[Front-end interns preparing for autumn recruitment] - Summary of computer network interview questions, recommended collection series

[Front-end interns preparing for autumn recruitment] - Summary of computer network interview questions, recommended collection series

1. HTTP protocol

1. The difference between GET and POST requests

Post and Get are two methods of HTTP requests. The differences are as follows:

• Application scenarios: The GET request is an idempotent request. Generally, the Get request is used in scenarios that will not affect server resources, such as requesting resources for a web page. Post is not an idempotent request and is generally used in scenarios that will affect server resources, such as registering users.
• Whether to cache: Because the application scenarios of the two are different, browsers generally cache Get requests, but rarely cache Post requests.
• The format of the message sent: The entity part of the message requested by Get is empty, and the entity part of the message requested by Post is generally the data sent to the server.
• Security: The Get request can put the requested parameters into the URL and send it to the server. This approach is less secure than the Post request because the requested URL will be retained in the history.
  -Request length: Due to the browser's restriction on the URL length, it will affect the length of the get request when sending data. This restriction is stipulated by the browser, not by the RFC.
• Parameter types: Post parameter passing supports more data types.

2. The difference between POST and PUT requests

• The PUT request sends data to the server, thereby modifying the content of the data, but does not increase the type of data, etc. That is to say, no matter how many PUT operations are performed, the result will not be different. (can be understood as updating data from time to time )
• The POST request is to send data to the server. This request will change the type of data and other resources, and it will create new content. (can be understood as creating data )

3. Common HTTP request headers and response headers

HTTP Request Header Common request headers:

• Accept: the content types that the browser can handle
• Accept-Charset: The character set that the browser can display
• Accept-Encoding: compression encoding that the browser can handle
• Accept-Language: The language currently set by the browser
• Connection: The type of connection between the browser and the server
• Cookies: any cookies set by the current page
• Host: The domain where the requested page is located
• Referer: URL of the page making the request
• User-Agent: The browser’s user agent string

HTTP Responses Header Common response headers:

• Date: Indicates the time when the message was sent. The description format of the time is defined by rfc822
• server: server name
• Connection: The type of connection between the browser and the server
• Cache-Control: Control HTTP cache
• content-type: Indicates what MIME type the following document belongs to

There are four common Content-Type attribute values:

(1) application/x-www-form-urlencoded: The browser's native form form. If the enctype attribute is not set, the data will eventually be submitted in application/x-www-form-urlencoded mode. The data submitted in this way is placed in the body. The data is encoded according to key1=val1&key2=val2. Both key and val are URL transcoded.

(2) multipart/form-data: This method is also a common POST submission method. This method is usually used when uploading files through forms.

(3) application/json: The server message body is a serialized JSON string.

(4) text/xml: This method is mainly used to submit data in XML format.

4. Is HTTP status code 304 better or less?

In order to improve the website access speed, the server specifies a caching mechanism for some previously visited pages. When the client requests these pages, the server will judge whether the page is the same as before based on the cached content. If it is the same, it will directly return 304. At this time, the client The client calls the cached content without having to download it twice.

Status code 304 should not be considered an error, but a response from the server if the client has cache .

Search engine spiders will prefer websites with frequently updated content sources. Adjust the frequency of crawling the website through the status code returned by crawling the website within a specific period. If the website has been in the 304 status for a certain period of time, the spider may reduce the number of times it crawls the website. On the contrary, if the frequency of website changes is very fast and new content can be obtained every time it is crawled, then over time, the return visit rate will also increase.

Reasons for generating more 304 status codes:

• Page update cycle is long or not updated at all
• Pure static page or forced generation of static html

Too many 304 status codes may cause the following problems:

• Website snapshot stopped;
• Reduction in inclusion;
• The weight decreases.

5. Common HTTP request methods

• GET: Get data from the server;
• POST: Submit the entity to the specified resource, usually causing modification of server resources;
• PUT: upload files and update data;
• DELETE: delete objects on the server;
• HEAD: Gets the header of the message. Compared with GET, it does not return the main part of the message;
• OPTIONS: Ask for supported request methods for cross-domain requests;
• CONNECT: Requires the establishment of a tunnel when communicating with the proxy server, and uses the tunnel for TCP communication;
• TRACE: Echo the request received by the server, mainly used for testing or diagnosis.

6. OPTIONS request method and usage scenarios

OPTIONS is one of the HTTP request methods besides GET and POST.

The OPTIONS method is used to request functional options that can be used by Request-URIthe identified resource during the request/response communication process. Through this method, the client can decide what actions are necessary to take a specific resource request or understand the performance of the server before making a request for the resource . The response for this request method cannot be cached.

The OPTIONS request method has two main uses :

• Get all HTTP request methods supported by the server;
• Used to check access rights. For example: when performing CORS cross-domain resource sharing, for complex requests, the OPTIONS method is used to send sniffing requests to determine whether there is access permission to the specified resource.

7. What are the differences between HTTP 1.0 and HTTP 1.1?

HTTP 1.0 and HTTP 1.1 have the following differences :

• In terms of connections , http1.0 uses non-persistent connections by default, while http1.1 uses persistent connections by default. http1.1 uses persistent connections to reuse the same TCP connection for multiple http requests, thereby avoiding the delay in establishing a connection each time when using non-persistent connections.
• In terms of resource requests , in http1.0, there are some phenomena of wasting bandwidth. For example, the client only needs a part of an object, but the server sends the entire object, and does not support the breakpoint resume function. http1.1 The range header field is introduced in the request header, which allows requesting only a certain part of the resource, that is, the return code is 206 (Partial Content). This facilitates developers to make free choices to make full use of bandwidth and connections.
• In terms of caching , in http1.0, If-Modified-Since and Expires in the header are mainly used as cache judgment standards. http1.1 introduces more cache control strategies, such as Etag, If-Unmodified-Since, If-Match, If-None-Match and more caching headers are available to control the caching strategy.
• A new host field was added to http1.1 , which is used to specify the domain name of the server. In http1.0, it is believed that each server is bound to a unique IP address. Therefore, the URL in the request message does not pass the hostname (hostname). However, with the development of virtual host technology, multiple virtual hosts can exist on a physical server, and they share an IP address. Hence the host field, so that requests can be sent to different websites on the same server.
• Compared with http1.0, http1.1 also adds many new request methods , such as PUT, HEAD, OPTIONS, etc.

8. The difference between HTTP 1.1 and HTTP 2.0

• Binary protocol : HTTP/2 is a binary protocol. In HTTP/1.1 version, the header information of the message must be text (ASCII encoding), and the data body can be text or binary. HTTP/2 is a complete binary protocol. The header information and data body are both binary, and are collectively called "frames", which can be divided into header information frames and data frames. The concept of frame is the basis for multiplexing.
• Multiplexing: HTTP/2 implements multiplexing. HTTP/2 still multiplexes TCP connections, but in one connection, both the client and the server can send multiple requests or responses at the same time, and they do not have to follow the order one by one. Send, thus avoiding the problem of "head-of-line congestion" [1].
• Data flow: HTTP/2 uses the concept of data flow, because HTTP/2 data packets are sent out of order, and consecutive data packets in the same connection may belong to different requests. Therefore, the packet must be marked to indicate which request it belongs to. HTTP/2 refers to all packets of each request or response as a data stream. Each data stream has a unique number. When a data packet is sent, it must be marked with a data flow ID to distinguish which data flow it belongs to.
• Header compression: HTTP/2 implements header compression. Since the HTTP 1.1 protocol is stateless, all information must be attached to each request. Therefore, many fields in the request are repeated, such as Cookie and User Agent. The exact same content must be included in every request, which wastes a lot of bandwidth and also affects the speed. HTTP/2 has optimized this and introduced a header compression mechanism. On the one hand, the header information is compressed using gzip or compress before being sent; on the other hand, the client and server maintain a header information table at the same time, all fields will be stored in this table, and an index number will be generated, so that the same fields will not be sent in the future. , only sending the index number, which can improve speed.
• Server push: HTTP/2 allows the server to proactively send resources to the client without request. This is called server push. Use server push to push necessary resources to the client in advance, which can relatively reduce some delay time. What needs to be noted here is that the server actively pushes static resources under http2, which is different from the push of real-time data to the client using WebSocket and SSE.

【1】The head of the queue is blocked:

Head-of-line blocking is caused by the basic "request-reply" model of HTTP. HTTP stipulates that messages must be "one sent and one received", which forms a first-in, first-out "serial" queue. There is no priority for requests in the queue, only the order in which they are added to the queue. The request at the front will be processed with the highest priority. If the request at the head of the queue is delayed due to too slow processing, then all subsequent requests in the queue will have to wait together. As a result, other requests bear undue time costs, causing the head of the queue to be blocked.

9. The difference between HTTP and HTTPS protocols

The main differences between HTTP and HTTPS protocols are as follows:

• The HTTPS protocol requires a CA certificate, which is more expensive; the HTTP protocol does not;
• The HTTP protocol is a hypertext transfer protocol, and information is transmitted in plain text, while HTTPS is a secure SSL encrypted transmission protocol;
• Use different connection methods and different ports. The HTTP protocol port is 80 and the HTTPS protocol port is 443;
• HTTP protocol connection is very simple and stateless; HTTPS protocol is a network protocol built with SSL and HTTP protocols that can perform encrypted transmission and identity authentication, and is more secure than HTTP.

10. Reasons for the URL length limit of the GET method

In fact, the HTTP protocol specification does not limit the length of the URL requested by the get method. This limit is imposed by specific browsers and servers.

IE's limit on URL length is 2083 bytes (2K+35). Since the IE browser has the smallest allowable value for URL length, during the development process, as long as the URL does not exceed 2083 bytes, there will be no problem working in all browsers.

GET的长度值 = URL（2083）- （你的Domain+Path）-2（2是get请求中?=两个字符的长度）

Let’s take a look at the length restrictions of the URL in the get method in mainstream browsers:

• Microsoft Internet Explorer (Browser): The maximum limit of URLs in IE browser is 2083 characters. If this number is exceeded, the submit button will not respond.
• Firefox (Browser): The URL length limit for Firefox browser is 65,536 characters.
• Safari (Browser): Maximum URL length is limited to 80,000 characters.
• Opera (Browser): The maximum URL length is limited to 190,000 characters.
• Google (chrome): The maximum URL length is limited to 8182 characters.

