A network administrator's self-cultivation: TCP protocol

Today, let’s continue with the network administrator’s self-cultivation of the TCP protocol, which is another core protocol besides the IP protocol.

The TCP protocol is a crucial protocol in network transmission, and it is located in the transport layer. It supports common application layer protocols such as FTP, TELNET, SMTP, DNS, HTTP, etc., and cooperates with the IP protocol of the network layer to achieve reliable network transmission.

Hierarchical network model

OSI 7-layer model

In order to effectively interconnect computers around the world, the International Organization for Standardization proposed a conceptual network model, the Open System Interconnection Model (OSI model for short).

From top to bottom, they are application layer, presentation layer, session layer, transport layer, network layer, data link layer, and physical layer.

Application Layer

The application layer provides interfaces designed for application software to set up communication with another application software, such as HTTP, HTTPS, FTP, Telnet, SSH, SMTP, POP3, etc.

Presentation Layer

The presentation layer converts the data into a format that is compatible with the receiver's system format and suitable for transmission.

Session Layer

The session layer is responsible for setting up and maintaining a communication connection between two computers in a computer network during data transmission.

Transport Layer

The transport layer adds a transport header (TH) to the data to form a data packet. The transport header contains information such as the protocol used to send it, for example, the Transmission Control Protocol (TCP).

Network Layer

The network layer determines the path selection and forwarding of data, and adds the network header (NH) to the data packet to form a packet. The network header contains network information, such as the Internet Protocol (IP).

Data Link Layer

The data link layer is responsible for network addressing, error detection, and error correction. When headers and trailers are added to a packet, a message frame is formed. The data link header (DLH) is a string that contains the physical address and error detection and correction methods. The data link trailer (DLT) is a string of characters that indicates the end of the packet. Examples include Ethernet, wireless LAN (Wi-Fi), and general packet radio service (GPRS).

It is divided into two sublayers: logical link control (LLC) sublayer and media access control (MAC) sublayer.

Physical Layer

The physical layer transmits data frames on a local area network and is responsible for managing the intercommunication between computer communication devices and network media. It includes pins, voltages, cable specifications, hubs, repeaters, network cards, host interface cards, etc.

The OSI model is an international standard model and a conceptual standard that guides the Internet model. In the actual design and implementation process, the TCP/IP 4-layer model structure was finally formed.

TCP/IP 4-layer model

The TCP/IP model does not actually refer only to TCP and IP. In fact, this protocol suite also includes some other protocols, such as UDP, ICMP, IGMP, etc.

The TCP/IP model is the de facto standard model. Based on the 7-layer model, the top three layers of the application layer, presentation layer, and session layer are unified into the application layer, and the data link layer and physical layer are unified into the link layer or network interface layer.

In actual applications, the 4-layer model is still the standard, after all, it is the de facto standard. There is also a 5-layer model, which actually combines the application layer, presentation layer, and session layer of the 7 layers into the application layer, while the other layers remain unchanged.

Data processing and transmission process

Each layer of the TCP/IP model has its own functions and division of labor. When user data wants to be sent to another device, there is a complex process for data to be transmitted from the application layer to the link layer from top to bottom.

Take Telnet as an example. Telnet uses the TCP protocol at the transport layer.

Data enters from the application layer and reaches the transport layer, where the TCP header is added and the data is processed into TCP segments, called segments, to ensure data reliability.

The data then reaches the network layer, where the IP protocol is used and an IP header is added to process the data into an IP datagram, called a datagram. After being processed by the IP protocol at the network layer, the target address and MAC address are specified to ensure that the data is accurately sent to the target machine.

The data then reaches the link layer, where an Ethernet header is added and the data is processed into an Ethernet frame, called a frame, which contains data related to the network card and other hardware.

