Review OSI seven-layer model
OSI seven layer model | TCP/IP conceptual layer model | function | TCP/IP protocol family |
---|---|---|---|
The application layer | The application layer | File transfer, E-mail, file services, virtual terminals | TFTP,HTTP,SNMP,FTP,SMTP,DNS,Telnet |
The presentation layer | Data formatting, code conversion, data encryption | No agreement | |
The session layer | To release or establish a connection with another contact | No agreement | |
The transport layer | The transport layer | Provide an end-to-end interface | TCP, UDP |
The network layer | The network layer | Select a route for the packet | IP, ICMP, RIP, OSPF, BCP, ICMP |
Data link layer | Link layer (the part of the hardware that connects the network) | Transport addressable fields and error detection | SMIP, CSLIP, PPP, ARP, RARP, RIU |
The physical layer | The transmission of data over physical media as binary data | IS02210, IEEEE802, IEEE802.2 |
-
Presentation layer: mainly to provide a common language for heterogeneous computer communication, facilitate the interaction (because of different computer architecture using different data representation), provide the application layer data passed grammar transformation, consultation, connection management (connected to the session layer to establish said), only care about the information of syntax and semantics.
-
Session layer: Controls the establishment, maintenance and release of connections between two nodes, and manages and controls sessions to ensure reliable data transmission.
-
Transport layer: Provides the transfer of data between two computers in a network connection, end-to-end, roughly divided into TCP Transport control protocol (reliably) and UDP user datagram protocol (unreliably)
-
Network layer: through the routing algorithms for IP packets from the source host to destination host to choose a suitable transmission path, provide service for the transport layer end-to-end data transmission [to deal with the flow on the network packet. The packet is the smallest unit of data transmission network. Through this layer defines how the transmission path to reach the other side of the computer, and sends the packet to the other side.”
-
Data link layer: devices at the physical layer provide media and connections between terminal devices, but the transmission between communications is only connected during communication. Each communication involves two processes of connection and disconnection. This established data sending and receiving relationship is called data link (used to deal with the hardware part connected to the network).
-
Physical layer: establish, manage and release physical connections between hosts using the transmission medium for communication to realize the transmission of bit stream and ensure the correct transmission of bit stream on the transmission medium.
TCP three-way handshake and four-way wave
1. Three handshakes
In a nutshell, the three-way handshake goes like this:
- First handshake: Are you there? (Client -> server, server Angle: sending function of client and receiving function of server are normal)
The client sends a SYN packet and enters the SYN_SEND state, waiting for confirmation from the server.
- Second handshake: I’m here, are you still here? (Server -> client, client: The receiving and sending functions of the server are normal, and the sending and receiving functions of the client are normal. The server does not know whether the receiving function of the client and its own sending function is normal, so there is a third handshake.
When a server receives a SYN packet, it must acknowledge the client’s SYN(ACK = X +1) and send a SYN packet (SEq = Y) to the client. The server enters the SYN_RECV state
- Third handshake: I’m still here. (Server -> Client)
After receiving the SYN+ACK packet from the server, the client sends an ACK packet (ACK = Y +1) to the server. After the packet is sent, the client and the server enter the ESTABLISHED state and complete the three-way handshake.
After three handshakes, the client and server confirm that their receiving and sending functions are normal and can communicate normally.
2. Wave four times
TCP is a two-way transmission mode. Both parties can send or receive data to each other at the same time. When either party wants to close the connection, it sends a command to tell the other party that I’m closing the connection. An ACK is sent back, and the connection in one direction is closed. But the other direction can continue to transmit data, and when all data is sent, a FIN segment is sent to close the connection in that direction. The receiver sends an ACK to confirm closing the connection.
- First wave: I’m leaving. (Active -> passive, the active tells the passive to close the connection. At this point, the active party has sent all data. If the passive party still has data to send, it can continue to send, and the active party can receive data.
The active party sends a FIN packet containing its serial number K and an ACK to acknowledge the last data sent by the other party. The active party enters the FIN_WAIT_1 state.
- Second wave: Ok. (Passive -> Active. The passive enters the closed wait state, and TCP is in the half-closed state.)
After receiving the FIN packet, the passive party initiates an ACK and uses K+1 as the serial number value to indicate that the previous packet has been received. The active party enters the FIN_WAIT_2 state.
- Third wave: Goodbye. (Passive party -> Active party. The passive party confirms that all data has been sent and closes the data transfer from the passive party to the active party.)
After confirming that data is sent, the passive party sends a FIN=N packet to the active party. The passive party enters the LAST_ACK state.
- Fourth wave: Goodbye. (The active party -> the passive party, the active party tells the passive party to disconnect, and does not receive a reply after 2MSL, which proves that the passive party has closed normally, and the active party also closes the connection.)
After receiving the packet, the active party sends ack=N+1 and enters the TIME_WAIT state.
