TCP/IP Basics with Hansang Session 4. CONGESTION

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hello everybody welcome to session 4 of the wire shark session this one i was a little bit worried i actually maybe thought i should pass this one up because this is arguably the most confusing and difficult topic when it comes to packet analysis and as you saw from the thumbnail or the at least the slide that came up a few seconds ago it's about congestion packet loss round trip time these are thing congestion window congestion avoidance these are things that we all throw around but it's actually very very confusing to a novice and it's it's harder the more you know about it because there are multiple different ways that tcp has evolved over time to deal with this exact topic of congestion so with that in mind let's dig into this topic but keep but again do keep in mind this that i decided to include this even though it says you know basic introduction to wireshark because the topic itself is important so you should have an understanding even at a basic level of what congestion means and how it impacts performance and how you can spot it okay and then as you get more and more into packet analysis protocol analysis you can dig into a deeper each topic in fact i could probably spend 10 hours just on the topic of congestion and what it means and clearly i would have no subscribers all of you would check out as much as you like packet analysis so with that in mind i have taken some artistic license in how i'm going to explain this topic that can be pretty dry if you if i'm honest all right so let's go to here and i you know most of my sessions i don't have a script i just extemporaneously speak and i i rarely cut and it's one continuous shot and so you don't see you know where it's like like that when i'm talking um so i don't know if i'm gonna edit that or i'm gonna just keep it in but when you stop and edit as much as you keep your head straight it tends to be a little bit off right and so again i i don't i just talk extemporaneously i'm comfortable i like it better in fact i like it better if there were audience so i can get some feedback but this time i actually had to write out a a syllabus if you will or at least table of contents because it is it can be confusing and i didn't want to go down a rat hole on any particular topic so i did this to force myself to concentrate and keep it at a level that makes sense all right so let's start off by talking about round trip time it's easy how hard can it be i sent the packet and i got a reply back through acknowledgments we learned about acknowledgement you know senior i'm expecting you to start with this packet right we talked about this in in previous sessions the problem comes in that tcp doesn't acknowledge packets think about that remember when we first started this we said tcp is a stream oriented doesn't understand about packets it's just a stream of data going across an acknowledgement cumulative acknowledgement that comes back that says i've received this chunk and this chunk of data never talked about packets because the sequence number doesn't identify the packet and you might be saying to yourself han song what are you talking about there's a sequence number right there on the on the wireshark tcp analysis page how can it not identify well simple what happens if there's a retransmission okay so let's look at a simple example of a packet going this way with a sequence number of 11 and then the acknowledge and let's say the data is one byte okay so again sequence number is 11 and it's one byte so the next expected sequence number next expected sequence number is 12 and the acknowledgement number coming back this way should be 12. we can all agree on that what if that packet gets lost and you have to retransmit so you re-transmit that sequence number of 11 this one byte data and this acknowledgement may or may not have come through so when this acknowledgement comes with acknowledgement number equal to 12 which is identical to this packet here how do you know which one it was acknowledging how do you know that well you don't know that because in the acknowledgement header we don't say this is acknowledgment for packet number 25 or whatever the case might be it just says i want you to start with pac you know the byte number 12 next time you start and this is why it's called an ambiguous reach uh acknowledgement because the because tcp has no concept of packets it only acknowledges data okay so let me repeat that because it's important the acknowledgement number doesn't mean i got packets x y z even though we draw it this way because it's easy conceptually it's never about packets it's about the data that's being transferred so always keep that in mind as you troubleshoot and so this acknowledgment number 12 here when there's packet loss we don't know which one it's acknowledging okay we don't know we just know that i never heard of acknowledgement so i sent it twice i sent it once here and i sent it twice here okay and i received one maybe two one or the other these are all valid combinations of what that acknowledgement could mean so what do we do now we're we don't know what the round trip time is and we know we intrinsically know that if packets get lost we should slow down right we'll talk about that in a second so what do we do do we just ignore it do we say only pay attention to round trip time if there were no packet loss that sounds like a good idea right so in other words so long as there's no packet loss the acknowledgement is not ambiguous we know exactly what data it was representing because we didn't retransmit so use that and that's where karn's algorithm kind of kicks in and said yeah go ahead and ignore it but sorry shouldn't have touched the microphone there but it turns out that wasn't enough because if you again this is why it could take me tens you know 10 hours on or 10 sessions on this topic alone and karen's algorithm if you just ignore it there's still a corner case where it goes wonky okay it goes off the rails so initially what karin's algorithm said was okay let's ignore the re-transmissions but let's back off on our timers okay in other words let's throttle down and throw out some of these outliers but let's go ahead and back off as well and so that's kind of the state of modern tcp there's been improvements to that so some of you might be screaming at the screen and at the screen and