This article will take you through the computer network (Part 2)

The number of words in the article is about 12,000 words, and it takes about 40 minutes to read. It is recommended to bookmark and read slowly! ! !

1. IP protocol

1. The role of the IP protocol

   The main function of the network layer is to realize the communication between the host and the host, also called point-to-point (end to end) communication.

   The role of the IP protocol is mainly to transfer IP data packets between interconnected networks. There are two main functions, namely addressing and routing, and segmentation and reassembly. The maximum number of network segments passed) field (eight bits), which specifies how many routes the packet can pass before being discarded.

2. IPV4 and IPV6

   IPv4 addresses are 32 bits, which can provide about 4.2 billion addresses, but as early as 2011, IPv4 addresses have been allocated.

   IPv6 not only has more addresses that can be allocated, but also has many bright spots.

   • IPv6 can be automatically configured, even if there is no DHCP server, it can automatically assign IP addresses, which is really convenient to plug and play .
   • The length of the IPv6 packet header adopts 40a , the checksum of the packet header is removed, the header structure is simplified, the router load is reduced, and the transmission performance is greatly improved .
   • IPv6 has a network security function against falsified IP addresses and a function to prevent line eavesdropping, greatly improving security .

   Structure of an IPv6 address

   Similar to IPv4, IPv6 also identifies the type of IP address by the first few digits of the IP address.

   IPv6 addresses mainly include the following types of addresses:

   • Unicast address, used for one-to-one communication
   • Multicast address, used for one-to-many communication
   • Anycast address, used to communicate with the nearest node, the nearest node is determined by the routing protocol
   • no broadcast address

   IPv6 unicast address type

   For IPv6 addresses for one-to-one communication, there are mainly three types of unicast addresses, and the valid range of each type of address is different.

   • Unicast communication on the same link, without going through routers, you can use link-local unicast addresses , IPv4 does not have this type
   • Unicast communication in the intranet, you can use a unique local address , equivalent to IPv4 private IP
   • In the Internet communication, you can use the global unicast address , which is equivalent to the public IP of IPv4

   The first improvement of IPv6 compared to IPv4:

   • The header checksum field has been removed. Because both the data link layer and the transport layer will check, IPv6 directly cancels the IP check.
   • Removed fragmentation/reassembly related fields. Fragmentation and reassembly are time-consuming processes. IPv6 does not allow fragmentation and reassembly in intermediate routers. This operation can only be performed on the source and destination hosts, which will greatly increase the speed of router forwarding.
   • Cancel the option field. The options field is no longer part of the standard IP header, but it is not gone, but may appear in the IPv6 header at the location indicated by the "next header". Deleting this option field makes the IPv6 header a fixed-length 40byte .

3. How to solve the insufficient IPV4 address

   At present, there are mainly two ways:

   1. In fact, we usually surf the Internet, and the IP address of the computer is a private address. I cannot go out of the gateway. Our data is transferred through the gateway. This is actually the NAT protocol, which can be used to suspend the lack of IPV4 addresses.

   2. IPv6: As the next-generation Internet protocol to replace IPv4, it can realize 2 to the 128th power addresses. This order of magnitude, even if an IP address is assigned to every grain of sand on the earth, this protocol can fundamentally solve the problem of IPv4 addresses. The problem of not enough.

4. What is the difference between an IP address and a MAC address? What are their uses?

   To put it simply, the IP address is mainly used for network addressing, which is to roughly locate where you are, and the MAC address is the only symbol of identity. The only way to confirm whether this person is you is through the MAC address. The MAC address does not have the ability to find address function.

5. Common protocols at the network layer

   discuss	name	effect
   IP	internet protocol	The IP protocol not only defines the basic unit and format of data transmission, but also defines the delivery method and routing selection of datagrams.
   ICMP	Internet Control Message Protocol	ICMP is an "error detection and reporting mechanism". Its purpose is to allow us to detect the connection status of the network and ensure the accuracy of the connection. It is the working protocol of ping and traceroute
   RIP	Routing Information Protocol	Use "hop count" (ie metric) to measure the routing distance to the destination address
   IGMP	Internet Group Management Protocol	Used to realize multicast, broadcast and other communications

6. What is DNS and how it works

   DNS (Domain Name System, Domain Name System), a distributed database on the Internet that maps domain names and IP addresses to each other , enables users to access the Internet more conveniently, without having to remember the IP number string that can be directly read by the machine.

   The process of finally obtaining the IP address corresponding to the host name through the host name is called domain name resolution (or host name resolution).

   working principle

   Convert the host domain name to an ip address, which belongs to the application layer protocol and uses UDP transmission.

   Process: Summary: Browser cache, system cache, router cache, IPS server cache, root domain name server cache, top-level domain name server cache, main domain name server cache. 1. The query from the host to the local domain name server generally adopts recursive query. 2. The iterative query of the query from the local domain name server to the root domain name server.

