Important Interview Knowledge Points of Computer Network

---

Supplement: Commonly used port numbers understand:

(1) http 80 https 443 ftp 21 telnet 23 tomcat 8080 mysql 3306
(2) Basic difference between http get/post:

(1)
UDP characteristics of the transport layer :
1. Based on the IP protocol: multiplexing and demultiplexing. Simple error checking can be achieved.
2. Do your best to deliver: it may be lost and not reached on demand.
3. No connection: The sender and receiver do not need to shake hands, and the processing of each UDP segment is independent of other segments.

Why does UDP exist (meaning):
1. No need to connect, reduce delay.
2. Simple implementation, no need to maintain connection status.
3. The header overhead is small, only 8 bytes.
4. No congestion control: The application can better control the sending time and rate, but if TCP is congested, it will automatically adjust the speed, so it is not easy to control. Therefore, for applications that need to control the sending rate, it is better to use UDP.

Applications: DNS, SNMP, streaming media applications
(still available)

Header field:
1. Source port: 2 bytes
2. Destination port (dest port): 2 bytes
3. Length: the overall length of the UDP segment, including the header, occupying 2 bytes
4. Checksum Field: 2 bytes

UDP checksum: checksum field function:
(1) sender: treat the content of the segment as a 16-bit certificate, perform checksum calculation, reverse the bit by bit, and put it into the checksum field.
(2) Receiver: Calculate the received checksum and compare it with the checksum field. If it does not wait, it proves wrong. If they are equal, no error is detected, but there may still be errors. For example, if two bits are flipped at the same time, it cannot be detected.

The key TCP of the entire network:
1. Features
2. Each field of the header

Sequence number: refers to the number of the first byte of the segment, not the number of the segment. When establishing a TCP link, both parties randomly select a sequence number.

ACKs:
The sequence number of the next byte that you want to receive.
Accumulative confirmation: (much like GBN) 3.
TCP reliable data transmission
. It should be noted here that the timeout setting is obtained by statistical methods.

Above left: If the ACK is not received within the timeout time, it will retransmit.
The right of the above figure: the timeout setting is short, and it is retransmitted before receiving the ACK. At this time, after the retransmission, the original late ACKs are successively received, and the value of the ACK returned after the retransmission is finally received, because it is accumulated Acknowledgement mechanism, so the ACK value is the maximum value received at this time, which is 120.

However, the above situation will cause problems due to the accumulation mechanism.

TCP connection control three-way handshake, four waved hands, simultaneous open, simultaneous close, and half-close

Reference link: https://blog.csdn.net/smileiam/article/details/78226816 (three handshake, four waves)
①Three handshake: https://mp.weixin.qq.com/s/mhIaC-Eyk5XCPH_rfrE- wg

② Waves four times:

③Half-open connection: After the two parties are connected, one of them suddenly loses power without sending FIN to the other side, so the other side is connected alone. This situation is called a half-open connection.
④ Open at the same time: (it becomes a four-way handshake) It is
simply understood that A sends a SYN packet to B to request to establish a connection, but before A's packet reaches B, B sends a SYN packet to A to request to establish a connection. Then both parties will return an ACK packet to the other party. At this time, a four-way handshake is performed (this is rarely the case).

⑤ Simultaneous closing: The
principle of simultaneous closing is similar to that of simultaneous opening, and both parties request to close at the same time.

⑥Half closed:
Simply understand that A sends a FIN end request to B, and B agrees and returns ACK. But B did not send FIN to A, because B may still send a message, or A still wants to receive a message from B. The state at this time is half closed.

The difference between half-open and half-close: half-open means that after the two parties establish a connection, an abnormal power failure occurs in one section, and the other end does not know it, and it is in a half-open state at this time. For a half-close, one end sends a request to tell the other segment to close, and the other end does not send a fin request to close, at this time it is called a half-close.

TCP guarantees reliable transmission. Summary
1. Application data is divided into data blocks that TCP considers the most suitable for sending.
2. TCP numbers each packet sent, and the receiver sorts the data packets and transmits the ordered data to the application layer 3.
3. Checksum: TCP will keep the checksum of its header and data. This is an end-to-end checksum, the purpose of which is to detect any changes in data during transmission. If there is an error in the checksum of the received segment, TCP will discard the segment and not acknowledge the receipt of this segment.
4. The receiving end of TCP discards duplicate data.
5. Flow control: Each party of the TCP connection has a fixed size buffer space, and the receiving end of the TCP only allows the sending end to send the data that the receiving end buffer can accept. When the receiver is too late to process the sender's data, it can prompt the sender to reduce the sending rate to prevent packet loss. The flow control protocol used by TCP is a variable-size sliding window protocol. (TCP uses a sliding window to achieve flow control, and the flow control is aimed at the computers of the two endpoints)
6. Congestion control: When the network is congested, it reduces the amount of data sent. (Congestion control is for the network)
7. The stop-waiting protocol is also to achieve reliable transmission. Its basic principle is to stop sending every time a packet is sent, and wait for the other party to confirm. After receiving the confirmation, send the next packet. Timeout retransmission: When TCP sends a segment, it starts a timer and waits for the destination to confirm receipt of this segment. If an acknowledgment cannot be received in time, the segment will be resent.

