1

Internet and Intranet Protocols and Applications

Lecture 2: Application Layer 1:

HTTP and FTPSpring 2006

Arthur GoldbergComputer Science Department

New York Universityartg@cs.nyu.edu

2

Chapter 2Application Layer

Computer Networking: A Top Down

Approach Featuring the Internet, 3rd edition.

Jim Kurose, Keith Ross

Addison-Wesley, July 2004.

A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers). They’re in PowerPoint form so you can add, modify, and delete slides (including this one) and slide content to suit your needs. They obviously represent a lot of work on our part. In return for use, we only ask the following:

If you use these slides (e.g., in a class) in substantially unaltered form, that you mention their source (after all, we’d like people to use our book!)

If you post any slides in substantially unaltered form on a www site, that you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.

Thanks and enjoy! JFK/KWR

All material copyright 1996-2004J.F Kurose and K.W. Ross, All Rights Reserved

3

Chapter 2: Application layer

• 2.1 Principles of network applications

• 2.2 Web and HTTP• 2.3 FTP • 2.4 Electronic Mail

– SMTP, POP3, IMAP• 2.5 DNS

• 2.6 P2P file sharing• 2.7 Socket

programming with TCP

• 2.8 Socket programming with UDP

• 2.9 Building a Web server

4

Chapter 2: Application LayerOur goals:• conceptual,

implementation aspects of network application protocols– transport-layer

service models– client-server

paradigm– peer-to-peer

paradigm

• learn about protocols by examining popular application-level protocols– HTTP– FTP– SMTP / POP3 / IMAP– DNS

• programming network applications– socket API

2

5

Some network apps

• E-mail• Web• Instant messaging• Remote login• P2P file sharing• Multi-user network

games• Streaming stored

video clips

• Internet telephone• Real-time video

conference• Massive parallel

computing

6

Creating a network appWrite programs that

– run on different end systems and

– communicate over a network.

– e.g., Web: Web server software communicates with browser software

No software written for devices in network core– Network core devices do

not function at app layer– This design allows for

rapid app development

applicationtransportnetworkdata linkphysical

applicationtransportnetworkdata linkphysical

applicationtransportnetworkdata linkphysical

7

Chapter 2: Application layer

• 2.1 Principles of network applications

• 2.2 Web and HTTP• 2.3 FTP • 2.4 Electronic Mail

– SMTP, POP3, IMAP• 2.5 DNS

• 2.6 P2P file sharing• 2.7 Socket

programming with TCP

• 2.8 Socket programming with UDP

• 2.9 Building a Web server

8

Application architectures

• Client-server• Peer-to-peer (P2P)• Hybrid of client-server and P2P

3

9

Client-server architectureserver:

– always-on host– permanent IP address– server farms for scaling

clients:– communicate with

server– may be intermittently

connected– may have dynamic IP

addresses– do not communicate

directly with each other

10

Pure P2P architecture• no always-on server• arbitrary end systems

directly communicate• peers are intermittently

connected and change IP addresses

• example: Gnutella

Highly scalable

But difficult to manage

11

Hybrid of client-server and P2P

Napster– File transfer is P2P– File search centralized:

• Peers register content at central server• Peers query same central server to locate content

Instant messaging– Chatting between two users is P2P– Presence detection/location centralized:

• User registers its IP address with central server when it comes online

• User contacts central server to find IP addresses of buddies

12

Processes communicatingProcess: program running

within a host• within a host, two

processes communicate using inter-process communication (defined by OS)

• processes in different hosts communicate by exchanging messages

Client process: process that initiates communication

Server process: process that waits to be contacted

• Note: applications with P2P architectures have client processes & server processes

4

13

Sockets

• process sends/receives messages to/from its socket

• socket analogous to door– sending process shoves

message out door– sending process relies on

transport infrastructure on other side of door which brings message to socket at receiving process

process

TCP withbuffers,variables

socket

host orserver

process

TCP withbuffers,variables

socket

host orserver

Internet

controlledby OS

controlled byapp developer

• API: (1) choice of transport protocol; (2) ability to fix a few parameters (lots more on this later)

14

Addressing processes• For a process to

receive messages, it must have an identifier

• A host has a unique 32-bit IP address

• Q: does the IP address of the host on which the process runs suffice for identifying the process?