   1. When the user enters a domain name, the browser first checks whether its own cache contains the IP address mapped to the domain name, and the resolution ends. 2) If there is no hit, check whether there is any parsed result in the operating system cache (such as Windows hosts), and the parsing ends. 3) If there is no hit, request local domain name server resolution (LDNS). 4) If the LDNS does not hit, it will directly jump to the root domain name server to request resolution. The root domain name server returns a primary domain name server address to LDNS. 5) At this time, LDNS sends a request to the gTLD (generic top-level domain) returned in the previous step, and the gTLD that accepts the request searches for and returns the address of the Name Server corresponding to the domain name 6) The Name Server finds the target ip according to the mapping table and returns it to LDNS
   2. LDNS caches the domain name and the corresponding ip, returns the result of resolution to the user, and the user caches it in the local system cache according to the TTL value, and the domain name resolution process ends here

7. What is the strategy of DNS load balancing

   When a website has enough users, if the resources requested each time are located on the same machine, the machine may crash at any time. The solution is to use DNS load balancing technology. Its principle is to configure multiple IP addresses for the same host name in the DNS server. When answering DNS queries, the DNS server will use the IP address recorded by the host in the DNS file for each query. Return different analysis results in order, guide the client's access to different machines, so that different clients can access different servers, so as to achieve the purpose of load balancing. For example, according to the load of each machine, the distance between the machine and the user geographic distance, etc.

8. Data link layer common protocols

   discuss	name	effect
   ARP	ARP	Obtain physical address based on IP address
   RARP	Reverse Address Translation Protocol	Obtain IP address based on physical address
   PPP	peer-to-peer protocol	It is mainly used to establish a point-to-point connection to send data through dial-up or leased line, making it a common solution for simple connection between various hosts, bridges and routers

9. ARP and RARP protocols

   RARP

   Summary: Reverse address translation protocol, network layer protocol, RARP and ARP work in the opposite way. RARP enables a host that only knows its own hardware address to know its IP address. RARP sends out the physical address to be reversed and expects its IP address back, and the reply includes the IP address from the RARP server that can provide the required information.

   Principle: (1) Each device on the network will have a unique hardware address, usually a MAC address assigned by the device manufacturer. The host reads the MAC address from the network card, and then sends a RARP request broadcast packet on the network, requesting the RARP server to reply the host's IP address.

   (2) The RARP server receives the RARP request packet, assigns it an IP address, and sends the RARP response to the host.

   (3) After receiving the RARP response, PC1 uses the obtained IP address for communication.

   ARP

   The ARP protocol at the network layer completes the mapping between IP addresses and physical addresses. First, each host will establish an ARP list in its own ARP buffer to represent the corresponding relationship between IP address and MAC address. When the source host needs to send a data packet to the destination host, it will first check whether there is a MAC address corresponding to the IP address in its ARP list: if there is, it will directly send the data packet to this MAC address; if not, it will Initiate an ARP request broadcast packet to the local network segment, and query the MAC address corresponding to the destination host.

   This ARP request packet includes the IP address of the source host, the hardware address, and the IP address of the destination host. After receiving this ARP request, all hosts in the network will check whether the destination IP in the data packet is consistent with their own IP address. If they are not the same, ignore this data packet; if they are the same, the host will first add the MAC address and IP address of the sender to its own ARP list, if the information of the IP already exists in the ARP table, it will be overwritten, and then the source The host sends an ARP response data packet, telling the other party that it is the MAC address it needs to find; after the source host receives the ARP response data packet, it adds the obtained IP address and MAC address of the destination host to its own ARP list, and Use this information to start the transfer of data. If the source host has not received an ARP response packet, it means that the ARP query failed

10. DHCP/NAT protocol

    DHCP

    DHCP is very common in our life. Our computers usually obtain IP addresses dynamically through DHCP, which greatly saves the tedious process of configuring IP information.

    The DHCP client process listens to port 68, and the DHCP server process listens to port 67.

    These 4 steps:

    • The client first initiates the IP datagram of the DHCP discovery message (DHCP DISCOVER) . Since the client has no IP address and does not know the address of the DHCP server, it uses UDP broadcast communication, and the broadcast destination address it uses is 255.255.255.255 (port 67) and use 0.0.0.0 (port 68) as the source IP address. The DHCP client passes the IP datagram to the link layer, which then broadcasts the frame to all devices on the network.
    • When the DHCP server receives the DHCP discovery message, it responds to the client with a DHCP offer message (DHCP OFFER) . The message still uses the IP broadcast address 255.255.255.255, and the message information carries the IP address, subnet mask, default gateway, DNS server and IP address lease period provided by the server .
    • After receiving the DHCP offer message from one or more servers, the client selects a server and sends a DHCP request message to the selected server (DHCP REQUEST responds and echoes the configured parameters.
    • Finally, the server responds to the DHCP request message with a DHCP ACK message and responds to the required parameters.

