Computer Network Interview Questions and Answers

Foregoing: The original intention of this article is to summarize the interviews I have seen on major platforms. I will continue to update some computer network problems I encountered in this article. Please correct me if there are any mistakes!

1. What happens between the browser inputting the URL and opening the web page?

①After entering the URL, the first thing the browser does is DNS domain name resolution.

②After DNS resolution, the browser has obtained the IP address of the corresponding website and connects to the website server through a three-way handshake.

③After the TCP three-way handshake, the client and server successfully establish a connection, and then the browser will send an HTTP request to the specific port of the server.

④When an HTTP request enters the server, the general process is: the gateway layer (such as Ngnix) first obtains the request, and then routes and forwards it to the specific Web service. After a period of business logic, the database may also be queried, and finally the request will be processed. The results are returned to the browser client.

⑤After the server processes the business results, it also returns an HTTP response. The HTTP response consists of status line, response headers, blank line and response body. Regarding each Some of the details will not be repeated.

⑥When the browser obtains the page information corresponding to the domain name, in order to avoid resource loss on both the server and the client, the client will request to disconnect the TCP connection. Similar to the three-way handshake process, the TCP four-way wave process can be summarized as:

⑥Browser parses HTML

2. The detailed process of the three-way handshake of TCP connection and the reason for the final wait of 2ms

The first handshake: the client sends a SYN message to the server.

Second handshake: After receiving the SYN message, the server will respond with a SYN+ACK message.

The third handshake: After receiving the SYN+ACK message, the client will respond with an ACK message.

After the server receives the ACK message, the three-way handshake is completed. The purpose is to confirm whether the receiving and sending capabilities of both parties are normal.

3.What is the difference between TCP and UDP?

TCP: Transmission Control Protocol is a connection-oriented, reliable, byte stream-based transport layer communication protocol, defined by IETF's RFC 793.

UDP: The Internet protocol suite supports a connectionless transport protocol called the User Datagram Protocol. UDP provides a way for applications to send encapsulated IP packets without requiring a connection.

the difference:

TCP is connection-oriented, establishing a connection through a three-way handshake and releasing the connection with four waves; UDP is connectionless, that is, there is no need to establish a connection before sending data. This method brings high transmission efficiency to UDP, but it also results in the inability to ensure data was sent successfully.

TCP is a reliable communication method. For data transmitted through a TCP connection, TCP uses timeout retransmission, data verification, etc. to ensure that the data is error-free, not lost, not repeated, and arrives in order; while UDP will transmit at the maximum speed because it does not require a connection. , but reliable delivery is not guaranteed, that is, problems such as loss, duplication, etc. may occur.

TCP is oriented to byte streams. In fact, TCP regards data as a series of unstructured byte streams. Due to connection problems, when the network fluctuates, the connection may have response problems; UDP is message oriented, and UDP has no congestion control. , so network congestion will not reduce the sending rate of the source host.

Each TCP connection can only be point-to-point; UDP does not establish a connection, so it can support one-to-one, one-to-many, many-to-one and many-to-many interactive communications, that is, it can accept packets from multiple people at the same time.

TCP needs to establish a connection, and the header overhead of 20 bytes is relatively large compared to 8 bytes of UDP.

The logical communication channel of TCP is a full-duplex reliable channel, while UDP is an unreliable channel.

4.How does TCP ensure reliable transmission?

Checksum: During the data transmission process, the sent data segment is treated as a 16-bit integer. Add these numbers up. And the previous carry cannot be lost, the complement is added at the end, and finally the checksum is obtained by negating it. Sender: Calculate the checksum before sending data and fill in the checksum. Receiver: After receiving the data value, calculate the data in the same way, find the checksum, and compare it with the sender's. If the checksum compared by the receiver is inconsistent with that of the sender, then the data must have been transmitted incorrectly. However, if the receiver compares the checksum with the sender, the data may not be transmitted successfully.

Serial number: Confirmation sequence number and sequence number: During TCP transmission, each byte of data is numbered, which is the sequence number.

Acknowledgment response: During the TCP transmission process, each time the receiver receives the data, it will issue an ACK confirmation response to the transmitter. That is, sending an ACK message. This message contains a corresponding confirmation sequence number, telling the sender how much data has been received and which sequence number the next data will start from.

Timeout retransmission: The sender waits for a period of time after sending the data. If no ACK message is received when the time is up, the data just sent will be retransmitted. This waiting time is dynamically calculated and is generally controlled in units of 500ms. After retransmitting once, there is still no response, then wait for 2*500ms and retransmit again. Wait for 4*500ms to continue retransmitting. Grow in an exponential form. When a certain number of retransmissions is accumulated, TCP considers that there is an abnormality in the network or the peer end and forcibly closes the connection.

Connection management: three-way handshake and four-way wave.

Flow control: If the sending end sends data too fast, the end buffer of the receiving end will fill up quickly. At this time, if the sender still sends data, then the next data sent will be lost, which will lead to a series of chain reactions of packet loss. TCP determines the sending speed of the sender based on the processing capabilities of the receiver. This mechanism is flow control.

Sliding window: It is actually how much of the buffer is left at the receiving end to receive data. When the receiving end sends an ACK message in response to the confirmation, it will fill in its own timely window size and send it along with the ACK message. The sender changes its sending speed based on the change in the window size value in the ACK message. If the received window size is 0, the sender will stop sending data. And periodically send data window detection data segments to the receiving end, allowing the receiving end to feedback the window size to the sending end.

