Shulou(Shulou.com)06/03 Report--

1. TCP/IP model

Transmission Control Protocol/Internet Protocol Transmission Control Protocol / Internet Interconnection Protocol, TCP/IP is a Protocol Stack (protocol stack), including TCP, IP, UDP, ICMP, RIP, TELNET, FTP, SMTP, ARP and many other protocols originated from the ARPA network project, the predecessor of the Internet of the U.S. Department of Defense (DoD). On January 1, 1983, TCP/IP replaced the old network control protocol NCP. It has become the cornerstone and standard of today's Internet and local area network, which is maintained by the Internet Engineering Task Force and defines a total of four layers.

The TCP/IP protocol stack corresponds to the layering of the ISO reference model:

Second, TCP/IP port division:

The transport layer determines the application layer protocol through the port number.

Port number: Port number

Tcp: transmission control protocol, connection-oriented protocol; virtual link needs to be established before communication; link is removed after completion

0-65535

Udp:User Datagram Protocol, connectionless protocol

0-65535

IANA: Internet Digital Distribution Agency (responsible for domain names, digital resources, protocol allocation)

0-1023: system port or privileged port (available only to administrators), as we all know, permanently assigned to fixed

System application use, 22/tcp (ssh), 80/tcp (http), 443/tcp (https)

1024-49151: user port or registration port, but the requirements are not strict, assigned to the program to register as some should

Use, 1433/tcp (SqlServer), 1521/tcp (oracle), 3306/tcp (mysql), 11211/tcp/udp

(memcached)

49152-65535: dynamic port or private port, port randomly used by client programs

Definition of its scope: / proc/sys/net/ipv4/ip_local_port_range

/ etc/services: records the port numbers of application services and the port numbers of various protocols

Remember some common port numbers:

Snmp 161/tcphttp 80/tcp https 443/tcpkerberos 88/tcp network authorization protocol, which is used in insecure networks Identity authentication smtp 25/tcppop3 110/tcpimap 143/tcpsmb 445/tcpdns 53/tcpdhcp/s 67/udpdhcp/c 68/udpdns 53/udpqq 8000/udp for personal communications by secure means

III. Characteristics of TCP

Working at the transport layer connection-oriented full-duplex protocol half-off error checking packages data into segments, sort confirmation mechanism data recovery, retransmission flow control, sliding window congestion control, slow start and congestion avoidance algorithms

IV. The header structure of TCP

Introduction to the structure of TCP header

TCP header source port, destination port: the process on the computer needs to communicate with other processes through the computer port, and a computer port can only be occupied by one process at a time, so you can know which two processes need to communicate by specifying the source port and the destination port. The source port and destination port are represented by 16 bits, and the number of ports of the computer can be calculated to be 2 ^ 16 serial numbers: the number of the first byte of the data sent in this paragraph. Each byte of the byte stream transmitted in the TCP connection is numbered sequentially. Because the sequence number is represented by 32 bits, every 2 ^ 32 bytes, the sequence number wraps, starting with 0 again: indicates that the receiver expects to receive the number of the first byte of the sender's next message segment. That is, tell the sender: I want you (refers to the sender) to send the data of the first byte of the data number of this confirmation number offset: indicates the length of the head of the TCP message segment, a total of 4 digits, because the TCP header contains a variable length option section, you need to specify how long the TCP message segment is. It indicates how far the data start of the TCP segment is from the beginning of the TCP segment. The unit of this field is 32 bits (that is, 4 bytes is the unit of calculation), and the maximum of 4 bits represents 15, so the data offset is the maximum 60 bytes of URG in the header of TCP: indicates whether the data sent in this paragraph contains emergency data. The following emergency pointer field (urgent pointer) is valid only when URG=1: indicates whether the previous confirmation number field is valid. The previous confirmation number field is valid only when ACK=1. TCP stipulates that after the connection is established, the ACK must be 1, and the TCP message segment with the ACK flag is called the acknowledgement message segment PSH: it is prompted that the receiving application should immediately read the data from the TCP receiving buffer to make room for receiving subsequent data. If 1, it means that the other party should immediately submit the data to the upper application instead of caching it. If the application does not read the received data, it will stay in the TCP receive buffer RST: if you receive a RST=1 message indicating that there is a serious error in the connection with the host (such as the host crashes), you must release the connection and then re-establish the connection. Or it means that there is something wrong with the data sent to the host last time, and the host refuses to respond. The TCP message segment with RST flag is called reset message segment SYN: it is used when establishing a connection to synchronize the sequence number. When SYN=1,ACK=0, it indicates that this is a message segment requesting a connection; when SYN=1,ACK=1, the other party agrees to establish a connection. SYN=1, indicating that this is a message requesting or agreeing to establish a connection. The SYN is set to 1 only in the first two handshakes. The TCP message segment with the SYN flag is called the synchronous message segment FIN: it notifies the other party that the connection is about to be closed and marks whether the data has been sent. If FIN=1, that is, tell the other party: "my data has been sent, you can release the connection". The TCP message segment with the FIN mark is called the window size of the end message segment: it indicates the amount of data that the other party is now allowed to send, that is, to tell the other party that the amount of data allowed to be sent from the confirmation number of this paragraph reaches this value, and it needs to be confirmed by ACK before you can continue to transmit the following data. This value checksum is obtained from Window size value * Window size scaling factor (this value is negotiated by the TCP option Window scale during the three-way handshake): provides additional reliability emergency pointer: marks the location of emergency data in the data field option section: its maximum length can be calculated based on the TCP header length. The length of the TCP header is expressed in 4 bits, and the maximum length of the option section is: (2 ^ 4-1) * 4-20mm 40 bytes Common options: maximum message segment length: Maxium Segment Size,MSS, usually 1460-byte window expanded: Window Scale timestamp: Timestamps