Whether it is Telnet or HTTP, at least two devices are involved to be called network interconnection. The sender has a data processing process from the application layer to the underlying link layer. Correspondingly, on the data receiver, there is a data parsing process from the link layer to the application layer. In the middle, there may be a long transmission medium, such as optical fiber, and there may be several intermediate devices, such as routers, switches, etc. To ensure that data is sent to the target machine reliably and accurately in such a complex network environment, it depends on the sophisticated design of TCP and IP protocols.

TCP

TCP, the full name of which is Transmission Control Protocol, is a connection-oriented, reliable byte stream service protocol. Because it has to ensure reliability, it is much more complicated than the UDP protocol. It is precisely because of this complexity that its performance is worse than UDP.

TCP is the most core protocol of the transport layer in the TCP/IP model. Not only that, it is the core protocol in the entire 4-layer model. Otherwise, how could the model be called the TCP/IP model?

It uses the IP protocol of the network layer downward and provides support for application layer protocols such as FTP, SMTP, POP3, SSH, Telnet, HTTP, etc. Other commonly used protocols include the RESP protocol of Redis, the network protocol of MongoDB, and the Socket used in our programming, which are all supported by the TCP protocol.

A network protocol is a set of agreements that both communicating computers must follow. For example, how to establish a connection, how to identify each other, etc. Only by following this agreement can computers communicate with each other. Its three elements are: syntax, semantics, and timing.

1. Syntax: the structure or format of data and control information;
2. Semantics: what kind of control information needs to be sent, what actions need to be completed, and what responses need to be made;
3. Timing (synchronization): a detailed description of the order in which events occur.

TCP protocol format

TCP header + user data is called a TCP segment, where the TCP header is the core of the TCP protocol that we will mainly study here, and the user data part is the payload of the TCP segment.

The size of a TCP segment is also limited, the maximum is 1460 bytes. How is this calculated?

The data packet finally sent by the network card is called an Ethernet frame, which consists of an Ethernet header and a payload.

The payload of an Ethernet frame is an IP datagram, which consists of an IP header and a payload.

The payload of an IP datagram is a TCP segment. Therefore, the maximum amount of data that a TCP segment can carry can be calculated as follows:

Data size carried in the segment Ethernet frame size Ethernet header

The size of an Ethernet frame is fixed at 1522 bytes, while the size of the IP header and TCP header is not fixed, but each will occupy at least 20 bytes, so in the end the maximum size of the data carried by the TCP segment is 1460 bytes.

The data size carried by the TCP segment (up to 1460) = Ethernet frame size (1522 bytes) - Ethernet header (22 bytes) - IP header (minimum 20 bytes) - TCP header (minimum 20 bytes)

The figure below is a schematic diagram of the TCP protocol. If the "optional" part is not counted, it occupies a total of 32 bits x 5 = 160 bits, which is 20 bytes.

Source port and destination port

The source port and destination port take up 2 bytes respectively, totaling 4 bytes, which record the port number of the data sender and the port number of the data receiver respectively. These two tags are combined with the sender IP and receiver IP recorded in the IP protocol to determine a unique TCP connection.

Serial number

Since the size of TCP segments is limited, when the amount of data to be transmitted is greater than this limit, the data must be segmented and sent one segment at a time. Since the sender has to segment, the receiver must reassemble the segments to restore the original data. In the process of reassembly, the order of the segments must be guaranteed, and the sequence number plays the role of ensuring the reassembly order.

The sequence number occupies 4 bytes, 32 bits, and its range is [0,]. TCP is a byte stream service, which will number each byte sent. When establishing a connection, the system will give an ISN (initial sequence number), and then the sequence number of the first byte sent by this device in the current connection is ISN+1. Assuming that the initial ISN is 0, the sequence number of the first byte is 1.

For example, assuming that the ISN is 0, the sender sends a 100-byte data packet for the first time, then the sequence number of the first TCP segment is 1. The next time it sends a 100-byte data packet, the sequence number of the second TCP segment is 101.

In this way, a maximum of byte values ​​can be marked, which is 4 GB of data. When the maximum value is reached, marking will start from 0 again.