Mainstream servers limit the length of the URL in the get method:

• Apache (Server): The maximum url length that can be accepted is 8192 characters.
• Microsoft Internet Information Server (IIS): The maximum URL length that can be accepted is 16384 characters.

According to the above data, we can know that the length of the URL in the get method should not exceed 2083 characters, so that all browsers and servers may work normally.

11. What happens when you type Google.com into your browser and press Enter?

(1) Parsing the URL First, the URL will be parsed to analyze the transmission protocol to be used and the path of the requested resource. If the protocol or host name in the entered URL is illegal, the content entered in the address bar will be passed to the search engine. If there is no problem, the browser will check whether illegal characters appear in the URL. If illegal characters exist, escape the illegal characters before proceeding to the next process.

(2) Cache judgment The browser will determine whether the requested resource is in the cache. If the requested resource is in the cache and has not expired, then it will be used directly, otherwise a new request will be initiated to the server.

(3) The next step of DNS resolution is to obtain the IP address of the domain name in the entered URL. First, it will determine whether there is a local cache of the IP address of the domain name. If so, use it. If not, initiate a request to the local DNS server. . The local DNS server will also first check whether there is a cache. If not, it will first initiate a request to the root domain name server. After obtaining the address of the responsible top-level domain name server, it will then request to the top-level domain name server, and then obtain the address of the responsible authoritative domain name server. , and then initiates a request to the authoritative domain name server. After finally obtaining the IP address of the domain name, the local DNS server returns the IP address to the requesting user. Requests initiated by users to the local DNS server are recursive requests, and requests initiated by the local DNS server to domain name servers at all levels are iterative requests.

(4) Obtain the MAC address. After the browser obtains the IP address, data transmission also needs to know the MAC address of the destination host. Because the application layer delivers data to the transport layer, the TCP protocol will specify the source port number and destination port number, and then deliver it to Network layer. The network layer will use the local machine address as the source address and the obtained IP address as the destination address. Then it will be sent to the data link layer. The data link layer needs to add the MAC addresses of both communicating parties. The MAC address of the local machine is used as the source MAC address, and the destination MAC address needs to be processed on a case-by-case basis. By ANDing the IP address with the subnet mask of the local machine, you can determine whether it is in the same subnet as the requesting host. If it is in the same subnet, you can use the APR protocol to obtain the MAC address of the destination host. If it is not in the same subnet, network, then the request should be forwarded to the gateway, which will forward it on its behalf. At this time, the MAC address of the gateway can also be obtained through the ARP protocol. At this time, the MAC address of the destination host should be the address of the gateway.

(5) TCP three-way handshake The following is the three-way handshake process of TCP establishing a connection. First, the client sends a SYN connection request segment and a random sequence number to the server. After receiving the request, the server sends a SYN ACK message to the server. segment, confirms the connection request, and also sends a random sequence number to the client. After receiving the confirmation response from the server, the client enters the connection establishment state, and at the same time sends an ACK confirmation message segment to the server. After the server receives the confirmation, it also enters the connection establishment state, and the connection between the two parties is established.

(6) **HTTPS handshake:** If the HTTPS protocol is used, there is a four-way handshake process of TLS before communication. First, the client sends the version number of the protocol used, a random number and the encryption method that can be used to the server. After receiving it, the server confirms the encryption method and also sends a random number and its own digital certificate to the client. After receiving it, the client first checks whether the digital certificate is valid. If it is valid, it generates a random number, encrypts the random number using the public key in the certificate, and then sends it to the server, and also provides a copy of all the previous content. The hash value is used for server-side verification. After receiving it, the server uses its own private key to decrypt the data, and at the same time sends a hash value of all the previous content to the client for the client to verify. At this time, both parties have three random numbers. According to the previously agreed upon encryption method, these three random numbers are used to generate a secret key. In the future, before the two parties communicate, they will use this secret key to encrypt the data before transmitting it.

(7) Return data When the page request is sent to the server, the server will return an html file as a response. After the browser receives the response, it begins to parse the html file and start the page rendering process.

(8) The page rendering browser will first build a DOM tree based on the HTML file, and build a CSSOM tree based on the parsed css file. If a script tag is encountered, it will determine whether the end contains defer or async attributes, otherwise the loading and execution of the script will be interrupted. Causes the rendering of the page to block. When the DOM tree and CSSOM tree are established, the rendering tree is constructed based on them. After the rendering tree is constructed, the layout will be carried out according to the rendering tree. After the layout is completed, the browser's UI interface is finally used to draw the page. At this time the entire page is displayed.

(9) The last step of TCP’s four-wave wave is the four-wave process of TCP disconnection. If the client thinks that the data sending is completed, it needs to send a connection release request to the server. After receiving the connection release request, the server will tell the application layer to release the TCP link. Then an ACK packet will be sent and the CLOSE_WAIT state will be entered. This indicates that the connection from the client to the server has been released and data sent by the client will no longer be received. But because the TCP connection is bidirectional, the server can still send data to the client. If the server still has unfinished data at this time, it will continue to send. After completion, it will send a connection release request to the client, and then the server will enter the LAST-ACK state. After receiving the release request, the client sends a confirmation response to the server. At this time, the client enters the TIME-WAIT state. This state will last for 2MSL (maximum segment lifetime, which refers to the time the message segment survives in the network. It will be discarded after timeout). If there is no resend request from the server within this time period, it will enter the CLOSED state. When the server receives the confirmation response, it enters the CLOSED state.

12. Understanding of keep-alive

The default in HTTP1.0 is that the client and server must create a new connection for each request/response, and immediately disconnect the connection after completion. This is a short connection . When using the Keep-Alive mode, the Keep-Alive function keeps the connection from the client to the server valid. When a subsequent request to the server occurs, the Keep-Alive function avoids establishing or re-establishing the connection. This is a long connection . How to use it:

• The HTTP 1.0 version does not have Keep-alive by default (that is, keep-alive will be sent by default), so if you want the connection to be maintained, you must manually configure the sending Connection: keep-alivefield. If you want to disconnect the keep-alive connection, you need to send Connection:closethe field;
• HTTP1.1 stipulates that a long connection is maintained by default. After the data transmission is completed, the TCP connection is not disconnected, waiting to continue using this channel to transmit data under the same domain name. If it needs to be closed, the client needs to send Connection：closethe header field.

Keep-Alive establishment process :

• The client sends a request message to the server and adds the Connection field to the header.
• The server receives the request and processes the Connection field
• The server sends back the Connection:Keep-Alive field to the client.
• The client receives the Connection field
• Keep-Alive connection established successfully

The server automatically disconnects the process (that is, there is no keep-alive) :

• The client just sends the content message to the server (not including the Connection field)
• The server receives the request and processes it
• The server returns the resource requested by the client and closes the connection
• The client receives the resource, finds that there is no Connection field, and disconnects

Client request disconnection process :

• The client sends the Connection:close field to the server
• The server receives the request and processes the connection field
• The server sends back the response resource and disconnects
• The client receives the resource and disconnects

Advantages of turning on Keep-Alive :

• Less CPU and memory usage (due to fewer concurrently open connections);
• Allows HTTP pipelining of requests and responses;
• Reduced congestion control (fewer TCP connections);
• Reduced latency for subsequent requests (no more handshakes required);
• Reporting errors does not require closing the TCP connection;

Disadvantages of turning on Keep-Alive :

• Long-term Tcp connections can easily lead to invalid use of system resources and waste system resources.

13. If the page has multiple images, what is the HTTP loading performance?

• Under the circumstancesHTTP 1 , the maximum number of TCP connections the browser can make to a domain name is 6, so it will request multiple times. It can be solved by deploying multiple domain names . This can increase the number of simultaneous requests and speed up the acquisition of page images.
• Under thisHTTP 2 , many resources can be loaded in an instant, because HTTP2 supports multiplexing and can send multiple HTTP requests in one TCP connection.

14. What is the header compression algorithm of HTTP2?

HTTP2 header compression is the HPACK algorithm. Establish "dictionaries" on both sides of the client and server, use index numbers to represent repeated strings, and use Huffman coding to compress integers and strings, which can achieve a high compression rate of 50% to 90%.

Specifically:

• Use "header tables" on the client and server to track and store previously sent key-value pairs. The same data is no longer sent through each request and response;
• The header table always exists during the duration of the HTTP/2 connection and is progressively updated by both the client and the server;
• Each new header key-value pair is either appended to the end of the current table or replaces the previous value in the table.

For example, in the two requests in the figure below, request one sends all header fields, while the second request only needs to send differential data. This can reduce redundant data and reduce overhead.

15. What does the HTTP request message look like?

The request report consists of 4 parts:

• Request line
• Request header
• empty line
• Request body

in:

(1) The request line includes: request method field, URL field, and HTTP protocol version field. They are separated by spaces. For example, GET /index.html HTTP/1.1.

(2) Request header: The request header consists of keyword/value pairs, one pair per line. The keywords and values ​​are separated by English colon ":"

• User-Agent: The browser type that generated the request.
• Accept: List of content types recognized by the client.
• Host: The requested host name, allowing multiple domain names to be at the same IP address, that is, a virtual host.

(3) Request body: data carried by post put and other requests

16. What does the HTTP response message look like?

The request report consists of 4 parts:

• response line
• response header
• empty line
• response body

• Response line: consists of the network protocol version, status code, and reason phrase for the status code, such as HTTP/1.1 200 OK.
• Response header: the main component of the response
• Response body: Data responded by the server

17. Advantages and disadvantages of HTTP protocol

HTTP is the Hypertext Transfer Protocol, which defines the format and method of exchanging messages between the client and the server. Port 80 is used by default. It uses TCP as the transport layer protocol to ensure the reliability of data transmission.

The HTTP protocol has the following advantages :

• Support client/server mode
• Simple and fast : When a client requests a service from the server, it only needs to transmit the request method and path. Due to the simplicity of the HTTP protocol, the program size of the HTTP server is small and the communication speed is very fast.
• No connection : No connection means that each connection is limited to processing only one request. After the server processes the client's request and receives the client's response, it disconnects the connection. This method can save transmission time.
• Stateless : The HTTP protocol is a stateless protocol, where the state refers to the context information of the communication process. The lack of status means that if subsequent processing requires the previous information, it must be retransmitted, which may result in an increase in the amount of data transferred per connection. On the other hand, the server responds faster when it does not need previous information.
• Flexible : HTTP allows the transmission of any type of data object. The type being transferred is marked by Content-Type.