    Once the client receives the DHCP ACK, the interaction is complete and the client can use the IP address assigned by the DHCP server for the lease period.

    In the DHCP interaction, UDP broadcast communication is used throughout .

    NAT

    Network Address Translation (NAT) alleviates the problem of IPv4 address exhaustion. To put it simply, NAT is to convert private IP addresses into public IP addresses when hosts in the same company, family, or classroom communicate with the outside world.

    Since both NAT/NAPT rely on their own translation tables, there are the following problems:

    • The outside cannot actively establish a connection with the NAT internal server, because the NAPT translation table has no translation records.
    • Both the generation of the conversion table and the conversion operation will generate performance overhead.
    • During communication, if the NAT router restarts, all TCP connections will be reset.

    How to solve the potential problem of NAT?

    There are mainly two ways to solve it.

    The first is to switch to IPv6, the second NAT penetration technology

11. ICMP/IGMP protocol

    ICMP

    The full name of ICMP is Internet Control Message Protocol , which is the Internet Control Message Protocol .

    ICMPThe main functions include: confirm whether the IP packet is successfully delivered to the destination address, report the reason why the IP packet is discarded during the sending process, and improve network settings, etc.

    In IPthe communication, if a certain IPpacket fails to reach the destination address for some reason, then the specific reason will notified by ICMP .

    ICMP can be roughly divided into two categories:

    • One is the query message used for diagnosis, that is, " query message type "
    • The other type is an error message that notifies the cause of the error, that is, " error message type "

    IGMP

    We know the multicast address, that is, the D-class address. Since it is multicast, it means that only one group of hosts can receive data packets, and the hosts that are not in one group cannot receive array packets. How to manage whether they are in the same group or not? What about the group? Then, IGMPan agreement .

    IGMP is an Internet Group Management Protocol that works between hosts (multicast members) and last-hop routers

    • The IGMP message applies to the router to join and exit the multicast group. By default, the router will not forward the multicast packet to the connected host unless the host joins the multicast group through IGMP. When the host applies to join the multicast group, the router will The IGMP router table will be recorded, and the router will then forward the multicast packet to the corresponding host.
    • IGMP message adopts IP encapsulation, the protocol number of IP header is 2, and the value of TTL field is usually 1, because IGMP works between the host and the connected router.

    General Query and Response Mechanism

    1. The router will periodically send IGMP general query messages with the destination address 224.0.0.1(representing all hosts and routers in the same network segment) .
    2. Host 1 and Host 3 will start the "report delay timer" after receiving this query. The timer time is random, usually 0~10 seconds. After the timer expires, the host will send the IGMP membership report message ( The source IP address is the IP address of its own host, and the destination IP address is the multicast address). If it receives membership report messages sent by other hosts in the same group before the timer expires, it will not send them any more, which can reduce the number of redundant IGMP messages in the network.
    3. After the router receives the host's membership message, it will add the multicast group in the IGMP routing table. Once the data of the multicast address reaches the router in the subsequent network, it will forward the data packet.

    Leave the working mechanism of the multicast group

    Situation 1 of leaving the multicast group, the multicast group still exists in the network segment:

    1. Host 1 wants to leave the group 224.1.1.1, and sends an IGMPv2 leaving group message, and the destination address of the message is 224.0.0.2 (indicating that it is sent to all routers in the network segment)
    2. After receiving the message, the router sends IGMP group-specific query messages continuously at intervals of 1 second (a total of 2) to confirm whether there are other members of the 224.1.1.1 group in the network.
    3. Host 3 is still a member of group 224.1.1.1, so it immediately responds to this group-specific query. The router knows that there are still members of the multicast group in the network, so it continues to forward the 224.1.1.1 multicast data packets to the network.

    Situation 1 of leaving the multicast group, the multicast group still exists in the network segment:

    1. Host 1 sends an IGMP leave message to leave the multicast group 224.1.1.1.
    2. After receiving the message, the router sends IGMP group-specific query messages continuously at intervals of 1 second (a total of 2 messages are sent). At this time, in this network segment, the group 224.1.1.1 has no other members, so no host responds to this query.
    3. After a certain period of time, the router thinks that there are no more members of the 224.1.1.1 multicast group in this network segment, and will no longer forward data packets of this multicast address to this network segment.

12. What are the applications of ICMP

    ICMP has two main applications, one is Ping and the other is Traceroute.

    1. Ping

    Ping is an important application of ICMP, mainly used to test the connectivity between two hosts.

    The principle of Ping is to send an ICMP Echo request message to the destination host, and the destination host will send an Echo reply message after receiving it. Ping estimates packet round-trip time and packet loss rate based on time and number of successful responses.

    2. Traceroute

    Traceroute is another application of ICMP, which is used to trace the path of a packet from source to destination.

    The IP datagram sent by Traceroute encapsulates the undeliverable UDP user datagram, and the destination host sends a destination unreachable error report message.

