The Internet protocol stack architecture consists of the application layer, transportation layer, network layer, link layer and physical layer from top to bottom. Each layer defines its responsibilities and uses the lower layer to complete its own functions and provide services to the upper layer. Among them, the application layer makes it possible to communicate and exchange information between the applications of the two systems.
Application layer protocol can be defined as: the rules for the exchange of information between applications. When applications in different systems use protocols to exchange information, the information is divided into groups, also called packets. In other words, application-layer protocols enable application processes to communicate, and by process communication, that is, to exchange packets over a network of computers.
Network application architecture
The developer of the application can determine the architecture that the application depends on, which determines the difference in the communication characteristics between the applications, usually client-server Architecture (CS) or P2P Architecture (P2P) :
- CS: In this architecture, there are two roles: client and server. Clients cannot communicate with each other directly. Multiple clients exchange information with the server. The server will have a fixed IP address, enabling the client to find it. This also means that servers need more computing power to cope with the large number of clients, and data centers with a large number of hosts are needed to handle the large number of client requests.
- P2P: In this architecture, each terminal acts as a client or a server, so each terminal is also called a peer. Peers can communicate directly with each other with minimal reliance on the data center. Under such characteristics, the self-extensibility is very strong.
The main difference between the two architectures is whether processing is done centrally. For CS, it requires a lot of server infrastructure and bandwidth to support. For P2P, although the economic cost is lower, but the security, performance, possibility is more difficult to be guaranteed.
Two processes, communicating across a network, will work under the following conditions:
- At some point, the process initiating the communication is identified as the client, and the other process is identified as the server.
- Processes send and receive packets through a software interface called a socket
- Defines the host address (also known as IP address) of the client and server, and the identifier (also known as port number) of the receiving process. This information is carried with the packet so that the peer can be found.
Transportation layer protocol selection
Application layer protocols work for processes that exchange data between them. Therefore, application layer protocols are not responsible for the transmission. Naturally, the transport layer will be asked for a service to do this.
When selecting the transportation layer agreement, several aspects should be taken into consideration:
- Data reliability: means whether you can tolerate some data loss. For email, file transfer, and financial applications, data loss may cause serious problems. However, a certain amount of data loss can be tolerated for calls and live broadcasts.
- Throughput: The rate at which data can be delivered, taking into account the application’s sensitivity to delivery time. Like E-mail, it doesn’t matter if the speed is slower, the data will arrive eventually; But for apps like video, low rates can only tolerate low resolution experiences.
- Timing: Sensitivity to delivery time, if interactive games, will be able to clearly perceive the delay of different delivery time, the different experience.
- Security: Whether the data can be safely transmitted to the recipient.
Here, the Internet provides two transport-layer protocols, TCP and UDP, to do the job:
- TCP is a connection-oriented service that is secured by SSL(Secure Socket Layer) and provides reliable data transfer services
- UDP provides a minimal service. It does not guarantee that the data will arrive. The sender can transmit the data at the rate it chooses
Common application-layer protocols The transportation layer protocols selected are as follows:
application | Application layer protocol | Do support the transportation agreement |
SMTP | TCP | |
Web | HTTP | TCP |
The file transfer | FTP | TCP |
Streaming multimedia | HTTP, the DASH | TCP |
Internet telephony | SIP and RTP, | UDP and TCP. |
Thunderbolt etc. | BitTorrent | UDP and TCP. |
Web pages exchange packets using the TyperText Transfer Protocol (HTTP) to Transfer information. HTTP will be implemented by two programs: programs that run on the client side and programs that run on the server side, which conduct sessions through HTTP packets.
The workflow of HTTP is:
- The client establishes a connection with the server through TCP. After that, the respective processes can access TCP through the socket
- The client and server receive HTTP packets from the socket and parse out the data
- Client and server request once, answer once
- HTTP is a stateless protocol
The format of the request packet is as follows:
- Request line: contains the method used, URL address, and HTTP version information
- Header line: in the form of K/V, identifies the function that HTTP is to use, or carries information
- Blank line: used for separation
- Request data: Sometimes you need to carry data, such as when you submit a form using the POST method, so the form’s data is placed in the entity location
GET / HTTP/1.1
Connnection: keep-alive
User-Agent: .....
