Network

Question 1

OSI Layer architecture

Answer 1

The Open Systems Interconnection model (OSI model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to its underlying internal structure and technology.

7. Application Layer (HTTP, FTP. SMTP, POP3):

High-level APIs, including resource sharing, remote file access.

6. Presentation Layer:

Translation of data between a networking service and an application; including character encoding, data compression, and encryption/decryption

5. Session Layer (SSL, RPC):

Managing communication sessions, i.e., a continuous exchange of information in the form of multiple back-and-forth transmissions between two nodes.

4. Transport Layer (TCP, UDP, segment):

Reliable transmission of data segments between points on a network, including segmentation, acknowledgment, and multiplexing.

3. Network Layer (IP IPv6 Router):

Structuring and managing a multi-node network, including addressing, routing and traffic control

2. Data Link Layer (CDP, ARP):

Reliable transmission of data frames between two nodes connected by a physical layer

1. Physical (IEEE802,2 Ethernet, Interwork):

Transmission and reception of raw bit streams over a physical medium

Question 2

TCP/IP

Answer 2

Transmission control protocol/Internet protocol, used to govern the connection of computer systems to the Internet. An implementation of OSI conceptual model.

4 layers:

top3 => Application layer

Transport Layer

Network layer

physical & data link => link layer

Question 3

TCP three-way handshake

Answer 3

TCP uses a three-way handshake to establish a reliable connection. The connection is full-duplex, and both sides synchronize (SYN) and acknowledge (ACK) each other. The exchange of these four flags is performed in three steps—SYN, SYN-ACK, and ACK

n TCP, the two parties keep track of what they have sent by using a Sequence number. Effectively it ends up being a running byte count of everything that was sent. The receiving party can use the opposite speaker’s sequence number to acknowledge what it has received.

But the sequence number starts at the ISN (Initial Sequence Number), which is a randomly chosen value. And since TCP is a bi-directional communication, both parties can “speak”, and therefore both must randomly generate an ISN as their starting Sequence Number. Which in turn means, both parties need to notify the other party of their starting ISN.

1. Alice —> Bob SYNchronize with my Initial Sequence Number of X
2. Alice <— Bob I received your syn, I ACKnowledge that I am ready for [X+1]
3. Alice <— Bob SYNchronize with my Initial Sequence Number of Y
4. Alice —> Bob I received your syn, I ACKnowledge that I am ready for [Y+1]

Notice, four events are occurring:

Alice picks an ISN and SYNchronizes it with Bob.

Bob ACKnowledges the ISN.

Bob picks an ISN and SYNchronizes it with Alice.

Alice ACKnowledges the ISN.

TCP merges the middle steps

Bob <— Alice SYN

Bob —> Alice SYN ACK

Bob <— Alice ACK

Notice the two instances of “SYN” and “ACK”, one of each, in both directions.

Question 4

Why we need a three-way handshake

Answer 4

The short answer is because a two-way handshake would only allow one party to establish an ISN, and the other party to acknowledge it. Which means only one party can send data.

But TCP is a bi-directional communication protocol, which means either end ought to be able to send data reliably. Both parties need to establish an ISN, and both parties need to acknowledge the other’s ISN.

So in effect, what you have is exactly your description of the two-way handshake, but in each direction. Hence, four events occurring. And again, the middle two flags happen in the same packet. As such three packets are involved in a full TCP connection initiation process.

Question 5

SYN timeout – first handshake

Answer 5

server received client SYN, reply with SYN-ACK but not receiving ACK;

The server will keep sending until timeout, LINUX default will wait 63 (1+2+4+8+16 wait 32) 5 try

Question 6

SYN Flood

Answer 6

A client keeps sending the first handshake, then offline to exploit the syn request to collapse server.

when SYN queue is full, LINUX adopt a TCP - syncookies to send back SYN cookies; a malicious client will not respond but a normal one could establish a connection with the syncookie

Question 7

TCP keepalive

Answer 7

Check the connected socket (also known as TCP sockets), and determine whether the connection is still up and running or if it has broken.

A timer deal with the keepalive procedure. When the keepalive timer reaches zero, you send your peer a keepalive probe packet with no data in it and the ACK flag turned on. You can do this because of the TCP/IP specifications, as a sort of duplicate ACK, and the remote endpoint will have no arguments, as TCP is a stream-oriented protocol. On the other hand, you will receive a reply from the remote host, with no data and the ACK set.