    • The source host sends a series of IP datagrams to the destination host. The TTL of the first datagram P1 is set to 1. When P1 reaches the first router R1 on the path, R1 accepts it and reduces the TTL by 1. At this time, the TTL is equal to 0, and R1 discards P1 and Send an ICMP time exceeded error report message to the source host;
    • The source host then sends a second datagram, P2, with a TTL of 2. P2 arrives at R1 first, R1 decrements the TTL by 1 and forwards it to R2 after accepting it, and R2 also decrements the TTL by 1 after accepting it. Since the TTL is equal to 0 at this time, R2 discards P2 and sends an ICMP time exceeded error message to the source host message.
    • Continue to perform such steps until the last datagram has just arrived at the destination host, and the host does not forward the datagram and does not decrease the TTL value by 1. But because the datagram encapsulates undeliverable UDP, the destination host will send an ICMP destination unreachable error report message to the source host.
    • The source host then knows the IP addresses of the routers it traveled to reach the destination host and the round-trip time to each router.

2. Network planning knowledge points

1. How much do you know about common protocols at the application layer

   protocol	name	default port	underlying protocol
   HTTP	Hypertext Transfer Protocol	80	TCP
   HTTPS	Hypertext Transfer Security Protocol	443	TCP
   Telnet	Standard protocol for remote login services	23	TCP
   FTP	file transfer protocol	20 transfers and 21 connections	TCP
   TFTP	Simple File Transfer Protocol	69	UDP
   SMTP	Simple Mail Transfer Protocol (for sending)	25	TCP
   POP	Post Office Protocol (for receiving)	110	TCP
   DNS	Domain name resolution service	53	When domain transfer between servers, use TCP client to query DNS server, use UDP

2. What are the common HTTP status codes

   status code	category	meaning
   1XX	Informational (informational status code)	The received request is being processed
   2XX	Success (success status code)	The request is processed normally
   3XX	Redirection (redirection status code)	Additional action is required to complete the request
   4XX	Client Error (client error status code)	The server was unable to process the request
   5XX	Server Error (server error status code)	The server handles the request out

   1xx information

   100 Continue : Indicates that everything is normal so far, and the client can continue to send the request or ignore the response.

   2xx success

   • 200 OK
   • 204 No Content : The request has been successfully processed, but the returned response message does not contain the body of the entity. It is generally used when you only need to send information from the client to the server, but do not need to return data.
   • 206 Partial Content : Indicates that the client has made a range request, and the response message contains the entity content in the range specified by Content-Range.

   3xx redirect

   • 301 Moved Permanently : Permanent redirection
   • 302 Found : Temporary redirection
   • 303 See Other : It has the same function as 302, but 303 clearly requires that the client should use the GET method to obtain resources.
   • 304 Not Modified : If the header of the request message contains some conditions, such as: If-Match, If-Modified-Since, If-None-Match, If-Range, If-Unmodified-Since, if the conditions are not met, the server will return 304 status code.
   • 307 Temporary Redirect : Temporary redirection, similar to 302 in meaning, but 307 requires that the browser will not change the POST method of the redirection request to the GET method.

   4xx client errors

   • 400 Bad Request : There is a syntax error in the request message.
   • 401 Unauthorized : This status code indicates that the sent request requires authentication information (BASIC authentication, DIGEST authentication). If a request has been made before, it means that the user authentication failed.
   • 403 Forbidden : The request is denied.
   • 404 Not Found

   5xx server errors

   • 500 Internal Server Error : An error occurred while the server was executing the request.
   • 503 Service Unavailable : The server is temporarily overloaded or is undergoing downtime for maintenance, and is unable to process requests now.

3. OSI seven-layer model and functions

   brief summary

   • Physical layer: underlying data transmission, such as network cables; network card standards.
   • Data link layer: Define the basic format of data, how to transmit, how to identify; such as the MAC address of the network card.
   • Network layer: define IP addressing, define routing functions; such as data forwarding of different devices.
   • Transport layer: the basic function of end-to-end data transmission; such as TCP, UDP.
   • Session layer: Controls session capabilities between applications; such as distributing data from different software to different software.
   • Presentation layer: data format identification, basic compression and encryption functions.
   • Application layer: various application software, including Web applications.

   illustrate

   • In the fourth layer, both the transport layer data is called Segments (Segments);
   • The three-layer network layer data is called packages (Packages);
   • At the Layer 2 data link layer, the data is called a frame (Frames);
   • Data at a physical layer is called a bit stream (Bits).

   Summarize

   • The seven-layer network model is a standard, not an implementation.
   • The network four-tier model is an implemented application model.
   • The network four-layer model is simplified and merged from the seven-layer model.

