Tell us about your understanding of the "three-way handshake" and "four-way wave"

Reference answer:

We all know that TCP is connection-oriented. The three-way handshake is used to establish a connection, and the four-way handshake is used to disconnect the connection.

Three-way handshake

First picture:

Vernacular Comprehension

1. Can I take the initiative to call you?
2. Of course! Can I call you, too?
3. Yes, the connection is established successfully!

Let's take a look at the three-way handshake process:

• Initially, both the client and the server are in the CLOSED state. The client actively opens the connection, and the server passively opens the connection, ends the CLOSED state, starts listening, and enters the LISTEN state.

A handshake

• The client will randomly initialize the sequence number (client_isn), put this sequence number in the "sequence number" field of the TCP header, and set the SYN flag to 1, indicating a SYN message. Then the first SYN message is sent to the server, indicating that a connection is initiated to the server. This message does not contain application layer data, and the client is then in the SYN-SENT state.

Second handshake

• After receiving the SYN message from the client, the server first randomly initializes its own sequence number (server_isn), fills this sequence number into the "Sequence Number" field of the TCP header, and then fills the "Confirmation Response Number" field of the TCP header into client_isn + 1, and then sets the SYN and ACK flags to 1. Finally, the message is sent to the client, which does not contain application layer data, and the server is in the SYN-RCVD state.

Three-way handshake

• After the client receives the message from the server, it must also respond to the server with the last response message. First, the ACK flag in the TCP header of the response message is set to 1, and then the "confirmation response number" field is filled with server_isn + 1. Finally, the message is sent to the server. This message can carry data from the client to the server, and then the client is in the ESTABLISHED state.

Well, after the three-way handshake process, the connection between the client and the server is confirmed to be normal, and then it enters the ESTABLISHED state, and the server and the client can communicate happily.

Here is a graphic representation of the dynamic process:

There is a small detail here. The third handshake can carry data, which is a point often asked in interviews.

So why do we need three handshakes? Can't we just use two?

• To prevent the server from opening some useless connections and increasing server overhead
• Prevent the invalid connection request segment from being suddenly sent to the server, thus causing an error.

Since network transmission has delays (it has to pass through network optical fibers and various intermediate proxy servers), during the transmission process, for example, the client initiates the first handshake with SYN=1.

If the server directly creates this connection and returns a data packet containing SYN, ACK, and Seq to the client, this data packet is lost due to network transmission reasons. After the loss, the client has not received the data packet returned by the server.

If there is no third handshake to tell the server that the client has received the data transmitted by the server, the server does not know whether the client has received the information returned by the server. The server considers the connection to be available, and the port remains open. When the client re-issues a request due to a timeout, the server will reopen a port connection.

As a result, many invalid connection ports will be opened in vain, resulting in a waste of resources.

This process can be understood as:

Another situation is that the request information sent by an invalid client is transmitted to the server for some reason. The server thinks it is a valid request sent by the client and an error occurs after receiving it.

So we need a "third handshake" to confirm this process:

The data of the third handshake tells the server whether the client has received the data sent by the server during the "second handshake" and whether the sequence number of this connection is valid. If the data sent is "received and no problem", the server will establish a TCP connection normally after receiving it. Otherwise, the TCP connection fails to be established and the server closes the connection port. This reduces server overhead and errors caused by receiving invalid requests.

Data transfer

Four waves

Vernacular Comprehension

1. Let's split up
2. Received a message from a friend
3. Okay, let's split it.
4. OK, that's it.

In order to prevent the final ACK from being lost, you need to wait for a while after sending the ACK, because if the packet is lost, the server needs to resend the FIN packet.

If the client has closed, the server will interpret the result as an error. As a result, a large number of ports will be occupied in high-concurrency non-long connections.

Use

Both parties can actively disconnect, and after disconnection, the "resources" in the host will be released.

The above picture shows that the client actively closes the connection:

A wave

• The client intends to close the connection and sends a message with the FIN flag in the TCP header set to 1, which is also called a FIN message. The client then enters the FIN_WAIT_1 state.

Second wave

• After receiving the message, the server sends an ACK response message to the client, and then the server enters the CLOSED_WAIT state.

Wave three times

• After the client receives the ACK response message from the server, it enters the FIN_WAIT_2 state. After waiting for the server to process the data, it also sends a FIN message to the client, and then the server enters the LAST_ACK state.

Four waves

• After receiving the FIN message from the server, the client returns an ACK response message and then enters the TIME_WAIT state.
• After the server receives the ACK response message, it enters the CLOSED state, and the server has completed the closing of the connection.
• After 2MSL, the client automatically enters the CLOSED state, and the client also completes the connection closure.

A FIN and an ACK are required in each direction, so it is often called four waves.

Why wave four times?

• When closing the connection, when the client sends a FIN to the server, it only means that the client will no longer send data but can still receive data.
• When the server receives the FIN message from the client, it first returns an ACK response message. The server may still have data to process and send. When the server no longer sends data, it sends a FIN message to the client to indicate that it agrees to close the connection now.

From the above process, we can see that the server usually needs to wait for the data to be sent and processed, so the server's ACK and FIN are generally sent separately, resulting in one more handshake than the three-way handshake.

Why does the client have to wait for 2MSL in the TIME-WAIT phase? ​

In order to confirm whether the server has received the ACK confirmation message sent by the client, when the client sends the last ACK confirmation message, it cannot be sure that the server can receive this message.

Therefore, after sending the ACK confirmation message, the client will set a timer with a duration of 2MSL.

MSL refers to Maximum Segment Lifetime: the maximum life cycle of a TCP message during transmission.

2MSL is the maximum length of time that the FIN message sent by the server and the ACK confirmation message sent by the client can remain valid.

If the server does not receive the ACK message from the client within 1MSL, it will send a FIN message to the client again:

• If the client receives the FIN message from the server again within 2MSL, it means that the server did not receive the ACK confirmation message sent by the client for various reasons.

The client sends an ACK confirmation message to the server again, the timer is reset, and the 2MSL timing starts again.

• Otherwise, if the client does not receive the FIN message from the server again within 2MSL, it means that the server has received the ACK confirmation message normally, and the client can enter the CLOSED stage and complete the "four waves".

Therefore, the client has to go through the TIME-WAIT phase of 2SML; this is why the client enters the CLOSED phase later than the server.

Here is also a graphic representation of the dynamic process:

The article comes from: Front-end Restaurant. If you want to reprint this article, please contact the Front-end Restaurant ReTech Toutiao account.

github: https://github.com/zuopf769