Computer Networking: A Top-Down Approach - Chapter 2 Application Layer PDF

Summary

This document is Chapter 2 of Computer Networking: A Top-Down Approach by Jim Kurose and Keith Ross, published by Pearson and released in 2020. The chapter covers the application layer, including protocols like HTTP, SMTP, and DNS, network applications, and client-server paradigm.

Full Transcript

Chapter 2
Application Layer
A note on the use of these PowerPoint slides:
We’re making these slides freely available to all (faculty, students,
readers). They’re in PowerPoint form so you see the animations; and
can add, modify, and delete slides (including this one) and slide content
to suit your needs. They obviously represent a lot of work on our part.
In return for use, we only ask the following:
▪ If you use these slides (e.g., in a class) that you mention their
source (after all, we’d like people to use our book!)
▪ If you post any slides on a www site, that you note that they are
adapted from (or perhaps identical to) our slides, and note our
copyright of this material.
Computer Networking: A
For a revision history, see the slide note for this page.
Top-Down Approach
Thanks and enjoy! JFK/KWR 8th edition n
All material copyright 1996-2020
Jim Kurose, Keith Ross
J.F Kurose and K.W. Ross, All Rights Reserved Pearson, 2020
Application Layer: 2-1
Application layer: overview

▪ Principles of network applications
▪ Web and HTTP
▪ E-mail, SMTP, IMAP
▪ The Domain Name System DNS

Application Layer: 2-2
Application layer: overview
Our goals: ▪ Learn about protocols by
examining popular
▪ Conceptual and application-layer protocols
implementation aspects of and infrastructure
application-layer protocols HTTP
Transport-layer service SMTP, IMAP
models DNS
Client-server paradigm video streaming systems, CDNs
Peer-to-peer paradigm ▪ Programing network
applications
socket API

Application Layer: 2-3
Some network apps
▪ social networking ▪ voice over IP (e.g., Skype)
▪ Web ▪ real-time video conferencing
▪ text messaging (e.g., Zoom)
▪ e-mail ▪ Internet search
▪ multi-user network games ▪…
▪ streaming stored video
(YouTube)
▪ P2P file sharing Q: your favorites?

Application Layer: 2-4
Creating a network app
application
transport
write programs that: mobile network
network
data link
physical
▪ run on (different) end-systems national or global ISP

▪ communicate over network
▪ e.g., web server software
communicates with browser software
local or
no need to write software for regional ISP

network-core devices home network content
application
▪ network-core devices do not run user transport
network
provider
network datacenter
application
applications data link
physical
transport
network
network

▪ applications on end-systems allow for data link
physical

rapid app development and enterprise
propagation network

Application Layer: 2-5
Client-server paradigm
server: mobile network
▪ “always-on” host national or global ISP

▪ permanent IP address
▪ often in data centers
clients: local or
regional ISP
▪ contact, communicate with server
▪ may be intermittently connected home network content
provider
▪ may have dynamic IP addresses network datacenter
network

▪ do not communicate directly with
each other
enterprise
▪ examples: HTTP, IMAP, FTP network

Application Layer: 2-6
Data centers
▪ A popular social-networking site can quickly become overwhelmed if it has only
one server to handle all requests

▪ For this reason, a data center, housing a large number of hosts, is often used to
create a powerful virtual server

▪ The most popular Internet services—such as search engines (e.g., Google, Bing,
Baidu), Internet commerce (e.g., Amazon, eBay, Alibaba), Web-based e-mail
(e.g., Gmail and Yahoo Mail), social networking (e.g., Facebook, Instagram,
Twitter, and WeChat)—employ one or more data centers

▪ Google has 30 to 50 data centers distributed around the world, which
collectively handle search, YouTube, Gmail, and other services. A data center can
have hundreds of thousands of servers, which must be powered and maintained
Application Layer: 2-7
Peer-to-Peer (P2P) architecture
▪ no “always-on” server mobile network
▪ arbitrary end-systems directly national or global ISP

communicate
▪ peers request service from other
peers, provide service in return to
other peers local or
regional ISP
self scalability – new peers bring new
service capacity, as well as new service home network content
demands provider
network datacenter

▪ peers are intermittently connected network

and change IP addresses
complex management enterprise
▪ example: P2P file sharing
network

Application Layer: 2-8
Hybrid architecture
▪ Some applications have hybrid architectures, combining both client-
server and P2P elements

▪ For example, for many instant messaging applications, servers are
used to track the IP addresses of users, but user-to-user messages
are sent directly between user hosts (without passing through
intermediate servers)

Application Layer: 2-9
Processes communicating
In the jargon of operating systems, it clients, servers
is actually not programs but client process: process that
processes that communicate initiates communication
process: program running within a server process: process
host that waits to be contacted

▪ processes in different hosts
communicate by exchanging ▪ note: applications with
messages P2P architectures have
client processes &
server processes