4. Network five-layer model, the responsibilities of each layer

   1. physical layer

   What is the first thing a computer needs to do to communicate with another computer? Of course, it is necessary to connect this computer with other computers, so that we can transfer data there. For example, they can be connected by media such as optical fiber, cable, twisted pair, etc., and then they can communicate.

   The physical layer is responsible for connecting the two computers, and then transmitting electrical signals such as 0,1 between the computers through high and low electrical frequencies.

   2. data link layer

   The physical layer is simply responsible for connecting computers and transmitting electrical signals such as 0 and 1 between computers. If the transmission of these 0, 1 combinations is irregular, the computer will not be able to interpret it.

   Therefore, we need to formulate a set of rules for the transmission of 0, 1. For example, how many electrical signals form a group, how should each group of signals be marked so that the computer can understand it, and so on.

   Thus, there is the Ethernet protocol.

   1. Ethernet protocol

   The Ethernet protocol stipulates that a group of electrical signals constitutes a data packet, and we call this data packet a frame . Each frame consists of two parts: header (Head) and data (Data).

   The frame size is typically 64 – 1518 bytes. If the data to be transmitted is large, it is divided into multiple frames for transmission.

   For the two parts of header and data, what kind of data do they store? I guess you can squint to see what data they should put. Undoubtedly, we must at least know who sent this frame, who sent it to, and other information, right? So the header part is mainly some descriptive data, such as sender, receiver and other information. The data part is the specific content of this data packet, which is intended for the receiver.

   To send the data of one computer to another computer through the physical layer and the link layer, who sent it to whom, and how to distinguish between computers, you have to give them a unique identifier, right?

   Thus, the MAC address appeared.

   2. MAC address

   Every computer connected to the network will have a network card interface, and each network card will have a unique address, which is called a MAC address. The data transmission between computers is uniquely searched and transmitted through the MAC address.

   The MAC address is composed of 48 binary bits and is uniquely identified when the network card is produced.

   3. Broadcast and ARP protocol

   (1). Broadcast

   As shown in the figure, if computer A knows the MAC address of computer B, and then computer A wants to send data to computer B, although computer A knows the MAC address of computer B, how does it send data to it? Computer A is not only connected to computer B, but computer A is also connected to other computers. Although computer A knows the MAC address of computer B, computer A does not know which route computer B is distributed on. In order to solve this problem, broadcasting appears .

   In the same subnet , computer A wants to send a data packet to computer B, and this data packet will contain the recipient's MAC address. When sending, computer A sends it by broadcasting . At this time, computers C and D in the same subnet will also receive this data packet, and then the computer that receives this data packet will send the MAC address of the data packet Take it out and compare it with its own MAC address. If the two are the same, accept the data packet, otherwise discard the data packet. We call this transmission method broadcasting, just like we usually call someone in the form of broadcasting in the square, if the name is you, you just ignore it, if it is not you, you treat it as if you cannot hear it.

   (2). ARP protocol .

   So here comes the question, how does computer A know the MAC address of computer B? At this time, it has to be solved by the guy of the ARP protocol, but the ARP protocol will involve the IP address, and we will talk about the IP address below. So let's put it aside for now, as if there is such an ARP protocol, through which we can know the MAC addresses of other computers in the subnet.

   3. Network layer

   We mentioned the keyword subnet above. In fact, the network we are in is composed of countless subnets. When broadcasting, only computers in the same subnet can receive it.

   If there is no such division of subnets, computer A sends a data packet to computer B through broadcasting, and all other computers can also receive this data packet, and then compare and discard. There are so many other computers in the world, and every computer can receive packets from all other computers, which is terrible. That mustn't crash. Therefore, such a thing as a subnet was born .

   So the question is, how do we distinguish which MAC addresses belong to the same subnet? If it is the same subnet, then we will send the data to the other party in the form of broadcast, if it is not the same subnet, we will send the data to the gateway and let the gateway forward it.

   In order to solve this problem, there is the IP protocol.

   1. IP protocol

   The IP protocol, the address it defines, we call it an IP address . There are two versions of the IP protocol, one is IPv4 and the other is IPv6. However, most of us currently use IPv4, and we only discuss the protocol of this version of IPv4.

   This IP address is composed of 32-bit binary numbers, and we generally divide it into 4-segment decimal representation, and the address range is 0.0.0.0~255.255.255.255.

   Every computer that wants to be connected to the Internet will have an IP address. This IP address is divided into two parts, the former part represents the network part , and the latter part represents the host part . And the binary digits occupied by the network part and the host part are not fixed.

   But here comes the question, how do you know how many digits are occupied by the network part and how many digits are occupied by the host part? In other words, from the IP addresses of two computers alone, we cannot tell whether they are in the same subnet.

   This leads to another keyword --- subnet mask . The subnet mask is also a 32-bit binary number like the IP address, but its network part is all 1, and the host part is all 0. That is to say, if the network part of the above two IP addresses is 24 bits, the host If part is 8 bits, then their subnet mask is 11111111.11111111.11111111.00000000, that is, 255.255.255.0.