The sequence number is only useful in the following two situations:

1. The data field contains at least one byte.
2. It is a SYN segment, or a FIN segment, or a RST segment.

Confirmation number

When data is sent out, the receiver will reply with a confirmation number after receiving it. This confirmation number indicates the sequence number that the receiver hopes to receive next time. For example, if a TCP segment with a sequence number of 501 and a length of 100 is sent, the receiver will reply with a confirmation number of 601 after receiving it, indicating that the bytes [0-600] have been received and the receiver hopes to receive data after the 601th byte next time.

In order to improve efficiency, not every time a TCP segment is received, a reply is sent to the sender immediately. Instead, a cumulative confirmation method is used, that is, for each transmission of multiple consecutive TCP segments, only the last TCP segment can be confirmed.

The confirmation number is only valid when the ACK flag is set.

Header length

The reason why the header length is needed is that the size of the optional items is not fixed. If there are no optional items, the header length is 20 bytes. This marking part occupies 4 bits, and the unit is 4 bytes. The maximum value that 4 bits can represent is 15, and the length represented by a unit is 4 bytes, so the maximum header length can be 15 x 4 bytes, that is, 60 bytes.

reserve

As the name suggests, it is a reserved bit, occupies 6 bits, and its current value is 0.

6 flags

There are 6 bits of flag in the protocol, which can be understood as the type of TCP segment.

URG

1 bit, when set to 1, indicates that the urgent pointer field is valid and the segment contains urgent data and should be sent as soon as possible.

ACK

When ACK is set to 1, the confirmation number is valid. After the connection is established, the ACK of all message segments is 1.

PSH

When PSH is set to 1, the receiver should hand over the segment to the application layer as soon as possible without waiting for the entire buffer to fill before delivering it.

RST

When RST is 1, it indicates that a serious error has occurred in the connection and the connection must be reestablished.

SYN

Used when establishing a connection.

When SYN=1,ACK=0, it indicates that this is a connection request segment.

When SYN=1, ACK=1, it indicates that the other party agrees to the connection.

FIN

Used to release a connection window. When FIN=1, it indicates that the sender of this segment will no longer send data and requests to release the one-way connection. Used for TCP disconnection.

Window size

The size is 2 bytes, indicating the sender's own receive window, which is used to tell the other party the amount of data allowed to be sent, with a maximum of 65535 bytes.

Checksum

The checksum is required and is an end-to-end checksum that is calculated by the sender and then verified by the receiver. Its purpose is to detect any changes to the TCP header and data between the sender and the receiver. If the receiver detects an error in the checksum, the TCP segment will be discarded directly.

Emergency pointer

It occupies 2 bytes. When URG=1, the urgent pointer indicates the number of bytes of urgent data in this message segment, indicating that the next several bytes starting from the sequence number of this TCP segment are urgent data, and the rest are normal data.

Assuming that the sequence number of this TCP segment is 101 and the urgent pointer is 30, it means that from 101 to 131, the interval [101, 131] is urgent data.

Three-way handshake and four-way wave

To complete data transmission, a connection must be established. Since the process of establishing a TCP connection requires three round trips, this process is figuratively called a three-way handshake.

When the connection is disconnected, four data transmissions are required, so it is also called 4 waves.

Don’t say anything more, just look at the pictures first.

Three-way handshake to establish a connection

It is clearer when combined with the above picture.

Let's talk about the three-way handshake first. Connection is the basis for subsequent data transmission. Just like when we make a phone call, we must ensure that both I and the other party are holding the phone and listening, so that the other party can hear what we say.

The three-way handshake probably means this:

Zhang San wanted to chat with Li Si, so Zhang San dialed Li Si's cell phone number. Li Si heard the ringtone and pressed the answer button.

Zhang San: Hi, Li Si, is that you? I want to chat for two dollars!

Li Si: Hi, Zhang San, it’s me. I’m available to chat.

Zhang San: OK, I’m sure it’s you. Now I’m going to start chatting with you.