Aceept:... .Copy the code
In the case of the request to Baidu to grab HTTP packets, some message information may be as follows. You just need to know how to extract information from it.
The response packet is as follows:
- Status line: Includes the HTTP version, status code, and further explanation of the status code
- Header line: passes information in K/V form
- Blank lines: do the separation
- Response data: Data that the transport server needs to accept and process further
HTTP/1.1 200 OK cacbe-control: private Data: Mon, 17 May 2021 05:53:24 GMT Expires: Mon, 17 May 2021 05:53:43 GMT Server: BWS/1.1......Copy the code
Also according to the response of Baidu, the information of the response packet may be as follows. Or just knowing how to extract information from it.
HTTP is stateless; each HTTP request is independent and irrelevant. Sometimes, however, you want to maintain some state for identification. An example of the need to save state is, for example, once logged in to the Web, at a certain time, access again can be automatically logged in.
- When accessing the server for the first time, the server uses set-cookies in the response packet to indicate the status data to be established to the client. The client saves a local file to save the cookies and expiration time
- After that, every HTTP request will carry this cookie information
- After a period of time, if the Cookies do not expire, the first request packet to the Web also carries Cookies
- In this way, some states can be maintained for special logic
HTTP transmitted in plaintext is at risk of data tampering, so SSL/TLS(Secure Sockets Layer/Transport Layer Security) is used to ensure data security.
Encryption algorithms can be divided into two categories, symmetric encryption and asymmetric encryption:
- Symmetric encryption: as long as you know the secret key, you can encrypt and decrypt the ciphertext
- Asymmetric encryption: Consists of a public key and a private key. The public key is used for encryption. The ciphertext can be decrypted only through the private key
- First, the server verifies the public key to the CA and gets the public key certificate
- At the beginning, the client tells the server what encryption components are supported
- The server method then sends its own public key certificate
- Then, the client verifies the public key certificate to the CA, pulls out the public key, generates a secret key, and then generates the ciphertext of the secret key through the public key, and sends it to the server
- After receiving the ciphertext, the server uses the private key to decrypt the secret key
- After that, the client and server use the secret key to encrypt and decrypt information symmetrically
Why is the above process safe?
- The public key certificate must be authenticated by the CA. The CA will verify the validity of the public key issuer from various angles. Therefore, tamper with the public key certificate cannot use its own public key certificate at will, because the client cannot find the unauthenticated public key certificate
- The public key certificate can be made known to the public. It is feasible to tamper with the public key certificate of the server and pretend to be the server to communicate with the client. However, the cipher text of the secret key that the client encrypts through the public key cannot be decrypted and extracted by the tamper, because the server will not tell anyone about the private key. As a result, the tamper cannot get the client information.
SSL/TLC is not absolutely secure, but it is reliable enough. There are possible ways to break it:
- The client installed a forged CA root certificate, but readers have built-in authoritative CA root certificates to reduce the possibility of tampering, so the challenge is, how to install the forged root certificate to the client
- Another way is to hack the public key certificate issued by the CA, which is very difficult.
Simple Mail Transfer Protocol (SMTP), also known as the Simple Mail Transfer Protocol, is used to Transfer Mail between two addresses.
In the email scenario, there are several roles:
- User agent: Allows users to read, restore, forward, save, and write files
- Mail server: Maintains and manages users’ mail packets so that user agents can extract mail from them for users to use. Runs on port 80 by default
- SMTP: Defines the rules of how mail is exchanged between mail servers
SMTP is simple enough to use only a few commands and replies to complete the transmission of mail, the whole process relies on the transport layer protocol TCP to ensure the normal delivery.
