The TCP protocol provides reliable transmission of data over an
IP network. It works around transmission errors by resending packets. TCP
corresponds to the transport layer (Layer 4) of the OSI reference model. As a
complement to the IP protocol, it provides functionality that is missing in
IP.
 |
| TCP Packet Format |
TCP packet format. Similar to IP, the nature of how TCP behaves and the
functions of the fields within the TCP packet have the following implications
with respect to resiliency:
-
TCP delivers an unstructured stream of bytes identified by sequence numbers, which is called stream data transfer. This service benefits applications because they do not have to chop data into blocks before handing it off to TCP. TCP accomplishes this by grouping bytes into segments and passing them to IP for delivery.
-
TCP provides connection-oriented, end-to-end reliable packet delivery through an IP network. It does so by sequencing bytes with a forwarding acknowledgment number indicating to the destination the next byte the source expects to receive. Bytes not acknowledged within a specified time period are retransmitted. The reliability mechanism of TCP allows hosts to deal with lost, delayed, duplicate, or out-of-order packets that might happen as they move through an IP network. This ability to recover from errors is sometimes exploited by network managers when dealing with network congestion via features such as weighted random early detection (WRED).
-
When sending acknowledgments back to the source, the receiving TCP process indicates the highest sequence number it can receive without overflowing its internal buffers. This flow-control capability of TCP dictates bandwidth consumption, and in fact, affects how fast an application appears to a user.
-
TCP processes can both send and receive at the same time. This means fewer flows to keep track of within the network, which is good in the event that you need to deal with per-flow types of operations (for example, accounting). With fewer flows to keep track of, the network saves on critical resources, such as memory, that are important in maintaining the resiliency.
-
The TCP process also allows for multiplexing, which enables numerous upper-layer conversations to take place over a single connection. Again, this decreases the number of flows within the network.
Beside these points, two other important characteristics of TCP
need special attention: the three-way handshake and the sliding window.
TCP Three-Way Handshake
One of the important characteristics of TCP is the way it
establishes a connection between two hosts. The so-called three-way handshake is a signature of TCP and is a
basis of how some technology works.
Because of the way resources have to be allocated for a
three-way handshake to work, many network attacks exploit this characteristic to
compromise the resiliency of the network.
When a pair of devices wants to initiate a TCP connection, they
undergo a process known as a three-way handshake. The initiating side sends a
SYN packet to the peer, which replies with an ACK and a SYN of its own. Sequence
number negotiation occurs here. Finally, the initiator sends an ACK for the
peer's SYN.
TCP Three-Way Handshake
 |
| TCP 3 way Handshake |
After the connection has been established, data begin to flow
between the two hosts. The two hosts then maintain states of the connection,
which consume memory resources. Therefore, in a form of a denial-of-service
(DoS) attack, the attacker issues numerous SYN requests to a target host, which
cause a SYN_ACK response from the target. The target host will soon run out of resources trying to maintain the various
SYN requests and eventually not be able to process legitimate SYN requests from
other hosts. Even worse, the target host might not even function properly at all
because of a lack of memory resources. Therefore, it is critical that important
resources within the network, such as the servers and routers, be protected from
attacks that exploit the three-way handshake.
TCP Sliding Window
The TCP sliding window is another important characteristic of
the TCP protocol. It is a flow-control mechanism used by TCP to regulate the
amount of traffic received from a sender at any one time. Data received from the
sender is stored in a buffer that feeds the data to an application. If the
application is slow in removing the data from the buffer, TCP slows down the
sender in transmission. On the other hand, if the application can retrieve data
faster than the buffer can be filled up, TCP informs the sender to speed up. The
speed to send is determined through a negotiated entity called a window size. Window size refers to the number of
messages that can be transmitted while awaiting an acknowledgment. After a host
transmits the window-size number of messages, it must receive an acknowledgment
before any more messages can be sent.
With a window size of 1, each segment must be acknowledged
before another segment is transmitted. This methodology results in inefficient
use of bandwidth by the hosts.
TCP Sliding Window
 |
| TCP Sliding Window |
A larger window size allows more data to be transmitted pending
acknowledgment, which improves the performance of data transmission.
TCP uses
expectation acknowledgments, meaning that the acknowledgment number refers to
the packet that is expected next. The "sliding" part of "sliding window" refers
to the fact that the window size is negotiated dynamically during the TCP
session. Because it is dynamic, it can be increased or reduced during the life
of the conversation. Because of this characteristic, the sliding window may be
exploited to slow down an application when network congestion occurs. This
allows for other more important applications to get service from the network
and, hence, improves resiliency for those classes of traffic.
You might also like these recent post -
Understanding Five Nines of Uptime - Read This
Distribured Virtual Datacenter for Enterprise cloud - Read This
Cisco ASR 9000 - Network Virtualization Technology - Read This
Cisco ISR G2 Licensing - Simpified - Read This
Cisco GLBP is an unbeatable FHRP - Read this