5. TCP's three-way handshake

A brief introduction to the three-way handshake of TCP

First handshake: the first thing is to ensure that the service port of the server is in the state of LISTEN listening, then the client sends the request actively and enters the (SYN-SENT) state, sends a request to the service port of the server using one of the random ports of 49152-65535, sends two messages SYN=1 synchronous serial number request, and sends out the seq=x local serial number. Second handshake: when the server receives a request from the client to connect, it responds immediately and goes to the SEND_RCVD to wait for the client to confirm. The server will send four messages to the client for SYN=1 synchronization sequence number request. ACK=1 is to confirm that the SYN synchronization sequence number confirmation message sent by the client has been received, and the server sends its own sequence number seq=y. At the same time, an ack=x+1 is sent (indicating that the seq=x packet sent by the client has been received on the server, and the next packet of the x packet will be sent when the message is sent, that is, the packet of xroom1). Third handshake: when the client receives the response from the server, the client will respond immediately and enter the state that the ESTABLISHED has established a connection. The client will reply to the server with 4 messages, ACK=1 (indicating that the SYN message sent by the server has been received) and seq=x+1 (that is, the packet sent for the first time is the packet of x). This time, the next packet will be sent. Ack=y+1 (indicates that the seq=y client initiated by the server to the client has received the next packet that will send the y message the next time it is sent). When the server receives the response and immediately enters the state, the connection establishment of the TCP can transfer data. why three-way handshake instead of two or four times? If it is twice, when the client sends the request to the server for the first time, the server receives the request and responds to the client server to confirm that it has received the client's request, and the second time the server returns to the client to confirm that the packet has received the request, and sends the request for connection from the server to the client at the same time, if there is no third time. The server has no idea whether the client has received the confirmation packet and request packet sent by the server to the client, so the three-way handshake ensures that tcp establishes a reliable link to ensure security. To fully establish a connection to TCP, it must be confirmed by both parties. After establishing a connection to TCP, data transmission can be carried out. For the fourth time, both parties have begun to exchange data.

Semi-and full-connection queues for three-way handshakes:

Introduction of semi-connected queue and fully connected queue

Semi-connection queue: the three-way handshake we are talking about actually sends a synchronization message to the server. When the server receives the response to the client, there is actually a queue on the server side. We call it the semi-connection queue. There is a connection queue on the server side, that is, the client sends a synchronization message to the server to see if its own queue is available. In order to give a response to the client, if the semi-connection queue of the server is full, that is, the server does not have the ability to respond to the client, the maximum number of semi-connection queues that exceed this value cannot be accepted. you can't respond to the client. View the capacity of semi-connected queues: ss-lnt | the number of incomplete connection queues stored in netstat-nt cat / proc/sys/net/ipv4/tcp_max_syn_backlog. Default is 128. it is recommended to set it to more than 1024 in production environment. Full connection queue: the full connection queue has established a three-way handshake. After the handshake, the session can be established to establish a connection. What is really in the connection state is the full connection, and there is also a queue for the full connection. There is a certain number of servers. This number is in a range. If you exceed this value, you cannot view the full connection queue after establishing a connection: cat / proc/sys/net/core/somaxconn stores the number of completed connection queues. Default is 128. it is recommended to set it to more than 1024 in production environment.