The HTTP protocol has the following disadvantages :

• Stateless HTTP is a stateless protocol, the HTTP server does not save any information about the client.
• The messages in the plaintext transmission protocol are in text form, which is directly exposed to the outside world and is unsafe.
• not safe

(1) Communication uses clear text (not encrypted), and the content may be eavesdropped;

(2) The identity of the communicating party is not verified, so it is possible to encounter disguise;

(3) The integrity of the message cannot be proven, so it may have been tampered with;

18. Let’s talk about HTTP 3.0

Based on the UDP protocol, HTTP/3 implements functions such as multiplexing data streams and transmission reliability similar to TCP. This set of functions is called the QUIC protocol.

1. Flow control and transmission reliability functions: QUIC adds a layer to UDP to ensure data transmission reliability. It provides packet retransmission, congestion control, and other features in TCP.
2. Integrated TLS encryption function: Currently QUIC uses TLS1.3, which reduces the number of RTTs spent on handshakes.
3. Multiplexing: There can be multiple independent logical data streams on the same physical connection, realizing independent transmission of data streams and solving the head-of-line blocking problem of TCP.

1. Fast handshake: Because it is based on UDP, it can use 0 ~ 1 RTT to establish a connection.

19. What is the performance of HTTP protocol?

The HTTP protocol is based on TCP/IP and uses a request-response communication model, so the key to performance lies in these two points.

• Long connection

The HTTP protocol has two connection modes, one is persistent connection and the other is non-persistent connection.

(1) Non-persistent connection means that the server must establish and maintain a new connection for each requested object.

(2) Under continuous connection, the TCP connection is not closed by default and can be reused by multiple requests. The advantage of using a persistent connection is that it can avoid the time spent in the three-way handshake each time a TCP connection is established.

Different connection methods are used for different versions:

• In HTTP/1.0, every time a request is initiated, a new TCP connection (three-way handshake) must be created, and it is a serial request, requiring fearless TCP connection establishment and disconnection, which increases communication overhead. This version uses non-persistent connections, but you can add Connection: keep-a live when requesting to ask the server not to close the TCP connection.
• HTTP/1.1 proposed a long connection communication method, also called a persistent connection. The advantage of this method is that it reduces the additional overhead caused by repeated establishment and disconnection of TCP connections and reduces the load on the server side. This version and later versions use persistent connections by default. Currently, most browsers support the establishment of 6 persistent connections at the same time for the same domain.

• pipe network transmission

HTTP/1.1 uses a long connection method, which makes pipeline network transmission possible.

Pipeline network transmission means that in the same TCP connection, the client can initiate multiple requests. As long as the first request is sent, it can send a second request without waiting for it to come back, which can reduce Overall response time. But the server still responds to requests in order. If the previous response is particularly slow, there will be many requests waiting in the queue. This is called head-of-line congestion.

• head of line jam

The messages transmitted by HTTP must be sent and received one at a time. However, the tasks inside are placed in a task queue for serial execution. Once the request processing at the head of the queue is too slow, the processing of subsequent requests will be blocked. This is the HTTP head-of-line blocking problem.

Solution to head-of-line blocking:

(1) Concurrent connections: Allowing multiple long connections to be allocated to a domain name is equivalent to increasing the task queue, so that the tasks of one team will not block all other tasks.

(2) Domain name fragmentation: Split the domain name into many second-level domain names, which all point to the same server. The number of concurrent long connections increases, which solves the problem of head-of-line blocking.

20. What are the components of a URL?

Take the following URL as an example: http://www.aspxfans.com:8080/news/index.asp?boardID=5&ID=24618&page=1#name

As can be seen from the above URL, a complete URL includes the following parts:

• Protocol part : The protocol part of the URL is "http:", which means that the web page uses the HTTP protocol. Various protocols can be used on the Internet, such as HTTP, FTP, etc. In this example, the HTTP protocol is used. The "//" after "HTTP" is the delimiter;
• Domain name part : The domain name part of the URL is "www.aspxfans.com". In a URL, the IP address can also be used as the domain name.
• Port part : Following the domain name is the port, and ":" is used as the separator between the domain name and the port. The port is not a required part of a URL. If the port part is omitted, the default port will be used (the default port of the HTTP protocol is 80, and the default port of the HTTPS protocol is 443);
• Virtual directory part : Starting from the first "/" after the domain name to the last "/", it is the virtual directory part. The virtual directory is also not a required part of a URL. The virtual directory in this example is "/news/";
• File name part : Starting from the last "/" after the domain name and ending with "?", it is the file name part. If there is no "?", it is starting from the last "/" after the domain name and ending with "#". The file part, if there are no "?" and "#", then the file name part starts from the last "/" after the domain name and ends at the end. The file name in this example is "index.asp". The file name part is not a required part of a URL. If this part is omitted, the default file name is used;
• Anchor part : From the beginning to the end of "#", it is the anchor part. The anchor part in this case is "name". The anchor part is also not a required part of a URL;
• Parameter part : The part starting from "?" to "#" is the parameter part, also known as the search part and the query part. The parameter part in this example is "boardID=5&ID=24618&page=1". Parameters can allow multiple parameters, and "&" is used as a separator between parameters.

21. What are the HTTP request headers related to caching?

Strong caching:

• Expires
• Cache-Control

Negotiate cache:

• Etag、If-None-Match
• Last-Modified、If-Modified-Since

2. HTTPS protocol

1. What is HTTPS protocol?

Hypertext Transfer Protocol Secure (HTTPS) is a transmission protocol for secure communication through computer networks. HTTPS communicates over HTTP, utilizing SSL/TLS to encrypt data packets. The main purpose of HTTPS is to provide identity authentication for the website server and protect the privacy and integrity of the exchanged data.

The HTTP protocol uses clear text to transmit information, which involves the risk of information eavesdropping , information tampering , and information hijacking . The protocol TLS/SSL has the functions of identity authentication , information encryption , and integrity verification to avoid such problems.

The main responsibility of the security layer is to encrypt the data of the initiated HTTP request and decrypt the received HTTP content .

2. How TLS/SSL works

TLS/SSL stands for Transport Layer Security . It is a layer of security protocol between TCP and HTTP. It does not affect the original TCP protocol and HTTP protocol. Therefore, there is basically no need to modify the HTTP page when using HTTPS. Too much remodeling.

The function implementation of TLS/SSL mainly relies on three types of basic algorithms: hash function hash , symmetric encryption , and asymmetric encryption . The functions of these three types of algorithms are as follows:

• Verify the integrity of information based on hash function
• Symmetric encryption algorithm uses negotiated keys to encrypt data
• Asymmetric encryption implements identity authentication and key negotiation

(1) Hash function hash

Common hash functions include MD5, SHA1, and SHA256. This function is characterized by one-way irreversibility, very sensitive to input data, and a fixed length of output. Any modification of data will change the result of the hash function, and can be used to prevent information tampering and verify data integrity.

**Features:** During the information transmission process, the hash function cannot achieve information tamper resistance in all three aspects. Since the transmission is in clear text, the middleman can modify the information and recalculate the summary of the information, so the transmitted information and information summary need to be processed. encryption.

(2) Symmetric encryption

Symmetric encryption is a method where both parties use the same secret key to encrypt and decrypt data. However, there is a problem with symmetric encryption, which is how to ensure the security of secret key transmission, because the secret key will still be transmitted through the network. Once the secret key is obtained by others, the entire encryption process will be useless. This requires the use of asymmetric encryption.

Common symmetric encryption algorithms include AES-CBC, DES, 3DES, AES-GCM, etc. The same key can be used to encrypt and decrypt information. Only by mastering the secret key can you obtain information and prevent information eavesdropping. The communication method is one-to-one.

**Features:** The advantage of symmetric encryption is that information transmission uses one-to-one and the same password needs to be shared. Password security is the basis for ensuring information security. When the server communicates with N clients, it needs to maintain N password records and cannot change Password.

(3) Asymmetric encryption

The method of asymmetric encryption is that we have two secret keys, one is the public key and the other is the private key. The public key is public and the private key is secret. Data encrypted with a private key can only be decrypted by the corresponding public key; data encrypted with a public key can only be decrypted by the corresponding private key. We can publish the public key, and any customer who wants to communicate with us can use the public key we provide to encrypt the data, so that we can use the private key to decrypt, thus ensuring the security of the data. However, one disadvantage of asymmetric encryption is that the encryption process is very slow. Therefore, if asymmetric encryption is used for every communication, it will cause a long waiting time.

Common asymmetric encryption algorithms include RSA, ECC, DH, etc. Secret keys appear in pairs, generally called public keys (public) and private keys (secret). Information encrypted by the public key can only be decrypted by the private key, and information encrypted by the private key can only be decrypted by the public key. Therefore, different clients with public keys cannot decrypt information from each other and can only communicate encrypted with the server. The server can For one-to-many communication, the client can also be used to verify the identity of the server that holds the private key.

**Features:** The characteristic of asymmetric encryption is that information is one-to-many. The server only needs to maintain a private key to communicate with multiple clients, but the information sent by the server can be decrypted by all clients, and this algorithm The calculation is complex and the encryption speed is slow.

Based on the characteristics of the above algorithms, the working method of TLS/SSL is that the client uses asymmetric encryption to communicate with the server, realizes identity verification and negotiates the secret key used for symmetric encryption. The symmetric encryption algorithm uses negotiated keys to encrypt information and information digests. Different nodes use different symmetric keys to ensure that information can only be obtained by the communicating parties. This solves the problems existing in the two methods.

3. What is a digital certificate?

The current method is not necessarily safe, because there is no way to determine that the public key obtained is a safe public key. There may be an intermediary who intercepts the public key sent to us by the other party, and then sends his own public key to us. When we use his public key to encrypt the information sent, he can decrypt it with his own private key. Then he pretended to be us and sent information to each other in the same way, so that our information was stolen, but he didn't know it yet. To solve such problems, digital certificates can be used.

