|
[[355117]] This article is reprinted from the WeChat public account "Sneak Forward", author cscw. Please contact the WeChat public account "Sneak Forward" to reprint this article. Preface I recently chatted with a classmate who wanted to change jobs, and then went to interview at a large company. At that time, he wrote on his resume that he was proficient in TCP/IP. He thought that since he had a little knowledge of TCP protocol, the interviewer would not ask in-depth questions, so he wrote the word "proficient". Opening My friend arranged an interview at 10:30, and arrived 10 minutes early. Then he sat quietly on the sofa waiting, and recalled the materials he had read before. When it was almost 10:30, a tall and thin man in a plaid shirt pushed open the door and walked in, saying "Hello, let's start the interview!" My friend smiled politely and said "OK" Interviewer: I see from your resume that you are proficient in TCP and IP. Let’s discuss the network model and TCP and IP protocols. Tell me about your understanding first. - Friend (Why did you ask about TCP right away? That’s unconventional. Shouldn’t you ask about Java basics? But I’m fine with the regular questions)
- Friend: The network model is generally divided into seven layers: application layer, presentation layer, session layer, transport layer, network layer, data link layer, and physical layer. The application layer protocols include HTTP, FTP, and SMTP, while TCP belongs to the transport layer and IP protocol belongs to the network layer.
- Friend: The TCP/IP network model is layered from top to bottom, with each layer corresponding to different protocol analysis. Let me draw a picture.
Interviewer: Looking at the diagram you drew, TCP has its own header structure. What are the fields? It would be best to explain their functions. - Friend (What the hell! How can I remember this when I use Baidu Dictionary? Wait, I think I saw it last night, I have an impression)
- Friend: Continue to draw a picture, more intuitive
- Friend: The TCP header structure starts with the 16-bit source port number and destination port number, followed by the 32-bit sequence number and confirmation number. Below that is the 4-bit header length, 6-bit reserved bits, and 6-bit flag bits.
- Friends: The 16-bit attributes include the window size (controlling the send window), the checksum (checking whether the data segment has not been modified) and the urgent pointer. Finally, there are options, whose length is determined by the header length.
- Friend: Let me explain the sequence number in detail. It is a digital number of the TCP segment. To ensure a reliable TCP connection, each data segment sent must be added with a sequence number. When establishing a connection, both ends will randomly generate an initial sequence number. The confirmation number is used in conjunction with the sequence number. When responding to a request, a confirmation number is returned, and its value is equal to the other party's request sequence number plus 1.
- Friend: The 6 flags are: URG: This is an urgent message, ACK: reply message, PSH: The buffer is not full, RST: Reset connection, SYN: Establish connection message flag, FIN: Connection closing notification message
- Friend: The window size is the size of the sliding window used by the receiver to control the sender.
Interviewer: What is the difference between TCP and UDP? - Friend (relieved)
- Friends: 1) Connection: TCP is connection-oriented. UDP is connectionless and does not require a connection to be established before sending data.
- Friends: 2) Security: TCP provides reliable services, ensuring that the transmitted data is error-free, not lost, not duplicated, and arrives in order. UDP makes the best effort to deliver, but does not guarantee reliable delivery.
- Friends: 3) Transmission efficiency: TCP transmission efficiency is relatively low, UDP transmission efficiency is high
Interviewer: You just said TCP is a reliable connection. How is it implemented? - Friends: TCP connection is based on three handshakes, while disconnection is based on four handshakes.
- Friend: In order to ensure that data is not lost or erroneous (reliability), it has mechanisms such as message verification, ACK response, timeout retransmission (sender), out-of-order data retransmission (receiver), discarding duplicate data, flow control (sliding window) and congestion control
Interviewer: Can you explain the three-way handshake and four-way wave mechanism in detail? - Friends (Again, a regular question, let me share my thoughts)
- Friend: TCP is a reliable two-way channel, so it requires three handshakes and four waves. Let me draw a picture.
- Three-way handshake
- Four waves
- Friend: Let me answer this in advance. When closing a connection, you need to wave your hands four times, one more than when establishing it. This is because the passive closing end may have data that has not been sent out. It cannot be like a handshake. The second handshake is both an initiating handshake and a responding handshake.
Interviewer: What would be the problem if there is no three-way handshake? - Friend: If there are only two handshakes, the client will not ACK the server's SYN after sending the connection request.
- Friend: At this time, if the client determines that the connection establishment fails due to its own reasons, it may repeatedly establish TCP connections, but the server will think that the TCP connections discarded by the client are still valid, which will waste resources in vain.
