Discuss one of the following 3 topics:
- What is buffer bloat, and what does it have to do with TCP?
- We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
- In this unit, we examine the TCP header in detail. Although we haven’t started discussing firewalls and TCP, what kinds of things in the TCP segment header would be useful for a firewall? What could a firewall look for in the header to identify nefarious traffic?
Ahmed A. Alkaysi says
2. We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
UDP is used for connections that do not need the reliability of TCP, where every packet is confirmed to have been received. Applications that need the speed and don’t mind if packets are dropped here and there and aren’t resent, such as VOIP, would use UDP as it would be a lot faster than using TCP. For connections requiring an acknowledgement and every packet to be sent, then TCP would be the choice of protocol.
Neil Y. Rushi says
According to Wikipedia, buffer bloat is high latency in packet-switched networks caused by excess buffering of packets, cause jitter and reduce overall throughput. TCP has a role with buffer bloat because usually TCP will adjust itself and match the speed of the bandwidth unless the buffer is full then it will be backed up and packets will start drop. It messes up interaction with other types of network protocols such as UDP and make VoIP and gaming things slow due to the latency.
Donald Hoxhaj says
Hi Neil,
Your answer to the question was quite interesting. I see a TCP more as a regulator of traffic than a security prevention protocol. It would ultimately ensure that the bandwidth requirements are met and that the speed of the network is utilized to its full potential. However, I feel that security layer at TCP is very essential so that a situation of buffer bloat can be carefully dealt. In organizations where traffic comes from different networks and locations, it is important to know which dropped packets were crucial and which were spam.
Neil Y. Rushi says
I see your point Donald, I overlooked that fact about TCP being a regulator of traffic and the dropped packets. It is essential to an organization who monitors network traffic to see if the packets received were supposed to come through were reported as spam and vice versa.
Fred Zajac says
A packet-filtering firewall can be configured to only allow traffic of a specific criteria. It filters based on things like IP address, Internet Control Message Protocol messages, and UPD / TCP port settings. The TCP header includes information such as the source and destination port numbers to identify the sender and receiver. The firewall can be configured to drop any / certain connection requests to and from a specific port. For example, you could disable all facebook traffic by not allowing facebook.com (IP address) or not allow HTTP / HTTPS all together by denying port 80 and 443 connections.
We learned a three way handshake in a TCP connection is established when the user sends a SYN to the receiver. The receiver responds with an ACK of the users SYN. The user sends an ACK back to the receivers SYN. These flags / control bits in the TCP header can be used by firewalls to intercept and drop suspicious packets requesting connection by analyzing the sequence of the flags. For example, you could disallow a specific or broad set of flag combinations.
Donald Hoxhaj says
What is buffer bloat, and what does it have to do with TCP?
Buffer Bloat is a state of high latency that usually comes from a network device such as a router because it accumulates too much of buffer or data. Buffer bloat causes network to go down and reduces the performance of it. In times of high traffic, a buffer bloat causes drastic spikes in network performance and users experience varying network issues. This problem usually arises when network devices such as Router or Switch is configured in a way such that it accepts high amounts of data or use high memory resources for buffer. Usually when packets arrive faster in a slow system or network, most of the excess packets are dropped and this drop is usually not noticeable. TCP helps identifying the dropped packets so that the target system knows which packets were dropped and where did it come from. It is for this reason that the longer the buffers will be, the more time it requires for the TCP to identify those dropped packets. TCP helps to regulate traffic and optimized bandwidth of the network.
Ronghui Zhan says
Even as, year over year, the maximum speed of our internet infrastructure transitions for 10/100 to gigabit to 40Gbe, we continue to see a surprising amount of latency in interactive TCP flows under certain network conditions. As demonstrated by Jim Gettys and others, a common culprit for this latency is buffer bloat. This issue is noticeable at a bottleneck point in the network (say at the boundary of an end-user’s home network and the general internet) where a fast transport link interacts with a slow one. When packets arrive at the slower system faster than it can process them,the queue at the slow node begins to fill up. Only when the queue is full does it start to drop packets, but the fact that these packets have been dropped is not noticeable until the rest of the buffer has been processed. For this reason, the longer the buffers are, the longer it takes for a drop to be noticed by a protocol such as TCP. But why is this an issue? More buffer means that more packets can be successfully queued to be sent before the TCP stream starts to falter. However, contrary to what one might hope for from larger buffers, the delay in response between a packet being dropped and the notification of the drop reaching the sender means that it is much more difficult for TCP’s congestion control protocol to react to changes in the network.