It may seem a bit rigid, but this is indeed the procedure.

1. First handshake

First, the client initiates a connection request and sends a TCP segment to the server. The segment contains the target port and the local port, sets the SYN flag to 1, and the sequence number to x, which is the initial sequence number ISN. If it is the first connection, it is likely to be 0. Of course, the port corresponding to the server must be in the listening state at this time. At this time, the client enters the SYNC_SENT state and waits for the server's confirmation.

2. Second handshake

The server receives the SYN segment from the client, confirms the SYN segment, and sets the Acknowledgment Number to x+1 (Sequence Number+1), which is the confirmation sequence number. At the same time, the server also sends a SYN request message, sets the SYN bit to 1, and the Sequence Number to y (the TCP segment sequence number of the server). The server puts all the above information into a TCP segment (i.e., the SYN+ACK segment) and sends it to the client. At this time, the server enters the SYN_RECV state.

3. The third handshake

After receiving the SYN+ACK segment from the server, the client sends an ACK to the server and sets the Acknowledgment Number to y+1. At this point, the client enters the ESTABLISHED state, and the server will also enter the ESTABLISHED state after receiving this TCP segment, which means the three-way handshake is over and the connection is successfully established.

After the three-way handshake is completed, the connection is established, and data can be transmitted happily afterwards.

Wave goodbye four times.

Once there is a relationship (connection), it is difficult to break up, so difficult that it takes four waves. Unlike UDP, there is no connection and it can be broken up at any time.

When the client and server have finished sending data, the client will generally initiate a disconnect request. Of course, there are a few cases where the server initiates the disconnect request.

Taking the most common client-initiated disconnection as an example, let’s talk about the four-wave process.

1. First wave

The client sets the sequence number and the acknowledgment number and sends a FIN segment to the server. At this point, the client enters the FIN_WAIT_1 state, which means that the client has no data to send.

2. Second wave

The server receives the FIN segment and sends an ACK segment to the client, and the client enters the FIN_WAIT_2 state, indicating that the server has agreed to the connection closing request.

3. The third wave

The server sends a FIN segment to the client, requesting to close the connection, and the server enters the LAST_ACK state.

4. The fourth wave

The client receives the FIN segment from the server and sends an ACK segment to the server, after which the client enters the TIME_WAIT state. After the server receives the ACK segment from the client, it closes the connection.

The above is the process of the client actively initiating the closing of the connection.

Half-closed state

TCP is a full-duplex byte stream service, meaning that both endpoints can send and receive messages simultaneously.

Normally, it takes four waves to completely disconnect the connection. However, there is a situation where you only actively close the connection to the other party, but the other party can still send data to you.

Capture TCP with WireShark

Wireshark is a powerful tool to help us analyze network requests. It is recommended that every student install one. Let's first use Wireshark to capture a complete process of connection establishment, data sending, and disconnection.

I will just briefly introduce the operation process here.

1. First open Wireshark. The welcome interface will list all network ports, virtual machine network ports and other components that can be captured on the current machine.

2. Next, I want to use Telnet to connect to an external server, so I choose the first WI-FI:en0, so that Wireshark will capture the network transmission on the wifi I am connected to.

3. I just want to capture the simplest TCP connection, data transmission, and disconnection process, so I need to do some capture filtering. The filter in Wireshark can meet this requirement. In the red box in the figure below, you can select a filter.

4. Since there is no filter that meets your requirements, you need to write one yourself. Click the green bookmark icon in front, and then click the plus sign in the pop-up window to add one.

The content is as follows. I won’t explain the grammar, you can tell it at a glance.

 tcp and host your remote ip

5. Select the filter you just added, double-click the wifi interface to start capturing.

6. I use telnet to connect to port 6379 of this server, telnet ip 6379. Because redis is installed on this server, I can simulate sending data.

Connecting to port 6379 in the console succeeded, and was captured immediately in Wireshark.