Application Layer: 2-10
 Sockets
▪ process sends/receives messages to/from its socket
▪ socket analogous to door
sending process shoves the message outdoor
sending process relies on the transport infrastructure on the other side of
the door to deliver the message to the socket at the receiving process
two sockets involved: one on each side

application application
socket controlled by
process process app developer

transport transport
network network controlled
link by OS
link Internet
physical physical

Application Layer: 2-11
Addressing processes
▪ to receive messages, process ▪ identifier includes both IP address
must have an identifier and port numbers associated with
▪ host device has unique 32-bit process on host
IP address ▪ example port numbers:
▪ Q: does IP address of host on HTTP server: 80
which process runs suffice for mail server: 25
identifying the process? ▪ to send HTTP message to
▪ A: no, many processes gaia.cs.umass.edu web server:
can be running on IP address: 128.119.245.12
same host port number: 80

Application Layer: 2-12
Processes
▪ The application developer (programmer) has control of everything on
the application layer side of the socket but has little control on the
transport-layer side of the socket
▪ The only control that the application developer has on the transport-
layer side is (1) the choice of transport protocol and (2) perhaps the
ability to fix a few transport-layer parameters such as maximum buffer
and maximum segment sizes

Application Layer: 2-13
An application-layer protocol defines:
▪ types of messages exchanged, open protocols:
e.g., request, response ▪ defined in RFCs, everyone
▪ message syntax: has access to protocol
what fields in messages & how definition
fields are delineated ▪ allows for interoperability
▪ message semantics ▪ e.g., HTTP, SMTP
meaning of information in fields proprietary protocols:
▪ rules for when and how processes ▪ e.g., Skype, Zoom
send & respond to messages

Application Layer: 2-14
What transport service does an app need?
data integrity throughput
▪ some apps (e.g., file transfer, ▪ some apps (e.g., multimedia)
web transactions) require require minimum amount of
100% reliable data transfer throughput to be “effective”
▪ other apps (e.g., audio) can ▪ other apps (“elastic apps”)
tolerate some loss make use of whatever
throughput they get
timing
▪ some apps (e.g., Internet security
telephony, interactive games) ▪ encryption, data integrity, etc.
require low delay to be “effective”
Application Layer: 2-15
 Transport service requirements: common apps
application data loss throughput time sensitive?

file transfer/download no loss elastic no
e-mail no loss elastic no
Web documents no loss elastic no
real-time audio/video loss-tolerant audio: 5Kbps-1Mbps yes, 10’s msec
video:10Kbps-5Mbps
streaming audio/video loss-tolerant same as above yes, few secs
interactive games loss-tolerant Kbps+ yes, 10’s msec
text messaging no loss elastic yes and no
Application Layer: 2-16
TCP and UDP
▪ Internet makes two distinct transport-layer protocols available to the
application layer

▪ One of these protocols is UDP (User Datagram Protocol), which
provides an unreliable, connectionless service to the invoking
application.

▪ The second of these protocols is TCP (Transmission Control Protocol),
which provides a reliable, connection-oriented service to the
invoking application

Application Layer: 2-17
Internet transport protocols services
TCP service: UDP service:
▪ reliable transport between sending ▪ unreliable data transfer
and receiving processes between sending and receiving
▪ flow control: sender won’t processes
overwhelm receiver ▪ does not provide: reliability,
▪ congestion control: throttle sender flow control, congestion
when network is overloaded control, timing, throughput
guarantee, security, or
▪ connection-oriented: setup required connection setup.
between client and server processes
▪ does not provide: timing, minimum Q: why bother? Why
throughput guarantee, security is there a UDP?
Application Layer: 2-18
 Internet applications, and transport protocols
application
application layer protocol transport protocol

file transfer/download FTP [RFC 959] TCP
e-mail SMTP [RFC 5321] TCP
Web documents HTTP 1.1 [RFC 7320] TCP
Internet telephony SIP [RFC 3261], RTP [RFC TCP or UDP
3550], or proprietary
streaming audio/video HTTP [RFC 7320], DASH TCP
interactive games WOW, FPS (proprietary) UDP or TCP

Application Layer: 2-19
Securing TCP
TCP & UDP sockets: TLS implemented in
▪ no encryption application layer
▪ cleartext passwords sent into socket ▪ apps use TSL libraries, that
traverse Internet in cleartext (!) use TCP in turn
Transport Layer Security (TLS) ▪ cleartext sent into “socket”
▪ provides encrypted TCP connections traverse Internet encrypted
▪ data integrity
▪ end-point authentication

Application Layer: 2-20
 21

Socket Programming using Python: Example App
(For information only)
Python UDPServer “UDPServer.py”
from socket import *
serverPort = 12000
create UDP socket serverSocket = socket(AF_INET, SOCK_DGRAM)
bind socket to local port
serverSocket.bind((‘ ', serverPort))
number 12000 The method recvfrom takes
print (‘The server is ready to receive’) the buffer size 2048 as input
loop forever while 1:
Read from UDP socket into message, clientAddress = serverSocket.recvfrom(2048)
message, getting client’s
address (client IP and port) modifiedMessage = message.upper()
send upper case string serverSocket.sendto(modifiedMessage, clientAddress)
back to this client

