Front-end needs to know the computer network knowledge

An overview of the

  • Layer 7 network protocol
    • Physical layer -> Data link layer -> Network layer -> Transport Layer -> Session Layer -> Presentation layer -> Application layer
  • HTTP and TCP
    • HTTP is an application layer protocol, and TCP is a transport layer protocol
    • Common application-layer protocols include Telnet, SSH, SMTP, POP, SSL/TLS, and MIME. Common transport layer protocols include UDP and SCTP

Web and HTTP

HTTP overview

  • The HTTP server does not hold any information about the client, so HTTP is a stateless protocol.

Non-persistent and persistent connections

  • HTTP with non-persistent connections allows at most one object to be transmitted per TCP

HTTP Packet Format

  • HTTP request Packet
    • Request line = method + SP +URL+ SP + version + CR + LF
      • GET/somedir/page. The HTTP / 1.1 HTML
    • Header row = header field name + SP + value + CR + LF
      • Host:www.someschool.edu
      • Connection:close
      • The user-agent: Mozilla / 5.0
      • Accept-language:fr
    • Empty line = cr + lf
    • The entity body
  • HTTP response Packet
    • Status line = version + SP + status code + SP + phrase + CR + LF
      • HTTP / 1.1 200 OK
    • Header row = header field name + SP + value + CR + LF
      • Connection:close
      • Date:Tue,09 Aug 2011 15:44:04 GMT
      • Server: Apache / 2.2.3 (CentOS)
      • Last-Modified:Tue,09 Aug 2011 15:11:03 GMT
      • Content-Length:6821
      • Content-Type:text/html
    • Empty line = cr + lf
    • The entity body

The HTTP status code

  • 101 WebSocket two-way communication
  • 200 success
  • 204 has no response body
  • 206 Resumable transmission
  • 301 Permanent redirection
  • 302 Temporary redirect
  • 304 Cache can only be set on the server
  • 401 no login no permission
  • 403 No permission after login
  • 404 No resources
  • 405 The request method does not exist or is not supported
  • 502 Load balancing

The way the request is sent

  • The browser defaults to get requests
  • postman
  • The MAC curl command is used

pipelines

  • Pipelining allows the next request to be executed without waiting for a response from the previous request, allowing requests to be sent in parallel. Only GET and HEAD requests can be piped; POST is limited

The RestfulApi request method is processed according to different actions

  • Get Obtains resources
  • Post New Resources
  • Put Upload file modification (restful)
  • Delete Deletes resources.
  • Options when a complex request occurs across domains just get/ POST is a simple request but with custom headers it becomes a complex request

User – server interaction: cookie

  • Cookie components
    • A cookie header line in an HTTP response packet
    • A cookie header line in an HTTP request packet
    • A cookie file is kept in the client system and managed by the user’s browser
    • A back-end database located on a Web site
  • Cookie security
    • A cookie is something that the server on your browser can set up to carry with it on every request
    • The cookie is not secure and cannot store sensitive information
    • Session server (cookie-based) server memory, stored in the Redis database

Web caching

  • A Web cache, also known as a proxy server, can represent the network entity that the original Web server satisfies the HTTP request
  • HTTP cache

    • Mandatory cache

      • Cache-Control && Expires

    • Compared to the cache

      • Last-Modified & If-Modified-Since
      • ETag & If-None-Match
  • Cache-control-private client can Cache- Public client and proxy server can Cache- max-age=60 Cache content will be invalid after 60s – no-cache requires comparison Cache to verify data. Force validation to the source server again (no force caching) – no-store All content will not be cached, neither force caching nor comparison caching will be triggered (no caching)

DNS

  • DNS是域名解析系统 Domain Name System
  • How DNS works
    • Distributed hierarchical database
      • Root DNS server
      • TLD Top-level domain (DNS) server com org edu
      • Authoritative DNS server
      • Query relationship between the local DNS server and the three servers The query from the requesting host to the local DNS server is recursive, and the query from the local DNS server to the other three servers is iterative
    • DNS cache
      • In a request chain, when a DNS server caches a host name /IP address pair and another query for the same host name provides the requested IP address, the local DNS server generally caches the mapping from the TOP-LEVEL DNS server
  • DNS records and packets
    • A Resource Record (RR) is a quadruple containing (Name,Value,Type,TTL)
    • DNS message
      • 12 bytes
        • identifier
        • mark
        • Question number
        • Answer number of RR
        • Authority RR number
        • Number of additional RR
      • The name and type of the query vary
        • Problem (number of variables in the problem)
      • RR in the response to the query
        • Answer (number of variables in the resource record)
      • Records of authoritative servers
        • Authority (number of variables in the resource record)
      • Additional “helpful” information that can be used
        • Additional information (number of variables in the resource record)
  • DDos attack
    • Distributed Denial of service (DDos) broadband flood attacks

