Chapter 14

Transport Layer Overview

Transport Layer Functions

Prepares the data to be sent over the network layer.

• Uses port number and sequence number to assemble and distinguish between
multiple applications segments received at a device .
• This also allows data to be multiplexed on the line.
Transport Layer

◆ The transport layer provides two protocols

• TCP – Transmission Control Protocol.

• UDP – User Datagram Protocol.

◆ The layer PDU is called a Segment.

◆ The Layer 4 data stream is a:

• Logical connection between the

endpoints .

• Provides transport services “Negotiate

transfer details before sending data”.

TCP UDP
3
TCP vs. UDP

◆ TCP provides: ● UDP provides:

• Connection establishment. • No connection establishment.

“Negotiate transport details” “Does not negotiate details”
• Reliable , error checked data. • Unreliable , no data error checking.
• Flow and congestion control. • No flow or congestion control.
• Ordered delivery. • No ordered delivery.

• Applications: • Applications :

◆ HTTP , FTP , Telnet , • DNS (usually) , DHCP

SMTP , MSN messenger • RTP (Real-Time Protocol)
• VoIP , Video

4
 HTTP FTP TFTP

Web
Server

TCP

TCP
Email and
TCP FTP
UDP Server

TCP
UDP

◆ A single client might have multiple TCP or UDP connections with multiple servers
at the same time.
◆ As the TCP perform handshaking , it is represented by a two ways arrow.

6
 Segmentation and Reassembly

• An Ethernet frame has a maximum frame size or Maximum Transmission Unit (MTU)
of 1,518 bytes.

• When a larger messages to be sent, data must be segmented .

• The maximum size of the frame determines what should the segment size be.
• Each segment is encapsulated in a frame after being addressed and numbered.
 20 octets 20 octets 1460 octets

TCP MSS =1460

Data = 1460 octets

1500 octets

Note : 2346 bytes for

wireless.

Determining TCP MTU

◆ Ethernet MTU defines the maximum size of the data segment which is negotiated
with the destination using the maximum segment size (MSS) option field in the TCP
SYN packet.

8
Transport Layer

segment segment

◆ TCP /UDP protocols encapsulate data into segments.

◆ Segment is encapsulated in to a packet in the network layer. The network layer

protocol IP is a best-effort service “ Not guaranteed or Unreliable service .

◆ TCP/UDP extend IP’s delivery service between two end systems by it’s offered
services.

9
TCP Header UDP Header

Application Header
i.e. (HTTP) header
or + data

10
Some types of data where errors can be tolerated might be send quickly.
Port Numbers: TCP and UDP
Identifying the Conversations

IP Packet Header
• At the TCP/IP Internet Layer:

• When a packet is decapsulated at the destination, the protocol code in the IP

Packet Header specifies whether the segment is TCP or UDP.

• Port numbers are used to inform the receiver the proper application by which
it should process the “Data”.” Used to pass information to upper layers”
◆ The combination of the port number and the host IP address uniquely identifies a
particular process running “socket number” . An HTTP web page with (port 80)
running on a host with IP address of 192.168.1.20 would be destined to socket
192.168.1.20:80.

◆ Port numbers are assigned by the Internet Assigned Numbers Authority (IANA).

◆ Port numbers are divided in to three main categories (Well known ports ,
Registered ports , Dynamic or private ports).

14
Port Addressing Types and Tools
• Well-Known Ports:

• Reserved for common services and applications.

20 – FTP Data 443 – HTTPS

25 – SMTP
21 – FTP Control
69 – TFTP
110 – POP3
23 – Telnet
520 – RIP
194 – IRC
Port Addressing Types and Tools
• Registered Ports:

• Non-common Optional user processes and applications.

• May also be used as dynamic or private port (next).
• These port numbers are assigned by IANA to a requesting entity to use with specific
processes or applications.
• These processes are primarily individual applications that a user has chosen to install,
rather than common applications that would receive a well-known port number.
• For example, Cisco has registered port 1812 for its RADIUS server authentication
process.

