Discuss one of the following 3 topics:
- What is buffer bloat, and what does it have to do with TCP?
- We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
- In this unit, we examine the TCP header in detail. Although we haven’t started discussing firewalls and TCP, what kinds of things in the TCP segment header would be useful for a firewall? What could a firewall look for in the header to identify nefarious traffic?
Darin Bartholomew says
Buffer Bloat has to do with congestion of the network. Essentially there’s a buffer that is used to ensure that packets reach their destination without being dropped. The impact on TCP is that because of the way handshake, it takes a little more resources to complete connections and send packets which could lead to more use of resources.. One of the other questions mentions UDP which basically throws packets at a location with no validation that the packet reached its destination. TCP packets victim of buffer bloat could be dropped and not reach the destination. The example I kept running through my head is when I was younger, on dial up, trying to watch a video using real video player (I think we all used that). I would constantly be stuck “buffering” which I can imagine was because the packets had so much data from a video file. It was in the buffer. If the connection suffered buffer bloat, chances are I’d get an error or dropped connection. If it worked, the video would play for a short period and then buffer again.
Vaibhav Shukla says
TCP and UDP both are transport layer protocols.Main difference between two is TCP is connection oriented and UDP is connectionless.The User Datagram Protocol (UDP) provides a best-effort datagram service to an end system (IP host). UDP provides no guarantee for delivery and no protection from duplication, but the simplicity of UDP reduces overhead from the protocol and can be adequate for some applications.
Typically, use UDP in applications where speed is more critical than reliability. For example, it may be better to use UDP in an application sending data from a fast acquisition where it is acceptable to lose some data points. You can also use UDP to broadcast to any machine(s) listening to the server
UDP is commonly used in
• Voice over IP
• Trivial File Transfer Protocol
• Online games
• Tunneling/VPN (lost packets are ok – the tunneled protocol takes care of it)
• Media streaming (lost frames are ok).
http://digital.ni.com/public.nsf/allkb/56ECBF3428911D4F862569650052FDCD
Julien Rossow-Greenberg says
Why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important?
UDP is useful in scenarios where transmission speed is important. We see UDP in places such as video streaming services. Skype, WebEx, etc use UDP. Dropped packets aren’t so big of an issue in this case because if a packet is dropped it is going to be replaced very quickly.
Anthony Clayton Fecondo says
We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
UDP is necessary for technology that doesn’t require all of the added features of TCP. For example, one of the notable differences between TCP and UDP is TCP’s confirmation that packets are received. However, this feature makes TCP significantly more resource intensive. If the confirmation isn’t necessary, then using TCP would be a waste of resources. For example, in telecommunication or webcalls, its unnecessary to receive confirmation of message delivery because the receiver of the message can hear or see when the message is delivered. Since the user can easily identify if the data is delivered, there is no need for the protocol to perform this function. As a result, the fast and lightweight UDP is a better fit for these technologies.
Shain R. Amzovski says
The main difference between TCP and UDP is that the TCP is connection oriented, while UDP is connection-less. In TCP after the connection is setup, bidirectional sending of data is possible. In UDP, packets are sent in chunks. TCP is more reliable than UDP, but UDP is faster than TCP. There are some uses today, where UDP is an acceptable protocol because it is okay to not get all data always sometimes. For example, UDP is acceptable for Tunneling or VPN. Lost packets are acceptable because the tunneled protocol takes care of the lost packets. Media Streaming is also an acceptable use case for UDP. Streaming provides a continuous stream of packets, lost frames are acceptable because they are quickly replaced by more packets. VoIP is another technology that uses UDP. Real-time video and audio protocols are designed to handle occasional last packets, so there is only a slight loss of quality, as opposed to large delays if lost packets had to be re-transmitted. A gain would be for example streaming a movie, would you rather have a quick buffer or a slight loss in quality, or wait for every lost packet to be re-transmitted?
BIlaal Williams says
TCP headers are used by firewalls to filter packets. TCP headers contain useful information that can be inspected by firewalls. This information will decide whether the firewall will allow the packet to enter the network. For example, when a browser sends an HTTP request to a Web server, the request contains the identity of the client computer, the source IP address, and the source port that the request went out. The firewall can relegate transmissions of the request according to how it is configured. Certain ports can be blocked or IP addresses can be blacklisted. The following are the main TCP/IP attributes used in implementing filtering rules:
• Source IP addresses
• Destination IP addresses
• IP protocol
• Source TCP and UDP ports
• Destination TCP and UDP ports
• The interface where the packet arrives
• The interface where the packet is destined
Stateful firewalls keep track of the state of network connections using information in TCP headers. As we learned in this lesson TCP connections are established with a three-way handshake (“SYN, SYN-ACK, ACK”) and ended with a “FIN, ACK” exchange. The firewall is able to track the state of the connection using these identifiers in the header and provide added efficiency in terms of packet inspection.
Ruslan Yakush says
Billal, great explanation! Prior to existence of stateful firewalls, firewalls were stateless that were processing each network frame and packet individually. These packets operate at Network Layer of OSI model and operates efficiently since stateless firewall look at header part of packet, therefore not looking at packet context to inspect nature of traffic.
Stateful firewalls have capability to keep a table of open connections with parameters such as source, destination ports and IPs, that way inspecting payload of packets.
Routers, Layer3 switches and firewalls control packets inspection by means of ACL which contains entries defining what is allowed and what is denied based TCP header parameters described above.
For example, the command below would deny tcp web traffic flowing between any source and destination:
access-list deny tcp any any eq www
Mengxue Ni says
1. What is buffer bloat, and what does it have to do with TCP?
Buffer bloat is the undesirable latency that comes from the existence of excessively large (bloated) buffers in systems, particularly network communication systems. In a shared network, “buffer bloat” is a phenomenon whereby buffering of packets causes high latency and jitter, as well as reducing the overall network throughput.