Congestion control: TCP introduces a slow start mechanism. When starting to send data, it first sends a small amount of data to explore the path. Find out what the current network status is, and then decide how fast to transmit. At this time, a concept called congestion window is introduced.

Delayed response: If the host receiving the data returns an ACK response immediately, the return window may be smaller at this time. You can wait a little longer before responding (within the specified waiting time), because the processing port may process the buffer very quickly, and the newly received data will be consumed from the buffer within 10ms. Such a delayed response The return window may be large.

5. What are the server's semi-link queue and full-link queue?

Semi-link queue: After the server receives the client's SYN for the first time, it will be in the SYN_RCVD state. At this time, the two parties have not fully established a connection. The server will put the connection request in this state in a queue. We put this queue Called a semi-linked queue.

Full link queue: The three-way handshake has been completed, and the connection established will be placed in the full link queue. If the queue is full, packet loss may occur.

Supplement: Regarding the issue of the number of SYN-ACK retransmissions: After the server has sent the SYN-ACK packet, if it does not receive the customer confirmation packet, the server will perform the first retransmission. After waiting for a period of time and still not receiving the customer confirmation packet, it will perform a second retransmission. , if the number of retransmissions exceeds the maximum number of retransmissions specified by the system, the system will delete the connection information from the semi-connection queue. Note that the waiting time for each retransmission is not necessarily the same. It usually increases exponentially. For example, the interval time is 1s, 2s, 3s...

6. Which step in socket programming is from half link to full link?

When the server calls the listen function to listen on the port, the kernel will create two queues for each listening socket: semi-connection queue (syn queue). When the client sends a SYN packet, the server replies with SYN+ACK after receiving it. The server enters the SYN_RECV state, and the socket at this time will be placed in the semi-connection queue). Then when the server receives the ACK from the client, the socket will be moved from the semi-connection queue to the full-connection queue.

7. What to do if the connection is half full? How to operate when all connections are full?

Semi-connection: Depending on the situation, the connection may be handled differently, which may be discarding or sending a reset packet.

It is divided into the following situations:

1. If the semi-connection queue is full and tcp_syncookies is not enabled, it will be discarded

2. If the full connection queue is also full and there is more than one connection request without retransmitting the SYN+ACK packet, it will be discarded

3. If tcp_syncookies is not enabled and max_syn_backlog minus the current semi-connection queue length is less than (max_syn_backlog/4), it will be discarded

Full connection: When the full connection is full, Linux discards the connection by default, and can also be controlled by the /proc/sys/net/ipv4/tcp_abort_on_overflow value.

It is divided into the following situations:

1. If it is 0, the connection is discarded (default)

2. If it is 1, the server sends a reset packet to the client

8. In the App you developed, you send "hello" to a website through http protocol. What protocols did the whole process go through? What protocols did you follow? (The answer is the same as what happens when entering a URL in the following article) After getting the IP address of the website, how to forward it on your own router?

Take the process of sending PC1 to PC2 as an example.

1.PC1 sends the message to gateway device R1

2.R1 searches the routing table entry, determines the forwarding next hop and outbound interface, and then forwards the message to R2 (gateway device)

3.R2 forwards it to R3 by searching for routing table entries

4. After receiving it, R3 searches the routing table entry and finds that the destination address of the IP message belongs to the network segment where the local interface is located, and then directly forwards it locally. Finally, the message is sent to the destination host PC2

9. In the application, network communication is performed on the internal network and the external network. What is the difference between the calling levels of the two types of communication?

Inter-network communication: refers to communication between devices within a local area network. A LAN is a restricted network, usually connected by routers or switches. In intranet communication, devices can communicate with each other directly through IP addresses on the LAN without going through the Internet. Therefore, the call level of intranet communication is lower and involves fewer network protocols.
Generally, in intranet communication, devices can communicate using IP addresses within the LAN (for example, 192.168.x.x or 10.x.x.x). Such communication belongs to the local network, data transfer is faster, and does not need to go through special network equipment or routers on the Internet. In intranet communication, common communication protocols include Ethernet protocol (Ethernet), local area network protocol (LAN), local area network protocols (LAN protocols), ARP (Address Resolution Protocol), etc.
Communication between external networks: refers to communication between different networks on the Internet. The Internet is a global wide area network composed of various networks and network devices. Unlike the internal network, external network communication requires Internet-connected devices, such as routers, firewalls, and Internet Service Providers (ISPs). In external network communications, data needs to be transmitted using globally unique public IP addresses in order to be identified and routed between different networks. Therefore, many network protocols are involved in external network communications, including transport layer protocols (such as TCP or UDP), network layer protocols (such as IP), routing protocols (such as BGP or OSPF), etc.
External network communication involves a higher level of calls and needs to follow strict specifications and protocols to ensure the correct transmission and exchange of data between different networks. In addition, since external network communication involves multiple devices and networks on the Internet, data transmission speed may be affected by factors such as delay and congestion. In external network communication, common communication protocols include Internet Protocol (IP), Transmission Control Protocol (TCP), User Datagram Protocol (UDP), Hypertext Transfer Protocol (HTTP), etc.