To just show the IP address and print(clientAddress)
port number of client (optional)
Socket Programming using Python: Example App 22

(For information only)
Python UDPClient “UDPClient.py”
include Python’s socket
library
from socket import *
serverName = ‘hostname’
serverPort = 12000
create UDP socket for clientSocket = socket(AF_INET,SOCK_DGRAM)
client

get user keyboard
message = input(’Input lowercase sentence:’)
input clientSocket.sendto(message.encode('ascii'),(serverName, serverPort))
Attach server name, port to
message; send into socket modifiedMessage, serverAddress =
read reply characters from clientSocket.recvfrom(2048)
socket into string
print (modifiedMessage.decode(‘ascii’))
print out received string clientSocket.close()
and close socket
Application layer: overview

▪ Principles of network
applications
▪ Web and HTTP
▪ E-mail, SMTP, IMAP
▪ The Domain Name System
DNS

Application Layer: 2-23
Web and HTTP
First, a quick review…
▪ web page consists of objects, each of which can be stored on
different Web servers
▪ object can be HTML file, JPEG image, Java applet, audio file,…
▪ web page consists of base HTML-file which includes several
referenced objects, each addressable by a URL, e.g.,
www.someschool.edu/someDept/pic.gif

host name path name

Application Layer: 2-24
HTTP overview
HTTP: hypertext transfer protocol
▪ Web’s application-layer protocol
▪ client/server model: PC running
client: browser that requests, Firefox browser
receives, (using the HTTP protocol)
and “displays” Web objects
server running
server: Web server sends (using Apache Web
the HTTP protocol) objects in server
response to requests
iPhone running
Safari browser

Application Layer: 2-25
HTTP overview (continued)
HTTP uses TCP: HTTP is “stateless”
▪ client initiates TCP connection ▪ server maintains no
(creates socket) to server, port 80 information about past client
▪ server accepts TCP connection requests
from client aside
protocols that maintain “state”
▪ HTTP messages (application-layer are complex!
protocol messages) exchanged
▪ past history (state) must be
between browser (HTTP client) and maintained
Web server (HTTP server) ▪ if server/client crashes, their views
▪ TCP connection closed of “state” may be inconsistent,
must be reconciled

Application Layer: 2-26
HTTP connections: two types
Non-persistent HTTP Persistent HTTP
1. TCP connection opened ▪TCP connection opened to
2. at most one object sent a server
over TCP connection ▪multiple objects can be
3. TCP connection closed sent over single TCP
connection between client,
downloading multiple and that server
objects required multiple ▪TCP connection closed
connections

Application Layer: 2-27
 Non-persistent HTTP: example
User enters URL: www.someSchool.edu/someDepartment/home.index
(containing text, references to 10 jpeg images)

1a. HTTP client initiates TCP
connection to HTTP server 1b. HTTP server at host
(process) at www.someSchool.edu on www.someSchool.edu waiting for TCP
port 80 connection at port 80 “accepts”
connection, notifying client
2. HTTP client sends HTTP
request message (containing
URL) into TCP connection 3. HTTP server receives request message,
socket. Message indicates forms response message containing
time that client wants object requested object, and sends message
someDepartment/home.index into its socket
Application Layer: 2-28
 Non-persistent HTTP: example (cont.)
User enters URL: www.someSchool.edu/someDepartment/home.index
(containing text, references to 10 jpeg images)

4. HTTP server closes TCP
5. HTTP client receives response connection.
message containing html file,
displays html. Parsing html file,
finds 10 referenced jpeg objects

6. Steps 1-5 repeated for
each of 10 jpeg objects
time

Application Layer: 2-29
Non-persistent HTTP: response time

RTT (definition): time for a small
packet to travel from client to initiate TCP
server and back connection
RTT
HTTP response time (per object):
▪ one RTT to initiate TCP connection request file
▪ one RTT for HTTP request and first few RTT time to
transmit
bytes of HTTP response to return file
file received
▪ object/file transmission time

time time
Non-persistent HTTP response time = 2RTT+ file transmission time
Application Layer: 2-30
Persistent HTTP (HTTP 1.1)
Non-persistent HTTP issues: Persistent HTTP (HTTP1.1):
▪ requires 2 RTTs per object ▪ server leaves connection open after
▪ OS overhead for each TCP sending response
connection ▪ subsequent HTTP messages
▪ browsers often open multiple between the same client and server
parallel TCP connections to are sent over that open connection
fetch referenced objects in ▪ client sends requests as soon as it
parallel encounters a referenced object
▪ Reduces the response time
remarkably

