TCP network stuff! Three-way handshake, four-way handshake, TIME-WAIT, HTTP 2.0 ....

[[419435]]

Hello everyone, I am Tom~

Today I will mainly share with you some common knowledge points of TCP network, which you will often encounter in daily work or interviews. Considering the length of the content is not small, it is recommended to save it first and chew it slowly.

If it helps, please share it with your friends. "Happiness is better shared than happiness alone."

First, let's have a table of contents so that everyone can have an intuitive understanding of the content of the article

The seven-layer model of the network, briefly introduce the role of each layer?

Answer: It is divided into 7 layers, from bottom to top:

Application layer: the interface between computer users and the network. Common protocols include: HTTP, FTP, SMTP, TELNET
Presentation layer: data presentation, security, and compression. It converts the information processed by the application into a format suitable for network transmission.
Session layer: establishes and manages sessions between the local host and the remote host.
Transport layer: defines the protocol port number for transmitting data, as well as flow control and error checking to ensure that the message can be transmitted correctly. The protocols include TCP, UDP
Network layer: Routing algorithm, logical addressing, and optimal path selection between different networks. Protocols include IP, ICMP
Data link layer: receives data in the form of bit streams from the physical layer, encapsulates it into frames, and transmits it to the upper layer; similarly, it also disassembles data frames from the upper layer into bit stream data and forwards it to the physical layer. The data at this layer is called a frame.
Physical layer: establishes, maintains, and disconnects physical connections. Transmits bit streams (converts 1 and 0 into electric current strength for transmission, and then converts them back to 1 and 0 after reaching the destination, which is what we often call digital-to-analog conversion and analog-to-digital conversion). The data at this layer is called bits.

What fields are there in the TCP message header?

Answer:

Source port and destination port: each occupies 2 bytes, indicating which process the data comes from and which process the data goes to
Sequence Number: occupies 4 bytes. Each byte of data transmitted in a TCP connection has a sequence number.
Acknowledgement Number: 4 bytes, the response of the TCP segment sent by the other party
Data offset: Header length, occupies 4 bytes, indicating how far the data of the TCP segment is from the beginning of the TCP segment.
6-bit flag bit:
- URG: Is the urgent pointer valid?
- ACK: Indicates whether the confirmation number is valid
- PSH: prompts the receiving application to read the data from the TCP buffer immediately
- RST: Indicates that the other party is requested to reestablish the connection
- SYN: This is a connection request or connection acceptance message
- FIN: Tell the other party to close the connection
Window size: occupies 4 bytes and is used for TCP flow control. It tells the other party how many bytes of data the local TCP receive buffer can accommodate, so that the other party can control the speed of sending data.
Checksum: occupies 2 bytes, filled by the sender, and the receiver performs a CRC algorithm on the TCP segment to check whether the TCP segment is damaged during transmission. The scope of the check includes the header and data, which is an important guarantee for TCP reliable transmission.
Urgent pointer: occupies 2 bytes, a positive offset. It is added to the value of the sequence number field to indicate the sequence number of the next byte of the last urgent data, and is used by the sender to send urgent data to the receiver.

TCP three-way handshake process?

Answer: The purpose is to synchronize the sequence numbers and acknowledgment numbers of both parties in the connection and to exchange TCP windows.

First handshake, the client sends (seq=x), and the client enters the SYN_SEND state
In the second handshake, the server responds (Seq=y, Ack=x+1), and the server enters the SYN_RCV state.
In the third handshake, after the client receives the confirmation from the server, it sends (Ack=y+1), and the client enters the ESTABLISHED state. When the server receives this packet, it also enters the ESTABLISHED state.

Why three handshakes, not two or four?

Answer:

If there are only two handshakes, the server will consider the connection established after sending a SYN/ACK message to the client. However, if the client does not receive the message, the client does not establish a connection, which causes the server to waste resources.

A TCP connection cannot be established using two handshakes, and a three-way handshake is the minimum number of times required to establish a connection.

What is the process of TCP waving four times?

Answer:

First wave: The client sends a connection release message to the server
Second wave: After receiving the connection release message, the server immediately sends a confirmation message. At this time, the TCP connection is in a semi-closed state, that is, the connection from the client to the server has been released, but the connection from the server to the client has not been released. This means that the client has no data to send, but the server may still send data to the client.
The third wave: the server sends a connection release message to the client
The fourth wave: After receiving the connection release message from the server, the client immediately sends a confirmation message. At this time, the client enters the TIME-WAIT state. Note that the client-TCP connection has not been released at this time, and it must enter the CLOSED state after 2*MSL (maximum segment life) time.

Why do we need to wave four times?

Answer: TCP is full-duplex. After one party closes the connection, the other party can continue to send data. So the four handshakes divide the disconnection into two independent processes.

Why does the client wait for 2MSL before entering the CLOSED state in TIME-WAIT state?

Answer: MSL is the maximum survival time of a segment on the network.

Ensure that the ACK message can reach the server, so that the server can close the connection normally. After the client sends the last ACK message segment, after 2MSL, it can be guaranteed that all the message segments generated during the duration of this connection disappear from the network. In this way, this old connection request message segment will not appear in the next connection.

How many connections can a server with 8G memory maintain simultaneously?

Answer: The send and receive buffers are 4K each, and the socket descriptor must also be considered. The minimum memory required for a TCP connection is 8K, so the maximum number of connections is: 8*1024*1024 K / 8 K = 1048576, which is about 1 million TCP long connections.

What is unpacking?

