3: application protocols: http

2: Application Layer 1

3: Application Protocols: HTTP

Last Modified: 04/20/23 03:56 PM


Top-down: Internet protocol stack

Application

Transport

Network

Physical

usersnetwork

HTTP, SMTP, FTP, TELNET, DNS, …

TCP, UDP.

IP

Point-to-point links,LANs, radios, ...

-3

Protocol

A protocol defines the format and the order of messages exchanged between communicating entities as well as the actions taken on the receipt or the transmission of a message.


Applications and application-layer protocols

Application: communicating, distributed processes running in network hosts in

“user space” exchange messages to

implement app e.g., email, file transfer, the

WebApplication-layer protocols

one “piece” of an app (web browser do more than speak HTTP)

define messages exchanged by apps and actions taken

user services provided by lower layer protocols

application

transportnetworkdata linkphysical

application


application



Client-server paradigm

Typical network app has two pieces: client and server

application


application


Server: Running first (always?) provides requested service

to client e.g., Web server sends requested Web page, mail server delivers e-mail

Client: initiates contact with server

(usually “speaks” first) typically requests service

from server, for Web, client is

implemented in browser; for e-mail, in mail reader

request

reply


Network Applications Drive Network Design Important to remember that network

applications are the reason we care about building a network infrastructure

Applications range from text based command line ones popular in the 1980s (like telnet, ftp, news, chat, etc) to multimedia applications (Web browsers, audio and video streaming, real-time video conferencing, etc.)


What is the Internet used for?Credit:CAIDA (1999)


HTTP


http message format: request

Two types of http messages: request, response Http request message:

ASCII (human-readable format)

GET /somedir/page.html HTTP/1.0 User-agent: Mozilla/4.0 Accept: text/html, image/gif,image/jpeg Accept-language:fr

(extra carriage return, line feed)

request line(GET, POST,

HEAD commands)

header lines

Carriage return, line feed

indicates end of message


http request message: general format


Absolute URIs GET

http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1

RFC says “All HTTP/1.1 servers MUST accept the absoluteURI form in requests, even though HTTP/1.1 clients will only generate them in requests to proxies” – do they?

More common GET /pub/WWW/TheProject.html HTTP/1.1 Host: www.w3.org


Request Headers Accept ; Section 14.1 Accept-Charset ; Section 14.2 Accept-Encoding ; Section 14.3 Accept-Language ; Section 14.4 Authorization ; Section 14.8 Expect ; Section 14.20 From ; Section 14.22 Host ; Section 14.23 If-Match ; Section 14.24 If-Modified-Since ; Section 14.25 If-None-Match ; Section 14.26 If-Range ; Section 14.27 If-Unmodified-Since ; Section

14.28

Max-Forwards ; Section 14.31 |

Proxy-Authorization ; Section 14.34 |

Range ; Section 14.35 |

Referer ; Misspelled Section 14.36 |

TE ; Section 14.39 |

User-Agent ; Section 14.43


http message format: response

HTTP/1.0 200 OK Date: Thu, 06 Aug 1998 12:00:15 GMT Server: Apache/1.3.0 (Unix) Last-Modified: Mon, 22 Jun 1998 …... Content-Length: 6821 Content-Type: text/html data data data data data ...

status line(protocol

status codestatus phrase)

header lines

data, e.g., requestedhtml file


http response status codes

200 OK request succeeded, requested object later in this

message

301 Moved Permanently requested object moved, new location specified later

in this message (Location:)

400 Bad Request request message not understood by server

404 Not Found requested document not found on this server

505 HTTP Version Not Supported

In first line in server->client response message.A few sample codes:


http exampleSuppose user enters URL www.someSchool.edu/someDepartment/home.index

1a. http client initiates TCP connection to http server (process) at www.someSchool.edu. Port 80 is default for http server.

2. http client sends http request message (containing URL) into TCP connection socket

1b. http server at host www.someSchool.edu waiting for TCP connection at port 80. “accepts” connection, notifying client

3. http server receives request message, forms response message containing requested object (someDepartment/home.index), sends message into socket

time

(contains text, references to 10

jpeg images)


http example (cont.)