Let’s assume that you are copying a large number of files over the internet to some server. TCP will do what it was designed to do, and utilize as much bandwidth as it can – keeping a quadratically increasing number of packets in flight until it starts to see losses, then scaling back. As TCP is in the process of increasing the window size, it will at some point exceed the speed of the slowest network link between the client and server. However, if that link also has a large buffer, TCP won’t notice that it is moving too much data until that buffer completely fills, drops a packet and then the entire queue size is processed once more. Eventually, a relatively stable speed will emerge with TCP keeping the buffers of the device mostly full. However, this means that new traffic coming in is very likely to be dropped – the queue is already close to full – and that the drops won’t be noticed until the queue is processed up until the dropped packet, which may take a noticeable amount of time. Given a 1 megabit uplink and a 128KiB queue (as is the case in Getty’s study), it will take a full second for the drop to be noticed and for the large flow to scale back.
Reference: http://www.cs.tufts.edu/comp/150IDS/final_papers/rschla02.1/paper.html
Jason A Lindsley says
2. We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
The UDP protocol is useful in scenarios where you need to exchange a significant amount of data at a high speed. Examples include video/media streaming, Voice-over IP (VoIP), and online gaming. In these scenarios, your “physical senses” (e.g. seeing and hearing) are not perfect and therefore they do not always notice a few dropped packets. However, if these services were to wait for every single packet to be delivered, it could result in a significant communication delay or poor user experience. These services all require near “real-time” data transmission and therefore users and applications are typically willing to sacrifice packet loss.
Oby Okereke says
In this unit, we examine the TCP header in detail. Although we haven’t started discussing firewalls and TCP, what kinds of things in the TCP segment header would be useful for a firewall? What could a firewall look for in the header to identify nefarious traffic?
A TCP segment is the TCP header with data. The TCP header is used to track the state of communication between two TCP endpoints. Since TCP segments are inserted (encapsulated) in the payload of the IP packet the TCP header immediately follows the IP header during transmission. TCP headers are used by firewalls to filter packets. TCP headers contain useful information that can be inspected by firewalls to determine that action to be applied to the traffic. . Having briefly described TCP header and TCP segment header, some of the things in the TCP segment header that would be useful for a firewall are as follows;
U (URG) The “urgent” pointer is valid
A (ACK) The acknowledgment number is valid
P (PSH) The receiver should pass this data to the application as soon as possible
R (RST) Reset the connection
S (SYN) Synchronize sequence numbers to initiate a connection.Only the first packet sent from each end should have this flag set. Some other flags and fields change meaning based on this flag, and some are only valid for when it is set, and others when it is clear.
F (FIN) The sender is finished sending data.
A stateful firewall can determine if a packet can should be allowed or denied based on the status of the firewall rules and these flags as well as applying considering the rule set, source address, destination address, IP protocol and action. For example, A new service request triggers the SYN bit which will refer to the firewall rule for further processing and determination if the Tcp request is properly or improperly formed which will lead the firewall to allow or reject the traffic.
Shi Yu Dong says
A packet-filtering firewall can be arranged to just permit movement of a particular criteria. It channels in light of things like IP address, Internet Control Message Protocol messages, and UPD/TCP port settings. The TCP header incorporates data, for example, the source and goal port numbers to distinguish the sender and collector. The firewall can be arranged to drop any/certain association solicitations to and from a particular port. For instance, you could incapacitate all facebook movement by not permitting facebook.com (IP address) or not permit HTTP/HTTPS all together by denying port 80 and 443 associations.
We took in a three manner handshake in a TCP association is built up when the client sends a SYN to the collector. The recipient reacts with an ACK of the clients SYN. The client sends an ACK back to the beneficiaries SYN. These banners/control bits in the TCP header can be utilized by firewalls to block and drop suspicious bundles asking for association by examining the grouping of the banners. For instance, you could deny a particular or wide arrangement of banner mixes.
Fraser G says
Buffer bloat can be best thought of as an overload of information (packets) that get backed up and can’t be processed quickly enough – causing slowdowns. The buffer in a router is designed to allow for some level of packet queuing, this is known as a buffer. It helps when you have two devices with different speeds on a network, where device A is sending data to device B faster than device B can process it.