In SMTP, the sender’s mail server transmits information using commands such as:
- HELO: indicates the host name of the sender
- MAIL FROM: sender
- RCPT TO: intended recipient
- DATA: indicates the email subject
- QUIT: Terminates the session
The recipient’s mail server uses a response to restore the command, such as:
- 220: Service ready
- 221: The service closes the transmission channel
- 250: Request command completed
- 354: Start email input
- 450: The mailbox is unavailable
- 500: syntax error cannot recognize the command
C represents the sender mail server, S represents the receiver mail server, after the establishment of TCP connection, SMTP process may be as follows:
// The service is ready and identifies itself as the mailbox server
S: 220
// Tell yourself to be mailbox server GP
// Receive the command, confirm each other
S: 250 HELO GP
// Notify the original address of the email
C: MAIL FROM: <> // Receiving the command, indicating confirmation S: 250 OK // Informing the destination address of the mailbox C: RCPT TO: <> (S: 250 OK) // (S: 250 OK) (S: 250 OK) // (S: 250 OK) 354 Enter message, ending with"." on a line by itself /* email content */ C:..... C: ..... C: ..... S: 250 OK ID = 1mugho-0003dg-un // Ask to terminate the session C: QUIT // Tell the service channel is closed S: 221Copy the code
This completes the transmission of mail between mail servers, and it looks like the communication between people. After the DATA command, the content format of the message follows:
The mail server that sends the message, if it cannot deliver the message to the mail server that receives the message, keeps the message queue on its own and tries again after a period of time. If the delivery is delayed, the mail server deletes the message and generates an email notification that can be seen by the sender using the user agent.
SMTP also has the following features:
- Is the push protocol, the mail server that sends the mail establishes the TCP connection and pushes the mail
- 7 bit ASCII code format is adopted. If the packet contains ASCII characters other than 7 bits, transcoding is required
SMTP can deliver mail in the simplest form, but it also brings some problems. User agents will have a positive effect on mail delivery:
- The user agent handles mail sending for the user so that if the mail fails to be sent, it can retry on the user’s behalf
- The user agent handles mail reception for the user so that the user does not have to stay turned on and constantly ask to be sure to receive any incoming mail
The problem is that SMTP is a push protocol, and the user agent cannot get an SMTP packet because getting a packet is a pull operation. Therefore, special protocols are required to enable user agents to access mail. The common protocols are POP3, IMAP, and HTTP
Post Office Protocol (POP3) is called the third Version of Post Office Protocol. It is very simple and has limited functions.
POP3 is a simple process, divided into three phases: licensing, transaction processing, and update. It also works in a command-response format. The user agent will make a TCP connection to the mail server port 110 and start working
/ * charter * /
C: user Indicates the user nameS: +OK
C: pass the passwordS: +OK Successful login/* Transaction processing */
C: list (lists the length of all stored messages)S:...C: retr (retrieve a message)S: balabala ...
C: dele (delete a file)C: retr ... .C: quit
S: +ok
/ * * update * * /S processes files deleted by the command retr tagCopy the code
By working in this way, the user agent can pull out the mail and then delete it from the mail server or continue saving it, both of which will cause different problems:
- For the deletion method, if the user wants to retrieve the message from another terminal device, it will not be able to do so because the mailbox server has no messages that have been retrieved.
- If you continue to save messages, you can get them from multiple sources. The mail server actually holds some of the state, but the POP3 session does not carry this information, meaning the mail may never be deleted.
IMAP(Internet Mail Access Protocol), also known as THE Internet Mail Access Protocol, is more complex and extensible than POP3.
In the IMAP server, associate each packet with a remote folder. When the message arrives, associate it with the recipient’s INBOX folder. Recipients can move messages from this remote folder because IMAP supports the corresponding command.
It is worth noting that IMAP allows the user agent to obtain only certain parts of a packet, such as the header of a packet. When an email contains large attachments, it may be that the user just wants to know what they are and doesn’t want to get the details. This feature saves bandwidth.
Based on the Web
When there is, there is a lot of Web E-mail. In this way, the user agent is the browser, and the user acts on the mail through HTTP, and the mail can be stored on the HTTP server. It is worth noting that SMTP is still used for sending and receiving between mail servers.
People are good at remembering names, machines know numbers. If you want to access the IP address of a host or server, for example, if you enter an IP address like to access a specific website when surfing the Internet, it will be very inconvenient and difficult to remember.