• Answer: No, many processes can run on one host

• Identifier includes both the IP address and port numbersassociated with the process on the host.

• Example port numbers:– HTTP server: 80– Mail server: 25

• More on this later

15

App-layer protocol defines• Types of messages

exchanged, e.g., request & response messages

• Syntax of message types: what fields in messages & how fields are delineated

• Semantics of the fields, i.e., meaning of information in fields

• Rules for when and how processes send & respond to messages

Public-domain protocols• defined in RFCs• allows for

interoperability• E.g., HTTP, SMTPProprietary protocols• E.g., KaZaA

16

What transport service does an app need?

Data loss• some apps (e.g., audio) can

tolerate some loss• other apps (e.g., file

transfer, telnet) require 100% reliable data transfer

Timing• some apps (e.g.,

Internet telephony, interactive games) require low delay

Bandwidth• some apps (e.g.,

multimedia) require a minimum amount of bandwidth

• other apps (“elastic apps”) make use of whatever bandwidth they get

5

17

Transport service requirements of common apps

Application

file transfere-mail

Web documentsreal-time audio/video

stored audio/videointeractive gamesinstant messaging

Data loss

no lossno lossno lossloss-tolerant

loss-tolerantloss-tolerantno loss

Bandwidth

elasticelasticelasticaudio: 5kbps-1Mbpsvideo:10kbps-5Mbpssame as above few kbps upelastic

Time Sensitive

nononoyes, 100s msec

yes, few secsyes, 100s msecyes and no

18

Internet transport protocols services

TCP service:• connection-oriented: setup

required between client and server processes

• reliable transport: between sending and receiving process

• flow control: sender won’t overwhelm receiver

• congestion control: throttle sender when network overloaded

• does not provide: timing, minimum bandwidth guarantees

UDP service:• unreliable data transfer

between sending and receiving process

• does not provide: connection setup, reliability, flow control, congestion control, timing, or bandwidth guarantee

Q: Why bother? Why is there a UDP?

19

Internet apps: application, transport protocols

Application

e-mailremote terminal access

Web file transfer

streaming multimedia

Internet telephony

Applicationlayer protocol

SMTP [RFC 2821]Telnet [RFC 854]HTTP [RFC 2616]FTP [RFC 959]proprietary(e.g. RealNetworks)proprietary(e.g., Dialpad)

Underlyingtransport protocol

TCPTCPTCPTCPTCP or UDP

typically UDP

20

Chapter 2: Application layer

• 2.1 Principles of network applications – app architectures– app requirements

• 2.2 Web and HTTP• 2.4 Electronic Mail

– SMTP, POP3, IMAP• 2.5 DNS

• 2.6 P2P file sharing• 2.7 Socket

programming with TCP

• 2.8 Socket programming with UDP

• 2.9 Building a Web server

6

2/7/2006 21

WWW - Invention (hypertext)

• Invented by Tim Berners-Lee at CERN in 89– "HyperText is a way to link and access

information of various kinds as a web of notes in which the user can browse at will. It provides a single user-interface to large classes of information.”

– "A hypertext page has pieces of text which refer to other texts. Such references are highlighted and can be selected... When you select a reference, the browser presents you with the text which is referenced: you have made the browser follow a hypertext link" 22

WWW - Invention• Tim Berners-Lee (CERN) Proposal 11/90

– “The current incompatibilities of the platforms and tools make it impossible to access existing information through a common interface, leading to waste of time, …”

– “A link is specified as an ASCII string from which the browser can deduce a suitable method of contacting an appropriate server. When a link is followed, the browser addresses the request for the node [document] to the server.”