First, a Hash algorithm is used to encrypt the public key and other information to generate a message digest, and then a credible certification center (CA for short) uses its private key to encrypt the message digest to form a signature. Finally, the original information and signature are combined, called a digital certificate. When the recipient receives the digital certificate, it first uses the same Hash algorithm to generate a digest based on the original information, then uses the public key of the notary office to decrypt the digest in the digital certificate, and finally compares the decrypted digest with the generated digest. By comparison, you can find out whether the obtained information has been changed.

The most important thing about this method is the reliability of the certification center. Generally, browsers will have certificates from some top-level certification centers built into them, which means we automatically trust them. Only in this way can data security be ensured.

4. HTTPS communication (handshake) process

The communication process of HTTPS is as follows:

1. The client initiates a request to the server, and the request contains the protocol version number used, a random number generated, and the encryption method supported by the client.
2. After receiving the request, the server confirms the encryption method used by both parties, gives the server's certificate, and a random number generated by the server.
3. After the client confirms that the server certificate is valid, it generates a new random number, uses the public key in the digital certificate to encrypt the random number, and then sends it to the server. And a hash value of all previous contents will also be provided for server verification.
4. The server uses its own private key to decrypt the random number sent by the client. And provide the hash value of all previous contents for client verification.
5. The client and server use the first three random numbers according to the agreed encryption method to generate a conversation key. This secret key will be used to encrypt information in subsequent conversation processes.

5. Characteristics of HTTPS

The advantages of HTTPS are as follows:

• Using the HTTPS protocol can authenticate users and servers to ensure that data is sent to the correct client and server;
• The HTTPS protocol can be used for encrypted transmission and identity authentication, making communication more secure, preventing data from being stolen or modified during the transmission process, and ensuring data security;
• HTTPS is the most secure solution under the current architecture. Although it is not absolutely safe, it greatly increases the cost of man-in-the-middle attacks;

The disadvantages of HTTPS are as follows:

• HTTPS requires encryption and decryption on both the server and the client, which consumes more server resources and is a complicated process;
• The handshake phase of the HTTPS protocol is time-consuming and increases the loading time of the page;
• SSL certificates are paid, and the more powerful the certificate, the higher the cost;
• HTTPS connection server-side resources are much higher, and it requires greater costs to support websites with slightly more visitors;
• The SSL certificate needs to be bound to an IP and cannot be bound to multiple domain names on the same IP.

6. How does HTTPS ensure security?

First understand two concepts:

• Symmetric encryption: both parties in communication use the same secret key for encryption and decryption. Although symmetric encryption is simple and has good performance, it cannot solve the problem of sending the secret key to the other party for the first time, and it can easily be hacked. Guest interception key.
• Asymmetric encryption:

\1. Private key + public key = key pair

\2. That is, data encrypted with a private key can only be decrypted by the corresponding public key; data encrypted with a public key can only be decrypted by the corresponding private key.

\3. Because both parties to the communication have their own set of key pairs, both parties will first send their public keys to the other party before communication.

\4. Then the other party uses this public key to encrypt the data and responds to the other party. When it reaches the other party, the other party then uses its own private key to decrypt it.

Although asymmetric encryption is more secure, the problem it brings is that it is very slow and affects performance.

Solution:

Combining the two encryption methods, the symmetric encryption key is encrypted using the asymmetric encryption public key, and then sent out. The recipient uses the private key to decrypt to obtain the symmetric encryption key, which can then be used by both parties. Use symmetric encryption to communicate.

This brings up a problem, the man-in-the-middle problem:

If there is an intermediary between the client and the server at this time, the intermediary only needs to replace the public key originally used for communication between the two parties with its own public key, so that the intermediary can easily decrypt the communication between the two parties. All data sent.

Therefore, at this time, a secure third-party issued certificate (CA) is needed to prove the identity and prevent man-in-the-middle attacks. The certificate includes: the issuer, the purpose of the certificate, the user's public key, the user's private key, the user's HASH algorithm, the certificate expiration time, etc.

But here comes the question, if the middleman tampered with the certificate, would the identity certificate be invalid? This proof is trivial. At this time, a new technology, digital signature, is needed.

A digital signature is to use the CA's own HASH algorithm to HASH the certificate content to obtain a digest, which is then encrypted with the CA's private key to finally form a digital signature. When someone else sends his certificate, I use the same Hash algorithm to generate the message digest again, and then use the CA's public key to decrypt the digital signature to get the message digest created by the CA. Comparing the two, it's I don’t know if it has been tampered with in the middle. At this time, communication security can be ensured to the greatest extent.

3. HTTP status code

Status code categories:

category	reason	describe
1xx	Informational (informational status code)	Accepted request is being processed
2xx	Success (success status code)	The request was processed normally
3xx	Redirection (redirect status code)	Additional action is required to complete the request
4xx	Client Error (client error status code)	The server cannot handle the request
5xx	Server Error (server error status code)	Server error processing request

1. 2XX (Success status code)

Status code 2XX indicates that the request was processed normally.

（1）200 OK

200 OK means that the request from the client was processed normally by the server.

（2）204 No Content

This status code indicates that the request sent by the client has been processed normally on the server, but there is no content returned, and the response message does not contain the main body of the entity. Generally used when only information needs to be sent from the client to the server, but the server does not need to send content to the client.

（3）206 Partial Content

This status code indicates that the client made a range request and the server performed this part of the GET request. The response message contains the entity content in the range specified by Content-Range.

2. 3XX (Redirection status code)

3XX responses indicate that the browser needs to perform some special processing to properly handle the request.

（1）301 Moved Permanently

Permanent redirect.

This status code indicates that the requested resource has been assigned a new URI and the resource-specified URI should be used in the future. The new URI will be specified in the Location header field of the HTTP response header. If the user has saved the original URI as a bookmark, the bookmark will be re-saved according to the new URI in Location. At the same time, search engines also replace the old URL with the redirected URL while crawling the new content.

scenes to be used:

• When we want to change the domain name and the old domain name is no longer in use, users will use 301 to redirect to the new domain name when accessing the old domain name. In fact, it also tells the search engine that the domain name included needs to include the new domain name.
• Domain names without www appear in the search results of search engines, but domain names with www are not included. At this time, you can use 301 redirection to tell the search engine which domain name our target is.

（2）302 Found

Temporary redirection.

This status code indicates that the requested resource has been assigned a new URI, and it is hoped that the user (this time) can use the new URI to access the resource. It is similar to the 301 Moved Permanently status code, but the resource represented by 302 is not permanently redirected, but is only temporary. In other words, the URI corresponding to the moved resource may change in the future. If the user saves the URI as a bookmark, the bookmark will not be updated like when the 301 status code appears, but the URI corresponding to the page that returns the 302 status code will still be retained. At the same time, search engines will crawl the new content and keep the old URLs. Because the server returns a 302 code, search engines think the new URL is only temporary.

scenes to be used:

• When we are doing an event, logging in to the homepage will automatically redirect us to the event page.
• Users who are not logged in will be redirected to the login page when accessing the user center.
• Visiting the 404 page redirects to the home page.

（3）303 See Other

This status code indicates that because there is another URI for the resource corresponding to the request, the GET method should be used to obtain the requested resource.

The 303 status code and the 302 Found status code have similar functions, but the 303 status code clearly indicates that the client should use the GET method to obtain resources.

The 303 status code is usually returned as a result of a PUT or POST operation. It indicates that the redirect link points not to the newly uploaded resource, but to another page, such as a message confirmation page or upload progress page. The method of requesting the redirect page should always use GET.

Notice:

• When 301, 302, or 303 response status codes are returned, almost all browsers will change POST to GET and delete the body in the request message, and then the request will be automatically sent again.
• The 301 and 302 standards prohibit changing the POST method into a GET method, but in fact everyone will do it.

（4）304 Not Modified

Browser cache related.

This status code indicates that when the client sends a request with conditions, the server allows the request to access the resource, but the conditions are not met. A 304 status code is returned without any response body. Although 304 is classified into the 3XX category, it has nothing to do with redirection.

Conditional request (Http conditional request): Use the Get method to request, and the request message contains any header ( if-match, if-none-match, if-modified-since, if-unmodified-since, ).if-range

Status code 304 is not an error, but tells the client that there is a cache and uses the data in the cache directly. Only the header information of the returned page is returned, without the content part, which improves the performance of the web page to a certain extent.

（5）307 Temporary Redirect

**307 indicates temporary redirection. **This status code has the same meaning as 302 Found. Although the 302 standard prohibits POST from becoming GET, this is still done in actual use.

307 will comply with browser standards and will not change from POST to GET . However, different browsers will still have different situations when it comes to processing requests. The specification requires the browser to continue POSTing content to the Location's address. The specification requires the browser to continue POSTing content to the Location's address.

3. 4XX (Client Error client error status code)

A 4XX response indicates that the client is the cause of the error.

（1）400 Bad Request

This status code indicates that there is a syntax error in the request message. When an error occurs, you need to modify the content of the request and send the request again. Additionally, browsers treat this status code like 200 OK.

（2）401 Unauthorized

This status code indicates that the request sent needs to have authentication information that passes HTTP authentication (BASIC authentication, DIGEST authentication). If a request has been made before, it means that the user authentication failed.

Responses returning a 401 MUST include a WWW-Authenticate header appropriate to the requested resource to challenge user information. When the browser receives the 401 response for the first time, a dialog window for authentication will pop up.

401 will occur in the following situations:

• 401.1 - Login failed.
• 401.2 - Server configuration caused login failure.
• 401.3 - Not authorized due to ACL restriction on resource.
• 401.4 - Filter authorization failed.
• 401.5 - ISAPI/CGI application authorization failed.
• 401.7 - Access is denied by the URL authorization policy on the web server. This error code is specific to IIS 6.0.

（3）403 Forbidden

This status code indicates that access to the requested resource has been denied by the server. The server does not need to give a detailed reason, but it can be explained in the body of the response message entity. After entering this state, verification cannot continue. This access is permanently prohibited and is closely related to the application logic.