Application Layer: 2-31
 HTTP request message
▪ two types of HTTP messages: request, response
▪ HTTP request message:
ASCII (human-readable format)
carriage return character
line-feed character
request line (GET, POST,
GET /index.html HTTP/1.1\r\n
HEAD commands) Host: www-net.cs.umass.edu\r\n
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X
10.15; rv:80.0) Gecko/20100101 Firefox/80.0 \r\n
header Accept: text/html,application/xhtml+xml\r\n
lines Accept-Language: en-us,en;q=0.5\r\n
Accept-Encoding: gzip,deflate\r\n
Connection: keep-alive\r\n
\r\n
carriage return, line feed
at start of line indicates
end of header lines * Check out the online interactive exercises for more
examples: http://gaia.cs.umass.edu/kurose_ross/interactive/ Application Layer: 2-32
HTTP request message
▪ A request message can have many lines or just one line
▪ The method field can take on several different values, including GET, POST,
HEAD, PUT, and DELETE
▪ The header line Host: www.someschool.edu specifies the host on which
the object resides
▪ The majority of HTTP request messages use the GET method indicating
that the browser requesting an object
▪ In this example, the browser is requesting the object /somedir/page.html
and implements version HTTP/1.1
▪ By including the Connection: close header line, the browser wants the
server to close the connection after sending the requested object (non-
persistent)

Transport Layer: 3-33
HTTP request message
▪ The User-agent: header line specifies the user agent, that is, the
browser type that is making the request to the server

▪ Here the user agent is Mozilla/5.0, a Firefox browser

▪ Finally, the Accept-language: header indicates that the user prefers
to receive an English version of the object, if such an object exists on
the server

▪ The Accept-language: header is just one of many content negotiation
headers available in HTTP
Transport Layer: 3-34
HTTP request message: general format
method sp URL sp version cr lf request
line
header field name value cr lf
header
~
~ ~
~ lines

header field name value cr lf
cr lf

~
~ entity body ~
~ body

Application Layer: 2-35
Other HTTP request messages
POST method: HEAD method:
▪ web page often allows to input a ▪ requests headers (only) that
message/content would be returned if specified
▪ user input sent from client to URL were requested with an
server in entity body of HTTP HTTP GET method.
POST request message
PUT method:
▪ uploads new file (object) to server
GET method (for sending data to server): ▪ completely replaces file that exists
▪ include user data in URL field of HTTP at specified URL with content in
GET request message (following a ‘?’): entity body of POST HTTP request
www.somesite.com/animalsearch?monkeys&banana
message

Application Layer: 2-36
HTTP response message
status line (protocol HTTP/1.1 200 OK
status code status phrase) Date: Tue, 08 Sep 2020 00:53:20 GMT
Server: Apache/2.4.6 (CentOS)
OpenSSL/1.0.2k-fips PHP/7.4.9
mod_perl/2.0.11 Perl/v5.16.3
header Last-Modified: Tue, 01 Mar 2016 18:57:50 GMT
lines ETag: "a5b-52d015789ee9e"
Accept-Ranges: bytes
Content-Length: 2651
Content-Type: text/html; charset=UTF-8
\r\n
data, e.g., requested data data data data data...
HTML file

Application Layer: 2-37
HTTP response status codes
▪ status code appears in 1st line in server-to-client response message.
▪ some sample codes:
200 OK
request succeeded, requested object later in this message
301 Moved Permanently
requested object moved, new location specified later in this message (in
Location: field)
400 Bad Request
request msg not understood by server
404 Not Found
requested document not found on this server
505 HTTP Version Not Supported
Application Layer: 2-38
Trying out HTTP (client side) for yourself
1. Telnet to your favorite Web server: (Telnet is s network
protocol that uses command-line interface)
telnet cis.poly.edu 80 opens TCP connection to port 80
(default HTTP server port) at cis.poly.edu.
anything typed in will be sent
to port 80 at cis.poly.edu
2. type in a GET HTTP request: Note: online API
GET /~ross/ HTTP/1.1 by typing this in (hit carriage tester tools can also
Host: cis.poly.edu return twice), you send help in observing
this minimal (but complete) HTTP headers
GET request to HTTP server

3. look at response message sent by HTTP server!
(or use Wireshark to look at captured HTTP request/response) Transport Layer: 3-39
Maintaining user/server state: cookies
Websites and client browser use Example:
cookies to maintain some state ▪ Susan uses browser on laptop,
visits specific e-commerce site
between transactions for first time
four components: ▪ when initial HTTP requests
1) cookie header line of HTTP response arrives at site, site creates:
message unique ID (aka “cookie”)
entry in backend database
2) cookie header line in next HTTP for ID
request message
subsequent HTTP requests
3) cookie file kept on user’s host, from Susan to this site will
managed by user’s browser contain a cookie ID value,
4) back-end database at Web site allowing site to “identify”
Susan
Application Layer: 2-40
Maintaining user/server state: cookies
client
server
ebay 8734 usual HTTP request msg Amazon server
cookie file creates ID
usual HTTP response 1678 for user backend
create
ebay 8734 set-cookie: 1678 entry database
amazon 1678

usual HTTP request msg
cookie: 1678 cookie- access
specific
usual HTTP response msg action
one week later:
access
ebay 8734 usual HTTP request msg
amazon 1678 cookie: 1678 cookie-
specific
usual HTTP response msg action
time time Application Layer: 2-41
HTTP cookies: comments
aside
What cookies can be used for: cookies and privacy:
▪ authorization ▪ cookies permit sites to
▪ shopping carts learn a lot about you on
their site
▪ recommendations ▪ third party persistent
▪ user session state (Web e-mail) cookies (tracking cookies)
allow common identity
(cookie value) to be
tracked across multiple
web sites