– WorldWideWeb: Proposal for a HyperText Project, 11/12/90, http://www.w3.org/Proposal.html

23

Links may become invalid – Link is simply a text name for a remote document– Remote document may be removed while name in

link remains in place– Guys who invented hypertext worried about this

(Douglas Engelbart invented and implemented hypertext in early 60s, Ted Nelson named it in ’65, continues pursuing ‘Xanadu’)

– Berners-Lee had brilliance to ignore it

24

Identifying a Page (URL) RFC 2396• Page identified by:

– Protocol used to access page – Computer on which page is stored – TCP port to access page – Pathname of file on server

• URL Syntaxprotocol://computer_name[:port][/document_name]

• protocol (scheme) = http, ftp, etc• port is optional• document_name is path to document

– Which parts are case sensitive?

7

2/7/2006 25

URL Schemesftp : // [ user [:password] @ ] host / pathnews : newsgrouptelnet : ipaddressgopher : // host [ gtype ]mailto : userid @ hostnamewais : // hostport / database [ ? search ] wais : // hostport / database / wtype / wpathfile: // pathnamehttp: // host [: port ][ / path ]

• http://www.w3.org/Addressing/rfc1738.txt

26

How Did Berners-Lee Start the Web Growing?

• What good were Web servers if there were no browsers?

• What good were browsers if there were no Web servers?

• Why were any of them deployed?

27

Web and HTTP

First some jargon• A Web page consists of objects• Object can be HTML file, JPEG image, Java applet,

audio file,…• Web page consists of base HTML-file which includes

several referenced objects• Each object is addressable by a URL• Example URL:

www.someschool.edu/someDept/pic.gif

host name path name

28

HTTP overview

HTTP: hypertext transfer protocol

• Web’s application layer protocol

• client/server model– client: browser that

requests, receives & “displays” Web objects

– server: Web server sends objects in response to requests

• HTTP 1.0: RFC 1945• HTTP 1.1: RFC 2616

PC runningExplorer

Server running

Apache Webserver

Mac runningNavigator

HTTP request

HTTP request

HTTP response

HTTP response

8

29

HTTP overview (continued)Uses TCP:• client initiates TCP connection

(creates socket) to server, typically port 80

• server accepts TCP connection from client

• HTTP messages (application-layer protocol messages) exchanged between browser (HTTP client) and Web server (HTTP server)

• TCP connection closed

HTTP is “stateless”• server maintains no

information about past client requests

Protocols that maintain “state” can be complex

• past history (state) must be maintained

• if server/client crashes, their views of “state” may be inconsistent, may need to be reconciled

aside

30

HTTP connections

Nonpersistent HTTP• At most one object is

sent over a TCP connection.

• HTTP/1.0 uses nonpersistent HTTP

Persistent HTTP• Multiple objects can

be sent over single TCP connection between client and server.

• HTTP/1.1 uses persistent connections in default mode

31

Nonpersistent HTTPSuppose user enters URL

www.someSchool.edu/someDepartment/home.index

1a. HTTP client initiates TCP connection to HTTP server (process) at www.someSchool.edu on port 80

2. HTTP client sends HTTP request message (containing URL) into TCP connection socket; message indicates that client wants object someDepartment/home.index

1b. HTTP server at host www.someSchool.edu waiting for TCP connection at port 80. “accepts” connection, notifying client

3. HTTP server receives request message, forms response messagecontaining requested object, and sends message into its sockettime

(contains text, references to 10

jpeg images)

32

Nonpersistent HTTP (cont.)

5. HTTP client receives response message containing html file, displays html. Parsing html file, finds 10 referenced jpeg objects

6. Steps 1-5 repeated for each of 10 jpeg objects

4. HTTP server closes TCP connection.

time

9

33

Response time modelingDefinition of Round Trip

Time (RTT): time to send a small packet from client to server and back

Response time:• one RTT to initiate TCP

connection• one RTT for HTTP

request and first few bytes of HTTP response to return

• file transmission timetotal = 2RTT + file transmit

time

time to transmit file

initiate TCPconnection

RTT

requestfile

RTT

filereceived

time time

34

Persistent HTTP

Nonpersistent HTTP issues:• requires 2 RTTs per object• OS must work and allocate

host resources for each TCP connection

• but browsers often open parallel TCP connections to fetch referenced objects

Persistent HTTP:• server leaves connection

open after sending response• subsequent HTTP messages

between same client/server are sent over connection

Persistent without pipelining:• client issues new request

only when previous response has been received

• one RTT for each referenced object

Persistent with pipelining:• default in HTTP/1.1• client sends requests as

soon as it encounters a referenced object

• as little as one RTT for all the referenced objects

35

HTTP request message

• two types of HTTP messages: request, response• HTTP request message:

– ASCII (human-readable format)

GET /somedir/page.html HTTP/1.1Host: www.someschool.edu User-agent: Mozilla/4.0Connection: close Accept-language: fr

(extra carriage return, line feed)

request line(GET, POST,

HEAD commands)

headerlines

Carriage return, line feed

indicates end of message 36

HTTP request message: general format

10

37

Uploading form input

Post method:• Web page often

includes form input• Input is uploaded to

server in entity body

URL method:• Uses GET method• Input is uploaded in

URL field of request line:

www.somesite.com/animalsearch?monkeys&banana

38

Method types

HTTP/1.0• GET• POST• HEAD

– asks server to leave requested object out of response

HTTP/1.1• GET, POST, HEAD• PUT

– uploads file in entity body to path specified in URL field

• DELETE– deletes file specified in

the URL field

39

HTTP response message

HTTP/1.1 200 OK Connection: closeDate: Thu, 06 Aug 1998 12:00:15 GMT Server: Apache/1.3.0 (Unix) Last-Modified: Mon, 22 Jun 1998 …... Content-Length: 6821 Content-Type: text/html

data data data data data ...

status line(protocol

status codestatus phrase)

headerlines

data, e.g., requestedHTML file

40

HTTP response status codes

200 OK– request succeeded, requested object later in this message

301 Moved Permanently– requested object moved, new location specified later in

this message (Location:)400 Bad Request

– request message not understood by server404 Not Found

– requested document not found on this server505 HTTP Version Not Supported

In first line in server->client response message.A few sample codes:

11

41

Trying out HTTP (client side) for yourself

1. Telnet to your favorite Web server:Opens TCP connection to port 80(default HTTP server port) at cis.poly.edu.Anything typed in is sent to port 80 at cis.poly.edu

telnet cis.poly.edu 80

2. Type in a GET HTTP request:GET /~ross/ HTTP/1.1Host: cis.poly.edu

By typing this in (hit carriagereturn twice), you sendthis minimal (but complete) GET request to HTTP server

3. Look at response message sent by HTTP server!

42

User-server state: cookies

Many major Web sites use cookies

Four components:1) cookie header line in the

HTTP response message2) cookie header line in

HTTP request message3) cookie file kept on user’s

host and managed by user’s browser

4) back-end database at Web site

Example:– Susan access Internet

always from same PC– She visits a specific e-

commerce site for first time

– When initial HTTP requests arrives at site, site creates a unique ID and creates an entry in backend database for ID

43

Cookies: keeping “state” (cont.)client server

usual http request msgusual http response +Set-cookie: 1678

usual http request msgcookie: 1678

usual http response msg

usual http request msgcookie: 1678

usual http response msg

cookie-specificaction

cookie-specificaction

servercreates ID

1678 for user

entry in backend

database

access

access

Cookie file

amazon: 1678ebay: 8734

Cookie file

ebay: 8734

Cookie file

amazon: 1678ebay: 8734

one week later:

44

Cookies (continued)What cookies can bring:• authorization• shopping carts• recommendations• user session state

(Web e-mail)

Cookies and privacy:• cookies permit sites to

learn a lot about you• you may supply name

and e-mail to sites• search engines use

redirection & cookies to learn yet more

• advertising companies obtain info across sites

aside

12

45

Chapter 2: Application layer

• 2.1 Principles of network applications

• 2.2 Web and HTTP• 2.3 FTP• 2.4 Electronic Mail

– SMTP, POP3, IMAP• 2.5 DNS

• 2.6 P2P file sharing• 2.7 Socket

programming with TCP

• 2.8 Socket programming with UDP

• 2.9 Building a Web server

46

FTP: the file transfer protocol

• transfer file to/from remote host• client/server model

– client: side that initiates transfer (either to/from remote)