Stop waiting for the protocol
①Continuous ARQ protocol (send several consecutively, and then the receiver returns the last packet received in succession)
②Automatic retransmission request ARQ protocol (send one confirmation and one)

Flow control
① TCP uses a sliding window to achieve flow control.
②Flow control is to control the sending rate of the sender and ensure that the receiver has time to receive.
③The window field in the confirmation message sent by the receiver can be used to control the window size of the sender, thereby affecting the sending rate of the sender. If the window field is set to 0, the sender cannot send data.

Congestion control
① In order to control congestion, the TCP sender must maintain a congestion window (cwnd) state variable. The size of the congestion control window depends on the degree of network congestion and changes dynamically. The sender makes its sending window the smaller of the congestion window and the receiver's acceptance window.
②Slow start (only the initial value is 1, and the later growth is relatively fast): Because the sending speed is too slow, the exponential growth stage is used in the early stage.
③ Congestion avoidance: When the exponential growth reaches a slow start threshold (ssthresh), when this threshold is reached, slow start is ended, congestion avoidance is entered, and linear growth is started.
Even if congestion avoidance is used, MAX will always be reached. When max is reached, the threshold is halved, and the congestion window N=1 is set, and then slow start and congestion avoidance are started.

Let's first look at how TCP determines that the network has entered a congested state. TCP believes that the main basis for network congestion is that it retransmits a message segment. As mentioned above, TCP has a timer for each segment, called the retransmission timer (RTO). When the RTO expires and the data has not yet been confirmed, then TCP will retransmit the segment. When a timeout occurs, then the possibility of congestion is very high. A certain segment may be lost somewhere in the network, and there is no message in the subsequent segment. In this case, the TCP response is relatively " Strong":
1. Reduce ssthresh to half the value of cwnd
2. Reset cwnd to 1
3. Re-enter the slow start process.

④Fast retransmission: When the receiver does not receive a packet (or receives out-of-sequence packets, it means that a certain packet is lost), the receiver uses the fast retransmission mechanism to send three consecutive ACK packets (expected to receive The last sequence number of the package), tell the sender that the package has not been received yet.
Fast retransmission mechanism: 1, 2, 3 are sent, but the ACK received every time is displayed as 1. If the repeated ACK reaches 3 times, then 1 is retransmitted, indicating that 1 is not received.
(1) When sending: using pipeline to send, multiple packets can be sent continuously.
(2) When receiving: The cumulative receiving mechanism is adopted, which is more like the GBN mechanism.

The fast retransmission is for the receiver. After the fast retransmission is triggered, the fast recovery is triggered immediately, and the fast recovery is for the sender.