Application Layer: 2-42
Web caches
Goal: satisfy client requests without involving origin server
▪ user configures browser to
point to a (local) Web cache Web
cache
▪ browser sends all HTTP client
origin
server
requests to cache
if object in cache: cache
returns object to client
else cache requests object
client
from the origin server,
caches received object, then
returns object to client
Application Layer: 2-43
Web caches (aka proxy servers)
▪ Web cache acts as both Why Web caching?
client and server
▪ reduce response time for client
server for original
requesting client request
client to origin server cache is closer to the client
▪ reduce traffic on an institution’s
▪ server tells cache about
object’s allowable caching in access link
response header: ▪ Internet is dense with caches
enables “poor” content providers
to more effectively deliver content

Application Layer: 2-44
Caching example origin
servers
Scenario: public
▪ access link rate: 1.54 Mbps Internet

▪ RTT from institutional router to server: 2 sec
▪ web object size: 100K bits
▪ average request rate from browsers to origin 1.54 Mbps
access link
servers: 15 request/sec
institutional
▪ avg data rate to browsers: 1.50 Mbps network
1 Gbps LAN
Performance:
▪ access link utilization =(100Kb x 15) /1.54Mbps
▪ access link utilization =.97 problem: large queueing
▪ LAN utilization:.0015 delays at high utilization!
▪ end-end delay = Internet delay +
access link delay + LAN delay
= 2 sec + minutes + micro secs Application Layer: 2-45
Option 1: buy a faster access link
Scenario: 154 Mbps
▪ access link rate: 1.54 Mbps origin
▪ RTT from institutional router to server: 2 sec servers
▪ web object size: 100K bits public
Internet
▪ average request rate from browsers to origin
servers: 15/sec
▪ avg data rate to browsers: 1.50 Mbps 154 Mbps
1.54 Mbps
access link
Performance:
▪ access link utilization =.97.0097 institutional
network
1 Gbps LAN
▪ LAN utilization:.0015
▪ end-end delay = Internet delay +
access link delay + LAN delay
= 2 sec + minutes + micro secs
Cost: faster access link (expensive!) msecs
Application Layer: 2-46
Option 2: install a web cache
Scenario:
▪ access link rate: 1.54 Mbps origin
▪ RTT from institutional router to server: 2 sec servers
▪ web object size: 100K bits public
Internet
▪ average request rate from browsers to origin
servers: 15/sec
▪ avg data rate to browsers: 1.50 Mbps
1.54 Mbps
access link
Cost: web cache (cheap!)
institutional
network
Performance: 1 Gbps LAN
▪ LAN utilization:.? How to compute link
▪ access link utilization = ? utilization, delay?
▪ average end-end delay = ? local web cache

Application Layer: 2-47
Calculating access link utilization, end-end delay
with cache:
suppose cache hit rate is 0.4:
▪ 40% requests served by cache, with low origin
servers
(msec) delay public
▪ 60% requests satisfied at origin Internet

rate to browsers over access link
= 0.6 x 1.50 Mbps = 0.9 Mbps
1.54 Mbps
access link utilization = 0.9/1.54 =.58 means access link
low (msec) queueing delay at access link
institutional
▪ average end-to-end delay: network 1 Gbps LAN
= 0.6 (delay from origin servers)
+ 0.4 (delay when satisfied at cache)
= 0.6 (2.01) + 0.4 (~msecs) = ~ 1.2 secs local web cache

lower average end-end delay than with 154 Mbps link (and cheaper too!)
Application Layer: 2-48
Conditional GET
client server

Goal: don’t send object if cache has
HTTP request msg
up-to-date cached version If-modified-since: object
not
no object transmission delay (or use
modified
of network resources) HTTP response
before
HTTP/1.0
▪ client: specify date of cached copy 304 Not Modified

in HTTP request
If-modified-since:
▪ server: response contains no HTTP request msg
If-modified-since: object
object if cached copy is up-to-date: modified
HTTP/1.0 304 Not Modified HTTP response after
HTTP/1.0 200 OK

Application Layer: 2-49
HTTP Types
HTTP/1.0: HTTP/1.1:
▪ GET ▪ GET, POST, HEAD
▪ POST ▪ PUT
▪ HEAD uploads file in entity body
Similar to GET but asks the to path specified in URL
server to leave requested field
object out of response ▪ DELETE
(often used for debugging) deletes file specified in the
URL field

Transport Layer: 3-50
HTTP/2
Key goal: decreased delay in multi-object HTTP requests
HTTP1.1: introduced multiple, pipelined GETs over a single TCP
connection
▪ server responds in-order (FCFS: first-come-first-serve scheduling) to
GET requests
▪ with FCFS, small object may have to wait for transmission (head-of-
line (HOL) blocking) behind large object(s)