8008 – Alternate HTTP 2000 – Cisco VoIP

1863 – MSN Messenger 5004 – RTP

8080 – Alternate HTTP
5060 – SIP (VoIP)
1812 – RADIUS
Port Addressing Types and Tools

• Dynamic Ports (ephemeral ports):

• Usually assigned dynamically to client applications initiating a connection.

• Note: Some peer-to-peer file sharing programs use these ports as Register Ports.

• These ports are also known as ephemeral ports.

• The client’s OS usually assign port numbers dynamically when a connection to a
service is initiated.
• The dynamic port is then used to identify the client application during communication.
 Client Server
Example : Establishing a Telnet
session

Telnet
Client TCP Header

1028
23

Telnet Data

◆ Client sends TCP segment with:

• Destination Port: 23 (Well known port number)
• Source Port: 1028 (Dynamic Port assigned by client)

18
 Client Server
Example : Establishing a Telnet
session

Telnet
Server TCP Header

23 1028

Telnet Data

◆ Server responds with TCP segment with:

• Destination Port: 1028 (Dynamic Port assigned by client)

• Source Port: 23 (Well known port number)

19
 Same client to same server but with
two different HTTP sessions
49888 49890
◆ Client: Same destination port
◆ Client: Different source ports to
uniquely identify this web session.

C:\netstat -n
Destination Port Connection
Active Connections Source Port State
TCP Proto Local Address Foreign Address State
or TCP 192.168.1.101:49888 198.133.219.25:80 TIME_WAIT
UDP TCP 192.168.1.101:49890 198.133.219.25:80 TIME_WAIT

Source IP Destination IP
20
Connectionless Transport: UDP
 UDP

It is a Connectionless transport protocol.

• No “handshaking” (no connection establishment) as with TCP (coming).

• Unreliable delivery.
• No error checking.
• No flow control.
• No congestion control.
• No ordered delivery.

23
The UDP header – a smaller header overhead

◆ source port -- the number of the calling port.

◆ destination port -- the number of the called
port.
◆ UDP length -- Length of the UDP header.
◆ checksum -- Calculated checksum of the
header and data fields. “Error checking”
◆ Data -- upper-layer protocol data .
◆ TCP header has 20 bytes of overhead.
◆ UDP header has only 8 bytes of overhead

Why would an application developer choose TCP rather than UDP?

◆ Less control overhead..

• Applications that use UDP can tolerate some data loss:

◆ Streaming video
◆ VoIP (Voice over IP)

• TCP will continue to resend segments that are not acknowledged.

• Application decides whether or not to resend entire file: TFTP

24
UDP - No connection establishment
Client Server

U DP
se g m
Time ent
U DP
s e gm
e nt
U DP
se g m
e nt
U DP
s e gm
e nt

• TCP uses a three-way handshake to establish a connection (coming)

• UDP does not – it just blasts away the data segments to the sender.
• No delay to establish connection.

25
UDP Checksum ..Error detection But not correction

◆ If datagrams take multiple paths, they will sometimes arrive in the wrong order.
UDP does not sequence or acknowledge datagrams as TCP does .

◆ UDP (only detects if there is an error) it does nothing to recover the error.

◆ Re-sequencing datagrams and handling missing data is up to the application.

◆ It is up to the application layer protocol (example TFTP) to decide what to do,

such as prompt the user to download/upload the entire file again.

◆ Using UDP doesn’t mean that the connection is not reliable .

◆ It means that UDP get the help of the application layer it self to try to arrange
data and recover errors.

26
UDP
◆ The user uses TFTP to upload a file to a TFTP server.

27
UDP

◆ Although DNS and SNMP use UDP by default, both can also use TCP.
◆ DNS will use TCP if the DNS request or DNS response is more than
512 bytes, such as when a DNS response includes many name
resolutions. Similarly, under some situations the network
28
administrator may want to configure SNMP to use TCP.
UDP

◆ DNS uses UDP when clients send requests to a DNS server, and TCP
when two DNS serves directly communicate.

29
Connection-oriented Transport: TCP
 TCP

◆ TCP provides reliable delivery on top

of unreliable IP

◆ TCP provides:
• Reliable delivery
• Error checking
• Flow control
• Congestion control
• Ordered delivery
• Connection establishment

◆ source port -The calling port .