The Domain Name System (DNS) is an IP address. It identifies a host using a traditional method that translates the host Name into a numeric address. DNS is the address book of a host. Based on the host name, you can find the IP address of the host and use the IP address to access the host. That is, DNS provides the translation of host names to IP addresses. In addition, services are provided:
- Host alias. If the host name is not easy to remember, you can use another alias, such as In this case, the former is called the host specification name, and the latter is called the host alias. You can use DNS to find the host specification name from the host alias, and then the corresponding IP address.
- Mail server aliases. Similarly, DNS makes mail addresses easier to remember.
- Load allocation: DNS has redundant DNS servers to provide services and distribute requests so that a site is not too busy and is called a network bandwidth bottleneck.
Different from other application layer protocols, DNS serves other application layer protocols. DNS provides functionality in the CS architecture, runs on UDP, and uses port 53.
DNS has three types of servers:
- Root DNS server: The home directory for IP addresses, strategically distributed around the world and managed by 12 different carriers. Provide the IP address and domain name system of the TLD server.
- Top-level domain server: Also called TLD server. Each top-level domain (such as com, org, net, edu, and gov) and national top-level domains (such as CN, UK, FR, and CA) have corresponding TLD server clusters. The TLD server will provide the IP address of the DNS authority server
- Authoritative DNS server: an IP address that matches a host name is actually queried. Each organization will provide publicly accessible DNS records and map these records to corresponding IP addresses. An organization can implement its own authoritative DNS server, or pay to have its records stored on a vendor’s authoritative DNS server.
When a user enters a web address in the search box, the DNS queries the corresponding IP address.
Take the first visit to as an example:
- The user host first queries the information from the local DNS server
- The local DNS server fails to find the matched IP address and sends the query to the root DNS server
- The root DNS server naturally does not find the IP address, but it recognizes “.com “, so it returns the TLD server responsible for “.com”
- After receiving the IP address of the TLD server, the local DNS server sends a query message to the TLD server
- After receiving the request, the TLD server identifies “.baidu”, finds the IP address of the responsible authoritative DNS server, and returns
- After receiving the IP address of the authoritative DNS server, the local DNS sends a query request to the authoritative DNS server
- The authoritative DNS server receives the query request, displays the IP address, and returns
- After receiving the result, the local DNS server caches the result and returns it to the host
- The host accesses the IP address
The following processes must be supported for DNS packets:
The message format is divided into different areas, and each area has different responsibilities:
- Header: a total of 12 bytes, which identifies the DNS status and enabled function. The important attribute, such as QR, indicates whether it is a reply packet or a response packet. If the ID is the same, the session is considered to be the same. Answer RRs, number of questions; Authority RRs, number of Authority servers; Addtional RRs, additional information number, etc.
- Qusetion: indicates the query content, including the domain name, protocol type, and class to be queried.
- Answer/Authority/Additional: to Answer queries, authoritative server information, as well as Additional information. The three formats are the same, including NAME, the domain NAME contained in the resource record; TYPE: indicates the DNS protocol TYPE. CLASS, the CLASS that represents RDATA; TTL indicates the time that the resource record can be cached. RDATA, variable length substrings representing the information recorded in the format of TYPE and CLASS.
Correspondingly, DNS information is stored in the DNS server as a Record, which is called a Resource Record (RR). The RR provides the mapping between host names and IP addresses. In this case, according to the Answer of the packet, the RR is as follows:
- TYPE=A. In this case, NAME is the host NAME and Value is the IP address corresponding to the host NAME. This is A record of TYPE A.
- TYPE=NS. In this case, NAME is a domain, and Value is the host NAME of an authoritative DNS server. The DNS server can find out the IP addresses of hosts in this domain
- TYPE=CANME, where NAME is the canonical host NAME, Value is the alias, this is a CANME TYPE record
- TYPE=MX, NAME is an alias, Value is NAME, this is an MX TYPE record
DNS cache
DNS will also make extensive use of caching technology, regardless of the DNS server. With caching, the next request can be responded more quickly, rather than going through a long link the first time it is parsed.
Of course, the hostname to IP address mapping is not stored permanently, and the DNS server will discard the cache information after some time. The cache also prevents the upper-layer DNS server from being accessed too frequently.