IIS defines a number of different 403 errors, which indicate more specific causes of the error:

• 403.1 - Execution access prohibited.
• 403.2 - Read access forbidden.
• 403.3 - Write access prohibited.
• 403.4 - SSL required.
• 403.5 - SSL 128 required.
• 403.6 - IP address denied.
• 403.7 - Client certificate required.
• 403.8 - Site access denied.
• 403.9 - Too many users.
• 403.10 - Invalid configuration.
• 403.11 - Password change.
• 403.12 - Access to mapping table denied.
• 403.13 - Client certificate revoked.
• 403.14 - Directory listing denied.
• 403.15 - Client access permission exceeded.
• 403.16 - Client certificate is not trusted or invalid.
• 403.17 - Client certificate has expired or is not yet valid
• 403.18 - The requested URL cannot be executed in the current application pool. This error code is specific to IIS 6.0.
• 403.19 - CGI cannot be executed for clients in this application pool. This error code is specific to IIS 6.0.
• 403.20 - Passport login failed. This error code is specific to IIS 6.0.

（4）404 Not Found

This status code indicates that the requested resource cannot be found on the server. In addition, it can also be used when the server rejects the request and does not want to explain the reason.

404 will occur in the following situations:

• 404.0 - (None) – File or directory not found.
• 404.1 - The web site cannot be accessed on the requested port.
• 404.2 - This request is blocked by the Web Services extension locking policy.
• 404.3 - This request is blocked by MIME mapping policy.

（5）405 Method Not Allowed

This status code indicates that although the method requested by the client can be recognized by the server, the server prohibits the use of this method. GET and HEAD methods, the server should always allow the client to access. The client can check the access methods allowed by the server through the OPTIONS method (preflight), as follows

Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE

4. 5XX (Server Error server error status code)

A 5XX response indicates an error occurred on the server itself.

（1）500 Internal Server Error

This status code indicates that an error occurred on the server side while executing the request. It may also be a bug in the web application or some temporary failure.

（2）502 Bad Gateway

This status code indicates that the server acting as a gateway or proxy received an invalid response from the upstream server. Note that 502 errors are usually not repairable by the client, but need to be repaired by the passing web server or proxy server. 502 will appear in the following situations:

• 502.1 - CGI (Common Gateway Interface) application timed out.
• 502.2 - CGI (Common Gateway Interface) application error.

（3）503 Service Unavailable

This status code indicates that the server is temporarily overloaded or is undergoing downtime for maintenance and is currently unable to process requests. If you know the time required to resolve the above situation in advance, it is best to write the RetryAfter header field and return it to the client.

scenes to be used:

• When the server is down for maintenance, proactively respond to requests with 503;
• nginx sets a speed limit. If the speed limit is exceeded, 503 will be returned.

（4）504 Gateway Timeout

This status code indicates that the gateway or proxy server was unable to obtain the desired response within the specified time. It is new in HTTP 1.1.

Usage scenario: The code execution time times out, or an infinite loop occurs.

5. Summary

(1) 2XX success

• 200 OK, indicating that the request sent from the client is processed correctly on the server side
• 204 No content, indicating that the request was successful, but the response message does not contain the main part of the entity.
• 205 Reset Content, indicating that the request is successful, but the response message does not contain the body part of the entity, but it is different from the 204 response in that the requester is required to reset the content.
• 206 Partial Content, making a range request

(2) 3XX redirect

• 301 moved permanently, permanent redirection, indicating that the resource has been assigned a new URL
• 302 found, temporary redirection, indicating that the resource has been temporarily assigned a new URL.
• 303 see other, indicating that there is another URL for the resource, and the GET method should be used to obtain the resource.
• 304 not modified means that the server allows access to the resource, but the request does not meet the conditions.
• 307 temporary redirect, temporary redirect, has a similar meaning to 302, but the client is expected to keep the request method unchanged and make a request to the new address.

(3) 4XX client error

• 400 bad request, the request message contains a syntax error
• 401 unauthorized, indicating that the request sent requires authentication information that passes HTTP authentication.
• 403 forbidden, indicating that access to the requested resource is denied by the server
• 404 not found, indicating that the requested resource was not found on the server

(4) 5XX server error

• 500 internal sever error, indicating that an error occurred on the server side when executing the request.
• 501 Not Implemented means that the server does not support a function required by the current request.
• 503 service unavailable, indicating that the server is temporarily overloaded or is being shut down for maintenance and cannot handle requests.

6. The same redirection, what is the difference between 307 , 303 and 302 ?

302 is the protocol status code of http1.0. In the http1.1 version, two 303 and 307 were created to refine the 302 status code. 303 clearly indicates that the client should use the get method to obtain resources, and it will redirect the POST request into a GET request. 307 will comply with browser standards and will not change from post to get.

4. Introduction to DNS protocol

1. What is the DNS protocol?

Concept : DNS is the abbreviation of Domain Name System. It provides a conversion service from host name to IP address, which is what we often call the Domain Name System. It is a distributed database composed of hierarchical DNS servers and an application layer protocol that defines how hosts query this distributed database. It allows people to access the Internet more conveniently without having to remember IP strings that can be directly read by machines.

Function : Resolve the domain name into an IP address, the client sends a domain name query request to the DNS server (the DNS server has its own IP address), and the DNS server informs the client of the IP address of the Web server.

2. Does DNS use both TCP and UDP protocols?

DNS occupies port 53 and uses both TCP and UDP protocols.

(1) Use TCP protocol during zone transfer

• The secondary domain name server will query the primary domain name server regularly (usually 3 hours) to understand whether the data has changed. If there are changes, a zone transfer will be performed for data synchronization. Zone transfers use TCP rather than UDP because the amount of data transferred synchronously is much greater than the amount of data required to respond to a request.
• TCP is a reliable connection that guarantees data accuracy.

(2) Use UDP protocol when resolving domain names

• The client queries the DNS server for the domain name. Generally, the content returned does not exceed 512 bytes and can be transmitted using UDP. There is no need to go through a three-way handshake, so the DNS server load is lower and the response is faster. Theoretically, the client can also specify to use TCP when querying the DNS server, but in fact, many DNS servers only support UDP query packets when configured.

3. Complete DNS query process

The process of DNS server resolving domain names:

• First, the corresponding IP address will be searched in the browser's cache . If it is found, it will be returned directly. If it is not found, continue to the next step.
• Send the request to the local DNS server and query it in the local domain name server cache. If it is found, the search result will be returned directly. If it is not found, continue to the next step.
• The local DNS server sends a request to the root domain name server , and the root domain name server returns a top-level domain name server address for the queried domain.
• The local DNS server sends a request to the top-level domain name server , and the server that accepts the request queries its own cache. If there is a record, it returns the query result. If there is no record, it returns the address of the relevant lower-level authoritative domain name server.
• The local DNS server sends a request to the authoritative domain name server , and the domain name server returns the corresponding result.
• The local DNS server saves the returned results in the cache for easy use next time
• The local DNS server returns the results to the browser

For example, if you want to query the IP address of www.baidu.com , you will first check whether there is a cache of the domain name in the browser's cache. If it does not exist, the request will be sent to the local DNS server. The local DNS server will determine whether the cache exists. If the cache of the domain name does not exist, a request is sent to the root domain name server, and the root domain name server returns a list of IP addresses of the top-level domain name servers responsible for .com. The local DNS server then sends a request to one of the top-level domain name servers responsible for .com, and the top-level domain name server responsible for .com returns a list of IP addresses of the authoritative domain name servers responsible for .baidu. Then the local DNS server sends a request to one of the authoritative domain name servers, and finally the authoritative domain name server returns a list of IP addresses corresponding to the host name.

4. Iterative query and recursive query

In fact, DNS resolution is a process that includes iterative queries and recursive queries.

• Recursive query means that after the query request is issued, the domain name server sends a request to the next-level domain name server on its behalf, and finally returns the final result of the query to the user. Using recursive queries, users only need to issue a query request once.
• Iterative query means that after the query request, the domain name server returns the result of a single query. The next level of query is requested by the user himself. Using iterative queries, users need to issue multiple query requests.

Generally, the way we send requests to the local DNS server is recursive query, because we only need to make one request, and then the local DNS server returns us the final request result. The process of the local DNS server requesting other domain name servers is an iterative query process, because each domain name server only returns the result of a single query, and the next level query is performed by the local DNS server itself.

5. DNS records and messages

DNS servers store information in the form of resource records, and each DNS response message generally contains multiple resource records. The specific format of a resource record is

（Name，Value，Type，TTL）

TTL is the lifetime of resource records, which defines how long resource records can be cached by other DNS servers.

There are four commonly used Type values, namely A, NS, CNAME and MX. Different Type values ​​have different meanings corresponding to resource records:

• If Type = A, Name is the host name and Value is the IP address corresponding to the host name. Therefore, a resource record with record A provides a standard mapping of host names to IP addresses.
• If Type = NS, Name is a domain name and Value is the host name of the DNS server responsible for the domain name. This record is mainly used for DNS chain query to return the information of the next-level DNS server that needs to be queried.
• If Type = CNAME, Name is the alias and Value is the canonical host name of the host. This record is used to return a canonical host name corresponding to the host name to the querying host, thereby telling the querying host to query the IP address of this host name. The main purpose of host aliases is to provide some complex host names with a simple alias that is easy to remember.
• If Type = MX, Name is an alias of a mail server and Value is the canonical host name of the mail server. Its function is the same as CNAME, both of which are to solve the shortcomings of standardized host names that are not conducive to memory.

5. Network model

1. OSI seven-layer model

ISOIn order to better make network applications more popular, OSIa reference model was launched.

(1) Application layer

OSIThe layer closest to the user in the reference model provides application interfaces for computer users and also directly provides users with various network services. Our common application layer network service protocols include: HTTP, HTTPS, FTP, POP3, SMTPetc.

• http(hyper text transfer protocol)(超文本传输协议)There are often data requests between clients and servers. At this time, or is used https. When designing data interfaces on the back end, we often use this protocol.
• FTPIt is a file transfer protocol. During the development process, I personally did not involve it, but I think that some resource websites, for example, 百度网盘``迅雷should be based on this protocol.
• SMTPYes simple mail transfer protocol（简单邮件传输协议）. In a project, this protocol was used in the function of user email verification code login.

(2) Presentation layer

The presentation layer provides various encoding and conversion functions for application layer data to ensure that data sent by the application layer of one system can be recognized by the application layer of another system. If necessary, this layer provides a standard representation for converting various data formats within the computer into a standard representation used in communications. Data compression and encryption are also among the transformation functions that the presentation layer can provide.