5. http client receives response message containing html file, displays html. Parsing html file, finds 10 referenced jpeg objects

6. Steps 1-5 repeated for each of 10 jpeg objects

4. http server closes TCP connection.

time


Uniform Resource Locator (URL)protocol://authority:port/p/a/th/item_name?query

protocol = http (ftp , file,…) authority = server machine port = 80 by default /p/a/th/item_name = specifies a file to be

returned or possibly a program to be executed to produce the file to be returned

query = data to be interpreted by server RFC 1738, "Uniform Resource Locators (URL)“ RFC 2396, “Uniform Resource Identifiers (URI):

Generic Syntax and Semantics”


Stateless vs Stateful

http is “stateless” server maintains no information about

past client requests

Protocols that maintain “state” are complex! past history (state) must be maintained if server/client crashes, their views of

“state” may be inconsistent, must be reconciled


Conditional GET

Goal: don’t send object if client has up-to-date stored (cached) version

client: specify date of cached copy in http requestIf-modified-since:

<date> server: response contains

no object if cached copy up-to-date: HTTP/1.0 304 Not

Modified

client server

http request msgIf-modified-since:

<date>

http responseHTTP/1.0

304 Not Modified

object not

modified

http request msgIf-modified-since:

<date>

http responseHTTP/1.0 200 OK

…

<data>

object modified


Authentication (and statelessness)Authentication goal: control

access to server documents stateless: client must present

authorization in each request authorization: typically name,

password authorization: header line

in request if no authorization

presented, server refuses access, sendsWWW authenticate: header line in response

Authorization will go with each request to server

client server

usual http request msg401: authorization req.

WWW authenticate:

usual http request msg

+ Authorization:lineusual http response

msg


+ Authorization:lineusual http response

msg

time

Browser caches name & password sothat user does not have to repeatedly enter it.


Cookies (and statelessness ?)

server sends “cookie” to client in response mstSet-cookie:

client presents cookie in later requestscookie:

server matches presented-cookie with server-stored info authentication remembering user

preferences, previous choices

Get client to remember “state” so server can be stateless!

client server

usual http request msgusual http response

+Set-cookie: #


cookie: #usual http response

msg


cookie: #usual http response msg

cookie-spectificaction

cookie-spectificaction


Application-level protocol for distributed, collaborative, hypermedia information systems. 1st version HTTP/0.9 (1990), was a simple protocol for

raw data transfer across the Internet. HTTP/1.0, as defined by RFC 1945 [6], improved the

protocol by allowing messages to be in the format of MIME-like messages, containing meta information about the data transferred and modifiers on the request/response semantics.

HTTP/1.0 does not sufficiently take into consideration the effects of hierarchical proxies, caching, the need for persistent connections, or virtual hosts.

Proliferation of incompletely-implemented applications calling themselves "HTTP/1.0" necessitated a protocol version change in order for two communicating applications to determine each other's true capabilities.


HTTP 1.1 : Persistent connections

Non-persistent HTTP/1.0 server parses

request, responds, and closes TCP connection

Each object transfer suffers from TCP connection setup overhead

2 RTTs to fetch each object

Persistent default for HTTP/1.1 on same TCP

connection: server, parses request, responds, parses new request,..

Client sends requests for all referenced objects as soon as it receives base HTML.

Fewer RTTs But most 1.0 browsers useparallel TCP connections. 1.1 browsers do this too

Non-Persistent HTTP: Response time

definition of RTT: time for a small packet to travel from client to server and back.

response time: one RTT to initiate TCP

connection one RTT for HTTP request

and first few bytes of HTTP response to return

file transmission timetotal = 2RTT+transmit time

time to transmit

file

initiate TCPconnection

RTT

requestfile

RTT

filereceived

time time

Application 2-25


Other Features in HTTP 1.1

Hostname Identification Allows one physical web server to serve content for

multiple logical servers

Content Negotiation Allows client to request a specific version of a

resource

Chunked Transfers For dynamic content, server needn’t specify all

characteristics like size ahead of time

Byte Ranges Clients can ask for small pieces of documents

Support for Proxies and Caches


Web Caches (proxy server)

user sets browser: Web accesses via web cache

client sends all http requests to web cache if object at web

cache, web cache immediately returns object in http response

else requests object from origin server, then returns http response to client

Goal: satisfy client request without involving origin server

client

Proxyserver

client

http request

http re

quest

http response

http re

sponse

http re

quest

http re

sponse

http requesthttp response

origin server

origin server


Why Web Caching?Assume: cache is “close” to

client (e.g., in same network)

smaller response time: cache “closer” to client decrease traffic to distant

servers link out of institutional/local

ISP network often bottleneck

Other reasons? Anonymity? Translation for low feature clients (ex. PDAs)

originservers

public Internet

institutionalnetwork 100 Mbps LAN

1.5 Mbps access link

institutionalcache


Why not web caching?

It adds time to a requests that miss in the cache

Servers don’t see accurate number of hits to their content To collect information on who is requesting

what, extract fees, etc.


