CCIE RS – Written – Network Principles – Explain TCP Operations

Explain TCP Operations

Protocol that ensures reliability in a transmission with minimum loss of packets

  • Duties
    • Assure packets maintain the right order
    • Error Checking
    • Delay is kept at an acceptable level
    • Prevent possibility of packet duplication
  • Ensure data received is consistent, in order, complete and smooth
  • OSI – Transport Layer (4)
    • Works before IP
    • Data gets bundled inside of TCP packets before sending to IP which encapsulates into IP packets

TCP Segment Structure

  • PDU – Protocol Data Unit
  • Consists of Header and Data section
    • Header – 10 mandatory fields
      • Source port – 16 bits – ID’s sending port
      • Destination Port – 16 bits – ID’s receiving port
      • Sequence Number – 32 bits – used for 3 way handshake, SYN flag
      • Acknowledgement Number – 32 bits
      • Data offset – 4 bits –
      • Reserved – 3 bits
      • Flags – 9 bits (Control bits)
      • Window Size – 16 bits – size of the receive window. Specifies number of window size units (bytes) sender on the segment is willing to receive
      • Checksum (16 bits) – error checking of header and data
      • Urgent point – 16 bits
      • Options – Variable 0-320 bit divisible by 32
      • Padding – Ensure TCP header ends and data begins on a 32 bit boundart. All zeros

Connection Establishment

  • 3 way handshake – Attempt connection between client and server before sending data
    • SYN – Active open is performed by the client to the server
    • SYN-ACK – Responseto SYN from server to client
    • ACK – Final response from client to server that SYN-ACK was received
  • Full duplex communication is established


Determine the size of the network path between 2 IP hosts

  • Goal is to avoid fragmentation
  • Intended for routers. All modern OS’s use it on endpoints


  • Works by setting DF bit in outgoing IP headers
  • Any device along path with smaller MTU sends ICMP – Fragmentation Needed (Type 3, Code 4)
  • Process is continued until smallest MTU is found to send packets without fragmentation


Determine the size of the network path between 2 IP hosts

  • Explicitly delegated to endpoints
  • Routers do not support fragmentation
  • ICMPv6 – Packet Too Big (Type 2)

MSS – Maximum Segment Size

  • Largest amount of data (in bytes) a host can receive in a single TCP segment
    • Does not count TCP or IP header
  • Defined to be the relevant IP datagram minus 40
  • Min MTU – 40 = MSS
  • IPv4 hosts required to handle MSS of 536 (=576 – 20 – 20)
  • IPv6 hosts required to handle 1220 (=1280 – 40 – 20)
  • MSS specified as TCP option
    • Send In SYN packet during TCP handshake
    • MSS cannot be changed after connection is established


Time interval between point A and point B. Product of delay from physical distance packets traverse a medium

  • Measured
    • One-way – Time from source sending a packet to destination receiving the packet
    • Round-trip Delay – Time from Source to Destination and Destination back to Source
  • Ping can provide latency, but isn’t fully accurate as ICMP can be treated differently if traffic shaping is applied
  • Accurate measurements can come from specific software


TCP Windowing

  • Amount of unacknowledged data that can be in transit at any given time
  • Referred to as Window Size – 16 bit field in TCP header

Window Scaling

Bandwidth Delay Product


Global Synchronization

Can occur during periods of congestion because each sender will reduce their transmission rate at the same time when packet loss occurs

Simplest queuing technique

  • Tail Drop – Allow queue to fil to max size and then discard any packets until there is space again
  • Problem occurs when there is bursty traffic and the queue is full
    • Full queue results in high latency
    • Introduction of sudden burst of traffic may cause large number of established streams to lose packets simultaneously
  • Recovery Mechanism
    • TCP recovers from dropped packets which is interprets as congestion
    • Senders reduce sending rate for period of time
    • Known as slow start algorithm
  • Tail drop is leading cause of the problem
    • RED (Random Early Detection) and WRED (Weighted RED) reduce likeliness of global synchronization


3 Types of TCP options

  1. Option-Kind – 1 byte
  2. Option-Length – 1 byte
  3. Option-Data – variable

Sent in the SYN packet


Describe basic software architecture differences between IOS and IOS-XE


  • Monolithic kernal
  • System processes and core functionality are tightly integration
  • Uses priority “run to completion” scheduler
    • Each process is a single thread
  • All memory is mapped into a single flat address space
  • IOS does not implement memory protection between processes or memory pools
    • Advantage: improves system performance and minimizes OS overhead
    • Disadvantage: Complex system, one process can cause software to crash
  • IOS images are unique for each platform
  • Feature sets determine what CLI and features are available

IOS allows for configuration archiving with the archive command. Configs can be stored on local or remote server (FTP, TFTP, etc.). The max number of copies to save (default 10). Set the time period (minutes) for saving the config.