me right now saying tcp timestamp solves that problem tcp timestamps and you'd be right but tcp timestamps wasn't always there and even tcp timestamps has limitations okay but that's for a later topic when we get to the more advanced part of it so how do we detect packet laws re-transmissions and re-transmissions messes with our round-trip time calculation it's important because these are all timers that are interrelated right our retransmission timeout is based on the round trip time and if the round trip time can't be calculated accurately we're in trouble okay and and again there are multiple examples of where the congestion or the retransmission timeout goes to infinity or it just becomes tiny and just goes crazy and and whatnot so you can read about all of that if you dig deeper so let's talk about the main topic which is congestion again we we understand congestion we experience it every day you know there's been one of my favorite shows stein seinfeld as you know or may not know talked about nobody beats the van wyck i live not too far from van wyck highway and and you're right you know actually truth be told if and if you're a new yorker you know this the belt is probably worse than the van wyck nobody beats the belt parkway never mind van wyck but we understand congestion n systems the guy that's transmitting to he you know the pc here and the server here doesn't they never experience congestion you know why because ethernet has no feedback think about that the congestions always occur when there's a system of routers along the path between the pc and the server i have a gigabit interface i can transmit at gigabit rate that's what the rules are and i can receive at gigabit so therefore i will never experience congestion however the very first electrically connected cablely cabled connected switch has could experience congestion okay so again the cyst and systems don't know about congestion and if you read you know all due respect to comer i have it right here by the way this book right here oh is it mirrored i'm not sure if it's mirrored or not but people will say oh that's what icmp source quench is about and if there's congestion this router here should send a icmp quench message saying hey slow down but that never happens i've never seen it i've never in my life have seen an icmp source quench and i've been doing this a long time why because people don't want to send an unnecessary message and there was a time when even all icmps were blocked because they were thought to be bad that's a whole different topic but again what i'm saying is that router's way of telling you there's congestion stinks okay so tcp has to do it on its own so what came out of that were these two topics here called slow start and multiplicative decrease okay not only is it kind of a complicated topic it's a hard word to say to multiplicative decrease so what does that mean all right so in in broad terms slow start says don't just go from zero to 100 miles an hour by smashing down on your accelerator get a feel for how much the network as a whole this system of routers and switches can take the data so you you trickle the flow of data out those of you that have some experience with plumbing or working with closing out valves and turning it on what do we always do we turn it on slowly because we don't want to introduce pressure into a system super fast because guess what chances of a blowout is pretty large so when we work on our pipes at home and whatnot and you close off the valve the main and when you turn it on no one cranks that up not at least not anybody intelligent they'll slowly introduce the water into the system and tcp does that exactly and that's why it's called a slow start but slow start is a little bit kind of it's a misnomer because it's not slow at all so let's look at a general example of what tc slow start looks like and everybody knows right we start with one again i'll go back to packets because these are units of data but from an explanation standpoint packets are easier to conceptualize and to talk about so we send one packet and if that checks out what do we do we get the acknowledgement back so that means that one unit of data that one packet worth of data made it up all the way across so then we send two packets of data okay so we now have uh packet one one and two not this is not a retransmission this is just units of data and then if we get an acknowledgement for that we can send more so we can send one two three four units of data and once those four come back we can go to one two three four five six seven eight and if that comes back we can go one two three four five six seven eight one two three four five six seven eight so you can see how one two three four five steps in we're at 16 packetized data worth of transfer so it's not slow at all of course there's a round trip involved in each one of these because we have to wait for the acknowledgement to come back so that's why it's called a slow start okay and again it's not that slow but it is slow but that wasn't enough so what they added was okay we need to do something because if there is packet loss what used to happen is we would throttle all the way back down to this state okay this is um the analogy that i can give you is if you're a stick shift driver and you remember well this happens in modern day cars you just don't realize you're doing it but imagine going on a freeway and you have to come to a dead stop well guess what you can't be in fourth or fifth gear or sixth gear you have to downshift to one then you go to second gear third gear fourth gear so that's what this is this is the first gear second gear third gear fourth gear and this is the fifth gear but that's because you came to a complete stop and it takes a long time to go back up to top speed in gear number five where you're cruising so modern day tcp stack says wait a minute let's not go all the way to zero that seems that seems like it's a silly thing to do let's just the multiplicative decrease says go down half so instead of going from 16 to 1 here let's go down to here which is a halfway point okay and and essentially what we're saying is from fifth gear downshift to third coast there then start moving up again okay and that's what how the the congestion windows work also i wrote down here here as you'll see that it's the minimum between receive window and congestion window what does that mean well i just told you about how much