 Transmission Layer Security

Transmission Layer Security (TLS) [9] is based on the Secure Sockets Layer (SSL) protocol fi rst used in Web browsers. TLS uses TCP for transport although it has recently been extended to also run over UDP. TLS is commonly used today on the Internet for secure Web sites using the secure HTTP (https) URI scheme.

The TLS protocol has two layers: the TLS Transport Protocol and the TLS Handshake Protocol. The TLS Transport Protocol is used to provide a reliable and private transport mechanism. Data sent using the TLS Transport Protocol is encrypted so that a third party cannot intercept the data. A third party also can-not modify the transported data without one of the parties discovering this. The TLS Handshake Protocol is used to establish the connection, negotiate the en-cryption keys used by the TLS Transport Protocol, and provide authentication.

The key agreement scheme selects an encryption algorithm and generates a one-time key based on a secret passed between the two sides. During the hand-shake, the parties exchange certifi cates, which can be used for authentication.

The cryptographic computations for a TLS connection are not trivial, and the multiple round trips needed to open a connection can add to message laten-cy. Also, certifi cate verifi cation can introduce processing delays. However, TLS transport has clear security advantages over UDP or TCP. TLS is widely sup-ported due to its use in secure Web browsers and servers. TLS will be discussed more in Chapter 14.

1.2.4.5 Stream Control Transport Protocol

The Stream Control Transmission Protocol (SCTP) [10] is similar to TCP in that it provides reliable stream-based transport. However, it has some advantages over TCP transport for a message-based protocol. First, it has built-in message segmentation, so that individual messages are separated at the transport layer.

Another advantage is that SCTP avoids the so-called “head of line blocking”

problem of TCP. This is a TCP problem in which a dropped segment with a large window causes the entire window’s worth of messages to wait in a buffer (that is, be blocked) until the dropped segment is retransmitted.

SCTP also supports multihoming, so if one of a pair of load balancing servers fails, the other can immediately begin receiving the messages without even requiring a DNS or other database lookup.

As a transport protocol, SCTP requires operating system level support to be used, which will initially delay its use in the Internet. Also, as we shall see in Chapter 10 on NAT traversal, the use of new transports on the Internet is severely limited by their support in middleboxes such as NAT. Also, note that the advantages of SCTP over TCP only occur during packet loss. In a zero loss network, the performance of the two is identical. SCTP is not commonly sup-ported in Internet hosts today.

1.2.4.6 Datagram Congestion Control Protocol

Datagram Congestion Control Protocol (DCCP) [11] is another new transport protocol that tries to provide congestion and fl ow control similar to TCP but without the reliability or in-order delivery of TCP. It shows some promise for use as a real-time transport. However, its support is very limited today, and limited NAT support will delay its adoption.