   

   With the subnet mask, how to judge whether the IP address is in the same subnet. Obviously, knowing the subnet mask is equivalent to knowing how many bits are in the network part and how many bits are in the host part. We only need to perform an AND operation on the IP address and its subnet mask, and then compare the respective results. If the comparison results are the same, it means the same subnet, otherwise it is not the same subnet.

   2. ARP protocol

   With the knowledge of the above IP protocol, let's talk about the ARP protocol.

   With the IP addresses and subnet masks of the two computers, we can determine whether they are in the same subnet.

   If they are in the same subnet, when computer A wants to send data to computer B. We can get the MAC address of computer B through the ARP protocol.

   The ARP protocol also sends a data packet to each computer in the same subnet in the form of broadcast (of course, this data packet will contain the IP address of the receiver). After receiving the data packet, the other party will compare the IP address with itself. If they are the same, they will reply their own MAC address to the other party, otherwise they will discard the data packet. In this way, computer A can know the MAC address of computer B.

   Some people may ask, after knowing the MAC address, sending data is sent in the form of broadcast, and asking the other party's MAC address is also sent in the form of broadcast, so how do other computers know whether you want to send data or ask for the MAC address? In fact, in the data packet asking for the MAC address, a special MAC address is filled in the column of the other party's MAC address. After other computers see this special MAC address, they can know what the broadcast wants to do.

   If the IPs of the two computers are not in the same subnet, at this time, we will send the data packet to the gateway, and then let the gateway let us forward and transmit

   3. DNS server

   Here is another question, how do we know the IP address of the other party's computer? Some people may think this question is idiotic, thinking, of course it is the operator of the computer to input. That's right, when we want to visit a website, we can enter the IP to access, but I believe that most people enter a URL domain name, for example, to visit Baidu, enter the domain name www.baidu.com. In fact, when we enter this domain name, there will be a guy called a DNS server to help us resolve this domain name, and then return the IP corresponding to this domain name to us.

   Therefore, the function of the network layer is to allow us to find out where another computer is, whether it belongs to the same subnet, etc. in the vast crowd.

   4. Transport layer

   Through the mutual help of the physical layer, data link layer, and network layer, we have successfully transmitted data from computer A to computer B. However, there are various application programs in computer B. How does the computer know that the data is Who is it for?

   At this time, the guy **Port (Port)** will come into play, that is to say, when we transfer data from computer A to calculation table B, we have to specify a port for a specific application to accept processing .

   The function of the transport layer is to establish port-to-port communication. The function of the network layer is to establish host-to-host communication.

   In other words, only with IP and port can we communicate accurately. At this time, some people may say that I did not specify a port when I entered the IP address. In fact, for some transport protocols, some default ports have already been set. For example, the default port for http transmission is 80, and these port information will also be included in the data packet.

   The two most common protocols at the transport layer are the TCP protocol and the UDP protocol. The biggest difference between the TCP protocol and UDP is that TCP provides reliable transmission, while UDP provides unreliable transmission.

   5. Application layer

   Although we have received the data from the transport layer, these data are various, including html format, mp4 format, etc. Are you sure you can understand?

   Therefore, we need to specify the format rules of these data, so that we can interpret and render them after receiving them. For example, in our most common Http data packet, the file format of the data packet will be specified.

5. What is included in a complete HTTP request process

   first answer

   • A client and server connection is established.
   • After the connection is established, the client sends a request to the server.
   • The server receives the request and gives a response message.
   • The client browser parses and presents the returned content, and disconnects.

   second answer

   Domain name resolution --> Initiate a TCP 3-way handshake --> Initiate an http request after establishing a TCP connection --> The server responds to the http request, and the browser gets the html code --> The browser parses the html code and requests the resources in the html code (such as js, css, pictures, etc.) --> The browser renders the page and presents it to the user.

6. Talk about your understanding of the stop-and-wait protocol

   The stop-and-wait protocol is to achieve reliable transmission. Its basic principle is to stop sending each time a packet is sent and wait for the other party to confirm. After receiving the acknowledgment, the next packet is sent; in the stop-and-wait protocol, if the receiver receives a duplicate packet, the packet is discarded, but an acknowledgment is also sent at the same time. It mainly includes the following situations: no error situation, error situation (overtime retransmission), acknowledgment lost and acknowledgment late.

7. Talk about your understanding of the ARQ protocol

   Automatic Repeat Request (ARQ) protocol

   The timeout retransmission in the stop-wait protocol means that as long as the confirmation is not received after a period of time, the previously sent packet is retransmitted (the packet sent just now is considered lost). Therefore, a timeout timer needs to be set every time a packet is sent, and its retransmission time should be longer than the average round-trip time of data in packet transmission. This automatic retransmission mode is often called automatic repeat request ARQ.

