Which protocol is the best? : TCP vs UDP, find out when to use each one

TCP protocol: what is it and how does it work?

Le TCP (Transmission Control Protocol) is one of the fundamental protocols of the Internet, it allows us that applications can communicate with guarantees independent of the lower layers of the TCP / IP model. This means that routers (network layer in the TCP / IP model) only have to send the segments (unit of measure in TCP), regardless of whether this data will arrive correctly or not. TCP supports multiple application layer protocols, such as HTTP (web), HTTPS (secure web), POP3 (incoming mail) and SMTP (outgoing mail) as well as their secure versions using TLS. TCP is also used in such important protocols as FTP, FTPES, and SFTP to transfer files from one source to a destination, and even the SSH protocol to securely manage computers locally and remotely uses the TCP protocol.

Main characteristics

Because TCP serves a large number of application layer protocols, it is essential that the data (segments) reach the recipient correctly , without error and in order. If in the transmission of segments they are corrupted or lost, the protocol TCP initiates automatically the retransmission , without the intervention of the application layer. In this way, it is guaranteed that the data reaches the recipient without error, as this protocol is responsible for fixing any kind of problem.

The MSS (Maximum Segment Size) is the maximum size in bytes that TCP can receive in a single segment, it is similar to MTU, but MSS is at the transport layer. In order to get the best performance, the MSS should be small enough to avoid IP fragmentation. The MSS is normally advertised on either side of the communication channel, via the TCP header itself. Usually the size of the MSS is the MTU (1500 bytes normally) minus the TCP header (which has a variable length of at least 20 bytes) minus the IP header (which has a variable length of at least 20 bytes). minus XNUMX bytes). MSS = MTU (1 bytes) - 500 byte TCP header - 20 byte IP header

TCP has a complex error handling mechanism , a sliding window technique is used so that all segments arrive correctly. This feature uses different methods to detect possible errors that occur:

• Checksum
• Numbering of all segments for correct tracking
• Selective ACK confirmations, although it also allows segments to “pile up” so that a single ACK confirms more than one.
• Timers: If a long delay elapses, TCP automatically retransmits the segment that has been "lost".
• Duplicate segments are deleted: in case a duplicate segment arrives (because a segment took longer than normal and was resent), it deletes it.

Of course, if TCP detects an error, it will automatically initiate the retransmission with absolutely nothing to do by the application layer.

Another very important characteristic of information that travels from an origin to a destination is that data arrives in order, that is, in the same order they were sent, since IP is a protocol at best, it does everything it can to ensure that the packets arrive in order and correct, but it is not reliable since it does not guarantee anything. TCP has a sliding window on sender and receiver, so if we receive a segment that is not in order, it will automatically "wait" until the missing segment arrives, or else it will "wait" until the missing segment arrives. will request a retransmission of only the missing segment. With each segment received by the receiver, an ACK will be sent telling the sender that everything is arriving correctly, however, in real life TCP implementations allow sending an ACK to confirm receipt of multiple segments simultaneously, with the objective not to saturate the network with so many confirmations.

The TCP protocol allows flow controlIn other words, it is able to overcome the possible saturation of the network or of the remote host. In case a device transmits at a speed of 500 Mbps and the destination device can only receive information at 100 Mbps, the TCP protocol adapts dynamically. This way, the TCP protocol will always try to make the most of the bandwidth available between the source and the destination. The operation of this sliding window is complex, but it basically works in the sense that the receiver has a TCP window available with a number of bytes that it can store in a buffer, the sender will be able to send data to fill. this quantity. In order for the sender to send more data, it is necessary for the recipient to send him an ACK indicating that everything is correct and that he proceeds to its "upload" to the application layer.

TCP also has a congestion control, this allows us not to lose packets on the Internet because there is congestion in the routers. If the router is unable to process or forward the packets at the rate at which it receives them, the router itself will drop them and it will be lost, as its buffer will fill up. Flow control (which we explained above) should not be confused with congestion control. The congestion window (it is complementary to the receive window) is what makes it possible to manage the congestion control in TCP. In a non-congestion situation, the congestion benefit is the same as the receive window, if congestion occurs, the size of the congestion benefit decreases, and if it disappears, it increases. The maximum number of bytes that the sender can send is the minimum of the two window sizes (if the congestion window is 1500 bytes,

In order to avoid congestion, and so that we can compress the maximum amount of bandwidth available between the origin and the destination, there are a total of three phases. The phase of slow start is responsible for the exponential growth of the congestion window (so it can't really be considered a slow start), then the phase of avoidance of congestion which is responsible for the linear increase in the congestion window and, finally, the constant phase where the reception is the same as the congestion window.