⑤Quick recovery: At this time, the threshold will be set to half of MAX, but at this time (congestion) is not set to 1, making ssthresh equal to half of cwnd, and then making cwnd equal to ssthresh, so that the starting point is already very high, and then Use linear growth.
TCP timeout retransmission mechanism: four timers
(1) Retransmission timer: (Simply understood as, in the timer, if you do not return ACK, then I will retransmit, the retransmission time is 2RTT)
Retransmission timer: for Control the lost segment or the discarded segment, that is, the waiting time for the segment confirmation. When TCP sends a message segment, it creates a retransmission timer for this particular message segment. Two situations may occur: if the confirmation of the message segment is received before the timer expires, the timer is cancelled; if it is receiving When the timer expires before the confirmation of the specific message segment, the message is retransmitted and the timer is reset;
(2) Persistent timer: persistent timer (specially set up to deal with zero window notifications, that is, when the receiver is When the window is 0, then I will send you a probe report every time to see if you have space. The timer doubles every time, and when it reaches 60S, it will not increase again.) 0
When the sender receives a zero window When the persistence timer is confirmed, the persistence timer is started. When the persistence timer expires, the sender TCP sends a special segment called the probe segment. This segment has only one byte of data. The probe segment has a serial number, but the serial number never needs to be confirmed, and even the serial number is ignored when calculating the confirmation of other parts of the data. The probe message segment reminds the receiving end TCP that the confirmation has been lost and must be retransmitted.
The deadline of the persistence timer is set to the value of the retransmission time, but if no response from the receiver is received, another probe segment is sent, and the value of the persistence timer is doubled and reset, and the sender continues Send the probe message segment, double and reset the persistence timer value until the value increases to the threshold (usually 60 seconds). After that, the sender will send a segment every 60s until the window is reopened;
(3) Keep-alive timer: keeplive timer (the receiver sends detection reports to the sender one after another within 2 hours to see if the sender has any data to transmit. If the sender's information is not received after 2 hours, then take the initiative Disconnect.)
Whenever the server receives information from the client, it resets the keeplive timer. The timeout is usually set to 2 hours. If the server has not received the information from the client for more than 2 hours, it will send a probe segment. If 10 probe segments (one sent every 75 seconds) have not received a response, the connection is terminated.
(4) Time waiting timer: Time_Wait Timer (that is, after the party closes the connection, there will be a transition time, during the transition time, if the FIN segment is received again, it can be directly discarded) It is used
during the connection termination period, when the TCP is closed When connecting, it is not considered that the connection is really closed. During the time waiting period, the connection is still in an intermediate state. In this way, the repeated fin segment is discarded when it reaches the end. The value of this timer is usually set to twice the expected lifetime of a segment segment.

Third, the network layer
1. Master the IP header format: such as 16-bit fragmentation identification, DF non-fragmentation identification, MF more fragmentation identification, 13-bit fragment offset, 8-bit time-to-live TTL, 16-bit header checksum, etc.
( 1) 16-bit fragment identification: IP software maintains a counter in the memory, and each time a datagram is generated, the counter is incremented by 1, and this value is assigned to the identification field. But this "identification" is not a sequence number, because IP is a connectionless service, and there is no problem of sequential reception of datagrams. When a datagram must be fragmented because its length exceeds the MTU of the network, the value of this identification field is copied to the identification field of all datagrams. The value of the same identification field enables each datagram after fragmentation to be finally reassembled into the original datagram correctly.
(2) The flag occupies 3 bits, but currently only 2 bits are meaningful.
● The lowest bit in the flag field is marked as MF (More Fragment). MF=1 means that there are "fragmented" datagrams behind. MF=0 means this is the last of several datagram fragments.
● The one bit in the middle of the flag field is marked as DF (Don't Fragment), which means "cannot be fragmented". Fragmentation is allowed only when DF=0, so DF=1 that cannot be fragmented.
(3) The chip offset occupies 13 bits. The slice offset indicates the relative position of a slice in the original group after the longer group is sliced. That is, relative to the beginning of the user data field, where does the slice start. The chip offset uses 8 bytes as the offset unit. This means that the length of each fragment must be an integer multiple of 8 bytes (64 bits).
(4) The survival time occupies 8 bits. The commonly used English abbreviation for the survival time field is TTL (Time To Live), which indicates the lifetime of the datagram in the network. This field is set by the source of the datagram. Its purpose is to prevent undeliverable datagrams from going around the Internet indefinitely, thus consuming network resources in vain. The original design uses seconds as the unit of TTL. Every time it passes through a router, the TTL is subtracted from the period of time the datagram is consumed by the router. If the time consumed by the datagram on the router is less than 1 second, the TTL value is reduced by 1. When the TTL value is 0, the datagram is discarded.
(5) The protocol occupies 8 bits, and the protocol field indicates which protocol is used for the data carried in this datagram, so that the IP layer of the destination host knows which processing procedure should be handed over the data part.
(6) The first inspection sum accounted for 16 places. This field only checks the header of the datagram, but does not include the data part. This is because every time a datagram passes through a router, the router must recalculate the header checksum (some fields, such as time to live, flags, slice offset, etc., may change). Not checking the data part can reduce the workload of calculation.

2. IP fragmentation, IP routing
(1) IP fragmentation: MTU (Maximum Transmission Unit)
MTU has been mentioned before, it is a limitation of the data frame of the network in the link layer, still taking Ethernet as an example, The MTU is 1500 bytes. An IP datagram is transmitted in the Ethernet. If its length is greater than the MTU value, it must be transmitted in fragments so that the length of each datagram is less than the MTU. IP datagrams transmitted in fragments do not necessarily arrive in order, but the information in the IP header allows these datagram fragments to be assembled in order. The fragmentation and reassembly of IP datagrams is done at the network layer.
Summary: UDP will not be segmented, it will be divided by IP. TCP will be segmented, of course, IP will not be used for segmentation!
(2) IP routing: summarized into three points. One, look up the host address first. Second, if the host address is not found, look for the network address again. Third, if the network address is not found, it will follow the default route.