BitTorrent is an interesting protocol with a P2P architecture. Torrents are called torrents, and in the BitTorrent protocol, each role is called a peer, also called a peer. Multiple peers exchange the same resource, saying that they are in the same stream. The remarkable feature of BitTorrent is that the more peers there are in the stream, the faster the data can be exchanged
According to the characteristics of P2P, unlike CS architecture, in P2P all roles can be servers, unless all machines fail, otherwise do not have to worry about server failure. In addition, in P2P, resources are requested from multiple hosts, so bandwidth will be maximized.
Working principle of
- In BitTorrent, a resource file is divided into many chunks.
- Within each torrent, there is an infrastructure node, called a tracker, which does not store any resources, it just records which peers are still in the torrent and which resources they have.
- When a peer wants to download a file, it registers with the Tracker and periodically notifies the tracker that it is still in the stream.
- The tracker then returns a list of peers that contain chunks of the file to be downloaded.
- Finally, the peer establishes a TCP connection, uploads/downloads the file blocks, and the peer eventually restores all the file blocks to files.
The torrent file
In the beginning, there was no resource on the web. There is a peer that splits the resource file into several blocks and then gets a “.torrent” file that contains all the information about the file blocks. This process is also called seeding.
The peer then tells tracker to download the resources represented by the seed and come to him. The author of the seed on the Internet, through other ways to publish the seed file to others, other peers can follow the seed file to complete the BitTorrent download process.
The. Torrent file is a binary file. Through bencoding coding, its content can be parsed into a JSON as a representative description.
Key | meaning |
announce | Tracker Indicates the URL of the main server |
announce-list | Optional: Specifies the URL of the standby Tracker server |
info_hash | The hash value of the entire file is based on sha1 algorithm |
info,length | The length of the entire file | | The file name |
info.piecelength | The hash length of each block |
info.pieces | A list of hash values for each block |
- Once you have the.torrent file, send a request to the Tracker with the announce value to get the list of peers
- The downloader peer knows all the file blocks that need to be downloaded for this file from info.pieces, and the uploader peer returned by tacker knows which file blocks they have.
- Then, the peer of the downloading party checks the missing file block, establishes connections with different peer of the uploading party, downloads the file block, and checks the hash value of the downloaded file block
- Finally, merge the entire block into a file and check whether the hash is the same as the info_hash
Select peer
A file block may have multiple peers, so how to select peers? The selection is bi-directional. On the one hand, the downloader chooses which peer to send the request to. On the other hand, the uploader chooses which peer to serve.
- When selecting the peer to send the request, the rule of “scarcest first” is adopted. If the missing peer has the least number of known peers, the peer requests this block first. In this way, the scarce block can be distributed faster to serve the later peer.
- When deciding which peer to respond to, the system continuously measures the data rates provided by other peers and selects the highest rates for a period of time. The block is re-selected at intervals and, importantly, sent randomly to another peer every 30 seconds. The purpose of doing this is to coordinate the speed between peers and avoid some peers hitchhiking.
What’s the problem?
While BitTorrent’s ability to make the most of its bandwidth comes with P2P, it also comes with its own characteristics:
- In a CS architecture, resources come from the server, meaning there is a data center that provides the resource guarantee. In BitTorrent, the resource comes from the peer, and if none of the peers with the resource are online, then the resource will not be downloaded anyway, which is often called dead species.
- And because there is no centralized management of resources, especially in BitTorrent’s extended DHT network (removing the Tracker that BitTorrent relies on, so that each peer can act as a Tracker to help manage a portion of the region), decentralization is more complete. Under such soils, gray resources can survive and be shared, and are difficult to monitor.
- BitTorrent’s core download philosophy is “all for one, one for all,” where users need to share upload rates rather than limit uploads more, and exiting the flood immediately after downloading makes matters worse. Users need more time to build awareness of sharing.
- BitTorrent does not require the identity of the peer. In this case, the supplier can impersonate the peer and generate all the blocks of its own resources. After receiving the block request, the supplier sends the wrong block to waste the bandwidth of the requester. BitTorrent’s clients also have a blacklisting mechanism, in which suppliers are blacklisted if they provide fake blocks a certain number of times.