Currently, TCP has different algorithms to deal with congestion effectively, the first were TCP Tahoe and Reno, although we also have others such as TCP Vegas, but over the years with newer data networks TCP / IP, other algorithms have appeared. more efficient. For example, we have TCP BRR which allows us to send information as quickly as possible, because it is much more efficient than the original TCP protocol (we will have a higher speed). We also have TCP Cubic which is the congestion control used by Linux and Unix operating systems.

Finally, another interesting feature of TCP is that it allows us to multiplex data , in this way, we can receive information from different hosts simultaneously. It also allows us Full-Duplex, because we can send and receive data simultaneously through the same communication channel.

Establishment of the connection between client and server, and disconnection in TCP

The main characteristic of the TCP protocol is that it is a connection oriented protocol , in order to establish a connection between client and server, it is absolutely necessary to establish a prior connection with said server.

This previous connection is called 3-way handshake and essentially consists of the client (the one initiating the connection) sending a SYN message to the server (the one receiving the connection). Subsequently, the server will send a SYN-ACK type message, indicating that it can start sending information, finally, the client sends an ACK indicating that it has received it successfully, and it starts sending all information between client and bidirectional server. path. A very important detail of TCP is that it generates sequence numbers on each side, helping that false connections cannot be made between them, although if the attacker is "in the middle" then a MitM attack ARP type could be performed. or similar, but not on the Internet.

One of the vulnerabilities of TCP lies in the sending of a large number of TCP SYN segments, in order to "saturate" the connections to the receiver. Here are some possible solutions to mitigate this denial of service attack:

• Limit the number of connections, whether global or IP.
• Only accept connections to trusted IP addresses.
• Delay the allocation of resources using "cookies", also known as SYN cookies.

To end connection , whoever wants to end the connection sends a FIN message, and the host that receives it will send an ACK message with another FIN message, so that the computer that initiated the connection termination sends it a final one. ACK and the open socket will be closed. An important detail is that we can have a "half open" connection, if one host ends the connection and the other does not, the side that ended the connection will not be able to send more data, but the one that ends the connection will not be able to send more data. has not closed it will be able to continue sending information.

TCP header

TCP adds at least 20 bytes of one- head in each segment, because we have an "optional" field. In this TCP header, we will find the source port and the destination port of the connection (socket), we will also find the sequence number, the ACK number, and the various TCP FLAGS such as SYN, ACK, RST, FIN , URG and others. In this header we also have a very important part for the operation of the sliding window, namely that we will have a 16 bit field which indicates the size of the receive window which we explained earlier.

The ports (Source Port and Destination Port) are essential for the proper functioning of TCP. TCP uses these port numbers to identify a socket, that is, an application that is sending or receiving data. TCP ports range from 0 to 65535, but we have three different types of ports:

• Known ports : 0 to 1023. These ports are reserved by IANA for certain applications, such as HTTP server, FTP, SSH, and many other well-known ports.
• Registered ports : 1024 to 49151. These ports are reserved for specific applications, such as database management systems, BitTorrent, and many other applications.
• Private ports : 49152 to 65535. These ports are not reserved by any application, and you can use them freely without affecting any other protocol.

UDP protocol: what is it and how does it work?

Le UDP (User Datagram Protocol) is one of the fundamental protocols on the Internet, it allows us that applications can communicate with guarantees independent of the lower layers of the TCP / IP model. This means that the routers (network layer in the TCP / IP model) only have to send the datagrams (unit of measurement in UDP). UDP supports multiple application layer protocols such as popular DNS and even DHCP to obtain (and provide) IP addressing automatically.

Main characteristics

The UDP protocol allows the sending of datagrams without having to first establish a connection, it suffices to have an open socket at the destination to accept datagrams from the source. UDP is a non-connection oriented protocol, that is to say it does not occur as in TCP where there is a phase of connection establishment, here they are sent directly without prior establishment of "warning".

This protocol does not provide any type of flow control , if one computer is faster than another and sends information, it is very possible that information will be lost because it will collapse at the slowest, and we will have to resend the information. An important detail is that the management of the transmission of datagrams is done by the transport layer, because UDP is very simple and does not have datagram transmission control mechanisms due to the loss.