If you receive a reply to your keepalive probe, you can assert that the connection is still up and running without worrying about the user-level implementation.

This procedure is useful because if the other peers lose their connection (for example by rebooting) you will notice that the connection is broken, even if you don’t have traffic on it. If the keepalive probes are not replied to by your peer, you can assert that the connection cannot be considered valid and then take the correct action.

Question 8

TCP connect termination 4-way-handshake

Answer 8

The connection termination phase uses a four-way handshake, with each side of the connection terminating independently.

When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. Therefore, a typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint. After the side that sent the first FIN has responded with the final ACK, it waits for a timeout before finally closing the connection, during which time the local port is unavailable for new connections; this prevents confusion due to delayed packets being delivered during subsequent connections.

A connection can be “half-open”, in which case one side has terminated its end, but the other has not. The side that has terminated can no longer send any data into the connection, but the other side can. The terminating side should continue reading the data until the other side terminates as well.

Question 9

Why there is time-wait in four-way handshake

Answer 9

1. make sure there is enough time for the server to receive the final ACK packet
2. to avoid overlap of new connection and old connection

Question 10

why need a four-way handshake to terminate connection

Answer 10

TCP is a duplex connection, both side need FIN and ACK

Question 11

Difference of TCP and UDP

Answer 11

UDP: User Datagram Protocol

1. source port, destination port, length, checksum, data
2. not connection-oriented, do not maintain a connection, support send to multiple clients the same package at the same time
3. header is short: 8 byte
4. throughput is only limited by data generation rate, transport limit, and computer power
5. not guarantee reliable receiving package
6. do not split or merge message

Difference

1. connection - non-connection; TCP is one-one connection transport, UDP is one to many
2. reliability. Although UDP provides integrity verification (via checksum) of the header and payload, it provides no guarantees to the upper layer protocol for message delivery and the UDP layer retains no state of UDP messages once sent. For this reason, UDP sometimes is referred to as the Unreliable Datagram Protocol.
3. Ordering. UDP no.
4. Speed. UDP > TCP
5. size. TCP 20 byte header

Question 12

What is TCP windowing concept

Answer 12

TCP windowing concept is primarily used to avoid congestion in the traffic. - It controls the amount of unacknowledged data a sender can send before it gets an acknowledgment back from the receiver that it has received it. - It is one of the key factors for efficient data transmission.

Question 13

HTTP and its characteristics

Answer 13

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.

It is a request-response protocol that supports the client-server model; It uses reliable TCP connections by default on TCP port 80.

特点：

1. HTTP is media independent: It specifies that any type of media content can be sent by HTTP as long as both the server and the client can handle the data content.
2. HTTP is connectionless: It is a connectionless approach in which HTTP client i.e., a browser initiates the HTTP request and after the request is sent the client disconnects from the server and waits for the response.
3. It is stateless means each request is considered as the new request. In other words, the server doesn’t recognize the user by default.

Question 14

What happens after you type in URL in the browser?

Answer 14

1. DNS resolve domain name(URL) to be the IP address

(DNS cache: browser cache, system cache, router cache, IPX server cache, DNS server cache, Root name server cache)

2. establish a TCP connection with the server on that IP address
3. The client sends an HTTP request for files to the server.
4. The Server process that request and send back the response
5. Browser (the client) parse the response content and render the page
6. Browser release/terminate the TCP connection(4-way handshake)

Question 15

GET vs POST

Answer 15

1. request parameter: GET is in the URL, POST is in the request body
2. database: GET is idempotent and secure, POST is not
3. GET can be cached, stored, POST can’t

Question 16

Cookie vs Session

Answer 16

HTTP is stateless, so user login should be stored somewhere to improve its efficiency.