packetized data we can send when there's packet loss right so i have to be aware of that but i also cannot forget about this receive window size remember the reason why there's a word min here is that i'm taking the minimum of the two values if the window size says four meaning again four packet ties worth of data whatever that turns out to be and my congestion window says ah no you're still in second gear you're in penalty box you're still in second gear the other guy told me i can send four units of data but i can't why because i'm in a penalty box and i'm in second gear so i can i can rank ramp up but i have to take the minimum of the two so this is tcp has always to worry about should i send the full receive windows worth of data or are there limiters to that and yes the receive window size goes down as the receiver receives data remember the the patient going into the doctor's office to be buffered so it's always the minimum between the receive window and the congestion window keep that in mind all right now the other thing is so that's how just um slow start and multiplicative decrease works we don't go straight to zero again we we go to a halfway point the other thing is congestion avoidance so that's the final topic that we'll talk about because we're already 17 minutes into this video so congestion avoidance says at some point okay so whether it's one two three four five or i'm not going to draw all these circles maybe you're up to 32 packet tie is worth the data maybe it's 64. who knows at some point we don't have limitless wire rate ethernet no matter what verizon fio says saying oh yeah it's a dedicated gigabit fiber they don't run fiber all the way to google for me okay i know that for a fact it's at some point you come to a backbone and and it's a shared medium so the newer tcp says okay let's go into congestion avoidance meaning once we reach we reach some state okay i'm not even going to get into that yet let's say this is where we start to think about congestion avoidance right when we get to these four units of data at this point let's not be stupid and just double and double and double okay let's increase it by a smaller unit because we know we're going to hit a brick wall right we it's it's not a limitless resource so the condition avoidance says simmer down now that's why i have this word simmer down now is once we reach reach a certain point as determined by the the stack and operating system we don't just blindly double the rate of transmission we reduce it to just one at a time one more one more one more one more okay and that's because we know there's going to be congestion so we try to avoid it by being less aggressive does that make sense it may not and that's okay for me maybe it's just me i had a hard time conceptualizing what congestion congestion avoidance congestion window the back off all of that how it impacted performance and one of the reasons is because you can't see it there's no value for congestion window there is no value that says oh i'm at this state here i'm at you know stage second gear third gear fourth cure it's it's it does it's not exposed anywhere maybe that's why i had a hard time but what i would recommend is for you to pick up a textbook like this or stevens and read and you may not understand it but read it again and read some other articles and then read some other helpful tutorials because we can all google right and as you do this over time a little bit of this topic will sink in one by one by one by one and then you go aha now i get it now i know how to heuristically determine what the congestion window might be or what the impact is when there's slowness because i can read that congestion happening on the road and i can a try to avoid it and b when i do crash i know what my reaction should be and really again this remember when i very first started out i say this is like a detective trying to get a murder conviction without a body when you see stephen's graph or tcp trace graphs of the world you'll see these you'll be able to plot that chart and be able to react and say oh i think this is congestion avoidance which is perfectly normal okay because i know what congestion avoidance means i may not know when it kicks in but i know what the behavior looks like so i can say throw that out that's not a red herring the system didn't slow down that's just tcp doing its job and this is why it's important to understand the topic of congestion i know it was dry i know it was boring so if you're still with me then there's one thing i wanted to say which is by the way why am i wearing orange which is meant for q a on a wireshark session because i was doing two videos uh the q a there was there was some worthwhile questions that i wanted to go deep into but i failed to hit the record button so it's really hard to do a youtube recording when you don't actually record the uh the session so that's why i'm in orange and i didn't feel like doing a wardrobe change that's what we call it in the business the talents wardrobe wardrobe change so that's why i'm wearing orange even though this is a blue wire shark session okay the big announcement if you're still with me is starting next session the next wireshark blue border session is we're going to hit actually hit wireshark i think we did enough of the overall concepts and now we're going to start digging in to actual packets so let people know we'll we'll set up we'll go through setting up wireshark so again it'll be remember i said this is i'm very focused on making this beginner to advanced session so we'll talk about how to set up wireshark what wireshark is trying to tell you um what does a bracket mean what is it you know so we'll go into all the semantics of what wireshark is presenting to you so you understand that and how to use it how to use the ui and then we'll go into regular packet analysis so we're close okay so thanks for sticking with me and sorry this video was late but again i had some problems you can't see it but right there there's a record button and i didn't hit that so here we are okay thanks everybody have a great weekend

Info

Channel: Hansang Bae

Views: 1,212

Rating: undefined out of 5

Keywords: Tcpip, wireshark, sharkfest, packet analysis, protocol analysis, sniffer, ethernet, technology, network engineering, SE, systems engineer, hansang bae

Id: CUUkK5DYxdM

Channel Id: undefined

Length: 22min 48sec (1368 seconds)

Published: Thu Sep 17 2020