- Clients like Xunlei, contrary to the idea of P2P, work by directing users to pay if they have the resources to open download speeds. If they do not have resources, then join the torrent to download resources, and refuse to other non-thunderbolt user peer request, so more resources will be collected into thunderbolt, other BT software speed is less and less thunderbolt, bad coins drive good coins.
Dynamic Adaptive Streaming over HTTP (DASH) is a protocol developed based on HTTP and serves HTTP video resource requests.
Imagine watching video on the Web. We want the video to be as high resolution as possible, and we want it to be as smooth as possible. DASH detects the speed of a user’s real-time network to get the best match for a real-time video resource.
- First, the video resources are encoded into files with different resolutions. According to the same time interval, each file is divided into the same equal blocks, called fragments.
- The HTTP server has a notification file that tells it the URL of each version it supports
- The client dynamically requests several shards each time. When the network is sufficient, it requests a higher-quality version, and when the network is poor, it requests a lower-quality version.
CND(Content Distribution Network), also known as Content Distribution Network, exists in order to distribute media resources faster and speed up Network access.
- When video resources are needed, data is obtained from the data center, and the data transmission may cross many ISPs (Internet Service providers). If the ISPs span a long distance, the end-to-end throughput will face higher latency.
- The same video resource is transmitted repeatedly over the same long link, which wastes network bandwidth.
- The data center represents a single point of failure. If the data center goes down or the Internet link goes down, other video resources cannot be distributed.
The CDN manages servers distributed in multiple geographic locations to reduce bandwidth pressure and load balance requests to avoid a server being a hotspot.
A CDN can be classified as a private CDN or a third party CDN. The former is owned by the content providers themselves, while the latter represents the distribution of content to multiple content providers.
CDN usually uses two different server placement principles:
- Deep: Server clusters are deployed in the IPS at different geographical locations. In this way, server clusters can be close to end-users to reduce latency and increase throughput. But with such a highly distributed design, maintaining and managing clusters is costly.
- Invite guests: Build large clusters in a small number of key geographic locations and invite isPs to be guests. This has lower maintenance and management costs, but higher latency and lower throughput.
After deploying the CDN, the working details of the CDN are as follows:
- To obtain content, the client host obtains the IP address of the content from the local DNS server.
- The local DNS server obtains the IP address of the CND server that can provide this information through the operating mechanism of the DNS.
- The client host requests content from the CDN server.
- After receiving the request, the CDN server selects when the cluster returns the content. You can choose the nearest cluster geographically (with the CDN server, not the customer), or you can choose the cluster based on traffic conditions (by periodically measuring the time delay with the customer in real time).
- The user host gets the content.
Protocols at the application layer serve applications. Therefore, protocols of various formats are derived at the application layer to meet specific application requirements. For the application layer, different transport layer protocols are selected to transmit packets of the application layer protocols so that packets and information can be exchanged between applications.
It is relatively easy to implement an application-layer protocol because there is no requirement on what an application-layer protocol should look like. Therefore, you can select existing application-layer protocols to meet the requirements or build packets based on your own parsing rules to implement your own protocol.
In general, there are a lot of application layer protocols to choose from, and this section provides a quick overview of how some common application layer protocols work. In the current situation, you just need to know what application layer protocols are for and how common application layer protocols work. If you need specific application-layer protocol work details and support functions, then the target in-depth study can be.
Article portals in all layers of the Internet protocol stack
Internet Protocol Stack: What are application-layer protocols doing
Internet Protocol Stack: How does the transport layer deliver data
Internet protocol stack: the data plane of the network layer
Internet protocol stack: the control plane of the network layer
Internet Protocol Stack: Link layer overview
“Computer networking: a top-down approach”, 7th Ed., chap. 2
(Intensive reading recommended) HTTP Soul question, strengthen your knowledge of HTTP
Use a homing pigeon to explain HTTPS
DNS Packet Format
SMTP Protocol Introduction
DNS protocol (Packet resolution)
BitTorrent profile
Why do we use DASH
Summary of DASH Protocol research