In project development, in order to facilitate data transmission, you can use base64data encoding and decoding. If divided by function, base64it should work at the presentation layer.

(3) Session layer

The session layer is responsible for establishing, managing and terminating communication sessions between presentation layer entities. Communication at this layer consists of service requests and responses between applications in different devices.

(4)Transport layer

The transport layer establishes an end-to-end link between hosts. The role of the transport layer is to provide end-to-end reliable and transparent data transmission services for upper-layer protocols, including handling issues such as error control and flow control. This layer shields the details of lower-layer data communication from the upper layer, so that upper-layer users see only a host-to-host reliable data path between two transmission entities that can be controlled and set by the user. What we usually talk about TCP UDPis at this level. The port number is the "end" here.

(5) Network layer

This layer IPestablishes a connection between two nodes through addressing, selects appropriate routing and switching nodes for the packets sent by the transport layer at the source, and accurately transmits them to the transport layer at the destination according to the address. It's what's commonly called IPa layer. This layer is what we often call IPthe protocol layer. IPAgreement is Internetthe basis. We can understand that the network layer stipulates the transmission route of data packets, while the transport layer stipulates the transmission method of data packets.

(6) Data link layer

Combining bits into bytes, combining bytes into frames, using link layer addresses (Ethernet uses MAC addresses) to access the medium, and performing error detection.

Comparison between the network layer and the data link layer. From the above description, we may understand that the network layer plans the transmission route of the data packet, and the data link layer is the transmission route. However, the error control function is also added to the data link layer.

(7)Physical layer

The actual transmission of the final signal is achieved through the physical layer. Transport a bit stream over a physical medium. Levels, speeds, and cable pinouts are specified. Commonly used equipment include (various physical devices) hubs, repeaters, modems, network cables, twisted pairs, and coaxial cables. These are physical layer transmission media.

OSI seven-layer model communication characteristics: peer-to-peer communication

Peer-to-peer communication, in order for data packets to be transmitted from source to destination, each layer of the source OSI model must communicate with the peer layer of the destination. This communication method is called peer-to-peer layer communication. In the communication process of each layer, the layer's own protocol is used for communication.

2. TCP/IP five-layer protocol

TCP/IPThe corresponding relationship between the five-layer protocol and OSIthe seven-layer protocol is as follows:

• Application layer : Provides services directly to application processes. The application layer protocol defines the rules for communication and interaction between application processes. Different applications have different application layer protocols, such as HTTP protocol (World Wide Web service), FTP protocol (file transfer), SMTP protocol (email), DNS (domain name) query) etc.

• Transport layer : Sometimes translated as transport layer, it is responsible for providing communication services for processes in two hosts. This layer mainly has the following two protocols:

• • Transmission Control Protocol (TCP): Provides connection-oriented and reliable data transmission services. The basic unit of data transmission is a segment;
  • User Datagram Protocol (UDP): Provides connectionless, best-effort data transmission services, but does not guarantee the reliability of data transmission. The basic unit of data transmission is user datagram.

• Network layer (internet layer) : Sometimes translated as the Internet layer, it is responsible for providing communication services for two hosts and delivering data to the target host by selecting appropriate routes.

• Data link layer : Responsible for encapsulating IP datagrams handed over from the network layer into frames and transmitting frames between two adjacent nodes of the link. Each frame contains data and necessary control information ( Such as synchronization information, address information, error control, etc.).

• Physical Layer : Ensures that data can be transmitted on various physical media and provides a reliable environment for data transmission.

As you can see from the picture above, the model is more concise TCP/IPthan the model, it integrates everything .OSI应用层/表示层/会话层应用层

Different devices work at each layer. For example, our commonly used switches work at the data link layer, and general routers work at the network layer.

The protocols implemented at each layer are also different, that is, the services of each layer are also different. The following figure lists the main transmission protocols of each layer:

Similarly, TCP/IPthe communication method of the five-layer protocol is also peer-to-peer communication:

6. TCP and UDP

1. Concepts and characteristics of TCP and UDP

TCP and UDP are both transport layer protocols, and they both belong to the TCP/IP protocol family:

（1）UDP

The full name of UDP is User Datagram Protocol . In the network, it is used to process data packets like the TCP protocol. It is a connectionless protocol. In the OSI model, at the transport layer, it is the layer above the IP protocol. UDP has the disadvantage of not providing data packet grouping, assembly, and inability to sort data packets. That is to say, after a message is sent, it is impossible to know whether it has arrived safely and completely.

Its features are as follows:

1) For connectionless

First of all, UDP does not need to perform a three-way handshake to establish a connection before sending data like TCP. You can start sending when you want to send data. And it is only a porter of data packets and will not perform any splitting or splicing operations on data packets.

Specifically:

• At the sending end, the application layer passes the data to the UDP protocol of the transport layer. UDP will only add a UDP header to the data, indicating the UDP protocol, and then pass it to the network layer.
• At the receiving end, the network layer passes the data to the transport layer, and UDP only removes the IP header and passes it to the application layer without any splicing operations.

2) It has unicast, multicast and broadcast functions

UDP not only supports one-to-one transmission, but also supports one-to-many, many-to-many, and many-to-one. In other words, UDP provides unicast, multicast, and broadcast functions.

3) Message-oriented

The message handed over by the sender's UDP to the application program adds a header and then delivers it down to the IP layer. UDP neither merges nor splits the packets handed over by the application layer, but retains the boundaries of these packets. Therefore, the application must choose an appropriately sized packet

4) Unreliability

First of all, unreliability is reflected in the lack of connection. There is no need to establish a connection for communication. You can send whenever you want. This situation is definitely unreliable.

And the data will be transferred as it is received, and the data will not be backed up. When sending the data, it will not care whether the other party has received the data correctly.

Furthermore, the network environment is good and bad, but UDP will always send data at a constant speed because there is no congestion control. Even if the network conditions are not good, the sending rate will not be adjusted. The disadvantage of this implementation is that it may cause packet loss when the network conditions are poor, but the advantages are also obvious. In some scenarios with high real-time requirements (such as conference calls), UDP needs to be used instead of TCP.

5) The header overhead is small and it is very efficient when transmitting data messages.

The UDP header contains the following data:

• Two sixteen-digit port numbers, respectively source port (optional field) and destination port
• The length of the entire data message
• Checksum of the entire data message (IPv4 optional field), this field is used to detect errors in header information and data

Therefore, UDP header overhead is small, only 8 bytes, which is much less than TCP's at least 20 bytes, and is very efficient when transmitting data messages.

（2）TCP

The full name of TCP is Transmission Control Protocol, which is a connection-oriented, reliable, byte stream-based transport layer communication protocol. TCP is a connection-oriented, reliable streaming protocol (a stream refers to an uninterrupted data structure).

It has the following characteristics:

1) Connection-oriented

Connection-oriented means that a connection must be established at both ends before sending data. The method of establishing a connection is the "three-way handshake", which can establish a reliable connection. Establishing a connection lays the foundation for reliable transmission of data.

2) Only supports unicast transmission

Each TCP transmission connection can only have two endpoints, can only perform point-to-point data transmission, and does not support multicast and broadcast transmission methods.

3) Oriented to byte stream

TCP does not transmit packets independently like UDP. Instead, TCP transmits packets in a byte stream without retaining packet boundaries.

4) Reliable transmission

For reliable transmission, determining packet loss and error depends on the TCP segment number and confirmation number. In order to ensure the reliability of message transmission, TCP gives each packet a sequence number. At the same time, the sequence number also ensures that the packets transmitted to the receiving end entity are received in order. The receiving entity then sends back a corresponding acknowledgment (ACK) for the successfully received bytes; if the sending entity does not receive the acknowledgment within a reasonable round trip delay (RTT), then the corresponding data (assumed to be lost) will be retransmitted.

5) Provide congestion control

When the network is congested, TCP can reduce the rate and quantity of data injected into the network and alleviate congestion.

6) Provide full-duplex communication

TCP allows applications on both sides of the communication to send data at any time, because both ends of the TCP connection have caches to temporarily store data for two-way communication. Of course, TCP can send a segment immediately, or it can buffer it for a while to send more segments at once (the maximum segment size depends on the MSS)

2. The difference between TCP and UDP

	UDP	TCP
Connect or not	no connection	connection oriented
Is it reliable?	Unreliable transmission, no use of flow control and congestion control	Reliable transmission (data order and correctness), using flow control and congestion control
Number of connection objects	Support one-to-one, one-to-many, many-to-one and many-to-many interactive communication	Only one-to-one communication
transfer method	Message-oriented	byte stream oriented
Initial overhead	The header overhead is small, only 8 bytes	The minimum header length is 20 bytes and the maximum length is 60 bytes.
Applicable scene	Suitable for real-time applications such as video conferencing and live streaming	Suitable for applications requiring reliable transmission, such as file transfer

3. Usage scenarios of TCP and UDP

• TCP application scenarios: Scenarios with relatively low efficiency requirements but relatively high accuracy requirements. Because data confirmation, retransmission, sorting and other operations are required during transmission, the efficiency is not as high as UDP. For example: file transfer (accuracy and high requirements, but the speed can be relatively slow), receiving emails, and remote login.
• UDP application scenarios: Scenarios with relatively high efficiency requirements and relatively low accuracy requirements. For example: QQ chat, online video, Internet voice calls (instant messaging, high speed requirements, but occasional intermittence is not a big problem, and the retransmission mechanism cannot be used here at all), broadcast communication (broadcast, multicast).

4. Why is the UDP protocol unreliable?

UDP does not need to establish a connection before transmitting data. After receiving the UDP message, the transport layer of the remote host does not need to confirm, providing unreliable delivery. To summarize, the following four points are made:

• No guarantee of message delivery: no acknowledgment, no retransmission, no timeout
• Delivery order is not guaranteed: no packet sequence number is set, no rearrangement is performed, and head-of-line blocking does not occur.
• No tracking of connection status: no need to establish a connection or restart the state machine
• No congestion control: no built-in client or network feedback mechanism

5. TCP retransmission mechanism

Since TCP's lower network (network layer) may be lost, duplicated or out of sequence , the TCP protocol provides reliable data transmission services. To ensure the correctness of data transmission, TCP will retransmit packets that it thinks have been lost (including bit errors in the message). TCP uses two independent mechanisms to complete retransmissions, one based on time and the other based on acknowledgment information .

