Professional Documents
Culture Documents
Note:-
The datagrams sent from one computer to another using UDP may become
lost without getting into notice. Moreover, they may arrive in a different order
as compared to their order when they were sent.
The user datagram protocol or UDP, unlike TCP, doesn’t guarantee the
correct sequence of transferred data. Moreover, it also doesn’t guarantee
any reliability of the data.
TCP Transmission Control Protocol is a connection-oriented protocol,
which means that it requires handshaking to set up end-to-end
communications. Once a connection is set up user data may be sent bi-
directionally over the connection.
Reliable – TCP manages message acknowledgment, retransmission and
timeout. Many attempts to reliably deliver the message are made. If it gets
lost along the way, the server will re-request the lost part. In TCP, there's
either no missing data, or, in case of multiple timeouts, the connection is
dropped.
Ordered – if two messages are sent over a connection in sequence, the first
message will reach the receiving application first. When data segments
arrive in the wrong order, TCP buffers the out-of-order data until all data
can be properly re-ordered and delivered to the application.
Heavyweight – TCP requires three packets to set up a socket connection,
before any user data can be sent. TCP handles reliability and congestion
control.
Streaming – Data is read as a byte stream, no distinguishing indications are
transmitted to signal message (segment) boundaries.
1. No connection establishment.
There are no delays as UDP does not need to establish a connection.
Thus, an application such as DNS (Domain Name System) would be
much slower over TCP than over UDP.
3. TCP has connection state in the end systems, which includes receiving
and sending buffers, congestion control parameters, and sequence and
acknowledgment number parameters.
This state information is needed to implement TCP's reliable data
transfer service and to provide congestion control.
UDP, on its part, does not maintain connection state and does not track
any of these parameters.
For this reason, a server devoted to a particular application can
typically support many more active clients when the application runs
over UDP rather than over TCP.
Despite of its benefits, UDP still have some major problems associated
with it. One of major concern of using User Datagram Protocol is that it
doesn’t offer network congestion control or avoidance mechanism.
Reliability Considerations
The UDP is an unreliable, low-overhead protocol. This section discusses
reliability issues inherent in UDP that implementers and users should be aware
of.
Lost Datagrams
This transport mapping does not provide any mechanism to detect and
correct loss of datagrams. Datagrams can be lost in transit due to
congestion, corruption, or any other intermittent network problem. IP
fragmentation exacerbates this problem because loss of a single fragment
will result in the entire message being discarded.
Message Corruption
Congestion Control
Sequenced Delivery
The IP transport used by the UDP does not guarantee that the sequence of
datagram delivery will match the order in which the datagrams were sent.
The time stamp contained within each syslog message can serve as a rough
guide in establishing sequence order.
However, it will not help in cases where multiple messages were
generated during the same time slot, the sender could not generate a time
stamp, or messages originated from different hosts whose clocks were not
synchronized.
The order of syslog message arrival via this transport SHOULD NOT be
used as an authoritative guide in establishing an absolute or relative
sequence of events on the syslog sender hosts.
Note:-
In one case, an attacker can hide the true nature of an attack amidst
many other messages. As an example, an attacker can start generating
forged messages indicating a problem on some machine. This can get the
attention of the system administrators, who will spend their time
investigating the alleged problem. During this time, the attacker could be
able to compromise a different machine or a different process on the same
machine.
Replaying
Message forgery and observation can be combined into a replay attack.
An attacker could record a set of messages that indicate normal activity of a
machine.
At a later time, an attacker could remove that machine from the network
and replay the syslog messages with new time stamps. The administrators
could find nothing unusual in the received messages, and their receipt would
falsely indicate normal activity of the machine.
Unreliable Delivery
As was previously discussed in Section 4, Reliability Considerations,
the UDP transport is not reliable, and packets containing syslog message
datagrams can be lost in transit without any notice.
Denial of Service
32 Bits
Destination
Source Port
Port
UDP
Length
Checksum
Data
.
.
UDP segment structure
Data :-
The application data occupies the data field of the UDP datagram :-
For example,
- For DNS (Domain Name System) , the data field contains either a query
message or a response message.
- For a streaming audio application, audio samples fill the data field.
Length :-
It is the length in octets of this user datagram, including this header and
the data.
In other words, it is the number of bytes comprising the combined UDP
header information and payload data.
The minimum value of the length is eight.
UDP Checksum :-
The UDP checksum provides for error detection. Therefore, this protects an
application against receiving corrupted payload data in place of, or in
addition to, the data that was sent. In the cases where this check is not
required, the value of 0x0000 is placed in this field, in which case the data is
not checked by the receiver.
- UDP at the sender side performs the one's complement of the sum of all the
16-bit words in the segment. This result is put in the checksum field of the
UDP segment.
- When the segment arrives (if it arrives!) at the receiving host, all 16-bit
words are added together, including the checksum.
- If this sum equals 1111111111111111, then the segment has no detected
errors.
- If one of the bits is a zero, then we know that errors have been introduced
into the segment.
0110011001100110
0101010101010101
0000111100001111
0110011001100110
0101010101010101
---------------------------
1011101110111011
IPv4
This is usually an IP header, followed by a UDP header and UDP payload
that may be an RTP header and its payload. However, the FULL_HEADER
packet may also carry IP
Encapsulated packets, in which case there would be two IP headers followed
by UDP and possibly RTP
- When UDP runs over IPv4, the checksum is computed using a pseudo-
header that contains information from the IPv4 header:
bits 0 - 7 8 - 15 16 - 23 24 - 31
0 Source address
32 Destination address
64 Zeros Protocol UDP length
96 Source Port Destination Port
128 Length Checksum
160 Data
- The source and destination addresses are those in the IPv4 header. The UDP
length field is the length of the UDP header and data.