   Continuous ARQ protocol

   Continuous ARQ protocol improves channel utilization. The sender maintains a sending window, and the packets within the sending window can be sent out continuously without waiting for confirmation from the other party. The receiver generally adopts cumulative acknowledgment, and sends an acknowledgment to the last packet that arrives in order, indicating that all packets up to this packet have been received correctly.

8. What is a cookie and its purpose

   A cookie is a small piece of data sent by the server to the user's browser and stored locally . It will be carried when the browser initiates a request to the same server again, and is used to tell the server whether the two requests come from the same browser. Since each subsequent request will need to carry Cookie data, it will bring additional performance overhead.

   • Session state management (such as user login status, shopping cart, game score or other information that needs to be recorded)
   • Personalization settings (such as user-defined settings, themes, etc.)
   • Browser behavior tracking (such as tracking and analyzing user behavior, etc.)

9. Session knowledge summary

   Session is stored on the server side, and the information stored on the server side is more secure.

   Sessions can be stored in files, databases, or memory on the server. It is also possible to store the Session in an in-memory database such as Redis, which will be more efficient.

   The process of using Session to maintain user login status is as follows:

   1. When the user logs in, the user submits a form containing the user name and password, and puts it into the HTTP request message;
   2. The server verifies the user name and password, and if it is correct, it stores the user information in Redis, and its Key in Redis is called Session ID;
   3. The Set-Cookie header field of the response message returned by the server contains the Session ID, and the client stores the Cookie value in the browser after receiving the response message;
   4. The cookie value will be included when the client makes a request to the same server later, and the server extracts the Session ID after receiving it, extracts the user information from Redis, and continues the previous business operation.

   working principle

   The working principle of the session is that after the client login is completed, the server will create a corresponding session. After the session is created, the session id will be sent to the client, and the client will store it in the browser. In this way, every time the client accesses the server, it will bring the sessionid with it. After the server gets the sessionid, it will find the corresponding session in the memory, so that it can work normally.

10. Comparison between Cookie and Session

    Cookie and Session are both solutions for maintaining state between the client and the server. The storage locations are different. Cookie: stored on the client side, session: stored on the server side. The data stored in Session is relatively safe. 2. The stored data types are different. Both are key-value structures, but there are differences in the type of value. Cookie: value can only be of string type, session: value is of Object type 3, The size of the stored data is limited by different cookies: the size is limited by the browser, many of which are 4K in size, session: theoretically limited by the current memory, 4, life cycle control cookie life cycle When the browser is closed, it will Extinct (1) The life cycle of the cookie is cumulative, starting from the time of creation, and the life cycle of the cookie ends after 20 minutes, (2) The life cycle of the session is interval, starting from the time of creation, such as at 20 Minutes, no access to the session, then the session life cycle is destroyed

11. What is the process of using Session

    The process is as follows:

    • When the user logs in, the user submits a form containing the user name and password, and puts it into the HTTP request message;
    • The server verifies the user name and password, and if it is correct, it stores the user information in Redis, and its Key in Redis is called Session ID;
    • The Set-Cookie header field of the response message returned by the server contains the Session ID, and the client stores the Cookie value in the browser after receiving the response message;
    • The cookie value will be included when the client makes a request to the same server later, and the server extracts the Session ID after receiving it, extracts the user information from Redis, and continues the previous business operation.

    Note : The security of the Session ID cannot be easily obtained by malicious attackers, so an easily guessed Session ID value cannot be generated. In addition, the Session ID needs to be regenerated frequently. In scenarios with high security requirements, such as transfers and other operations, in addition to using Session to manage user status, users also need to re-authenticate, such as re-entering passwords or using SMS verification codes.

12. The role of the keep alive timer

    In addition to the time waiting timer, TCP also has a keepalive timer. Imagine such a scenario: the client has actively established a TCP connection with the server. But then the client's host suddenly failed. Obviously, the server can no longer receive data from the client in the future. There should be measures to prevent the server from waiting in vain. This requires the use of a keep-alive timer.

    Every time the server receives the client's data, the keep-alive timer is reset, and the time setting is usually two hours. If no data from the client is received within two hours, the server will send a probe segment, and then send it every 75 seconds. If there is still no response from the client after continuously sending 10 probe segments, the server will think that the client has failed, and then close the connection.