After TCP sends a piece of data, it starts a timer. If the ACK confirmation message for the sent data is not received within this time, the message will be retransmitted. When a certain number of times is reached without success, it will give up and send a reset signal.

6. TCP congestion control mechanism

TCP’s congestion control mechanism mainly includes the following four mechanisms:

• Slow start (slow start)
• congestion avoidance
• Fast retransmission
• Quick recovery

(1) Slow start (slow start)

• Set cwnd = 1 when starting to send (cwnd refers to the congestion window)

• Idea: Don't send a large amount of data at the beginning, but test the degree of network congestion first, and increase the size of the congestion window from small to large.

• In order to prevent cwnd from growing too large and causing network congestion, set a slow start threshold (ssthresh status variable)

• • When cnwd < ssthresh, use slow start algorithm
  • When cnwd = ssthresh, either the slow start algorithm or the congestion avoidance algorithm can be used
  • When cnwd > ssthresh, use congestion avoidance algorithm

(2) Congestion avoidance

• Congestion avoidance may not be able to completely avoid congestion. It means that during the congestion avoidance stage, the congestion window is controlled to grow linearly, so that the network is less prone to congestion.

• Idea: Let the congestion window cwnd increase slowly, that is, increase the sender's congestion control window by one every time a return time RTT passes.

• Whether in the slow start phase or the congestion avoidance phase, as long as the sender determines that the network is congested, it sets the slow start threshold to half the sending window size when congestion occurs. Then set the congestion window to 1 and execute the slow start algorithm. as the picture shows:
  

• Among them, the basis for judging network congestion is the failure to receive acknowledgment. Although failure to receive acknowledgment may be caused by packet loss due to other reasons, because it cannot be determined, it is treated as congestion.

(3) Fast retransmission

• Fast retransmission requires the receiver to send a duplicate acknowledgment immediately after receiving an out-of-sequence segment (in order to let the sender know early that a segment has not reached the other party). As long as the sender receives three consecutive repeated acknowledgments, it will immediately retransmit the message segments that the other party has not yet received, without having to wait for the set retransmission timer to expire.
• Since there is no need to wait for the set retransmission timer to expire, unacknowledged message segments can be retransmitted as early as possible, which can improve the throughput of the entire network.

(4) Quick recovery

• When the sender receives three consecutive duplicate confirmations, it performs the "multiplicative reduction" algorithm to halve the ssthresh threshold. But then the slow start algorithm is not executed.
• Considering that it would not receive several duplicate acknowledgments if the network was congested, the sender now believes that the network may not be congested. Therefore, the slow start algorithm is not executed at this time, but cwnd is set to the size of ssthresh, and then the congestion avoidance algorithm is executed.
  

7. TCP flow control mechanism

Generally speaking, flow control is to prevent the sender from sending data too fast and to allow the receiver to receive it in time. TCP uses a variable-sized sliding window for flow control, and the unit of window size is bytes. The window size mentioned here is actually the size of the data transmitted each time.

• When a connection is established, each end of the connection allocates a buffer to hold incoming data and sends the buffer size to the other end.
• When data arrives, the receiver sends an acknowledgment containing its remaining buffer size. (The size of the remaining buffer space is called the window, and the notification indicating the window size is called a window advertisement. The receiver includes a window advertisement in every acknowledgment sent.)
• If the receiving application can read the data as fast as the data arrives, the receiving application will send a positive window notification with each acknowledgment.
• If the sender operates faster than the receiver, the received data will eventually fill the receiver's buffer, causing the receiver to advertise a zero window. When the sender receives a zero window advertisement, it must stop sending until the receiver re-advertises a positive window.

8. TCP’s reliable transmission mechanism

TCP's reliable transmission mechanism is based on the continuous ARQ protocol and the sliding window protocol.

The TCP protocol maintains a sending window on the sender. The message segments before the sending window are the message segments that have been sent and confirmed. The sending window includes the message segments that have been sent but not confirmed and the message segments that are allowed to be sent but have not yet been sent. The message segments after the sending window are the message segments that are not allowed to be sent in the cache. When the sender sends a message to the receiver, it will send all the message segments in the window in sequence, and set a timer. This timer can be understood as the earliest message segment sent but not received acknowledgment. If a confirmation reply for a certain message segment is received within the timer, the window will be slid and the header of the window will be slid backward to the next position of the confirmation message segment. At this time, if there are still messages that have been sent but not confirmed, message segment, reset the timer, if there is no more, close the timer. If the timer times out, resend all segments that have been sent but have not yet received acknowledgment, and set the timeout interval to twice the previous time. When the sender receives three redundant acknowledgments from the receiver, this is an indication that subsequent segments of the segment are likely to be lost, and the sender will enable the fast retransmission mechanism. , that is, all sent but confirmed message segments are sent before the current timer ends.

The receiver uses a cumulative acknowledgment mechanism. For all message segments that arrive in sequence, the receiver returns a positive answer to the message segment. If an out-of-order segment is received, the receiving party will discard it directly and return a positive response to the latest segment that arrived in order. The use of cumulative acknowledgments ensures that the message segments before the returned acknowledgment number have arrived in order, so the sending window can be moved to the back of the confirmed message segments.

The size of the sending window changes and is determined by the remaining size of the receiving window and the degree of congestion in the network. TCP controls the sending rate of message segments by controlling the length of the sending window.

However, the TCP protocol is not exactly the same as the sliding window protocol, because many TCP implementations will cache out-of-order message segments, and when a retransmission occurs, only one message segment will be retransmitted. Therefore, the reliable transmission mechanism of the TCP protocol It is more like a hybrid between the sliding window protocol and the selective retransmission protocol.

9. TCP’s three-way handshake and four-way wave

(1) Three-way handshake

Three-way Handshake actually means that when establishing a TCP connection, the client and server need to send a total of 3 packets. The main purpose of the three-way handshake is to confirm whether the receiving and sending capabilities of both parties are normal, and to specify your own initialization sequence number to prepare for subsequent reliable transmission. In essence, it is to connect to the designated port of the server, establish a TCP connection, synchronize the sequence number and confirmation number of both parties, and exchange TCP window size information.

At the beginning, the client is in the Closed state and the server is in the Listen state.

• First handshake: The client sends a SYN message to the server and indicates the client's initialization sequence number ISN. At this time, the client is in the SYN_SEND state.

The synchronization bit in the header is SYN=1, the initial sequence number seq=x, and the message segment with SYN=1 cannot carry data, but it consumes a sequence number.

• Second handshake: After receiving the client's SYN message, the server will respond with its own SYN message and also specify its own initialization sequence number ISN. At the same time, the client's ISN + 1 will be used as the ACK value, indicating that it has received the client's SYN. ​​At this time, the server is in the SYN_REVD state.

In the confirmation message segment, SYN=1, ACK=1, confirmation number ack=x+1, and initial sequence number seq=y

• Third handshake: After receiving the SYN message, the client will send an ACK message. Of course, the server's ISN + 1 is also used as the ACK value, indicating that the SYN message from the server has been received. At this time, the client In ESTABLISHED state. After receiving the ACK message, the server is also in the ESTABLISHED state. At this time, the two parties have established a connection.

Confirmation message segment ACK=1, confirmation number ack=y+1, sequence number seq=x+1 (initially seq=x, so the second message segment needs +1), ACK message segment can carry data, no Carrying data does not consume the sequence number.

So why do we need to shake hands three times? Not twice?

• In order to confirm that the receiving and sending capabilities of both parties are normal
• If a two-way handshake is used, the following situation will occur:

If the client sends a connection request but does not receive confirmation because the connection request message is lost, the client retransmits the connection request. Later, confirmation was received and the connection was established. After the data transmission is completed, the connection is released. The client sends a total of two connection request message segments. The first one is lost and the second one reaches the server. However, the first lost message segment is only in some cases. The network node is stuck for a long time, and it is delayed until a certain time after the connection is released. At this time, the server mistakenly thinks that the client has issued a new connection request, so it sends a confirmation message segment to the client and agrees. To establish a connection, a three-way handshake is not used. As long as the server sends a confirmation, a new connection is established. At this time, the client ignores the confirmation sent by the server and does not send data. The server waits for the client to send data, which wastes resources. .

Simply put, it is the following three steps:

• **First handshake:** The client sends a connection request segment to the server. This message segment contains its own data communication initial sequence number. After the request is sent, the client enters the SYN-SENT state.
• **Second handshake:** After the server receives the connection request message segment, if it agrees to the connection, it will send a response, which will also include its own data communication initial sequence number. After the sending is completed, it will enter SYN- RECEIVED status.
• **Third handshake:** When the client receives the connection consent response, it also sends a confirmation message to the server. After the client sends this message segment, it enters the ESTABLISHED state. After the server receives this response, it also enters the ESTABLISHED state. At this time, the connection is successfully established.

The process of establishing a connection in the TCP three-way handshake is the process of mutual confirmation of the initial sequence number, telling the other party what sequence number of message segment can be correctly received. The third handshake is the client's confirmation of the server's initial sequence number. If only two handshakes are used, the server has no way of knowing whether its sequence number has been confirmed. At the same time, this is also to prevent invalid request segments from being received by the server and causing errors.

(2) Wave four times

At the beginning, both parties are in the ESTABLISHED state. If the client initiates a shutdown request first. The process of waving four times is as follows:

• The first wave: The client will send a FIN message, and a sequence number will be specified in the message. At this time the client is in FIN_WAIT1 state.

That is, it sends a connection release message segment (FIN=1, sequence number seq=u), stops sending data, actively closes the TCP connection, enters the FIN_WAIT1 (termination wait 1) state, and waits for confirmation from the server.

• The second wave: After receiving the FIN, the server will send an ACK message and use the client's sequence number value + 1 as the sequence number value of the ACK message, indicating that it has received the client's message. At this time, the server In CLOSE_WAIT state.

That is, after receiving the connection release message segment, the server sends a confirmation message segment (ACK=1, confirmation number ack=u+1, sequence number seq=v), and the server enters the CLOSE_WAIT (closed waiting) state. At this time, TCP In a semi-closed state, the connection from the client to the server is released. After receiving the confirmation from the server, the client enters the FIN_WAIT2 (termination wait 2) state and waits for the connection release segment sent by the server.