Interviewer: What is the difference between TIME_WAIT and CLOSE_WAIT? - Friends: CLOSE_WAIT is a passive closure; when the other party closes the socket and sends a FIN message, it enters the CLOSE_WAIT state after responding to ACK. Then it checks whether there is any untransmitted data. If not, it initiates a third handshake, sends a FIN message to the other party, enters the LAST_ACK state and waits for the other party's ACK message to arrive.
- Friends: TIME_WAIT is formed by actively closing the connection; when in the FIN_WAIT_2 state, it enters the TIME_WAIT state after receiving the other party's FIN message; then waits for two MSLs (Maximum Segment Lifetime: the maximum survival time of the message)
Interviewer: What is the function of TIME_WAIT? And why does the state time have to be maintained for two MSLs? - Friend (This is too deep a question, bro. Luckily I secretly took extra classes yesterday)
- Friends: 1) The purpose of TIME_WAIT is to ensure that the ACK message of the last wave can be delivered to the other party. If the ACK is lost, the other party will time out and retransmit the FIN, and the active closing end will respond with ACK again; if there is no TIME_WAIT state, it will be closed directly, and the retransmitted FIN message of the other party will be responded with a RST message, and this RST will be interpreted as an error by the passive closing end
- Friends: 2) There are two connections, the first connection is closed normally, and the second identical connection is established immediately; if a lost message from the first connection arrives, it will interfere with the second connection, and waiting for two MSLs can make the message data of the last connection disappear on the network
Interviewer: You mentioned congestion control just now. How does the TCP protocol solve congestion? - Friend: The first method is slow start and congestion avoidance
- Friends: 1) Slow start, the TCP sender will maintain a congestion window (cwnd). The congestion window is initially 1 segment, and the window size doubles every RTT (the time from when the data is completely sent to when it is confirmed) (exponential growth, but slow in the early stage)
- Friend: 2) Congestion avoidance. The idea is to increase the congestion window cwnd slowly. After the sender's cwnd reaches the threshold ssthresh (the initial value is determined by the system), the congestion window is increased by one for each RTT instead of doubling (receiving two or four confirmations, both are cwnd+1). cwnd increases linearly (additive increase).
- Friend: (Draw a picture to help explain)
- Friend: If network congestion occurs, the congestion window threshold ssthresh is halved, cwnd is set to 1, and the slow start phase is re-entered.
Interviewer: What other methods are there for congestion control? - Friends: Fast retransmission and fast recovery
- Friend: 1) Fast retransmission means that when the receiver receives an out-of-order message, it immediately reports it to the sender and retransmits it quickly.
- Friend: If the receiver receives M1 but not M2, and then M3, M4, and M5 are sent, the receiver has sent three M1 confirmation messages to the sender. According to the fast retransmission rule, as long as the sender receives three consecutive duplicate confirmations, it will immediately retransmit M2 (the next message after the duplicate confirmation message) sent by the other party.
- Friend: 2) Get well soon
- Friend: When the sender receives three consecutive duplicate confirmations, ssthresh is halved; because the sender may think that the network is not congested now, unlike slow start, the cwnd value is set to the value after ssthresh is halved, and then the congestion avoidance algorithm is executed, and cwnd increases linearly
- Friend: (Another picture)
Interviewer: Do you know about sliding windows? How does the client and server control the sliding windows? - Friend: The receiving end puts the size of the buffer it can receive into the "window size" field in the TCP header and notifies the sending end through the ACK message. The sliding window is used by the receiving end to control the size of the data sent by the sending end, thereby achieving flow control.
- Friend: In fact, the upper limit of the sender's window is the minimum value of the congestion window and the sliding window.
Interviewer: Do you know the difference between sliding window and congestion window? - Friend: The similarities are that they both control packet loss, and the implementation mechanism is to make the sender send slower.
- Friends: The difference lies in the objects of control
- Friend: 1) The object of flow control is the receiver, because the sender is afraid that the sender will send too fast and the receiver will not have time to process it.
- Friend: 2) The object of congestion control is the network. The fear is that the sender sends too fast, causing network congestion, making it impossible for the network to handle it in time.
Interviewer: What do you think about TCP's packet sticking and unpacking? - Friend: The data size that the program needs to send is different from the MSS (Maximum Segment Size) that the TCP segment can send.
- Friends: When it is greater than MSS, the program data needs to be split into multiple TCP segments, which is called unpacking; when it is less than MSS, multiple program data will be considered to be merged into one TCP segment, which is called sticky packet; MSS = TCP segment length - TCP header length
- Friend: At the IP protocol layer, link layer, or physical layer, there are packet unpacking and packet sticking phenomena.