◆ destination port -The called port .
◆ sequence number -A number used
to ensure correct sequencing of the
arriving data .
◆ Acknowledgment number - the next
expected TCP octet.

31
TCP Header

32
 TCP Header
TCP Header Field Description

Source Port A 16-bit field used to identify the source application by port number.

Destination Port A 16-bit field used to identify the destination application by port number.

Sequence Number A 32-bit field used for data reassembly purposes.

A 32-bit field used to indicate that data has been received and the next byte expected from the
Acknowledgment Number
source.

Header Length A 4-bit field known as ʺdata offsetʺ that indicates the length of the TCP segment header.

Reserved A 6-bit field that is reserved for future use.

A 6-bit field used that includes bit codes, or flags, which indicate the purpose and function of the
Control bits
TCP segment.

Window size A 16-bit field used to indicate the number of bytes that can be accepted at one time.

Checksum A 16-bit field used for error checking of the segment header and data.

Urgent A 16-bit field used to indicate if the contained data is urgent.

33
 TCP

The six control bits flags are as follows:

◆ URG - Urgent pointer field significant
◆ ACK - Acknowledgment flag used in connection establishment and session termination
◆ PSH - Push function
◆ RST - Reset the connection when an error or timeout occurs
◆ SYN - Synchronize sequence numbers used in connection establishment
◆ FIN - No more data from sender and used in session termination

34
3 Way Handshake – role

◆ The 3 way handshake :

• Verifies that the destination device has an active service and inform it that
the source client intends to establish a communication session on that port
number.

• The initial window size is also determined during the three-way handshake.

• Sequence number synchronization is used to track the order of packets to

ensure no packets lost in transmission.
Three-way Handshake

Step 1:

◆ HTTP Request (GET), is sent by the client. Client Web Server

◆ A TCP client perform the three-way

handshake before sending data.
SYN, SEQ=8563
◆ The three-way handshake starts by sending
a segment with the SYN (Synchronize
Sequence Number) control flag set, SYN Received
indicating an initial value in the sequence
number field in the header.

◆ The Initial Sequence Number (ISN) is

randomly chosen and is used to begin
tracking the flow of data from the client to
the server for this session. Note: ISNs do not
start a 0 or 1. “security issues” (Beyond the
scope of this presentation.)
37 ◆ Step 1: Client sends ISN, SEQ=8563 (last four digits)
 Client Web Server
Three-way Handshake

SYN, SEQ=8563

SYN Received

SYN, ACK,
SEQ=1678
SYN, ACK Received
ACK=8564

Step 2:

◆ The TCP server needs to acknowledge the receipt of the SYN segment.
◆ Server sends a segment back to the client with ACK flag set.

◆ The value of the acknowledgment number field is equal to the client initial
sequence number plus 1. (Expectational acknowledgement - The next
byte this host expects to receive ).

• SYN flag is also set with its own random ISN for the Sequence number.

38
39 ◆ Step 2: Server responds with ACK=8564, own ISN, SEQ=1678
 Client Web Server

Three-way
Handshake
SYN, SEQ=8563

SYN Received

SYN, ACK,
SEQ=1678
SYN, ACK Received
ACK=8564
ACK,
SEQ=8564
ACK=1679 ACK Received

HTTP Request
(GET)
Step 3:

◆ TCP client responds with a segment containing an ACK that is the response to
the TCP SYN sent by the server.
◆ The value in the acknowledgment number field contains one more than the initial
sequence number received from the server.
◆ After the three way handshaking is completed , The client can now send
application data encapsulated in TCP segment.
• HTTP Request (GET)
40
 ◆ Step 3: Client sends ACK=1679
41
TCP: Connection Termination

1. When the client has no more data to send in the stream, it sends a segment with
the FIN flag set.
2. The server sends an ACK to acknowledge the receipt of the FIN to terminate the
session from client to server.
3. The server sends a FIN to the client, to terminate the server to client session.
4. The client responds with an ACK to acknowledge the FIN from the server.

42
Flow Control and Reliability

◆ Reliability

• Guaranteed delivery – by resending data that is not received.