– server: remote host• ftp: RFC 959• ftp server: port 21

file transfer FTPserver

FTPuser

interface

FTPclient

local filesystem

remote filesystem

user at host

47

FTP: separate control, data connections

• FTP client contacts FTP server at port 21, specifying TCP as transport protocol

• Client obtains authorization over control connection

• Client browses remote directory by sending commands over control connection

• When server receives a command for a file transfer, the server opens a TCP data connection to client

• After transferring one file, server closes connection

FTPclient

FTPserver

TCP control connectionport 21

TCP data connectionport 20

• Server opens a second TCP data connection to transfer another file.

• Control connection: “out of band”

• FTP server maintains “state”: current directory, earlier authentication

48

FTP commands, responses

Sample commands:• sent as ASCII text over

control channel• USER username• PASS password• LIST return list of file in

current directory• RETR filename

retrieves (gets) file• STOR filename stores

(puts) file onto remote host

Sample return codes• status code and phrase

(as in HTTP)• 331 Username OK, password required

• 125 data connection already open; transfer starting

• 425 Can’t open data connection

• 452 Error writing file

13

HTTP 1.1Slides courtesy

ofRobert Grimm

New York University

50

HTTP/1.0 Performance

• Main message: Performance is suboptimal– Interaction latency– Server scalability

51

Interaction between HTTPand TCP

• Three-way handshake– SYN, SYN+ACK, ACK

• Slow start– Open congestion window for each successfully

transmitted packet– Then send successive packets without waiting for

acknowledgements• Nagle’s algorithm

– Delay transmission to collect additional data• telnet, rlogin

• TIME_WAIT state 52

HTTP/1.1 to the Rescue!

• Extensibility• Caching• Bandwidth optimization• Network connection management• Message transmission• Internet address conservation• Error notification• Security, integrity, and authentication• Content negotiation

14

53

HTTP/1.1 to the Rescue!

• Extensibility• Caching• Bandwidth optimization• Network connection management• Message transmission• Internet address conservation• Error notification• Security, integrity, and authentication• Content negotiation

54

HTTP/1.1 Extensibility

• Goal: full backwards compatibility– HTTP/0.9– HTTP/1.0– HTTP/1.1 draft implementations

• Via header– Collect end-to-end path information

• OPTIONS method– Query for supported features

• Upgrade header– Switch to different protocol

55

HTTP/1.1 Caching(discuss during Caching lecture)

• Reduces latency for cached resources• Reduces bandwidth consumption• Indirectly reduces latency for uncached

resources• Indirectly reduces load on origin servers

56

HTTP/1.1 Caching

• Goal: semantic transparency• HTTP/1.0

– Based on timestamps• Limited resolution (1 second)• Unsynchronized clocks

• HTTP/1.1– Based on relative times

• max-age in Cache-Control header

– Based on opaque tokens• ETag• If-None-Match, If-Match

15

57

HTTP/1.1 Bandwidth Optimizations

• Goal: conserve bandwidth• Range requests

– Only transmit necessary data• Expect and 100 (Continue)

– Ask for permission before transmitting large resources

• Compression– Use more compact on-the-wire representation

• Content-Encoding: end-to-end• Transfer-Encoding: hop-by-hop

58

HTTP/1.1 Network ConnectionManagement

• Goal: be more friendly to TCP• Connection header

– Declare what headers are hop-by-hop• Persistent connections

– Send many request/response interactions over the same TCP connection

• Pipelining– Do not wait for response before sending next

request

59

HTTP/1.1 Message Transmission

• Goal: reduce buffering requirements– Content-Length header requires resource size

• Chunked transfer-coding– Break resource into many pieces

• Trailers– Send headers after resources

• Content-MD5

60

HTTP/1.1 Internet AddressConservation

• Goal: turn one server into many servers– Treat DNS-to-IP mapping as many-to-one

• IPv4 addresses are scarce, aren’t they?