Interviewer: What are the solutions to the problems of sticking and unpacking? - Friends: 1) Add special characters to the end of the data for segmentation
- Friends: 2) Set the data to a fixed size
- Friend: 3) Divide the data into two parts, one is the header and the other is the content body; the header structure has a fixed size and there is a field that declares the size of the content body
Interviewer: Do you know about SYN Flood? - Friend: SYN Flood forges SYN messages to initiate a connection to the server. After receiving the message, the server responds with SYN_ACK. After this response is sent, no ACK message is received, resulting in a half-connection.
- Friend: If the attacker sends a large number of such messages, a large number of half-connections will appear on the attacked host, exhausting its resources and making it impossible for normal users to access the host until the half-connection times out.
Interviewer: You have a good grasp of TCP. Now let me ask you about HTTP. Do you know what steps a program generally goes through for an HTTP request? - Friend: 1) Resolve the domain name -> 2) Initiate a TCP three-way handshake to establish a connection -> 3) Initiate an HTTP request based on TCP -> 4) The server responds to the HTTP request and returns data -> 5) The client parses the returned data
Interviewer: What are the response status codes in HTTP? List a few that you are familiar with. - Friends: There are probably the following types
- 200: indicates a successful normal request
- 400: semantic error, usually the request format is incorrect
- 401: User authentication permission is required, usually the certificate token fails authentication
- 403: Service Denied
- 404: Resource does not exist
- 500: Server Error
- 503: Server is temporarily under maintenance, overloaded; recoverable
Interviewer: Good. Let me ask you again. What is the difference between session and cookie? - Friends: 1) The storage location is different. Cookies are data stored on the client; session data is stored on the server
- Friends: 2) Storage capacity is different. A single cookie stores small data. A site can store up to 20 cookies. There is no upper limit for sessions.
- Friends: 3) The storage method is different. Cookies can only store ASCII strings; sessions can store any type of data.
- Friend: 4) Privacy policies are different. Cookies are visible to the client; sessions are stored on the server and are transparent to the client.
- Friends: 5) The validity period is different. Cookies can exist for a long time; session depends on the cookie named JSESSIONID, and the expiration time defaults to -1. The session will become invalid as long as the window is closed.
- Friends: 6) Different in cross-domain support, cookies support cross-domain access; sessions do not support cross-domain access
Interviewer: Good. Do you know what HTTP chunked transfer is? - Friends: Chunked transmission is a transmission mechanism of HTTP that allows the data sent by the server to the client to be divided into multiple parts. This protocol is provided in HTTP/1.1
Interviewer: What are the benefits of HTTP chunked transmission? - Friends: HTTP chunked transfer encoding allows servers to maintain HTTP persistent connections for dynamically generated content
- Friends: Chunked transfer encoding allows the server to send header fields at the end of the message. This is very important for situations where the value of the header field cannot be known before the content is generated, such as when the content of the message is signed using a hash.
- Friend: HTTP servers sometimes use compression (gzip or deflate) to reduce the time it takes to transfer. Chunked transfer encoding can be used to separate multiple parts of a compressed object. In this case, the chunks are not compressed separately, but the entire payload is compressed. Chunked encoding is useful for sending data while compressing it
Interviewer: How do you understand HTTP long connection? - Friend: A long connection means that after the client and the service establish a TCP connection, the connection between them will continue to exist and will not be closed after one HTTP request. Subsequent requests will also use this connection.
- Friends: Long connections can save the TCP establishment and closing operations. Long connections are suitable for clients with frequent requests, but be careful that malicious long connections may cause service damage (recommended for use between internal services)
Interviewer: Is HTTP secure? How to achieve secure HTTP protocol transmission? - Friend: It is not safe. The data transmitted by HTTP is in plain text and can be easily intercepted by a third party. To transmit data securely, you can use the HTTPS protocol, an upgraded version of HTTP.
Interviewer: What is the difference between HTTPS and HTTP? How do you understand it? - Friends: 1) The HTTP protocol connection is stateless and transmits plain text
- Friends: 2) HTTPS is a network protocol built by SSL/TLS+HTTP protocol with encrypted transmission and identity authentication
Interviewer: What is SSL/TLS? How is the security of HTTPS achieved? - Friends: SSL (Secure Socket Layer) is a protocol encryption layer based on HTTPS to ensure data privacy. TLS (Transport Layer Security) is an upgraded version of SSL
- Friends: https adds a layer of security authentication and encryption layer TLS or SSL on the basis of http. It will first pass the CA certificate authentication through the security layer to correctly obtain the public key of the server
- Friend: Then the client will confirm an encryption algorithm with the server through the public key, and the subsequent data can be encrypted using this encryption algorithm.
|