I try to think of these things in real world terms. Say you have a man (Steve) opening and reading letters that he takes out of a small mailbox. Another man (Joe) is dropping letters into the mailbox. Joe is putting letters in faster than Steve can read them, but it’s ok for a while because the mailbox has room. When the mailbox fills up, Joe stops dropping the letters in the box and throws them on the ground(packet loss). Steve doesn’t know that he is missing letters until the mailbox is empty. The gap between when Joe stops dropping letters and Steve realizes that the mailbox is empty is what we know as buffer bloat. In the TCP Model, Joe would try to match how quickly Steve can read, however if the buffer fills it leads to missed letters(packets).
Brent Hladik says
What is buffer bloat, and what does it have to do with TCP?
This is where buffering of packets causes high latency delays. It has to deal with TCP because buffer bloat causes extra long delays during any kind of network congestion.
We learn in this unit that TCP has a lot of features that allow reliable communication on unreliable networks (like the Internet). However, UDP does not have these features… why so you suppose we need a protocol like UDP, and what are some uses for UDP where reliability may not be as important? What do we gain when we sacrifice TCP’s reliability for UDP?
One example for this why we would need something like this is for jobs that may need to run on a sql server for example back and forth between servers. They wouldn’t always need that 100% reliable link as the jobs would constantly be running on a reg schedule so if they mis a run then they can catch up the next go around if anything interfered.
In this unit, we examine the TCP header in detail. Although we haven’t started discussing firewalls and TCP, what kinds of things in the TCP segment header would be useful for a firewall? What could a firewall look for in the header to identify nefarious traffic?
They would look for SYN, RST, ACK, FIN, and other control codes to determine the state of the connection as an example.
Ryan P Boyce says
The biggest difference between TCP and UDP is that UDP does not wait for a response from the receiver packets were received or if they were received in the correct order. TCP segments the packets so that the receiver has a short window to verify that it received all packets and in the proper order. UDP would not be the protocol of choice in sending bank account information to someone or, generally, in any area where the rate of data exchange and the order is highly important. UDP is, though, good for less sensitive application such as ping or streaming music over the internet. Applications that use UDP gain in speed over TCP applications-an application that uses UDP does not have the overhead of checking for correctness. It just gets the data and send it the application stack.
Shi Yu Dong says
A parcel sifting firewall can be designed to just permit movement of a particular criteria. It channels in light of things like IP address, Internet Control Message Protocol messages, and UPD/TCP port settings. The TCP header incorporates data, for example, the source and goal port numbers to distinguish the sender and recipient. The firewall can be designed to drop any/certain association solicitations to and from a particular port. For instance, you could impair all facebook activity by not permitting facebook.com (IP address) or not permit HTTP/HTTPS all together by denying port 80 and 443 associations.
We took in a three manner handshake in a TCP association is built up when the client sends a SYN to the beneficiary. The recipient reacts with an ACK of the clients SYN. The client sends an ACK back to the recipients SYN. These banners/control bits in the TCP header can be utilized by firewalls to catch and drop suspicious bundles asking for association by examining the succession of the banners. For instance, you could forbid a particular or expansive arrangement of banner blends.
Younes Khantouri says
This is a high latency that occurs when there traffic on your network. The best way to test if your network has Buffer bloat is by using DSLReport Speed Test or the Tests for Buffer Bloat. If one of these tests shows that your network means that your router is letting bulk traffic (such as gaming, Skype, Facetime,etc…) twiddling with QoS might help. In so many cases, faster internet connection probably won”t help at all.
TCP get involved since Buffer Bloat causes a long delays because buffer bloat causes long delays during any kind of network congestion. One more reason why TCP gets involved with Buffer Bloat is the fact that it has so many features to manage reliable and unreliable commutations that go through networks.
Sachin Shah says
3. I think if a message comes in a format – the firewall can be adjusted to only look for that segment header. For instance I work with Hl7 messages which is healthcare standard and patient infirmation always starts with a “MSH” segment which is the header. These are allowed to pass otherwise they are firewall restricts the data. I know in our security department the firewalss also look for header of source ip\port and destination ip\port. Also if the length is too long or junk\short data.