Archive configuration commands:
default Set a command to its defaults
exitExit from archive configuration mode
log Logging commands
maximum maximum number of backup copies
noNegate a command or set its defaults
pathpath for backups
rollbackRollback parameters
time-period Period of time in minutes to automatically archive the running-config
write-memoryEnable automatic backup generation during write memory

IOS-XE – Based on a modular architecture

  • Linux based OS that employs a single daemon
    • Allows for multiple layers of abstraction
    • Individual functions have been isolated from the primary operations kernel into separate processes
    • Linux kernel and drivers are only component of IOS-XE that can access hardware directly
  • Has all IOS capabilities with enhanced operations and functionality
    • Similar CLI to IOS
  • Leverages symmetrical multiprocessing
    • Allows processes to execute over multiple CPU’s
      • Benefit of load balancing across multiple core CPUs
      • Binds process to different cores
  • Individual threads for each underlying process
  • Separates control plane from forwarding plane
  • APIs allow for development of drivers for the new data plane ASICs
    • Creates control plane and data plane separation
  • Logical and physical separation of control plane and data plane
    • Dedicated hardware resources
  • Separation archived through:
    • FFM – Forwarding and Feature Manager
  • Provides APIs to manage the control plane process
  • FFM programs the data plane through the FED and maintains all forwarding states for the system
    • FED – Forwarding Engine Driver
  • Allows the drivers to affect the data plane
  • Routing protocols run in the IOSd process


IOS-XE releases using consolidated packages and optional subpackages. Each consolidated package contains a collection of subpackages. 

Subpackage is an individual software file that controls different elements of the device. These can be upgraded individually

  • RPBase – Provides the operating system software for the Route Processor.
  • RPControl – Controls the control plane processes that interface between the IOS process and the rest of the platform.
  • RPAccess – Exports processing of restricted components, such as Secure Socket Layer (SSL), Secure Shell (SSH), and other security features.
  • RPIOS – Provides the Cisco IOS kernel, which is where IOS features are stored and run. Each consolidated package has a different RPIOS.
  • ESPBase – Provides the ESP operating system and control processes, and the ESP software.
  • SIPBase – Controls the SIP operating system and control processes.
  • SIPSPA – Provides the SPA driver and Field Programmable Device (FPD) images.

Upgrade Procedure

Best practice – Backup configuration – copy run flash: or to FTP server, or old school, copy and paste to text document

Upload new code to device – TFTP or RCP

  • copy tftp: flash:


Install subpackage

request platform software package expand file URL-to-consolidated-package to URL-to-directory-name 

Individual Processes

  • Chassis Manager – Responsible for all chassis management functions, including management of the HA state, environmental monitoring, and FRU state control.
    • RPControl,SIPBase,ESPBase
  • Host Manager – Provides an interface between the IOS process and many of the information-gathering functions of the underlying platform kernel and operating system.
    • RPControl,SIPBase,ESPBase
  • Logger – Provides IOS facing logging services to processes running on each FRU.
    • RPControl,SIPBase,ESPBase
  • Interface Manager – Provides an interface between the IOS process and the per-SPA interface processes on the SIP.
    • RPControl,SIPBase
  • IOS – The IOS process implements all forwarding and routing features for the router.
    • RPIOS
  • Forwarding Manager – Manages the downloading of configuration to each of the ESPs and the communication of forwarding plane information, such as statistics, to the IOS process.
    • RPControl
    • ESPBase
  • Pluggable Services – The integration point between platform policy application, such as authentication and the IOS process.
    • RPControl
  • Shell Manager – Provides all user interface features and handling related to features in the nonIOS image of the consolidated package, which are also the features available in diagnostic mode when the IOS process fails.
    • RPControl
  • SPA driver process – Provides an isolated process driver for a specific SPA.
    • SIPSPA
  • CPP driver process – Manages the CPP hardware forwarding engine on the ESP.
    • ESPBase
  • CPP HA process – Manages HA state for the CPP hardware forwarding engine.
    • ESPBase
  • CPP SP process – Performs high-latency tasks for the CPP-facing functionality in the ESP instance of the Forwarding Manager process.
    • ESPBase

Control Plane

The control plane of a router learns what the router will do with a packet. Its primary goal is learning about routes, static or dynamic. The routing table is contains a list of destination networks and outgoing interfaces. The control plane can define if a packet is discarded or given preferential treatment (QOS). There is a separate table, Forwarding Information Base, that is built by the control plane, but utilized by the Forwarding/Data Plane.

Forwarding Plane

The forwarding plane (aka: Data Plane) is responsible for moving packets based on what was learned in the control plane.

Impact to Troubleshooting and Performance

  • IOS XE (IOS 15.0) runs as a single daemon within a Linux operating system 
  • Additional system functions now run as additional, separate processes in the host OS environment
  • IOSd within the IOS XE environment supports multiple threads and multi-core CPUs
  • Wireshark and Mediatrace included, runs separately from IOS

Exclude Specific Platform Architecture

  • Non-IOS applications can either be tightly integrated with IOS or they could run side-by-side with IOS with very little or no interactions
  • If an application does require services from IOS, it integrates with IOS through a set of client libraries called “service points”