• The third wave: If the server also wants to disconnect, it will send a FIN message and specify a sequence number just like the client's first wave. At this time, the server is in the LAST_ACK state.

That is, the server has no data to send to the client. The server sends a connection release message segment (FIN=1, ACK=1, sequence number seq=w, confirmation number ack=u+1), and the server enters LAST_ACK (final confirmation). ) status, waiting for confirmation from the client.

• The fourth wave: After receiving the FIN, the client also sends an ACK message as a response, and uses the server's sequence number value + 1 as the sequence number value of its own ACK message. At this time, the client is in the TIME_WAIT state. It takes a while to ensure that the server receives its own ACK message before it enters the CLOSED state. After the server receives the ACK message, it closes the connection and is in the CLOSED state.

That is, after the client receives the connection release message segment from the server, it sends a confirmation message segment (ACK=1, seq=u+1, ack=w+1), and the client enters the TIME_WAIT (time waiting) state. At this time, TCP has not been released, and the client needs to wait for the time 2MSL set by the timer to enter the CLOSED state.

So why do we need to wave four times?

Because when the server receives the client's SYN connection request message, it can directly send a SYN+ACK message. The ACK message is used for response, and the SYN message is used for synchronization. But when closing the connection, when the server receives the FIN message, it is likely that the SOCKET will not be closed immediately, so it can only reply with an ACK message first to tell the client, "I received the FIN message you sent." Only after all the messages on my server have been sent can I send the FIN message, so it cannot be sent together, so it requires four waves.

Simply put, it is the following four steps:

• **First wave :** If the client thinks that the data sending is completed, it needs to send a connection release request to the server.
• The second **** wave : After receiving the connection release request, the server will tell the application layer to release the TCP link. Then an ACK packet will be sent and the CLOSE_WAIT state will be entered. This indicates that the connection from the client to the server has been released and data sent by the client will no longer be received. But because the TCP connection is bidirectional, the server can still send data to the client.
• The third wave : If the server still has unfinished data at this time, it will continue to send. After completion, it will send a connection release request to the client, and then the server will enter the LAST-ACK state.
• **The fourth wave :** After receiving the release request, the client sends a confirmation response to the server. At this time, the client enters the TIME-WAIT state. This state will last for 2MSL (maximum segment lifetime, which refers to the time the message segment survives in the network. It will be discarded after timeout). If there is no resend request from the server within this time period, it will enter the CLOSED state. When the server receives the confirmation response, it enters the CLOSED state.

The reason why TCP uses four waves is because the TCP connection is full-duplex, so both parties need to release the connection to the other party respectively. The release of the connection of one party only means that no more data can be sent to the other party, and the connection is in a semi-released state. state.

The reason why the client waits for a period of time before closing during the last wave is to prevent the confirmation message segment sent to the server from being lost or incorrect, causing the server to fail to shut down normally.

10. What is TCP sticky packet and how to deal with it**?**

By default, the TCP connection will enable the delayed transmission algorithm (Nagle algorithm) to cache data before sending them. If multiple data are sent in a short period of time, they will be buffered and sent together at once (buffer size see socket.bufferSize ), which can reduce IO consumption and improve performance.

If you are transferring files, you don't have to deal with the problem of sticky packets at all. Just put one packet into another. But if there are multiple messages, or data for other purposes, then sticky packets need to be processed.

Let’s look at an example below. Call send twice in succession to send two pieces of data data1 and data2 respectively. There are several common situations on the receiving end:

A. Receive data1 first, then receive data2.

B. First receive part of the data of data1, then receive the remaining part of data1 and all of data2.

C. First received all the data of data1 and part of the data of data2, and then received the remaining data of data2.

D. Received all the data of data1 and data2 at one time.

Among them, BCD is the sticky situation that we often see. For dealing with the sticky problem, common solutions are:

• There is a waiting time before sending multiple times : you only need to wait for a period of time before sending the next time, which is suitable for scenarios with particularly low interaction frequency. The disadvantages are also obvious, for more frequent scenarios. The transmission efficiency is really low, but there is almost no need to do anything.
• Turn off the Nagle algorithm : Turn off the Nagle algorithm. In Node.js, you can turn off the Nagle algorithm through the socket.setNoDelay() method, so that each send will be sent directly without buffering. This method is more suitable for scenarios where the data sent each time is relatively large (but not as large as the file), and the frequency is not particularly high. If the amount of data sent each time is relatively small and the frequency is particularly high, turning off Nagle is purely self-defeating. In addition, this method is not suitable for situations where the network is poor, because the Nagle algorithm is a package merge performed on the server side. However, if the network condition of the client is not good in a short period of time, or the application layer fails due to some reasons Failure to recv the TCP data in time will cause multiple packets to be buffered on the client side and the packets will be stuck. (If the communication is in a stable computer room, then this probability is relatively small and can be ignored.)
• Packaging /unpacking: Packaging/unpacking is a common solution in the industry. That is, before each data packet is sent, some characteristic data is placed before/after it, and then when the data is received, each data packet is segmented according to the characteristic data.

11. Why doesn’t UDP stick to packets?

• TCP protocol is a stream-oriented protocol, and UDP is a message-oriented protocol. Each UDP segment is a message. The application must extract data in message units and cannot extract any byte of data at one time.
• UDP has a protected message boundary, and there is a message header (message source address, port and other information) in each UDP packet, so that it is easy for the receiving end to distinguish and process it. The transmission protocol treats data as an independent message for transmission over the Internet, and the receiving end can only receive independent messages. The receiving end can only receive one data packet from the sending end at a time. If the size of the data received at one time is smaller than the size of the data sent by the sending end at one time, part of the data will be lost. Even if it is lost, the receiving end will not Will be received in two installments.

7. WebSocket

1. Understanding WebSocket

WebSocket is a network technology provided by HTML5 for full-duplex communication between browsers and servers . It is an application layer protocol. It is based on the TCP transport protocol and reuses the HTTP handshake channel. The browser and the server only need to complete a handshake, and a persistent connection can be created directly between the two for bidirectional data transmission.

The emergence of WebSocket solves the shortcomings of half-duplex communication. Its biggest feature is that the server can actively push messages to the client, and the client can also actively push messages to the server.

WebSocket principle : The client notifies the WebSocket server of an event with all recipients IDs. The server immediately notifies all active clients after receiving it. Only the IDs are in the receiver ID sequence. Only the client in will handle this event.

WebSocket features are as follows:

• Support two-way communication, stronger real-time performance
• You can send text or binary data''
• Built on the TCP protocol, server-side implementation is relatively easy
• The data format is relatively lightweight, has low performance overhead, and efficient communication.
• There is no origin restriction, the client can communicate with any server
• The protocol identifier is ws (or wss if encrypted) and the server address is the URL
• It has good compatibility with HTTP protocol. The default ports are also 80 and 443, and the handshake phase uses the HTTP protocol, so it is not easy to block during the handshake and can pass various HTTP proxy servers.

How to use Websocket is as follows:

In the client:

// 在index.html中直接写WebSocket，设置服务端的端口号为 9999
let ws = new WebSocket('ws://localhost:9999');
// 在客户端与服务端建立连接后触发
ws.onopen = function() {
    console.log("Connection open."); 
    ws.send('hello');
};
// 在服务端给客户端发来消息的时候触发
ws.onmessage = function(res) {
    console.log(res);       // 打印的是MessageEvent对象
    console.log(res.data);  // 打印的是收到的消息
};
// 在客户端与服务端建立关闭后触发
ws.onclose = function(evt) {
  console.log("Connection closed.");
}; 

2. Implementation of instant messaging: What are the differences between short polling, long polling, SSE and WebSocket?

The purpose of short polling and long polling is to realize instant communication between the client and the server.

**Basic idea of ​​short polling:** The browser sends http requests to the browser at regular intervals. After receiving the request, the server responds directly regardless of whether there is data update. The instant communication implemented in this way is essentially a process in which the browser sends a request and the server accepts the request. By allowing the client to continuously make requests, the client can simulate the changes in data received from the server in real time. The advantage of this method is that it is relatively simple and easy to understand. The disadvantage is that this method requires constant establishment of http connections, which seriously wastes server-side and client-side resources. When the number of users increases, the pressure on the server will increase, which is very unreasonable.

**Basic idea of ​​long polling:** First, the client initiates a request to the server. When the server receives the request from the client, the server will not respond directly, but will first suspend the request, and then Determine whether the server-side data has been updated. If there is an update, it will respond. If there is no data, it will not return until a certain time limit is reached. The client-side JavaScript response processing function will issue the request again and re-establish the connection after processing the information returned by the server. Compared with short polling, the advantage of long polling is that it significantly reduces the number of unnecessary http requests, which saves resources. The disadvantage of long polling is that connection suspension can also cause a waste of resources.

**The basic idea of ​​​​SSE: **The server uses streaming information to push information to the server. Strictly speaking, the http protocol cannot enable the server to actively push information. However, there is a workaround, which is for the server to declare to the client that the next thing to be sent is stream information. In other words, what is sent is not a one-time data packet, but a data stream, which will be sent continuously. At this time, the client will not close the connection and will always wait for new data streams from the server. Video playback is an example of this. SSE uses this mechanism to push information to the browser using stream information. It is based on the http protocol and is currently supported by other browsers except IE/Edge. Compared with the previous two methods, it does not need to establish too many http requests, which saves resources.

WebSocket is a new protocol defined by HTML5. Unlike the traditional http protocol, this protocol allows the server to actively push information to the client. The disadvantage of using the WebSocket protocol is that the configuration on the server side is more complicated. WebSocket is a full-duplex protocol, that is, the communicating parties are equal and can send messages to each other, while the SSE method is one-way communication, and the server can only push information to the client. If the client needs to send information, It belongs to the next http request.

Of the four communication protocols above, the first three are based on the HTTP protocol.

For these four communication protocols, from a performance perspective:

WebSocket > Long Connection (SEE) > Long Polling > Short Polling

However, if we consider browser compatibility issues, the order is exactly the opposite:

Short polling > Long polling > Long connection (SEE) > WebSocket

Therefore, it is still necessary to judge which method to use based on the specific usage scenario.