A TCP connection

TCP segment structure

  • Source port number + Destination port number
  • The serial number
  • Confirmation no.
  • Header length + Reserved unused +URG+ACK+PSH+RST+SYN+FIN+ receive window
  • Internet checksum + emergency data pointer
  • options
  • data

TCP Connection Management (three-way handshake)

  • Step 1: The TCP on the client sends a special TCP packet segment to the TCP on the server
  • Step 2: Once the IP datagram containing the TCP SYN segment reaches the server host (assuming it does), the server extracts the TCP SYN segment from the packet, assigns the TCP cache and variables to the TCP connection, and sends the segment to the client TCP that allows the connection
  • Step 3: After receiving a SYNACK segment, the client assigns cache and variables to the connection as well

The IP address

IPv4 vs IPv6

  • IPv4 datagram format
    • Version (0-4)+ Header length (4-8)+ Service type (8-16)+ Datagram length (16-31)
    • 16-bit identifier (0-16)+ identifier (16-19)+ 13-bit chip offset (19-31)
    • TTL(0-8)+ upper layer protocol (8-16)+ header check sum (16-31)
    • 32 bits Source IP address
    • 32 bits Indicates the destination IP address
    • Options (if any)
    • data
  • IPv6 datagram format
    • Version (0-4)+ Traffic type (4-12)+ Flow label (12-31)
    • Payload length (0-16)+ next head (16-24)+ jump limit (24-31)
    • Source address (128 bits)
    • Destination Address (128 bits)
    • data

IPV4 addressing

  • Subnet: A subnet is formed between the router interface and the host interface
  • Subnet mask: THE IP address assigned to a subnet is an address of 223.1.1.0/24. This /24 notation, known as the network mask, indicates that the leftmost 24 of the 32 bits define the subnet address
class NetIDs Blocks
A 10 1
B 172.16-172.31 16
C 192.168.0-192.168.255 256

CDN

  • CDN operation
    • When a browser directive in the user’s host retrives a particular video (identified by the URL), the CDN must intercept the request so that it can determine which CDN server cluster is being mixed for the customer and redirect the customer’s request to one of the servers in the cluster
  • Cluster Selection Policy
    • The core of any CDN deployment is the cluster selection strategy, which is the mechanism of dynamically directing customers to the server cluster or data center in the CDN.
    • Common strategies:
      • Periodic real-time measurement; IP Anycast (match between customer and CDN server)

Network security

Fundamentals of cryptography

  • Symmetric key cryptography
    • The keys of both sides of a symmetric key system are identical and secret
    • Block cipher Processes the encrypted message into blocks of K bits
      • Data Encrypiton Standard (DES) specifies the Data encryption Standard
      • Advanced Encryption Standard (AES)
  • Public key system
    • A public key system uses a pair of keys: one is known to both parties and the other is known to only one party
    • RSA algorithm (Ron, Adi, Leonard)
      • Decomposition of large numbers and detection of primacy
  • Cryptographic hash function
    • MD5 hash algorithm
      • Fill -> Add -> Initialize accumulator -> Loop
    • SHA-1(Security Hash Algorithm)
  • SSL
    • Secure Socket Layer (SSL)
    • The SSL handshake
      • 1) The customer sends a list of the supported cryptographic algorithms, connected to a customer’s non-multiplications
      • 2) Select a symmetric algorithm, a public key algorithm, and a MAC algorithm from the list of servers, and return the selection, certificate, and a server without multiplicity to the client
      • 3) The client verifies the certificate, extracts the public key of the server, generates a pre-master Secret, encrypts the former Master Secret with the public key of the server, and sends the encrypted PMS to the server
      • 4) Using the same key export function, the client and the server independently calculate the Master Secret from the PMS and non-duplications, and slice the MS into two passwords and two MAC keys
      • 5) One MAC where the customer sends all handshake messages
      • 6) The server sends all handshake packets to a MAC