◆ Flow Control

• Each host has a receive buffer for the TCP connection.

• Flow control makes sure these buffers do not receive more data than the
connection can handle.

43
 Client
Windo
Size= w
5,000

er
Serv w
o
Wind 10,000
Size=

Flow Control and Reliability

◆ The receiving host's TCP layer reports a window size to the sending host's TCP
layer. “The maximum number of received data (bytes) that can be buffered by this
host, before an acknowledgment from this (the receiver host ) will be sent.

◆ TCP is a full duplex service, client and server specify their own window sizes.

44
 Client W
ind
Size=5,0 ow
00
My Receive My Receive
Window: 5,000 ow
ve r Wind Window: 10,000
Ser 10,000
Size=

“I can send 10,000 “I can send 5,000

bytes without hearing bytes without hearing
an ACK, and I can an ACK, and I can
only receive 5,000 only receive 10,000
bytes at a time.” bytes at a time.”

Client Example

◆ Receive Window Size=5,000 bytes – Server can only send 5,000 bytes before it
receives an acknowledgement.

◆ Send Window Size = 10,000 bytes – Server told the client that client can send the
server 10,000 bytes before receiving an acknowledgment.

45
 Flow Control and Reliability

Application Data (100,000 bytes)

1-1000 1001-2000 2001-3000 3001-4000 4001-5000 …

TCP 1-1000 TCP Segment

● When TCP has a large file (such an image) it breaks it into equal segments, with
the last segment typically smaller.

● In the past example: server window Size of 10,000 bytes.

● For example, starting with a sequence number of 2000, if 10 segments of 1000

bytes each were received by the server, an acknowledgement number of 12001
would be returned to the source.

46
 MSS of 1,000 bytes
Client Web
Client Win Server
do
Size=5,00 w
0 bytes Send Window=5,000
SEQ=1 (to 1,000)
◆ This is known as a Stop- Window
Server 000bytes…
and-Wait windowing 0, SEQ=1,001 (to 2,000)
Size=1
protocol. SEQ=2,001 (to 3,000)
◆ Server must wait for SEQ=3,001 (to 4,000)
acknowledgment before
SEQ=4,001 (to 5,000)
continuing to send data.
Send Window: Byte 10,000
ACK=5,
001 (With Sliding windows)

SEQ=5,001 (to 6,000)

… SEQ=6,001 (to 7,000)
SEQ=7,001 (to 8,000)
SEQ=8,001 (to 9,000)
SEQ=9,001 (to 10,000)

Send Window: Byte 15,000

ACK=
10,00
1

SEQ=10,001 (to 11,000)

….

47
TCP Retransmission
• A destination host service using TCP usually only acknowledges data for
contiguous sequence bytes.

• If one or more segments are missing, only the data in the segments that
complete the stream are acknowledged.
Sliding Windows

A better method is Sliding Windows

◆ Sliding window algorithms are methods of flow control used by the receiver to
control data transfer ( flow) using the receivers Window size.

◆ If more data can be handled, acceptable window size increases.

◆ Over time, this sliding window size increases as the receiver acknowledges data.

49
 The TCP retransmission timer

◆ TCP uses a single retransmission timer for all of it’s unacknowledged segment
sent within a TCP connection.

◆ We will use three simple examples to explain how this works.

50
Scenario 1: Loss of an ACK
Client Web
Server

◆ Web Server sends data. , 8 bytes dat

a
2
SEQ=9
• Starts TCP retransmission timer.
◆ Client: ACK
= 10 0
• Segment received
Timeout
• Sends ACK
X
• But ACK from Client gets lost (loss)
(TCP
Retransmission
(dropped somewhere) Timer)
◆ Web Server 8 bytes da
ta
2 ,
• Waiting for ACK. SEQ=9

• TCP Retransmission Timer expires.