- UDP checksum computation is optional for IPv4. If a checksum is not used
it should be set to the value zero.
IPv6
The packet may be built of some combination of IPv6 and IPv4 headers.
Each successive header is indicated by the type field of the previous
header, as usual.
bits 0 - 7 8 - 15 16 - 23 24 - 31
0
32
Source address
64
96
128
160
Destination address
192
224
256 UDP length
288 Zeros Next Header
320 Source Port Destination Port
352 Length Checksum
384 Data
- The source address is the one in the IPv6 header. The destination address
is the final destination; if the IPv6 packet doesn't contain a Routing header,
that will be the destination address in the IPv6 header; otherwise, at the
originating node, it will be the address in the last element of the Routing
header, and, at the receiving node, it will be the destination address in the
IPv6 header. The UDP length field is the length of the UDP header and data.
Source port
o Source port is an optional field.
o When used, it indicates the port of the sending process and may be
assumed to be the port to which a reply should be addressed in the
absence of any other information.
o If not used, a value of zero is inserted.
Destination port
o UDP packets from a client use this as a service access point (SAP) to
indicate the service required from the remote server.
o UDP packets from a server carry the client SAP in this field.
A broadcast is a data packet that is destined for multiple hosts. Broadcasts
can occur at the data link layer and the network layer. Data-link broadcasts
are sent to all hosts attached to a particular physical network. Network layer
broadcasts are sent to all hosts attached to a particular logical network
To enable UDP flooding, the router must be running software that supports
transparent bridging and bridging must be configured on each interface that
is to participate in the flooding. If bridging is not configured for an interface,
the interface will receive broadcasts, but the router will not forward those
broadcasts and will not use that interface as a destination for sending
broadcasts received on a different interface. Note Releases prior to Cisco
Internetwork Operating System (Cisco IOS) Software Release 10.2 do not
support flooding subnet broadcasts.
When configured for UPD flooding, the router uses the destination address
specified by the ip broadcast-address command on the output interface to
assign a destination address to a flooded UDP datagram. Thus, the
destination address might change as the datagram propagates through the
network. The source address, however, does not change. With UDP
flooding, both routers shown in Figure 19-1 use a spanning tree to control
the network topology for the purpose of forwarding broadcasts
1. If a valid source IP address space has been defined in the policy for the
encapsulated packets from the peer, check that the source IP address of
the inner packet is valid according to the policy.
2. If an address has been assigned for the remote peer, check that the source
IP address used in the inner packet is the assigned IP address.
3. NAT is performed for the packet, making it suitable for transport in the
local network.
1. If the protocol header after the ESP header is a TCP/UDP header and the
peer’s real source and destination IP address have been received according
to incrementally recompute the TCP/UDP checksum:
* Subtract the IP source address in the received packet from the checksum.
* Add the real IP source address received via IKE to the checksum
* Subtract the IP destination address in the received packet from the
checksum.
Internet Key Exchange (IKE or IKEv2) is the protocol used to set up a security
association (SA) in the IPSec protocol suite.
* Add the real IP destination address received via IKE to the checksum
Note: If the received and real address are the same for a given address
(e.g., say the source address), the operations cancel and don’t need to
be performed.
2. If the protocol header after the ESP header is a TCP/UDP header,
recompute the checksum field in the TCP/UDP header.
3. If the protocol header after the ESP header is a UDP header, set the
checksum field to zero in the UDP header. If the protocol after the ESP
header is a TCP header, and if there is an option to flag to the stack that
the TCP checksum does not need to be computed, then that flag MAY be
used. This SHOULD only be done for transport mode, and if the packet
is integrity protected. Tunnel mode TCP checksums MUST be verified.
Description
(UDP) hole punching is a method for establishing bidirectional UDP
connections between Internet hosts in private networks using NAT. It does
not work with all types of NATs as their behavior is not standardized.
UDP hole punching will not work with a Symmetric NAT (also known as
bi-directional NAT) which tends to be found inside large corporate
networks. With Symmetric NAT, the NAT's mapping associated with the
connection to the well known server is restricted to receiving data from the
well known server, and therefore the NAT mapping the well known server
sees is not useful information to the endpoint. For details on the different
types of NAT.
In a somewhat more elaborate approach both hosts will start sending to
each other, using multiple attempts. On a Restricted Cone NAT, the first
packet from the other host will be blocked. After that the NAT device has a
record of having sent a packet to the other machine, and will let any
packets coming from these IP address and port number through.
Algorithm
Let A and B be the two hosts, each in its own private network; N1 and N2
are the two NAT devices; S is a public server with a well-known globally
reachable IP address.
Audio/video applications often prefer damaged data over no data since the
use of clever codecs can cope for the error. Disabling UDP checksum is not
an option since headers would go unverified and packets might be
misdelivered. Also in IPv6 the UDP checksum is mandatory.
A special class of applications can derive benefit from having partially
damaged payloads delivered, rather than discarded, when using paths that
include error-prone links. Such applications can tolerate payload corruption
and may choose to use the Lightweight User Datagram Protocol (UDP-Lite)
variant of UDP instead of basic UDP.
The header format closely follows that of UDP. UDP-Lite changes the
semantics of the UDP "payload length" field to that of a:
To work well with TCP traffic on the Internet, RUDP (Reliable UDP) uses
retransmission and congestion control algorithms similar to the algorithms
used by TCP. Additionally, these algorithms are time-tested to utilize
available bandwidth optimally.
Because both TCP and UDP run over the same network, many businesses
are finding that a recent increase in UDP traffic from these real-time
applications is hindering the performance of applications using TCP, such
as point of sale, accounting, and database systems.
When TCP detects packet loss, it will throttle back its data rate usage.
Since both real-time and business applications are important to businesses,
developing quality of service solutions is crucial.