6. Four waves of TCP

A brief introduction to the four waves of TCP

After the client and the server are disconnected after a three-way handshake and four waves, then the client requests the server to disconnect? Or does the server ask the client to disconnect? This is uncertain and is usually a client request to disconnect. However, in some scenarios, the server will request to disconnect, for example, if the client does not do anything for a period of time after the connection, the server will actively disconnect when it exceeds the duration of the server connection! Take the client's initiative to disconnect as an example: the first wave: the client sends a disconnected request FIN=1 to the server in the connected state (notifies the server that I request to close the connection and marks whether the data has been sent. If FIN=1, that is, tell the other party: "my data has been sent, you can release the connection"), seq=u (the serial number of the first disconnection request) At this point, the client enters the state of FIN-WAIT-1 and terminates the stage of waiting for the server to confirm. Second wave: after the server receives the FIN=1,seq=u disconnection request, it responds to the client's 3 packet ACK=1 (the sequence number is valid before confirmation), and seq=v (the server sends its own serial number to the client) ack=u+1 (indicates that the u packet sent by the client has received the next packet to be sent, that is, the next packet of u), but this is not the response to confirm the disconnection. Just send to the client that I received your disconnect request. When the client receives the first return from the server, it enters the FIN_WAIT_2 state to wait for confirmation. The third wave: the server will check whether the data has been transmitted, and if there is any legacy, continue to send it, after the server confirms that all the data has been sent, because it was still in the stage of data transmission some time ago, so the server initiates a request to the client to disconnect. The server sends 4 packet FIN=1 to the client again (informing the client to disconnect the request after transmission), ACK=1 (sending the previously received sequence number effectively confirms that the message before the client has been received), seq=w (the sequence number has been changed because there is a time interval in data transmission), ack=u+1 (re-confirming that the client disconnection request has been received), at this time the server enters the waiting phase of LAST-ACK final confirmation. The fourth wave: the client receives the disconnection request from the server after two waits, and immediately responds to the server with 3 packet ACK=1 (confirmation serial number is valid), seq=u+1 (second serial number is + 1), and ack=w+1 (confirmation server seq=w is received). When the server receives the response from the client, it will immediately enter the CLOSED without any connection, but at this time the client will enter the state of TIME-WAIT (2MSL). What does this MSL say about MSL (the length of time of the most big data period)? it means how long it takes to send a data message between the client and the server. In the state of TIME-WAIT, you need to wait for 2MSL before you enter the state where CLOSED does not have any connection. At this time, the TCP connection is completely disconnected after four waves.

7. TCP finite state machine FSM:Finite State Machine

CLOSED does not have any connection status LISTEN listening state, waiting for connection request from remote TCP port SYN-SENT after sending connection request, waiting for the other party to confirm that SYN-RECEIVED received and sent a connection request, waiting for the other party to confirm that ESTABLISHED represents the transmission connection established after receiving and sending a connection request, both parties entered the data transfer state FIN-WAIT-1 closed actively, and the host sent a request to close the connection Waiting for the other party to confirm that the FIN-WAIT-2 closes actively, the host has received the confirmation that the other party closes the transmission connection, waits for the other party to send the request to close the transmission connection TIME-WAIT to complete the two-way transmission connection closure, waits for all packets to disappear CLOSE-WAIT passively closes, receives the request to close the connection passively from the other party, and has confirmed that the LAST-ACK is passively closed, waiting for the last transmission connection closure confirmation. And wait for all packets to disappear while both CLOSING parties try to close the transmission connection and wait for the other party to confirm.

Here we add a small instance to capture the number of times the Linux system TCP connection occurs in different states.

Ss-nt | sed-rn '1recipes / ^ ([^] +). * /\ 1Accordp' | sort | uniq-c

VIII. UDP characteristics

Work at the transport layer to provide unreliable network access, non-connection-oriented protocols, limited error checking, high transmission performance, no data recovery.

9. UDP Baotou

Header structure of UDP

Source port: the application port number of the source device; destination port: the port number of the target device application; message length: the checksum of the entire message size: provides additional reliability; data: specific data content to be transmitted

The difference between TCP and UDP

TCPUDP reliability

Whether it is reliable or not Connectivity oriented Connectivity oriented Connectionless confirmation Mechanism

With confirmation mechanism

If there is no confirmation mechanism, it doesn't matter whether it is sent out or less than the inefficient calculation by the network (because TCP requires a three-way handshake to establish a reliable connection for data transmission) high data recovery ability.

Yes

No flow control sliding window, no congestion mechanism, slow start, congestion avoidance, fast retransmission, fast recovery, no transmission speed, slow and fast application scenarios require low efficiency, high accuracy or connectivity. For example: e-mail (SMTP), the World wide Web (HTTP), file transfer (FTP) requires high efficiency, low accuracy requirements of the scene. For example: domain name translation (DNS), remote file server (NFS)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.