10. How to distinguish between the internal network and the external network?

The distinction between the internal network and the external network is mainly achieved through the network address and network connection method.

How to distinguish:

1. IP address range: The internal network and the external network use different IP address ranges. Common intranet IP address ranges (for example, 192.168.x.x to 172.31.x.x). These IP addresses are unique on the public Internet, and external communications use public IP address ranges, which are assigned by the Internet Addressing and Assignment Agency.

2. Network topology and connection method: Intranet usually refers to the interconnection of devices within a local area network, connected through switches or routers. Devices within this LAN can communicate with each other without going through the Internet. In contrast, the external network refers to the connection of the device to the Internet. The device needs to be connected to the public Internet through an Internet Service Provider (ISP, Internet Service Provider) through a device such as a router or firewall.

3. Access permissions and security settings: Under normal circumstances, accessing intranet resources requires authentication and authorization within the LAN or through mechanisms such as a virtual private network (VPN). External network resources are usually publicly accessible and can be accessed directly through the public Internet.

4. Network configuration and management: The network configuration and management methods of the internal network and the external network are also different. Intranets are usually managed and configured by organizations or individuals, who can set network rules and security policies according to their own needs. External networks need to work with Internet service providers to obtain public IP addresses and network connections, and comply with Internet regulations and security standards.

11. At which level is the subnet mask determined?

Decisions are made in the network layer.

//12.What are the advantages and disadvantages of TCP and UDP?

13.What are the headers of tcp, udp, and ip protocols? How many bytes do their headers occupy?

TCP: Fixed header occupies 20 bytes. It contains: source port number (16 bits), destination port number (16 bits), TCP sequence number (32 bits), TCP confirmation number (32 bits), header length (4 bits), reserved bits (6 bits), URG (1 bit), ACK (1 bit), PSH (1 bit), PST (1 bit), SYN (1 bit), FIN (1 bit), window pointer (16 bits), checksum (16 bits) , urgent pointer (16 bits).

UDP: Each UDP message is divided into two parts: UDP header and UDP data area. The header consists of four 16-bit long (2-byte) fields, which respectively describe the source port, destination port, message length and check value of the message. Source port (16 bits), destination port (16 bits), length (16 bits), check value (16 bits)

IP: consists of 20 bytes. Version (4 bits), header length (4 bits), differentiated services (8 bits), total length (16 bits), identification (16 bits), flags (3 bits), slice offset (13 bits), time to live (8 bits), protocol (8 bits), header checksum (16 bits), source address (32 bits), destination address (32 bits)

14.How to modify the receive buffer size in socket?

Each socket is mapped to a file in Linux and is associated with two buffers (read and write buffers) in the kernel.

1. System settings: cat /proc/sys/net/core/xxxxxx Modify related data rmem_max is the maximum value of a buffer that can be set by the program, wmem_max is the maximum value of a socket's write buffer that can be set by the program, rmem_default is the creation of a socket When it comes out, the default read buffer size, wmem_default is the default write buffer size when a socket is created.

2. Modify the buffer size at the application level: dynamically modify the read and write buffer size of the valid socket held in the program (by calling the setsockopt system call). However, modifying the buffer size at the code level is not omnipotent. It is limited by the system configuration. We can dynamically "release permissions" by modifying the system runtime configuration (/proc) so that the application can set a larger kernel. Read and write buffer.

3. Modify the program size at the system configuration level: /proc/sys/net/core/rmem_default or /rmem_max. Because the setsocketopt system call level settings are limited by the system runtime configuration, you can modify the system configuration to make the program settings larger. Write buffer. Note: 1. When the system is shut down and restarted, do the modifications to /proc still exist? Yes, if the server crashes abnormally and loses its original settings after restarting, it may cause the receiving area buffer to be smaller and packet loss may occur. Why do I set the read buffer value to RcvBufSize through setsocketopt, but the actual buffer size obtained by getsocketopt is 2*rcvBufSize? This is related to the implementation of the source code (it may be due to the extra space required for UDP unpacking and encapsulation)

15.ip datagram fragmentation

It needs to be processed accordingly according to the logo, mark and piece displacement of the header.

Identifier: Fragments of the same IP datagram use the same identifier. When the IP datagram size exceeds the MTU, the datagram is fragmented. When fragmentation is completed, the IP datagram fragments have the same identifier.

Flag: It consists of three bits [48, 50]. Only 2 bits are meaningful. The highest bit is a reserved bit and has no meaning. The middle bit: DF bit disables fragmentation when it is 1, and allows fragmentation when it is 0. The lowest bit: MF bit. When MF=1, it means that there are fragments later. When it is 0, it means that this fragment is the last fragment of the group. There is no subsequent fragments. Only when DF=0, MF is meaningful.

Fragment displacement: fragments of longer packets, the relative position of one of the middle fragments in the original IP packet, the unit is 8 bytes, that is to say, except for the last fragment, the length of each fragment is An integer multiple of 8 bytes.

16. Explain what the slow start mechanism and congestion mechanism are?

The slow start algorithm works by observing that the rate at which new packets enter the network should be the same as the rate at which acknowledgments are returned from the other end. Slow start adds another window to the sender's TCP: the congestion window.

The congestion avoidance algorithm assumes that the loss caused by packet damage is very small (much less than 1%), so packet loss means that congestion has occurred somewhere on the network between the source host and the destination host. Congestion manifests itself in two forms: the timer times out after sending a message and no ACK is received, and the other receives a duplicate ACK confirmation.