After four waves, the connection channel closes.
TCP long and short connections
The default connection is long. Connection: keep-alive in the response header indicates a long connection. Set Connection :close to close long connections.
1. The long connection
When sending an HTTP request, a TCP connection is created and the CONTENT of the HTTP request is sent and returned on the TCP connection. This is the completion of a request. The browser and the server negotiate whether to close the TCP connection. The advantage is that other requests can be sent directly over the TCP connection without the three-way handshake at creation time.
Long connection When no data is transmitted, heartbeat packets need to be periodically sent to maintain the connection.
This reduces TCP establishment and closure operations and saves time, which is suitable for scenarios with frequent requests
2. Short connection
If the TCP connection is closed, the next request needs to be re-created. In this case, the network delay is incurred. In this case, the TCP connection is closed after each request, reducing the number of concurrent connections between the client and server.
The four.
Encrypt data and establish an information security channel to ensure data security during transmission.
1. The difference between HTTP and HTTPS
- HTTPS requires a CA certificate
- HTTP is plaintext transmission. HTTPS is encrypted using SSL (Secure Sockets Layer) or TLS (Secure Transport Layer) protocol.
- HTTPS can effectively prevent operators from hijacking and solve the problem of anti-hijacking
2.HTTPS workflow
- When a client initiates an HTTPS request, the client must connect to port 443 (default) of the server according to RFC2818.
- The server returns the public key certificate to the client
- Client certificate of parsing, this part completed by client TLS, first to verify the validity of public key, such as issuing authority, expiration time, if discovery is unusual, will pop up an alert box, prompt certificate there is a problem, if no problem, will use the pseudo random number generating symmetric key used by encryption (random values), and then use certificate of public key encryption, sent to the server.
- The server decrypts with its own private key and obtains the symmetric key (random value), which can then be used by the client and server for encryption and decryption.
3.CA security certificate
- Resolve the issue where the communicator’s identity may be disguised.
- A CA certificate is issued by the CA certificate Authority and can be used for identity identification. The CA certificate contains the issuer, certificate validity period, public key, certificate owner, signature algorithm, fingerprint, and fingerprint algorithm.
- The client sends a request to the server, and the server returns the certificate file. The client reads the plaintext information in the certificate, uses the same hash function to calculate the information summary, and decrypts the signature data using the corresponding CS public key. If the information summary of the certificate is consistent, the validity of the certificate can be confirmed.
- The client also authenticates the domain name and validity period of the certificate. The client also contains information about the CA certificate (including the public key). If the CA is not trusted, it cannot find the corresponding CA certificate and is considered invalid.
4. The SSL and TLS
- SSL (between TCP/IP and various application-layer protocols, providing security support for data communication)
- It consists of two layers: SSL recording protocol and SSL handshake protocol.
- SSL provides services that authenticate users and servers and ensure that data is sent to the right clients and servers. Encrypt data to prevent it from being stolen. Maintain data integrity and ensure that data is not changed during transmission.
- TLS (used to provide confidentiality and data integrity between two communication applications)
- It consists of two layers: TLS recording protocol and TLS handshake protocol.
5. Encryption algorithm
- Symmetric encryption: Both encryption and decryption are encrypted with the same secret key. Symmetric encryption requires both the encrypted data and the secret key to be passed at the same time, so symmetric encryption is not secure.
- Asymmetric encryption: Asymmetric encryption includes public key and private key, public key encryption, private key decryption, and vice versa.
5.HTTP version
1. HTTP1.0
- Short connection: The TCP connection must be overwritten every time a request is sent. The performance is poor
- None HOST header field: Each server has an IP address and the request message does not contain a HOST name.
- Breakpoint continuation not allowed: Breakpoint continuation is not supported, which wastes bandwidth (cannot transfer part of an object, requires transfer of the whole object)
- Cache handling: If-Modified-since and Expires are mainly used as the standards of cache
2. HTTP1.1
- Long connection: Enables long connections by default and supports pipelpipeling of long connections and requests. Multiple HTTP requests and responses can be sent on a TCP connection, reducing the establishment and closing costs and delays.
- HOST header field: The HOST header field is supported. 404 is not reported. With the development of virtual hosts, multiple VMS can exist on a physical server and share the same IP address.
- Bandwidth optimization: Range is introduced in the request header, which only requests a portion of the resource in word order and returns 206, making full use of bandwidth and connections
- Cache handling: More cache policies were introduced, such as Entity Tag, if-unmodified-since, if-match, if-none-match, etc. More cache headers are available to control cache policies.
3. HTTP2.0
- Http1.x is based on text parsing, while HTTP2.0 is based on binary format parsing
- Multiplexing :(multiple requests can be executed concurrently on a connection) connection sharing, where each request is used as a connection sharing mechanism. A request corresponds to an ID. In this way, a connection can have multiple requests. The requests of each connection can be randomly mixed together, and the receiver can assign the requests to different server requests according to the REQUEST ID.