Application Layer: 2-51
HTTP/2
Key goal: decreased delay in multi-object HTTP requests
HTTP/2: [RFC 7540, 2015] increased flexibility at the server in
sending objects to client:
▪ methods, status codes, most header fields unchanged from HTTP 1.1
▪ transmission order of requested objects based on client-specified
object priority (not necessarily FCFS)
▪ divide objects into frames, schedule frames to mitigate HOL blocking

Application Layer: 2-52
HTTP/2: mitigating HOL blocking
HTTP 1.1: client requests 1 large object (e.g., video file) and 3 smaller
objects
server

GET O4 GET O3 GET O
2 GET O1 object data requested
client

O1

O2
O1 O3
O2
O3
O4
O4

objects delivered in order requested: O2, O3, O4 wait behind O1 Application Layer: 2-53
HTTP/2: mitigating HOL blocking
HTTP/2: objects divided into frames, frame transmission interleaved
server

GET O4 GET O3 GET O
2 GET O1 object data requested
client
O2
O4
O3 O1

O2
O3
O1
O4

O2, O3, O4 delivered quickly, O1 slightly delayed
Application Layer: 2-54
HTTP/2 to HTTP/3
▪ HTTP/3: adds security, per object error- and congestion-
control (more pipelining) over UDP

Application Layer: 2-55
Application layer: overview

▪ Principles of network
applications
▪ Web and HTTP
▪ E-mail, SMTP, IMAP
▪ The Domain Name System
DNS

Application Layer: 2-56
E-mail user
agent
Three major components: mail user
▪ user agents server agent

▪ mail servers SMTP mail user
agent
▪ simple mail transfer protocol: SMTP SMTP
server

SMTP user
User Agent mail agent

▪ a.k.a. “mail reader” server
user
▪ composing, editing, reading mail messages agent
user
▪ e.g., Outlook, iPhone mail client agent
outgoing
▪ outgoing, incoming messages stored on message queue
server user mailbox

Application Layer: 2-57
E-mail: mail servers user
agent
mail servers: mail user
server
▪ mailbox contains incoming agent

messages for user SMTP mail user
server agent
▪ message queue of outgoing (to be SMTP
sent) mail messages user
SMTP agent
SMTP protocol between mail mail
server
servers to send email messages user
agent
▪ client: sending mail server user
▪ “server”: receiving mail server agent
outgoing
message queue
user mailbox

Application Layer: 2-58
SMTP RFC (5321) “client”
SMTP server
“server”
SMTP server

▪ uses TCP to reliably transfer email message
initiate TCP
from the client (mail server initiating connection
connection) to server, port 25 RTT
TCP connection
▪ direct transfer: sending server (acting like client) initiated
to receiving server
▪ three phases of transfer 220
SMTP handshaking (greeting) SMTP HELO
handshaking
SMTP transfer of messages 250 Hello
SMTP closure
▪ command/response interaction (like HTTP) SMTP
commands: ASCII text transfers
response: status code and phrase time
Application Layer: 2-59
Scenario: Alice sends e-mail to Bob
1) Alice uses UA to compose e-mail 4) SMTP client sends Alice’s message
message “to” [email protected] over the TCP connection
2) Alice’s UA sends message to her 5) Bob’s mail server places
mail server using SMTP; message the message in Bob’s
placed in message queue mailbox
3) client side of SMTP at mail server 6) Bob invokes his user
opens TCP connection with Bob’s mail agent to read message
server

1 user mail user
mail agent
agent server server
2 3 6
4
5
Alice’s mail server Bob’s mail server
Application Layer: 2-60
Sample SMTP interaction (For information only)
S: 220 hamburger.edu
C: HELO crepes.fr
S: 250 Hello crepes.fr, pleased to meet you
C: MAIL FROM:
S: 250 [email protected]... Sender ok
C: RCPT TO:
S: 250 [email protected]... Recipient ok
C: DATA
S: 354 Enter mail, end with "." on a line by itself
C: Do you like ketchup?
C: How about pickles?
C:.
S: 250 Message accepted for delivery
C: QUIT
S: 221 hamburger.edu closing connection s: server
c: client
Application Layer: 2-61
SMTP: observations
comparison with HTTP: ▪ SMTP uses persistent
connections
▪ HTTP: client pull
▪ SMTP requires message
▪ SMTP: client push (header & body) to be in
▪ both have ASCII command/response 7-bit ASCII
interaction, status codes ▪ SMTP server uses
carriage return line feed
(CRLF.CRLF) to determine
end of message

