Illustrated Network: Uncovering the principle behind TCP's four waves, combined with the example of a boyfriend and girlfriend breaking up

In this section, Rui Ge will continue to show you how to use diagrams to explain the network and explore the principle behind TCP's four-wave disconnection.

Let’s get straight to the point!

A brief review of TCP three-way handshake

TCP is a full-duplex protocol. In order to establish a connection, a reliable link can be established through three handshakes:

• First, the client will send a SYN message (short for SYNchronize) to indicate that the client wants to establish a connection with the server.
• After receiving the SYN message from the client, the server replies with a SYN-ACK message, including a SYN sequence number and an ACK number.
• After receiving the SYN-ACK message from the server, the client sends an ACK message to the server.

TCP three-way handshake simple process

TCP four times wave

Examples from real life

Both ends of the connection can terminate the TCP connection, and even unilateral termination is possible, which is also called a half-open connection. Even if one party has disconnected, the other party can still transmit data.

The four waves we mentioned refer to the disconnection of both parties.

Let us first explain with examples from real life:

Four Waves - Real Life Example: Breaking Up

Xiaomei and Xiaoming are college classmates. When they first entered college, Xiaoming was tall, handsome, and could play basketball. Xiaomei admired him very much, and Xiaoming also liked Xiaomei very much. Just like that, on a dark and windy night, they became lovers.

However, as time went by and the environment changed, the two gradually lost their passion, so Xiaomei proposed to break up with Xiaoming. The process of breaking up is similar to TCP's four waves:

• The first time: Xiaomei said to Xiaoming, "Xiaoming, we have been together for such a long time, I think we are not suitable, let's break up."
• Second time: Xiao Ming was not too surprised, but he couldn't agree directly, otherwise he would be a scumbag. So he waved his hand the second time and said politely, "No, I have something to say to you. Actually, you are quite good. Not only are you beautiful, but you also have a good personality, are reasonable, and study very hard. I am very happy to meet you in college!"
• The third time: Xiao Ming had almost finished his talk, and it was time to show his true colors. He then said to Xiao Mei, "Since you have made up your mind, there is no point in me pestering you anymore, so let's break up peacefully~"
• Fourth time: Xiaomei was very angry after hearing Xiaoming's hypocritical words, so she said, "That's it, let's delete each other's WeChat, bye!"

Then a big red exclamation mark will appear on Xiao Ming’s WeChat!

WeChat blacklist

These are four waves. Isn’t it very vivid?

Next time if you forget the TCP four-wave procedure, I think you can imagine yourself as a scumbag.

Okay, let's get back to the topic and analyze the principle of TCP's four waves.

Analysis of the principle of four-wave

Four wave process

As shown in the figure, the client wants to disconnect from the server:

• The client sends a FIN message, which is the abbreviation of FINISH. The purpose of the FIN message is to enable TCP to gracefully terminate the established connection. The client then enters a state called the FIN-WAIT state. In the FIN-WAIT state, the client continues to receive messages from the server and continues to process messages already in the queue, but the client does not send any additional data.

This can be associated with the fact that when Xiaomei was sending the breakup message, her boyfriend Xiaoming had been sending messages to Xiaomei. The messages that Xiaomei did not read were put into the queue. Xiaomei would still read the messages in the queue, but would no longer actively reply to these messages.

• The server sends an ACK message to the client to confirm that it has received the end message. At this time, the server will no longer accept data from the client.
• The server can continue to send data to the client (to finish things off), or it can terminate the connection by sending a FIN message if it has no more data to send.
• The client then sends an ACK to the server to confirm that it has received the message that the server has actively disconnected.

At this point, the TCP connection is disconnected!

TCP four times handshake - with sequence number

As shown in the figure, M and N are both sequence numbers, representing the client and server respectively, and are also used to distinguish the server from the client. For example, when you see M, you think that the message comes from the client, and when you see N, you think that the message comes from the server.

So the process becomes:

• The client sends a FIN M to the server.
• The server sends ACK M+1 to the client. When the client receives M+1, it knows that the server has received its Finish message.
• The server sends FIN N to the client, which means that the server actively sends an end message to the client.
• The client replies with an ACK N+1 message to the server. The server sees that it is its own N, so it knows that the client has also received its own end message.

At this point, TCP has successfully disconnected.

Maximum lifetime of a disconnect

Here is another example. After Xiaomei sends the message "That's it, let's delete each other's WeChat, goodbye!", she will wait for up to four minutes to give Xiaoming a chance to retain her:

Wait four minutes

If Xiao Ming doesn't try to stop him within these four minutes, then I'm sorry, it's game over! Game Over!

In the [Four-wave Principle Analysis] diagram, we noticed the TIME_WAIT state. After the client sends the last ACK segment, the connection will not be terminated immediately. Since there is no guarantee that the last data packet sent has indeed arrived, the client or server will initially remain in the time waiting state until the maximum life cycle (MSL, Maximum Segment Lifetime) of the ACK segment and any new FIN segment can completely enter the CLOSED state.

This mechanism is mainly based on two considerations:

• Prevents other TCP connections using the same source address, source port, destination address, and destination port from receiving delayed data segments.
• Ensure that the TCP connection is correctly closed remotely, that is, wait for the party that passively closes the connection to receive the corresponding ACK message.