This is the three-way handshake process.

7. Then just close the terminal, which will automatically trigger the disconnection and send the minimum data for our observation. The whole process is captured by Wireshark.

The first part is the three-way handshake to establish the connection, the second part is sending data with a length of 1 byte, and the third step is the four-wave process of disconnection initiated by the client.

A brief introduction to Wireshark

See the picture first

Overview Information

This is the red box at the top of the figure. This time, the connection establishment and interruption generated a total of 8 requests back and forth. Each request will list the time, source IP, destination IP, Ethernet frame length and overview information, including data transmission direction (source port -> destination port), marking status, sequence number, confirmation sequence number, window size, etc.

Ethernet frame

Each request message also includes an Ethernet frame, because the information will eventually be sent out in the form of a frame.

IP Datagram

There is also IP datagram content, which contains information such as the source IP and destination IP.

TCP Segment

The TCP segment is of course the focus, which contains all the information in the TCP protocol, including the port number,

Sticky pack, half pack

What is MTU?

MTU stands for Maximum Transmission Unit. A packet transmitted on the network cannot be infinitely large. MTU is generally for the link layer. For example, the maximum data portion of an Ethernet frame allowed to be sent at the link layer is 1500 bytes. Note that the data portion of the Ethernet frame, plus the header of the Ethernet frame, will be larger than 1500 bytes.

You can use ifconfig (ipconfig on Windows) to view the MTU size of each network interface (network card) on the local machine.

What is MSS

MSS refers to the TCP Maximum Message Size, which is an option defined by the TCP protocol. The MSS option is used by the sender and receiver to negotiate the maximum data length that each message segment can carry during communication when a TCP connection is established. Taking Ethernet as an example, the MTU is 1500 bytes, minus the TCP header (20 bytes) and the IP header (20 bytes), which is the MSS of 1460 bytes.

Sticky bag

Packet sticking is to combine several relatively small TCP packets into one packet, so that multiple small packets can be sent out only once. For example, as shown below, a TCP message request contains small packets A, B, and C, each of which is originally a TCP message.

Why do we need to stick the packages together? Can't we just send them one by one?

Actually, it is possible, but in most cases, sending a packet immediately may cause network congestion. When a TCP message is transmitted to the link layer, the TCP header and IP header will be added, occupying 40 bytes. If the data content to be sent is very small, such as only 1 byte, 40 times the additional information must be transmitted for the content of this byte. Isn't it a bit wasteful?

In order to reduce this waste, the TCP protocol has made some optimizations, such as the Nagle algorithm:

• The Nagle algorithm stipulates that the next packet will be sent only after receiving the confirmation (ACK) of the previous packet, and the small packets are glued together during this time period;
• But too many packets are not allowed. The size cannot exceed the MSS, which is the 1460 bytes just mentioned. If it is too large, it cannot be loaded.
• If there are not so many small packets, we cannot keep waiting. There is a timeout period of about 200ms, and packets must be sent after this period.

Due to the improvement of current broadband and device performance, the Nagle algorithm can actually be turned off. It is turned off by default on some devices, and it can also be actively turned off when writing Socket code. After turning it off, as long as the receiving end has fast enough processing power, it can ensure that a packet is sent immediately. This is especially important for applications that require real-time feedback.

If we send one packet at a time, will there be no packet sticking problem? No, it depends on the processing capability of the receiving end. The receiving end will have a receiving buffer, where packets that cannot be processed by the application will be temporarily placed. If the application has poor processing capability, there will still be packet sticking.

Unpacking

Since the packets are stuck together, we need to split these large packets into small packets. How to split them is actually the business of the upper-layer application. The key point is to agree on the separator. For example, if we separate packet A and packet B with a special character $, the application will separate them according to this special character when unpacking. Of course, the real situation is much more complicated than this. If you have used Netty, you will find that Netty provides a variety of ways to handle sticky and unpacking packets.

What is a half pack?