Trying out http (client side) for yourself

1. Telnet to your favorite Web server:

Opens TCP connection to port 80(default http server port) at www.eurecom.fr.Anything typed in sent to port 80 at www.eurecom.fr

telnet www.google.com 80

2. Type in a GET http request:

GET / HTTP/1.0 By typing this in (hit carriagereturn twice), you sendthis minimal (but complete) GET request to http server

3. Look at response message sent by http server!


HTTP 1.0 vs 1.1

1. HTTP 1.0 telnet www.google.com 80GET / HTTP/1.0

<send data >Connection closed by foreign host.

2. HTTP 1.1 telnet www.google.com 80GET / HTTP/1.1

<send data>GET / HTTP/1.1

<send data>GET / HTTP/1.0

<send data >Connection closed by foreign host.


Experiment yourself

1. Try some headers telnet www.google.com 80GET / HTTP/1.1

Host: www.google.com

2. Try a real query (look at syntax of URL when you use google)

3. Try a chunked transfer4. Try cookies5. Try authorization required


The Web: the http protocol

http: hypertext transfer protocol

Web’s application layer protocol

client/server model client: browser that

requests, receives, “displays” Web objects

server: Web server has access to storage containing a set of Web documents; sends copies in response to requests

http1.0: RFC 1945 http1.1: RFC 2616

Desktop Running

Web browser

Web server

http requesthttp response


For the record: HTTP vs HTML

HTML format is highly specified but is just considered the data or body of an HTTP message

HTML is not part of the HTTP protocol Example of layering: each layer speaks to a peer

layer in an agreed upon language or protocol In this case, both are processed by the web

browser. The web browser is both an HTTP client and an HTML parser.

Berners-Lee, T. and D. Connolly, "Hypertext Markup Language - 2.0", RFC 1866, November 1995.


What type of objects are fetched? Static: Stored in a file and unchanging

( static html, pictures, style sheets, etc.) Dynamic: Formed by server on demand

in response to a request Output from a program Often use query data sent with URL

Active: Executed at the client! Computer program (not just output) that

can interact with user (e.g. Java applet) Regardless data returned from an HTTP

GET request

2012



Outtakes


HTML overview

Markup language give general layout guidelines - not exact placement or format- so browsers may display the same document differently

Free form (i.e. Spaces don’t matter) Embedded tags give guidelines Tags often appear in pairs

beginning <TAGNAME> ending </TAGNAME>


How do clients and servers communicate?

API: application programming interface

defines interface between application and transport layer

socket: Internet API two processes

communicate by sending data into socket, reading data out of socket

Q: how does a process “identify” the other process with which it wants to communicate? IP address of host

running other process “port number” -

allows receiving host to determine to which local process the message should be delivered

… more on this later.


Sockets Specify Transport Services Sockets define the interfaces between

an application and the transport layer Applications choose the type of

transport layer by choosing the type of socket UDP Sockets – called DatagramSocket in

Java, SOCK_DGRAM in C TCP Sockets – called Socket/ServerSocket in

Java, SOCK_STREAM in C Client and server agree on the type of

socket, the server port number and the protocol


QUICK LOOK AHEAD: TCP vs UDP

TCP service: connection-oriented: setup

required between client, server

reliable transport between sending and receiving process

flow control: sender won’t overwhelm receiver

congestion control: throttle sender when network overloaded

does not provide: timing or minimum bandwidth guarantees

UDP service: unreliable data transfer

between sending and receiving process

does not provide: connection setup, reliability, flow control, congestion control, timing, or bandwidth guarantee


Protocol stack

e-mail client

TCP server

IP server

ethernetdriver/card

user X

SMTP

TCP

IP

e-mail server

TCP server

IP server

ethernetdriver/card

user Y

IEEE 802.3 standard

electric signals

English

Method types

HTTP/1.0 GET POST HEAD

asks server to leave requested object out of response

HTTP/1.1 GET, POST, HEAD PUT

uploads file in entity body to path specified in URL field

DELETE deletes file specified

in the URL field

Application 2-43

User-server state: cookies

many Web sites use cookies

four components:1) cookie header line of

HTTP response message

2) cookie header line in HTTP request message

3) cookie file kept on user’s host, managed by user’s browser

4) back-end database at Web site

example: Susan always access

Internet from PC visits specific e-

commerce site for first time

when initial HTTP requests arrives at site, site creates: unique ID entry in backend

database for ID

Application 2-44

Cookies: keeping “state” (cont.)

client server

usual http response msg

usual http response msg

cookie file

one week later:

usual http request msgcookie: 1678 cookie-

specificaction

access

ebay 8734usual http request msg Amazon server

creates ID1678 for user create

entry

usual http response Set-cookie: 1678

ebay 8734amazon 1678

usual http request msgcookie: 1678 cookie-

specificaction

accessebay 8734

amazon 1678

backenddatabase

Application 2-45

3: application protocols: http

Documents

application layer2

application protocols

head section

post section

language section

host section

match section

methodsoptions section