Network management 2

Orphan connection

(1) in the FIN_WAIT_2 state of the client needs to wait for the server to send the end segment, can be transferred to the TIME_WAIT state, otherwise it will remain in this state; (2) if not in the semi closed state in order to continue to receive data connection, long time stay in the FIN_WAIT_2 state is not good; (3) connected to stay in FIN_WAIT_2 the situation may occur in the client performs semi closed, before the server closes the connection is forced out; the client is connected by the kernel to take over, can be called the orphan connection (and orphan Cheng Leisi);
Orphan connections -- memory; Linux connection in order to prevent the orphans long time remaining in the kernel, defines two kernel parameters: /proc/sys/net/ipv4/tcp_max_orphans kernel can take over the specified number of connections /proc/sys/net/ipv4/tcp_fin_timeout orphan designated orphan living in the kernel time connection
Network management 2
Paste_Image.png

Two, TCP timeout retransmission

TCP timeout retransmission: the recipient has not received the "sent package". It needs to be retransmitted;
With the TCP retransmission timeout of two kernel related parameters: /proc/sys/net/ipv4/tcp_retries1 specifies the number of retransmission before the underlying IP over TCP at least execution, the default value is 3; /proc/sys/net/ipv4/tcp_retries2 specifies the number of retransmission connection to abandon the TCP can perform, the default value of 15 (the 13 ~ 30min);
Network management 2
Paste_Image.png

1. fixed window

The value of Window Size is fixed; Window Size=3: the number of packets sent and received is 3;
Network management 2
Paste_Image.png

2. sliding window

The value of Window Size is not fixed; Sender:Window Size=3: the number of packets sent is 3; Receiver:Window Size=2: the number of packets received is 2;
Network management 2
Paste_Image.png

Three congestion control

Congestion control: TCP improves network utilization, reduces packet loss rate, and guarantees the fairness of network resources to each data stream;
The standard document TCP congestion control is RFC 5681, which introduced four parts: slow start congestion control (slow start) congestion avoidance (congestion avoidance) fast retransmission (fast retransmit) fast recovery (fast recovery)
Congestion control algorithms, Reno algorithm, Vegas algorithm and cubic algorithm, and they partially or completely implement the above four parts;
Congestion control algorithms currently used /proc/sys/net/ipv4/tcp_congestion_control
Network management 2
Paste_Image.png

Four, SP and DP

frame
DP SP
Destination port Source port
TCP and IP
SP DP
Source port Destination port

Five, UDP

Transport layer, high transmission performance, no data recovery features,

Network management 2
Paste_Image.png

Six and Internet layers

Network management 2
Paste_Image.png

1.ICMP

TYPE:8 - send package (request package) TYPE:0 - return package (reply package)
Ping 192.168.8.128 -s 1000 -s #: Specifies the frame size, the greater the # (maximum of 65507), stability test network; -f:flood flooder (Linux, windows); Ping 192.168.8.128 -s 65507 -f attack server, server down;
Frame data maximum 1500; frame +DP+SP+protocol=1514;
Network management 2
Paste_Image.png

2.ARP

Default gateways: Default, Gateway (1, 2, 3, 4)
Network management 2
Paste_Image.png
(1) A to C process (A, 1, 2, C)
SP SMAC DP DMAC PATH
IpA MAC-A IpC MAC-1 A – 1
IpA MAC-2 IpC MAC-C 2, C
(2) no response mechanism may cause ARP spoofing
ARP spoofing: capture / access to other data;
Network management 2
Paste_Image.png

Seven host to host packet delivery

ARP process 3 handshake 4 wave
ARP process: find MAC address: (1) (2) 1. (1) of the machine MAC table if there is a target IP corresponding host ID; (2), according to the ID sends a request packet; (3), 2. (1) for broadcasting; the other host can also receive the request packet. But not for yourself, don't care; (2) the server (host) received, is for me, to receive and record each other's ID and IP in the ARP table, reply to the client;
Network management 2
Paste_Image.png
3. (1) source host (client) after receiving the reply, the target host ID and IP in the ARP table; (2) send access request; 3 handshake, establish a connection (ESTAB-LISHED); (3) TCP/SYN (source host, SYN/ACK (send) the target host, reply) - TCP /ACK (the source host, send);
Network management 2
Paste_Image.png
4. source host: SEQ=3/DP/SP/SMAC/DMAC (TCP); send data; 5. target host: encapsulation, reply (ACK=4, SEQ=3/DP/SP/SMAC/DMAC)
6. the client sends request after the data is disconnected, the 4 break up; (detail reference network management 1) client (ESTAB-LISHED)) and server (ESTAB-LISHED): FIN=1, seq=u server (CLOSE-WAIT) to the client (FIN-WAIT-1): ACK=1, seq=v, ack=u+1 server (LAST-WAIT) to the client (FIN-WAIT-2): FIN=1, ACK=1, seq=w, ack=u+1 (TIME-WAIT), client server (CLOSED): ACK=1, seq=u+1, ack=w+1 client (CLOSED);

Eight, reverse ARP (according to MAC to find IP)

Network management 2
Paste_Image.png
(1) the host without hard disk; data in the hard disk, and in memory; (2) the data in the network (memory) - cloud / mesh / boot (3) to obtain IP from the server (DHCP) to download the necessary files (such as file system: start to connect to the network using the software) in memory to this, the system will run; in memory; (4) DHCP:: ID~ host server corresponding to IP; (IP each time to get fixed according to MAC for IP)

Nine, Internet protocol features

It runs on the OSI network layer, deals with Connectionless Protocols, processes data packets independently, layer by layer addressing, best effort transmission, and no data recovery

Ten, IP

Header
Ethernet header IP header TCP header HTTP header Data

PDU header of IP

Network management 2
Paste_Image.png
(1 version): ipv4/6 (2) total length: header+data; data is not fixed, the total length is not fixed; (3) identification: the bag is divided into a number of fragments, these fragments which belong to the big - mark; (4) plate offset: fragment is the first of several small is big; (12. 8 - byte offset units); (5): 3, only 2 effective; DF=0 (fragment); DF=1 (not fragment); MF=0 (and MF=1 fragments); (at last); (6) the survival time (TTL): the number of routers by: Linux (64), Windows (128);
Transport layer: TCP - 6; UDP - 17; (protocol number) Internet layer: IP