Application Layer: 2-62
Mail message format
SMTP: protocol for exchanging e-mail messages, defined in RFC 5321
(like RFC 7231 defines HTTP)
RFC 2822 defines syntax for e-mail message itself (like HTML defines
syntax for web documents)
▪ header lines, e.g., header
blank
To: line
From:
Subject:
these lines, within the body of the email body
message area different from SMTP MAIL FROM:,
RCPT TO: commands!
▪ Body: the “message” , ASCII characters only
Application Layer: 2-63
 Retrieving email: mail access protocols
user
e-mail access user
SMTP SMTP protocol
agent agent
(e.g., IMAP,
HTTP)

sender’s e-mail receiver’s e-mail
server server

▪ SMTP: delivery/storage of e-mail messages to receiver’s server
▪ mail access protocol: retrieval from server
IMAP: Internet Mail Access Protocol [RFC 3501]: messages stored on server, IMAP
provides retrieval, deletion, folders of stored messages on server
▪ HTTP: gmail, Hotmail, Yahoo! Mail, etc. provides web-based interface on
top of SMTP (to send), IMAP (or POP) to retrieve e-mail messages
Application Layer: 2-64
More on E-mail Protocols
▪ Post Office Protocol (POP3) is an extremely simple mail access protocol.
Because the protocol is so simple, its functionality is rather limited. POP3
begins when the user agent (the client) opens a TCP connection to the
mail server (the server) on port 110

▪ With the TCP connection established, POP3 progresses through three
phases: authorization (password), transaction (send message), and update
(end session)

▪ Internet Mail Access Protocol (IMAP): has advanced features compared to
POP3, more complex

▪ Web-based email: user access the mailbox using HTTP, however, messages
are exchanged between mail servers using SMTP Application Layer: 2-65
Application Layer: Overview

▪ Principles of network
applications
▪ Web and HTTP
▪ E-mail, SMTP, IMAP
▪ The Domain Name System
DNS

Application Layer: 2-66
DNS: Domain Name System
people: many identifiers: Domain Name System (DNS):
SSN, name, passport # ▪ distributed database implemented in
Internet hosts, routers: hierarchy of many name servers
IP address (32 bit) - used for ▪ application-layer protocol: hosts, DNS
addressing datagrams servers communicate to resolve
“name”, e.g., cs.umass.edu - names (address/name translation)
used by humans
note: core Internet function,
Q: how to map between IP implemented as application-layer
address and website name, protocol
and vice versa ?
complexity at the network’s “edge”
(at servers not core network
routers)
Application Layer: 2-67
DNS: services, structure
DNS services: Q: Why not centralize DNS?
▪ hostname-to-IP-address translation ▪ single point of failure
▪ traffic volume
▪ host aliasing
▪ distant centralized database
canonical, alias names
▪ maintenance
▪ mail server aliasing
▪ load distribution A: doesn‘t scale!
replicated Web servers: many IP ▪ Comcast DNS servers alone:
addresses correspond to one 600B DNS queries/day
name ▪ Akamai DNS servers alone:
2.2T DNS queries/day

Application Layer: 2-68
Thinking about the DNS
humongous distributed database:
▪ ~ billion records, each simple
handles many trillions of queries/day:
▪ many more reads than writes
▪ performance matters: almost every
Internet transaction interacts with
DNS - milliseconds count!
organizationally, physically decentralized:
▪ millions of different organizations
responsible for their records
reliability, security
Application Layer: 2-69
 DNS: a distributed, hierarchical database
Root DNS Servers Root
… ….com DNS servers.org DNS servers.edu DNS servers Top Level Domain
… … … …
yahoo.com amazon.com pbs.org nyu.edu umass.edu
DNS servers DNS servers DNS servers DNS servers DNS servers Authoritative

Client wants IP address for www.amazon.com; 1st approximation:
▪ client queries root server to find.com DNS server
▪ client queries.com DNS server to get amazon.com DNS server
▪ client queries amazon.com DNS server to get IP address for www.amazon.com
Application Layer: 2-70
DNS: root name servers
▪ official, contact-of-last-resort by
name servers that can not
resolve name

Application Layer: 2-71
DNS: root name servers
▪ official, contact-of-last-resort by
name servers that can not 13 logical root name “servers”
worldwide each “server” replicated
resolve name many times (~200 servers in US)
▪ incredibly important Internet
function
Internet couldn’t function without it!
DNSSEC – provides security
(authentication, message integrity)
▪ ICANN (Internet Corporation for
Assigned Names and Numbers)
manages root DNS domain
https://lookup.icann.org/en
https://root-servers.org/
Top-Level Domain, and authoritative servers
Top-Level Domain (TLD) servers:
▪ responsible for.com,.org,.net,.edu,.aero,.jobs,.museums, and all top-level
country domains, e.g.:.cn,.uk,.fr,.ca,.jp
▪ Network Solutions: authoritative registry for.com,.net TLD
▪ Educause:.edu TLD

authoritative DNS servers:
▪ organization’s own DNS server(s), providing authoritative hostname to IP
mappings for organization’s named hosts
▪ can be maintained by organization or service provider

Application Layer: 2-73
Local DNS name servers
▪ when host makes DNS query, it is sent to its local DNS server
Local DNS server returns reply, answering:
from its local cache of recent name-to-address translation pairs (possibly out
of date!)
forwarding request into DNS hierarchy for resolution
each ISP has local DNS name server; to find yours:
MacOS: % scutil --dns
Windows: >ipconfig/all
▪ local DNS server doesn’t strictly belong to hierarchy