ACK
= 10 0
• Retransmits segment.
◆ Client
• Receives segment but discards it.
• Resends ACK
◆ Web Server
• Receives ACK

51
Scenario 2: ACK arrives after timer expires Web Server

Client
◆ Web Server:
a
• Sends 2 segments , 8 bytes dat
2
• Starts timer for oldest segment, SEQ=9 seq 92
SEQ=92 ata Timeout
0 , 2 0 bytes d
0
• Waits for ACK SEQ=1

AC (TCP
◆ Client: AC K=
1
Retransmission
K= 00
• Receives both segments 1
Timer)
20
• Sends 2 separate ACKs
a
, 8 bytes dat
2
SEQ=9 seq 92
◆ Web Server:
Timeout
• Neither ACK has arrived yet
AC
• Timer for SEQ=92 expires K=
1
• Resends segment SEQ=92 20
• Restarts timer for SEQ=92

◆ Client: This ACK tells

• Receives retransmitted SEQ=92 the Web
segment. Server that
• Discards segment both
• Re-sends ACK=120 for next byte segments
needed have been
received.

52
 Client Web Server
Scenario 3: Loss of first ACK

◆ Web Server: 8 bytes d

ata
SEQ= 9 2 , seq 92
• Sends 2 segments ata Timeout
0 , 2 0 bytes d
• Starts timer for oldest segment, SEQ=1
0
SEQ=92 ACK
= 100 (TCP
• Waits for ACK ACK Retransmission
=
◆ Client:
120 X Timer)

• Receives both segments (loss)

• Sends 2 separate ACKs

• ACK for first segment, ACK=100, is
lost
◆ Web Server:
• Before timer expires for SEQ=92
ACK (ACK=100), receives ACK=120
• Web Server knows that Client has
received everything up to byte 119.
• Does not need to resend either of
the two segments.

53
Scenario 4: Data Loss and
Retransmission

TCP could only acknowledge the next

byte expected.

For example, in the figure, using

segment numbers for simplicity, host A
sends segments 1 through 10 to host
B.

If all the segments arrive except for

segments 3 and 4, host B would reply
with acknowledgment specifying that
the next segment expected is segment
3.

Host A has no idea if any other

segments arrived or not. Host A would,
therefore, resend segments 3 through
10. If all the resent segments arrived
successfully, segments 5 through 10
would be duplicates. This can lead to
delays, congestion, and inefficiencies
Scenario 4: Data Loss and
Retransmission
Host operating systems today typically
employ an optional TCP feature called
selective acknowledgment (SACK),
negotiated during the three-way
handshake.

If both hosts support SACK, the

receiver can explicitly acknowledge
which segments (bytes) were received
including any discontinuous segments.
The sending host would therefore only
need to retransmit the missing data.

For example, in the figure, again using

segment numbers for simplicity, host A
sends segments 1 through 10 to host
B. If all the segments arrive except for
segments 3 and 4, host B can
acknowledge that it has received
segments 1 and 2 (ACK 3), and
selectively acknowledge segments
5 through 10 (SACK 5-10). Host A
would only need to resend segments 3
and 4.
A few more notes on Window Size, Timers, etc.

◆ The host may reduce it’s Window Size if:

• ACKs not arriving before retransmission timer expires or not arriving at all.
◆ This may also cause the host to increase it’s retransmission timer interval.
• Receive buffers are decreasing, filling up.

◆ The host may increase it’s Window Size if:

• ACKs are received before retransmission timer expires
• Receive buffers are increasing, less bits to process.

56
A few more notes on Window Size, Timers, etc.

◆ By default, the TCP connection timeout is 15 minutes and

the UDP connection timeout 30 seconds.
TCP/IP Application Layer Protocols

Application
Layer
FTP HTTP SMTP Telnet TFTP SNMP DHCP DNS

20 & 21 80 25 23 69 161 67 & 68 53

Transport
Layer
TCP UDP

Internet

IP
Layer

Network
Access
Layer LAN / WAN

58
Summary: Port Numbers

Port Layer 4
Application Description
Number Protocol
20 FTP TCP File Transfer Protocol – Data

21 FTP TCP File Transfer Protocol – Control Commands

23 TELNET TCP Terminal connection

25 SMTP TCP Simple Mail Transfer Protocol - Email

53 DNS UDP Domain Name System

67,68 DHCP UDP Dynamic Host Configuration Protocol

69 TFTP UDP Trivial File Transfer Protocol

80 HTTP TCP Hypertext Transfer Protocol