The purpose of sticking packets is to combine multiple small packets into one large packet, while half packets is to split a large packet into small packets. For example, in the figure below, suppose packet B is a very large packet that exceeds the MSS. It cannot be sent alone, so it can only be split and sent part by part.

Half-packet is not that complicated. It is purely because the single package is too large and the protocol does not support such a large package, so it can only be split.

Such partial packets need to be merged into a whole after reaching the receiving end. The merging is also relatively simple. If this partial packet has no start or end mark, it means that it is incomplete and it is necessary to find the corresponding other parts.

Sliding Window

The window announced by the receiver is called the offered window, which means the maximum number of bytes that can be accepted is this much. For example, the red box in the figure below is the offered window, which is 6 bytes in size. The sender can only send 6 bytes at most at a time, otherwise the receiver will not be able to receive it.

Available window = offered window - the size of bytes that have been sent but not confirmed. This value is calculated by the sender. As mentioned earlier, in the three-way handshake, the sender sends a packet, and the receiver sends back an ACK after receiving it. Data that has been sent but has not received an ACK will also occupy the window, indicating that the receiver is processing it. Therefore, the size of the available window is the offered window minus the size of the unreceived ACK.

Why is it called a sliding window? Look at the picture above and imagine the bytes as grids arranged in a row.

First, let's look at time 1: the red grid is the offered window, which is 6 bytes in size. The following 10, 11, and 12 bytes are not in the window and cannot be sent. The sent but unacknowledged bytes also occupy the window size, so the final available window is 7, 8, and 9 bytes.

Let's look at moment 2: the unconfirmed bytes 4, 5, and 6 have received ACK, so bytes 1-6 have become past tense, and then the window covers bytes 7, 8, 9, 10, 11, and 12. Comparing moments 1 and 2, it feels like the window (red grid) has slid to the right. This is the so-called sliding window.

Also, relative movement of the two edges of the window increases or decreases the size of the window.

• When the left edge of the window moves closer to the right edge, the window is closing. This phenomenon occurs when data is sent and confirmed. If the receiver now takes longer to process the data and cannot process it quickly, the window size returned by the receiver in the next ACK may become smaller.

When the right edge of the window moves to the right, more data will be allowed to be sent. We call this window opening. This phenomenon occurs when the receiving process at the other end reads the confirmed data and releases the TCP receive buffer.

Slow start and congestion avoidance algorithms

When using TCP for transmission, we definitely hope that data can be transmitted as fast as possible. However, in actual use scenarios, due to the inconsistent data processing speeds of the sender and receiver, or due to performance limitations of intermediate routers, bandwidth limitations, etc., the faster the transmission speed, the more likely it is to cause packet loss. For example, if 10M of data is sent out at once, but the intermediate router can only process 5M, it is very likely that some packets will be discarded.

Therefore, slow start and congestion avoidance algorithms were designed. Both designs are aimed at reasonably matching the sending speed of the sending end with the processing speed of the receiving end.

Slow Start

When the connection is just established, the sender does not know at what speed it should send, so it adopts a progressive method, which is the slow start method.

As mentioned above, the offered window is for the receiving end. There is also a window on the sending end, called the congestion window, denoted as cwnd. The congestion window is initialized to 1, which means 1 segment is allowed to be sent. After that, whenever an ACK is received from the receiving end, the value of cwnd is increased by 1. The first time a datagram is sent, when the ACK is received, cwnd becomes 2. Then the next time two datagrams are sent, when the ACKs of these two datagrams are received, cwnd becomes 4. And so on, this growth is exponential.

However, there are also restrictions in this process. The size of the datagram sent must be the smaller value of the notification window size and cwnd returned by the message receiver. Assuming a message size is 1024 bytes, when cwnd is 2 and the notification window size is 4096 bytes, the sender can send 2 datagrams in succession, that is, take the value of cwnd. When cwnd is 8 and the notification window size is still 4096 bytes, the sender can send up to 4 datagrams in succession, that is, it cannot exceed 4096 bytes.