- The header compression: The http1. x header contains a large amount of information, and must be repeated each time. HTTP2.0 uses encoder to reduce the size of the header transmission, and each communication party cache a header fields table, which can avoid repeated header transmission. It also reduces the size of the transfer required.
- Server push :(a server can actively connect to a client to push resources) same as SPDY.
4. SPDY protocol
-
SPDY protocol is a TCP based session layer protocol developed by Google, which is an enhancement of HTTP.
-
HTTP2.0 is based on the SPDY protocol and has most of the same features as HTTP2, including server-side push, multiplexing, and framing as the minimum unit of transport.
-
SPDY’s header compression algorithm is DEFLATE, while HTTP2 uses HPACK, which has a higher compression rate.
-
The HTTPS based encryption protocol improves the reliability of data transmission.
-
To solve the problem of high HTTP latency, SPDY adopts multiplexing to share a TCP connection with multiple requests, which solves the problem of HOL blocking, reduces the delay and improves the utilization rate of bandwidth. Multiplexing may cause the phenomenon of key requests being blocked, and SPDY allows setting priority for each request. Such important requests will get limited responses.
5. HTTP3.0
Based on Google’s QUIC protocol, which is implemented using UDP and reduces TCP three-way handshake time, as well as TLS (secure Transport Layer protocol, used to provide confidentiality and data integrity between two communication applications) handshake time.
- Resolved header blocking in HTTP2
- The retransmission policy was optimized
- The connection remains when switching networks
6. HTTP
1.HTTP packet structure
- The request message
- Request line —- Request method, request address, HTTP protocol and version
- Request header/response header —- (see point 6)
- The blank line —- is used by the server to distinguish the request header from the request body, which is the next one after the blank line is encountered
- Request body —- Request parameters, may not be
- The response message
- The status line —- contains the HTTP protocol, version, and status code
- Response headers
- A blank line
- Response body —- Data returned by the server
- Uris (Uniform Resource Identifiers (URNs) and urls)
General format: Scheme: [// [user: password @] host [: port]] [/] path [? Query] [# fragment]\
Scheme: This Scheme lists any associated protocols for specific syntax and URIs. Permission component: The permission component consists of several parts: an optional authentication part, a host (consisting of a registered name or IP address), and an optional port number. The authentication section contains the username and password, separated by a colon and followed by an AT (@) symbol. After the @ is the host name, then a colon, then a port number. It is important to note that IPv4 addresses must be in dotted decimal notation and IPv6 addresses must be enclosed in parentheses. Query (Optional) : A query contains a string of non-hierarchical data. Although the syntax is not clearly defined, it is usually a sequence of attribute value pairs separated by delimiters, such as ampersand or semicolon. The query is separated from the previous part by a question mark. Fragments (optional) : Fragments contain fragment identifiers that provide direction for secondary resources.
2. The HTTP status code
- classification
- 1XX The server receives a request
- The request for 2xx is successful, for example, 200
- 3xx requests are redirected, such as 302 (give browser a URL, redirect automatically)
- 4XX client error, such as 404
- 5XX server error, such as 500
- Common status code
- 200 Request succeeded
- 301 Permanent redirection (with location, the browser handles it automatically)
- 302 Temporary Redirection (with Location, handled automatically by the browser)
- 304 The resource is not modified
- 404 Resource not found
- 403 No Permission
- 500 Server error
- 504 Gateway times out
3.HTTP request method
- Partial request method
- Get Get data
- Post New data
- Patch/PUT Updates data
- Delete Delete data
- Patch partially modifies resource application
- Get vs. Post
- GET does not request again in browser rollback, and POST submits the request again
- GET requests are actively cached by the browser, POST requests are not, and must be set manually
- GET request parameters remain intact in browser history, POST parameters do not
- A GET request has a length limit on the parameters it passes in the URL, whereas a POST request has no limit
- The GET parameter is passed through the URL, and the POST is placed in the request body
- GET is used to query information, and POST is used to submit information for modification
- GET generates a TCP packet; POST generates two TCP packets (GET requests: the browser sends HTTP headers and data together, and the server responds with 200. Post request: header is sent, server responds with 100, data is sent, server responds with 200)
6.http headers
- Request Headers
- Accept Specifies the format of the data accepted by the browser
- Accept-encoding Indicates the accept-encoding algorithm, such as gzip
- Accept-lanuange Specifies the language accepted by the browser
- Connection: keep-alive A TCP Connection is used repeatedly
- In the case of cookie co-domain, the browser carries cookies with it every time it requests a resource
- Host Specifies the requested domain name
- User-agent (UA for short) Browser information
- Content-type Specifies the format of the data to be sent, such as application/ JSON
- Response Headers
- Content-type Specifies the format of the returned data, such as Application/JSON
- Content-length Specifies the size of the returned data in bytes
- Content-encoding Specifies the compression algorithm for the returned data, such as gzip