• Host header– Declare DNS name of targeted host– Though, HTTP/1.0 allows for absolute URLs

• Interact with proxies

• Unintended benefit (?)– Amortize management effort over many sites

16

61

HTTP/1.1 Error Notification

• Goal: support advisory information in addition to status code

• Warning header– Expose status of caches

• Disconnected cache

• New status codes– 24 in all, including 100 (Continue), 206

(Partial content), 300 (Multiple choices)

62

HTTP/1.1 Authentication

• Goal: authorize users• Based on WWW-Authenticate, Authorization

headers• HTTP/1.0: Basic authentication

– User name, password in the clear• HTTP/1.1: Digest authentication

– Based on shared secret (user name, password pair)– Sends cryptographically secure checksum (MD5)

• Username, password, nonce, HTTP method, URL

• HTTP/1.1: Proxy authentication

63

HTTP/1.1 Privacy

• Goal: respect privacy of users• Rules for when to use Referer [sic] header• Rules for how to use cookies (RFC 2965)

– HTTP is stateless, yet we want state– Cookies to the rescue

• Collections of name/value pairs• Issued by server on first access• Returned by client on subsequent accesses

64

HTTP/1.1 Content Negotiation

• Goal: support different variant of same resource

• Server-driven negotiation– Client declares preferences, server chooses

• Different headers to distinguish properties– Media types, character sets, content encodings, human

languages

• Quality values (0.000-1.000) to weigh alternatives• Wildcards to express indifference

– Accept: audio/*; q=0.2, audio/basic

17

65

HTTP/1.1 – Some Issues

• How to name a resource?– HTTP/1.0: URL– HTTP/1.1: URL + headers

• Vary header to list relevant headers

• End-to-end or hop-by-hop?– Caches should be semantically transparent– Yet, they may require user interaction

• Proxy authentication• Advisory information

• Stateless or stateful?– Cookies are a separate RFC, yet widely used

66

HTTP/1.1 to the Rescue

• What do you think?

67

HTTP/1.1 Performance

• Main message– Pipelined persistent connections work

68

HTTP/1.1 Performance

• Main message– Pipelined persistent connections work

… but only if you are careful

18

69

HTTP/1.1 PerformanceExperimental Methodology

• Synthesized web site (“Microscape”)– One HTML page (42 KB)– 42 inlined GIF images (total of 125 KB)

• Three connections– LAN – 10 MBit Ethernet– WAN – MIT LCS to LBL– PPP – 28.8k modem to MIT LCS

• Software– Server: Jigsaw and Apache– Client: libwww

70

HTTP/1.1 PerformanceExperimental Methodology

• Hardware– Sun SPARC Ultra-1 server running Solaris– Digital AlphaStation and Windows NT clients

71

HTTP/1.1 PerformanceTuning

• Initial test results– HTTP/1.1 reduces number of sockets and packets– But significantly increases latency

• Buffer management is key– Flush after initial request

• Send as quickly as possible to receive HTML

– But buffer requests for inline images• Pipeline as much as possible to utilize available bandwidth

• Also need to manage connections carefully– Only half-close connection

• Close server sending side, but still accept client data72

HTTP/1.1 PerformanceResults

• HTTP/1.0 with concurrent connections is slow• HTTP/1.1 without pipelining is even slower• HTTP/1.1 with pipelining is faster• HTTP/1.1 with pipelining and compression is

even faster, especially on low bandwidth links

• It’s hard to read results presented in (8) tables

19

73

HTTP/1.1 PerformanceThe Need for Compression

• Goal: fully utilize TCP connection– Complete first request quickly to create more work– Pipeline additional requests to exploit bandwidth

• Compression can help fit more HTML into a single packet– Tag case matters

• Are there better solutions?

74

HTTP/1.1 PerformanceContent Matters

• Advantages of CSS– Reuse over many resources– Elimination of image abuse

• Symbols, spacers

• PNG vs. GIF– More compact representation

75

Questions, Discussion