17. Who initiated the network retransmission process and fast retransmission? How to determine whether to retransmit?

Timeout retransmission: The retransmission mechanism will set a timer. When the specified time is exceeded and no ACK confirmation message is received from the other party, the data will be retransmitted. This is timeout retransmission.

Timeout retransmission time RTO: During the timeout retransmission process, what will happen if the timeout time RTO is too long or too short? When it is too large, retransmission will be slow, inefficient and perform poorly. If it is too short, it will result in retransmission without loss, so the retransmission will be faster, which will increase network congestion and lead to more timeouts. More timeouts will lead to more retransmissions.

Fast retransmission: If the receiver receives an out-of-order packet, it will return an acknowledgment response to the previous correct packet. When the sender receives three consecutive redundant ACKs, it will immediately retransmit the lost data quickly, without Wait until the timeout period before retransmitting. So fast retransmission is initiated by the sender. Compared with timeout retransmission: The disadvantage of timeout retransmission is that it is too slow and the value of RTO is difficult to grasp. Although fast retransmission solves the shortcoming of slow timeout retransmission, sending several more ACKs will cause the network to be more congested.

//18.How does http maintain long links?

19.Why http1.0 cannot maintain a long connection?

In http1.0, each request and response requires the establishment of a complete TCP connection. Once the server has sent the response and closed the connection, the connection between the client and the server will be interrupted, and in this mode, additional establishment and closing of the connection will bring additional overhead, each time establishing and closing the TCP connection is required Perform TCP's three-way handshake and four-way wave, which will cause network delay and resource consumption. The server is heavily burdened and needs to consume more system resources when processing a large number of concurrent requests. HTTP is a stateless protocol. The server does not record previous request information. Each request requires retransmission of access authentication messages, cookies, etc. so

20.The main differences between http1.0 and http2.0

http1.0: The browser only maintains a short-term connection with the server, and each request of the browser requires a TCP connection to be established with the server.

http2.0: Uses binary format instead of text format, completely multiplexed instead of ordered and blocked, can achieve parallelism with only one connection, uses header compression, reduces overhead, and introduces server push.

21.Network transmission big and small endian

Big-endian mode: means that the high byte of data is stored in the low address of the memory, and the low byte of data is stored in the high address of the memory. The address increases from small to large, and the data is placed from high to low.

Little endian mode: means that the high byte of data is stored in the high address of the memory, and the low byte of the data is stored in the low address of the memory. The weight of the high address part is high, and the weight of the low address part is low, which is similar to our daily life. Logically consistent.

In our network byte transmission, the TCP/IP protocol stipulates that the network byte order (big-endian mode) must be used, and most PCs use little-endian mode. So we need to convert the big and small endian first before using it.

22. Send an http request and the server generates a response. How to determine whether the response is complete and then the browser renders it?

After the browser receives the response data stream and indicates the response size of the response data according to the content-length, the browser will use the buffer to receive the response data and start to continuously check the size of the data stream and compare it with the content-length. If it receives The received data size is equal to content-length, and the browser considers that the response has been completely received.

23. Seven-layer network reference model

OSI seven-layer model and TCP/IP four-layer model_txinyu's blog's blog-CSDN blog

24. How to resume downloading from a breakpoint?

Resume uploading means that if you encounter a network failure when uploading or downloading, you can continue uploading and downloading the unfinished part from the part that has been uploaded or downloaded. There is no need to start uploading and downloading from the beginning, which can save time and improve speed. It is implemented by the server giving the client an uploaded position mark position, and then the client moves the file pointer to the corresponding position, and reads the remaining part of the file through the input stream and transmits it to the server until the transmission is completed.

25.What are the status codes of http?

1xx: Informational status code

2xx: Success status code

3xx: Redirect status code

4xx: Client error status code

5xx: Server-side error status code

Starting with 2: (Request Successful) Status code indicating that the request was successfully processed.

200 (Success) The server successfully processed the request. Typically, this means that the server served the requested web page.

201 (Created) The request was successful and the server created the new resource.

202 (Accepted) The server has accepted the request but has not yet processed it.

203 (Unauthorized Information) The server successfully processed the request, but the information returned may have come from another source.

204 (No Content) The server successfully processed the request but returned no content.

205 (Reset Content) The server successfully processed the request but returned no content.

206 (Partial) The server successfully processed part of the GET request.

Starting with 3: (request redirected) indicates that further operations are required to complete the request. Typically, these status codes are used for redirects.

300 (Multiple Choices) The server can perform a variety of actions in response to the request. The server can select an action based on the requester (user agent) or provide a list of actions for the requester to choose from.

301 (Permanently Moved) The requested web page has been permanently moved to a new location. When the server returns this response (in response to a GET or HEAD request), it automatically forwards the requester to the new location.

302 (Temporary Move) The server is currently responding to requests from a web page in a different location, but the requester should continue to use the original location for future requests.

303 (View Other Location) The server returns this code when the requester should use separate GET requests to different locations to retrieve the response.

304 (Not Modified) The requested web page has not been modified since the last request. When the server returns this response, no web page content is returned.

305 (Using Proxy) The requester can only access the requested web page using a proxy. If the server returns this response, it also indicates that the requester should use a proxy.