Application Layer: 2-74
DNS name resolution: iterated query
root DNS server
Example: host at engineering.uni.edu
wants IP address for gaia.cs.umass.edu 2
3
TLD DNS server
Iterated query: 1 4

▪ contacted server replies 8 5
with name of server to requesting host at local DNS server
contact engineering.uni.edu dns.uni.edu
gaia.cs.umass.edu
▪ “I don’t know this name, 7 6
but ask this server”
authoritative DNS server
dns.cs.umass.edu

Application Layer: 2-75
DNS name resolution: recursive query
root DNS server
Example: host at engineering.uni.edu
wants IP address for gaia.cs.umass.edu 2 3

7 6
Recursive query: 1 TLD DNS server
▪ puts burden of name 8
resolution on requesting host at local DNS server
5 4
engineering.uni.edu dns.uni.edu
contacted name gaia.cs.umass.edu

server
▪ heavy load at upper authoritative DNS server
levels of hierarchy? dns.cs.umass.edu

Application Layer: 2-76
Caching DNS Information
▪ once (any) name server learns mapping, it caches mapping,
and immediately returns a cached mapping in response to a
query
caching improves response time
cache entries timeout (disappear) after some time (TTL)
TLD servers typically cached in local name servers
▪ cached entries may be out-of-date
if named host changes IP address, may not be known Internet-
wide until all TTLs expire!
best-effort name-to-address translation!

Application Layer: 2-77
DNS records
DNS: distributed database storing resource records (RR)
RR format: (name, value, type, ttl)

type=A type=CNAME
▪ name is hostname ▪ name is alias name for some “canonical”
▪ value is IP address (the real) name
▪ www.ibm.com is really servereast.backup2.ibm.com
type=NS ▪ value is canonical name
▪ name is domain (e.g., foo.com)
▪ value is hostname of
type=MX
authoritative name server for ▪ value is name of SMTP mail
this domain server associated with name
Application Layer: 2-78
DNS: services, structure
▪ Host aliasing: A host with a complicated hostname can have one or more
alias names. For example, a hostname such as relay1.west-
coast.enterprise.com could have, say, two aliases such as
enterprise.com and www.enterprise.com

▪ In this case, the hostname relay1.west-coast.enterprise.com
is said to be a canonical hostname

▪ DNS can be invoked by an application to obtain the canonical hostname
for a supplied alias hostname as well as the IP address of the host

Application Layer: 2-79
DNS protocol messages
DNS query and reply messages, both have same format:
2 bytes 2 bytes

message header: identification flags

▪ identification: 16 bit # for query, # questions # answer RRs
reply to query using same # # authority RRs # additional RRs
▪ flags:
query or reply questions (variable # of questions)

recursion desired
answers (variable # of RRs)
recursion available
reply is authoritative authority (variable # of RRs)

additional info (variable # of RRs)

Application Layer: 2-80
 DNS protocol messages
DNS query and reply messages, both have same format:
2 bytes 2 bytes

identification flags

# questions # answer RRs

# authority RRs # additional RRs

name, type fields for a query questions (variable # of questions)

RRs in response to query answers (variable # of RRs)

records for authoritative servers authority (variable # of RRs)

additional “ helpful” info that may additional info (variable # of RRs)
be used
Application Layer: 2-81
Getting your info into the DNS
example: new startup “Network Utopia”
▪ register name networkuptopia.com at DNS registrar (e.g., Network
Solutions)
provide names, IP addresses of authoritative name server (primary and
secondary)
registrar inserts NS and A RRs into.com TLD server:
(networkutopia.com, dns1.networkutopia.com, NS)
(dns1.networkutopia.com, 212.212.212.1, A)
▪ create authoritative server locally with IP address 212.212.212.1
type A record for www.networkuptopia.com
type MX record for networkutopia.com

Application Layer: 2-82
DNS security
DDoS attacks Spoofing attacks
▪ bombard root servers with ▪ intercept DNS queries,
traffic returning bogus replies
not successful to date ▪ DNS cache poisoning
traffic filtering ▪ RFC 4033: DNSSEC
authentication services
local DNS servers cache IPs of TLD
servers, allowing root server
bypass
▪ bombard TLD servers
potentially more dangerous

Application Layer: 2-83
Chapter 2: Summary
our study of network application layer is now complete!
▪ application architectures ▪ specific protocols:
client-server HTTP
P2P SMTP, IMAP
DNS
▪ application service requirements:
reliability, bandwidth, delay
▪ Internet transport service model
connection-oriented, reliable: TCP
unreliable, datagrams: UDP

Application Layer: 2-84
Chapter 2: Summary
Most importantly: learned about protocols!
▪ typical request/reply message important themes:
exchange: ▪ centralized vs. decentralized
client requests info or service ▪ stateless vs. stateful
server responds with data, status code ▪ scalability
▪ message formats: ▪ reliable vs. unreliable
headers: fields giving info about data message transfer
data: info (payload) being
communicated

Application Layer: 2-85