Cookies

on the client-side. server send to the client, store in the cookie as text

client send next request with cookie in the header

server parse cookie and generate customized content corresponding to the user

Session

server-side mechanism,

solved client request, check if it contains session id, if yes then handle it according; if not, generate one

It could be implemented by cookie(send with it) or URL rewriting

cookie vs session

store at client-side vs store at server-side

a session is secure than a cookie

session may cost server side resource, use cookie to reduce it

Question 17

Some detail about cookie and session

Answer 17

注意一：cookies和session有效期如何计时

session是从无操作开始计时
cookie是从cookie文件生成开始计时，

注意二：session不跨浏览器窗口

新开的浏览器会话窗口会生成新的Session，但子窗口除外。子窗口会共用父窗口的Session。例如，在链接上右击，在弹出的快捷菜单中选择”在新窗口中打开”时，子窗口便可以访问父窗口的Session。所以在浏览器中新建一个窗口其实就是子窗口，会出现串号的问题仍属于同一会话，同一session。建一个会话窗口则不会出现串号的问题，因为在会话层重新生成了一个session id。

注意三：Session存储在服务器端，一般为了防止在服务器的内存中（为了高速存取），Sessinon在用户访问第一次访问服务器时创建，需要注意只有访问JSP、Servlet等程序时才会创建Session，只访问HTML、IMAGE等静态资源并不会创建Session，可调用request.getSession(true)强制生成Session。

注意四：TOMCAT判断客户端浏览器是否支持Cookie的依据是请求中是否含有Cookie。尽管客户端可能会支持Cookie，但是由于第一次请求时不会携带任何Cookie（因为并无任何Cookie可以携带），服务器响应的HTML页面中URL地址(URL地址重写)中包含JsessionID(jsessionid只是tomcat中对session id的叫法，在其它容器里面，不一定就是叫jsessionid了)，服务器响应中JavaScript会判断浏览器是否启用cookie，启用则会把JsessionID写入到cookies中（这个cookies是内存cookies，跟一般的不一样，它会随着浏览器的关闭而消失）。当第二次访问时服务器已经在浏览器中写入Cookie了，因此URL地址重写后的地址中就不会带有jsessionid了。

Question 18

HTTP vs HTTPs

Answer 18

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

difference

HTTPS need CA certificate

HTTPS encrypt messages

port 443 vs 80

HTTPS = HTTP + encryption + certification + ensure message integrity

Question 19

Network Socket

Answer 19

A network socket is an internal endpoint for sending or receiving data within a node on a computer network. Concretely, it is a representation of this endpoint in networking software (protocol stack), such as an entry in a table (listing communication protocol, destination, status, etc.), and is a form of system resource.

A abstract of TCP/IP

Question 20

IPv6 vs IPv4

Answer 20

Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet. IPv6 was developed by the Internet Engineering Task Force (IETF) to deal with the long-anticipated problem of IPv4 address exhaustion. IPv6 is intended to replace IPv4.[1] In December 1998, IPv6 became a Draft Standard for the IETF,[2] who subsequently ratified it as an Internet Standard on 14 July 2017.[3][4]

Devices on the Internet are assigned a unique IP address for identification and location definition. With the rapid growth of the Internet after commercialization in the 1990s, it became evident that far more addresses would be needed to connect devices than the IPv4 address space had available. By 1998, the Internet Engineering Task Force (IETF) had formalized the successor protocol. IPv6 uses a 128-bit address, theoretically allowing 2128, or approximately 3.4×1038 addresses. The actual number is slightly smaller, as multiple ranges are reserved for special use or completely excluded from use. The two protocols are not designed to be interoperable, and thus direct communication between them is impossible, complicating the move to IPv6. However, several transition mechanisms have been devised to rectify this.

IPv6 provides other technical benefits in addition to a larger addressing space. In particular, it permits hierarchical address allocation methods that facilitate route aggregation across the Internet, and thus limit the expansion of routing tables. The use of multicast addressing is expanded and simplified, and provides additional optimization for the delivery of services. Device mobility, security, and configuration aspects have been considered in the design of the protocol.

IPv6 addresses are represented as eight groups, separated by colons, of four hexadecimal digits. The full representation may be simplified by several methods of notation; for example, 2001:0db8:0000:0000:0000:8a2e:0370:7334 becomes 2001:db8::8a2e:370:7334.

IPv4

Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version deployed for production in the ARPANET in 1983. It still routes most Internet traffic today,[1] despite the ongoing deployment of a successor protocol, IPv6. IPv4 is described in IETF publication RFC 791 (September 1981), replacing an earlier definition (RFC 760, January 1980).

IPv4 uses a 32-bit address space which provides 4,294,967,296 (232) unique addresses, but large blocks are reserved for special networking methods.