13. DDos attack, Sql injection, SYN attack, XSS attack, CSRF attack

    DDos attack

    The client sends a request link packet to the server, the server sends a confirmation packet to the client, the client does not send a confirmation packet to the server, the server has been waiting for the confirmation from the client, there is no complete cure, unless TCP DDos is not used Prevention: 1) Limit the number of open SYN half-links at the same time 2) Shorten the Time out time of SYN half-links 3) Close unnecessary services

    SQL injection attack

    The attacker injects malicious SQL code into the HTTP request. When the server uses parameters to construct database SQL commands, the malicious SQL is constructed together and executed in the database. User login, input user name lianggzone, password' or '1'='1, if you use the method of parameter construction at this time, select * from user where name = 'lianggzone' and password = '' or '1'= will appear '1' No matter what the user name and password are, the queried user list will not be empty. How to prevent SQL injection attacks It is necessary to use precompiled PrepareStatement, but generally we will start from two aspects at the same time. Web side 1) Validity check. 2) Limit the length of the string input. Server 1) No need to concatenate SQL strings. 2) Use a precompiled PrepareStatement. 3) Validity test. (Why does the server still need to check the validity? The first rule is that the outside world is untrustworthy to prevent attackers from bypassing web requests.) 4) Filter the special characters in the parameters required by SQL. Such as single quotes, double quotes.

    SYN attack

    Resource allocation on the server side is allocated during the second handshake, while resources on the client side are allocated when the three-way handshake is completed , so the server is vulnerable to SYN flood attacks. SYN attack is that the client forges a large number of non-existent IP addresses in a short period of time, and continuously sends SYN packets to the server, and the server replies with confirmation packets, waiting for the client to confirm. Since the source address does not exist, the server needs to resend continuously until it times out. These fake SYN packets will occupy the unconnected queue for a long time, causing normal SYN requests to be discarded because the queue is full, causing network congestion and even system failure. SYN attack is a typical DoS/DDoS attack.

    Common defense methods against SYN attacks are as follows:

    • Shorten the timeout (SYN Timeout) time
    • Increase the maximum number of semi-joins
    • Filter Gateway Protection
    • SYN cookies technology

    XSS attack

    Cross-site scripting attack refers to an attack method in which an attacker controls a user's browser to perform malicious operations by tampering with a webpage and embedding a malicious script program when the user browses the webpage. How to prevent XSS attacks 1) The front end and the server end both require a length limit for string input. 2) Front-end and server-side need to escape HTML at the same time. Special characters such as "<", ">" are escaped and encoded. The core of anti-XSS is to filter the input data.

    CSRF attack

    Cross-site request forgery refers to an attacker performing illegal operations as a legitimate user through a cross-site request. CSRF attacks can be understood in this way: the attacker steals your identity and sends malicious requests to third-party websites in your name. What CRSF can do includes using your identity to send emails, send text messages, conduct transaction transfers, and even steal account information

    How to Prevent CSRF Attacks

    A security framework such as Spring Security. Token mechanism . Token verification is performed in the HTTP request. If there is no token in the request or the content of the token is incorrect, the request is considered as a CSRF attack and the request is rejected. Captcha . Usually, verification codes can prevent CSRF attacks very well, but in many cases, due to user experience considerations, verification codes can only be used as an auxiliary means, not the main solution. referer identification . There is a field Referer in the HTTP Header, which records the source address of the HTTP request. If the Referer is another website, it may be a CSRF attack, and the request is rejected. However, not all servers can get Referer. Many users restrict the sending of Referer for the sake of privacy protection. In some cases, the browser will not send Referer, such as HTTPS jumping to HTTP. 1) Verify the source address of the request; 2) Add a verification code for key operations; 3) Add and verify the token at the request address.

14. What is the reason for a large number of close_wait connections in the server? What is the solution

    The close_wait state occurs when TCP receives FIN but does not send its own FIN when TCP waves four times. There are two reasons why the server has a large number of close_wait states:

    • The internal business processing of the server takes up too much time, and the business cannot be processed; or there is still data to be sent; or there is a problem with the business logic of the server, and the close() method is not executed
    • The parent process of the server spawns a child process, and the child process inherits the socket. When the FIN is received, the child process processes it but the parent process does not process the signal, causing the socket reference to not be 0 and cannot be recycled.

    Approach:

    • stop application
    • Fix bugs in the program

15. What are MTU and MSS respectively?

    MTU: maximum transmission unit, the maximum transmission unit, stipulated by hardware, such as the MTU of Ethernet is 1500 bytes.

    MSS: maximum segment size, the maximum segment size, which is the maximum data segment size for each transmission of a TCP packet. Generally, the sender notifies the peer TCP of the maximum TCP data that the peer can send in each segment. The MSS value is obtained by subtracting the IPv4 header (20 bytes) and the TCP header (20 bytes) from the MTU value.

16. What protocol is the Ping command based on? what is the principle

    Ping is implemented based on the ICMP protocol at the network layer. By sending an ICMP echo request message to the other party , if the host of the other party is reachable, it will receive the message and respond with an ICMP echo reply message .

    Extension: Introduction to ICMP packets. ICMP messages are divided into two types:

    1. ICMP error report message, the common ones are
       1. end point unreachable
       2. time exceeded
       3. parameter problem
       4. change route
    2. ICMP query message
       1. Echo request and reply: Send an echo request message to a specific host , and the host that receives the echo request message responds with an echo reply message .
       2. Timestamp request and answer: Ask the other party for the current time, and return a 32-bit timestamp.