3. ICMP protocol: mainly master the message format.
Messages are divided into 2 types of query messages + 5 types of error messages
(0) What is ICMP: https://blog.csdn.net/u011784495/article/details/71743516
( 1) Why do I need ICMP?
Because the IP protocol does not provide reliability and cannot guarantee the delivery of information, it is important to notify the sender when a problem occurs. (The IP protocol is an unreliable protocol and cannot perform error control. However, the IP protocol can use other protocols to achieve this function, such as ICMP)
(2) There are 5 types of ICMP error report messages:
1. The destination is unreachable: End point unreachable is divided into six cases: network unreachable, host unreachable, protocol unreachable, port unreachable, fragmentation is required but the DF bit is set to 1, and source routing failure. The code field is set to 0 to 5. When the above six situations occur, a destination unreachable message is sent to the source station.
Description:
Port unreachable: One of the UDP rules is: if a UDP datagram is received and the destination port does not match a certain process in use, then UDP returns an ICMP unreachable message.
2. Source station suppression: When a router or host discards a datagram due to congestion, it sends a source station suppression message to the source station, so that the source station knows that it should slow down the sending rate of the datagram.
3. Time exceeded: When the router receives a datagram with a lifetime of zero, it will not only discard the datagram, but also send a time-exceeded packet to the source station. When the destination station cannot receive all the datagram fragments of a datagram within the predetermined time, it discards all the datagram fragments that have been received, and sends the time-exceeding packet to the source station.
4. Parameter problem: When the value of the field in the header of the datagram received by the router or the destination host is incorrect, the datagram is discarded and a parameter problem message is sent to the source station.
5. Change route (redirect) The router sends the change route message to the host to let the host know that it should send the datagram to another router next time.

4. ICMP query message: PING, traceroute (do not know whether it is correct or not)

4. Data link layer
1. Ethernet frame
First, there are two formats of Ethernet frame: IEEE802.3 frame format and Ethernet_II frame format. At present, the second format is mostly used.
The datagram passed down from the network layer is added with a frame header and a frame tail at the data link layer to form a data frame.

Frame transmission method:

The MAC address is 48 bits, and the first 24 bits represent the vendor code, which is managed and assigned by IEEE. The remaining 24-bit serial number is assigned by the manufacturer.

Frames on the local area network can be sent in three ways.
Note the sending method: The following discussion is the destination MAC address. The last bit of the first byte is 0, 1, and all bytes are f. Happening. The destination address is written by the sender.
1. Unicast:
2. Broadcast
3. Multicast

If the destination MAC address is the local MAC address, the frame is accepted, the frame check sequence (FCS) field is checked, and the value calculated by the local machine is compared to determine whether the frame maintains integrity during transmission. If the FCS value of the frame is different from that calculated by the machine, the frame will be discarded. If the frame passes the FCS check, the host will determine which protocol the frame is sent to the upper layer (or this layer) according to the Type field in the frame header.

2. The concept of MTU
Ethernet and 802.3 have a limit on the length of data frames, and the maximum values ​​are 1 500 and 1492 bytes respectively. This characteristic of the link layer is called MTU, the maximum transmission unit. Most different types of networks have an upper limit.
If the IP layer has a datagram to be transmitted, and the length of the data is larger than the MTU of the link layer, then the IP layer needs to perform fragmentation to divide the datagram into several pieces, so that each piece is smaller than the MTU.

Expansion:

3. ARP and RARP: mainly the principle of message and ARP query
(Address Resolution Protocol ARP and Reverse Address Resolution Protocol RARP)
https://blog.csdn.net/zln99/article/details/51050472 (this website explains Hate thoroughly)
1. Message:

2. ARP query principle:
3. RARP introduction:

5. Application layer
1. DNS: DNS name space, DNS pointer query (reverse lookup or reverse analysis) principle, DNS cache. https://blog.csdn.net/gavin_john/article/details/53264549 (recommended URL)
(1) Namespace: (remember a few keywords: root domain, top-level domain, second-level domain, subdomain, hostname )

1. DNS pointer query

Forward lookup (domain name→IP address)

reverse lookup (IP→domain name) (the following is the meaning and function) 2. DNS
caching:
If you have to go through the entire process described above for each DNS resolution, it will consume network bandwidth And time delay, which is unfriendly to users and DNS resolution systems.