307 (Temporary Redirect) The server is currently responding to the request from a web page in a different location, but the requester should continue to use the original location for future requests.

Starting with 4: (Request Error) These status codes indicate that the request may have gone wrong, preventing the server from processing it.

400 (Bad Request) The server does not understand the syntax of the request.

401 (Unauthorized) The request requires authentication. For web pages that require login, the server may return this response.

403 (Forbidden) The server refused the request.

404 (Not Found) The server cannot find the requested web page.

405 (Method Disabled) Disables the method specified in the request.

406 (Not Accepted) The requested web page cannot be responded to with the requested content attributes.

407 (Proxy Authorization Required) This status code is similar to 401 (Not Authorized), but specifies that the requester should be authorized to use the proxy.

408 (Request Timeout) A timeout occurred while the server was waiting for a request.

409 (Conflict) The server encountered a conflict while completing the request. The server MUST include information about the conflict in the response.

410 (Deleted) The server returns this response if the requested resource has been permanently deleted.

411 (Valid length required) The server does not accept requests without a valid content-length header field.

412 (Precondition not met) The server did not meet one of the preconditions set by the requester in the request.

413 (Request Entity Too Large) The server cannot process the request because the request entity is too large and exceeds the server's processing capabilities.

414 (Requested URI Too Long) The requested URI (usually a URL) is too long and cannot be processed by the server.

415 (Unsupported Media Type) The requested format is not supported by the requested page.

416 (Requested scope does not meet requirements) The server returns this status code if the page cannot provide the requested scope.

417 (Expectation Not Met) The server did not meet the requirements for the "Expected" request header field.

Starting with 5: (Server Error) These status codes indicate that an internal error occurred while the server was trying to process the request. These errors may be errors on the server itself rather than an error in the request.

500 (Internal Server Error) The server encountered an error and was unable to complete the request.

501 (not yet implemented) The server does not have the capabilities to complete the request. For example, this code may be returned when the server does not recognize the request method.

502 (Bad Gateway) The server, acting as a gateway or proxy, received an invalid response from an upstream server.

503 (Service Unavailable) The server is currently unavailable (due to overload or downtime for maintenance). Usually, this is a temporary state.

504 (Gateway Timeout) The server acted as a gateway or proxy, but did not receive the request from the upstream server in time.

505 (HTTP version not supported) The server does not support the HTTP protocol version used in the request.

//26.What are the applicable scenarios for UDP?

27. How is the function of regularly detecting inactive connections implemented?

Heartbeat mechanism: refers to periodically sending small data packets to confirm the activity of the connection. The server and client can send heartbeat packets to each other to indicate that they are still active. If no heartbeat active packet is received within a period of time, it can be determined whether the connection is inactive.

Timeout mechanism: The server can record the establishment time of each connection and set a timeout threshold. The timer can periodically check the difference between the connection establishment time and the current time. If it exceeds the predetermined timeout, it can be determined whether the connection is an inactive connection.

Fast detection mechanism: The server can send small packets or detect requests to the client regularly to confirm whether the connection is active. After the client receives these requests, it can reply immediately to indicate that the connection is still active.

Mechanism provided by the operating system: The operating system provides some socket options or APIs for detecting and managing inactive connections (for example: TCP-keep-alive in the TCP protocol)

29.What are SSL and TLS protocols?

SSL (secure socket layer): A protocol layer located between reliable connection-oriented network layer protocols and application layer protocols. Secure communication between client and server is achieved through mutual authentication, use of digital signatures to ensure integrity, and use of encryption to ensure privacy. It is divided into two layers: SSL record protocol: It is built on a reliable transmission protocol and provides support for basic functions such as data encapsulation, compression, and encryption for high-level protocols. SSL handshake protocol: It is built on the SSL record protocol and is used for security verification by both communicating parties before the actual data transmission begins.

TLS (Transport Layer Security): Used to provide confidentiality and data integrity between two communicating applications. Also consists of two layers of protocols: TLS record protocol and TLS handshake protocol

The relationship between them: TLS is the subsequent version of SSL3.0. There are significant differences between TLS and SSL3.0, mainly due to the different encryption algorithms supported, so SSL and TLS cannot interoperate.

Function: Transmit encrypted data on the Internet to prevent snooping. Maintain the integrity of data along the way.

30. Explain what the HTTP and HTTPS protocols are, and what are the symmetric encryption and asymmetric encryption in HTTPS?

HTTP: It is the most widely used network protocol on the Internet. It is a standard for client and server requests and responses. It is a transmission protocol used by the www server to transmit hypertext to the local. It can make the browser more efficient and reduce network transmission.

HTTPS: It is an HTTP channel aimed at security. Simply put, it is a secure version of HTTP with the SSL layer added. It is mainly used to establish a secure information channel to ensure the security of data transmission or confirm the authenticity of the website.

Symmetric encryption: Both parties use the same key to encrypt and decrypt data.

Asymmetric encryption: There are two keys, one is a public key and a private key. Data encrypted with the private key can only be decrypted by the corresponding public key. Data encrypted with the public key can only be decrypted by the corresponding private key.