Congestion Avoidance

The congestion avoidance algorithm is actually used together with the slow start. In addition to the congestion window, there is also a parameter called the start threshold (ssthresh) in the slow start. The default start threshold is 65535 bytes.

In slow start, cwnd grows exponentially, but the growth rate is too fast, so the congestion avoidance algorithm is a way to slow down this growth rate.

When cwnd < ssthresh, slow start is used.

When cwnd > ssthresh, the congestion avoidance algorithm is started.

The congestion avoidance algorithm ensures that when cwnd exceeds the limit, cwnd is increased by 1/cwnd each time an acknowledgment is received.

When congestion occurs (timeout or duplicate acknowledgment), ssthresh is set to half the current window size (the minimum of cwnd and the window size advertised by the receiver, but at least 2 segments).

Use a diagram to illustrate the slow start and congestion avoidance algorithms

Assume that congestion occurs when cwnd is 32 segments. So set ssthresh to 16 segments and cwnd to 1 segment. At time 0, a segment is sent, and it is assumed that its ACK is received at time 1, at which point cwnd increases to 2. Then, two segments are sent, and it is assumed that their ACKs are received at time 2, so cwnd increases to 4 (increased once for each ACK). This exponential increase algorithm continues until cwnd equals ssthresh after 8 ACKs are received between times 3 and 4, at which point cwnd increases linearly, increasing by at most 1 segment per round trip time.

As we can see in this figure, the term "slow start" is not entirely correct. It simply uses a slower packet transmission rate than caused congestion, but the rate at which the number of packets entering the network increases during the slow start period is still increasing. This rate of increase only slows down when the ssthresh congestion avoidance algorithm takes effect.

Retransmission mechanism

When is retransmission required? When the sender thinks that the packet is lost, it needs to retransmit. There are two situations in which the sender thinks that the packet is lost, so it will initiate a retransmission.

Timeout retransmission

If the sender does not receive an ACK from the sender after a period of time (timeout period), it considers the packet lost. This timeout period is not fixed.

There are two concepts here, RTT and RTO.

• RTT (Round Trip Time): Round trip delay, that is, the time from when a data packet is sent to when the corresponding ACK is received. RTT is for the connection, and each connection has its own independent RTT.
• RTO (Retransmission Time Out): Retransmission timeout, which is the timeout mentioned above.

Fast Retransmit

The ACK sent by the receiving end will carry the sequence number of the packet. When the receiving end receives the ACK with the same sequence number three times, it will retransmit the packet.

For example, as shown in the figure below:

1. The packet with seq=1 is sent, and the receiving end receives ACK=2, indicating that the next expected sequence number is 2. Then the sending end sends a packet with seq=2, and the receiving end replies with ACK=3, indicating that the next expected sequence number is 3. This is the first time that the sending end receives ACK=3;

2. The sender continues to send packets with seq=3, but this packet may be transmitted slowly (for example, due to poor routing), and the receiver has not received it.

3. The sender continues to send packets with seq=4. After receiving the packets, the receiver replies with ACK. Normally, it should be ACK=5. However, the packet with sequence number 3 has not been received yet, so it replies with ACK=3 again. This is the second time that ACK=3 is received.

4. The sender continues to ignore it and sends the packet with seq=5. After receiving it, the receiver replies with ACK. Normally, it should be ACK=6, but the packet with sequence number 3 has not been received, so it replies with ACK=3 again. This is the third time that ACK=3 is received.

So far, ACK=3 has been received three times, and then the sender resends the packet with seq=3, and this time it is considered that the packet has been lost. This is fast retransmission.

I am Feng Kite, a Java programmer, and sometimes I use Python and React to make some small things. I like and am good at solving problems and dealing with bugs. I insist on producing original and useful information. Follow me and let's become excellent together!

This article is reprinted from the WeChat public account "Ancient Kites", which can be followed through the following QR code. Please contact the public account to reprint this article.