Therefore, when the local DNS server completes a query, it will cache the obtained host name to IP address mapping locally, thereby speeding up DNS resolution. In fact, most of the resolution of your visit is done on the local server.

Since the mapping between host names and IP addresses is not permanent, the DNS server will discard the cached information after a period of time, usually two days.

2. Understand FTP: control flow and data flow, two working modes: PASV and PORT, resumable upload, anonymous FTP
1. Control flow and data flow:
2. Two working modes: https://blog.csdn. net/ygqygq2/article/details/53264916 (very thorough)

(3) Resume uploading after a breakpoint https://www.cnblogs.com/duanxz/p/5127105.html
(4) Anonymous FTP

(5) How to know the end of FTP transfer of a file?
As mentioned earlier, the general transmission method is the streaming method, and the end of the file is marked by closing the data connection, which means that a new data connection must be established for each file transmission or directory listing, and when the file ends , The data connection is also disconnected.

3. HTTP: 1. Message format: various fields in the header of the request message and response message
https://www.cnblogs.com/biyeymyhjob/archive/2012/07/28/2612910.html (speaking Very thorough)

Supplement: The HTTP handshake process is actually the handshake process of ordinary TCP reliable communication (three handshake, four waves), but HTTP is a clear text transmission, so it is insecure, and HTTPS adds the SSL protocol to HTTP , Formally solve a problem of security.

4. You can learn about HTTPS: detailed handshake process, digest algorithm, digital signature, principle and process of digital certificate https://www.zhihu.com/question/52493697 (Look at Liu Zhijun's, very good)

(1) HTTPS handshake process: https://blog.csdn.net/cout__waht/article/details/80859369 (compare the handshake process of HTTP and HTTPS, note that HTTPS is done at the transport layer)

Abstract algorithm: simple memory is any The length text is changed to a fixed length text to facilitate the judgment of whether the original text has been modified.

Digital signature: Digital signature uses the server's private key and public key to ensure that the transmission content is OK.

Of the principles and processes ----- digital certificate digital certificate is to ensure that the correct public key servers
[I understand] the digital certificate is equivalent to a third-party organization, sent me to worry about the server's public key has been replaced

Why have non Symmetric encryption, still need symmetric encryption?
Answer: Although asymmetric encryption is more secure than symmetric encryption, the efficiency of asymmetric encryption is not as high as that of symmetric encryption. Therefore, in the HTTps request,
non-stacked encryption is used at the beginning of the handshake, and symmetric encryption is still used when transmitting information later. In order to improve efficiency.

The principle of HASH?
https://blog.csdn.net/qq_38936579/article/details/81486670 The
common hash method is the open chain method, which is the principle of hashtable. Note that when expanding the capacity, double the original capacity and require rehash.
Why does JDK8 hashMap switch to a red-black tree when the number of bucket nodes is 8-简书
Now to improve the efficiency of hashmap, when the number of nodes in the bucket exceeds 8, the original linked list is converted to a red-black tree.
Why is there such a state as Time_wait?

Why does the client have to wait for the 2MSL time in the timewait state?
(MSL is the longest time for the packet to be transmitted on the network)
Answer:
In order to ensure that the last ACK segment sent by the client can reach the server. This ACK segment may be lost, so that the server in the LAST-ACK state cannot receive the confirmation. The server will retransmit the FIN+ACK segment over time, and the client can receive the retransmitted FIN+ACK segment within 2MSL, and then the client will retransmit an acknowledgment and restart the timer. Preferably, both the client and server enter the CLOSED state normally. If the client does not wait for a period of time in the TIME-WAIT state, but releases the connection immediately after sending the ACK message, it will not be able to receive the FIN+ACK message segment retransmitted by the server, so it will not send another confirmation Message. In this way, the server cannot enter the CLOSED state according to the normal procedure. (That is, in the first MSL, if the ACK packet cannot be delivered, the server will immediately send another fin packet. At this time, before the end of the second MSL, if the client receives the fin packet, it can send an ack and Start timewait again, if the fin packet is not received after the second MSL ends, it means that the ACK has been sent successfully.)
Prevent invalid connection request segments from appearing in this connection. After the client finishes sending the last ACK message segment, and the time 2MSL elapses, all the message segments generated during the duration of the connection can disappear from the network. In this way, the old connection request message segment will not appear in the next new connection.

The harm caused by timewait?
1. There will be a large number of connections on the server in the TIME_WAIT state.

What is a long connection and what is a short connection?