UDP does not provide no more control of the congestion , if there is congestion in the network, packets could be lost, and, logically, it will not be responsible for transmitting them as is the case with TCP. Therefore, since UDP does not have congestion control, flow control, or error control, you could say that UDP is an unreliable protocol. In addition, it does not provide order in the datagrams sent, nor information whether a datagram arrived correctly, since there is no confirmation of delivery or receipt. Any kind of guarantees for the transmission of information must be implemented in higher layers.

This protocol is mainly used in DHCP and DNS where speed is more important than reliability. UDP is widely used in the tasks of controlling audio and video transmissions over a network. UDP only adds application multiplexing and header and payload checksum.

UDP header

UDP adds 8 bytes of one- head in each datagram. In this UDP header we will find the source port and the destination port of the connection (socket), the length of the datagram and the checksum of said datagram to verify that neither the header nor the data of the datagram have errors. The ports (Source Port and Destination Port) are essential for the proper functioning of UDP. UDP uses these port numbers to identify a socket, that is, an application that is sending or receiving data.

TCP vs UDP in the different VPN protocols

openvpn

OpenVPN is a protocol for creating virtual private networks that allows us to ensure point-to-point communication, since all tunnel traffic is encrypted and authenticated. OpenVPN allows the use of remote access type virtual private networks, for mobile clients who want to connect to a VPN server remotely and browse the Internet through the public IP of the server, this also includes access to the shared resources of the home network or professionals. This protocol also allows us to configure a Site-to-Site tunnel, in order to intercommunicate between different sites and to share files in a completely secure and confidential way thanks to the integrated cryptographic protocols.

OpenVPN uses one control channel and one data channel, in the control channel we can use TLS 1.2 and also the latest version TLS 1.3, to adequately protect all negotiation traffic. In the data channel we can use the AES-256-GCM symmetric encryption algorithm, although in the latest versions they have also integrated compatibility with CHACHA20-POLY1305, a symmetric encryption algorithm that also includes AEAD thanks to Poly1305 for the authentication of the data. In this way, the whole establishment and the data transferred in the VPN tunnel will be perfectly protected. In RedesZone you have a complete tutorial on how to way to configure an OpenVPN server and connect to it easily.

openvpn allows us to use both TCP and UDP protocolsFor the data tunnel, as you have seen, TCP and UDP are very different, and it is always advisable to use UDP because it is very fast, the establishment of communications is much faster with UDP than if using TCP. If we use TCP, we will have at our disposal flow control, congestion control, error control and many other features that make a reliable connection. However, when we use a VPN we still have protocols in the application layer that will re-request data if it arrives damaged, so we have redundancy, and what interests us most about a VPN is speed. in the establishment and also the speed in data transfer. For this reason, it is better to use UDP, if there is some problem in the transfer,

A very important aspect is that an OpenVPN server with UDP will be able to accept more incoming connections simultaneously if you are using UDP than if you are using TCP, moreover we will also have a higher bandwidth as no additional "load" is added. , due because UDP is much "lighter".

wire guard

WireGuard is a new VPN protocol that uses completely renewed and simple cryptography, as it uses only the most secure and efficient symmetric, asymmetric and hash encryption algorithms that exist today. In RedesZone we have already spoken in detail and we have taught you how configure WireGuard to connect securely to our home.

WireGuard only uses UDP transport layer protocol, this decision is due to the fact that UDP is much faster than TCP, both in connection establishment and later in communication since its header is much more small. One of the strengths of WireGuard is that it allows us to easily and very quickly "VPN roaming", this means that if we are connected to our Wi-Fi and have a VPN tunnel established, if we go to the network 4G, that VPN tunnel renegotiates very quickly without you almost knowing it. If instead of using UDP, you used TCP, this VPN roaming would be slower, because the TCP communication would have to be established first and then TLS.

TCP vs UDP on the web

Currently when we are browsing different websites we use TCP protocol because HTTP and HTTPS use TCP below. If we use HTTP the default port is TCP 80, when using HTTPS the default port is TCP 443. When using TLS 1.2 or TLS 1.3, below we always use the protocol TCP.

One of the new features of HTTP / 3 is the use of QUIC, a new communication protocol which is starting to be widely used, which works over UDP instead of TCP, to provide higher speed. QUIC will be responsible for providing connectivity from the client to the web server, and it will do so using TLS 1.2 or TLS 1.3, because logically we also have support for these secure communication protocols.

As you have seen, TCP and UDP are two fundamental Internet protocols, and each of them supports different application layer protocols.