Difference: https protocol requires applying for a ca certificate. Generally, there are fewer free certificates, so a certain fee is required. http is a clear text transmission, and https is a secure SSL encrypted transmission protocol. The connection methods are different, and the ports used are also different, http (80), https (443). http connection is very simple and stateless 4

31. Can data be carried during the three-way handshake?

It can carry data. In other words, the first and second handshakes cannot carry data, but the third handshake can carry data. If the first handshake can carry data, if someone wants to maliciously attack the server, he will have to put a large amount of data in the SYN message in the first handshake every time, because the attacker does not care about the server's receiving and sending. Whether the capability is normal, and then crazy and repeated SYN messages will cause the server to spend a lot of time and memory space to receive these messages. In other words, if data can be put in the first handshake, one of the simple reasons is that it will make the server more vulnerable to attacks. For the third time, the client is already in the established state. That is to say, for the client, it has established a connection and already knows that the server's receiving and sending capabilities are normal, so it can There is no problem with carrying data pages.

32. Why does it take three times to establish a connection and four times to release a connection?

TCP requires three handshakes to establish a connection, and four handshakes to disconnect. This is caused by TCP's half-close. Because the TCP connection is full-duplex (that is, data can be transmitted in both directions at the same time), it is closed. Each direction must be closed separately. This one-way closing is called semi-closing. The method of closing is that after one party completes its data transmission, it sends a FIN to notify the other party that it wants to terminate the connection in this direction. When one end receives a FIN, it must notify the application layer that the TCP connection has terminated the data transmission in this direction. , sending FIN is usually the result of application layer shutdown.

This is because when the SOCKET in the LISTEN state on the server side receives the connection request of the SYN message, it can put ACK and SYN (ACK acts as a response, and SYN acts as a synchronization) in one message for sending. But when closing the connection, when receiving the FIN message notification from the other party, it only means that the other party has no data to send to you, but not all your data may be sent to the other party, so you may not necessarily close the SOCKET immediately, or That is to say, you may need to send some data to the other party, and then send a FIN message to the other party to express your agreement that the connection can be closed now, so the ACK message and FIN message here are sent separately in most cases.

33. Core method to solve a large number of TIME_WAIT problems

In Linux systems, by turning on the TCP timestamp function, you can avoid the accumulation of TIME_WAIT status. You can enable TCP timestamps by modifying the /etc/sysctl.conf file and adding the following configuration: net.ipv4.tcp_timestamps=1. Then execute the sysctl -p command to make the configuration take effect.

Turn on TCP connection reuse: TCP connection reuse means that after the connection in the TIME_WAIT state is closed, its port will be reassigned to a new connection without waiting for the end of the TIME_WAIT state. This can effectively reduce the number of TIME_WAIT states. You can enable TCP connection reuse by modifying the /etc/sysctl.conf file and adding the following configuration: net.ipv4.tcp_tw_reuse=1, and execute sysctl -p to make the command take effect.

Adjust the local port range: The local port range refers to the range used to allocate local ports. If the local port range is set too small, it may lead to port exhaustion and an increase in TIME_WAIT status. You can expand the local port configuration by modifying the /etc/sysctl/conf file and adding the following configuration: net.ipv4.ip_local_port_range=1024 65535, and then execute the sysctl -p command to make the configuration take effect.

Note: The above method is only suitable for solving ordinary TIME_WAIT problems. In some special cases, turning on the net.ipv4.tcp_tw_recycle option can cause problems. Therefore, it is not recommended to turn on the net.ipv4.tcp_tw_recycle option.

34.How does TCP ensure the reliability of communication?

1. Data fragmentation: User data is fragmented at the sending end and reassembled at the receiving end. TCP determines the size of the fragments and controls fragmentation and reassembly.

2. Arrival confirmation: When the receiving end receives the fragmented data, it sends a confirmation packet to the sending end based on the fragmented data sequence number.

3. Timeout retransmission: The sender times out after sending the fragments. If it times out but does not receive the corresponding confirmation packet, the corresponding fragments will be resent.

4. Sliding window: The size of the receiving buffer space on both sides of the TCP connection is fixed, and the receiving end can only accept data that can be accommodated in the buffer.

5. Out of order processing: The receiving end of TCP needs to reorder the received data.

6. Duplicate processing: If the transmitted TCP fragments are repeated, the TCP receiving end needs to discard the duplicate data.

7. Data verification: TCP detects any changes in the data during transmission by maintaining the checksum of its header and data.

35. Long connections and short connections of TCP protocol

The operation process of short connection: Establish connection-》Transfer data-》Close connection

The operation process of long connection: Establish connection-》Transfer data-》….(Keep connection)…-》Transfer data-》Close connection

Advantages and Disadvantages:

Short connections: Advantages: It is relatively simple to manage, the existing connections are all useful connections, and no additional control means are required. Disadvantages: Since the establishment and closing of TCP requires a certain amount of system overhead, if the client makes frequent connection requests, it will reduce the server's processing speed and waste system resources and bandwidth.

Long connection: Advantages: Long connection can save fewer TCP connection establishment and closing operations, reduce waste and save time. Disadvantages: If the connection between client and server is not closed, there will be a problem. As more and more client connections are made, the load pressure on the server will increase, reducing the overall performance of the server. In more serious cases, it may Causes the server to crash; secondly, if a large number of connected TCP communication parties do not transmit data for a long time, this will also lead to a waste of system and network resources.

36. Application scenarios of long/short connections

Long connection: Generally used when frequent read and write operations, point-to-point communication are required, and the number of connections is not too many. For example, database connections usually use long connections. If short connections are used, frequent creation and closing of TCP sockets will cause socket errors, which is also a waste of resources.