Answer: The transport layer packet cannot be too large. Based on this limitation, the data is often split into multiple TCP segments (TCP Segments) for transmission based on the buffer size. When receiving data, each TCP segment is reassembled into the original data. In simple terms, it is divided into several processes: splitting - transmission - reassembly.

What is a sticky bag?

Answer: Solve the problem of data being too small to prevent multiple transmissions from occupying resources. The TCP protocol combines them into one TCP segment and sends them, which are then restored into multiple data at the destination.

What is the buffer used for?

Answer: The buffer is an area in the memory for buffering. When applications frequently send and receive data through the network card, the network card can only process them one by one. When the network card is too busy, the data needs to be queued, that is, put into the buffer.

Note: The size of the TCP segment cannot exceed the buffer size.

How does the TCP protocol ensure the order of data?

Answer:

Big data is unpacked into multiple fragments, which can be sent in order. However, due to the complex network environment, it cannot be guaranteed that they will arrive in order. To solve this problem, each fragment is numbered with a Sequence Number, and the data is sorted by Seq when it is received.

Note: seq is the cumulative number of bytes sent

How does TCP protocol solve packet loss?

Answer: Packet loss needs to be resent. The key is how to determine whether there is packet loss!

For each data packet, the receiver will send a response to the sender. When each TCP segment is sent, the amount of data that the receiver has received is indicated by the Acknowledgement Number (abbreviated ACK).

Note: ack is the cumulative number of received bytes, indicating that all packets before this packet have been received.

What is MSS?

Answer: MSS stands for Maximum Segment Size. It is an option in the TCP Header that controls the size of the TCP segment. It cannot be determined by one party alone but requires negotiation between both parties.

How does the TCP protocol control traffic transmission speed?

Answer: Simply put, through sliding windows. The size of the send and receive windows can be used to control the flow rate of the TCP protocol. The larger the window, the more data can be sent and received at the same time, and the higher the throughput. However, the larger the window, the greater the loss if data errors occur, because more data needs to be retransmitted.

Each TCP request must have a response. If a request does not receive a response, the sender will think that there is a failure in the transmission and will trigger a retransmission. In order to improve throughput, if a TCP segment does not receive a response, the next segment can be sent.

The window area contains two types of data: sent but not confirmed, and not sent (to be sent)
If the packet with the smallest sequence number in the window receives an ACK, the window will slide to the right.
The size of the sliding window may change, and the latest value needs to be obtained from the ACK data packet in real time.
If the packet with the smallest sequence number does not receive an ACK for a long time, it will trigger the retransmission of data in the entire window.

What is the difference between HTTP 1.0, 1.1 and HTTP 2.0?

Answer:

1. HTTP 1.0

The default is a short connection. Each time you interact with the server, you need to open a new connection.

2. HTTP 1.1

The default persistent connection is to establish a connection once and multiple requests will be completed by this connection.

3. HTTP 2.0

Binary framing: A binary framing layer is added between the application layer and the transport layer, which divides all transmitted information into smaller messages and frames and encodes them in binary format. This reduces the pressure on the server, occupies less memory, and increases the connection throughput.
Multiplexing: Allows multiple request-response messages to be sent simultaneously over a single HTTP/2.0 connection.
Header compression: The Hpack header compression algorithm is used to compress the header to reduce repeated sending.
Server push: The server actively pushes some resources to the browser and caches them.

What is the difference between HTTP and HTTPS?

Answer: HTTPS = HTTP + SSL/TLS

HTTP uses plain text communication; port 80

HTTPS adds the SSL/TLS protocol to HTTP. SSL/TLS relies on certificates to verify the identity of the server and encrypt the communication between the browser and the server. Port 443

Why is the HTTP protocol designed to be stateless?

Answer: HTTP is a stateless protocol. Each request is executed independently, request/response. The important reason for this design is to reduce the complexity of architecture design. After all, once the server has a state, expansion, reduction, and routing will be restricted. The stateless protocol does not require the server to retain each user's information during multiple requests.

But, you may ask, what if there is a business that requires login? The HTTP protocol provides an extension mechanism. Cookies are added to the header and stored on the client. They are automatically carried with each request, using a space-for-time mechanism to satisfy the association between upper and lower requests. Although some network bandwidth is wasted, the complexity is reduced. Of course, in order to reduce the network burden, the browser will limit the size of cookies. The restriction standards of different browsers are slightly different. For example, Chrome 10 limits a maximum of 180 cookies, and the size of each cookie cannot exceed 4096 bytes.

What is the HTTPS access process?

Answer:

The client initiates an HTTP request to tell the server which hash algorithms it supports.
The server returns its information to the client in the form of a digital certificate (the public key is in the certificate and the private key is held by the server).
After receiving the response from the server, the client will first verify the legitimacy of the certificate (whether the address contained in the certificate is consistent with the address being accessed, and whether the certificate is expired)
If the certificate is verified, a random symmetric key is generated and encrypted with the certificate's public key.
The client sends the encrypted key of the certificate public key to the server
The server uses the private key to decrypt, and after decryption, it obtains the client's key
Then, the client and server rely on the key to complete plaintext encryption, secure communication, and symmetric decryption

What is the difference between symmetric and asymmetric encryption?

Answer:

Symmetric encryption. Encryption and decryption use the same key. Fast. Commonly used ones include: AES, DES
Asymmetric encryption. Public key and private key appear in pairs, the public key encrypts data, and the private key decrypts data. Commonly used ones include: RSA, DSS