With TCP/IP, during network congestion buffer bloat causes extra delays, limiting the speed of internet connections. Other network protocols are also affected, including UDP-based protocols, partly because they share buffers in the router with TCP/IP connections. This can cause problems by restricting the speed of connections, affecting interactive applications, gaming and VoIP. It has only become apparent in recent years; as more modern network equipment implements larger buffers as memory prices fall.
2. We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
We will gain speed when we sacrifice TCP’s reliability for UDP. UDP is only concerned with speed. So we will use UDP in applications where speed is more critical than reliability. For example, it may be better to use UDP in an application sending data from a fast acquisition where it is acceptable to lose some data points. You can also use UDP to broadcast to any machines listening to the server.
Mushima K. Ngalande says
3. In this unit, we examine the TCP header in detail. Although we haven’t started discussing firewalls and TCP, what kinds of things in the TCP segment header would be useful for a firewall? What could a firewall look for in the header to identify nefarious traffic?
In the TCP Header the firewall would look in the flags segment. These are control bits that indicate different connection states or information about how a packet should be handled. These TCP flag details in fact be found in the firewall logs.
• URG – inform a receiving station that certain data within a segment is urgent and should be prioritized
• ACK – Acknowledges received data
• PSH – Push function – Asks to push the buffered data to the receiving application.
• RST – Reset the connection (Aborts a connection in response to an error)
• SYN – Initiates a connection. Synchronize sequence numbers. Only the first packet sent from each end should have this flag set. Some other flags and fields change meaning based on this flag, and some are only valid for when it is set, and others when it is clear.
• FIN – Closes a connection, No more data from sender (Seen after a connection is closed)
Before two host can communicate using TCP a connection must be created first, the Three-Way handshake SYN, SYN-ACK, ACK. A local host wishing to connect to a remote host will send a packet with the SYN flag and the sequence number field will initially contain a random number – note that no other flags should be set. Firewall will be logging these numbers during the 3 way handshake to ensure consistency.
Mengqi He says
1. What is buffer bloat, and what does it have to do with TCP?
Bufferbload is jitter and high latency in networks due to excess buffering of packets. It reduces the overall network throughput and is a common cause of poor performance and congestion collapse of networks, especially for TCP. The problem is that the TCP congestion avoidance algorithm relies on measuring the occurrence of packet drops to determine the available bandwidth. TCP requires a timely feedback about packets drops and keeps adjusting transmission rate until it reaches an equilibrium equal to the speed. Therefore, when a large buffer is filled, the packets would be queued and not be dropped. TCP would not slow down, and thus further filling the buffer. The delay in response between a packet being dropped and the notification of the drop reaching the sender makes it more difficult for TCP’s congestion avoidance protocol to react to changes in the network.
2. We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
Unlike TCP, UDP does not have features such as sequence numbers, acknowledgement segment and three-way handshake procedure to guarantee reliable data transmission. It also does not have error checking or flow control, and thus there is no guarantee that the packets sent would arrive in order or even arrive at all. However, UDP is much faster than TCP. Highly time-sensitive applications like online games, streaming media applications and voice over IP (VoIP) that generally rely on User Datagram Protocol (UDP) because it reduces latency and variation in latency by not worrying about reordering packets or getting missing data retransmitted.
Loi Van Tran says
We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
UDP is a simple transmission model with limited mechanisms which does not guarantee delivery or acknowledgment of receipt. This means that TCP is connection oriented and UDP is connectionless, making TCP more reliable but UDP faster. There are less requirements for the UDP protocol; no error reporting, recovery is not attempted, no sequence or ordering of packets, etc. Since it is a light-weight protocol compared to the heavy-weight TCP it is significantly faster. Take for example Voice over IP (VOIP) applications, if TCP was used than there would be a delay in time the message was sent until the receiver hears the message. If bits were loss, than TCP would retransmit the packet that would make the receiver hear the messages out of sequence. Using UDP with VOIP makes more sense, because it’s faster and resending voice information would likely mess up the conversation with TCP.
Ioannis S. Haviaras says
What is buffer bloat, and what does it have to do with TCP?
Bufferbloat is high latency in packet-switched networks caused by excess buffering of packets. When this occurs the sizing of the buffers makes the TCP congestion control algorithm fail. The TCP connection then slows down and bottlenecks causing TCP to fill up and then buffer again. An example of this could be when streaming a video. If many people try to buffer the same video simultaneously it will buffer and not be able to run.
Joseph Nguyen says
very interesting..
Jon Whitehurst says
We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
Applications like DNS and Time on servers use UDP to communicate to clients. Can you imagine a DNS server or a Time server having to keep track of the connections that is has for name lookups or what time it is on the server sending back to a response? We would need a bigger server for the simple things that we take advantage of every millisecond when using a network. UDP does not use memory on a server or workstation for its requests or responses. If there it does not get a response in a certain amount of time it would try the server again or try another server in its list. One advantage to UDP that TCP can’t do is router don’t care about UDP packets, it just gets passed through. With UPD you can achieve an atypical route and UPD will still work. TCP and routers packets needs to transverse the same path otherwise they will get dropped.
Amanda M Rossetti says
TCP can be slow because of the handshake required that is used to make sure every single message is received. UDP is used when speed is important and dropped messages are allowable. Speed is the big thing gained when you take away the requirement that every message is received. Things like steaming and gaming use UDP because speed is important but lost frames are ok because the average person won’t even notice that they were dropped.