Short connections: Generally used when frequent read and write operations are not required and the number of connections is large. For example, http services of web websites are generally used for short connections. Because long connections consume a certain amount of system resources for the server. For example, web website services usually have a large number of client connection requests and a large number of concurrent connections. Using short connections will save system resources and respond to customer requests in a timely manner. .

37.Limitation on the number of TCP connections:

1. Limit on the number of connections in the local operating system: Each operating system has a default maximum number of connections, which can be increased by modifying the system's kernel parameters.

2. Limitation on the number of connections of network devices: Each network device (such as routers, switches) has a limit on the maximum number of connections. This limit is affected by the hardware capabilities and software limitations of the device.

3. Limitation of network bandwidth: If the network bandwidth is not enough, the number of connections will be limited.

4. The application’s own limit on the number of connections: Some applications will set a limit on the maximum number of connections. This limit can be increased by modifying the application’s configuration file.

38. Let’s talk about the keep-alive mechanism of long connections:

For long TCP connections, how to keep the TCP connection in the "KeepAlive state" when there is no data transmission between the communicating parties is a problem that must be solved. In Linux systems, we can use netstat, lost and other commands to check whether the TCP connection is in the "ESTABLISHED" state.

Necessity: 1. Many firewalls will actively close idle sockets. 2. Possible abnormal disconnection cannot be detected by the server. In order to recover the disconnected socket resources, a detection mechanism must be provided.

Possible reasons for abnormal TCP disconnection: 1. Network failure. 2. The client/server side suddenly loses power or the process crashes.

How to keep alive:

1. Heartbeat mechanism of the application layer: Use the heartbeat mechanism in the application layer for active detection. The specific method is: when the TCP connection is successfully established, the client starts a scheduled task and regularly sends a heartbeat request message to the peer that has established the connection. After the server receives the heartbeat message, it returns a heartbeat response message. If no response message is received from the server within the timeout period, the heartbeat request message will be resent. If the client continues to fail to respond for many times, the client will consider that the TCP connection is unavailable and actively disconnect. Of course, the server can also actively send a heartbeat request message to the client.

2. The keep-alive mechanism that comes with the TCP protocol: the keep-alive mechanism that comes with the Linux kernel. When using it, you only need to turn on the keep-alive function.

The advantages and disadvantages of the two keep-alive mechanisms:

1. KeepAlive mechanism of TCP protocol:

Advantages: The KeepAlive mechanism of the TCP protocol is implemented by the system kernel. The upper-layer application only needs to process the sending and receiving of data and connection exception notifications. This reduces the complexity of the application layer code. Compared with the application layer, the timer at the kernel level is more convenient. To be efficient.

Disadvantages: 1. It is located at the transport layer and is responsible for the operating system. It can only detect whether the connection is alive, but cannot detect whether the connection is available. For example, the server's load is extremely high for some reason, the CPU usage reaches 100%, and it cannot continue to respond to any business requests. However, the TCP probe can still detect the connection status. This is a typical connection or service dead state. . For the client, the best choice at this time is to disconnect and reconnect to other servers, instead of thinking that the current server is available and sending requests to the current server that are bound to fail.

2. This mechanism cannot effectively detect in a timely manner when the connection is abnormally disconnected. If one party to the TCP connection suddenly disconnects abnormally, the sender does not know that the other party has been offline at this time. At this time, if there is data transmission failure, TCP will automatically timeout and retransmit, and the priority of the retransmission segment is higher than the KeepAlive detection segment, resulting in the detection segment never being sent. It wasn't until after a long retransmission that we got it.

2. HeartBeat mechanism at the application layer:

Advantages: 1. Better flexibility and controllability. It can detect the detection timing, interval and process of the heartbeat, and can even attach additional information to the heartbeat packet. The most important thing is that it can not only detect whether the connection exists, but also whether the connection is available. However, TCP's KeepAlive mechanism can only provide simple Biopsy function. 2. Universal. The heartbeat of the application layer does not depend on the transport layer protocol. If TCP is not used one day, UDP will be used instead. , the transport layer does not provide heartbeat support, but the heartbeat mechanism of your application layer can still be used, and you can continue to use it with only a few changes.

Disadvantages: 1. Developers need to implement it themselves, which increases the workload of software development. Due to the application of specific network frameworks, it may also increase the complexity of the code structure. 2. The traffic consumption of application layer heartbeat will be greater, after all, it is essentially an ordinary data packet.

39.SYN flood attack:

A SYN flood attack occurs when an attacker repeatedly sends SYN packets to every port on a target server, usually using a forged IP address. The server, unaware of the attack, receives multiple legitimate-looking requests to establish communication. It responds to each attempt with a SYN-ACK packet from each open port. The malicious client either does not send the expected ACK or (if the IP address is spoofed) never receives the SYN-ACK in the first place. Either way, the compromised server waits for some time for an acknowledgment of its SYN-ACK packet. During this time, the server cannot close the connection by sending RST packets and the connection remains open. Another SYN packet will arrive before the connection times out. This results in more and more connections being left half-open—in fact, SYN flood attacks are also known as "half-open attacks." Eventually, when the server's connections overflow the table, service to legitimate clients will be denied, and the server may even malfunction or crash.