- Set-cookie This parameter is used when the server wants to change the Cookie
- Cache-associated headers
- Cache-Control Expires
- Last-Modified If-Modified-Since
- Etag If-None-Match
5.HTTP cache policy
Cache can reduce the number and volume of network requests (static resources (JS CSS IMG) can be cached), can reduce the burden of the server strong cache is when sending HTTP requests, if there is a cache, determine whether the cache expires, if not, directly read. If there is an Etag or LastModified cache, it sends an HTTP request to the server with if-none-match and if-Modified-since fields. The server determines whether the cache is available and returns a 304 status code If it is. The cache is then read and the page is rendered. If there’s no ETtag or LastModified field in the header, it’s like a server sends an HTTP request, the server returns the resource, and then renders the page. If in a negotiated cache, the server decides that the cache is not usable, it returns a status code of 200, the server returns a request for the resource, and then renders the page
- Strong cache
- Cache-control —- In Response Headers, controls the logic of the forced Cache
- Max-age Sets the maximum expiration time of the cache
- No-cache Requests are sent to the server without mandatory cache
- No-store does not force the cache and lets the server return again
- Private only allows end users to cache
- Public allows intermediate routes or proxies to cache
- Expires—- In Response Headers, which also controls Cache expiration, has been replaced by cache-control
- Cache-control —- In Response Headers, controls the logic of the forced Cache
- Negotiation cache (server side cache policy, the server determines whether the client resource is the same as the server resource, returns 304 if they are the same, otherwise returns 200 and the latest resource)
- Last-modified Time of the last-modified resource (accurate to the second level only)
- Etag Unique identification of the resource (a string)
- Etag is preferred
- Etag is more accurate if the resource is generated repeatedly without changing the content
5.HTTP compression
Generally, the Encoding is compressed, and the Encoding method is reflected in the sender’s Content-encoding field. The accepted Encoding method is reflected in the Accept-Encoding field. The size of the compressed file is specified by content-Length. Principle: In order to improve the transmission speed of web pages over the network, the server compresses the main information. Process: Send an HTTP request to the server, which contains a compressed format field. After receiving the request, the server generates the original response and encodes the response through the compressed format. After encodes the response, content-Type and Content-Length fields are contained in headers. The content-Encoding field is added, and then the response is sent to the client. The client receives the compression, decompresses it, and renders the page.
Several commonly used compression formats:
- Gzip: indicates that the entity uses GNU ZIP encoding
- Compress: indicates the Unix file compression program used by the entity
- Deflate: Indicates that the entity is compressed in zlib format
- Br: A compression algorithm invented specifically for HTTP
- Identity: Indicates that the entity is not encoded. This is the default case when there are no Content-Encoding headers
Q: Why do I specify a file type for compression?
A: Because compression also consumes CPU resources, images, videos and other files do not compress well. General compressed text format files, good compression (from xxM to XXK).
7. Cross-domain problems
Same-origin policy: The protocol, domain name, and port number must be the same. When making an Ajax request, the browser requires that the current web page and the server must be of the same origin.
1.JSONP
The <script> tag has no cross-domain restrictions
- By dynamically creating a script, and then request a reference url to achieve cross-domain communication
- How it works: Circumvent the same-origin policy with the cross-domain nature of
- The server side does not need to change, need to change the front end, send JSONP request, can only send GET request
- XSS attacks are possible
2.CORS
- The server sets the response header that allows the browser to Allow cross-domain requests. (Setting access-Control-allow-Origin enables CROS, which indicates which domain names can Access the resource, or wildcard, which indicates that all web sites can Access the resource.)
- When croS is used to solve cross-domain problems, requests are divided into simple and complex requests.
- Simple request (simple request if both of the following conditions are met)
- Request modes: GET, HEAD, and POST
- The request header content-type is: Text /plain, multipart/form-data, Application/X-www-form-urlencoded
- The CORS request of complex request will add an HTTP query request, called “precheck” request, before formal communication. This request is the option method, through which to know whether the server allows cross-domain request.
- Simple request (simple request if both of the following conditions are met)
3.websocket
Websocket is cross-domain supported. Websocket is a persistent protocol of H5, which implements full duplex communication between browser and server. WebSocket is a two-way communication protocol. After a connection is established, both the WebSocket server and client can actively send or receive data to each other.
4.Node middleware proxy
The same origin policy is the standard that browsers need to follow, but not if the server is making requests to the server.
5. Nginx reverse proxy
Similar to the Node middleware proxy, you need to set up a relay Nginx server for forwarding requests
The above content, if there is a wrong place, please contact me to change.