SYN mitigation methods:

Micro-chunks: Instead of a full object, administrators can allocate a micro-record (as little as 16 bytes) in server memory for each incoming SYN request.

SYN cookies: Using a cryptographic hash, the server sends its SYN-ACK response, which contains a sequence number (seqno), which is used by the client to generate an RST packet telling the server what went wrong. If received, the server knows it is legitimate, logs the client, and accepts subsequent incoming connections from it.

RST cookies: The server intentionally sends an invalid SYN-ACK for the first request from a given client. This should cause the client to generate an RST packet telling the server what went wrong. If received, the server knows the request is legitimate, logs the client, and accepts subsequent incoming connections from it.

Stack Tuning: Administrators can tune the TCP stack to mitigate the effects of SYN flooding. This may involve reducing the timeout until the stack frees the memory allocated for the connection, or selectively dropping incoming connections.

40.Congestion control

Congestion phenomenon: When the throughput of the network reaches a certain limit, congestion will occur. Then the data packets sent at this time will not reach the receiving end due to delay. Because of the timeout retransmission mechanism, the sending end will resend the data packets, then the network The bandwidth is already very congested, and further data packets will be sent even more congested, which will form a vicious cycle. If not controlled, the effective throughput of the network will eventually be close to 0.

The cost of congestion control: the need to obtain information about the traffic distribution within the network. Before implementing congestion control, information and various commands need to be exchanged between nodes in order to select control strategies and implement control. This creates additional overhead. Congestion control also requires allocating some resources to each user for independent use, so that network resources cannot be better shared. There are four algorithms: slow start, congestion avoidance, fast retransmission, and fast recovery.

41. Principle of sliding window

TCP is a full-duplex communication method, so the sliding window of each party includes a receiving window + a sending window. The receiving window is responsible for processing the data it receives, and the sending window is responsible for processing the data it wants to send out. The essence of the sliding window is actually to maintain several variables. Through these variables, the data processed by TCP is divided into several categories. At the same time, a message is sent out and a message is received to perform certain processing and maintenance on these variables.

42.What is sticky bag and the reasons for sticky bag

Sticky packets: Multiple data packets are continuously stored in a continuous buffer. When reading the data packets, because the sender's sending boundary cannot be determined, a certain estimated value is used to read the data. If both parties When the sizes are inconsistent, several data sent by the sender will be mixed into one packet when the receiver receives it. From the receiving buffer, the head of the next packet of data is immediately following the end of the previous packet of data. For example: the sender sends two pieces of data, and the receiver receives one and a half pieces of data at a time (the receiver may not know how big a packet is). The problem of sticky packets is multifaceted. It may be caused by the sender, or it may be caused by the sender. caused by the recipient.

Cause: The sticky packet caused by the sender is caused by the TCP protocol itself.

1. In order to improve transmission efficiency in TCP, the sender often has to collect enough data before sending a packet of data. If the data sent several times in a row is very small, usually TCP will combine the data into one packet according to the optimization algorithm and send it out at once, so that the receiver receives the sticky packet data.

2.TCP stipulates MSS. If the data packet is too long, it will be transmitted separately. In this way, the receiver receives the sticky packet data.

The sticky problem caused by the receiver: The receiving user process does not receive data in time, which leads to the sticky phenomenon. This is because the receiver first puts the received data in the system receiving buffer, and the user process takes the data from the buffer. If the previous packet of data has not been taken away by the user process when the next packet of data arrives, the next packet of data will When it is placed in the system receive buffer, it is after receiving the previous packet of data, and the user process fetches data from the system receive buffer according to the preset buffer size, thus obtaining multiple packets of data at one time.

Reflected in the code: the data to be sent is larger than the remaining space of the TCP buffer, and unpacking will occur. The data to be sent is larger than the MSS and TCP will unpack it before transmitting. The data to be sent is smaller than the size of the TCP send buffer. TCP will send the data written to the buffer multiple times at once, and packet sticking will occur. If the application layer at the receiving data end fails to read the data in the receiving buffer, sticky packets will occur.

Processing method:

1. The sending end adds a packet header to each data packet. The header should at least contain the length of the data packet. In this way, after receiving the data, the receiving end will know the actual length of each data packet by reading the length field of the packet header. .

2. The sending end encapsulates each data packet into a fixed length (if it is not enough, it can be filled with 0), so that the receiving segment will naturally split each data packet every time it reads fixed-length data from the receiving buffer. Come.

3. Boundaries can be set between data packets, such as adding special symbols. In this way, the receiving end can split different data packets through this boundary.

43.TCP and UDP usage scenarios

UDP usage scenarios: UDP does not provide complex control mechanisms, and uses IP to provide connectionless communication services. Data can be sent at any time, and the processing is simple and efficient. Therefore, it is mainly used in the following scenarios: communication with a small total package size (DNS, SNMP protocol), multimedia communication (instant messaging) such as video and audio, QQ uses the UDP protocol, broadcast communication... and a series of scenarios that pursue speed.

TCP usage scenarios: Compared with UDP, TCP implements various controls during the data transmission process. It can implement a retransmission mechanism when packets are lost, and can also control the sequence of out-of-order packets. TCP can be used when reliability requirements are high, that is, TCP can be selected regardless of UDP. Especially those that require reliable connections, such as payment, encrypted data, etc., all need to rely on TCP.